search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add ticketlife, renewlife.
[shishi.git] / lib / tkt.c
blobb2fe805a3328b751f71833e90cf814d7420cfff1
1 /* tkt.c ticket handling
2 * Copyright (C) 2002, 2003 Simon Josefsson
3 *
4 * This file is part of Shishi.
5 *
6 * Shishi is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * Shishi is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with Shishi; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 *
20 */
21
22 #include "internal.h"
23
24 struct Shishi_tkt
25 {
26 Shishi *handle;
27 Shishi_asn1 ticket;
28 Shishi_asn1 kdcrep;
29 Shishi_asn1 enckdcreppart;
30 Shishi_asn1 encticketpart;
31 Shishi_key *key;
32 };
33
34 int
35 shishi_tkt_clientrealm_set (Shishi_tkt * tkt, char *realm, char *client)
36 {
37 int res;
38
39 res = shishi_encticketpart_crealm_set (tkt->handle,
40 tkt->encticketpart, realm);
41 if (res != SHISHI_OK)
42 return res;
43
44 res = shishi_encticketpart_cname_set (tkt->handle,
45 tkt->encticketpart,
46 SHISHI_NT_UNKNOWN, client);
47 if (res != SHISHI_OK)
48 return res;
49
50 return SHISHI_OK;
51 }
52
53 int
54 shishi_tkt_serverrealm_set (Shishi_tkt * tkt, char *realm, char *server)
55 {
56 int res;
57
58 res = shishi_ticket_srealmserver_set (tkt->handle, tkt->ticket,
59 realm, server);
60 if (res != SHISHI_OK)
61 return res;
62
63 res = shishi_enckdcreppart_srealmserver_set
64 (tkt->handle, tkt->enckdcreppart, realm, server);
65 if (res != SHISHI_OK)
66 return res;
67
68 return SHISHI_OK;
69 }
70
71 int
72 shishi_tkt_build (Shishi_tkt * tkt, Shishi_key * key)
73 {
74 int res;
75
76 res = shishi_ticket_add_enc_part (tkt->handle, tkt->ticket,
77 key, tkt->encticketpart);
78 if (res != SHISHI_OK)
79 return res;
80
81 return SHISHI_OK;
82 }
83
84 /**
85 * shishi_tkt_cname:
86 * @ticket: input variable with ticket info.
87 * @client: output buffer that holds client name of ticket.
88 * @clientlen: on input, maximum size of output buffer,
89 * on output, actual size of output buffer.
90 *
91 * Return value: Returns client principal of ticket.
92 **/
93 int
94 shishi_tkt_client (Shishi_tkt * tkt, char *client, int *clientlen)
95 {
96 return shishi_principal_name_get (tkt->handle, tkt->kdcrep,
97 "cname", client, clientlen);
98 }
99
100 int
101 shishi_tkt_client_p (Shishi_tkt * tkt, const char *client)
102 {
103 char *buf;
104 int buflen;
105 int res;
106
107 buflen = strlen (client) + 1;
108 buf = malloc (buflen);
109 if (buf == NULL)
110 return 0;
111
112 res = shishi_tkt_client (tkt, buf, &buflen);
113 if (res != SHISHI_OK)
114 {
115 free (buf);
116 return 0;
117 }
118 buf[buflen] = '\0';
119
120 if (strcmp (client, buf) != 0)
121 {
122 free (buf);
123 return 0;
124 }
125
126 free (buf);
127
128 return 1;
129 }
130
131 int
132 shishi_tkt_cnamerealm (Shishi_tkt * tkt, char *cnamerealm, int *cnamerealmlen)
133 {
134 return shishi_principal_name_realm_get (tkt->handle,
135 tkt->kdcrep, "cname",
136 tkt->kdcrep, "crealm",
137 cnamerealm, cnamerealmlen);
138 }
139
140 int
141 shishi_tkt_cnamerealm_p (Shishi_tkt * tkt, const char *client)
142 {
143 char *buf;
144 int buflen;
145 int res;
146
147 buflen = strlen (client) + 1;
148 buf = malloc (buflen);
149 if (buf == NULL)
150 return 0;
151
152 res = shishi_tkt_cnamerealm (tkt, buf, &buflen);
153 if (res != SHISHI_OK)
154 {
155 free (buf);
156 return 0;
157 }
158 buf[buflen] = '\0';
159
160 if (strcmp (client, buf) != 0)
161 {
162 free (buf);
163 return 0;
164 }
165
166 free (buf);
167
168 return 1;
169 }
170
171 /**
172 * shishi_tkt_ticket:
173 * @tkt: input variable with ticket info.
