/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
*
* Copyright 1990,1991 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*/
/*
*/
/*
* krb5_mk_safe()
*/
#include "k5-int.h"
#include "cleanup.h"
#include "auth_con.h"
/* Solaris Kerberos */
#include "kerberos_dtrace.h"
/*
Formats a KRB_SAFE message into outbuf.
userdata is formatted as the user data in the message.
sumtype specifies the encryption type; key specifies the key which
might be used to seed the checksum; sender_addr and recv_addr specify
the full addresses (host and port) of the sender and receiver.
The host portion of sender_addr is used to form the addresses used in the
KRB_SAFE message.
The outbuf buffer storage is allocated, and should be freed by the
caller when finished.
returns system errors
*/
static krb5_error_code
{
if (!krb5_c_valid_cksumtype(sumtype))
return KRB5_PROG_SUMTYPE_NOSUPP;
|| !krb5_c_is_keyed_cksum(sumtype))
return KRB5KRB_AP_ERR_INAPP_CKSUM;
/* We should check too make sure one exists. */
/*
* To do the checksum stuff, we need to encode the message with a
* zero-length zero-type checksum, then checksum the encoding, then
* re-encode with the checksum.
*/
safe_checksum.length = 0;
return retval;
scratch1, &safe_checksum)))
goto cleanup_checksum;
goto cleanup_checksum;
}
/* Solaris Kerberos */
retval = 0;
return retval;
}
{
/* Clear replaydata block */
/* Get key */
/* Get replay info */
return KRB5_RC_REQUIRED;
/* Need a better error */
return KRB5_RC_REQUIRED;
if (!auth_context->local_addr)
return KRB5_LOCAL_ADDR_REQUIRED;
&replaydata.usec)))
return retval;
}
}
}
{
CLEANUP_INIT(2);
if (auth_context->local_port) {
&local_fulladdr))){
} else {
goto error;
}
} else {
}
if (auth_context->remote_addr) {
if (auth_context->remote_port) {
&remote_fulladdr))){
} else {
CLEANUP_DONE();
goto error;
}
} else {
}
}
{
unsigned int nsumtypes;
unsigned int i;
if (retval) {
CLEANUP_DONE ();
goto error;
}
if (nsumtypes == 0) {
CLEANUP_DONE ();
goto error;
}
/*
* Solaris Kerberos
*
* Iterate thru sumtypes looking for match of safe_cksumtype.
* If found, set sumtype to safe_cksumtype.
* If not found, and our enctype is DES_CBC, set sumtype to the
* corresponding cksumtype, or call krb5int_c_mandatory_cksumtype()
* to determine and set sumtype.
*/
for (i = 0; i < nsumtypes; i++)
break;
if (i < nsumtypes)
else {
switch (enctype) {
case ENCTYPE_DES_CBC_MD4:
break;
case ENCTYPE_DES_CBC_MD5:
case ENCTYPE_DES_CBC_CRC:
break;
default:
&sumtype);
if (retval) {
CLEANUP_DONE();
goto error;
}
break;
}
}
}
CLEANUP_DONE();
goto error;
}
CLEANUP_DONE();
}
goto error;
}
/* should we really error out here? XXX */
goto error;
}
}
return 0;
return retval;
}