search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix error API.
[shishi.git] / lib / kdcreq.c
blob911987a0cc2c7d678efd2a8aa9b8a0c657f7a146
1 /* kdcreq.c Key distribution (AS/TGS) request functions
2 * Copyright (C) 2002, 2003 Simon Josefsson
3 *
4 * This file is part of Shishi.
5 *
6 * Shishi is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * Shishi is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with Shishi; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 *
20 */
21
22 #include "internal.h"
23
24 #define SHISHI_KDCREQ_DEFAULT_PVNO "5"
25 #define SHISHI_KDCREQ_DEFAULT_PVNO_LEN 0
26 #define SHISHI_AS_REQ_DEFAULT_MSG_TYPE "10"
27 #define SHISHI_AS_REQ_DEFAULT_MSG_TYPE_LEN 0
28 #define SHISHI_TGS_REQ_DEFAULT_MSG_TYPE "12"
29 #define SHISHI_TGS_REQ_DEFAULT_MSG_TYPE_LEN 0
30 #define SHISHI_KDCREQ_DEFAULT_REQ_BODY_KDC_OPTIONS "\x00\x00\x00\x00"
31 #define SHISHI_KDCREQ_DEFAULT_REQ_BODY_KDC_OPTIONS_LEN 32
32 #define SHISHI_KDCREQ_DEFAULT_REQ_BODY_SNAME_NAME_TYPE "1" /* SHISHI_NT_PRINCIPAL */
33 #define SHISHI_KDCREQ_DEFAULT_REQ_BODY_SNAME_NAME_TYPE_LEN 0
34 #define SHISHI_KDCREQ_DEFAULT_REQ_BODY_TILL ""
35 #define SHISHI_KDCREQ_DEFAULT_REQ_BODY_TILL_LEN 1
36
37 static Shishi_asn1
38 _shishi_kdcreq (Shishi * handle, int as)
39 {
40 int res;
41 Shishi_asn1 node;
42 const char *servicebuf[3];
43 char noncebuf[4];
44
45 if (as)
46 node = shishi_asn1_asreq (handle);
47 else
48 node = shishi_asn1_tgsreq (handle);
49 if (!node)
50 return NULL;
51
52 res = shishi_asn1_write (handle, node, "pvno",
53 SHISHI_KDCREQ_DEFAULT_PVNO,
54 SHISHI_KDCREQ_DEFAULT_PVNO_LEN);
55 if (res != SHISHI_OK)
56 goto error;
57
58 if (as)
59 res = shishi_asn1_write (handle, node, "msg-type",
60 SHISHI_AS_REQ_DEFAULT_MSG_TYPE,
61 SHISHI_AS_REQ_DEFAULT_MSG_TYPE_LEN);
62 else
63 res = shishi_asn1_write (handle, node, "msg-type",
64 SHISHI_TGS_REQ_DEFAULT_MSG_TYPE,
65 SHISHI_TGS_REQ_DEFAULT_MSG_TYPE_LEN);
66 if (res != SHISHI_OK)
67 goto error;
68
69 res = shishi_asn1_write (handle, node, "req-body.kdc-options",
70 SHISHI_KDCREQ_DEFAULT_REQ_BODY_KDC_OPTIONS,
71 SHISHI_KDCREQ_DEFAULT_REQ_BODY_KDC_OPTIONS_LEN);
72 if (res != SHISHI_OK)
73 goto error;
74
75 if (as)
76 res = shishi_kdcreq_set_cname (handle, node, SHISHI_NT_PRINCIPAL,
77 shishi_principal_default (handle));
78 else
79 res = shishi_asn1_write (handle, node, "req-body.cname", NULL, 0);
80 if (res != SHISHI_OK)
81 goto error;
82
83 res = shishi_kdcreq_set_realm (handle, node, shishi_realm_default (handle));
84 if (res != SHISHI_OK)
85 goto error;
86
87 servicebuf[0] = "krbtgt";
88 servicebuf[1] = shishi_realm_default (handle);
89 servicebuf[2] = NULL;
90 res = shishi_kdcreq_set_sname (handle, node,
91 SHISHI_NT_PRINCIPAL, servicebuf);
92 if (res != SHISHI_OK)
93 goto error;
94
95 res = shishi_asn1_write (handle, node, "req-body.sname.name-type",
96 SHISHI_KDCREQ_DEFAULT_REQ_BODY_SNAME_NAME_TYPE,
97 SHISHI_KDCREQ_DEFAULT_REQ_BODY_SNAME_NAME_TYPE_LEN);
98 if (res != SHISHI_OK)
99 goto error;
100
101 res = shishi_asn1_write (handle, node, "req-body.till",
