summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Schneider <asn@samba.org>2012-05-03 17:10:27 +0200
committerSimo Sorce <idra@samba.org>2012-05-08 08:30:51 +0200
commite8e5afd4d4038043f1125c5e2afc41e9e87ebfde (patch)
treeeb58ee594314d0f0b6beb716f59e1b66e07675f6
parent7f9e4d70b9a2db7400791fbfef284dd63e79f078 (diff)
downloadsamba-e8e5afd4d4038043f1125c5e2afc41e9e87ebfde.tar.gz
krb5samba: Add smb_krb5_make_pac_checksum.
Signed-off-by: Simo Sorce <idra@samba.org> Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Tue May 8 08:30:52 CEST 2012 on sn-devel-104
-rw-r--r--lib/krb5_wrap/krb5_samba.c76
-rw-r--r--lib/krb5_wrap/krb5_samba.h7
-rw-r--r--source3/configure.in1
-rwxr-xr-xsource4/heimdal_build/wscript_configure1
-rw-r--r--wscript_configure_krb52
5 files changed, 86 insertions, 1 deletions
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index cbfaa9c9fb9..16c690108ff 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -2182,6 +2182,82 @@ void smb_krb5_free_checksum_contents(krb5_context ctx, krb5_checksum *cksum)
}
#endif
+krb5_error_code smb_krb5_make_pac_checksum(TALLOC_CTX *mem_ctx,
+ DATA_BLOB *pac_data,
+ krb5_context context,
+ const krb5_keyblock *keyblock,
+ uint32_t *sig_type,
+ DATA_BLOB *sig_blob)
+{
+ krb5_error_code ret;
+ krb5_checksum cksum;
+#if defined(HAVE_KRB5_CRYPTO_INIT) && defined(HAVE_KRB5_CREATE_CHECKSUM)
+ krb5_crypto crypto;
+
+
+ ret = krb5_crypto_init(context,
+ keyblock,
+ 0,
+ &crypto);
+ if (ret) {
+ DEBUG(0,("krb5_crypto_init() failed: %s\n",
+ smb_get_krb5_error_message(context, ret, mem_ctx)));
+ return ret;
+ }
+ ret = krb5_create_checksum(context,
+ crypto,
+ KRB5_KU_OTHER_CKSUM,
+ 0,
+ pac_data->data,
+ pac_data->length,
+ &cksum);
+ if (ret) {
+ DEBUG(2, ("PAC Verification failed: %s\n",
+ smb_get_krb5_error_message(context, ret, mem_ctx)));
+ }
+
+ krb5_crypto_destroy(context, crypto);
+
+ if (ret) {
+ return ret;
+ }
+
+ *sig_type = cksum.cksumtype;
+ *sig_blob = data_blob_talloc(mem_ctx,
+ cksum.checksum.data,
+ cksum.checksum.length);
+#elif defined(HAVE_KRB5_C_MAKE_CHECKSUM)
+ krb5_data input;
+
+ input.data = (char *)pac_data->data;
+ input.length = pac_data->length;
+
+ ret = krb5_c_make_checksum(context,
+ 0,
+ keyblock,
+ KRB5_KEYUSAGE_APP_DATA_CKSUM,
+ &input,
+ &cksum);
+ if (ret) {
+ DEBUG(2, ("PAC Verification failed: %s\n",
+ smb_get_krb5_error_message(context, ret, mem_ctx)));
+ return ret;
+ }
+
+ *sig_type = cksum.checksum_type;
+ *sig_blob = data_blob_talloc(mem_ctx,
+ cksum.contents,
+ cksum.length);
+
+#else
+#error krb5_create_checksum or krb5_c_make_checksum not available
+#endif /* HAVE_KRB5_C_MAKE_CHECKSUM */
+ smb_krb5_free_checksum_contents(context, &cksum);
+
+ return 0;
+}
+
+
/*
* smb_krb5_principal_get_realm
*
diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
index a164ea34a87..15da39c037a 100644
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@@ -259,6 +259,13 @@ void smb_krb5_free_checksum_contents(krb5_context ctx, krb5_checksum *cksum);
#error krb5_free_checksum_contents/free_Checksum is not vailable
#endif
+krb5_error_code smb_krb5_make_pac_checksum(TALLOC_CTX *mem_ctx,
+ DATA_BLOB *pac_data,
+ krb5_context context,
+ const krb5_keyblock *keyblock,
+ uint32_t *sig_type,
+ DATA_BLOB *sig_blob);
+
char *smb_krb5_principal_get_realm(krb5_context context,
krb5_principal principal);
diff --git a/source3/configure.in b/source3/configure.in
index 96c7b3ee57d..c1564a5f8fc 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -3619,6 +3619,7 @@ if test x"$with_ads_support" != x"no"; then
AC_CHECK_FUNC_EXT(krb5_cc_get_lifetime, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_cc_retrieve_cred, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_free_checksum_contents, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_c_make_checksum, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(gss_krb5_import_cred, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(gss_get_name_attribute, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(gsskrb5_extract_authz_data_from_sec_context, $KRB5_LIBS)
diff --git a/source4/heimdal_build/wscript_configure b/source4/heimdal_build/wscript_configure
index 6fac5fee6ae..17b7361cad5 100755
--- a/source4/heimdal_build/wscript_configure
+++ b/source4/heimdal_build/wscript_configure
@@ -99,6 +99,7 @@ conf.define('HAVE_INITIALIZE_KRB5_ERROR_TABLE', 1)
conf.define('HAVE_KRB5_ADDRESSES', 1)
conf.define('HAVE_KRB5_AUTH_CON_SETKEY', 1)
conf.define('HAVE_KRB5_CC_GET_LIFETIME', 1)
+conf.define('HAVE_KRB5_CREATE_CHECKSUM', 1)
conf.define('HAVE_KRB5_CRYPTO', 1)
conf.define('HAVE_KRB5_CRYPTO_DESTROY', 1)
conf.define('HAVE_KRB5_CRYPTO_INIT', 1)
diff --git a/wscript_configure_krb5 b/wscript_configure_krb5
index ae1ff75e471..abfd04a1791 100644
--- a/wscript_configure_krb5
+++ b/wscript_configure_krb5
@@ -65,7 +65,7 @@ conf.CHECK_FUNCS('''
krb5_get_init_creds_keyblock krb5_get_init_creds_keytab
krb5_make_principal krb5_build_principal_alloc_va
krb5_cc_get_lifetime krb5_cc_retrieve_cred
- krb5_free_checksum_contents''',
+ krb5_free_checksum_contents krb5_c_make_checksum''',
lib='krb5 k5crypto')
conf.CHECK_DECLS('''krb5_get_credentials_for_user
krb5_auth_con_set_req_cksumtype''',