12 files changed, 32 insertions, 41 deletions
diff --git a/source4/include/asn_1.h b/source4/include/asn_1.h
index 4243f6d31f..2dc9bef06d 100644
--- a/source4/include/asn_1.h
+++ b/source4/include/asn_1.h
@@ -50,21 +50,4 @@ struct asn1_data {
 
 #define ASN1_MAX_OIDS 20
 
-/* some well known object IDs */
-#define OID_SPNEGO "1 3 6 1 5 5 2"
-#define OID_NTLMSSP "1 3 6 1 4 1 311 2 2 10"
-#define OID_KERBEROS5_OLD "1 2 840 48018 1 2 2"
-#define OID_KERBEROS5 "1 2 840 113554 1 2 2"
-
-#define SPNEGO_NEG_RESULT_ACCEPT 0
-#define SPNEGO_NEG_RESULT_INCOMPLETE 1
-#define SPNEGO_NEG_RESULT_REJECT 2
-
-/* not really ASN.1, but RFC 1964 */
-#define TOK_ID_KRB_AP_REQ	"\x01\x00"
-#define TOK_ID_KRB_AP_REP	"\x02\x00"
-#define TOK_ID_KRB_ERROR	"\x03\x00"
-#define TOK_ID_GSS_GETMIC	"\x01\x01"
-#define TOK_ID_GSS_WRAP		"\x02\x01"
-
 #endif /* _ASN_1_H */
diff --git a/source4/libcli/auth/gensec.h b/source4/libcli/auth/gensec.h
index 23d9861cb7..f8b7e292e8 100644
--- a/source4/libcli/auth/gensec.h
+++ b/source4/libcli/auth/gensec.h
@@ -21,6 +21,11 @@
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
 
+#define GENSEC_OID_NTLMSSP "1 3 6 1 4 1 311 2 2 10"
+#define GENSEC_OID_SPNEGO "1 3 6 1 5 5 2"
+#define GENSEC_OID_KERBEROS5 "1 2 840 113554 1 2 2"
+#define GENSEC_OID_KERBEROS5_OLD "1 2 840 48018 1 2 2"
+#define GENSEC_OID_KERBEROS5_USER2USER "1 2 840 113554 1 2 2 3"
 
 struct gensec_security;
 struct gensec_user {
diff --git a/source4/libcli/auth/gensec_krb5.c b/source4/libcli/auth/gensec_krb5.c
index 0f1bf8e700..c47d4f26b6 100644
--- a/source4/libcli/auth/gensec_krb5.c
+++ b/source4/libcli/auth/gensec_krb5.c
@@ -29,7 +29,6 @@
 #include "libcli/auth/kerberos.h"
 #include "librpc/gen_ndr/ndr_krb5pac.h"
 #include "auth/auth.h"
-#include "asn_1.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_AUTH
@@ -754,7 +753,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
 static const struct gensec_security_ops gensec_krb5_security_ops = {
 	.name		= "krb5",
 	.auth_type	= DCERPC_AUTH_TYPE_KRB5,
-	.oid            = OID_KERBEROS5,
+	.oid            = GENSEC_OID_KERBEROS5,
 	.client_start   = gensec_krb5_client_start,
 	.server_start   = gensec_krb5_server_start,
 	.update 	= gensec_krb5_update,
@@ -766,7 +765,7 @@ static const struct gensec_security_ops gensec_krb5_security_ops = {
 static const struct gensec_security_ops gensec_ms_krb5_security_ops = {
 	.name		= "ms_krb5",
 	.auth_type	= DCERPC_AUTH_TYPE_KRB5,
-	.oid            = OID_KERBEROS5_OLD,
+	.oid            = GENSEC_OID_KERBEROS5_OLD,
 	.client_start   = gensec_krb5_client_start,
 	.server_start   = gensec_krb5_server_start,
 	.update 	= gensec_krb5_update,
diff --git a/source4/libcli/auth/gensec_ntlmssp.c b/source4/libcli/auth/gensec_ntlmssp.c
index 5e55082c6f..147e2359f4 100644
--- a/source4/libcli/auth/gensec_ntlmssp.c
+++ b/source4/libcli/auth/gensec_ntlmssp.c
@@ -23,7 +23,6 @@
 
 #include "includes.h"
 #include "auth/auth.h"
-#include "asn_1.h"
 
 struct gensec_ntlmssp_state {
 	struct auth_context *auth_context;
@@ -401,7 +400,7 @@ static const struct gensec_security_ops gensec_ntlmssp_security_ops = {
 	.name		= "ntlmssp",
 	.sasl_name	= "NTLM",
 	.auth_type	= DCERPC_AUTH_TYPE_NTLMSSP,
-	.oid            = OID_NTLMSSP,
+	.oid            = GENSEC_OID_NTLMSSP,
 	.client_start   = gensec_ntlmssp_client_start,
 	.server_start   = gensec_ntlmssp_server_start,
 	.update 	= gensec_ntlmssp_update,
diff --git a/source4/libcli/auth/gssapi_parse.c b/source4/libcli/auth/gssapi_parse.c
index 529799955d..63bca6d5aa 100644
--- a/source4/libcli/auth/gssapi_parse.c
+++ b/source4/libcli/auth/gssapi_parse.c
@@ -24,6 +24,9 @@
 
