search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix a2d.
[shishi.git] / lib / apreq.c
blob2e9ff99e5900306dbbf08757b0994e61854957b7
1 /* apreq.c AP-REQ functions
2 * Copyright (C) 2002, 2003 Simon Josefsson
3 *
4 * This file is part of Shishi.
5 *
6 * Shishi is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * Shishi is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with Shishi; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 *
20 */
21
22 #include "internal.h"
23
24 #define SHISHI_APREQ_DEFAULT_PVNO "5"
25 #define SHISHI_APREQ_DEFAULT_PVNO_LEN 0
26 #define SHISHI_APREQ_DEFAULT_MSG_TYPE "14" /* KRB_AP_REQ */
27 #define SHISHI_APREQ_DEFAULT_MSG_TYPE_LEN 0
28 #define SHISHI_APREQ_DEFAULT_AP_OPTIONS "\x00\x00\x00\x00"
29 #define SHISHI_APREQ_DEFAULT_AP_OPTIONS_LEN 32
30 #define SHISHI_APREQ_DEFAULT_TICKET_TKT_VNO "5"
31 #define SHISHI_APREQ_DEFAULT_TICKET_TKT_VNO_LEN 0
32 #define SHISHI_APREQ_DEFAULT_TICKET_REALM ""
33 #define SHISHI_APREQ_DEFAULT_TICKET_REALM_LEN 0
34 #define SHISHI_APREQ_DEFAULT_TICKET_SNAME_NAME_TYPE "1" /* SHISHI_NT_PRINCIPAL */
35 #define SHISHI_APREQ_DEFAULT_TICKET_SNAME_NAME_TYPE_LEN 0
36 #define SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_ETYPE "0"
37 #define SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_ETYPE_LEN 0
38 #define SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_KVNO "0"
39 #define SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_KVNO_LEN 0
40 #define SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_CIPHER ""
41 #define SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_CIPHER_LEN 0
42 #define SHISHI_APREQ_DEFAULT_AUTHENTICATOR_ETYPE "0"
43 #define SHISHI_APREQ_DEFAULT_AUTHENTICATOR_ETYPE_LEN 0
44 #define SHISHI_APREQ_DEFAULT_AUTHENTICATOR_KVNO "1"
45 #define SHISHI_APREQ_DEFAULT_AUTHENTICATOR_KVNO_LEN 0
46 #define SHISHI_APREQ_DEFAULT_AUTHENTICATOR_CIPHER ""
47 #define SHISHI_APREQ_DEFAULT_AUTHENTICATOR_CIPHER_LEN 0
48
49 /**
50 * shishi_apreq:
51 * @handle: shishi handle as allocated by shishi_init().
52 *
53 * This function creates a new AP-REQ, populated with some default
54 * values.
55 *
56 * Return value: Returns the AP-REQ or NULL on failure.
57 **/
58 Shishi_asn1
59 shishi_apreq (Shishi * handle)
60 {
61 Shishi_asn1 node;
62 int res;
63
64 node = shishi_asn1_apreq (handle);
65 if (!node)
66 goto error;
67
68 res = shishi_asn1_write (handle, node, "pvno",
69 SHISHI_APREQ_DEFAULT_PVNO,
70 SHISHI_APREQ_DEFAULT_PVNO_LEN);
71 if (res != SHISHI_OK)
72 goto error;
73
74 res = shishi_asn1_write (handle, node, "msg-type",
75 SHISHI_APREQ_DEFAULT_MSG_TYPE,
76 SHISHI_APREQ_DEFAULT_MSG_TYPE_LEN);
77 if (res != SHISHI_OK)
78 goto error;
79
80 res = shishi_asn1_write (handle, node, "ap-options",
81 SHISHI_APREQ_DEFAULT_AP_OPTIONS,
82 SHISHI_APREQ_DEFAULT_AP_OPTIONS_LEN);
83 if (res != SHISHI_OK)
84 goto error;
85
86 res = shishi_asn1_write (handle, node, "ticket.tkt-vno",
87 SHISHI_APREQ_DEFAULT_TICKET_TKT_VNO,
88 SHISHI_APREQ_DEFAULT_TICKET_TKT_VNO_LEN);
89 if (res != SHISHI_OK)
90 goto error;
91
