Lines Matching full:state
194 finish_process_as_req(struct as_req_state *state, krb5_error_code errcode) in finish_process_as_req() argument
196 kdc_realm_t *realm = state->active_realm; in finish_process_as_req()
204 krb5_audit_state *au_state = state->au_state; in finish_process_as_req()
207 assert(state); in finish_process_as_req()
208 oldrespond = state->respond; in finish_process_as_req()
209 oldarg = state->arg; in finish_process_as_req()
216 state->ticket_reply.enc_part2 = &state->enc_tkt_reply; in finish_process_as_req()
218 errcode = check_kdcpolicy_as(context, state->request, state->client, in finish_process_as_req()
219 state->server, state->auth_indicators, in finish_process_as_req()
220 state->kdc_time, &state->enc_tkt_reply.times, in finish_process_as_req()
221 &state->status); in finish_process_as_req()
225 errcode = get_first_current_key(context, state->server, in finish_process_as_req()
226 &state->server_keyblock); in finish_process_as_req()
228 state->status = "FINDING_SERVER_KEY"; in finish_process_as_req()
233 state->reply.msg_type = KRB5_AS_REP; in finish_process_as_req()
234 state->reply.client = state->enc_tkt_reply.client; /* post canonization */ in finish_process_as_req()
235 state->reply.ticket = &state->ticket_reply; in finish_process_as_req()
236 state->reply_encpart.session = &state->session_key; in finish_process_as_req()
237 if ((errcode = fetch_last_req_info(state->client, in finish_process_as_req()
238 &state->reply_encpart.last_req))) in finish_process_as_req()
240 state->reply_encpart.nonce = state->request->nonce; in finish_process_as_req()
241 state->reply_encpart.key_exp = get_key_exp(state->client); in finish_process_as_req()
242 state->reply_encpart.flags = state->enc_tkt_reply.flags; in finish_process_as_req()
243 state->reply_encpart.server = state->ticket_reply.server; in finish_process_as_req()
244 state->reply_encpart.times = state->enc_tkt_reply.times; in finish_process_as_req()
245 state->reply_encpart.caddrs = state->enc_tkt_reply.caddrs; in finish_process_as_req()
246 state->reply_encpart.enc_padata = NULL; in finish_process_as_req()
251 errcode = return_padata(context, &state->rock, state->req_pkt, in finish_process_as_req()
252 state->request, &state->reply, in finish_process_as_req()
253 &state->client_keyblock, &state->pa_context); in finish_process_as_req()
255 state->status = "KDC_RETURN_PADATA"; in finish_process_as_req()
261 if (state->client_keyblock.enctype == ENCTYPE_NULL) { in finish_process_as_req()
262 state->status = "CANT_FIND_CLIENT_KEY"; in finish_process_as_req()
267 if (state->rock.replaced_reply_key) in finish_process_as_req()
268 replaced_reply_key = &state->client_keyblock; in finish_process_as_req()
270 errcode = handle_authdata(realm, state->c_flags, state->client, in finish_process_as_req()
271 state->server, NULL, state->local_tgt, in finish_process_as_req()
272 &state->local_tgt_key, &state->client_keyblock, in finish_process_as_req()
273 &state->server_keyblock, NULL, in finish_process_as_req()
274 replaced_reply_key, state->req_pkt, in finish_process_as_req()
275 state->request, NULL, NULL, NULL, in finish_process_as_req()
276 &state->auth_indicators, &state->enc_tkt_reply); in finish_process_as_req()
280 state->status = "HANDLE_AUTHDATA"; in finish_process_as_req()
284 errcode = check_indicators(context, state->server, state->auth_indicators); in finish_process_as_req()
286 state->status = "HIGHER_AUTHENTICATION_REQUIRED"; in finish_process_as_req()
290 errcode = krb5_encrypt_tkt_part(context, &state->server_keyblock, in finish_process_as_req()
291 &state->ticket_reply); in finish_process_as_req()
295 errcode = kau_make_tkt_id(context, &state->ticket_reply, in finish_process_as_req()
300 state->ticket_reply.enc_part.kvno = current_kvno(state->server); in finish_process_as_req()
