int
krb_put_nir(const char *name,const char *instance,const char *realm, void *to, size_t rem)
{
char *p = (char *)to;
int tmp;
tmp = krb_put_string(name, p, rem);
if (tmp < 0)
return tmp;
p += tmp;
rem -= tmp;
tmp = krb_put_string(instance, p, rem);
if (tmp < 0)
return tmp;
p += tmp;
rem -= tmp;
if (realm) {
tmp = krb_put_string(realm, p, rem);
if (tmp < 0)
return tmp;
p += tmp;
rem -= tmp;
}
return p - (char *)to;
}
int
krb_mk_req(KTEXT authent, char *service, char *instance, char *realm,
int32_t checksum)
{
KTEXT_ST req_st;
KTEXT req_id = &req_st;
CREDENTIALS cr; /* Credentials used by retr */
KTEXT ticket = &(cr.ticket_st); /* Pointer to tkt_st */
int retval; /* Returned by krb_get_cred */
char myrealm[REALM_SZ];
unsigned char *p = authent->dat;
int rem = sizeof(authent->dat);
int tmp;
tmp = krb_put_int(KRB_PROT_VERSION, p, rem, 1);
if (tmp < 0)
return KFAILURE;
p += tmp;
rem -= tmp;
tmp = krb_put_int(AUTH_MSG_APPL_REQUEST, p, rem, 1);
if (tmp < 0)
return KFAILURE;
p += tmp;
rem -= tmp;
/* Get the ticket and move it into the authenticator */
if (krb_ap_req_debug)
krb_warning("Realm: %s\n", realm);
retval = krb_get_cred(service,instance,realm,&cr);
if (retval == RET_NOTKT) {
retval = get_ad_tkt(service, instance, realm, lifetime);
if (retval == KSUCCESS)
retval = krb_get_cred(service, instance, realm, &cr);
}
if (retval != KSUCCESS)
return retval;
/*
* With multi realm ticket files either find a matching TGT or
* else use the first TGT for inter-realm authentication.
*
* In myrealm hold the realm of the principal "owning" the
* corresponding ticket-granting-ticket.
*/
retval = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, realm, 0);
if (retval == KSUCCESS) {
strcpy_truncate(myrealm, realm, REALM_SZ);
} else
retval = krb_get_tf_realm(TKT_FILE, myrealm);
if (retval != KSUCCESS)
return retval;
if (krb_ap_req_debug)
krb_warning("serv=%s.%s@%s princ=%s.%s@%s\n", service, instance, realm,
cr.pname, cr.pinst, myrealm);
tmp = krb_put_int(cr.kvno, p, rem, 1);
if (tmp < 0)
return KFAILURE;
p += tmp;
rem -= tmp;
tmp = krb_put_string(realm, p, rem);
if (tmp < 0)
return KFAILURE;
p += tmp;
rem -= tmp;
tmp = krb_put_int(ticket->length, p, rem, 1);
if (tmp < 0)
return KFAILURE;
p += tmp;
rem -= tmp;
retval = build_request(req_id, cr.pname, cr.pinst, myrealm, checksum);
if (retval != KSUCCESS)
return retval;
encrypt_ktext(req_id, &cr.session, DES_ENCRYPT);
tmp = krb_put_int(req_id->length, p, rem, 1);
if (tmp < 0)
return KFAILURE;
p += tmp;
rem -= tmp;
if (rem < ticket->length + req_id->length)
return KFAILURE;
memcpy(p, ticket->dat, ticket->length);
p += ticket->length;
rem -= ticket->length;
memcpy(p, req_id->dat, req_id->length);
p += req_id->length;
rem -= req_id->length;
authent->length = p - authent->dat;
memset(&cr, 0, sizeof(cr));
memset(&req_st, 0, sizeof(req_st));
if (krb_ap_req_debug)
krb_warning("Authent->length = %d\n", authent->length);
return KSUCCESS;
}
