#define CKSUMTYPE_HMAC_MD5 CKSUMTYPE_HMAC_MD5_ARCFOUR
#endif
+/*
+ * CKSUMTYPE_HMAC_SHA1_96_AES_* in Heimdal
+ * CKSUMTYPE_HMAC_SHA1_96_AES* in MIT
+ */
+#if defined(CKSUMTYPE_HMAC_SHA1_96_AES128) && !defined(CKSUMTYPE_HMAC_SHA1_96_AES_128)
+#define CKSUMTYPE_HMAC_SHA1_96_AES_128 CKSUMTYPE_HMAC_SHA1_96_AES128
+#endif
+#if defined(CKSUMTYPE_HMAC_SHA1_96_AES256) && !defined(CKSUMTYPE_HMAC_SHA1_96_AES_256)
+#define CKSUMTYPE_HMAC_SHA1_96_AES_256 CKSUMTYPE_HMAC_SHA1_96_AES256
+#endif
+
+/*
+ * KRB5_KU_OTHER_ENCRYPTED in Heimdal
+ * KRB5_KEYUSAGE_APP_DATA_ENCRYPT in MIT
+ */
+#if defined(KRB5_KEYUSAGE_APP_DATA_ENCRYPT) && !defined(KRB5_KU_OTHER_ENCRYPTED)
+#define KRB5_KU_OTHER_ENCRYPTED KRB5_KEYUSAGE_APP_DATA_ENCRYPT
+#endif
+
typedef struct {
#if defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) /* MIT */
krb5_address **addrs;
#endif
/* Samba wrapper functions for krb5 functionality. */
-bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr);
+bool smb_krb5_sockaddr_to_kaddr(struct sockaddr_storage *paddr,
+ krb5_address *pkaddr);
+
+krb5_error_code smb_krb5_mk_error(krb5_context context,
+ krb5_error_code error_code,
+ const char *e_text,
+ krb5_data *e_data,
+ const krb5_principal client,
+ const krb5_principal server,
+ krb5_data *enc_err);
+
+krb5_error_code smb_krb5_get_allowed_etypes(krb5_context context,
+ krb5_enctype **enctypes);
+
+bool smb_krb5_get_smb_session_key(TALLOC_CTX *mem_ctx,
+ krb5_context context,
+ krb5_auth_context auth_context,
+ DATA_BLOB *session_key,
+ bool remote);
-krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes);
-bool get_krb5_smb_session_key(TALLOC_CTX *mem_ctx,
- krb5_context context,
- krb5_auth_context auth_context,
- DATA_BLOB *session_key, bool remote);
krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry);
-void kerberos_set_creds_enctype(krb5_creds *pcreds, int enctype);
-bool kerberos_compatible_enctypes(krb5_context context, krb5_enctype enctype1, krb5_enctype enctype2);
-void kerberos_free_data_contents(krb5_context context, krb5_data *pdata);
-krb5_error_code smb_krb5_parse_name_norealm(krb5_context context,
- const char *name,
- krb5_principal *principal);
-bool smb_krb5_principal_compare_any_realm(krb5_context context,
- krb5_const_principal princ1,
- krb5_const_principal princ2);
+void smb_krb5_free_data_contents(krb5_context context, krb5_data *pdata);
krb5_error_code smb_krb5_renew_ticket(const char *ccache_string, const char *client_string, const char *service_string, time_t *expire_time);
krb5_error_code smb_krb5_gen_netbios_krb5_address(smb_krb5_addresses **kerb_addr,
const char *netbios_name);
krb5_error_code smb_krb5_free_addresses(krb5_context context, smb_krb5_addresses *addr);
NTSTATUS krb5_to_nt_status(krb5_error_code kerberos_error);
krb5_error_code nt_status_to_krb5(NTSTATUS nt_status);
-void smb_krb5_free_error(krb5_context context, krb5_error *krberror);
-krb5_error_code handle_krberror_packet(krb5_context context,
- krb5_data *packet);
-
-void smb_krb5_get_init_creds_opt_free(krb5_context context,
- krb5_get_init_creds_opt *opt);
-krb5_error_code smb_krb5_get_init_creds_opt_alloc(krb5_context context,
- krb5_get_init_creds_opt **opt);
-krb5_enctype smb_get_enctype_from_kt_entry(krb5_keytab_entry *kt_entry);
+
+krb5_enctype smb_krb5_kt_get_enctype_from_entry(krb5_keytab_entry *kt_entry);
+
krb5_error_code smb_krb5_enctype_to_string(krb5_context context,
krb5_enctype enctype,
char **etype_s);
-krb5_error_code smb_krb5_open_keytab_relative(krb5_context context,
- const char *keytab_name_req,
- bool write_access,
- krb5_keytab *keytab);
-krb5_error_code smb_krb5_open_keytab(krb5_context context,
- const char *keytab_name,
- bool write_access,
- krb5_keytab *keytab);
-krb5_error_code smb_krb5_keytab_name(TALLOC_CTX *mem_ctx,
+krb5_error_code smb_krb5_kt_open_relative(krb5_context context,
+ const char *keytab_name_req,
+ bool write_access,
+ krb5_keytab *keytab);
+krb5_error_code smb_krb5_kt_open(krb5_context context,
+ const char *keytab_name,
+ bool write_access,
