search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r11830: patch from Rashid N. Achilov <shelton@granch.ru> to add descriptions for...
[Samba.git] / source / libsmb / spnego.c
blob6cc4436a0cf9f74db6be864fea0f37825a054ff3
1 /*
2 Unix SMB/CIFS implementation.
3
4 RFC2478 Compliant SPNEGO implementation
5
6 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 */
23
24 #include "includes.h"
25
26 #undef DBGC_CLASS
27 #define DBGC_CLASS DBGC_AUTH
28
29 static BOOL read_negTokenInit(ASN1_DATA *asn1, negTokenInit_t *token)
30 {
31 ZERO_STRUCTP(token);
32
33 asn1_start_tag(asn1, ASN1_CONTEXT(0));
34 asn1_start_tag(asn1, ASN1_SEQUENCE(0));
35
36 while (!asn1->has_error && 0 < asn1_tag_remaining(asn1)) {
37 int i;
38
39 switch (asn1->data[asn1->ofs]) {
40 /* Read mechTypes */
41 case ASN1_CONTEXT(0):
42 asn1_start_tag(asn1, ASN1_CONTEXT(0));
43 asn1_start_tag(asn1, ASN1_SEQUENCE(0));
44
45 token->mechTypes = SMB_MALLOC_P(const char *);
46 for (i = 0; !asn1->has_error &&
47 0 < asn1_tag_remaining(asn1); i++) {
48 char *p_oid = NULL;
49 token->mechTypes =
50 SMB_REALLOC_ARRAY(token->mechTypes, const char *, i + 2);
51 asn1_read_OID(asn1, &p_oid);
52 token->mechTypes[i] = p_oid;
53 }
54 token->mechTypes[i] = NULL;
55
56 asn1_end_tag(asn1);
57 asn1_end_tag(asn1);
58 break;
59 /* Read reqFlags */
60 case ASN1_CONTEXT(1):
61 asn1_start_tag(asn1, ASN1_CONTEXT(1));
62 asn1_read_Integer(asn1, &token->reqFlags);
63 token->reqFlags |= SPNEGO_REQ_FLAG;
64 asn1_end_tag(asn1);
65 break;
66 /* Read mechToken */
67 case ASN1_CONTEXT(2):
68 asn1_start_tag(asn1, ASN1_CONTEXT(2));
69 asn1_read_OctetString(asn1, &token->mechToken);
70 asn1_end_tag(asn1);
71 break;
72 /* Read mecListMIC */
73 case ASN1_CONTEXT(3):
74 asn1_start_tag(asn1, ASN1_CONTEXT(3));
75 if (asn1->data[asn1->ofs] == ASN1_OCTET_STRING) {
76 asn1_read_OctetString(asn1,
77 &token->mechListMIC);
78 } else {
79 /* RFC 2478 says we have an Octet String here,
80 but W2k sends something different... */
81 char *mechListMIC;
82 asn1_push_tag(asn1, ASN1_SEQUENCE(0));
83 asn1_push_tag(asn1, ASN1_CONTEXT(0));
84 asn1_read_GeneralString(asn1, &mechListMIC);
85 asn1_pop_tag(asn1);
86 asn1_pop_tag(asn1);
87
88 token->mechListMIC =
89 data_blob(mechListMIC, strlen(mechListMIC));
90 SAFE_FREE(mechListMIC);
91 }
92 asn1_end_tag(asn1);
93 break;
94 default:
95 asn1->has_error = True;
96 break;
97 }
98 }
99
100 asn1_end_tag(asn1);
101 asn1_end_tag(asn1);
102
103 return !asn1->has_error;
104 }
105
106 static BOOL write_negTokenInit(ASN1_DATA *asn1, negTokenInit_t *token)
107 {
108 asn1_push_tag(asn1, ASN1_CONTEXT(0));
109 asn1_push_tag(asn1, ASN1_SEQUENCE(0));
110
111 /* Write mechTypes */
112 if (token->mechTypes && *token->mechTypes) {
113 int i;
114
115 asn1_push_tag(asn1, ASN1_CONTEXT(0));
116 asn1_push_tag(asn1, ASN1_SEQUENCE(0));
117 for (i = 0; token->mechTypes[i]; i++) {
