1 /* 2 * lib/krb5/krb/rd_req.c 3 * 4 * Copyright 1990,1991 by the Massachusetts Institute of Technology. 5 * All Rights Reserved. 6 * 7 * Export of this software from the United States of America may 8 * require a specific license from the United States Government. 9 * It is the responsibility of any person or organization contemplating 10 * export to obtain such a license before exporting. 11 * 12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 13 * distribute this software and its documentation for any purpose and 14 * without fee is hereby granted, provided that the above copyright 15 * notice appear in all copies and that both that copyright notice and 16 * this permission notice appear in supporting documentation, and that 17 * the name of M.I.T. not be used in advertising or publicity pertaining 18 * to distribution of the software without specific, written prior 19 * permission. Furthermore if you modify this software you must label 20 * your software as modified software and not distribute it in such a 21 * fashion that it might be confused with the original M.I.T. software. 22 * M.I.T. makes no representations about the suitability of 23 * this software for any purpose. It is provided "as is" without express 24 * or implied warranty. 25 * 26 * 27 * krb5_rd_req() 28 */ 29 30 #include "k5-int.h" 31 #include "auth_con.h" 32 33 /* 34 * Parses a KRB_AP_REQ message, returning its contents. 35 * 36 * server specifies the expected server's name for the ticket. 37 * 38 * keyproc specifies a procedure to generate a decryption key for the 39 * ticket. If keyproc is non-NULL, keyprocarg is passed to it, and the result 40 * used as a decryption key. If keyproc is NULL, then fetchfrom is checked; 41 * if it is non-NULL, it specifies a parameter name from which to retrieve the 42 * decryption key. If fetchfrom is NULL, then the default key store is 43 * consulted. 44 * 45 * returns system errors, encryption errors, replay errors 46 */ 47 48 krb5_error_code KRB5_CALLCONV 49 krb5_rd_req(krb5_context context, krb5_auth_context *auth_context, const krb5_data *inbuf, krb5_const_principal server, krb5_keytab keytab, krb5_flags *ap_req_options, krb5_ticket **ticket) 50 51 52 53 /* XXX do we really need this */ 54 55 56 57 { 58 krb5_error_code retval; 59 krb5_ap_req * request; 60 krb5_auth_context new_auth_context; 61 krb5_keytab new_keytab = NULL; 62 63 if (!krb5_is_ap_req(inbuf)) 64 return KRB5KRB_AP_ERR_MSG_TYPE; 65 if ((retval = decode_krb5_ap_req(inbuf, &request))) { 66 switch (retval) { 67 case KRB5_BADMSGTYPE: 68 return KRB5KRB_AP_ERR_BADVERSION; 69 default: 70 return(retval); 71 } 72 } 73 74 /* Get an auth context if necessary. */ 75 new_auth_context = NULL; 76 if (*auth_context == NULL) { 77 if ((retval = krb5_auth_con_init(context, &new_auth_context))) 78 goto cleanup_request; 79 *auth_context = new_auth_context; 80 } 81 82 if (!server) { 83 server = request->ticket->server; 84 } 85 /* Get an rcache if necessary. */ 86 if (((*auth_context)->rcache == NULL) 87 && ((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) 88 && server) { 89 if ((retval = krb5_get_server_rcache(context, 90 krb5_princ_component(context,server,0), &(*auth_context)->rcache))) 91 goto cleanup_auth_context; 92 } 93 94 /* Get a keytab if necessary. */ 95 if (keytab == NULL) { 96 if ((retval = krb5_kt_default(context, &new_keytab))) 97 goto cleanup_auth_context; 98 keytab = new_keytab; 99 } 100 101 retval = krb5_rd_req_decoded(context, auth_context, request, server, 102 keytab, ap_req_options, ticket); 103 104 if (new_keytab != NULL) 105 (void) krb5_kt_close(context, new_keytab); 106 107 cleanup_auth_context: 108 if (new_auth_context && retval) { 109 krb5_auth_con_free(context, new_auth_context); 110 *auth_context = NULL; 111 } 112 113 cleanup_request: 114 krb5_free_ap_req(context, request); 115 return retval; 116 } 117 118