301 errcode = kdc_fast_response_handle_padata(state->rstate, in finish_process_as_req()
302 state->request, in finish_process_as_req()
303 &state->reply, in finish_process_as_req()
304 state->client_keyblock.enctype); in finish_process_as_req()
310 state->reply.enc_part.enctype = state->client_keyblock.enctype; in finish_process_as_req()
312 errcode = kdc_fast_handle_reply_key(state->rstate, &state->client_keyblock, in finish_process_as_req()
316 errcode = return_enc_padata(context, state->req_pkt, state->request, in finish_process_as_req()
317 as_encrypting_key, state->server, in finish_process_as_req()
318 &state->reply_encpart, FALSE); in finish_process_as_req()
320 state->status = "KDC_RETURN_ENC_PADATA"; in finish_process_as_req()
324 if (kdc_fast_hide_client(state->rstate)) in finish_process_as_req()
325 state->reply.client = (krb5_principal)krb5_anonymous_principal(); in finish_process_as_req()
326 errcode = krb5_encode_kdc_rep(context, KRB5_AS_REP, &state->reply_encpart, in finish_process_as_req()
327 0, as_encrypting_key, &state->reply, in finish_process_as_req()
329 if (state->client_key != NULL) in finish_process_as_req()
330 state->reply.enc_part.kvno = state->client_key->key_data_kvno; in finish_process_as_req()
336 memset(state->reply.enc_part.ciphertext.data, 0, in finish_process_as_req()
337 state->reply.enc_part.ciphertext.length); in finish_process_as_req()
338 free(state->reply.enc_part.ciphertext.data); in finish_process_as_req()
340 log_as_req(context, state->local_addr, state->remote_addr, in finish_process_as_req()
341 state->request, &state->reply, state->client, state->cname, in finish_process_as_req()
342 state->server, state->sname, state->kdc_time, 0, 0, 0); in finish_process_as_req()
346 if (errcode != 0 && state->status == NULL) in finish_process_as_req()
347 state->status = "UNKNOWN_REASON"; in finish_process_as_req()
349 au_state->status = state->status; in finish_process_as_req()
350 au_state->reply = &state->reply; in finish_process_as_req()
351 kau_as_req(context, (errcode || state->preauth_err) ? FALSE : TRUE, in finish_process_as_req()
355 free_padata_context(context, state->pa_context); in finish_process_as_req()
361 if (state->status) { in finish_process_as_req()
362 log_as_req(context, state->local_addr, state->remote_addr, in finish_process_as_req()
363 state->request, &state->reply, state->client, in finish_process_as_req()
364 state->cname, state->server, state->sname, state->kdc_time, in finish_process_as_req()
365 state->status, errcode, emsg); in finish_process_as_req()
369 if (state->status == 0) { in finish_process_as_req()
370 state->status = emsg; in finish_process_as_req()
373 errcode = prepare_error_as(state->rstate, state->request, in finish_process_as_req()
374 state->local_tgt, &state->local_tgt_key, in finish_process_as_req()
375 errcode, state->e_data, in finish_process_as_req()
376 state->typed_e_data, in finish_process_as_req()
377 ((state->client != NULL) ? in finish_process_as_req()
378 state->client->princ : NULL), in finish_process_as_req()
379 &response, state->status); in finish_process_as_req()
380 state->status = 0; in finish_process_as_req()
386 if (state->enc_tkt_reply.authorization_data != NULL) in finish_process_as_req()
387 krb5_free_authdata(context, state->enc_tkt_reply.authorization_data); in finish_process_as_req()
388 if (state->local_tgt_key.contents != NULL) in finish_process_as_req()
389 krb5_free_keyblock_contents(context, &state->local_tgt_key); in finish_process_as_req()
390 if (state->server_keyblock.contents != NULL) in finish_process_as_req()
391 krb5_free_keyblock_contents(context, &state->server_keyblock); in finish_process_as_req()
392 if (state->client_keyblock.contents != NULL) in finish_process_as_req()
