int
krb_mk_req(KTEXT authent,
char *service, char *instance, char *realm,
int32_t checksum)
#endif
{
CREDENTIALS cr;
KTEXT_ST req;
krb5_storage *sp;
int code;
/* XXX get user realm */
const char *myrealm = realm;
krb5_data a;
code = krb_get_cred(service, instance, realm, &cr);
if(code || time(NULL) > krb_life_to_time(cr.issue_date, cr.lifetime)){
code = get_ad_tkt((char *)service,
(char *)instance, (char *)realm, lifetime);
if(code == KSUCCESS)
code = krb_get_cred(service, instance, realm, &cr);
}
if(code)
return code;
sp = krb5_storage_emem();
krb5_store_int8(sp, KRB_PROT_VERSION);
krb5_store_int8(sp, AUTH_MSG_APPL_REQUEST);
krb5_store_int8(sp, cr.kvno);
krb5_store_stringz(sp, realm);
krb5_store_int8(sp, cr.ticket_st.length);
build_request(&req, cr.pname, cr.pinst, myrealm, checksum);
encrypt_ktext(&req, &cr.session, DES_ENCRYPT);
krb5_store_int8(sp, req.length);
krb5_storage_write(sp, cr.ticket_st.dat, cr.ticket_st.length);
krb5_storage_write(sp, req.dat, req.length);
krb5_storage_to_data(sp, &a);
krb5_storage_free(sp);
memcpy(authent->dat, a.data, a.length);
authent->length = a.length;
krb5_data_free(&a);
memset(&cr, 0, sizeof(cr));
memset(&req, 0, sizeof(req));
return KSUCCESS;
}
int
krb_mk_req(KTEXT authent, char *service, char *instance, char *realm,
int32_t checksum)
{
KTEXT_ST req_st;
KTEXT req_id = &req_st;
CREDENTIALS cr; /* Credentials used by retr */
KTEXT ticket = &(cr.ticket_st); /* Pointer to tkt_st */
int retval; /* Returned by krb_get_cred */
char myrealm[REALM_SZ];
unsigned char *p = authent->dat;
int rem = sizeof(authent->dat);
int tmp;
tmp = krb_put_int(KRB_PROT_VERSION, p, rem, 1);
if (tmp < 0)
return KFAILURE;
p += tmp;
rem -= tmp;
tmp = krb_put_int(AUTH_MSG_APPL_REQUEST, p, rem, 1);
if (tmp < 0)
return KFAILURE;
p += tmp;
rem -= tmp;
/* Get the ticket and move it into the authenticator */
if (krb_ap_req_debug)
krb_warning("Realm: %s\n", realm);
retval = krb_get_cred(service,instance,realm,&cr);
if (retval == RET_NOTKT) {
retval = get_ad_tkt(service, instance, realm, lifetime);
if (retval == KSUCCESS)
retval = krb_get_cred(service, instance, realm, &cr);
}
if (retval != KSUCCESS)
return retval;
/*
* With multi realm ticket files either find a matching TGT or
* else use the first TGT for inter-realm authentication.
*
* In myrealm hold the realm of the principal "owning" the
* corresponding ticket-granting-ticket.
*/
retval = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, realm, 0);
if (retval == KSUCCESS) {
strcpy_truncate(myrealm, realm, REALM_SZ);
} else
retval = krb_get_tf_realm(TKT_FILE, myrealm);
if (retval != KSUCCESS)
return retval;
if (krb_ap_req_debug)
krb_warning("serv=%s.%s@%s princ=%s.%s@%s\n", service, instance, realm,
cr.pname, cr.pinst, myrealm);
tmp = krb_put_int(cr.kvno, p, rem, 1);
if (tmp < 0)
return KFAILURE;
p += tmp;
rem -= tmp;
tmp = krb_put_string(realm, p, rem);
if (tmp < 0)
return KFAILURE;
p += tmp;
rem -= tmp;
tmp = krb_put_int(ticket->length, p, rem, 1);
if (tmp < 0)
return KFAILURE;
p += tmp;
rem -= tmp;
retval = build_request(req_id, cr.pname, cr.pinst, myrealm, checksum);
if (retval != KSUCCESS)
return retval;
encrypt_ktext(req_id, &cr.session, DES_ENCRYPT);
tmp = krb_put_int(req_id->length, p, rem, 1);
if (tmp < 0)
return KFAILURE;
p += tmp;
rem -= tmp;
if (rem < ticket->length + req_id->length)
return KFAILURE;
memcpy(p, ticket->dat, ticket->length);
p += ticket->length;
rem -= ticket->length;
memcpy(p, req_id->dat, req_id->length);
p += req_id->length;
rem -= req_id->length;
authent->length = p - authent->dat;
memset(&cr, 0, sizeof(cr));
memset(&req_st, 0, sizeof(req_st));
if (krb_ap_req_debug)
krb_warning("Authent->length = %d\n", authent->length);
return KSUCCESS;
}