2 Unix SMB/CIFS implementation.
4 RFC2478 Compliant SPNEGO implementation
6 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "../libcli/auth/spnego.h"
25 #include "../lib/util/asn1.h"
27 static bool read_negTokenInit(struct asn1_data *asn1, TALLOC_CTX *mem_ctx,
28 struct spnego_negTokenInit *token)
32 asn1_start_tag(asn1, ASN1_CONTEXT(0));
33 asn1_start_tag(asn1, ASN1_SEQUENCE(0));
35 while (!asn1->has_error && 0 < asn1_tag_remaining(asn1)) {
38 if (!asn1_peek_uint8(asn1, &context)) {
39 asn1->has_error = true;
46 asn1_start_tag(asn1, ASN1_CONTEXT(0));
47 asn1_start_tag(asn1, ASN1_SEQUENCE(0));
49 token->mechTypes = talloc(NULL, const char *);
50 for (i = 0; !asn1->has_error &&
51 0 < asn1_tag_remaining(asn1); i++) {
52 token->mechTypes = talloc_realloc(NULL,
55 asn1_read_OID(asn1, token->mechTypes, token->mechTypes + i);
57 token->mechTypes[i] = NULL;
64 asn1_start_tag(asn1, ASN1_CONTEXT(1));
65 asn1_read_Integer(asn1, &token->reqFlags);
66 token->reqFlags |= SPNEGO_REQ_FLAG;
71 asn1_start_tag(asn1, ASN1_CONTEXT(2));
72 asn1_read_OctetString(asn1, mem_ctx, &token->mechToken);
79 asn1_start_tag(asn1, ASN1_CONTEXT(3));
80 if (!asn1_peek_uint8(asn1, &type_peek)) {
81 asn1->has_error = true;
84 if (type_peek == ASN1_OCTET_STRING) {
85 asn1_read_OctetString(asn1, mem_ctx,
88 /* RFC 2478 says we have an Octet String here,
89 but W2k sends something different... */
91 asn1_push_tag(asn1, ASN1_SEQUENCE(0));
92 asn1_push_tag(asn1, ASN1_CONTEXT(0));
93 asn1_read_GeneralString(asn1, mem_ctx, &mechListMIC);
97 token->targetPrincipal = mechListMIC;
103 asn1->has_error = true;
111 return !asn1->has_error;
114 static bool write_negTokenInit(struct asn1_data *asn1, struct spnego_negTokenInit *token)
116 asn1_push_tag(asn1, ASN1_CONTEXT(0));
117 asn1_push_tag(asn1, ASN1_SEQUENCE(0));
119 /* Write mechTypes */
120 if (token->mechTypes && *token->mechTypes) {
123 asn1_push_tag(asn1, ASN1_CONTEXT(0));
124 asn1_push_tag(asn1, ASN1_SEQUENCE(0));
125 for (i = 0; token->mechTypes[i]; i++) {
126 asn1_write_OID(asn1, token->mechTypes[i]);
133 if (token->reqFlags & SPNEGO_REQ_FLAG) {
134 int flags = token->reqFlags & ~SPNEGO_REQ_FLAG;
136 asn1_push_tag(asn1, ASN1_CONTEXT(1));
137 asn1_write_Integer(asn1, flags);
141 /* write mechToken */
142 if (token->mechToken.data) {
143 asn1_push_tag(asn1, ASN1_CONTEXT(2));
144 asn1_write_OctetString(asn1, token->mechToken.data,
145 token->mechToken.length);
149 /* write mechListMIC */
150 if (token->mechListMIC.data) {
151 asn1_push_tag(asn1, ASN1_CONTEXT(3));
153 /* This is what RFC 2478 says ... */
154 asn1_write_OctetString(asn1, token->mechListMIC.data,
155 token->mechListMIC.length);
157 /* ... but unfortunately this is what Windows
159 asn1_push_tag(asn1, ASN1_SEQUENCE(0));
160 asn1_push_tag(asn1, ASN1_CONTEXT(0));
161 asn1_push_tag(asn1, ASN1_GENERAL_STRING);
162 asn1_write(asn1, token->mechListMIC.data,
163 token->mechListMIC.length);
174 return !asn1->has_error;
177 static bool read_negTokenTarg(struct asn1_data *asn1, TALLOC_CTX *mem_ctx,
178 struct spnego_negTokenTarg *token)
182 asn1_start_tag(asn1, ASN1_CONTEXT(1));
183 asn1_start_tag(asn1, ASN1_SEQUENCE(0));
185 while (!asn1->has_error && 0 < asn1_tag_remaining(asn1)) {
187 if (!asn1_peek_uint8(asn1, &context)) {
188 asn1->has_error = true;
193 case ASN1_CONTEXT(0):
194 asn1_start_tag(asn1, ASN1_CONTEXT(0));
195 asn1_start_tag(asn1, ASN1_ENUMERATED);
196 asn1_read_uint8(asn1, &token->negResult);
200 case ASN1_CONTEXT(1):
201 asn1_start_tag(asn1, ASN1_CONTEXT(1));
202 asn1_read_OID(asn1, mem_ctx, &token->supportedMech);
