1 files changed, 967 insertions, 0 deletions
diff --git a/third_party/heimdal/lib/krb5/ticket.c b/third_party/heimdal/lib/krb5/ticket.c
new file mode 100644
index 0000000..d19fcc6
--- /dev/null
+++ b/third_party/heimdal/lib/krb5/ticket.c
@@ -0,0 +1,967 @@
+/*
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+/**
+ * Free ticket and content
+ *
+ * @param context a Kerberos 5 context
+ * @param ticket ticket to free
+ *
+ * @return Returns 0 to indicate success.  Otherwise an kerberos et
+ * error code is returned, see krb5_get_error_message().
+ *
+ * @ingroup krb5
+ */
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+krb5_free_ticket(krb5_context context,
+		 krb5_ticket *ticket)
+{
+    free_EncTicketPart(&ticket->ticket);
+    krb5_free_principal(context, ticket->client);
+    krb5_free_principal(context, ticket->server);
+    free(ticket);
+    return 0;
+}
+
+/**
+ * Copy ticket and content
+ *
+ * @param context a Kerberos 5 context
+ * @param from ticket to copy
+ * @param to new copy of ticket, free with krb5_free_ticket()
+ *
+ * @return Returns 0 to indicate success.  Otherwise an kerberos et
+ * error code is returned, see krb5_get_error_message().
+ *
+ * @ingroup krb5
+ */
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+krb5_copy_ticket(krb5_context context,
+		 const krb5_ticket *from,
+		 krb5_ticket **to)
+{
+    krb5_error_code ret;
+    krb5_ticket *tmp;
+
+    *to = NULL;
+    tmp = malloc(sizeof(*tmp));
+    if (tmp == NULL)
+	return krb5_enomem(context);
+    if((ret = copy_EncTicketPart(&from->ticket, &tmp->ticket))){
+	free(tmp);
+	return ret;
+    }
+    ret = krb5_copy_principal(context, from->client, &tmp->client);
+    if(ret){
+	free_EncTicketPart(&tmp->ticket);
+	free(tmp);
+	return ret;
+    }
+    ret = krb5_copy_principal(context, from->server, &tmp->server);
+    if(ret){
+	krb5_free_principal(context, tmp->client);
+	free_EncTicketPart(&tmp->ticket);
+	free(tmp);
+	return ret;
+    }
+    *to = tmp;
+    return 0;
+}
+
+/**
+ * Return client principal in ticket
+ *
+ * @param context a Kerberos 5 context
+ * @param ticket ticket to copy
+ * @param client client principal, free with krb5_free_principal()
+ *
+ * @return Returns 0 to indicate success.  Otherwise an kerberos et
+ * error code is returned, see krb5_get_error_message().
+ *
+ * @ingroup krb5
+ */
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+krb5_ticket_get_client(krb5_context context,
+		       const krb5_ticket *ticket,
+		       krb5_principal *client)
+{
+    return krb5_copy_principal(context, ticket->client, client);
+}
+
+/**
+ * Return server principal in ticket
+ *
+ * @param context a Kerberos 5 context
+ * @param ticket ticket to copy
+ * @param server server principal, free with krb5_free_principal()
+ *
+ * @return Returns 0 to indicate success.  Otherwise an kerberos et
+ * error code is returned, see krb5_get_error_message().
