crypto/heimdal/lib/krb5/get_in_tkt.c

   1 /*
   2  * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #include "krb5_locl.h"
  35
  36 RCSID("$Id: get_in_tkt.c,v 1.106 2002/09/04 16:26:04 joda Exp $");
  37
  38 krb5_error_code
  39 krb5_init_etype (krb5_context context,
  40                  unsigned *len,
  41                  krb5_enctype **val,
  42                  const krb5_enctype *etypes)
  43 {
  44     int i;
  45     krb5_error_code ret;
  46     krb5_enctype *tmp = NULL;
  47
  48     ret = 0;
  49     if (etypes == NULL) {
  50         ret = krb5_get_default_in_tkt_etypes(context,
  51                                              &tmp);
  52         if (ret)
  53             return ret;
  54         etypes = tmp;
  55     }
  56
  57     for (i = 0; etypes[i]; ++i)
  58         ;
  59     *len = i;
  60     *val = malloc(i * sizeof(**val));
  61     if (i != 0 && *val == NULL) {
  62         ret = ENOMEM;
  63         krb5_set_error_string(context, "malloc: out of memory");
  64         goto cleanup;
  65     }
  66     memmove (*val,
  67              etypes,
  68              i * sizeof(*tmp));
  69 cleanup:
  70     if (tmp != NULL)
  71         free (tmp);
  72     return ret;
  73 }
  74
  75
  76 static krb5_error_code
  77 decrypt_tkt (krb5_context context,
  78              krb5_keyblock *key,
  79              krb5_key_usage usage,
  80              krb5_const_pointer decrypt_arg,
  81              krb5_kdc_rep *dec_rep)
  82 {
  83     krb5_error_code ret;
  84     krb5_data data;
  85     size_t size;
  86     krb5_crypto crypto;
  87
  88     ret = krb5_crypto_init(context, key, 0, &crypto);
  89     if (ret)
  90         return ret;
  91
  92     ret = krb5_decrypt_EncryptedData (context,
  93                                       crypto,
  94                                       usage,
  95                                       &dec_rep->kdc_rep.enc_part,
  96                                       &data);
  97     krb5_crypto_destroy(context, crypto);
  98
  99     if (ret)
 100         return ret;
 101
 102     ret = krb5_decode_EncASRepPart(context,
 103                                    data.data,
 104                                    data.length,
 105                                    &dec_rep->enc_part,
 106                                    &size);
 107     if (ret)
 108         ret = krb5_decode_EncTGSRepPart(context,
 109                                         data.data,
 110                                         data.length,
 111                                         &dec_rep->enc_part,
 112                                         &size);
 113     krb5_data_free (&data);
 114     if (ret)
 115         return ret;
 116     return 0;
 117 }
 118
 119 int
 120 _krb5_extract_ticket(krb5_context context,
 121                      krb5_kdc_rep *rep,
 122                      krb5_creds *creds,
 123                      krb5_keyblock *key,
 124                      krb5_const_pointer keyseed,
 125                      krb5_key_usage key_usage,
 126                      krb5_addresses *addrs,
 127                      unsigned nonce,
 128                      krb5_boolean allow_server_mismatch,
 129                      krb5_boolean ignore_cname,
 130                      krb5_decrypt_proc decrypt_proc,
 131                      krb5_const_pointer decryptarg)
 132 {
 133     krb5_error_code ret;
 134     krb5_principal tmp_principal;
 135     int tmp;
 136     time_t tmp_time;
 137     krb5_timestamp sec_now;
 138
 139     ret = principalname2krb5_principal (&tmp_principal,
 140                                         rep->kdc_rep.cname,
 141                                         rep->kdc_rep.crealm);
 142     if (ret)
 143         goto out;
 144
 145     /* compare client */
 146
 147     if (!ignore_cname) {
 148         tmp = krb5_principal_compare (context, tmp_principal, creds->client);
 149         if (!tmp) {
 150             krb5_free_principal (context, tmp_principal);
 151             krb5_clear_error_string (context);
