send_tgs.c revision 159d09a20817016f09b3ea28d1bdada4a336bb91
/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/*
* lib/krb5/krb/send_tgs.c
*
* Copyright 1990,1991 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
*
* krb5_send_tgs()
*/
#include "k5-int.h"
/*
Sends a request to the TGS and waits for a response.
options is used for the options in the KRB_TGS_REQ.
timestruct values are used for from, till, rtime " " "
enctype is used for enctype " " ", and to encrypt the authorization data,
sname is used for sname " " "
addrs, if non-NULL, is used for addresses " " "
authorization_dat, if non-NULL, is used for authorization_dat " " "
second_ticket, if required by options, is used for the 2nd ticket in the req.
in_cred is used for the ticket & session key in the KRB_AP_REQ header " " "
(the KDC realm is extracted from in_cred->server's realm)
The response is placed into *rep.
rep->response.data is set to point at allocated storage which should be
freed by the caller when finished.
returns system errors
*/
static krb5_error_code
krb5_send_tgs_basic(krb5_context context, krb5_data *in_data, krb5_creds *in_cred, krb5_data *outbuf)
{
/* Generate checksum */
return(retval);
}
/* gen authenticator */
authent.seq_number = 0;
return(retval);
}
/* encode the authenticator */
return(retval);
}
request.ap_options = 0;
/* Cleanup scratch and scratch data */
goto cleanup_data;
/* call the encryption routine */
goto cleanup_ticket;
return retval;
}
krb5_authdata *const *authorization_data,
{
krb5_ticket *sec_ticket = 0;
int tcp_only = 0, use_master;
/*
* in_creds MUST be a valid credential NOT just a partially filled in
* place holder for us to get credentials for the caller.
*/
return(KRB5_NO_TKT_SUPPLIED);
return(retval);
/* XXX we know they are the same size... */
if (authorization_data) {
/* need to encrypt it in the request */
&scratch)))
return(retval);
&tgsreq.authorization_data))) {
return retval;
}
}
/* Get the encryption types list */
if (ktypes) {
/* Check passed ktypes and make sure they're valid. */
return KRB5_PROG_ETYPE_NOSUPP;
}
} else {
/* Get the default ktypes */
}
if (second_ticket) {
goto send_tgs_error_1;
sec_ticket_arr[0] = sec_ticket;
sec_ticket_arr[1] = 0;
} else
tgsreq.second_ticket = 0;
/* encode the body; then checksum it */
goto send_tgs_error_2;
/*
* Get an ap_req.
*/
goto send_tgs_error_2;
}
/* combine in any other supplied padata */
if (padata) {
krb5_pa_data * const * counter;
register unsigned int i = 0;
if (!combined_padata) {
goto send_tgs_error_2;
}
combined_padata[0] = &ap_req_padata;
combined_padata[i] = 0;
} else {
if (!combined_padata) {
goto send_tgs_error_2;
}
combined_padata[0] = &ap_req_padata;
combined_padata[1] = 0;
}
/* the TGS_REQ is assembled in tgsreq, so encode it */
goto send_tgs_error_2;
}
/* now send request & get response from KDC */
use_master = 0;
if (retval == 0) {
if (!tcp_only) {
/* Solaris Kerberos */
if (retval == 0) {
tcp_only = 1;
goto send_again;
}
}
}
else /* XXX: assume it's an error */
}
if (sec_ticket)
}
return retval;
}