+ *
+ * @ingroup krb5
+ */
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+krb5_ticket_get_server(krb5_context context,
+		       const krb5_ticket *ticket,
+		       krb5_principal *server)
+{
+    return krb5_copy_principal(context, ticket->server, server);
+}
+
+/**
+ * Return end time of a ticket
+ *
+ * @param context a Kerberos 5 context
+ * @param ticket ticket to copy
+ *
+ * @return end time of ticket
+ *
+ * @ingroup krb5
+ */
+
+KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL
+krb5_ticket_get_endtime(krb5_context context,
+			const krb5_ticket *ticket)
+{
+    return ticket->ticket.endtime;
+}
+
+/**
+ * Return authentication, start, end, and renew limit times of a ticket
+ *
+ * @param context a Kerberos 5 context
+ * @param ticket ticket to copy
+ * @param t pointer to krb5_times structure
+ *
+ * @ingroup krb5
+ */
+
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
+krb5_ticket_get_times(krb5_context context,
+                      const krb5_ticket *ticket,
+                      krb5_times *t)
+{
+    t->authtime   = ticket->ticket.authtime;
+    t->starttime  = ticket->ticket.starttime  ? *ticket->ticket.starttime  :
+                                                t->authtime;
+    t->endtime    = ticket->ticket.endtime;
+    t->renew_till = ticket->ticket.renew_till ? *ticket->ticket.renew_till :
+                                                t->endtime;
+}
+
+/**
+ * Get the flags from the Kerberos ticket
+ *
+ * @param context Kerberos context
+ * @param ticket Kerberos ticket
+ *
+ * @return ticket flags
+ *
+ * @ingroup krb5_ticket
+ */
+KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL
+krb5_ticket_get_flags(krb5_context context,
+		      const krb5_ticket *ticket)
+{
+    return TicketFlags2int(ticket->ticket.flags);
+}
+
+/*
+ * Find an authz-data element in the given `ad'.  If `failp', then validate any
+ * containing AD-KDC-ISSUED's keyed checksum with the `sessionkey' (if given).
+ *
+ * All AD-KDC-ISSUED will be validated (if requested) even when `type' is
+ * `KRB5_AUTHDATA_KDC_ISSUED'.
+ *
+ * Only the first matching element will be output (via `data').
+ *
+ * Note that all AD-KDC-ISSUEDs found while traversing the authz-data will be
+ * validated, though only the first one will be returned.
+ *
+ * XXX We really need a better interface though.  First, forget AD-AND-OR --
+ * just remove it.  Second, probably forget AD-KDC-ISSUED, but still, between
+ * that, the PAC, and the CAMMAC, we need an interface that can:
+ *
+ * a) take the derived keys instead of the service key or the session key,
+ * b) can indicate whether the element was marked critical,
+ * c) can indicate whether the element was authenticated to the KDC,
+ * d) can iterate over all the instances found (if more than one is found).
+ *
+ * Also, we need to know here if the authz-data is from a Ticket or from an
+ * Authenticator -- if the latter then we must refuse to find AD-KDC-ISSUED /
+ * PAC / CAMMAC or anything of the sort, ever.
+ */
+static int
+find_type_in_ad(krb5_context context,
+		int type,
+		krb5_data *data,                /* optional */
+		krb5_boolean *found,
+		krb5_boolean failp,             /* validate AD-KDC-ISSUED */
+		krb5_keyblock *sessionkey,      /* ticket session key */
+		const AuthorizationData *ad,
+		int level)
+{
+    krb5_error_code ret = 0;
+    size_t i;
+
+    if (level > 9) {
+	ret = ENOENT; /* XXX */
+	krb5_set_error_message(context, ret,
+			       N_("Authorization data nested deeper "
+				  "then %d levels, stop searching", ""),
+			       level);
+	goto out;
+    }
+
+    /*
+     * Only copy out the element the first time we get to it, we need
+     * to run over the whole authorization data fields to check if
+     * there are any container clases we need to care about.
