/**
* shishi_kdcreq_add_padata:
* @handle: shishi handle as allocated by shishi_init().
* @kdcreq: KDC-REQ to add PA-DATA to.
* @padatatype: type of PA-DATA, see Shishi_padata_type.
* @data: input array with PA-DATA value.
* @datalen: size of input array with PA-DATA value.
*
* Add new pre authentication data (PA-DATA) to KDC-REQ. This is used
* to pass various information to KDC, such as in case of a
* SHISHI_PA_TGS_REQ padatatype the AP-REQ that authenticates the user
* to get the ticket. (But also see shishi_kdcreq_add_padata_tgs()
* which takes an AP-REQ directly.)
*
* Return value: Returns SHISHI_OK iff successful.
**/
int
shishi_kdcreq_add_padata (Shishi * handle,
Shishi_asn1 kdcreq,
int padatatype, const char *data, size_t datalen)
{
char *format;
int res;
size_t i;
res = shishi_asn1_write (handle, kdcreq, "padata", "NEW", 1);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_number_of_elements (handle, kdcreq, "padata", &i);
if (res != SHISHI_OK)
return res;
asprintf (&format, "padata.?%zu.padata-value", i);
res = shishi_asn1_write (handle, kdcreq, format, data, datalen);
free (format);
if (res != SHISHI_OK)
return res;
asprintf (&format, "padata.?%zu.padata-type", i);
res = shishi_asn1_write_uint32 (handle, kdcreq, format, padatatype);
free (format);
if (res != SHISHI_OK)
return res;
return SHISHI_OK;
}
/**
* shishi_authenticator_authorizationdata:
* @handle: shishi handle as allocated by shishi_init().
* @authenticator: authenticator as allocated by shishi_authenticator().
* @adtype: output authorization data type.
* @addata: newly allocated output authorization data.
* @addatalen: on output, actual size of newly allocated authorization data.
* @nth: element number of authorization-data to extract.
*
* Extract n:th authorization data from authenticator. The first
* field is 1.
*
* Return value: Returns SHISHI_OK iff successful.
**/
int
shishi_authenticator_authorizationdata (Shishi * handle,
Shishi_asn1 authenticator,
int32_t * adtype,
char **addata, size_t * addatalen,
size_t nth)
{
char *format;
int res;
size_t i;
res = shishi_asn1_number_of_elements (handle, authenticator,
"authorization-data", &i);
if (res != SHISHI_OK)
return SHISHI_ASN1_ERROR;
if (nth > i)
return SHISHI_OUT_OF_RANGE;
asprintf (&format, "authorization-data.?%zu.ad-type", nth);
res = shishi_asn1_read_int32 (handle, authenticator, format, adtype);
free (format);
if (res != SHISHI_OK)
return res;
asprintf (&format, "authorization-data.?%zu.ad-data", i);
res = shishi_asn1_read (handle, authenticator, format, addata, addatalen);
free (format);
if (res != SHISHI_OK)
return res;
return SHISHI_OK;
}
int
shishi_kdcreq_build (Shishi * handle, Shishi_asn1 kdcreq)
{
int res;
size_t n;
int msgtype;
shishi_verbose (handle, "Building KDC-REQ...");
if (shishi_asn1_empty_p (handle, kdcreq, "req-body.rtime"))
{
res = shishi_asn1_write (handle, kdcreq, "req-body.rtime", NULL, 0);
if (res != SHISHI_OK)
{
shishi_error_printf (handle, "Could not write rtime\n");
return res;
}
}
if (shishi_asn1_empty_p (handle, kdcreq, "req-body.from"))
{
res = shishi_asn1_write (handle, kdcreq, "req-body.from", NULL, 0);
if (res != SHISHI_OK)
{
shishi_error_printf (handle, "Could not write from\n");
return res;
}
}
res = shishi_asn1_read_integer (handle, kdcreq, "msg-type", &msgtype);
if (res != SHISHI_OK)
return res;
if (msgtype == SHISHI_MSGTYPE_AS_REQ)
{
res = shishi_asn1_number_of_elements (handle, kdcreq, "padata", &n);
if (res == SHISHI_OK && n == 0)
{
res = shishi_kdcreq_clear_padata (handle, kdcreq);
if (res != SHISHI_OK)
{
shishi_error_printf (handle, "Could not write padata\n");
return res;
}
}
}
return SHISHI_OK;
}
/**
* shishi_kdcreq_get_padata:
* @handle: shishi handle as allocated by shishi_init().
