summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2010-09-16 10:34:59 +0200
committerVolker Lendecke <vl@samba.org>2010-09-16 12:02:56 -0700
commit547b268cfaa2e791bf92e8804bfa504c4e37050b (patch)
tree99fd06239c390cd13c5e5f9840142f74a45a27a6
parent70ab7eb5303a5ff058939541dd5bc1f81113a48e (diff)
downloadsamba-547b268cfaa2e791bf92e8804bfa504c4e37050b.tar.gz
samba-547b268cfaa2e791bf92e8804bfa504c4e37050b.tar.bz2
samba-547b268cfaa2e791bf92e8804bfa504c4e37050b.zip
s3: Correctly unwrap the krb ticket in gss-spnego
-rw-r--r--source3/utils/ntlm_auth.c53
1 files changed, 52 insertions, 1 deletions
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index 0370b0d64a..e2f9c60deb 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -1223,6 +1223,45 @@ static void offer_gss_spnego_mechs(void) {
return;
}
+bool spnego_parse_krb5_wrap(TALLOC_CTX *ctx, DATA_BLOB blob, DATA_BLOB *ticket, uint8 tok_id[2])
+{
+ bool ret;
+ ASN1_DATA *data;
+ int data_remaining;
+
+ data = asn1_init(talloc_tos());
+ if (data == NULL) {
+ return false;
+ }
+
+ asn1_load(data, blob);
+ asn1_start_tag(data, ASN1_APPLICATION(0));
+ asn1_check_OID(data, OID_KERBEROS5);
+
+ data_remaining = asn1_tag_remaining(data);
+
+ if (data_remaining < 3) {
+ data->has_error = True;
+ } else {
+ asn1_read(data, tok_id, 2);
+ data_remaining -= 2;
+ *ticket = data_blob_talloc(ctx, NULL, data_remaining);
+ asn1_read(data, ticket->data, ticket->length);
+ }
+
+ asn1_end_tag(data);
+
+ ret = !data->has_error;
+
+ if (data->has_error) {
+ data_blob_free(ticket);
+ }
+
+ asn1_free(data);
+
+ return ret;
+}
+
static void manage_gss_spnego_request(struct ntlm_auth_state *state,
char *buf, int length)
{
@@ -1367,6 +1406,8 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
DATA_BLOB ap_rep;
DATA_BLOB session_key;
struct PAC_LOGON_INFO *logon_info = NULL;
+ DATA_BLOB ticket;
+ uint8_t tok_id[2];
if ( request.negTokenInit.mechToken.data == NULL ) {
DEBUG(1, ("Client did not provide Kerberos data\n"));
@@ -1375,13 +1416,23 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
return;
}
+ dump_data(10, request.negTokenInit.mechToken.data,
+ request.negTokenInit.mechToken.length);
+
+ if (!spnego_parse_krb5_wrap(ctx, request.negTokenInit.mechToken,
+ &ticket, tok_id)) {
+ DEBUG(1, ("spnego_parse_krb5_wrap failed\n"));
+ x_fprintf(x_stdout, "BH spnego_parse_krb5_wrap failed\n");
+ return;
+ }
+
response.type = SPNEGO_NEG_TOKEN_TARG;
response.negTokenTarg.supportedMech = talloc_strdup(ctx, OID_KERBEROS5_OLD);
response.negTokenTarg.mechListMIC = data_blob_talloc(ctx, NULL, 0);
response.negTokenTarg.responseToken = data_blob_talloc(ctx, NULL, 0);
status = ads_verify_ticket(mem_ctx, lp_realm(), 0,
- &request.negTokenInit.mechToken,
+ &ticket,
&principal, &logon_info, &ap_rep,
&session_key, True);