1 /* 2 * lib/krb5/krb/mk_rep.c 3 * 4 * Copyright 1990 by the Massachusetts Institute of Technology. 5 * All Rights Reserved. 6 * 7 * Export of this software from the United States of America may 8 * require a specific license from the United States Government. 9 * It is the responsibility of any person or organization contemplating 10 * export to obtain such a license before exporting. 11 * 12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 13 * distribute this software and its documentation for any purpose and 14 * without fee is hereby granted, provided that the above copyright 15 * notice appear in all copies and that both that copyright notice and 16 * this permission notice appear in supporting documentation, and that 17 * the name of M.I.T. not be used in advertising or publicity pertaining 18 * to distribution of the software without specific, written prior 19 * permission. Furthermore if you modify this software you must label 20 * your software as modified software and not distribute it in such a 21 * fashion that it might be confused with the original M.I.T. software. 22 * M.I.T. makes no representations about the suitability of 23 * this software for any purpose. It is provided "as is" without express 24 * or implied warranty. 25 * 26 * 27 * krb5_mk_rep() 28 */ 29 30 #include "k5-int.h" 31 #include "auth_con.h" 32 33 /* 34 Formats a KRB_AP_REP message into outbuf. 35 36 The outbuf buffer storage is allocated, and should be freed by the 37 caller when finished. 38 39 returns system errors 40 */ 41 42 krb5_error_code KRB5_CALLCONV 43 krb5_mk_rep(krb5_context context, krb5_auth_context auth_context, krb5_data *outbuf) 44 { 45 krb5_error_code retval; 46 krb5_ap_rep_enc_part repl; 47 krb5_ap_rep reply; 48 krb5_data * scratch; 49 krb5_data * toutbuf; 50 51 /* Make the reply */ 52 if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) || 53 (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && 54 (auth_context->local_seq_number == 0)) { 55 if ((retval = krb5_generate_seq_number(context, auth_context->keyblock, 56 &auth_context->local_seq_number))) 57 return(retval); 58 } 59 60 repl.ctime = auth_context->authentp->ctime; 61 repl.cusec = auth_context->authentp->cusec; 62 if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_USE_SUBKEY) { 63 retval = krb5int_generate_and_save_subkey (context, auth_context, 64 auth_context->keyblock); 65 if (retval) 66 return retval; 67 repl.subkey = auth_context->send_subkey; 68 } else 69 repl.subkey = auth_context->authentp->subkey; 70 repl.seq_number = auth_context->local_seq_number; 71 72 /* encode it before encrypting */ 73 if ((retval = encode_krb5_ap_rep_enc_part(&repl, &scratch))) 74 return retval; 75 76 if ((retval = krb5_encrypt_helper(context, auth_context->keyblock, 77 KRB5_KEYUSAGE_AP_REP_ENCPART, 78 scratch, &reply.enc_part))) 79 goto cleanup_scratch; 80 81 if (!(retval = encode_krb5_ap_rep(&reply, &toutbuf))) { 82 *outbuf = *toutbuf; 83 krb5_xfree(toutbuf); 84 } 85 86 memset(reply.enc_part.ciphertext.data, 0, reply.enc_part.ciphertext.length); 87 free(reply.enc_part.ciphertext.data); 88 reply.enc_part.ciphertext.length = 0; 89 reply.enc_part.ciphertext.data = 0; 90 91 cleanup_scratch: 92 memset(scratch->data, 0, scratch->length); 93 krb5_free_data(context, scratch); 94 95 return retval; 96 } 97