 #include "includes.h"
 #include "asn_1.h"
+#include "system/kerberos.h"
+#include "libcli/auth/kerberos.h"
+#include "libcli/auth/gensec.h"
 
 /*
   generate a krb5 GSS-API wrapper packet given a ticket
@@ -36,7 +39,7 @@ DATA_BLOB gensec_gssapi_gen_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *tick
 	ZERO_STRUCT(data);
 
 	asn1_push_tag(&data, ASN1_APPLICATION(0));
-	asn1_write_OID(&data, OID_KERBEROS5);
+	asn1_write_OID(&data, GENSEC_OID_KERBEROS5);
 
 	asn1_write(&data, tok_id, 2);
 	asn1_write(&data, ticket->data, ticket->length);
@@ -64,7 +67,7 @@ BOOL gensec_gssapi_parse_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, D
 
 	asn1_load(&data, *blob);
 	asn1_start_tag(&data, ASN1_APPLICATION(0));
-	asn1_check_OID(&data, OID_KERBEROS5);
+	asn1_check_OID(&data, GENSEC_OID_KERBEROS5);
 
 	data_remaining = asn1_tag_remaining(&data);
 
diff --git a/source4/libcli/auth/kerberos.h b/source4/libcli/auth/kerberos.h
index 9d6a5e81ae..3ab71f7875 100644
--- a/source4/libcli/auth/kerberos.h
+++ b/source4/libcli/auth/kerberos.h
@@ -21,6 +21,13 @@
 
 #if defined(HAVE_KRB5)
 
+/* not really ASN.1, but RFC 1964 */
+#define TOK_ID_KRB_AP_REQ	"\x01\x00"
+#define TOK_ID_KRB_AP_REP	"\x02\x00"
+#define TOK_ID_KRB_ERROR	"\x03\x00"
+#define TOK_ID_GSS_GETMIC	"\x01\x01"
+#define TOK_ID_GSS_WRAP		"\x02\x01"
+
 #ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE
 #define KRB5_KEY_TYPE(k)	((k)->keytype)
 #define KRB5_KEY_LENGTH(k)	((k)->keyvalue.length)
diff --git a/source4/libcli/auth/spnego.c b/source4/libcli/auth/spnego.c
index 3af1bc1e81..a13afbb186 100644
--- a/source4/libcli/auth/spnego.c
+++ b/source4/libcli/auth/spnego.c
@@ -24,7 +24,6 @@
 
 #include "includes.h"
 #include "auth/auth.h"
-#include "asn_1.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_AUTH
@@ -218,7 +217,7 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec
 		if (!all_ops[i]->oid) {
 			continue;
 		}
-		if (strcasecmp(OID_SPNEGO,all_ops[i]->oid) == 0) {
+		if (strcasecmp(GENSEC_OID_SPNEGO,all_ops[i]->oid) == 0) {
 			continue;
 		}
 
@@ -311,7 +310,7 @@ static NTSTATUS gensec_spnego_client_negTokenInit(struct gensec_security *gensec
 	const char **mechTypes = NULL;
 	DATA_BLOB unwrapped_out = data_blob(NULL,0);
 
-	mechTypes = gensec_security_oids(out_mem_ctx, OID_SPNEGO);
+	mechTypes = gensec_security_oids(out_mem_ctx, GENSEC_OID_SPNEGO);
 
 	if (!mechTypes) {
 		DEBUG(1, ("no GENSEC OID backends available\n"));
@@ -467,7 +466,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
 			
 			return nt_status;
 		} else {
-			const char **mechlist = gensec_security_oids(out_mem_ctx, OID_SPNEGO);
+			const char **mechlist = gensec_security_oids(out_mem_ctx, GENSEC_OID_SPNEGO);
 			const char *mechListMIC;
 