174 *
175 * Return value: Returns actual ticket.
176 **/
177 Shishi_asn1
178 shishi_tkt_ticket (Shishi_tkt * tkt)
179 {
180 return tkt->ticket;
181 }
182
183 /**
184 * shishi_tkt_enckdcreppart:
185 * @tkt: input variable with ticket info.
186 *
187 * Return value: Returns auxilliary ticket information.
188 **/
189 Shishi_asn1
190 shishi_tkt_enckdcreppart (Shishi_tkt * tkt)
191 {
192 return tkt->enckdcreppart;
193 }
194
195 /**
196 * shishi_tkt_encticketreppart_set:
197 * @as: structure that holds information about Ticket exchange
198 * @enckdcreppart: EncKDCRepPart to store in Ticket.
199 *
200 * Set the EncKDCRepPart in the Ticket.
201 **/
202 void
203 shishi_tkt_enckdcreppart_set (Shishi_tkt * tkt, Shishi_asn1 enckdcreppart)
204 {
205 if (tkt->enckdcreppart)
206 shishi_asn1_done (tkt->handle, tkt->enckdcreppart);
207 tkt->enckdcreppart = enckdcreppart;
208 }
209
210 /**
211 * shishi_tkt_kdcrep:
212 * @tkt: input variable with ticket info.
213 *
214 * Return value: Returns KDC-REP information.
215 **/
216 Shishi_asn1
217 shishi_tkt_kdcrep (Shishi_tkt * tkt)
218 {
219 return tkt->kdcrep;
220 }
221
222 /**
223 * shishi_tkt_encticketpart:
224 * @tkt: input variable with ticket info.
225 *
226 * Return value: Returns EncTicketPart information.
227 **/
228 Shishi_asn1
229 shishi_tkt_encticketpart (Shishi_tkt * tkt)
230 {
231 return tkt->encticketpart;
232 }
233
234 /**
235 * shishi_tkt_encticketpart_set:
236 * @tkt: input variable with ticket info.
237 * @encticketpart: encticketpart to store in ticket.
238 *
239 * Set the EncTicketPart in the Ticket.
240 **/
241 void
242 shishi_tkt_encticketpart_set (Shishi_tkt * tkt, Shishi_asn1 encticketpart)
243 {
244 if (tkt->encticketpart)
245 shishi_asn1_done (tkt->handle, tkt->encticketpart);
246 tkt->encticketpart = encticketpart;
247 }
248
249 /**
250 * shishi_tkt_key:
251 * @tkt: input variable with ticket info.
252 *
253 * Return value: Returns key extracted from enckdcreppart.
254 **/
255 Shishi_key *
256 shishi_tkt_key (Shishi_tkt * tkt)
257 {
258 if (!tkt->key && tkt->enckdcreppart)
259 {
260 int res;
261
262 res = shishi_enckdcreppart_get_key (tkt->handle,
263 tkt->enckdcreppart, &tkt->key);
264 if (res != SHISHI_OK)
265 return NULL;
266 }
267 else if (!tkt->key && tkt->encticketpart)
268 {
269 int res;
270
271 res = shishi_encticketpart_get_key (tkt->handle,
272 tkt->encticketpart, &tkt->key);
273 if (res != SHISHI_OK)
274 return NULL;
275 }
276
277 return tkt->key;
278 }
279
280 /**
281 * shishi_tkt_key_set:
282 * @tkt: input variable with ticket info.
