2 * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39 _kdc_fast_mk_response(krb5_context context
,
40 krb5_crypto armor_crypto
,
42 krb5_keyblock
*strengthen_key
,
43 KrbFastFinished
*finished
,
47 PA_FX_FAST_REPLY fxfastrep
;
48 KrbFastResponse fastrep
;
53 memset(&fxfastrep
, 0, sizeof(fxfastrep
));
54 memset(&fastrep
, 0, sizeof(fastrep
));
58 fastrep
.padata
.val
= pa_data
->val
;
59 fastrep
.padata
.len
= pa_data
->len
;
61 fastrep
.strengthen_key
= strengthen_key
;
62 fastrep
.finished
= finished
;
63 fastrep
.nonce
= nonce
;
65 ASN1_MALLOC_ENCODE(KrbFastResponse
, buf
.data
, buf
.length
,
66 &fastrep
, &size
, ret
);
69 if (buf
.length
!= size
)
70 krb5_abortx(context
, "internal asn.1 error");
72 fxfastrep
.element
= choice_PA_FX_FAST_REPLY_armored_data
;
74 ret
= krb5_encrypt_EncryptedData(context
,
80 &fxfastrep
.u
.armored_data
.enc_fast_rep
);
85 ASN1_MALLOC_ENCODE(PA_FX_FAST_REPLY
, data
->data
, data
->length
,
86 &fxfastrep
, &size
, ret
);
87 free_PA_FX_FAST_REPLY(&fxfastrep
);
90 if (data
->length
!= size
)
91 krb5_abortx(context
, "internal asn.1 error");
98 _kdc_fast_mk_error(krb5_context context
,
99 METHOD_DATA
*error_method
,
100 krb5_crypto armor_crypto
,
101 const KDC_REQ_BODY
*req_body
,
102 krb5_error_code outer_error
,
104 krb5_principal error_client
,
105 krb5_principal error_server
,
106 time_t *csec
, int *cusec
,
107 krb5_data
*error_msg
)
113 krb5_data_zero(&e_data
);
116 PA_FX_FAST_REPLY fxfastrep
;
117 KrbFastResponse fastrep
;
119 memset(&fxfastrep
, 0, sizeof(fxfastrep
));
120 memset(&fastrep
, 0, sizeof(fastrep
));
122 /* first add the KRB-ERROR to the fast errors */
124 ret
= krb5_mk_error(context
,
136 ret
= krb5_padata_add(context
, error_method
,
137 KRB5_PADATA_FX_ERROR
,
138 e_data
.data
, e_data
.length
);
140 krb5_data_free(&e_data
);
144 if (/* hide_principal */ 0) {
150 ret
= krb5_padata_add(context
, error_method
,
151 KRB5_PADATA_FX_COOKIE
,
156 ret
= _kdc_fast_mk_response(context
, armor_crypto
,
157 error_method
, NULL
, NULL
,
158 req_body
->nonce
, &e_data
);
159 free_METHOD_DATA(error_method
);
163 ret
= krb5_padata_add(context
, error_method
,
165 e_data
.data
, e_data
.length
);
173 if (error_method
&& error_method
->len
) {
174 ASN1_MALLOC_ENCODE(METHOD_DATA
, e_data
.data
, e_data
.length
,
175 error_method
, &size
, ret
);
178 if (e_data
.length
!= size
)
179 krb5_abortx(context
, "internal asn.1 error");
182 ret
= krb5_mk_error(context
,
185 (e_data
.length
? &e_data
: NULL
),
191 krb5_data_free(&e_data
);