1 /* 2 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 #pragma ident "%Z%%M% %I% %E% SMI" 7 8 /* 9 * lib/krb5/krb/mk_rep.c 10 * 11 * Copyright 1990 by the Massachusetts Institute of Technology. 12 * All Rights Reserved. 13 * 14 * Export of this software from the United States of America may 15 * require a specific license from the United States Government. 16 * It is the responsibility of any person or organization contemplating 17 * export to obtain such a license before exporting. 18 * 19 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 20 * distribute this software and its documentation for any purpose and 21 * without fee is hereby granted, provided that the above copyright 22 * notice appear in all copies and that both that copyright notice and 23 * this permission notice appear in supporting documentation, and that 24 * the name of M.I.T. not be used in advertising or publicity pertaining 25 * to distribution of the software without specific, written prior 26 * permission. Furthermore if you modify this software you must label 27 * your software as modified software and not distribute it in such a 28 * fashion that it might be confused with the original M.I.T. software. 29 * M.I.T. makes no representations about the suitability of 30 * this software for any purpose. It is provided "as is" without express 31 * or implied warranty. 32 * 33 * 34 * krb5_mk_rep() 35 */ 36 37 #include <k5-int.h> 38 #include <auth_con.h> 39 40 /* 41 Formats a KRB_AP_REP message into outbuf. 42 43 The outbuf buffer storage is allocated, and should be freed by the 44 caller when finished. 45 46 returns system errors 47 */ 48 49 krb5_error_code KRB5_CALLCONV 50 krb5_mk_rep(krb5_context context, krb5_auth_context auth_context, krb5_data *outbuf) 51 { 52 krb5_error_code retval; 53 krb5_ap_rep_enc_part repl; 54 krb5_ap_rep reply; 55 krb5_data * scratch; 56 krb5_data * toutbuf; 57 58 /* Make the reply */ 59 if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) || 60 (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && 61 (auth_context->local_seq_number == 0)) { 62 if ((retval = krb5_generate_seq_number(context, auth_context->keyblock, 63 &auth_context->local_seq_number))) 64 return(retval); 65 } 66 67 repl.ctime = auth_context->authentp->ctime; 68 repl.cusec = auth_context->authentp->cusec; 69 if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_USE_SUBKEY) { 70 retval = krb5int_generate_and_save_subkey (context, auth_context, 71 auth_context->keyblock); 72 if (retval) 73 return retval; 74 repl.subkey = auth_context->send_subkey; 75 } else 76 repl.subkey = auth_context->authentp->subkey; 77 78 repl.seq_number = auth_context->local_seq_number; 79 80 /* encode it before encrypting */ 81 retval = encode_krb5_ap_rep_enc_part(&repl, &scratch); 82 if (retval) 83 return retval; 84 85 retval = krb5_encrypt_helper(context, auth_context->keyblock, 86 KRB5_KEYUSAGE_AP_REP_ENCPART, 87 scratch, &reply.enc_part); 88 if (retval) 89 goto cleanup_scratch; 90 91 retval = encode_krb5_ap_rep(&reply, &toutbuf); 92 if (!retval) { 93 *outbuf = *toutbuf; 94 krb5_xfree(toutbuf); 95 } 96 97 memset(reply.enc_part.ciphertext.data, 0, reply.enc_part.ciphertext.length); 98 free(reply.enc_part.ciphertext.data); 99 reply.enc_part.ciphertext.length = 0; 100 reply.enc_part.ciphertext.data = 0; 101 102 cleanup_scratch: 103 memset(scratch->data, 0, scratch->length); 104 krb5_free_data(context, scratch); 105 106 return retval; 107 } 108