search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update gnulib files.
[shishi.git] / lib / as.c
blobc2fb529a035d5efe7e6c0a0621510a7ed7beefe7
1 /* as.c --- High level client AS functions
2 * Copyright (C) 2002, 2003, 2004, 2006, 2007 Simon Josefsson
3 *
4 * This file is part of Shishi.
5 *
6 * Shishi is free software; you can redistribute it and/or modify it it
7 * under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * Shishi is distributed in the hope that it will be useful, but but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with Shishi; if not, see http://www.gnu.org/licenses or write
18 * to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
19 * Floor, Boston, MA 02110-1301, USA
20 *
21 */
22
23 #include "internal.h"
24
25 struct Shishi_as
26 {
27 Shishi *handle;
28 Shishi_asn1 asreq;
29 Shishi_asn1 asrep;
30 Shishi_asn1 krberror;
31 Shishi_tkt *tkt;
32 };
33
34 /**
35 * shishi_as:
36 * @handle: shishi handle as allocated by shishi_init().
37 * @as: holds pointer to newly allocate Shishi_as structure.
38 *
39 * Allocate a new AS exchange variable.
40 *
41 * Return value: Returns SHISHI_OK iff successful.
42 **/
43 int
44 shishi_as (Shishi * handle, Shishi_as ** as)
45 {
46 Shishi_as *las;
47 int res;
48
49 *as = xmalloc (sizeof (**as));
50 las = *as;
51 memset (las, 0, sizeof (*las));
52
53 las->handle = handle;
54
55 las->asreq = shishi_asreq (handle);
56 if (las->asreq == NULL)
57 {
58 shishi_error_printf (handle, "Could not create AS-REQ: %s\n",
59 shishi_error (handle));
60 return SHISHI_ASN1_ERROR;
61 }
62
63 las->asrep = shishi_asrep (handle);
64 if (las->asrep == NULL)
65 {
66 shishi_error_printf (handle, "Could not create AS-REP: %s\n",
67 shishi_error (handle));
68 return SHISHI_ASN1_ERROR;
69 }
70
71 las->krberror = shishi_krberror (handle);
72 if (las->krberror == NULL)
73 {
74 shishi_error_printf (handle, "Could not create KRB-ERROR: %s\n",
75 shishi_error (handle));
76 return SHISHI_ASN1_ERROR;
77 }
78
79 res = shishi_tkt (handle, &las->tkt);
80 if (res != SHISHI_OK)
81 return res;
82
83 res = shishi_tkt_flags_set (las->tkt, SHISHI_TICKETFLAGS_INITIAL);
84 if (res != SHISHI_OK)
85 return res;
86
87 return SHISHI_OK;
88 }
89
90 /**
91 * shishi_as_done:
92 * @as: structure that holds information about AS exchange
93 *
94 * Deallocate resources associated with AS exchange. This should be
95 * called by the application when it no longer need to utilize the AS
96 * exchange handle.
97 **/
98 void
99 shishi_as_done (Shishi_as * as)
100 {
101 shishi_asn1_done (as->handle, as->asreq);
102 shishi_asn1_done (as->handle, as->asrep);
103 shishi_asn1_done (as->handle, as->krberror);
104 shishi_tkt_done (as->tkt);
105 free (as);
106 }
107
108 /* TODO: add shishi_as_clientserver(h,p,a,client,server) and make the
109 shishi_as_cnamerealmsname function take real cname/sname pointer
110 arrays. */
111
112 /**
113 * shishi_as_req:
114 * @as: structure that holds information about AS exchange
115 *
116 * Get ASN.1 AS-REQ structure from AS exchange.
117 *
118 * Return value: Returns the generated AS-REQ packet from the AS
119 * exchange, or NULL if not yet set or an error occured.
120 **/
121 Shishi_asn1
122 shishi_as_req (Shishi_as * as)
123 {
124 return as->asreq;
125 }
126
127 /**
128 * shishi_as_req_build:
129 * @as: structure that holds information about AS exchange
130 *
131 * Possibly remove unset fields (e.g., rtime).
132 *
133 * Return value: Returns SHISHI_OK iff successful.
134 **/
135 int
136 shishi_as_req_build (Shishi_as * as)
137 {
138 int res;
139
140 res = shishi_kdcreq_build (as->handle, as->asreq);
141 if (res != SHISHI_OK)
142 return res;
143
144 return SHISHI_OK;
145 }
146
147 /**
148 * shishi_as_req_set:
149 * @as: structure that holds information about AS exchange
150 * @asreq: asreq to store in AS.
151 *
152 * Set the AS-REQ in the AS exchange.
153 **/
154 void
155 shishi_as_req_set (Shishi_as * as, Shishi_asn1 asreq)
156 {
157 if (as->asreq)
158 shishi_asn1_done (as->handle, as->asreq);
159 as->asreq = asreq;
160 }
161
162 /**
163 * shishi_as_req_der:
164 * @as: structure that holds information about AS exchange
165 * @out: output array with newly allocated DER encoding of AS-REQ.
