/** * shishi_encapreppart_time_copy: * @handle: shishi handle as allocated by shishi_init(). * @encapreppart: EncAPRepPart as allocated by shishi_encapreppart(). * @authenticator: Authenticator to copy time fields from. * * Copy time fields from Authenticator into EncAPRepPart. * * Return value: Returns SHISHI_OK iff successful. **/ int shishi_encapreppart_time_copy (Shishi * handle, Shishi_asn1 encapreppart, Shishi_asn1 authenticator) { char *buf; size_t buflen; int res; res = shishi_asn1_read (handle, authenticator, "cusec", &buf, &buflen); if (res != SHISHI_OK) return res; res = shishi_asn1_write (handle, encapreppart, "cusec", buf, buflen); free (buf); if (res != SHISHI_OK) return res; res = shishi_asn1_read (handle, authenticator, "ctime", &buf, &buflen); if (res != SHISHI_OK) return res; res = shishi_asn1_write (handle, encapreppart, "ctime", buf, buflen); free (buf); if (res != SHISHI_OK) return res; return SHISHI_OK; }
/** * shishi_apreq_set_authenticator: * @handle: shishi handle as allocated by shishi_init(). * @apreq: AP-REQ to add authenticator field to. * @etype: encryption type used to encrypt authenticator. * @kvno: version of the key used to encrypt authenticator. * @buf: input array with encrypted authenticator. * @buflen: size of input array with encrypted authenticator. * * Set the encrypted authenticator field in the AP-REP. The encrypted * data is usually created by calling shishi_encrypt() on the DER * encoded authenticator. To save time, you may want to use * shishi_apreq_add_authenticator() instead, which calculates the * encrypted data and calls this function in one step. * * Return value: Returns SHISHI_OK on success. **/ int shishi_apreq_set_authenticator (Shishi * handle, Shishi_asn1 apreq, int32_t etype, uint32_t kvno, const char *buf, size_t buflen) { int res; res = shishi_asn1_write (handle, apreq, "authenticator.cipher", buf, buflen); if (res != SHISHI_OK) return res; if (kvno == UINT32_MAX) res = shishi_asn1_write (handle, apreq, "authenticator.kvno", NULL, 0); else res = shishi_asn1_write_int32 (handle, apreq, "authenticator.kvno", kvno); if (res != SHISHI_OK) return res; res = shishi_asn1_write_int32 (handle, apreq, "authenticator.etype", etype); if (res != SHISHI_OK) return res; return SHISHI_OK; }
/** * shishi_kdcreq_add_padata: * @handle: shishi handle as allocated by shishi_init(). * @kdcreq: KDC-REQ to add PA-DATA to. * @padatatype: type of PA-DATA, see Shishi_padata_type. * @data: input array with PA-DATA value. * @datalen: size of input array with PA-DATA value. * * Add new pre authentication data (PA-DATA) to KDC-REQ. This is used * to pass various information to KDC, such as in case of a * SHISHI_PA_TGS_REQ padatatype the AP-REQ that authenticates the user * to get the ticket. (But also see shishi_kdcreq_add_padata_tgs() * which takes an AP-REQ directly.) * * Return value: Returns SHISHI_OK iff successful. **/ int shishi_kdcreq_add_padata (Shishi * handle, Shishi_asn1 kdcreq, int padatatype, const char *data, size_t datalen) { char *format; int res; size_t i; res = shishi_asn1_write (handle, kdcreq, "padata", "NEW", 1); if (res != SHISHI_OK) return res; res = shishi_asn1_number_of_elements (handle, kdcreq, "padata", &i); if (res != SHISHI_OK) return res; asprintf (&format, "padata.?%zu.padata-value", i); res = shishi_asn1_write (handle, kdcreq, format, data, datalen); free (format); if (res != SHISHI_OK) return res; asprintf (&format, "padata.?%zu.padata-type", i); res = shishi_asn1_write_uint32 (handle, kdcreq, format, padatatype); free (format); if (res != SHISHI_OK) return res; return SHISHI_OK; }
