1 /* ticket.c low-level ASN.1 Ticket handling
2 * Copyright (C) 2002, 2003 Simon Josefsson
4 * This file is part of Shishi.
6 * Shishi is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * Shishi is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with Shishi; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
25 shishi_ticket_realm_get (Shishi
* handle
,
26 Shishi_asn1 ticket
, char *realm
, int *realmlen
)
28 return shishi_asn1_field (handle
, ticket
, realm
, realmlen
, "realm");
32 * shishi_ticket_realm_set:
33 * @handle: shishi handle as allocated by shishi_init().
34 * @ticket: input variable with ticket info.
35 * @realm: input array with name of realm.
37 * Set the realm field in the Ticket.
39 * Return value: Returns SHISHI_OK iff successful.
42 shishi_ticket_realm_set (Shishi
* handle
, Shishi_asn1 ticket
,
47 res
= shishi_asn1_write (handle
, ticket
, "realm", realm
, 0);
55 shishi_ticket_sname_get (Shishi
* handle
,
56 Shishi_asn1 ticket
, char *server
, size_t * serverlen
)
58 return shishi_principal_name_get (handle
, ticket
, "sname",
63 * shishi_ticket_sname_set:
64 * @handle: shishi handle as allocated by shishi_init().
65 * @ticket: Ticket variable to set server name field in.
66 * @name_type: type of principial, see Shishi_name_type, usually
68 * @sname: input array with principal name.
70 * Set the server name field in the Ticket.
72 * Return value: Returns SHISHI_OK iff successful.
75 shishi_ticket_sname_set (Shishi
* handle
,
77 Shishi_name_type name_type
, char *sname
[])
83 sprintf (buf
, "%d", name_type
);
85 res
= shishi_asn1_write (handle
, ticket
, "sname.name-type", buf
, 0);
89 res
= shishi_asn1_write (handle
, ticket
, "sname.name-string", NULL
, 0);
96 res
= shishi_asn1_write (handle
, ticket
, "sname.name-string", "NEW", 1);
100 sprintf (buf
, "sname.name-string.?%d", i
);
101 res
= shishi_asn1_write (handle
, ticket
, buf
, sname
[i
- 1], 0);
102 if (res
!= SHISHI_OK
)
112 shishi_ticket_set_server (Shishi
* handle
,
113 Shishi_asn1 ticket
, const char *server
)
121 tmpserver
= strdup (server
);
122 if (tmpserver
== NULL
)
123 return SHISHI_MALLOC_ERROR
;
125 serverbuf
= malloc (sizeof (*serverbuf
));
127 (serverbuf
[i
] = strtok_r (i
== 0 ? tmpserver
: NULL
, "/", &tokptr
));
130 serverbuf
= realloc (serverbuf
, (i
+ 2) * sizeof (*serverbuf
));
131 if (serverbuf
== NULL
)
132 return SHISHI_MALLOC_ERROR
;
134 res
= shishi_ticket_sname_set (handle
, ticket
,
135 SHISHI_NT_PRINCIPAL
, serverbuf
);
136 if (res
!= SHISHI_OK
)
138 fprintf (stderr
, _("Could not set sname: %s\n"),
139 shishi_strerror_details (handle
));
149 shishi_ticket_snamerealm_get (Shishi
* handle
,
151 char *serverrealm
, int *serverrealmlen
)
153 return shishi_principal_name_realm_get (handle
, ticket
, "sname",
155 serverrealm
, serverrealmlen
);
159 shishi_ticket_srealmserver_set (Shishi
* handle
,
160 Shishi_asn1 ticket
, char *realm
, char *server
)
164 res
= shishi_ticket_realm_set (handle
, ticket
, realm
);
165 if (res
!= SHISHI_OK
)
168 res
= shishi_ticket_set_server (handle
, ticket
, server
);
169 if (res
!= SHISHI_OK
)
176 * shishi_ticket_get_enc_part_etype:
177 * @handle: shishi handle as allocated by shishi_init().
178 * @kdcrep: Ticket variable to get value from.
179 * @etype: output variable that holds the value.
181 * Extract Ticket.enc-part.etype.
183 * Return value: Returns SHISHI_OK iff successful.