283 * @key: key to store in ticket.
284 *
285 * Set the key in the EncTicketPart.
286 *
287 * Return value: Returns SHISHI_OK iff successful.
288 **/
289 int
290 shishi_tkt_key_set (Shishi_tkt * tkt, Shishi_key * key)
291 {
292 int res;
293
294 res = shishi_encticketpart_key_set (tkt->handle, tkt->encticketpart, key);
295 if (res != SHISHI_OK)
296 return res;
297
298 res = shishi_enckdcreppart_key_set (tkt->handle, tkt->enckdcreppart, key);
299 if (res != SHISHI_OK)
300 return res;
301
302 tkt->key = key;
303
304 return SHISHI_OK;
305 }
306
307 /**
308 * shishi_ticket:
309 * @handle: shishi handle as allocated by shishi_init().
310 * @ticket: input variable with ticket.
311 * @enckdcreppart: input variable with auxilliary ticket information.
312 * @kdcrep: input variable with KDC-REP ticket information.
313 *
314 * Create a new ticket handle.
315 *
316 * Return value: Returns new ticket handle, or %NULL on error.
317 **/
318 Shishi_tkt *
319 shishi_tkt2 (Shishi * handle,
320 Shishi_asn1 ticket, Shishi_asn1 enckdcreppart,
321 Shishi_asn1 kdcrep)
322 {
323 Shishi_tkt *tkt;
324
325 tkt = malloc (sizeof (*tkt));
326 if (tkt == NULL)
327 return NULL;
328
329 memset (tkt, 0, sizeof (*tkt));
330
331 tkt->handle = handle;
332 tkt->ticket = ticket;
333 tkt->enckdcreppart = enckdcreppart;
334 tkt->kdcrep = kdcrep;
335
336 return tkt;
337 }
338
339 /**
340 * shishi_tkt:
341 * @handle: shishi handle as allocated by shishi_init().
342 * @tkt: output variable with newly allocated ticket.
343 *
344 * Create a new ticket handle.
345 *
346 * Return value: Returns SHISHI_OK iff successful.
347 **/
348 int
349 shishi_tkt (Shishi * handle, Shishi_tkt ** tkt)
350 {
351 Shishi_tkt *t;
352 int res;
353
354 t = malloc (sizeof (*t));
355 if (t == NULL)
356 return SHISHI_MALLOC_ERROR;
357 memset (t, 0, sizeof (*t));
358
359 t->handle = handle;
360
361 t->ticket = shishi_asn1_ticket (handle);
362 if (t->ticket == NULL)
363 {
364 shishi_error_printf (handle, "Could not create Ticket: %s\n",
365 shishi_strerror_details (handle));
366 return SHISHI_ASN1_ERROR;
367 }
368
369 /* XXX what about tgs's? */
370 t->enckdcreppart = shishi_encasreppart (handle);
371 if (t->enckdcreppart == NULL)
372 {
373 shishi_error_printf (handle, "Could not create EncKDCRepPart: %s\n",
374 shishi_strerror_details (handle));
375 return SHISHI_ASN1_ERROR;
376 }
377
378 t->encticketpart = shishi_encticketpart (handle);
379 if (t->encticketpart == NULL)
380 {
381 shishi_error_printf (handle, "Could not create EncTicketPart: %s\n",
382 shishi_strerror_details (handle));
383 return SHISHI_ASN1_ERROR;
384 }
385
386 res = shishi_encticketpart_transited_set (handle,
387 t->encticketpart,
388 SHISHI_TR_DOMAIN_X500_COMPRESS,
389 "", 0);
390 if (res != SHISHI_OK)
391 return res;
392