/** * shishi_encapreppart: * @handle: shishi handle as allocated by shishi_init(). * * This function creates a new EncAPRepPart, populated with some * default values. It uses the current time as returned by the system * for the ctime and cusec fields. * * Return value: Returns the encapreppart or NULL on failure. **/ Shishi_asn1 shishi_encapreppart (Shishi * handle) { int res; Shishi_asn1 node = NULL; struct timeval tv; uint32_t seqnr; res = gettimeofday (&tv, NULL); if (res) return NULL; node = shishi_asn1_encapreppart (handle); if (!node) return NULL; res = shishi_asn1_write (handle, node, "ctime", shishi_generalize_time (handle, time (NULL)), 0); if (res != SHISHI_OK) goto error; res = shishi_encapreppart_cusec_set (handle, node, tv.tv_usec % 1000000); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "subkey", NULL, 0); if (res != SHISHI_OK) goto error; /* * For sequence numbers to adequately support the detection of * replays they SHOULD be non-repeating, even across connection * boundaries. The initial sequence number SHOULD be random and * uniformly distributed across the full space of possible sequence * numbers, so that it cannot be guessed by an attacker and so that * it and the successive sequence numbers do not repeat other * sequences. */ shishi_randomize (handle, 0, &seqnr, sizeof (seqnr)); /* * Implementation note: as noted before, some implementations omit * the optional sequence number when its value would be zero. * Implementations MAY accept an omitted sequence number when * expecting a value of zero, and SHOULD NOT transmit an * Authenticator with a initial sequence number of zero. */ if (seqnr == 0) seqnr++; res = shishi_encapreppart_seqnumber_set (handle, node, seqnr); if (res != SHISHI_OK) goto error; return node; error: shishi_asn1_done (handle, node); return NULL; }
/** * shishi_kdcreq_set_etype: * @handle: shishi handle as allocated by shishi_init(). * @kdcreq: KDC-REQ variable to set etype field in. * @etype: input array with encryption types. * @netype: number of elements in input array with encryption types. * * Set the list of supported or wanted encryption types in the * request. The list should be sorted in priority order. * * Return value: Returns SHISHI_OK iff successful. **/ int shishi_kdcreq_set_etype (Shishi * handle, Shishi_asn1 kdcreq, int32_t * etype, int netype) { int res; char *buf; int i; res = shishi_asn1_write (handle, kdcreq, "req-body.etype", NULL, 0); if (res != SHISHI_OK) return res; for (i = 1; i <= netype; i++) { res = shishi_asn1_write (handle, kdcreq, "req-body.etype", "NEW", 1); if (res != SHISHI_OK) return res; asprintf (&buf, "req-body.etype.?%d", i); res = shishi_asn1_write_int32 (handle, kdcreq, buf, etype[i - 1]); free (buf); if (res != SHISHI_OK) return res; } return SHISHI_OK; }
int shishi_kdcreq_build (Shishi * handle, Shishi_asn1 kdcreq) { int res; size_t n; int msgtype; shishi_verbose (handle, "Building KDC-REQ..."); if (shishi_asn1_empty_p (handle, kdcreq, "req-body.rtime")) { res = shishi_asn1_write (handle, kdcreq, "req-body.rtime", NULL, 0); if (res != SHISHI_OK) { shishi_error_printf (handle, "Could not write rtime\n"); return res; } } if (shishi_asn1_empty_p (handle, kdcreq, "req-body.from")) { res = shishi_asn1_write (handle, kdcreq, "req-body.from", NULL, 0); if (res != SHISHI_OK) { shishi_error_printf (handle, "Could not write from\n"); return res; } } res = shishi_asn1_read_integer (handle, kdcreq, "msg-type", &msgtype); if (res != SHISHI_OK) return res; if (msgtype == SHISHI_MSGTYPE_AS_REQ) { res = shishi_asn1_number_of_elements (handle, kdcreq, "padata", &n); if (res == SHISHI_OK && n == 0) { res = shishi_kdcreq_clear_padata (handle, kdcreq); if (res != SHISHI_OK) { shishi_error_printf (handle, "Could not write padata\n"); return res; } } } return SHISHI_OK; }
Shishi_asn1 shishi_encticketpart (Shishi * handle) { Shishi_asn1 node; int res; node = shishi_asn1_encticketpart (handle); res = shishi_asn1_write (handle, node, "starttime", NULL, 0); if (res != SHISHI_OK) { shishi_asn1_done (handle, node); return NULL; } res = shishi_asn1_write (handle, node, "renew-till", NULL, 0); if (res != SHISHI_OK) { shishi_asn1_done (handle, node); return NULL; } res = shishi_asn1_write (handle, node, "caddr", NULL, 0); if (res != SHISHI_OK) { shishi_asn1_done (handle, node); return NULL; } res = shishi_asn1_write (handle, node, "authorization-data", NULL, 0); if (res != SHISHI_OK) { shishi_asn1_done (handle, node); return NULL; } res = shishi_encticketpart_flags_set (handle, node, 0); if (res != SHISHI_OK) { shishi_asn1_done (handle, node); return NULL; } return node; }