118 asn1_write_OID(asn1, token->mechTypes[i]);
119 }
120 asn1_pop_tag(asn1);
121 asn1_pop_tag(asn1);
122 }
123
124 /* write reqFlags */
125 if (token->reqFlags & SPNEGO_REQ_FLAG) {
126 int flags = token->reqFlags & ~SPNEGO_REQ_FLAG;
127
128 asn1_push_tag(asn1, ASN1_CONTEXT(1));
129 asn1_write_Integer(asn1, flags);
130 asn1_pop_tag(asn1);
131 }
132
133 /* write mechToken */
134 if (token->mechToken.data) {
135 asn1_push_tag(asn1, ASN1_CONTEXT(2));
136 asn1_write_OctetString(asn1, token->mechToken.data,
137 token->mechToken.length);
138 asn1_pop_tag(asn1);
139 }
140
141 /* write mechListMIC */
142 if (token->mechListMIC.data) {
143 asn1_push_tag(asn1, ASN1_CONTEXT(3));
144 #if 0
145 /* This is what RFC 2478 says ... */
146 asn1_write_OctetString(asn1, token->mechListMIC.data,
147 token->mechListMIC.length);
148 #else
149 /* ... but unfortunately this is what Windows
150 sends/expects */
151 asn1_push_tag(asn1, ASN1_SEQUENCE(0));
152 asn1_push_tag(asn1, ASN1_CONTEXT(0));
153 asn1_push_tag(asn1, ASN1_GENERAL_STRING);
154 asn1_write(asn1, token->mechListMIC.data,
155 token->mechListMIC.length);
156 asn1_pop_tag(asn1);
157 asn1_pop_tag(asn1);
158 asn1_pop_tag(asn1);
159 #endif
160 asn1_pop_tag(asn1);
161 }
162
163 asn1_pop_tag(asn1);
164 asn1_pop_tag(asn1);
165
166 return !asn1->has_error;
167 }
168
169 static BOOL read_negTokenTarg(ASN1_DATA *asn1, negTokenTarg_t *token)
170 {
171 ZERO_STRUCTP(token);
172
173 asn1_start_tag(asn1, ASN1_CONTEXT(1));
174 asn1_start_tag(asn1, ASN1_SEQUENCE(0));
175
176 while (!asn1->has_error && 0 < asn1_tag_remaining(asn1)) {
177 switch (asn1->data[asn1->ofs]) {
178 case ASN1_CONTEXT(0):
179 asn1_start_tag(asn1, ASN1_CONTEXT(0));
180 asn1_start_tag(asn1, ASN1_ENUMERATED);
181 asn1_read_uint8(asn1, &token->negResult);
182 asn1_end_tag(asn1);
183 asn1_end_tag(asn1);
184 break;
185 case ASN1_CONTEXT(1):
186 asn1_start_tag(asn1, ASN1_CONTEXT(1));
187 asn1_read_OID(asn1, &token->supportedMech);
188 asn1_end_tag(asn1);
189 break;
190 case ASN1_CONTEXT(2):
191 asn1_start_tag(asn1, ASN1_CONTEXT(2));
192 asn1_read_OctetString(asn1, &token->responseToken);
193 asn1_end_tag(asn1);
194 break;
195 case ASN1_CONTEXT(3):
196 asn1_start_tag(asn1, ASN1_CONTEXT(3));
197 asn1_read_OctetString(asn1, &token->mechListMIC);
198 asn1_end_tag(asn1);
199 break;
200 default:
201 asn1->has_error = True;
202 break;
203 }
204 }
205
206 asn1_end_tag(asn1);
207 asn1_end_tag(asn1);
208
209 return !asn1->has_error;
210 }
211
212 static BOOL write_negTokenTarg(ASN1_DATA *asn1, negTokenTarg_t *token)
213 {
214 asn1_push_tag(asn1, ASN1_CONTEXT(1));
215 asn1_push_tag(asn1, ASN1_SEQUENCE(0));
216
217 asn1_push_tag(asn1, ASN1_CONTEXT(0));
218 asn1_write_enumerated(asn1, token->negResult);
219 asn1_pop_tag(asn1);
220
221 if (token->supportedMech) {
222 asn1_push_tag(asn1, ASN1_CONTEXT(1));
223 asn1_write_OID(asn1, token->supportedMech);
