17c478bd9Sstevel@tonic-gate /* 2*505d05c7Sgtb * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 37c478bd9Sstevel@tonic-gate * Use is subject to license terms. 47c478bd9Sstevel@tonic-gate */ 57c478bd9Sstevel@tonic-gate 67c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 77c478bd9Sstevel@tonic-gate 87c478bd9Sstevel@tonic-gate /* 97c478bd9Sstevel@tonic-gate * lib/krb5/krb/mk_req.c 107c478bd9Sstevel@tonic-gate * 117c478bd9Sstevel@tonic-gate * Copyright 1990,1991 by the Massachusetts Institute of Technology. 127c478bd9Sstevel@tonic-gate * All Rights Reserved. 137c478bd9Sstevel@tonic-gate * 147c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may 157c478bd9Sstevel@tonic-gate * require a specific license from the United States Government. 167c478bd9Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating 177c478bd9Sstevel@tonic-gate * export to obtain such a license before exporting. 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 207c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and 217c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright 227c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and 237c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that 247c478bd9Sstevel@tonic-gate * the name of M.I.T. not be used in advertising or publicity pertaining 257c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior 267c478bd9Sstevel@tonic-gate * permission. Furthermore if you modify this software you must label 277c478bd9Sstevel@tonic-gate * your software as modified software and not distribute it in such a 287c478bd9Sstevel@tonic-gate * fashion that it might be confused with the original M.I.T. software. 297c478bd9Sstevel@tonic-gate * M.I.T. makes no representations about the suitability of 307c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express 317c478bd9Sstevel@tonic-gate * or implied warranty. 327c478bd9Sstevel@tonic-gate * 337c478bd9Sstevel@tonic-gate * 347c478bd9Sstevel@tonic-gate * krb5_mk_req() routine. 357c478bd9Sstevel@tonic-gate */ 367c478bd9Sstevel@tonic-gate 377c478bd9Sstevel@tonic-gate #include <k5-int.h> 387c478bd9Sstevel@tonic-gate #include <auth_con.h> 397c478bd9Sstevel@tonic-gate 407c478bd9Sstevel@tonic-gate /* 417c478bd9Sstevel@tonic-gate Formats a KRB_AP_REQ message into outbuf. 427c478bd9Sstevel@tonic-gate 437c478bd9Sstevel@tonic-gate server specifies the principal of the server to receive the message; if 447c478bd9Sstevel@tonic-gate credentials are not present in the credentials cache for this server, the 457c478bd9Sstevel@tonic-gate TGS request with default parameters is used in an attempt to obtain 467c478bd9Sstevel@tonic-gate such credentials, and they are stored in ccache. 477c478bd9Sstevel@tonic-gate 487c478bd9Sstevel@tonic-gate kdc_options specifies the options requested for the 497c478bd9Sstevel@tonic-gate ap_req_options specifies the KRB_AP_REQ options desired. 507c478bd9Sstevel@tonic-gate 517c478bd9Sstevel@tonic-gate checksum specifies the checksum to be used in the authenticator. 527c478bd9Sstevel@tonic-gate 537c478bd9Sstevel@tonic-gate The outbuf buffer storage is allocated, and should be freed by the 547c478bd9Sstevel@tonic-gate caller when finished. 557c478bd9Sstevel@tonic-gate 567c478bd9Sstevel@tonic-gate returns system errors 577c478bd9Sstevel@tonic-gate */ 587c478bd9Sstevel@tonic-gate 59*505d05c7Sgtb krb5_error_code KRB5_CALLCONV 60*505d05c7Sgtb krb5_mk_req(krb5_context context, krb5_auth_context *auth_context, 61*505d05c7Sgtb krb5_flags ap_req_options, char *service, char *hostname, 62*505d05c7Sgtb krb5_data *in_data, krb5_ccache ccache, krb5_data *outbuf) 637c478bd9Sstevel@tonic-gate { 647c478bd9Sstevel@tonic-gate krb5_error_code retval; 657c478bd9Sstevel@tonic-gate krb5_principal server; 667c478bd9Sstevel@tonic-gate krb5_creds * credsp; 677c478bd9Sstevel@tonic-gate krb5_creds creds; 687c478bd9Sstevel@tonic-gate 697c478bd9Sstevel@tonic-gate retval = krb5_sname_to_principal(context, hostname, service, 707c478bd9Sstevel@tonic-gate KRB5_NT_SRV_HST, &server); 717c478bd9Sstevel@tonic-gate if (retval) 727c478bd9Sstevel@tonic-gate return retval; 737c478bd9Sstevel@tonic-gate 747c478bd9Sstevel@tonic-gate /* obtain ticket & session key */ 757c478bd9Sstevel@tonic-gate memset((char *)&creds, 0, sizeof(creds)); 767c478bd9Sstevel@tonic-gate if ((retval = krb5_copy_principal(context, server, &creds.server))) 777c478bd9Sstevel@tonic-gate goto cleanup_princ; 787c478bd9Sstevel@tonic-gate 797c478bd9Sstevel@tonic-gate if ((retval = krb5_cc_get_principal(context, ccache, &creds.client)) != 0) 807c478bd9Sstevel@tonic-gate goto cleanup_creds; 817c478bd9Sstevel@tonic-gate 827c478bd9Sstevel@tonic-gate if ((retval = krb5_get_credentials(context, 0, 837c478bd9Sstevel@tonic-gate ccache, &creds, &credsp)) != 0) 847c478bd9Sstevel@tonic-gate goto cleanup_creds; 857c478bd9Sstevel@tonic-gate 867c478bd9Sstevel@tonic-gate retval = krb5_mk_req_extended(context, auth_context, ap_req_options, 877c478bd9Sstevel@tonic-gate in_data, credsp, outbuf); 887c478bd9Sstevel@tonic-gate 897c478bd9Sstevel@tonic-gate krb5_free_creds(context, credsp); 907c478bd9Sstevel@tonic-gate 917c478bd9Sstevel@tonic-gate cleanup_creds: 927c478bd9Sstevel@tonic-gate krb5_free_cred_contents(context, &creds); 937c478bd9Sstevel@tonic-gate 947c478bd9Sstevel@tonic-gate cleanup_princ: 957c478bd9Sstevel@tonic-gate krb5_free_principal(context, server); 967c478bd9Sstevel@tonic-gate 977c478bd9Sstevel@tonic-gate return retval; 987c478bd9Sstevel@tonic-gate } 99