mk_req_ext.c revision 55682 
1/*
2 * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H�gskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 *    may be used to endorse or promote products derived from this software
19 *    without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#include <krb5_locl.h>
35
36RCSID("$Id: mk_req_ext.c,v 1.21 1999/12/02 17:05:11 joda Exp $");
37
38krb5_error_code
39krb5_mk_req_internal(krb5_context context,
40		     krb5_auth_context *auth_context,
41		     const krb5_flags ap_req_options,
42		     krb5_data *in_data,
43		     krb5_creds *in_creds,
44		     krb5_data *outbuf,
45		     krb5_key_usage usage)
46{
47  krb5_error_code ret;
48  krb5_data authenticator;
49  Checksum c;
50  Checksum *c_opt;
51  krb5_auth_context ac;
52
53  if(auth_context) {
54      if(*auth_context == NULL)
55	  ret = krb5_auth_con_init(context, auth_context);
56      else
57	  ret = 0;
58      ac = *auth_context;
59  } else
60      ret = krb5_auth_con_init(context, &ac);
61  if(ret)
62      return ret;
63
64#if 0
65  {
66      /* This is somewhat bogus since we're possibly overwriting a
67         value specified by the user, but it's the easiest way to make
68         the code use a compatible enctype */
69      Ticket ticket;
70      krb5_keytype ticket_keytype;
71
72      ret = decode_Ticket(in_creds->ticket.data,
73			  in_creds->ticket.length,
74			  &ticket,
75			  NULL);
76      krb5_enctype_to_keytype (context,
77			       ticket.enc_part.etype,
78			       &ticket_keytype);
79
80      if (ticket_keytype == in_creds->session.keytype)
81	  krb5_auth_setenctype(context,
82			       ac,
83			       ticket.enc_part.etype);
84      free_Ticket(&ticket);
85  }
86#endif
87
88  krb5_free_keyblock(context, ac->keyblock);
89  krb5_copy_keyblock(context, &in_creds->session, &ac->keyblock);
90
91  if (in_data) {
92      if(ac->keyblock->keytype == ETYPE_DES_CBC_CRC) {
93	  /* this is to make DCE secd (and older MIT kdcs?) happy */
94	  ret = krb5_create_checksum(context,
95				     NULL,
96				     CKSUMTYPE_RSA_MD4,
97				     in_data->data,
98				     in_data->length,
99				     &c);
100      } else {
101	  krb5_crypto crypto;
102	  krb5_crypto_init(context, ac->keyblock, 0, &crypto);
103	  ret = krb5_create_checksum(context,
104				     crypto,
105				     usage,
106				     in_data->data,
107				     in_data->length,
108				     &c);
109
110	  krb5_crypto_destroy(context, crypto);
111      }
112      c_opt = &c;
113  } else {
114      c_opt = NULL;
115  }
116
117  ret = krb5_build_authenticator (context,
118				  ac,
119				  ac->keyblock->keytype,
120				  in_creds,
121				  c_opt,
122				  NULL,
123				  &authenticator);
124  if (c_opt)
125      free_Checksum (c_opt);
126  if (ret)
127    return ret;
128
129  ret = krb5_build_ap_req (context, ac->keyblock->keytype,
130			   in_creds, ap_req_options, authenticator, outbuf);
131  if(auth_context == NULL)
132      krb5_auth_con_free(context, ac);
133  return ret;
134}
135
136krb5_error_code
137krb5_mk_req_extended(krb5_context context,
138		     krb5_auth_context *auth_context,
139		     const krb5_flags ap_req_options,
140		     krb5_data *in_data,
141		     krb5_creds *in_creds,
142		     krb5_data *outbuf)
143{
144    return krb5_mk_req_internal (context,
145				 auth_context,
146				 ap_req_options,
147				 in_data,
148				 in_creds,
149				 outbuf,
150				 KRB5_KU_AP_REQ_AUTH_CKSUM);
151}
152