diff options
Diffstat (limited to 'source3/libads')
-rw-r--r-- | source3/libads/kerberos.c | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 49a85ca9f90..d2e9fa4fed5 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -29,6 +29,7 @@ #include "libads/cldap.h" #include "secrets.h" #include "../lib/tsocket/tsocket.h" +#include "lib/util/asn1.h" #ifdef HAVE_KRB5 @@ -98,6 +99,53 @@ kerb_prompter(krb5_context ctx, void *data, return 0; } +static bool unwrap_edata_ntstatus(TALLOC_CTX *mem_ctx, + DATA_BLOB *edata, + DATA_BLOB *edata_out) +{ + DATA_BLOB edata_contents; + ASN1_DATA *data; + int edata_type; + + if (!edata->length) { + return false; + } + + data = asn1_init(mem_ctx); + if (data == NULL) { + return false; + } + + if (!asn1_load(data, *edata)) goto err; + if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) goto err; + if (!asn1_start_tag(data, ASN1_CONTEXT(1))) goto err; + if (!asn1_read_Integer(data, &edata_type)) goto err; + + if (edata_type != KRB5_PADATA_PW_SALT) { + DEBUG(0,("edata is not of required type %d but of type %d\n", + KRB5_PADATA_PW_SALT, edata_type)); + goto err; + } + + if (!asn1_start_tag(data, ASN1_CONTEXT(2))) goto err; + if (!asn1_read_OctetString(data, talloc_tos(), &edata_contents)) goto err; + if (!asn1_end_tag(data)) goto err; + if (!asn1_end_tag(data)) goto err; + if (!asn1_end_tag(data)) goto err; + asn1_free(data); + + *edata_out = data_blob_talloc(mem_ctx, edata_contents.data, edata_contents.length); + + data_blob_free(&edata_contents); + + return true; + + err: + + asn1_free(data); + return false; +} + static bool smb_krb5_get_ntstatus_from_krb5_error(krb5_error *error, NTSTATUS *nt_status) { |