Line data Source code
1 : /*
2 : * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
3 : * (Royal Institute of Technology, Stockholm, Sweden).
4 : * All rights reserved.
5 : *
6 : * Redistribution and use in source and binary forms, with or without
7 : * modification, are permitted provided that the following conditions
8 : * are met:
9 : *
10 : * 1. Redistributions of source code must retain the above copyright
11 : * notice, this list of conditions and the following disclaimer.
12 : *
13 : * 2. Redistributions in binary form must reproduce the above copyright
14 : * notice, this list of conditions and the following disclaimer in the
15 : * documentation and/or other materials provided with the distribution.
16 : *
17 : * 3. Neither the name of the Institute nor the names of its contributors
18 : * may be used to endorse or promote products derived from this software
19 : * without specific prior written permission.
20 : *
21 : * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 : * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 : * SUCH DAMAGE.
32 : */
33 :
34 : #include "krb5_locl.h"
35 :
36 : krb5_error_code
37 49003 : _krb5_mk_req_internal(krb5_context context,
38 : krb5_auth_context *auth_context,
39 : const krb5_flags ap_req_options,
40 : krb5_data *in_data,
41 : krb5_creds *in_creds,
42 : krb5_data *outbuf,
43 : krb5_key_usage checksum_usage,
44 : krb5_key_usage encrypt_usage)
45 : {
46 : krb5_error_code ret;
47 : krb5_data authenticator;
48 : Checksum c;
49 : Checksum *c_opt;
50 : krb5_auth_context ac;
51 :
52 49003 : if(auth_context) {
53 49003 : if(*auth_context == NULL)
54 0 : ret = krb5_auth_con_init(context, auth_context);
55 : else
56 47914 : ret = 0;
57 49003 : ac = *auth_context;
58 : } else
59 0 : ret = krb5_auth_con_init(context, &ac);
60 49003 : if(ret)
61 0 : return ret;
62 :
63 49003 : if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) {
64 1543 : ret = krb5_auth_con_generatelocalsubkey(context,
65 : ac,
66 : &in_creds->session);
67 1543 : if(ret)
68 0 : goto out;
69 : }
70 :
71 49003 : krb5_free_keyblock(context, ac->keyblock);
72 49003 : ret = krb5_copy_keyblock(context, &in_creds->session, &ac->keyblock);
73 49003 : if (ret)
74 0 : goto out;
75 :
76 : /* it's unclear what type of checksum we can use. try the best one, except:
77 : * a) if it's configured differently for the current realm, or
78 : * b) if the session key is des-cbc-crc
79 : */
80 :
81 49003 : if (in_data) {
82 48937 : if(ac->keyblock->keytype == ETYPE_DES_CBC_CRC) {
83 : /* this is to make DCE secd (and older MIT kdcs?) happy */
84 0 : ret = krb5_create_checksum(context,
85 : NULL,
86 : 0,
87 : CKSUMTYPE_RSA_MD4,
88 : in_data->data,
89 : in_data->length,
90 : &c);
91 89759 : } else if(ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5 ||
92 82733 : ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5_56 ||
93 82705 : ac->keyblock->keytype == ETYPE_DES_CBC_MD4 ||
94 40822 : ac->keyblock->keytype == ETYPE_DES_CBC_MD5) {
95 : /* this is to make MS kdc happy */
96 7054 : ret = krb5_create_checksum(context,
97 : NULL,
98 : 0,
99 : CKSUMTYPE_RSA_MD5,
100 : in_data->data,
101 : in_data->length,
102 : &c);
103 : } else {
104 : krb5_crypto crypto;
105 :
106 41883 : ret = krb5_crypto_init(context, ac->keyblock, 0, &crypto);
107 41883 : if (ret)
108 0 : goto out;
109 41883 : ret = krb5_create_checksum(context,
110 : crypto,
111 : checksum_usage,
112 : 0,
113 : in_data->data,
114 : in_data->length,
115 : &c);
116 41883 : krb5_crypto_destroy(context, crypto);
117 : }
118 47848 : c_opt = &c;
119 : } else {
120 66 : c_opt = NULL;
121 : }
122 :
123 49003 : if (ret)
124 0 : goto out;
125 :
126 49003 : ret = _krb5_build_authenticator(context,
127 : ac,
128 49003 : ac->keyblock->keytype,
129 : in_creds,
130 : c_opt,
131 : &authenticator,
132 : encrypt_usage);
133 49003 : if (c_opt)
134 48937 : free_Checksum (c_opt);
135 49003 : if (ret)
136 0 : goto out;
137 :
138 49003 : ret = krb5_build_ap_req (context, ac->keyblock->keytype,
139 : in_creds, ap_req_options, authenticator, outbuf);
140 49003 : out:
141 49003 : if(auth_context == NULL)
142 0 : krb5_auth_con_free(context, ac);
143 47914 : return ret;
144 : }
145 :
146 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
147 6811 : krb5_mk_req_extended(krb5_context context,
148 : krb5_auth_context *auth_context,
149 : const krb5_flags ap_req_options,
150 : krb5_data *in_data,
151 : krb5_creds *in_creds,
152 : krb5_data *outbuf)
153 : {
154 6811 : return _krb5_mk_req_internal (context,
155 : auth_context,
156 : ap_req_options,
157 : in_data,
158 : in_creds,
159 : outbuf,
160 : KRB5_KU_AP_REQ_AUTH_CKSUM,
161 : KRB5_KU_AP_REQ_AUTH);
162 : }
|