92 res = shishi_asn1_write (handle, node, "ticket.realm",
93 SHISHI_APREQ_DEFAULT_TICKET_REALM,
94 SHISHI_APREQ_DEFAULT_TICKET_REALM_LEN);
95 if (res != SHISHI_OK)
96 goto error;
97
98 res = shishi_asn1_write (handle, node, "ticket.realm",
99 SHISHI_APREQ_DEFAULT_TICKET_REALM,
100 SHISHI_APREQ_DEFAULT_TICKET_REALM_LEN);
101 if (res != SHISHI_OK)
102 goto error;
103
104 res = shishi_asn1_write (handle, node, "ticket.sname.name-type",
105 SHISHI_APREQ_DEFAULT_TICKET_SNAME_NAME_TYPE,
106 SHISHI_APREQ_DEFAULT_TICKET_SNAME_NAME_TYPE_LEN);
107 if (res != SHISHI_OK)
108 goto error;
109
110 res = shishi_asn1_write (handle, node, "ticket.enc-part.etype",
111 SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_ETYPE,
112 SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_ETYPE_LEN);
113 if (res != SHISHI_OK)
114 goto error;
115
116 res = shishi_asn1_write (handle, node, "ticket.enc-part.kvno",
117 SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_KVNO,
118 SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_KVNO_LEN);
119 if (res != SHISHI_OK)
120 goto error;
121
122 res = shishi_asn1_write (handle, node, "ticket.enc-part.cipher",
123 SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_CIPHER,
124 SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_CIPHER_LEN);
125 if (res != SHISHI_OK)
126 goto error;
127
128 res = shishi_asn1_write (handle, node, "authenticator.etype",
129 SHISHI_APREQ_DEFAULT_AUTHENTICATOR_ETYPE,
130 SHISHI_APREQ_DEFAULT_AUTHENTICATOR_ETYPE_LEN);
131 if (res != SHISHI_OK)
132 goto error;
133
134 res = shishi_asn1_write (handle, node, "authenticator.kvno",
135 SHISHI_APREQ_DEFAULT_AUTHENTICATOR_KVNO,
136 SHISHI_APREQ_DEFAULT_AUTHENTICATOR_KVNO_LEN);
137 if (res != SHISHI_OK)
138 goto error;
139
140 res = shishi_asn1_write (handle, node, "authenticator.cipher",
141 SHISHI_APREQ_DEFAULT_AUTHENTICATOR_CIPHER,
142 SHISHI_APREQ_DEFAULT_AUTHENTICATOR_CIPHER_LEN);
143 if (res != SHISHI_OK)
144 goto error;
145
146 return node;
147
148 error:
149 if (node)
150 shishi_asn1_done (handle, node);
151 return NULL;
152 }
153
154 /**
155 * shishi_apreq_print:
156 * @handle: shishi handle as allocated by shishi_init().
157 * @fh: file handle open for writing.
158 * @apreq: AP-REQ to print.
159 *
160 * Print ASCII armored DER encoding of AP-REQ to file.
161 *
162 * Return value: Returns SHISHI_OK iff successful.
163 **/
164 int
165 shishi_apreq_print (Shishi * handle, FILE * fh, Shishi_asn1 apreq)
166 {
167 return _shishi_print_armored_data (handle, fh, apreq, "AP-REQ", NULL);
168 }
169
170 /**
171 * shishi_apreq_save:
172 * @handle: shishi handle as allocated by shishi_init().
173 * @fh: file handle open for writing.
174 * @apreq: AP-REQ to save.
175 *
176 * Save DER encoding of AP-REQ to file.
177 *
178 * Return value: Returns SHISHI_OK iff successful.
179 **/
180 int
181 shishi_apreq_save (Shishi * handle, FILE * fh, Shishi_asn1 apreq)
182 {
183 return _shishi_save_data (handle, fh, apreq, "AP-REQ");
184 }
185
186 /**
187 * shishi_apreq_to_file:
188 * @handle: shishi handle as allocated by shishi_init().
