diff options
Diffstat (limited to 'crypto/heimdal/kdc/524.c')
| -rw-r--r-- | crypto/heimdal/kdc/524.c | 183 |
1 files changed, 0 insertions, 183 deletions
diff --git a/crypto/heimdal/kdc/524.c b/crypto/heimdal/kdc/524.c deleted file mode 100644 index fb188de24def..000000000000 --- a/crypto/heimdal/kdc/524.c +++ /dev/null @@ -1,183 +0,0 @@ -/* - * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "kdc_locl.h" - -RCSID("$Id: 524.c,v 1.10 1999/12/02 17:04:58 joda Exp $"); - -#ifdef KRB4 - -krb5_error_code -do_524(Ticket *t, krb5_data *reply, const char *from, struct sockaddr *addr) -{ - krb5_error_code ret = 0; - krb5_principal sprinc = NULL; - krb5_crypto crypto; - hdb_entry *server; - Key *skey; - krb5_data et_data; - EncTicketPart et; - EncryptedData ticket; - krb5_storage *sp; - char *spn = NULL; - unsigned char buf[MAX_KTXT_LEN + 4 * 4]; - size_t len; - - principalname2krb5_principal(&sprinc, t->sname, t->realm); - krb5_unparse_name(context, sprinc, &spn); - server = db_fetch(sprinc); - if(server == NULL){ - kdc_log(0, "Request to convert ticket from %s for unknown principal %s", - from, spn); - goto out; - } - ret = hdb_enctype2key(context, server, t->enc_part.etype, &skey); - if(ret){ - kdc_log(0, "No suitable key found for server (%s) " - "when converting ticket from ", spn, from); - goto out; - } - krb5_crypto_init(context, &skey->key, 0, &crypto); - ret = krb5_decrypt_EncryptedData (context, - crypto, - KRB5_KU_TICKET, - &t->enc_part, - &et_data); - krb5_crypto_destroy(context, crypto); - if(ret){ - kdc_log(0, "Failed to decrypt ticket from %s for %s", from, spn); - goto out; - } - ret = krb5_decode_EncTicketPart(context, et_data.data, et_data.length, - &et, &len); - krb5_data_free(&et_data); - if(ret){ - kdc_log(0, "Failed to decode ticket from %s for %s", from, spn); - goto out; - } - { - krb5_principal client; - char *cpn; - principalname2krb5_principal(&client, et.cname, et.crealm); - krb5_unparse_name(context, client, &cpn); - kdc_log(1, "524-REQ %s from %s for %s", cpn, from, spn); - free(cpn); - krb5_free_principal(context, client); - } - - if(et.endtime < kdc_time){ - kdc_log(0, "Ticket expired (%s)", spn); - free_EncTicketPart(&et); - ret = KRB5KRB_AP_ERR_TKT_EXPIRED; - goto out; - } - if(et.flags.invalid){ - kdc_log(0, "Ticket not valid (%s)", spn); - free_EncTicketPart(&et); - ret = KRB5KRB_AP_ERR_TKT_NYV; - goto out; - } - { - krb5_addresses *save_caddr, new_addr; - krb5_address v4_addr; - - ret = krb5_sockaddr2address(addr, &v4_addr); - if(ret) { - kdc_log(0, "Failed to convert address (%s)", spn); - free_EncTicketPart(&et); - goto out; - } - - if (et.caddr && !krb5_address_search (context, &v4_addr, et.caddr)) { - kdc_log(0, "Incorrect network address (%s)", spn); - free_EncTicketPart(&et); - krb5_free_address(context, &v4_addr); - ret = KRB5KRB_AP_ERR_BADADDR; - goto out; - } - if(v4_addr.addr_type == KRB5_ADDRESS_INET) { - /* we need to collapse the addresses in the ticket to a - single address; best guess is to use the address the - connection came from */ - save_caddr = et.caddr; - new_addr.len = 1; - new_addr.val = &v4_addr; - et.caddr = &new_addr; - } - ret = encode_v4_ticket(buf + sizeof(buf) - 1, sizeof(buf), - &et, &t->sname, &len); - if(v4_addr.addr_type == KRB5_ADDRESS_INET) - et.caddr = save_caddr; - } - free_EncTicketPart(&et); - if(ret){ - kdc_log(0, "Failed to encode v4 ticket (%s)", spn); - goto out; - } - ret = get_des_key(server, &skey); - if(ret){ - kdc_log(0, "No DES key for server (%s)", spn); - goto out; - } - ret = encrypt_v4_ticket(buf + sizeof(buf) - len, len, - skey->key.keyvalue.data, &ticket); - if(ret){ - kdc_log(0, "Failed to encrypt v4 ticket (%s)", spn); - goto out; - } -out: - /* make reply */ - memset(buf, 0, sizeof(buf)); - sp = krb5_storage_from_mem(buf, sizeof(buf)); - krb5_store_int32(sp, ret); - if(ret == 0){ - krb5_store_int32(sp, server->kvno); /* is this right? */ - krb5_store_data(sp, ticket.cipher); - /* Aargh! This is coded as a KTEXT_ST. */ - sp->seek(sp, MAX_KTXT_LEN - ticket.cipher.length, SEEK_CUR); - krb5_store_int32(sp, 0); /* mbz */ - free_EncryptedData(&ticket); - } - ret = krb5_storage_to_data(sp, reply); - krb5_storage_free(sp); - - if(spn) - free(spn); - if(sprinc) - krb5_free_principal(context, sprinc); - hdb_free_entry(context, server); - free(server); - return ret; -} - -#endif |