155682Smarkm/* 2233294Sstas * Copyright (c) 1997 - 2001 Kungliga Tekniska H��gskolan 3233294Sstas * (Royal Institute of Technology, Stockholm, Sweden). 4233294Sstas * All rights reserved. 555682Smarkm * 6233294Sstas * Redistribution and use in source and binary forms, with or without 7233294Sstas * modification, are permitted provided that the following conditions 8233294Sstas * are met: 955682Smarkm * 10233294Sstas * 1. Redistributions of source code must retain the above copyright 11233294Sstas * notice, this list of conditions and the following disclaimer. 1255682Smarkm * 13233294Sstas * 2. Redistributions in binary form must reproduce the above copyright 14233294Sstas * notice, this list of conditions and the following disclaimer in the 15233294Sstas * documentation and/or other materials provided with the distribution. 1655682Smarkm * 17233294Sstas * 3. Neither the name of the Institute nor the names of its contributors 18233294Sstas * may be used to endorse or promote products derived from this software 19233294Sstas * without specific prior written permission. 2055682Smarkm * 21233294Sstas * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22233294Sstas * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23233294Sstas * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24233294Sstas * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25233294Sstas * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26233294Sstas * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27233294Sstas * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28233294Sstas * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29233294Sstas * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30233294Sstas * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31233294Sstas * SUCH DAMAGE. 3255682Smarkm */ 3355682Smarkm 34233294Sstas#include "krb5_locl.h" 3555682Smarkm 36233294SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 3755682Smarkmkrb5_rd_rep(krb5_context context, 3855682Smarkm krb5_auth_context auth_context, 3955682Smarkm const krb5_data *inbuf, 4055682Smarkm krb5_ap_rep_enc_part **repl) 4155682Smarkm{ 42178825Sdfr krb5_error_code ret; 43178825Sdfr AP_REP ap_rep; 44178825Sdfr size_t len; 45178825Sdfr krb5_data data; 46178825Sdfr krb5_crypto crypto; 4755682Smarkm 48178825Sdfr krb5_data_zero (&data); 4955682Smarkm 50178825Sdfr ret = decode_AP_REP(inbuf->data, inbuf->length, &ap_rep, &len); 51178825Sdfr if (ret) 52178825Sdfr return ret; 53178825Sdfr if (ap_rep.pvno != 5) { 54178825Sdfr ret = KRB5KRB_AP_ERR_BADVERSION; 55233294Sstas krb5_clear_error_message (context); 56178825Sdfr goto out; 57178825Sdfr } 58178825Sdfr if (ap_rep.msg_type != krb_ap_rep) { 59178825Sdfr ret = KRB5KRB_AP_ERR_MSG_TYPE; 60233294Sstas krb5_clear_error_message (context); 61178825Sdfr goto out; 62178825Sdfr } 6355682Smarkm 64178825Sdfr ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto); 65178825Sdfr if (ret) 66178825Sdfr goto out; 67233294Sstas ret = krb5_decrypt_EncryptedData (context, 68233294Sstas crypto, 69178825Sdfr KRB5_KU_AP_REQ_ENC_PART, 70178825Sdfr &ap_rep.enc_part, 71178825Sdfr &data); 72178825Sdfr krb5_crypto_destroy(context, crypto); 73178825Sdfr if (ret) 74178825Sdfr goto out; 7555682Smarkm 76178825Sdfr *repl = malloc(sizeof(**repl)); 77178825Sdfr if (*repl == NULL) { 78178825Sdfr ret = ENOMEM; 79233294Sstas krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); 80178825Sdfr goto out; 81178825Sdfr } 82233294Sstas ret = decode_EncAPRepPart(data.data, data.length, *repl, &len); 83233294Sstas if (ret) { 84233294Sstas krb5_set_error_message(context, ret, N_("Failed to decode EncAPRepPart", "")); 85178825Sdfr return ret; 86233294Sstas } 87233294Sstas 88233294Sstas if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { 89178825Sdfr if ((*repl)->ctime != auth_context->authenticator->ctime || 90233294Sstas (*repl)->cusec != auth_context->authenticator->cusec) 91178825Sdfr { 92178825Sdfr krb5_free_ap_rep_enc_part(context, *repl); 93178825Sdfr *repl = NULL; 94178825Sdfr ret = KRB5KRB_AP_ERR_MUT_FAIL; 95233294Sstas krb5_clear_error_message (context); 96178825Sdfr goto out; 97178825Sdfr } 98178825Sdfr } 99178825Sdfr if ((*repl)->seq_number) 100178825Sdfr krb5_auth_con_setremoteseqnumber(context, auth_context, 101178825Sdfr *((*repl)->seq_number)); 102178825Sdfr if ((*repl)->subkey) 103178825Sdfr krb5_auth_con_setremotesubkey(context, auth_context, (*repl)->subkey); 104233294Sstas 105178825Sdfr out: 106178825Sdfr krb5_data_free (&data); 107178825Sdfr free_AP_REP (&ap_rep); 108178825Sdfr return ret; 10955682Smarkm} 11055682Smarkm 111233294SstasKRB5_LIB_FUNCTION void KRB5_LIB_CALL 11255682Smarkmkrb5_free_ap_rep_enc_part (krb5_context context, 11355682Smarkm krb5_ap_rep_enc_part *val) 11455682Smarkm{ 115178825Sdfr if (val) { 116178825Sdfr free_EncAPRepPart (val); 117178825Sdfr free (val); 118178825Sdfr } 11955682Smarkm} 120