diff options
| author | Jeff Layton <jlayton@redhat.com> | 2010-02-07 14:54:22 -0500 |
|---|---|---|
| committer | Jeff Layton <jlayton@redhat.com> | 2010-02-07 14:54:22 -0500 |
| commit | 01cdb73241999039260a92312f3151fbde478ede (patch) | |
| tree | 277be1630bba89525a2a66164db224a5a7c4e0bc /spnego.c | |
| parent | 7d04eeea19da1cff6424b42bd049d7e808739553 (diff) | |
| download | cifs-utils-01cdb73241999039260a92312f3151fbde478ede.tar.gz cifs-utils-01cdb73241999039260a92312f3151fbde478ede.tar.bz2 cifs-utils-01cdb73241999039260a92312f3151fbde478ede.zip | |
spnego.c: add new spnego.c file with SPNEGO/GSSAPI routines we need
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Diffstat (limited to 'spnego.c')
| -rw-r--r-- | spnego.c | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/spnego.c b/spnego.c new file mode 100644 index 0000000..cf9f39c --- /dev/null +++ b/spnego.c @@ -0,0 +1,90 @@ + +#include <talloc.h> +#include <stdint.h> + +#include "replace.h" +#include "data_blob.h" +#include "asn1.h" +#include "spnego.h" + +/* + generate a krb5 GSS-API wrapper packet given a ticket +*/ +DATA_BLOB spnego_gen_krb5_wrap(const DATA_BLOB ticket, const uint8_t tok_id[2]) +{ + ASN1_DATA *data; + DATA_BLOB ret; + + data = asn1_init(talloc_init("gssapi")); + if (data == NULL) { + return data_blob_null; + } + + asn1_push_tag(data, ASN1_APPLICATION(0)); + asn1_write_OID(data, OID_KERBEROS5); + + asn1_write(data, tok_id, 2); + asn1_write(data, ticket.data, ticket.length); + asn1_pop_tag(data); + +#if 0 + if (data->has_error) { + DEBUG(1,("Failed to build krb5 wrapper at offset %d\n", (int)data->ofs)); + } +#endif + + ret = data_blob(data->data, data->length); + asn1_free(data); + + return ret; +} + +/* + Generate a negTokenInit as used by the client side ... It has a mechType + (OID), and a mechToken (a security blob) ... + + Really, we need to break out the NTLMSSP stuff as well, because it could be + raw in the packets! +*/ +DATA_BLOB gen_negTokenInit(const char *OID, DATA_BLOB blob) +{ + ASN1_DATA *data; + DATA_BLOB ret; + + data = asn1_init(talloc_init("spnego")); + if (data == NULL) { + return data_blob_null; + } + + asn1_push_tag(data, ASN1_APPLICATION(0)); + asn1_write_OID(data,OID_SPNEGO); + asn1_push_tag(data, ASN1_CONTEXT(0)); + asn1_push_tag(data, ASN1_SEQUENCE(0)); + + asn1_push_tag(data, ASN1_CONTEXT(0)); + asn1_push_tag(data, ASN1_SEQUENCE(0)); + asn1_write_OID(data, OID); + asn1_pop_tag(data); + asn1_pop_tag(data); + + asn1_push_tag(data, ASN1_CONTEXT(2)); + asn1_write_OctetString(data,blob.data,blob.length); + asn1_pop_tag(data); + + asn1_pop_tag(data); + asn1_pop_tag(data); + + asn1_pop_tag(data); + +#if 0 + if (data->has_error) { + DEBUG(1,("Failed to build negTokenInit at offset %d\n", (int)data->ofs)); + } +#endif + + ret = data_blob(data->data, data->length); + asn1_free(data); + + return ret; +} + |