2 Unix SMB/CIFS implementation.
6 Copyright (C) Andrew Tridgell 2001
7 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002
8 Copyright (C) Luke Howard 2003
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include "../lib/util/asn1.h"
26 #include "auth/gensec/gensec.h"
27 #include "system/kerberos.h"
28 #include "auth/kerberos/kerberos.h"
31 generate a krb5 GSS-API wrapper packet given a ticket
33 DATA_BLOB
gensec_gssapi_gen_krb5_wrap(TALLOC_CTX
*mem_ctx
, const DATA_BLOB
*ticket
, const uint8_t tok_id
[2])
35 struct asn1_data
*data
;
38 data
= asn1_init(mem_ctx
);
39 if (!data
|| !ticket
->data
) {
40 return data_blob(NULL
,0);
43 asn1_push_tag(data
, ASN1_APPLICATION(0));
44 asn1_write_OID(data
, GENSEC_OID_KERBEROS5
);
46 asn1_write(data
, tok_id
, 2);
47 asn1_write(data
, ticket
->data
, ticket
->length
);
50 if (data
->has_error
) {
51 DEBUG(1,("Failed to build krb5 wrapper at offset %d\n", (int)data
->ofs
));
53 return data_blob(NULL
,0);
56 ret
= data_blob_talloc(mem_ctx
, data
->data
, data
->length
);
63 parse a krb5 GSS-API wrapper packet giving a ticket
65 bool gensec_gssapi_parse_krb5_wrap(TALLOC_CTX
*mem_ctx
, const DATA_BLOB
*blob
, DATA_BLOB
*ticket
, uint8_t tok_id
[2])
68 struct asn1_data
*data
= asn1_init(mem_ctx
);
75 asn1_load(data
, *blob
);
76 asn1_start_tag(data
, ASN1_APPLICATION(0));
77 asn1_check_OID(data
, GENSEC_OID_KERBEROS5
);
79 data_remaining
= asn1_tag_remaining(data
);
81 if (data_remaining
< 3) {
82 data
->has_error
= true;
84 asn1_read(data
, tok_id
, 2);
86 *ticket
= data_blob_talloc(mem_ctx
, NULL
, data_remaining
);
87 asn1_read(data
, ticket
->data
, ticket
->length
);
92 ret
= !data
->has_error
;
101 check a GSS-API wrapper packet givin an expected OID
103 bool gensec_gssapi_check_oid(const DATA_BLOB
*blob
, const char *oid
)
106 struct asn1_data
*data
= asn1_init(NULL
);
108 if (!data
) return false;
110 asn1_load(data
, *blob
);
111 asn1_start_tag(data
, ASN1_APPLICATION(0));
112 asn1_check_OID(data
, oid
);
114 ret
= !data
->has_error
;