| 1 | /*
|
|---|
| 2 | Unix SMB/CIFS implementation.
|
|---|
| 3 |
|
|---|
| 4 | RFC2478 Compliant SPNEGO implementation
|
|---|
| 5 |
|
|---|
| 6 | Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
|
|---|
| 7 |
|
|---|
| 8 | This program is free software; you can redistribute it and/or modify
|
|---|
| 9 | it under the terms of the GNU General Public License as published by
|
|---|
| 10 | the Free Software Foundation; either version 3 of the License, or
|
|---|
| 11 | (at your option) any later version.
|
|---|
| 12 |
|
|---|
| 13 | This program is distributed in the hope that it will be useful,
|
|---|
| 14 | but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|---|
| 15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|---|
| 16 | GNU General Public License for more details.
|
|---|
| 17 |
|
|---|
| 18 |
|
|---|
| 19 | You should have received a copy of the GNU General Public License
|
|---|
| 20 | along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|---|
| 21 | */
|
|---|
| 22 |
|
|---|
| 23 | #define OID_SPNEGO "1.3.6.1.5.5.2"
|
|---|
| 24 | #define OID_NTLMSSP "1.3.6.1.4.1.311.2.2.10"
|
|---|
| 25 | #define OID_KERBEROS5_OLD "1.2.840.48018.1.2.2"
|
|---|
| 26 | #define OID_KERBEROS5 "1.2.840.113554.1.2.2"
|
|---|
| 27 |
|
|---|
| 28 | #define ADS_IGNORE_PRINCIPAL "not_defined_in_RFC4178@please_ignore"
|
|---|
| 29 |
|
|---|
| 30 | #define SPNEGO_DELEG_FLAG 0x01
|
|---|
| 31 | #define SPNEGO_MUTUAL_FLAG 0x02
|
|---|
| 32 | #define SPNEGO_REPLAY_FLAG 0x04
|
|---|
| 33 | #define SPNEGO_SEQUENCE_FLAG 0x08
|
|---|
| 34 | #define SPNEGO_ANON_FLAG 0x10
|
|---|
| 35 | #define SPNEGO_CONF_FLAG 0x20
|
|---|
| 36 | #define SPNEGO_INTEG_FLAG 0x40
|
|---|
| 37 |
|
|---|
| 38 | #define TOK_ID_KRB_AP_REQ ((const uint8_t *)"\x01\x00")
|
|---|
| 39 | #define TOK_ID_KRB_AP_REP ((const uint8_t *)"\x02\x00")
|
|---|
| 40 | #define TOK_ID_KRB_ERROR ((const uint8_t *)"\x03\x00")
|
|---|
| 41 | #define TOK_ID_GSS_GETMIC ((const uint8_t *)"\x01\x01")
|
|---|
| 42 | #define TOK_ID_GSS_WRAP ((const uint8_t *)"\x02\x01")
|
|---|
| 43 |
|
|---|
| 44 | enum spnego_negResult {
|
|---|
| 45 | SPNEGO_ACCEPT_COMPLETED = 0,
|
|---|
| 46 | SPNEGO_ACCEPT_INCOMPLETE = 1,
|
|---|
| 47 | SPNEGO_REJECT = 2,
|
|---|
| 48 | SPNEGO_REQUEST_MIC = 3,
|
|---|
| 49 | /*
|
|---|
| 50 | * The max value is 0xff (255) on the wire
|
|---|
| 51 | */
|
|---|
| 52 | SPNEGO_NONE_RESULT = 256
|
|---|
| 53 | };
|
|---|
| 54 |
|
|---|
| 55 | struct spnego_negTokenInit {
|
|---|
| 56 | const char * const *mechTypes;
|
|---|
| 57 | DATA_BLOB reqFlags;
|
|---|
| 58 | uint8_t reqFlagsPadding;
|
|---|
| 59 | DATA_BLOB mechToken;
|
|---|
| 60 | DATA_BLOB mechListMIC;
|
|---|
| 61 | char *targetPrincipal;
|
|---|
| 62 | };
|
|---|
| 63 |
|
|---|
| 64 | struct spnego_negTokenTarg {
|
|---|
| 65 | enum spnego_negResult negResult;
|
|---|
| 66 | const char *supportedMech;
|
|---|
| 67 | DATA_BLOB responseToken;
|
|---|
| 68 | DATA_BLOB mechListMIC;
|
|---|
| 69 | };
|
|---|
| 70 |
|
|---|
| 71 | struct spnego_data {
|
|---|
| 72 | int type;
|
|---|
| 73 | struct spnego_negTokenInit negTokenInit;
|
|---|
| 74 | struct spnego_negTokenTarg negTokenTarg;
|
|---|
| 75 | };
|
|---|
| 76 |
|
|---|
| 77 | enum spnego_message_type {
|
|---|
| 78 | SPNEGO_NEG_TOKEN_INIT = 0,
|
|---|
| 79 | SPNEGO_NEG_TOKEN_TARG = 1,
|
|---|
| 80 | };
|
|---|
| 81 |
|
|---|
| 82 | #include "../libcli/auth/spnego_proto.h"
|
|---|
