|
↓
|
shishi_krberror_build
|
57
|
85
|
127
|
krberror.c
|
int
shishi_krberror_build (Shishi * handle, Shishi_asn1 krberror)
{
char *t;
size_t tmplen = sizeof (t);
char *tmp;
int32_t errc;
uint32_t usec;
int rc;
rc = shishi_krberror_ctime (handle, krberror, &t);
if (rc != SHISHI_OK &&
rc != SHISHI_ASN1_NO_ELEMENT && rc != SHISHI_ASN1_NO_VALUE)
return rc;
free (t);
if (rc == SHISHI_ASN1_NO_VALUE)
{
rc = shishi_krberror_remove_ctime (handle, krberror);
if (rc != SHISHI_OK)
return rc;
}
rc = shishi_krberror_cusec (handle, krberror, &usec);
if (rc != SHISHI_OK &&
rc != SHISHI_ASN1_NO_ELEMENT && rc != SHISHI_ASN1_NO_VALUE)
return rc;
if (rc == SHISHI_ASN1_NO_VALUE)
{
rc = shishi_krberror_remove_cusec (handle, krberror);
if (rc != SHISHI_OK)
return rc;
}
rc = shishi_krberror_crealm (handle, krberror, &tmp, &tmplen);
if (rc != SHISHI_OK &&
rc != SHISHI_ASN1_NO_ELEMENT && rc != SHISHI_ASN1_NO_VALUE)
return rc;
if (rc == SHISHI_OK)
free (tmp);
if (rc == SHISHI_ASN1_NO_VALUE)
{
rc = shishi_krberror_remove_crealm (handle, krberror);
if (rc != SHISHI_OK)
return rc;
}
rc = shishi_krberror_client (handle, krberror, &tmp, &tmplen);
if (rc != SHISHI_OK &&
rc != SHISHI_ASN1_NO_ELEMENT && rc != SHISHI_ASN1_NO_VALUE)
return rc;
if (rc == SHISHI_OK)
free (tmp);
if (rc == SHISHI_ASN1_NO_VALUE || (rc == SHISHI_OK && tmplen == 0))
{
rc = shishi_krberror_remove_cname (handle, krberror);
if (rc != SHISHI_OK)
return rc;
}
rc = shishi_krberror_realm (handle, krberror, &tmp, &tmplen);
if (rc != SHISHI_OK && rc != SHISHI_ASN1_NO_VALUE)
return rc;
if (rc == SHISHI_OK)
free (tmp);
if (rc == SHISHI_ASN1_NO_VALUE)
{
rc = shishi_krberror_set_realm (handle, krberror, "");
if (rc != SHISHI_OK)
return rc;
}
rc = shishi_krberror_server (handle, krberror, &tmp, &tmplen);
if (rc != SHISHI_OK && rc != SHISHI_ASN1_NO_VALUE)
return rc;
if (rc == SHISHI_OK)
free (tmp);
if (rc == SHISHI_ASN1_NO_VALUE || tmplen == 0)
{
rc = shishi_krberror_remove_sname (handle, krberror);
if (rc != SHISHI_OK)
return rc;
}
rc = shishi_krberror_edata (handle, krberror, &tmp, &tmplen);
if (rc != SHISHI_OK &&
rc != SHISHI_ASN1_NO_ELEMENT && rc != SHISHI_ASN1_NO_VALUE)
return rc;
if (rc == SHISHI_OK)
free (tmp);
if (rc == SHISHI_ASN1_NO_VALUE || (rc == SHISHI_OK && tmplen == 0))
{
rc = shishi_krberror_remove_edata (handle, krberror);
if (rc != SHISHI_OK)
return rc;
}
rc = shishi_krberror_errorcode (handle, krberror, &errc);
if (rc != SHISHI_OK && rc != SHISHI_ASN1_NO_VALUE)
return rc;
if (rc == SHISHI_ASN1_NO_VALUE)
{
rc = shishi_krberror_errorcode_set (handle, krberror,
SHISHI_KRB_ERR_GENERIC);
if (rc != SHISHI_OK)
return rc;
}
rc = shishi_krberror_etext (handle, krberror, &tmp, &tmplen);
if (rc != SHISHI_OK &&
rc != SHISHI_ASN1_NO_ELEMENT && rc != SHISHI_ASN1_NO_VALUE)
return rc;
if (rc == SHISHI_OK)
free (tmp);
if (rc == SHISHI_ASN1_NO_VALUE || (rc == SHISHI_OK && tmplen == 0))
{
if (shishi_krberror_errorcode_fast (handle, krberror) ==
SHISHI_KRB_ERR_GENERIC)
rc = shishi_krberror_set_etext (handle, krberror,
"Uninitialized error");
else
rc = shishi_krberror_remove_etext (handle, krberror);
if (rc != SHISHI_OK)
return rc;
}
return SHISHI_OK;
}
|
|
↓
|
shishi_cfg
|
43
|
138
|
234
|
cfg.c
|
int
shishi_cfg (Shishi * handle, const char *option)
{
char *opt = option ? xstrdup (option) : NULL;
char *p = opt;
char *value;
int res;
size_t i;
while (p != NULL && *p != '\0')
{
switch (getsubopt (&p, (char *const *) _shishi_opts, &value))
{
case KDC_TIMEOUT_OPTION:
if (value && atoi (value) > 0)
handle->kdctimeout = atoi (value);
else if (value)
shishi_warn (handle, "Invalid KDC timeout value: `%s'", value);
else
shishi_warn (handle, "Missing KDC timeout value");
break;
case KDC_RETRIES_OPTION:
if (value && atoi (value) > 0)
handle->kdcretries = atoi (value);
else if (value)
shishi_warn (handle, "Invalid KDC retries value: `%s'", value);
else
shishi_warn (handle, "Missing KDC retries value");
break;
case TICKET_LIFE_OPTION:
{
time_t now = time (NULL);
time_t then = shishi_get_date (value, &now);
int diff = difftime (then, now);
if (value && then != -1 && diff > 0)
handle->ticketlife = diff;
else if (diff <= 0 && diff + 60 * 60 * 24 > 0)
/* Hack to support "17:00" as always meaning the next 17:00. */
handle->ticketlife = 60 * 60 * 24 + diff;
else if (diff <= 0)
shishi_warn (handle, "Negative ticket life date: `%s'", value);
else if (then == -1)
shishi_warn (handle, "Invalid ticket life date: `%s'", value);
else
shishi_warn (handle, "Missing ticket life value");
}
break;
case RENEW_LIFE_OPTION:
{
time_t now = time (NULL);
time_t then = shishi_get_date (value, &now);
int diff = difftime (then, now);
if (value && then != -1 && diff > 0)
handle->renewlife = diff;
else if (diff <= 0)
shishi_warn (handle, "Negative renew life date: `%s'", value);
else if (then == -1)
shishi_warn (handle, "Invalid renew life date: `%s'", value);
else
shishi_warn (handle, "Missing renew life value");
}
break;
case REALM_KDC_OPTION:
{
struct Shishi_realminfo *ri;
char *realm = NULL;
char *protstr;
int transport = UDP;
int add_realm = 1;
realm = xstrdup (value);
for (i = 0; i < handle->nrealminfos; i++)
if (strcmp (realm, handle->realminfos[i].name) == 0)
{
if (handle->realminfos[i].nkdcaddresses > 0 ||
handle->realminfos[i].kdcaddresses)
{
free (handle->realminfos[i].kdcaddresses);
handle->realminfos[i].kdcaddresses = NULL;
handle->realminfos[i].nkdcaddresses = 0;
ri = &handle->realminfos[i];
add_realm = 0;
}
break;
}
if (add_realm)
{
handle->realminfos = xrealloc (handle->realminfos,
(handle->nrealminfos + 1) *
sizeof (*handle->realminfos));
memset (&handle->realminfos[handle->nrealminfos], 0,
sizeof (handle->realminfos[handle->nrealminfos]));
handle->realminfos[handle->nrealminfos].name = realm;
ri = &handle->realminfos[handle->nrealminfos];
handle->nrealminfos++;
}
if ((protstr = strchr (p, '/')))
{
*protstr = '\0';
protstr++;
if (strcasecmp (protstr, "udp") == 0)
transport = UDP;
else if (strcasecmp (protstr, "tcp") == 0)
transport = TCP;
else if (strcasecmp (protstr, "tls") == 0)
transport = TLS;
else
shishi_warn (handle,
"Ignoring unknown KDC transport: %s",
protstr);
}
ri->kdcaddresses = xrealloc (ri->kdcaddresses,
(ri->nkdcaddresses + 1) *
sizeof (*ri->kdcaddresses));
ri->kdcaddresses[ri->nkdcaddresses].transport = transport;
ri->kdcaddresses[ri->nkdcaddresses].hostname = xstrdup (p);
if ((protstr = strchr (value, ':')))
{
*protstr = '\0';
protstr++;
ri->kdcaddresses[ri->nkdcaddresses].port = protstr;
}
else
ri->kdcaddresses[ri->nkdcaddresses].port = NULL;
ri->nkdcaddresses++;
p = NULL; /* Done with suboptions. */
}
break;
case SERVER_REALM_OPTION:
{
struct Shishi_realminfo *ri;
char *subopts, *part, *next;
if (!p || (*p == 0))
{
shishi_warn (handle, "Empty server-realm for '%s'.", value);
break;
}
ri = _shishi_realminfo_new (handle, xstrdup (value));
part = subopts = xstrdup (p); /* List of patterns. */
while (part && *part)
{
next = strchr (part, ',');
if (next)
*(next++) = '\0';
ri->serverwildcards = xrealloc (ri->serverwildcards,
++ri->nserverwildcards *
sizeof (*ri->serverwildcards));
ri->serverwildcards[ri->nserverwildcards - 1] = xstrdup (part);
part = next;
}
p = NULL; /* Done with suboptions. */
}
break;
case DEFAULT_REALM_OPTION:
handle->default_realm = xstrdup (value);
break;
case DEFAULT_PRINCIPAL_OPTION:
handle->default_principal = xstrdup (value);
break;
case CLIENT_KDC_ETYPES_OPTION:
res = shishi_cfg_clientkdcetype_set (handle, value);
if (res != SHISHI_OK)
goto out;
break;
case AUTHORIZATION_TYPES_OPTION:
res = shishi_cfg_authorizationtype_set (handle, value);
if (res != SHISHI_OK)
goto out;
break;
case STRINGPROCESS_OPTION:
free (handle->stringprocess);
handle->stringprocess = xstrdup (value);
break;
case QUICK_RANDOM:
_shishi_quick_random ();
break;
case VERBOSE_OPTION:
handle->verbose = value && atoi (value) ? atoi (value) :
~0 & ~VERBOSES;
break;
case VERBOSE_CRYPTO_NOISE_OPTION:
handle->verbose |= SHISHI_VERBOSE_CRYPTO_NOISE;
break;
case VERBOSE_CRYPTO_OPTION:
handle->verbose |= SHISHI_VERBOSE_CRYPTO;
break;
case VERBOSE_ASN1_OPTION:
handle->verbose |= SHISHI_VERBOSE_ASN1;
break;
case VERBOSE_NOISE_OPTION:
handle->verbose |= SHISHI_VERBOSE_NOISE;
break;
case -1:
if (!value)
break;
/* fall through */
default:
shishi_warn (handle, "Unknown option: `%s'", value);
break;
}
}
res = SHISHI_OK;
out:
free (opt);
return res;
}
|
|
↓
|
shishi_tkts_add_ccache_mem
|
31
|
102
|
189
|
tktccache.c
|
int
shishi_tkts_add_ccache_mem (Shishi * handle,
const char *data, size_t len, Shishi_tkts * tkts)
{
int rc = SHISHI_OK;
struct ccache ccache;
if (VERBOSENOISE (handle))
{
printf ("ccache len %d (0x%x)\n", len, len);
_shishi_hexprint (data, len);
}
rc = ccache_parse (data, len, &ccache);
if (rc < 0)
return SHISHI_CCACHE_ERROR;
if (VERBOSENOISE (handle))
ccache_print (&ccache);
while (ccache.credentialslen)
{
struct ccache_credential cred;
Shishi_tkt *tkt;
Shishi_asn1 ticket;
size_t n;
rc = ccache_parse_credential (ccache.credentials,
ccache.credentialslen, &cred, &n);
if (rc < 0)
return SHISHI_CCACHE_ERROR;
if (VERBOSENOISE (handle))
ccache_print_credential (&cred);
/* Sanity check credential first. */
if (shishi_cipher_keylen (cred.key.keytype) != cred.key.keylen)
continue;
ticket = shishi_der2asn1_ticket (handle, cred.ticket.data,
cred.ticket.length);
if (!ticket)
continue;
/* Let's create a new ticket... */
rc = shishi_tkt (handle, &tkt);
if (rc != SHISHI_OK)
return rc;
shishi_tkt_ticket_set (tkt, ticket);
{
const char *cname[CCACHE_MAX_COMPONENTS + 1];
size_t i;
for (i = 0; i < cred.client.num_components
&& i < CCACHE_MAX_COMPONENTS; i++)
cname[i] = cred.client.components[i].data;
cname[i] = NULL;
rc = shishi_kdcrep_crealm_set (handle,
shishi_tkt_kdcrep (tkt),
cred.client.realm.data);
if (rc != SHISHI_OK)
return rc;
rc = shishi_kdcrep_cname_set (handle,
shishi_tkt_kdcrep (tkt),
cred.client.name_type, cname);
if (rc != SHISHI_OK)
return rc;
}
{
char *sname[CCACHE_MAX_COMPONENTS + 1];
size_t i;
for (i = 0; i < cred.server.num_components
&& i < CCACHE_MAX_COMPONENTS; i++)
sname[i] = cred.server.components[i].data;
sname[i] = NULL;
rc = shishi_enckdcreppart_srealm_set (handle,
shishi_tkt_enckdcreppart (tkt),
cred.server.realm.data);
if (rc != SHISHI_OK)
return rc;
rc = shishi_enckdcreppart_sname_set (handle,
shishi_tkt_enckdcreppart (tkt),
cred.server.name_type, sname);
if (rc != SHISHI_OK)
return rc;
}
rc = shishi_tkt_flags_set (tkt, cred.tktflags);
if (rc != SHISHI_OK)
return rc;
rc = shishi_enckdcreppart_authtime_set
(handle,
shishi_tkt_enckdcreppart (tkt),
shishi_generalize_time (handle, cred.authtime));
if (rc != SHISHI_OK)
return rc;
rc = shishi_enckdcreppart_starttime_set
(handle,
shishi_tkt_enckdcreppart (tkt),
cred.starttime ? shishi_generalize_time (handle, cred.starttime)
: NULL);
if (rc != SHISHI_OK)
return rc;
rc = shishi_enckdcreppart_endtime_set
(handle,
shishi_tkt_enckdcreppart (tkt),
shishi_generalize_time (handle, cred.endtime));
if (rc != SHISHI_OK)
return rc;
rc = shishi_enckdcreppart_renew_till_set
(handle,
shishi_tkt_enckdcreppart (tkt),
cred.renew_till ? shishi_generalize_time (handle, cred.renew_till)
: NULL);
if (rc != SHISHI_OK)
return rc;
{
uint32_t nonce = 0;
rc = shishi_enckdcreppart_nonce_set (handle,
shishi_tkt_enckdcreppart (tkt),
nonce);
if (rc != SHISHI_OK)
return rc;
}
rc = shishi_kdcrep_set_ticket (handle, shishi_tkt_kdcrep (tkt),
shishi_tkt_ticket (tkt));
if (rc != SHISHI_OK)
return rc;
rc = shishi_kdcrep_set_enc_part (handle, shishi_tkt_kdcrep (tkt),
0, 0, "", 0);
if (rc != SHISHI_OK)
return rc;
/* Add key. */
{
Shishi_key *key;
rc = shishi_key (handle, &key);
if (rc != SHISHI_OK)
return rc;
shishi_key_type_set (key, cred.key.keytype);
shishi_key_value_set (key, cred.key.keyvalue);
rc = shishi_tkt_key_set (tkt, key);
if (rc != SHISHI_OK)
return rc;
shishi_key_done (key);
}
/* Add new ticket to the set... */
rc = shishi_tkts_add (tkts, tkt);
if (rc != SHISHI_OK)
return rc;
ccache.credentials += n;
ccache.credentialslen -= n;
}
#if 0
{
char *data;
size_t len;
rc = shishi_tkts_to_ccache_mem (handle, tkts, &data, &len);
printf ("gaah res %d\n", rc);
}
#endif
return rc;
}
|
|
↓
|
parse_credential
|
27
|
80
|
116
|
ccache.c
|
static int
parse_credential (const char **data, size_t * len,
struct ccache_credential *out)
{
uint32_t num_address;
uint32_t num_authdata;
int rc;
rc = parse_principal (data, len, &out->client);
if (rc < 0)
return rc;
/* Make sure the last component is zero terminated. This limits the
next name-type to 2^24 bytes. */
if (*len > 0 && **(char **) data != '\0')
return -1;
rc = parse_principal (data, len, &out->server);
if (rc < 0)
return rc;
/* Make sure the last component is zero terminated. This limits the
next key-type to lower 1 byte. */
if (*len > 0 && **(char **) data != '\0')
return -1;
rc = get_uint16 (data, len, &out->key.keytype);
if (rc < 0)
return rc;
rc = get_uint16 (data, len, &out->key.etype);
if (rc < 0)
return rc;
rc = get_uint16 (data, len, &out->key.keylen);
if (rc < 0)
return rc;
if (*len < out->key.keylen)
return -1;
out->key.keyvalue = (char *) *data;
*data += out->key.keylen;
*len -= out->key.keylen;
rc = get_uint32 (data, len, &out->authtime);
if (rc < 0)
return rc;
rc = get_uint32 (data, len, &out->starttime);
if (rc < 0)
return rc;
rc = get_uint32 (data, len, &out->endtime);
if (rc < 0)
return rc;
rc = get_uint32 (data, len, &out->renew_till);
if (rc < 0)
return rc;
rc = get_uint8 (data, len, &out->is_skey);
if (rc < 0)
return rc;
rc = get_uint32_swapped (data, len, &out->tktflags);
if (rc < 0)
return rc;
rc = get_uint32 (data, len, &num_address);
if (rc < 0)
return rc;
for (; num_address; num_address--)
{
/* XXX Don't just skip data. */
rc = skip_address (data, len);
if (rc < 0)
return rc;
}
rc = get_uint32 (data, len, &num_authdata);
if (rc < 0)
return rc;
for (; num_authdata; num_authdata--)
{
/* XXX Don't just skip data. */
rc = skip_authdata (data, len);
if (rc < 0)
return rc;
}
rc = get_uint32 (data, len, &out->ticket.length);
if (rc < 0)
return rc;
if (*len < out->ticket.length)
return -1;
out->ticket.data = (char *) *data;
*data += out->ticket.length;
*len -= out->ticket.length;
rc = get_uint32 (data, len, &out->second_ticket.length);
if (rc < 0)
return rc;
if (*len < out->second_ticket.length)
return -1;
out->second_ticket.data = (char *) *data;
*data += out->second_ticket.length;
*len -= out->second_ticket.length;
return 0;
}
|
|
↓
|
shishi_tkt_pretty_print
|
26
|
75
|
102
|
tkt.c
|
void
shishi_tkt_pretty_print (Shishi_tkt * tkt, FILE * fh)
{
char *buf;
char *p;
size_t buflen;
int keytype, etype;
uint32_t flags;
int res;
time_t t;
time_t now = time (NULL);
res = shishi_tkt_clientrealm (tkt, &buf, &buflen);
if (res == SHISHI_OK)
{
fprintf (fh, "%s:\n", buf);
free (buf);
}
else
fprintf (fh, ":\n");
t = shishi_tkt_authctime (tkt);
fprintf (fh, _("Authtime:\t%s"), ctime (&t));
t = shishi_tkt_startctime (tkt);
if (t != (time_t) - 1)
{
p = ctime (&t);
p[strlen (p) - 1] = '\0';
fprintf (fh, _("Starttime:\t%s"), p);
if (t > now)
fprintf (fh, " NOT YET VALID");
fprintf (fh, "\n");
}
t = shishi_tkt_endctime (tkt);
if (t != (time_t) - 1)
{
p = ctime (&t);
p[strlen (p) - 1] = '\0';
fprintf (fh, _("Endtime:\t%s"), p);
if (t < now)
fprintf (fh, " EXPIRED");
fprintf (fh, "\n");
}
t = shishi_tkt_renew_tillc (tkt);
if (t != (time_t) - 1)
fprintf (fh, _("Renewable till:\t%s"), ctime (&t));
res = shishi_tkt_server (tkt, &buf, NULL);
if (res == SHISHI_OK)
{
res = shishi_ticket_get_enc_part_etype (tkt->handle, tkt->ticket,
&keytype);
if (res == SHISHI_OK)
fprintf (fh, _("Server:\t\t%s key %s (%d)\n"), buf,
shishi_cipher_name (keytype), keytype);
free (buf);
}
res = shishi_tkt_keytype (tkt, &keytype);
if (res == SHISHI_OK)
res = shishi_kdcrep_get_enc_part_etype (tkt->handle, tkt->kdcrep, &etype);
if (res == SHISHI_OK)
fprintf (fh, _("Ticket key:\t%s (%d) protected by %s (%d)\n"),
shishi_cipher_name (keytype), keytype,
shishi_cipher_name (etype), etype);
res = shishi_tkt_flags (tkt, &flags);
if (res == SHISHI_OK && flags)
{
fprintf (fh, _("Ticket flags:\t"));
if (shishi_tkt_forwardable_p (tkt))
fprintf (fh, "FORWARDABLE ");
if (shishi_tkt_forwarded_p (tkt))
fprintf (fh, "FORWARDED ");
if (shishi_tkt_proxiable_p (tkt))
fprintf (fh, "PROXIABLE ");
if (shishi_tkt_proxy_p (tkt))
fprintf (fh, "PROXY ");
if (shishi_tkt_may_postdate_p (tkt))
fprintf (fh, "MAYPOSTDATE ");
if (shishi_tkt_postdated_p (tkt))
fprintf (fh, "POSTDATED ");
if (shishi_tkt_invalid_p (tkt))
fprintf (fh, "INVALID ");
if (shishi_tkt_renewable_p (tkt))
fprintf (fh, "RENEWABLE ");
if (shishi_tkt_initial_p (tkt))
fprintf (fh, "INITIAL ");
if (shishi_tkt_pre_authent_p (tkt))
fprintf (fh, "PREAUTHENT ");
if (shishi_tkt_hw_authent_p (tkt))
fprintf (fh, "HWAUTHENT ");
if (shishi_tkt_transited_policy_checked_p (tkt))
fprintf (fh, "TRANSITEDPOLICYCHECKED ");
if (shishi_tkt_ok_as_delegate_p (tkt))
fprintf (fh, "OKASDELEGATE ");
fprintf (fh, "(%d)\n", flags);
}
}
|
|
↓
|
shishi_keys_add_keytab_mem
|
24
|
104
|
201
|
keytab.c
|
int
shishi_keys_add_keytab_mem (Shishi * handle,
const char *data, size_t len, Shishi_keys * keys)
{
int rc;
uint16_t file_format_version;
size_t entrystartpos;
uint16_t num_components; /* sub 1 if version 0x501 */
size_t i;
Shishi_key *key;
if (VERBOSENOISE (handle))
{
printf ("keytab len %d (0x%x)\n", len, len);
_shishi_hexprint (data, len);
}
/* Check file format. */
file_format_version = (data[0] << 8) | data[1];
if (VERBOSENOISE (handle))
printf ("keytab file_format_version %04X\n", file_format_version);
if (file_format_version != 0x0501 && file_format_version != 0x0502)
return SHISHI_KEYTAB_ERROR;
/* Check file integrity first, to avoid error-checking below. */
entrystartpos = 2;
while (entrystartpos < len)
{
int32_t size = data[entrystartpos] << 24 | data[entrystartpos + 1] << 16
| data[entrystartpos + 2] << 8 | data[entrystartpos + 3];
entrystartpos += 4;
if (VERBOSENOISE (handle))
{
printf ("keytab size %d (%x)\n", size, size);
printf ("keytab pos %d < %d\n", entrystartpos + size, len);
}
if (entrystartpos + size > len)
return SHISHI_KEYTAB_ERROR;
/* Go to next entry... */
entrystartpos += size;
}
if (entrystartpos != len)
return SHISHI_KEYTAB_ERROR;
rc = shishi_key (handle, &key);
if (rc != SHISHI_OK)
return rc;
entrystartpos = 2;
while (entrystartpos < len)
{
size_t pos = entrystartpos;
uint16_t size = data[pos] << 24 | data[pos + 1] << 16
| data[pos + 2] << 8 | data[pos + 3];
pos += 4;
if (VERBOSENOISE (handle))
printf ("keytab size %d (%x)\n", size, size);
/* Num_components */
num_components = data[pos] << 8 | data[pos + 1];
pos += 2;
if (file_format_version == 0x0501)
num_components--;
/* Realm */
{
uint16_t realmlen = data[pos] << 8 | data[pos + 1];
char *realm = xstrndup (&data[pos + 2], realmlen);;
pos += 2 + realmlen;
shishi_key_realm_set (key, realm);
free (realm);
}
/* Principal components. */
{
char *name = NULL;
size_t namelen = 0;
for (i = 0; i < num_components; i++)
{
size_t l;
l = data[pos] << 8 | data[pos + 1];
pos += 2;
name = xrealloc (name, namelen + l + 1);
memcpy (name + namelen, &data[pos], l);
name[namelen + l] = '/';
namelen += l + 1;
pos += l;
}
name[namelen - 1] = '\0';
shishi_key_principal_set (key, name);
free (name);
}
/* Name_type */
{
uint32_t name_type /* not present if version 0x501 */
= data[pos] << 24 | data[pos + 1] << 16
| data[pos + 2] << 8 | data[pos + 3];
pos += 4;
if (VERBOSENOISE (handle))
printf ("keytab nametype %d (0x%08x)\n", name_type, name_type);
}
