mk_safe.c revision 505d05c73a6e56769f263d4803b22eddd168ee24
/*
* Copyright 2005 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
*
* Copyright 1990,1991 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
*
* krb5_mk_safe()
*/
#include <k5-int.h>
#include "cleanup.h"
#include <auth_con.h>
#ifdef KRB5_DEBUG
#endif
/*
Formats a KRB_SAFE message into outbuf.
userdata is formatted as the user data in the message.
sumtype specifies the encryption type; key specifies the key which
might be used to seed the checksum; sender_addr and recv_addr specify
the full addresses (host and port) of the sender and receiver.
The host portion of sender_addr is used to form the addresses used in the
KRB_SAFE message.
The outbuf buffer storage is allocated, and should be freed by the
caller when finished.
returns system errors
*/
/*ARGSUSED*/
static krb5_error_code
const krb5_keyblock * keyblock,
const krb5_address * local_addr,
const krb5_address * remote_addr,
const krb5_cksumtype sumtype,
{
krb5_octet zero_octet = 0;
if (!krb5_c_valid_cksumtype(sumtype))
return KRB5_PROG_SUMTYPE_NOSUPP;
if (!krb5_c_is_coll_proof_cksum(sumtype) ||
return KRB5KRB_AP_ERR_INAPP_CKSUM;
/* We should check too make sure one exists. */
/*
* To do the checksum stuff, we need to encode the message with a
* zero-length zero-type checksum, then checksum the encoding, then
* re-encode with the checksum.
*/
safe_checksum.length = 0;
return retval;
}
scratch1, &safe_checksum)) != 0){
goto cleanup_checksum;
}
goto cleanup_checksum;
}
retval = 0;
return retval;
}
{
/* Clear replaydata block */
/* Get keyblock */
/* Get replay info */
return KRB5_RC_REQUIRED;
}
/* Need a better error */
return KRB5_RC_REQUIRED;
}
&replaydata.usec))){
return retval;
}
}
}
}
}
{
CLEANUP_INIT(2);
if (auth_context->local_addr) {
if (auth_context->local_port) {
&local_fulladdr))){
} else {
goto error;
}
} else {
}
}
if (auth_context->remote_addr) {
if (auth_context->remote_port) {
&remote_fulladdr))){
} else {
CLEANUP_DONE();
goto error;
}
} else {
}
}
{
unsigned int nsumtypes;
unsigned int i;
if (retval) {
CLEANUP_DONE ();
goto error;
}
if (nsumtypes == 0) {
CLEANUP_DONE ();
goto error;
}
for (i = 0; i < nsumtypes; i++)
break;
if (i == nsumtypes)
i = 0;
}
CLEANUP_DONE();
goto error;
}
CLEANUP_DONE();
}
goto error;
}
/* should we really error out here? XXX */
goto error;
}
}
return 0;
return retval;
}