diff options
| author | Günther Deschner <gd@samba.org> | 2016-07-21 14:25:56 +0200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2016-07-23 09:50:46 +0200 |
| commit | 497658fede83571ae631aef4e9abdcfcaadd6982 (patch) | |
| tree | d74bb48f5243054ca5b696f41c7681e8d0cc4980 | |
| parent | fe84f8bab375ae038c1b9ef6785d238cd5d8b891 (diff) | |
| download | samba-497658fede83571ae631aef4e9abdcfcaadd6982.tar.gz | |
s4-torture: fix compile of new NDR PAC tests with MIT Kerberos.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Jul 23 09:50:46 CEST 2016 on sn-devel-144
| -rw-r--r-- | lib/krb5_wrap/krb5_samba.h | 8 | ||||
| -rw-r--r-- | source4/torture/ndr/krb5pac.c | 32 |
2 files changed, 30 insertions, 10 deletions
diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h index 2b5e2bb20e7..f988858102e 100644 --- a/lib/krb5_wrap/krb5_samba.h +++ b/lib/krb5_wrap/krb5_samba.h @@ -85,6 +85,14 @@ #define CKSUMTYPE_HMAC_SHA1_96_AES_256 CKSUMTYPE_HMAC_SHA1_96_AES256 #endif +/* + * KRB5_KU_OTHER_ENCRYPTED in Heimdal + * KRB5_KEYUSAGE_APP_DATA_ENCRYPT in MIT + */ +#if defined(KRB5_KEYUSAGE_APP_DATA_ENCRYPT) && !defined(KRB5_KU_OTHER_ENCRYPTED) +#define KRB5_KU_OTHER_ENCRYPTED KRB5_KEYUSAGE_APP_DATA_ENCRYPT +#endif + typedef struct { #if defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) /* MIT */ krb5_address **addrs; diff --git a/source4/torture/ndr/krb5pac.c b/source4/torture/ndr/krb5pac.c index 23a121433ba..1deac73705d 100644 --- a/source4/torture/ndr/krb5pac.c +++ b/source4/torture/ndr/krb5pac.c @@ -434,7 +434,7 @@ static bool PAC_DATA_pkinit(struct torture_context *tctx, DATA_BLOB reply_key_blob = data_blob_null; krb5_context ctx; krb5_keyblock reply_key; - krb5_crypto crypto; + krb5_enc_data input; krb5_data plain_data; DATA_BLOB plain_data_blob = data_blob_null; @@ -474,21 +474,33 @@ static bool PAC_DATA_pkinit(struct torture_context *tctx, reply_key_blob.data, reply_key_blob.length, &reply_key), 0, "smb_krb5_keyblock_init_contents"); - torture_assert_int_equal(tctx, krb5_crypto_init(ctx, - &reply_key, ETYPE_NULL, - &crypto), 0, - "krb5_crypto_init"); - torture_assert_int_equal(tctx, krb5_decrypt(ctx, crypto, + + ZERO_STRUCT(input); + + input.ciphertext.data = (char *)r->buffers[1].info->credential_info.encrypted_data.data; + input.ciphertext.length = r->buffers[1].info->credential_info.encrypted_data.length; + input.enctype = ENCTYPE_AES256_CTS_HMAC_SHA1_96; + + plain_data.data = malloc(r->buffers[1].info->credential_info.encrypted_data.length); + plain_data.length = r->buffers[1].info->credential_info.encrypted_data.length; + torture_assert(tctx, plain_data.data, "malloc failed"); + + torture_assert_krb5_error_equal(tctx, krb5_c_decrypt(ctx, +#ifdef SAMBA4_USES_HEIMDAL + reply_key, +#else + &reply_key, +#endif KRB5_KU_OTHER_ENCRYPTED, - r->buffers[1].info->credential_info.encrypted_data.data, - r->buffers[1].info->credential_info.encrypted_data.length, + NULL, + &input, &plain_data), 0, "krb5_decrypt"); + torture_assert_int_equal(tctx, plain_data.length, 112, "plain_data.length"); plain_data_blob = data_blob_talloc(tctx, plain_data.data, plain_data.length); torture_assert_int_equal(tctx, plain_data_blob.length, 112, "plain_data_blob.length"); - krb5_data_free(&plain_data); - krb5_crypto_destroy(ctx, crypto); + kerberos_free_data_contents(ctx, &plain_data); krb5_free_keyblock_contents(ctx, &reply_key); krb5_free_context(ctx); torture_assert_data_blob_equal(tctx, |