/* Timestamp */
{
uint32_t timestamp =
((data[pos] << 24) & 0xFF000000)
| ((data[pos + 1] << 16) & 0xFF0000)
| ((data[pos + 2] << 8) & 0xFF00) | ((data[pos + 3] & 0xFF));
time_t t = timestamp;
pos += 4;
if (VERBOSENOISE (handle))
printf ("keytab timestamp %u (0x%08ux)\n", timestamp, timestamp);
shishi_key_timestamp_set (key, t);
}
/* keyvno8 */
{
uint8_t vno8 = data[pos++];
if (VERBOSENOISE (handle))
printf ("keytab kvno8 %d (0x%02x)\n", vno8, vno8);
shishi_key_version_set (key, vno8);
}
/* key, keytype */
{
uint32_t keytype = data[pos] << 8 | data[pos + 1];
pos += 2;
if (VERBOSENOISE (handle))
printf ("keytab keytype %d (0x%x)\n", keytype, keytype);
shishi_key_type_set (key, keytype);
}
/* key, length and data */
{
uint16_t keylen = data[pos] << 8 | data[pos + 1];
pos += 2;
if (VERBOSENOISE (handle))
printf ("keytab keylen %d (0x%x) eq? %d\n", keylen, keylen,
shishi_key_length (key));
if (VERBOSENOISE (handle))
_shishi_hexprint (data + pos, keylen);
shishi_key_value_set (key, data + pos);
pos += keylen;
}
if (pos - entrystartpos < (size_t) size + 4)
{
uint32_t vno /* only present if >= 4 bytes left in entry */
= data[pos] << 24 | data[pos + 1] << 16
| data[pos + 2] << 8 | data[pos + 3];
pos += 4;
if (VERBOSENOISE (handle))
printf ("keytab kvno %d (0x%08x)\n", vno, vno);
shishi_key_version_set (key, vno);
}
if (VERBOSECRYPTONOISE (handle))
shishi_key_print (handle, stdout, key);
rc = shishi_keys_add (keys, key);
if (rc != SHISHI_OK)
goto done;
/* Go to next entry... */
entrystartpos += size + 4;
}
rc = SHISHI_OK;
done:
shishi_key_done (key);
return rc;
}
|
|
↓
|
_shishi_sendrecv_tls1
|
22
|
75
|
141
|
starttls.c
|
static int
_shishi_sendrecv_tls1 (Shishi * handle,
int sockfd,
gnutls_session session,
const char *indata, size_t inlen,
char **outdata, size_t * outlen,
size_t timeout, bool have_cas)
{
int ret;
ssize_t bytes_sent, bytes_read;
char extbuf[STARTTLS_LEN + 1];
static size_t session_data_size = 0;
static void *session_data = NULL;
char tmpbuf[4];
unsigned int status;
bytes_sent = write (sockfd, STARTTLS_CLIENT_REQUEST, STARTTLS_LEN);
if (bytes_sent != STARTTLS_LEN)
return SHISHI_SENDTO_ERROR;
bytes_read = read (sockfd, extbuf, sizeof (extbuf));
if (bytes_read != STARTTLS_LEN ||
memcmp (extbuf, STARTTLS_SERVER_ACCEPT, STARTTLS_LEN) != 0)
return SHISHI_RECVFROM_ERROR;
gnutls_transport_set_ptr (session, (gnutls_transport_ptr)
(unsigned long) sockfd);
if (session_data_size > 0)
gnutls_session_set_data (session, session_data, session_data_size);
ret = gnutls_handshake (session);
if (ret < 0)
{
shishi_error_printf (handle, "TLS handshake failed (%d): %s",
ret, gnutls_strerror (ret));
return SHISHI_RECVFROM_ERROR;
}
if (gnutls_session_is_resumed (session) != 0)
shishi_error_printf (handle, "TLS handshake completed (resumed)");
else
shishi_error_printf (handle, "TLS handshake completed (not resumed)");
if (have_cas)
{
ret = gnutls_certificate_verify_peers2 (session, &status);
if (ret != 0 || status != 0)
{
shishi_error_printf (handle,
"TLS verification of CA failed (%d/%d)", ret,
status);
return SHISHI_RECVFROM_ERROR;
}
/* XXX: We need to verify the CA cert further here. */
}
if (session_data_size == 0)
{
ret = gnutls_session_get_data (session, NULL, &session_data_size);
if (ret < 0)
{
shishi_error_printf (handle, "TLS gsgd(1) failed (%d): %s",
ret, gnutls_strerror (ret));
return SHISHI_RECVFROM_ERROR;
}
session_data = xmalloc (session_data_size);
ret = gnutls_session_get_data (session, session_data,
&session_data_size);
if (ret < 0)
{
shishi_error_printf (handle, "TLS gsgd(2) failed (%d): %s",
ret, gnutls_strerror (ret));
return SHISHI_RECVFROM_ERROR;
}
}
tmpbuf[3] = inlen & 0xFF;
tmpbuf[2] = (inlen >> 8) & 0xFF;
tmpbuf[1] = (inlen >> 16) & 0xFF;
tmpbuf[0] = (inlen >> 24) & 0xFF;
bytes_sent = gnutls_record_send (session, tmpbuf, 4);
if (bytes_sent != 4)
{
shishi_error_printf (handle, "Bad TLS write (%d < 4)", bytes_sent);
return SHISHI_SENDTO_ERROR;
}
bytes_sent = gnutls_record_send (session, indata, inlen);
if (bytes_sent != (ssize_t) inlen)
{
shishi_error_printf (handle, "Bad TLS write (%d < %d)",
bytes_sent, inlen);
return SHISHI_SENDTO_ERROR;
}
bytes_read = gnutls_record_recv (session, tmpbuf, 4);
if (bytes_read != 4)
{
shishi_error_printf (handle, "Bad TLS read (%d < 4)", bytes_read);
return SHISHI_SENDTO_ERROR;
}
/* XXX sanities input. */
*outlen = C2I (tmpbuf);
*outdata = xmalloc (*outlen);
bytes_read = gnutls_record_recv (session, *outdata, *outlen);
if (bytes_read == 0)
{
shishi_error_printf (handle, "Peer has closed the TLS connection");
free (*outdata);
return SHISHI_RECVFROM_ERROR;
}
else if (bytes_read < 0)
{
shishi_error_printf (handle, "TLS Error (%d): %s",
ret, gnutls_strerror (ret));
free (*outdata);
return SHISHI_RECVFROM_ERROR;
}
else if (bytes_read != (ssize_t) * outlen)
{
shishi_error_printf (handle, "TLS Read error (%d != %d)",
*outlen, bytes_read);
free (*outdata);
return SHISHI_RECVFROM_ERROR;
}
do
ret = gnutls_bye (session, GNUTLS_SHUT_RDWR);
while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
if (ret != GNUTLS_E_SUCCESS)
shishi_error_printf (handle, "TLS Disconnected failed (%d): %s",
ret, gnutls_strerror (ret));
return SHISHI_OK;
}
|
|
↓
|
des_string_to_key
|
22
|
117
|
179
|
crypto-des.c
|
static int
des_string_to_key (Shishi * handle,
const char *string,
size_t stringlen,
const char *salt,
size_t saltlen, const char *parameter, Shishi_key * outkey)
{
char *s;
int n_s;
int odd;
char tempkey[8];
char *p;
int i, j;
char temp, temp2;
int res;
if (VERBOSECRYPTO (handle))
{
printf ("des_string_to_key (string, salt)\n");
printf ("\t ;; String:\n");
_shishi_escapeprint (string, stringlen);
_shishi_hexprint (string, stringlen);
printf ("\t ;; Salt:\n");
_shishi_escapeprint (salt, saltlen);
_shishi_hexprint (salt, saltlen);
}
if (VERBOSECRYPTONOISE (handle))
{
printf ("odd = 1;\n");
printf ("s = string | salt;\n");
printf ("tempstring = 0; /* 56-bit string */\n");
printf ("pad(s); /* with nulls to 8 byte boundary */\n");
}
odd = 1;
n_s = stringlen + saltlen;
if ((n_s % 8) != 0)
n_s += 8 - n_s % 8;
s = xmalloc (n_s);
memcpy (s, string, stringlen);
if (saltlen > 0)
memcpy (s + stringlen, salt, saltlen);
memset (s + stringlen + saltlen, 0, n_s - stringlen - saltlen);
memset (tempkey, 0, sizeof (tempkey)); /* tempkey = NULL; */
if (VERBOSECRYPTONOISE (handle))
{
printf ("\t ;; s = pad(string|salt):\n");
_shishi_escapeprint (s, n_s);
_shishi_hexprint (s, n_s);
}
for (i = 0; i < n_s / 8; i++)
{
if (VERBOSECRYPTONOISE (handle))
{
printf ("for (8byteblock in s) {\n");
printf ("\t ;; loop iteration %d\n", i);
printf ("\t ;; 8byteblock:\n");
_shishi_escapeprint (&s[i * 8], 8);
_shishi_hexprint (&s[i * 8], 8);
_shishi_binprint (&s[i * 8], 8);
printf ("56bitstring = removeMSBits(8byteblock);\n");
}
for (j = 0; j < 8; j++)
s[i * 8 + j] = s[i * 8 + j] & ~0x80;
if (VERBOSECRYPTONOISE (handle))
{
printf ("\t ;; 56bitstring:\n");
_shishi_bin7print (&s[i * 8], 8);
printf ("if (odd == 0) reverse(56bitstring);\t ;; odd=%d\n", odd);
}
if (odd == 0)
{
for (j = 0; j < 4; j++)
{
temp = s[i * 8 + j];
temp =
((temp >> 6) & 0x01) |
((temp >> 4) & 0x02) |
((temp >> 2) & 0x04) |
((temp) & 0x08) |
((temp << 2) & 0x10) |
((temp << 4) & 0x20) | ((temp << 6) & 0x40);
temp2 = s[i * 8 + 7 - j];
temp2 =
((temp2 >> 6) & 0x01) |
((temp2 >> 4) & 0x02) |
((temp2 >> 2) & 0x04) |
((temp2) & 0x08) |
((temp2 << 2) & 0x10) |
((temp2 << 4) & 0x20) | ((temp2 << 6) & 0x40);
s[i * 8 + j] = temp2;
s[i * 8 + 7 - j] = temp;
}
if (VERBOSECRYPTONOISE (handle))
{
printf ("reverse(56bitstring)\n");
printf ("\t ;; 56bitstring after reverse\n");
_shishi_bin7print (&s[i * 8], 8);
}
}
odd = !odd;
if (VERBOSECRYPTONOISE (handle))
{
printf ("odd = ! odd\n");
printf ("tempstring = tempstring XOR 56bitstring;\n");
}
/* tempkey = tempkey XOR 8byteblock; */
for (j = 0; j < 8; j++)
tempkey[j] ^= s[i * 8 + j];
if (VERBOSECRYPTONOISE (handle))
{
printf ("\t ;; tempstring\n");
_shishi_bin7print (tempkey, 8);
}
}
for (j = 0; j < 8; j++)
tempkey[j] = tempkey[j] << 1;
if (VERBOSECRYPTONOISE (handle))
{
printf ("for (8byteblock in s) {\n");
printf ("}\n");
printf ("\t ;; for loop terminated\n");
printf ("\t ;; tempstring as 64bitblock\n");
_shishi_hexprint (tempkey, 8);
_shishi_binprint (tempkey, 8);
printf ("/* add parity as low bit of each byte */\n");
printf ("tempkey = key_correction(add_parity_bits(tempstring));\n");
}
des_key_correction (handle, tempkey);
if (VERBOSECRYPTONOISE (handle))
{
printf ("\t ;; tempkey\n");
_shishi_escapeprint (tempkey, 8);
_shishi_hexprint (tempkey, 8);
_shishi_binprint (tempkey, 8);
printf ("key = key_correction(DES-CBC-check(s,tempkey));\n");
}
memcpy (s, string, stringlen);
if (saltlen > 0)
memcpy (s + stringlen, salt, saltlen);
memset (s + stringlen + saltlen, 0, n_s - stringlen - saltlen);
res = shishi_des_cbc_mac (handle, tempkey, tempkey, s, n_s, &p);
if (res != SHISHI_OK)
return res;
free (s);
memcpy (tempkey, p, 8);
free (p);
des_key_correction (handle, tempkey);
if (VERBOSECRYPTO (handle))
{
printf ("\t ;; key\n");
_shishi_escapeprint (tempkey, 8);
_shishi_hexprint (tempkey, 8);
_shishi_binprint (tempkey, 8);
}
shishi_key_value_set (outkey, tempkey);
return SHISHI_OK;
}
|
|
↓
|
shishi_tkt_to_ccache_mem
|
21
|
86
|
149
|
tktccache.c
|
int
shishi_tkt_to_ccache_mem (Shishi * handle,
Shishi_tkt * tkt, char **data, size_t * len)
{
#if 0
struct ccache_credential cred;
char tmp[1024];
size_t i;
int rc;
memset (&cred, 0, sizeof (cred));
rc = shishi_asn1_to_der (handle, shishi_tkt_ticket (tkt),
&cred.ticket.data, &cred.ticket.length);
if (rc != SHISHI_OK)
return rc;
/* Sanity check credential first. */
if (shishi_key_length (shishi_tkt_key (tkt)) > CCACHE_MAX_KEYLEN)
return SHISHI_CCACHE_ERROR;
rc = shishi_asn1_read (handle, shishi_tkt_kdcrep (tkt), "crealm",
&cred.client.realm.data, &cred.client.realm.length);
if (rc != SHISHI_OK)
return rc;
rc = shishi_asn1_read (handle, shishi_tkt_enckdcreppart (tkt), "srealm",
&cred.server.realm.data, &cred.server.realm.length);
if (rc != SHISHI_OK)
return rc;
return SHISHI_OK;
#if 0
{
char *cname[CCACHE_MAX_COMPONENTS + 1];
size_t i;
for (i = 0; i < cred.client.num_components
&& i < CCACHE_MAX_COMPONENTS; i++)
cname[i] = cred.client.components[i].data;
cname[i] = NULL;
rc = shishi_kdcrep_crealm_set (handle,
shishi_tkt_kdcrep (tkt),
cred.client.realm.data);
if (rc != SHISHI_OK)
return rc;
rc = shishi_kdcrep_cname_set (handle,
shishi_tkt_kdcrep (tkt),
cred.client.name_type, cname);
if (rc != SHISHI_OK)
return rc;
}
{
char *sname[CCACHE_MAX_COMPONENTS + 1];
size_t i;
for (i = 0; i < cred.server.num_components
&& i < CCACHE_MAX_COMPONENTS; i++)
sname[i] = cred.server.components[i].data;
sname[i] = NULL;
rc = shishi_enckdcreppart_srealm_set (handle,
shishi_tkt_enckdcreppart (tkt),
cred.server.realm.data);
if (rc != SHISHI_OK)
return rc;
rc = shishi_enckdcreppart_sname_set (handle,
shishi_tkt_enckdcreppart (tkt),
cred.server.name_type, sname);
if (rc != SHISHI_OK)
return rc;
}
#endif
rc = shishi_tkt_flags (tkt, &cred.tktflags);
if (rc != SHISHI_OK)
return rc;
{
time_t t;
rc = shishi_ctime (handle, shishi_tkt_enckdcreppart (tkt),
"authtime", &t);
if (rc != SHISHI_OK)
return rc;
cred.authtime = t;
}
{
time_t t;
rc = shishi_ctime (handle, shishi_tkt_enckdcreppart (tkt),
"starttime", &t);
if (rc == SHISHI_ASN1_NO_ELEMENT)
cred.starttime = 0;
else if (rc != SHISHI_OK)
return rc;
cred.starttime = t;
}
{
time_t t;
rc = shishi_ctime (handle, shishi_tkt_enckdcreppart (tkt), "endtime", &t);
if (rc != SHISHI_OK)
return rc;
cred.endtime = t;
}
{
time_t t;
rc = shishi_ctime (handle, shishi_tkt_enckdcreppart (tkt),
"renew-till", &t);
if (rc == SHISHI_ASN1_NO_ELEMENT)
cred.renew_till = 0;
else if (rc != SHISHI_OK)
return rc;
cred.renew_till = t;
}
cred.key.keylen = shishi_key_length (shishi_tkt_key (tkt));
cred.key.keytype = shishi_key_type (shishi_tkt_key (tkt));
memcpy (cred.key.storage, shishi_key_value (shishi_tkt_key (tkt)),
shishi_key_length (shishi_tkt_key (tkt)));
cred.key.keyvalue = &cred.key.storage[0];
i = 1024;
rc = ccache_pack_credential (&cred, tmp, &i);
printf ("rc %d len %d\n", rc, i);
{
struct ccache_credential foo;
size_t n;
rc = ccache_parse_credential (tmp, i, &foo, &n);
if (rc < 0)
return SHISHI_CCACHE_ERROR;
printf ("packed:");
ccache_print_credential (&foo);
}
_shishi_escapeprint (tmp, i);
#endif
return SHISHI_CCACHE_ERROR;
}
|
|
↓
|
shishi_kdcrep_get_ticket
|
21
|
75
|
111
|
kdcrep.c
|
int
shishi_kdcrep_get_ticket (Shishi * handle,
Shishi_asn1 kdcrep, Shishi_asn1 * ticket)
{
char *buf;
char *format;
size_t buflen;
int res;
size_t i, n;
/* there's GOT to be an easier way to do this */
*ticket = shishi_ticket (handle);
if (!*ticket)
return SHISHI_ASN1_ERROR;
res = shishi_asn1_read (handle, kdcrep, "ticket.tkt-vno", &buf, &buflen);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, *ticket, "tkt-vno", buf, buflen);
free (buf);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_read (handle, kdcrep, "ticket.realm", &buf, &buflen);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, *ticket, "realm", buf, buflen);
free (buf);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_read (handle, kdcrep, "ticket.sname.name-type",
&buf, &buflen);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, *ticket, "sname.name-type", buf, buflen);
free (buf);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_number_of_elements (handle, kdcrep,
"ticket.sname.name-string", &n);
if (res != SHISHI_OK)
goto error;
for (i = 1; i <= n; i++)
{
res = shishi_asn1_write (handle, *ticket, "sname.name-string",
"NEW", 1);
if (res != SHISHI_OK)
goto error;
format = xasprintf ("ticket.sname.name-string.?%d", i);
res = shishi_asn1_read (handle, kdcrep, format, &buf, &buflen);
free (format);
if (res != SHISHI_OK)
goto error;
format = xasprintf ("sname.name-string.?%d", i);
res = shishi_asn1_write (handle, *ticket, format, buf, buflen);
free (format);
free (buf);
if (res != SHISHI_OK)
goto error;
}
res = shishi_asn1_read (handle, kdcrep, "ticket.enc-part.etype",
&buf, &buflen);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, *ticket, "enc-part.etype", buf, buflen);
free (buf);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_read (handle, kdcrep, "ticket.enc-part.kvno",
&buf, &buflen);
if (res != SHISHI_OK && res != SHISHI_ASN1_NO_ELEMENT)
goto error;
if (res == SHISHI_ASN1_NO_ELEMENT)
res = shishi_asn1_write (handle, *ticket, "enc-part.kvno", NULL, 0);
else
{
res = shishi_asn1_write (handle, *ticket, "enc-part.kvno", buf, buflen);
free (buf);
}
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_read (handle, kdcrep, "ticket.enc-part.cipher",
&buf, &buflen);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, *ticket, "enc-part.cipher", buf, buflen);
free (buf);
if (res != SHISHI_OK)
goto error;
return SHISHI_OK;
error:
shishi_asn1_done (handle, *ticket);
return res;
}
|
|
↓
|
shishi_apreq_get_ticket
|
21
|
74
|
110
|
apreq.c
|
int
shishi_apreq_get_ticket (Shishi * handle,
Shishi_asn1 apreq, Shishi_asn1 * ticket)
{
char *buf;
char *format;
size_t buflen, i, n;
int res;
/* there's GOT to be an easier way to do this */
*ticket = shishi_ticket (handle);
if (!*ticket)
return SHISHI_ASN1_ERROR;
res = shishi_asn1_read (handle, apreq, "ticket.tkt-vno", &buf, &buflen);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, *ticket, "tkt-vno", buf, buflen);
free (buf);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_read (handle, apreq, "ticket.realm", &buf, &buflen);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, *ticket, "realm", buf, buflen);
free (buf);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_read (handle, apreq, "ticket.sname.name-type",
&buf, &buflen);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, *ticket, "sname.name-type", buf, buflen);
free (buf);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_number_of_elements (handle, apreq,
"ticket.sname.name-string", &n);
if (res != SHISHI_OK)
goto error;
for (i = 1; i <= n; i++)
{
res = shishi_asn1_write (handle, *ticket, "sname.name-string",
"NEW", 1);
if (res != SHISHI_OK)
goto error;
asprintf (&format, "ticket.sname.name-string.?%d", i);
res = shishi_asn1_read (handle, apreq, format, &buf, &buflen);
free (format);
if (res != SHISHI_OK)
goto error;
asprintf (&format, "sname.name-string.?%d", i);
res = shishi_asn1_write (handle, *ticket, format, buf, buflen);
free (format);
free (buf);
if (res != SHISHI_OK)
goto error;
}
res = shishi_asn1_read (handle, apreq, "ticket.enc-part.etype",
&buf, &buflen);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, *ticket, "enc-part.etype", buf, buflen);
free (buf);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_read (handle, apreq, "ticket.enc-part.kvno",
&buf, &buflen);
if (res != SHISHI_OK && res != SHISHI_ASN1_NO_ELEMENT)
goto error;
if (res == SHISHI_ASN1_NO_ELEMENT)
res = shishi_asn1_write (handle, *ticket, "enc-part.kvno", NULL, 0);
else
{
res = shishi_asn1_write (handle, *ticket, "enc-part.kvno", buf, buflen);
free (buf);
}
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_read (handle, apreq, "ticket.enc-part.cipher",
&buf, &buflen);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, *ticket, "enc-part.cipher", buf, buflen);
free (buf);
if (res != SHISHI_OK)
goto error;
return SHISHI_OK;
error:
shishi_asn1_done (handle, *ticket);
return res;
}
|
|
↓
|
act_hint_on_kdcreq
|
21
|
48
|
99
|
tkts.c
|
static int
act_hint_on_kdcreq (Shishi * handle,
Shishi_tkts_hint * hint, Shishi_asn1 kdcreq)
{
time_t starttime = hint->starttime ? hint->starttime : time (NULL);
time_t endtime = hint->endtime ? hint->endtime :
starttime + handle->ticketlife;
time_t renew_till = hint->renew_till ? hint->renew_till :
starttime + handle->renewlife;
int rc;
if (hint->starttime)
{
rc = shishi_asn1_write (handle, kdcreq, "req-body.from",
shishi_generalize_time (handle, starttime), 0);
if (rc != SHISHI_OK)
{
shishi_error_printf (handle, "Cannot set starttime: %s",
shishi_strerror (rc));
return rc;
}
}
if (hint->endtime)
{
rc = shishi_asn1_write (handle, kdcreq, "req-body.till",
shishi_generalize_time (handle, endtime), 0);
if (rc != SHISHI_OK)
{
shishi_error_printf (handle, "Cannot set endtime: %s",
shishi_strerror (rc));
return rc;
}
}
if (hint->tktflags & SHISHI_TICKETFLAGS_FORWARDABLE)
{
rc = shishi_kdcreq_options_add (handle, kdcreq,
SHISHI_KDCOPTIONS_FORWARDABLE);
if (rc != SHISHI_OK)
goto done;
}
if (hint->tktflags & SHISHI_TICKETFLAGS_FORWARDED)
{
rc = shishi_kdcreq_options_add (handle, kdcreq,
SHISHI_KDCOPTIONS_FORWARDED);
if (rc != SHISHI_OK)
goto done;
}
if (hint->tktflags & SHISHI_TICKETFLAGS_RENEWABLE)
{
rc = shishi_kdcreq_options_add (handle, kdcreq,
SHISHI_KDCOPTIONS_RENEWABLE);
if (rc != SHISHI_OK)
goto done;
rc = shishi_asn1_write (handle, kdcreq, "req-body.rtime",
shishi_generalize_time (handle, renew_till), 0);
if (rc != SHISHI_OK)
{
shishi_error_printf (handle, "Cannot set renewtill: %s",
shishi_strerror (rc));
return rc;
}
}
if (hint->tktflags & SHISHI_TICKETFLAGS_PROXIABLE)
{
rc = shishi_kdcreq_options_add (handle, kdcreq,
SHISHI_KDCOPTIONS_PROXIABLE);
if (rc != SHISHI_OK)
goto done;
}
if (hint->tktflags & SHISHI_TICKETFLAGS_PROXY)
{
rc = shishi_kdcreq_options_add (handle, kdcreq,
SHISHI_KDCOPTIONS_PROXY);
if (rc != SHISHI_OK)
goto done;
}
if (hint->etype)
{
rc = shishi_kdcreq_set_etype (handle, kdcreq, &hint->etype, 1);
if (rc != SHISHI_OK)
goto done;
}
return SHISHI_OK;
done:
shishi_error_printf (handle, "Cannot set KDC Options: %s",
