1 /* ticket.c low-level ASN.1 Ticket handling
2 * Copyright (C) 2002, 2003 Simon Josefsson
4 * This file is part of Shishi.
6 * Shishi is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * Shishi is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with Shishi; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
25 shishi_ticket_realm_get (Shishi
* handle
,
26 Shishi_asn1 ticket
, char *realm
, int *realmlen
)
28 return shishi_asn1_field (handle
, ticket
, realm
, realmlen
, "realm");
32 * shishi_ticket_realm_set:
33 * @handle: shishi handle as allocated by shishi_init().
34 * @ticket: input variable with ticket info.
35 * @realm: input array with name of realm.
37 * Set the realm field in the Ticket.
39 * Return value: Returns SHISHI_OK iff successful.
42 shishi_ticket_realm_set (Shishi
* handle
, Shishi_asn1 ticket
,
47 res
= shishi_asn1_write (handle
, ticket
, "realm", realm
, 0);
55 shishi_ticket_sname_get (Shishi
* handle
,
56 Shishi_asn1 ticket
, char *server
, int *serverlen
)
58 return shishi_principal_name_get (handle
, ticket
, "sname",
63 * shishi_ticket_sname_set:
64 * @handle: shishi handle as allocated by shishi_init().
65 * @ticket: Ticket variable to set server name field in.
66 * @name_type: type of principial, see Shishi_name_type, usually
68 * @sname: input array with principal name.
70 * Set the server name field in the Ticket.
72 * Return value: Returns SHISHI_OK iff successful.
75 shishi_ticket_sname_set (Shishi
* handle
,
77 Shishi_name_type name_type
, char *sname
[])
83 sprintf (buf
, "%d", name_type
);
85 res
= shishi_asn1_write (handle
, ticket
, "sname.name-type", buf
, 0);
89 res
= shishi_asn1_write (handle
, ticket
, "sname.name-string",
97 res
= shishi_asn1_write (handle
, ticket
, "sname.name-string",
102 sprintf (buf
, "sname.name-string.?%d", i
);
103 res
= shishi_asn1_write (handle
, ticket
, buf
, sname
[i
- 1], 0);
104 if (res
!= SHISHI_OK
)
114 shishi_ticket_set_server (Shishi
* handle
,
115 Shishi_asn1 ticket
, const char *server
)
123 tmpserver
= strdup (server
);
124 if (tmpserver
== NULL
)
125 return SHISHI_MALLOC_ERROR
;
127 serverbuf
= malloc (sizeof (*serverbuf
));
129 (serverbuf
[i
] = strtok_r (i
== 0 ? tmpserver
: NULL
, "/", &tokptr
));
132 serverbuf
= realloc (serverbuf
, (i
+ 2) * sizeof (*serverbuf
));
133 if (serverbuf
== NULL
)
134 return SHISHI_MALLOC_ERROR
;
136 res
= shishi_ticket_sname_set (handle
, ticket
,
137 SHISHI_NT_PRINCIPAL
, serverbuf
);
138 if (res
!= SHISHI_OK
)
140 fprintf (stderr
, _("Could not set sname: %s\n"),
141 shishi_strerror_details (handle
));
151 shishi_ticket_snamerealm_get (Shishi
* handle
,
153 char *serverrealm
, int *serverrealmlen
)
155 return shishi_principal_name_realm_get (handle
, ticket
, "sname",
157 serverrealm
, serverrealmlen
);
161 shishi_ticket_srealmserver_set (Shishi
* handle
,
162 Shishi_asn1 ticket
, char *realm
, char *server
)
166 res
= shishi_ticket_realm_set (handle
, ticket
, realm
);
167 if (res
!= SHISHI_OK
)
170 res
= shishi_ticket_set_server (handle
, ticket
, server
);
171 if (res
!= SHISHI_OK
)
178 * shishi_ticket_get_enc_part_etype:
179 * @handle: shishi handle as allocated by shishi_init().
180 * @kdcrep: Ticket variable to get value from.
181 * @etype: output variable that holds the value.
183 * Extract Ticket.enc-part.etype.
185 * Return value: Returns SHISHI_OK iff successful.
