17c478bd9Sstevel@tonic-gate /*
2159d09a2SMark Phalan * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
37c478bd9Sstevel@tonic-gate * Use is subject to license terms.
47c478bd9Sstevel@tonic-gate */
57c478bd9Sstevel@tonic-gate
67c478bd9Sstevel@tonic-gate
77c478bd9Sstevel@tonic-gate /*
87c478bd9Sstevel@tonic-gate * lib/krb5/krb/mk_req.c
97c478bd9Sstevel@tonic-gate *
107c478bd9Sstevel@tonic-gate * Copyright 1990,1991 by the Massachusetts Institute of Technology.
117c478bd9Sstevel@tonic-gate * All Rights Reserved.
127c478bd9Sstevel@tonic-gate *
137c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may
147c478bd9Sstevel@tonic-gate * require a specific license from the United States Government.
157c478bd9Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating
167c478bd9Sstevel@tonic-gate * export to obtain such a license before exporting.
17*55fea89dSDan Cross *
187c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
197c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and
207c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright
217c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and
227c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that
237c478bd9Sstevel@tonic-gate * the name of M.I.T. not be used in advertising or publicity pertaining
247c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior
257c478bd9Sstevel@tonic-gate * permission. Furthermore if you modify this software you must label
267c478bd9Sstevel@tonic-gate * your software as modified software and not distribute it in such a
277c478bd9Sstevel@tonic-gate * fashion that it might be confused with the original M.I.T. software.
287c478bd9Sstevel@tonic-gate * M.I.T. makes no representations about the suitability of
297c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express
307c478bd9Sstevel@tonic-gate * or implied warranty.
31*55fea89dSDan Cross *
327c478bd9Sstevel@tonic-gate *
337c478bd9Sstevel@tonic-gate * krb5_mk_req() routine.
347c478bd9Sstevel@tonic-gate */
357c478bd9Sstevel@tonic-gate
36159d09a2SMark Phalan #include "k5-int.h"
37159d09a2SMark Phalan #include "auth_con.h"
387c478bd9Sstevel@tonic-gate
397c478bd9Sstevel@tonic-gate /*
407c478bd9Sstevel@tonic-gate Formats a KRB_AP_REQ message into outbuf.
417c478bd9Sstevel@tonic-gate
427c478bd9Sstevel@tonic-gate server specifies the principal of the server to receive the message; if
437c478bd9Sstevel@tonic-gate credentials are not present in the credentials cache for this server, the
447c478bd9Sstevel@tonic-gate TGS request with default parameters is used in an attempt to obtain
457c478bd9Sstevel@tonic-gate such credentials, and they are stored in ccache.
467c478bd9Sstevel@tonic-gate
47*55fea89dSDan Cross kdc_options specifies the options requested for the
487c478bd9Sstevel@tonic-gate ap_req_options specifies the KRB_AP_REQ options desired.
497c478bd9Sstevel@tonic-gate
507c478bd9Sstevel@tonic-gate checksum specifies the checksum to be used in the authenticator.
517c478bd9Sstevel@tonic-gate
527c478bd9Sstevel@tonic-gate The outbuf buffer storage is allocated, and should be freed by the
537c478bd9Sstevel@tonic-gate caller when finished.
547c478bd9Sstevel@tonic-gate
557c478bd9Sstevel@tonic-gate returns system errors
567c478bd9Sstevel@tonic-gate */
577c478bd9Sstevel@tonic-gate
58505d05c7Sgtb krb5_error_code KRB5_CALLCONV
krb5_mk_req(krb5_context context,krb5_auth_context * auth_context,krb5_flags ap_req_options,char * service,char * hostname,krb5_data * in_data,krb5_ccache ccache,krb5_data * outbuf)59505d05c7Sgtb krb5_mk_req(krb5_context context, krb5_auth_context *auth_context,
60505d05c7Sgtb krb5_flags ap_req_options, char *service, char *hostname,
61505d05c7Sgtb krb5_data *in_data, krb5_ccache ccache, krb5_data *outbuf)
627c478bd9Sstevel@tonic-gate {
637c478bd9Sstevel@tonic-gate krb5_error_code retval;
647c478bd9Sstevel@tonic-gate krb5_principal server;
657c478bd9Sstevel@tonic-gate krb5_creds * credsp;
667c478bd9Sstevel@tonic-gate krb5_creds creds;
677c478bd9Sstevel@tonic-gate
68*55fea89dSDan Cross retval = krb5_sname_to_principal(context, hostname, service,
697c478bd9Sstevel@tonic-gate KRB5_NT_SRV_HST, &server);
707c478bd9Sstevel@tonic-gate if (retval)
717c478bd9Sstevel@tonic-gate return retval;
727c478bd9Sstevel@tonic-gate
737c478bd9Sstevel@tonic-gate /* obtain ticket & session key */
747c478bd9Sstevel@tonic-gate memset((char *)&creds, 0, sizeof(creds));
757c478bd9Sstevel@tonic-gate if ((retval = krb5_copy_principal(context, server, &creds.server)))
767c478bd9Sstevel@tonic-gate goto cleanup_princ;
777c478bd9Sstevel@tonic-gate
78159d09a2SMark Phalan /* Solaris Kerberos */
797c478bd9Sstevel@tonic-gate if ((retval = krb5_cc_get_principal(context, ccache, &creds.client)) != 0)
807c478bd9Sstevel@tonic-gate goto cleanup_creds;
817c478bd9Sstevel@tonic-gate
82159d09a2SMark Phalan /* Solaris Kerberos */
837c478bd9Sstevel@tonic-gate if ((retval = krb5_get_credentials(context, 0,
847c478bd9Sstevel@tonic-gate ccache, &creds, &credsp)) != 0)
857c478bd9Sstevel@tonic-gate goto cleanup_creds;
867c478bd9Sstevel@tonic-gate
87*55fea89dSDan Cross retval = krb5_mk_req_extended(context, auth_context, ap_req_options,
887c478bd9Sstevel@tonic-gate in_data, credsp, outbuf);
897c478bd9Sstevel@tonic-gate
907c478bd9Sstevel@tonic-gate krb5_free_creds(context, credsp);
917c478bd9Sstevel@tonic-gate
927c478bd9Sstevel@tonic-gate cleanup_creds:
937c478bd9Sstevel@tonic-gate krb5_free_cred_contents(context, &creds);
947c478bd9Sstevel@tonic-gate
957c478bd9Sstevel@tonic-gate cleanup_princ:
967c478bd9Sstevel@tonic-gate krb5_free_principal(context, server);
977c478bd9Sstevel@tonic-gate
987c478bd9Sstevel@tonic-gate return retval;
997c478bd9Sstevel@tonic-gate }
100