393 res = shishi_encticketpart_authtime_set
394 (handle, t->encticketpart, shishi_generalize_time (handle, time (NULL)));
395 if (res != SHISHI_OK)
396 return res;
397
398 res = shishi_encticketpart_endtime_set
399 (handle, t->encticketpart,
400 shishi_generalize_time (handle, time (NULL) + 1000));
401 if (res != SHISHI_OK)
402 return res;
403
404 t->kdcrep = shishi_asrep (handle);
405 if (t->kdcrep == NULL)
406 {
407 shishi_error_printf (handle, "Could not create AS-REP: %s\n",
408 shishi_strerror_details (handle));
409 return SHISHI_ASN1_ERROR;
410 }
411
412 *tkt = t;
413
414 return SHISHI_OK;
415 }
416
417 void
418 shishi_tkt_done (Shishi_tkt * tkt)
419 {
420 if (tkt->key)
421 shishi_key_done (&tkt->key);
422 free (tkt);
423 }
424
425 int
426 shishi_tkt_flags (Shishi_tkt * tkt, int *flags)
427 {
428 return shishi_asn1_read_bitstring (tkt->handle, tkt->enckdcreppart,
429 "flags", flags);
430 }
431
432 int
433 shishi_tkt_flags_set (Shishi_tkt * tkt, int flags)
434 {
435 int res;
436
437 res = shishi_encticketpart_flags_set (tkt->handle, tkt->encticketpart,
438 flags);
439 if (res != SHISHI_OK)
440 return res;
441
442 res = shishi_enckdcreppart_flags_set (tkt->handle, tkt->enckdcreppart,
443 flags);
444 if (res != SHISHI_OK)
445 return res;
446
447 return SHISHI_OK;
448 }
449
450 int
451 shishi_tkt_forwardable_p (Shishi_tkt * tkt)
452 {
453 int flags = 0;
454
455 shishi_tkt_flags (tkt, &flags);
456
457 return flags & SHISHI_TICKETFLAGS_FORWARDABLE;
458 }
459
460 int
461 shishi_tkt_forwarded_p (Shishi_tkt * tkt)
462 {
463 int flags = 0;
464
465 shishi_tkt_flags (tkt, &flags);
466
467 return flags & SHISHI_TICKETFLAGS_FORWARDED;
468 }
469
470 int
471 shishi_tkt_proxiable_p (Shishi_tkt * tkt)
472 {
473 int flags = 0;
474
475 shishi_tkt_flags (tkt, &flags);
476
477 return flags & SHISHI_TICKETFLAGS_PROXIABLE;
478 }
479
480 int
481 shishi_tkt_proxy_p (Shishi_tkt * tkt)
482 {
483 int flags = 0;
484
485 shishi_tkt_flags (tkt, &flags);
486
487 return flags & SHISHI_TICKETFLAGS_PROXY;
488 }
489
490 int
491 shishi_tkt_may_postdate_p (Shishi_tkt * tkt)
492 {
493 int flags = 0;
494
495 shishi_tkt_flags (tkt, &flags);
496
497 return flags & SHISHI_TICKETFLAGS_MAY_POSTDATE;
498 }
499
500 int
501 shishi_tkt_postdated_p (Shishi_tkt * tkt)
502 {
503 int flags = 0;
504
505 shishi_tkt_flags (tkt, &flags);
506
507 return flags & SHISHI_TICKETFLAGS_POSTDATED;
508 }
509
510 int
511 shishi_tkt_invalid_p (Shishi_tkt * tkt)
512 {
513 int flags = 0;
514
515 shishi_tkt_flags (tkt, &flags);
516
517 return flags & SHISHI_TICKETFLAGS_INVALID;
518 }
519
520 int
521 shishi_tkt_renewable_p (Shishi_tkt * tkt)
522 {
523 int flags = 0;
524
525 shishi_tkt_flags (tkt, &flags);
526
527 return flags & SHISHI_TICKETFLAGS_RENEWABLE;
528 }
529
530 int
531 shishi_tkt_initial_p (Shishi_tkt * tkt)
532 {
