diff options
-rw-r--r-- | auth/kerberos/gssapi_pac.c | 1 | ||||
-rw-r--r-- | auth/kerberos/gssapi_parse.c | 97 | ||||
-rw-r--r-- | auth/kerberos/wscript_build | 4 | ||||
-rw-r--r-- | libcli/auth/krb5_wrap.h | 4 | ||||
-rw-r--r-- | source3/Makefile.in | 1 | ||||
-rw-r--r-- | source4/auth/gensec/gensec_krb5.c | 71 |
6 files changed, 73 insertions, 105 deletions
diff --git a/auth/kerberos/gssapi_pac.c b/auth/kerberos/gssapi_pac.c index 10e692bc74..07c7c94205 100644 --- a/auth/kerberos/gssapi_pac.c +++ b/auth/kerberos/gssapi_pac.c @@ -22,7 +22,6 @@ #ifdef HAVE_KRB5 #include "libcli/auth/krb5_wrap.h" -#include "lib/util/asn1.h" #if 0 /* FIXME - need proper configure/waf test diff --git a/auth/kerberos/gssapi_parse.c b/auth/kerberos/gssapi_parse.c deleted file mode 100644 index f58bf3b070..0000000000 --- a/auth/kerberos/gssapi_parse.c +++ /dev/null @@ -1,97 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - simple GSSAPI wrappers - - Copyright (C) Andrew Tridgell 2001 - Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002 - Copyright (C) Luke Howard 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "../lib/util/asn1.h" -#include "auth/gensec/gensec.h" - -/* - generate a krb5 GSS-API wrapper packet given a ticket -*/ -DATA_BLOB gensec_gssapi_gen_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *ticket, const uint8_t tok_id[2]) -{ - struct asn1_data *data; - DATA_BLOB ret; - - data = asn1_init(mem_ctx); - if (!data || !ticket->data) { - return data_blob(NULL,0); - } - - asn1_push_tag(data, ASN1_APPLICATION(0)); - asn1_write_OID(data, GENSEC_OID_KERBEROS5); - - asn1_write(data, tok_id, 2); - asn1_write(data, ticket->data, ticket->length); - asn1_pop_tag(data); - - if (data->has_error) { - DEBUG(1,("Failed to build krb5 wrapper at offset %d\n", (int)data->ofs)); - asn1_free(data); - return data_blob(NULL,0); - } - - ret = data_blob_talloc(mem_ctx, data->data, data->length); - asn1_free(data); - - return ret; -} - -/* - parse a krb5 GSS-API wrapper packet giving a ticket -*/ -bool gensec_gssapi_parse_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, DATA_BLOB *ticket, uint8_t tok_id[2]) -{ - bool ret; - struct asn1_data *data = asn1_init(mem_ctx); - int data_remaining; - - if (!data) { - return false; - } - - asn1_load(data, *blob); - asn1_start_tag(data, ASN1_APPLICATION(0)); - asn1_check_OID(data, GENSEC_OID_KERBEROS5); - - data_remaining = asn1_tag_remaining(data); - - if (data_remaining < 3) { - data->has_error = true; - } else { - asn1_read(data, tok_id, 2); - data_remaining -= 2; - *ticket = data_blob_talloc(mem_ctx, NULL, data_remaining); - asn1_read(data, ticket->data, ticket->length); - } - - asn1_end_tag(data); - - ret = !data->has_error; - - asn1_free(data); - - return ret; -} - - diff --git a/auth/kerberos/wscript_build b/auth/kerberos/wscript_build index fe38b76c0c..2421b1654f 100644 --- a/auth/kerberos/wscript_build +++ b/auth/kerberos/wscript_build @@ -1,3 +1,3 @@ bld.SAMBA_SUBSYSTEM('KRB5_PAC', - source='gssapi_pac.c kerberos_pac.c gssapi_parse.c', - deps='gssapi_krb5 krb5 ndr-krb5pac com_err asn1util') + source='gssapi_pac.c kerberos_pac.c', + deps='gssapi_krb5 krb5 ndr-krb5pac com_err') diff --git a/libcli/auth/krb5_wrap.h b/libcli/auth/krb5_wrap.h index 997c2fbb3f..8723d2ddaa 100644 --- a/libcli/auth/krb5_wrap.h +++ b/libcli/auth/krb5_wrap.h @@ -92,7 +92,3 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx, gss_ctx_id_t gssapi_context, DATA_BLOB *session_key, uint32_t *keytype); - -DATA_BLOB gensec_gssapi_gen_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *ticket, const uint8_t tok_id[2]); - -bool gensec_gssapi_parse_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, DATA_BLOB *ticket, uint8_t tok_id[2]); diff --git a/source3/Makefile.in b/source3/Makefile.in index ff223d9fdc..21d3bf96c7 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -637,7 +637,6 @@ LIBMSRPC_OBJ = $(SCHANNEL_OBJ) \ librpc/crypto/gse_krb5.o \ librpc/crypto/gse.o \ ../auth/kerberos/gssapi_pac.o \ - ../auth/kerberos/gssapi_parse.o \ librpc/rpc/rpc_common.o \ rpc_client/rpc_transport_np.o \ rpc_client/rpc_transport_sock.o \ diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index 9939105ad5..ca933f5b0f 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -39,6 +39,7 @@ #include "param/param.h" #include "auth/auth_sam_reply.h" #include "lib/util/util_net.h" +#include "../lib/util/asn1.h" _PUBLIC_ NTSTATUS gensec_krb5_init(void); @@ -392,6 +393,76 @@ static NTSTATUS gensec_fake_gssapi_krb5_client_start(struct gensec_security *gen return gensec_krb5_common_client_start(gensec_security, true); } + +/* + generate a krb5 GSS-API wrapper packet given a ticket +*/ +static DATA_BLOB gensec_gssapi_gen_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *ticket, const uint8_t tok_id[2]) +{ + struct asn1_data *data; + DATA_BLOB ret; + + data = asn1_init(mem_ctx); + if (!data || !ticket->data) { + return data_blob(NULL,0); + } + + asn1_push_tag(data, ASN1_APPLICATION(0)); + asn1_write_OID(data, GENSEC_OID_KERBEROS5); + + asn1_write(data, tok_id, 2); + asn1_write(data, ticket->data, ticket->length); + asn1_pop_tag(data); + + if (data->has_error) { + DEBUG(1,("Failed to build krb5 wrapper at offset %d\n", (int)data->ofs)); + asn1_free(data); + return data_blob(NULL,0); + } + + ret = data_blob_talloc(mem_ctx, data->data, data->length); + asn1_free(data); + + return ret; +} + +/* + parse a krb5 GSS-API wrapper packet giving a ticket +*/ +static bool gensec_gssapi_parse_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, DATA_BLOB *ticket, uint8_t tok_id[2]) +{ + bool ret; + struct asn1_data *data = asn1_init(mem_ctx); + int data_remaining; + + if (!data) { + return false; + } + + asn1_load(data, *blob); + asn1_start_tag(data, ASN1_APPLICATION(0)); + asn1_check_OID(data, GENSEC_OID_KERBEROS5); + + data_remaining = asn1_tag_remaining(data); + + if (data_remaining < 3) { + data->has_error = true; + } else { + asn1_read(data, tok_id, 2); + data_remaining -= 2; + *ticket = data_blob_talloc(mem_ctx, NULL, data_remaining); + asn1_read(data, ticket->data, ticket->length); + } + + asn1_end_tag(data); + + ret = !data->has_error; + + asn1_free(data); + + return ret; +} + /** * Next state function for the Krb5 GENSEC mechanism * |