393 krb5_free_keyblock_contents(context, &state->client_keyblock); in finish_process_as_req()
394 if (state->reply.padata != NULL) in finish_process_as_req()
395 krb5_free_pa_data(context, state->reply.padata); in finish_process_as_req()
396 if (state->reply_encpart.enc_padata) in finish_process_as_req()
397 krb5_free_pa_data(context, state->reply_encpart.enc_padata); in finish_process_as_req()
399 if (state->cname != NULL) in finish_process_as_req()
400 free(state->cname); in finish_process_as_req()
401 if (state->sname != NULL) in finish_process_as_req()
402 free(state->sname); in finish_process_as_req()
403 krb5_db_free_principal(context, state->client); in finish_process_as_req()
404 krb5_db_free_principal(context, state->server); in finish_process_as_req()
405 krb5_db_free_principal(context, state->local_tgt_storage); in finish_process_as_req()
406 if (state->session_key.contents != NULL) in finish_process_as_req()
407 krb5_free_keyblock_contents(context, &state->session_key); in finish_process_as_req()
408 if (state->ticket_reply.enc_part.ciphertext.data != NULL) { in finish_process_as_req()
409 memset(state->ticket_reply.enc_part.ciphertext.data , 0, in finish_process_as_req()
410 state->ticket_reply.enc_part.ciphertext.length); in finish_process_as_req()
411 free(state->ticket_reply.enc_part.ciphertext.data); in finish_process_as_req()
414 krb5_free_pa_data(context, state->e_data); in finish_process_as_req()
415 krb5_free_data(context, state->inner_body); in finish_process_as_req()
416 kdc_free_rstate(state->rstate); in finish_process_as_req()
417 krb5_free_kdc_req(context, state->request); in finish_process_as_req()
418 k5_free_data_ptr_list(state->auth_indicators); in finish_process_as_req()
421 free(state); in finish_process_as_req()
428 struct as_req_state *state = (struct as_req_state *)arg; in finish_missing_required_preauth() local
430 finish_process_as_req(state, state->preauth_err); in finish_missing_required_preauth()
436 struct as_req_state *state = arg; in finish_preauth() local
442 state->status = "PREAUTH_FAILED"; in finish_preauth()
444 state->preauth_err = code; in finish_preauth()
445 get_preauth_hint_list(state->request, &state->rock, &state->e_data, in finish_preauth()
446 finish_missing_required_preauth, state); in finish_preauth()
455 state->status = missing_required_preauth(state->client, state->server, in finish_preauth()
456 &state->enc_tkt_reply); in finish_preauth()
457 if (state->status) { in finish_preauth()
458 state->preauth_err = KRB5KDC_ERR_PREAUTH_REQUIRED; in finish_preauth()
459 get_preauth_hint_list(state->request, &state->rock, &state->e_data, in finish_preauth()
460 finish_missing_required_preauth, state); in finish_preauth()
465 finish_process_as_req(state, code); in finish_preauth()
479 struct as_req_state *state; in process_as_req() local
482 state = k5alloc(sizeof(*state), &errcode); in process_as_req()
483 if (state == NULL) { in process_as_req()
487 state->respond = respond; in process_as_req()
488 state->arg = arg; in process_as_req()
489 state->request = request; in process_as_req()
490 state->req_pkt = req_pkt; in process_as_req()
491 state->local_addr = local_addr; in process_as_req()
492 state->remote_addr = remote_addr; in process_as_req()
493 state->active_realm = realm; in process_as_req()
495 errcode = kdc_make_rstate(realm, &state->rstate); in process_as_req()
498 free(state); in process_as_req()
502 /* Initialize audit state. */ in process_as_req()
503 errcode = kau_init_kdc_req(context, state->request, remote_addr, in process_as_req()
507 kdc_free_rstate(state->rstate); in process_as_req()
508 free(state); in process_as_req()
511 state->au_state = au_state; in process_as_req()
513 if (state->request->msg_type != KRB5_AS_REQ) { in process_as_req()
