krb5_wrap: Move unwrap_edata_ntstatus() and make it static

This also removes the asn1util dependency from krb5_wrap and moves it to
libads which is the only user.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

1 files changed, 48 insertions, 0 deletions

diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 49a85ca9f90..d2e9fa4fed5 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -29,6 +29,7 @@
 #include "libads/cldap.h"
 #include "secrets.h"
 #include "../lib/tsocket/tsocket.h"
+#include "lib/util/asn1.h"
 
 #ifdef HAVE_KRB5
 
@@ -98,6 +99,53 @@ kerb_prompter(krb5_context ctx, void *data,
 	return 0;
 }
 
+static bool unwrap_edata_ntstatus(TALLOC_CTX *mem_ctx,
+				  DATA_BLOB *edata,
+				  DATA_BLOB *edata_out)
+{
+	DATA_BLOB edata_contents;
+	ASN1_DATA *data;
+	int edata_type;
+
+	if (!edata->length) {
+		return false;
+	}
+
+	data = asn1_init(mem_ctx);
+	if (data == NULL) {
+		return false;
+	}
+
+	if (!asn1_load(data, *edata)) goto err;
+	if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) goto err;
+	if (!asn1_start_tag(data, ASN1_CONTEXT(1))) goto err;
+	if (!asn1_read_Integer(data, &edata_type)) goto err;
+
+	if (edata_type != KRB5_PADATA_PW_SALT) {
+		DEBUG(0,("edata is not of required type %d but of type %d\n",
+			KRB5_PADATA_PW_SALT, edata_type));
+		goto err;
+	}
+
+	if (!asn1_start_tag(data, ASN1_CONTEXT(2))) goto err;
+	if (!asn1_read_OctetString(data, talloc_tos(), &edata_contents)) goto err;
+	if (!asn1_end_tag(data)) goto err;
+	if (!asn1_end_tag(data)) goto err;
+	if (!asn1_end_tag(data)) goto err;
+	asn1_free(data);
+
+	*edata_out = data_blob_talloc(mem_ctx, edata_contents.data, edata_contents.length);
+
+	data_blob_free(&edata_contents);
+
+	return true;
+
+  err:
+
+	asn1_free(data);
+	return false;
+}
+
  static bool smb_krb5_get_ntstatus_from_krb5_error(krb5_error *error,
 						   NTSTATUS *nt_status)
 {