* @kdcreq: KDC-REQ to get PA-DATA from.
* @padatatype: type of PA-DATA, see Shishi_padata_type.
* @out: output array with newly allocated PA-DATA value.
* @outlen: size of output array with PA-DATA value.
*
* Get pre authentication data (PA-DATA) from KDC-REQ. Pre
* authentication data is used to pass various information to KDC,
* such as in case of a SHISHI_PA_TGS_REQ padatatype the AP-REQ that
* authenticates the user to get the ticket.
*
* Return value: Returns SHISHI_OK iff successful.
**/
int
shishi_kdcreq_get_padata (Shishi * handle,
Shishi_asn1 kdcreq,
Shishi_padata_type padatatype,
char **out, size_t * outlen)
{
char *format;
int res;
size_t i, n;
res = shishi_asn1_number_of_elements (handle, kdcreq, "padata", &n);
if (res != SHISHI_OK)
return res;
*out = NULL;
*outlen = 0;
for (i = 1; i <= n; i++)
{
int32_t patype;
asprintf (&format, "padata.?%zu.padata-type", i);
res = shishi_asn1_read_int32 (handle, kdcreq, format, &patype);
free (format);
if (res != SHISHI_OK)
return res;
if (patype == (int32_t) padatatype)
{
asprintf (&format, "padata.?%zu.padata-value", i);
res = shishi_asn1_read (handle, kdcreq, format, out, outlen);
free (format);
if (res != SHISHI_OK)
return res;
break;
}
}
return SHISHI_OK;
}
/**
* shishi_authenticator_add_authorizationdata:
* @handle: shishi handle as allocated by shishi_init().
* @authenticator: authenticator as allocated by shishi_authenticator().
* @adtype: input authorization data type to add.
* @addata: input authorization data to add.
* @addatalen: size of input authorization data to add.
*
* Add authorization data to authenticator.
*
* Return value: Returns SHISHI_OK iff successful.
**/
int
shishi_authenticator_add_authorizationdata (Shishi * handle,
Shishi_asn1 authenticator,
int32_t adtype,
const char *addata,
size_t addatalen)
{
char *format;
int res;
size_t i;
res = shishi_asn1_write (handle, authenticator,
"authorization-data", "NEW", 1);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_number_of_elements (handle, authenticator,
"authorization-data", &i);
if (res != SHISHI_OK)
return res;
asprintf (&format, "authorization-data.?%zu.ad-type", i);
res = shishi_asn1_write_integer (handle, authenticator, format, adtype);
if (res != SHISHI_OK)
{
free (format);
return res;
}
sprintf (format, "authorization-data.?%zu.ad-data", i);
res = shishi_asn1_write (handle, authenticator, format, addata, addatalen);
free (format);
if (res != SHISHI_OK)
return res;
return SHISHI_OK;
}
/**
* shishi_apreq_get_ticket:
* @handle: shishi handle as allocated by shishi_init().
* @apreq: AP-REQ variable to get ticket from.
* @ticket: output variable to hold extracted ticket.
*
* Extract ticket from AP-REQ.
*
* Return value: Returns SHISHI_OK iff successful.