188 shishi_ticket_get_enc_part_etype (Shishi
* handle
,
189 Shishi_asn1 ticket
, int *etype
)
195 buflen
= sizeof (*etype
);
196 res
= shishi_asn1_field (handle
, ticket
,
197 (char *) etype
, &buflen
, "enc-part.etype");
203 shishi_ticket_decrypt (Shishi
* handle
,
205 Shishi_key
* key
, Shishi_asn1
* encticketpart
)
210 unsigned char buf
[BUFSIZ
];
211 unsigned char cipher
[BUFSIZ
];
215 res
= shishi_ticket_get_enc_part_etype (handle
, ticket
, &etype
);
216 if (res
!= SHISHI_OK
)
219 if (etype
!= shishi_key_type (key
))
220 return SHISHI_TICKET_BAD_KEYTYPE
;
223 res
= shishi_asn1_field (handle
, ticket
, cipher
, &cipherlen
,
225 if (res
!= SHISHI_OK
)
228 res
= shishi_decrypt (handle
, key
, SHISHI_KEYUSAGE_ENCTICKETPART
,
229 cipher
, cipherlen
, buf
, &buflen
);
231 if (res
!= SHISHI_OK
)
233 if (VERBOSE (handle
))
234 printf ("des_decrypt failed: %s\n", shishi_strerror_details (handle
));
235 shishi_error_printf (handle
,
236 "des_decrypt fail, most likely wrong password\n");
237 return SHISHI_TICKET_DECRYPT_FAILED
;
240 /* The crypto is so 1980; no length indicator. Trim off pad bytes
241 until we can parse it. */
242 for (i
= 0; i
< 8; i
++)
244 if (VERBOSEASN1 (handle
))
245 printf ("Trying with %d pad in enckdcrep...\n", i
);
247 *encticketpart
= shishi_der2asn1_encticketpart (handle
, &buf
[0],
249 if (*encticketpart
!= NULL
)
253 if (*encticketpart
== NULL
)
255 shishi_error_printf (handle
, "Could not DER decode EncTicketPart. "
256 "Password probably correct (decrypt ok) though\n");
257 return SHISHI_ASN1_ERROR
;
264 * shishi_ticket_set_enc_part:
265 * @handle: shishi handle as allocated by shishi_init().
266 * @ticket: Ticket to add enc-part field to.
267 * @etype: encryption type used to encrypt enc-part.
268 * @kvno: key version number.
269 * @buf: input array with encrypted enc-part.
270 * @buflen: size of input array with encrypted enc-part.
272 * Set the encrypted enc-part field in the Ticket. The encrypted data
273 * is usually created by calling shishi_encrypt() on the DER encoded
274 * enc-part. To save time, you may want to use
275 * shishi_ticket_add_enc_part() instead, which calculates the
276 * encrypted data and calls this function in one step.
278 * Return value: Returns SHISHI_OK iff successful.
281 shishi_ticket_set_enc_part (Shishi
* handle
,
283 int etype
, int kvno
, char *buf
, int buflen
)
288 res
= shishi_asn1_write (handle
, ticket
, "enc-part.cipher",
290 if (res
!= SHISHI_OK
)
293 shishi_asprintf (&format
, "%d", etype
);
294 res
= shishi_asn1_write (handle
, ticket
, "enc-part.etype",
297 if (res
!= SHISHI_OK
)
301 res
= shishi_asn1_write (handle
, ticket
, "enc-part.kvno", NULL
, 0);
304 shishi_asprintf (&format
, "%d", etype
);
305 res
= shishi_asn1_write (handle
, ticket
, "enc-part.kvno",
309 if (res
!= SHISHI_OK
)
316 * shishi_ticket_add_enc_part:
317 * @handle: shishi handle as allocated by shishi_init().
318 * @ticket: Ticket to add enc-part field to.
319 * @key: key used to encrypt enc-part.
320 * @encticketpart: EncTicketPart to add.
322 * Encrypts DER encoded EncTicketPart using key and stores it in the
325 * Return value: Returns SHISHI_OK iff successful.
328 shishi_ticket_add_enc_part (Shishi
* handle
,
330 Shishi_key
* key
, Shishi_asn1 encticketpart
)
338 res
= shishi_a2d (handle
, encticketpart
, der
, &derlen
);
339 if (res
!= SHISHI_OK
)
341 shishi_error_printf (handle
, "Could not DER encode encticketpart: %s\n",
342 shishi_strerror (res
));
347 res
= shishi_encrypt (handle
, key
, SHISHI_KEYUSAGE_ENCTICKETPART
,
348 der
, derlen
, buf
, &buflen
);
349 if (res
!= SHISHI_OK
)
351 shishi_error_printf (handle
, "des_encrypt fail\n");
355 res
= shishi_ticket_set_enc_part (handle
, ticket
, shishi_key_type (key
),
356 shishi_key_version (key
), buf
, buflen
);