 152             ret = KRB5KRB_AP_ERR_MODIFIED;
 153             goto out;
 154         }
 155     }
 156
 157     krb5_free_principal (context, creds->client);
 158     creds->client = tmp_principal;
 159
 160     /* extract ticket */
 161     ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length,
 162                        &rep->kdc_rep.ticket, &creds->ticket.length, ret);
 163     if(ret)
 164         goto out;
 165     creds->second_ticket.length = 0;
 166     creds->second_ticket.data   = NULL;
 167
 168     /* compare server */
 169
 170     ret = principalname2krb5_principal (&tmp_principal,
 171                                         rep->kdc_rep.ticket.sname,
 172                                         rep->kdc_rep.ticket.realm);
 173     if (ret)
 174         goto out;
 175     if(allow_server_mismatch){
 176         krb5_free_principal(context, creds->server);
 177         creds->server = tmp_principal;
 178         tmp_principal = NULL;
 179     }else{
 180         tmp = krb5_principal_compare (context, tmp_principal, creds->server);
 181         krb5_free_principal (context, tmp_principal);
 182         if (!tmp) {
 183             ret = KRB5KRB_AP_ERR_MODIFIED;
 184             krb5_clear_error_string (context);
 185             goto out;
 186         }
 187     }
 188
 189     /* decrypt */
 190
 191     if (decrypt_proc == NULL)
 192         decrypt_proc = decrypt_tkt;
 193
 194     ret = (*decrypt_proc)(context, key, key_usage, decryptarg, rep);
 195     if (ret)
 196         goto out;
 197
 198 #if 0
 199     /* XXX should this decode be here, or in the decrypt_proc? */
 200     ret = krb5_decode_keyblock(context, &rep->enc_part.key, 1);
 201     if(ret)
 202         goto out;
 203 #endif
 204
 205     /* compare nonces */
 206
 207     if (nonce != rep->enc_part.nonce) {
 208         ret = KRB5KRB_AP_ERR_MODIFIED;
 209         krb5_set_error_string(context, "malloc: out of memory");
 210         goto out;
 211     }
 212
 213     /* set kdc-offset */
 214
 215     krb5_timeofday (context, &sec_now);
 216     if (rep->enc_part.flags.initial
 217         && context->kdc_sec_offset == 0
 218         && krb5_config_get_bool (context, NULL,
 219                                  "libdefaults",
 220                                  "kdc_timesync",
 221                                  NULL)) {
 222         context->kdc_sec_offset = rep->enc_part.authtime - sec_now;
 223         krb5_timeofday (context, &sec_now);
 224     }
 225
 226     /* check all times */
 227
 228     if (rep->enc_part.starttime) {
 229         tmp_time = *rep->enc_part.starttime;
 230     } else
 231         tmp_time = rep->enc_part.authtime;
 232
 233     if (creds->times.starttime == 0
 234         && abs(tmp_time - sec_now) > context->max_skew) {
 235         ret = KRB5KRB_AP_ERR_SKEW;
 236         krb5_set_error_string (context,
 237                                "time skew (%d) larger than max (%d)",
 238                                abs(tmp_time - sec_now),
 239                                (int)context->max_skew);
 240         goto out;
 241     }
 242
 243     if (creds->times.starttime != 0
 244         && tmp_time != creds->times.starttime) {
 245         krb5_clear_error_string (context);
 246         ret = KRB5KRB_AP_ERR_MODIFIED;
 247         goto out;
 248     }
 249
 250     creds->times.starttime = tmp_time;
 251
 252     if (rep->enc_part.renew_till) {
 253         tmp_time = *rep->enc_part.renew_till;
 254     } else
 255         tmp_time = 0;
 256
 257     if (creds->times.renew_till != 0
 258         && tmp_time > creds->times.renew_till) {
 259         krb5_clear_error_string (context);
 260         ret = KRB5KRB_AP_ERR_MODIFIED;
 261         goto out;
 262     }
 263
 264     creds->times.renew_till = tmp_time;
 265
 266     creds->times.authtime = rep->enc_part.authtime;
 267
 268     if (creds->times.endtime != 0
 269         && rep->enc_part.endtime > creds->times.endtime) {
 270         krb5_clear_error_string (context);
 271         ret = KRB5KRB_AP_ERR_MODIFIED;
 272         goto out;
