xref: /illumos-gate/usr/src/lib/gss_mechs/mech_krb5/krb5/krb/rd_req.c (revision 55fea89dcaa64928bed4327112404dcb3e07b79f)
1 /*
2  * lib/krb5/krb/rd_req.c
3  *
4  * Copyright 1990,1991 by the Massachusetts Institute of Technology.
5  * All Rights Reserved.
6  *
7  * Export of this software from the United States of America may
8  *   require a specific license from the United States Government.
9  *   It is the responsibility of any person or organization contemplating
10  *   export to obtain such a license before exporting.
11  *
12  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13  * distribute this software and its documentation for any purpose and
14  * without fee is hereby granted, provided that the above copyright
15  * notice appear in all copies and that both that copyright notice and
16  * this permission notice appear in supporting documentation, and that
17  * the name of M.I.T. not be used in advertising or publicity pertaining
18  * to distribution of the software without specific, written prior
19  * permission.  Furthermore if you modify this software you must label
20  * your software as modified software and not distribute it in such a
21  * fashion that it might be confused with the original M.I.T. software.
22  * M.I.T. makes no representations about the suitability of
23  * this software for any purpose.  It is provided "as is" without express
24  * or implied warranty.
25  *
26  *
27  * krb5_rd_req()
28  */
29 
30 #include "k5-int.h"
31 #include "auth_con.h"
32 
33 /*
34  *  Parses a KRB_AP_REQ message, returning its contents.
35  *
36  *  server specifies the expected server's name for the ticket.
37  *
38  *  keyproc specifies a procedure to generate a decryption key for the
39  *  ticket.  If keyproc is non-NULL, keyprocarg is passed to it, and the result
40  *  used as a decryption key. If keyproc is NULL, then fetchfrom is checked;
41  *  if it is non-NULL, it specifies a parameter name from which to retrieve the
42  *  decryption key.  If fetchfrom is NULL, then the default key store is
43  *  consulted.
44  *
45  *  returns system errors, encryption errors, replay errors
46  */
47 
48 krb5_error_code KRB5_CALLCONV
krb5_rd_req(krb5_context context,krb5_auth_context * auth_context,const krb5_data * inbuf,krb5_const_principal server,krb5_keytab keytab,krb5_flags * ap_req_options,krb5_ticket ** ticket)49 krb5_rd_req(krb5_context context, krb5_auth_context *auth_context, const krb5_data *inbuf, krb5_const_principal server, krb5_keytab keytab, krb5_flags *ap_req_options, krb5_ticket **ticket)
50 
51 
52 
53                                  	/* XXX do we really need this */
54 
55 
56 
57 {
58     krb5_error_code 	  retval;
59     krb5_ap_req 	* request;
60     krb5_auth_context	  new_auth_context;
61     krb5_keytab           new_keytab = NULL;
62 
63     if (!krb5_is_ap_req(inbuf))
64 	return KRB5KRB_AP_ERR_MSG_TYPE;
65     if ((retval = decode_krb5_ap_req(inbuf, &request))) {
66     	switch (retval) {
67 	case KRB5_BADMSGTYPE:
68 	    return KRB5KRB_AP_ERR_BADVERSION;
69 	default:
70 	    return(retval);
71 	}
72     }
73 
74     /* Get an auth context if necessary. */
75     new_auth_context = NULL;
76     if (*auth_context == NULL) {
77 	if ((retval = krb5_auth_con_init(context, &new_auth_context)))
78 	    goto cleanup_request;
79         *auth_context = new_auth_context;
80     }
81 
82     if (!server) {
83 	server = request->ticket->server;
84     }
85     /* Get an rcache if necessary. */
86     if (((*auth_context)->rcache == NULL)
87 	&& ((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME)
88 && server) {
89 	if ((retval = krb5_get_server_rcache(context,
90      krb5_princ_component(context,server,0), &(*auth_context)->rcache)))
91 	    goto cleanup_auth_context;
92     }
93 
94     /* Get a keytab if necessary. */
95     if (keytab == NULL) {
96 	if ((retval = krb5_kt_default(context, &new_keytab)))
97 	    goto cleanup_auth_context;
98 	keytab = new_keytab;
99     }
100 
101     retval = krb5_rd_req_decoded(context, auth_context, request, server,
102 				 keytab, ap_req_options, ticket);
103 
104     if (new_keytab != NULL)
105         (void) krb5_kt_close(context, new_keytab);
106 
107 cleanup_auth_context:
108     if (new_auth_context && retval) {
109 	krb5_auth_con_free(context, new_auth_context);
110 	*auth_context = NULL;
111     }
112 
113 cleanup_request:
114     krb5_free_ap_req(context, request);
115     return retval;
116 }
117 
118