diff options
-rw-r--r-- | source4/auth/gensec/gensec.h | 10 | ||||
-rw-r--r-- | source4/libcli/util/asn1.c | 75 |
2 files changed, 63 insertions, 22 deletions
diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h index c70424800c..eee3972b94 100644 --- a/source4/auth/gensec/gensec.h +++ b/source4/auth/gensec/gensec.h @@ -26,11 +26,11 @@ #include "core.h" -#define GENSEC_OID_NTLMSSP "1 3 6 1 4 1 311 2 2 10" -#define GENSEC_OID_SPNEGO "1 3 6 1 5 5 2" -#define GENSEC_OID_KERBEROS5 "1 2 840 113554 1 2 2" -#define GENSEC_OID_KERBEROS5_OLD "1 2 840 48018 1 2 2" -#define GENSEC_OID_KERBEROS5_USER2USER "1 2 840 113554 1 2 2 3" +#define GENSEC_OID_NTLMSSP "1.3.6.1.4.1.311.2.2.10" +#define GENSEC_OID_SPNEGO "1.3.6.1.5.5.2" +#define GENSEC_OID_KERBEROS5 "1.2.840.113554.1.2.2" +#define GENSEC_OID_KERBEROS5_OLD "1.2.840.48018.1.2.2" +#define GENSEC_OID_KERBEROS5_USER2USER "1.2.840.113554.1.2.2.3" enum gensec_priority { GENSEC_SPNEGO = 90, diff --git a/source4/libcli/util/asn1.c b/source4/libcli/util/asn1.c index 01c869dc17..c8e2d6f301 100644 --- a/source4/libcli/util/asn1.c +++ b/source4/libcli/util/asn1.c @@ -185,25 +185,37 @@ BOOL asn1_write_Integer(struct asn1_data *data, int i) return asn1_pop_tag(data); } -/* write an object ID to a ASN1 buffer */ -BOOL asn1_write_OID(struct asn1_data *data, const char *OID) +BOOL asn1_write_OID_String(struct asn1_data *data, const char *OID) { uint_t v, v2; const char *p = (const char *)OID; char *newp; - if (!asn1_push_tag(data, ASN1_OID)) + v = strtoul(p, &newp, 10); + if (newp[0] != '.') { + data->has_error = True; return False; - v = strtol(p, &newp, 10); - p = newp; - v2 = strtol(p, &newp, 10); - p = newp; + } + p = newp + 1; + v2 = strtoul(p, &newp, 10); + if (newp[0] != '.') { + data->has_error = True; + return False; + } + p = newp + 1; if (!asn1_write_uint8(data, 40*v + v2)) return False; while (*p) { - v = strtol(p, &newp, 10); - p = newp; + v = strtoul(p, &newp, 10); + if (newp[0] == '.') { + p = newp + 1; + } else if (newp[0] == '\0') { + p = newp; + } else { + data->has_error = True; + return False; + } if (v >= (1<<28)) asn1_write_uint8(data, 0x80 | ((v>>28)&0xff)); if (v >= (1<<21)) asn1_write_uint8(data, 0x80 | ((v>>21)&0xff)); if (v >= (1<<14)) asn1_write_uint8(data, 0x80 | ((v>>14)&0xff)); @@ -211,6 +223,15 @@ BOOL asn1_write_OID(struct asn1_data *data, const char *OID) if (!asn1_write_uint8(data, v&0x7f)) return False; } + + return !data->has_error; +} + +/* write an object ID to a ASN1 buffer */ +BOOL asn1_write_OID(struct asn1_data *data, const char *OID) +{ + if (!asn1_push_tag(data, ASN1_OID)) return False; + if (!asn1_write_OID_String(data, OID)) return False; return asn1_pop_tag(data); } @@ -447,16 +468,17 @@ int asn1_tag_remaining(struct asn1_data *data) } /* read an object ID from a ASN1 buffer */ -BOOL asn1_read_OID(struct asn1_data *data, const char **OID) +BOOL asn1_read_OID_String(struct asn1_data *data, const char **OID) { uint8_t b; char *tmp_oid = NULL; - if (!asn1_start_tag(data, ASN1_OID)) return False; - asn1_read_uint8(data, &b); + if (!asn1_read_uint8(data, &b)) return False; tmp_oid = talloc_asprintf(NULL, "%u", b/40); - tmp_oid = talloc_asprintf_append(tmp_oid, " %u", b%40); + if (!tmp_oid) goto nomem; + tmp_oid = talloc_asprintf_append(tmp_oid, ".%u", b%40); + if (!tmp_oid) goto nomem; while (!data->has_error && asn1_tag_remaining(data) > 0) { uint_t v = 0; @@ -464,15 +486,34 @@ BOOL asn1_read_OID(struct asn1_data *data, const char **OID) asn1_read_uint8(data, &b); v = (v<<7) | (b&0x7f); } while (!data->has_error && (b & 0x80)); - tmp_oid = talloc_asprintf_append(tmp_oid, " %u", v); + tmp_oid = talloc_asprintf_append(tmp_oid, ".%u", v); + if (!tmp_oid) goto nomem; } - asn1_end_tag(data); + if (!data->has_error) { + *OID = talloc_strdup(NULL, tmp_oid); + if (!*OID) goto nomem; + } - *OID = talloc_strdup(NULL, tmp_oid); talloc_free(tmp_oid); + return !data->has_error; +nomem: + talloc_free(tmp_oid); + data->has_error = True; + return False; +} - return (*OID && !data->has_error); +/* read an object ID from a ASN1 buffer */ +BOOL asn1_read_OID(struct asn1_data *data, const char **OID) +{ + if (!asn1_start_tag(data, ASN1_OID)) return False; + if (!asn1_read_OID_String(data, OID)) return False; + if (!asn1_end_tag(data)) { + talloc_free(discard_const(*OID)); + *OID = NULL; + return False; + } + return True; } /* check that the next object ID is correct */ |