X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=util_krb.c;h=7143685d5f9e077f4bee12fad87035bc8faebeb0;hb=7db57acddeddad5f96d16288b3776baf6c10c0b1;hp=9ee0ae586472c8e8ac7097770d5d4c90c0e8d1d9;hpb=18704674bbfb2ff150ca40e949d42cd1ceed9fb8;p=mech_eap.git

diff --git a/util_krb.c b/util_krb.c
index 9ee0ae5..7143685 100644
--- a/util_krb.c
+++ b/util_krb.c
@@ -485,3 +485,99 @@ cleanup:
                                          adKdcIssued);
 #endif /* HAVE_HEIMDAL_VERSION */
 }
+
+krb5_error_code
+krbMakeCred(krb5_context krbContext,
+            krb5_auth_context authContext,
+            krb5_creds *creds,
+            krb5_data *data)
+{
+    krb5_error_code code;
+#ifdef HAVE_HEIMDAL_VERSION
+    KRB_CRED krbCred;
+    KrbCredInfo krbCredInfo;
+    krb5_keyblock *key;
+    krb5_crypto krbCrypto = NULL;
+    krb5_data credInfoData = { 0 };
+    size_t len;
+#else
+    krb5_data *d = NULL;
+#endif
+
+    memset(data, 0, sizeof(*data));
+#ifdef HAVE_HEIMDAL_VERSION
+    memset(&krbCred, 0, sizeof(krbCred));
+    memset(&krbCredInfo, 0, sizeof(krbCredInfo));
+
+    key = (authContext->local_subkey != NULL)
+          ? authContext->local_subkey
+          : authContext->keyblock;
+
+    krbCred.pvno = 5;
+    krbCred.msg_type = krb_cred;
+    krbCred.tickets.val = (Ticket *)GSSEAP_CALLOC(1, sizeof(Ticket));
+    if (krbCred.tickets.val == NULL) {
+        code = ENOMEM;
+        goto cleanup;
+    }
+    krbCred.tickets.len = 1;
+
+    code = decode_Ticket(creds->ticket.data,
+                         creds->ticket.length,
+                         krbCred.tickets.val, &len);
+    if (code != 0)
+        goto cleanup;
+
+    krbCredInfo.key         = creds->session;
+    krbCredInfo.prealm      = &creds->client->realm;
+    krbCredInfo.pname       = &creds->client->name;
+    krbCredInfo.flags       = &creds->flags.b;
+    krbCredInfo.authtime    = &creds->times.authtime;
+    krbCredInfo.starttime   = &creds->times.starttime;
+    krbCredInfo.endtime     = &creds->times.endtime;
+    krbCredInfo.renew_till  = &creds->times.renew_till;
+    krbCredInfo.srealm      = &creds->server->realm;
+    krbCredInfo.sname       = &creds->server->name;
+    krbCredInfo.caddr       = creds->addresses.len ? &creds->addresses : NULL;
+
+    ASN1_MALLOC_ENCODE(KrbCredInfo, credInfoData.data, credInfoData.length,
+                       &krbCredInfo, &len, code);
+    if (code != 0)
+        goto cleanup;
+
+    code = krb5_crypto_init(krbContext, key, 0, &krbCrypto);
+    if (code != 0)
+        goto cleanup;
+
+    code = krb5_encrypt_EncryptedData(krbContext,
+                                      krbCrypto,
+                                      KRB5_KU_KRB_CRED,
+                                      credInfoData.data,
+                                      credInfoData.length,
+                                      0,
+                                      &krbCred.enc_part);
+    if (code != 0)
+        goto cleanup;
+
+    ASN1_MALLOC_ENCODE(KRB_CRED, data->data, data->length,
+                       &krbCred, &len, code);
+    if (code != 0)
+        goto cleanup;
+
+cleanup:
+    if (krbCrypto != NULL)
+        krb5_crypto_destroy(krbContext, krbCrypto);
+    free_KRB_CRED(&krbCred);
+    krb5_data_free(&credInfoData);
+
+    return code;
+#else
+    code = krb5_mk_1cred(krbContext, authContext, creds, &d, NULL);
+    if (code == 0) {
+        *data = *d;
+        GSSEAP_FREE(d);
+    }
+
+    return code;
+#endif /* HAVE_HEIMDAL_VERSION */
+}