1 /* tgs.c High level client TGS functions
2 * Copyright (C) 2002 Simon Josefsson
4 * This file is part of Shishi.
6 * Shishi is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * Shishi is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with Shishi; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 /* TODO: make shishi_tgs_realmsname() take real sname pointer
30 Shishi_ticket
*tgticket
;
34 Shishi_ticket
*ticket
;
38 * shishi_tgs_get_tgsreq:
39 * @tgs: structure that holds information about TGS exchange
41 * Return value: Returns the generated TGS-REQ from the TGS exchange,
42 * or NULL if not yet set or an error occured.
45 shishi_tgs_get_tgsreq (Shishi_tgs
* tgs
)
51 * shishi_tgs_get_tgticket:
52 * @tgs: structure that holds information about TGS exchange
54 * Return value: Returns the ticket-granting-ticket used in the TGS
55 * exchange, or NULL if not yet set or an error occured.
58 shishi_tgs_get_tgticket (Shishi_tgs
* tgs
)
65 * @tgs: structure that holds information about TGS exchange
67 * Return value: Returns the AP exchange (part of TGS-REQ) from the
68 * TGS exchange, or NULL if not yet set or an error
72 shishi_tgs_ap (Shishi_tgs
* tgs
)
78 * shishi_tgs_get_tgsrep:
79 * @tgs: structure that holds information about TGS exchange
81 * Return value: Returns the received TGS-REP from the TGS exchange,
82 * or NULL if not yet set or an error occured.
85 shishi_tgs_get_tgsrep (Shishi_tgs
* tgs
)
91 * shishi_tgs_get_krberror:
92 * @tgs: structure that holds information about TGS exchange
94 * Return value: Returns the received TGS-REP from the TGS exchange,
95 * or NULL if not yet set or an error occured.
98 shishi_tgs_get_krberror (Shishi_tgs
* tgs
)
100 return tgs
->krberror
;
104 * shishi_tgs_get_ticket:
105 * @tgs: structure that holds information about TGS exchange
107 * Return value: Returns the newly aquired ticket from the TGS
108 * exchange, or NULL if not yet set or an error occured.
111 shishi_tgs_get_ticket (Shishi_tgs
* tgs
)
118 * @handle: shishi handle as allocated by shishi_init().
119 * @tgticket: ticket-granting-ticket, used to authenticate the request.
120 * @tgs: holds pointer to newly allocate Shishi_tgs structure.
121 * @server: indicates the server to acquire ticket for.
123 * Perform subsequent Kerberos 5 authentication, in order to acquire a
124 * ticket for a server.
126 * Return value: Returns SHISHI_OK iff successful.
129 shishi_tgs (Shishi
* handle
,
130 Shishi_ticket
* tgticket
, Shishi_tgs
** tgs
, char *server
)
132 /* XXX parse server into realm + sname */
133 return shishi_tgs_realmsname (handle
, tgticket
, tgs
,
134 shishi_realm_default (handle
), server
);
138 shishi_tgs_realmsname (Shishi
* handle
,
139 Shishi_ticket
* tgticket
,
140 Shishi_tgs
** tgs
, char *realm
, char *sname
)
142 ASN1_TYPE ticket
, kdcreppart
, apreq
;
145 *tgs
= malloc (sizeof (**tgs
));
147 return SHISHI_MALLOC_ERROR
;
149 (*tgs
)->tgsreq
= shishi_tgsreq (handle
);
150 if ((*tgs
)->tgsreq
== ASN1_TYPE_EMPTY
)
151 return SHISHI_ASN1_ERROR
;
153 res
= shishi_kdcreq_set_realmserver (handle
, (*tgs
)->tgsreq
, realm
, sname
);
154 if (res
!= SHISHI_OK
)
156 fprintf (stderr
, _("Could not set realm and server in KDC-REQ: %s\n"),
157 shishi_strerror (res
));
161 res
= shishi_ap_tktoptionsasn1usage
162 (handle
, &(*tgs
)->ap
, tgticket
, 0, (*tgs
)->tgsreq
, "KDC-REQ.req-body",
163 SHISHI_KEYUSAGE_TGSREQ_APREQ_AUTHENTICATOR_CKSUM
,
164 SHISHI_KEYUSAGE_TGSREQ_APREQ_AUTHENTICATOR
);
165 if (res
== SHISHI_OK
)
166 res
= shishi_ap_req_asn1((*tgs
)->ap
, &apreq
);
167 if (res
!= SHISHI_OK
)
169 shishi_error_printf (handle
, "Could not make AP-REQ: %s\n",
170 shishi_strerror_details (handle
));
174 res
= shishi_kdcreq_add_padata_tgs (handle
, (*tgs
)->tgsreq
, apreq
);
175 if (res
!= SHISHI_OK
)
177 shishi_error_printf (handle
, "Could not add padata to TGS: %s\n",
178 shishi_strerror_details (handle
));
182 res
= shishi_kdcreq_sendrecv (handle
, (*tgs
)->tgsreq
, &(*tgs
)->tgsrep
);
183 if (res
== SHISHI_GOT_KRBERROR
)
185 (*tgs
)->krberror
= (*tgs
)->tgsrep
;
186 (*tgs
)->tgsrep
= NULL
;
188 if (res
!= SHISHI_OK
)
191 res
= shishi_tgs_process (handle
, (*tgs
)->tgsreq
, (*tgs
)->tgsrep
,
192 shishi_ticket_enckdcreppart (tgticket
),
194 if (res
!= SHISHI_OK
)
197 res
= shishi_kdcrep_get_ticket (handle
, (*tgs
)->tgsrep
, &ticket
);
198 if (res
!= SHISHI_OK
)
200 shishi_error_printf (handle
,
201 "Could not extract ticket from TGS-REP: %s",
202 shishi_strerror_details (handle
));
207 shishi_ticket (handle
,
208 strdup (shishi_ticket_principal (tgticket
)),
210 if ((*tgs
)->ticket
== NULL
)
212 shishi_error_printf (handle
, "Could not create ticket");
213 return SHISHI_MALLOC_ERROR
;