 273     }
 274
 275     creds->times.endtime  = rep->enc_part.endtime;
 276
 277     if(rep->enc_part.caddr)
 278         krb5_copy_addresses (context, rep->enc_part.caddr, &creds->addresses);
 279     else if(addrs)
 280         krb5_copy_addresses (context, addrs, &creds->addresses);
 281     else {
 282         creds->addresses.len = 0;
 283         creds->addresses.val = NULL;
 284     }
 285     creds->flags.b = rep->enc_part.flags;
 286
 287     creds->authdata.len = 0;
 288     creds->authdata.val = NULL;
 289     creds->session.keyvalue.length = 0;
 290     creds->session.keyvalue.data   = NULL;
 291     creds->session.keytype = rep->enc_part.key.keytype;
 292     ret = krb5_data_copy (&creds->session.keyvalue,
 293                           rep->enc_part.key.keyvalue.data,
 294                           rep->enc_part.key.keyvalue.length);
 295
 296 out:
 297     memset (rep->enc_part.key.keyvalue.data, 0,
 298             rep->enc_part.key.keyvalue.length);
 299     return ret;
 300 }
 301
 302
 303 static krb5_error_code
 304 make_pa_enc_timestamp(krb5_context context, PA_DATA *pa,
 305                       krb5_enctype etype, krb5_keyblock *key)
 306 {
 307     PA_ENC_TS_ENC p;
 308     unsigned char *buf;
 309     size_t buf_size;
 310     size_t len;
 311     EncryptedData encdata;
 312     krb5_error_code ret;
 313     int32_t sec, usec;
 314     int usec2;
 315     krb5_crypto crypto;
 316
 317     krb5_us_timeofday (context, &sec, &usec);
 318     p.patimestamp = sec;
 319     usec2         = usec;
 320     p.pausec      = &usec2;
 321
 322     ASN1_MALLOC_ENCODE(PA_ENC_TS_ENC, buf, buf_size, &p, &len, ret);
 323     if (ret)
 324         return ret;
 325     if(buf_size != len)
 326         krb5_abortx(context, "internal error in ASN.1 encoder");
 327     ret = krb5_crypto_init(context, key, 0, &crypto);
 328     if (ret) {
 329         free(buf);
 330         return ret;
 331     }
 332     ret = krb5_encrypt_EncryptedData(context,
 333                                      crypto,
 334                                      KRB5_KU_PA_ENC_TIMESTAMP,
 335                                      buf,
 336                                      len,
 337                                      0,
 338                                      &encdata);
 339     free(buf);
 340     krb5_crypto_destroy(context, crypto);
 341     if (ret)
 342         return ret;
 343
 344     ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret);
 345     free_EncryptedData(&encdata);
 346     if (ret)
 347         return ret;
 348     if(buf_size != len)
 349         krb5_abortx(context, "internal error in ASN.1 encoder");
 350     pa->padata_type = KRB5_PADATA_ENC_TIMESTAMP;
 351     pa->padata_value.length = len;
 352     pa->padata_value.data = buf;
 353     return 0;
 354 }
 355
 356 static krb5_error_code
 357 add_padata(krb5_context context,
 358            METHOD_DATA *md,
 359            krb5_principal client,
 360            krb5_key_proc key_proc,
 361            krb5_const_pointer keyseed,
 362            krb5_enctype *enctypes,
 363            unsigned netypes,
 364            krb5_salt *salt)
 365 {
 366     krb5_error_code ret;
 367     PA_DATA *pa2;
 368     krb5_salt salt2;
 369     krb5_enctype *ep;
 370     int i;
 371
 372     if(salt == NULL) {
 373         /* default to standard salt */
 374         ret = krb5_get_pw_salt (context, client, &salt2);
 375         salt = &salt2;
 376     }
 377     if (!enctypes) {
 378         enctypes = context->etypes;
 379         netypes = 0;
 380         for (ep = enctypes; *ep != ETYPE_NULL; ep++)
 381             netypes++;
 382     }
 383     pa2 = realloc (md->val, (md->len + netypes) * sizeof(*md->val));
 384     if (pa2 == NULL) {
 385         krb5_set_error_string(context, "malloc: out of memory");
 386         return ENOMEM;
 387     }
 388     md->val = pa2;
 389
 390     for (i = 0; i < netypes; ++i) {
 391         krb5_keyblock *key;
 392
 393         ret = (*key_proc)(context, enctypes[i], *salt, keyseed, &key);
 394         if (ret)
