etc/services - sync with NetBSD-8
[minix.git] / crypto / external / bsd / heimdal / dist / lib / krb5 / sendauth.c
blob58644f3863d098fd37aef8bf123c7b65db8b633d
1 /* $NetBSD: sendauth.c,v 1.1.1.2 2014/04/24 12:45:51 pettai Exp $ */
3 /*
4 * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan
5 * (Royal Institute of Technology, Stockholm, Sweden).
6 * All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
36 #include "krb5_locl.h"
39 * The format seems to be:
40 * client -> server
42 * 4 bytes - length
43 * KRB5_SENDAUTH_V1.0 (including zero)
44 * 4 bytes - length
45 * protocol string (with terminating zero)
47 * server -> client
48 * 1 byte - (0 = OK, else some kind of error)
50 * client -> server
51 * 4 bytes - length
52 * AP-REQ
54 * server -> client
55 * 4 bytes - length (0 = OK, else length of error)
56 * (error)
58 * if(mutual) {
59 * server -> client
60 * 4 bytes - length
61 * AP-REP
62 * }
65 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
66 krb5_sendauth(krb5_context context,
67 krb5_auth_context *auth_context,
68 krb5_pointer p_fd,
69 const char *appl_version,
70 krb5_principal client,
71 krb5_principal server,
72 krb5_flags ap_req_options,
73 krb5_data *in_data,
74 krb5_creds *in_creds,
75 krb5_ccache ccache,
76 krb5_error **ret_error,
77 krb5_ap_rep_enc_part **rep_result,
78 krb5_creds **out_creds)
80 krb5_error_code ret;
81 uint32_t len, net_len;
82 const char *version = KRB5_SENDAUTH_VERSION;
83 u_char repl;
84 krb5_data ap_req, error_data;
85 krb5_creds this_cred;
86 krb5_principal this_client = NULL;
87 krb5_creds *creds;
88 ssize_t sret;
89 krb5_boolean my_ccache = FALSE;
91 len = strlen(version) + 1;
92 net_len = htonl(len);
93 if (krb5_net_write (context, p_fd, &net_len, 4) != 4
94 || krb5_net_write (context, p_fd, version, len) != len) {
95 ret = errno;
96 krb5_set_error_message (context, ret, "write: %s", strerror(ret));
97 return ret;
100 len = strlen(appl_version) + 1;
101 net_len = htonl(len);
102 if (krb5_net_write (context, p_fd, &net_len, 4) != 4
103 || krb5_net_write (context, p_fd, appl_version, len) != len) {
104 ret = errno;
105 krb5_set_error_message (context, ret, "write: %s", strerror(ret));
106 return ret;
109 sret = krb5_net_read (context, p_fd, &repl, sizeof(repl));
110 if (sret < 0) {
111 ret = errno;
112 krb5_set_error_message (context, ret, "read: %s", strerror(ret));
113 return ret;
114 } else if (sret != sizeof(repl)) {
115 krb5_clear_error_message (context);
116 return KRB5_SENDAUTH_BADRESPONSE;
119 if (repl != 0) {
120 krb5_clear_error_message (context);
121 return KRB5_SENDAUTH_REJECTED;
124 if (in_creds == NULL) {
125 if (ccache == NULL) {
126 ret = krb5_cc_default (context, &ccache);
127 if (ret)
128 return ret;
129 my_ccache = TRUE;
132 if (client == NULL) {
133 ret = krb5_cc_get_principal (context, ccache, &this_client);
134 if (ret) {
135 if(my_ccache)
136 krb5_cc_close(context, ccache);
137 return ret;
139 client = this_client;
141 memset(&this_cred, 0, sizeof(this_cred));
142 this_cred.client = client;
143 this_cred.server = server;
144 this_cred.times.endtime = 0;
145 this_cred.ticket.length = 0;
146 in_creds = &this_cred;
148 if (in_creds->ticket.length == 0) {
149 ret = krb5_get_credentials (context, 0, ccache, in_creds, &creds);
150 if (ret) {
151 if(my_ccache)
152 krb5_cc_close(context, ccache);
153 return ret;
155 } else {
156 creds = in_creds;
158 if(my_ccache)
159 krb5_cc_close(context, ccache);
160 ret = krb5_mk_req_extended (context,
161 auth_context,
162 ap_req_options,
163 in_data,
164 creds,
165 &ap_req);
167 if (out_creds)
168 *out_creds = creds;
169 else
170 krb5_free_creds(context, creds);
171 if(this_client)
172 krb5_free_principal(context, this_client);
174 if (ret)
175 return ret;
177 ret = krb5_write_message (context,
178 p_fd,
179 &ap_req);
180 if (ret)
181 return ret;
183 krb5_data_free (&ap_req);
185 ret = krb5_read_message (context, p_fd, &error_data);
186 if (ret)
187 return ret;
189 if (error_data.length != 0) {
190 KRB_ERROR error;
192 ret = krb5_rd_error (context, &error_data, &error);
193 krb5_data_free (&error_data);
194 if (ret == 0) {
195 ret = krb5_error_from_rd_error(context, &error, NULL);
196 if (ret_error != NULL) {
197 *ret_error = malloc (sizeof(krb5_error));
198 if (*ret_error == NULL) {
199 krb5_free_error_contents (context, &error);
200 } else {
201 **ret_error = error;
203 } else {
204 krb5_free_error_contents (context, &error);
206 return ret;
207 } else {
208 krb5_clear_error_message(context);
209 return ret;
211 } else
212 krb5_data_free (&error_data);
214 if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED) {
215 krb5_data ap_rep;
216 krb5_ap_rep_enc_part *ignore = NULL;
218 krb5_data_zero (&ap_rep);
219 ret = krb5_read_message (context,
220 p_fd,
221 &ap_rep);
222 if (ret)
223 return ret;
225 ret = krb5_rd_rep (context, *auth_context, &ap_rep,
226 rep_result ? rep_result : &ignore);
227 krb5_data_free (&ap_rep);
228 if (ret)
229 return ret;
230 if (rep_result == NULL)
231 krb5_free_ap_rep_enc_part (context, ignore);
233 return 0;