auth-krb: Nove oid packet check to gensec_util.

This is clearly a utiliy function generic to gensec.  Also the 3 callers
had identical implementations. Provide a generic implementation for all
of them and avoid duplicating the code everywhere.

Signed-off-by: Andreas Schneider <asn@samba.org>

4 files changed, 47 insertions, 21 deletions

diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h
index f88da2227d6..0b0689fbcef 100644
--- a/auth/gensec/gensec.h
+++ b/auth/gensec/gensec.h
@@ -350,5 +350,7 @@ NTSTATUS gensec_generate_session_info_pac(TALLOC_CTX *mem_ctx,
 					  const struct tsocket_address *remote_address,
 					  struct auth_session_info **session_info);
 
+NTSTATUS gensec_magic_check_krb5_oid(struct gensec_security *unused,
+					const DATA_BLOB *blob);
 
 #endif /* __GENSEC_H__ */
diff --git a/auth/gensec/gensec_util.c b/auth/gensec/gensec_util.c
index cdd615fb60c..d7322135510 100644
--- a/auth/gensec/gensec_util.c
+++ b/auth/gensec/gensec_util.c
@@ -23,6 +23,7 @@
 #include "includes.h"
 #include "auth/gensec/gensec.h"
 #include "auth/common_auth.h"
+#include "../lib/util/asn1.h"
 
 NTSTATUS gensec_generate_session_info_pac(TALLOC_CTX *mem_ctx,
 					  struct gensec_security *gensec_security,
@@ -180,3 +181,46 @@ NTSTATUS gensec_packet_full_request(struct gensec_security *gensec_security,
 	}
 	return NT_STATUS_OK;
 }
+
+/*
+  magic check a GSS-API wrapper packet for an Kerberos OID
+*/
+static bool gensec_gssapi_check_oid(const DATA_BLOB *blob, const char *oid)
+{
+	bool ret;
+	struct asn1_data *data = asn1_init(NULL);
+
+	if (!data) return false;
+
+	asn1_load(data, *blob);
+	asn1_start_tag(data, ASN1_APPLICATION(0));
+	asn1_check_OID(data, oid);
+
+	ret = !data->has_error;
+
+	asn1_free(data);
+
+	return ret;
+}
+
+/**
+ * Check if the packet is one for the KRB5 mechansim
+ *
+ * NOTE: This is a helper that can be employed by multiple mechanisms, do
+ * not make assumptions about the private_data
+ *
+ * @param gensec_security GENSEC state, unused
+ * @param in The request, as a DATA_BLOB
+ * @return Error, INVALID_PARAMETER if it's not a packet for us
+ *                or NT_STATUS_OK if the packet is ok.
+ */
+
+NTSTATUS gensec_magic_check_krb5_oid(struct gensec_security *unused,
+					const DATA_BLOB *blob)
+{
+	if (gensec_gssapi_check_oid(blob, GENSEC_OID_KERBEROS5)) {
+		return NT_STATUS_OK;
+	} else {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+}
diff --git a/auth/gensec/wscript_build b/auth/gensec/wscript_build
index 7ca3cab0037..fcd74a3a9de 100644..100755
--- a/auth/gensec/wscript_build
+++ b/auth/gensec/wscript_build
@@ -3,7 +3,7 @@ bld.SAMBA_LIBRARY('gensec',
 	source='gensec.c gensec_start.c gensec_util.c',
 	pc_files='gensec.pc',
 	autoproto='gensec_toplevel_proto.h',
-	public_deps='tevent-util samba-util errors LIBPACKET auth_system_session samba-modules gensec_util',
+	public_deps='tevent-util samba-util errors LIBPACKET auth_system_session samba-modules gensec_util asn1util',
 	public_headers='gensec.h',
 	deps='com_err',
 	vnum='0.0.1'
diff --git a/auth/kerberos/gssapi_parse.c b/auth/kerberos/gssapi_parse.c
index dadc58b4f89..f58bf3b070e 100644
--- a/auth/kerberos/gssapi_parse.c
+++ b/auth/kerberos/gssapi_parse.c
@@ -95,23 +95,3 @@ bool gensec_gssapi_parse_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, D
 }
 
 
-/*
-  check a GSS-API wrapper packet givin an expected OID
-*/
-bool gensec_gssapi_check_oid(const DATA_BLOB *blob, const char *oid)
-{
-	bool ret;
-	struct asn1_data *data = asn1_init(NULL);
-
-	if (!data) return false;
-
-	asn1_load(data, *blob);
-	asn1_start_tag(data, ASN1_APPLICATION(0));
-	asn1_check_OID(data, oid);
-
-	ret = !data->has_error;
-
-	asn1_free(data);
-
-	return ret;
-}