189 * @apreq: AP-REQ to save.
190 * @filetype: input variable specifying type of file to be written,
191 * see Shishi_filetype.
192 * @filename: input variable with filename to write to.
193 *
194 * Write AP-REQ to file in specified TYPE. The file will be
195 * truncated if it exists.
196 *
197 * Return value: Returns SHISHI_OK iff successful.
198 **/
199 int
200 shishi_apreq_to_file (Shishi * handle, Shishi_asn1 apreq,
201 int filetype, char *filename)
202 {
203 FILE *fh;
204 int res;
205
206 if (VERBOSE (handle))
207 printf (_("Writing AP-REQ to %s...\n"), filename);
208
209 fh = fopen (filename, "w");
210 if (fh == NULL)
211 return SHISHI_FOPEN_ERROR;
212
213 if (VERBOSE (handle))
214 printf (_("Writing AP-REQ in %s format...\n"),
215 filetype == SHISHI_FILETYPE_TEXT ? "TEXT" : "DER");
216
217 if (filetype == SHISHI_FILETYPE_TEXT)
218 res = shishi_apreq_print (handle, fh, apreq);
219 else
220 res = shishi_apreq_save (handle, fh, apreq);
221 if (res != SHISHI_OK)
222 return res;
223
224 res = fclose (fh);
225 if (res != 0)
226 return SHISHI_FCLOSE_ERROR;
227
228 if (VERBOSE (handle))
229 printf (_("Writing AP-REQ to %s...done\n"), filename);
230
231 return SHISHI_OK;
232 }
233
234 /**
235 * shishi_apreq_parse:
236 * @handle: shishi handle as allocated by shishi_init().
237 * @fh: file handle open for reading.
238 * @apreq: output variable with newly allocated AP-REQ.
239 *
240 * Read ASCII armored DER encoded AP-REQ from file and populate given
241 * variable.
242 *
243 * Return value: Returns SHISHI_OK iff successful.
244 **/
245 int
246 shishi_apreq_parse (Shishi * handle, FILE * fh, Shishi_asn1 * apreq)
247 {
248 return _shishi_apreq_input (handle, fh, apreq, 0);
249 }
250
251 /**
252 * shishi_apreq_read:
253 * @handle: shishi handle as allocated by shishi_init().
254 * @fh: file handle open for reading.
255 * @apreq: output variable with newly allocated AP-REQ.
256 *
257 * Read DER encoded AP-REQ from file and populate given variable.
258 *
259 * Return value: Returns SHISHI_OK iff successful.
260 **/
261 int
262 shishi_apreq_read (Shishi * handle, FILE * fh, Shishi_asn1 * apreq)
263 {
264 return _shishi_apreq_input (handle, fh, apreq, 1);
265 }
266
267 /**
268 * shishi_apreq_from_file:
269 * @handle: shishi handle as allocated by shishi_init().
270 * @apreq: output variable with newly allocated AP-REQ.
271 * @filetype: input variable specifying type of file to be read,
272 * see Shishi_filetype.
273 * @filename: input variable with filename to read from.
274 *
275 * Read AP-REQ from file in specified TYPE.
276 *
277 * Return value: Returns SHISHI_OK iff successful.
278 **/
279 int
280 shishi_apreq_from_file (Shishi * handle, Shishi_asn1 * apreq,
281 int filetype, char *filename)
282 {
283 int res;
284 FILE *fh;
285
286 if (VERBOSE (handle))
287 printf (_("Reading AP-REQ from %s...\n"), filename);
288
289 fh = fopen (filename, "r");
290 if (fh == NULL)
291 return SHISHI_FOPEN_ERROR;
292
293 if (VERBOSE (handle))
294 printf (_("Reading AP-REQ in %s format...\n"),
295 filetype == SHISHI_FILETYPE_TEXT ? "TEXT" : "DER");
296
297 if (filetype == SHISHI_FILETYPE_TEXT)
298 res = shishi_apreq_parse (handle, fh, apreq);
299 else
300 res = shishi_apreq_read (handle, fh, apreq);
301 if (res != SHISHI_OK)
302 return res;
303
304 res = fclose (fh);
305 if (res != 0)
306 return SHISHI_FCLOSE_ERROR;
307
308 if (VERBOSE (handle))
309 printf (_("Reading AP-REQ from %s...done\n"), filename);
310
311 return SHISHI_OK;
312 }
313
314 /**
315 * shishi_apreq_set_authenticator:
316 * @handle: shishi handle as allocated by shishi_init().
