Line data Source code
1 : /*
2 : * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
3 : * (Royal Institute of Technology, Stockholm, Sweden).
4 : * All rights reserved.
5 : *
6 : * Redistribution and use in source and binary forms, with or without
7 : * modification, are permitted provided that the following conditions
8 : * are met:
9 : *
10 : * 1. Redistributions of source code must retain the above copyright
11 : * notice, this list of conditions and the following disclaimer.
12 : *
13 : * 2. Redistributions in binary form must reproduce the above copyright
14 : * notice, this list of conditions and the following disclaimer in the
15 : * documentation and/or other materials provided with the distribution.
16 : *
17 : * 3. Neither the name of the Institute nor the names of its contributors
18 : * may be used to endorse or promote products derived from this software
19 : * without specific prior written permission.
20 : *
21 : * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 : * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 : * SUCH DAMAGE.
32 : */
33 :
34 : #include "krb5_locl.h"
35 :
36 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
37 54364 : _krb5_mk_req_internal(krb5_context context,
38 : krb5_auth_context *auth_context,
39 : const krb5_flags ap_req_options,
40 : krb5_data *in_data,
41 : krb5_creds *in_creds,
42 : krb5_data *outbuf,
43 : krb5_key_usage checksum_usage,
44 : krb5_key_usage encrypt_usage)
45 : {
46 1672 : krb5_error_code ret;
47 1672 : krb5_data authenticator;
48 1672 : Checksum c;
49 1672 : Checksum *c_opt;
50 1672 : krb5_auth_context ac;
51 :
52 54364 : if(auth_context) {
53 54364 : if(*auth_context == NULL)
54 0 : ret = krb5_auth_con_init(context, auth_context);
55 : else
56 52692 : ret = 0;
57 54364 : ac = *auth_context;
58 : } else
59 0 : ret = krb5_auth_con_init(context, &ac);
60 54364 : if(ret)
61 0 : return ret;
62 :
63 54364 : if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) {
64 1266 : ret = krb5_auth_con_generatelocalsubkey(context,
65 : ac,
66 : &in_creds->session);
67 1266 : if(ret)
68 0 : goto out;
69 : }
70 :
71 54364 : krb5_free_keyblock(context, ac->keyblock);
72 54364 : ret = krb5_copy_keyblock(context, &in_creds->session, &ac->keyblock);
73 54364 : if (ret)
74 0 : goto out;
75 :
76 : /*
77 : * Use the default checksum type except for some interoperability cases
78 : * with older MIT, DCE and Windows KDCs.
79 : */
80 54364 : if (in_data) {
81 1672 : krb5_crypto crypto;
82 54286 : krb5_cksumtype checksum_type = CKSUMTYPE_NONE;
83 :
84 54286 : if (ac->keyblock->keytype == ETYPE_DES_CBC_CRC)
85 0 : checksum_type = CKSUMTYPE_RSA_MD4;
86 54286 : else if (ac->keyblock->keytype == ETYPE_DES_CBC_MD4 ||
87 54286 : ac->keyblock->keytype == ETYPE_DES_CBC_MD5 ||
88 52614 : ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5 ||
89 47921 : ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5_56)
90 4693 : checksum_type = CKSUMTYPE_RSA_MD5;
91 : else
92 49593 : checksum_type = CKSUMTYPE_NONE;
93 :
94 54286 : ret = krb5_crypto_init(context, ac->keyblock, 0, &crypto);
95 54286 : if (ret)
96 0 : goto out;
97 :
98 54286 : _krb5_crypto_set_flags(context, crypto, KRB5_CRYPTO_FLAG_ALLOW_UNKEYED_CHECKSUM);
99 54286 : ret = krb5_create_checksum(context,
100 : crypto,
101 : checksum_usage,
102 : checksum_type,
103 : in_data->data,
104 : in_data->length,
105 : &c);
106 54286 : krb5_crypto_destroy(context, crypto);
107 54286 : c_opt = &c;
108 : } else {
109 78 : c_opt = NULL;
110 : }
111 :
112 54364 : if (ret)
113 0 : goto out;
114 :
115 56036 : ret = _krb5_build_authenticator(context,
116 : ac,
117 54364 : ac->keyblock->keytype,
118 : in_creds,
119 : c_opt,
120 : FALSE, /* channel_bound */
121 : &authenticator,
122 : encrypt_usage);
123 54364 : if (c_opt)
124 54286 : free_Checksum (c_opt);
125 54364 : if (ret)
126 0 : goto out;
127 :
128 54364 : ret = krb5_build_ap_req (context, ac->keyblock->keytype,
129 : in_creds, ap_req_options, authenticator, outbuf);
130 54364 : out:
131 54364 : if(auth_context == NULL)
132 0 : krb5_auth_con_free(context, ac);
133 52692 : return ret;
134 : }
135 :
136 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
137 6354 : krb5_mk_req_extended(krb5_context context,
138 : krb5_auth_context *auth_context,
139 : const krb5_flags ap_req_options,
140 : krb5_data *in_data,
141 : krb5_creds *in_creds,
142 : krb5_data *outbuf)
143 : {
144 6354 : return _krb5_mk_req_internal (context,
145 : auth_context,
146 : ap_req_options,
147 : in_data,
148 : in_creds,
149 : outbuf,
150 : KRB5_KU_AP_REQ_AUTH_CKSUM,
151 : KRB5_KU_AP_REQ_AUTH);
152 : }
|
