diff options
author | Simo Sorce <idra@samba.org> | 2012-03-31 21:37:56 -0400 |
---|---|---|
committer | Andreas Schneider <asn@samba.org> | 2012-04-12 12:06:42 +0200 |
commit | 88d5d5c4b458761fd77acdb72f09253413ac03e5 (patch) | |
tree | aaa10140705a3f5883aab6c0e5e1f64fae40c925 /auth/gensec | |
parent | f116262a733cdf24c13e7c44a54736a2755f8335 (diff) | |
download | samba-88d5d5c4b458761fd77acdb72f09253413ac03e5.tar.gz |
auth-krb: Nove oid packet check to gensec_util.
This is clearly a utiliy function generic to gensec. Also the 3 callers
had identical implementations. Provide a generic implementation for all
of them and avoid duplicating the code everywhere.
Signed-off-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'auth/gensec')
-rw-r--r-- | auth/gensec/gensec.h | 2 | ||||
-rw-r--r-- | auth/gensec/gensec_util.c | 44 | ||||
-rwxr-xr-x[-rw-r--r--] | auth/gensec/wscript_build | 2 |
3 files changed, 47 insertions, 1 deletions
diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h index f88da2227d6..0b0689fbcef 100644 --- a/auth/gensec/gensec.h +++ b/auth/gensec/gensec.h @@ -350,5 +350,7 @@ NTSTATUS gensec_generate_session_info_pac(TALLOC_CTX *mem_ctx, const struct tsocket_address *remote_address, struct auth_session_info **session_info); +NTSTATUS gensec_magic_check_krb5_oid(struct gensec_security *unused, + const DATA_BLOB *blob); #endif /* __GENSEC_H__ */ diff --git a/auth/gensec/gensec_util.c b/auth/gensec/gensec_util.c index cdd615fb60c..d7322135510 100644 --- a/auth/gensec/gensec_util.c +++ b/auth/gensec/gensec_util.c @@ -23,6 +23,7 @@ #include "includes.h" #include "auth/gensec/gensec.h" #include "auth/common_auth.h" +#include "../lib/util/asn1.h" NTSTATUS gensec_generate_session_info_pac(TALLOC_CTX *mem_ctx, struct gensec_security *gensec_security, @@ -180,3 +181,46 @@ NTSTATUS gensec_packet_full_request(struct gensec_security *gensec_security, } return NT_STATUS_OK; } + +/* + magic check a GSS-API wrapper packet for an Kerberos OID +*/ +static bool gensec_gssapi_check_oid(const DATA_BLOB *blob, const char *oid) +{ + bool ret; + struct asn1_data *data = asn1_init(NULL); + + if (!data) return false; + + asn1_load(data, *blob); + asn1_start_tag(data, ASN1_APPLICATION(0)); + asn1_check_OID(data, oid); + + ret = !data->has_error; + + asn1_free(data); + + return ret; +} + +/** + * Check if the packet is one for the KRB5 mechansim + * + * NOTE: This is a helper that can be employed by multiple mechanisms, do + * not make assumptions about the private_data + * + * @param gensec_security GENSEC state, unused + * @param in The request, as a DATA_BLOB + * @return Error, INVALID_PARAMETER if it's not a packet for us + * or NT_STATUS_OK if the packet is ok. + */ + +NTSTATUS gensec_magic_check_krb5_oid(struct gensec_security *unused, + const DATA_BLOB *blob) +{ + if (gensec_gssapi_check_oid(blob, GENSEC_OID_KERBEROS5)) { + return NT_STATUS_OK; + } else { + return NT_STATUS_INVALID_PARAMETER; + } +} diff --git a/auth/gensec/wscript_build b/auth/gensec/wscript_build index 7ca3cab0037..fcd74a3a9de 100644..100755 --- a/auth/gensec/wscript_build +++ b/auth/gensec/wscript_build @@ -3,7 +3,7 @@ bld.SAMBA_LIBRARY('gensec', source='gensec.c gensec_start.c gensec_util.c', pc_files='gensec.pc', autoproto='gensec_toplevel_proto.h', - public_deps='tevent-util samba-util errors LIBPACKET auth_system_session samba-modules gensec_util', + public_deps='tevent-util samba-util errors LIBPACKET auth_system_session samba-modules gensec_util asn1util', public_headers='gensec.h', deps='com_err', vnum='0.0.1' |