From 229eb7ea1bc64418bb4488ccf3928f009cde17d0 Mon Sep 17 00:00:00 2001 From: John Kohl Date: Thu, 8 Mar 1990 16:32:43 +0000 Subject: [PATCH] *** empty log message *** git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@372 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/mk_req.c | 78 +++++++++++++++++++++++ src/lib/krb5/krb/mk_req_ext.c | 115 ++++++++++++++++++++++++++++++++++ 2 files changed, 193 insertions(+) create mode 100644 src/lib/krb5/krb/mk_req.c create mode 100644 src/lib/krb5/krb/mk_req_ext.c diff --git a/src/lib/krb5/krb/mk_req.c b/src/lib/krb5/krb/mk_req.c new file mode 100644 index 000000000..d5324d6ac --- /dev/null +++ b/src/lib/krb5/krb/mk_req.c @@ -0,0 +1,78 @@ +/* + * $Source$ + * $Author$ + * + * Copyright 1990 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * . + * + * krb5_mk_req() routine. + */ + +#if !defined(lint) && !defined(SABER) +static char mk_req_c[] = +"$Id$"; +#endif /* !lint & !SABER */ + +#include +#include + +/* + Formats a KRB_AP_REQ message into outbuf. + + server specifies the principal of the server to receive the message; if + credentials are not present in the credentials cache for this server, the + TGS request with default parameters is used in an attempt to obtain + such credentials, and they are stored in ccache. + + kdc_options specifies the options requested for the + ap_req_options specifies the KRB_AP_REQ options desired. + + checksum specifies the checksum to be used in the authenticator. + + The outbuf buffer storage is allocated, and should be freed by the + caller when finished. + + returns system errors +*/ + +extern krb5_flags krb5_kdc_default_options; + +krb5_error_code +krb5_mk_req(server, ap_req_options, checksum, ccache, outbuf) +krb5_principal server; +krb5_flags ap_req_options; +krb5_checksum *checksum; +krb5_ccache ccache; +krb5_data *outbuf; +{ + krb5_error_code retval; + krb5_creds creds; + + /* obtain ticket & session key */ + + bzero((char *)&creds, sizeof(creds)); + creds.server = server; + if (retval = krb5_cc_get_principal(ccache, &creds.client)) + return(retval); + /* creds.times.endtime = 0; -- bzero takes care of this + zero means "as long as possible" */ + /* creds.keyblock.keytype = 0; -- as well as this. + zero means no session keytype + preference */ + + if (retval = krb5_get_credentials(krb5_kdc_default_options, + ccache, + &creds)) + return(retval); + + retval = krb5_mk_req_extended(ap_req_options, + checksum, + &creds.times, + krb5_kdc_default_options, + ccache, + &creds, + outbuf); + return retval; +} diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c new file mode 100644 index 000000000..094113630 --- /dev/null +++ b/src/lib/krb5/krb/mk_req_ext.c @@ -0,0 +1,115 @@ +/* + * $Source$ + * $Author$ + * + * Copyright 1990 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * . + * + * krb5_mk_req_extended() + */ + +#if !defined(lint) && !defined(SABER) +static char mk_req_ext_c[] = +"$Id$"; +#endif /* !lint & !SABER */ + +#include +#include +#include +#include + +#include +#include +#include + +/* + Formats a KRB_AP_REQ message into outbuf, with more complete options than + krb_mk_req. + + outbuf, ap_req_options, checksum, and ccache are used in the + same fashion as for krb5_mk_req. + + creds is used to supply the credentials (ticket and session key) needed + to form the request. + + if creds->ticket has no data (length == 0), then a ticket is obtained + from either the cache or the TGS, passing creds to krb5_get_credentials(). + kdc_options specifies the options requested for the ticket to be used. + If a ticket with appropriate flags is not found in the cache, then these + options are passed on in a request to an appropriate KDC. + + ap_req_options specifies the KRB_AP_REQ options desired. + + if ap_req_options specifies AP_OPTS_USE_SESSION_KEY, then creds->ticket + must contain the appropriate ENC-TKT-IN-SKEY ticket. + + checksum specifies the checksum to be used in the authenticator. + + The outbuf buffer storage is allocated, and should be freed by the + caller when finished. + + returns system errors +*/ +static krb5_error_code generate_authenticator PROTOTYPE((krb5_authenticator *, + krb5_creds *, + krb5_checksum *)); + +krb5_error_code +krb5_mk_req_extended(ap_req_options, checksum, times, kdc_options, ccache, + creds, outbuf) +krb5_flags ap_req_options; +krb5_checksum *checksum; +krb5_ticket_times *times; +krb5_flags kdc_options; +krb5_ccache ccache; +krb5_creds *creds; +krb5_data *outbuf; +{ + krb5_error_code retval; + krb5_ap_req request; + krb5_authenticator authent; + krb5_data *scratch; + + if ((ap_req_options & AP_OPTS_USE_SESSION_KEY) && + !creds->ticket.length) + return(KRB5_NO_TKT_SUPPLIED); + + if (!creds->ticket.length) { + /* go get creds */ + creds->times = *times; /* XXX do we need times? */ + if (retval = krb5_get_credentials(kdc_options, + ccache, + creds)) + return(retval); + } + request.ap_options = ap_req_options; + /* we need a native ticket */ + if (retval = krb5_decode_ticket(&creds->ticket, &request.ticket)) + return(retval); /* XXX who cleans up creds? */ + + if (retval = generate_authenticator(&authent, creds, checksum)) + return retval; + if (retval = encode_krb5_authenticator(&authent, &scratch)) + return(retval); + request.authenticator = *scratch; + free((char *)scratch); + + /* now request is the output */ + + if (retval = encode_krb5_ap_req(&request, &outbuf)) + free(request.authenticator.data); + return retval; +} + +static krb5_error_code +generate_authenticator(authent, creds, cksum) +krb5_authenticator *authent; +krb5_creds *creds; +krb5_checksum *cksum; +{ + authent->client = creds->client; + authent->checksum = cksum; + return(krb5_ms_timeofday(&authent->ctime, &authent->cmsec)); +} -- 2.26.2