From 7e1a0963a9ef15e110fcdc8b6d5bc646c9fca231 Mon Sep 17 00:00:00 2001 From: John Kohl Date: Fri, 6 Apr 1990 13:27:24 +0000 Subject: [PATCH] *** empty log message *** git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@465 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/send_tgs.c | 162 ++++++++++++++++++++++++++++++++++++ 1 file changed, 162 insertions(+) create mode 100644 src/lib/krb5/krb/send_tgs.c diff --git a/src/lib/krb5/krb/send_tgs.c b/src/lib/krb5/krb/send_tgs.c new file mode 100644 index 000000000..9e4bf95fe --- /dev/null +++ b/src/lib/krb5/krb/send_tgs.c @@ -0,0 +1,162 @@ +/* + * $Source$ + * $Author$ + * + * Copyright 1990 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * . + * + * krb5_send_tgs() + */ + +#if !defined(lint) && !defined(SABER) +static char rcsid_send_tgs_c[] = +"$Id$"; +#endif /* !lint & !SABER */ + +#include +#include +#include + +#include +#include +#include +/* + Sends a request to the TGS and waits for a response. + options is used for the options in the KRB_TGS_REQ. + timestruct values are used for from, till, rtime " " " + etype is used for etype " " " + sumtype is used for the checksum in the AP_REQ in the KRB_TGS_REQ + sname is used for sname " " " + addrs, if non-NULL, is used for addresses " " " + authorization_dat, if non-NULL, is used for authorization_dat " " " + second_ticket, if required by options, is used for the 2nd ticket in the req. + usecred is used for the ticket & session key in the KRB_AP_REQ header " " " + (the KDC realm is extracted from usecred->server's realm) + + The response is placed into *rep. + rep->response.data is set to point at allocated storage which should be + freed by the caller when finished. + + returns system errors + */ +krb5_error_code +krb5_send_tgs(DECLARG(krb5_flags, kdcoptions), + DECLARG(krb5_ticket_times *,timestruct), + DECLARG(krb5_enctype, etype), + DECLARG(krb5_cksumtype, sumtype), + DECLARG(krb5_principal, sname), + DECLARG(krb5_address **, addrs), + DECLARG(krb5_authdata **,authorization_data), + DECLARG(krb5_data *,second_ticket), + DECLARG(krb5_creds *,usecred), + DECLARG(krb5_response *,rep)) +OLDDECLARG(krb5_flags, kdcoptions) +OLDDECLARG(krb5_ticket_times *,timestruct) +OLDDECLARG(krb5_enctype, etype) +OLDDECLARG(krb5_cksumtype, sumtype) +OLDDECLARG(krb5_principal, sname) +OLDDECLARG(krb5_address **, addrs) +OLDDECLARG(krb5_authdata **,authorization_data) +OLDDECLARG(krb5_data *,second_ticket) +OLDDECLARG(krb5_creds *,usecred) +OLDDECLARG(krb5_response *,rep) +{ + krb5_error_code retval; + krb5_tgs_req tgsreq; + krb5_real_tgs_req realreq; + krb5_tgs_req_enc_part encpart; + krb5_checksum ap_checksum; + krb5_data *scratch; + krb5_ticket *sec_ticket = 0; + + bzero((char *)&realreq, sizeof(realreq)); + + realreq.kdc_options = kdcoptions; + realreq.from = timestruct->starttime; + realreq.till = timestruct->endtime; + realreq.rtime = timestruct->renew_till; + + if (retval = krb5_timeofday(&realreq.ctime)) + return(retval); + realreq.etype = etype; + realreq.server = sname; + realreq.addresses = addrs; + + encpart.authorization_data = authorization_data; + if (second_ticket) { + if (retval = krb5_decode_ticket(second_ticket, &sec_ticket)) + return retval; + encpart.second_ticket = sec_ticket; + } else + encpart.second_ticket = 0; + + realreq.enc_part2 = &encpart; + + retval = encode_krb5_real_tgs_req(&realreq, &scratch); + if (sec_ticket) + krb5_free_ticket(sec_ticket); + if (retval) + return(retval); + + /* xxx choose a checksum type */ + if (retval = (*(krb5_cksumarray[sumtype]-> + sum_func))(scratch->data, + 0, /* XXX? */ + (krb5_pointer) usecred->keyblock.contents, + scratch->length, + usecred->keyblock.length, + &ap_checksum)) { + krb5_free_data(scratch); + return retval; + } + tgsreq.tgs_request = *scratch; + xfree(scratch); + +#define cleanup() {(void) free((char *)tgsreq.tgs_request.data); \ + (void) free((char *)ap_checksum.contents);} + /* + * Now get an ap_req. + */ + if (retval = krb5_mk_req_extended (0L /* no ap options */, + &ap_checksum, + 0, /* don't need times */ + 0L, /* don't need kdc_options for this */ + 0, /* XXX no ccache */ + usecred, + &tgsreq.header)) { + cleanup(); + return retval; + } + /* now the TGS_REQ is assembled in tgsreq */ + if (retval = encode_krb5_tgs_req(&tgsreq, &scratch)) { + cleanup(); + return(retval); + } +#undef cleanup +#define cleanup() {(void) free(tgsreq.header.data); \ + (void) free(tgsreq.tgs_request.data);} + + /* now send request & get response from KDC */ + retval = krb5_sendto_kdc(scratch, krb5_princ_realm(sname), + &rep->response); + krb5_free_data(scratch); + cleanup(); + if (retval) { + return retval; + } +#undef cleanup + /* here we use some knowledge of ASN.1 encodings */ + /* first byte is the identifier octet. KRB_KDC_REP is APPLICATION 1, + KRB_ERROR is application 2 */ + /* allow either constructed or primitive encoding, so check for bit 6 + set or reset */ + if (rep->response.data[0] == 0x61 || + rep->response.data[0] == 0x21) { + /* it's a KDC_REP--assume TGS_REP */ + rep->message_type = KRB5_TGS_REP; + } else /* assume it's an error */ + rep->message_type = KRB5_ERROR; + return 0; +} -- 2.26.2