**/
int
shishi_apreq_get_ticket (Shishi * handle,
Shishi_asn1 apreq, Shishi_asn1 * ticket)
{
char *buf;
char *format;
size_t buflen, i, n;
int res;
/* there's GOT to be an easier way to do this */
*ticket = shishi_ticket (handle);
if (!*ticket)
return SHISHI_ASN1_ERROR;
res = shishi_asn1_read (handle, apreq, "ticket.tkt-vno", &buf, &buflen);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, *ticket, "tkt-vno", buf, buflen);
free (buf);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_read (handle, apreq, "ticket.realm", &buf, &buflen);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, *ticket, "realm", buf, buflen);
free (buf);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_read (handle, apreq, "ticket.sname.name-type",
&buf, &buflen);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, *ticket, "sname.name-type", buf, buflen);
free (buf);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_number_of_elements (handle, apreq,
"ticket.sname.name-string", &n);
if (res != SHISHI_OK)
goto error;
for (i = 1; i <= n; i++)
{
res = shishi_asn1_write (handle, *ticket, "sname.name-string",
"NEW", 1);
if (res != SHISHI_OK)
goto error;
asprintf (&format, "ticket.sname.name-string.?%d", i);
res = shishi_asn1_read (handle, apreq, format, &buf, &buflen);
free (format);
if (res != SHISHI_OK)
goto error;
asprintf (&format, "sname.name-string.?%d", i);
res = shishi_asn1_write (handle, *ticket, format, buf, buflen);
free (format);
free (buf);
if (res != SHISHI_OK)
goto error;
}
res = shishi_asn1_read (handle, apreq, "ticket.enc-part.etype",
&buf, &buflen);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, *ticket, "enc-part.etype", buf, buflen);
free (buf);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_read (handle, apreq, "ticket.enc-part.kvno",
&buf, &buflen);
if (res != SHISHI_OK && res != SHISHI_ASN1_NO_ELEMENT)
goto error;
if (res == SHISHI_ASN1_NO_ELEMENT)
res = shishi_asn1_write (handle, *ticket, "enc-part.kvno", NULL, 0);
else
{
res = shishi_asn1_write (handle, *ticket, "enc-part.kvno", buf, buflen);
free (buf);
}
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_read (handle, apreq, "ticket.enc-part.cipher",
&buf, &buflen);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, *ticket, "enc-part.cipher", buf, buflen);
free (buf);
if (res != SHISHI_OK)
goto error;
return SHISHI_OK;
error:
shishi_asn1_done (handle, *ticket);
return res;
}
/**
* shishi_apreq_set_ticket:
* @handle: shishi handle as allocated by shishi_init().
* @apreq: AP-REQ to add ticket field to.
* @ticket: input ticket to copy into AP-REQ ticket field.
*
* Copy ticket into AP-REQ.
*
* Return value: Returns SHISHI_OK iff successful.
**/
int
shishi_apreq_set_ticket (Shishi * handle, Shishi_asn1 apreq,
Shishi_asn1 ticket)
{
int res;
char *format;
char *buf;
size_t buflen, i, n;
res = shishi_asn1_read (handle, ticket, "tkt-vno", &buf, &buflen);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_write (handle, apreq, "ticket.tkt-vno", buf, buflen);
free (buf);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_read (handle, ticket, "realm", &buf, &buflen);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_write (handle, apreq, "ticket.realm", buf, buflen);
free (buf);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_read (handle, ticket, "sname.name-type", &buf, &buflen);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_write (handle, apreq, "ticket.sname.name-type",
buf, buflen);
free (buf);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_number_of_elements (handle, ticket,
"sname.name-string", &n);
if (res != SHISHI_OK)
return res;
for (i = 1; i <= n; i++)
{
res = shishi_asn1_write (handle, apreq,
"ticket.sname.name-string", "NEW", 1);
if (res != SHISHI_OK)
return res;
asprintf (&format, "sname.name-string.?%d", i);
res = shishi_asn1_read (handle, ticket, format, &buf, &buflen);
free (format);
if (res != SHISHI_OK)
return res;
asprintf (&format, "ticket.sname.name-string.?%d", i);
res = shishi_asn1_write (handle, apreq, format, buf, buflen);
free (format);
free (buf);
if (res != SHISHI_OK)
return res;
}
res = shishi_asn1_read (handle, ticket, "enc-part.etype", &buf, &buflen);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_write (handle, apreq, "ticket.enc-part.etype",
buf, buflen);
free (buf);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_read (handle, ticket, "enc-part.kvno", &buf, &buflen);
if (res != SHISHI_OK && res != SHISHI_ASN1_NO_ELEMENT)
return res;
if (res == SHISHI_ASN1_NO_ELEMENT)
res = shishi_asn1_write (handle, apreq, "ticket.enc-part.kvno", NULL, 0);
else
{
res = shishi_asn1_write (handle, apreq, "ticket.enc-part.kvno",
buf, buflen);
free (buf);
}
if (res != SHISHI_OK)
return res;
res = shishi_asn1_read (handle, ticket, "enc-part.cipher", &buf, &buflen);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_write (handle, apreq, "ticket.enc-part.cipher",
buf, buflen);
free (buf);
if (res != SHISHI_OK)
return res;
return SHISHI_OK;
}