514 state->status = "VALIDATE_MESSAGE_TYPE"; in process_as_req()
522 errcode = krb5_timeofday(context, &state->kdc_time); in process_as_req()
531 errcode = kdc_find_fast(&state->request, &encoded_req_body, NULL, NULL, in process_as_req()
532 state->rstate, &state->inner_body); in process_as_req()
534 state->status = "FIND_FAST"; in process_as_req()
537 if (state->inner_body == NULL) { in process_as_req()
540 &state->inner_body); in process_as_req()
544 au_state->request = state->request; in process_as_req()
545 state->rock.request = state->request; in process_as_req()
546 state->rock.inner_body = state->inner_body; in process_as_req()
547 state->rock.rstate = state->rstate; in process_as_req()
548 state->rock.vctx = vctx; in process_as_req()
549 state->rock.auth_indicators = &state->auth_indicators; in process_as_req()
550 state->rock.send_freshness_token = FALSE; in process_as_req()
551 if (!state->request->client) { in process_as_req()
552 state->status = "NULL_CLIENT"; in process_as_req()
556 errcode = krb5_unparse_name(context, state->request->client, in process_as_req()
557 &state->cname); in process_as_req()
560 limit_string(state->cname); in process_as_req()
562 if (!state->request->server) { in process_as_req()
563 state->status = "NULL_SERVER"; in process_as_req()
567 errcode = krb5_unparse_name(context, state->request->server, in process_as_req()
568 &state->sname); in process_as_req()
571 limit_string(state->sname); in process_as_req()
573 setflag(state->c_flags, KRB5_KDB_FLAG_CLIENT); in process_as_req()
574 if (isflagset(state->request->kdc_options, KDC_OPT_CANONICALIZE) || in process_as_req()
575 state->request->client->type == KRB5_NT_ENTERPRISE_PRINCIPAL) in process_as_req()
576 setflag(state->c_flags, KRB5_KDB_FLAG_REFERRAL_OK); in process_as_req()
577 errcode = lookup_client(context, state->request, state->c_flags, in process_as_req()
578 &state->client); in process_as_req()
582 state->status = "CLIENT_NOT_FOUND"; in process_as_req()
589 state->status = "LOOKING_UP_CLIENT"; in process_as_req()
592 state->rock.client = state->client; in process_as_req()
596 errcode = krb5_db_get_principal(context, state->request->server, 0, in process_as_req()
597 &state->server); in process_as_req()
601 state->status = "SERVER_NOT_FOUND"; in process_as_req()
605 state->status = "LOOKING_UP_SERVER"; in process_as_req()
611 if (!data_eq(state->server->princ->realm, state->client->princ->realm)) { in process_as_req()
612 state->status = "REFERRAL"; in process_as_req()
613 au_state->cl_realm = &state->client->princ->realm; in process_as_req()
618 errcode = get_local_tgt(context, &state->request->server->realm, in process_as_req()
619 state->server, &state->local_tgt, in process_as_req()
620 &state->local_tgt_storage, &state->local_tgt_key); in process_as_req()
622 state->status = "GET_LOCAL_TGT"; in process_as_req()
625 state->rock.local_tgt = state->local_tgt; in process_as_req()
626 state->rock.local_tgt_key = &state->local_tgt_key; in process_as_req()
630 errcode = validate_as_request(realm, state->request, state->client, in process_as_req()
631 state->server, state->kdc_time, in process_as_req()
632 &state->status, &state->e_data); in process_as_req()
641 useenctype = select_session_keytype(context, state->server, in process_as_req()
642 state->request->nktypes, in process_as_req()
643 state->request->ktype); in process_as_req()
646 state->status = "BAD_ENCRYPTION_TYPE"; in process_as_req()
651 errcode = krb5_c_make_random_key(context, useenctype, &state->session_key); in process_as_req()
660 if (isflagset(state->request->kdc_options, KDC_OPT_CANONICALIZE) && in process_as_req()
661 krb5_is_tgs_principal(state->request->server) && in process_as_req()
662 krb5_is_tgs_principal(state->server->princ)) { in process_as_req()
