예제 #1
0
int
krb_mk_req(KTEXT authent,
	   char *service, char *instance, char *realm, 
	   int32_t checksum)

#endif
{
    CREDENTIALS cr;
    KTEXT_ST req;
    krb5_storage *sp;
    int code;
    /* XXX get user realm */
    const char *myrealm = realm;
    krb5_data a;

    code = krb_get_cred(service, instance, realm, &cr);
    if(code || time(NULL) > krb_life_to_time(cr.issue_date, cr.lifetime)){
	code = get_ad_tkt((char *)service,
			  (char *)instance, (char *)realm, lifetime);
	if(code == KSUCCESS)
	    code = krb_get_cred(service, instance, realm, &cr);
    }

    if(code)
	return code;

    sp = krb5_storage_emem();

    krb5_store_int8(sp, KRB_PROT_VERSION);
    krb5_store_int8(sp, AUTH_MSG_APPL_REQUEST);
    
    krb5_store_int8(sp, cr.kvno);
    krb5_store_stringz(sp, realm);
    krb5_store_int8(sp, cr.ticket_st.length);

    build_request(&req, cr.pname, cr.pinst, myrealm, checksum);
    encrypt_ktext(&req, &cr.session, DES_ENCRYPT);

    krb5_store_int8(sp, req.length);

    krb5_storage_write(sp, cr.ticket_st.dat, cr.ticket_st.length);
    krb5_storage_write(sp, req.dat, req.length);
    krb5_storage_to_data(sp, &a);
    krb5_storage_free(sp);
    memcpy(authent->dat, a.data, a.length);
    authent->length = a.length;
    krb5_data_free(&a);

    memset(&cr, 0, sizeof(cr));
    memset(&req, 0, sizeof(req));

    return KSUCCESS;
}
예제 #2
0
파일: mk_req.c 프로젝트: 1ack/Impala
int
krb_mk_req(KTEXT authent, char *service, char *instance, char *realm, 
	   int32_t checksum)
{
    KTEXT_ST req_st;
    KTEXT req_id = &req_st;

    CREDENTIALS cr;             /* Credentials used by retr */
    KTEXT ticket = &(cr.ticket_st); /* Pointer to tkt_st */
    int retval;                 /* Returned by krb_get_cred */

    char myrealm[REALM_SZ];

    unsigned char *p = authent->dat;
    int rem = sizeof(authent->dat);
    int tmp;

    tmp = krb_put_int(KRB_PROT_VERSION, p, rem, 1);
    if (tmp < 0)
	return KFAILURE;
    p += tmp;
    rem -= tmp;

    tmp = krb_put_int(AUTH_MSG_APPL_REQUEST, p, rem, 1);
    if (tmp < 0)
	return KFAILURE;
    p += tmp;
    rem -= tmp;

    /* Get the ticket and move it into the authenticator */
    if (krb_ap_req_debug)
        krb_warning("Realm: %s\n", realm);

    retval = krb_get_cred(service,instance,realm,&cr);

    if (retval == RET_NOTKT) {
	retval = get_ad_tkt(service, instance, realm, lifetime);
	if (retval == KSUCCESS)
	    retval = krb_get_cred(service, instance, realm, &cr);
    }

    if (retval != KSUCCESS)
	return retval;


    /*
     * With multi realm ticket files either find a matching TGT or
     * else use the first TGT for inter-realm authentication.
     *
     * In myrealm hold the realm of the principal "owning" the
     * corresponding ticket-granting-ticket.
     */

    retval = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, realm, 0);
    if (retval == KSUCCESS) {
      strcpy_truncate(myrealm, realm, REALM_SZ);
    } else
      retval = krb_get_tf_realm(TKT_FILE, myrealm);
    
    if (retval != KSUCCESS)
	return retval;
    
    if (krb_ap_req_debug)
        krb_warning("serv=%s.%s@%s princ=%s.%s@%s\n", service, instance, realm,
		    cr.pname, cr.pinst, myrealm);

    tmp = krb_put_int(cr.kvno, p, rem, 1);
    if (tmp < 0)
	return KFAILURE;
    p += tmp;
    rem -= tmp;

    tmp = krb_put_string(realm, p, rem);
    if (tmp < 0)
	return KFAILURE;
    p += tmp;
    rem -= tmp;

    tmp = krb_put_int(ticket->length, p, rem, 1);
    if (tmp < 0)
	return KFAILURE;
    p += tmp;
    rem -= tmp;

    retval = build_request(req_id, cr.pname, cr.pinst, myrealm, checksum);
    if (retval != KSUCCESS)
	return retval;
    
    encrypt_ktext(req_id, &cr.session, DES_ENCRYPT);

    tmp = krb_put_int(req_id->length, p, rem, 1);
    if (tmp < 0)
	return KFAILURE;
    p += tmp;
    rem -= tmp;

    if (rem < ticket->length + req_id->length)
	return KFAILURE;

    memcpy(p, ticket->dat, ticket->length);
    p += ticket->length;
    rem -= ticket->length;
    memcpy(p, req_id->dat, req_id->length);
    p += req_id->length;
    rem -= req_id->length;

    authent->length = p - authent->dat;
    
    memset(&cr, 0, sizeof(cr));
    memset(&req_st, 0, sizeof(req_st));

    if (krb_ap_req_debug)
        krb_warning("Authent->length = %d\n", authent->length);

    return KSUCCESS;
}