205 case ASN1_CONTEXT(2):
206 asn1_start_tag(asn1, ASN1_CONTEXT(2));
207 asn1_read_OctetString(asn1, mem_ctx, &token->responseToken);
210 case ASN1_CONTEXT(3):
211 asn1_start_tag(asn1, ASN1_CONTEXT(3));
212 asn1_read_OctetString(asn1, mem_ctx, &token->mechListMIC);
216 asn1->has_error = true;
224 return !asn1->has_error;
227 static bool write_negTokenTarg(struct asn1_data *asn1, struct spnego_negTokenTarg *token)
229 asn1_push_tag(asn1, ASN1_CONTEXT(1));
230 asn1_push_tag(asn1, ASN1_SEQUENCE(0));
232 if (token->negResult != SPNEGO_NONE_RESULT) {
233 asn1_push_tag(asn1, ASN1_CONTEXT(0));
234 asn1_write_enumerated(asn1, token->negResult);
238 if (token->supportedMech) {
239 asn1_push_tag(asn1, ASN1_CONTEXT(1));
240 asn1_write_OID(asn1, token->supportedMech);
244 if (token->responseToken.data) {
245 asn1_push_tag(asn1, ASN1_CONTEXT(2));
246 asn1_write_OctetString(asn1, token->responseToken.data,
247 token->responseToken.length);
251 if (token->mechListMIC.data) {
252 asn1_push_tag(asn1, ASN1_CONTEXT(3));
253 asn1_write_OctetString(asn1, token->mechListMIC.data,
254 token->mechListMIC.length);
261 return !asn1->has_error;
264 ssize_t spnego_read_data(TALLOC_CTX *mem_ctx, DATA_BLOB data, struct spnego_data *token)
266 struct asn1_data *asn1;
272 if (data.length == 0) {
276 asn1 = asn1_init(mem_ctx);
281 asn1_load(asn1, data);
283 if (!asn1_peek_uint8(asn1, &context)) {
284 asn1->has_error = true;
287 case ASN1_APPLICATION(0):
288 asn1_start_tag(asn1, ASN1_APPLICATION(0));
289 asn1_check_OID(asn1, OID_SPNEGO);
290 if (read_negTokenInit(asn1, mem_ctx, &token->negTokenInit)) {
291 token->type = SPNEGO_NEG_TOKEN_INIT;
295 case ASN1_CONTEXT(1):
296 if (read_negTokenTarg(asn1, mem_ctx, &token->negTokenTarg)) {
297 token->type = SPNEGO_NEG_TOKEN_TARG;
301 asn1->has_error = true;
306 if (!asn1->has_error) ret = asn1->ofs;
312 ssize_t spnego_write_data(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, struct spnego_data *spnego)
314 struct asn1_data *asn1 = asn1_init(mem_ctx);
321 switch (spnego->type) {
322 case SPNEGO_NEG_TOKEN_INIT:
323 asn1_push_tag(asn1, ASN1_APPLICATION(0));
324 asn1_write_OID(asn1, OID_SPNEGO);
325 write_negTokenInit(asn1, &spnego->negTokenInit);
328 case SPNEGO_NEG_TOKEN_TARG:
329 write_negTokenTarg(asn1, &spnego->negTokenTarg);
332 asn1->has_error = true;
336 if (!asn1->has_error) {
337 *blob = data_blob_talloc(mem_ctx, asn1->data, asn1->length);
345 bool spnego_free_data(struct spnego_data *spnego)
349 if (!spnego) goto out;
351 switch(spnego->type) {
352 case SPNEGO_NEG_TOKEN_INIT:
353 if (spnego->negTokenInit.mechTypes) {
354 talloc_free(spnego->negTokenInit.mechTypes);
356 data_blob_free(&spnego->negTokenInit.mechToken);
357 data_blob_free(&spnego->negTokenInit.mechListMIC);
358 talloc_free(spnego->negTokenInit.targetPrincipal);
360 case SPNEGO_NEG_TOKEN_TARG:
361 if (spnego->negTokenTarg.supportedMech) {
362 talloc_free(discard_const(spnego->negTokenTarg.supportedMech));
364 data_blob_free(&spnego->negTokenTarg.responseToken);
365 data_blob_free(&spnego->negTokenTarg.mechListMIC);
371 ZERO_STRUCTP(spnego);
376 bool spnego_write_mech_types(TALLOC_CTX *mem_ctx,
377 const char **mech_types,
380 struct asn1_data *asn1 = asn1_init(mem_ctx);
382 /* Write mechTypes */
383 if (mech_types && *mech_types) {
386 asn1_push_tag(asn1, ASN1_SEQUENCE(0));
387 for (i = 0; mech_types[i]; i++) {
388 asn1_write_OID(asn1, mech_types[i]);
393 if (asn1->has_error) {
398 *blob = data_blob_talloc(mem_ctx, asn1->data, asn1->length);
399 if (blob->length != asn1->length) {
git.samba.org / metze / samba / wip.git / blob