+     */
+    for (i = 0; i < ad->len; i++) {
+	if (!*found && ad->val[i].ad_type == type) {
+            if (data) {
+                ret = der_copy_octet_string(&ad->val[i].ad_data, data);
+                if (ret) {
+                    krb5_set_error_message(context, ret,
+                                           N_("malloc: out of memory", ""));
+                    goto out;
+                }
+            }
+	    *found = TRUE;
+            if (type != KRB5_AUTHDATA_KDC_ISSUED ||
+                !failp || !sessionkey || !sessionkey->keyvalue.length)
+                continue;
+            /* else go on to validate the AD-KDC-ISSUED's keyed checksum */
+	}
+	switch (ad->val[i].ad_type) {
+	case KRB5_AUTHDATA_IF_RELEVANT: {
+	    AuthorizationData child;
+	    ret = decode_AuthorizationData(ad->val[i].ad_data.data,
+					   ad->val[i].ad_data.length,
+					   &child,
+					   NULL);
+	    if (ret) {
+		krb5_set_error_message(context, ret,
+				       N_("Failed to decode "
+					  "IF_RELEVANT with %d", ""),
+				       (int)ret);
+		goto out;
+	    }
+	    ret = find_type_in_ad(context, type, data, found, FALSE,
+				  sessionkey, &child, level + 1);
+	    free_AuthorizationData(&child);
+	    if (ret)
+		goto out;
+	    break;
+	}
+	case KRB5_AUTHDATA_KDC_ISSUED: {
+	    AD_KDCIssued child;
+
+	    ret = decode_AD_KDCIssued(ad->val[i].ad_data.data,
+				      ad->val[i].ad_data.length,
+				      &child,
+				      NULL);
+	    if (ret) {
+		krb5_set_error_message(context, ret,
+				       N_("Failed to decode "
+					  "AD_KDCIssued with %d", ""),
+				       ret);
+		goto out;
+	    }
+	    if (failp && sessionkey && sessionkey->keyvalue.length) {
+		krb5_boolean valid;
+		krb5_data buf;
+		size_t len;
+
+		ASN1_MALLOC_ENCODE(AuthorizationData, buf.data, buf.length,
+				   &child.elements, &len, ret);
+		if (ret) {
+		    free_AD_KDCIssued(&child);
+		    krb5_clear_error_message(context);
+		    goto out;
+		}
+		if(buf.length != len)
+		    krb5_abortx(context, "internal error in ASN.1 encoder");
+
+		ret = krb5_c_verify_checksum(context, sessionkey, 19, &buf,
+					     &child.ad_checksum, &valid);
+		krb5_data_free(&buf);
+		if (ret) {
+		    free_AD_KDCIssued(&child);
+		    goto out;
+		}
+		if (!valid) {
+		    krb5_clear_error_message(context);
+		    ret = ENOENT;
+		    free_AD_KDCIssued(&child);
+		    goto out;
+		}
+	    } else if (failp) {
+		    krb5_clear_error_message(context);
+		    ret = ENOENT;
+		    free_AD_KDCIssued(&child);
+		    goto out;
+            }
+	    ret = find_type_in_ad(context, type, data, found, failp, sessionkey,
+				  &child.elements, level + 1);
+	    free_AD_KDCIssued(&child);
+	    if (ret)
+		goto out;
+	    break;
+	}
+	case KRB5_AUTHDATA_AND_OR:
+	    if (!failp)
+		break;
+	    ret = ENOENT; /* XXX */
+	    krb5_set_error_message(context, ret,
+				   N_("Authorization data contains "
+				      "AND-OR element that is unknown to the "
+				      "application", ""));
+	    goto out;
+	default:
+	    if (!failp)
+		break;
+	    ret = ENOENT; /* XXX */
+	    krb5_set_error_message(context, ret,
+				   N_("Authorization data contains "
+				      "unknown type (%d) ", ""),
+				   ad->val[i].ad_type);
+	    goto out;
+	}
+    }
+out:
+    if (ret) {
+	if (*found) {
+            if (data)
+                krb5_data_free(data);
+	    *found = 0;
+	}
+    }
+    return ret;
+}
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+_krb5_get_ad(krb5_context context,
+	     const AuthorizationData *ad,
+	     krb5_keyblock *sessionkey,
+	     int type,
+	     krb5_data *data)
+{
+    krb5_boolean found = FALSE;
+    krb5_error_code ret;
+
+    if (data)
+        krb5_data_zero(data);
+
+    if (ad == NULL) {
+	krb5_set_error_message(context, ENOENT,
+			       N_("No authorization data", ""));
+	return ENOENT; /* XXX */
+    }
+
+    ret = find_type_in_ad(context, type, data, &found, TRUE, sessionkey, ad, 0);
+    if (ret)
+	return ret;
+    if (!found) {
+	krb5_set_error_message(context, ENOENT,
+			       N_("Have no authorization data of type %d", ""),
+			       type);
+	return ENOENT; /* XXX */
+    }
+    return 0;
+}
+
+
+/**
+ * Extract the authorization data type of type from the ticket. Store
+ * the field in data. This function is to use for kerberos
+ * applications.