317 * @apreq: AP-REQ to add authenticator field to.
318 * @etype: encryption type used to encrypt authenticator.
319 * @buf: input array with encrypted authenticator.
320 * @buflen: size of input array with encrypted authenticator.
321 *
322 * Set the encrypted authenticator field in the AP-REP. The encrypted
323 * data is usually created by calling shishi_encrypt() on the DER
324 * encoded authenticator. To save time, you may want to use
325 * shishi_apreq_add_authenticator() instead, which calculates the
326 * encrypted data and calls this function in one step.
327 *
328 * Return value:
329 **/
330 int
331 shishi_apreq_set_authenticator (Shishi * handle,
332 Shishi_asn1 apreq,
333 int etype, char *buf, int buflen)
334 {
335 char format[BUFSIZ];
336 int res;
337
338 res = shishi_asn1_write (handle, apreq, "authenticator.cipher",
339 buf, buflen);
340 if (res != SHISHI_OK)
341 return res;
342
343 sprintf (format, "%d", etype);
344 res = shishi_asn1_write (handle, apreq, "authenticator.etype",
345 format, 0);
346 if (res != SHISHI_OK)
347 return res;
348
349 return SHISHI_OK;
350 }
351
352 /**
353 * shishi_apreq_add_authenticator:
354 * @handle: shishi handle as allocated by shishi_init().
355 * @apreq: AP-REQ to add authenticator field to.
356 * @enckdcreppart: ticket information where the key is taken from.
357 * @authenticator: authenticator as allocated by shishi_authenticator().
358 *
359 * Encrypts DER encoded authenticator using key from ticket and store
360 * it in the AP-REQ.
361 *
362 * Return value: Returns SHISHI_OK iff successful.
363 **/
364 int
365 shishi_apreq_add_authenticator (Shishi * handle,
366 Shishi_asn1 apreq,
367 Shishi_key * key,
368 int keyusage, Shishi_asn1 authenticator)
369 {
370 int res;
371 char buf[BUFSIZ];
372 int buflen;
373 char *der;
374 size_t derlen;
375
376 res = shishi_new_a2d (handle, authenticator, &der, &derlen);
377 if (res != SHISHI_OK)
378 {
379 shishi_error_printf (handle, "Could not DER encode authenticator: %s\n",
380 shishi_strerror (res));
381 return res;
382 }
383
384 buflen = BUFSIZ;
385 res = shishi_encrypt (handle, key, keyusage, der, derlen, buf, &buflen);
386 free(der);
387 if (res != SHISHI_OK)
388 {
389 shishi_error_printf (handle, "des_encrypt fail\n");
390 return res;
391 }
392
393 res = shishi_apreq_set_authenticator (handle, apreq, shishi_key_type (key),
394 buf, buflen);
395
396 return res;
397 }
398
399 /**
400 * shishi_apreq_set_ticket:
401 * @handle: shishi handle as allocated by shishi_init().
402 * @apreq: AP-REQ to add ticket field to.
403 * @ticket: input ticket to copy into AP-REQ ticket field.
404 *
405 * Copy ticket into AP-REQ.
406 *
407 * Return value: Returns SHISHI_OK iff successful.
