projects / krb5.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Renamed a file for DOS 8.3 compatability
[krb5.git] / src / krb524 / cnv_tkt_skey.c
1 /*
2  * Copyright 1994 by OpenVision Technologies, Inc.
3  * 
4  * Permission to use, copy, modify, distribute, and sell this software
5  * and its documentation for any purpose is hereby granted without fee,
6  * provided that the above copyright notice appears in all copies and
7  * that both that copyright notice and this permission notice appear in
8  * supporting documentation, and that the name of OpenVision not be used
9  * in advertising or publicity pertaining to distribution of the software
10  * without specific, written prior permission. OpenVision makes no
11  * representations about the suitability of this software for any
12  * purpose.  It is provided "as is" without express or implied warranty.
13  * 
14  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
15  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
16  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
17  * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
18  * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
19  * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
20  * PERFORMANCE OF THIS SOFTWARE.
21  */
22
23 #include <stdio.h>
24 #include "krb5.h"
25 #include <krb.h>
26 #include "krb524.h"
27
28 /*
29  * Convert a v5 ticket for server to a v4 ticket, using service key
30  * skey for both.
31  */
32 int krb524_convert_tkt_skey(krb5_ticket *v5tkt, KTEXT_ST *v4tkt,
33                             krb5_keyblock *skey)
34 {
35      char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
36      char sname[ANAME_SZ], sinst[INST_SZ];
37      krb5_enc_tkt_part *v5etkt;
38      krb5_data *comp;
39      int ret, lifetime;
40
41      v5tkt->enc_part2 = NULL;
42      if (ret = krb5_decrypt_tkt_part(skey, v5tkt)) {
43           krb5_free_ticket(v5tkt);
44           return ret;
45      }
46      v5etkt = v5tkt->enc_part2;
47
48      if (ret = krb524_convert_princs(v5etkt->client, v5tkt->server,
49                                      pname, pinst, prealm, sname,
50                                      sinst)) {
51           krb5_free_enc_tkt_part(v5etkt);
52           v5tkt->enc_part2 = NULL;
53           return ret;
54      }
55      
56      if (v5etkt->session->keytype != KEYTYPE_DES ||
57          v5etkt->session->length != sizeof(C_Block)) {
58           if (krb524_debug)
59                fprintf(stderr, "v5 session keyblock type %d length %d != "
60                        "C_Block size %d\n", v5etkt->session->keytype,
61                        v5etkt->session->length,
62                        sizeof(C_Block));
63           krb5_free_enc_tkt_part(v5etkt);
64           v5tkt->enc_part2 = NULL;
65           return KRB524_BADKEY;
66      }
67      
68      /* V4 has no concept of authtime or renew_till, so ignore them */
69      /* V4 lifetime is 1 byte, in 5 minute increments */
70      if (v5etkt->times.starttime == 0)
71           v5etkt->times.starttime = v5etkt->times.authtime;
72      lifetime = 0xff &
73           ((v5etkt->times.endtime - v5etkt->times.authtime) / 300);
74
75      /* XXX perhaps we should use the addr of the client host if */
76      /* v5creds contains more than one addr.  Q: Does V4 support */
77      /* non-INET addresses? */
78      if (!v5etkt->caddrs || !v5etkt->caddrs[0] ||
79          v5etkt->caddrs[0]->addrtype != ADDRTYPE_INET) {
80           if (krb524_debug)
81                fprintf(stderr, "Invalid v5creds address information.\n");
82           krb5_free_enc_tkt_part(v5etkt);
83           v5tkt->enc_part2 = NULL;
84           return KRB524_BADADDR;
85      }
86      
87      if (krb524_debug)
88         printf("startime = %ld, authtime = %ld, lifetime = %ld\n",
89                (long) v5etkt->times.starttime,
90                (long) v5etkt->times.authtime,
91                (long) lifetime);
92
93      /* XXX are there V5 flags we should map to V4 equivalents? */
94      ret = krb_create_ticket(v4tkt,
95                              0, /* flags */                          
96                              pname,
97                              pinst,
98                              prealm,
99                              *((unsigned long *)v5etkt->caddrs[0]->contents),
100                              v5etkt->session->contents,
101                              lifetime,
102                              /* issue_data */
103                              v5etkt->times.starttime,
104                              sname,
105                              sinst,
106                              skey->contents);
107
108      krb5_free_enc_tkt_part(v5etkt);
109      v5tkt->enc_part2 = NULL;
110      if (ret == KSUCCESS)
111           return 0;
112      else
113           return KRB524_V4ERR;
114 }
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.