1 /*
2 * lib/krb5/krb/rd_req.c
3 *
4 * Copyright 1990,1991 by the Massachusetts Institute of Technology.
5 * All Rights Reserved.
6 *
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
11 *
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. Furthermore if you modify this software you must label
20 * your software as modified software and not distribute it in such a
21 * fashion that it might be confused with the original M.I.T. software.
22 * M.I.T. makes no representations about the suitability of
23 * this software for any purpose. It is provided "as is" without express
24 * or implied warranty.
25 *
26 *
27 * krb5_rd_req()
28 */
29
30 #include "k5-int.h"
31 #include "auth_con.h"
32
33 /*
34 * Parses a KRB_AP_REQ message, returning its contents.
35 *
36 * server specifies the expected server's name for the ticket.
37 *
38 * keyproc specifies a procedure to generate a decryption key for the
39 * ticket. If keyproc is non-NULL, keyprocarg is passed to it, and the result
40 * used as a decryption key. If keyproc is NULL, then fetchfrom is checked;
41 * if it is non-NULL, it specifies a parameter name from which to retrieve the
42 * decryption key. If fetchfrom is NULL, then the default key store is
43 * consulted.
44 *
45 * returns system errors, encryption errors, replay errors
46 */
47
48 krb5_error_code KRB5_CALLCONV
krb5_rd_req(krb5_context context,krb5_auth_context * auth_context,const krb5_data * inbuf,krb5_const_principal server,krb5_keytab keytab,krb5_flags * ap_req_options,krb5_ticket ** ticket)49 krb5_rd_req(krb5_context context, krb5_auth_context *auth_context, const krb5_data *inbuf, krb5_const_principal server, krb5_keytab keytab, krb5_flags *ap_req_options, krb5_ticket **ticket)
50
51
52
53 /* XXX do we really need this */
54
55
56
57 {
58 krb5_error_code retval;
59 krb5_ap_req * request;
60 krb5_auth_context new_auth_context;
61 krb5_keytab new_keytab = NULL;
62
63 if (!krb5_is_ap_req(inbuf))
64 return KRB5KRB_AP_ERR_MSG_TYPE;
65 if ((retval = decode_krb5_ap_req(inbuf, &request))) {
66 switch (retval) {
67 case KRB5_BADMSGTYPE:
68 return KRB5KRB_AP_ERR_BADVERSION;
69 default:
70 return(retval);
71 }
72 }
73
74 /* Get an auth context if necessary. */
75 new_auth_context = NULL;
76 if (*auth_context == NULL) {
77 if ((retval = krb5_auth_con_init(context, &new_auth_context)))
78 goto cleanup_request;
79 *auth_context = new_auth_context;
80 }
81
82 if (!server) {
83 server = request->ticket->server;
84 }
85 /* Get an rcache if necessary. */
86 if (((*auth_context)->rcache == NULL)
87 && ((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME)
88 && server) {
89 if ((retval = krb5_get_server_rcache(context,
90 krb5_princ_component(context,server,0), &(*auth_context)->rcache)))
91 goto cleanup_auth_context;
92 }
93
94 /* Get a keytab if necessary. */
95 if (keytab == NULL) {
96 if ((retval = krb5_kt_default(context, &new_keytab)))
97 goto cleanup_auth_context;
98 keytab = new_keytab;
99 }
100
101 retval = krb5_rd_req_decoded(context, auth_context, request, server,
102 keytab, ap_req_options, ticket);
103
104 if (new_keytab != NULL)
105 (void) krb5_kt_close(context, new_keytab);
106
107 cleanup_auth_context:
108 if (new_auth_context && retval) {
109 krb5_auth_con_free(context, new_auth_context);
110 *auth_context = NULL;
111 }
112
113 cleanup_request:
114 krb5_free_ap_req(context, request);
115 return retval;
116 }
117
118