1 #pragma ident "%Z%%M% %I% %E% SMI" 2 /* 3 * lib/krb5/krb/decode_kdc.c 4 * 5 * Copyright 1990 by the Massachusetts Institute of Technology. 6 * All Rights Reserved. 7 * 8 * Export of this software from the United States of America may 9 * require a specific license from the United States Government. 10 * It is the responsibility of any person or organization contemplating 11 * export to obtain such a license before exporting. 12 * 13 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 14 * distribute this software and its documentation for any purpose and 15 * without fee is hereby granted, provided that the above copyright 16 * notice appear in all copies and that both that copyright notice and 17 * this permission notice appear in supporting documentation, and that 18 * the name of M.I.T. not be used in advertising or publicity pertaining 19 * to distribution of the software without specific, written prior 20 * permission. Furthermore if you modify this software you must label 21 * your software as modified software and not distribute it in such a 22 * fashion that it might be confused with the original M.I.T. software. 23 * M.I.T. makes no representations about the suitability of 24 * this software for any purpose. It is provided "as is" without express 25 * or implied warranty. 26 * 27 * 28 * krb5_decode_kdc_rep() function. 29 */ 30 31 #include <k5-int.h> 32 33 /* 34 Takes a KDC_REP message and decrypts encrypted part using etype and 35 *key, putting result in *rep. 36 dec_rep->client,ticket,session,last_req,server,caddrs 37 are all set to allocated storage which should be freed by the caller 38 when finished with the response. 39 40 If the response isn't a KDC_REP (tgs or as), it returns an error from 41 the decoding routines. 42 43 returns errors from encryption routines, system errors 44 */ 45 46 krb5_error_code 47 krb5_decode_kdc_rep(krb5_context context, krb5_data *enc_rep, const krb5_keyblock *key, krb5_kdc_rep **dec_rep) 48 { 49 krb5_error_code retval; 50 krb5_kdc_rep *local_dec_rep; 51 krb5_keyusage usage; 52 53 if (krb5_is_as_rep(enc_rep)) { 54 usage = KRB5_KEYUSAGE_AS_REP_ENCPART; 55 retval = decode_krb5_as_rep(enc_rep, &local_dec_rep); 56 } else if (krb5_is_tgs_rep(enc_rep)) { 57 usage = KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY; 58 /* KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY would go here, except 59 that this client code base doesn't ever put a subkey in the 60 tgs_req authenticator, so the tgs_rep is never encrypted in 61 one. (Check send_tgs.c:krb5_send_tgs_basic(), near the top 62 where authent.subkey is set to 0) */ 63 retval = decode_krb5_tgs_rep(enc_rep, &local_dec_rep); 64 } else { 65 return KRB5KRB_AP_ERR_MSG_TYPE; 66 } 67 68 if (retval) 69 return retval; 70 71 if ((retval = krb5_kdc_rep_decrypt_proc(context, key, &usage, 72 local_dec_rep))) 73 krb5_free_kdc_rep(context, local_dec_rep); 74 else 75 *dec_rep = local_dec_rep; 76 return(retval); 77 } 78 79