summaryrefslogtreecommitdiff
path: root/libcli
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2012-03-31 22:09:22 -0400
committerAndreas Schneider <asn@samba.org>2012-04-12 12:06:43 +0200
commit70c303a7f357b2c73955b24128ac8a72b656d4e6 (patch)
treef87c92753e56bee1b274a20444f80f53e64ee0c0 /libcli
parent3fd6deda7d440b579950ab6d0e2407d755ac70ad (diff)
downloadsamba-70c303a7f357b2c73955b24128ac8a72b656d4e6.tar.gz
samba-70c303a7f357b2c73955b24128ac8a72b656d4e6.tar.bz2
samba-70c303a7f357b2c73955b24128ac8a72b656d4e6.zip
auth-krb: Move pac related util functions in a single place.
Signed-off-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'libcli')
-rw-r--r--libcli/auth/krb5_wrap.c49
-rw-r--r--libcli/auth/krb5_wrap.h32
2 files changed, 0 insertions, 81 deletions
diff --git a/libcli/auth/krb5_wrap.c b/libcli/auth/krb5_wrap.c
index c16b35dcee..2f877e7f0a 100644
--- a/libcli/auth/krb5_wrap.c
+++ b/libcli/auth/krb5_wrap.c
@@ -186,55 +186,6 @@ krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
return krb5_principal_compare_any_realm(context, princ1, princ2);
}
- void smb_krb5_checksum_from_pac_sig(krb5_checksum *cksum,
- struct PAC_SIGNATURE_DATA *sig)
-{
-#ifdef HAVE_CHECKSUM_IN_KRB5_CHECKSUM
- cksum->cksumtype = (krb5_cksumtype)sig->type;
- cksum->checksum.length = sig->signature.length;
- cksum->checksum.data = sig->signature.data;
-#else
- cksum->checksum_type = (krb5_cksumtype)sig->type;
- cksum->length = sig->signature.length;
- cksum->contents = sig->signature.data;
-#endif
-}
-
- krb5_error_code smb_krb5_verify_checksum(krb5_context context,
- const krb5_keyblock *keyblock,
- krb5_keyusage usage,
- krb5_checksum *cksum,
- uint8_t *data,
- size_t length)
-{
- krb5_error_code ret;
-
- /* verify the checksum, heimdal 0.7 and MIT krb 1.4.2 and above */
-
- krb5_boolean checksum_valid = false;
- krb5_data input;
-
- input.data = (char *)data;
- input.length = length;
-
- ret = krb5_c_verify_checksum(context,
- keyblock,
- usage,
- &input,
- cksum,
- &checksum_valid);
- if (ret) {
- DEBUG(3,("smb_krb5_verify_checksum: krb5_c_verify_checksum() failed: %s\n",
- error_message(ret)));
- return ret;
- }
-
- if (!checksum_valid)
- ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-
- return ret;
-}
-
char *gssapi_error_string(TALLOC_CTX *mem_ctx,
OM_uint32 maj_stat, OM_uint32 min_stat,
const gss_OID mech)
diff --git a/libcli/auth/krb5_wrap.h b/libcli/auth/krb5_wrap.h
index 8723d2ddaa..4c0ef93e4c 100644
--- a/libcli/auth/krb5_wrap.h
+++ b/libcli/auth/krb5_wrap.h
@@ -21,8 +21,6 @@
*/
#include "system/kerberos.h"
-struct PAC_SIGNATURE_DATA;
-struct PAC_DATA;
#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */
#define KRB5_KEY_TYPE(k) ((k)->keytype)
@@ -57,38 +55,8 @@ krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
bool smb_krb5_principal_compare_any_realm(krb5_context context,
krb5_const_principal princ1,
krb5_const_principal princ2);
- void smb_krb5_checksum_from_pac_sig(krb5_checksum *cksum,
- struct PAC_SIGNATURE_DATA *sig);
- krb5_error_code smb_krb5_verify_checksum(krb5_context context,
- const krb5_keyblock *keyblock,
- krb5_keyusage usage,
- krb5_checksum *cksum,
- uint8_t *data,
- size_t length);
char *gssapi_error_string(TALLOC_CTX *mem_ctx,
OM_uint32 maj_stat, OM_uint32 min_stat,
const gss_OID mech);
char *smb_get_krb5_error_message(krb5_context context, krb5_error_code code, TALLOC_CTX *mem_ctx);
-krb5_error_code check_pac_checksum(DATA_BLOB pac_data,
- struct PAC_SIGNATURE_DATA *sig,
- krb5_context context,
- const krb5_keyblock *keyblock);
-
-NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
- DATA_BLOB pac_data_blob,
- krb5_context context,
- const krb5_keyblock *krbtgt_keyblock,
- const krb5_keyblock *service_keyblock,
- krb5_const_principal client_principal,
- time_t tgs_authtime,
- struct PAC_DATA **pac_data_out);
-
-NTSTATUS gssapi_obtain_pac_blob(TALLOC_CTX *mem_ctx,
- gss_ctx_id_t gssapi_context,
- gss_name_t gss_client_name,
- DATA_BLOB *pac_data);
-NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
- gss_ctx_id_t gssapi_context,
- DATA_BLOB *session_key,
- uint32_t *keytype);