summaryrefslogtreecommitdiff
path: root/source3/libsmb/clispnego.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/libsmb/clispnego.c')
-rw-r--r--source3/libsmb/clispnego.c98
1 files changed, 24 insertions, 74 deletions
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index 09efb560c0..1f2081cb03 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -130,7 +130,8 @@ DATA_BLOB gen_negTokenInit(const char *OID, DATA_BLOB blob)
*/
bool spnego_parse_negTokenInit(DATA_BLOB blob,
char *OIDs[ASN1_MAX_OIDS],
- char **principal)
+ char **principal,
+ DATA_BLOB *secblob)
{
int i;
bool ret;
@@ -167,7 +168,12 @@ bool spnego_parse_negTokenInit(DATA_BLOB blob,
asn1_end_tag(data);
asn1_end_tag(data);
- *principal = NULL;
+ if (principal) {
+ *principal = NULL;
+ }
+ if (secblob) {
+ *secblob = data_blob_null;
+ }
/*
Win7 + Live Sign-in Assistant attaches a mechToken
@@ -193,28 +199,33 @@ bool spnego_parse_negTokenInit(DATA_BLOB blob,
if (asn1_tag_remaining(data) > 0) {
if (asn1_peek_tag(data, ASN1_CONTEXT(2))) {
+ DATA_BLOB sblob = data_blob_null;
/* mechToken [2] OCTET STRING OPTIONAL */
- DATA_BLOB token;
asn1_start_tag(data, ASN1_CONTEXT(2));
asn1_read_OctetString(data, talloc_autofree_context(),
- &token);
+ &sblob);
asn1_end_tag(data);
- /* Throw away the token - not used. */
- data_blob_free(&token);
+ if (secblob) {
+ *secblob = sblob;
+ }
}
}
if (asn1_tag_remaining(data) > 0) {
if (asn1_peek_tag(data, ASN1_CONTEXT(3))) {
+ char *princ = NULL;
/* mechListMIC [3] OCTET STRING OPTIONAL */
asn1_start_tag(data, ASN1_CONTEXT(3));
asn1_start_tag(data, ASN1_SEQUENCE(0));
asn1_start_tag(data, ASN1_CONTEXT(0));
asn1_read_GeneralString(data,talloc_autofree_context(),
- principal);
+ &princ);
asn1_end_tag(data);
asn1_end_tag(data);
asn1_end_tag(data);
+ if (principal) {
+ *principal = princ;
+ }
}
}
@@ -226,7 +237,12 @@ bool spnego_parse_negTokenInit(DATA_BLOB blob,
ret = !data->has_error;
if (data->has_error) {
int j;
- TALLOC_FREE(*principal);
+ if (principal) {
+ TALLOC_FREE(*principal);
+ }
+ if (secblob) {
+ data_blob_free(secblob);
+ }
for(j = 0; j < i && j < ASN1_MAX_OIDS-1; j++) {
TALLOC_FREE(OIDs[j]);
}
@@ -283,72 +299,6 @@ DATA_BLOB gen_negTokenTarg(const char *OIDs[], DATA_BLOB blob)
}
/*
- parse a negTokenTarg packet giving a list of OIDs and a security blob
-*/
-bool parse_negTokenTarg(DATA_BLOB blob, char *OIDs[ASN1_MAX_OIDS], DATA_BLOB *secblob)
-{
- int i;
- ASN1_DATA *data;
-
- data = asn1_init(talloc_tos());
- if (data == NULL) {
- return false;
- }
-
- asn1_load(data, blob);
- asn1_start_tag(data, ASN1_APPLICATION(0));
- asn1_check_OID(data,OID_SPNEGO);
- asn1_start_tag(data, ASN1_CONTEXT(0));
- asn1_start_tag(data, ASN1_SEQUENCE(0));
-
- asn1_start_tag(data, ASN1_CONTEXT(0));
- asn1_start_tag(data, ASN1_SEQUENCE(0));
- for (i=0; asn1_tag_remaining(data) > 0 && i < ASN1_MAX_OIDS-1; i++) {
- const char *oid_str = NULL;
- asn1_read_OID(data,talloc_autofree_context(),&oid_str);
- OIDs[i] = CONST_DISCARD(char *, oid_str);
- }
- OIDs[i] = NULL;
- asn1_end_tag(data);
- asn1_end_tag(data);
-
- /* Skip any optional req_flags that are sent per RFC 4178 */
- if (asn1_peek_tag(data, ASN1_CONTEXT(1))) {
- uint8 flags;
-
- asn1_start_tag(data, ASN1_CONTEXT(1));
- asn1_start_tag(data, ASN1_BIT_STRING);
- while (asn1_tag_remaining(data) > 0)
- asn1_read_uint8(data, &flags);
- asn1_end_tag(data);
- asn1_end_tag(data);
- }
-
- asn1_start_tag(data, ASN1_CONTEXT(2));
- asn1_read_OctetString(data,talloc_autofree_context(),secblob);
- asn1_end_tag(data);
-
- asn1_end_tag(data);
- asn1_end_tag(data);
-
- asn1_end_tag(data);
-
- if (data->has_error) {
- int j;
- data_blob_free(secblob);
- for(j = 0; j < i && j < ASN1_MAX_OIDS-1; j++) {
- TALLOC_FREE(OIDs[j]);
- }
- DEBUG(1,("Failed to parse negTokenTarg at offset %d\n", (int)data->ofs));
- asn1_free(data);
- return False;
- }
-
- asn1_free(data);
- return True;
-}
-
-/*
generate a krb5 GSS-API wrapper packet given a ticket
*/
DATA_BLOB spnego_gen_krb5_wrap(const DATA_BLOB ticket, const uint8 tok_id[2])