/** * shishi_kdcreq_clear_padata: * @handle: shishi handle as allocated by shishi_init(). * @kdcreq: KDC-REQ to remove PA-DATA from. * * Remove the padata field from KDC-REQ. * * Return value: Returns SHISHI_OK iff successful. **/ int shishi_kdcreq_clear_padata (Shishi * handle, Shishi_asn1 kdcreq) { int res; res = shishi_asn1_write (handle, kdcreq, "padata", NULL, 0); if (res != SHISHI_OK) return res; return SHISHI_OK; }
/** * shishi_authenticator_remove_subkey: * @handle: shishi handle as allocated by shishi_init(). * @authenticator: authenticator as allocated by shishi_authenticator(). * * Remove subkey from the authenticator. * * Return value: Returns SHISHI_OK iff successful. **/ int shishi_authenticator_remove_subkey (Shishi * handle, Shishi_asn1 authenticator) { int res; res = shishi_asn1_write (handle, authenticator, "subkey", NULL, 0); if (res != SHISHI_OK) return res; return SHISHI_OK; }
/** * shishi_encticketpart_crealm_set: * @handle: shishi handle as allocated by shishi_init(). * @encticketpart: input EncTicketPart variable. * @realm: input array with name of realm. * * Set the realm field in the KDC-REQ. * * Return value: Returns SHISHI_OK iff successful. **/ int shishi_encticketpart_crealm_set (Shishi * handle, Shishi_asn1 encticketpart, const char *realm) { int res; res = shishi_asn1_write (handle, encticketpart, "crealm", realm, 0); if (res != SHISHI_OK) return res; return SHISHI_OK; }
/** * shishi_authenticator_seqnumber_remove: * @handle: shishi handle as allocated by shishi_init(). * @authenticator: authenticator as allocated by shishi_authenticator(). * * Remove sequence number field in Authenticator. * * Return value: Returns %SHISHI_OK iff successful. **/ int shishi_authenticator_seqnumber_remove (Shishi * handle, Shishi_asn1 authenticator) { int res; res = shishi_asn1_write (handle, authenticator, "seq-number", NULL, 0); if (res != SHISHI_OK) return res; return SHISHI_OK; }
/** * shishi_kdcreq_set_realm: * @handle: shishi handle as allocated by shishi_init(). * @kdcreq: KDC-REQ variable to set realm field in. * @realm: input array with name of realm. * * Set the realm field in the KDC-REQ. * * Return value: Returns SHISHI_OK iff successful. **/ int shishi_kdcreq_set_realm (Shishi * handle, Shishi_asn1 kdcreq, const char *realm) { int res; res = shishi_asn1_write (handle, kdcreq, "req-body.realm", realm, 0); if (res != SHISHI_OK) return res; return SHISHI_OK; }
/** * shishi_encapreppart_seqnumber_remove: * @handle: shishi handle as allocated by shishi_init(). * @encapreppart: encapreppart as allocated by shishi_encapreppart(). * * Remove sequence number field in EncAPRepPart. * * Return value: Returns %SHISHI_OK iff successful. **/ int shishi_encapreppart_seqnumber_remove (Shishi * handle, Shishi_asn1 encapreppart) { int res; res = shishi_asn1_write (handle, encapreppart, "seq-number", NULL, 0); if (res != SHISHI_OK) return res; return SHISHI_OK; }
int shishi_authenticator_remove_cksum (Shishi * handle, Shishi_asn1 authenticator) { int res; /* XXX remove this function */ res = shishi_asn1_write (handle, authenticator, "cksum", NULL, 0); if (res != SHISHI_OK) return res; return SHISHI_OK; }
/** * shishi_authenticator_clear_authorizationdata: * @handle: shishi handle as allocated by shishi_init(). * @authenticator: Authenticator as allocated by shishi_authenticator(). * * Remove the authorization-data field from Authenticator. * * Return value: Returns SHISHI_OK iff successful. **/ int shishi_authenticator_clear_authorizationdata (Shishi * handle, Shishi_asn1 authenticator) { int res; res = shishi_asn1_write (handle, authenticator, "authorization-data", NULL, 0); if (res != SHISHI_OK) return SHISHI_ASN1_ERROR; return SHISHI_OK; }
