1 /*
2  * lib/krb5/krb/mk_rep.c
3  *
4  * Copyright 1990 by the Massachusetts Institute of Technology.
5  * All Rights Reserved.
6  *
7  * Export of this software from the United States of America may
8  *   require a specific license from the United States Government.
9  *   It is the responsibility of any person or organization contemplating
10  *   export to obtain such a license before exporting.
11  *
12  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13  * distribute this software and its documentation for any purpose and
14  * without fee is hereby granted, provided that the above copyright
15  * notice appear in all copies and that both that copyright notice and
16  * this permission notice appear in supporting documentation, and that
17  * the name of M.I.T. not be used in advertising or publicity pertaining
18  * to distribution of the software without specific, written prior
19  * permission.  Furthermore if you modify this software you must label
20  * your software as modified software and not distribute it in such a
21  * fashion that it might be confused with the original M.I.T. software.
22  * M.I.T. makes no representations about the suitability of
23  * this software for any purpose.  It is provided "as is" without express
24  * or implied warranty.
25  *
26  *
27  * krb5_mk_rep()
28  */
29 
30 #include "k5-int.h"
31 #include "auth_con.h"
32 
33 /*
34  Formats a KRB_AP_REP message into outbuf.
35 
36  The outbuf buffer storage is allocated, and should be freed by the
37  caller when finished.
38 
39  returns system errors
40 */
41 
42 krb5_error_code KRB5_CALLCONV
krb5_mk_rep(krb5_context context,krb5_auth_context auth_context,krb5_data * outbuf)43 krb5_mk_rep(krb5_context context, krb5_auth_context auth_context, krb5_data *outbuf)
44 {
45     krb5_error_code 	  retval;
46     krb5_ap_rep_enc_part  repl;
47     krb5_ap_rep 	  reply;
48     krb5_data 		* scratch;
49     krb5_data 		* toutbuf;
50 
51     /* Make the reply */
52     if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) ||
53 	(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
54 	(auth_context->local_seq_number == 0)) {
55 	if ((retval = krb5_generate_seq_number(context, auth_context->keyblock,
56 					       &auth_context->local_seq_number)))
57             return(retval);
58     }
59 
60     repl.ctime = auth_context->authentp->ctime;
61     repl.cusec = auth_context->authentp->cusec;
62     if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_USE_SUBKEY) {
63 	retval = krb5int_generate_and_save_subkey (context, auth_context,
64 						   auth_context->keyblock);
65 	if (retval)
66 	    return retval;
67 	repl.subkey = auth_context->send_subkey;
68     } else
69 	repl.subkey = auth_context->authentp->subkey;
70     repl.seq_number = auth_context->local_seq_number;
71 
72     /* encode it before encrypting */
73     if ((retval = encode_krb5_ap_rep_enc_part(&repl, &scratch)))
74 	return retval;
75 
76     if ((retval = krb5_encrypt_helper(context, auth_context->keyblock,
77 				      KRB5_KEYUSAGE_AP_REP_ENCPART,
78 				      scratch, &reply.enc_part)))
79 	goto cleanup_scratch;
80 
81     if (!(retval = encode_krb5_ap_rep(&reply, &toutbuf))) {
82 	*outbuf = *toutbuf;
83 	krb5_xfree(toutbuf);
84     }
85 
86     memset(reply.enc_part.ciphertext.data, 0, reply.enc_part.ciphertext.length);
87     free(reply.enc_part.ciphertext.data);
88     reply.enc_part.ciphertext.length = 0;
89     reply.enc_part.ciphertext.data = 0;
90 
91 cleanup_scratch:
92     memset(scratch->data, 0, scratch->length);
93     krb5_free_data(context, scratch);
94 
95     return retval;
96 }
97