Line data    Source code

       1             : /*
       2             :    Unix SMB/CIFS implementation.
       3             : 
       4             :    PAC Glue between Samba and the KDC
       5             : 
       6             :    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2009
       7             :    Copyright (C) Simo Sorce <idra@samba.org> 2010
       8             : 
       9             :    This program is free software; you can redistribute it and/or modify
      10             :    it under the terms of the GNU General Public License as published by
      11             :    the Free Software Foundation; either version 3 of the License, or
      12             :    (at your option) any later version.
      13             : 
      14             :    This program is distributed in the hope that it will be useful,
      15             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      16             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      17             :    GNU General Public License for more details.
      18             : 
      19             : 
      20             :    You should have received a copy of the GNU General Public License
      21             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      22             : */
      23             : 
      24             : #include "includes.h"
      25             : #include "system/kerberos.h"
      26             : #include "auth/kerberos/kerberos.h"
      27             : #include <hdb.h>
      28             : #include "kdc/samba_kdc.h"
      29             : #include "kdc/pac-glue.h"
      30             : #include "librpc/gen_ndr/ndr_krb5pac.h"
      31             : #include "auth/kerberos/pac_utils.h"
      32             : #include "kdc/kdc-glue.h"
      33             : 
      34             : #undef DBGC_CLASS
      35             : #define DBGC_CLASS DBGC_KERBEROS
      36             : 
      37          72 : int kdc_check_pac(krb5_context context,
      38             :                   DATA_BLOB srv_sig,
      39             :                   struct PAC_SIGNATURE_DATA *kdc_sig,
      40             :                   hdb_entry *ent)
      41             : {
      42             :         krb5_enctype etype;
      43             :         int ret;
      44             :         krb5_keyblock keyblock;
      45             :         Key *key;
      46             : 
      47          72 :         if (kdc_sig->type == CKSUMTYPE_HMAC_MD5) {
      48          24 :                 etype = ENCTYPE_ARCFOUR_HMAC;
      49             :         } else {
      50          48 :                 ret = krb5_cksumtype_to_enctype(context,
      51          48 :                                                 kdc_sig->type,
      52             :                                                 &etype);
      53          48 :                 if (ret != 0) {
      54          24 :                         return ret;
      55             :                 }
      56             :         }
      57             : 
      58          48 :         ret = hdb_enctype2key(context, ent, NULL, etype, &key);
      59             : 
      60          48 :         if (ret != 0) {
      61           0 :                 return ret;
      62             :         }
      63             : 
      64          48 :         keyblock = key->key;
      65             : 
      66          48 :         return check_pac_checksum(srv_sig, kdc_sig,
      67             :                                  context, &keyblock);
      68             : }