1/*
2 * lib/krb5/krb/mk_rep.c
3 *
4 * Copyright 1990 by the Massachusetts Institute of Technology.
5 * All Rights Reserved.
6 *
7 * Export of this software from the United States of America may
8 *   require a specific license from the United States Government.
9 *   It is the responsibility of any person or organization contemplating
10 *   export to obtain such a license before exporting.
11 *
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission.  Furthermore if you modify this software you must label
20 * your software as modified software and not distribute it in such a
21 * fashion that it might be confused with the original M.I.T. software.
22 * M.I.T. makes no representations about the suitability of
23 * this software for any purpose.  It is provided "as is" without express
24 * or implied warranty.
25 *
26 *
27 * krb5_mk_rep()
28 */
29
30#include "k5-int.h"
31#include "auth_con.h"
32
33/*
34 Formats a KRB_AP_REP message into outbuf.
35
36 The outbuf buffer storage is allocated, and should be freed by the
37 caller when finished.
38
39 returns system errors
40*/
41
42krb5_error_code KRB5_CALLCONV
43krb5_mk_rep(krb5_context context, krb5_auth_context auth_context, krb5_data *outbuf)
44{
45    krb5_error_code 	  retval;
46    krb5_ap_rep_enc_part  repl;
47    krb5_ap_rep 	  reply;
48    krb5_data 		* scratch;
49    krb5_data 		* toutbuf;
50
51    /* Make the reply */
52    if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) ||
53	(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
54	(auth_context->local_seq_number == 0)) {
55	if ((retval = krb5_generate_seq_number(context, auth_context->keyblock,
56					       &auth_context->local_seq_number)))
57            return(retval);
58    }
59
60    repl.ctime = auth_context->authentp->ctime;
61    repl.cusec = auth_context->authentp->cusec;
62    if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_USE_SUBKEY) {
63	retval = krb5int_generate_and_save_subkey (context, auth_context,
64						   auth_context->keyblock);
65	if (retval)
66	    return retval;
67	repl.subkey = auth_context->send_subkey;
68    } else
69	repl.subkey = auth_context->authentp->subkey;
70    repl.seq_number = auth_context->local_seq_number;
71
72    /* encode it before encrypting */
73    if ((retval = encode_krb5_ap_rep_enc_part(&repl, &scratch)))
74	return retval;
75
76    if ((retval = krb5_encrypt_helper(context, auth_context->keyblock,
77				      KRB5_KEYUSAGE_AP_REP_ENCPART,
78				      scratch, &reply.enc_part)))
79	goto cleanup_scratch;
80
81    if (!(retval = encode_krb5_ap_rep(&reply, &toutbuf))) {
82	*outbuf = *toutbuf;
83	krb5_xfree(toutbuf);
84    }
85
86    memset(reply.enc_part.ciphertext.data, 0, reply.enc_part.ciphertext.length);
87    free(reply.enc_part.ciphertext.data);
88    reply.enc_part.ciphertext.length = 0;
89    reply.enc_part.ciphertext.data = 0;
90
91cleanup_scratch:
92    memset(scratch->data, 0, scratch->length);
93    krb5_free_data(context, scratch);
94
95    return retval;
96}
97