102 shishi_generalize_time (handle,
103 time (NULL) +
104 handle->ticketlife), 0);
105 if (res != SHISHI_OK)
106 goto error;
107
108 shishi_randomize (handle, &noncebuf[0], sizeof (noncebuf));
109 res = shishi_asn1_write (handle, node, "req-body.nonce", noncebuf,
110 sizeof (noncebuf));
111 if (res != SHISHI_OK)
112 goto error;
113
114 res = shishi_kdcreq_set_etype (handle, node, handle->clientkdcetypes,
115 handle->nclientkdcetypes);
116 if (res != SHISHI_OK)
117 goto error;
118
119 res = shishi_asn1_write (handle, node, "req-body.addresses", NULL, 0);
120 if (res != SHISHI_OK)
121 goto error;
122
123 res = shishi_asn1_write (handle, node,
124 "req-body.enc-authorization-data", NULL, 0);
125 if (res != SHISHI_OK)
126 goto error;
127
128 res =
129 shishi_asn1_write (handle, node, "req-body.additional-tickets", NULL, 0);
130 if (res != SHISHI_OK)
131 goto error;
132
133 return node;
134
135 error:
136 shishi_asn1_done (handle, node);
137 return NULL;
138 }
139
140 /**
141 * shishi_asreq:
142 * @handle: shishi handle as allocated by shishi_init().
143 *
144 * This function creates a new AS-REQ, populated with some default
145 * values.
146 *
147 * Return value: Returns the AS-REQ or NULL on failure.
148 **/
149 Shishi_asn1
150 shishi_asreq (Shishi * handle)
151 {
152 return _shishi_kdcreq (handle, 1);
153 }
154
155 /**
156 * shishi_tgsreq:
157 * @handle: shishi handle as allocated by shishi_init().
158 *
159 * This function creates a new TGS-REQ, populated with some default
160 * values.
161 *
162 * Return value: Returns the TGS-REQ or NULL on failure.
163 **/
164 Shishi_asn1
165 shishi_tgsreq (Shishi * handle)
166 {
167 return _shishi_kdcreq (handle, 0);
168 }
169
170 /**
171 * shishi_kdcreq_print:
172 * @handle: shishi handle as allocated by shishi_init().
173 * @fh: file handle open for writing.
174 * @kdcreq: KDC-REQ to print.
175 *
176 * Print ASCII armored DER encoding of KDC-REQ to file.
177 *
178 * Return value: Returns SHISHI_OK iff successful.
179 **/
180 int
181 shishi_kdcreq_print (Shishi * handle, FILE * fh, Shishi_asn1 kdcreq)
182 {
183 return _shishi_print_armored_data (handle, fh, kdcreq, "KDC-REQ", NULL);
184 }
185
186 /**
187 * shishi_kdcreq_save:
188 * @handle: shishi handle as allocated by shishi_init().
189 * @fh: file handle open for writing.
190 * @kdcreq: KDC-REQ to save.
191 *
192 * Print DER encoding of KDC-REQ to file.
193 *
194 * Return value: Returns SHISHI_OK iff successful.
195 **/
196 int
197 shishi_kdcreq_save (Shishi * handle, FILE * fh, Shishi_asn1 kdcreq)
198 {
199 return _shishi_save_data (handle, fh, kdcreq, "KDC-REQ");
200 }
201
202 /**
203 * shishi_kdcreq_to_file:
204 * @handle: shishi handle as allocated by shishi_init().
205 * @kdcreq: KDC-REQ to save.
206 * @filetype: input variable specifying type of file to be written,
207 * see Shishi_filetype.
208 * @filename: input variable with filename to write to.
209 *
210 * Write KDC-REQ to file in specified TYPE. The file will be truncated
211 * if it exists.
212 *
213 * Return value: Returns SHISHI_OK iff successful.
