#define ASN1_MAX_OIDS 20
-/* some well known object IDs */
-#define OID_SPNEGO "1 3 6 1 5 5 2"
-#define OID_NTLMSSP "1 3 6 1 4 1 311 2 2 10"
-#define OID_KERBEROS5_OLD "1 2 840 48018 1 2 2"
-#define OID_KERBEROS5 "1 2 840 113554 1 2 2"
-
-#define SPNEGO_NEG_RESULT_ACCEPT 0
-#define SPNEGO_NEG_RESULT_INCOMPLETE 1
-#define SPNEGO_NEG_RESULT_REJECT 2
-
-/* not really ASN.1, but RFC 1964 */
-#define TOK_ID_KRB_AP_REQ "\x01\x00"
-#define TOK_ID_KRB_AP_REP "\x02\x00"
-#define TOK_ID_KRB_ERROR "\x03\x00"
-#define TOK_ID_GSS_GETMIC "\x01\x01"
-#define TOK_ID_GSS_WRAP "\x02\x01"
-
#endif /* _ASN_1_H */
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
+#define GENSEC_OID_NTLMSSP "1 3 6 1 4 1 311 2 2 10"
+#define GENSEC_OID_SPNEGO "1 3 6 1 5 5 2"
+#define GENSEC_OID_KERBEROS5 "1 2 840 113554 1 2 2"
+#define GENSEC_OID_KERBEROS5_OLD "1 2 840 48018 1 2 2"
+#define GENSEC_OID_KERBEROS5_USER2USER "1 2 840 113554 1 2 2 3"
struct gensec_security;
struct gensec_user {
#include "libcli/auth/kerberos.h"
#include "librpc/gen_ndr/ndr_krb5pac.h"
#include "auth/auth.h"
-#include "asn_1.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
static const struct gensec_security_ops gensec_krb5_security_ops = {
.name = "krb5",
.auth_type = DCERPC_AUTH_TYPE_KRB5,
- .oid = OID_KERBEROS5,
+ .oid = GENSEC_OID_KERBEROS5,
.client_start = gensec_krb5_client_start,
.server_start = gensec_krb5_server_start,
.update = gensec_krb5_update,
static const struct gensec_security_ops gensec_ms_krb5_security_ops = {
.name = "ms_krb5",
.auth_type = DCERPC_AUTH_TYPE_KRB5,
- .oid = OID_KERBEROS5_OLD,
+ .oid = GENSEC_OID_KERBEROS5_OLD,
.client_start = gensec_krb5_client_start,
.server_start = gensec_krb5_server_start,
.update = gensec_krb5_update,
#include "includes.h"
#include "auth/auth.h"
-#include "asn_1.h"
struct gensec_ntlmssp_state {
struct auth_context *auth_context;
.name = "ntlmssp",
.sasl_name = "NTLM",
.auth_type = DCERPC_AUTH_TYPE_NTLMSSP,
- .oid = OID_NTLMSSP,
+ .oid = GENSEC_OID_NTLMSSP,
.client_start = gensec_ntlmssp_client_start,
.server_start = gensec_ntlmssp_server_start,
.update = gensec_ntlmssp_update,
#include "includes.h"
#include "asn_1.h"
+#include "system/kerberos.h"
+#include "libcli/auth/kerberos.h"
+#include "libcli/auth/gensec.h"
/*
generate a krb5 GSS-API wrapper packet given a ticket
ZERO_STRUCT(data);
asn1_push_tag(&data, ASN1_APPLICATION(0));
- asn1_write_OID(&data, OID_KERBEROS5);
+ asn1_write_OID(&data, GENSEC_OID_KERBEROS5);
asn1_write(&data, tok_id, 2);
asn1_write(&data, ticket->data, ticket->length);
asn1_load(&data, *blob);
asn1_start_tag(&data, ASN1_APPLICATION(0));
- asn1_check_OID(&data, OID_KERBEROS5);
+ asn1_check_OID(&data, GENSEC_OID_KERBEROS5);
data_remaining = asn1_tag_remaining(&data);
#if defined(HAVE_KRB5)
+/* not really ASN.1, but RFC 1964 */
+#define TOK_ID_KRB_AP_REQ "\x01\x00"
+#define TOK_ID_KRB_AP_REP "\x02\x00"
+#define TOK_ID_KRB_ERROR "\x03\x00"
+#define TOK_ID_GSS_GETMIC "\x01\x01"
+#define TOK_ID_GSS_WRAP "\x02\x01"
+
#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE
#define KRB5_KEY_TYPE(k) ((k)->keytype)
#define KRB5_KEY_LENGTH(k) ((k)->keyvalue.length)
#include "includes.h"
#include "auth/auth.h"
-#include "asn_1.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
if (!all_ops[i]->oid) {
continue;
}
