155682Smarkm/* 278527Sassar * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan 355682Smarkm * (Royal Institute of Technology, Stockholm, Sweden). 455682Smarkm * All rights reserved. 555682Smarkm * 655682Smarkm * Redistribution and use in source and binary forms, with or without 755682Smarkm * modification, are permitted provided that the following conditions 855682Smarkm * are met: 955682Smarkm * 1055682Smarkm * 1. Redistributions of source code must retain the above copyright 1155682Smarkm * notice, this list of conditions and the following disclaimer. 1255682Smarkm * 1355682Smarkm * 2. Redistributions in binary form must reproduce the above copyright 1455682Smarkm * notice, this list of conditions and the following disclaimer in the 1555682Smarkm * documentation and/or other materials provided with the distribution. 1655682Smarkm * 1755682Smarkm * 3. Neither the name of the Institute nor the names of its contributors 1855682Smarkm * may be used to endorse or promote products derived from this software 1955682Smarkm * without specific prior written permission. 2055682Smarkm * 2155682Smarkm * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 2255682Smarkm * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2355682Smarkm * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2455682Smarkm * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 2555682Smarkm * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2655682Smarkm * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2755682Smarkm * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2855682Smarkm * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2955682Smarkm * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 3055682Smarkm * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3155682Smarkm * SUCH DAMAGE. 3255682Smarkm */ 3355682Smarkm 3455682Smarkm#include <krb5_locl.h> 3555682Smarkm 36178825SdfrRCSID("$Id: rd_rep.c 17890 2006-08-21 09:19:22Z lha $"); 3755682Smarkm 38178825Sdfrkrb5_error_code KRB5_LIB_FUNCTION 3955682Smarkmkrb5_rd_rep(krb5_context context, 4055682Smarkm krb5_auth_context auth_context, 4155682Smarkm const krb5_data *inbuf, 4255682Smarkm krb5_ap_rep_enc_part **repl) 4355682Smarkm{ 44178825Sdfr krb5_error_code ret; 45178825Sdfr AP_REP ap_rep; 46178825Sdfr size_t len; 47178825Sdfr krb5_data data; 48178825Sdfr krb5_crypto crypto; 4955682Smarkm 50178825Sdfr krb5_data_zero (&data); 51178825Sdfr ret = 0; 5255682Smarkm 53178825Sdfr ret = decode_AP_REP(inbuf->data, inbuf->length, &ap_rep, &len); 54178825Sdfr if (ret) 55178825Sdfr return ret; 56178825Sdfr if (ap_rep.pvno != 5) { 57178825Sdfr ret = KRB5KRB_AP_ERR_BADVERSION; 58178825Sdfr krb5_clear_error_string (context); 59178825Sdfr goto out; 60178825Sdfr } 61178825Sdfr if (ap_rep.msg_type != krb_ap_rep) { 62178825Sdfr ret = KRB5KRB_AP_ERR_MSG_TYPE; 63178825Sdfr krb5_clear_error_string (context); 64178825Sdfr goto out; 65178825Sdfr } 6655682Smarkm 67178825Sdfr ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto); 68178825Sdfr if (ret) 69178825Sdfr goto out; 70178825Sdfr ret = krb5_decrypt_EncryptedData (context, 71178825Sdfr crypto, 72178825Sdfr KRB5_KU_AP_REQ_ENC_PART, 73178825Sdfr &ap_rep.enc_part, 74178825Sdfr &data); 75178825Sdfr krb5_crypto_destroy(context, crypto); 76178825Sdfr if (ret) 77178825Sdfr goto out; 7855682Smarkm 79178825Sdfr *repl = malloc(sizeof(**repl)); 80178825Sdfr if (*repl == NULL) { 81178825Sdfr ret = ENOMEM; 82178825Sdfr krb5_set_error_string (context, "malloc: out of memory"); 83178825Sdfr goto out; 84178825Sdfr } 85178825Sdfr ret = krb5_decode_EncAPRepPart(context, 86178825Sdfr data.data, 87178825Sdfr data.length, 88178825Sdfr *repl, 89178825Sdfr &len); 90178825Sdfr if (ret) 91178825Sdfr return ret; 9255682Smarkm 93178825Sdfr if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { 94178825Sdfr if ((*repl)->ctime != auth_context->authenticator->ctime || 95178825Sdfr (*repl)->cusec != auth_context->authenticator->cusec) 96178825Sdfr { 97178825Sdfr krb5_free_ap_rep_enc_part(context, *repl); 98178825Sdfr *repl = NULL; 99178825Sdfr ret = KRB5KRB_AP_ERR_MUT_FAIL; 100178825Sdfr krb5_clear_error_string (context); 101178825Sdfr goto out; 102178825Sdfr } 103178825Sdfr } 104178825Sdfr if ((*repl)->seq_number) 105178825Sdfr krb5_auth_con_setremoteseqnumber(context, auth_context, 106178825Sdfr *((*repl)->seq_number)); 107178825Sdfr if ((*repl)->subkey) 108178825Sdfr krb5_auth_con_setremotesubkey(context, auth_context, (*repl)->subkey); 10955682Smarkm 110178825Sdfr out: 111178825Sdfr krb5_data_free (&data); 112178825Sdfr free_AP_REP (&ap_rep); 113178825Sdfr return ret; 11455682Smarkm} 11555682Smarkm 116178825Sdfrvoid KRB5_LIB_FUNCTION 11755682Smarkmkrb5_free_ap_rep_enc_part (krb5_context context, 11855682Smarkm krb5_ap_rep_enc_part *val) 11955682Smarkm{ 120178825Sdfr if (val) { 121178825Sdfr free_EncAPRepPart (val); 122178825Sdfr free (val); 123178825Sdfr } 12455682Smarkm} 125