+ *
+ * @param context a Kerberos 5 context
+ * @param ticket Kerberos ticket
+ * @param type type to fetch
+ * @param data returned data, free with krb5_data_free()
+ *
+ * @ingroup krb5
+ */
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+krb5_ticket_get_authorization_data_type(krb5_context context,
+					krb5_ticket *ticket,
+					int type,
+					krb5_data *data)
+{
+    AuthorizationData *ad;
+    krb5_error_code ret;
+    krb5_boolean found = FALSE;
+
+    if (data)
+        krb5_data_zero(data);
+
+    ad = ticket->ticket.authorization_data;
+    if (ticket->ticket.authorization_data == NULL) {
+	krb5_set_error_message(context, ENOENT,
+			       N_("Ticket has no authorization data", ""));
+	return ENOENT; /* XXX */
+    }
+
+    ret = find_type_in_ad(context, type, data, &found, TRUE,
+			  &ticket->ticket.key, ad, 0);
+    if (ret)
+	return ret;
+    if (!found) {
+	krb5_set_error_message(context, ENOENT,
+			       N_("Ticket has no "
+				  "authorization data of type %d", ""),
+			       type);
+	return ENOENT; /* XXX */
+    }
+    return 0;
+}
+
+static krb5_error_code
+check_server_referral(krb5_context context,
+		      krb5_kdc_rep *rep,
+		      unsigned flags,
+		      krb5_const_principal requested,
+		      krb5_const_principal returned,
+		      krb5_keyblock * key)
+{
+    krb5_error_code ret;
+    PA_ServerReferralData ref;
+    krb5_crypto session;
+    EncryptedData ed;
+    size_t len;
+    krb5_data data;
+    PA_DATA *pa;
+    int i = 0, cmp;
+
+    if (rep->kdc_rep.padata == NULL)
+	goto noreferral;
+
+    pa = krb5_find_padata(rep->kdc_rep.padata->val,
+			  rep->kdc_rep.padata->len,
+			  KRB5_PADATA_SERVER_REFERRAL, &i);
+    if (pa == NULL)
+	goto noreferral;
+
+    memset(&ed, 0, sizeof(ed));
+    memset(&ref, 0, sizeof(ref));
+
+    ret = decode_EncryptedData(pa->padata_value.data,
+			       pa->padata_value.length,
+			       &ed, &len);
+    if (ret)
+	return ret;
+    if (len != pa->padata_value.length) {
+	free_EncryptedData(&ed);
+	krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED,
+			       N_("Referral EncryptedData wrong for realm %s",
+				  "realm"), requested->realm);
+	return KRB5KRB_AP_ERR_MODIFIED;
+    }
+
+    ret = krb5_crypto_init(context, key, 0, &session);
+    if (ret) {
+	free_EncryptedData(&ed);
+	return ret;
+    }
+
+    ret = krb5_decrypt_EncryptedData(context, session,
+				     KRB5_KU_PA_SERVER_REFERRAL,
+				     &ed, &data);
+    free_EncryptedData(&ed);
+    krb5_crypto_destroy(context, session);
+    if (ret)
+	return ret;
+
+    ret = decode_PA_ServerReferralData(data.data, data.length, &ref, &len);
+    if (ret) {
+	krb5_data_free(&data);
+	return ret;
+    }
+    krb5_data_free(&data);
+
+    if (strcmp(requested->realm, returned->realm) != 0) {
+	free_PA_ServerReferralData(&ref);
+	krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED,
+			       N_("server ref realm mismatch, "
+				  "requested realm %s got back %s", ""),
