From 14a3abd5591a7c310bdd2638e5c06833dc2c8f92 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 26 Oct 2005 23:41:01 +0000
Subject: r11314: Use a patch from lha to have the kerberos libs extract the
 PAC, rather than doing ASN.1 parsing in Samba.

Also use the API function for getting a client from a ticket, rather
than just digging in the structure.

Andrew Bartlett
(This used to be commit 25d5ea6d724bd2b64a6086ae6e2e1c5148b8ca4a)
---
 source4/auth/kerberos/clikrb5.c | 112 ----------------------------------------
 1 file changed, 112 deletions(-)

(limited to 'source4/auth/kerberos/clikrb5.c')

diff --git a/source4/auth/kerberos/clikrb5.c b/source4/auth/kerberos/clikrb5.c
index 17a1e5f3d4..3cac97cdc6 100644
--- a/source4/auth/kerberos/clikrb5.c
+++ b/source4/auth/kerberos/clikrb5.c
@@ -159,118 +159,6 @@
 }
 #endif
 
-BOOL unwrap_pac(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, DATA_BLOB *unwrapped_pac_data)
-{
-	DATA_BLOB pac_contents;
-	struct asn1_data data;
-	int data_type;
-
-	if (!auth_data->length) {
-		return False;
-	}
-
-	asn1_load(&data, *auth_data);
-	asn1_start_tag(&data, ASN1_SEQUENCE(0));
-	asn1_start_tag(&data, ASN1_SEQUENCE(0));
-	asn1_start_tag(&data, ASN1_CONTEXT(0));
-	asn1_read_Integer(&data, &data_type);
-	
-	if (data_type != KRB5_AUTHDATA_WIN2K_PAC ) {
-		DEBUG(10,("authorization data is not a Windows PAC (type: %d)\n", data_type));
-		asn1_free(&data);
-		return False;
-	}
-	
-	asn1_end_tag(&data);
-	asn1_start_tag(&data, ASN1_CONTEXT(1));
-	asn1_read_OctetString(&data, &pac_contents);
-	asn1_end_tag(&data);
-	asn1_end_tag(&data);
-	asn1_end_tag(&data);
-	asn1_free(&data);
-
-	*unwrapped_pac_data = data_blob_talloc(mem_ctx, pac_contents.data, pac_contents.length);
-
-	data_blob_free(&pac_contents);
-
-	return True;
-}
-
- BOOL get_auth_data_from_tkt(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, krb5_ticket *tkt)
-{
-	DATA_BLOB auth_data_wrapped;
-	BOOL got_auth_data_pac = False;
-	int i;
-	
-#if defined(HAVE_KRB5_TKT_ENC_PART2)
-	if (tkt->enc_part2 && tkt->enc_part2->authorization_data && 
-	    tkt->enc_part2->authorization_data[0] && 
-	    tkt->enc_part2->authorization_data[0]->length)
-	{
-		for (i = 0; tkt->enc_part2->authorization_data[i] != NULL; i++) {
-		
-			if (tkt->enc_part2->authorization_data[i]->ad_type != 
-			    KRB5_AUTHDATA_IF_RELEVANT) {
-				DEBUG(10,("get_auth_data_from_tkt: ad_type is %d\n", 
-					tkt->enc_part2->authorization_data[i]->ad_type));
-				continue;
-			}
-
-			auth_data_wrapped = data_blob(tkt->enc_part2->authorization_data[i]->contents,
-						      tkt->enc_part2->authorization_data[i]->length);
-
-			/* check if it is a PAC */
-			got_auth_data_pac = unwrap_pac(mem_ctx, &auth_data_wrapped, auth_data);
-			data_blob_free(&auth_data_wrapped);
-			
-			if (!got_auth_data_pac) {
-				continue;
-			}
-		}
-
-		return got_auth_data_pac;
-	}
-		
-#else
-	if (tkt->ticket.authorization_data && 
-	    tkt->ticket.authorization_data->len)
-	{
-		for (i = 0; i < tkt->ticket.authorization_data->len; i++) {
-			
-			if (tkt->ticket.authorization_data->val[i].ad_type != 
-			    KRB5_AUTHDATA_IF_RELEVANT) {
-				DEBUG(10,("get_auth_data_from_tkt: ad_type is %d\n", 
-					tkt->ticket.authorization_data->val[i].ad_type));
-				continue;
-			}
-
-			auth_data_wrapped = data_blob(tkt->ticket.authorization_data->val[i].ad_data.data,
-						      tkt->ticket.authorization_data->val[i].ad_data.length);
-
-			/* check if it is a PAC */
-			got_auth_data_pac = unwrap_pac(mem_ctx, &auth_data_wrapped, auth_data);
-			data_blob_free(&auth_data_wrapped);
-			
-			if (!got_auth_data_pac) {
-				continue;
-			}
-		}
-
-		return got_auth_data_pac;
-	}
-#endif
-	return False;
-}
-
- krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt)
-{
-#if defined(HAVE_KRB5_TKT_ENC_PART2)
-	return tkt->enc_part2->client;
-#else
-	return tkt->client;
-#endif
-}
-
 #if !defined(HAVE_KRB5_FREE_UNPARSED_NAME)
  void krb5_free_unparsed_name(krb5_context context, char *val)
 {
-- 
cgit