1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
/*
* This software may now be redistributed outside the US.
*
* $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/decomp_ticket.c,v $
*
* $Locker: $
*/
/*
Copyright (C) 1989 by the Massachusetts Institute of Technology
Export of this software from the United States of America is assumed
to require a specific license from the United States Government.
It is the responsibility of any person or organization contemplating
export to obtain such a license before exporting.
WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
distribute this software and its documentation for any purpose and
without fee is hereby granted, provided that the above copyright
notice appear in all copies and that both that copyright notice and
this permission notice appear in supporting documentation, and that
the name of M.I.T. not be used in advertising or publicity pertaining
to distribution of the software without specific, written prior
permission. M.I.T. makes no representations about the suitability of
this software for any purpose. It is provided "as is" without express
or implied warranty.
*/
#include "krb_locl.h"
/*
* This routine takes a ticket and pointers to the variables that
* should be filled in based on the information in the ticket. It
* fills in values for its arguments.
*
* Note: if the client realm field in the ticket is the null string,
* then the "prealm" variable is filled in with the local realm.
*
* If the ticket byte order is different than the host's byte order
* (as indicated by the byte order bit of the "flags" field), then
* the KDC timestamp "time_sec" is byte-swapped. The other fields
* potentially affected by byte order, "paddress" and "session" are
* not byte-swapped.
*
* The routine returns KFAILURE if any of the "pname", "pinstance",
* or "prealm" fields is too big, otherwise it returns KSUCCESS.
*
* The corresponding routine to generate tickets is create_ticket.
* When changes are made to this routine, the corresponding changes
* should also be made to that file.
*
* See create_ticket.c for the format of the ticket packet.
*/
int
decomp_ticket(tkt, flags, pname, pinstance, prealm, paddress, session,
life, time_sec, sname, sinstance, key, key_s)
KTEXT tkt; /* The ticket to be decoded */
unsigned char *flags; /* Kerberos ticket flags */
char *pname; /* Authentication name */
char *pinstance; /* Principal's instance */
char *prealm; /* Principal's authentication domain */
u_int32_t *paddress; /* Net address of entity
* requesting ticket */
unsigned char *session; /* Session key inserted in ticket */
int *life; /* Lifetime of the ticket */
u_int32_t *time_sec; /* Issue time and date */
char *sname; /* Service name */
char *sinstance; /* Service instance */
des_cblock *key; /* Service's secret key
* (to decrypt the ticket) */
struct des_ks_struct *key_s; /* The precomputed key schedule */
{
static int tkt_swap_bytes;
unsigned char *uptr;
char *ptr = (char *)tkt->dat;
#ifndef NOENCRYPTION
des_pcbc_encrypt((des_cblock *)tkt->dat,(des_cblock *)tkt->dat,(long)tkt->length,
key_s,key, DES_DECRYPT);
#endif /* ! NOENCRYPTION */
*flags = *ptr; /* get flags byte */
ptr += sizeof(*flags);
tkt_swap_bytes = 0;
if (HOST_BYTE_ORDER != ((*flags >> K_FLAG_ORDER)& 1))
tkt_swap_bytes++;
if (strlen(ptr) > ANAME_SZ)
return(KFAILURE);
(void) strcpy(pname,ptr); /* pname */
ptr += strlen(pname) + 1;
if (strlen(ptr) > INST_SZ)
return(KFAILURE);
(void) strcpy(pinstance,ptr); /* instance */
ptr += strlen(pinstance) + 1;
if (strlen(ptr) > REALM_SZ)
return(KFAILURE);
(void) strcpy(prealm,ptr); /* realm */
ptr += strlen(prealm) + 1;
/* temporary hack until realms are dealt with properly */
if (*prealm == 0 && krb_get_lrealm(prealm, 1) != KSUCCESS)
return(KFAILURE);
bcopy(ptr,(char *)paddress,4); /* net address */
ptr += 4;
bcopy(ptr,(char *)session,8); /* session key */
ptr+= 8;
#ifdef notdef /* DONT SWAP SESSION KEY spm 10/22/86 */
if (tkt_swap_bytes)
swap_C_Block(session);
#endif
/* get lifetime, being certain we don't get negative lifetimes */
uptr = (unsigned char *) ptr++;
*life = (int) *uptr;
bcopy(ptr,(char *) time_sec,4); /* issue time */
ptr += 4;
if (tkt_swap_bytes)
swap_u_long(*time_sec);
(void) strcpy(sname,ptr); /* service name */
ptr += 1 + strlen(sname);
(void) strcpy(sinstance,ptr); /* instance */
ptr += 1 + strlen(sinstance);
return(KSUCCESS);
}
|