+			       requested->realm, returned->realm);
+	return KRB5KRB_AP_ERR_MODIFIED;
+    }
+
+    if (krb5_principal_is_krbtgt(context, returned)) {
+	const char *realm = returned->name.name_string.val[1];
+
+	if (ref.referred_realm == NULL
+	    || strcmp(*ref.referred_realm, realm) != 0)
+	{
+	    free_PA_ServerReferralData(&ref);
+	    krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED,
+				   N_("tgt returned with wrong ref", ""));
+	    return KRB5KRB_AP_ERR_MODIFIED;
+	}
+    } else if (krb5_principal_compare(context, returned, requested) == 0) {
+	free_PA_ServerReferralData(&ref);
+	krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED,
+			       N_("req princ no same as returned", ""));
+	return KRB5KRB_AP_ERR_MODIFIED;
+    }
+
+    if (ref.requested_principal_name) {
+	cmp = _krb5_principal_compare_PrincipalName(context,
+						    requested,
+						    ref.requested_principal_name);
+	if (!cmp) {
+	    free_PA_ServerReferralData(&ref);
+	    krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED,
+				   N_("referred principal not same "
+				      "as requested", ""));
+	    return KRB5KRB_AP_ERR_MODIFIED;
+	}
+    } else if (flags & EXTRACT_TICKET_AS_REQ) {
+	free_PA_ServerReferralData(&ref);
+	krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED,
+			       N_("Requested principal missing on AS-REQ", ""));
+	return KRB5KRB_AP_ERR_MODIFIED;
+    }
+
+    free_PA_ServerReferralData(&ref);
+
+    return ret;
+noreferral:
+    /*
+     * Expect excact match or that we got a krbtgt
+     */
+    if (krb5_principal_compare(context, requested, returned) != TRUE &&
+	(krb5_realm_compare(context, requested, returned) != TRUE &&
+	 krb5_principal_is_krbtgt(context, returned) != TRUE))
+    {
+	krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED,
+			       N_("Not same server principal returned "
+				  "as requested", ""));
+	return KRB5KRB_AP_ERR_MODIFIED;
+    }
+    return 0;
+}
+
+/*
+ * Verify KDC supported anonymous if requested
+ */
+static krb5_error_code
+check_client_anonymous(krb5_context context,
+		       krb5_kdc_rep *rep,
+		       krb5_const_principal requested,
+		       krb5_const_principal mapped,
+		       krb5_boolean is_tgs_rep)
+{
+    int flags;
+
+    if (!rep->enc_part.flags.anonymous)
+	return KRB5KDC_ERR_BADOPTION;
+
+    /*
+     * Here we must validate that the AS returned a ticket of the expected type
+     * for either a fully anonymous request, or authenticated request for an
+     * anonymous ticket.  If this is a TGS request, we're done.  Then if the
+     * 'requested' principal was anonymous, we'll check the 'mapped' principal
+     * accordingly (without enforcing the name type and perhaps the realm).
+     * Finally, if the 'requested' principal was not anonymous, well check
+     * that the 'mapped' principal has an anonymous name and type, in a
+     * non-anonymous realm.  (Should we also be checking for a realm match
+     * between the request and the mapped name in this case?)
