r22664: When we have krb5_get_init_creds_opt_get_error() then try to get the NTSTATUS

codes directly out of the krb5_error edata.

Guenther

1 files changed, 39 insertions, 0 deletions

diff --git a/source/libsmb/clikrb5.c b/source/libsmb/clikrb5.c
index 474c6823ea0..64cfe6e952c 100644
--- a/source/libsmb/clikrb5.c
+++ b/source/libsmb/clikrb5.c
@@ -272,6 +272,45 @@ static krb5_error_code smb_krb5_parse_name_norealm_conv(krb5_context context,
 }
 #endif
 
+BOOL unwrap_edata_ntstatus(TALLOC_CTX *mem_ctx, 
+			   DATA_BLOB *edata, 
+			   DATA_BLOB *edata_out)
+{
+	DATA_BLOB edata_contents;
+	ASN1_DATA data;
+	int edata_type;
+
+	if (!edata->length) {
+		return False;
+	}
+
+	asn1_load(&data, *edata);
+	asn1_start_tag(&data, ASN1_SEQUENCE(0));
+	asn1_start_tag(&data, ASN1_CONTEXT(1));
+	asn1_read_Integer(&data, &edata_type);
+
+	if (edata_type != KRB5_PADATA_PW_SALT) {
+		DEBUG(0,("edata is not of required type %d but of type %d\n", 
+			KRB5_PADATA_PW_SALT, edata_type));
+		asn1_free(&data);
+		return False;
+	}
+	
+	asn1_start_tag(&data, ASN1_CONTEXT(2));
+	asn1_read_OctetString(&data, &edata_contents);
+	asn1_end_tag(&data);
+	asn1_end_tag(&data);
+	asn1_end_tag(&data);
+	asn1_free(&data);
+
+	*edata_out = data_blob_talloc(mem_ctx, edata_contents.data, edata_contents.length);
+
+	data_blob_free(&edata_contents);
+
+	return True;
+}
+
+
 BOOL unwrap_pac(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, DATA_BLOB *unwrapped_pac_data)
 {
 	DATA_BLOB pac_contents;