static krb5_error_code decrypt_tkt_enc_part(krb5_context context, krb5_keyblock *key, EncryptedData *enc_part, EncTicketPart *decr_part) { krb5_error_code ret; krb5_data plain; size_t len; krb5_crypto crypto; ret = krb5_crypto_init(context, key, 0, &crypto); if (ret) return ret; ret = krb5_decrypt_EncryptedData(context, crypto, KRB5_KU_TICKET, enc_part, &plain); krb5_crypto_destroy(context, crypto); if (ret) return ret; ret = decode_EncTicketPart(plain.data, plain.length, decr_part, &len); if (ret) krb5_set_error_message(context, ret, N_("Failed to decode encrypted " "ticket part", "")); krb5_data_free(&plain); return ret; }
krb5_error_code KRB5_LIB_FUNCTION krb5_decode_EncTicketPart (krb5_context context, const void *data, size_t length, EncTicketPart *t, size_t *len) { return decode_EncTicketPart(data, length, t, len); }
static void print_and_decode_tkt (krb5_context context, krb5_data *ticket, krb5_principal server, krb5_enctype enctype) { krb5_error_code ret; krb5_crypto crypto; krb5_data dec_data; size_t len; EncTicketPart decr_part; krb5_keyblock key; Ticket tkt; ret = decode_Ticket (ticket->data, ticket->length, &tkt, &len); if (ret) krb5_err (context, 1, ret, "decode_Ticket"); ret = krb5_string_to_key (context, enctype, "foo", server, &key); if (ret) krb5_err (context, 1, ret, "krb5_string_to_key"); ret = krb5_crypto_init(context, &key, 0, &crypto); if (ret) krb5_err (context, 1, ret, "krb5_crypto_init"); ret = krb5_decrypt_EncryptedData (context, crypto, KRB5_KU_TICKET, &tkt.enc_part, &dec_data); krb5_crypto_destroy (context, crypto); if (ret) krb5_err (context, 1, ret, "krb5_decrypt_EncryptedData"); ret = decode_EncTicketPart (dec_data.data, dec_data.length, &decr_part, &len); krb5_data_free (&dec_data); if (ret) krb5_err (context, 1, ret, "krb5_decode_EncTicketPart"); free_EncTicketPart(&decr_part); }
static void do_v5_kvno (int count, char *names[], char * ccache_name, char *etype_str, char *keytab_name, char *sname) { krb5_error_code ret; krb5_context context = 0; int i, errors; krb5_enctype etype; krb5_ccache ccache; krb5_principal me; krb5_creds in_creds, *out_creds = NULL; Ticket ticket; size_t len; char *princ = NULL; krb5_keytab keytab = NULL; ret = krb5_init_context(&context); if (ret) errx(1, "krb5_init_context failed: %d", ret); if (etype_str) { ret = krb5_string_to_enctype(context, etype_str, &etype); if (ret) krb5_err(context, 1, ret, "Failed to convert encryption type %s", etype_str); } else { etype = 0; } if (ccache_name) ret = krb5_cc_resolve(context, ccache_name, &ccache); else ret = krb5_cc_default(context, &ccache); if (ret) krb5_err(context, 1, ret, "Failed to open credentials cache %s", (ccache_name) ? ccache_name : "(Default)"); if (keytab_name) { ret = krb5_kt_resolve(context, keytab_name, &keytab); if (ret) krb5_err(context, 1, ret, "Can't resolve keytab %s", keytab_name); } ret = krb5_cc_get_principal(context, ccache, &me); if (ret) krb5_err(context, 1, ret, "krb5_cc_get_principal"); errors = 0; for (i = 0; i < count; i++) { memset(&in_creds, 0, sizeof(in_creds)); memset(&ticket, 0, sizeof(ticket)); in_creds.client = me; if (sname != NULL) { ret = krb5_sname_to_principal(context, names[i], sname, KRB5_NT_SRV_HST, &in_creds.server); } else { ret = krb5_parse_name(context, names[i], &in_creds.server); } if (ret) { if (!quiet_flag) krb5_warn(context, ret, "Couldn't parse principal name %s", names[i]); errors++; continue; } ret = krb5_unparse_name(context, in_creds.server, &princ); if (ret) { krb5_warn(context, ret, "Couldn't format parsed principal name for '%s'", names[i]); errors++; goto next; } in_creds.session.keytype = etype; ret = krb5_get_credentials(context, 0, ccache, &in_creds, &out_creds); if (ret) { krb5_warn(context, ret, "Couldn't get credentials for %s", princ); errors++; goto next; } ret = decode_Ticket(out_creds->ticket.data, out_creds->ticket.length, &ticket, &len); if (ret) { krb5_err(context, 1, ret, "Can't decode ticket for %s", princ); errors++; goto next; continue; } if (keytab) { krb5_keytab_entry kte; krb5_crypto crypto; krb5_data dec_data; EncTicketPart decr_part; ret = krb5_kt_get_entry(context, keytab, in_creds.server, (ticket.enc_part.kvno != NULL)? *ticket.enc_part.kvno : 0, ticket.enc_part.etype, &kte); if (ret) { krb5_warn(context, ret, "Can't decrypt ticket for %s", princ); if (!quiet_flag) printf("%s: kvno = %d, keytab entry invalid", princ, (ticket.enc_part.kvno != NULL)? *ticket.enc_part.kvno : 0); errors ++; goto next; } ret = krb5_crypto_init(context, &kte.keyblock, 0, &crypto); if (ret) { krb5_warn(context, ret, "krb5_crypto_init"); errors ++; krb5_kt_free_entry(context, &kte); goto next; } ret = krb5_decrypt_EncryptedData (context, crypto, KRB5_KU_TICKET, &ticket.enc_part, &dec_data); krb5_crypto_destroy(context, crypto); krb5_kt_free_entry(context, &kte); if (ret) { krb5_warn(context, ret, "krb5_decrypt_EncryptedData"); errors ++; goto next; } ret = decode_EncTicketPart(dec_data.data, dec_data.length, &decr_part, &len); krb5_data_free(&dec_data); if (ret) { krb5_warn(context, ret, "decode_EncTicketPart"); errors ++; goto next; } if (!quiet_flag) printf("%s: kvno = %d, keytab entry valid\n", princ, (ticket.enc_part.kvno != NULL)? *ticket.enc_part.kvno : 0); free_EncTicketPart(&decr_part); } else { if (!quiet_flag) printf("%s: kvno = %d\n", princ, (ticket.enc_part.kvno != NULL)? *ticket.enc_part.kvno : 0); } next: if (out_creds) { krb5_free_creds(context, out_creds); out_creds = NULL; } if (princ) { krb5_free_unparsed_name(context, princ); princ = NULL; } krb5_free_principal(context, in_creds.server); free_Ticket(&ticket); } if (keytab) krb5_kt_close(context, keytab); krb5_free_principal(context, me); krb5_cc_close(context, ccache); krb5_free_context(context); if (errors) exit(1); exit(0); }
DWORD VmKdcDecodeEncTicketPart( PVMKDC_DATA pData, PVMKDC_ENCTICKETPART *ppRetEncTicketPart) { DWORD dwError = 0; PVMKDC_ENCTICKETPART pEncTicketPart = NULL; EncTicketPart heimPart; unsigned char *partBufPtr = NULL; size_t heimPartLen = 0; size_t partBufLen = 0; PVMKDC_KEY pKey = NULL; PVMKDC_PRINCIPAL pClient = NULL; memset(&heimPart, 0, sizeof(heimPart)); partBufPtr = VMKDC_GET_PTR_DATA(pData); partBufLen = VMKDC_GET_LEN_DATA(pData); /* * Decode the EncTicketPart into a Heimdal EncTicketPart structure. */ decode_EncTicketPart(partBufPtr, partBufLen, &heimPart, &heimPartLen); if (heimPartLen <= 0) { dwError = ERROR_PROTOCOL; BAIL_ON_VMKDC_ERROR(dwError); } /* flags */ /* key */ dwError = VmKdcMakeKey(heimPart.key.keytype, 0, heimPart.key.keyvalue.data, (int) heimPart.key.keyvalue.length, &pKey); BAIL_ON_VMKDC_ERROR(dwError); /* crealm, cname */ dwError = VmKdcMakePrincipal(heimPart.crealm, heimPart.cname.name_string.len, (PCSTR *)heimPart.cname.name_string.val, &pClient); BAIL_ON_VMKDC_ERROR(dwError); /* transited */ /* authtime */ /* starttime */ /* endtime */ /* renew_till */ /* caddr */ /* authorization_data */ /* * Translate the decoded EncTicketPart to a VMKDC_ENCTICKETPART structure. */ dwError = VmKdcMakeEncTicketPart(0, /* flags */ pKey, /* key */ pClient, /* crealm, cname */ NULL, /* transited */ heimPart.authtime, /* authtime */ heimPart.starttime, /* starttime */ heimPart.endtime, /* endtime */ heimPart.renew_till, /* renew_till */ NULL, /* caddr */ NULL, /* authorization_data */ &pEncTicketPart); BAIL_ON_VMKDC_ERROR(dwError); *ppRetEncTicketPart = pEncTicketPart; error: if (dwError) { VMKDC_SAFE_FREE_ENCTICKETPART(pEncTicketPart); } free_EncTicketPart(&heimPart); VMKDC_SAFE_FREE_PRINCIPAL(pClient); VMKDC_SAFE_FREE_KEY(pKey); return dwError; }