/** * shishi_encapreppart_ctime_set: * @handle: shishi handle as allocated by shishi_init(). * @encapreppart: EncAPRepPart as allocated by shishi_encapreppart(). * @t: string with generalized time value to store in EncAPRepPart. * * Store client time in EncAPRepPart. * * Return value: Returns SHISHI_OK iff successful. **/ int shishi_encapreppart_ctime_set (Shishi * handle, Shishi_asn1 encapreppart, const char *t) { int res; res = shishi_asn1_write (handle, encapreppart, "ctime", t, SHISHI_GENERALIZEDTIME_LENGTH); if (res != SHISHI_OK) return res; return SHISHI_OK; }
/** * shishi_authenticator_set_crealm: * @handle: shishi handle as allocated by shishi_init(). * @authenticator: authenticator as allocated by shishi_authenticator(). * @crealm: input array with realm. * * Set realm field in authenticator to specified value. * * Return value: Returns SHISHI_OK iff successful. **/ int shishi_authenticator_set_crealm (Shishi * handle, Shishi_asn1 authenticator, const char *crealm) { int res; res = shishi_asn1_write (handle, authenticator, "crealm", crealm, 0); if (res != SHISHI_OK) return res; return SHISHI_OK; }
/** * shishi_authenticator_ctime_set: * @handle: shishi handle as allocated by shishi_init(). * @authenticator: Authenticator as allocated by shishi_authenticator(). * @t: string with generalized time value to store in Authenticator. * * Store client time in Authenticator. * * Return value: Returns SHISHI_OK iff successful. **/ int shishi_authenticator_ctime_set (Shishi * handle, Shishi_asn1 authenticator, const char *t) { int res; res = shishi_asn1_write (handle, authenticator, "ctime", t, SHISHI_GENERALIZEDTIME_LENGTH); if (res != SHISHI_OK) return res; return SHISHI_OK; }
/** * shishi_encticketpart_endtime_set: * @handle: shishi handle as allocated by shishi_init(). * @encticketpart: input EncTicketPart variable. * @endtime: character buffer containing a generalized time string. * * Set the EncTicketPart.endtime to supplied value. * * Return value: Returns %SHISHI_OK iff successful. **/ int shishi_encticketpart_endtime_set (Shishi * handle, Shishi_asn1 encticketpart, const char *endtime) { int res; res = shishi_asn1_write (handle, encticketpart, "endtime", endtime, SHISHI_GENERALIZEDTIME_LENGTH); if (res != SHISHI_OK) return res; return SHISHI_OK; }
/** * shishi_encticketpart_authtime_set: * @handle: shishi handle as allocated by shishi_init(). * @encticketpart: input EncTicketPart variable. * @authtime: character buffer containing a generalized time string. * * Set the EncTicketPart.authtime to supplied value. * * Return value: Returns %SHISHI_OK iff successful. **/ int shishi_encticketpart_authtime_set (Shishi * handle, Shishi_asn1 encticketpart, const char *authtime) { int res; res = shishi_asn1_write (handle, encticketpart, "authtime", authtime, SHISHI_GENERALIZEDTIME_LENGTH); if (res != SHISHI_OK) return SHISHI_ASN1_ERROR; return SHISHI_OK; }
/** * shishi_authenticator_add_authorizationdata: * @handle: shishi handle as allocated by shishi_init(). * @authenticator: authenticator as allocated by shishi_authenticator(). * @adtype: input authorization data type to add. * @addata: input authorization data to add. * @addatalen: size of input authorization data to add. * * Add authorization data to authenticator. * * Return value: Returns SHISHI_OK iff successful. **/ int shishi_authenticator_add_authorizationdata (Shishi * handle, Shishi_asn1 authenticator, int32_t adtype, const char *addata, size_t addatalen) { char *format; int res; size_t i; res = shishi_asn1_write (handle, authenticator, "authorization-data", "NEW", 1); if (res != SHISHI_OK) return res; res = shishi_asn1_number_of_elements (handle, authenticator, "authorization-data", &i); if (res != SHISHI_OK) return res; asprintf (&format, "authorization-data.?%zu.ad-type", i); res = shishi_asn1_write_integer (handle, authenticator, format, adtype); if (res != SHISHI_OK) { free (format); return res; } sprintf (format, "authorization-data.?%zu.ad-data", i); res = shishi_asn1_write (handle, authenticator, format, addata, addatalen); free (format); if (res != SHISHI_OK) return res; return SHISHI_OK; }
