1/*
2 * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 *    may be used to endorse or promote products derived from this software
19 *    without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#include "krb_locl.h"
35
36RCSID("$Id: mk_auth.c,v 1.4 2005/01/10 19:10:46 snsimon Exp $");
37
38/*
39 * Generate an authenticator for service.instance@realm.
40 * instance is canonicalized by `krb_get_phost'
41 * realm is set to the local realm if realm == NULL
42 * The ticket acquired by `krb_mk_req' is returned in `ticket' and the
43 * authenticator in `buf'.
44 * Options control the behaviour (see krb_sendauth).
45 */
46
47int
48krb_mk_auth(int32_t options,
49	    KTEXT ticket,
50	    char *service,
51	    char *instance,
52	    char *realm,
53	    u_int32_t checksum,
54	    char *version,
55	    KTEXT buf)
56{
57  char realinst[INST_SZ];
58  char realrealm[REALM_SZ];
59  int ret;
60  char *tmp;
61
62  if (options & KOPT_DONT_CANON)
63    tmp = instance;
64  else
65    tmp = krb_get_phost (instance);
66
67  strlcpy(realinst, tmp, sizeof(realinst));
68
69  if (realm == NULL) {
70    ret = krb_get_lrealm (realrealm, 1);
71    if (ret != KSUCCESS)
72      return ret;
73    realm = realrealm;
74  }
75
76  if(!(options & KOPT_DONT_MK_REQ)) {
77    ret = krb_mk_req (ticket, service, realinst, realm, checksum);
78    if (ret != KSUCCESS)
79      return ret;
80  }
81
82  {
83      int tmp;
84      size_t rem = sizeof(buf->dat);
85      unsigned char *p = buf->dat;
86
87      p = buf->dat;
88
89      if (rem < 2 * KRB_SENDAUTH_VLEN)
90	  return KFAILURE;
91      memcpy (p, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN);
92      p += KRB_SENDAUTH_VLEN;
93      rem -= KRB_SENDAUTH_VLEN;
94
95      memcpy (p, version, KRB_SENDAUTH_VLEN);
96      p += KRB_SENDAUTH_VLEN;
97      rem -= KRB_SENDAUTH_VLEN;
98
99      tmp = krb_put_int(ticket->length, p, rem, 4);
100      if (tmp < 0)
101	  return KFAILURE;
102      p += tmp;
103      rem -= tmp;
104
105      if (rem < ticket->length)
106	  return KFAILURE;
107      memcpy(p, ticket->dat, ticket->length);
108      p += ticket->length;
109      rem -= ticket->length;
110      buf->length = p - buf->dat;
111  }
112  return KSUCCESS;
113}
114