diff options
author | Simo Sorce <idra@samba.org> | 2010-08-21 10:59:52 -0400 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2010-08-30 14:33:14 +0200 |
commit | d15d76af5f169d27eeecab909174b67f7b44d0ee (patch) | |
tree | 606471c4238b4e672d88e7eb35a1c352082955fa /source3/librpc | |
parent | 6c80e04120542624438e4ca015bdaca45e4baee3 (diff) | |
download | samba-d15d76af5f169d27eeecab909174b67f7b44d0ee.tar.gz samba-d15d76af5f169d27eeecab909174b67f7b44d0ee.tar.bz2 samba-d15d76af5f169d27eeecab909174b67f7b44d0ee.zip |
dcerpc-gssapi: add function to extract authtime
Signed-off-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'source3/librpc')
-rw-r--r-- | source3/librpc/rpc/dcerpc_gssapi.c | 53 | ||||
-rw-r--r-- | source3/librpc/rpc/dcerpc_gssapi.h | 1 |
2 files changed, 54 insertions, 0 deletions
diff --git a/source3/librpc/rpc/dcerpc_gssapi.c b/source3/librpc/rpc/dcerpc_gssapi.c index 0f21792cbb..03c6ae963f 100644 --- a/source3/librpc/rpc/dcerpc_gssapi.c +++ b/source3/librpc/rpc/dcerpc_gssapi.c @@ -60,6 +60,16 @@ gss_OID_desc gse_authz_data_oid = { (void *)GSE_EXTRACT_RELEVANT_AUTHZ_DATA_OID }; +#ifndef GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID +#define GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH 11 +#define GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0c" +#endif + +gss_OID_desc gse_authtime_oid = { + GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH, + (void *)GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID +}; + static char *gse_errstr(TALLOC_CTX *mem_ctx, OM_uint32 maj, OM_uint32 min); struct gse_context { @@ -655,6 +665,44 @@ NTSTATUS gse_get_authz_data(struct gse_context *gse_ctx, return NT_STATUS_OK; } +NTSTATUS gse_get_authtime(struct gse_context *gse_ctx, time_t *authtime) +{ + OM_uint32 gss_min, gss_maj; + gss_buffer_set_t set = GSS_C_NO_BUFFER_SET; + int32_t tkttime; + + if (!gse_ctx->authenticated) { + return NT_STATUS_ACCESS_DENIED; + } + + gss_maj = gss_inquire_sec_context_by_oid( + &gss_min, gse_ctx->gss_ctx, + &gse_authtime_oid, &set); + if (gss_maj) { + DEBUG(0, ("gss_inquire_sec_context_by_oid failed [%s]\n", + gse_errstr(talloc_tos(), gss_maj, gss_min))); + return NT_STATUS_NOT_FOUND; + } + + if ((set == GSS_C_NO_BUFFER_SET) || (set->count != 1) != 0) { + DEBUG(0, ("gss_inquire_sec_context_by_oid returned unknown " + "data in results.\n")); + return NT_STATUS_INTERNAL_ERROR; + } + + if (set->elements[0].length != sizeof(int32_t)) { + DEBUG(0, ("Invalid authtime size!\n")); + return NT_STATUS_INTERNAL_ERROR; + } + + tkttime = *((int32_t *)set->elements[0].value); + + gss_maj = gss_release_buffer_set(&gss_min, &set); + + *authtime = (time_t)tkttime; + return NT_STATUS_OK; +} + size_t gse_get_signature_length(struct gse_context *gse_ctx, int seal, size_t payload_size) { @@ -906,6 +954,11 @@ NTSTATUS gse_get_authz_data(struct gse_context *gse_ctx, return NT_STATUS_NOT_IMPLEMENTED; } +NTSTATUS gse_get_authtime(struct gse_context *gse_ctx, time_t *authtime) +{ + return NT_STATUS_NOT_IMPLEMENTED; +} + size_t gse_get_signature_length(struct gse_context *gse_ctx, int seal, size_t payload_size) { diff --git a/source3/librpc/rpc/dcerpc_gssapi.h b/source3/librpc/rpc/dcerpc_gssapi.h index 496291ab11..4da4af7f62 100644 --- a/source3/librpc/rpc/dcerpc_gssapi.h +++ b/source3/librpc/rpc/dcerpc_gssapi.h @@ -59,6 +59,7 @@ DATA_BLOB gse_get_session_key(TALLOC_CTX *mem_ctx, struct gse_context *gse_ctx); NTSTATUS gse_get_authz_data(struct gse_context *gse_ctx, TALLOC_CTX *mem_ctx, DATA_BLOB *pac); +NTSTATUS gse_get_authtime(struct gse_context *gse_ctx, time_t *authtime); size_t gse_get_signature_length(struct gse_context *gse_ctx, int seal, size_t payload_size); |