+     */
+    if (is_tgs_rep)
+	flags = KRB5_ANON_MATCH_ANY_NONT;
+    else if (krb5_principal_is_anonymous(context, requested,
+                                         KRB5_ANON_MATCH_ANY_NONT))
+	flags = KRB5_ANON_MATCH_UNAUTHENTICATED | KRB5_ANON_IGNORE_NAME_TYPE;
+    else
+	flags = KRB5_ANON_MATCH_AUTHENTICATED;
+
+    if (!krb5_principal_is_anonymous(context, mapped, flags))
+	return KRB5KRB_AP_ERR_MODIFIED;
+
+    return 0;
+}
+
+/*
+ * Verify returned client principal name in anonymous/referral case
+ */
+
+static krb5_error_code
+check_client_mismatch(krb5_context context,
+		      krb5_kdc_rep *rep,
+		      krb5_const_principal requested,
+		      krb5_const_principal mapped,
+		      krb5_keyblock const * key)
+{
+    if (rep->enc_part.flags.anonymous) {
+	if (!krb5_principal_is_anonymous(context, mapped,
+                                         KRB5_ANON_MATCH_ANY_NONT)) {
+	    krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED,
+				   N_("Anonymous ticket does not contain anonymous "
+				      "principal", ""));
+	    return KRB5KRB_AP_ERR_MODIFIED;
+	}
+    } else {
+	if (krb5_principal_compare(context, requested, mapped) == FALSE &&
+	    !rep->enc_part.flags.enc_pa_rep) {
+	    krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED,
+				   N_("Not same client principal returned "
+				   "as requested", ""));
+	    return KRB5KRB_AP_ERR_MODIFIED;
+	}
+    }
+
+    return 0;
+}
+
+
+static krb5_error_code KRB5_CALLCONV
+decrypt_tkt (krb5_context context,
+	     krb5_keyblock *key,
+	     krb5_key_usage usage,
+	     krb5_const_pointer decrypt_arg,
+	     krb5_kdc_rep *dec_rep)
+{
+    krb5_error_code ret;
+    krb5_data data;
+    size_t size;
+    krb5_crypto crypto;
+
+    ret = krb5_crypto_init(context, key, 0, &crypto);
+    if (ret)
+	return ret;
+
+    ret = krb5_decrypt_EncryptedData (context,
+				      crypto,
+				      usage,
+				      &dec_rep->kdc_rep.enc_part,
+				      &data);
+    krb5_crypto_destroy(context, crypto);
+
+    if (ret)
+	return ret;
+
+    ret = decode_EncASRepPart(data.data,
+			      data.length,
+			      &dec_rep->enc_part,
+			      &size);
+    if (ret)
+	ret = decode_EncTGSRepPart(data.data,
+				   data.length,
+				   &dec_rep->enc_part,
+				   &size);
+    krb5_data_free (&data);
+    if (ret) {
+        krb5_set_error_message(context, ret,
+			       N_("Failed to decode encpart in ticket", ""));
+	return ret;
+    }
+    return 0;
+}
+
+KRB5_LIB_FUNCTION int KRB5_LIB_CALL
+_krb5_extract_ticket(krb5_context context,
+		     krb5_kdc_rep *rep,
+		     krb5_creds *creds,
+		     krb5_keyblock *key,
+		     krb5_const_pointer keyseed,
+		     krb5_key_usage key_usage,
+		     krb5_addresses *addrs,
+		     unsigned nonce,
+		     unsigned flags,
+		     krb5_data *request,
+		     krb5_decrypt_proc decrypt_proc,
+		     krb5_const_pointer decryptarg)
+{
+    krb5_error_code ret;
+    krb5_principal tmp_principal;
+    size_t len = 0;
+    time_t tmp_time;
+    krb5_timestamp sec_now;
+
+    /* decrypt */
+
+    if (decrypt_proc == NULL)
+	decrypt_proc = decrypt_tkt;
+
+    ret = (*decrypt_proc)(context, key, key_usage, decryptarg, rep);
+    if (ret)
+	goto out;
+
+    if (rep->enc_part.flags.enc_pa_rep && request) {
+	krb5_crypto crypto = NULL;