663 state->ticket_reply.server = state->server->princ; in process_as_req()
665 state->ticket_reply.server = state->request->server; in process_as_req()
669 state->enc_tkt_reply.flags = get_ticket_flags(state->request->kdc_options, in process_as_req()
670 state->client, state->server, in process_as_req()
672 state->enc_tkt_reply.times.authtime = state->kdc_time; in process_as_req()
680 state->enc_tkt_reply.session = &state->session_key; in process_as_req()
681 if (isflagset(state->request->kdc_options, KDC_OPT_CANONICALIZE)) { in process_as_req()
682 state->client_princ = *(state->client->princ); in process_as_req()
684 state->client_princ = *(state->request->client); in process_as_req()
686 state->client_princ.realm = state->client->princ->realm; in process_as_req()
688 state->enc_tkt_reply.client = &state->client_princ; in process_as_req()
689 state->enc_tkt_reply.transited.tr_type = KRB5_DOMAIN_X500_COMPRESS; in process_as_req()
690 state->enc_tkt_reply.transited.tr_contents = empty_string; in process_as_req()
692 if (isflagset(state->request->kdc_options, KDC_OPT_POSTDATED)) in process_as_req()
693 state->enc_tkt_reply.times.starttime = state->request->from; in process_as_req()
695 state->enc_tkt_reply.times.starttime = state->kdc_time; in process_as_req()
697 kdc_get_ticket_endtime(realm, state->enc_tkt_reply.times.starttime, in process_as_req()
698 kdc_infinity, state->request->till, state->client, in process_as_req()
699 state->server, &state->enc_tkt_reply.times.endtime); in process_as_req()
701 kdc_get_ticket_renewtime(realm, state->request, NULL, state->client, in process_as_req()
702 state->server, &state->enc_tkt_reply.flags, in process_as_req()
703 &state->enc_tkt_reply.times); in process_as_req()
709 if (state->enc_tkt_reply.times.starttime == in process_as_req()
710 state->enc_tkt_reply.times.authtime) in process_as_req()
711 state->enc_tkt_reply.times.starttime = 0; in process_as_req()
713 state->enc_tkt_reply.caddrs = state->request->addresses; in process_as_req()
714 state->enc_tkt_reply.authorization_data = 0; in process_as_req()
718 if (isflagset(state->request->kdc_options, KDC_OPT_REQUEST_ANONYMOUS)) { in process_as_req()
719 if (!krb5_principal_compare_any_realm(context, state->request->client, in process_as_req()
723 state->status = "VALIDATE_ANONYMOUS_PRINCIPAL"; in process_as_req()
726 krb5_free_principal(context, state->request->client); in process_as_req()
727 state->request->client = NULL; in process_as_req()
729 &state->request->client); in process_as_req()
732 state->enc_tkt_reply.client = state->request->client; in process_as_req()
733 setflag(state->client->attributes, KRB5_KDB_REQUIRES_PRE_AUTH); in process_as_req()
736 errcode = select_client_key(context, state->client, state->request->ktype, in process_as_req()
737 state->request->nktypes, in process_as_req()
738 &state->client_keyblock, &state->client_key); in process_as_req()
740 state->status = "DECRYPT_CLIENT_KEY"; in process_as_req()
743 if (state->client_key != NULL) in process_as_req()
744 state->rock.client_key = state->client_key; in process_as_req()
745 state->rock.client_keyblock = &state->client_keyblock; in process_as_req()
747 errcode = kdc_fast_read_cookie(context, state->rstate, state->request, in process_as_req()
748 state->local_tgt, &state->local_tgt_key); in process_as_req()
750 state->status = "READ_COOKIE"; in process_as_req()
757 if (state->request->padata) { in process_as_req()
758 check_padata(context, &state->rock, state->req_pkt, state->request, in process_as_req()
759 &state->enc_tkt_reply, &state->pa_context, &state->e_data, in process_as_req()
760 &state->typed_e_data, finish_preauth, state); in process_as_req()
762 finish_preauth(state, 0); in process_as_req()
766 finish_process_as_req(state, errcode); in process_as_req()