214 **/
215 int
216 shishi_kdcreq_to_file (Shishi * handle, Shishi_asn1 kdcreq,
217 int filetype, char *filename)
218 {
219 FILE *fh;
220 int res;
221
222 if (VERBOSE (handle))
223 printf (_("Writing KDC-REQ to %s...\n"), filename);
224
225 fh = fopen (filename, "w");
226 if (fh == NULL)
227 return SHISHI_FOPEN_ERROR;
228
229 if (VERBOSE (handle))
230 printf (_("Writing KDC-REQ in %s format...\n"),
231 filetype == SHISHI_FILETYPE_TEXT ? "TEXT" : "DER");
232
233 if (filetype == SHISHI_FILETYPE_TEXT)
234 res = shishi_kdcreq_print (handle, fh, kdcreq);
235 else
236 res = shishi_kdcreq_save (handle, fh, kdcreq);
237 if (res != SHISHI_OK)
238 return res;
239
240 res = fclose (fh);
241 if (res != 0)
242 return SHISHI_FCLOSE_ERROR;
243
244 if (VERBOSE (handle))
245 printf (_("Writing KDC-REQ to %s...done\n"), filename);
246
247 return SHISHI_OK;
248 }
249
250 /**
251 * shishi_kdcreq_parse:
252 * @handle: shishi handle as allocated by shishi_init().
253 * @fh: file handle open for reading.
254 * @kdcreq: output variable with newly allocated KDC-REQ.
255 *
256 * Read ASCII armored DER encoded KDC-REQ from file and populate given
257 * variable.
258 *
259 * Return value: Returns SHISHI_OK iff successful.
260 **/
261 int
262 shishi_kdcreq_parse (Shishi * handle, FILE * fh, Shishi_asn1 * kdcreq)
263 {
264 return _shishi_kdcreq_input (handle, fh, kdcreq, 0);
265 }
266
267 /**
268 * shishi_kdcreq_read:
269 * @handle: shishi handle as allocated by shishi_init().
270 * @fh: file handle open for reading.
271 * @kdcreq: output variable with newly allocated KDC-REQ.
272 *
273 * Read DER encoded KDC-REQ from file and populate given variable.
274 *
275 * Return value: Returns SHISHI_OK iff successful.
276 **/
277 int
278 shishi_kdcreq_read (Shishi * handle, FILE * fh, Shishi_asn1 * kdcreq)
279 {
280 return _shishi_kdcreq_input (handle, fh, kdcreq, 1);
281 }
282
283 /**
284 * shishi_kdcreq_from_file:
285 * @handle: shishi handle as allocated by shishi_init().
286 * @kdcreq: output variable with newly allocated KDC-REQ.
287 * @filetype: input variable specifying type of file to be read,
288 * see Shishi_filetype.
289 * @filename: input variable with filename to read from.
290 *
291 * Read KDC-REQ from file in specified TYPE.
292 *
293 * Return value: Returns SHISHI_OK iff successful.
294 **/
295 int
296 shishi_kdcreq_from_file (Shishi * handle, Shishi_asn1 * kdcreq,
297 int filetype, char *filename)
298 {
299 int res;
300 FILE *fh;
301
302 if (VERBOSE (handle))
303 printf (_("Reading KDC-REQ from %s...\n"), filename);
304
305 fh = fopen (filename, "r");
306 if (fh == NULL)
307 return SHISHI_FOPEN_ERROR;
308
309 if (VERBOSE (handle))
310 printf (_("Reading KDC-REQ in %s format...\n"),
311 filetype == SHISHI_FILETYPE_TEXT ? "TEXT" : "DER");
312
313 if (filetype == SHISHI_FILETYPE_TEXT)
314 res = shishi_kdcreq_parse (handle, fh, kdcreq);
315 else
316 res = shishi_kdcreq_read (handle, fh, kdcreq);
317 if (res != SHISHI_OK)
318 return res;
319
320 res = fclose (fh);
321 if (res != 0)
322 return SHISHI_FCLOSE_ERROR;
323
324 if (VERBOSE (handle))
325 printf (_("Reading KDC-REQ from %s...done\n"), filename);
326
327 return SHISHI_OK;
328 }
329
330 int
331 shishi_kdcreq_nonce (Shishi * handle, Shishi_asn1 kdcreq, uint32_t * nonce)
332 {
333 int res;
334
335 res = shishi_asn1_read_uint32 (handle, kdcreq, "req-body.nonce", nonce);
336 if (res != SHISHI_OK)
337 return res;
338
339 return SHISHI_OK;
340 }
341
342 /**
343 * shishi_kdcreq_set_cname:
344 * @handle: shishi handle as allocated by shishi_init().
