summaryrefslogtreecommitdiff
path: root/source3/libsmb
diff options
context:
space:
mode:
Diffstat (limited to 'source3/libsmb')
-rw-r--r--source3/libsmb/asn1.c18
-rw-r--r--source3/libsmb/cliconnect.c4
-rw-r--r--source3/libsmb/clikrb5.c4
-rw-r--r--source3/libsmb/clispnego.c23
4 files changed, 46 insertions, 3 deletions
diff --git a/source3/libsmb/asn1.c b/source3/libsmb/asn1.c
index 59763408cf..a8c0eebb94 100644
--- a/source3/libsmb/asn1.c
+++ b/source3/libsmb/asn1.c
@@ -156,6 +156,24 @@ BOOL asn1_write_BOOLEAN(ASN1_DATA *data, BOOL v)
return !data->has_error;
}
+/* check a BOOLEAN */
+BOOL asn1_check_BOOLEAN(ASN1_DATA *data, BOOL v)
+{
+ uint8 b = 0;
+
+ asn1_read_uint8(data, &b);
+ if (b != ASN1_BOOLEAN) {
+ data->has_error = True;
+ return False;
+ }
+ asn1_read_uint8(data, &b);
+ if (b != v) {
+ data->has_error = True;
+ return False;
+ }
+ return !data->has_error;
+}
+
/* load a ASN1_DATA structure with a lump of data, ready to be parsed */
BOOL asn1_load(ASN1_DATA *data, DATA_BLOB blob)
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 6a01744240..4fba54900d 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -392,6 +392,10 @@ static BOOL cli_session_setup_kerberos(struct cli_state *cli, char *principle, c
if (!negTokenTarg.data) return False;
+#if 0
+ file_save("negTokenTarg.dat", negTokenTarg.data, negTokenTarg.length);
+#endif
+
blob2 = cli_session_setup_blob(cli, negTokenTarg);
/* we don't need this blob for kerberos */
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 68e941f2aa..51b6e6e8cf 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -22,8 +22,6 @@
#include "includes.h"
#if HAVE_KRB5
-#include <krb5.h>
-
/*
we can't use krb5_mk_req because w2k wants the service to be in a particular format
*/
@@ -105,7 +103,7 @@ DATA_BLOB krb5_get_ticket(char *service, char *realm)
if ((retval = krb5_mk_req2(context,
&auth_context,
- AP_OPTS_MUTUAL_REQUIRED,
+ 0,
service, realm,
ccdef, &packet))) {
DEBUG(1,("krb5_mk_req2 failed\n"));
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index 78cae3315a..c421d75913 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -241,6 +241,29 @@ static DATA_BLOB spnego_gen_krb5_wrap(DATA_BLOB ticket)
return ret;
}
+/*
+ parse a krb5 GSS-API wrapper packet giving a ticket
+*/
+BOOL spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket)
+{
+ BOOL ret;
+ ASN1_DATA data;
+
+ asn1_load(&data, blob);
+ asn1_start_tag(&data, ASN1_APPLICATION(0));
+ asn1_check_OID(&data, OID_KERBEROS5);
+ asn1_check_BOOLEAN(&data, 0);
+ *ticket = data_blob(data.data, asn1_tag_remaining(&data));
+ asn1_read(&data, ticket->data, ticket->length);
+ asn1_end_tag(&data);
+
+ ret = !data.has_error;
+
+ asn1_free(&data);
+
+ return ret;
+}
+
/*
generate a SPNEGO negTokenTarg packet, ready for a EXTENDED_SECURITY