 395             continue;
 396         ret = make_pa_enc_timestamp (context, &md->val[md->len],
 397                                      enctypes[i], key);
 398         krb5_free_keyblock (context, key);
 399         if (ret)
 400             return ret;
 401         ++md->len;
 402     }
 403     if(salt == &salt2)
 404         krb5_free_salt(context, salt2);
 405     return 0;
 406 }
 407
 408 static krb5_error_code
 409 init_as_req (krb5_context context,
 410              krb5_kdc_flags opts,
 411              krb5_creds *creds,
 412              const krb5_addresses *addrs,
 413              const krb5_enctype *etypes,
 414              const krb5_preauthtype *ptypes,
 415              const krb5_preauthdata *preauth,
 416              krb5_key_proc key_proc,
 417              krb5_const_pointer keyseed,
 418              unsigned nonce,
 419              AS_REQ *a)
 420 {
 421     krb5_error_code ret;
 422     krb5_salt salt;
 423
 424     memset(a, 0, sizeof(*a));
 425
 426     a->pvno = 5;
 427     a->msg_type = krb_as_req;
 428     a->req_body.kdc_options = opts.b;
 429     a->req_body.cname = malloc(sizeof(*a->req_body.cname));
 430     if (a->req_body.cname == NULL) {
 431         ret = ENOMEM;
 432         krb5_set_error_string(context, "malloc: out of memory");
 433         goto fail;
 434     }
 435     a->req_body.sname = malloc(sizeof(*a->req_body.sname));
 436     if (a->req_body.sname == NULL) {
 437         ret = ENOMEM;
 438         krb5_set_error_string(context, "malloc: out of memory");
 439         goto fail;
 440     }
 441     ret = krb5_principal2principalname (a->req_body.cname, creds->client);
 442     if (ret)
 443         goto fail;
 444     ret = krb5_principal2principalname (a->req_body.sname, creds->server);
 445     if (ret)
 446         goto fail;
 447     ret = copy_Realm(&creds->client->realm, &a->req_body.realm);
 448     if (ret)
 449         goto fail;
 450
 451     if(creds->times.starttime) {
 452         a->req_body.from = malloc(sizeof(*a->req_body.from));
 453         if (a->req_body.from == NULL) {
 454             ret = ENOMEM;
 455             krb5_set_error_string(context, "malloc: out of memory");
 456             goto fail;
 457         }
 458         *a->req_body.from = creds->times.starttime;
 459     }
 460     if(creds->times.endtime){
 461         ALLOC(a->req_body.till, 1);
 462         *a->req_body.till = creds->times.endtime;
 463     }
 464     if(creds->times.renew_till){
 465         a->req_body.rtime = malloc(sizeof(*a->req_body.rtime));
 466         if (a->req_body.rtime == NULL) {
 467             ret = ENOMEM;
 468             krb5_set_error_string(context, "malloc: out of memory");
 469             goto fail;
 470         }
 471         *a->req_body.rtime = creds->times.renew_till;
 472     }
 473     a->req_body.nonce = nonce;
 474     ret = krb5_init_etype (context,
 475                            &a->req_body.etype.len,
 476                            &a->req_body.etype.val,
 477                            etypes);
 478     if (ret)
 479         goto fail;
 480
 481     /*
 482      * This means no addresses
 483      */
 484
 485     if (addrs && addrs->len == 0) {
 486         a->req_body.addresses = NULL;
 487     } else {
 488         a->req_body.addresses = malloc(sizeof(*a->req_body.addresses));
 489         if (a->req_body.addresses == NULL) {
 490             ret = ENOMEM;
 491             krb5_set_error_string(context, "malloc: out of memory");
 492             goto fail;
 493         }
 494
 495         if (addrs)
 496             ret = krb5_copy_addresses(context, addrs, a->req_body.addresses);
 497         else {
 498             ret = krb5_get_all_client_addrs (context, a->req_body.addresses);
 499             if(ret == 0 && a->req_body.addresses->len == 0) {
 500                 free(a->req_body.addresses);
 501                 a->req_body.addresses = NULL;
 502             }
 503         }
 504         if (ret)
 505             return ret;
 506     }
 507
 508     a->req_body.enc_authorization_data = NULL;