345 * @kdcreq: KDC-REQ variable to set client name field in.
346 * @name_type: type of principial, see Shishi_name_type, usually
347 * SHISHI_NT_UNKNOWN.
348 * @principal: input array with principal name.
349 *
350 * Set the client name field in the KDC-REQ.
351 *
352 * Return value: Returns SHISHI_OK iff successful.
353 **/
354 int
355 shishi_kdcreq_set_cname (Shishi * handle,
356 Shishi_asn1 kdcreq,
357 Shishi_name_type name_type, const char *principal)
358 {
359 int res;
360
361 res = shishi_principal_set (handle, kdcreq, "req-body.cname", principal);
362 if (res != SHISHI_OK)
363 return res;
364
365 return SHISHI_OK;
366 }
367
368 int
369 shishi_kdcreq_cname_get (Shishi * handle,
370 Shishi_asn1 kdcreq, char *cname, size_t * cnamelen)
371 {
372 return shishi_principal_name_get (handle, kdcreq,
373 "req-body.cname", cname, cnamelen);
374 }
375
376 int
377 shishi_asreq_cnamerealm_get (Shishi * handle,
378 Shishi_asn1 asreq,
379 char *cnamerealm, size_t * cnamerealmlen)
380 {
381 return shishi_principal_name_realm_get (handle, asreq,
382 "req-body.cname", asreq,
383 "req-body.realm",
384 cnamerealm, cnamerealmlen);
385 }
386
387 int
388 shishi_kdcreq_realm_get (Shishi * handle, Shishi_asn1 kdcreq,
389 char *realm, int *realmlen)
390 {
391 return shishi_asn1_read_optional (handle, kdcreq, "req-body.realm",
392 realm, realmlen);
393 }
394
395 /**
396 * shishi_kdcreq_set_realm:
397 * @handle: shishi handle as allocated by shishi_init().
398 * @kdcreq: KDC-REQ variable to set realm field in.
399 * @realm: input array with name of realm.
400 *
401 * Set the realm field in the KDC-REQ.
402 *
403 * Return value: Returns SHISHI_OK iff successful.
404 **/
405 int
406 shishi_kdcreq_set_realm (Shishi * handle, Shishi_asn1 kdcreq,
407 const char *realm)
408 {
409 int res;
410
411 res = shishi_asn1_write (handle, kdcreq, "req-body.realm", realm, 0);
412 if (res != SHISHI_OK)
413 return res;
414
415 return SHISHI_OK;
416 }
417
418 int
419 shishi_kdcreq_sname_get (Shishi * handle,
420 Shishi_asn1 kdcreq, char *sname, size_t * snamelen)
421 {
422 return shishi_principal_name_get (handle, kdcreq,
423 "req-body.sname", sname, snamelen);
424 }
425
426 int
427 shishi_kdcreq_snamerealm_get (Shishi * handle,
428 Shishi_asn1 kdcreq,
429 char *snamerealm, size_t * snamerealmlen)
430 {
431 return shishi_principal_name_realm_get (handle, kdcreq,
432 "req-body.sname", kdcreq,
433 "req-body.realm",
434 snamerealm, snamerealmlen);
435 }
436
437 /**
438 * shishi_kdcreq_set_sname:
439 * @handle: shishi handle as allocated by shishi_init().
440 * @kdcreq: KDC-REQ variable to set server name field in.
441 * @name_type: type of principial, see Shishi_name_type, usually
442 * SHISHI_NT_UNKNOWN.
443 * @sname: input array with principal name.
444 *
445 * Set the server name field in the KDC-REQ.
446 *
447 * Return value: Returns SHISHI_OK iff successful.
