lib/tgs.c

   1 /* tgs.c        High level client TGS functions
   2  * Copyright (C) 2002  Simon Josefsson
   3  *
   4  * This file is part of Shishi.
   5  *
   6  * Shishi is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License as published by
   8  * the Free Software Foundation; either version 2 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * Shishi is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with Shishi; if not, write to the Free Software
  18  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  19  *
  20  */
  21
  22 /* TODO: make shishi_tgs_realmsname() take real sname pointer
  23    array. */
  24
  25 #include "internal.h"
  26
  27 struct Shishi_tgs
  28 {
  29   ASN1_TYPE tgsreq;
  30   Shishi_ticket *tgticket;
  31   Shishi_ap *ap;
  32   ASN1_TYPE tgsrep;
  33   ASN1_TYPE krberror;
  34   Shishi_ticket *ticket;
  35 };
  36
  37 /**
  38  * shishi_tgs_get_tgsreq:
  39  * @tgs: structure that holds information about TGS exchange
  40  *
  41  * Return value: Returns the generated TGS-REQ from the TGS exchange,
  42  *               or NULL if not yet set or an error occured.
  43  **/
  44 ASN1_TYPE
  45 shishi_tgs_get_tgsreq (Shishi_tgs * tgs)
  46 {
  47   return tgs->tgsreq;
  48 }
  49
  50 /**
  51  * shishi_tgs_get_tgticket:
  52  * @tgs: structure that holds information about TGS exchange
  53  *
  54  * Return value: Returns the ticket-granting-ticket used in the TGS
  55  *               exchange, or NULL if not yet set or an error occured.
  56  **/
  57 Shishi_ticket *
  58 shishi_tgs_get_tgticket (Shishi_tgs * tgs)
  59 {
  60   return tgs->tgticket;
  61 }
  62
  63 /**
  64  * shishi_tgs_ap:
  65  * @tgs: structure that holds information about TGS exchange
  66  *
  67  * Return value: Returns the AP exchange (part of TGS-REQ) from the
  68  *               TGS exchange, or NULL if not yet set or an error
  69  *               occured.
  70  **/
  71 Shishi_ap *
  72 shishi_tgs_ap (Shishi_tgs * tgs)
  73 {
  74   return tgs->ap;
  75 }
  76
  77 /**
  78  * shishi_tgs_get_tgsrep:
  79  * @tgs: structure that holds information about TGS exchange
  80  *
  81  * Return value: Returns the received TGS-REP from the TGS exchange,
  82  *               or NULL if not yet set or an error occured.
  83  **/
  84 ASN1_TYPE
  85 shishi_tgs_get_tgsrep (Shishi_tgs * tgs)
  86 {
  87   return tgs->tgsrep;
  88 }
  89
  90 /**
  91  * shishi_tgs_get_krberror:
  92  * @tgs: structure that holds information about TGS exchange
  93  *
  94  * Return value: Returns the received TGS-REP from the TGS exchange,
  95  *               or NULL if not yet set or an error occured.
  96  **/
  97 ASN1_TYPE
  98 shishi_tgs_get_krberror (Shishi_tgs * tgs)
  99 {
 100   return tgs->krberror;
 101 }
 102
 103 /**
 104  * shishi_tgs_get_ticket:
 105  * @tgs: structure that holds information about TGS exchange
 106  *
 107  * Return value: Returns the newly aquired ticket from the TGS
 108  *               exchange, or NULL if not yet set or an error occured.
 109  **/
 110 Shishi_ticket *
 111 shishi_tgs_get_ticket (Shishi_tgs * tgs)
 112 {
 113   return tgs->ticket;
 114 }
 115
 116 /**
 117  * shishi_tgs:
 118  * @handle: shishi handle as allocated by shishi_init().
 119  * @tgticket: ticket-granting-ticket, used to authenticate the request.
 120  * @tgs: holds pointer to newly allocate Shishi_tgs structure.
 121  * @server: indicates the server to acquire ticket for.
 122  *
 123  * Perform subsequent Kerberos 5 authentication, in order to acquire a
 124  * ticket for a server.
