search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
No empty .Rs/.Re
[netbsd-mini2440.git] / crypto / dist / heimdal / lib / krb5 / mk_req_ext.c
blob870479e81b7ab4b8599c97cfae669f7d11420a0d
1 /*
2 * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include <krb5_locl.h>
35
36 __RCSID("$Heimdal: mk_req_ext.c 19511 2006-12-27 12:07:22Z lha $"
37 "$NetBSD$");
38
39 krb5_error_code
40 _krb5_mk_req_internal(krb5_context context,
41 krb5_auth_context *auth_context,
42 const krb5_flags ap_req_options,
43 krb5_data *in_data,
44 krb5_creds *in_creds,
45 krb5_data *outbuf,
46 krb5_key_usage checksum_usage,
47 krb5_key_usage encrypt_usage)
48 {
49 krb5_error_code ret;
50 krb5_data authenticator;
51 Checksum c;
52 Checksum *c_opt;
53 krb5_auth_context ac;
54
55 if(auth_context) {
56 if(*auth_context == NULL)
57 ret = krb5_auth_con_init(context, auth_context);
58 else
59 ret = 0;
60 ac = *auth_context;
61 } else
62 ret = krb5_auth_con_init(context, &ac);
63 if(ret)
64 return ret;
65
66 if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) {
67 ret = krb5_auth_con_generatelocalsubkey(context,
68 ac,
69 &in_creds->session);
70 if(ret)
71 goto out;
72 }
73
74 krb5_free_keyblock(context, ac->keyblock);
75 ret = krb5_copy_keyblock(context, &in_creds->session, &ac->keyblock);
76 if (ret)
77 goto out;
78
79 /* it's unclear what type of checksum we can use. try the best one, except:
80 * a) if it's configured differently for the current realm, or
81 * b) if the session key is des-cbc-crc
82 */
83
84 if (in_data) {
85 if(ac->keyblock->keytype == ETYPE_DES_CBC_CRC) {
86 /* this is to make DCE secd (and older MIT kdcs?) happy */
87 ret = krb5_create_checksum(context,
88 NULL,
89 0,
90 CKSUMTYPE_RSA_MD4,
91 in_data->data,
92 in_data->length,
93 &c);
94 } else if(ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5 ||
95 ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5_56 ||
96 ac->keyblock->keytype == ETYPE_DES_CBC_MD4 ||
97 ac->keyblock->keytype == ETYPE_DES_CBC_MD5) {
98 /* this is to make MS kdc happy */
99 ret = krb5_create_checksum(context,
100 NULL,
101 0,
102 CKSUMTYPE_RSA_MD5,
103 in_data->data,
104 in_data->length,
105 &c);
106 } else {
107 krb5_crypto crypto;
108
109 ret = krb5_crypto_init(context, ac->keyblock, 0, &crypto);
110 if (ret)
111 goto out;
112 ret = krb5_create_checksum(context,
113 crypto,
114 checksum_usage,
115 0,
116 in_data->data,
117 in_data->length,
118 &c);
119 krb5_crypto_destroy(context, crypto);
120 }
121 c_opt = &c;
122 } else {
123 c_opt = NULL;
124 }
125
126 if (ret)
127 goto out;
128
129 ret = krb5_build_authenticator (context,
130 ac,
131 ac->keyblock->keytype,
132 in_creds,
133 c_opt,
134 NULL,
135 &authenticator,
136 encrypt_usage);
137 if (c_opt)
138 free_Checksum (c_opt);
139 if (ret)
140 goto out;
141
142 ret = krb5_build_ap_req (context, ac->keyblock->keytype,
143 in_creds, ap_req_options, authenticator, outbuf);
144 out:
145 if(auth_context == NULL)
146 krb5_auth_con_free(context, ac);
147 return ret;
148 }
149
150 krb5_error_code KRB5_LIB_FUNCTION
151 krb5_mk_req_extended(krb5_context context,
152 krb5_auth_context *auth_context,
153 const krb5_flags ap_req_options,
154 krb5_data *in_data,
155 krb5_creds *in_creds,
156 krb5_data *outbuf)
157 {
158 return _krb5_mk_req_internal (context,
159 auth_context,
160 ap_req_options,
161 in_data,
162 in_creds,
163 outbuf,
164 KRB5_KU_AP_REQ_AUTH_CKSUM,
165 KRB5_KU_AP_REQ_AUTH);
166 }
NetBSD on the FriendlyARM MINI2440