| blob | 656378309db7bf5e4e7c53874ad1a99fa291a239 |
1 /*
2 * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
36 /*
37 * See `sendauth.c' for the format.
38 */
40 static krb5_boolean
42 {
44 }
46 /**
47 * Perform the server side of the sendauth protocol.
48 *
49 * @param context Kerberos 5 context.
50 * @param auth_context authentication context of the peer.
51 * @param p_fd socket associated to the connection.
52 * @param appl_version server-specific string.
53 * @param server server principal.
54 * @param flags if KRB5_RECVAUTH_IGNORE_VERSION is set, skip the sendauth version
55 * part of the protocol.
56 * @param keytab server keytab.
57 * @param ticket on success, set to the authenticated client credentials.
58 * Must be deallocated with krb5_free_ticket(). If not
59 * interested, pass a NULL value.
60 *
61 * @return 0 to indicate success. Otherwise a Kerberos error code is
62 * returned, see krb5_get_error_message().
63 */
64 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
67 krb5_pointer p_fd,
69 krb5_principal server,
71 krb5_keytab keytab,
73 {
78 }
80 /**
81 * Perform the server side of the sendauth protocol like krb5_recvauth(), but support
82 * a user-specified callback, \a match_appl_version, to perform the match of the application
83 * version \a match_data.
84 */
85 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
88 krb5_pointer p_fd,
92 krb5_principal server,
94 krb5_keytab keytab,
96 {
97 krb5_error_code ret;
102 u_char repl;
103 krb5_data data;
104 krb5_flags ap_options;
105 ssize_t n;
107 /*
108 * If there are no addresses in auth_context, get them from `fd'.
109 */
115 }
119 p_fd);
123 /*
124 * Expect SENDAUTH protocol version.
125 */
132 }
137 }
146 }
147 }
149 /*
150 * Expect application protocol version.
151 */
157 }
161 }
167 }
173 }
180 her_appl_version);
183 }
186 /*
187 * Send OK.
188 */
194 }
196 /*
197 * Until here, the fields in the message were in cleartext and unauthenticated.
198 * From now on, Kerberos kicks in.
199 */
201 /*
202 * Expect AP_REQ.
203 */
210 auth_context,
212 server,
213 keytab,
215 ticket);
218 krb5_data error_data;
219 krb5_error_code ret2;
222 ret,
223 NULL,
224 NULL,
225 NULL,
226 server,
227 NULL,
228 NULL,
233 }
235 }
237 /*
238 * Send OK.
239 */
247 }
249 /*
250 * If client requires mutual authentication, send AP_REP.
251 */
258 }
265 }
267 }
269 }