408 **/
409 int
410 shishi_apreq_set_ticket (Shishi * handle, Shishi_asn1 apreq,
411 Shishi_asn1 ticket)
412 {
413 int res;
414 unsigned char format[BUFSIZ];
415 unsigned char buf[BUFSIZ];
416 int buflen;
417 int i, n;
418
419 buflen = BUFSIZ;
420 res = shishi_asn1_read (handle, ticket, "tkt-vno", buf, &buflen);
421 if (res != SHISHI_OK)
422 return res;
423
424 res = shishi_asn1_write (handle, apreq, "ticket.tkt-vno",
425 buf, buflen);
426 if (res != SHISHI_OK)
427 return res;
428
429 buflen = BUFSIZ;
430 res = shishi_asn1_read (handle, ticket, "realm", buf, &buflen);
431 if (res != SHISHI_OK)
432 return res;
433
434 res = shishi_asn1_write (handle, apreq, "ticket.realm", buf, buflen);
435 if (res != SHISHI_OK)
436 return res;
437
438 buflen = BUFSIZ;
439 res = shishi_asn1_read (handle, ticket, "sname.name-type",
440 buf, &buflen);
441 if (res != SHISHI_OK)
442 return res;
443
444 res = shishi_asn1_write (handle, apreq, "ticket.sname.name-type",
445 buf, buflen);
446 if (res != SHISHI_OK)
447 return res;
448
449 res = shishi_asn1_number_of_elements (handle, ticket,
450 "sname.name-string", &n);
451 if (res != SHISHI_OK)
452 return res;
453
454 for (i = 1; i <= n; i++)
455 {
456 res = shishi_asn1_write (handle, apreq,
457 "ticket.sname.name-string", "NEW", 1);
458 if (res != SHISHI_OK)
459 return res;
460
461 sprintf (format, "sname.name-string.?%d", i);
462 buflen = BUFSIZ;
463 res = shishi_asn1_read (handle, ticket, format, buf, &buflen);
464 if (res != SHISHI_OK)
465 return res;
466
467 sprintf (format, "ticket.sname.name-string.?%d", i);
468 res = shishi_asn1_write (handle, apreq, format, buf, buflen);
469 if (res != SHISHI_OK)
470 return res;
471 }
472
473 buflen = BUFSIZ;
474 res = shishi_asn1_read (handle, ticket, "enc-part.etype",
475 buf, &buflen);
476 if (res != SHISHI_OK)
477 return res;
478
479 res = shishi_asn1_write (handle, apreq, "ticket.enc-part.etype",
480 buf, buflen);
481 if (res != SHISHI_OK)
482 return res;
483
484 buflen = BUFSIZ;
485 res = shishi_asn1_read (handle, ticket, "enc-part.kvno",
486 buf, &buflen);
487 if (res != SHISHI_OK && res != SHISHI_ASN1_NO_ELEMENT)
488 return res;
489
490 if (res == SHISHI_ASN1_NO_ELEMENT)
491 res = shishi_asn1_write (handle, apreq, "ticket.enc-part.kvno",
492 NULL, 0);
493 else
494 res = shishi_asn1_write (handle, apreq, "ticket.enc-part.kvno",
495 buf, buflen);
496 if (res != SHISHI_OK)
497 return res;
498
499 buflen = BUFSIZ;
500 res = shishi_asn1_read (handle, ticket, "enc-part.cipher",
501 buf, &buflen);
502 if (res != SHISHI_OK)
503 return res;
504
505 res = shishi_asn1_write (handle, apreq, "ticket.enc-part.cipher",
506 buf, buflen);
507 if (res != SHISHI_OK)
508 return res;
509
510 return SHISHI_OK;
511 }
512
513 int
514 shishi_apreq_options (Shishi * handle, Shishi_asn1 apreq, int *flags)
515 {
516 int len = sizeof (*flags);
517 int res;
518 *flags = 0;
519 res = shishi_asn1_field (handle, apreq, (char *) flags, &len,
520 "ap-options");
521 return res;
522 }
523
524 int
525 shishi_apreq_use_session_key_p (Shishi * handle, Shishi_asn1 apreq)
526 {
527 int options = 0;
528
529 shishi_apreq_options (handle, apreq, &options);
530
531 return options & SHISHI_APOPTIONS_USE_SESSION_KEY;
532 }
533
534 int
535 shishi_apreq_mutual_required_p (Shishi * handle, Shishi_asn1 apreq)
536 {
537 int options = 0;
538
539 shishi_apreq_options (handle, apreq, &options);
540
541 return options & SHISHI_APOPTIONS_MUTUAL_REQUIRED;
542 }
543
544 int
545 shishi_apreq_options_set (Shishi * handle, Shishi_asn1 apreq, int options)
546 {
547 int res;
548
549 res = shishi_asn1_write (handle, apreq, "ap-options",
550 (char *) &options,
551 SHISHI_APREQ_DEFAULT_AP_OPTIONS_LEN);
552 if (res != SHISHI_OK)
553 return res;
554
555 return SHISHI_OK;
556 }
557
558 int
559 shishi_apreq_options_add (Shishi * handle, Shishi_asn1 apreq, int option)
560 {
561 int options;
562 int res;
563
564 res = shishi_apreq_options (handle, apreq, &options);
565 if (res != SHISHI_OK)
566 return res;
567
568 options |= option;
569
570 res = shishi_apreq_options_set (handle, apreq, options);
571 if (res != SHISHI_OK)
572 return res;
573
574 return SHISHI_OK;
575 }
576
577 /**
578 * shishi_kdcrep_get_enc_part_etype:
579 * @handle: shishi handle as allocated by shishi_init().