 509     a->req_body.additional_tickets = NULL;
 510
 511     if(preauth != NULL) {
 512         int i;
 513         ALLOC(a->padata, 1);
 514         if(a->padata == NULL) {
 515             ret = ENOMEM;
 516             krb5_set_error_string(context, "malloc: out of memory");
 517             goto fail;
 518         }
 519         for(i = 0; i < preauth->len; i++) {
 520             if(preauth->val[i].type == KRB5_PADATA_ENC_TIMESTAMP){
 521                 int j;
 522                 PA_DATA *tmp = realloc(a->padata->val,
 523                                        (a->padata->len +
 524                                         preauth->val[i].info.len) *
 525                                        sizeof(*a->padata->val));
 526                 if(tmp == NULL) {
 527                     ret = ENOMEM;
 528                     krb5_set_error_string(context, "malloc: out of memory");
 529                     goto fail;
 530                 }
 531                 a->padata->val = tmp;
 532                 for(j = 0; j < preauth->val[i].info.len; j++) {
 533                     krb5_salt *sp = &salt;
 534                     if(preauth->val[i].info.val[j].salttype)
 535                         salt.salttype = *preauth->val[i].info.val[j].salttype;
 536                     else
 537                         salt.salttype = KRB5_PW_SALT;
 538                     if(preauth->val[i].info.val[j].salt)
 539                         salt.saltvalue = *preauth->val[i].info.val[j].salt;
 540                     else
 541                         if(salt.salttype == KRB5_PW_SALT)
 542                             sp = NULL;
 543                         else
 544                             krb5_data_zero(&salt.saltvalue);
 545                     add_padata(context, a->padata, creds->client,
 546                                key_proc, keyseed,
 547                                &preauth->val[i].info.val[j].etype, 1,
 548                                sp);
 549                 }
 550             }
 551         }
 552     } else
 553     /* not sure this is the way to use `ptypes' */
 554     if (ptypes == NULL || *ptypes == KRB5_PADATA_NONE)
 555         a->padata = NULL;
 556     else if (*ptypes ==  KRB5_PADATA_ENC_TIMESTAMP) {
 557         ALLOC(a->padata, 1);
 558         if (a->padata == NULL) {
 559             ret = ENOMEM;
 560             krb5_set_error_string(context, "malloc: out of memory");
 561             goto fail;
 562         }
 563         a->padata->len = 0;
 564         a->padata->val = NULL;
 565
 566         /* make a v5 salted pa-data */
 567         add_padata(context, a->padata, creds->client,
 568                    key_proc, keyseed, a->req_body.etype.val,
 569                    a->req_body.etype.len, NULL);
 570
 571         /* make a v4 salted pa-data */
 572         salt.salttype = KRB5_PW_SALT;
 573         krb5_data_zero(&salt.saltvalue);
 574         add_padata(context, a->padata, creds->client,
 575                    key_proc, keyseed, a->req_body.etype.val,
 576                    a->req_body.etype.len, &salt);
 577     } else {
 578         krb5_set_error_string (context, "pre-auth type %d not supported",
 579                                *ptypes);
 580         ret = KRB5_PREAUTH_BAD_TYPE;
 581         goto fail;
 582     }
 583     return 0;
 584 fail:
 585     free_AS_REQ(a);
 586     return ret;
 587 }
 588
 589 static int
 590 set_ptypes(krb5_context context,
 591            KRB_ERROR *error,
 592            krb5_preauthtype **ptypes,
 593            krb5_preauthdata **preauth)
 594 {
 595     static krb5_preauthdata preauth2;
 596     static krb5_preauthtype ptypes2[] = { KRB5_PADATA_ENC_TIMESTAMP, KRB5_PADATA_NONE };
 597
 598     if(error->e_data) {
 599         METHOD_DATA md;
 600         int i;
 601         decode_METHOD_DATA(error->e_data->data,
 602                            error->e_data->length,
 603                            &md,
 604                            NULL);
 605         for(i = 0; i < md.len; i++){
 606             switch(md.val[i].padata_type){
