summaryrefslogtreecommitdiff
path: root/source3/libsmb
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2001-10-18 10:26:06 +0000
committerAndrew Tridgell <tridge@samba.org>2001-10-18 10:26:06 +0000
commit5ad7448359c7bc1d3b1579f105b7324290bf21ec (patch)
tree7fe563bd2aa9a428a4acdcbe0185a35eaa73b277 /source3/libsmb
parentf0e0dd6507c355103c51058642f1e4245c573413 (diff)
downloadsamba-5ad7448359c7bc1d3b1579f105b7324290bf21ec.tar.gz
samba-5ad7448359c7bc1d3b1579f105b7324290bf21ec.tar.bz2
samba-5ad7448359c7bc1d3b1579f105b7324290bf21ec.zip
the beginnings of kerberos support in smbd. It doesn't work yet, but
it should give something for others to hack on and possibly find what I'm doing wrong. (This used to be commit 353c290f059347265b9be2aa1010c2956da06485)
Diffstat (limited to 'source3/libsmb')
-rw-r--r--source3/libsmb/asn1.c18
-rw-r--r--source3/libsmb/cliconnect.c4
-rw-r--r--source3/libsmb/clikrb5.c4
-rw-r--r--source3/libsmb/clispnego.c23
4 files changed, 46 insertions, 3 deletions
diff --git a/source3/libsmb/asn1.c b/source3/libsmb/asn1.c
index 59763408cf..a8c0eebb94 100644
--- a/source3/libsmb/asn1.c
+++ b/source3/libsmb/asn1.c
@@ -156,6 +156,24 @@ BOOL asn1_write_BOOLEAN(ASN1_DATA *data, BOOL v)
return !data->has_error;
}
+/* check a BOOLEAN */
+BOOL asn1_check_BOOLEAN(ASN1_DATA *data, BOOL v)
+{
+ uint8 b = 0;
+
+ asn1_read_uint8(data, &b);
+ if (b != ASN1_BOOLEAN) {
+ data->has_error = True;
+ return False;
+ }
+ asn1_read_uint8(data, &b);
+ if (b != v) {
+ data->has_error = True;
+ return False;
+ }
+ return !data->has_error;
+}
+
/* load a ASN1_DATA structure with a lump of data, ready to be parsed */
BOOL asn1_load(ASN1_DATA *data, DATA_BLOB blob)
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 6a01744240..4fba54900d 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -392,6 +392,10 @@ static BOOL cli_session_setup_kerberos(struct cli_state *cli, char *principle, c
if (!negTokenTarg.data) return False;
+#if 0
+ file_save("negTokenTarg.dat", negTokenTarg.data, negTokenTarg.length);
+#endif
+
blob2 = cli_session_setup_blob(cli, negTokenTarg);
/* we don't need this blob for kerberos */
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 68e941f2aa..51b6e6e8cf 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -22,8 +22,6 @@
#include "includes.h"
#if HAVE_KRB5
-#include <krb5.h>
-
/*
we can't use krb5_mk_req because w2k wants the service to be in a particular format
*/
@@ -105,7 +103,7 @@ DATA_BLOB krb5_get_ticket(char *service, char *realm)
if ((retval = krb5_mk_req2(context,
&auth_context,
- AP_OPTS_MUTUAL_REQUIRED,
+ 0,
service, realm,
ccdef, &packet))) {
DEBUG(1,("krb5_mk_req2 failed\n"));
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index 78cae3315a..c421d75913 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -241,6 +241,29 @@ static DATA_BLOB spnego_gen_krb5_wrap(DATA_BLOB ticket)
return ret;
}
+/*
+ parse a krb5 GSS-API wrapper packet giving a ticket
+*/
+BOOL spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket)
+{
+ BOOL ret;
+ ASN1_DATA data;
+
+ asn1_load(&data, blob);
+ asn1_start_tag(&data, ASN1_APPLICATION(0));
+ asn1_check_OID(&data, OID_KERBEROS5);
+ asn1_check_BOOLEAN(&data, 0);
+ *ticket = data_blob(data.data, asn1_tag_remaining(&data));
+ asn1_read(&data, ticket->data, ticket->length);
+ asn1_end_tag(&data);
+
+ ret = !data.has_error;
+
+ asn1_free(&data);
+
+ return ret;
+}
+
/*
generate a SPNEGO negTokenTarg packet, ready for a EXTENDED_SECURITY