/** * shishi_encticketpart_key_set: * @handle: shishi handle as allocated by shishi_init(). * @encticketpart: input EncTicketPart variable. * @key: key handle with information to store in encticketpart. * * Set the EncTicketPart.key field to key type and value of supplied * key. * * Return value: Returns %SHISHI_OK iff successful. **/ int shishi_encticketpart_key_set (Shishi * handle, Shishi_asn1 encticketpart, Shishi_key * key) { int res; int keytype; keytype = shishi_key_type (key); res = shishi_asn1_write_uint32 (handle, encticketpart, "key.keytype", keytype); if (res != SHISHI_OK) return res; res = shishi_asn1_write (handle, encticketpart, "key.keyvalue", shishi_key_value (key), shishi_key_length (key)); if (res != SHISHI_OK) return res; return SHISHI_OK; }
/** * shishi_authenticator_set_subkey: * @handle: shishi handle as allocated by shishi_init(). * @authenticator: authenticator as allocated by shishi_authenticator(). * @subkeytype: input subkey type to store in authenticator. * @subkey: input subkey data to store in authenticator. * @subkeylen: size of input subkey data to store in authenticator. * * Store subkey value in authenticator. A subkey is usually created * by calling shishi_key_random() using the default encryption type of * the key from the ticket that is being used. To save time, you may * want to use shishi_authenticator_add_subkey() instead, which calculates * the subkey and calls this function in one step. * * Return value: Returns SHISHI_OK iff successful. **/ int shishi_authenticator_set_subkey (Shishi * handle, Shishi_asn1 authenticator, int32_t subkeytype, const char *subkey, size_t subkeylen) { int res; res = shishi_asn1_write_int32 (handle, authenticator, "subkey.keytype", subkeytype); if (res != SHISHI_OK) return res; res = shishi_asn1_write (handle, authenticator, "subkey.keyvalue", subkey, subkeylen); if (res != SHISHI_OK) return res; return SHISHI_OK; }
/** * shishi_encticketpart_transited_set: * @handle: shishi handle as allocated by shishi_init(). * @encticketpart: input EncTicketPart variable. * @trtype: transitedencoding type, e.g. SHISHI_TR_DOMAIN_X500_COMPRESS. * @trdata: actual transited realm data. * @trdatalen: length of actual transited realm data. * * Set the EncTicketPart.transited field to supplied value. * * Return value: Returns %SHISHI_OK iff successful. **/ int shishi_encticketpart_transited_set (Shishi * handle, Shishi_asn1 encticketpart, int32_t trtype, const char *trdata, size_t trdatalen) { int res; res = shishi_asn1_write_int32 (handle, encticketpart, "transited.tr-type", trtype); if (res != SHISHI_OK) return res; res = shishi_asn1_write (handle, encticketpart, "transited.contents", trdata, trdatalen); if (res != SHISHI_OK) return res; return SHISHI_OK; }
/** * shishi_authenticator_set_cksum: * @handle: shishi handle as allocated by shishi_init(). * @authenticator: authenticator as allocated by shishi_authenticator(). * @cksumtype: input checksum type to store in authenticator. * @cksum: input checksum data to store in authenticator. * @cksumlen: size of input checksum data to store in authenticator. * * Store checksum value in authenticator. A checksum is usually created * by calling shishi_checksum() on some application specific data using * the key from the ticket that is being used. To save time, you may * want to use shishi_authenticator_add_cksum() instead, which calculates * the checksum and calls this function in one step. * * Return value: Returns SHISHI_OK iff successful. **/ int shishi_authenticator_set_cksum (Shishi * handle, Shishi_asn1 authenticator, int32_t cksumtype, char *cksum, size_t cksumlen) { int res; res = shishi_asn1_write_int32 (handle, authenticator, "cksum.cksumtype", cksumtype); if (res != SHISHI_OK) return res; res = shishi_asn1_write (handle, authenticator, "cksum.checksum", cksum, cksumlen); if (res != SHISHI_OK) return res; return SHISHI_OK; }