 607             case KRB5_PADATA_ENC_TIMESTAMP:
 608                 *ptypes = ptypes2;
 609                 break;
 610             case KRB5_PADATA_ETYPE_INFO:
 611                 *preauth = &preauth2;
 612                 ALLOC_SEQ(*preauth, 1);
 613                 (*preauth)->val[0].type = KRB5_PADATA_ENC_TIMESTAMP;
 614                 krb5_decode_ETYPE_INFO(context,
 615                                        md.val[i].padata_value.data,
 616                                        md.val[i].padata_value.length,
 617                                        &(*preauth)->val[0].info,
 618                                        NULL);
 619                 break;
 620             default:
 621                 break;
 622             }
 623         }
 624         free_METHOD_DATA(&md);
 625     } else {
 626         *ptypes = ptypes2;
 627     }
 628     return(1);
 629 }
 630
 631 krb5_error_code
 632 krb5_get_in_cred(krb5_context context,
 633                  krb5_flags options,
 634                  const krb5_addresses *addrs,
 635                  const krb5_enctype *etypes,
 636                  const krb5_preauthtype *ptypes,
 637                  const krb5_preauthdata *preauth,
 638                  krb5_key_proc key_proc,
 639                  krb5_const_pointer keyseed,
 640                  krb5_decrypt_proc decrypt_proc,
 641                  krb5_const_pointer decryptarg,
 642                  krb5_creds *creds,
 643                  krb5_kdc_rep *ret_as_reply)
 644 {
 645     krb5_error_code ret;
 646     AS_REQ a;
 647     krb5_kdc_rep rep;
 648     krb5_data req, resp;
 649     size_t len;
 650     krb5_salt salt;
 651     krb5_keyblock *key;
 652     size_t size;
 653     krb5_kdc_flags opts;
 654     PA_DATA *pa;
 655     krb5_enctype etype;
 656     krb5_preauthdata *my_preauth = NULL;
 657     unsigned nonce;
 658     int done;
 659
 660     opts.i = options;
 661
 662     krb5_generate_random_block (&nonce, sizeof(nonce));
 663     nonce &= 0xffffffff;
 664
 665     do {
 666         done = 1;
 667         ret = init_as_req (context,
 668                            opts,
 669                            creds,
 670                            addrs,
 671                            etypes,
 672                            ptypes,
 673                            preauth,
 674                            key_proc,
 675                            keyseed,
 676                            nonce,
 677                            &a);
 678         if (my_preauth) {
 679             free_ETYPE_INFO(&my_preauth->val[0].info);
 680             free (my_preauth->val);
 681         }
 682         if (ret)
 683             return ret;
 684
 685         ASN1_MALLOC_ENCODE(AS_REQ, req.data, req.length, &a, &len, ret);
 686         free_AS_REQ(&a);
 687         if (ret)
 688             return ret;
 689         if(len != req.length)
 690             krb5_abortx(context, "internal error in ASN.1 encoder");
 691
 692         ret = krb5_sendto_kdc (context, &req, &creds->client->realm, &resp);
 693         krb5_data_free(&req);
 694         if (ret)
 695             return ret;
 696
 697         memset (&rep, 0, sizeof(rep));
 698         ret = decode_AS_REP(resp.data, resp.length, &rep.kdc_rep, &size);
 699         if(ret) {
 700             /* let's try to parse it as a KRB-ERROR */
 701             KRB_ERROR error;
 702             int ret2;
 703
 704             ret2 = krb5_rd_error(context, &resp, &error);
 705             if(ret2 && resp.data && ((char*)resp.data)[0] == 4)
 706                 ret = KRB5KRB_AP_ERR_V4_REPLY;
 707             krb5_data_free(&resp);
 708             if (ret2 == 0) {
 709                 ret = krb5_error_from_rd_error(context, &error, creds);
 710                 /* if no preauth was set and KDC requires it, give it
 711                    one more try */
 712                 if (!ptypes && !preauth
 713                     && ret == KRB5KDC_ERR_PREAUTH_REQUIRED
 714 #if 0
 715                         || ret == KRB5KDC_ERR_BADOPTION
 716 #endif
