source-git / cifs-utils

Clone
Source Code
GIT

Blame spnego.c

c8 c8s master
  1.   2ae924edd01befbfe78c41fa3c3cb10eb2844bee
  2.   spnego.c
Blob History Raw
Packit Service 09cdfc 
/*
Packit Service 09cdfc 
   Unix SMB/CIFS implementation.
Packit Service 09cdfc 
   simple kerberos5/SPNEGO routines
Packit Service 09cdfc 
   Copyright (C) Andrew Tridgell 2001
Packit Service 09cdfc 
   Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002
Packit Service 09cdfc 
   Copyright (C) Luke Howard     2003
Packit Service 09cdfc
Packit Service 09cdfc 
   This program is free software; you can redistribute it and/or modify
Packit Service 09cdfc 
   it under the terms of the GNU General Public License as published by
Packit Service 09cdfc 
   the Free Software Foundation; either version 3 of the License, or
Packit Service 09cdfc 
   (at your option) any later version.
Packit Service 09cdfc
Packit Service 09cdfc 
   This program is distributed in the hope that it will be useful,
Packit Service 09cdfc 
   but WITHOUT ANY WARRANTY; without even the implied warranty of
Packit Service 09cdfc 
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
Packit Service 09cdfc 
   GNU General Public License for more details.
Packit Service 09cdfc
Packit Service 09cdfc 
   You should have received a copy of the GNU General Public License
Packit Service 09cdfc 
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
Packit Service 09cdfc 
*/
Packit Service 09cdfc
Packit Service 09cdfc 
#include <talloc.h>
Packit Service 09cdfc 
#include <stdint.h>
Packit Service 09cdfc 
#include <stdbool.h>
Packit Service 09cdfc
Packit Service 09cdfc 
#include "data_blob.h"
Packit Service 09cdfc 
#include "asn1.h"
Packit Service 09cdfc 
#include "spnego.h"
Packit Service 09cdfc
Packit Service 09cdfc 
/*
Packit Service 09cdfc 
  generate a krb5 GSS-API wrapper packet given a ticket
Packit Service 09cdfc 
*/
Packit Service 09cdfc 
DATA_BLOB spnego_gen_krb5_wrap(const DATA_BLOB ticket, const uint8_t tok_id[2])
Packit Service 09cdfc 
{
Packit Service 09cdfc 
	ASN1_DATA *data;
Packit Service 09cdfc 
	DATA_BLOB ret;
Packit Service 09cdfc 
	TALLOC_CTX *mem_ctx = talloc_init("gssapi");
Packit Service 09cdfc
Packit Service 09cdfc 
	data = asn1_init(mem_ctx);
Packit Service 09cdfc 
	if (data == NULL) {
Packit Service 09cdfc 
		return data_blob_null;
Packit Service 09cdfc 
	}
Packit Service 09cdfc
Packit Service 09cdfc 
	asn1_push_tag(data, ASN1_APPLICATION(0));
Packit Service 09cdfc 
	asn1_write_OID(data, OID_KERBEROS5);
Packit Service 09cdfc
Packit Service 09cdfc 
	asn1_write(data, tok_id, 2);
Packit Service 09cdfc 
	asn1_write(data, ticket.data, ticket.length);
Packit Service 09cdfc 
	asn1_pop_tag(data);
Packit Service 09cdfc
Packit Service 09cdfc 
#if 0
Packit Service 09cdfc 
	if (data->has_error) {
Packit Service 09cdfc 
		DEBUG(1,("Failed to build krb5 wrapper at offset %d\n", (int)data->ofs));
Packit Service 09cdfc 
	}
Packit Service 09cdfc 
#endif
Packit Service 09cdfc
Packit Service 09cdfc 
	ret = data_blob(data->data, data->length);
Packit Service 09cdfc 
	asn1_free(data);
Packit Service 09cdfc 
	talloc_free(mem_ctx);
Packit Service 09cdfc
Packit Service 09cdfc 
	return ret;
Packit Service 09cdfc 
}
Packit Service 09cdfc
Packit Service 09cdfc 
/*
Packit Service 09cdfc 
  Generate a negTokenInit as used by the client side ... It has a mechType
Packit Service 09cdfc 
  (OID), and a mechToken (a security blob) ...
Packit Service 09cdfc
Packit Service 09cdfc 
  Really, we need to break out the NTLMSSP stuff as well, because it could be
Packit Service 09cdfc 
  raw in the packets!
Packit Service 09cdfc 
*/
Packit Service 09cdfc 
DATA_BLOB gen_negTokenInit(const char *OID, DATA_BLOB blob)
Packit Service 09cdfc 
{
Packit Service 09cdfc 
	ASN1_DATA *data;
Packit Service 09cdfc 
	DATA_BLOB ret;
Packit Service 09cdfc 
	TALLOC_CTX *mem_ctx = talloc_init("spnego");
Packit Service 09cdfc
Packit Service 09cdfc 
	data = asn1_init(mem_ctx);
Packit Service 09cdfc 
	if (data == NULL) {
Packit Service 09cdfc 
		return data_blob_null;
Packit Service 09cdfc 
	}
Packit Service 09cdfc
Packit Service 09cdfc 
	asn1_push_tag(data, ASN1_APPLICATION(0));
Packit Service 09cdfc 
	asn1_write_OID(data,OID_SPNEGO);
Packit Service 09cdfc 
	asn1_push_tag(data, ASN1_CONTEXT(0));
Packit Service 09cdfc 
	asn1_push_tag(data, ASN1_SEQUENCE(0));
Packit Service 09cdfc
Packit Service 09cdfc 
	asn1_push_tag(data, ASN1_CONTEXT(0));
Packit Service 09cdfc 
	asn1_push_tag(data, ASN1_SEQUENCE(0));
Packit Service 09cdfc 
	asn1_write_OID(data, OID);
Packit Service 09cdfc 
	asn1_pop_tag(data);
Packit Service 09cdfc 
	asn1_pop_tag(data);
Packit Service 09cdfc
Packit Service 09cdfc 
	asn1_push_tag(data, ASN1_CONTEXT(2));
Packit Service 09cdfc 
	asn1_write_OctetString(data,blob.data,blob.length);
Packit Service 09cdfc 
	asn1_pop_tag(data);
Packit Service 09cdfc
Packit Service 09cdfc 
	asn1_pop_tag(data);
Packit Service 09cdfc 
	asn1_pop_tag(data);
Packit Service 09cdfc
Packit Service 09cdfc 
	asn1_pop_tag(data);
Packit Service 09cdfc
Packit Service 09cdfc 
#if 0
Packit Service 09cdfc 
	if (data->has_error) {
Packit Service 09cdfc 
		DEBUG(1,("Failed to build negTokenInit at offset %d\n", (int)data->ofs));
Packit Service 09cdfc 
	}
Packit Service 09cdfc 
#endif
Packit Service 09cdfc
Packit Service 09cdfc 
	ret = data_blob(data->data, data->length);
Packit Service 09cdfc 
	asn1_free(data);
Packit Service 09cdfc 
	talloc_free(mem_ctx);
Packit Service 09cdfc
Packit Service 09cdfc 
	return ret;
Packit Service 09cdfc 
}
Packit Service 09cdfc

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation