From 855969e8577f84f021f4629f44d545e30652e844 Mon Sep 17 00:00:00 2001 From: Assar Westerlund Date: Sun, 16 Mar 1997 17:18:14 +0000 Subject: [PATCH] implemented functionality git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@1441 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/krb5/sendauth.c | 122 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 119 insertions(+), 3 deletions(-) diff --git a/lib/krb5/sendauth.c b/lib/krb5/sendauth.c index a44b52e9a..fdd7bb9f0 100644 --- a/lib/krb5/sendauth.c +++ b/lib/krb5/sendauth.c @@ -2,10 +2,32 @@ RCSID("$Id$"); +/* + * The format seems to be: + * client -> server + * + * 4 bytes - length + * KRB5_SENDAUTH_V1.0 (including zero) + * 4 bytes - length + * protocol string (with terminating zero) + * + * server -> client + * 1 byte - status ( 0 = OK) + * + * client -> server + * 4 bytes - length + * AP-REQ + * + * server -> client + * 4 bytes - 00 00 00 00 (?) + * 4 bytes - length + * AP-REP + */ + krb5_error_code krb5_sendauth(krb5_context context, - krb5_auth_context auth_context, - krb5_pointer fd, + krb5_auth_context *auth_context, + krb5_pointer p_fd, char *appl_version, krb5_principal client, krb5_principal server, @@ -14,7 +36,101 @@ krb5_sendauth(krb5_context context, krb5_creds *in_creds, krb5_ccache ccache, /*krb5_error*/ void **error, - /*krb5_ap_rep_enc_part*/ void **rep_result, + krb5_ap_rep_enc_part **rep_result, krb5_creds **out_creds) { + krb5_error_code ret; + int fd = *((int *)p_fd); + u_int32_t len; + const char *version = "KRB5_SENDAUTH_V1.0"; + u_char repl; + krb5_data ap_req; + krb5_creds this_cred; + krb5_creds *creds; + + len = htonl(strlen(version) + 1); + if (krb5_net_write (context, fd, &len, 4) != 4 + || krb5_net_write (context, fd, version, ntohl(len)) != ntohl(len)) + return errno; + + len = htonl(strlen(appl_version) + 1); + if (krb5_net_write (context, fd, &len, 4) != 4 + || krb5_net_write (context, fd, appl_version, ntohl(len)) != ntohl(len)) + return errno; + + if (krb5_net_read (context, fd, &repl, sizeof(repl)) != sizeof(repl)) + return errno; + + if (repl != 0) + return KRB5_SENDAUTH_BADRESPONSE; /* XXX */ + + if (in_creds == NULL) { + if (client == NULL) { + ret = krb5_cc_get_principal (context, ccache, &client); + if (ret) + return ret; + } + this_cred.client = client; + this_cred.server = server; + this_cred.times.endtime = 0; + this_cred.ticket.length = 0; + in_creds = &this_cred; + } + if (in_creds->ticket.length == 0) { + ret = krb5_get_credentials (context, 0, ccache, in_creds, &creds); + if (ret) + return ret; + } else { + creds = in_creds; + } + if (out_creds) + *out_creds = creds; + + ret = krb5_mk_req_extended (context, + auth_context, + ap_req_options, + in_data, + creds, + &ap_req); + if (ret) + return ret; + + len = htonl(ap_req.length); + if (krb5_net_write (context, fd, &len, 4) != 4 + || krb5_net_write (context, fd, + ap_req.data, ap_req.length) != ap_req.length) + return errno; + krb5_data_free (&ap_req); + + if (krb5_net_read (context, fd, &len, 4) != 4) + return errno; + + if (len != 0) + return KRB5_SENDAUTH_REJECTED; + + if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED) { + krb5_data ap_rep; + krb5_ap_rep_enc_part *ignore; + + if (krb5_net_read (context, fd, &len, 4) != 4) + return errno; + + len = ntohl(len); + ap_rep.length = len; + ap_rep.data = malloc (len); + if (ap_rep.data == NULL) + return ENOMEM; + + if (krb5_net_read (context, fd, ap_rep.data, len) != len) + return errno; + + ret = krb5_rd_rep (context, *auth_context, &ap_rep, + rep_result ? rep_result : &ignore); + if (ret) + return ret; + if (rep_result == NULL) + krb5_free_ap_rep_enc_part (context, ignore); + krb5_data_free (&ap_rep); + } + return 0; }