/** * shishi_kdcreq_add_padata: * @handle: shishi handle as allocated by shishi_init(). * @kdcreq: KDC-REQ to add PA-DATA to. * @padatatype: type of PA-DATA, see Shishi_padata_type. * @data: input array with PA-DATA value. * @datalen: size of input array with PA-DATA value. * * Add new pre authentication data (PA-DATA) to KDC-REQ. This is used * to pass various information to KDC, such as in case of a * SHISHI_PA_TGS_REQ padatatype the AP-REQ that authenticates the user * to get the ticket. (But also see shishi_kdcreq_add_padata_tgs() * which takes an AP-REQ directly.) * * Return value: Returns SHISHI_OK iff successful. **/ int shishi_kdcreq_add_padata (Shishi * handle, Shishi_asn1 kdcreq, int padatatype, const char *data, size_t datalen) { char *format; int res; size_t i; res = shishi_asn1_write (handle, kdcreq, "padata", "NEW", 1); if (res != SHISHI_OK) return res; res = shishi_asn1_number_of_elements (handle, kdcreq, "padata", &i); if (res != SHISHI_OK) return res; asprintf (&format, "padata.?%zu.padata-value", i); res = shishi_asn1_write (handle, kdcreq, format, data, datalen); free (format); if (res != SHISHI_OK) return res; asprintf (&format, "padata.?%zu.padata-type", i); res = shishi_asn1_write_uint32 (handle, kdcreq, format, padatatype); free (format); if (res != SHISHI_OK) return res; return SHISHI_OK; }
/** * shishi_authenticator_authorizationdata: * @handle: shishi handle as allocated by shishi_init(). * @authenticator: authenticator as allocated by shishi_authenticator(). * @adtype: output authorization data type. * @addata: newly allocated output authorization data. * @addatalen: on output, actual size of newly allocated authorization data. * @nth: element number of authorization-data to extract. * * Extract n:th authorization data from authenticator. The first * field is 1. * * Return value: Returns SHISHI_OK iff successful. **/ int shishi_authenticator_authorizationdata (Shishi * handle, Shishi_asn1 authenticator, int32_t * adtype, char **addata, size_t * addatalen, size_t nth) { char *format; int res; size_t i; res = shishi_asn1_number_of_elements (handle, authenticator, "authorization-data", &i); if (res != SHISHI_OK) return SHISHI_ASN1_ERROR; if (nth > i) return SHISHI_OUT_OF_RANGE; asprintf (&format, "authorization-data.?%zu.ad-type", nth); res = shishi_asn1_read_int32 (handle, authenticator, format, adtype); free (format); if (res != SHISHI_OK) return res; asprintf (&format, "authorization-data.?%zu.ad-data", i); res = shishi_asn1_read (handle, authenticator, format, addata, addatalen); free (format); if (res != SHISHI_OK) return res; return SHISHI_OK; }
int shishi_kdcreq_build (Shishi * handle, Shishi_asn1 kdcreq) { int res; size_t n; int msgtype; shishi_verbose (handle, "Building KDC-REQ..."); if (shishi_asn1_empty_p (handle, kdcreq, "req-body.rtime")) { res = shishi_asn1_write (handle, kdcreq, "req-body.rtime", NULL, 0); if (res != SHISHI_OK) { shishi_error_printf (handle, "Could not write rtime\n"); return res; } } if (shishi_asn1_empty_p (handle, kdcreq, "req-body.from")) { res = shishi_asn1_write (handle, kdcreq, "req-body.from", NULL, 0); if (res != SHISHI_OK) { shishi_error_printf (handle, "Could not write from\n"); return res; } } res = shishi_asn1_read_integer (handle, kdcreq, "msg-type", &msgtype); if (res != SHISHI_OK) return res; if (msgtype == SHISHI_MSGTYPE_AS_REQ) { res = shishi_asn1_number_of_elements (handle, kdcreq, "padata", &n); if (res == SHISHI_OK && n == 0) { res = shishi_kdcreq_clear_padata (handle, kdcreq); if (res != SHISHI_OK) { shishi_error_printf (handle, "Could not write padata\n"); return res; } } } return SHISHI_OK; }