+ krb5_keytab *keytab);
+krb5_error_code smb_krb5_kt_get_name(TALLOC_CTX *mem_ctx,
krb5_context context,
krb5_keytab keytab,
const char **keytab_name);
const void *data,
size_t length,
krb5_keyblock *key);
-krb5_error_code kerberos_kinit_keyblock_cc(krb5_context ctx, krb5_ccache cc,
- krb5_principal principal,
- krb5_keyblock *keyblock,
- const char *target_service,
- krb5_get_init_creds_opt *krb_options,
- time_t *expire_time,
- time_t *kdc_time);
-krb5_error_code kerberos_kinit_password_cc(krb5_context ctx,
- krb5_ccache cc,
- krb5_principal principal,
- const char *password,
+krb5_error_code smb_krb5_kinit_keyblock_ccache(krb5_context ctx,
+ krb5_ccache cc,
+ krb5_principal principal,
+ krb5_keyblock *keyblock,
+ const char *target_service,
+ krb5_get_init_creds_opt *krb_options,
+ time_t *expire_time,
+ time_t *kdc_time);
+krb5_error_code smb_krb5_kinit_password_ccache(krb5_context ctx,
+ krb5_ccache cc,
+ krb5_principal principal,
+ const char *password,
+ const char *target_service,
+ krb5_get_init_creds_opt *krb_options,
+ time_t *expire_time,
+ time_t *kdc_time);
+#ifdef SAMBA4_USES_HEIMDAL
+krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx,
+ krb5_ccache store_cc,
+ krb5_principal init_principal,
+ const char *init_password,
+ krb5_principal impersonate_principal,
+ const char *self_service,
const char *target_service,
krb5_get_init_creds_opt *krb_options,
time_t *expire_time,
time_t *kdc_time);
-#ifdef SAMBA4_USES_HEIMDAL
-krb5_error_code kerberos_kinit_s4u2_cc(krb5_context ctx,
- krb5_ccache store_cc,
- krb5_principal init_principal,
- const char *init_password,
- krb5_principal impersonate_principal,
- const char *self_service,
- const char *target_service,
- krb5_get_init_creds_opt *krb_options,
- time_t *expire_time,
- time_t *kdc_time);
#endif
#if defined(HAVE_KRB5_MAKE_PRINCIPAL)
krb5_principal principal,
const char *realm);
-char *kerberos_get_principal_from_service_hostname(TALLOC_CTX *mem_ctx,
- const char *service,
- const char *remote_name,
- const char *default_realm);
+char *smb_krb5_get_realm_from_hostname(TALLOC_CTX *mem_ctx,
+ const char *hostname,
+ const char *client_realm);
char *smb_get_krb5_error_message(krb5_context context,
krb5_error_code code,
TALLOC_CTX *mem_ctx);
-bool unwrap_edata_ntstatus(TALLOC_CTX *mem_ctx,
- DATA_BLOB *edata,
- DATA_BLOB *edata_out);
-
-
krb5_error_code kt_copy(krb5_context context,
const char *from,
const char *to);
int smb_krb5_get_pw_salt(krb5_context context,
krb5_const_principal host_princ,
krb5_data *psalt);
+int smb_krb5_salt_principal(const char *realm,
+ const char *sAMAccountName,
+ const char *userPrincipalName,
+ uint32_t uac_flags,
+ TALLOC_CTX *mem_ctx,
+ char **_salt_principal);
+int smb_krb5_salt_principal2data(krb5_context context,
+ const char *salt_principal,
+ TALLOC_CTX *mem_ctx,
+ char **_salt_data);
int smb_krb5_create_key_from_string(krb5_context context,
krb5_const_principal host_princ,
krb5_const_principal principal,
unsigned int component);
-krb5_error_code krb5_copy_data_contents(krb5_data *p,
- const void *data,
- size_t len);
+krb5_error_code smb_krb5_copy_data_contents(krb5_data *p,
+ const void *data,
+ size_t len);
int smb_krb5_principal_get_type(krb5_context context,
krb5_const_principal principal);
krb5_error_code krb5_warnx(krb5_context context, const char *fmt, ...);
#endif
+krb5_error_code smb_krb5_cc_copy_creds(krb5_context context,
+ krb5_ccache incc, krb5_ccache outcc);
+
#endif /* HAVE_KRB5 */
-int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx,
- const char *principal, time_t time_offset,
- DATA_BLOB *ticket, DATA_BLOB *session_key_krb5,
- uint32_t extra_ap_opts, const char *ccname,
- time_t *tgs_expire,
- const char *impersonate_princ_s);
+int ads_krb5_cli_get_ticket(TALLOC_CTX *mem_ctx,
+ const char *principal,
+ time_t time_offset,
+ DATA_BLOB *ticket,
+ DATA_BLOB *session_key_krb5,
+ uint32_t extra_ap_opts, const char *ccname,
+ time_t *tgs_expire,
+ const char *impersonate_princ_s);
#endif /* _KRB5_SAMBA_H */
git.samba.org / samba.git / blobdiff