recvauth.c revision 505d05c73a6e56769f263d4803b22eddd168ee24
/*
* Copyright 2005 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* lib/krb5/krb/recvauth.c
*
* Copyright 1991 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
*
*/
#define NEED_SOCKETS
#include <k5-int.h>
#include <auth_con.h>
#include <com_err.h>
#include <errno.h>
#include <stdio.h>
#include <string.h>
static const char sendauth_version[] = "KRB5_SENDAUTH_V1.0";
static krb5_error_code
/* IN */
char *appl_version,
/* OUT */
krb5_ticket ** ticket,
{
krb5_rcache rcache = 0;
int need_error_free = 0;
int local_rcache = 0, local_authcon = 0;
/*
* Zero out problem variable. If problem is set at the end of
* the intial version negotiation section, it means that we
* need to send an error code back to the client application
* and exit.
*/
problem = 0;
if (!(flags & KRB5_RECVAUTH_SKIP_VERSION)) {
/*
* First read the sendauth version string and check it.
*/
return(retval);
}
}
if (flags & KRB5_RECVAUTH_BADAUTHVERS)
/*
* Do the same thing for the application version string.
*/
return(retval);
if (!problem)
}
else
/*
* OK, now check the problem variable. If it's zero, we're
* fine and we can continue. Otherwise, we have to signal an
* error to the client side and bail out.
*/
switch (problem) {
case 0:
response = 0;
break;
response = 1;
break;
response = 2;
break;
default:
/*
* Should never happen!
*/
response = 255;
#ifdef SENDAUTH_DEBUG
problem);
abort();
#endif
break;
}
/*
* Now we actually write the response. If the response is non-zero,
* exit with a return value of problem
*/
return(problem); /* We'll return the top-level problem */
}
if (problem)
return(problem);
/* We are clear of errors here */
/*
* Now, let's read the AP_REQ message and decode it
*/
return retval;
if (*auth_context == NULL) {
local_authcon = 1;
}
/*
* Setup the replay cache.
*/
if (server) {
} else {
}
if (!problem)
local_rcache = 1;
}
if (!problem) {
}
/*
* If there was a problem, send back a krb5_error message,
* preceeded by the length of the krb5_error message. If
* everything's ok, send back 0 for the length.
*/
if (problem) {
const char *message;
if(server)
else {
/* If this fails - ie. ENOMEM we are hosed
we cannot even send the error if we wanted to... */
need_error_free = 1;
}
goto cleanup;
}
goto cleanup;
}
if(need_error_free)
} else {
}
/* We sent back an error, we need cleanup then return */
goto cleanup;
}
if (retval)
goto cleanup;
/* Here lies the mutual authentication stuff... */
if ((ap_option & AP_OPTS_MUTUAL_REQUIRED)) {
return(retval);
}
}
cleanup:;
if (retval) {
if (local_authcon) {
}
}
return retval;
}
krb5_recvauth(krb5_context context, krb5_auth_context *auth_context, krb5_pointer fd, char *appl_version, krb5_principal server, krb5_int32 flags, krb5_keytab keytab, krb5_ticket **ticket)
{
}
/* IN */
/* OUT */
{
}