|
Packit Service |
09cdfc |
/*
|
|
Packit Service |
09cdfc |
Unix SMB/CIFS implementation.
|
|
Packit Service |
09cdfc |
simple kerberos5/SPNEGO routines
|
|
Packit Service |
09cdfc |
Copyright (C) Andrew Tridgell 2001
|
|
Packit Service |
09cdfc |
Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002
|
|
Packit Service |
09cdfc |
Copyright (C) Luke Howard 2003
|
|
Packit Service |
09cdfc |
|
|
Packit Service |
09cdfc |
This program is free software; you can redistribute it and/or modify
|
|
Packit Service |
09cdfc |
it under the terms of the GNU General Public License as published by
|
|
Packit Service |
09cdfc |
the Free Software Foundation; either version 3 of the License, or
|
|
Packit Service |
09cdfc |
(at your option) any later version.
|
|
Packit Service |
09cdfc |
|
|
Packit Service |
09cdfc |
This program is distributed in the hope that it will be useful,
|
|
Packit Service |
09cdfc |
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
09cdfc |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
Packit Service |
09cdfc |
GNU General Public License for more details.
|
|
Packit Service |
09cdfc |
|
|
Packit Service |
09cdfc |
You should have received a copy of the GNU General Public License
|
|
Packit Service |
09cdfc |
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
Packit Service |
09cdfc |
*/
|
|
Packit Service |
09cdfc |
|
|
Packit Service |
09cdfc |
#include <talloc.h>
|
|
Packit Service |
09cdfc |
#include <stdint.h>
|
|
Packit Service |
09cdfc |
#include <stdbool.h>
|
|
Packit Service |
09cdfc |
|
|
Packit Service |
09cdfc |
#include "data_blob.h"
|
|
Packit Service |
09cdfc |
#include "asn1.h"
|
|
Packit Service |
09cdfc |
#include "spnego.h"
|
|
Packit Service |
09cdfc |
|
|
Packit Service |
09cdfc |
/*
|
|
Packit Service |
09cdfc |
generate a krb5 GSS-API wrapper packet given a ticket
|
|
Packit Service |
09cdfc |
*/
|
|
Packit Service |
09cdfc |
DATA_BLOB spnego_gen_krb5_wrap(const DATA_BLOB ticket, const uint8_t tok_id[2])
|
|
Packit Service |
09cdfc |
{
|
|
Packit Service |
09cdfc |
ASN1_DATA *data;
|
|
Packit Service |
09cdfc |
DATA_BLOB ret;
|
|
Packit Service |
09cdfc |
TALLOC_CTX *mem_ctx = talloc_init("gssapi");
|
|
Packit Service |
09cdfc |
|
|
Packit Service |
09cdfc |
data = asn1_init(mem_ctx);
|
|
Packit Service |
09cdfc |
if (data == NULL) {
|
|
Packit Service |
09cdfc |
return data_blob_null;
|
|
Packit Service |
09cdfc |
}
|
|
Packit Service |
09cdfc |
|
|
Packit Service |
09cdfc |
asn1_push_tag(data, ASN1_APPLICATION(0));
|
|
Packit Service |
09cdfc |
asn1_write_OID(data, OID_KERBEROS5);
|
|
Packit Service |
09cdfc |
|
|
Packit Service |
09cdfc |
asn1_write(data, tok_id, 2);
|
|
Packit Service |
09cdfc |
asn1_write(data, ticket.data, ticket.length);
|
|
Packit Service |
09cdfc |
asn1_pop_tag(data);
|
|
Packit Service |
09cdfc |
|
|
Packit Service |
09cdfc |
#if 0
|
|
Packit Service |
09cdfc |
if (data->has_error) {
|
|
Packit Service |
09cdfc |
DEBUG(1,("Failed to build krb5 wrapper at offset %d\n", (int)data->ofs));
|
|
Packit Service |
09cdfc |
}
|
|
Packit Service |
09cdfc |
#endif
|
|
Packit Service |
09cdfc |
|
|
Packit Service |
09cdfc |
ret = data_blob(data->data, data->length);
|
|
Packit Service |
09cdfc |
asn1_free(data);
|
|
Packit Service |
09cdfc |
talloc_free(mem_ctx);
|
|
Packit Service |
09cdfc |
|
|
Packit Service |
09cdfc |
return ret;
|
|
Packit Service |
09cdfc |
}
|
|
Packit Service |
09cdfc |
|
|
Packit Service |
09cdfc |
/*
|
|
Packit Service |
09cdfc |
Generate a negTokenInit as used by the client side ... It has a mechType
|
|
Packit Service |
09cdfc |
(OID), and a mechToken (a security blob) ...