/** * shishi_kdcreq_get_padata: * @handle: shishi handle as allocated by shishi_init(). * @kdcreq: KDC-REQ to get PA-DATA from. * @padatatype: type of PA-DATA, see Shishi_padata_type. * @out: output array with newly allocated PA-DATA value. * @outlen: size of output array with PA-DATA value. * * Get pre authentication data (PA-DATA) from KDC-REQ. Pre * authentication data is used to pass various information to KDC, * such as in case of a SHISHI_PA_TGS_REQ padatatype the AP-REQ that * authenticates the user to get the ticket. * * Return value: Returns SHISHI_OK iff successful. **/ int shishi_kdcreq_get_padata (Shishi * handle, Shishi_asn1 kdcreq, Shishi_padata_type padatatype, char **out, size_t * outlen) { char *format; int res; size_t i, n; res = shishi_asn1_number_of_elements (handle, kdcreq, "padata", &n); if (res != SHISHI_OK) return res; *out = NULL; *outlen = 0; for (i = 1; i <= n; i++) { int32_t patype; asprintf (&format, "padata.?%zu.padata-type", i); res = shishi_asn1_read_int32 (handle, kdcreq, format, &patype); free (format); if (res != SHISHI_OK) return res; if (patype == (int32_t) padatatype) { asprintf (&format, "padata.?%zu.padata-value", i); res = shishi_asn1_read (handle, kdcreq, format, out, outlen); free (format); if (res != SHISHI_OK) return res; break; } } return SHISHI_OK; }
/** * shishi_authenticator_add_authorizationdata: * @handle: shishi handle as allocated by shishi_init(). * @authenticator: authenticator as allocated by shishi_authenticator(). * @adtype: input authorization data type to add. * @addata: input authorization data to add. * @addatalen: size of input authorization data to add. * * Add authorization data to authenticator. * * Return value: Returns SHISHI_OK iff successful. **/ int shishi_authenticator_add_authorizationdata (Shishi * handle, Shishi_asn1 authenticator, int32_t adtype, const char *addata, size_t addatalen) { char *format; int res; size_t i; res = shishi_asn1_write (handle, authenticator, "authorization-data", "NEW", 1); if (res != SHISHI_OK) return res; res = shishi_asn1_number_of_elements (handle, authenticator, "authorization-data", &i); if (res != SHISHI_OK) return res; asprintf (&format, "authorization-data.?%zu.ad-type", i); res = shishi_asn1_write_integer (handle, authenticator, format, adtype); if (res != SHISHI_OK) { free (format); return res; } sprintf (format, "authorization-data.?%zu.ad-data", i); res = shishi_asn1_write (handle, authenticator, format, addata, addatalen); free (format); if (res != SHISHI_OK) return res; return SHISHI_OK; }
/** * shishi_apreq_get_ticket: * @handle: shishi handle as allocated by shishi_init(). * @apreq: AP-REQ variable to get ticket from. * @ticket: output variable to hold extracted ticket. * * Extract ticket from AP-REQ. * * Return value: Returns SHISHI_OK iff successful. **/ int shishi_apreq_get_ticket (Shishi * handle, Shishi_asn1 apreq, Shishi_asn1 * ticket) { char *buf; char *format; size_t buflen, i, n; int res; /* there's GOT to be an easier way to do this */ *ticket = shishi_ticket (handle); if (!*ticket) return SHISHI_ASN1_ERROR; res = shishi_asn1_read (handle, apreq, "ticket.tkt-vno", &buf, &buflen); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, *ticket, "tkt-vno", buf, buflen); free (buf); if (res != SHISHI_OK) goto error; res = shishi_asn1_read (handle, apreq, "ticket.realm", &buf, &buflen); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, *ticket, "realm", buf, buflen); free (buf); if (res != SHISHI_OK) goto error; res = shishi_asn1_read (handle, apreq, "ticket.sname.name-type", &buf, &buflen); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, *ticket, "sname.name-type", buf, buflen); free (buf); if (res != SHISHI_OK) goto error; res = shishi_asn1_number_of_elements (handle, apreq, "ticket.sname.name-string", &n); if (res != SHISHI_OK) goto error; for (i = 1; i <= n; i++) { res = shishi_asn1_write (handle, *ticket, "sname.name-string", "NEW", 1); if (res != SHISHI_OK) goto error; asprintf (&format, "ticket.sname.name-string.?