+	Checksum cksum;
+	PA_DATA *pa = NULL;
+	int idx = 0;
+
+	_krb5_debug(context, 5, "processing enc-ap-rep");
+
+	if (rep->enc_part.encrypted_pa_data == NULL ||
+	    (pa = krb5_find_padata(rep->enc_part.encrypted_pa_data->val,
+				   rep->enc_part.encrypted_pa_data->len,
+				   KRB5_PADATA_REQ_ENC_PA_REP,
+				   &idx)) == NULL)
+	{
+	    _krb5_debug(context, 5, "KRB5_PADATA_REQ_ENC_PA_REP missing");
+	    ret = KRB5KRB_AP_ERR_MODIFIED;
+	    goto out;
+	}
+	
+	ret = krb5_crypto_init(context, key, 0, &crypto);
+	if (ret)
+	    goto out;
+	
+	ret = decode_Checksum(pa->padata_value.data,
+			      pa->padata_value.length,
+			      &cksum, NULL);
+	if (ret) {
+	    krb5_crypto_destroy(context, crypto);
+	    goto out;
+	}
+	
+	ret = krb5_verify_checksum(context, crypto,
+				   KRB5_KU_AS_REQ,
+				   request->data, request->length,
+				   &cksum);
+	krb5_crypto_destroy(context, crypto);
+	free_Checksum(&cksum);
+	_krb5_debug(context, 5, "enc-ap-rep: %svalid", (ret == 0) ? "" : "in");
+	if (ret)
+	    goto out;
+    }
+
+    /* save session key */
+
+    creds->session.keyvalue.length = 0;
+    creds->session.keyvalue.data   = NULL;
+    creds->session.keytype = rep->enc_part.key.keytype;
+    ret = krb5_data_copy (&creds->session.keyvalue,
+			  rep->enc_part.key.keyvalue.data,
+			  rep->enc_part.key.keyvalue.length);
+    if (ret) {
+	krb5_clear_error_message(context);
+	goto out;
+    }
+
+    /* compare client and save */
+    ret = _krb5_principalname2krb5_principal(context,
+                                             &tmp_principal,
+                                             rep->kdc_rep.cname,
+                                             rep->kdc_rep.crealm);
+    if (ret)
+	goto out;
+
+    /* check KDC supported anonymous if it was requested */
+    if (flags & EXTRACT_TICKET_MATCH_ANON) {
+	ret = check_client_anonymous(context,rep,
+				     creds->client,
+				     tmp_principal,
+				     request == NULL); /* is TGS */
+	if (ret) {
+	    krb5_free_principal(context, tmp_principal);
+	    goto out;
+	}
+    }
+
+    /* check client referral and save principal */
+    if((flags & EXTRACT_TICKET_ALLOW_CNAME_MISMATCH) == 0) {
+	ret = check_client_mismatch(context, rep,
+				    creds->client,
+				    tmp_principal,
+				    &creds->session);
+	if (ret) {
+	    krb5_free_principal (context, tmp_principal);
+	    goto out;
+	}
+    }
+    krb5_free_principal (context, creds->client);
+    creds->client = tmp_principal;
+
+    /* check server referral and save principal */
+    ret = _krb5_kdcrep2krb5_principal(context, &tmp_principal, &rep->enc_part);
+    if (ret)
+	goto out;
+
+    tmp_principal->nameattrs->peer_realm =
+        calloc(1, sizeof(tmp_principal->nameattrs->peer_realm[0]));
+    if (tmp_principal->nameattrs->peer_realm == NULL) {
+        ret = krb5_enomem(context);
+        goto out;
+    }
+    ret = copy_Realm(&creds->client->realm, tmp_principal->nameattrs->peer_realm);
+    if (ret) goto out;
+
+    if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){
+	ret = check_server_referral(context,
+				    rep,
+				    flags,
+				    creds->server,
+				    tmp_principal,
+				    &creds->session);
+	if (ret) {
+	    krb5_free_principal (context, tmp_principal);