 717                     && set_ptypes(context, &error, &ptypes, &my_preauth)) {
 718                     done = 0;
 719                     preauth = my_preauth;
 720                     krb5_free_error_contents(context, &error);
 721                     krb5_clear_error_string(context);
 722                     continue;
 723                 }
 724                 if(ret_as_reply)
 725                     ret_as_reply->error = error;
 726                 else
 727                     free_KRB_ERROR (&error);
 728                 return ret;
 729             }
 730             return ret;
 731         }
 732         krb5_data_free(&resp);
 733     } while(!done);
 734
 735     pa = NULL;
 736     etype = rep.kdc_rep.enc_part.etype;
 737     if(rep.kdc_rep.padata){
 738         int index = 0;
 739         pa = krb5_find_padata(rep.kdc_rep.padata->val, rep.kdc_rep.padata->len,
 740                               KRB5_PADATA_PW_SALT, &index);
 741         if(pa == NULL) {
 742             index = 0;
 743             pa = krb5_find_padata(rep.kdc_rep.padata->val,
 744                                   rep.kdc_rep.padata->len,
 745                                   KRB5_PADATA_AFS3_SALT, &index);
 746         }
 747     }
 748     if(pa) {
 749         salt.salttype = pa->padata_type;
 750         salt.saltvalue = pa->padata_value;
 751
 752         ret = (*key_proc)(context, etype, salt, keyseed, &key);
 753     } else {
 754         /* make a v5 salted pa-data */
 755         ret = krb5_get_pw_salt (context, creds->client, &salt);
 756
 757         if (ret)
 758             goto out;
 759         ret = (*key_proc)(context, etype, salt, keyseed, &key);
 760         krb5_free_salt(context, salt);
 761     }
 762     if (ret)
 763         goto out;
 764
 765     ret = _krb5_extract_ticket(context,
 766                                &rep,
 767                                creds,
 768                                key,
 769                                keyseed,
 770                                KRB5_KU_AS_REP_ENC_PART,
 771                                NULL,
 772                                nonce,
 773                                FALSE,
 774                                opts.b.request_anonymous,
 775                                decrypt_proc,
 776                                decryptarg);
 777     memset (key->keyvalue.data, 0, key->keyvalue.length);
 778     krb5_free_keyblock_contents (context, key);
 779     free (key);
 780
 781 out:
 782     if (ret == 0 && ret_as_reply)
 783         *ret_as_reply = rep;
 784     else
 785         krb5_free_kdc_rep (context, &rep);
 786     return ret;
 787 }
 788
 789 krb5_error_code
 790 krb5_get_in_tkt(krb5_context context,
 791                 krb5_flags options,
 792                 const krb5_addresses *addrs,
 793                 const krb5_enctype *etypes,
 794                 const krb5_preauthtype *ptypes,
 795                 krb5_key_proc key_proc,
 796                 krb5_const_pointer keyseed,
 797                 krb5_decrypt_proc decrypt_proc,
 798                 krb5_const_pointer decryptarg,
 799                 krb5_creds *creds,
 800                 krb5_ccache ccache,
 801                 krb5_kdc_rep *ret_as_reply)
 802 {
 803     krb5_error_code ret;
 804     krb5_kdc_flags opts;
 805     opts.i = 0;
 806     opts.b = int2KDCOptions(options);
 807
 808     ret = krb5_get_in_cred (context,
 809                             opts.i,
 810                             addrs,
 811                             etypes,
 812                             ptypes,
 813                             NULL,
 814                             key_proc,
 815                             keyseed,
 816                             decrypt_proc,
 817                             decryptarg,
 818                             creds,
 819                             ret_as_reply);
 820     if(ret)
 821         return ret;
 822     ret = krb5_cc_store_cred (context, ccache, creds);
 823     krb5_free_creds_contents (context, creds);
 824     return ret;
 825 }