diff options
Diffstat (limited to 'source3/libsmb')
| -rw-r--r-- | source3/libsmb/asn1.c | 18 | ||||
| -rw-r--r-- | source3/libsmb/cliconnect.c | 4 | ||||
| -rw-r--r-- | source3/libsmb/clikrb5.c | 4 | ||||
| -rw-r--r-- | source3/libsmb/clispnego.c | 23 |
4 files changed, 46 insertions, 3 deletions
diff --git a/source3/libsmb/asn1.c b/source3/libsmb/asn1.c index 59763408cf..a8c0eebb94 100644 --- a/source3/libsmb/asn1.c +++ b/source3/libsmb/asn1.c @@ -156,6 +156,24 @@ BOOL asn1_write_BOOLEAN(ASN1_DATA *data, BOOL v) return !data->has_error; } +/* check a BOOLEAN */ +BOOL asn1_check_BOOLEAN(ASN1_DATA *data, BOOL v) +{ + uint8 b = 0; + + asn1_read_uint8(data, &b); + if (b != ASN1_BOOLEAN) { + data->has_error = True; + return False; + } + asn1_read_uint8(data, &b); + if (b != v) { + data->has_error = True; + return False; + } + return !data->has_error; +} + /* load a ASN1_DATA structure with a lump of data, ready to be parsed */ BOOL asn1_load(ASN1_DATA *data, DATA_BLOB blob) diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 6a01744240..4fba54900d 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -392,6 +392,10 @@ static BOOL cli_session_setup_kerberos(struct cli_state *cli, char *principle, c if (!negTokenTarg.data) return False; +#if 0 + file_save("negTokenTarg.dat", negTokenTarg.data, negTokenTarg.length); +#endif + blob2 = cli_session_setup_blob(cli, negTokenTarg); /* we don't need this blob for kerberos */ diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c index 68e941f2aa..51b6e6e8cf 100644 --- a/source3/libsmb/clikrb5.c +++ b/source3/libsmb/clikrb5.c @@ -22,8 +22,6 @@ #include "includes.h" #if HAVE_KRB5 -#include <krb5.h> - /* we can't use krb5_mk_req because w2k wants the service to be in a particular format */ @@ -105,7 +103,7 @@ DATA_BLOB krb5_get_ticket(char *service, char *realm) if ((retval = krb5_mk_req2(context, &auth_context, - AP_OPTS_MUTUAL_REQUIRED, + 0, service, realm, ccdef, &packet))) { DEBUG(1,("krb5_mk_req2 failed\n")); diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c index 78cae3315a..c421d75913 100644 --- a/source3/libsmb/clispnego.c +++ b/source3/libsmb/clispnego.c @@ -241,6 +241,29 @@ static DATA_BLOB spnego_gen_krb5_wrap(DATA_BLOB ticket) return ret; } +/* + parse a krb5 GSS-API wrapper packet giving a ticket +*/ +BOOL spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket) +{ + BOOL ret; + ASN1_DATA data; + + asn1_load(&data, blob); + asn1_start_tag(&data, ASN1_APPLICATION(0)); + asn1_check_OID(&data, OID_KERBEROS5); + asn1_check_BOOLEAN(&data, 0); + *ticket = data_blob(data.data, asn1_tag_remaining(&data)); + asn1_read(&data, ticket->data, ticket->length); + asn1_end_tag(&data); + + ret = !data.has_error; + + asn1_free(&data); + + return ret; +} + /* generate a SPNEGO negTokenTarg packet, ready for a EXTENDED_SECURITY |