166 * @outlen: length of output array with DER encoding of AS-REQ.
167 *
168 * DER encode AS-REQ. @out is allocated by this function, and it is
169 * the responsibility of caller to deallocate it.
170 *
171 * Return value: Returns SHISHI_OK iff successful.
172 **/
173 int
174 shishi_as_req_der (Shishi_as * as, char **out, size_t * outlen)
175 {
176 int rc;
177
178 rc = shishi_asn1_to_der (as->handle, as->asreq, out, outlen);
179 if (rc != SHISHI_OK)
180 return rc;
181
182 return SHISHI_OK;
183 }
184
185 /**
186 * shishi_as_req_der_set:
187 * @as: structure that holds information about AS exchange
188 * @der: input array with DER encoded AP-REQ.
189 * @derlen: length of input array with DER encoded AP-REQ.
190 *
191 * DER decode AS-REQ and set it AS exchange. If decoding fails, the
192 * AS-REQ in the AS exchange remains.
193 *
194 * Return value: Returns SHISHI_OK.
195 **/
196 int
197 shishi_as_req_der_set (Shishi_as * as, char *der, size_t derlen)
198 {
199 Shishi_asn1 asreq;
200
201 asreq = shishi_der2asn1_asreq (as->handle, der, derlen);
202
203 if (asreq == NULL)
204 return SHISHI_ASN1_ERROR;
205
206 as->asreq = asreq;
207
208 return SHISHI_OK;
209 }
210
211 /**
212 * shishi_as_rep:
213 * @as: structure that holds information about AS exchange
214 *
215 * Get ASN.1 AS-REP structure from AS exchange.
216 *
217 * Return value: Returns the received AS-REP packet from the AS
218 * exchange, or NULL if not yet set or an error occured.
219 **/
220 Shishi_asn1
221 shishi_as_rep (Shishi_as * as)
222 {
223 return as->asrep;
224 }
225
226 /**
227 * shishi_as_rep_process:
228 * @as: structure that holds information about AS exchange
229 * @key: user's key, used to encrypt the encrypted part of the AS-REP.
230 * @password: user's password, used if key is NULL.
231 *
232 * Process new AS-REP and set ticket. The key is used to decrypt the
233 * AP-REP. If both key and password is NULL, the user is queried for
234 * it.
235 *
236 * Return value: Returns SHISHI_OK iff successful.
237 **/
238 int
239 shishi_as_rep_process (Shishi_as * as, Shishi_key * key, const char *password)
240 {
241 Shishi_asn1 ticket, kdcreppart;
242 int res;
243
244 if (VERBOSE (as->handle))
245 printf ("Processing AS-REQ and AS-REP...\n");
246
247 if (VERBOSEASN1 (as->handle))
248 shishi_kdcreq_print (as->handle, stdout, as->asreq);
249
250 if (VERBOSEASN1 (as->handle))
251 shishi_kdcrep_print (as->handle, stdout, as->asrep);
252
253 if (key == NULL && password == NULL)
254 {
255 char *passwd;
256 char *user;
257 size_t userlen;
258
259 res = shishi_asreq_clientrealm (as->handle, as->asreq, &user, &userlen);
260 if (res != SHISHI_OK)
261 {
262 shishi_error_printf (as->handle, "Could not extract cname and "
263 "realm from AS-REQ: %s\n",
264 shishi_strerror (res),
265 shishi_error (as->handle));
266 return res;
267 }
268
269 res = shishi_prompt_password (as->handle, &passwd,
270 "Enter password for `%s': ", user);
271 free (user);
272 if (res != SHISHI_OK)
273 {
274 shishi_error_printf (as->handle, "Reading password failed: %s\n",
275 shishi_strerror (res));
276 return res;
277 }
278
279 res = shishi_as_process (as->handle, as->asreq, as->asrep,
280 passwd, &kdcreppart);
281 free (passwd);
282 }
283 else if (key == NULL)
284 res = shishi_as_process (as->handle, as->asreq, as->asrep,
285 password, &kdcreppart);
286 else
287 res = shishi_kdc_process (as->handle, as->asreq, as->asrep, key,
288 SHISHI_KEYUSAGE_ENCASREPPART, &kdcreppart);
289 if (res != SHISHI_OK)
290 return res;
291
292 if (VERBOSE (as->handle))
293 printf ("Got EncKDCRepPart...\n");
294
295 if (VERBOSEASN1 (as->handle))
296 shishi_enckdcreppart_print (as->handle, stdout, kdcreppart);
297
298 res = shishi_kdcrep_get_ticket (as->handle, as->asrep, &ticket);
299 if (res != SHISHI_OK)
300 {
301 shishi_error_printf (as->handle,
302 "Could not extract ticket from AS-REP: %s",
303 shishi_error (as->handle));
304 return res;
305 }
306
307 if (VERBOSE (as->handle))
308 printf ("Got Ticket...\n");
309
310 if (VERBOSEASN1 (as->handle))
311 shishi_ticket_print (as->handle, stdout, ticket);
312
313 /* XXX */
314 as->tkt = shishi_tkt2 (as->handle, ticket, kdcreppart, as->asrep);
315
316 return SHISHI_OK;
317 }
318
319 /**
320 * shishi_as_rep_build:
321 * @as: structure that holds information about AS exchange
322 * @key: user's key, used to encrypt the encrypted part of the AS-REP.
