![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to mk_req.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / krb|
Return to mk_req.c CVS log | Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / krb |
1.1 ! root 1: /* ! 2: * $Source: /usr/src/kerberosIV/krb/RCS/mk_req.c,v $ ! 3: * $Author: kfall $ ! 4: * ! 5: * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute ! 6: * of Technology. ! 7: * ! 8: * For copying and distribution information, please see the file ! 9: * <mit-copyright.h>. ! 10: */ ! 11: ! 12: #ifndef lint ! 13: static char *rcsid_mk_req_c = ! 14: "$Header: /usr/src/kerberosIV/krb/RCS/mk_req.c,v 4.18 90/06/25 20:56:56 kfall Exp $"; ! 15: #endif /* lint */ ! 16: ! 17: #include <mit-copyright.h> ! 18: #include <des.h> ! 19: #include <krb.h> ! 20: #include <prot.h> ! 21: #include <sys/time.h> ! 22: #include <strings.h> ! 23: ! 24: extern int krb_ap_req_debug; ! 25: static struct timeval tv_local = { 0, 0 }; ! 26: static int lifetime = DEFAULT_TKT_LIFE; ! 27: ! 28: /* ! 29: * krb_mk_req takes a text structure in which an authenticator is to ! 30: * be built, the name of a service, an instance, a realm, ! 31: * and a checksum. It then retrieves a ticket for ! 32: * the desired service and creates an authenticator in the text ! 33: * structure passed as the first argument. krb_mk_req returns ! 34: * KSUCCESS on success and a Kerberos error code on failure. ! 35: * ! 36: * The peer procedure on the other end is krb_rd_req. When making ! 37: * any changes to this routine it is important to make corresponding ! 38: * changes to krb_rd_req. ! 39: * ! 40: * The authenticator consists of the following: ! 41: * ! 42: * authent->dat ! 43: * ! 44: * unsigned char KRB_PROT_VERSION protocol version no. ! 45: * unsigned char AUTH_MSG_APPL_REQUEST message type ! 46: * (least significant ! 47: * bit of above) HOST_BYTE_ORDER local byte ordering ! 48: * unsigned char kvno from ticket server's key version ! 49: * string realm server's realm ! 50: * unsigned char tl ticket length ! 51: * unsigned char idl request id length ! 52: * text ticket->dat ticket for server ! 53: * text req_id->dat request id ! 54: * ! 55: * The ticket information is retrieved from the ticket cache or ! 56: * fetched from Kerberos. The request id (called the "authenticator" ! 57: #ifdef NOENCRYPTION ! 58: * in the papers on Kerberos) contains the following: ! 59: #else ! 60: * in the papers on Kerberos) contains information encrypted in the session ! 61: * key for the client and ticket-granting service: {req_id}Kc,tgs ! 62: * Before encryption, it contains the following: ! 63: #endif ! 64: * ! 65: * req_id->dat ! 66: * ! 67: * string cr.pname {name, instance, and ! 68: * string cr.pinst realm of principal ! 69: * string myrealm making this request} ! 70: * 4 bytes checksum checksum argument given ! 71: * unsigned char tv_local.tf_usec time (milliseconds) ! 72: * 4 bytes tv_local.tv_sec time (seconds) ! 73: * ! 74: * req_id->length = 3 strings + 3 terminating nulls + 5 bytes for time, ! 75: * all rounded up to multiple of 8. ! 76: */ ! 77: ! 78: krb_mk_req(authent,service,instance,realm,checksum) ! 79: register KTEXT authent; /* Place to build the authenticator */ ! 80: char *service; /* Name of the service */ ! 81: char *instance; /* Service instance */ ! 82: char *realm; /* Authentication domain of service */ ! 83: long checksum; /* Checksum of data (optional) */ ! 84: { ! 85: static KTEXT_ST req_st; /* Temp storage for req id */ ! 86: register KTEXT req_id = &req_st; ! 87: unsigned char *v = authent->dat; /* Prot version number */ ! 88: unsigned char *t = (authent->dat+1); /* Message type */ ! 89: unsigned char *kv = (authent->dat+2); /* Key version no */ ! 90: unsigned char *tl = (authent->dat+4+strlen(realm)); /* Tkt len */ ! 91: unsigned char *idl = (authent->dat+5+strlen(realm)); /* Reqid len */ ! 92: CREDENTIALS cr; /* Credentials used by retr */ ! 93: register KTEXT ticket = &(cr.ticket_st); /* Pointer to tkt_st */ ! 