Line data Source code
1 : /*
2 : * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
3 : * (Royal Institute of Technology, Stockholm, Sweden).
4 : * All rights reserved.
5 : *
6 : * Redistribution and use in source and binary forms, with or without
7 : * modification, are permitted provided that the following conditions
8 : * are met:
9 : *
10 : * 1. Redistributions of source code must retain the above copyright
11 : * notice, this list of conditions and the following disclaimer.
12 : *
13 : * 2. Redistributions in binary form must reproduce the above copyright
14 : * notice, this list of conditions and the following disclaimer in the
15 : * documentation and/or other materials provided with the distribution.
16 : *
17 : * 3. Neither the name of the Institute nor the names of its contributors
18 : * may be used to endorse or promote products derived from this software
19 : * without specific prior written permission.
20 : *
21 : * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 : * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 : * SUCH DAMAGE.
32 : */
33 :
34 : #include "krb5_locl.h"
35 :
36 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
37 54388 : _krb5_mk_req_internal(krb5_context context,
38 : krb5_auth_context *auth_context,
39 : const krb5_flags ap_req_options,
40 : krb5_data *in_data,
41 : krb5_creds *in_creds,
42 : krb5_data *outbuf,
43 : krb5_key_usage checksum_usage,
44 : krb5_key_usage encrypt_usage)
45 : {
46 1658 : krb5_error_code ret;
47 1658 : krb5_data authenticator;
48 1658 : Checksum c;
49 1658 : Checksum *c_opt;
50 1658 : krb5_auth_context ac;
51 :
52 54388 : if(auth_context) {
53 54388 : if(*auth_context == NULL)
54 0 : ret = krb5_auth_con_init(context, auth_context);
55 : else
56 52730 : ret = 0;
57 54388 : ac = *auth_context;
58 : } else
59 0 : ret = krb5_auth_con_init(context, &ac);
60 54388 : if(ret)
61 0 : return ret;
62 :
63 54388 : if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) {
64 1298 : ret = krb5_auth_con_generatelocalsubkey(context,
65 : ac,
66 : &in_creds->session);
67 1298 : if(ret)
68 0 : goto out;
69 : }
70 :
71 54388 : krb5_free_keyblock(context, ac->keyblock);
72 54388 : ret = krb5_copy_keyblock(context, &in_creds->session, &ac->keyblock);
73 54388 : if (ret)
74 0 : goto out;
75 :
76 : /*
77 : * Use the default checksum type except for some interoperability cases
78 : * with older MIT, DCE and Windows KDCs.
79 : */
80 54388 : if (in_data) {
81 1658 : krb5_crypto crypto;
82 54310 : krb5_cksumtype checksum_type = CKSUMTYPE_NONE;
83 :
84 54310 : if (ac->keyblock->keytype == ETYPE_DES_CBC_CRC)
85 0 : checksum_type = CKSUMTYPE_RSA_MD4;
86 54310 : else if (ac->keyblock->keytype == ETYPE_DES_CBC_MD4 ||
87 54310 : ac->keyblock->keytype == ETYPE_DES_CBC_MD5 ||
88 52652 : ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5 ||
89 47930 : ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5_56)
90 4722 : checksum_type = CKSUMTYPE_RSA_MD5;
91 : else
92 49588 : checksum_type = CKSUMTYPE_NONE;
93 :
94 54310 : ret = krb5_crypto_init(context, ac->keyblock, 0, &crypto);
95 54310 : if (ret)
96 0 : goto out;
97 :
98 54310 : _krb5_crypto_set_flags(context, crypto, KRB5_CRYPTO_FLAG_ALLOW_UNKEYED_CHECKSUM);
99 54310 : ret = krb5_create_checksum(context,
100 : crypto,
101 : checksum_usage,
102 : checksum_type,
103 : in_data->data,
104 : in_data->length,
105 : &c);
106 54310 : krb5_crypto_destroy(context, crypto);
107 54310 : c_opt = &c;
108 : } else {
109 78 : c_opt = NULL;
110 : }
111 :
112 54388 : if (ret)
113 0 : goto out;
114 :
115 56046 : ret = _krb5_build_authenticator(context,
116 : ac,
117 54388 : ac->keyblock->keytype,
118 : in_creds,
119 : c_opt,
120 : &authenticator,
121 : encrypt_usage);
122 54388 : if (c_opt)
123 54310 : free_Checksum (c_opt);
124 54388 : if (ret)
125 0 : goto out;
126 :
127 54388 : ret = krb5_build_ap_req (context, ac->keyblock->keytype,
128 : in_creds, ap_req_options, authenticator, outbuf);
129 54388 : out:
130 54388 : if(auth_context == NULL)
131 0 : krb5_auth_con_free(context, ac);
132 52730 : return ret;
133 : }
134 :
135 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
136 6386 : krb5_mk_req_extended(krb5_context context,
137 : krb5_auth_context *auth_context,
138 : const krb5_flags ap_req_options,
139 : krb5_data *in_data,
140 : krb5_creds *in_creds,
141 : krb5_data *outbuf)
142 : {
143 6386 : return _krb5_mk_req_internal (context,
144 : auth_context,
145 : ap_req_options,
146 : in_data,
147 : in_creds,
148 : outbuf,
149 : KRB5_KU_AP_REQ_AUTH_CKSUM,
150 : KRB5_KU_AP_REQ_AUTH);
151 : }
|