323 *
324 * Build AS-REP.
325 *
326 * Return value: Returns SHISHI_OK iff successful.
327 **/
328 int
329 shishi_as_rep_build (Shishi_as * as, Shishi_key * key)
330 {
331 int rc;
332
333 /* XXX there are reasons for having padata in AS-REP */
334 rc = shishi_kdcrep_clear_padata (as->handle, as->asrep);
335 if (rc != SHISHI_OK)
336 return rc;
337
338 rc = shishi_enckdcreppart_populate_encticketpart
339 (as->handle, shishi_tkt_enckdcreppart (as->tkt),
340 shishi_tkt_encticketpart (as->tkt));
341 if (rc != SHISHI_OK)
342 return rc;
343
344 rc = shishi_kdc_copy_nonce (as->handle, as->asreq,
345 shishi_tkt_enckdcreppart (as->tkt));
346 if (rc != SHISHI_OK)
347 return rc;
348
349 rc = shishi_kdcrep_add_enc_part (as->handle,
350 as->asrep,
351 key,
352 SHISHI_KEYUSAGE_ENCASREPPART,
353 shishi_tkt_enckdcreppart (as->tkt));
354 if (rc != SHISHI_OK)
355 return rc;
356
357 rc = shishi_kdcrep_set_ticket (as->handle, as->asrep,
358 shishi_tkt_ticket (as->tkt));
359 if (rc != SHISHI_OK)
360 return rc;
361
362 rc = shishi_kdc_copy_crealm (as->handle, as->asrep,
363 shishi_tkt_encticketpart (as->tkt));
364 if (rc != SHISHI_OK)
365 return rc;
366
367 rc = shishi_kdc_copy_cname (as->handle, as->asrep,
368 shishi_tkt_encticketpart (as->tkt));
369 if (rc != SHISHI_OK)
370 return rc;
371
372 return SHISHI_OK;
373 }
374
375 /**
376 * shishi_as_rep_der:
377 * @as: structure that holds information about AS exchange
378 * @out: output array with newly allocated DER encoding of AS-REP.
379 * @outlen: length of output array with DER encoding of AS-REP.
380 *
381 * DER encode AS-REP. @out is allocated by this function, and it is
382 * the responsibility of caller to deallocate it.
383 *
384 * Return value: Returns SHISHI_OK iff successful.
385 **/
386 int
387 shishi_as_rep_der (Shishi_as * as, char **out, size_t * outlen)
388 {
389 int rc;
390
391 rc = shishi_asn1_to_der (as->handle, as->asrep, out, outlen);
392 if (rc != SHISHI_OK)
393 return rc;
394
395 return SHISHI_OK;
396 }
397
398 /**
399 * shishi_as_rep_set:
400 * @as: structure that holds information about AS exchange
401 * @asrep: asrep to store in AS.
402 *
403 * Set the AS-REP in the AS exchange.
404 **/
405 void
406 shishi_as_rep_set (Shishi_as * as, Shishi_asn1 asrep)
407 {
408 if (as->asrep)
409 shishi_asn1_done (as->handle, as->asrep);
410 as->asrep = asrep;
411 }
412
413 /**
414 * shishi_as_rep_der_set:
415 * @as: structure that holds information about AS exchange
416 * @der: input array with DER encoded AP-REP.
417 * @derlen: length of input array with DER encoded AP-REP.
418 *
419 * DER decode AS-REP and set it AS exchange. If decoding fails, the
420 * AS-REP in the AS exchange remains.
421 *
422 * Return value: Returns SHISHI_OK.
423 **/
424 int
425 shishi_as_rep_der_set (Shishi_as * as, char *der, size_t derlen)
426 {
427 Shishi_asn1 asrep;
428
429 asrep = shishi_der2asn1_asrep (as->handle, der, derlen);
430
431 if (asrep == NULL)
432 return SHISHI_ASN1_ERROR;
433
434 as->asrep = asrep;
435
436 return SHISHI_OK;
437 }
438
439 /**
440 * shishi_as_krberror:
441 * @as: structure that holds information about AS exchange
442 *
443 * Get ASN.1 KRB-ERROR structure from AS exchange.