94: int retval; /* Returned by krb_get_cred */ ! 95: static Key_schedule key_s; ! 96: char myrealm[REALM_SZ]; ! 97: ! 98: /* The fixed parts of the authenticator */ ! 99: *v = (unsigned char) KRB_PROT_VERSION; ! 100: *t = (unsigned char) AUTH_MSG_APPL_REQUEST; ! 101: *t |= HOST_BYTE_ORDER; ! 102: ! 103: /* Get the ticket and move it into the authenticator */ ! 104: if (krb_ap_req_debug) ! 105: printf("Realm: %s\n",realm); ! 106: /* ! 107: * Determine realm of these tickets. We will send this to the ! 108: * KDC from which we are requesting tickets so it knows what to ! 109: * with our session key. ! 110: */ ! 111: if ((retval = krb_get_tf_realm(TKT_FILE, myrealm)) != KSUCCESS) ! 112: return(retval); ! 113: ! 114: retval = krb_get_cred(service,instance,realm,&cr); ! 115: ! 116: if (retval == RET_NOTKT) { ! 117: if (retval = get_ad_tkt(service,instance,realm,lifetime)) ! 118: return(retval); ! 119: if (retval = krb_get_cred(service,instance,realm,&cr)) ! 120: return(retval); ! 121: } ! 122: ! 123: if (retval != KSUCCESS) return (retval); ! 124: ! 125: if (krb_ap_req_debug) ! 126: printf("%s %s %s %s %s\n", service, instance, realm, ! 127: cr.pname, cr.pinst); ! 128: *kv = (unsigned char) cr.kvno; ! 129: (void) strcpy((char *)(authent->dat+3),realm); ! 130: *tl = (unsigned char) ticket->length; ! 131: bcopy((char *)(ticket->dat),(char *)(authent->dat+6+strlen(realm)), ! 132: ticket->length); ! 133: authent->length = 6 + strlen(realm) + ticket->length; ! 134: if (krb_ap_req_debug) ! 135: printf("Ticket->length = %d\n",ticket->length); ! 136: if (krb_ap_req_debug) ! 137: printf("Issue date: %d\n",cr.issue_date); ! 138: ! 139: /* Build request id */ ! 140: (void) strcpy((char *)(req_id->dat),cr.pname); /* Auth name */ ! 141: req_id->length = strlen(cr.pname)+1; ! 142: /* Principal's instance */ ! 143: (void) strcpy((char *)(req_id->dat+req_id->length),cr.pinst); ! 144: req_id->length += strlen(cr.pinst)+1; ! 145: /* Authentication domain */ ! 146: (void) strcpy((char *)(req_id->dat+req_id->length),myrealm); ! 147: req_id->length += strlen(myrealm)+1; ! 148: /* Checksum */ ! 149: bcopy((char *)&checksum,(char *)(req_id->dat+req_id->length),4); ! 150: req_id->length += 4; ! 151: ! 152: /* Fill in the times on the request id */ ! 153: (void) gettimeofday(&tv_local,(struct timezone *) 0); ! 154: *(req_id->dat+(req_id->length)++) = ! 155: (unsigned char) tv_local.tv_usec; ! 156: /* Time (coarse) */ ! 157: bcopy((char *)&(tv_local.tv_sec), ! 158: (char *)(req_id->dat+req_id->length), 4); ! 159: req_id->length += 4; ! 160: ! 161: /* Fill to a multiple of 8 bytes for DES */ ! 162: req_id->length = ((req_id->length+7)/8)*8; ! 163: ! 164: #ifndef NOENCRYPTION ! 165: /* Encrypt the request ID using the session key */ ! 166: key_sched(cr.session,key_s); ! 167: pcbc_encrypt((C_Block *)req_id->dat,(C_Block *)req_id->dat, ! 168: (long) req_id->length,key_s,cr.session,1); ! 169: /* clean up */ ! 170: bzero((char *) key_s, sizeof(key_s)); ! 171: #endif /* NOENCRYPTION */ ! 172: ! 173: /* Copy it into the authenticator */ ! 174: bcopy((char *)(req_id->dat),(char *)(authent->dat+authent->length), ! 175: req_id->length); ! 176: authent->length += req_id->length; ! 177: /* And set the id length */ ! 178: *idl = (unsigned char) req_id->length; ! 179: /* clean up */ ! 180: bzero((char *)req_id, sizeof(*req_id)); ! 181: ! 182: if (krb_ap_req_debug) ! 183: printf("Authent->length = %d\n",authent->length); ! 184: if (krb_ap_req_debug) ! 185: printf("idl = %d, tl = %d\n",(int) *idl, (int) *tl); ! 186: ! 187: return(KSUCCESS); ! 188: } ! 189: ! 190: /* ! 191: * krb_set_lifetime sets the default lifetime for additional tickets ! 192: * obtained via krb_mk_req(). ! 193: * ! 194: * It returns the previous value of the default lifetime. ! 195: */ ! 196: ! 197: int ! 198: krb_set_lifetime(newval) ! 199: int newval; ! 200: { ! 201: int olife = lifetime; ! 202: ! 203: lifetime = newval; ! 204: return(olife); ! 205: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.