1*7c478bd9Sstevel@tonic-gate /* 2*7c478bd9Sstevel@tonic-gate * Copyright 2002 Sun Microsystems, Inc. All rights reserved. 3*7c478bd9Sstevel@tonic-gate * Use is subject to license terms. 4*7c478bd9Sstevel@tonic-gate */ 5*7c478bd9Sstevel@tonic-gate 6*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 7*7c478bd9Sstevel@tonic-gate 8*7c478bd9Sstevel@tonic-gate /* 9*7c478bd9Sstevel@tonic-gate * lib/krb5/krb/mk_req.c 10*7c478bd9Sstevel@tonic-gate * 11*7c478bd9Sstevel@tonic-gate * Copyright 1990,1991 by the Massachusetts Institute of Technology. 12*7c478bd9Sstevel@tonic-gate * All Rights Reserved. 13*7c478bd9Sstevel@tonic-gate * 14*7c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may 15*7c478bd9Sstevel@tonic-gate * require a specific license from the United States Government. 16*7c478bd9Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating 17*7c478bd9Sstevel@tonic-gate * export to obtain such a license before exporting. 18*7c478bd9Sstevel@tonic-gate * 19*7c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 20*7c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and 21*7c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright 22*7c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and 23*7c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that 24*7c478bd9Sstevel@tonic-gate * the name of M.I.T. not be used in advertising or publicity pertaining 25*7c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior 26*7c478bd9Sstevel@tonic-gate * permission. Furthermore if you modify this software you must label 27*7c478bd9Sstevel@tonic-gate * your software as modified software and not distribute it in such a 28*7c478bd9Sstevel@tonic-gate * fashion that it might be confused with the original M.I.T. software. 29*7c478bd9Sstevel@tonic-gate * M.I.T. makes no representations about the suitability of 30*7c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express 31*7c478bd9Sstevel@tonic-gate * or implied warranty. 32*7c478bd9Sstevel@tonic-gate * 33*7c478bd9Sstevel@tonic-gate * 34*7c478bd9Sstevel@tonic-gate * krb5_mk_req() routine. 35*7c478bd9Sstevel@tonic-gate */ 36*7c478bd9Sstevel@tonic-gate 37*7c478bd9Sstevel@tonic-gate #include <k5-int.h> 38*7c478bd9Sstevel@tonic-gate #include <auth_con.h> 39*7c478bd9Sstevel@tonic-gate 40*7c478bd9Sstevel@tonic-gate /* 41*7c478bd9Sstevel@tonic-gate Formats a KRB_AP_REQ message into outbuf. 42*7c478bd9Sstevel@tonic-gate 43*7c478bd9Sstevel@tonic-gate server specifies the principal of the server to receive the message; if 44*7c478bd9Sstevel@tonic-gate credentials are not present in the credentials cache for this server, the 45*7c478bd9Sstevel@tonic-gate TGS request with default parameters is used in an attempt to obtain 46*7c478bd9Sstevel@tonic-gate such credentials, and they are stored in ccache. 47*7c478bd9Sstevel@tonic-gate 48*7c478bd9Sstevel@tonic-gate kdc_options specifies the options requested for the 49*7c478bd9Sstevel@tonic-gate ap_req_options specifies the KRB_AP_REQ options desired. 50*7c478bd9Sstevel@tonic-gate 51*7c478bd9Sstevel@tonic-gate checksum specifies the checksum to be used in the authenticator. 52*7c478bd9Sstevel@tonic-gate 53*7c478bd9Sstevel@tonic-gate The outbuf buffer storage is allocated, and should be freed by the 54*7c478bd9Sstevel@tonic-gate caller when finished. 55*7c478bd9Sstevel@tonic-gate 56*7c478bd9Sstevel@tonic-gate returns system errors 57*7c478bd9Sstevel@tonic-gate */ 58*7c478bd9Sstevel@tonic-gate 59*7c478bd9Sstevel@tonic-gate KRB5_DLLIMP krb5_error_code KRB5_CALLCONV 60*7c478bd9Sstevel@tonic-gate krb5_mk_req(context, auth_context, ap_req_options, service, hostname, in_data, 61*7c478bd9Sstevel@tonic-gate ccache, outbuf) 62*7c478bd9Sstevel@tonic-gate krb5_context context; 63*7c478bd9Sstevel@tonic-gate krb5_auth_context FAR * auth_context; 64*7c478bd9Sstevel@tonic-gate const krb5_flags ap_req_options; 65*7c478bd9Sstevel@tonic-gate char FAR * service; 66*7c478bd9Sstevel@tonic-gate char FAR * hostname; 67*7c478bd9Sstevel@tonic-gate krb5_data FAR * in_data; 68*7c478bd9Sstevel@tonic-gate krb5_ccache ccache; 69*7c478bd9Sstevel@tonic-gate krb5_data FAR * outbuf; 70*7c478bd9Sstevel@tonic-gate { 71*7c478bd9Sstevel@tonic-gate krb5_error_code retval; 72*7c478bd9Sstevel@tonic-gate krb5_principal server; 73*7c478bd9Sstevel@tonic-gate krb5_creds * credsp; 74*7c478bd9Sstevel@tonic-gate krb5_creds creds; 75*7c478bd9Sstevel@tonic-gate 76*7c478bd9Sstevel@tonic-gate retval = krb5_sname_to_principal(context, hostname, service, 77*7c478bd9Sstevel@tonic-gate KRB5_NT_SRV_HST, &server); 78*7c478bd9Sstevel@tonic-gate if (retval) 79*7c478bd9Sstevel@tonic-gate return retval; 80*7c478bd9Sstevel@tonic-gate 81*7c478bd9Sstevel@tonic-gate /* obtain ticket & session key */ 82*7c478bd9Sstevel@tonic-gate memset((char *)&creds, 0, sizeof(creds)); 83*7c478bd9Sstevel@tonic-gate if ((retval = krb5_copy_principal(context, server, &creds.server))) 84*7c478bd9Sstevel@tonic-gate goto cleanup_princ; 85*7c478bd9Sstevel@tonic-gate 86*7c478bd9Sstevel@tonic-gate if ((retval = krb5_cc_get_principal(context, ccache, &creds.client)) != 0) 87*7c478bd9Sstevel@tonic-gate goto cleanup_creds; 88*7c478bd9Sstevel@tonic-gate 89*7c478bd9Sstevel@tonic-gate if ((retval = krb5_get_credentials(context, 0, 90*7c478bd9Sstevel@tonic-gate ccache, &creds, &credsp)) != 0) 91*7c478bd9Sstevel@tonic-gate goto cleanup_creds; 92*7c478bd9Sstevel@tonic-gate 93*7c478bd9Sstevel@tonic-gate retval = krb5_mk_req_extended(context, auth_context, ap_req_options, 94*7c478bd9Sstevel@tonic-gate in_data, credsp, outbuf); 95*7c478bd9Sstevel@tonic-gate 96*7c478bd9Sstevel@tonic-gate krb5_free_creds(context, credsp); 97*7c478bd9Sstevel@tonic-gate 98*7c478bd9Sstevel@tonic-gate cleanup_creds: 99*7c478bd9Sstevel@tonic-gate krb5_free_cred_contents(context, &creds); 100*7c478bd9Sstevel@tonic-gate 101*7c478bd9Sstevel@tonic-gate cleanup_princ: 102*7c478bd9Sstevel@tonic-gate krb5_free_principal(context, server); 103*7c478bd9Sstevel@tonic-gate 104*7c478bd9Sstevel@tonic-gate return retval; 105*7c478bd9Sstevel@tonic-gate } 106