186 shishi_ticket_get_enc_part_etype (Shishi
* handle
,
187 Shishi_asn1 ticket
, int32_t * etype
)
191 res
= shishi_asn1_read_int32 (handle
, ticket
, "enc-part.etype", etype
);
197 shishi_ticket_decrypt (Shishi
* handle
,
199 Shishi_key
* key
, Shishi_asn1
* encticketpart
)
205 unsigned char cipher
[BUFSIZ
];
209 res
= shishi_ticket_get_enc_part_etype (handle
, ticket
, &etype
);
210 if (res
!= SHISHI_OK
)
213 if (etype
!= shishi_key_type (key
))
214 return SHISHI_TICKET_BAD_KEYTYPE
;
217 res
= shishi_asn1_field (handle
, ticket
, cipher
, &cipherlen
,
219 if (res
!= SHISHI_OK
)
222 res
= shishi_decrypt (handle
, key
, SHISHI_KEYUSAGE_ENCTICKETPART
,
223 cipher
, cipherlen
, &buf
, &buflen
);
225 if (res
!= SHISHI_OK
)
227 shishi_error_printf (handle
,
228 "Ticket decrypt failed, wrong password?\n");
229 return SHISHI_TICKET_DECRYPT_FAILED
;
232 /* The crypto is so 1980; no length indicator. Trim off pad bytes
233 until we can parse it. */
234 for (i
= 0; i
< 8; i
++)
236 if (VERBOSEASN1 (handle
))
237 printf ("Trying with %d pad in enckdcrep...\n", i
);
239 *encticketpart
= shishi_der2asn1_encticketpart (handle
, &buf
[0],
241 if (*encticketpart
!= NULL
)
245 if (*encticketpart
== NULL
)
247 shishi_error_printf (handle
, "Could not DER decode EncTicketPart. "
248 "Password probably correct (decrypt ok) though\n");
249 return SHISHI_ASN1_ERROR
;
256 * shishi_ticket_set_enc_part:
257 * @handle: shishi handle as allocated by shishi_init().
258 * @ticket: Ticket to add enc-part field to.
259 * @etype: encryption type used to encrypt enc-part.
260 * @kvno: key version number.
261 * @buf: input array with encrypted enc-part.
262 * @buflen: size of input array with encrypted enc-part.
264 * Set the encrypted enc-part field in the Ticket. The encrypted data
265 * is usually created by calling shishi_encrypt() on the DER encoded
266 * enc-part. To save time, you may want to use
267 * shishi_ticket_add_enc_part() instead, which calculates the
268 * encrypted data and calls this function in one step.
270 * Return value: Returns SHISHI_OK iff successful.
273 shishi_ticket_set_enc_part (Shishi
* handle
,
275 int etype
, int kvno
, char *buf
, size_t buflen
)
280 res
= shishi_asn1_write (handle
, ticket
, "enc-part.cipher", buf
, buflen
);
281 if (res
!= SHISHI_OK
)
284 res
= shishi_asn1_write_int32 (handle
, ticket
, "enc-part.etype", etype
);
285 if (res
!= SHISHI_OK
)
289 res
= shishi_asn1_write (handle
, ticket
, "enc-part.kvno", NULL
, 0);
291 res
= shishi_asn1_write_uint32 (handle
, ticket
, "enc-part.kvno", kvno
);
292 if (res
!= SHISHI_OK
)
299 * shishi_ticket_add_enc_part:
300 * @handle: shishi handle as allocated by shishi_init().
301 * @ticket: Ticket to add enc-part field to.
302 * @key: key used to encrypt enc-part.
303 * @encticketpart: EncTicketPart to add.
305 * Encrypts DER encoded EncTicketPart using key and stores it in the
308 * Return value: Returns SHISHI_OK iff successful.
311 shishi_ticket_add_enc_part (Shishi
* handle
,
313 Shishi_key
* key
, Shishi_asn1 encticketpart
)
321 res
= shishi_new_a2d (handle
, encticketpart
, &der
, &derlen
);
322 if (res
!= SHISHI_OK
)
324 shishi_error_printf (handle
, "Could not DER encode encticketpart: %s\n",
325 shishi_strerror (res
));
329 res
= shishi_encrypt (handle
, key
, SHISHI_KEYUSAGE_ENCTICKETPART
,
330 der
, derlen
, &buf
, &buflen
);
334 if (res
!= SHISHI_OK
)
336 shishi_error_printf (handle
,
337 "Cannot encrypt encrypted part of ticket\n");
341 res
= shishi_ticket_set_enc_part (handle
, ticket
, shishi_key_type (key
),
342 shishi_key_version (key
), buf
, buflen
);