shishi_strerror (rc));
return rc;
}
|
|
↓
|
shishi_apreq_set_ticket
|
20
|
69
|
100
|
apreq.c
|
int
shishi_apreq_set_ticket (Shishi * handle, Shishi_asn1 apreq,
Shishi_asn1 ticket)
{
int res;
char *format;
char *buf;
size_t buflen, i, n;
res = shishi_asn1_read (handle, ticket, "tkt-vno", &buf, &buflen);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_write (handle, apreq, "ticket.tkt-vno", buf, buflen);
free (buf);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_read (handle, ticket, "realm", &buf, &buflen);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_write (handle, apreq, "ticket.realm", buf, buflen);
free (buf);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_read (handle, ticket, "sname.name-type", &buf, &buflen);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_write (handle, apreq, "ticket.sname.name-type",
buf, buflen);
free (buf);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_number_of_elements (handle, ticket,
"sname.name-string", &n);
if (res != SHISHI_OK)
return res;
for (i = 1; i <= n; i++)
{
res = shishi_asn1_write (handle, apreq,
"ticket.sname.name-string", "NEW", 1);
if (res != SHISHI_OK)
return res;
asprintf (&format, "sname.name-string.?%d", i);
res = shishi_asn1_read (handle, ticket, format, &buf, &buflen);
free (format);
if (res != SHISHI_OK)
return res;
asprintf (&format, "ticket.sname.name-string.?%d", i);
res = shishi_asn1_write (handle, apreq, format, buf, buflen);
free (format);
free (buf);
if (res != SHISHI_OK)
return res;
}
res = shishi_asn1_read (handle, ticket, "enc-part.etype", &buf, &buflen);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_write (handle, apreq, "ticket.enc-part.etype",
buf, buflen);
free (buf);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_read (handle, ticket, "enc-part.kvno", &buf, &buflen);
if (res != SHISHI_OK && res != SHISHI_ASN1_NO_ELEMENT)
return res;
if (res == SHISHI_ASN1_NO_ELEMENT)
res = shishi_asn1_write (handle, apreq, "ticket.enc-part.kvno", NULL, 0);
else
{
res = shishi_asn1_write (handle, apreq, "ticket.enc-part.kvno",
buf, buflen);
free (buf);
}
if (res != SHISHI_OK)
return res;
res = shishi_asn1_read (handle, ticket, "enc-part.cipher", &buf, &buflen);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_write (handle, apreq, "ticket.enc-part.cipher",
buf, buflen);
free (buf);
if (res != SHISHI_OK)
return res;
return SHISHI_OK;
}
|
|
↓
|
shishi_key_parse
|
20
|
51
|
88
|
diskio.c
|
int
shishi_key_parse (Shishi * handle, FILE * fh, Shishi_key ** key)
{
int lno = 0;
char line[BUFSIZE];
char *b64buffer;
char armorbegin[BUFSIZE];
char armorend[BUFSIZE];
int in_key = 0, in_body = 0;
int res;
Shishi_key *lkey = NULL;
sprintf (armorbegin, HEADERBEG, "KEY");
sprintf (armorend, HEADEREND, "KEY");
while (fgets (line, sizeof (line), fh))
{
lno++;
line[sizeof (line) - 1] = '\0';
if (!*line || line[strlen (line) - 1] != '\n')
{
fprintf (stderr, "input line %u too long or missing LF\n", lno);
continue;
}
line[strlen (line) - 1] = '\0';
if (VERBOSENOISE (handle))
printf ("line %d read %ld bytes: %s\n", lno, strlen (line), line);
if (!in_key)
{
in_key = strncmp (line, armorbegin, strlen (armorbegin)) == 0;
if (in_key)
{
res = shishi_key (handle, &lkey);
if (res != SHISHI_OK)
return res;
}
continue;
}
if (strcmp (line, armorend) == 0)
break;
if (in_body)
{
int ok =
base64_decode_alloc (line, strlen (line), &b64buffer, NULL);
if (!ok)
return SHISHI_BASE64_ERROR;
shishi_key_value_set (lkey, b64buffer);
}
else
{
if (strcmp (line, "") == 0 || strcmp (line, " ") == 0)
in_body = 1;
if (strncmp (line, "Keytype: ", strlen ("Keytype: ")) == 0)
{
int type;
if (sscanf (line, "Keytype: %d (", &type) == 1)
shishi_key_type_set (lkey, type);
}
else if (strncmp (line, "Key-Version-Number: ",
strlen ("Key-Version-Number: ")) == 0)
{
int type;
if (sscanf (line, "Key-Version-Number: %d", &type) == 1)
shishi_key_version_set (lkey, type);
}
else if (strncmp (line, "Realm: ", strlen ("Realm: ")) == 0)
{
shishi_key_realm_set (lkey, line + strlen ("Realm: "));
}
else if (strncmp (line, "Principal: ", strlen ("Principal: ")) == 0)
{
shishi_key_principal_set (lkey, line + strlen ("Principal: "));
}
}
}
if (!lkey)
return SHISHI_OK;
*key = lkey;
return SHISHI_OK;
}
|
|
↓
|
_shishi_sendrecv_tls
|
19
|
68
|
131
|
starttls.c
|
int
_shishi_sendrecv_tls (Shishi * handle,
struct addrinfo *ai,
const char *indata, size_t inlen,
char **outdata, size_t * outlen)
{
gnutls_session session;
gnutls_anon_client_credentials anoncred;
gnutls_certificate_credentials x509cred;
int sockfd;
int ret, outerr;
const char *cafile = shishi_x509ca_default_file (handle);
const char *certfile = shishi_x509cert_default_file (handle);
const char *keyfile = shishi_x509key_default_file (handle);
bool have_cas = false;
sockfd = socket (ai->ai_family, ai->ai_socktype, ai->ai_protocol);
if (sockfd < 0)
{
shishi_error_set (handle, strerror (errno));
return SHISHI_SOCKET_ERROR;
}
if (connect (sockfd, ai->ai_addr, ai->ai_addrlen) != 0)
{
shishi_error_set (handle, strerror (errno));
close (sockfd);
return SHISHI_BIND_ERROR;
}
ret = gnutls_init (&session, GNUTLS_CLIENT);
if (ret != GNUTLS_E_SUCCESS)
{
shishi_error_printf (handle, "TLS init failed (%d): %s",
ret, gnutls_strerror (ret));
return SHISHI_CRYPTO_ERROR;
}
ret = gnutls_priority_set_direct (session, "NORMAL:+ANON-DH", NULL);
if (ret != GNUTLS_E_SUCCESS)
{
shishi_error_printf (handle, "TLS psd failed (%d): %s",
ret, gnutls_strerror (ret));
return SHISHI_CRYPTO_ERROR;
}
ret = gnutls_anon_allocate_client_credentials (&anoncred);
if (ret != GNUTLS_E_SUCCESS)
{
shishi_error_printf (handle, "TLS aacs failed (%d): %s",
ret, gnutls_strerror (ret));
return SHISHI_CRYPTO_ERROR;
}
ret = gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
if (ret != GNUTLS_E_SUCCESS)
{
shishi_error_printf (handle, "TLS cs failed (%d): %s",
ret, gnutls_strerror (ret));
return SHISHI_CRYPTO_ERROR;
}
ret = gnutls_certificate_allocate_credentials (&x509cred);
if (ret != GNUTLS_E_SUCCESS)
{
shishi_error_printf (handle, "TLS cac failed (%d): %s",
ret, gnutls_strerror (ret));
return SHISHI_CRYPTO_ERROR;
}
ret = gnutls_certificate_set_x509_trust_file (x509cred, cafile,
GNUTLS_X509_FMT_PEM);
if (ret != GNUTLS_E_SUCCESS && ret != GNUTLS_E_FILE_ERROR)
{
shishi_error_printf (handle, "TLS csxtf failed (%d): %s",
ret, gnutls_strerror (ret));
return SHISHI_CRYPTO_ERROR;
}
else if (ret == GNUTLS_E_SUCCESS)
{
shishi_error_printf (handle, "Loaded CA certificate");
have_cas = true;
}
ret = gnutls_certificate_set_x509_key_file (x509cred, certfile,
keyfile, GNUTLS_X509_FMT_PEM);
if (ret != GNUTLS_E_SUCCESS && ret != GNUTLS_E_FILE_ERROR)
{
shishi_error_printf (handle, "TLS csxkf failed (%d): %s",
ret, gnutls_strerror (ret));
return SHISHI_CRYPTO_ERROR;
}
else if (ret == GNUTLS_E_SUCCESS)
shishi_error_printf (handle, "Loaded client certificate");
ret = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509cred);
if (ret != GNUTLS_E_SUCCESS)
{
shishi_error_printf (handle, "TLS cs X.509 failed (%d): %s",
ret, gnutls_strerror (ret));
return SHISHI_CRYPTO_ERROR;
}
/* Core part. */
outerr = _shishi_sendrecv_tls1 (handle, sockfd, session, indata, inlen,
outdata, outlen, handle->kdctimeout,
have_cas);
ret = shutdown (sockfd, SHUT_RDWR);
if (ret != 0)
{
shishi_error_printf (handle, "Shutdown failed (%d): %s",
ret, strerror (errno));
if (outerr == SHISHI_OK)
outerr = SHISHI_CLOSE_ERROR;
}
ret = close (sockfd);
if (ret != 0)
{
shishi_error_printf (handle, "Close failed (%d): %s",
ret, strerror (errno));
if (outerr == SHISHI_OK)
outerr = SHISHI_CLOSE_ERROR;
}
gnutls_deinit (session);
gnutls_anon_free_client_credentials (anoncred);
return outerr;
}
|
|
↓
|
pack_credential
|
19
|
62
|
89
|
ccache.c
|
static int
pack_credential (struct ccache_credential *cred, char **out, size_t * len)
{
int rc;
rc = pack_principal (&cred->client, out, len);
if (rc < 0)
return rc;
rc = pack_principal (&cred->server, out, len);
if (rc < 0)
return rc;
rc = put_uint16 (cred->key.keytype, out, len);
if (rc < 0)
return rc;
rc = put_uint16 (cred->key.etype, out, len);
if (rc < 0)
return rc;
rc = put_uint16 (cred->key.keylen, out, len);
if (rc < 0)
return rc;
if (*len < cred->key.keylen)
return -1;
memcpy (*out, cred->key.keyvalue, cred->key.keylen);
*out += cred->key.keylen;
*len -= cred->key.keylen;
rc = put_uint32 (cred->authtime, out, len);
if (rc < 0)
return rc;
rc = put_uint32 (cred->starttime, out, len);
if (rc < 0)
return rc;
rc = put_uint32 (cred->endtime, out, len);
if (rc < 0)
return rc;
rc = put_uint32 (cred->renew_till, out, len);
if (rc < 0)
return rc;
rc = put_uint8 (0, out, len);
if (rc < 0)
return rc;
rc = put_uint32_swapped (cred->tktflags, out, len);
if (rc < 0)
return rc;
/* XXX Write addresses. */
rc = put_uint32 (0, out, len);
if (rc < 0)
return rc;
/* XXX Write auth-data. */
rc = put_uint32 (0, out, len);
if (rc < 0)
return rc;
rc = put_uint32 (cred->ticket.length, out, len);
if (rc < 0)
return rc;
if (*len < cred->ticket.length)
return -1;
memcpy (*out, cred->ticket.data, cred->ticket.length);
*out += cred->ticket.length;
*len -= cred->ticket.length;
rc = put_uint32 (cred->second_ticket.length, out, len);
if (rc < 0)
return rc;
if (*len < cred->second_ticket.length)
return -1;
memcpy (*out, cred->second_ticket.data, cred->second_ticket.length);
*out += cred->second_ticket.length;
*len -= cred->second_ticket.length;
return 0;
}
|
|
↓
|
init_read
|
19
|
33
|
50
|
init.c
|
static int
init_read (Shishi * handle,
const char *tktsfile,
const char *systemcfgfile, const char *usercfgfile)
{
int rc = SHISHI_OK;
/* XXX Is this the correct place for this? */
maybe_install_usercfg (handle);
if (!systemcfgfile)
systemcfgfile = shishi_cfg_default_systemfile (handle);
if (*systemcfgfile)
rc = shishi_cfg_from_file (handle, systemcfgfile);
if (rc == SHISHI_FOPEN_ERROR)
shishi_warn (handle, "%s: %s", systemcfgfile, strerror (errno));
if (rc != SHISHI_OK && rc != SHISHI_FOPEN_ERROR)
return rc;
if (!usercfgfile)
usercfgfile = shishi_cfg_default_userfile (handle);
if (*usercfgfile)
rc = shishi_cfg_from_file (handle, usercfgfile);
if (rc == SHISHI_FOPEN_ERROR)
shishi_warn (handle, "%s: %s", usercfgfile, strerror (errno));
if (rc != SHISHI_OK && rc != SHISHI_FOPEN_ERROR)
return rc;
if (!tktsfile)
tktsfile = shishi_tkts_default_file (handle);
if (!handle->tkts)
rc = shishi_tkts (handle, &handle->tkts);
if (rc != SHISHI_OK)
return rc;
if (*tktsfile)
rc = shishi_tkts_from_file (handle->tkts, tktsfile);
if (rc == SHISHI_FOPEN_ERROR)
shishi_verbose (handle, "%s: %s", tktsfile, strerror (errno));
if (rc != SHISHI_OK && rc != SHISHI_FOPEN_ERROR)
return rc;
if (VERBOSENOISE (handle))
shishi_cfg_print (handle, stderr);
return SHISHI_OK;
}
|
|
↓
|
shishi_tkt_match_p
|
19
|
19
|
38
|
tkts.c
|
int
shishi_tkt_match_p (Shishi_tkt * tkt, Shishi_tkts_hint * hint)
{
if (hint->server && !shishi_tkt_server_p (tkt, hint->server))
return 0;
if (hint->client && !shishi_tkt_client_p (tkt, hint->client))
return 0;
if (!(hint->flags & SHISHI_TKTSHINTFLAGS_ACCEPT_EXPIRED) &&
!shishi_tkt_valid_now_p (tkt))
return 0;
if ((hint->tktflags & SHISHI_TICKETFLAGS_FORWARDABLE) &&
!shishi_tkt_forwardable_p (tkt))
return 0;
if ((hint->tktflags & SHISHI_TICKETFLAGS_FORWARDED) &&
!shishi_tkt_forwarded_p (tkt))
return 0;
if ((hint->tktflags & SHISHI_TICKETFLAGS_RENEWABLE) &&
!shishi_tkt_renewable_p (tkt))
return 0;
if ((hint->tktflags & SHISHI_TICKETFLAGS_PROXIABLE) &&
!shishi_tkt_proxiable_p (tkt))
return 0;
if ((hint->tktflags & SHISHI_TICKETFLAGS_PROXY) &&
!shishi_tkt_proxy_p (tkt))
return 0;
if (hint->etype && !shishi_tkt_keytype_p (tkt, hint->etype))
return 0;
return 1;
}
|
|
↓
|
shishi_resolv
|
18
|
66
|
133
|
resolv.c
|
Shishi_dns
shishi_resolv (const char *zone, uint16_t querytype)
{
char host[256];
dns_packet_t packet;
int len, qdcount, ancount, an, n;
unsigned char *eom, *scan;
Shishi_dns *reply, first;
uint16_t type, class, ttl;
if (zone == NULL || *zone == '\0')
return NULL;
switch (querytype)
{
case SHISHI_DNS_TXT:
case SHISHI_DNS_SRV:
break;
default:
return NULL;
}
/* do the actual query */
if ((len = res_query (zone, C_IN, querytype, packet.buf, MAX_PACKET)) < 0
|| len < (int) sizeof (HEADER))
return NULL;
/* we got a valid result, containing two types of records - packet
* and answer .. we have to skip over the packet records */
/* no. of packets, no. of answers */
qdcount = ntohs (packet.hdr.qdcount);
ancount = ntohs (packet.hdr.ancount);
/* end of the returned message */
eom = (unsigned char *) (packet.buf + len);
/* our current location */
scan = (unsigned char *) (packet.buf + sizeof (HEADER));
/* skip over the packet records */
while (qdcount > 0 && scan < eom)
{
qdcount--;
if ((len = dn_expand (packet.buf, eom, scan, host, 256)) < 0)
return NULL;
scan = (unsigned char *) (scan + len + QFIXEDSZ);
}
/* create an array to store the replies in */
reply = xcalloc (ancount, sizeof (Shishi_dns));
an = 0;
/* loop through the answer buffer and extract SRV records */
while (ancount > 0 && scan < eom)
{
ancount--;
len = dn_expand (packet.buf, eom, scan, host, 256);
if (len < 0)
{
for (n = 0; n < an; n++)
free (reply[n]);
free (reply);
return NULL;
}
scan += len;
/* extract the various parts of the record */
GETSHORT (type, scan);
GETSHORT (class, scan);
GETLONG (ttl, scan);
GETSHORT (len, scan);
/* skip records we're not interested in */
if (type != querytype)
{
scan = (unsigned char *) (scan + len);
continue;
}
/* create a new reply structure to save it in */
reply[an] = xmalloc (sizeof (*reply[0]));
reply[an]->type = type;
reply[an]->class = class;
reply[an]->ttl = ttl;
reply[an]->next = NULL;
/* type-specific processing */
switch (type)
{
case SHISHI_DNS_TXT:
reply[an]->rr = txt_rr (packet, eom, &scan);
break;
case SHISHI_DNS_SRV:
reply[an]->rr = srv_rr (packet, eom, &scan);
break;
default:
scan = (unsigned char *) (scan + len);
continue;
}
/* fell short, we're done */
if (reply[an]->rr == NULL)
{
free (reply[an]);
reply[an] = NULL;
break;
}
/* on to the next one */
an++;
}
/* sort srv records them */
if (querytype == SHISHI_DNS_SRV)
qsort (reply, an, sizeof (Shishi_dns), srv_compare);
/* build a linked list out of the array elements */
for (n = 0; n < an - 1; n++)
reply[n]->next = reply[n + 1];
first = reply[0];
free (reply);
return first;
}
|
|
↓
|
shishi_kdcrep_set_ticket
|
18
|
68
|
98
|
kdcrep.c
|
int
shishi_kdcrep_set_ticket (Shishi * handle, Shishi_asn1 kdcrep,
Shishi_asn1 ticket)
{
int res = SHISHI_OK;
char *format;
char *buf;
size_t buflen;
size_t i, n;
res = shishi_asn1_read (handle, ticket, "tkt-vno", &buf, &buflen);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_write (handle, kdcrep, "ticket.tkt-vno", buf, buflen);
free (buf);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_read (handle, ticket, "realm", &buf, &buflen);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_write (handle, kdcrep, "ticket.realm", buf, buflen);
free (buf);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_read (handle, ticket, "sname.name-type", &buf, &buflen);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_write (handle, kdcrep, "ticket.sname.name-type",
buf, buflen);
free (buf);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_number_of_elements (handle, ticket,
"sname.name-string", &n);
if (res != SHISHI_OK)
return res;
for (i = 1; i <= n; i++)
{
res = shishi_asn1_write (handle, kdcrep,
"ticket.sname.name-string", "NEW", 1);
if (res != SHISHI_OK)
return res;
format = xasprintf ("sname.name-string.?%d", i);
res = shishi_asn1_read (handle, ticket, format, &buf, &buflen);
free (format);
if (res != SHISHI_OK)
return res;
format = xasprintf ("ticket.sname.name-string.?%d", i);
res = shishi_asn1_write (handle, kdcrep, format, buf, buflen);
free (format);
free (buf);
if (res != SHISHI_OK)
return res;
}
res = shishi_asn1_read (handle, ticket, "enc-part.etype", &buf, &buflen);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_write (handle, kdcrep, "ticket.enc-part.etype",
buf, buflen);
free (buf);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_read (handle, ticket, "enc-part.kvno", &buf, &buflen);
if (res != SHISHI_OK)
res = shishi_asn1_write (handle, kdcrep, "ticket.enc-part.kvno", NULL, 0);
else
{
res = shishi_asn1_write (handle, kdcrep, "ticket.enc-part.kvno",
buf, buflen);
free (buf);
}
if (res != SHISHI_OK)
return res;
res = shishi_asn1_read (handle, ticket, "enc-part.cipher", &buf, &buflen);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_write (handle, kdcrep, "ticket.enc-part.cipher",
buf, buflen);
free (buf);
if (res != SHISHI_OK)
return res;
return SHISHI_OK;
}
|
|
↓
|
_shishi_kdcreq
|
18
|
60
|
102
|
kdcreq.c
|
static Shishi_asn1
_shishi_kdcreq (Shishi * handle, int as)
{
int res;
Shishi_asn1 node;
const char *servicebuf[3];
uint32_t nonce;
if (as)
node = shishi_asn1_asreq (handle);
else
node = shishi_asn1_tgsreq (handle);
if (!node)
return NULL;
res = shishi_asn1_write (handle, node, "pvno",
SHISHI_KDCREQ_DEFAULT_PVNO,
SHISHI_KDCREQ_DEFAULT_PVNO_LEN);
if (res != SHISHI_OK)
goto error;
if (as)
res = shishi_asn1_write (handle, node, "msg-type",
SHISHI_AS_REQ_DEFAULT_MSG_TYPE,
SHISHI_AS_REQ_DEFAULT_MSG_TYPE_LEN);
else
res = shishi_asn1_write (handle, node, "msg-type",
SHISHI_TGS_REQ_DEFAULT_MSG_TYPE,
SHISHI_TGS_REQ_DEFAULT_MSG_TYPE_LEN);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, node, "req-body.kdc-options",
SHISHI_KDCREQ_DEFAULT_REQ_BODY_KDC_OPTIONS,
SHISHI_KDCREQ_DEFAULT_REQ_BODY_KDC_OPTIONS_LEN);
if (res != SHISHI_OK)
goto error;
if (as)
res = shishi_kdcreq_set_cname (handle, node, SHISHI_NT_PRINCIPAL,
shishi_principal_default (handle));
else
res = shishi_asn1_write (handle, node, "req-body.cname", NULL, 0);
if (res != SHISHI_OK)
goto error;
res = shishi_kdcreq_set_realm (handle, node, shishi_realm_default (handle));
if (res != SHISHI_OK)
goto error;
servicebuf[0] = "krbtgt";
servicebuf[1] = shishi_realm_default (handle);
servicebuf[2] = NULL;
res = shishi_kdcreq_set_sname (handle, node,
SHISHI_NT_PRINCIPAL, servicebuf);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, node, "req-body.sname.name-type",
SHISHI_KDCREQ_DEFAULT_REQ_BODY_SNAME_NAME_TYPE,
SHISHI_KDCREQ_DEFAULT_REQ_BODY_SNAME_NAME_TYPE_LEN);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, node, "req-body.till",
shishi_generalize_time (handle,
time (NULL) +
handle->ticketlife), 0);
if (res != SHISHI_OK)
goto error;
shishi_randomize (handle, 0, &nonce, sizeof (nonce));
nonce &= 0x7FFFFFFF; /* XXX fix _libtasn1_convert_integer. */
res = shishi_kdcreq_nonce_set (handle, node, nonce);
if (res != SHISHI_OK)
goto error;
res = shishi_kdcreq_set_etype (handle, node, handle->clientkdcetypes,
handle->nclientkdcetypes);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, node, "req-body.addresses", NULL, 0);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, node,
"req-body.enc-authorization-data", NULL, 0);
if (res != SHISHI_OK)
goto error;
res =
shishi_asn1_write (handle, node, "req-body.additional-tickets", NULL, 0);
if (res != SHISHI_OK)
goto error;
return node;
error:
shishi_asn1_done (handle, node);
return NULL;
}
|
|
↓
|
shishi_tkts_get_tgt
|
17
|
50
|
87
|
tkts.c
|
Shishi_tkt *
shishi_tkts_get_tgt (Shishi_tkts * tkts, Shishi_tkts_hint * hint)
{
Shishi_tkts_hint lochint;
Shishi_as *as;
Shishi_tkt *tgt;
int rc;
/* XXX cross-realm operation */
memset (&lochint, 0, sizeof (lochint));
asprintf (&lochint.server, "krbtgt/%s", hint->serverrealm ?
