/* [<][>][^][v][top][bottom][index][help] */
DEFINITIONS
This source file includes following definitions.
- gensec_gssapi_gen_krb5_wrap
- gensec_gssapi_parse_krb5_wrap
- gensec_gssapi_check_oid
1 /*
2 Unix SMB/CIFS implementation.
3
4 simple GSSAPI wrappers
5
6 Copyright (C) Andrew Tridgell 2001
7 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002
8 Copyright (C) Luke Howard 2003
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include "../lib/util/asn1.h"
26 #include "auth/gensec/gensec.h"
27 #include "system/kerberos.h"
28 #include "auth/kerberos/kerberos.h"
29
30 /*
31 generate a krb5 GSS-API wrapper packet given a ticket
32 */
33 DATA_BLOB gensec_gssapi_gen_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *ticket, const uint8_t tok_id[2])
/* [<][>][^][v][top][bottom][index][help] */
34 {
35 struct asn1_data *data;
36 DATA_BLOB ret;
37
38 if (!data || !ticket->data) {
39 return data_blob(NULL,0);
40 }
41
42 data = asn1_init(mem_ctx);
43 if (data == NULL) {
44 return data_blob(NULL,0);
45 }
46
47 asn1_push_tag(data, ASN1_APPLICATION(0));
48 asn1_write_OID(data, GENSEC_OID_KERBEROS5);
49
50 asn1_write(data, tok_id, 2);
51 asn1_write(data, ticket->data, ticket->length);
52 asn1_pop_tag(data);
53
54 if (data->has_error) {
55 DEBUG(1,("Failed to build krb5 wrapper at offset %d\n", (int)data->ofs));
56 asn1_free(data);
57 return data_blob(NULL,0);
58 }
59
60 ret = data_blob_talloc(mem_ctx, data->data, data->length);
61 asn1_free(data);
62
63 return ret;
64 }
65
66 /*
67 parse a krb5 GSS-API wrapper packet giving a ticket
68 */
69 bool gensec_gssapi_parse_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, DATA_BLOB *ticket, uint8_t tok_id[2])
/* [<][>][^][v][top][bottom][index][help] */
70 {
71 bool ret;
72 struct asn1_data *data = asn1_init(mem_ctx);
73 int data_remaining;
74
75 if (!data) {
76 return false;
77 }
78
79 asn1_load(data, *blob);
80 asn1_start_tag(data, ASN1_APPLICATION(0));
81 asn1_check_OID(data, GENSEC_OID_KERBEROS5);
82
83 data_remaining = asn1_tag_remaining(data);
84
85 if (data_remaining < 3) {
86 data->has_error = true;
87 } else {
88 asn1_read(data, tok_id, 2);
89 data_remaining -= 2;
90 *ticket = data_blob_talloc(mem_ctx, NULL, data_remaining);
91 asn1_read(data, ticket->data, ticket->length);
92 }
93
94 asn1_end_tag(data);
95
96 ret = !data->has_error;
97
98 asn1_free(data);
99
100 return ret;
101 }
102
103
104 /*
105 check a GSS-API wrapper packet givin an expected OID
106 */
107 bool gensec_gssapi_check_oid(const DATA_BLOB *blob, const char *oid)
/* [<][>][^][v][top][bottom][index][help] */
108 {
109 bool ret;
110 struct asn1_data *data = asn1_init(NULL);
111
112 if (!data) return false;
113
114 asn1_load(data, *blob);
115 asn1_start_tag(data, ASN1_APPLICATION(0));
116 asn1_check_OID(data, oid);
117
118 ret = !data->has_error;
119
120 asn1_free(data);
121
122 return ret;
123 }
124
125