krb5_error_code KRB5_LIB_FUNCTION
krb5_decode_Authenticator (krb5_context context,
const void *data,
size_t length,
Authenticator *t,
size_t *len)
{
return decode_Authenticator(data, length, t, len);
}
static krb5_error_code
decrypt_authenticator (krb5_context context,
EncryptionKey *key,
EncryptedData *enc_part,
Authenticator *authenticator,
krb5_key_usage usage)
{
krb5_error_code ret;
krb5_data plain;
size_t len;
krb5_crypto crypto;
ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret)
return ret;
ret = krb5_decrypt_EncryptedData (context,
crypto,
usage /* KRB5_KU_AP_REQ_AUTH */,
enc_part,
&plain);
/* for backwards compatibility, also try the old usage */
if (ret && usage == KRB5_KU_TGS_REQ_AUTH)
ret = krb5_decrypt_EncryptedData (context,
crypto,
KRB5_KU_AP_REQ_AUTH,
enc_part,
&plain);
krb5_crypto_destroy(context, crypto);
if (ret)
return ret;
ret = decode_Authenticator(plain.data, plain.length,
authenticator, &len);
krb5_data_free (&plain);
return ret;
}
DWORD
VmKdcDecodeAuthenticator(
PVMKDC_DATA pData,
PVMKDC_AUTHENTICATOR *ppRetAuthenticator)
{
DWORD dwError = 0;
PVMKDC_AUTHENTICATOR pAuthenticator = NULL;
Authenticator heimAuth = {0};
unsigned char *authBufPtr = NULL;
size_t heimAuthLen = 0;
size_t authBufLen = 0;
authBufLen = VMKDC_GET_LEN_DATA(pData);
authBufPtr = (unsigned char *) VMKDC_GET_PTR_DATA(pData);
/*
* Decode the Authenticator into a Heimdal Authenticator structure.
*/
decode_Authenticator(authBufPtr, authBufLen, &heimAuth, &heimAuthLen);
if (heimAuthLen <= 0)
{
dwError = ERROR_PROTOCOL;
BAIL_ON_VMKDC_ERROR(dwError);
}
dwError = VmKdcAllocateMemory(sizeof(VMKDC_AUTHENTICATOR), (PVOID*)&pAuthenticator);
BAIL_ON_VMKDC_ERROR(dwError);
/* authenticator-vno */
pAuthenticator->authenticator_vno = heimAuth.authenticator_vno;
/* crealm, cname */
dwError = VmKdcMakePrincipal(heimAuth.crealm,
heimAuth.cname.name_string.len,
(PCSTR *)heimAuth.cname.name_string.val,
&pAuthenticator->cname);
BAIL_ON_VMKDC_ERROR(dwError);
/* cksum */
if (heimAuth.cksum)
{
/* TBD */
}
/* cusec */
pAuthenticator->cusec = heimAuth.cusec;
/* ctime */
pAuthenticator->ctime = heimAuth.ctime;
/* subkey */
if (heimAuth.subkey)
{
dwError = VmKdcMakeKey((VMKDC_KEYTYPE) heimAuth.subkey->keytype,
0,
(PUCHAR) heimAuth.subkey->keyvalue.data,
(DWORD) heimAuth.subkey->keyvalue.length,
&pAuthenticator->subkey);
BAIL_ON_VMKDC_ERROR(dwError);
}
/* seq-number */
if (heimAuth.seq_number)
{
/* TBD */
}
/* authorization_data */
if (heimAuth.authorization_data)
{
/* TBD */
}
*ppRetAuthenticator = pAuthenticator;
error:
if (dwError)
{
VMKDC_SAFE_FREE_AUTHENTICATOR(pAuthenticator);
}
free_Authenticator(&heimAuth);
return dwError;
}