hint->serverrealm : shishi_realm_default (tkts->handle));
set_tgtflags_based_on_hint (hint, &lochint);
tgt = shishi_tkts_find (tkts, &lochint);
free (lochint.server);
lochint.server = NULL;
if (tgt)
return tgt;
if (hint->flags & SHISHI_TKTSHINTFLAGS_NON_INTERACTIVE)
return NULL;
again:
rc = shishi_as (tkts->handle, &as);
if (rc == SHISHI_OK)
rc = act_hint_on_kdcreq (tkts->handle, &lochint, shishi_as_req (as));
if (rc == SHISHI_OK)
rc = do_preauth (tkts, &lochint, as);
if (rc == SHISHI_OK)
rc = shishi_as_req_build (as);
if (rc == SHISHI_OK)
rc = shishi_as_sendrecv_hint (as, &lochint);
if (rc == SHISHI_OK)
rc = shishi_as_rep_process (as, NULL, lochint.passwd);
if (rc == SHISHI_GOT_KRBERROR
&& shishi_krberror_errorcode_fast (tkts->handle,
shishi_as_krberror (as))
== SHISHI_KDC_ERR_PREAUTH_REQUIRED)
{
bool retry = false;
rc = recover_preauth (tkts, as, &lochint, &retry);
if (rc != SHISHI_OK)
return NULL;
if (retry)
{
shishi_as_done (as);
goto again;
}
shishi_error_printf (tkts->handle, "Unsupported pre-auth required");
return NULL;
}
if (rc != SHISHI_OK)
{
shishi_error_printf (tkts->handle,
"AS exchange failed: %s\n%s\n",
shishi_strerror (rc), shishi_error (tkts->handle));
return NULL;
}
/* XXX free lochint members */
tgt = shishi_as_tkt (as);
if (!tgt)
{
shishi_error_printf (tkts->handle, "No ticket in AS-REP");
return NULL;
}
if (VERBOSENOISE (tkts->handle))
{
printf ("Received ticket granting ticket:\n");
shishi_tkt_pretty_print (tgt, stdout);
}
rc = shishi_tkts_add (tkts, tgt);
if (rc != SHISHI_OK)
printf ("Could not add ticket: %s", shishi_strerror (rc));
return tgt;
}
|
|
↓
|
recover_preauth_info
|
17
|
48
|
93
|
tkts.c
|
static int
recover_preauth_info (Shishi_tkts * tkts,
Shishi_as * as,
Shishi_tkts_hint * lochint,
Shishi_asn1 einfos, bool isinfo2, bool * retry)
{
size_t foundpos = SIZE_MAX;
size_t i, n;
int rc;
shishi_verbose (tkts->handle, "Found INFO-ETYPE(2) pre-auth hints");
if (VERBOSEASN1 (tkts->handle))
{
if (isinfo2)
shishi_etype_info2_print (tkts->handle, stdout, einfos);
else
shishi_etype_info_print (tkts->handle, stdout, einfos);
}
if (lochint->preauthetype)
{
shishi_verbose (tkts->handle, "Pre-auth data already specified");
return SHISHI_OK;
}
rc = shishi_asn1_number_of_elements (tkts->handle, einfos, "", &n);
if (rc != SHISHI_OK)
return rc;
for (i = 1; i <= n; i++)
{
char *format;
int32_t etype;
format = xasprintf ("?%d.etype", i);
rc = shishi_asn1_read_int32 (tkts->handle, einfos, format, &etype);
free (format);
if (rc == SHISHI_OK)
{
size_t j;
shishi_verbose (tkts->handle, "Server has etype %d", etype);
for (j = 0; j < tkts->handle->nclientkdcetypes; j++)
{
if (etype == tkts->handle->clientkdcetypes[j])
{
if (j < foundpos && VERBOSENOISE (tkts->handle))
{
shishi_verbose (tkts->handle, "New best etype %d",
etype);
/* XXX mem leak. */
format = xasprintf ("?%d.salt", i);
rc = shishi_asn1_read (tkts->handle, einfos, format,
&lochint->preauthsalt,
&lochint->preauthsaltlen);
free (format);
if (rc != SHISHI_OK && rc != SHISHI_ASN1_NO_ELEMENT)
return rc;
if (isinfo2)
{
format = xasprintf ("?%d.s2kparams", i);
rc = shishi_asn1_read (tkts->handle, einfos, format,
&lochint->preauths2kparams,
&lochint->preauths2kparamslen);
free (format);
if (rc != SHISHI_OK && rc != SHISHI_ASN1_NO_ELEMENT)
return rc;
}
}
foundpos = MIN (foundpos, j);
}
}
}
}
if (foundpos != SIZE_MAX)
{
lochint->preauthetype = tkts->handle->clientkdcetypes[foundpos];
shishi_verbose (tkts->handle, "Best pre-auth etype was %d",
lochint->preauthetype);
*retry = true;
}
return SHISHI_OK;
}
|
|
↓
|
shishi_cfg_from_file
|
17
|
30
|
51
|
cfg.c
|
int
shishi_cfg_from_file (Shishi * handle, const char *cfg)
{
char *line = NULL;
size_t len = 0;
FILE *fh;
if (cfg == NULL)
return SHISHI_OK;
fh = fopen (cfg, "r");
if (fh == NULL)
return SHISHI_FOPEN_ERROR;
while (!feof (fh))
{
ssize_t n = getline (&line, &len, fh);
char *p = line;
char *q;
if (n <= 0)
/* End of file or error. */
break;
while (strlen (p) > 0 && (p[strlen (p) - 1] == '\n' ||
p[strlen (p) - 1] == '\r'))
p[strlen (p) - 1] = '\0';
while (*p && strchr (" \t\r\n", *p))
p++;
if (*p == '\0' || *p == '#')
continue;
q = strchr (p, ' ');
if (q && (strchr (p, '=') == NULL || q < strchr (p, '=')))
*q = '=';
shishi_cfg (handle, p);
}
free (line);
if (ferror (fh))
shishi_error_printf (handle, "Error reading configuration file");
if (fclose (fh) != 0)
return SHISHI_IO_ERROR;
return SHISHI_OK;
}
|
|
↓
|
arcfour_hmac_encrypt
|
16
|
78
|
144
|
crypto-rc4.c
|
static int
arcfour_hmac_encrypt (Shishi * handle,
Shishi_key * key,
int keyusage,
const char *iv,
size_t ivlen,
char **ivout, size_t * ivoutlen,
const char *in, size_t inlen, char **out,
size_t * outlen)
{
int export = shishi_key_type (key) == SHISHI_ARCFOUR_HMAC_EXP;
int arcfourkeyusage = arcfour_keyusage (keyusage);
char L40[14] = "fortybits";
uint8_t T[4];
char *K1 = NULL;
char K2[16];
char *K3 = NULL;
char *pt = NULL;
size_t ptlen;
char *ct = NULL;
char *cksum = NULL;
int offset;
int err;
T[0] = arcfourkeyusage & 0xFF;
T[1] = (arcfourkeyusage >> 8) & 0xFF;
T[2] = (arcfourkeyusage >> 16) & 0xFF;
T[3] = (arcfourkeyusage >> 24) & 0xFF;
memcpy (L40 + 10, T, 4);
if (export)
offset = 0;
else
offset = 10;
if (VERBOSECRYPTONOISE (handle))
{
puts ("k1pt");
_shishi_hexprint (L40 + offset, 14 - offset);
}
err = shishi_hmac_md5 (handle,
shishi_key_value (key), shishi_key_length (key),
L40 + offset, 14 - offset, &K1);
if (err)
goto done;
if (VERBOSECRYPTONOISE (handle))
{
puts ("k1");
_shishi_hexprint (K1, 16);
}
memcpy (K2, K1, 16);
if (export)
memset (K1 + 7, 0xAB, 9);
if (VERBOSECRYPTONOISE (handle))
{
puts ("k1");
_shishi_hexprint (K1, 16);
puts ("k2");
_shishi_hexprint (K2, 16);
}
/* Note that in ENCRYPT of draft-brezak-win2k-krb-rc4-hmac-04.txt change:
*
* edata.Checksum = HMAC (K2, edata);
*
* into
*
* edata.Checksum = HMAC (K2, concat(edata.Confounder, edata.Data));
*
* otherwise it will not work. Compare DECRYPT where the later is
* taken from. Another interpretation would be to HMAC a zeroized
* checksum field, like certain other cipher suites do, but that
* does not interoperate.
*
*/
ptlen = 8 + inlen;
pt = xmalloc (ptlen);
err = shishi_randomize (handle, 0, pt, 8);
if (err)
goto done;
memcpy (pt + 8, in, inlen);
if (VERBOSECRYPTONOISE (handle))
{
puts ("random");
_shishi_hexprint (pt, 8);
}
err = shishi_hmac_md5 (handle, K2, 16, pt, ptlen, &cksum);
if (err)
goto done;
if (VERBOSECRYPTONOISE (handle))
{
puts ("cksum");
_shishi_hexprint (cksum, 16);
}
err = shishi_hmac_md5 (handle, K1, 16, cksum, 16, &K3);
if (err)
goto done;
if (VERBOSECRYPTONOISE (handle))
{
puts ("k3");
_shishi_hexprint (K3, 16);
}
err = shishi_arcfour (handle, 0, K3, 16, iv, ivout, pt, ptlen, &ct);
if (err)
goto done;
if (VERBOSECRYPTONOISE (handle))
{
puts ("ct");
_shishi_hexprint (ct, ptlen);
}
*outlen = 16 + ptlen;
*out = xmalloc (*outlen);
memcpy (*out, cksum, 16);
memcpy (*out + 16, ct, ptlen);
if (ivoutlen)
/* size = sbox[256] + int8_t i + int8_t j */
*ivoutlen = 256 + 2 * 8;
err = SHISHI_OK;
done:
free (cksum);
free (K3);
free (pt);
free (ct);
free (K1);
return err;
}
|
|
↓
|
shishi_prompt_password
|
16
|
59
|
104
|
password.c
|
int
shishi_prompt_password (Shishi * handle, char **s, const char *format, ...)
{
char *p;
va_list ap;
if (handle->prompt_passwd)
{
int ret;
va_start (ap, format);
ret = handle->prompt_passwd (handle, s, format, ap);
va_end (ap);
return ret;
}
#ifdef HAVE_LIBIDN
if (VERBOSE (handle))
{
printf ("Libstringprep thinks your locale is `%s'.\n",
stringprep_locale_charset ());
}
#endif
va_start (ap, format);
vprintf (format, ap);
fflush (stdout);
va_end (ap);
p = getpass ("");
*s = xstrdup (p);
printf ("\n");
if (VERBOSENOISE (handle))
{
size_t i;
printf ("Read password (length %d): ", strlen (*s));
for (i = 0; i < strlen (*s); i++)
printf ("%02x ", (*s)[i] & 0xFF);
printf ("\n");
}
if (handle->stringprocess
&& strcasecmp (handle->stringprocess, "none") != 0)
#ifdef HAVE_LIBIDN
{
if (strcasecmp (handle->stringprocess, "stringprep") == 0)
p = stringprep_locale_to_utf8 (*s);
else
p = stringprep_convert (*s, handle->stringprocess,
stringprep_locale_charset ());
if (p)
{
free (*s);
*s = p;
}
else
shishi_warn (handle, "Charset conversion of password failed");
if (VERBOSENOISE (handle))
{
size_t i;
printf ("Password converted to %s (length %d): ",
strcasecmp (handle->stringprocess, "stringprep") == 0 ?
"UTF-8" : handle->stringprocess, strlen (*s));
for (i = 0; i < strlen (*s); i++)
printf ("%02x ", (*s)[i] & 0xFF);
printf ("\n");
}
if (strcasecmp (handle->stringprocess, "stringprep") == 0)
{
int rc;
rc = stringprep_profile (*s, &p, "SASLprep", 0);
if (rc == SHISHI_OK)
{
free (*s);
*s = p;
}
else
shishi_warn (handle, "Stringprep conversion of password failed");
if (VERBOSENOISE (handle))
{
size_t i;
printf ("Stringprep'ed password (length %d): ", strlen (*s));
for (i = 0; i < strlen (*s); i++)
printf ("%02x ", (*s)[i] & 0xFF);
printf ("\n");
}
}
}
#else
shishi_warn (handle, "Password string processing (%s) disabled",
handle->stringprocess);
#endif
return SHISHI_OK;
}
|
|
↓
|
shishi_apreq
|
16
|
48
|
95
|
apreq.c
|
Shishi_asn1
shishi_apreq (Shishi * handle)
{
Shishi_asn1 node;
int res;
node = shishi_asn1_apreq (handle);
if (!node)
goto error;
res = shishi_asn1_write (handle, node, "pvno",
SHISHI_APREQ_DEFAULT_PVNO,
SHISHI_APREQ_DEFAULT_PVNO_LEN);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, node, "msg-type",
SHISHI_APREQ_DEFAULT_MSG_TYPE,
SHISHI_APREQ_DEFAULT_MSG_TYPE_LEN);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, node, "ap-options",
SHISHI_APREQ_DEFAULT_AP_OPTIONS,
SHISHI_APREQ_DEFAULT_AP_OPTIONS_LEN);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, node, "ticket.tkt-vno",
SHISHI_APREQ_DEFAULT_TICKET_TKT_VNO,
SHISHI_APREQ_DEFAULT_TICKET_TKT_VNO_LEN);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, node, "ticket.realm",
SHISHI_APREQ_DEFAULT_TICKET_REALM,
SHISHI_APREQ_DEFAULT_TICKET_REALM_LEN);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, node, "ticket.realm",
SHISHI_APREQ_DEFAULT_TICKET_REALM,
SHISHI_APREQ_DEFAULT_TICKET_REALM_LEN);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, node, "ticket.sname.name-type",
SHISHI_APREQ_DEFAULT_TICKET_SNAME_NAME_TYPE,
SHISHI_APREQ_DEFAULT_TICKET_SNAME_NAME_TYPE_LEN);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, node, "ticket.enc-part.etype",
SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_ETYPE,
SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_ETYPE_LEN);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, node, "ticket.enc-part.kvno",
SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_KVNO,
SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_KVNO_LEN);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, node, "ticket.enc-part.cipher",
SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_CIPHER,
SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_CIPHER_LEN);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, node, "authenticator.etype",
SHISHI_APREQ_DEFAULT_AUTHENTICATOR_ETYPE,
SHISHI_APREQ_DEFAULT_AUTHENTICATOR_ETYPE_LEN);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, node, "authenticator.kvno",
SHISHI_APREQ_DEFAULT_AUTHENTICATOR_KVNO,
SHISHI_APREQ_DEFAULT_AUTHENTICATOR_KVNO_LEN);
if (res != SHISHI_OK)
goto error;
res = shishi_asn1_write (handle, node, "authenticator.cipher",
SHISHI_APREQ_DEFAULT_AUTHENTICATOR_CIPHER,
SHISHI_APREQ_DEFAULT_AUTHENTICATOR_CIPHER_LEN);
if (res != SHISHI_OK)
goto error;
return node;
error:
if (node)
shishi_asn1_done (handle, node);
return NULL;
}
|
|
↓
|
shishi_principal_name
|
16
|
47
|
63
|
principal.c
|
int
shishi_principal_name (Shishi * handle,
Shishi_asn1 namenode,
const char *namefield, char **out, size_t * outlen)
{
char *format;
size_t i, j, n;
char *name = NULL;
size_t namelen = 0;
int res;
asprintf (&format, "%s.name-string", namefield);
res = shishi_asn1_number_of_elements (handle, namenode, format, &n);
free (format);
if (res != SHISHI_OK)
return res;
for (i = 1; i <= n; i++)
{
char *tmp;
size_t tmplen;
size_t safetmplen;
asprintf (&format, "%s.name-string.?%ld", namefield, i);
res = shishi_asn1_read (handle, namenode, format, &tmp, &tmplen);
free (format);
if (res != SHISHI_OK)
return res;
safetmplen = tmplen;
for (j = 0; j < tmplen; j++)
if (tmp[j] == '@' || tmp[j] == '/' || tmp[j] == '\\')
safetmplen++;
if (i < n)
safetmplen++;
name = xrealloc (name, namelen + safetmplen);
for (j = 0; j < tmplen; j++)
{
if (tmp[j] == '@' || tmp[j] == '/' || tmp[j] == '\\')
name[namelen++] = '\\';
name[namelen++] = tmp[j];
}
if (i < n)
name[namelen++] = '/';
free (tmp);
}
name = xrealloc (name, namelen + 1);
name[namelen] = '\0';
if (out)
*out = name;
else
free (name);
if (outlen)
*outlen = namelen;
return SHISHI_OK;
}
|
|
↓
|
shishi_parse_name
|
16
|
32
|
60
|
principal.c
|
int
shishi_parse_name (Shishi * handle, const char *name,
char **principal, char **realm)
{
const char *p = name;
const char *q;
int escaped = 0;
if (!name)
{
shishi_error_printf (handle, "Name is NULL\n");
return SHISHI_INVALID_PRINCIPAL_NAME;
}
while (*p && (*p != '@' || escaped))
if (escaped)
escaped = 0;
else if (*p++ == '\\')
escaped = 1;
if (escaped)
{
shishi_error_printf (handle,
"Principal ended with escape character: %s\n",
name);
return SHISHI_INVALID_PRINCIPAL_NAME;
}
if (principal)
{
*principal = xstrndup (name, p - name + 1);
(*principal)[p - name] = '\0';
}
if (*p)
{
q = ++p;
while (*q)
if (escaped)
escaped = 0;
else if (*q++ == '\\')
escaped = 1;
if (escaped)
{
shishi_error_printf (handle,
"Realm ended with escape character: %s\n",
name);
return SHISHI_INVALID_PRINCIPAL_NAME;
}
if (realm)
*realm = xstrdup (p);
}
else if (realm)
*realm = NULL;
return SHISHI_OK;
}
|
|
↓
|
arcfour_hmac_decrypt
|
15
|
70
|
120
|
crypto-rc4.c
|
static int
arcfour_hmac_decrypt (Shishi * handle,
Shishi_key * key,
int keyusage,
const char *iv,
size_t ivlen,
char **ivout, size_t * ivoutlen,
const char *in, size_t inlen, char **out,
size_t * outlen)
{
int export = shishi_key_type (key) == SHISHI_ARCFOUR_HMAC_EXP;
int arcfourkeyusage = arcfour_keyusage (keyusage);
char L40[14] = "fortybits";
uint8_t T[4];
char *K1 = NULL;
char K2[16];
char *K3 = NULL;
char *cksum = NULL;
char *pt = NULL;
int offset;
int err;
T[0] = arcfourkeyusage & 0xFF;
T[1] = (arcfourkeyusage >> 8) & 0xFF;
T[2] = (arcfourkeyusage >> 16) & 0xFF;
T[3] = (arcfourkeyusage >> 24) & 0xFF;
memcpy (L40 + 10, T, 4);
if (export)
offset = 0;
else
offset = 10;
if (VERBOSECRYPTONOISE (handle))
{
puts ("k1pt");
_shishi_hexprint (L40 + offset, 14 - offset);
}
err = shishi_hmac_md5 (handle,
shishi_key_value (key), shishi_key_length (key),
L40 + offset, 14 - offset, &K1);
if (err)
goto done;
if (VERBOSECRYPTONOISE (handle))
{
puts ("k1");
_shishi_hexprint (K1, 16);
}
memcpy (K2, K1, 16);
if (export)
memset (K1 + 7, 0xAB, 9);
if (VERBOSECRYPTONOISE (handle))
{
puts ("k1");
_shishi_hexprint (K1, 16);
puts ("k2");
_shishi_hexprint (K2, 16);
}
err = shishi_hmac_md5 (handle, K1, 16, in, 16, &K3);
if (err)
goto done;
if (VERBOSECRYPTONOISE (handle))
{
puts ("k3");
_shishi_hexprint (K3, 16);
}
err =
shishi_arcfour (handle, 1, K3, 16, iv, ivout, in + 16, inlen - 16, &pt);
if (err)
goto done;
if (VERBOSECRYPTONOISE (handle))
{
puts ("cksum pt");
_shishi_hexprint (pt, inlen - 16);
}
err = shishi_hmac_md5 (handle, K2, 16, pt, inlen - 16, &cksum);
if (err)
goto done;
if (VERBOSECRYPTONOISE (handle))
{
puts ("cksum");
_shishi_hexprint (cksum, 16);
puts ("cksumin");
_shishi_hexprint (in, 16);
}
if (memcmp (cksum, in, 16) != 0)
{
err = SHISHI_CRYPTO_ERROR;
goto done;
}
*outlen = inlen - 16 - 8;
*out = xmalloc (*outlen);
memcpy (*out, pt + 8, inlen - 16 - 8);
if (ivoutlen)
/* size = sbox[256] + int8_t i + int8_t j */
*ivoutlen = 256 + 2 * 8;
err = SHISHI_OK;
done:
free (cksum);
free (K3);
free (K1);
free (pt);
return err;
}
|
|
↓
|
shishi_enckdcreppart_populate_encticketpart
|
15
|
43
|
70
|
enckdcreppart.c
|
int
shishi_enckdcreppart_populate_encticketpart (Shishi * handle,
Shishi_asn1 enckdcreppart,
Shishi_asn1 encticketpart)
{
char *buf;
size_t buflen;
int res;
res = shishi_asn1_read (handle, encticketpart, "flags", &buf, &buflen);
if (res != SHISHI_OK)
return SHISHI_ASN1_ERROR;
res = shishi_asn1_write (handle, enckdcreppart, "flags", buf, buflen);
free (buf);
if (res != SHISHI_OK)
return SHISHI_ASN1_ERROR;
res = shishi_asn1_read (handle, encticketpart, "authtime", &buf, &buflen);
if (res != SHISHI_OK)
return SHISHI_ASN1_ERROR;
res = shishi_asn1_write (handle, enckdcreppart, "authtime", buf, buflen);
free (buf);
if (res != SHISHI_OK)
return SHISHI_ASN1_ERROR;
res = shishi_asn1_read (handle, encticketpart, "starttime", &buf, &buflen);
if (res != SHISHI_OK && res != SHISHI_ASN1_NO_ELEMENT)
return SHISHI_ASN1_ERROR;
if (res == SHISHI_ASN1_NO_ELEMENT)
res = shishi_asn1_write (handle, enckdcreppart, "starttime", NULL, 0);
else
{
res = shishi_asn1_write (handle, enckdcreppart, "starttime",
buf, buflen);
free (buf);
}
if (res != SHISHI_OK)
return SHISHI_ASN1_ERROR;
res = shishi_asn1_read (handle, encticketpart, "endtime", &buf, &buflen);
if (res != SHISHI_OK)
return SHISHI_ASN1_ERROR;
res = shishi_asn1_write (handle, enckdcreppart, "endtime", buf, buflen);
free (buf);
if (res != SHISHI_OK)
return SHISHI_ASN1_ERROR;
res = shishi_asn1_read (handle, encticketpart, "renew-till", &buf, &buflen);
if (res != SHISHI_OK && res != SHISHI_ASN1_NO_ELEMENT)
return SHISHI_ASN1_ERROR;
if (res == SHISHI_ASN1_NO_ELEMENT)
res = shishi_asn1_write (handle, enckdcreppart, "renew-till", NULL, 0);
else
{
res = shishi_asn1_write (handle, enckdcreppart,
"renew-till", buf, buflen);
free (buf);
}
if (res != SHISHI_OK)
return SHISHI_ASN1_ERROR;
/* XXX copy caddr too */
return SHISHI_OK;
}
|
|
↓
|
_shishi_simplified_encrypt
|
15
|
42
|
83
|
crypto.c
|
int
_shishi_simplified_encrypt (Shishi * handle,
Shishi_key * key,
int keyusage,
const char *iv, size_t ivlen,
char **ivout, size_t * ivoutlen,
const char *in, size_t inlen,
char **out, size_t * outlen)
{
int res;
int padzerolen = 0;
if ((shishi_key_type (key) == SHISHI_DES3_CBC_HMAC_SHA1_KD ||
shishi_key_type (key) == SHISHI_DES_CBC_CRC ||
shishi_key_type (key) == SHISHI_DES_CBC_MD4 ||
shishi_key_type (key) == SHISHI_DES_CBC_MD5) && (inlen % 8) != 0)
while (((inlen + padzerolen) % 8) != 0)
padzerolen++;
if (keyusage != 0)
{
char *pt = NULL, *ct = NULL, *hmac = NULL;
int blen = shishi_cipher_blocksize (shishi_key_type (key));
size_t ctlen, ptlen, hmaclen;
Shishi_key *privacykey = NULL, *integritykey = NULL;
ptlen = inlen + blen + padzerolen;
pt = xmalloc (ptlen);
res = shishi_randomize (handle, 0, pt, blen);
if (res != SHISHI_OK)
goto done;
memcpy (pt + blen, in, inlen);
memset (pt + blen + inlen, 0, padzerolen);
res = _shishi_simplified_derivekey (handle, key, keyusage,
SHISHI_DERIVEKEYMODE_PRIVACY,
&privacykey);
if (res != SHISHI_OK)
goto done;
res = _shishi_simplified_dencrypt (handle, privacykey,
iv, ivlen, ivout,
ivoutlen, pt, ptlen, &ct, &ctlen, 0);
if (res != SHISHI_OK)
goto done;
res = _shishi_simplified_derivekey (handle, key, keyusage,
SHISHI_DERIVEKEYMODE_INTEGRITY,
&integritykey);
if (res != SHISHI_OK)
goto done;
res = simplified_hmac (handle, integritykey, pt, ptlen,
&hmac, &hmaclen);
if (res != SHISHI_OK)
goto done;
*outlen = ctlen + hmaclen;
*out = xmalloc (*outlen);
memcpy (*out, ct, ctlen);
memcpy (*out + ctlen, hmac, hmaclen);
done:
if (privacykey)
shishi_key_done (privacykey);
if (integritykey)
shishi_key_done (integritykey);
free (hmac);
free (ct);
free (pt);
}
else
{
res = _shishi_simplified_dencrypt (handle, key, iv, ivlen,
ivout, ivoutlen,
in, inlen, out, outlen, 0);
}
return res;
}
|
|
↓
|
shishi_as_rep_process
|
15
|
42
|
79
|
as.c
|
int
shishi_as_rep_process (Shishi_as * as, Shishi_key * key, const char *password)
{
Shishi_asn1 ticket, kdcreppart;
int res;
if (VERBOSE (as->handle))
printf ("Processing AS-REQ and AS-REP...\n");
if (VERBOSEASN1 (as->handle))
shishi_kdcreq_print (as->handle, stdout, as->asreq);
if (VERBOSEASN1 (as->handle))
shishi_kdcrep_print (as->handle, stdout, as->asrep);
if (key == NULL && password == NULL)
{
char *passwd;
char *user;
size_t userlen;
res = shishi_asreq_clientrealm (as->handle, as->asreq, &user, &userlen);
if (res != SHISHI_OK)
{
shishi_error_printf (as->handle, "Could not extract cname and "
"realm from AS-REQ: %s\n",
shishi_strerror (res));
return res;
}
res = shishi_prompt_password (as->handle, &passwd,
"Enter password for `%s': ", user);
free (user);
if (res != SHISHI_OK)
{
shishi_error_printf (as->handle, "Reading password failed: %s\n",
shishi_strerror (res));
return res;
}
res = shishi_as_process (as->handle, as->asreq, as->asrep,
passwd, &kdcreppart);
free (passwd);
}
else if (key == NULL)
res = shishi_as_process (as->handle, as->asreq, as->asrep,
password, &kdcreppart);
else
res = shishi_kdc_process (as->handle, as->asreq, as->asrep, key,
SHISHI_KEYUSAGE_ENCASREPPART, &kdcreppart);
if (res != SHISHI_OK)
return res;
if (VERBOSE (as->handle))
printf ("Got EncKDCRepPart...\n");
if (VERBOSEASN1 (as->handle))
shishi_enckdcreppart_print (as->handle, stdout, kdcreppart);
res = shishi_kdcrep_get_ticket (as->handle, as->asrep, &ticket);
if (res != SHISHI_OK)
{
shishi_error_printf (as->handle,
"Could not extract ticket from AS-REP: %s",
shishi_error (as->handle));
return res;
}
if (VERBOSE (as->handle))
printf ("Got Ticket...\n");
if (VERBOSEASN1 (as->handle))
shishi_ticket_print (as->handle, stdout, ticket);
/* XXX */
as->tkt = shishi_tkt2 (as->handle, ticket, kdcreppart, as->asrep);
return SHISHI_OK;
}
|
|
↓
|
shishi_tgs_process
|
15
|
33
|
64
|
kdc.c
|
int
shishi_tgs_process (Shishi * handle,
Shishi_asn1 tgsreq,
Shishi_asn1 tgsrep,
Shishi_asn1 authenticator,
Shishi_asn1 oldenckdcreppart, Shishi_asn1 * enckdcreppart)
{
Shishi_key *tktkey;
Shishi_key *subkey;
int use_subkey;
int etype;
int res;
res = shishi_kdcrep_get_enc_part_etype (handle, tgsrep, &etype);
if (res != SHISHI_OK)
return res;
res = shishi_authenticator_get_subkey (handle, authenticator, &subkey);
use_subkey = (res != SHISHI_ASN1_NO_ELEMENT);
if (res != SHISHI_OK && res != SHISHI_ASN1_NO_ELEMENT)
return res;
res = shishi_enckdcreppart_get_key (handle, oldenckdcreppart, &tktkey);
if (res != SHISHI_OK)
return res;
if (etype != shishi_key_type (use_subkey ? subkey : tktkey))
res = SHISHI_TGSREP_BAD_KEYTYPE;
else
res = shishi_kdc_process (handle, tgsreq, tgsrep,
use_subkey ? subkey : tktkey,
use_subkey ?
