1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* lib/krb5/krb/rd_req.c */
3 /*
4 * Copyright 1990,1991, 2008 by the Massachusetts Institute of Technology.
5 * All Rights Reserved.
6 *
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
11 *
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. Furthermore if you modify this software you must label
20 * your software as modified software and not distribute it in such a
21 * fashion that it might be confused with the original M.I.T. software.
22 * M.I.T. makes no representations about the suitability of
23 * this software for any purpose. It is provided "as is" without express
24 * or implied warranty.
25 */
26
27 #include "k5-int.h"
28 #include "auth_con.h"
29
30 /*
31 * Parses a KRB_AP_REQ message, returning its contents.
32 *
33 * server specifies the expected server's name for the ticket.
34 *
35 * keyproc specifies a procedure to generate a decryption key for the
36 * ticket. If keyproc is non-NULL, keyprocarg is passed to it, and the result
37 * used as a decryption key. If keyproc is NULL, then fetchfrom is checked;
38 * if it is non-NULL, it specifies a parameter name from which to retrieve the
39 * decryption key. If fetchfrom is NULL, then the default key store is
40 * consulted.
41 *
42 * returns system errors, encryption errors, replay errors
43 */
44
45 krb5_error_code KRB5_CALLCONV
krb5_rd_req(krb5_context context,krb5_auth_context * auth_context,const krb5_data * inbuf,krb5_const_principal server,krb5_keytab keytab,krb5_flags * ap_req_options,krb5_ticket ** ticket)46 krb5_rd_req(krb5_context context, krb5_auth_context *auth_context,
47 const krb5_data *inbuf, krb5_const_principal server,
48 krb5_keytab keytab, krb5_flags *ap_req_options,
49 krb5_ticket **ticket)
50 {
51 krb5_error_code retval;
52 krb5_ap_req * request;
53 krb5_auth_context new_auth_context;
54 krb5_keytab new_keytab = NULL;
55
56 if (!krb5_is_ap_req(inbuf))
57 return KRB5KRB_AP_ERR_MSG_TYPE;
58 #ifndef LEAN_CLIENT
59 if ((retval = decode_krb5_ap_req(inbuf, &request))) {
60 switch (retval) {
61 case KRB5_BADMSGTYPE:
62 return KRB5KRB_AP_ERR_BADVERSION;
63 default:
64 return(retval);
65 }
66 }
67 #endif /* LEAN_CLIENT */
68
69 /* Get an auth context if necessary. */
70 new_auth_context = NULL;
71 if (*auth_context == NULL) {
72 if ((retval = krb5_auth_con_init(context, &new_auth_context)))
73 goto cleanup_request;
74 *auth_context = new_auth_context;
75 }
76
77
78 #ifndef LEAN_CLIENT
79 /* Get a keytab if necessary. */
80 if (keytab == NULL) {
81 if ((retval = krb5_kt_default(context, &new_keytab)))
82 goto cleanup_auth_context;
83 keytab = new_keytab;
84 }
85 #endif /* LEAN_CLIENT */
86
87 retval = krb5_rd_req_decoded(context, auth_context, request, server,
88 keytab, ap_req_options, NULL);
89 if (!retval && ticket != NULL) {
90 /* Steal the ticket pointer for the caller. */
91 *ticket = request->ticket;
92 request->ticket = NULL;
93 }
94
95 #ifndef LEAN_CLIENT
96 if (new_keytab != NULL)
97 (void) krb5_kt_close(context, new_keytab);
98 #endif /* LEAN_CLIENT */
99
100 cleanup_auth_context:
101 if (new_auth_context && retval) {
102 krb5_auth_con_free(context, new_auth_context);
103 *auth_context = NULL;
104 }
105
106 cleanup_request:
107 krb5_free_ap_req(context, request);
108 return retval;
109 }
110