/** * shishi_encapreppart: * @handle: shishi handle as allocated by shishi_init(). * * This function creates a new EncAPRepPart, populated with some * default values. It uses the current time as returned by the system * for the ctime and cusec fields. * * Return value: Returns the encapreppart or NULL on failure. **/ Shishi_asn1 shishi_encapreppart (Shishi * handle) { int res; Shishi_asn1 node = NULL; struct timeval tv; uint32_t seqnr; res = gettimeofday (&tv, NULL); if (res) return NULL; node = shishi_asn1_encapreppart (handle); if (!node) return NULL; res = shishi_asn1_write (handle, node, "ctime", shishi_generalize_time (handle, time (NULL)), 0); if (res != SHISHI_OK) goto error; res = shishi_encapreppart_cusec_set (handle, node, tv.tv_usec % 1000000); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "subkey", NULL, 0); if (res != SHISHI_OK) goto error; /* * For sequence numbers to adequately support the detection of * replays they SHOULD be non-repeating, even across connection * boundaries. The initial sequence number SHOULD be random and * uniformly distributed across the full space of possible sequence * numbers, so that it cannot be guessed by an attacker and so that * it and the successive sequence numbers do not repeat other * sequences. */ shishi_randomize (handle, 0, &seqnr, sizeof (seqnr)); /* * Implementation note: as noted before, some implementations omit * the optional sequence number when its value would be zero. * Implementations MAY accept an omitted sequence number when * expecting a value of zero, and SHOULD NOT transmit an * Authenticator with a initial sequence number of zero. */ if (seqnr == 0) seqnr++; res = shishi_encapreppart_seqnumber_set (handle, node, seqnr); if (res != SHISHI_OK) goto error; return node; error: shishi_asn1_done (handle, node); return NULL; }
static Shishi_asn1 _shishi_kdcreq (Shishi * handle, int as) { int res; Shishi_asn1 node; const char *servicebuf[3]; uint32_t nonce; if (as) node = shishi_asn1_asreq (handle); else node = shishi_asn1_tgsreq (handle); if (!node) return NULL; res = shishi_asn1_write (handle, node, "pvno", SHISHI_KDCREQ_DEFAULT_PVNO, SHISHI_KDCREQ_DEFAULT_PVNO_LEN); if (res != SHISHI_OK) goto error; if (as) res = shishi_asn1_write (handle, node, "msg-type", SHISHI_AS_REQ_DEFAULT_MSG_TYPE, SHISHI_AS_REQ_DEFAULT_MSG_TYPE_LEN); else res = shishi_asn1_write (handle, node, "msg-type", SHISHI_TGS_REQ_DEFAULT_MSG_TYPE, SHISHI_TGS_REQ_DEFAULT_MSG_TYPE_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "req-body.kdc-options", SHISHI_KDCREQ_DEFAULT_REQ_BODY_KDC_OPTIONS, SHISHI_KDCREQ_DEFAULT_REQ_BODY_KDC_OPTIONS_LEN); if (res != SHISHI_OK) goto error; if (as) res = shishi_kdcreq_set_cname (handle, node, SHISHI_NT_PRINCIPAL, shishi_principal_default (handle)); else res = shishi_asn1_write (handle, node, "req-body.cname", NULL, 0); if (res != SHISHI_OK) goto error; res = shishi_kdcreq_set_realm (handle, node, shishi_realm_default (handle)); if (res != SHISHI_OK) goto error; servicebuf[0] = "krbtgt"; servicebuf[1] = shishi_realm_default (handle); servicebuf[2] = NULL; res = shishi_kdcreq_set_sname (handle, node, SHISHI_NT_PRINCIPAL, servicebuf); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "req-body.sname.name-type", SHISHI_KDCREQ_DEFAULT_REQ_BODY_SNAME_NAME_TYPE, SHISHI_KDCREQ_DEFAULT_REQ_BODY_SNAME_NAME_TYPE_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "req-body.till", shishi_generalize_time (handle, time (NULL) + handle->ticketlife), 0); if (res != SHISHI_OK) goto error; shishi_randomize (handle, 0, &nonce, sizeof (nonce)); nonce &= 0x7FFFFFFF; /* XXX fix _libtasn1_convert_integer. */ res = shishi_kdcreq_nonce_set (handle, node, nonce); if (res != SHISHI_OK) goto error; res = shishi_kdcreq_set_etype (handle, node, handle->clientkdcetypes, handle->nclientkdcetypes); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "req-body.addresses", NULL, 0); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "req-body.enc-authorization-data", NULL, 0); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "req-body.additional-tickets", NULL, 0); if (res != SHISHI_OK) goto error; return node; error: shishi_asn1_done (handle, node); return NULL; }