1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* lib/krb5/krb/authdata_enc.c */
3 /*
4 * Copyright 1990 by the Massachusetts Institute of Technology.
5 * All Rights Reserved.
6 *
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
11 *
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. Furthermore if you modify this software you must label
20 * your software as modified software and not distribute it in such a
21 * fashion that it might be confused with the original M.I.T. software.
22 * M.I.T. makes no representations about the suitability of
23 * this software for any purpose. It is provided "as is" without express
24 * or implied warranty.
25 */
26 /*
27 * Copyright (c) 2006-2008, Novell, Inc.
28 * All rights reserved.
29 *
30 * Redistribution and use in source and binary forms, with or without
31 * modification, are permitted provided that the following conditions are met:
32 *
33 * * Redistributions of source code must retain the above copyright notice,
34 * this list of conditions and the following disclaimer.
35 * * Redistributions in binary form must reproduce the above copyright
36 * notice, this list of conditions and the following disclaimer in the
37 * documentation and/or other materials provided with the distribution.
38 * * The copyright holder's name is not used to endorse or promote products
39 * derived from this software without specific prior written permission.
40 *
41 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
42 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
45 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
46 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
47 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
48 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
49 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
51 * POSSIBILITY OF SUCH DAMAGE.
52 */
53
54 #include "k5-int.h"
55
56 krb5_error_code KRB5_CALLCONV
krb5_encode_authdata_container(krb5_context context,krb5_authdatatype type,krb5_authdata * const * authdata,krb5_authdata *** container)57 krb5_encode_authdata_container(krb5_context context,
58 krb5_authdatatype type,
59 krb5_authdata *const*authdata,
60 krb5_authdata ***container)
61 {
62 krb5_error_code code;
63 krb5_data *data;
64 krb5_authdata ad_datum;
65 krb5_authdata *ad_data[2];
66
67 *container = NULL;
68
69 code = encode_krb5_authdata((krb5_authdata * const *)authdata, &data);
70 if (code)
71 return code;
72
73 ad_datum.ad_type = type & AD_TYPE_FIELD_TYPE_MASK;
74 ad_datum.length = data->length;
75 ad_datum.contents = (unsigned char *)data->data;
76
77 ad_data[0] = &ad_datum;
78 ad_data[1] = NULL;
79
80 code = krb5_copy_authdata(context, ad_data, container);
81
82 krb5_free_data(context, data);
83
84 return code;
85 }
86
87 krb5_error_code KRB5_CALLCONV
krb5_make_authdata_kdc_issued(krb5_context context,const krb5_keyblock * key,krb5_const_principal issuer,krb5_authdata * const * authdata,krb5_authdata *** ad_kdcissued)88 krb5_make_authdata_kdc_issued(krb5_context context,
89 const krb5_keyblock *key,
90 krb5_const_principal issuer,
91 krb5_authdata *const *authdata,
92 krb5_authdata ***ad_kdcissued)
93 {
94 krb5_error_code code;
95 krb5_ad_kdcissued ad_kdci;
96 krb5_data *data;
97 krb5_cksumtype cksumtype;
98 krb5_authdata ad_datum;
99 krb5_authdata *ad_data[2];
100
101 *ad_kdcissued = NULL;
102
103 ad_kdci.ad_checksum.contents = NULL;
104 ad_kdci.i_principal = (krb5_principal)issuer;
105 ad_kdci.elements = (krb5_authdata **)authdata;
106
107 code = krb5int_c_mandatory_cksumtype(context, key->enctype,
108 &cksumtype);
109 if (code != 0)
110 return code;
111
112 if (!krb5_c_is_keyed_cksum(cksumtype))
113 return KRB5KRB_AP_ERR_INAPP_CKSUM;
114
115 code = encode_krb5_authdata(ad_kdci.elements, &data);
116 if (code != 0)
117 return code;
118
119 code = krb5_c_make_checksum(context, cksumtype,
120 key, KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM,
121 data, &ad_kdci.ad_checksum);
122 if (code != 0) {
123 krb5_free_data(context, data);
124 return code;
125 }
126
127 krb5_free_data(context, data);
128
129 code = encode_krb5_ad_kdcissued(&ad_kdci, &data);
130 if (code != 0)
131 return code;
132
133 ad_datum.ad_type = KRB5_AUTHDATA_KDC_ISSUED;
134 ad_datum.length = data->length;
135 ad_datum.contents = (unsigned char *)data->data;
136
137 ad_data[0] = &ad_datum;
138 ad_data[1] = NULL;
139
140 code = krb5_copy_authdata(context, ad_data, ad_kdcissued);
141
142 krb5_free_data(context, data);
143 krb5_free_checksum_contents(context, &ad_kdci.ad_checksum);
144
145 return code;
146 }
147