2 * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 RCSID("$Id: create_ticket.c,v 1.14 1999/12/02 16:58:41 joda Exp $");
39 * Create ticket takes as arguments information that should be in a
40 * ticket, and the KTEXT object in which the ticket should be
41 * constructed. It then constructs a ticket and returns, leaving the
42 * newly created ticket in tkt.
43 * The length of the ticket is a multiple of
44 * eight bytes and is in tkt->length.
46 * If the ticket is too long, the ticket will contain nulls.
48 * The corresponding routine to extract information from a ticket it
49 * decomp_ticket. When changes are made to this routine, the
50 * corresponding changes should also be made to that file.
52 * The packet is built in the following format:
55 * type or constant data
56 * ---- ----------- ----
58 * tkt->length length of ticket (multiple of 8 bytes)
62 * unsigned char flags namely, HOST_BYTE_ORDER
64 * string pname client's name
66 * string pinstance client's instance
68 * string prealm client's realm
70 * 4 bytes paddress client's address
72 * 8 bytes session session key
74 * 1 byte life ticket lifetime
76 * 4 bytes time_sec KDC timestamp
78 * string sname service's name
80 * string sinstance service's instance
82 * <=7 bytes null null pad to 8 byte multiple
87 krb_create_ticket(KTEXT tkt, /* Gets filled in by the ticket */
88 unsigned char flags, /* Various Kerberos flags */
89 char *pname, /* Principal's name */
90 char *pinstance, /* Principal's instance */
91 char *prealm, /* Principal's authentication domain */
92 int32_t paddress, /* Net address of requesting entity */
93 void *session, /* Session key inserted in ticket */
94 int16_t life, /* Lifetime of the ticket */
95 int32_t time_sec, /* Issue time and date */
96 char *sname, /* Service Name */
97 char *sinstance, /* Instance Name */
98 des_cblock *key) /* Service's secret key */
100 unsigned char *p = tkt->dat;
102 size_t rem = sizeof(tkt->dat);
104 memset(tkt, 0, sizeof(KTEXT_ST));
106 tmp = krb_put_int(flags, p, rem, 1);
112 tmp = krb_put_nir(pname, pinstance, prealm, p, rem);
118 tmp = krb_put_address(paddress, p, rem);
126 memcpy(p, session, 8);
130 tmp = krb_put_int(life, p, rem, 1);
136 tmp = krb_put_int(time_sec, p, rem, 4);
142 tmp = krb_put_nir(sname, sinstance, NULL, p, rem);
148 /* multiple of eight bytes */
149 tkt->length = (p - tkt->dat + 7) & ~7;
151 /* Check length of ticket */
152 if (tkt->length > (sizeof(KTEXT_ST) - 7)) {
153 memset(tkt->dat, 0, tkt->length);
155 return KFAILURE /* XXX */;
158 encrypt_ktext(tkt, key, DES_ENCRYPT);