summaryrefslogtreecommitdiff
path: root/source3/libsmb
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2010-08-31 15:08:31 -0400
committerGünther Deschner <gd@samba.org>2010-09-23 10:54:23 -0700
commit4cdee9b0eddd47ad2cfb866f63cdeb3f65200a3e (patch)
treee7df2e6918ca916272246c473b2a92382ce86da5 /source3/libsmb
parent77c73a5ec92f9294195dfef977f66dfe66182c6d (diff)
downloadsamba-4cdee9b0eddd47ad2cfb866f63cdeb3f65200a3e.tar.gz
samba-4cdee9b0eddd47ad2cfb866f63cdeb3f65200a3e.tar.bz2
samba-4cdee9b0eddd47ad2cfb866f63cdeb3f65200a3e.zip
s3-dcerpc: add spnego server helpers
squashed: add michlistMIC signature checks Signed-off-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'source3/libsmb')
-rw-r--r--source3/libsmb/clispnego.c79
1 files changed, 75 insertions, 4 deletions
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index 539b411056..9ef848b59c 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -408,7 +408,8 @@ DATA_BLOB spnego_gen_auth(TALLOC_CTX *ctx, DATA_BLOB blob)
/*
parse a SPNEGO auth packet. This contains the encrypted passwords
*/
-bool spnego_parse_auth(TALLOC_CTX *ctx, DATA_BLOB blob, DATA_BLOB *auth)
+bool spnego_parse_auth_and_mic(TALLOC_CTX *ctx, DATA_BLOB blob,
+ DATA_BLOB *auth, DATA_BLOB *signature)
{
ssize_t len;
struct spnego_data token;
@@ -429,17 +430,34 @@ bool spnego_parse_auth(TALLOC_CTX *ctx, DATA_BLOB blob, DATA_BLOB *auth)
*auth = data_blob_talloc(ctx,
token.negTokenTarg.responseToken.data,
token.negTokenTarg.responseToken.length);
+
+ if (!signature) {
+ goto done;
+ }
+
+ *signature = data_blob_talloc(ctx,
+ token.negTokenTarg.mechListMIC.data,
+ token.negTokenTarg.mechListMIC.length);
+
+done:
spnego_free_data(&token);
return true;
}
+bool spnego_parse_auth(TALLOC_CTX *ctx, DATA_BLOB blob, DATA_BLOB *auth)
+{
+ return spnego_parse_auth_and_mic(ctx, blob, auth, NULL);
+}
+
/*
generate a minimal SPNEGO response packet. Doesn't contain much.
*/
-DATA_BLOB spnego_gen_auth_response(TALLOC_CTX *ctx,
- DATA_BLOB *reply, NTSTATUS nt_status,
- const char *mechOID)
+DATA_BLOB spnego_gen_auth_response_and_mic(TALLOC_CTX *ctx,
+ NTSTATUS nt_status,
+ const char *mechOID,
+ DATA_BLOB *reply,
+ DATA_BLOB *mechlistMIC)
{
ASN1_DATA *data;
DATA_BLOB ret;
@@ -476,6 +494,14 @@ DATA_BLOB spnego_gen_auth_response(TALLOC_CTX *ctx,
asn1_pop_tag(data);
}
+ if (mechlistMIC && mechlistMIC->data != NULL) {
+ asn1_push_tag(data, ASN1_CONTEXT(3));
+ asn1_write_OctetString(data,
+ mechlistMIC->data,
+ mechlistMIC->length);
+ asn1_pop_tag(data);
+ }
+
asn1_pop_tag(data);
asn1_pop_tag(data);
@@ -484,6 +510,13 @@ DATA_BLOB spnego_gen_auth_response(TALLOC_CTX *ctx,
return ret;
}
+DATA_BLOB spnego_gen_auth_response(TALLOC_CTX *ctx, DATA_BLOB *reply,
+ NTSTATUS nt_status, const char *mechOID)
+{
+ return spnego_gen_auth_response_and_mic(ctx, nt_status,
+ mechOID, reply, NULL);
+}
+
/*
parse a SPNEGO auth packet. This contains the encrypted passwords
*/
@@ -558,3 +591,41 @@ bool spnego_parse_auth_response(TALLOC_CTX *ctx,
asn1_free(data);
return True;
}
+
+bool spnego_mech_list_blob(TALLOC_CTX *mem_ctx,
+ char **oid_list, DATA_BLOB *raw_data)
+{
+ ASN1_DATA *data;
+ unsigned int idx;
+
+ if (!oid_list || !oid_list[0] || !raw_data) {
+ return false;
+ }
+
+ data = asn1_init(talloc_tos());
+ if (data == NULL) {
+ return false;
+ }
+
+ asn1_push_tag(data, ASN1_SEQUENCE(0));
+ for (idx = 0; oid_list[idx]; idx++) {
+ asn1_write_OID(data, oid_list[idx]);
+ }
+ asn1_pop_tag(data);
+
+ if (data->has_error) {
+ DEBUG(3, (__location__ " failed at %d\n", (int)data->ofs));
+ asn1_free(data);
+ return false;
+ }
+
+ *raw_data = data_blob_talloc(mem_ctx, data->data, data->length);
+ if (!raw_data->data) {
+ DEBUG(3, (__location__": data_blob_talloc() failed!\n"));
+ asn1_free(data);
+ return false;
+ }
+
+ asn1_free(data);
+ return true;
+}