diff options
author | Günther Deschner <gd@samba.org> | 2014-04-25 14:12:05 +0200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2014-08-08 06:02:34 +0200 |
commit | 016cd35d75b33315b78547c231ba82347b448840 (patch) | |
tree | 7747e292c94b162c3833664e075bb85ce4a8c5a3 /lib | |
parent | 6b3d9853ce8fb1506eefd7df10637b0413b69ab5 (diff) | |
download | samba-016cd35d75b33315b78547c231ba82347b448840.tar.gz |
lib/krb5_wrap: add smb_krb5_create_key_from_string().
This function can take either a calculated salt or a principal and calculate the
salt on its own.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/krb5_wrap/krb5_samba.c | 72 | ||||
-rw-r--r-- | lib/krb5_wrap/krb5_samba.h | 7 |
2 files changed, 79 insertions, 0 deletions
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index ea6b7158ec6..b668716d8e0 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -134,6 +134,78 @@ bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr) #error UNKNOWN_ADDRTYPE #endif +/** +* @brief Create a keyblock based on input parameters +* +* @param context The krb5_context +* @param host_princ The krb5_principal to use +* @param salt The optional salt, if ommitted, salt is calculated with +* the provided principal. +* @param password The krb5_data containing the password +* @param enctype The krb5_enctype to use for the keyblock generation +* @param key The returned krb5_keyblock, caller needs to free with +* krb5_free_keyblock(). +* +* @return krb5_error_code +*/ +int smb_krb5_create_key_from_string(krb5_context context, + krb5_principal *host_princ, + krb5_data *salt, + krb5_data *password, + krb5_enctype enctype, + krb5_keyblock *key) +{ + int ret = 0; + + if (host_princ == NULL && salt == NULL) { + return -1; + } + +#if defined(HAVE_KRB5_PRINCIPAL2SALT) && defined(HAVE_KRB5_C_STRING_TO_KEY) +{/* MIT */ + krb5_data _salt; + + if (salt == NULL) { + ret = krb5_principal2salt(context, *host_princ, &_salt); + if (ret) { + DEBUG(1,("krb5_principal2salt failed (%s)\n", error_message(ret))); + return ret; + } + } else { + _salt = *salt; + } + ret = krb5_c_string_to_key(context, enctype, password, &_salt, key); + if (salt == NULL) { + SAFE_FREE(_salt.data); + } +} +#elif defined(HAVE_KRB5_GET_PW_SALT) && defined(HAVE_KRB5_STRING_TO_KEY_SALT) +{/* Heimdal */ + krb5_salt _salt; + + if (salt == NULL) { + ret = krb5_get_pw_salt(context, *host_princ, &_salt); + if (ret) { + DEBUG(1,("krb5_get_pw_salt failed (%s)\n", error_message(ret))); + return ret; + } + } else { + _salt.saltvalue = *salt; + _salt.salttype = KRB5_PW_SALT; + } + + ret = krb5_string_to_key_salt(context, enctype, (const char *)password->data, _salt, key); + if (salt == NULL) { + krb5_free_salt(context, _salt); + } +} +#else +#error UNKNOWN_CREATE_KEY_FUNCTIONS +#endif + return ret; +} + + #if defined(HAVE_KRB5_PRINCIPAL2SALT) && defined(HAVE_KRB5_C_STRING_TO_KEY) /* MIT */ int create_kerberos_key_from_string_direct(krb5_context context, diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h index b71eebef024..0c30ca898d3 100644 --- a/lib/krb5_wrap/krb5_samba.h +++ b/lib/krb5_wrap/krb5_samba.h @@ -304,6 +304,13 @@ int smb_krb5_get_pw_salt(krb5_context context, krb5_principal host_princ, krb5_data *psalt); +int smb_krb5_create_key_from_string(krb5_context context, + krb5_principal *host_princ, + krb5_data *salt, + krb5_data *password, + krb5_enctype enctype, + krb5_keyblock *key); + #endif /* HAVE_KRB5 */ int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx, |