2 Unix SMB/CIFS implementation.
3 simple kerberos5 routines for active directory
4 Copyright (C) Andrew Tridgell 2001
5 Copyright (C) Luke Howard 2002-2003
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "system/network.h"
25 #include "system/kerberos.h"
26 #include "system/time.h"
27 #include "auth/kerberos/kerberos.h"
31 #if defined(HAVE_KRB5_SET_DEFAULT_IN_TKT_ETYPES) && !defined(HAVE_KRB5_SET_DEFAULT_TGS_KTYPES)
32 krb5_error_code
krb5_set_default_tgs_ktypes(krb5_context ctx
, const krb5_enctype
*enc
)
34 return krb5_set_default_in_tkt_etypes(ctx
, enc
);
38 #if defined(HAVE_ADDR_TYPE_IN_KRB5_ADDRESS)
40 void setup_kaddr( krb5_address
*pkaddr
, struct sockaddr
*paddr
)
42 pkaddr
->addr_type
= KRB5_ADDRESS_INET
;
43 pkaddr
->address
.length
= sizeof(((struct sockaddr_in
*)paddr
)->sin_addr
);
44 pkaddr
->address
.data
= (char *)&(((struct sockaddr_in
*)paddr
)->sin_addr
);
46 #elif defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS)
48 void setup_kaddr( krb5_address
*pkaddr
, struct sockaddr
*paddr
)
50 pkaddr
->addrtype
= ADDRTYPE_INET
;
51 pkaddr
->length
= sizeof(((struct sockaddr_in
*)paddr
)->sin_addr
);
52 pkaddr
->contents
= (krb5_octet
*)&(((struct sockaddr_in
*)paddr
)->sin_addr
);
55 #error UNKNOWN_ADDRTYPE
58 #if defined(HAVE_KRB5_PRINCIPAL2SALT) && defined(HAVE_KRB5_USE_ENCTYPE) && defined(HAVE_KRB5_STRING_TO_KEY) && defined(HAVE_KRB5_ENCRYPT_BLOCK)
59 int create_kerberos_key_from_string(krb5_context context
,
60 krb5_principal host_princ
,
67 krb5_encrypt_block eblock
;
69 ret
= krb5_principal2salt(context
, host_princ
, &salt
);
71 DEBUG(1,("krb5_principal2salt failed (%s)\n", error_message(ret
)));
74 krb5_use_enctype(context
, &eblock
, enctype
);
75 ret
= krb5_string_to_key(context
, &eblock
, key
, password
, &salt
);
79 #elif defined(HAVE_KRB5_GET_PW_SALT) && defined(HAVE_KRB5_STRING_TO_KEY_SALT)
80 int create_kerberos_key_from_string(krb5_context context
,
81 krb5_principal host_princ
,
89 ret
= krb5_get_pw_salt(context
, host_princ
, &salt
);
91 DEBUG(1,("krb5_get_pw_salt failed (%s)\n", error_message(ret
)));
94 ret
= krb5_string_to_key_salt(context
, enctype
, password
->data
,
96 krb5_free_salt(context
, salt
);
100 #error UNKNOWN_CREATE_KEY_FUNCTIONS
103 #if defined(HAVE_KRB5_GET_PERMITTED_ENCTYPES)
104 krb5_error_code
get_kerberos_allowed_etypes(krb5_context context
,
105 krb5_enctype
**enctypes
)
107 return krb5_get_permitted_enctypes(context
, enctypes
);
109 #elif defined(HAVE_KRB5_GET_DEFAULT_IN_TKT_ETYPES)
110 krb5_error_code
get_kerberos_allowed_etypes(krb5_context context
,
111 krb5_enctype
**enctypes
)
113 return krb5_get_default_in_tkt_etypes(context
, enctypes
);
116 #error UNKNOWN_GET_ENCTYPES_FUNCTIONS
119 void free_kerberos_etypes(krb5_context context
,
120 krb5_enctype
*enctypes
)
122 #if defined(HAVE_KRB5_FREE_KTYPES)
123 krb5_free_ktypes(context
, enctypes
);
131 #if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY)
132 krb5_error_code
krb5_auth_con_setuseruserkey(krb5_context context
,
133 krb5_auth_context auth_context
,
134 krb5_keyblock
*keyblock
)
136 return krb5_auth_con_setkey(context
, auth_context
, keyblock
);
140 #if !defined(HAVE_KRB5_FREE_UNPARSED_NAME)
141 void krb5_free_unparsed_name(krb5_context context
, char *val
)
147 void kerberos_free_data_contents(krb5_context context
, krb5_data
*pdata
)
149 #if defined(HAVE_KRB5_FREE_DATA_CONTENTS)
151 krb5_free_data_contents(context
, pdata
);
154 SAFE_FREE(pdata
->data
);
158 void kerberos_set_creds_enctype(krb5_creds
*pcreds
, int enctype
)
160 #if defined(HAVE_KRB5_KEYBLOCK_IN_CREDS)
161 KRB5_KEY_TYPE((&pcreds
->keyblock
)) = enctype
;
162 #elif defined(HAVE_KRB5_SESSION_IN_CREDS)
163 KRB5_KEY_TYPE((&pcreds
->session
)) = enctype
;
165 #error UNKNOWN_KEYBLOCK_MEMBER_IN_KRB5_CREDS_STRUCT
169 BOOL
kerberos_compatible_enctypes(krb5_context context
,
170 krb5_enctype enctype1
,
171 krb5_enctype enctype2
)
173 #if defined(HAVE_KRB5_C_ENCTYPE_COMPARE)
174 krb5_boolean similar
= 0;
176 krb5_c_enctype_compare(context
, enctype1
, enctype2
, &similar
);
177 return similar
? True
: False
;
178 #elif defined(HAVE_KRB5_ENCTYPES_COMPATIBLE_KEYS)
179 return krb5_enctypes_compatible_keys(context
, enctype1
, enctype2
) ? True
: False
;
183 krb5_error_code
smb_krb5_kt_free_entry(krb5_context context
, krb5_keytab_entry
*kt_entry
)
185 #if defined(HAVE_KRB5_KT_FREE_ENTRY)
186 return krb5_kt_free_entry(context
, kt_entry
);
187 #elif defined(HAVE_KRB5_FREE_KEYTAB_ENTRY_CONTENTS)
188 return krb5_free_keytab_entry_contents(context
, kt_entry
);
190 #error UNKNOWN_KT_FREE_FUNCTION
194 char *smb_get_krb5_error_message(krb5_context context
, krb5_error_code code
, TALLOC_CTX
*mem_ctx
)
198 #if defined(HAVE_KRB5_GET_ERROR_STRING) && defined(HAVE_KRB5_FREE_ERROR_STRING)
199 char *context_error
= krb5_get_error_string(context
);
201 ret
= talloc_asprintf(mem_ctx
, "%s: %s", error_message(code
), context_error
);
202 krb5_free_error_string(context
, context_error
);
206 ret
= talloc_strdup(mem_ctx
, error_message(code
));