1 /*
2    Unix SMB/CIFS implementation.
3 
4    Samba KDB plugin for MIT Kerberos
5 
6    Copyright (c) 2010      Simo Sorce <idra@samba.org>.
7    Copyright (c) 2014      Andreas Schneider <asn@samba.org>
8 
9    This program is free software; you can redistribute it and/or modify
10    it under the terms of the GNU General Public License as published by
11    the Free Software Foundation; either version 3 of the License, or
12    (at your option) any later version.
13 
14    This program is distributed in the hope that it will be useful,
15    but WITHOUT ANY WARRANTY; without even the implied warranty of
16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17    GNU General Public License for more details.
18 
19    You should have received a copy of the GNU General Public License
20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 */
22 
23 #include "includes.h"
24 
25 #include "system/kerberos.h"
26 
27 #include <profile.h>
28 #include <kdb.h>
29 
30 #include "kdc/mit_samba.h"
31 #include "kdb_samba.h"
32 
33 krb5_error_code kdb_samba_dbekd_decrypt_key_data(krb5_context context,
34 						 const krb5_keyblock *mkey,
35 						 const krb5_key_data *key_data,
36 						 krb5_keyblock *kkey,
37 						 krb5_keysalt *keysalt)
38 {
39 	/*
40 	 * NOTE: Samba doesn't use a master key, so we will just copy
41 	 * the contents around untouched.
42 	 */
43 	ZERO_STRUCTP(kkey);
44 
45 	kkey->magic = KV5M_KEYBLOCK;
46 	kkey->enctype = key_data->key_data_type[0];
47 	kkey->contents = malloc(key_data->key_data_length[0]);
48 	if (kkey->contents == NULL) {
49 		return ENOMEM;
50 	}
51 	memcpy(kkey->contents,
52 	       key_data->key_data_contents[0],
53 	       key_data->key_data_length[0]);
54 	kkey->length = key_data->key_data_length[0];
55 
56 	if (keysalt != NULL) {
57 		keysalt->type = key_data->key_data_type[1];
58 		keysalt->data.data = malloc(key_data->key_data_length[1]);
59 		if (keysalt->data.data == NULL) {
60 			free(kkey->contents);
61 			return ENOMEM;
62 		}
63 		memcpy(keysalt->data.data,
64 		       key_data->key_data_contents[1],
65 		       key_data->key_data_length[1]);
66 		keysalt->data.length = key_data->key_data_length[1];
67 	}
68 
69 	return 0;
70 }
71 
72 krb5_error_code kdb_samba_dbekd_encrypt_key_data(krb5_context context,
73 						 const krb5_keyblock *mkey,
74 						 const krb5_keyblock *kkey,
75 						 const krb5_keysalt *keysalt,
76 						 int keyver,
77 						 krb5_key_data *key_data)
78 {
79 	/*
80 	 * NOTE: samba doesn't use a master key, so we will just copy
81 	 * the contents around untouched.
82 	 */
83 
84 	ZERO_STRUCTP(key_data);
85 
86 	key_data->key_data_ver = KRB5_KDB_V1_KEY_DATA_ARRAY;
87 	key_data->key_data_kvno = keyver;
88 	key_data->key_data_type[0] = kkey->enctype;
89 	key_data->key_data_contents[0] = malloc(kkey->length);
90 	if (key_data->key_data_contents[0] == NULL) {
91 		return ENOMEM;
92 	}
93 	memcpy(key_data->key_data_contents[0],
94 	       kkey->contents,
95 	       kkey->length);
96 	key_data->key_data_length[0] = kkey->length;
97 
98 	if (keysalt != NULL) {
99 		key_data->key_data_type[1] = keysalt->type;
100 		key_data->key_data_contents[1] = malloc(keysalt->data.length);
101 		if (key_data->key_data_contents[1] == NULL) {
102 			free(key_data->key_data_contents[0]);
103 			return ENOMEM;
104 		}
105 		memcpy(key_data->key_data_contents[1],
106 		       keysalt->data.data,
107 		       keysalt->data.length);
108 		key_data->key_data_length[1] = keysalt->data.length;
109 	}
110 
111 	return 0;
112 }
113