%d", i); res = shishi_asn1_read (handle, apreq, format, &buf, &buflen); free (format); if (res != SHISHI_OK) goto error; asprintf (&format, "sname.name-string.?%d", i); res = shishi_asn1_write (handle, *ticket, format, buf, buflen); free (format); free (buf); if (res != SHISHI_OK) goto error; } res = shishi_asn1_read (handle, apreq, "ticket.enc-part.etype", &buf, &buflen); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, *ticket, "enc-part.etype", buf, buflen); free (buf); if (res != SHISHI_OK) goto error; res = shishi_asn1_read (handle, apreq, "ticket.enc-part.kvno", &buf, &buflen); if (res != SHISHI_OK && res != SHISHI_ASN1_NO_ELEMENT) goto error; if (res == SHISHI_ASN1_NO_ELEMENT) res = shishi_asn1_write (handle, *ticket, "enc-part.kvno", NULL, 0); else { res = shishi_asn1_write (handle, *ticket, "enc-part.kvno", buf, buflen); free (buf); } if (res != SHISHI_OK) goto error; res = shishi_asn1_read (handle, apreq, "ticket.enc-part.cipher", &buf, &buflen); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, *ticket, "enc-part.cipher", buf, buflen); free (buf); if (res != SHISHI_OK) goto error; return SHISHI_OK; error: shishi_asn1_done (handle, *ticket); return res; }
/** * shishi_apreq_set_ticket: * @handle: shishi handle as allocated by shishi_init(). * @apreq: AP-REQ to add ticket field to. * @ticket: input ticket to copy into AP-REQ ticket field. * * Copy ticket into AP-REQ. * * Return value: Returns SHISHI_OK iff successful. **/ int shishi_apreq_set_ticket (Shishi * handle, Shishi_asn1 apreq, Shishi_asn1 ticket) { int res; char *format; char *buf; size_t buflen, i, n; res = shishi_asn1_read (handle, ticket, "tkt-vno", &buf, &buflen); if (res != SHISHI_OK) return res; res = shishi_asn1_write (handle, apreq, "ticket.tkt-vno", buf, buflen); free (buf); if (res != SHISHI_OK) return res; res = shishi_asn1_read (handle, ticket, "realm", &buf, &buflen); if (res != SHISHI_OK) return res; res = shishi_asn1_write (handle, apreq, "ticket.realm", buf, buflen); free (buf); if (res != SHISHI_OK) return res; res = shishi_asn1_read (handle, ticket, "sname.name-type", &buf, &buflen); if (res != SHISHI_OK) return res; res = shishi_asn1_write (handle, apreq, "ticket.sname.name-type", buf, buflen); free (buf); if (res != SHISHI_OK) return res; res = shishi_asn1_number_of_elements (handle, ticket, "sname.name-string", &n); if (res != SHISHI_OK) return res; for (i = 1; i <= n; i++) { res = shishi_asn1_write (handle, apreq, "ticket.sname.name-string", "NEW", 1); if (res != SHISHI_OK) return res; asprintf (&format, "sname.name-string.?%d", i); res = shishi_asn1_read (handle, ticket, format, &buf, &buflen); free (format); if (res != SHISHI_OK) return res; asprintf (&format, "ticket.sname.name-string.?%d", i); res = shishi_asn1_write (handle, apreq, format, buf, buflen); free (format); free (buf); if (res != SHISHI_OK) return res; } res = shishi_asn1_read (handle, ticket, "enc-part.etype", &buf, &buflen); if (res != SHISHI_OK) return res; res = shishi_asn1_write (handle, apreq, "ticket.enc-part.etype", buf, buflen); free (buf); if (res != SHISHI_OK) return res; res = shishi_asn1_read (handle, ticket, "enc-part.kvno", &buf, &buflen); if (res != SHISHI_OK && res != SHISHI_ASN1_NO_ELEMENT) return res; if (res == SHISHI_ASN1_NO_ELEMENT) res = shishi_asn1_write (handle, apreq, "ticket.enc-part.kvno", NULL, 0); else { res = shishi_asn1_write (handle, apreq, "ticket.enc-part.kvno", buf, buflen); free (buf); } if (res != SHISHI_OK) return res; res = shishi_asn1_read (handle, ticket, "enc-part.cipher", &buf, &buflen); if (res != SHISHI_OK) return res; res = shishi_asn1_write (handle, apreq, "ticket.enc-part.cipher", buf, buflen); free (buf); if (res != SHISHI_OK) return res; return SHISHI_OK; }