/** * shishi_apreq: * @handle: shishi handle as allocated by shishi_init(). * * This function creates a new AP-REQ, populated with some default * values. * * Return value: Returns the AP-REQ or NULL on failure. **/ Shishi_asn1 shishi_apreq (Shishi * handle) { Shishi_asn1 node; int res; node = shishi_asn1_apreq (handle); if (!node) goto error; res = shishi_asn1_write (handle, node, "pvno", SHISHI_APREQ_DEFAULT_PVNO, SHISHI_APREQ_DEFAULT_PVNO_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "msg-type", SHISHI_APREQ_DEFAULT_MSG_TYPE, SHISHI_APREQ_DEFAULT_MSG_TYPE_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "ap-options", SHISHI_APREQ_DEFAULT_AP_OPTIONS, SHISHI_APREQ_DEFAULT_AP_OPTIONS_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "ticket.tkt-vno", SHISHI_APREQ_DEFAULT_TICKET_TKT_VNO, SHISHI_APREQ_DEFAULT_TICKET_TKT_VNO_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "ticket.realm", SHISHI_APREQ_DEFAULT_TICKET_REALM, SHISHI_APREQ_DEFAULT_TICKET_REALM_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "ticket.realm", SHISHI_APREQ_DEFAULT_TICKET_REALM, SHISHI_APREQ_DEFAULT_TICKET_REALM_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "ticket.sname.name-type", SHISHI_APREQ_DEFAULT_TICKET_SNAME_NAME_TYPE, SHISHI_APREQ_DEFAULT_TICKET_SNAME_NAME_TYPE_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "ticket.enc-part.etype", SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_ETYPE, SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_ETYPE_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "ticket.enc-part.kvno", SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_KVNO, SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_KVNO_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "ticket.enc-part.cipher", SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_CIPHER, SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_CIPHER_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "authenticator.etype", SHISHI_APREQ_DEFAULT_AUTHENTICATOR_ETYPE, SHISHI_APREQ_DEFAULT_AUTHENTICATOR_ETYPE_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "authenticator.kvno", SHISHI_APREQ_DEFAULT_AUTHENTICATOR_KVNO, SHISHI_APREQ_DEFAULT_AUTHENTICATOR_KVNO_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "authenticator.cipher", SHISHI_APREQ_DEFAULT_AUTHENTICATOR_CIPHER, SHISHI_APREQ_DEFAULT_AUTHENTICATOR_CIPHER_LEN); if (res != SHISHI_OK) goto error; return node; error: if (node) shishi_asn1_done (handle, node); return NULL; }
/** * shishi_kdcreq_add_padata_preauth: * @handle: shishi handle as allocated by shishi_init(). * @kdcreq: KDC-REQ to add pre-authentication data to. * @key: Key used to encrypt pre-auth data. * * Add pre-authentication data to KDC-REQ. * * Return value: Returns SHISHI_OK iff successful. **/ int shishi_kdcreq_add_padata_preauth (Shishi * handle, Shishi_asn1 kdcreq, Shishi_key * key) { char *der, *data; size_t derlen, datalen; Shishi_asn1 pa; struct timeval tv; int rc; Shishi_asn1 ed; pa = shishi_asn1_pa_enc_ts_enc (handle); if (!pa) return SHISHI_ASN1_ERROR; rc = gettimeofday (&tv, NULL); if (rc != 0) return SHISHI_GETTIMEOFDAY_ERROR; rc = shishi_asn1_write (handle, pa, "patimestamp", shishi_generalize_time (handle, tv.tv_sec), SHISHI_GENERALIZEDTIME_LENGTH); if (rc != SHISHI_OK) return rc; rc = shishi_asn1_write_integer (handle, pa, "pausec", tv.tv_usec); if (rc != SHISHI_OK) return rc; rc = shishi_asn1_to_der (handle, pa, &der, &derlen); if (rc != SHISHI_OK) return rc; rc = shishi_encrypt (handle, key, SHISHI_KEYUSAGE_ASREQ_PA_ENC_TIMESTAMP, der, derlen, &data, &datalen); free (der); if (rc != SHISHI_OK) return rc; ed = shishi_asn1_encrypteddata (handle); if (!ed) return SHISHI_ASN1_ERROR; rc = shishi_asn1_write_integer (handle, ed, "etype", shishi_key_type (key)); if (rc != SHISHI_OK) return rc; rc = shishi_asn1_write (handle, ed, "cipher", data, datalen); if (rc != SHISHI_OK) return rc; rc = shishi_asn1_write (handle, ed, "kvno", NULL, 0); if (rc != SHISHI_OK) return rc; rc = shishi_asn1_to_der (handle, ed, &der, &derlen); free (data); if (rc != SHISHI_OK) return rc; rc = shishi_kdcreq_add_padata (handle, kdcreq, SHISHI_PA_ENC_TIMESTAMP, der, derlen); free (der); if (rc != SHISHI_OK) return rc; return rc; }