 			mechListMIC = talloc_asprintf(out_mem_ctx,"%s$@%s",
@@ -712,7 +711,7 @@ static const struct gensec_security_ops gensec_spnego_security_ops = {
 	.name		= "spnego",
 	.sasl_name	= "GSS-SPNEGO",
 	.auth_type	= DCERPC_AUTH_TYPE_SPNEGO,
-	.oid            = OID_SPNEGO,
+	.oid            = GENSEC_OID_SPNEGO,
 	.client_start   = gensec_spnego_client_start,
 	.server_start   = gensec_spnego_server_start,
 	.update 	= gensec_spnego_update,
diff --git a/source4/libcli/auth/spnego_parse.c b/source4/libcli/auth/spnego_parse.c
index 2cf38728a9..32e98a4235 100644
--- a/source4/libcli/auth/spnego_parse.c
+++ b/source4/libcli/auth/spnego_parse.c
@@ -288,7 +288,7 @@ ssize_t spnego_read_data(DATA_BLOB data, struct spnego_data *token)
 		switch (context) {
 		case ASN1_APPLICATION(0):
 			asn1_start_tag(&asn1, ASN1_APPLICATION(0));
-			asn1_check_OID(&asn1, OID_SPNEGO);
+			asn1_check_OID(&asn1, GENSEC_OID_SPNEGO);
 			if (read_negTokenInit(&asn1, &token->negTokenInit)) {
 				token->type = SPNEGO_NEG_TOKEN_INIT;
 			}
@@ -321,7 +321,7 @@ ssize_t spnego_write_data(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, struct spnego_da
 	switch (spnego->type) {
 	case SPNEGO_NEG_TOKEN_INIT:
 		asn1_push_tag(&asn1, ASN1_APPLICATION(0));
-		asn1_write_OID(&asn1, OID_SPNEGO);
+		asn1_write_OID(&asn1, GENSEC_OID_SPNEGO);
 		write_negTokenInit(&asn1, &spnego->negTokenInit);
 		asn1_pop_tag(&asn1);
 		break;
diff --git a/source4/libcli/raw/clisession.c b/source4/libcli/raw/clisession.c
index 7d2b7ad9b8..39df8fce02 100644
--- a/source4/libcli/raw/clisession.c
+++ b/source4/libcli/raw/clisession.c
@@ -22,7 +22,6 @@
 #include "includes.h"
 #include "libcli/raw/libcliraw.h"
 #include "auth/auth.h"
-#include "asn_1.h"
 
 #define SETUP_REQUEST_SESSION(cmd, wct, buflen) do { \
 	req = smbcli_request_setup_session(session, cmd, wct, buflen); \
@@ -445,10 +444,10 @@ static NTSTATUS smb_raw_session_setup_generic_spnego(struct smbcli_session *sess
 	}
 
 	if (session->transport->negotiate.secblob.length) {
-		chosen_oid = OID_SPNEGO;
+		chosen_oid = GENSEC_OID_SPNEGO;
 	} else {
 		/* without a sec blob, means raw NTLMSSP */
-		chosen_oid = OID_NTLMSSP;
+		chosen_oid = GENSEC_OID_NTLMSSP;
 	}
 
 	status = gensec_start_mech_by_oid(session->gensec, chosen_oid);
diff --git a/source4/smb_server/negprot.c b/source4/smb_server/negprot.c
index f36528a00a..1c2e1ff7f8 100644
--- a/source4/smb_server/negprot.c
+++ b/source4/smb_server/negprot.c
@@ -20,7 +20,6 @@
 
 #include "includes.h"
 #include "auth/auth.h"
-#include "asn_1.h"
 #include "smb_server/smb_server.h"
 
 
@@ -325,7 +324,7 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
 			return;
 		}
 
-		nt_status = gensec_start_mech_by_oid(gensec_security, OID_SPNEGO);
+		nt_status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_SPNEGO);
 		
 		if (!NT_STATUS_IS_OK(nt_status)) {
 			DEBUG(0, ("Failed to start SPNEGO: %s\n", nt_errstr(nt_status)));
diff --git a/source4/smb_server/sesssetup.c b/source4/smb_server/sesssetup.c
index cc8d4d7ff2..453f296c78 100644
--- a/source4/smb_server/sesssetup.c
+++ b/source4/smb_server/sesssetup.c
@@ -23,7 +23,6 @@
 
 #include "includes.h"
 #include "auth/auth.h"
-#include "asn_1.h"
 #include "smb_server/smb_server.h"
 
 
@@ -241,7 +240,7 @@ static NTSTATUS sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup
 
 		gensec_want_feature(gensec_ctx, GENSEC_WANT_SESSION_KEY);
 
-		status = gensec_start_mech_by_oid(gensec_ctx, OID_SPNEGO);
+		status = gensec_start_mech_by_oid(gensec_ctx, GENSEC_OID_SPNEGO);
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(1, ("Failed to start GENSEC SPNEGO server code: %s\n", nt_errstr(status)));
 			return status;
diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c
index 23586b1db5..448559e350 100644
--- a/source4/utils/ntlm_auth.c
+++ b/source4/utils/ntlm_auth.c
@@ -27,7 +27,6 @@
 #include "system/passwd.h"
 #include "lib/cmdline/popt_common.h"
 #include "auth/auth.h"
-#include "asn_1.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_WINBIND
@@ -377,7 +376,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
 		switch (stdio_helper_mode) {
 		case GSS_SPNEGO_CLIENT:
 		case GSS_SPNEGO_SERVER:
-			nt_status = gensec_start_mech_by_oid(*gensec_state, OID_SPNEGO);
+			nt_status = gensec_start_mech_by_oid(*gensec_state, GENSEC_OID_SPNEGO);
 			if (!in.length) {
 				first = True;
 			}
@@ -387,7 +386,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
 				first = True;
 			}
 		case SQUID_2_5_NTLMSSP:
-			nt_status = gensec_start_mech_by_oid(*gensec_state, OID_NTLMSSP);
+			nt_status = gensec_start_mech_by_oid(*gensec_state, GENSEC_OID_NTLMSSP);
 			break;
 		default:
 			abort();