1 /*
2 * lib/krb5/krb/mk_rep.c
3 *
4 * Copyright 1990 by the Massachusetts Institute of Technology.
5 * All Rights Reserved.
6 *
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
11 *
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. Furthermore if you modify this software you must label
20 * your software as modified software and not distribute it in such a
21 * fashion that it might be confused with the original M.I.T. software.
22 * M.I.T. makes no representations about the suitability of
23 * this software for any purpose. It is provided "as is" without express
24 * or implied warranty.
25 *
26 *
27 * krb5_mk_rep()
28 */
29
30 #include "k5-int.h"
31 #include "auth_con.h"
32
33 /*
34 Formats a KRB_AP_REP message into outbuf.
35
36 The outbuf buffer storage is allocated, and should be freed by the
37 caller when finished.
38
39 returns system errors
40 */
41
42 krb5_error_code KRB5_CALLCONV
krb5_mk_rep(krb5_context context,krb5_auth_context auth_context,krb5_data * outbuf)43 krb5_mk_rep(krb5_context context, krb5_auth_context auth_context, krb5_data *outbuf)
44 {
45 krb5_error_code retval;
46 krb5_ap_rep_enc_part repl;
47 krb5_ap_rep reply;
48 krb5_data * scratch;
49 krb5_data * toutbuf;
50
51 /* Make the reply */
52 if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) ||
53 (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
54 (auth_context->local_seq_number == 0)) {
55 if ((retval = krb5_generate_seq_number(context, auth_context->keyblock,
56 &auth_context->local_seq_number)))
57 return(retval);
58 }
59
60 repl.ctime = auth_context->authentp->ctime;
61 repl.cusec = auth_context->authentp->cusec;
62 if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_USE_SUBKEY) {
63 retval = krb5int_generate_and_save_subkey (context, auth_context,
64 auth_context->keyblock);
65 if (retval)
66 return retval;
67 repl.subkey = auth_context->send_subkey;
68 } else
69 repl.subkey = auth_context->authentp->subkey;
70 repl.seq_number = auth_context->local_seq_number;
71
72 /* encode it before encrypting */
73 if ((retval = encode_krb5_ap_rep_enc_part(&repl, &scratch)))
74 return retval;
75
76 if ((retval = krb5_encrypt_helper(context, auth_context->keyblock,
77 KRB5_KEYUSAGE_AP_REP_ENCPART,
78 scratch, &reply.enc_part)))
79 goto cleanup_scratch;
80
81 if (!(retval = encode_krb5_ap_rep(&reply, &toutbuf))) {
82 *outbuf = *toutbuf;
83 krb5_xfree(toutbuf);
84 }
85
86 memset(reply.enc_part.ciphertext.data, 0, reply.enc_part.ciphertext.length);
87 free(reply.enc_part.ciphertext.data);
88 reply.enc_part.ciphertext.length = 0;
89 reply.enc_part.ciphertext.data = 0;
90
91 cleanup_scratch:
92 memset(scratch->data, 0, scratch->length);
93 krb5_free_data(context, scratch);
94
95 return retval;
96 }
97