summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/lib/krb5/mk_safe.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/lib/krb5/mk_safe.c')
-rw-r--r--crypto/heimdal/lib/krb5/mk_safe.c183
1 files changed, 100 insertions, 83 deletions
diff --git a/crypto/heimdal/lib/krb5/mk_safe.c b/crypto/heimdal/lib/krb5/mk_safe.c
index 8bfa066..0b75759 100644
--- a/crypto/heimdal/lib/krb5/mk_safe.c
+++ b/crypto/heimdal/lib/krb5/mk_safe.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,92 +33,109 @@
#include <krb5_locl.h>
-RCSID("$Id: mk_safe.c,v 1.28.4.1 2004/03/07 12:46:43 lha Exp $");
+RCSID("$Id: mk_safe.c 13863 2004-05-25 21:46:46Z lha $");
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_mk_safe(krb5_context context,
krb5_auth_context auth_context,
const krb5_data *userdata,
krb5_data *outbuf,
- /*krb5_replay_data*/ void *outdata)
+ krb5_replay_data *outdata)
{
- krb5_error_code ret;
- KRB_SAFE s;
- int32_t sec, usec;
- KerberosTime sec2;
- int usec2;
- u_char *buf = NULL;
- size_t buf_size;
- size_t len;
- u_int32_t tmp_seq;
- krb5_crypto crypto;
- krb5_keyblock *key;
-
- if (auth_context->local_subkey)
- key = auth_context->local_subkey;
- else if (auth_context->remote_subkey)
- key = auth_context->remote_subkey;
- else
- key = auth_context->keyblock;
-
- s.pvno = 5;
- s.msg_type = krb_safe;
-
- s.safe_body.user_data = *userdata;
- krb5_us_timeofday (context, &sec, &usec);
-
- sec2 = sec;
- s.safe_body.timestamp = &sec2;
- usec2 = usec;
- s.safe_body.usec = &usec2;
- if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
- tmp_seq = auth_context->local_seqnumber;
- s.safe_body.seq_number = &tmp_seq;
- } else
- s.safe_body.seq_number = NULL;
-
- s.safe_body.s_address = auth_context->local_address;
- s.safe_body.r_address = auth_context->remote_address;
-
- s.cksum.cksumtype = 0;
- s.cksum.checksum.data = NULL;
- s.cksum.checksum.length = 0;
-
- ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret);
- if (ret)
- return ret;
- if(buf_size != len)
- krb5_abortx(context, "internal error in ASN.1 encoder");
- ret = krb5_crypto_init(context, key, 0, &crypto);
- if (ret) {
- free (buf);
- return ret;
- }
- ret = krb5_create_checksum(context,
- crypto,
- KRB5_KU_KRB_SAFE_CKSUM,
- 0,
- buf,
- len,
- &s.cksum);
- krb5_crypto_destroy(context, crypto);
- if (ret) {
- free (buf);
- return ret;
- }
-
- free(buf);
- ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret);
- free_Checksum (&s.cksum);
- if(ret)
- return ret;
- if(buf_size != len)
- krb5_abortx(context, "internal error in ASN.1 encoder");
-
- outbuf->length = len;
- outbuf->data = buf;
- if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
- auth_context->local_seqnumber =
- (auth_context->local_seqnumber + 1) & 0xFFFFFFFF;
- return 0;
+ krb5_error_code ret;
+ KRB_SAFE s;
+ u_char *buf = NULL;
+ size_t buf_size;
+ size_t len;
+ krb5_crypto crypto;
+ krb5_keyblock *key;
+ krb5_replay_data rdata;
+
+ if ((auth_context->flags &
+ (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
+ outdata == NULL)
+ return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
+
+ if (auth_context->local_subkey)
+ key = auth_context->local_subkey;
+ else if (auth_context->remote_subkey)
+ key = auth_context->remote_subkey;
+ else
+ key = auth_context->keyblock;
+
+ s.pvno = 5;
+ s.msg_type = krb_safe;
+
+ memset(&rdata, 0, sizeof(rdata));
+
+ s.safe_body.user_data = *userdata;
+
+ krb5_us_timeofday (context, &rdata.timestamp, &rdata.usec);
+
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
+ s.safe_body.timestamp = &rdata.timestamp;
+ s.safe_body.usec = &rdata.usec;
+ } else {
+ s.safe_body.timestamp = NULL;
+ s.safe_body.usec = NULL;
+ }
+
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_RET_TIME) {
+ outdata->timestamp = rdata.timestamp;
+ outdata->usec = rdata.usec;
+ }
+
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
+ rdata.seq = auth_context->local_seqnumber;
+ s.safe_body.seq_number = &rdata.seq;
+ } else
+ s.safe_body.seq_number = NULL;
+
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)
+ outdata->seq = auth_context->local_seqnumber;
+
+ s.safe_body.s_address = auth_context->local_address;
+ s.safe_body.r_address = auth_context->remote_address;
+
+ s.cksum.cksumtype = 0;
+ s.cksum.checksum.data = NULL;
+ s.cksum.checksum.length = 0;
+
+ ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret);
+ if (ret)
+ return ret;
+ if(buf_size != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret) {
+ free (buf);
+ return ret;
+ }
+ ret = krb5_create_checksum(context,
+ crypto,
+ KRB5_KU_KRB_SAFE_CKSUM,
+ 0,
+ buf,
+ len,
+ &s.cksum);
+ krb5_crypto_destroy(context, crypto);
+ if (ret) {
+ free (buf);
+ return ret;
+ }
+
+ free(buf);
+ ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret);
+ free_Checksum (&s.cksum);
+ if(ret)
+ return ret;
+ if(buf_size != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+
+ outbuf->length = len;
+ outbuf->data = buf;
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
+ auth_context->local_seqnumber =
+ (auth_context->local_seqnumber + 1) & 0xFFFFFFFF;
+ return 0;
}
OpenPOWER on IntegriCloud