+	    goto out;
+	}
+    }
+    krb5_free_principal(context, creds->server);
+    creds->server = tmp_principal;
+
+    /* verify names */
+    if(flags & EXTRACT_TICKET_MATCH_REALM){
+	const char *srealm = krb5_principal_get_realm(context, creds->server);
+	const char *crealm = krb5_principal_get_realm(context, creds->client);
+
+	if (strcmp(rep->enc_part.srealm, srealm) != 0 ||
+	    strcmp(rep->enc_part.srealm, crealm) != 0)
+	{
+	    ret = KRB5KRB_AP_ERR_MODIFIED;
+	    krb5_clear_error_message(context);
+	    goto out;
+	}
+    }
+
+    /* compare nonces */
+
+    if (nonce != (unsigned)rep->enc_part.nonce) {
+	ret = KRB5KRB_AP_ERR_MODIFIED;
+	krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
+	goto out;
+    }
+
+    /* set kdc-offset */
+
+    krb5_timeofday (context, &sec_now);
+    if (rep->enc_part.flags.initial
+	&& (flags & EXTRACT_TICKET_TIMESYNC)
+	&& context->kdc_sec_offset == 0
+	&& krb5_config_get_bool (context, NULL,
+				 "libdefaults",
+				 "kdc_timesync",
+				 NULL)) {
+	context->kdc_sec_offset = rep->enc_part.authtime - sec_now;
+	krb5_timeofday (context, &sec_now);
+    }
+
+    /* check all times */
+
+    if (rep->enc_part.starttime) {
+	tmp_time = *rep->enc_part.starttime;
+    } else
+	tmp_time = rep->enc_part.authtime;
+
+    if (creds->times.starttime == 0
+	&& krb5_time_abs(tmp_time, sec_now) > context->max_skew) {
+	ret = KRB5KRB_AP_ERR_SKEW;
+	krb5_set_error_message (context, ret,
+				N_("time skew (%ld) larger than max (%ld)", ""),
+			       (long)krb5_time_abs(tmp_time, sec_now),
+			       (long)context->max_skew);
+	goto out;
+    }
+
+    if (creds->times.starttime != 0
+	&& tmp_time != creds->times.starttime) {
+	krb5_clear_error_message (context);
+	ret = KRB5KRB_AP_ERR_MODIFIED;
+	goto out;
+    }
+
+    creds->times.starttime = tmp_time;
+
+    if (rep->enc_part.renew_till) {
+	tmp_time = *rep->enc_part.renew_till;
+    } else
+	tmp_time = 0;
+
+    if (creds->times.renew_till != 0
+	&& tmp_time > creds->times.renew_till) {
+	krb5_clear_error_message (context);
+	ret = KRB5KRB_AP_ERR_MODIFIED;
+	goto out;
+    }
+
+    creds->times.renew_till = tmp_time;
+
+    creds->times.authtime = rep->enc_part.authtime;
+
+    if (creds->times.endtime != 0
+	&& rep->enc_part.endtime > creds->times.endtime) {
+	krb5_clear_error_message (context);
+	ret = KRB5KRB_AP_ERR_MODIFIED;
+	goto out;
+    }
+
+    creds->times.endtime  = rep->enc_part.endtime;
+
+    if(rep->enc_part.caddr)
+	krb5_copy_addresses (context, rep->enc_part.caddr, &creds->addresses);
+    else if(addrs)
+	krb5_copy_addresses (context, addrs, &creds->addresses);
+    else {
+	creds->addresses.len = 0;
+	creds->addresses.val = NULL;
+    }
+    creds->flags.b = rep->enc_part.flags;
+
+    creds->authdata.len = 0;
+    creds->authdata.val = NULL;
+
+    /* extract ticket */
+    ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length,
+		       &rep->kdc_rep.ticket, &len, ret);
+    if(ret)
+	goto out;
+    if (creds->ticket.length != len)
+	krb5_abortx(context, "internal error in ASN.1 encoder");
+    creds->second_ticket.length = 0;
+    creds->second_ticket.data   = NULL;
+
+
+out:
+    memset (rep->enc_part.key.keyvalue.data, 0,
+	    rep->enc_part.key.keyvalue.length);
+    return ret;
+}