SHISHI_KEYUSAGE_ENCTGSREPPART_AUTHENTICATOR_KEY
: SHISHI_KEYUSAGE_ENCTGSREPPART_SESSION_KEY,
enckdcreppart);
/* Entire if statement to work around buggy KDCs. */
if (use_subkey && (res == SHISHI_CRYPTO_ERROR ||
res == SHISHI_TGSREP_BAD_KEYTYPE))
{
int tmpres;
/* Try again using key from ticket instead of subkey */
if (etype != shishi_key_type (tktkey))
tmpres = SHISHI_TGSREP_BAD_KEYTYPE;
else
tmpres = shishi_kdc_process (handle, tgsreq, tgsrep, tktkey,
SHISHI_KEYUSAGE_ENCTGSREPPART_SESSION_KEY,
enckdcreppart);
/* if bug workaround code didn't help, return original error. */
if (tmpres != SHISHI_OK)
return res;
shishi_warn (handle, "KDC bug: Reply encrypted using wrong key.");
res = tmpres;
}
if (res != SHISHI_OK)
return res;
return SHISHI_OK;
}
|
|
↓
|
shishi_priv
|
14
|
49
|
72
|
priv.c
|
int
shishi_priv (Shishi * handle, Shishi_priv ** priv)
{
Shishi_priv *lpriv;
struct timeval tv;
char *usec;
int rc;
*priv = xcalloc (1, sizeof (**priv));
lpriv = *priv;
lpriv->handle = handle;
rc = shishi_key (handle, &lpriv->key);
if (rc != SHISHI_OK)
return rc;
lpriv->priv = shishi_asn1_priv (handle);
if (lpriv->priv == NULL)
return SHISHI_ASN1_ERROR;
rc = shishi_asn1_write (handle, lpriv->priv, "pvno", "5", 0);
if (rc != SHISHI_OK)
return rc;
rc = shishi_asn1_write (handle, lpriv->priv, "msg-type", "21", 0);
if (rc != SHISHI_OK)
return rc;
rc = shishi_asn1_write (handle, lpriv->priv, "enc-part.kvno", "0", 0);
if (rc != SHISHI_OK)
return rc;
lpriv->encprivpart = shishi_asn1_encprivpart (handle);
if (lpriv->priv == NULL)
return SHISHI_ASN1_ERROR;
rc = shishi_asn1_write (handle, lpriv->encprivpart, "timestamp",
shishi_generalize_time (handle, time (NULL)), 0);
if (rc != SHISHI_OK)
return rc;
rc = gettimeofday (&tv, NULL);
if (rc != 0)
return SHISHI_GETTIMEOFDAY_ERROR;
usec = xasprintf ("%ld", tv.tv_usec % 1000000);
rc = shishi_asn1_write (handle, lpriv->encprivpart, "usec", usec, 0);
free (usec);
if (rc != SHISHI_OK)
return rc;
rc = shishi_asn1_write (handle, lpriv->encprivpart, "seq-number", NULL, 0);
if (rc != SHISHI_OK)
return rc;
rc = shishi_asn1_write (handle, lpriv->encprivpart, "s-address.addr-type",
/* directional */
"3", 0);
if (rc != SHISHI_OK)
return rc;
rc = shishi_asn1_write (handle, lpriv->encprivpart, "s-address.address",
/* sender */
"\x00\x00\x00\x00", 4);
if (rc != SHISHI_OK)
return rc;
rc = shishi_asn1_write (handle, lpriv->encprivpart, "r-address", NULL, 0);
if (rc != SHISHI_OK)
return rc;
return SHISHI_OK;
}
|
|
↓
|
shishi_krberror_pretty_print
|
14
|
43
|
81
|
krberror.c
|
int
shishi_krberror_pretty_print (Shishi * handle, FILE * fh,
Shishi_asn1 krberror)
{
char *buf;
size_t len;
int res;
if (VERBOSEASN1 (handle))
shishi_krberror_print (handle, fh, krberror);
if (shishi_krberror_errorcode_fast (handle, krberror) ==
SHISHI_KRB_ERR_GENERIC)
{
fprintf (fh, "Generic error from server:\n");
res = shishi_krberror_etext (handle, krberror, &buf, &len);
if (res == SHISHI_OK && len > 0)
{
buf[len] = '\0';
fprintf (fh, "%s\n", buf);
free (buf);
}
}
else
{
fprintf (fh, "Error code from server:\n%s\n",
shishi_krberror_message (handle, krberror));
res = shishi_krberror_etext (handle, krberror, &buf, &len);
if (res == SHISHI_OK && len > 0)
{
buf[len] = '\0';
fprintf (fh, "Additional error message from server:\n%s\n", buf);
free (buf);
}
if (shishi_krberror_errorcode_fast (handle, krberror) ==
SHISHI_KDC_ERR_PREAUTH_REQUIRED)
{
Shishi_asn1 pas;
size_t i, n;
res = shishi_krberror_methoddata (handle, krberror, &pas);
if (res != SHISHI_OK)
return res;
if (VERBOSEASN1 (handle))
shishi_methoddata_print (handle, stdout, pas);
res = shishi_asn1_number_of_elements (handle, pas, "", &n);
if (res == SHISHI_OK)
{
fprintf (fh, "Types of PA-DATA in KRB-ERROR: ");
for (i = 1; i <= n; i++)
{
char *format = xasprintf ("?%ld.padata-type", i);
int32_t padatatype;
if (i > 1)
fprintf (fh, ", ");
res = shishi_asn1_read_int32 (handle, pas, format,
&padatatype);
if (res == SHISHI_OK)
printf ("%d", padatatype);
free (format);
}
fprintf (fh, ".\n");
}
shishi_asn1_done (handle, pas);
}
}
return SHISHI_OK;
}
|
|
↓
|
shishi_kdcreq_add_padata_preauth
|
13
|
46
|
68
|
kdcreq.c
|
int
shishi_kdcreq_add_padata_preauth (Shishi * handle,
Shishi_asn1 kdcreq, Shishi_key * key)
{
char *der, *data;
size_t derlen, datalen;
Shishi_asn1 pa;
struct timeval tv;
int rc;
Shishi_asn1 ed;
pa = shishi_asn1_pa_enc_ts_enc (handle);
if (!pa)
return SHISHI_ASN1_ERROR;
rc = gettimeofday (&tv, NULL);
if (rc != 0)
return SHISHI_GETTIMEOFDAY_ERROR;
rc = shishi_asn1_write (handle, pa, "patimestamp",
shishi_generalize_time (handle, tv.tv_sec),
SHISHI_GENERALIZEDTIME_LENGTH);
if (rc != SHISHI_OK)
return rc;
rc = shishi_asn1_write_integer (handle, pa, "pausec", tv.tv_usec);
if (rc != SHISHI_OK)
return rc;
rc = shishi_asn1_to_der (handle, pa, &der, &derlen);
if (rc != SHISHI_OK)
return rc;
rc = shishi_encrypt (handle, key, SHISHI_KEYUSAGE_ASREQ_PA_ENC_TIMESTAMP,
der, derlen, &data, &datalen);
free (der);
if (rc != SHISHI_OK)
return rc;
ed = shishi_asn1_encrypteddata (handle);
if (!ed)
return SHISHI_ASN1_ERROR;
rc = shishi_asn1_write_integer (handle, ed, "etype", shishi_key_type (key));
if (rc != SHISHI_OK)
return rc;
rc = shishi_asn1_write (handle, ed, "cipher", data, datalen);
if (rc != SHISHI_OK)
return rc;
rc = shishi_asn1_write (handle, ed, "kvno", NULL, 0);
if (rc != SHISHI_OK)
return rc;
rc = shishi_asn1_to_der (handle, ed, &der, &derlen);
free (data);
if (rc != SHISHI_OK)
return rc;
rc = shishi_kdcreq_add_padata (handle, kdcreq, SHISHI_PA_ENC_TIMESTAMP,
der, derlen);
free (der);
if (rc != SHISHI_OK)
return rc;
return rc;
}
|
|
↓
|
libgcrypt_dencrypt
|
13
|
43
|
83
|
low-crypto.c
|
static int
libgcrypt_dencrypt (Shishi * handle, int algo, int flags, int mode,
int decryptp,
const char *key, size_t keylen,
const char *iv,
char **ivout, const char *in, size_t inlen, char **out)
{
size_t ivlen = gcry_cipher_get_algo_blklen (algo);
gcry_cipher_hd_t ch;
gpg_error_t err;
err = gcry_cipher_open (&ch, algo, mode, flags);
if (err != GPG_ERR_NO_ERROR)
{
shishi_error_printf (handle, "Libgcrypt cipher open failed");
shishi_error_set (handle, gpg_strerror (err));
return SHISHI_CRYPTO_INTERNAL_ERROR;
}
err = gcry_cipher_setkey (ch, key, keylen);
if (err != GPG_ERR_NO_ERROR)
{
shishi_error_printf (handle, "Libgcrypt setkey failed");
shishi_error_set (handle, gpg_strerror (err));
return SHISHI_CRYPTO_INTERNAL_ERROR;
}
err = gcry_cipher_setiv (ch, iv, ivlen);
if (err != GPG_ERR_NO_ERROR)
{
shishi_error_printf (handle, "Libgcrypt setiv failed");
shishi_error_set (handle, gpg_strerror (err));
return SHISHI_CRYPTO_INTERNAL_ERROR;
}
*out = xmalloc (inlen);
if (decryptp)
err = gcry_cipher_decrypt (ch, (unsigned char *) *out, inlen,
(const unsigned char *) in, inlen);
else
err = gcry_cipher_encrypt (ch, (unsigned char *) *out, inlen,
(const unsigned char *) in, inlen);
if (err != GPG_ERR_NO_ERROR)
{
shishi_error_printf (handle, "Libgcrypt ciphering failed");
shishi_error_set (handle, gpg_strerror (err));
return SHISHI_CRYPTO_INTERNAL_ERROR;
}
if (ivout)
{
size_t ivdiff, ivpos = 0;
*ivout = xmalloc (ivlen);
if (flags & GCRY_CIPHER_CBC_CTS)
{
/* XXX what is the output iv for CBC-CTS mode?
but is this value useful at all for that mode anyway?
Mostly it is DES apps that want the updated iv, so this is ok. */
if (inlen % ivlen)
ivdiff = ivlen + inlen % ivlen;
else
ivdiff = ivlen + ivlen;
if (inlen >= ivdiff)
ivpos = inlen - ivdiff;
}
else
ivpos = inlen - ivlen;
if (decryptp)
memcpy (*ivout, in + ivpos, inlen >= ivlen ? ivlen : inlen);
else
memcpy (*ivout, *out + ivpos, inlen >= ivlen ? ivlen : inlen);
}
gcry_cipher_close (ch);
return SHISHI_OK;
}
|
|
↓
|
shishi_authorize_k5login
|
13
|
39
|
73
|
authorize.c
|
int
shishi_authorize_k5login (Shishi * handle, const char *principal,
const char *authzname)
{
#if HAVE_PWD_H && HAVE_GETPWNAM
struct passwd *pwd;
struct stat sta;
FILE *fic;
char *ficname;
char *line = NULL;
size_t linelength = 0;
int authorized = 0;
pwd = getpwnam (authzname);
if (pwd == NULL || pwd->pw_dir == NULL)
return 0;
asprintf (&ficname, "%s/%s", pwd->pw_dir, ".k5login");
if (stat (ficname, &sta) != 0)
{
/* File .k5login does not exist. */
free (ficname);
return 0;
}
/* Owner should be acting user, or root. */
if ((sta.st_uid != pwd->pw_uid) && (sta.st_uid != 0))
{
free (ficname);
return 0;
}
/* Write access is forbidden for group and world. */
if ((sta.st_mode & S_IWGRP) || (sta.st_mode & S_IWOTH))
{
free (ficname);
return 0;
}
fic = fopen (ficname, "r");
if (fic == NULL)
{
free (ficname);
return 0;
}
while (!feof (fic))
{
char *p;
if (getline (&line, &linelength, fic) == -1)
break;
p = strchr (line, '\n');
if (p)
*p = '\0';
if (strcmp (principal, line) == 0)
{
authorized = 1;
break;
}
}
fclose (fic);
free (ficname);
free (line);
return authorized;
#else
return 0;
#endif
}
|
|
↓
|
sendrecv_host
|
13
|
31
|
60
|
netio.c
|
static int
sendrecv_host (Shishi * handle,
int transport, const char *host, const char *port,
const char *indata, size_t inlen,
char **outdata, size_t * outlen)
{
struct addrinfo hints;
struct addrinfo *ai;
int rc;
memset (&hints, 0, sizeof (hints));
if (transport == TCP || transport == TLS)
hints.ai_socktype = SOCK_STREAM;
else
hints.ai_socktype = SOCK_DGRAM;
hints.ai_flags = AI_ADDRCONFIG;
if (port == NULL)
port = "88";
rc = getaddrinfo (host, port, &hints, &ai);
if (rc != 0)
{
shishi_error_printf (handle, "Cannot find host %s", host);
return SHISHI_KDC_NOT_KNOWN_FOR_REALM;
}
do
{
char nodename[NI_MAXHOST];
size_t j = 0;
rc = getnameinfo (ai->ai_addr, ai->ai_addrlen,
nodename, sizeof (nodename), NULL, 0, NI_NUMERICHOST);
shishi_verbose (handle, "Sending to %s (%s) port %s transport %s",
host, rc == 0 ? nodename : "unknown address", port,
_shishi_transport2string (transport));
do
{
if (transport == TCP)
rc = sendrecv_tcp (handle, ai, indata, inlen, outdata, outlen);
#ifdef USE_STARTTLS
else if (transport == TLS)
rc = _shishi_sendrecv_tls (handle, ai, indata, inlen,
outdata, outlen);
#endif
else
rc = sendrecv_udp (handle, ai, indata, inlen, outdata, outlen);
if (rc != SHISHI_OK)
shishi_verbose (handle, "Error sending to KDC: %s",
shishi_strerror (rc));
}
while (rc == SHISHI_KDC_TIMEOUT && ++j < handle->kdcretries);
}
while (rc != SHISHI_OK && (ai = ai->ai_next));
return rc;
}
|
|
↓
|
shishi_keys_for_serverrealm_in_file
|
13
|
22
|
44
|
keys.c
|
Shishi_key *
shishi_keys_for_serverrealm_in_file (Shishi * handle,
const char *filename,
const char *server, const char *realm)
{
Shishi_key *key = NULL;
FILE *fh;
int res;
fh = fopen (filename, "r");
if (fh == NULL)
return NULL;
res = SHISHI_OK;
while (!feof (fh))
{
res = shishi_key_parse (handle, fh, &key);
if (res != SHISHI_OK || key == NULL)
break;
if (VERBOSENOISE (handle))
{
printf ("Read key:\n");
shishi_key_print (handle, stdout, key);
}
if ((!server ||
(shishi_key_principal (key) &&
strcmp (server, shishi_key_principal (key)) == 0)) &&
(!realm ||
(shishi_key_realm (key) &&
strcmp (realm, shishi_key_realm (key)) == 0)))
break;
shishi_key_done (key);
key = NULL;
}
res = fclose (fh);
if (res != 0)
return NULL;
return key;
}
|
|
↓
|
_shishi_binprint
|
13
|
19
|
23
|
utils.c
|
void
_shishi_binprint (const char *str, int len)
{
int i;
printf ("\t ;; ");
for (i = 0; i < len; i++)
{
printf ("%d%d%d%d%d%d%d%d ",
str[i] & 0x80 ? 1 : 0,
str[i] & 0x40 ? 1 : 0,
str[i] & 0x20 ? 1 : 0,
str[i] & 0x10 ? 1 : 0,
str[i] & 0x08 ? 1 : 0,
str[i] & 0x04 ? 1 : 0,
str[i] & 0x02 ? 1 : 0, str[i] & 0x01 ? 1 : 0);
if ((i + 1) % 3 == 0)
printf (" ");
if ((i + 1) % 6 == 0 && i + 1 < len)
printf ("\n\t ;; ");
}
puts ("");
}
|
|
↓
|
_shishi_simplified_dencrypt
|
12
|
35
|
72
|
crypto.c
|
int
_shishi_simplified_dencrypt (Shishi * handle,
Shishi_key * key,
const char *iv, size_t ivlen,
char **ivout, size_t * ivoutlen,
const char *in, size_t inlen,
char **out, size_t * outlen, int decryptp)
{
int rc;
char *pt;
size_t ptlen;
size_t padzerolen = 0;
if ((inlen % 8) != 0)
while (((inlen + padzerolen) % 8) != 0)
padzerolen++;
ptlen = inlen + padzerolen;
if (padzerolen)
{
pt = xmalloc (ptlen);
memcpy (pt, in, inlen);
memset (pt + inlen, 0, padzerolen);
}
else
pt = (char *) in;
switch (shishi_key_type (key))
{
case SHISHI_DES_CBC_CRC:
case SHISHI_DES_CBC_MD4:
case SHISHI_DES_CBC_MD5:
case SHISHI_DES_CBC_NONE:
rc = shishi_des (handle, decryptp, shishi_key_value (key),
iv, ivout, pt, ptlen, out);
if (ivoutlen)
*ivoutlen = 8;
if (outlen)
*outlen = ptlen;
break;
case SHISHI_DES3_CBC_HMAC_SHA1_KD:
case SHISHI_DES3_CBC_NONE:
rc = shishi_3des (handle, decryptp, shishi_key_value (key),
iv, ivout, pt, inlen + padzerolen, out);
if (ivoutlen)
*ivoutlen = 8;
if (outlen)
*outlen = ptlen;
break;
case SHISHI_AES128_CTS_HMAC_SHA1_96:
case SHISHI_AES256_CTS_HMAC_SHA1_96:
rc = shishi_aes_cts (handle, decryptp,
shishi_key_value (key), shishi_key_length (key),
iv, ivout, in, inlen, out);
if (ivoutlen)
*ivoutlen = 16;
if (outlen)
*outlen = inlen;
break;
default:
rc = SHISHI_CRYPTO_ERROR;
}
if (padzerolen)
free (pt);
return rc;
}
|
|
↓
|
shishi_safe
|
12
|
43
|
63
|
safe.c
|
int
shishi_safe (Shishi * handle, Shishi_safe ** safe)
{
Shishi_safe *lsafe;
struct timeval tv;
char *usec;
int rc;
*safe = xcalloc (1, sizeof (**safe));
lsafe = *safe;
lsafe->handle = handle;
rc = shishi_key (handle, &lsafe->key);
if (rc != SHISHI_OK)
return rc;
lsafe->safe = shishi_asn1_krbsafe (handle);
if (lsafe->safe == NULL)
return SHISHI_ASN1_ERROR;
rc = shishi_asn1_write (handle, lsafe->safe, "pvno", "5", 0);
if (rc != SHISHI_OK)
return rc;
rc = shishi_asn1_write (handle, lsafe->safe, "msg-type", "20", 0);
if (rc != SHISHI_OK)
return rc;
rc = shishi_asn1_write (handle, lsafe->safe, "safe-body.seq-number",
NULL, 0);
if (rc != SHISHI_OK)
return rc;
rc = gettimeofday (&tv, NULL);
if (rc != 0)
return SHISHI_GETTIMEOFDAY_ERROR;
asprintf (&usec, "%ld", tv.tv_usec % 1000000);
rc = shishi_asn1_write (handle, lsafe->safe, "safe-body.usec", usec, 0);
free (usec);
if (rc != SHISHI_OK)
return rc;
rc = shishi_asn1_write (handle, lsafe->safe, "safe-body.timestamp",
shishi_generalize_time (handle, time (NULL)), 0);
if (rc != SHISHI_OK)
return rc;
rc = shishi_asn1_write (handle, lsafe->safe, "safe-body.s-address.addr-type", "3", 0); /* directional */
if (rc != SHISHI_OK)
return rc;
rc = shishi_asn1_write (handle, lsafe->safe, "safe-body.s-address.address", "\x00\x00\x00\x00", 4); /* sender */
if (rc != SHISHI_OK)
return rc;
rc = shishi_asn1_write (handle, lsafe->safe, "safe-body.r-address",
NULL, 0);
if (rc != SHISHI_OK)
return rc;
return SHISHI_OK;
}
|
|
↓
|
parse_principal
|
12
|
34
|
54
|
ccache.c
|
static int
parse_principal (const char **data, size_t * len,
struct ccache_principal *out)
{
size_t n;
int rc;
rc = get_uint32 (data, len, &out->name_type);
if (rc < 0)
return rc;
rc = get_uint32 (data, len, &out->num_components);
if (rc < 0)
return rc;
if (out->num_components >= CCACHE_MAX_COMPONENTS)
return -1;
rc = get_uint32 (data, len, &out->realm.length);
if (rc < 0)
return rc;
if (*len < out->realm.length)
return -1;
out->realm.data = (char *) *data;
*data += out->realm.length;
*len -= out->realm.length;
/* Make sure realm will be zero terminated. This limits component
lengths to 2^24 bytes. */
if (**(char **) data != '\0')
return -1;
for (n = 0; n < out->num_components; n++)
{
rc = get_uint32 (data, len, &out->components[n].length);
if (rc < 0)
return rc;
if (*len < out->components[n].length)
return -1;
out->components[n].data = (char *) *data;
*data += out->components[n].length;
*len -= out->components[n].length;
/* Make sure component is zero terminated. This limits the
length of the next component to 2^24 bytes. Note that you'll
have to test after the last component elsewhere. */
if (*len > 0 && **(char **) data != '\0')
return -1;
}
return 0;
}
|
|
↓
|
shishi_ap_req_build
|
12
|
31
|
74
|
ap.c
|
int
shishi_ap_req_build (Shishi_ap * ap)
{
int res;
int cksumtype;
if (VERBOSE (ap->handle))
printf ("Building AP-REQ...\n");
if (VERBOSEASN1 (ap->handle))
{
shishi_ticket_print (ap->handle, stdout, shishi_tkt_ticket (ap->tkt));
shishi_key_print (ap->handle, stdout, shishi_tkt_key (ap->tkt));
}
res = shishi_apreq_set_ticket (ap->handle, ap->apreq,