580 * @kdcrep: KDC-REP variable to get value from.
581 * @etype: output variable that holds the value.
582 *
583 * Extract KDC-REP.enc-part.etype.
584 *
585 * Return value: Returns SHISHI_OK iff successful.
586 **/
587 int
588 shishi_apreq_get_authenticator_etype (Shishi * handle,
589 Shishi_asn1 apreq, int *etype)
590 {
591 return shishi_asn1_integer_field (handle, apreq, etype,
592 "authenticator.etype");
593 }
594
595 /**
596 * shishi_apreq_get_ticket:
597 * @handle: shishi handle as allocated by shishi_init().
598 * @kdcrep: AP-REQ variable to get ticket from.
599 * @ticket: output variable to hold extracted ticket.
600 *
601 * Extract ticket from AP-REQ.
602 *
603 * Return value: Returns SHISHI_OK iff successful.
604 **/
605 int
606 shishi_apreq_get_ticket (Shishi * handle,
607 Shishi_asn1 apreq, Shishi_asn1 * ticket)
608 {
609 unsigned char buf[BUFSIZ];
610 unsigned char format[BUFSIZ];
611 int buflen;
612 int res;
613 int i, n;
614
615 /* there's GOT to be an easier way to do this */
616
617 *ticket = shishi_asn1_ticket (handle);
618 if (!*ticket)
619 return SHISHI_ASN1_ERROR;
620
621 buflen = BUFSIZ;
622 res = shishi_asn1_read (handle, apreq, "ticket.tkt-vno",
623 buf, &buflen);
624 if (res != SHISHI_OK)
625 goto error;
626
627 res = shishi_asn1_write (handle, *ticket, "tkt-vno", buf, buflen);
628 if (res != SHISHI_OK)
629 goto error;
630
631 buflen = BUFSIZ;
632 res = shishi_asn1_read (handle, apreq, "ticket.realm", buf, &buflen);
633 if (res != SHISHI_OK)
634 goto error;
635
636 res = shishi_asn1_write (handle, *ticket, "realm", buf, buflen);
637 if (res != SHISHI_OK)
638 goto error;
639
640 buflen = BUFSIZ;
641 res = shishi_asn1_read (handle, apreq, "ticket.sname.name-type",
642 buf, &buflen);
643 if (res != SHISHI_OK)
644 goto error;
645
646 res = shishi_asn1_write (handle, *ticket, "sname.name-type",
647 buf, buflen);
648 if (res != SHISHI_OK)
649 goto error;
650
651 res = shishi_asn1_number_of_elements (handle, apreq,
652 "ticket.sname.name-string",
653 &n);
654 if (res != SHISHI_OK)
655 goto error;
656
657 for (i = 1; i <= n; i++)
658 {
659 res = shishi_asn1_write (handle, *ticket, "sname.name-string",
660 "NEW", 1);
661 if (res != SHISHI_OK)
662 goto error;
663
664 sprintf (format, "ticket.sname.name-string.?%d", i);
665 buflen = BUFSIZ;
666 res = shishi_asn1_read (handle, apreq, format, buf, &buflen);
667 if (res != SHISHI_OK)
668 goto error;
669
670 sprintf (format, "sname.name-string.?%d", i);
671 res = shishi_asn1_write (handle, *ticket, format, buf, buflen);
672 if (res != SHISHI_OK)
673 goto error;
674 }
675
676 buflen = BUFSIZ;
677 res = shishi_asn1_read (handle, apreq, "ticket.enc-part.etype",
