*** empty log message ***

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@315 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 183 insertions, 0 deletions

diff --git a/src/lib/krb5/krb/in_tkt_pwd.c b/src/lib/krb5/krb/in_tkt_pwd.c
new file mode 100644
index 0000000..1fb08b0
--- /dev/null
+++ b/src/lib/krb5/krb/in_tkt_pwd.c
@@ -0,0 +1,107 @@
+/*
+ * $Source$
+ * $Author$
+ *
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <krb5/mit-copyright.h>.
+ *
+ * krb5_get_in_tkt_with_password()
+ */
+
+#if !defined(lint) && !defined(SABER)
+static char rcsid_in_tkt_pwd_c[] =
+"$Id$";
+#endif	/* !lint & !SABER */
+
+#include <krb5/copyright.h>
+#include <krb5/krb5.h>
+#include <krb5/krb5_err.h>
+#include <errno.h>
+#include <krb5/ext-proto.h>
+
+extern krb5_cryptosystem_entry *string_to_keyarray[]; /* XXX */
+
+struct pwd_keyproc_arg {
+    krb5_principal who;
+    krb5_data password;
+};
+
+/* 
+ * key-producing procedure for use by krb5_get_in_tkt_with_password.
+ */
+
+static krb5_error_code
+pwd_keyproc(type, key, keyseed)
+krb5_keytype type;
+krb5_keyblock **key;
+krb5_pointer keyseed;
+{
+    krb5_error_code retval;
+    struct pwd_keyproc_arg *arg;
+
+    if (!valid_keytype(type))
+	return KRB5KDC_ERR_ETYPE_NOSUPP; /* XXX */
+    *key = (krb5_keyblock *)malloc(sizeof(**key));
+    if (!*key)
+	return ENOMEM;
+    
+    arg = (struct pwd_keyproc_arg *)keyseed;
+    if (retval = (*string_to_keyarray[type]->string_to_key)(type,
+							    *key,
+							    &arg->password,
+							    arg->who)) {
+	free((char *) *key);
+	return(retval);
+    }
+    return 0;
+}
+
+/*
+ Attempts to get an initial ticket for creds->client to use server
+ creds->server, (realm is taken from creds->client), with options
+ options, requesting encryption type etype, and using
+ creds->times.starttime,  creds->times.endtime,  creds->times.renew_till
+ as from, till, and rtime.  creds->times.renew_till is ignored unless
+ the RENEWABLE option is requested.
+
+ If addrs is non-NULL, it is used for the addresses requested.  If it is
+ null, the system standard addresses are used.
+
+ If password is non-NULL, it is converted using the cryptosystem entry
+ point for a string conversion routine, seeded with the client's name.
+ If password is passed as NULL, the password is read from the terminal,
+ and then converted into a key.
+
+ A succesful call will place the ticket in the credentials cache ccache.
+
+ returns system errors, encryption errors
+ */
+krb5_error_code
+krb5_get_in_tkt_with_password(options, addrs, etype, keytype, password,
+			      ccache, creds)
+krb5_flags options;
+krb5_address **addrs;
+krb5_enctype etype;
+krb5_keytype keytype;
+char *password;
+krb5_ccache ccache;
+krb5_creds *creds;
+{
+    krb5_error_code retval;
+    struct pwd_keyproc_arg keyseed;
+
+
+    keyseed.password.data = password;
+    keyseed.password.length = strlen(password);
+    keyseed.who = creds->client;
+
+    retval = krb5_get_in_tkt(options, addrs, etype, keytype, pwd_keyproc,
+			     (krb5_pointer) &keyseed,
+			     krb5_kdc_rep_decrypt_proc, 0,
+			     creds);
+    /* XXX need to play with creds & store them ? */
+    return retval;
+}
+
diff --git a/src/lib/krb5/krb/kdc_rep_dc.c b/src/lib/krb5/krb/kdc_rep_dc.c
new file mode 100644
index 0000000..7dfdfad
--- /dev/null
+++ b/src/lib/krb5/krb/kdc_rep_dc.c
@@ -0,0 +1,76 @@
+/*
+ * $Source$
+ * $Author$
+ *
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <krb5/mit-copyright.h>.
+ *
+ * krb5_kdc_rep_tkt_decrypt()
+ */
+
+#if !defined(lint) && !defined(SABER)
+static char rcsid_kdc_rep_dc_c [] =
+"$Id$";
+#endif	/* !lint & !SABER */
+
+#include <krb5/copyright.h>
+#include <krb5/krb5.h>
+#include <krb5/krb5_err.h>
+#include <krb5/ext-proto.h>
+#include <errno.h>
+
+/*ARGSUSED*/
+krb5_error_code
+krb5_kdc_rep_decrypt_proc(dec_rep, key, decryptarg)
+krb5_kdc_rep *dec_rep;
+krb5_keyblock *key;
+krb5_pointer decryptarg;
+{
+    krb5_error_code retval;
+    krb5_encrypt_block eblock;
+    krb5_data scratch;
+    krb5_enc_kdc_rep_part *local_encpart;
+
+    if (!valid_etype(dec_rep->etype))
+	return KRB5KDC_ERR_ETYPE_NOSUPP;
+
+    scratch.length = dec_rep->enc_part.length;
+    if (!(scratch.data = malloc(dec_rep->enc_part.length))) {
+	return(ENOMEM);
+    }
+
+    /* put together an eblock for this encryption */
+
+    eblock.crypto_entry = krb5_csarray[dec_rep->etype]->system;
+
+    /* do any necessary key pre-processing */
+    if (retval = (*eblock.crypto_entry->process_key)(&eblock, key)) {
+	free(scratch.data);
+	return(retval);
+    }
+
+    /* call the encryption routine */
+    if (retval =
+	(*eblock.crypto_entry->decrypt_func)((krb5_pointer) dec_rep->enc_part.data,
+					     (krb5_pointer) scratch.data,
+					     scratch.length, &eblock)) {
+	(void) (*eblock.crypto_entry->finish_key)(&eblock);
+	free(scratch.data);
+	return retval;
+    }
+#define clean_scratch() {bzero(scratch.data, scratch.length); free(scratch.data);}
+    if (retval = (*eblock.crypto_entry->finish_key)(&eblock)) {
+	clean_scratch();
+	return retval;
+    }
+    retval = decode_krb5_enc_kdc_rep_part(&scratch, &local_encpart);
+    clean_scratch();
+    if (retval)
+	return retval;
+
+    dec_rep->enc_part2 = local_encpart;
+
+    return 0;
+}