533 int flags = 0;
534
535 shishi_tkt_flags (tkt, &flags);
536
537 return flags & SHISHI_TICKETFLAGS_INITIAL;
538 }
539
540 int
541 shishi_tkt_pre_authent_p (Shishi_tkt * tkt)
542 {
543 int flags = 0;
544
545 shishi_tkt_flags (tkt, &flags);
546
547 return flags & SHISHI_TICKETFLAGS_PRE_AUTHENT;
548 }
549
550 int
551 shishi_tkt_hw_authent_p (Shishi_tkt * tkt)
552 {
553 int flags = 0;
554
555 shishi_tkt_flags (tkt, &flags);
556
557 return flags & SHISHI_TICKETFLAGS_HW_AUTHENT;
558 }
559
560 int
561 shishi_tkt_transited_policy_checked_p (Shishi_tkt * tkt)
562 {
563 int flags = 0;
564
565 shishi_tkt_flags (tkt, &flags);
566
567 return flags & SHISHI_TICKETFLAGS_TRANSITED_POLICY_CHECKED;
568 }
569
570 int
571 shishi_tkt_ok_as_delegate_p (Shishi_tkt * tkt)
572 {
573 int flags = 0;
574
575 shishi_tkt_flags (tkt, &flags);
576
577 return flags & SHISHI_TICKETFLAGS_OK_AS_DELEGATE;
578 }
579
580 int
581 shishi_tkt_realm (Shishi_tkt * tkt, char *realm, int *realmlen)
582 {
583 return shishi_ticket_realm_get (tkt->handle, tkt->ticket, realm, realmlen);
584 }
585
586 int
587 shishi_tkt_server (Shishi_tkt * tkt, char *server, int *serverlen)
588 {
589 return shishi_ticket_sname_get (tkt->handle, tkt->ticket,
590 server, serverlen);
591 }
592
593 int
594 shishi_tkt_server_p (Shishi_tkt * tkt, const char *server)
595 {
596 char *buf;
597 int buflen;
598 int res;
599
600 buflen = strlen (server) + 1;
601 buf = malloc (buflen);
602 if (buf == NULL)
603 return 0;
604
605 res = shishi_tkt_server (tkt, buf, &buflen);
606 if (res != SHISHI_OK)
607 {
608 free (buf);
609 return 0;
610 }
611 buf[buflen] = '\0';
612
613 if (strcmp (server, buf) != 0)
614 {
615 free (buf);
616 return 0;
617 }
618
619 free (buf);
620
621 return 1;
622 }
623
624 int
625 shishi_tkt_server_realm (Shishi_tkt * tkt,
626 char *serverrealm, int *serverrealmlen)
627 {
628 return shishi_ticket_snamerealm_get (tkt->handle, tkt->ticket,
629 serverrealm, serverrealmlen);
630 }
631
632 int
633 shishi_tkt_keytype (Shishi_tkt * tkt, int32_t * etype)
634 {
635 return shishi_asn1_read_int32 (tkt->handle, tkt->enckdcreppart,
636 "key.keytype", etype);
637 }
638
639 int
640 shishi_tkt_keytype_p (Shishi_tkt * tkt, int32_t etype)
641 {
642 int32_t tktetype;
643 int rc;
644
645 rc = shishi_asn1_read_int32 (tkt->handle, tkt->enckdcreppart,
646 "key.keytype", &tktetype);
647 if (rc != SHISHI_OK)
648 return 0;
649
650 return etype == tktetype;
651 }
652
653 int
654 shishi_tkt_lastreq (Shishi_tkt * tkt,
655 char *lrtime, int *lrtimelen, int lrtype)
656 {
657 char *format;
658 int tmplrtype;
659 int res;
660 int i, n;
661
662 res = shishi_asn1_number_of_elements (tkt->handle, tkt->enckdcreppart,
663 "last-req", &n);
664 if (res != SHISHI_OK)
665 return res;
666
667 for (i = 1; i <= n; i++)
668 {
