auth/kerberos/gssapi_parse.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    simple GSSAPI wrappers
   5
   6    Copyright (C) Andrew Tridgell 2001
   7    Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002
   8    Copyright (C) Luke Howard     2003
   9
  10    This program is free software; you can redistribute it and/or modify
  11    it under the terms of the GNU General Public License as published by
  12    the Free Software Foundation; either version 3 of the License, or
  13    (at your option) any later version.
  14
  15    This program is distributed in the hope that it will be useful,
  16    but WITHOUT ANY WARRANTY; without even the implied warranty of
  17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18    GNU General Public License for more details.
  19
  20    You should have received a copy of the GNU General Public License
  21    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  22 */
  23
  24 #include "includes.h"
  25 #include "../lib/util/asn1.h"
  26 #include "auth/gensec/gensec.h"
  27
  28 /*
  29   generate a krb5 GSS-API wrapper packet given a ticket
  30 */
  31 DATA_BLOB gensec_gssapi_gen_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *ticket, const uint8_t tok_id[2])
  32 {
  33         struct asn1_data *data;
  34         DATA_BLOB ret;
  35
  36         data = asn1_init(mem_ctx);
  37         if (!data || !ticket->data) {
  38                 return data_blob(NULL,0);
  39         }
  40
  41         asn1_push_tag(data, ASN1_APPLICATION(0));
  42         asn1_write_OID(data, GENSEC_OID_KERBEROS5);
  43
  44         asn1_write(data, tok_id, 2);
  45         asn1_write(data, ticket->data, ticket->length);
  46         asn1_pop_tag(data);
  47
  48         if (data->has_error) {
  49                 DEBUG(1,("Failed to build krb5 wrapper at offset %d\n", (int)data->ofs));
  50                 asn1_free(data);
  51                 return data_blob(NULL,0);
  52         }
  53
  54         ret = data_blob_talloc(mem_ctx, data->data, data->length);
  55         asn1_free(data);
  56
  57         return ret;
  58 }
  59
  60 /*
  61   parse a krb5 GSS-API wrapper packet giving a ticket
  62 */
  63 bool gensec_gssapi_parse_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, DATA_BLOB *ticket, uint8_t tok_id[2])
  64 {
  65         bool ret;
  66         struct asn1_data *data = asn1_init(mem_ctx);
  67         int data_remaining;
  68
  69         if (!data) {
  70                 return false;
  71         }
  72
  73         asn1_load(data, *blob);
  74         asn1_start_tag(data, ASN1_APPLICATION(0));
  75         asn1_check_OID(data, GENSEC_OID_KERBEROS5);
  76
  77         data_remaining = asn1_tag_remaining(data);
  78
  79         if (data_remaining < 3) {
  80                 data->has_error = true;
  81         } else {
  82                 asn1_read(data, tok_id, 2);
  83                 data_remaining -= 2;
  84                 *ticket = data_blob_talloc(mem_ctx, NULL, data_remaining);
  85                 asn1_read(data, ticket->data, ticket->length);
  86         }
  87
  88         asn1_end_tag(data);
  89
  90         ret = !data->has_error;
  91
  92         asn1_free(data);
  93
  94         return ret;
  95 }
  96
  97
  98 /*
  99   check a GSS-API wrapper packet givin an expected OID
 100 */
 101 bool gensec_gssapi_check_oid(const DATA_BLOB *blob, const char *oid)
 102 {
 103         bool ret;
 104         struct asn1_data *data = asn1_init(NULL);
 105
 106         if (!data) return false;
 107
 108         asn1_load(data, *blob);
 109         asn1_start_tag(data, ASN1_APPLICATION(0));
 110         asn1_check_OID(data, oid);
 111
 112         ret = !data->has_error;
 113
 114         asn1_free(data);
 115
 116         return ret;
 117 }