 125  *
 126  * Return value: Returns SHISHI_OK iff successful.
 127  **/
 128 int
 129 shishi_tgs (Shishi * handle,
 130             Shishi_ticket * tgticket, Shishi_tgs ** tgs, char *server)
 131 {
 132   /* XXX parse server into realm + sname */
 133   return shishi_tgs_realmsname (handle, tgticket, tgs,
 134                                 shishi_realm_default (handle), server);
 135 }
 136
 137 int
 138 shishi_tgs_realmsname (Shishi * handle,
 139                        Shishi_ticket * tgticket,
 140                        Shishi_tgs ** tgs, char *realm, char *sname)
 141 {
 142   ASN1_TYPE ticket, kdcreppart, apreq;
 143   int res;
 144
 145   *tgs = malloc (sizeof (**tgs));
 146   if (*tgs == NULL)
 147     return SHISHI_MALLOC_ERROR;
 148
 149   (*tgs)->tgsreq = shishi_tgsreq (handle);
 150   if ((*tgs)->tgsreq == ASN1_TYPE_EMPTY)
 151     return SHISHI_ASN1_ERROR;
 152
 153   res = shishi_kdcreq_set_realmserver (handle, (*tgs)->tgsreq, realm, sname);
 154   if (res != SHISHI_OK)
 155     {
 156       fprintf (stderr, _("Could not set realm and server in KDC-REQ: %s\n"),
 157                shishi_strerror (res));
 158       goto done;
 159     }
 160
 161   res = shishi_ap_tktoptionsasn1usage
 162     (handle, &(*tgs)->ap, tgticket, 0, (*tgs)->tgsreq, "KDC-REQ.req-body",
 163      SHISHI_KEYUSAGE_TGSREQ_APREQ_AUTHENTICATOR_CKSUM,
 164      SHISHI_KEYUSAGE_TGSREQ_APREQ_AUTHENTICATOR);
 165   if (res == SHISHI_OK)
 166     res = shishi_ap_req_asn1((*tgs)->ap, &apreq);
 167   if (res != SHISHI_OK)
 168     {
 169       shishi_error_printf (handle, "Could not make AP-REQ: %s\n",
 170                            shishi_strerror_details (handle));
 171       goto done;
 172     }
 173
 174   res = shishi_kdcreq_add_padata_tgs (handle, (*tgs)->tgsreq, apreq);
 175   if (res != SHISHI_OK)
 176     {
 177       shishi_error_printf (handle, "Could not add padata to TGS: %s\n",
 178                            shishi_strerror_details (handle));
 179       goto done;
 180     }
 181
 182   res = shishi_kdcreq_sendrecv (handle, (*tgs)->tgsreq, &(*tgs)->tgsrep);
 183   if (res == SHISHI_GOT_KRBERROR)
 184     {
 185       (*tgs)->krberror = (*tgs)->tgsrep;
 186       (*tgs)->tgsrep = NULL;
 187     }
 188   if (res != SHISHI_OK)
 189     goto done;
 190
 191   res = shishi_tgs_process (handle, (*tgs)->tgsreq, (*tgs)->tgsrep,
 192                             shishi_ticket_enckdcreppart (tgticket),
 193                             &kdcreppart);
 194   if (res != SHISHI_OK)
 195     goto done;
 196
 197   res = shishi_kdcrep_get_ticket (handle, (*tgs)->tgsrep, &ticket);
 198   if (res != SHISHI_OK)
 199     {
 200       shishi_error_printf (handle,
 201                            "Could not extract ticket from TGS-REP: %s",
 202                            shishi_strerror_details (handle));
 203       return res;
 204     }
 205
 206   (*tgs)->ticket =
 207     shishi_ticket (handle,
 208                    strdup (shishi_ticket_principal (tgticket)),
 209                    ticket, kdcreppart);
 210   if ((*tgs)->ticket == NULL)
 211     {
 212       shishi_error_printf (handle, "Could not create ticket");
 213       return SHISHI_MALLOC_ERROR;
 214     }
 215
 216   return SHISHI_OK;
 217
 218 done:
 219   free (*tgs);
 220   return res;
 221 }