669 asprintf (&format, "last-req.?%d.lr-type", i);
670 res = shishi_asn1_read_integer (tkt->handle, tkt->enckdcreppart,
671 format, &tmplrtype);
672 free (format);
673 if (res != SHISHI_OK)
674 return SHISHI_ASN1_ERROR;
675
676 if (lrtype == tmplrtype)
677 {
678 asprintf (&format, "last-req.?%d.lr-value", i);
679 res = shishi_asn1_read (tkt->handle, tkt->enckdcreppart,
680 format, lrtime, lrtimelen);
681 free (format);
682 if (res != SHISHI_OK)
683 return SHISHI_ASN1_ERROR;
684
685 return SHISHI_OK;
686 }
687 }
688
689 return !SHISHI_OK;
690 }
691
692 time_t
693 shishi_tkt_lastreqc (Shishi_tkt * tkt, Shishi_lrtype lrtype)
694 {
695 char lrtime[GENERALIZEDTIME_TIME_LEN + 1];
696 int lrtimelen;
697 time_t t;
698 int res;
699
700 lrtimelen = sizeof (lrtime);
701 res = shishi_tkt_lastreq (tkt, lrtime, &lrtimelen, lrtype);
702 if (res != SHISHI_OK)
703 return (time_t) - 1;
704
705 lrtime[GENERALIZEDTIME_TIME_LEN] = '\0';
706
707 t = shishi_generalize_ctime (tkt->handle, lrtime);
708
709 return t;
710 }
711
712 int
713 shishi_tkt_lastreq_pretty_print (Shishi_tkt * tkt, FILE * fh)
714 {
715 time_t t;
716
717 t = shishi_tkt_lastreqc (tkt, SHISHI_LRTYPE_LAST_INITIAL_TGT_REQUEST);
718 if (t != (time_t) - 1)
719 fprintf (fh, _("Time of last initial request for a TGT:\t%s"),
720 ctime (&t));
721
722 t = shishi_tkt_lastreqc (tkt, SHISHI_LRTYPE_LAST_INITIAL_REQUEST);
723 if (t != (time_t) - 1)
724 fprintf (fh, "Time of last initial request:\t%s", ctime (&t));
725
726 t = shishi_tkt_lastreqc (tkt, SHISHI_LRTYPE_NEWEST_TGT_ISSUE);
727 if (t != (time_t) - 1)
728 fprintf (fh,
729 "Time of issue for the newest ticket-granting ticket used:\t%s",
730 ctime (&t));
731
732 t = shishi_tkt_lastreqc (tkt, SHISHI_LRTYPE_LAST_RENEWAL);
733 if (t != (time_t) - 1)
734 fprintf (fh, "Time of the last renewal:\t%s", ctime (&t));
735
736 t = shishi_tkt_lastreqc (tkt, SHISHI_LRTYPE_LAST_REQUEST);
737 if (t != (time_t) - 1)
738 fprintf (fh, "Time of last request:\t%s", ctime (&t));
739
740 return SHISHI_OK;
741 }
742
743 int
744 shishi_tkt_authtime (Shishi_tkt * tkt, char *authtime, int *authtimelen)
745 {
746 return shishi_asn1_field (tkt->handle, tkt->enckdcreppart,
747 authtime, authtimelen, "authtime");
748 }
749
750 time_t
751 shishi_tkt_authctime (Shishi_tkt * tkt)
752 {
753 char authtime[GENERALIZEDTIME_TIME_LEN + 1];
754 int authtimelen;
755 time_t t;
756 int res;
757
758 authtimelen = sizeof (authtime);
759 res = shishi_tkt_authtime (tkt, authtime, &authtimelen);
760 if (res != SHISHI_OK)
761 return (time_t) - 1;
762
763 authtime[GENERALIZEDTIME_TIME_LEN] = '\0';
764
765 t = shishi_generalize_ctime (tkt->handle, authtime);
766
767 return t;
768 }
769
770 int
771 shishi_tkt_starttime (Shishi_tkt * tkt, char *starttime, int *starttimelen)
772 {
773 return shishi_asn1_optional_field (tkt->handle, tkt->enckdcreppart,