448 **/
449 int
450 shishi_kdcreq_set_sname (Shishi * handle,
451 Shishi_asn1 kdcreq,
452 Shishi_name_type name_type, const char *sname[])
453 {
454 int res;
455
456 res = shishi_principal_name_set (handle, kdcreq, "req-body.sname",
457 name_type, sname);
458 if (res != SHISHI_OK)
459 return res;
460
461 return SHISHI_OK;
462 }
463
464 int
465 shishi_kdcreq_set_server (Shishi * handle, Shishi_asn1 req,
466 const char *server)
467 {
468 int res;
469
470 res = shishi_principal_set (handle, req, "req-body.sname", server);
471 if (res != SHISHI_OK)
472 return res;
473
474 return SHISHI_OK;
475 }
476
477 int
478 shishi_kdcreq_set_realmserver (Shishi * handle,
479 Shishi_asn1 req, char *realm, char *server)
480 {
481 int res;
482
483 res = shishi_kdcreq_set_realm (handle, req, realm);
484 if (res != SHISHI_OK)
485 return res;
486
487 res = shishi_kdcreq_set_server (handle, req, server);
488 if (res != SHISHI_OK)
489 return res;
490
491 return SHISHI_OK;
492 }
493
494 /**
495 * shishi_kdcreq_etype:
496 * @handle: shishi handle as allocated by shishi_init().
497 * @kdcreq: KDC-REQ variable to get etype field from.
498 * @etype: output encryption type.
499 * @netype: element number to return.
500 *
501 * Return the netype:th encryption type from KDC-REQ. The first etype
502 * is number 1.
503 *
504 * Return value: Returns SHISHI_OK iff etype successful set.
505 **/
506 int
507 shishi_kdcreq_etype (Shishi * handle,
508 Shishi_asn1 kdcreq, int32_t * etype, int netype)
509 {
510 char *buf;
511 int res;
512
513 asprintf (&buf, "req-body.etype.?%d", netype);
514 res = shishi_asn1_read_int32 (handle, kdcreq, buf, etype);
515 if (res != SHISHI_OK)
516 return res;
517
518 return SHISHI_OK;
519 }
520
521 /**
522 * shishi_kdcreq_set_etype:
523 * @handle: shishi handle as allocated by shishi_init().
524 * @kdcreq: KDC-REQ variable to set etype field in.
525 * @etype: input array with encryption types.
526 * @netype: number of elements in input array with encryption types.
527 *
528 * Set the list of supported or wanted encryption types in the
529 * request. The list should be sorted in priority order.
530 *
531 * Return value: Returns SHISHI_OK iff successful.
532 **/
533 int
534 shishi_kdcreq_set_etype (Shishi * handle,
535 Shishi_asn1 kdcreq, int32_t * etype, int netype)
536 {
537 int res;
538 char *buf;
539 int i;
540
541 res = shishi_asn1_write (handle, kdcreq, "req-body.etype", NULL, 0);
542 if (res != SHISHI_OK)
543 return res;
544
545 for (i = 1; i <= netype; i++)
546 {
547 res = shishi_asn1_write (handle, kdcreq, "req-body.etype", "NEW", 1);
548 if (res != SHISHI_OK)
549 return res;
550
551 asprintf (&buf, "req-body.etype.?%d", i);
552 res = shishi_asn1_write_int32 (handle, kdcreq, buf, etype[i - 1]);
553 free (buf);
554 if (res != SHISHI_OK)
555 return res;
556 }
557
558 return SHISHI_OK;
559 }
560
561 int
562 shishi_kdcreq_options (Shishi * handle, Shishi_asn1 kdcreq, int *flags)
563 {
564 return shishi_asn1_read_bitstring (handle, kdcreq,
565 "req-body.kdc-options", flags);
566 }
567
568 int
569 shishi_kdcreq_renewable_p (Shishi * handle, Shishi_asn1 kdcreq)
570 {
571 int options = 0;
572
573 shishi_kdcreq_options (handle, kdcreq, &options);
574
575 return options & SHISHI_KDCOPTIONS_RENEWABLE;
576 }
577
578 int
579 shishi_kdcreq_options_set (Shishi * handle, Shishi_asn1 kdcreq, int options)
580 {
581 int res;
582
583 res = shishi_asn1_write_bitstring (handle, kdcreq,
584 "req-body.kdc-options", options);
585 if (res != SHISHI_OK)
586 return res;
587
588 return SHISHI_OK;
589 }
590
591 int
592 shishi_kdcreq_options_add (Shishi * handle, Shishi_asn1 kdcreq, int option)
593 {
594 int options;
595 int res;
596
597 res = shishi_kdcreq_options (handle, kdcreq, &options);
598 if (res != SHISHI_OK)
599 return res;
600
601 options |= option;
602
603 res = shishi_kdcreq_options_set (handle, kdcreq, options);
604 if (res != SHISHI_OK)
605 return res;
606
607 return SHISHI_OK;
608 }
609
610 /**
611 * shishi_kdcreq_clear_padata:
612 * @handle: shishi handle as allocated by shishi_init().