224 asn1_pop_tag(asn1);
225 }
226
227 if (token->responseToken.data) {
228 asn1_push_tag(asn1, ASN1_CONTEXT(2));
229 asn1_write_OctetString(asn1, token->responseToken.data,
230 token->responseToken.length);
231 asn1_pop_tag(asn1);
232 }
233
234 if (token->mechListMIC.data) {
235 asn1_push_tag(asn1, ASN1_CONTEXT(3));
236 asn1_write_OctetString(asn1, token->mechListMIC.data,
237 token->mechListMIC.length);
238 asn1_pop_tag(asn1);
239 }
240
241 asn1_pop_tag(asn1);
242 asn1_pop_tag(asn1);
243
244 return !asn1->has_error;
245 }
246
247 ssize_t read_spnego_data(DATA_BLOB data, SPNEGO_DATA *token)
248 {
249 ASN1_DATA asn1;
250 ssize_t ret = -1;
251
252 ZERO_STRUCTP(token);
253 ZERO_STRUCT(asn1);
254 asn1_load(&asn1, data);
255
256 switch (asn1.data[asn1.ofs]) {
257 case ASN1_APPLICATION(0):
258 asn1_start_tag(&asn1, ASN1_APPLICATION(0));
259 asn1_check_OID(&asn1, OID_SPNEGO);
260 if (read_negTokenInit(&asn1, &token->negTokenInit)) {
261 token->type = SPNEGO_NEG_TOKEN_INIT;
262 }
263 asn1_end_tag(&asn1);
264 break;
265 case ASN1_CONTEXT(1):
266 if (read_negTokenTarg(&asn1, &token->negTokenTarg)) {
267 token->type = SPNEGO_NEG_TOKEN_TARG;
268 }
269 break;
270 default:
271 break;
272 }
273
274 if (!asn1.has_error) ret = asn1.ofs;
275 asn1_free(&asn1);
276
277 return ret;
278 }
279
280 ssize_t write_spnego_data(DATA_BLOB *blob, SPNEGO_DATA *spnego)
281 {
282 ASN1_DATA asn1;
283 ssize_t ret = -1;
284
285 ZERO_STRUCT(asn1);
286
287 switch (spnego->type) {
288 case SPNEGO_NEG_TOKEN_INIT:
289 asn1_push_tag(&asn1, ASN1_APPLICATION(0));
290 asn1_write_OID(&asn1, OID_SPNEGO);
291 write_negTokenInit(&asn1, &spnego->negTokenInit);
292 asn1_pop_tag(&asn1);
293 break;
294 case SPNEGO_NEG_TOKEN_TARG:
295 write_negTokenTarg(&asn1, &spnego->negTokenTarg);
296 break;
297 default:
298 asn1.has_error = True;
299 break;
300 }
301
302 if (!asn1.has_error) {
303 *blob = data_blob(asn1.data, asn1.length);
304 ret = asn1.ofs;
305 }
306 asn1_free(&asn1);
307
308 return ret;
309 }
310
311 BOOL free_spnego_data(SPNEGO_DATA *spnego)
312 {
313 BOOL ret = True;
314
315 if (!spnego) goto out;
316
317 switch(spnego->type) {
318 case SPNEGO_NEG_TOKEN_INIT:
319 if (spnego->negTokenInit.mechTypes) {
320 int i;
321 for (i = 0; spnego->negTokenInit.mechTypes[i]; i++) {
322 free(CONST_DISCARD(char *,spnego->negTokenInit.mechTypes[i]));
323 }
324 free(spnego->negTokenInit.mechTypes);
325 }
326 data_blob_free(&spnego->negTokenInit.mechToken);
327 data_blob_free(&spnego->negTokenInit.mechListMIC);
328 break;
329 case SPNEGO_NEG_TOKEN_TARG:
330 if (spnego->negTokenTarg.supportedMech) {
331 free(spnego->negTokenTarg.supportedMech);
332 }
333 data_blob_free(&spnego->negTokenTarg.responseToken);
334 data_blob_free(&spnego->negTokenTarg.mechListMIC);
335 break;
336 default:
337 ret = False;
338 break;
339 }
340 ZERO_STRUCTP(spnego);
341 out:
342 return ret;
343 }
344
Samba GIT mirror