444 *
445 * Return value: Returns the received KRB-ERROR packet from the AS
446 * exchange, or NULL if not yet set or an error occured.
447 **/
448 Shishi_asn1
449 shishi_as_krberror (Shishi_as * as)
450 {
451 return as->krberror;
452 }
453
454 /**
455 * shishi_as_krberror_der:
456 * @as: structure that holds information about AS exchange
457 * @out: output array with newly allocated DER encoding of KRB-ERROR.
458 * @outlen: length of output array with DER encoding of KRB-ERROR.
459 *
460 * DER encode KRB-ERROR. @out is allocated by this function, and it is
461 * the responsibility of caller to deallocate it.
462 *
463 * Return value: Returns SHISHI_OK iff successful.
464 **/
465 int
466 shishi_as_krberror_der (Shishi_as * as, char **out, size_t * outlen)
467 {
468 int rc;
469
470 rc = shishi_krberror_der (as->handle, as->krberror, out, outlen);
471 if (rc != SHISHI_OK)
472 return rc;
473
474 return SHISHI_OK;
475 }
476
477 /**
478 * shishi_as_krberror_set:
479 * @as: structure that holds information about AS exchange
480 * @krberror: krberror to store in AS.
481 *
482 * Set the KRB-ERROR in the AS exchange.
483 **/
484 void
485 shishi_as_krberror_set (Shishi_as * as, Shishi_asn1 krberror)
486 {
487 if (as->krberror)
488 shishi_asn1_done (as->handle, as->krberror);
489 as->krberror = krberror;
490 }
491
492 /**
493 * shishi_as_tkt:
494 * @as: structure that holds information about AS exchange
495 *
496 * Get Ticket in AS exchange.
497 *
498 * Return value: Returns the newly aquired tkt from the AS
499 * exchange, or NULL if not yet set or an error occured.
500 **/
501 Shishi_tkt *
502 shishi_as_tkt (Shishi_as * as)
503 {
504 return as->tkt;
505 }
506
507 /**
508 * shishi_as_tkt_set:
509 * @as: structure that holds information about AS exchange
510 * @tkt: tkt to store in AS.
511 *
512 * Set the Tkt in the AS exchange.
513 **/
514 void
515 shishi_as_tkt_set (Shishi_as * as, Shishi_tkt * tkt)
516 {
517 as->tkt = tkt;
518 }
519
520 /**
521 * shishi_as_sendrecv_hint:
522 * @as: structure that holds information about AS exchange
523 * @hint: additional parameters that modify connection behaviour, or %NULL.
524 *
525 * Send AS-REQ and receive AS-REP or KRB-ERROR. This is the initial
526 * authentication, usually used to acquire a Ticket Granting Ticket.
527 * The @hint structure can be used to set, e.g., parameters for TLS
528 * authentication.
529 *
530 * Return value: Returns SHISHI_OK iff successful.
531 **/
532 int
533 shishi_as_sendrecv_hint (Shishi_as * as, Shishi_tkts_hint * hint)
534 {
535 int res;
536
537 if (VERBOSE (as->handle))
538 printf ("Sending AS-REQ...\n");
539
540 if (VERBOSEASN1 (as->handle))
541 shishi_kdcreq_print (as->handle, stdout, as->asreq);
542
543 res = shishi_kdcreq_sendrecv_hint (as->handle, as->asreq, &as->asrep, hint);
544 if (res == SHISHI_GOT_KRBERROR)
545 {
546 as->krberror = as->asrep;
547 as->asrep = NULL;
548
549 if (VERBOSE (as->handle))
550 printf ("Received KRB-ERROR...\n");
551 if (VERBOSEASN1 (as->handle))
552 shishi_krberror_print (as->handle, stdout, as->krberror);
553 if (VERBOSEASN1(as->handle))
554 shishi_krberror_pretty_print (as->handle, stdout, as->krberror);
555 }
556 if (res != SHISHI_OK)
557 return res;
558
559 if (VERBOSE (as->handle))
560 printf ("Received AS-REP...\n");
561
562 if (VERBOSEASN1 (as->handle))
563 shishi_kdcrep_print (as->handle, stdout, as->asrep);
564
565 return SHISHI_OK;
566 }
567
568 /**
569 * shishi_as_sendrecv:
570 * @as: structure that holds information about AS exchange
571 *
572 * Send AS-REQ and receive AS-REP or KRB-ERROR. This is the initial
573 * authentication, usually used to acquire a Ticket Granting Ticket.
574 *
575 * Return value: Returns SHISHI_OK iff successful.
576 **/
577 int
578 shishi_as_sendrecv (Shishi_as * as)
579 {
580 return shishi_as_sendrecv_hint (as, NULL);
581 }
Free Kerberos V5 implementation