From: Stefan Metzmacher Date: Thu, 18 May 2017 09:32:46 +0000 (+0200) Subject: krb5_wrap: add smb_krb5_salt_principal2data() X-Git-Tag: samba-4.5.13~76 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cef8c677b7efc4f644ddad00e471560659e0d497;p=thirdparty%2Fsamba.git krb5_wrap: add smb_krb5_salt_principal2data() BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit ec2da944d304852d76137e8f9d234462bc807c6b) --- diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index 38547ec7be8..fe29386ad70 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -337,7 +337,8 @@ int smb_krb5_get_pw_salt(krb5_context context, * - SomePrincipal@EXAMPLE.COM * * This is not the form that's used as salt, it's just - * the human readable form. + * the human readable form. It needs to be converted by + * smb_krb5_salt_principal2data(). * * @param[in] realm The realm the user/computer is added too. * @@ -354,6 +355,8 @@ int smb_krb5_get_pw_salt(krb5_context context, * @param[out] _salt_principal The resulting principal as string. * * @retval 0 Success; otherwise - Kerberos error codes + * + * @see smb_krb5_salt_principal2data */ int smb_krb5_salt_principal(const char *realm, const char *sAMAccountName, @@ -444,6 +447,70 @@ int smb_krb5_salt_principal(const char *realm, return 0; } +/** + * @brief Converts the salt principal string into the salt data blob + * + * This function takes a salt_principal as string in forms like this: + * - host/somehost.example.com@EXAMPLE.COM + * - SomeAccount@EXAMPLE.COM + * - SomePrincipal@EXAMPLE.COM + * + * It generates values like: + * - EXAMPLE.COMhost/somehost.example.com + * - EXAMPLE.COMSomeAccount + * - EXAMPLE.COMSomePrincipal + * + * @param[in] realm The realm the user/computer is added too. + * + * @param[in] sAMAccountName The sAMAccountName attribute of the object. + * + * @param[in] userPrincipalName The userPrincipalName attribute of the object + * or NULL is not available. + * + * @param[in] is_computer The indication of the object includes + * objectClass=computer. + * + * @param[in] mem_ctx The TALLOC_CTX to allocate _salt_principal. + * + * @param[out] _salt_principal The resulting principal as string. + * + * @retval 0 Success; otherwise - Kerberos error codes + * + * @see smb_krb5_salt_principal + */ +int smb_krb5_salt_principal2data(krb5_context context, + const char *salt_principal, + TALLOC_CTX *mem_ctx, + char **_salt_data) +{ + krb5_error_code ret; + krb5_principal salt_princ = NULL; + krb5_data salt; + + *_salt_data = NULL; + + ret = krb5_parse_name(context, salt_principal, &salt_princ); + if (ret != 0) { + return ret; + } + + ret = smb_krb5_get_pw_salt(context, salt_princ, &salt); + krb5_free_principal(context, salt_princ); + if (ret != 0) { + return ret; + } + + *_salt_data = talloc_strndup(mem_ctx, + (char *)salt.data, + salt.length); + smb_krb5_free_data_contents(context, &salt); + if (*_salt_data == NULL) { + return ENOMEM; + } + + return 0; +} + #if defined(HAVE_KRB5_GET_PERMITTED_ENCTYPES) krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes) diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h index 31974e07cb1..116bffc7862 100644 --- a/lib/krb5_wrap/krb5_samba.h +++ b/lib/krb5_wrap/krb5_samba.h @@ -368,6 +368,10 @@ int smb_krb5_salt_principal(const char *realm, bool is_computer, TALLOC_CTX *mem_ctx, char **_salt_principal); +int smb_krb5_salt_principal2data(krb5_context context, + const char *salt_principal, + TALLOC_CTX *mem_ctx, + char **_salt_data); int smb_krb5_create_key_from_string(krb5_context context, krb5_const_principal host_princ,