613 * @kdcreq: KDC-REQ to remove PA-DATA from.
614 *
615 * Remove the padata field from KDC-REQ.
616 *
617 * Return value: Returns SHISHI_OK iff successful.
618 **/
619 int
620 shishi_kdcreq_clear_padata (Shishi * handle, Shishi_asn1 kdcreq)
621 {
622 int res;
623
624 res = shishi_asn1_write (handle, kdcreq, "padata", NULL, 0);
625 if (res != SHISHI_OK)
626 return res;
627
628 return SHISHI_OK;
629 }
630
631 /**
632 * shishi_kdcreq_get_padata:
633 * @handle: shishi handle as allocated by shishi_init().
634 * @kdcreq: KDC-REQ to get PA-DATA from.
635 * @padatatype: type of PA-DATA, see Shishi_padata_type.
636 * @out: output array with newly allocated PA-DATA value.
637 * @outlen: size of output array with PA-DATA value.
638 *
639 * Get pre authentication data (PA-DATA) from KDC-REQ. Pre
640 * authentication data is used to pass various information to KDC,
641 * such as in case of a SHISHI_PA_TGS_REQ padatatype the AP-REQ that
642 * authenticates the user to get the ticket.
643 *
644 * Return value: Returns SHISHI_OK iff successful.
645 **/
646 int
647 shishi_kdcreq_get_padata (Shishi * handle,
648 Shishi_asn1 kdcreq,
649 Shishi_padata_type padatatype,
650 char **out, size_t *outlen)
651 {
652 char *format;
653 int res;
654 size_t i, n;
655
656 res = shishi_asn1_number_of_elements (handle, kdcreq, "padata", &n);
657 if (res != SHISHI_OK)
658 return res;
659
660 *out = NULL;
661 *outlen = 0;
662
663 for (i = 1; i <= n; i++)
664 {
665 int32_t patype;
666
667 asprintf (&format, "padata.?%d.padata-type", i);
668 res = shishi_asn1_read_int32 (handle, kdcreq, format, &patype);
669 free (format);
670 if (res != SHISHI_OK)
671 return res;
672
673 if (patype == (int32_t)padatatype)
674 {
675 asprintf (&format, "padata.?%d.padata-value", i);
676 res = shishi_asn1_read2 (handle, kdcreq, format, out, outlen);
677 free (format);
678 if (res != SHISHI_OK)
679 return res;
680 break;
681 }
682 }
683
684 return SHISHI_OK;
685 }
686
687 /**
688 * shishi_kdcreq_get_padata_tgs:
689 * @handle: shishi handle as allocated by shishi_init().
690 * @kdcreq: KDC-REQ to get PA-TGS-REQ from.
691 * @apreq: Output variable with newly allocated AP-REQ.
692 *
693 * Extract TGS pre-authentication data from KDC-REQ. The data is an
694 * AP-REQ that authenticates the request. This function call
695 * shishi_kdcreq_get_padata() with a SHISHI_PA_TGS_REQ padatatype and
696 * DER decode the result (if any).
697 *
698 * Return value: Returns SHISHI_OK iff successful.
699 **/
700 int
701 shishi_kdcreq_get_padata_tgs (Shishi * handle,
702 Shishi_asn1 kdcreq,
703 Shishi_asn1 *apreq)
704 {
705 char *der;
706 size_t derlen;
707 int rc;
708
709 if (VERBOSE (handle))
710 printf ("Extracting AP-REQ from KDC-REQ...\n");
711
712 rc = shishi_kdcreq_get_padata (handle, kdcreq, SHISHI_PA_TGS_REQ,
713 &der, &derlen);
714 if (rc != SHISHI_OK)
715 return rc;
716
717 *apreq = shishi_der2asn1_apreq (handle, der, derlen);
718 if (!*apreq)
719 return SHISHI_ASN1_ERROR;
720
721 if (VERBOSEASN1 (handle))
722 shishi_apreq_print (handle, stdout, *apreq);
723
724 return SHISHI_OK;
725 }
726
727 /**
728 * shishi_kdcreq_add_padata:
729 * @handle: shishi handle as allocated by shishi_init().
