krb5_error_code
krb5int_decode_tgs_rep(krb5_context context, krb5_data *enc_rep, const krb5_keyblock *key,
krb5_keyusage usage, krb5_kdc_rep **dec_rep)
{
krb5_error_code retval;
krb5_kdc_rep *local_dec_rep;
if (krb5_is_as_rep(enc_rep)) {
retval = decode_krb5_as_rep(enc_rep, &local_dec_rep);
} else if (krb5_is_tgs_rep(enc_rep)) {
retval = decode_krb5_tgs_rep(enc_rep, &local_dec_rep);
} else {
return KRB5KRB_AP_ERR_MSG_TYPE;
}
if (retval)
return retval;
if ((retval = krb5_kdc_rep_decrypt_proc(context, key, &usage,
local_dec_rep)))
krb5_free_kdc_rep(context, local_dec_rep);
else
*dec_rep = local_dec_rep;
return(retval);
}
/* Modify an AS-REP reply, change the msg_type to KRB5_TGS_REP. */
static krb5_error_code
test_recv_modify_reply(krb5_context context, void *data, krb5_error_code code,
const krb5_data *realm, const krb5_data *message,
const krb5_data *reply, krb5_data **new_reply)
{
krb5_kdc_rep *as_rep;
assert(code == 0);
assert(krb5_is_as_rep(reply));
check(decode_krb5_as_rep(reply, &as_rep));
as_rep->msg_type = KRB5_TGS_REP;
check(encode_krb5_as_rep(as_rep, new_reply));
krb5_free_kdc_rep(context, as_rep);
return 0;
}
/* Verify that reply is an AS-REP with kvno 1 and a valid enctype. */
static krb5_error_code
test_recv_as_rep(krb5_context context, void *data, krb5_error_code code,
const krb5_data *realm, const krb5_data *message,
const krb5_data *reply, krb5_data **new_reply)
{
krb5_kdc_rep *as_rep;
assert(code == 0);
assert(krb5_is_as_rep(reply));
check(decode_krb5_as_rep(reply, &as_rep));
assert(as_rep->msg_type == KRB5_AS_REP);
assert(as_rep->ticket->enc_part.kvno == 1);
assert(krb5_c_valid_enctype(as_rep->ticket->enc_part.enctype));
krb5_free_kdc_rep(context, as_rep);
return 0;
}