- if (strcasecmp(OID_SPNEGO,all_ops[i]->oid) == 0) {
+ if (strcasecmp(GENSEC_OID_SPNEGO,all_ops[i]->oid) == 0) {
continue;
}
const char **mechTypes = NULL;
DATA_BLOB unwrapped_out = data_blob(NULL,0);
- mechTypes = gensec_security_oids(out_mem_ctx, OID_SPNEGO);
+ mechTypes = gensec_security_oids(out_mem_ctx, GENSEC_OID_SPNEGO);
if (!mechTypes) {
DEBUG(1, ("no GENSEC OID backends available\n"));
return nt_status;
} else {
- const char **mechlist = gensec_security_oids(out_mem_ctx, OID_SPNEGO);
+ const char **mechlist = gensec_security_oids(out_mem_ctx, GENSEC_OID_SPNEGO);
const char *mechListMIC;
mechListMIC = talloc_asprintf(out_mem_ctx,"%s$@%s",
.name = "spnego",
.sasl_name = "GSS-SPNEGO",
.auth_type = DCERPC_AUTH_TYPE_SPNEGO,
- .oid = OID_SPNEGO,
+ .oid = GENSEC_OID_SPNEGO,
.client_start = gensec_spnego_client_start,
.server_start = gensec_spnego_server_start,
.update = gensec_spnego_update,
switch (context) {
case ASN1_APPLICATION(0):
asn1_start_tag(&asn1, ASN1_APPLICATION(0));
- asn1_check_OID(&asn1, OID_SPNEGO);
+ asn1_check_OID(&asn1, GENSEC_OID_SPNEGO);
if (read_negTokenInit(&asn1, &token->negTokenInit)) {
token->type = SPNEGO_NEG_TOKEN_INIT;
}
switch (spnego->type) {
case SPNEGO_NEG_TOKEN_INIT:
asn1_push_tag(&asn1, ASN1_APPLICATION(0));
- asn1_write_OID(&asn1, OID_SPNEGO);
+ asn1_write_OID(&asn1, GENSEC_OID_SPNEGO);
write_negTokenInit(&asn1, &spnego->negTokenInit);
asn1_pop_tag(&asn1);
break;
#include "includes.h"
#include "libcli/raw/libcliraw.h"
#include "auth/auth.h"
-#include "asn_1.h"
#define SETUP_REQUEST_SESSION(cmd, wct, buflen) do { \
req = smbcli_request_setup_session(session, cmd, wct, buflen); \
}
if (session->transport->negotiate.secblob.length) {
- chosen_oid = OID_SPNEGO;
+ chosen_oid = GENSEC_OID_SPNEGO;
} else {
/* without a sec blob, means raw NTLMSSP */
- chosen_oid = OID_NTLMSSP;
+ chosen_oid = GENSEC_OID_NTLMSSP;
}
status = gensec_start_mech_by_oid(session->gensec, chosen_oid);
#include "includes.h"
#include "auth/auth.h"
-#include "asn_1.h"
#include "smb_server/smb_server.h"
return;
}
- nt_status = gensec_start_mech_by_oid(gensec_security, OID_SPNEGO);
+ nt_status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_SPNEGO);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Failed to start SPNEGO: %s\n", nt_errstr(nt_status)));
#include "includes.h"
#include "auth/auth.h"
-#include "asn_1.h"
#include "smb_server/smb_server.h"
gensec_want_feature(gensec_ctx, GENSEC_WANT_SESSION_KEY);
- status = gensec_start_mech_by_oid(gensec_ctx, OID_SPNEGO);
+ status = gensec_start_mech_by_oid(gensec_ctx, GENSEC_OID_SPNEGO);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start GENSEC SPNEGO server code: %s\n", nt_errstr(status)));
return status;
#include "system/passwd.h"
#include "lib/cmdline/popt_common.h"
#include "auth/auth.h"
-#include "asn_1.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
switch (stdio_helper_mode) {
case GSS_SPNEGO_CLIENT:
case GSS_SPNEGO_SERVER:
- nt_status = gensec_start_mech_by_oid(*gensec_state, OID_SPNEGO);
+ nt_status = gensec_start_mech_by_oid(*gensec_state, GENSEC_OID_SPNEGO);
if (!in.length) {
first = True;
}
first = True;
}
case SQUID_2_5_NTLMSSP:
- nt_status = gensec_start_mech_by_oid(*gensec_state, OID_NTLMSSP);
+ nt_status = gensec_start_mech_by_oid(*gensec_state, GENSEC_OID_NTLMSSP);
break;
default:
abort();