shishi_tkt_ticket (ap->tkt));
if (res != SHISHI_OK)
{
shishi_error_printf (ap->handle, "Could not set ticket in AP-REQ: %s\n",
shishi_error (ap->handle));
return res;
}
cksumtype = shishi_ap_authenticator_cksumtype (ap);
if (ap->authenticatorcksumraw && ap->authenticatorcksumrawlen > 0)
res = shishi_authenticator_set_cksum (ap->handle, ap->authenticator,
cksumtype,
ap->authenticatorcksumraw,
ap->authenticatorcksumrawlen);
else if (cksumtype == SHISHI_NO_CKSUMTYPE)
res = shishi_authenticator_add_cksum (ap->handle, ap->authenticator,
shishi_tkt_key (ap->tkt),
ap->authenticatorcksumkeyusage,
ap->authenticatorcksumdata,
ap->authenticatorcksumdatalen);
else
res = shishi_authenticator_add_cksum_type (ap->handle, ap->authenticator,
shishi_tkt_key (ap->tkt),
ap->authenticatorcksumkeyusage,
cksumtype,
ap->authenticatorcksumdata,
ap->authenticatorcksumdatalen);
if (res != SHISHI_OK)
{
shishi_error_printf (ap->handle,
"Could not add checksum to authenticator: %s\n",
shishi_error (ap->handle));
return res;
}
if (VERBOSE (ap->handle))
printf ("Got Authenticator...\n");
if (VERBOSEASN1 (ap->handle))
shishi_authenticator_print (ap->handle, stdout, ap->authenticator);
res = shishi_apreq_add_authenticator (ap->handle, ap->apreq,
shishi_tkt_key (ap->tkt),
ap->authenticatorkeyusage,
ap->authenticator);
if (res != SHISHI_OK)
{
shishi_error_printf (ap->handle, "Could not set authenticator: %s\n",
shishi_error (ap->handle));
return res;
}
if (VERBOSEASN1 (ap->handle))
shishi_apreq_print (ap->handle, stdout, ap->apreq);
return SHISHI_OK;
}
|
|
↓
|
set_tgtflags_based_on_hint
|
12
|
24
|
43
|
tkts.c
|
static void
set_tgtflags_based_on_hint (Shishi_tkts_hint * tkthint,
Shishi_tkts_hint * tgthint)
{
if (tkthint->tktflags & SHISHI_TICKETFLAGS_FORWARDABLE)
tgthint->tktflags |= SHISHI_TICKETFLAGS_FORWARDABLE;
if (tkthint->tktflags & SHISHI_TICKETFLAGS_FORWARDED)
tgthint->tktflags |= SHISHI_TICKETFLAGS_FORWARDABLE;
if (tkthint->tktflags & SHISHI_TICKETFLAGS_PROXIABLE)
tgthint->tktflags |= SHISHI_TICKETFLAGS_PROXIABLE;
if (tkthint->tktflags & SHISHI_TICKETFLAGS_PROXY)
tgthint->tktflags |= SHISHI_TICKETFLAGS_PROXIABLE;
if (tkthint->tktflags & SHISHI_TICKETFLAGS_RENEWABLE)
tgthint->tktflags |= SHISHI_TICKETFLAGS_RENEWABLE;
if (tkthint->kdcoptions & SHISHI_KDCOPTIONS_RENEW)
tgthint->tktflags |= SHISHI_TICKETFLAGS_RENEWABLE;
if (tkthint->endtime)
tgthint->endtime = tkthint->endtime;
if (tkthint->passwd)
tgthint->passwd = tkthint->passwd;
if (tkthint->preauthetype)
tgthint->preauthetype = tkthint->preauthetype;
if (tkthint->preauthsalt)
{
tgthint->preauthsalt = tkthint->preauthsalt;
tgthint->preauthsaltlen = tkthint->preauthsaltlen;
}
if (tkthint->preauths2kparams)
{
tgthint->preauths2kparams = tkthint->preauths2kparams;
tgthint->preauths2kparamslen = tkthint->preauths2kparamslen;
}
}
|
|
↓
|
_shishi_bin7print
|
12
|
18
|
22
|
utils.c
|
void
_shishi_bin7print (const char *str, int len)
{
int i;
printf ("\t ;; ");
for (i = 0; i < len; i++)
{
printf ("%d%d%d%d%d%d%d ",
str[i] & 0x40 ? 1 : 0,
str[i] & 0x20 ? 1 : 0,
str[i] & 0x10 ? 1 : 0,
str[i] & 0x08 ? 1 : 0,
str[i] & 0x04 ? 1 : 0,
str[i] & 0x02 ? 1 : 0, str[i] & 0x01 ? 1 : 0);
if ((i + 1) % 3 == 0)
printf (" ");
if ((i + 1) % 6 == 0 && i + 1 < len)
printf ("\n\t ;; ");
}
puts ("");
}
|
|
↓
|
shishi_as_derive_salt
|
11
|
46
|
67
|
kdc.c
|
int
shishi_as_derive_salt (Shishi * handle,
Shishi_asn1 asreq,
Shishi_asn1 asrep, char **salt, size_t * saltlen)
{
size_t i, n;
char *format;
int res;
res = shishi_asn1_number_of_elements (handle, asrep, "padata", &n);
if (res == SHISHI_ASN1_NO_ELEMENT)
n = 0;
else if (res != SHISHI_OK)
return res;
for (i = 1; i <= n; i++)
{
int patype;
asprintf (&format, "padata.?%ld.padata-type", i);
res = shishi_asn1_read_int32 (handle, asrep, format, &patype);
free (format);
if (res != SHISHI_OK)
return res;
if (patype == SHISHI_PA_PW_SALT)
{
asprintf (&format, "padata.?%ld.padata-value", i);
res = shishi_asn1_read (handle, asrep, format, salt, saltlen);
free (format);
if (res != SHISHI_OK)
return res;
return SHISHI_OK;
}
}
res = shishi_kdcreq_realm (handle, asreq, salt, saltlen);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_number_of_elements (handle, asreq,
"req-body.cname.name-string", &n);
if (res != SHISHI_OK)
return res;
for (i = 1; i <= n; i++)
{
char *tmp;
size_t tmplen;
asprintf (&format, "req-body.cname.name-string.?%ld", i);
res = shishi_asn1_read (handle, asreq, format, &tmp, &tmplen);
free (format);
if (res != SHISHI_OK)
return res;
*saltlen += tmplen;
*salt = xrealloc (*salt, *saltlen + 1);
memcpy (*salt + *saltlen - tmplen, tmp, tmplen);
(*salt)[*saltlen] = '\0';
free (tmp);
}
return SHISHI_OK;
}
|
|
↓
|
shishi_kdcrep_decrypt
|
11
|
39
|
70
|
kdcrep.c
|
int
shishi_kdcrep_decrypt (Shishi * handle,
Shishi_asn1 kdcrep,
Shishi_key * key,
int keyusage, Shishi_asn1 * enckdcreppart)
{
int res;
int i;
char *buf;
size_t buflen;
char *cipher;
size_t cipherlen;
int etype;
res = shishi_kdcrep_get_enc_part_etype (handle, kdcrep, &etype);
if (res != SHISHI_OK)
return res;
if (etype != shishi_key_type (key))
return SHISHI_KDCREP_BAD_KEYTYPE;
res = shishi_asn1_read (handle, kdcrep, "enc-part.cipher",
&cipher, &cipherlen);
if (res != SHISHI_OK)
return res;
res = shishi_decrypt (handle, key, keyusage,
cipher, cipherlen, &buf, &buflen);
free (cipher);
if (res != SHISHI_OK)
{
shishi_error_printf (handle,
"KDCRep decryption failed, wrong password?");
return res;
}
/* The crypto is so 1980; no length indicator. Trim off pad bytes
until we can parse it. */
for (i = 0; i < 8; i++)
{
if (VERBOSEASN1 (handle))
printf ("Trying with %d pad in enckdcrep...\n", i);
*enckdcreppart = shishi_der2asn1_encasreppart (handle, &buf[0],
buflen - i);
if (*enckdcreppart != NULL)
break;
*enckdcreppart = shishi_der2asn1_enctgsreppart (handle, &buf[0],
buflen - i);
if (*enckdcreppart != NULL)
break;
*enckdcreppart = shishi_der2asn1_enckdcreppart (handle, &buf[0],
buflen - i);
if (*enckdcreppart != NULL)
break;
}
free (buf);
if (*enckdcreppart == NULL)
{
shishi_error_printf (handle, "Could not DER decode EncKDCRepPart. "
"Password probably correct (decrypt ok) though\n");
return SHISHI_ASN1_ERROR;
}
return SHISHI_OK;
}
|
|
↓
|
shishi_tkts_get_tgs
|
11
|
31
|
51
|
tkts.c
|
Shishi_tkt *
shishi_tkts_get_tgs (Shishi_tkts * tkts,
Shishi_tkts_hint * hint, Shishi_tkt * tgt)
{
Shishi_tgs *tgs;
Shishi_tkt *tkt;
int rc;
rc = shishi_tgs (tkts->handle, &tgs);
shishi_tgs_tgtkt_set (tgs, tgt);
if (rc == SHISHI_OK)
rc = act_hint_on_kdcreq (tkts->handle, hint, shishi_tgs_req (tgs));
if (rc == SHISHI_OK)
rc = shishi_tgs_set_server (tgs, hint->server);
if (rc == SHISHI_OK)
rc = shishi_tgs_req_build (tgs);
if (rc == SHISHI_OK)
rc = shishi_tgs_sendrecv_hint (tgs, hint);
if (rc == SHISHI_OK)
rc = shishi_tgs_rep_process (tgs);
if (rc != SHISHI_OK)
{
shishi_error_printf (tkts->handle,
"TGS exchange failed: %s\n%s\n",
shishi_strerror (rc), shishi_error (tkts->handle));
if (rc == SHISHI_GOT_KRBERROR)
shishi_krberror_pretty_print (tkts->handle, stdout,
shishi_tgs_krberror (tgs));
return NULL;
}
tkt = shishi_tgs_tkt (tgs);
if (!tkt)
{
shishi_error_printf (tkts->handle, "No ticket in TGS-REP?!: %s",
shishi_error (tkts->handle));
return NULL;
}
if (VERBOSENOISE (tkts->handle))
{
printf ("Received ticket:\n");
shishi_tkt_pretty_print (tkt, stdout);
}
rc = shishi_tkts_add (tkts, tkt);
if (rc != SHISHI_OK)
printf ("Could not add ticket: %s", shishi_strerror (rc));
return tkt;
}
|
|
|
recover_preauth
|
10
|
45
|
96
|
tkts.c
|
|
|
sendrecv_tcp
|
10
|
55
|
92
|
netio.c
|
|
|
shishi_dr
|
10
|
45
|
74
|
crypto.c
|
|
|
shishi_as_check_cname
|
10
|
36
|
57
|
kdc.c
|
|
|
shishi_authenticator
|
10
|
35
|
73
|
authenticator.c
|
|
|
maybe_install_usercfg
|
10
|
34
|
55
|
init.c
|
|
|
_shishi_kdcreq_input
|
10
|
32
|
62
|
diskio.c
|
|
|
_shishi_read_armored_data
|
10
|
32
|
61
|
diskio.c
|
|
|
shishi_key_print
|
10
|
31
|
48
|
diskio.c
|
|
|
_shishi_kdcrep_input
|
10
|
30
|
61
|
diskio.c
|
|
|
_shishi_enckdcreppart_input
|
10
|
29
|
65
|
diskio.c
|
|
|
_shishi_simplified_derivekey
|
10
|
28
|
57
|
crypto.c
|
|
|
shishi_kdcreq_build
|
10
|
25
|
48
|
kdcreq.c
|
|
|
shishi_as_sendrecv_hint
|
10
|
22
|
35
|
as.c
|
|
|
_shishi_escapeprint
|
9
|
9
|
15
|
utils.c
|
|
|
shishi_n_fold
|
9
|
53
|
100
|
crypto.c
|
|
|
shishi_kdcreq_sendrecv_hint
|
9
|
40
|
78
|
kdc.c
|
|
|
shishi_kdc_copy_cname
|
9
|
35
|
50
|
kdc.c
|
|
|
shishi_priv_process
|
9
|
33
|
57
|
priv.c
|
|
|
shishi_apreq_decrypt
|
9
|
32
|
58
|
apreq.c
|
|
|
shishi_aprep_decrypt
|
9
|
32
|
58
|
aprep.c
|
|
|
shishi_ticket_decrypt
|
9
|
32
|
57
|
ticket.c
|
|
|
pack_principal
|
9
|
30
|
42
|
ccache.c
|
|
|
shishi_tgs_req_build
|
9
|
26
|
54
|
tgs.c
|
|
|
shishi_kdc_check_nonce_1
|
9
|
22
|
48
|
kdc.c
|
|
|
shishi_priv_from_file
|
9
|
21
|
34
|
priv.c
|
|
|
shishi_priv_to_file
|
9
|
21
|
34
|
priv.c
|
|
|
shishi_safe_from_file
|
9
|
21
|
34
|
safe.c
|
|
|
shishi_kdcreq_from_file
|
9
|
21
|
34
|
kdcreq.c
|
|
|
shishi_apreq_from_file
|
9
|
21
|
34
|
apreq.c
|
|
|
shishi_safe_to_file
|
9
|
21
|
34
|
safe.c
|
|
|
shishi_authenticator_from_file
|
9
|
21
|
34
|
authenticator.c
|
|
|
shishi_encapreppart_from_file
|
9
|
21
|
34
|
encapreppart.c
|
|
|
shishi_kdcrep_from_file
|
9
|
21
|
34
|
kdcrep.c
|
|
|
shishi_aprep_from_file
|
9
|
21
|
34
|
aprep.c
|
|
|
shishi_kdcreq_to_file
|
9
|
21
|
34
|
kdcreq.c
|
|
|
shishi_krberror_from_file
|
9
|
21
|
34
|
krberror.c
|
|
|
shishi_apreq_to_file
|
9
|
21
|
34
|
apreq.c
|
|
|
shishi_authenticator_to_file
|
9
|
21
|
34
|
authenticator.c
|
|
|
shishi_asn1_read
|
9
|
21
|
41
|
asn1.c
|
|
|
shishi_kdcrep_to_file
|
9
|
21
|
34
|
kdcrep.c
|
|
|
shishi_encapreppart_to_file
|
9
|
21
|
34
|
encapreppart.c
|
|
|
shishi_aprep_to_file
|
9
|
21
|
34
|
aprep.c
|
|
|
shishi_krberror_to_file
|
9
|
21
|
34
|
krberror.c
|
|
|
shishi_tgs_sendrecv_hint
|
9
|
20
|
35
|
tgs.c
|
|
|
des_verify
|
8
|
38
|
70
|
crypto-des.c
|
|
|
key_to_keytab_entry
|
8
|
84
|
122
|
keytab.c
|
|
|
sendrecv_udp
|
8
|
43
|
71
|
netio.c
|
|
|
arcfour_hmac_md5_checksum
|
8
|
42
|
75
|
crypto-rc4.c
|
|
|
main
|
8
|
37
|
69
|
ccache.c
|
|
|
shishi_tkt
|
8
|
31
|
69
|
tkt.c
|
|
|
shishi_ap_req_process_keyusage
|
8
|
30
|
70
|
ap.c
|
|
|
shishi_encrypt_ivupdate_etype
|
8
|
29
|
63
|
crypto.c
|
|
|
shishi_encapreppart
|
8
|
28
|
60
|
encapreppart.c
|
|
|
shishi_aprep_verify
|
8
|
26
|
60
|
aprep.c
|
|
|
_shishi_simplified_decrypt
|
8
|
26
|
61
|
crypto.c
|
|
|
_shishi_priv_input
|
8
|
24
|
48
|
diskio.c
|
|
|
_shishi_safe_input
|
8
|
24
|
48
|
diskio.c
|
|
|
_shishi_krberror_input
|
8
|
24
|
49
|
diskio.c
|
|
|
_shishi_authenticator_input
|
8
|
24
|
49
|
diskio.c
|
|
|
_shishi_encapreppart_input
|
8
|
24
|
50
|
diskio.c
|
|
|
_shishi_aprep_input
|
8
|
24
|
48
|
diskio.c
|
|
|
_shishi_apreq_input
|
8
|
24
|
48
|
diskio.c
|
|
|
shishi_tgs_rep_build
|
8
|
23
|
45
|
tgs.c
|
|
|
shishi_as_rep_build
|
8
|
23
|
46
|
as.c
|
|
|
shishi_tgs_rep_process
|
8
|
22
|
46
|
tgs.c
|
|
|
_shishi_ticket_input
|
8
|
22
|
43
|
diskio.c
|
|
|
do_preauth
|
8
|
21
|
49
|
tkts.c
|
|
|
shishi_realm_for_server_file
|
8
|
21
|
34
|
realm.c
|
|
|
shishi_realm_for_server_dns
|
8
|
19
|
33
|
realm.c
|
|
|
des_decrypt_verify
|
8
|
38
|
78
|
crypto-des.c
|
|
|
shishi_authorized_p
|
7
|
27
|
52
|
authorize.c
|
|
|
des3_string_to_key
|
7
|
37
|
65
|
crypto-3des.c
|
|
|
aes_string_to_key
|
7
|
35
|
65
|
crypto-aes.c
|
|
|
shishi_principal_name_realm
|
7
|
30
|
60
|
principal.c
|
|
|
shishi_done
|
7
|
30
|
49
|
init.c
|
|
|
shishi_asn1_to_der_field
|
7
|
29
|
61
|
asn1.c
|
|
|
rot13
|
7
|
28
|
51
|
crypto.c
|
|
|
shishi_tgs
|
7
|
27
|
50
|
tgs.c
|
|
|
shishi_tkts_print_for_service
|
7
|
26
|
50
|
tkts.c
|
|
|
shishi_tkts_read
|
7
|
25
|
43
|
tkts.c
|
|
|
shishi_aprep
|
7
|
23
|
46
|
aprep.c
|
|
|
ocadd
|
7
|
21
|
33
|
crypto.c
|
|
|
shishi_krberror
|
7
|
21
|
41
|
krberror.c
|
|
|
shishi_keys_from_file
|
7
|
21
|
37
|
keys.c
|
|
|
shishi_kdc_process
|
7
|
20
|
54
|
kdc.c
|
|
|
shishi_tkts_find
|
7
|
19
|
30
|
tkts.c
|
|
|
srv_compare
|
7
|
16
|
25
|
resolv.c
|
|
|
shishi_cipher_parse
|
7
|
16
|
21
|
crypto.c
|
|
|
shishi_ap_rep_verify
|
7
|
16
|
30
|
ap.c
|
|
|
shishi_init_server_with_paths
|
7
|
11
|
19
|
init.c
|
|
|
shishi_realm_default_guess
|
7
|
11
|
21
|
realm.c
|
|
|
shishi_tkt_key
|
7
|
10
|
24
|
tkt.c
|
|
|
shishi_init_server
|
6
|
9
|
18
|
init.c
|
|
|
arcfour_keyusage
|
6
|
7
|
63
|
crypto-rc4.c
|
|
|
init_handle
|
6
|
41
|
73
|
init.c
|
|
|
armor_data
|
6
|
30
|
56
|
diskio.c
|
|
|
shishi_cfg_print
|
6
|
27
|
35
|
cfg.c
|
|
|
shishi_principal_name_set
|
6
|
27
|
42
|
principal.c
|
|
|
shishi_as
|
6
|
25
|
46
|
as.c
|
|
|
shishi_decrypt_ivupdate_etype
|
6
|
25
|
57
|
crypto.c
|
|
|
shishi_kdcreq_get_padata
|
6
|
25
|
40
|
kdcreq.c
|
|
|
shishi_cfg_authorizationtype_set
|
6
|
24
|
39
|
cfg.c
|
|
|
shishi_cfg_clientkdcetype_set
|
6
|
24
|
38
|
cfg.c
|
|
|
shishi_encticketpart
|
6
|
24
|
45
|
encticketpart.c
|
|
|
shishi_ticket_sname_set
|
6
|
23
|
37
|
ticket.c
|
|
|
shishi_tkt_lastreq
|
6
|
23
|
38
|
tkt.c
|
|
|
shishi_safe_build
|
6
|
22
|
36
|
safe.c
|
|
|
shishi_tkts_write
|
6
|
21
|
46
|
tkts.c
|
|
|
shishi_enckdcreppart_sname_set
|
6
|
21
|
38
|
enckdcreppart.c
|
|
|
simplified_hmac_verify
|
6
|
21
|
37
|
crypto.c
|
|
|
ccache_pack
|
6
|
19
|
28
|
ccache.c
|
|
|
_shishi_kdcrep
|
6
|
18
|
36
|
kdcrep.c
|
|
|
shishi_keys_to_file
|
6
|
16
|
27
|
keys.c
|
|
|
shishi_tkt_lastreq_pretty_print
|
6
|
16
|
28
|
tkt.c
|
|
|
shishi_key_to_file
|
6
|
16
|
26
|
diskio.c
|
|
|
shishi_tkts_expire
|
6
|
12
|
27
|
tkts.c
|
|
|
shishi_asn1_read_optional
|
5
|
8
|
17
|
asn1.c
|
|
|
des_encrypt_checksum
|
5
|
28
|
51
|
crypto-des.c
|
|
|
shishi_des_cbc_mac
|
5
|
26
|
50
|
low-crypto.c
|
|
|
shishi_aprep_enc_part_add
|
5
|
25
|
51
|
aprep.c
|
|
|
des3_random_to_key
|
5
|
24
|
45
|
crypto-3des.c
|
|
|
shishi_ap_nosubkey
|
5
|
24
|
47
|
ap.c
|
|
|
des_checksum
|
5
|
23
|
40
|
crypto-des.c
|
|
|
shishi_safe_verify
|
5
|
22
|
35
|
safe.c
|
|
|
shishi_as_check_crealm
|
5
|
22
|
43
|
kdc.c
|
|
|
shishi_verify
|
5
|
22
|
44
|
crypto.c
|
|
|
shishi_checksum
|
5
|
21
|
45
|
crypto.c
|
|
|
shishi_authenticator_add_authorizationdata
|
5
|
20
|
37
|
authenticator.c
|
|
|
shishi_kdcreq_add_padata
|
5
|
20
|
31
|
kdcreq.c
|
|
|
shishi_authenticator_authorizationdata
|
5
|
19
|
33
|
authenticator.c
|
|
|
shishi_kdcreq_set_etype
|
5
|
18
|
27
|
kdcreq.c
|
|
|
shishi_as_process
|
5
|
18
|
34
|
kdc.c
|
|
|
shishi_encapreppart_time_copy
|
5
|
18
|
29
|
encapreppart.c
|
|
|
ccache_parse
|
5
|
18
|
28
|
ccache.c
|
|
|
sendrecv_srv3
|
5
|
18
|
35
|
netio.c
|
|
|
shishi_derive_default_salt
|
5
|
17
|
31
|
principal.c
|
|
|
shishi_encapreppart_get_key
|
5
|
17
|
29
|
encapreppart.c
|
|
|
shishi_tkts_get
|
5
|
16
|
30
|
tkts.c
|
|
|
shishi_ap_req_decode
|
5
|
15
|
29
|
ap.c
|
|
|
sendrecv_static
|
5
|
15
|
30
|
netio.c
|
|
|
sendrecv_srv2
|
5
|
15
|
30
|
netio.c
|
|
|
shishi_enckdcreppart
|
5
|
15
|
25
|
enckdcreppart.c
|
|
|
des3none_dencrypt
|
5
|
14
|
42
|
crypto-3des.c
|
|
|
shishi_key_from_base64
|
5
|
14
|
31
|
key.c
|
|
|
shishi_kdcreq_get_padata_tgs
|
5
|
14
|
25
|
kdcreq.c
|
|
|
shishi_kdcrep_set_enc_part
|
5
|
13
|
25
|
kdcrep.c
|
|
|
des_set_odd_key_parity
|
5
|
13
|
18
|
crypto-des.c
|
|
|
shishi_apreq_set_authenticator
|
5
|
13
|
26
|
apreq.c
|
|
|
shishi_ticket_set_enc_part
|
5
|
13
|
25
|
ticket.c
|
|
|
shishi_tkt_key_set
|
5
|
13
|
24
|
tkt.c
|
|
|
des_set_odd_key_parity
|
5
|
13
|
18
|
crypto-3des.c
|
|
|
shishi_keys_done
|
5
|
12
|
19
|
keys.c
|
|
|
shishi_tkts_remove
|
5
|
12
|
27
|
tkts.c
|
|
|
shishi_pbkdf2_sha1
|
5
|
11
|
24
|
low-crypto.c
|
|
|
_shishi_hexprint
|
5
|
11
|
16
|
utils.c
|
|
|
shishi_kdc_sendrecv_hint
|
5
|
11
|
27
|
netio.c
|
|
|
raw_des_checksum1
|
4
|
29
|
53
|
crypto-des.c
|
|
|
raw_des_checksum0
|
4
|
26
|
47
|
crypto-des.c
|
|
|
shishi_principal_default_guess
|
4
|
9
|
15
|
principal.c
|
|
|
shishi_ap_string2option
|
4
|
9
|
16
|
ap.c
|
|
|
shishi_ap_authenticator_cksumdata
|
4
|
7
|
13
|
ap.c
|
|
|
_shishi_transport2string
|
4
|
7
|
12
|
cfg.c
|
|
|
shishi_tkts_done
|
4
|
7
|
14
|
tkts.c
|
|
|
shishi_der_msgtype
|
4
|
3
|
9
|
asn1.c
|
|
|
shishi_keys_to_keytab_mem
|
4
|
22
|
41
|
