cred->target_service = talloc_strdup(cred, target_service);
}
-_PUBLIC_ int cli_credentials_get_aes256_key(struct cli_credentials *cred,
- TALLOC_CTX *mem_ctx,
- struct loadparm_context *lp_ctx,
- DATA_BLOB *aes_256)
+_PUBLIC_ int cli_credentials_get_kerberos_key(struct cli_credentials *cred,
+ TALLOC_CTX *mem_ctx,
+ struct loadparm_context *lp_ctx,
+ krb5_enctype enctype,
+ DATA_BLOB *key_blob)
{
struct smb_krb5_context *smb_krb5_context = NULL;
krb5_error_code krb5_ret;
TALLOC_CTX *frame = talloc_stackframe();
+ if ((int)enctype == (int)ENCTYPE_ARCFOUR_HMAC) {
+ struct samr_Password *nt_hash
+ = cli_credentials_get_nt_hash(cred, frame);
+ if (nt_hash == NULL) {
+ TALLOC_FREE(frame);
+ return EINVAL;
+ }
+ *key_blob = data_blob_talloc(mem_ctx,
+ nt_hash->hash,
+ sizeof(nt_hash->hash));
+ if (key_blob->data == NULL) {
+ TALLOC_FREE(frame);
+ return ENOMEM;
+ }
+ TALLOC_FREE(frame);
+ return 0;
+ }
+
if (cred->password_will_be_nt_hash) {
- DEBUG(1,("cli_credentials_get_aes256_key: cannot generate AES256 key using NT hash\n"));
+ DEBUG(1,("cli_credentials_get_kerberos_key: cannot generate Kerberos key using NT hash\n"));
TALLOC_FREE(frame);
return EINVAL;
}
salt_data.length = strlen(salt);
/*
- * create ENCTYPE_AES256_CTS_HMAC_SHA1_96 key out of
+ * create Kerberos key out of
* the salt and the cleartext password
*/
krb5_ret = smb_krb5_create_key_from_string(smb_krb5_context->krb5_context,
NULL,
&salt_data,
&cleartext_data,
- ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+ enctype,
&key);
if (krb5_ret != 0) {
DEBUG(1,("cli_credentials_get_aes256_key: "
TALLOC_FREE(frame);
return EINVAL;
}
- *aes_256 = data_blob_talloc(mem_ctx,
+ *key_blob = data_blob_talloc(mem_ctx,
KRB5_KEY_DATA(&key),
KRB5_KEY_LENGTH(&key));
krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &key);
- if (aes_256->data == NULL) {
+ if (key_blob->data == NULL) {
TALLOC_FREE(frame);
return ENOMEM;
}
- talloc_keep_secret(aes_256->data);
+ talloc_keep_secret(key_blob->data);
TALLOC_FREE(frame);
return 0;
#include "pycredentials.h"
#include "param/param.h"
#include "auth/credentials/credentials_internal.h"
+#include "auth/credentials/credentials_krb5.h"
#include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
#include "librpc/gen_ndr/netlogon.h"
#include "libcli/util/pyerrors.h"
return ret;
}
-static PyObject *py_creds_get_aes256_key(PyObject *self, PyObject *args)
+static PyObject *py_creds_get_kerberos_key(PyObject *self, PyObject *args)
{
struct loadparm_context *lp_ctx = NULL;
TALLOC_CTX *mem_ctx = NULL;
PyObject *py_lp_ctx = Py_None;
- DATA_BLOB aes_256;
+ DATA_BLOB key;
int code;
+ int enctype;
PyObject *ret = NULL;
struct cli_credentials *creds = PyCredentials_AsCliCredentials(self);
if (creds == NULL) {
return NULL;
}
- if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
+ if (!PyArg_ParseTuple(args, "i|O", &enctype, &py_lp_ctx))
return NULL;
mem_ctx = talloc_new(NULL);
return NULL;
}
- code = cli_credentials_get_aes256_key(creds,
- mem_ctx,
- lp_ctx,
- &aes_256);
+ code = cli_credentials_get_kerberos_key(creds,
+ mem_ctx,
+ lp_ctx,
+ enctype,
+ &key);
if (code != 0) {
PyErr_SetString(PyExc_RuntimeError,
- "Failed to generate AES256 key");
+ "Failed to generate Kerberos key");
talloc_free(mem_ctx);
return NULL;
}
- ret = PyBytes_FromStringAndSize((const char *)aes_256.data,
- aes_256.length);
+ ret = PyBytes_FromStringAndSize((const char *)key.data,
+ key.length);
talloc_free(mem_ctx);
return ret;
}
.ml_flags = METH_VARARGS,
},
{
- .ml_name = "get_aes256_key",
- .ml_meth = py_creds_get_aes256_key,
+ .ml_name = "get_kerberos_key",
+ .ml_meth = py_creds_get_kerberos_key,
.ml_flags = METH_VARARGS,
- .ml_doc = "S.get_aes256_key([lp]) -> bytes\n"
- "Generate an AES256 key using the current password and\n"
+ .ml_doc = "S.get_kerberos_key(enctype, [lp]) -> bytes\n"
+ "Generate a Kerberos key using the current password and\n"
"the salt on this credentials object",
},
{
PyModule_AddObject(m, "SMB_ENCRYPTION_DESIRED", PyLong_FromLong(SMB_ENCRYPTION_DESIRED));
PyModule_AddObject(m, "SMB_ENCRYPTION_REQUIRED", PyLong_FromLong(SMB_ENCRYPTION_REQUIRED));
+ PyModule_AddObject(m, "ENCTYPE_ARCFOUR_HMAC", PyLong_FromLong(ENCTYPE_ARCFOUR_HMAC));
+ PyModule_AddObject(m, "ENCTYPE_AES128_CTS_HMAC_SHA1_96", PyLong_FromLong(ENCTYPE_AES128_CTS_HMAC_SHA1_96));
+ PyModule_AddObject(m, "ENCTYPE_AES256_CTS_HMAC_SHA1_96", PyLong_FromLong(ENCTYPE_AES256_CTS_HMAC_SHA1_96));
+
Py_INCREF(&PyCredentials);
PyModule_AddObject(m, "Credentials", (PyObject *)&PyCredentials);
Py_INCREF(&PyCredentialCacheContainer);
projects / thirdparty / samba.git / commitdiff
