From 70c303a7f357b2c73955b24128ac8a72b656d4e6 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sat, 31 Mar 2012 22:09:22 -0400 Subject: auth-krb: Move pac related util functions in a single place. Signed-off-by: Andreas Schneider --- libcli/auth/krb5_wrap.c | 49 ------------------------------------------------- libcli/auth/krb5_wrap.h | 32 -------------------------------- 2 files changed, 81 deletions(-) (limited to 'libcli') diff --git a/libcli/auth/krb5_wrap.c b/libcli/auth/krb5_wrap.c index c16b35dcee..2f877e7f0a 100644 --- a/libcli/auth/krb5_wrap.c +++ b/libcli/auth/krb5_wrap.c @@ -186,55 +186,6 @@ krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx, return krb5_principal_compare_any_realm(context, princ1, princ2); } - void smb_krb5_checksum_from_pac_sig(krb5_checksum *cksum, - struct PAC_SIGNATURE_DATA *sig) -{ -#ifdef HAVE_CHECKSUM_IN_KRB5_CHECKSUM - cksum->cksumtype = (krb5_cksumtype)sig->type; - cksum->checksum.length = sig->signature.length; - cksum->checksum.data = sig->signature.data; -#else - cksum->checksum_type = (krb5_cksumtype)sig->type; - cksum->length = sig->signature.length; - cksum->contents = sig->signature.data; -#endif -} - - krb5_error_code smb_krb5_verify_checksum(krb5_context context, - const krb5_keyblock *keyblock, - krb5_keyusage usage, - krb5_checksum *cksum, - uint8_t *data, - size_t length) -{ - krb5_error_code ret; - - /* verify the checksum, heimdal 0.7 and MIT krb 1.4.2 and above */ - - krb5_boolean checksum_valid = false; - krb5_data input; - - input.data = (char *)data; - input.length = length; - - ret = krb5_c_verify_checksum(context, - keyblock, - usage, - &input, - cksum, - &checksum_valid); - if (ret) { - DEBUG(3,("smb_krb5_verify_checksum: krb5_c_verify_checksum() failed: %s\n", - error_message(ret))); - return ret; - } - - if (!checksum_valid) - ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; - - return ret; -} - char *gssapi_error_string(TALLOC_CTX *mem_ctx, OM_uint32 maj_stat, OM_uint32 min_stat, const gss_OID mech) diff --git a/libcli/auth/krb5_wrap.h b/libcli/auth/krb5_wrap.h index 8723d2ddaa..4c0ef93e4c 100644 --- a/libcli/auth/krb5_wrap.h +++ b/libcli/auth/krb5_wrap.h @@ -21,8 +21,6 @@ */ #include "system/kerberos.h" -struct PAC_SIGNATURE_DATA; -struct PAC_DATA; #ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */ #define KRB5_KEY_TYPE(k) ((k)->keytype) @@ -57,38 +55,8 @@ krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx, bool smb_krb5_principal_compare_any_realm(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2); - void smb_krb5_checksum_from_pac_sig(krb5_checksum *cksum, - struct PAC_SIGNATURE_DATA *sig); - krb5_error_code smb_krb5_verify_checksum(krb5_context context, - const krb5_keyblock *keyblock, - krb5_keyusage usage, - krb5_checksum *cksum, - uint8_t *data, - size_t length); char *gssapi_error_string(TALLOC_CTX *mem_ctx, OM_uint32 maj_stat, OM_uint32 min_stat, const gss_OID mech); char *smb_get_krb5_error_message(krb5_context context, krb5_error_code code, TALLOC_CTX *mem_ctx); -krb5_error_code check_pac_checksum(DATA_BLOB pac_data, - struct PAC_SIGNATURE_DATA *sig, - krb5_context context, - const krb5_keyblock *keyblock); - -NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, - DATA_BLOB pac_data_blob, - krb5_context context, - const krb5_keyblock *krbtgt_keyblock, - const krb5_keyblock *service_keyblock, - krb5_const_principal client_principal, - time_t tgs_authtime, - struct PAC_DATA **pac_data_out); - -NTSTATUS gssapi_obtain_pac_blob(TALLOC_CTX *mem_ctx, - gss_ctx_id_t gssapi_context, - gss_name_t gss_client_name, - DATA_BLOB *pac_data); -NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx, - gss_ctx_id_t gssapi_context, - DATA_BLOB *session_key, - uint32_t *keytype); -- cgit