/*
Takes a KDC_REP message and decrypts encrypted part using etype and
*key, putting result in *rep.
- dec_rep->client,ticket,session.last_req,server,caddrs
+ dec_rep->client,ticket,session,last_req,server,caddrs
are all set to allocated storage which should be freed by the caller
when finished with the response.
/* XXX maybe caller should specify type expected? */
- if (!krb5_is_kdc_rep(enc_rep))
- return KRB5KRB_AP_ERR_MSG_TYPE;
- retval = decode_krb5_as_rep(enc_rep, &local_dec_rep);
- switch (retval) {
- case ISODE_50_LOCAL_ERR_BADMSGTYPE:
+ if (krb5_is_as_rep(enc_rep))
+ retval = decode_krb5_as_rep(enc_rep, &local_dec_rep);
+ else if (krb5_is_tgs_rep(enc_rep))
retval = decode_krb5_tgs_rep(enc_rep, &local_dec_rep);
- switch (retval) {
- case 0:
- break;
- default:
- return(retval);
- }
- case 0:
- break;
- default:
- return (retval);
- }
+ else
+ return KRB5KRB_AP_ERR_MSG_TYPE;
+
+ if (retval)
+ return retval;
- if (local_dec_rep->etype != etype) {
+ if (local_dec_rep->enc_part.etype != etype) {
krb5_free_kdc_rep(local_dec_rep);
return KRB5_WRONG_ETYPE;
}
returns system errors
- dec_rep->enc_part is allocated and filled in.
+ dec_rep->enc_part.ciphertext is allocated and filled in.
*/
-/* due to promotion rules, we need to play with this... */
+/* due to argument promotion rules, we need to use the DECLARG/OLDDECLARG
+ stuff... */
krb5_error_code
krb5_encode_kdc_rep(DECLARG(const krb5_msgtype, type),
DECLARG(const register krb5_enc_kdc_rep_part *, encpart),
krb5_encrypt_block eblock;
krb5_error_code retval;
- if (!valid_etype(dec_rep->etype))
+ if (!valid_etype(dec_rep->enc_part.etype))
return KRB5_PROG_ETYPE_NOSUPP;
switch (type) {
/* put together an eblock for this encryption */
- eblock.crypto_entry = krb5_csarray[dec_rep->etype]->system;
- dec_rep->enc_part.length = krb5_encrypt_size(scratch->length,
- eblock.crypto_entry);
+ eblock.crypto_entry = krb5_csarray[dec_rep->enc_part.etype]->system;
+ dec_rep->enc_part.ciphertext.length =
+ krb5_encrypt_size(scratch->length, eblock.crypto_entry);
/* add padding area, and zero it */
- if (!(scratch->data = realloc(scratch->data, dec_rep->enc_part.length))) {
+ if (!(scratch->data = realloc(scratch->data,
+ dec_rep->enc_part.ciphertext.length))) {
/* may destroy scratch->data */
xfree(scratch);
return ENOMEM;
}
bzero(scratch->data + scratch->length,
- dec_rep->enc_part.length - scratch->length);
- if (!(dec_rep->enc_part.data = malloc(dec_rep->enc_part.length))) {
+ dec_rep->enc_part.ciphertext.length - scratch->length);
+ if (!(dec_rep->enc_part.ciphertext.data =
+ malloc(dec_rep->enc_part.ciphertext.length))) {
retval = ENOMEM;
goto clean_scratch;
}
-#define cleanup_encpart() {(void) bzero(dec_rep->enc_part.data, dec_rep->enc_part.length); free(dec_rep->enc_part.data); dec_rep->enc_part.length = 0; dec_rep->enc_part.data = 0;}
+#define cleanup_encpart() { \
+(void) bzero(dec_rep->enc_part.ciphertext.data, \
+ dec_rep->enc_part.ciphertext.length); \
+free(dec_rep->enc_part.ciphertext.data); \
+dec_rep->enc_part.ciphertext.length = 0; \
+dec_rep->enc_part.ciphertext.data = 0;}
if (retval = krb5_process_key(&eblock, client_key)) {
goto clean_encpart;
#define cleanup_prockey() {(void) krb5_finish_key(&eblock);}
if (retval = krb5_encrypt((krb5_pointer) scratch->data,
- (krb5_pointer) dec_rep->enc_part.data,
+ (krb5_pointer) dec_rep->enc_part.ciphertext.data,
scratch->length, &eblock, 0)) {
goto clean_prockey;
}