LCOV - code coverage report
Current view: top level - source4/kdc - kdc-glue.c (source / functions) Hit Total Coverage
Test: coverage report for support-claim-type-attributes 6b5c566e Lines: 24 29 82.8 %
Date: 2023-11-21 12:31:41 Functions: 2 2 100.0 % 

          Line data    Source code
       1             : /*
       2             :    Unix SMB/CIFS implementation.
       3             : 
       4             :    PAC Glue between Samba and the KDC
       5             : 
       6             :    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2009
       7             :    Copyright (C) Simo Sorce <idra@samba.org> 2010
       8             : 
       9             :    This program is free software; you can redistribute it and/or modify
      10             :    it under the terms of the GNU General Public License as published by
      11             :    the Free Software Foundation; either version 3 of the License, or
      12             :    (at your option) any later version.
      13             : 
      14             :    This program is distributed in the hope that it will be useful,
      15             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      16             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      17             :    GNU General Public License for more details.
      18             : 
      19             : 
      20             :    You should have received a copy of the GNU General Public License
      21             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      22             : */
      23             : 
      24             : #include "includes.h"
      25             : #include "system/kerberos.h"
      26             : #include "auth/kerberos/kerberos.h"
      27             : #include <hdb.h>
      28             : #include "kdc/samba_kdc.h"
      29             : #include "kdc/pac-glue.h"
      30             : #include "librpc/gen_ndr/ndr_krb5pac.h"
      31             : #include "auth/kerberos/pac_utils.h"
      32             : #include "kdc/kdc-glue.h"
      33             : 
      34             : #undef DBGC_CLASS
      35             : #define DBGC_CLASS DBGC_KERBEROS
      36             : 
      37          90 : int kdc_check_pac(krb5_context context,
      38             :                   DATA_BLOB srv_sig,
      39             :                   struct PAC_SIGNATURE_DATA *kdc_sig,
      40             :                   hdb_entry *ent)
      41             : {
      42           0 :         krb5_enctype etype;
      43           0 :         int ret;
      44           0 :         krb5_keyblock keyblock;
      45           0 :         Key *key;
      46             : 
      47          90 :         if (kdc_sig->type == CKSUMTYPE_HMAC_MD5) {
      48          24 :                 etype = ENCTYPE_ARCFOUR_HMAC;
      49             :         } else {
      50          66 :                 ret = krb5_cksumtype_to_enctype(context,
      51          66 :                                                 kdc_sig->type,
      52             :                                                 &etype);
      53          66 :                 if (ret != 0) {
      54          30 :                         return ret;
      55             :                 }
      56             :         }
      57             : 
      58          60 :         ret = hdb_enctype2key(context, ent, NULL, etype, &key);
      59             : 
      60          60 :         if (ret != 0) {
      61           0 :                 return ret;
      62             :         }
      63             : 
      64          60 :         keyblock = key->key;
      65             : 
      66          60 :         return check_pac_checksum(srv_sig, kdc_sig,
      67             :                                  context, &keyblock);
      68             : }
      69             : 
      70       95388 : struct samba_kdc_entry_pac samba_kdc_get_device_pac(const astgs_request_t r)
      71             : {
      72       95388 :         const hdb_entry *device = kdc_request_get_armor_client(r);
      73       95388 :         struct samba_kdc_entry *device_skdc_entry = NULL;
      74       95388 :         const hdb_entry *device_krbtgt = NULL;
      75       95388 :         const struct samba_kdc_entry *device_krbtgt_skdc_entry = NULL;
      76       95388 :         const krb5_const_pac device_pac = kdc_request_get_armor_pac(r);
      77             : 
      78       95388 :         if (device != NULL) {
      79         720 :                 device_skdc_entry = talloc_get_type_abort(device->context,
      80             :                                                           struct samba_kdc_entry);
      81             : 
      82         720 :                 device_krbtgt = kdc_request_get_armor_server(r);
      83         720 :                 if (device_krbtgt != NULL) {
      84         720 :                         device_krbtgt_skdc_entry = talloc_get_type_abort(device_krbtgt->context,
      85             :                                                                          struct samba_kdc_entry);
      86             :                 }
      87             :         }
      88             : 
      89       95388 :         return samba_kdc_entry_pac(device_pac,
      90             :                                    device_skdc_entry,
      91       95388 :                                    samba_kdc_entry_is_trust(device_krbtgt_skdc_entry));
      92             : }

Generated by: LCOV version 1.14