774 starttime, starttimelen, "starttime");
775 }
776
777 time_t
778 shishi_tkt_startctime (Shishi_tkt * tkt)
779 {
780 char starttime[GENERALIZEDTIME_TIME_LEN + 1];
781 int starttimelen;
782 time_t t;
783 int res;
784
785 starttimelen = sizeof (starttime);
786 res = shishi_tkt_starttime (tkt, starttime, &starttimelen);
787 if (res != SHISHI_OK || starttimelen == 0)
788 return (time_t) - 1;
789
790 starttime[GENERALIZEDTIME_TIME_LEN] = '\0';
791
792 t = shishi_generalize_ctime (tkt->handle, starttime);
793
794 return t;
795 }
796
797 int
798 shishi_tkt_endtime (Shishi_tkt * tkt, char *endtime, int *endtimelen)
799 {
800 return shishi_asn1_field (tkt->handle, tkt->enckdcreppart,
801 endtime, endtimelen, "endtime");
802 }
803
804 time_t
805 shishi_tkt_endctime (Shishi_tkt * tkt)
806 {
807 char endtime[GENERALIZEDTIME_TIME_LEN + 1];
808 int endtimelen;
809 time_t t;
810 int res;
811
812 endtimelen = sizeof (endtime);
813 res = shishi_tkt_endtime (tkt, endtime, &endtimelen);
814 if (res != SHISHI_OK)
815 return (time_t) - 1;
816
817 endtime[GENERALIZEDTIME_TIME_LEN] = '\0';
818
819 t = shishi_generalize_ctime (tkt->handle, endtime);
820
821 return t;
822 }
823
824 int
825 shishi_tkt_renew_till (Shishi_tkt * tkt, char *renewtill, int *renewtilllen)
826 {
827 return shishi_asn1_optional_field (tkt->handle, tkt->enckdcreppart,
828 renewtill, renewtilllen, "renew-till");
829 }
830
831 time_t
832 shishi_tkt_renew_tillc (Shishi_tkt * tkt)
833 {
834 char renewtill[GENERALIZEDTIME_TIME_LEN + 1];
835 int renewtilllen;
836 time_t t;
837 int res;
838
839 renewtilllen = sizeof (renewtill);
840 res = shishi_tkt_renew_till (tkt, renewtill, &renewtilllen);
841 if (res != SHISHI_OK || renewtilllen == 0)
842 return (time_t) - 1;
843
844 renewtill[GENERALIZEDTIME_TIME_LEN] = '\0';
845
846 t = shishi_generalize_ctime (tkt->handle, renewtill);
847
848 return t;
849 }
850
851 int
852 shishi_tkt_valid_at_time_p (Shishi_tkt * tkt, time_t now)
853 {
854 time_t starttime, endtime;
855
856 starttime = shishi_tkt_startctime (tkt);
857 if (starttime == (time_t) - 1)
858 starttime = shishi_tkt_authctime (tkt);
859 endtime = shishi_tkt_endctime (tkt);
860
861 return starttime <= now && now <= endtime;
862 }
863
864 int
865 shishi_tkt_valid_now_p (Shishi_tkt * tkt)
866 {
867 return shishi_tkt_valid_at_time_p (tkt, time (NULL));
868 }
869
870 int
871 shishi_tkt_pretty_print (Shishi_tkt * tkt, FILE * fh)
872 {
873 char buf[BUFSIZ];
874 char *p;
875 int buflen;
876 int keytype, etype, flags;
877 int res;
878 time_t t;
879
880 buflen = sizeof (buf);
881 buf[0] = '\0';
882 res = shishi_tkt_cnamerealm (tkt, buf, &buflen);
883 if (res != SHISHI_OK)
884 return res;
885 buf[buflen] = '\0';
886 fprintf (fh, "%s:\n", buf);
887
888 t = shishi_tkt_authctime (tkt);