keytab.c
|
|
|
shishi_string_to_key
|
4
|
21
|
46
|
crypto.c
|
|
|
shishi_key_value_set
|
4
|
2
|
8
|
key.c
|
|
|
shishi_principal_set
|
4
|
19
|
33
|
principal.c
|
|
|
shishi_dk
|
4
|
19
|
36
|
crypto.c
|
|
|
shishi_ticket_set_server
|
4
|
19
|
31
|
ticket.c
|
|
|
shishi_random_to_key
|
4
|
18
|
39
|
crypto.c
|
|
|
shishi_priv_build
|
4
|
18
|
36
|
priv.c
|
|
|
shishi_enckdcreppart_server_set
|
4
|
18
|
31
|
enckdcreppart.c
|
|
|
shishi_key_from_name
|
4
|
17
|
36
|
key.c
|
|
|
shishi_authenticator_get_subkey
|
4
|
16
|
29
|
authenticator.c
|
|
|
shishi_der2asn1_kdcreq
|
4
|
16
|
32
|
asn1.c
|
|
|
shishi_enckdcreppart_get_key
|
4
|
15
|
26
|
enckdcreppart.c
|
|
|
shishi_encticketpart_get_key
|
4
|
15
|
26
|
encticketpart.c
|
|
|
shishi_asn1_read_bitstring
|
4
|
15
|
30
|
asn1.c
|
|
|
shishi_asn1_read_int32
|
4
|
15
|
26
|
asn1.c
|
|
|
shishi_key_random
|
4
|
14
|
24
|
key.c
|
|
|
skip_authdata
|
4
|
14
|
22
|
ccache.c
|
|
|
skip_address
|
4
|
14
|
22
|
ccache.c
|
|
|
shishi_tkts_to_file
|
4
|
13
|
23
|
tkts.c
|
|
|
_shishi_asn1_init
|
4
|
13
|
28
|
asn1.c
|
|
|
shishi_tkts_from_file
|
4
|
13
|
23
|
tkts.c
|
|
|
shishi_ap_rep_build
|
4
|
13
|
27
|
ap.c
|
|
|
shishi_krberror_methoddata
|
4
|
13
|
26
|
krberror.c
|
|
|
shishi_encasreppart
|
4
|
12
|
20
|
enckdcreppart.c
|
|
|
shishi_tgs_req_process
|
4
|
12
|
21
|
tgs.c
|
|
|
shishi_checksum_parse
|
4
|
11
|
17
|
crypto.c
|
|
|
shishi_authenticator_add_cksum_type
|
4
|
11
|
28
|
authenticator.c
|
|
|
shishi_authorization_parse
|
4
|
11
|
19
|
authorize.c
|
|
|
shishi_tkt_renew_tillc
|
4
|
11
|
19
|
tkt.c
|
|
|
shishi_tkt_startctime
|
4
|
11
|
19
|
tkt.c
|
|
|
shishi_cfg_default_userdirectory
|
4
|
10
|
19
|
cfg.c
|
|
|
des_key_correction
|
4
|
10
|
19
|
crypto-des.c
|
|
|
shishi_asn1_read_inline
|
4
|
10
|
20
|
asn1.c
|
|
|
shishi_verbose
|
3
|
15
|
32
|
error.c
|
|
|
shishi_checksum_name
|
3
|
9
|
15
|
crypto.c
|
|
|
shishi_asn1_number_of_elements
|
3
|
9
|
19
|
asn1.c
|
|
|
write_binary_file
|
3
|
9
|
16
|
keytab.c
|
|
|
shishi_cipher_name
|
3
|
9
|
15
|
crypto.c
|
|
|
shishi_key_from_string
|
3
|
9
|
23
|
key.c
|
|
|
shishi_kdc_copy_nonce
|
3
|
9
|
17
|
kdc.c
|
|
|
shishi_tkts_from_ccache_file
|
3
|
9
|
19
|
tktccache.c
|
|
|
shishi_tkts_from_ccache_mem
|
3
|
9
|
20
|
tktccache.c
|
|
|
shishi_keys_from_keytab_file
|
3
|
9
|
19
|
keytab.c
|
|
|
shishi_keys_from_keytab_mem
|
3
|
9
|
20
|
keytab.c
|
|
|
shishi_strerror
|
3
|
9
|
16
|
error.c
|
|
|
shishi_krberror_errorcode_message
|
3
|
9
|
16
|
krberror.c
|
|
|
shishi_authenticator_subkey
|
3
|
9
|
16
|
authenticator.c
|
|
|
shishi_get_date
|
3
|
9
|
19
|
utils.c
|
|
|
shishi_authenticator_set_subkey
|
3
|
8
|
20
|
authenticator.c
|
|
|
shishi_ap_req_der
|
3
|
8
|
15
|
ap.c
|
|
|
shishi_tgs_set_realmserver
|
3
|
8
|
16
|
tgs.c
|
|
|
shishi_authenticator_set_cksum
|
3
|
8
|
20
|
authenticator.c
|
|
|
shishi_krberror_remove_sname
|
3
|
8
|
16
|
krberror.c
|
|
|
shishi_authenticator_cksum
|
3
|
8
|
20
|
authenticator.c
|
|
|
shishi_tkt_flags_set
|
3
|
8
|
17
|
tkt.c
|
|
|
shishi_kdcreq_set_realmserver
|
3
|
8
|
16
|
kdcreq.c
|
|
|
shishi_priv_set_enc_part
|
3
|
8
|
19
|
priv.c
|
|
|
shishi_ap_tktoptionsasn1usage
|
3
|
8
|
25
|
ap.c
|
|
|
shishi_ap_etype_tktoptionsdata
|
3
|
8
|
19
|
ap.c
|
|
|
null_decrypt
|
3
|
8
|
19
|
crypto-null.c
|
|
|
shishi_safe_set_cksum
|
3
|
8
|
17
|
safe.c
|
|
|
shishi_ap_tktoptionsraw
|
3
|
8
|
18
|
ap.c
|
|
|
shishi_safe_cksum
|
3
|
8
|
17
|
safe.c
|
|
|
shishi_enckdcreppart_srealmserver_set
|
3
|
8
|
17
|
enckdcreppart.c
|
|
|
shishi_ap_tktoptionsdata
|
3
|
8
|
18
|
ap.c
|
|
|
shishi_krberror_der
|
3
|
8
|
16
|
krberror.c
|
|
|
shishi_ap_tktoptions
|
3
|
8
|
16
|
ap.c
|
|
|
shishi_tkt_serverrealm_set
|
3
|
8
|
18
|
tkt.c
|
|
|
shishi_tkt_clientrealm_set
|
3
|
8
|
19
|
tkt.c
|
|
|
shishi_kdcrep_crealmserver_set
|
3
|
8
|
17
|
kdcrep.c
|
|
|
shishi_key_from_value
|
3
|
8
|
16
|
key.c
|
|
|
null_encrypt
|
3
|
8
|
19
|
crypto-null.c
|
|
|
shishi_aprep_enc_part_set
|
3
|
8
|
17
|
aprep.c
|
|
|
shishi_encticketpart_transited_set
|
3
|
8
|
20
|
encticketpart.c
|
|
|
shishi_encticketpart_cname_set
|
3
|
8
|
19
|
encticketpart.c
|
|
|
shishi_ticket_srealmserver_set
|
3
|
8
|
17
|
ticket.c
|
|
|
shishi_ap_rep_verify_der
|
3
|
8
|
15
|
ap.c
|
|
|
shishi_enckdcreppart_key_set
|
3
|
8
|
18
|
enckdcreppart.c
|
|
|
shishi_ap_rep_der
|
3
|
8
|
15
|
ap.c
|
|
|
_shishi_verify
|
3
|
7
|
11
|
crypto.c
|
|
|
_shishi_checksum
|
3
|
7
|
11
|
crypto.c
|
|
|
shishi_checksum_cksumlen
|
3
|
7
|
11
|
crypto.c
|
|
|
shishi_checksum_supported_p
|
3
|
7
|
11
|
crypto.c
|
|
|
_shishi_cipher_decrypt
|
3
|
7
|
11
|
crypto.c
|
|
|
shishi_krberror_ctime_set
|
3
|
7
|
16
|
krberror.c
|
|
|
_shishi_cipher_encrypt
|
3
|
7
|
11
|
crypto.c
|
|
|
_shishi_realminfo
|
3
|
7
|
11
|
cfg.c
|
|
|
_shishi_cipher_string_to_key
|
3
|
7
|
11
|
crypto.c
|
|
|
_shishi_cipher_random_to_key
|
3
|
7
|
11
|
crypto.c
|
|
|
shishi_cipher_defaultcksumtype
|
3
|
7
|
11
|
crypto.c
|
|
|
shishi_cipher_randomlen
|
3
|
7
|
11
|
crypto.c
|
|
|
shishi_cipher_keylen
|
3
|
7
|
11
|
crypto.c
|
|
|
shishi_randomize
|
3
|
7
|
15
|
low-crypto.c
|
|
|
shishi_cipher_confoundersize
|
3
|
7
|
11
|
crypto.c
|
|
|
shishi_cipher_blocksize
|
3
|
7
|
11
|
crypto.c
|
|
|
shishi_cipher_supported_p
|
3
|
7
|
11
|
crypto.c
|
|
|
shishi_hostkeys_default_file
|
3
|
7
|
14
|
hostkeys.c
|
|
|
shishi_enckdcreppart_renew_till_set
|
3
|
7
|
17
|
enckdcreppart.c
|
|
|
shishi_tkts_add
|
3
|
7
|
15
|
tkts.c
|
|
|
shishi_enckdcreppart_starttime_set
|
3
|
7
|
17
|
enckdcreppart.c
|
|
|
shishi_tkt_valid_at_time_p
|
3
|
6
|
12
|
tkt.c
|
|
|
shishi_asn1_done
|
3
|
5
|
14
|
asn1.c
|
|
|
shishi_error_set
|
3
|
5
|
13
|
error.c
|
|
|
shishi_init_with_paths
|
3
|
4
|
12
|
init.c
|
|
|
shishi_check_version
|
3
|
3
|
8
|
version.c
|
|
|
shishi_init
|
3
|
3
|
10
|
init.c
|
|
|
shishi_tkts_nth
|
3
|
3
|
8
|
tkts.c
|
|
|
shishi_tkts_default
|
3
|
3
|
9
|
tkts.c
|
|
|
shishi_keys_nth
|
3
|
3
|
8
|
keys.c
|
|
|
shishi_tkts_to_ccache_mem
|
3
|
18
|
33
|
tktccache.c
|
|
|
shishi_kdcrep_add_enc_part
|
3
|
17
|
37
|
kdcrep.c
|
|
|
shishi_kdc_check_nonce
|
3
|
17
|
36
|
kdc.c
|
|
|
arcfour_hmac_string_to_key
|
3
|
17
|
32
|
crypto-rc4.c
|
|
|
shishi_ticket_add_enc_part
|
3
|
17
|
38
|
ticket.c
|
|
|
shishi_apreq_add_authenticator
|
3
|
16
|
36
|
apreq.c
|
|
|
der2asn1
|
3
|
13
|
27
|
asn1.c
|
|
|
_shishi_simplified_checksum
|
3
|
12
|
29
|
crypto.c
|
|
|
shishi_ap_set_tktoptionsasn1usage
|
3
|
12
|
26
|
ap.c
|
|
|
shishi_kdcreq_add_padata_tgs
|
3
|
12
|
24
|
kdcreq.c
|
|
|
shishi_time
|
3
|
12
|
23
|
gztime.c
|
|
|
gss_des_checksum
|
3
|
11
|
24
|
crypto-des.c
|
|
|
shishi_kdcreq_tillc
|
3
|
11
|
19
|
kdcreq.c
|
|
|
shishi_asn1_write_bitstring
|
3
|
11
|
30
|
asn1.c
|
|
|
shishi_ticket
|
3
|
11
|
22
|
ticket.c
|
|
|
shishi_kdc_copy_crealm
|
3
|
11
|
19
|
kdc.c
|
|
|
_shishi_save_data
|
3
|
11
|
19
|
diskio.c
|
|
|
shishi_tkt_endctime
|
3
|
11
|
19
|
tkt.c
|
|
|
shishi_tkt_authctime
|
3
|
11
|
19
|
tkt.c
|
|
|
shishi_tkt_lastreqc
|
3
|
11
|
19
|
tkt.c
|
|
|
shishi_authenticator_add_random_subkey
|
3
|
10
|
19
|
authenticator.c
|
|
|
shishi_ap
|
3
|
10
|
23
|
ap.c
|
|
|
shishi_apreq_options_remove
|
3
|
10
|
19
|
apreq.c
|
|
|
shishi_apreq_options_add
|
3
|
10
|
18
|
apreq.c
|
|
|
shishi_tkt_flags_add
|
3
|
10
|
18
|
tkt.c
|
|
|
shishi_keys_to_keytab_file
|
3
|
10
|
18
|
keytab.c
|
|
|
shishi_arcfour
|
3
|
10
|
25
|
low-crypto.c
|
|
|
shishi_aprep_enc_part_make
|
3
|
10
|
28
|
aprep.c
|
|
|
shishi_keys_print
|
3
|
10
|
17
|
keys.c
|
|
|
shishi_keys_add
|
3
|
10
|
20
|
keys.c
|
|
|
shishi_encticketpart_key_set
|
3
|
10
|
20
|
encticketpart.c
|
|
|
shishi_kdcreq_options_add
|
3
|
10
|
19
|
kdcreq.c
|
|
|
shishi_ap_etype
|
3
|
10
|
25
|
ap.c
|
|
|
shishi_ap_option2string
|
2
|
10
|
26
|
ap.c
|
|
|
shishi_warn
|
2
|
13
|
29
|
error.c
|
|
|
shishi_info
|
2
|
13
|
29
|
error.c
|
|
|
_shishi_realminfo_new
|
2
|
9
|
19
|
cfg.c
|
|
|
shishi_tkt_clientrealm_p
|
2
|
9
|
17
|
tkt.c
|
|
|
des_random_to_key
|
2
|
9
|
20
|
crypto-des.c
|
|
|
shishi_tkt_client_p
|
2
|
9
|
17
|
tkt.c
|
|
|
shishi_crypto_decrypt
|
2
|
9
|
22
|
crypto-ctx.c
|
|
|
shishi_crypto_encrypt
|
2
|
9
|
22
|
crypto-ctx.c
|
|
|
put_uint32
|
2
|
8
|
12
|
ccache.c
|
|
|
shishi_tkt_server_p
|
2
|
8
|
16
|
tkt.c
|
|
|
shishi_asn1_write_int32
|
2
|
8
|
15
|
asn1.c
|
|
|
shishi_asn1_write_uint32
|
2
|
8
|
15
|
asn1.c
|
|
|
shishi_tkts_add_ccache_file
|
2
|
8
|
17
|
tktccache.c
|
|
|
shishi_ap_set_tktoptionsraw
|
2
|
8
|
21
|
ap.c
|
|
|
shishi_tkts_new
|
2
|
8
|
20
|
tkts.c
|
|
|
shishi_keys_add_keytab_file
|
2
|
8
|
17
|
keytab.c
|
|
|
shishi_ap_set_tktoptionsdata
|
2
|
8
|
20
|
ap.c
|
|
|
shishi_ctime
|
2
|
8
|
16
|
gztime.c
|
|
|
put_uint32_swapped
|
2
|
8
|
12
|
ccache.c
|
|
|
shishi_authenticator_add_random_subkey_etype
|
2
|
8
|
18
|
authenticator.c
|
|
|
shishi_asn1_empty_p
|
2
|
7
|
13
|
asn1.c
|
|
|
shishi_kdcreq_etype
|
2
|
7
|
14
|
kdcreq.c
|
|
|
get_uint32_swapped
|
2
|
7
|
12
|
ccache.c
|
|
|
get_uint32
|
2
|
7
|
12
|
ccache.c
|
|
|
asn1_new
|
2
|
7
|
15
|
asn1.c
|
|
|
get_uint16
|
2
|
7
|
11
|
ccache.c
|
|
|
get_uint8
|
2
|
7
|
11
|
ccache.c
|
|
|
shishi_ap_set_tktoptions
|
2
|
7
|
16
|
ap.c
|
|
|
shishi_tkt_decrypt
|
2
|
7
|
14
|
tkt.c
|
|
|
shishi_asn1_msgtype
|
2
|
6
|
13
|
asn1.c
|
|
|
put_uint16
|
2
|
6
|
10
|
ccache.c
|
|
|
shishi_realm_default
|
2
|
6
|
13
|
realm.c
|
|
|
shishi_tkts_default_file
|
2
|
6
|
14
|
tkts.c
|
|
|
shishi_tgs_set_realm
|
2
|
6
|
16
|
tgs.c
|
|
|
shishi_tkts_default_ccache
|
2
|
6
|
14
|
tktccache.c
|
|
|
shishi_tgs_set_server
|
2
|
6
|
16
|
tgs.c
|
|
|
shishi_principal_default
|
2
|
6
|
13
|
principal.c
|
|
|
ccache_pack_credential
|
2
|
6
|
13
|
ccache.c
|
|
|
shishi_key_from_random
|
2
|
6
|
15
|
key.c
|
|
|
shishi_as_rep_der_set
|
2
|
6
|
14
|
as.c
|
|
|
shishi_tkts_default_ccache_guess
|
2
|
6
|
15
|
tktccache.c
|
|
|
ccache_parse_credential
|
2
|
6
|
13
|
ccache.c
|
|
|
shishi_asn1_write
|
2
|
6
|
16
|
asn1.c
|
|
|
shishi_priv_encprivpart_der_set
|
2
|
6
|
14
|
priv.c
|
|
|
shishi_resolv_free
|
2
|
6
|
13
|
resolv.c
|
|
|
_shishi_tls_init
|
2
|
6
|
15
|
starttls.c
|
|
|
shishi_priv_priv_der_set
|
2
|
6
|
14
|
priv.c
|
|
|
shishi_tgs_req_der_set
|
2
|
6
|
14
|
tgs.c
|
|
|
shishi_safe_safe_der_set
|
2
|
6
|
14
|
safe.c
|
|
|
shishi_hmac_sha1
|
2
|
6
|
14
|
low-crypto.c
|
|
|
shishi_as_req_der_set
|
2
|
6
|
14
|
as.c
|
|
|
shishi_hmac_md5
|
2
|
6
|
14
|
low-crypto.c
|
|
|
shishi_md5
|
2
|
6
|
12
|
low-crypto.c
|
|
|
shishi_ap_rep_verify_asn1
|
2
|
6
|
13
|
ap.c
|
|
|
shishi_ap_rep_asn1
|
2
|
6
|
13
|
ap.c
|
|
|
shishi_md4
|
2
|
6
|
12
|
low-crypto.c
|
|
|
shishi_ap_rep_der_set
|
2
|
6
|
14
|
ap.c
|
|
|
xtime
|
2
|
6
|
14
|
utils.c
|
|
|
shishi_tkt_keytype_p
|
2
|
6
|
13
|
tkt.c
|
|
|
shishi_ap_req_asn1
|
2
|
6
|
13
|
ap.c
|
|
|
shishi_tkt_keytype_fast
|
2
|
6
|
13
|
tkt.c
|
|
|
shishi_krberror_errorcode_set
|
2
|
5
|
12
|
krberror.c
|
|
|
shishi_krberror_susec_set
|
2
|
5
|
12
|
krberror.c
|
|
|
shishi_krberror_susec
|
2
|
5
|
12
|
krberror.c
|
|
|
shishi_authenticator_remove_subkey
|
2
|
5
|
12
|
authenticator.c
|
|
|
shishi_ticket_realm_set
|
2
|
5
|
12
|
ticket.c
|
|
|
shishi_krberror_stime_set
|
2
|
5
|
13
|
krberror.c
|
|
|
shishi_krberror_remove_cusec
|
2
|
5
|
11
|
krberror.c
|
|
|
shishi_krberror_cusec_set
|
2
|
5
|
12
|
krberror.c
|
|
|
shishi_krberror_cusec
|
2
|
5
|
12
|
krberror.c
|
|
|
shishi_kdcrep_clear_padata
|
2
|
5
|
11
|
kdcrep.c
|
|
|
put_uint8
|
2
|
5
|
9
|
ccache.c
|
|
|
shishi_krberror_remove_ctime
|
2
|
5
|
11
|
krberror.c
|
|
|
shishi_authenticator_clear_authorizationdata
|
2
|
5
|
13
|
authenticator.c
|
|
|
shishi_krberror_server_set
|
2
|
5
|
12
|
krberror.c
|
|
|
shishi_krberror_set_sname
|
2
|
5
|
14
|
krberror.c
|
|
|
shishi_krberror_server
|
2
|
5
|
13
|
krberror.c
|
|
|
shishi_krberror_set_realm
|
2
|
5
|
12
|
krberror.c
|
|
|
shishi_authenticator_remove_cksum
|
2
|
5
|
13
|
authenticator.c
|
|
|
shishi_apreq_options_set
|
2
|
5
|
12
|
apreq.c
|
|
|
shishi_encprivpart_set_user_data
|
2
|
5
|
14
|
priv.c
|
|
|
shishi_krberror_client_set
|
2
|
5
|
12
|
krberror.c
|
|
|
shishi_kdcreq_set_server
|
2
|
5
|
12
|
kdcreq.c
|
|
|
shishi_encprivpart_user_data
|
2
|
5
|
14
|
priv.c
|
|
|
shishi_krberror_remove_cname
|
2
|
5
|
11
|
krberror.c
|
|
|
shishi_kdcreq_set_sname
|
2
|
5
|
14
|
kdcreq.c
|
|
|
shishi_authenticator_seqnumber_set
|
2
|
5
|
14
|
authenticator.c
|
|
|
shishi_tgs_krberror_der
|
2
|
5
|
11
|
tgs.c
|
|
|
shishi_krberror_set_cname
|
2
|
5
|
14
|
krberror.c
|
|
|
shishi_authenticator_seqnumber_remove
|
2
|
5
|
12
|
authenticator.c
|
|
|
shishi_safe_set_user_data
|
2
|
5
|
14
|
safe.c
|
|
|
shishi_krberror_client
|
2
|
5
|
13
|
krberror.c
|
|
|
shishi_kdcreq_set_realm
|
2
|
5
|
12
|
kdcreq.c
|
|
|
shishi_authenticator_seqnumber_get
|
2
|
5
|
14
|
authenticator.c
|
|
|
shishi_cfg_default_systemfile
|
2
|
5
|
11
|
cfg.c
|
|
|
shishi_safe_user_data
|
2
|
5
|
14
|
safe.c
|
|
|
arcfour_hmac_random_to_key
|
2
|
5
|
15
|
crypto-rc4.c
|
|
|
shishi_as_krberror_der
|
2
|
5
|
11
|
as.c
|
|
|
shishi_krberror_set_crealm
|
2
|
5
|
12
|
krberror.c
|
|
|
shishi_authenticator_cusec_set
|
2
|
5
|
12
|
authenticator.c
|
|
|
shishi_tkts_default_file_guess
|
2
|
5
|
11
|
tkts.c
|
|
|
shishi_encapreppart_seqnumber_set
|
2
|
5
|
14
|
encapreppart.c
|
|
|
shishi_krberror_remove_crealm
|
2
|
5
|
11
|
krberror.c
|
|
|
shishi_authenticator_cusec_get
|
2
|
5
|
12
|
authenticator.c
|
|
|
shishi_encapreppart_seqnumber_remove
|
2
|
5
|
12
|
encapreppart.c
|
|
|
shishi_authenticator_ctime_set
|
2
|
5
|
13
|
authenticator.c
|
|
|
shishi_encapreppart_seqnumber_get
|
2
|
5
|
14
|
encapreppart.c
|
|
|
shishi_as_rep_der
|
2
|
5
|
11
|
as.c
|
|
|
shishi_kdcreq_set_cname
|
2
|
5
|
13
|
kdcreq.c
|
|
|
shishi_encapreppart_cusec_set
|
2
|
5
|
12
|
encapreppart.c
|
|
|
shishi_authenticator_client_set
|
2
|
5
|
13
|
authenticator.c
|
|
|
shishi_tgs_rep_der
|
2
|
5
|
11
|
tgs.c
|
|
|
shishi_encapreppart_cusec_get
|
2
|
5
|
12
|
encapreppart.c
|
|
|
shishi_kdcreq_nonce_set
|
2
|
5
|
11
|
kdcreq.c
|
|
|
shishi_authenticator_set_cname
|
2
|
5
|
15
|
authenticator.c
|
|
|
shishi_kdcreq_nonce
|
2
|
5
|
11
|
kdcreq.c
|
|
|
shishi_encapreppart_ctime_set
|
2
|
5
|
13
|
encapreppart.c
|
|
|
shishi_kdcrep_client_set
|
2
|
5
|
12
|
kdcrep.c
|
|
|
shishi_authenticator_set_crealm
|
2
|
5
|
13
|
authenticator.c
|
|
|
shishi_enckdcreppart_srealm_set
|
2
|
5
|
13
|
enckdcreppart.c
|
|
|
shishi_kdcrep_cname_set
|
2
|
5
|
13
|
kdcrep.c
|
|
|
shishi_encticketpart_endtime_set
|
2
|
5
|
14
|
encticketpart.c
|
|
|
shishi_priv_encprivpart_der
|
2
|
5
|
11
|
priv.c
|
|
|
shishi_kdcrep_crealm_set
|
2
|
5
|
12
|
kdcrep.c
|
|
|
shishi_encticketpart_authtime_set
|
2
|
5
|
14
|
encticketpart.c
|
|
|
shishi_enckdcreppart_endtime_set
|
2
|
5
|
14
|
enckdcreppart.c
|
|
|
shishi_realm_for_server
|
2
|
5
|
11
|
realm.c
|
|
|
shishi_priv_priv_der
|
2
|
5
|
11
|
priv.c
|
|
|
shishi_tgs_req_der
|
2
|
5
|
11
|
tgs.c
|
|
|
shishi_enckdcreppart_authtime_set
|
2
|
5
|
14
|
enckdcreppart.c
|
|
|
shishi_safe_safe_der
|
2
|
5
|
11
|
safe.c
|
|
|
shishi_encticketpart_crealm_set
|
2
|
5
|
12
|
encticketpart.c
|
|
|
shishi_enckdcreppart_flags_set
|
2
|
5
|
12
|
enckdcreppart.c
|
|
|
shishi_as_req_der
|
2
|
5
|
11
|
as.c
|
|
|
shishi_tkt_build
|
2
|
5
|
12
|
tkt.c
|
|
|
shishi_enckdcreppart_nonce_set
|
2
|
5
|
12
|
enckdcreppart.c
|
|
|
shishi_encticketpart_flags_set
|
2
|
5
|
12
|
encticketpart.c
|
|
|
shishi_xalloc_die
|
2
|
5
|
9
|
utils.c
|
|
|
shishi_as_req_build
|
2
|
5
|
11
|
as.c
|
|
|
shishi_keys_remove
|
2
|
5
|
13
|
keys.c
|
|
|
shishi_krberror_remove_edata
|
2
|
5
|
11
|
krberror.c
|
|
|
shishi_krberror_set_edata
|
2
|
5
|
12
|
krberror.c
|
|
|
shishi_kdcreq_clear_padata
|
2
|
5
|
11
|
kdcreq.c
|
|
|
shishi_kdcreq_options_set
|
2
|
5
|
13
|
kdcreq.c
|
|
|
shishi_krberror_remove_etext
|
2
|
5
|
11
|
krberror.c
|
|
|
shishi_ap_key
|
2
|
5
|
15
|
ap.c
|
|
|
shishi_authenticator_add_subkey
|
2
|
5
|
16
|
authenticator.c
|
|
|
shishi_krberror_set_etext
|
2
|
5
|
12
|
krberror.c
|
|
|
shishi_key_realm_set
|
2
|
4
|
9
|
key.c
|
|
|
shishi_krberror_errorcode_fast
|
2
|
4
|
10
|
krberror.c
|
|
|