|
|
Packit Service |
09cdfc |
|
|
Packit Service |
09cdfc |
Really, we need to break out the NTLMSSP stuff as well, because it could be
|
|
Packit Service |
09cdfc |
raw in the packets!
|
|
Packit Service |
09cdfc |
*/
|
|
Packit Service |
09cdfc |
DATA_BLOB gen_negTokenInit(const char *OID, DATA_BLOB blob)
|
|
Packit Service |
09cdfc |
{
|
|
Packit Service |
09cdfc |
ASN1_DATA *data;
|
|
Packit Service |
09cdfc |
DATA_BLOB ret;
|
|
Packit Service |
09cdfc |
TALLOC_CTX *mem_ctx = talloc_init("spnego");
|
|
Packit Service |
09cdfc |
|
|
Packit Service |
09cdfc |
data = asn1_init(mem_ctx);
|
|
Packit Service |
09cdfc |
if (data == NULL) {
|
|
Packit Service |
09cdfc |
return data_blob_null;
|
|
Packit Service |
09cdfc |
}
|
|
Packit Service |
09cdfc |
|
|
Packit Service |
09cdfc |
asn1_push_tag(data, ASN1_APPLICATION(0));
|
|
Packit Service |
09cdfc |
asn1_write_OID(data,OID_SPNEGO);
|
|
Packit Service |
09cdfc |
asn1_push_tag(data, ASN1_CONTEXT(0));
|
|
Packit Service |
09cdfc |
asn1_push_tag(data, ASN1_SEQUENCE(0));
|
|
Packit Service |
09cdfc |
|
|
Packit Service |
09cdfc |
asn1_push_tag(data, ASN1_CONTEXT(0));
|
|
Packit Service |
09cdfc |
asn1_push_tag(data, ASN1_SEQUENCE(0));
|
|
Packit Service |
09cdfc |
asn1_write_OID(data, OID);
|
|
Packit Service |
09cdfc |
asn1_pop_tag(data);
|
|
Packit Service |
09cdfc |
asn1_pop_tag(data);
|
|
Packit Service |
09cdfc |
|
|
Packit Service |
09cdfc |
asn1_push_tag(data, ASN1_CONTEXT(2));
|
|
Packit Service |
09cdfc |
asn1_write_OctetString(data,blob.data,blob.length);
|
|
Packit Service |
09cdfc |
asn1_pop_tag(data);
|
|
Packit Service |
09cdfc |
|
|
Packit Service |
09cdfc |
asn1_pop_tag(data);
|
|
Packit Service |
09cdfc |
asn1_pop_tag(data);
|
|
Packit Service |
09cdfc |
|
|
Packit Service |
09cdfc |
asn1_pop_tag(data);
|
|
Packit Service |
09cdfc |
|
|
Packit Service |
09cdfc |
#if 0
|
|
Packit Service |
09cdfc |
if (data->has_error) {
|
|
Packit Service |
09cdfc |
DEBUG(1,("Failed to build negTokenInit at offset %d\n", (int)data->ofs));
|
|
Packit Service |
09cdfc |
}
|
|
Packit Service |
09cdfc |
#endif
|
|
Packit Service |
09cdfc |
|
|
Packit Service |
09cdfc |
ret = data_blob(data->data, data->length);
|
|
Packit Service |
09cdfc |
asn1_free(data);
|
|
Packit Service |
09cdfc |
talloc_free(mem_ctx);
|
|
Packit Service |
09cdfc |
|
|
Packit Service |
09cdfc |
return ret;
|
|
Packit Service |
09cdfc |
}
|
|
Packit Service |
09cdfc |
|