static Shishi_asn1 _shishi_kdcreq (Shishi * handle, int as) { int res; Shishi_asn1 node; const char *servicebuf[3]; uint32_t nonce; if (as) node = shishi_asn1_asreq (handle); else node = shishi_asn1_tgsreq (handle); if (!node) return NULL; res = shishi_asn1_write (handle, node, "pvno", SHISHI_KDCREQ_DEFAULT_PVNO, SHISHI_KDCREQ_DEFAULT_PVNO_LEN); if (res != SHISHI_OK) goto error; if (as) res = shishi_asn1_write (handle, node, "msg-type", SHISHI_AS_REQ_DEFAULT_MSG_TYPE, SHISHI_AS_REQ_DEFAULT_MSG_TYPE_LEN); else res = shishi_asn1_write (handle, node, "msg-type", SHISHI_TGS_REQ_DEFAULT_MSG_TYPE, SHISHI_TGS_REQ_DEFAULT_MSG_TYPE_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "req-body.kdc-options", SHISHI_KDCREQ_DEFAULT_REQ_BODY_KDC_OPTIONS, SHISHI_KDCREQ_DEFAULT_REQ_BODY_KDC_OPTIONS_LEN); if (res != SHISHI_OK) goto error; if (as) res = shishi_kdcreq_set_cname (handle, node, SHISHI_NT_PRINCIPAL, shishi_principal_default (handle)); else res = shishi_asn1_write (handle, node, "req-body.cname", NULL, 0); if (res != SHISHI_OK) goto error; res = shishi_kdcreq_set_realm (handle, node, shishi_realm_default (handle)); if (res != SHISHI_OK) goto error; servicebuf[0] = "krbtgt"; servicebuf[1] = shishi_realm_default (handle); servicebuf[2] = NULL; res = shishi_kdcreq_set_sname (handle, node, SHISHI_NT_PRINCIPAL, servicebuf); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "req-body.sname.name-type", SHISHI_KDCREQ_DEFAULT_REQ_BODY_SNAME_NAME_TYPE, SHISHI_KDCREQ_DEFAULT_REQ_BODY_SNAME_NAME_TYPE_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "req-body.till", shishi_generalize_time (handle, time (NULL) + handle->ticketlife), 0); if (res != SHISHI_OK) goto error; shishi_randomize (handle, 0, &nonce, sizeof (nonce)); nonce &= 0x7FFFFFFF; /* XXX fix _libtasn1_convert_integer. */ res = shishi_kdcreq_nonce_set (handle, node, nonce); if (res != SHISHI_OK) goto error; res = shishi_kdcreq_set_etype (handle, node, handle->clientkdcetypes, handle->nclientkdcetypes); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "req-body.addresses", NULL, 0); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "req-body.enc-authorization-data", NULL, 0); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "req-body.additional-tickets", NULL, 0); if (res != SHISHI_OK) goto error; return node; error: shishi_asn1_done (handle, node); return NULL; }
/** * shishi_apreq_set_ticket: * @handle: shishi handle as allocated by shishi_init(). * @apreq: AP-REQ to add ticket field to. * @ticket: input ticket to copy into AP-REQ ticket field. * * Copy ticket into AP-REQ. * * Return value: Returns SHISHI_OK iff successful. **/ int shishi_apreq_set_ticket (Shishi * handle, Shishi_asn1 apreq, Shishi_asn1 ticket) { int res; char *format; char *buf; size_t buflen, i, n; res = shishi_asn1_read (handle, ticket, "tkt-vno", &buf, &buflen); if (res != SHISHI_OK) return res; res = shishi_asn1_write (handle, apreq, "ticket.tkt-vno", buf, buflen); free (buf); if (res != SHISHI_OK) return res; res = shishi_asn1_read (handle, ticket, "realm", &buf, &buflen); if (res != SHISHI_OK) return res; res = shishi_asn1_write (handle, apreq, "ticket.realm", buf, buflen); free (buf); if (res != SHISHI_OK) return res; res = shishi_asn1_read (handle, ticket, "sname.name-type", &buf, &buflen); if (res != SHISHI_OK) return res; res = shishi_asn1_write (handle, apreq, "ticket.sname.name-type", buf, buflen); free (buf); if (res != SHISHI_OK) return res; res = shishi_asn1_number_of_elements (handle, ticket, "sname.name-string", &n); if (res != SHISHI_OK) return res; for (i = 1; i <= n; i++) { res = shishi_asn1_write (handle, apreq, "ticket.sname.name-string", "NEW", 1); if (res != SHISHI_OK) return res; asprintf (&format, "sname.name-string.?