root/source4/auth/kerberos/gssapi_parse.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. gensec_gssapi_gen_krb5_wrap
  2. gensec_gssapi_parse_krb5_wrap
  3. gensec_gssapi_check_oid

   1 /* 
   2    Unix SMB/CIFS implementation.
   3 
   4    simple GSSAPI wrappers
   5 
   6    Copyright (C) Andrew Tridgell 2001
   7    Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002
   8    Copyright (C) Luke Howard     2003
   9    
  10    This program is free software; you can redistribute it and/or modify
  11    it under the terms of the GNU General Public License as published by
  12    the Free Software Foundation; either version 3 of the License, or
  13    (at your option) any later version.
  14    
  15    This program is distributed in the hope that it will be useful,
  16    but WITHOUT ANY WARRANTY; without even the implied warranty of
  17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18    GNU General Public License for more details.
  19    
  20    You should have received a copy of the GNU General Public License
  21    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  22 */
  23 
  24 #include "includes.h"
  25 #include "../lib/util/asn1.h"
  26 #include "auth/gensec/gensec.h"
  27 #include "system/kerberos.h"
  28 #include "auth/kerberos/kerberos.h"
  29 
  30 /*
  31   generate a krb5 GSS-API wrapper packet given a ticket
  32 */
  33 DATA_BLOB gensec_gssapi_gen_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *ticket, const uint8_t tok_id[2])
     /* [<][>][^][v][top][bottom][index][help] */
  34 {
  35         struct asn1_data *data;
  36         DATA_BLOB ret;
  37 
  38         if (!data || !ticket->data) {
  39                 return data_blob(NULL,0);
  40         }
  41 
  42         data = asn1_init(mem_ctx);
  43         if (data == NULL) {
  44                 return data_blob(NULL,0);
  45         }
  46 
  47         asn1_push_tag(data, ASN1_APPLICATION(0));
  48         asn1_write_OID(data, GENSEC_OID_KERBEROS5);
  49 
  50         asn1_write(data, tok_id, 2);
  51         asn1_write(data, ticket->data, ticket->length);
  52         asn1_pop_tag(data);
  53 
  54         if (data->has_error) {
  55                 DEBUG(1,("Failed to build krb5 wrapper at offset %d\n", (int)data->ofs));
  56                 asn1_free(data);
  57                 return data_blob(NULL,0);
  58         }
  59 
  60         ret = data_blob_talloc(mem_ctx, data->data, data->length);
  61         asn1_free(data);
  62 
  63         return ret;
  64 }
  65 
  66 /*
  67   parse a krb5 GSS-API wrapper packet giving a ticket
  68 */
  69 bool gensec_gssapi_parse_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, DATA_BLOB *ticket, uint8_t tok_id[2])
     /* [<][>][^][v][top][bottom][index][help] */
  70 {
  71         bool ret;
  72         struct asn1_data *data = asn1_init(mem_ctx);
  73         int data_remaining;
  74 
  75         if (!data) {
  76                 return false;
  77         }
  78 
  79         asn1_load(data, *blob);
  80         asn1_start_tag(data, ASN1_APPLICATION(0));
  81         asn1_check_OID(data, GENSEC_OID_KERBEROS5);
  82 
  83         data_remaining = asn1_tag_remaining(data);
  84 
  85         if (data_remaining < 3) {
  86                 data->has_error = true;
  87         } else {
  88                 asn1_read(data, tok_id, 2);
  89                 data_remaining -= 2;
  90                 *ticket = data_blob_talloc(mem_ctx, NULL, data_remaining);
  91                 asn1_read(data, ticket->data, ticket->length);
  92         }
  93 
  94         asn1_end_tag(data);
  95 
  96         ret = !data->has_error;
  97 
  98         asn1_free(data);
  99 
 100         return ret;
 101 }
 102 
 103 
 104 /*
 105   check a GSS-API wrapper packet givin an expected OID
 106 */
 107 bool gensec_gssapi_check_oid(const DATA_BLOB *blob, const char *oid)
     /* [<][>][^][v][top][bottom][index][help] */
 108 {
 109         bool ret;
 110         struct asn1_data *data = asn1_init(NULL);
 111 
 112         if (!data) return false;
 113 
 114         asn1_load(data, *blob);
 115         asn1_start_tag(data, ASN1_APPLICATION(0));
 116         asn1_check_OID(data, oid);
 117 
 118         ret = !data->has_error;
 119 
 120         asn1_free(data);
 121 
 122         return ret;
 123 }
 124 
 125 

/* [<][>][^][v][top][bottom][index][help] */