678 buf, &buflen);
679 if (res != SHISHI_OK)
680 goto error;
681
682 res = shishi_asn1_write (handle, *ticket, "enc-part.etype",
683 buf, buflen);
684 if (res != SHISHI_OK)
685 goto error;
686
687 buflen = BUFSIZ;
688 res = shishi_asn1_read (handle, apreq, "ticket.enc-part.kvno",
689 buf, &buflen);
690 if (res != SHISHI_OK && res != SHISHI_ASN1_NO_ELEMENT)
691 goto error;
692
693 if (res == SHISHI_ASN1_NO_ELEMENT)
694 res = shishi_asn1_write (handle, *ticket, "enc-part.kvno",
695 NULL, 0);
696 else
697 res = shishi_asn1_write (handle, *ticket, "enc-part.kvno",
698 buf, buflen);
699 if (res != SHISHI_OK)
700 goto error;
701
702 buflen = BUFSIZ;
703 res = shishi_asn1_read (handle, apreq, "ticket.enc-part.cipher",
704 buf, &buflen);
705 if (res != SHISHI_OK)
706 goto error;
707
708 res = shishi_asn1_write (handle, *ticket, "enc-part.cipher",
709 buf, buflen);
710 if (res != SHISHI_OK)
711 goto error;
712
713 return SHISHI_OK;
714
715 error:
716 shishi_asn1_done (handle, *ticket);
717 return res;
718 }
719
720 int
721 shishi_apreq_decrypt (Shishi * handle,
722 Shishi_asn1 apreq,
723 Shishi_key * key,
724 int keyusage, Shishi_asn1 * authenticator)
725 {
726 int res;
727 int i;
728 size_t buflen = BUFSIZ;
729 char buf[BUFSIZ];
730 char cipher[BUFSIZ];
731 int cipherlen;
732 int etype;
733
734 res = shishi_apreq_get_authenticator_etype (handle, apreq, &etype);
735 if (res != SHISHI_OK)
736 return res;
737
738 if (etype != shishi_key_type (key))
739 return SHISHI_APREQ_BAD_KEYTYPE;
740
741 cipherlen = BUFSIZ;
742 res = shishi_asn1_field (handle, apreq, cipher, &cipherlen,
743 "authenticator.cipher");
744 if (res != SHISHI_OK)
745 return res;
746
747 res = shishi_decrypt (handle, key, keyusage,
748 cipher, cipherlen, buf, &buflen);
749
750 if (res != SHISHI_OK)
751 {
752 if (VERBOSE (handle))
753 printf ("decrypt failed: %s\n", shishi_strerror_details (handle));
754 shishi_error_printf (handle,
755 "decrypt fail, most likely wrong password\n");
756 return SHISHI_APREQ_DECRYPT_FAILED;
757 }
758
759 /* The crypto is so 1980; no length indicator. Trim off pad bytes
760 until we can parse it. */
761 for (i = 0; i < 8; i++)
762 {
763 if (VERBOSEASN1 (handle))
764 printf ("Trying with %d pad in enckdcrep...\n", i);
765
766 *authenticator = shishi_der2asn1_authenticator (handle, &buf[0],
767 buflen - i);
768 if (*authenticator != NULL)
769 break;
770 }
771
772 if (*authenticator == NULL)
773 {
774 shishi_error_printf (handle, "Could not DER decode Authenticator. "
775 "Password probably correct (decrypt ok) though\n");
776 return SHISHI_ASN1_ERROR;
777 }
778
779 return SHISHI_OK;
780 }
Free Kerberos V5 implementation