%d", i); res = shishi_asn1_read (handle, ticket, format, &buf, &buflen); free (format); if (res != SHISHI_OK) return res; asprintf (&format, "ticket.sname.name-string.?%d", i); res = shishi_asn1_write (handle, apreq, format, buf, buflen); free (format); free (buf); if (res != SHISHI_OK) return res; } res = shishi_asn1_read (handle, ticket, "enc-part.etype", &buf, &buflen); if (res != SHISHI_OK) return res; res = shishi_asn1_write (handle, apreq, "ticket.enc-part.etype", buf, buflen); free (buf); if (res != SHISHI_OK) return res; res = shishi_asn1_read (handle, ticket, "enc-part.kvno", &buf, &buflen); if (res != SHISHI_OK && res != SHISHI_ASN1_NO_ELEMENT) return res; if (res == SHISHI_ASN1_NO_ELEMENT) res = shishi_asn1_write (handle, apreq, "ticket.enc-part.kvno", NULL, 0); else { res = shishi_asn1_write (handle, apreq, "ticket.enc-part.kvno", buf, buflen); free (buf); } if (res != SHISHI_OK) return res; res = shishi_asn1_read (handle, ticket, "enc-part.cipher", &buf, &buflen); if (res != SHISHI_OK) return res; res = shishi_asn1_write (handle, apreq, "ticket.enc-part.cipher", buf, buflen); free (buf); if (res != SHISHI_OK) return res; return SHISHI_OK; }
/** * shishi_apreq_get_ticket: * @handle: shishi handle as allocated by shishi_init(). * @apreq: AP-REQ variable to get ticket from. * @ticket: output variable to hold extracted ticket. * * Extract ticket from AP-REQ. * * Return value: Returns SHISHI_OK iff successful. **/ int shishi_apreq_get_ticket (Shishi * handle, Shishi_asn1 apreq, Shishi_asn1 * ticket) { char *buf; char *format; size_t buflen, i, n; int res; /* there's GOT to be an easier way to do this */ *ticket = shishi_ticket (handle); if (!*ticket) return SHISHI_ASN1_ERROR; res = shishi_asn1_read (handle, apreq, "ticket.tkt-vno", &buf, &buflen); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, *ticket, "tkt-vno", buf, buflen); free (buf); if (res != SHISHI_OK) goto error; res = shishi_asn1_read (handle, apreq, "ticket.realm", &buf, &buflen); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, *ticket, "realm", buf, buflen); free (buf); if (res != SHISHI_OK) goto error; res = shishi_asn1_read (handle, apreq, "ticket.sname.name-type", &buf, &buflen); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, *ticket, "sname.name-type", buf, buflen); free (buf); if (res != SHISHI_OK) goto error; res = shishi_asn1_number_of_elements (handle, apreq, "ticket.sname.name-string", &n); if (res != SHISHI_OK) goto error; for (i = 1; i <= n; i++) { res = shishi_asn1_write (handle, *ticket, "sname.name-string", "NEW", 1); if (res != SHISHI_OK) goto error; asprintf (&format, "ticket.sname.name-string.?%d", i); res = shishi_asn1_read (handle, apreq, format, &buf, &buflen); free (format); if (res != SHISHI_OK) goto error; asprintf (&format, "sname.name-string.?%d", i); res = shishi_asn1_write (handle, *ticket, format, buf, buflen); free (format); free (buf); if (res != SHISHI_OK) goto error; } res = shishi_asn1_read (handle, apreq, "ticket.enc-part.etype", &buf, &buflen); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, *ticket, "enc-part.etype", buf, buflen); free (buf); if (res != SHISHI_OK) goto error; res = shishi_asn1_read (handle, apreq, "ticket.enc-part.kvno", &buf, &buflen); if (res != SHISHI_OK && res != SHISHI_ASN1_NO_ELEMENT) goto error; if (res == SHISHI_ASN1_NO_ELEMENT) res = shishi_asn1_write (handle, *ticket, "enc-part.kvno", NULL, 0); else { res = shishi_asn1_write (handle, *ticket, "enc-part.kvno", buf, buflen); free (buf); } if (res != SHISHI_OK) goto error; res = shishi_asn1_read (handle, apreq, "ticket.enc-part.cipher", &buf, &buflen); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, *ticket, "enc-part.cipher", buf, buflen); free (buf); if (res != SHISHI_OK) goto error; return SHISHI_OK; error: shishi_asn1_done (handle, *ticket); return res; }