search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3: Fix bug 7578
[Samba/gebeck_regimport.git] / source4 / auth / kerberos / clikrb5.c
blob3314cbc5910b15a6541d2cf1cacf4e4d78e4ddcc
1 /*
2 Unix SMB/CIFS implementation.
3 simple kerberos5 routines for active directory
4 Copyright (C) Andrew Tridgell 2001
5 Copyright (C) Luke Howard 2002-2003
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "system/network.h"
24 #include "system/kerberos.h"
25 #include "system/time.h"
26 #include "auth/kerberos/kerberos.h"
27
28 #ifdef HAVE_KRB5
29
30 #if defined(HAVE_KRB5_PRINCIPAL2SALT) && defined(HAVE_KRB5_USE_ENCTYPE) && defined(HAVE_KRB5_STRING_TO_KEY) && defined(HAVE_KRB5_ENCRYPT_BLOCK)
31 int create_kerberos_key_from_string(krb5_context context,
32 krb5_principal host_princ,
33 krb5_data *password,
34 krb5_keyblock *key,
35 krb5_enctype enctype)
36 {
37 int ret;
38 krb5_data salt;
39 krb5_encrypt_block eblock;
40
41 ret = krb5_principal2salt(context, host_princ, &salt);
42 if (ret) {
43 DEBUG(1,("krb5_principal2salt failed (%s)\n", error_message(ret)));
44 return ret;
45 }
46 krb5_use_enctype(context, &eblock, enctype);
47 ret = krb5_string_to_key(context, &eblock, key, password, &salt);
48 SAFE_FREE(salt.data);
49 return ret;
50 }
51 #elif defined(HAVE_KRB5_GET_PW_SALT) && defined(HAVE_KRB5_STRING_TO_KEY_SALT)
52 int create_kerberos_key_from_string(krb5_context context,
53 krb5_principal host_princ,
54 krb5_data *password,
55 krb5_keyblock *key,
56 krb5_enctype enctype)
57 {
58 int ret;
59 krb5_salt salt;
60
61 ret = krb5_get_pw_salt(context, host_princ, &salt);
62 if (ret) {
63 DEBUG(1,("krb5_get_pw_salt failed (%s)\n", error_message(ret)));
64 return ret;
65 }
66 ret = krb5_string_to_key_salt(context, enctype, password->data,
67 salt, key);
68 krb5_free_salt(context, salt);
69 return ret;
70 }
71 #else
72 #error UNKNOWN_CREATE_KEY_FUNCTIONS
73 #endif
74
75 void kerberos_free_data_contents(krb5_context context, krb5_data *pdata)
76 {
77 if (pdata->data) {
78 krb5_data_free(pdata);
79 }
80 }
81
82 krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry)
83 {
84 #if defined(HAVE_KRB5_KT_FREE_ENTRY)
85 return krb5_kt_free_entry(context, kt_entry);
86 #elif defined(HAVE_KRB5_FREE_KEYTAB_ENTRY_CONTENTS)
87 return krb5_free_keytab_entry_contents(context, kt_entry);
88 #else
89 #error UNKNOWN_KT_FREE_FUNCTION
90 #endif
91 }
92
93 char *smb_get_krb5_error_message(krb5_context context, krb5_error_code code, TALLOC_CTX *mem_ctx)
94 {
95 char *ret;
96
97 #if defined(HAVE_KRB5_GET_ERROR_MESSAGE) && defined(HAVE_KRB5_FREE_ERROR_MESSAGE)
98 const char *context_error = krb5_get_error_message(context, code);
99 if (context_error) {
100 ret = talloc_asprintf(mem_ctx, "%s: %s", error_message(code), context_error);
101 krb5_free_error_message(context, context_error);
102 return ret;
103 }
104 #endif
105 ret = talloc_strdup(mem_ctx, error_message(code));
106 return ret;
107 }
108
109 #endif
reg import