From 381ebd4af5b21e5c76e5cd0916b195360a447756 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Thu, 25 Aug 2016 17:07:01 +0200 Subject: [PATCH] krb5_wrap: Move unwrap_edata_ntstatus() and make it static This also removes the asn1util dependency from krb5_wrap and moves it to libads which is the only user. Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett --- lib/krb5_wrap/krb5_samba.c | 48 ------------------------------------- lib/krb5_wrap/krb5_samba.h | 5 ---- lib/krb5_wrap/wscript_build | 2 +- source3/libads/kerberos.c | 48 +++++++++++++++++++++++++++++++++++++ source3/wscript_build | 2 +- 5 files changed, 50 insertions(+), 55 deletions(-) diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index 505f1445786..24d64cce5cf 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -23,7 +23,6 @@ #include "includes.h" #include "system/filesys.h" #include "krb5_samba.h" -#include "lib/util/asn1.h" #ifdef HAVE_COM_ERR_H #include @@ -386,53 +385,6 @@ krb5_error_code smb_krb5_get_allowed_etypes(krb5_context context, #error UNKNOWN_GET_ENCTYPES_FUNCTIONS #endif -bool unwrap_edata_ntstatus(TALLOC_CTX *mem_ctx, - DATA_BLOB *edata, - DATA_BLOB *edata_out) -{ - DATA_BLOB edata_contents; - ASN1_DATA *data; - int edata_type; - - if (!edata->length) { - return false; - } - - data = asn1_init(mem_ctx); - if (data == NULL) { - return false; - } - - if (!asn1_load(data, *edata)) goto err; - if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) goto err; - if (!asn1_start_tag(data, ASN1_CONTEXT(1))) goto err; - if (!asn1_read_Integer(data, &edata_type)) goto err; - - if (edata_type != KRB5_PADATA_PW_SALT) { - DEBUG(0,("edata is not of required type %d but of type %d\n", - KRB5_PADATA_PW_SALT, edata_type)); - goto err; - } - - if (!asn1_start_tag(data, ASN1_CONTEXT(2))) goto err; - if (!asn1_read_OctetString(data, talloc_tos(), &edata_contents)) goto err; - if (!asn1_end_tag(data)) goto err; - if (!asn1_end_tag(data)) goto err; - if (!asn1_end_tag(data)) goto err; - asn1_free(data); - - *edata_out = data_blob_talloc(mem_ctx, edata_contents.data, edata_contents.length); - - data_blob_free(&edata_contents); - - return true; - - err: - - asn1_free(data); - return false; -} - /** * @brief Convert a string principal name to a Kerberos principal. diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h index 404999bf1cf..64a04b31b55 100644 --- a/lib/krb5_wrap/krb5_samba.h +++ b/lib/krb5_wrap/krb5_samba.h @@ -321,11 +321,6 @@ char *smb_get_krb5_error_message(krb5_context context, krb5_error_code code, TALLOC_CTX *mem_ctx); -bool unwrap_edata_ntstatus(TALLOC_CTX *mem_ctx, - DATA_BLOB *edata, - DATA_BLOB *edata_out); - - krb5_error_code kt_copy(krb5_context context, const char *from, const char *to); diff --git a/lib/krb5_wrap/wscript_build b/lib/krb5_wrap/wscript_build index 1a65d28b6c0..624964452af 100755 --- a/lib/krb5_wrap/wscript_build +++ b/lib/krb5_wrap/wscript_build @@ -6,6 +6,6 @@ if bld.CONFIG_SET('SAMBA4_USES_HEIMDAL'): bld.SAMBA_LIBRARY('krb5samba', source='krb5_samba.c gss_samba.c keytab_util.c enctype_convert.c', - deps='samba-util asn1util talloc krb5 com_err gssapi' + add_deps, + deps='samba-util talloc krb5 com_err gssapi' + add_deps, private_library=True ) diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 49a85ca9f90..d2e9fa4fed5 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -29,6 +29,7 @@ #include "libads/cldap.h" #include "secrets.h" #include "../lib/tsocket/tsocket.h" +#include "lib/util/asn1.h" #ifdef HAVE_KRB5 @@ -98,6 +99,53 @@ kerb_prompter(krb5_context ctx, void *data, return 0; } +static bool unwrap_edata_ntstatus(TALLOC_CTX *mem_ctx, + DATA_BLOB *edata, + DATA_BLOB *edata_out) +{ + DATA_BLOB edata_contents; + ASN1_DATA *data; + int edata_type; + + if (!edata->length) { + return false; + } + + data = asn1_init(mem_ctx); + if (data == NULL) { + return false; + } + + if (!asn1_load(data, *edata)) goto err; + if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) goto err; + if (!asn1_start_tag(data, ASN1_CONTEXT(1))) goto err; + if (!asn1_read_Integer(data, &edata_type)) goto err; + + if (edata_type != KRB5_PADATA_PW_SALT) { + DEBUG(0,("edata is not of required type %d but of type %d\n", + KRB5_PADATA_PW_SALT, edata_type)); + goto err; + } + + if (!asn1_start_tag(data, ASN1_CONTEXT(2))) goto err; + if (!asn1_read_OctetString(data, talloc_tos(), &edata_contents)) goto err; + if (!asn1_end_tag(data)) goto err; + if (!asn1_end_tag(data)) goto err; + if (!asn1_end_tag(data)) goto err; + asn1_free(data); + + *edata_out = data_blob_talloc(mem_ctx, edata_contents.data, edata_contents.length); + + data_blob_free(&edata_contents); + + return true; + + err: + + asn1_free(data); + return false; +} + static bool smb_krb5_get_ntstatus_from_krb5_error(krb5_error *error, NTSTATUS *nt_status) { diff --git a/source3/wscript_build b/source3/wscript_build index 2d913e8df47..e25b8d5ef4f 100755 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -246,7 +246,7 @@ bld.SAMBA3_LIBRARY('util_cmdline', bld.SAMBA3_SUBSYSTEM('KRBCLIENT', source='libads/kerberos.c libads/ads_status.c', - public_deps='krb5samba k5crypto gssapi LIBTSOCKET CLDAP LIBNMB') + public_deps='krb5samba asn1util k5crypto gssapi LIBTSOCKET CLDAP LIBNMB') bld.SAMBA3_SUBSYSTEM('samba3util', source='''lib/system.c -- 2.34.1