From d15d76af5f169d27eeecab909174b67f7b44d0ee Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sat, 21 Aug 2010 10:59:52 -0400 Subject: dcerpc-gssapi: add function to extract authtime MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Günther Deschner --- source3/librpc/rpc/dcerpc_gssapi.c | 53 ++++++++++++++++++++++++++++++++++++++ source3/librpc/rpc/dcerpc_gssapi.h | 1 + 2 files changed, 54 insertions(+) (limited to 'source3/librpc') diff --git a/source3/librpc/rpc/dcerpc_gssapi.c b/source3/librpc/rpc/dcerpc_gssapi.c index 0f21792cbb..03c6ae963f 100644 --- a/source3/librpc/rpc/dcerpc_gssapi.c +++ b/source3/librpc/rpc/dcerpc_gssapi.c @@ -60,6 +60,16 @@ gss_OID_desc gse_authz_data_oid = { (void *)GSE_EXTRACT_RELEVANT_AUTHZ_DATA_OID }; +#ifndef GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID +#define GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH 11 +#define GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0c" +#endif + +gss_OID_desc gse_authtime_oid = { + GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH, + (void *)GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID +}; + static char *gse_errstr(TALLOC_CTX *mem_ctx, OM_uint32 maj, OM_uint32 min); struct gse_context { @@ -655,6 +665,44 @@ NTSTATUS gse_get_authz_data(struct gse_context *gse_ctx, return NT_STATUS_OK; } +NTSTATUS gse_get_authtime(struct gse_context *gse_ctx, time_t *authtime) +{ + OM_uint32 gss_min, gss_maj; + gss_buffer_set_t set = GSS_C_NO_BUFFER_SET; + int32_t tkttime; + + if (!gse_ctx->authenticated) { + return NT_STATUS_ACCESS_DENIED; + } + + gss_maj = gss_inquire_sec_context_by_oid( + &gss_min, gse_ctx->gss_ctx, + &gse_authtime_oid, &set); + if (gss_maj) { + DEBUG(0, ("gss_inquire_sec_context_by_oid failed [%s]\n", + gse_errstr(talloc_tos(), gss_maj, gss_min))); + return NT_STATUS_NOT_FOUND; + } + + if ((set == GSS_C_NO_BUFFER_SET) || (set->count != 1) != 0) { + DEBUG(0, ("gss_inquire_sec_context_by_oid returned unknown " + "data in results.\n")); + return NT_STATUS_INTERNAL_ERROR; + } + + if (set->elements[0].length != sizeof(int32_t)) { + DEBUG(0, ("Invalid authtime size!\n")); + return NT_STATUS_INTERNAL_ERROR; + } + + tkttime = *((int32_t *)set->elements[0].value); + + gss_maj = gss_release_buffer_set(&gss_min, &set); + + *authtime = (time_t)tkttime; + return NT_STATUS_OK; +} + size_t gse_get_signature_length(struct gse_context *gse_ctx, int seal, size_t payload_size) { @@ -906,6 +954,11 @@ NTSTATUS gse_get_authz_data(struct gse_context *gse_ctx, return NT_STATUS_NOT_IMPLEMENTED; } +NTSTATUS gse_get_authtime(struct gse_context *gse_ctx, time_t *authtime) +{ + return NT_STATUS_NOT_IMPLEMENTED; +} + size_t gse_get_signature_length(struct gse_context *gse_ctx, int seal, size_t payload_size) { diff --git a/source3/librpc/rpc/dcerpc_gssapi.h b/source3/librpc/rpc/dcerpc_gssapi.h index 496291ab11..4da4af7f62 100644 --- a/source3/librpc/rpc/dcerpc_gssapi.h +++ b/source3/librpc/rpc/dcerpc_gssapi.h @@ -59,6 +59,7 @@ DATA_BLOB gse_get_session_key(TALLOC_CTX *mem_ctx, struct gse_context *gse_ctx); NTSTATUS gse_get_authz_data(struct gse_context *gse_ctx, TALLOC_CTX *mem_ctx, DATA_BLOB *pac); +NTSTATUS gse_get_authtime(struct gse_context *gse_ctx, time_t *authtime); size_t gse_get_signature_length(struct gse_context *gse_ctx, int seal, size_t payload_size); -- cgit