730 * @kdcreq: KDC-REQ to add PA-DATA to.
731 * @padatatype: type of PA-DATA, see Shishi_padata_type.
732 * @data: input array with PA-DATA value.
733 * @datalen: size of input array with PA-DATA value.
734 *
735 * Add new pre authentication data (PA-DATA) to KDC-REQ. This is used
736 * to pass various information to KDC, such as in case of a
737 * SHISHI_PA_TGS_REQ padatatype the AP-REQ that authenticates the user
738 * to get the ticket. (But also see shishi_kdcreq_add_padata_tgs()
739 * which takes an AP-REQ directly.)
740 *
741 * Return value: Returns SHISHI_OK iff successful.
742 **/
743 int
744 shishi_kdcreq_add_padata (Shishi * handle,
745 Shishi_asn1 kdcreq,
746 int padatatype, char *data, int datalen)
747 {
748 char *format;
749 int res;
750 int i;
751
752 res = shishi_asn1_write (handle, kdcreq, "padata", "NEW", 1);
753 if (res != SHISHI_OK)
754 return res;
755
756 res = shishi_asn1_number_of_elements (handle, kdcreq, "padata", &i);
757 if (res != SHISHI_OK)
758 return res;
759
760 asprintf (&format, "padata.?%d.padata-value", i);
761 res = shishi_asn1_write (handle, kdcreq, format, data, datalen);
762 free (format);
763 if (res != SHISHI_OK)
764 return res;
765
766 asprintf (&format, "padata.?%d.padata-type", i);
767 res = shishi_asn1_write_uint32 (handle, kdcreq, format, padatatype);
768 free (format);
769 if (res != SHISHI_OK)
770 return res;
771
772 return SHISHI_OK;
773 }
774
775 /**
776 * shishi_kdcreq_add_padata_tgs:
777 * @handle: shishi handle as allocated by shishi_init().
778 * @kdcreq: KDC-REQ to add PA-DATA to.
779 * @apreq: AP-REQ to add as PA-DATA.
780 *
781 * Add TGS pre-authentication data to KDC-REQ. The data is an AP-REQ
782 * that authenticates the request. This functions simply DER encodes
783 * the AP-REQ and calls shishi_kdcreq_add_padata() with a
784 * SHISHI_PA_TGS_REQ padatatype.
785 *
786 * Return value: Returns SHISHI_OK iff successful.
787 **/
788 int
789 shishi_kdcreq_add_padata_tgs (Shishi * handle,
790 Shishi_asn1 kdcreq, Shishi_asn1 apreq)
791 {
792 int res;
793 char *data;
794 int datalen;
795
796 res = shishi_new_a2d (handle, apreq, &data, &datalen);
797 if (res != SHISHI_OK)
798 {
799 shishi_error_printf (handle, "Could not DER encode AP-REQ: %s\n",
800 shishi_strerror (res));
801 return res;
802 }
803
804 res = shishi_kdcreq_add_padata (handle, kdcreq,
805 SHISHI_PA_TGS_REQ, data, datalen);
806 free (data);
807 if (res != SHISHI_OK)
808 return res;
809
810 return res;
811 }
812
813 int
814 shishi_kdcreq_build (Shishi * handle, Shishi_asn1 kdcreq)
815 {
816 int res;
817
818 if (VERBOSE (handle))
819 printf ("Building KDC-REQ...\n");
820
821 if (shishi_asn1_read_empty_p (handle, kdcreq, "req-body.rtime"))
822 {
823 res = shishi_asn1_write (handle, kdcreq, "req-body.rtime", NULL, 0);
824 if (res != SHISHI_OK)
825 {
826 shishi_error_printf (handle, "Could not write rtime\n");
827 return res;
828 }
829 }
830
831 if (shishi_asn1_read_empty_p (handle, kdcreq, "req-body.from"))
832 {
833 res = shishi_asn1_write (handle, kdcreq, "req-body.from", NULL, 0);
834 if (res != SHISHI_OK)
835 {
836 shishi_error_printf (handle, "Could not write from\n");
837 return res;
838 }
839 }
840
841 return SHISHI_OK;
842 }
Free Kerberos V5 implementation