889 fprintf (fh, _("Authtime:\t%s"), ctime (&t));
890
891 t = shishi_tkt_startctime (tkt);
892 if (t != (time_t) - 1)
893 fprintf (fh, _("Starttime:\t%s"), ctime (&t));
894
895 t = shishi_tkt_endctime (tkt);
896 p = ctime (&t);
897 p[strlen (p) - 1] = '\0';
898 fprintf (fh, _("Endtime:\t%s"), p);
899 if (!shishi_tkt_valid_now_p (tkt))
900 fprintf (fh, " (EXPIRED)");
901 fprintf (fh, "\n");
902
903 t = shishi_tkt_renew_tillc (tkt);
904 if (t != (time_t) - 1)
905 fprintf (fh, _("Renewable until:\t%s"), ctime (&t));
906
907 buflen = sizeof (buf);
908 buf[0] = '\0';
909 res = shishi_tkt_server (tkt, buf, &buflen);
910 if (res != SHISHI_OK)
911 return res;
912 buf[buflen] = '\0';
913 res = shishi_ticket_get_enc_part_etype (tkt->handle, tkt->ticket, &keytype);
914 if (res != SHISHI_OK)
915 return res;
916 fprintf (fh, _("Server:\t\t%s key %s (%d)\n"), buf,
917 shishi_cipher_name (keytype), keytype);
918
919 res = shishi_tkt_keytype (tkt, &keytype);
920 if (res != SHISHI_OK)
921 return res;
922 res = shishi_kdcrep_get_enc_part_etype (tkt->handle, tkt->kdcrep, &etype);
923 if (res != SHISHI_OK)
924 return res;
925 fprintf (fh, _("Ticket key:\t%s (%d) protected by %s (%d)\n"),
926 shishi_cipher_name (keytype), keytype,
927 shishi_cipher_name (etype), etype);
928
929
930 res = shishi_tkt_flags (tkt, &flags);
931 if (res != SHISHI_OK)
932 return res;
933 if (flags)
934 {
935 fprintf (fh, _("Ticket flags:\t"));
936 if (shishi_tkt_forwardable_p (tkt))
937 fprintf (fh, "FORWARDABLE ");
938 if (shishi_tkt_forwarded_p (tkt))
939 fprintf (fh, "FORWARDED ");
940 if (shishi_tkt_proxiable_p (tkt))
941 fprintf (fh, "PROXIABLE ");
942 if (shishi_tkt_proxy_p (tkt))
943 fprintf (fh, "PROXY ");
944 if (shishi_tkt_may_postdate_p (tkt))
945 fprintf (fh, "MAYPOSTDATE ");
946 if (shishi_tkt_postdated_p (tkt))
947 fprintf (fh, "POSTDATED ");
948 if (shishi_tkt_invalid_p (tkt))
949 fprintf (fh, "INVALID ");
950 if (shishi_tkt_renewable_p (tkt))
951 fprintf (fh, "RENEWABLE ");
952 if (shishi_tkt_initial_p (tkt))
953 fprintf (fh, "INITIAL ");
954 if (shishi_tkt_pre_authent_p (tkt))
955 fprintf (fh, "PREAUTHENT ");
956 if (shishi_tkt_hw_authent_p (tkt))
957 fprintf (fh, "HWAUTHENT ");
958 if (shishi_tkt_transited_policy_checked_p (tkt))
959 fprintf (fh, "TRANSITEDPOLICYCHECKED ");
960 if (shishi_tkt_ok_as_delegate_p (tkt))
961 fprintf (fh, "OKASDELEGATE ");
962 fprintf (fh, "(%d)\n", flags);
963 }
964
965 return SHISHI_OK;
966 }
967
968 int
969 shishi_tkt_decrypt (Shishi_tkt * tkt, Shishi_key * key)
970 {
971 int rc;
972 Shishi_asn1 encticketpart;
973
974 rc = shishi_ticket_decrypt (tkt->handle, tkt->ticket, key, &encticketpart);
975 if (rc != SHISHI_OK)
976 return rc;
977
978 tkt->encticketpart = encticketpart;
979
980 return SHISHI_OK;
981 }
Free Kerberos V5 implementation