1 /*
2  * lib/krb5/krb/decode_kdc.c
3  *
4  * Copyright 1990 by the Massachusetts Institute of Technology.
5  * All Rights Reserved.
6  *
7  * Export of this software from the United States of America may
8  *   require a specific license from the United States Government.
9  *   It is the responsibility of any person or organization contemplating
10  *   export to obtain such a license before exporting.
11  *
12  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13  * distribute this software and its documentation for any purpose and
14  * without fee is hereby granted, provided that the above copyright
15  * notice appear in all copies and that both that copyright notice and
16  * this permission notice appear in supporting documentation, and that
17  * the name of M.I.T. not be used in advertising or publicity pertaining
18  * to distribution of the software without specific, written prior
19  * permission.  Furthermore if you modify this software you must label
20  * your software as modified software and not distribute it in such a
21  * fashion that it might be confused with the original M.I.T. software.
22  * M.I.T. makes no representations about the suitability of
23  * this software for any purpose.  It is provided "as is" without express
24  * or implied warranty.
25  *
26  *
27  * krb5_decode_kdc_rep() function.
28  */
29 
30 #include "k5-int.h"
31 
32 /*
33  Takes a KDC_REP message and decrypts encrypted part using etype and
34  *key, putting result in *rep.
35  dec_rep->client,ticket,session,last_req,server,caddrs
36  are all set to allocated storage which should be freed by the caller
37  when finished with the response.
38 
39  If the response isn't a KDC_REP (tgs or as), it returns an error from
40  the decoding routines.
41 
42  returns errors from encryption routines, system errors
43  */
44 
45 krb5_error_code
krb5_decode_kdc_rep(krb5_context context,krb5_data * enc_rep,const krb5_keyblock * key,krb5_kdc_rep ** dec_rep)46 krb5_decode_kdc_rep(krb5_context context, krb5_data *enc_rep, const krb5_keyblock *key, krb5_kdc_rep **dec_rep)
47 {
48     krb5_error_code retval;
49     krb5_kdc_rep *local_dec_rep;
50     krb5_keyusage usage;
51 
52     if (krb5_is_as_rep(enc_rep)) {
53 	usage = KRB5_KEYUSAGE_AS_REP_ENCPART;
54 	retval = decode_krb5_as_rep(enc_rep, &local_dec_rep);
55     } else if (krb5_is_tgs_rep(enc_rep)) {
56 	usage = KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY;
57 	/* KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY would go here, except
58 	   that this client code base doesn't ever put a subkey in the
59 	   tgs_req authenticator, so the tgs_rep is never encrypted in
60 	   one.  (Check send_tgs.c:krb5_send_tgs_basic(), near the top
61 	   where authent.subkey is set to 0) */
62 	retval = decode_krb5_tgs_rep(enc_rep, &local_dec_rep);
63     } else {
64 	return KRB5KRB_AP_ERR_MSG_TYPE;
65     }
66 
67     if (retval)
68 	return retval;
69 
70     if ((retval = krb5_kdc_rep_decrypt_proc(context, key, &usage,
71 					    local_dec_rep)))
72 	krb5_free_kdc_rep(context, local_dec_rep);
73     else
74     	*dec_rep = local_dec_rep;
75     return(retval);
76 }
77 
78