shishi_tkts_default_file_set
|
2
|
4
|
9
|
tkts.c
|
|
|
shishi_realm_default_set
|
2
|
4
|
9
|
realm.c
|
|
|
shishi_tkts_default_ccache_set
|
2
|
4
|
9
|
tktccache.c
|
|
|
shishi_principal_default_set
|
2
|
4
|
9
|
principal.c
|
|
|
shishi_ap_req_der_set
|
2
|
4
|
10
|
ap.c
|
|
|
shishi_key_principal_set
|
2
|
4
|
9
|
key.c
|
|
|
shishi_hostkeys_default_file_set
|
2
|
4
|
9
|
hostkeys.c
|
|
|
shishi_x509ca_default_file_set
|
2
|
4
|
9
|
pki.c
|
|
|
sendrecv_srv
|
2
|
4
|
12
|
netio.c
|
|
|
_shishi_crypto_init
|
2
|
4
|
10
|
low-crypto.c
|
|
|
aes256_random_to_key
|
2
|
4
|
11
|
crypto-aes.c
|
|
|
shishi_x509key_default_file_set
|
2
|
4
|
9
|
pki.c
|
|
|
aes128_random_to_key
|
2
|
4
|
11
|
crypto-aes.c
|
|
|
shishi_x509cert_default_file_set
|
2
|
4
|
9
|
pki.c
|
|
|
shishi_x509ca_default_file
|
2
|
3
|
8
|
pki.c
|
|
|
shishi_ap_req_set
|
2
|
3
|
7
|
ap.c
|
|
|
shishi_ap_authenticator_set
|
2
|
3
|
7
|
ap.c
|
|
|
shishi_cfg_clientkdcetype_fast
|
2
|
3
|
8
|
cfg.c
|
|
|
shishi_cfg_default_userfile
|
2
|
3
|
9
|
cfg.c
|
|
|
shishi_tgs_krberror_set
|
2
|
3
|
7
|
tgs.c
|
|
|
shishi_as_krberror_set
|
2
|
3
|
7
|
as.c
|
|
|
shishi_authorize_strcmp
|
2
|
3
|
9
|
authorize.c
|
|
|
shishi_as_rep_set
|
2
|
3
|
7
|
as.c
|
|
|
md5_checksum
|
2
|
3
|
11
|
crypto-md.c
|
|
|
gcd
|
2
|
3
|
8
|
crypto.c
|
|
|
md4_checksum
|
2
|
3
|
11
|
crypto-md.c
|
|
|
shishi_priv_encprivpart_set
|
2
|
3
|
7
|
priv.c
|
|
|
shishi_tkt_encticketpart_set
|
2
|
3
|
7
|
tkt.c
|
|
|
shishi_tkt_enckdcreppart_set
|
2
|
3
|
7
|
tkt.c
|
|
|
shishi_x509key_default_file
|
2
|
3
|
8
|
pki.c
|
|
|
shishi_tkt_ticket_set
|
2
|
3
|
7
|
tkt.c
|
|
|
shishi_error
|
2
|
3
|
8
|
error.c
|
|
|
shishi_priv_priv_set
|
2
|
3
|
7
|
priv.c
|
|
|
shishi_tgs_req_set
|
2
|
3
|
7
|
tgs.c
|
|
|
shishi_safe_safe_set
|
2
|
3
|
7
|
safe.c
|
|
|
shishi_as_req_set
|
2
|
3
|
7
|
as.c
|
|
|
shishi_tkt_done
|
2
|
3
|
7
|
tkt.c
|
|
|
shishi_x509cert_default_file
|
2
|
3
|
8
|
pki.c
|
|
|
shishi_ap_encapreppart_set
|
2
|
3
|
7
|
ap.c
|
|
|
shishi_ap_rep_set
|
2
|
3
|
7
|
ap.c
|
|
|
ccache_print_credential
|
2
|
24
|
26
|
ccache.c
|
|
|
shishi_tkts_size
|
2
|
2
|
5
|
tkts.c
|
|
|
srv_rr
|
2
|
17
|
27
|
resolv.c
|
|
|
shishi_crypto
|
2
|
12
|
25
|
crypto-ctx.c
|
|
|
shishi_encticketpart_authctime
|
2
|
11
|
20
|
encticketpart.c
|
|
|
armor_asn1
|
2
|
10
|
19
|
diskio.c
|
|
|
ccache_print_principal
|
2
|
10
|
17
|
ccache.c
|
|
|
shishi_error_printf
|
2
|
10
|
18
|
error.c
|
|
|
shishi_der2asn1
|
2
|
23
|
56
|
asn1.c
|
|
|
shishi_keys_for_localservicerealm_in_file
|
1
|
9
|
21
|
keys.c
|
|
|
shishi_tkts_get_for_localservicepasswd
|
1
|
9
|
19
|
tkts.c
|
|
|
shishi_generalize_ctime
|
1
|
8
|
18
|
gztime.c
|
|
|
shishi_crc
|
1
|
7
|
13
|
low-crypto.c
|
|
|
shishi_tkts_find_for_clientserver
|
1
|
7
|
15
|
tkts.c
|
|
|
txt_rr
|
1
|
7
|
13
|
resolv.c
|
|
|
shishi_ap_done
|
1
|
7
|
11
|
ap.c
|
|
|
shishi_tkts_get_for_clientserver
|
1
|
7
|
15
|
tkts.c
|
|
|
shishi_tkt2
|
1
|
7
|
16
|
tkt.c
|
|
|
shishi_server_for_local_service
|
1
|
6
|
14
|
principal.c
|
|
|
shishi_key_copy
|
1
|
6
|
10
|
key.c
|
|
|
shishi_tgs_done
|
1
|
6
|
10
|
tgs.c
|
|
|
shishi_as_done
|
1
|
5
|
9
|
as.c
|
|
|
shishi_keys
|
1
|
5
|
11
|
keys.c
|
|
|
_shishi_print_armored_data
|
1
|
5
|
16
|
diskio.c
|
|
|
ccache_print
|
1
|
4
|
8
|
ccache.c
|
|
|
shishi_generalize_time
|
1
|
4
|
11
|
gztime.c
|
|
|
shishi_key
|
1
|
4
|
10
|
key.c
|
|
|
shishi_priv_done
|
1
|
4
|
8
|
priv.c
|
|
|
shishi_kdcreq_renew_p
|
1
|
3
|
9
|
kdcreq.c
|
|
|
shishi_tkt_ok_as_delegate_p
|
1
|
3
|
9
|
tkt.c
|
|
|
shishi_kdcreq_enc_tkt_in_skey_p
|
1
|
3
|
9
|
kdcreq.c
|
|
|
shishi_tkt_transited_policy_checked_p
|
1
|
3
|
9
|
tkt.c
|
|
|
shishi_kdcreq_renewable_ok_p
|
1
|
3
|
9
|
kdcreq.c
|
|
|
shishi_kdcreq_disable_transited_check_p
|
1
|
3
|
9
|
kdcreq.c
|
|
|
shishi_tkt_hw_authent_p
|
1
|
3
|
9
|
tkt.c
|
|
|
shishi_kdcreq_renewable_p
|
1
|
3
|
9
|
kdcreq.c
|
|
|
shishi_tkt_pre_authent_p
|
1
|
3
|
9
|
tkt.c
|
|
|
shishi_kdcreq_postdated_p
|
1
|
3
|
9
|
kdcreq.c
|
|
|
shishi_tkt_initial_p
|
1
|
3
|
9
|
tkt.c
|
|
|
shishi_kdcreq_allow_postdate_p
|
1
|
3
|
9
|
kdcreq.c
|
|
|
shishi_tkt_renewable_p
|
1
|
3
|
9
|
tkt.c
|
|
|
shishi_kdcreq_proxy_p
|
1
|
3
|
9
|
kdcreq.c
|
|
|
shishi_tkt_invalid_p
|
1
|
3
|
9
|
tkt.c
|
|
|
shishi_kdcreq_proxiable_p
|
1
|
3
|
9
|
kdcreq.c
|
|
|
shishi_tkt_postdated_p
|
1
|
3
|
9
|
tkt.c
|
|
|
shishi_kdcreq_forwarded_p
|
1
|
3
|
9
|
kdcreq.c
|
|
|
shishi_tkt_may_postdate_p
|
1
|
3
|
9
|
tkt.c
|
|
|
shishi_kdcreq_forwardable_p
|
1
|
3
|
9
|
kdcreq.c
|
|
|
shishi_tkt_proxy_p
|
1
|
3
|
9
|
tkt.c
|
|
|
shishi_tkt_proxiable_p
|
1
|
3
|
9
|
tkt.c
|
|
|
shishi_tkt_forwarded_p
|
1
|
3
|
9
|
tkt.c
|
|
|
shishi_tkt_forwardable_p
|
1
|
3
|
9
|
tkt.c
|
|
|
shishi_ap_authenticator_cksumraw_set
|
1
|
3
|
11
|
ap.c
|
|
|
shishi_apreq_mutual_required_p
|
1
|
3
|
9
|
apreq.c
|
|
|
shishi_apreq_use_session_key_p
|
1
|
3
|
9
|
apreq.c
|
|
|
shishi_cfg_userdirectory_file
|
1
|
3
|
9
|
cfg.c
|
|
|
shishi_key_done
|
1
|
3
|
7
|
key.c
|
|
|
shishi_ticket_get_enc_part_etype
|
1
|
3
|
10
|
ticket.c
|
|
|
shishi_crypto_close
|
1
|
3
|
7
|
crypto-ctx.c
|
|
|
shishi_tkts
|
1
|
3
|
9
|
tkts.c
|
|
|
shishi_tkt_expired_p
|
1
|
3
|
8
|
tkt.c
|
|
|
shishi_safe_done
|
1
|
3
|
7
|
safe.c
|
|
|
shishi_kdcreq_validate_p
|
1
|
3
|
9
|
kdcreq.c
|
|
|
shishi_ap_authenticator_cksumdata_set
|
1
|
2
|
9
|
ap.c
|
|
|
shishi_generalize_now
|
1
|
2
|
7
|
gztime.c
|
|
|
shishi_cfg_clientkdcetype
|
1
|
2
|
6
|
cfg.c
|
|
|
simplified_hmac
|
1
|
2
|
11
|
crypto.c
|
|
|
shishi_der2asn1_padata
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_tkt_keytype
|
1
|
1
|
6
|
tkt.c
|
|
|
shishi_x509cert_default_file_guess
|
1
|
1
|
5
|
pki.c
|
|
|
shishi_tgsrep
|
1
|
1
|
5
|
kdcrep.c
|
|
|
shishi_krberror_errorcode
|
1
|
1
|
6
|
krberror.c
|
|
|
shishi_krberror_print
|
1
|
1
|
5
|
krberror.c
|
|
|
shishi_keys_size
|
1
|
1
|
5
|
keys.c
|
|
|
shishi_krberror_stime
|
1
|
1
|
5
|
krberror.c
|
|
|
shishi_asn1_to_der
|
1
|
1
|
6
|
asn1.c
|
|
|
shishi_key_realm
|
1
|
1
|
5
|
key.c
|
|
|
des_md5_verify
|
1
|
1
|
11
|
crypto-des.c
|
|
|
shishi_asrep
|
1
|
1
|
5
|
kdcrep.c
|
|
|
des_md4_verify
|
1
|
1
|
11
|
crypto-des.c
|
|
|
shishi_hostkeys_for_server
|
1
|
1
|
7
|
hostkeys.c
|
|
|
shishi_tkts_find_for_server
|
1
|
1
|
6
|
tkts.c
|
|
|
shishi_asn1_encprivpart
|
1
|
1
|
5
|
asn1.c
|
|
|
null_string_to_key
|
1
|
1
|
8
|
crypto-null.c
|
|
|
shishi_asn1_priv
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_krberror_ctime
|
1
|
1
|
5
|
krberror.c
|
|
|
shishi_asn1_krbsafe
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_kdcreq_options
|
1
|
1
|
6
|
kdcreq.c
|
|
|
shishi_ap_req
|
1
|
1
|
5
|
ap.c
|
|
|
shishi_ticket_realm_get
|
1
|
1
|
6
|
ticket.c
|
|
|
shishi_asn1_krberror
|
1
|
1
|
5
|
asn1.c
|
|
|
des_md5_checksum
|
1
|
1
|
10
|
crypto-des.c
|
|
|
shishi_authenticator_add_cksum
|
1
|
1
|
12
|
authenticator.c
|
|
|
shishi_prompt_password_callback_get
|
1
|
1
|
5
|
password.c
|
|
|
des_md4_checksum
|
1
|
1
|
10
|
crypto-des.c
|
|
|
shishi_asn1_encasreppart
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_ap_authenticator
|
1
|
1
|
5
|
ap.c
|
|
|
des_crc_checksum
|
1
|
1
|
10
|
crypto-des.c
|
|
|
shishi_asn1_enckdcreppart
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_apreq_get_authenticator_etype
|
1
|
1
|
6
|
apreq.c
|
|
|
null_random_to_key
|
1
|
1
|
6
|
crypto-null.c
|
|
|
aes256_decrypt
|
1
|
1
|
11
|
crypto-aes.c
|
|
|
shishi_ap_authenticator_cksumtype_set
|
1
|
1
|
5
|
ap.c
|
|
|
shishi_asn1_authenticator
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_ap_authenticator_cksumtype
|
1
|
1
|
5
|
ap.c
|
|
|
shishi_asn1_encticketpart
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_asn1_ticket
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_tgs_sendrecv
|
1
|
1
|
5
|
tgs.c
|
|
|
shishi_asn1_encapreppart
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_asn1_aprep
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_kdcreq_till
|
1
|
1
|
6
|
kdcreq.c
|
|
|
shishi_asn1_apreq
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_tkts_print
|
1
|
1
|
5
|
tkts.c
|
|
|
shishi_authenticator_clientrealm
|
1
|
1
|
10
|
authenticator.c
|
|
|
shishi_krberror_realm
|
1
|
1
|
6
|
krberror.c
|
|
|
shishi_as_sendrecv
|
1
|
1
|
5
|
as.c
|
|
|
shishi_asn1_tgsrep
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_tgs_tkt_set
|
1
|
1
|
5
|
tgs.c
|
|
|
shishi_asn1_tgsreq
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_ap_tkt_set
|
1
|
1
|
5
|
ap.c
|
|
|
shishi_authenticator_client
|
1
|
1
|
8
|
authenticator.c
|
|
|
shishi_tkt_flags
|
1
|
1
|
6
|
tkt.c
|
|
|
aes256_encrypt
|
1
|
1
|
11
|
crypto-aes.c
|
|
|
shishi_tgs_tkt
|
1
|
1
|
5
|
tgs.c
|
|
|
shishi_ap_tkt
|
1
|
1
|
5
|
ap.c
|
|
|
shishi_asn1_asrep
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_asn1_asreq
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_apreq_options
|
1
|
1
|
5
|
apreq.c
|
|
|
shishi_prompt_password_callback_set
|
1
|
1
|
6
|
password.c
|
|
|
shishi_asn1_etype_info2
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_kdcreq_server
|
1
|
1
|
7
|
kdcreq.c
|
|
|
shishi_tkt_server
|
1
|
1
|
5
|
tkt.c
|
|
|
shishi_as_tkt_set
|
1
|
1
|
5
|
as.c
|
|
|
shishi_asn1_etype_info
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_as_tkt
|
1
|
1
|
5
|
as.c
|
|
|
shishi_tgs_krberror
|
1
|
1
|
5
|
tgs.c
|
|
|
shishi_priv_enc_part_etype
|
1
|
1
|
6
|
priv.c
|
|
|
shishi_tkt_realm
|
1
|
1
|
5
|
tkt.c
|
|
|
shishi_asn1_methoddata
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_aes_cts
|
1
|
1
|
10
|
low-crypto.c
|
|
|
shishi_key_principal
|
1
|
1
|
5
|
key.c
|
|
|
shishi_asn1_padata
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_kdcreq_realm_get
|
1
|
1
|
7
|
kdcreq.c
|
|
|
shishi_asn1_encrypteddata
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_kdcreq_realm
|
1
|
1
|
7
|
kdcreq.c
|
|
|
shishi_3des
|
1
|
1
|
10
|
low-crypto.c
|
|
|
_shishi_tls_done
|
1
|
1
|
7
|
starttls.c
|
|
|
shishi_asn1_pa_enc_ts_enc
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_as_krberror
|
1
|
1
|
5
|
as.c
|
|
|
shishi_tkt_clientrealm
|
1
|
1
|
8
|
tkt.c
|
|
|
_des3_decrypt
|
1
|
1
|
12
|
crypto-3des.c
|
|
|
shishi_kdc_sendrecv
|
1
|
1
|
8
|
netio.c
|
|
|
shishi_asreq_clientrealm
|
1
|
1
|
10
|
kdcreq.c
|
|
|
shishi_priv_read
|
1
|
1
|
5
|
priv.c
|
|
|
aes128_decrypt
|
1
|
1
|
11
|
crypto-aes.c
|
|
|
shishi_des
|
1
|
1
|
9
|
low-crypto.c
|
|
|
shishi_krberror_crealm
|
1
|
1
|
6
|
krberror.c
|
|
|
shishi_priv_parse
|
1
|
1
|
5
|
priv.c
|
|
|
_shishi_quick_random
|
1
|
1
|
5
|
low-crypto.c
|
|
|
shishi_kdcreq_client
|
1
|
1
|
7
|
kdcreq.c
|
|
|
shishi_enckdcreppart_read
|
1
|
1
|
6
|
diskio.c
|
|
|
lcm
|
1
|
1
|
5
|
crypto.c
|
|
|
shishi_enckdcreppart_parse
|
1
|
1
|
6
|
diskio.c
|
|
|
shishi_tkt_client
|
1
|
1
|
6
|
tkt.c
|
|
|
shishi_authenticator_ctime
|
1
|
1
|
6
|
authenticator.c
|
|
|
shishi_x509ca_default_file_guess
|
1
|
1
|
5
|
pki.c
|
|
|
shishi_encticketpart_clientrealm
|
1
|
1
|
10
|
encticketpart.c
|
|
|
arcfour_hmac_exp_decrypt
|
1
|
1
|
13
|
crypto-rc4.c
|
|
|
shishi_aprep_get_enc_part_etype
|
1
|
1
|
6
|
aprep.c
|
|
|
shishi_asn1_write_integer
|
1
|
1
|
6
|
asn1.c
|
|
|
shishi_kdcrep_get_enc_part_etype
|
1
|
1
|
6
|
kdcrep.c
|
|
|
des_none_decrypt
|
1
|
1
|
12
|
crypto-des.c
|
|
|
arcfour_hmac_exp_encrypt
|
1
|
1
|
14
|
crypto-rc4.c
|
|
|
shishi_keys_for_server_in_file
|
1
|
1
|
6
|
keys.c
|
|
|
shishi_encticketpart_client
|
1
|
1
|
8
|
encticketpart.c
|
|
|
shishi_priv_save
|
1
|
1
|
5
|
priv.c
|
|
|
des_md5_decrypt
|
1
|
1
|
13
|
crypto-des.c
|
|
|
shishi_tgs_rep
|
1
|
1
|
5
|
tgs.c
|
|
|
shishi_safe_read
|
1
|
1
|
5
|
safe.c
|
|
|
des_md4_decrypt
|
1
|
1
|
13
|
crypto-des.c
|
|
|
shishi_priv_print
|
1
|
1
|
5
|
priv.c
|
|
|
shishi_ticket_read
|
1
|
1
|
5
|
diskio.c
|
|
|
shishi_safe_parse
|
1
|
1
|
5
|
safe.c
|
|
|
shishi_ticket_parse
|
1
|
1
|
5
|
diskio.c
|
|
|
des_crc_decrypt
|
1
|
1
|
14
|
crypto-des.c
|
|
|
shishi_encapreppart_ctime
|
1
|
1
|
6
|
encapreppart.c
|
|
|
shishi_encticketpart_authtime
|
1
|
1
|
8
|
encticketpart.c
|
|
|
_des3_encrypt
|
1
|
1
|
12
|
crypto-3des.c
|
|
|
aes128_encrypt
|
1
|
1
|
11
|
crypto-aes.c
|
|
|
shishi_error_set_outputtype
|
1
|
1
|
5
|
error.c
|
|
|
shishi_error_outputtype
|
1
|
1
|
5
|
error.c
|
|
|
shishi_kdcreq_read
|
1
|
1
|
5
|
kdcreq.c
|
|
|
shishi_asn1_read_integer
|
1
|
1
|
6
|
asn1.c
|
|
|
des3_checksum
|
1
|
1
|
10
|
crypto-3des.c
|
|
|
shishi_resolv
|
1
|
1
|
5
|
resolv.c
|
|
|
shishi_asn1_read_uint32
|
1
|
1
|
6
|
asn1.c
|
|
|
shishi_apreq_read
|
1
|
1
|
5
|
apreq.c
|
|
|
shishi_kdcreq_parse
|
1
|
1
|
5
|
kdcreq.c
|
|
|
shishi_safe_save
|
1
|
1
|
5
|
safe.c
|
|
|
shishi_authenticator_read
|
1
|
1
|
6
|
authenticator.c
|
|
|
shishi_priv_encprivpart
|
1
|
1
|
5
|
priv.c
|
|
|
shishi_key_length
|
1
|
1
|
5
|
key.c
|
|
|
shishi_tkt_encticketpart
|
1
|
1
|
5
|
tkt.c
|
|
|
shishi_apreq_parse
|
1
|
1
|
5
|
apreq.c
|
|
|
shishi_safe_print
|
1
|
1
|
5
|
safe.c
|
|
|
shishi_key_name
|
1
|
1
|
5
|
key.c
|
|
|
shishi_tkt_kdcrep
|
1
|
1
|
5
|
tkt.c
|
|
|
shishi_authenticator_parse
|
1
|
1
|
6
|
authenticator.c
|
|
|
des_none_encrypt
|
1
|
1
|
12
|
crypto-des.c
|
|
|
shishi_key_timestamp_set
|
1
|
1
|
5
|
key.c
|
|
|
shishi_as_rep
|
1
|
1
|
5
|
as.c
|
|
|
des_md5_encrypt
|
1
|
1
|
13
|
crypto-des.c
|
|
|
shishi_encapreppart_read
|
1
|
1
|
6
|
encapreppart.c
|
|
|
shishi_kdcrep_read
|
1
|
1
|
5
|
kdcrep.c
|
|
|
shishi_error_clear
|
1
|
1
|
5
|
error.c
|
|
|
shishi_key_timestamp
|
1
|
1
|
5
|
key.c
|
|
|
shishi_tkt_enckdcreppart
|
1
|
1
|
5
|
tkt.c
|
|
|
shishi_encticketpart_print
|
1
|
1
|
7
|
diskio.c
|
|
|
aes256_checksum
|
1
|
1
|
10
|
crypto-aes.c
|
|
|
shishi_aprep_read
|
1
|
1
|
5
|
aprep.c
|
|
|
shishi_ticket_print
|
1
|
1
|
5
|
diskio.c
|
|
|
des_md4_encrypt
|
1
|
1
|
13
|
crypto-des.c
|
|
|
shishi_kdcreq_save
|
1
|
1
|
5
|
kdcreq.c
|
|
|
shishi_ticket_save
|
1
|
1
|
5
|
diskio.c
|
|
|
shishi_kdcrep_parse
|
1
|
1
|
5
|
kdcrep.c
|
|
|
shishi_encapreppart_parse
|
1
|
1
|
6
|
encapreppart.c
|
|
|
aes128_checksum
|
1
|
1
|
10
|
crypto-aes.c
|
|
|
shishi_krberror_read
|
1
|
1
|
5
|
krberror.c
|
|
|
shishi_key_version_set
|
1
|
1
|
5
|
key.c
|
|
|
shishi_kdcreq_sendrecv
|
1
|
1
|
6
|
kdc.c
|
|
|
shishi_enckdcreppart_save
|
1
|
1
|
6
|
diskio.c
|
|
|
shishi_aprep_parse
|
1
|
1
|
5
|
aprep.c
|
|
|
des_crc_encrypt
|
1
|
1
|
13
|
crypto-des.c
|
|
|
shishi_apreq_save
|
1
|
1
|
5
|
apreq.c
|
|
|
shishi_kdcreq_print
|
1
|
1
|
5
|
kdcreq.c
|
|
|
shishi_enckdcreppart_print
|
1
|
1
|
7
|
diskio.c
|
|
|
shishi_tkt_ticket
|
1
|
1
|
5
|
tkt.c
|
|
|
shishi_key_version
|
1
|
1
|
5
|
key.c
|
|
|
shishi_decrypt
|
1
|
1
|
11
|
crypto.c
|
|
|
shishi_krberror_parse
|
1
|
1
|
5
|
krberror.c
|
|
|
shishi_etype_info2_print
|
1
|
1
|
6
|
diskio.c
|
|
|
shishi_priv_priv
|
1
|
1
|
5
|
priv.c
|
|
|
shishi_decrypt_iv
|
1
|
1
|
12
|
crypto.c
|
|
|
shishi_tgs_req
|
1
|
1
|
5
|
tgs.c
|
|
|
shishi_authenticator_save
|
1
|
1
|
6
|
authenticator.c
|
|
|
shishi_apreq_print
|
1
|
1
|
5
|
apreq.c
|
|
|
shishi_decrypt_ivupdate
|
1
|
1
|
14
|
crypto.c
|
|
|
shishi_etype_info_print
|
1
|
1
|
6
|
diskio.c
|
|
|
shishi_tgsreq
|
1
|
1
|
5
|
kdcreq.c
|
|
|
shishi_encticketpart_crealm
|
1
|
1
|
8
|
encticketpart.c
|
|
|
shishi_decrypt_etype
|
1
|
1
|
12
|
crypto.c
|
|
|
shishi_safe_safe
|
1
|
1
|
5
|
safe.c
|
|
|
shishi_methoddata_print
|
1
|
1
|
6
|
diskio.c
|
|
|
shishi_decrypt_iv_etype
|
1
|
1
|
13
|
crypto.c
|
|
|
shishi_priv_key_set
|
1
|
1
|
5
|
priv.c
|
|
|
aes256_string_to_key
|
1
|
1
|
11
|
crypto-aes.c
|
|
|
shishi_tgs_ap
|
1
|
1
|
5
|
tgs.c
|
|
|
shishi_x509key_default_file_guess
|
1
|
1
|
5
|
pki.c
|
|
|
shishi_padata_print
|
1
|
1
|
5
|
diskio.c
|
|
|
shishi_authenticator_print
|
1
|
1
|
7
|
authenticator.c
|
|
|
shishi_asreq
|
1
|
1
|
5
|
kdcreq.c
|
|
|
shishi_safe_key_set
|
1
|
1
|
5
|
safe.c
|
|
|
shishi_priv_key
|
1
|
1
|
5
|
priv.c
|
|
|
aes128_string_to_key
|
1
|
1
|
11
|
crypto-aes.c
|
|
|
shishi_encrypt
|
1
|
1
|
11
|
crypto.c
|
|
|
shishi_key_value
|
1
|
1
|
5
|
key.c
|
|
|
shishi_krberror_message
|
1
|
1
|
6
|
krberror.c
|
|
|
shishi_hostkeys_for_localservice
|
1
|
1
|
5
|
hostkeys.c
|
|
|
shishi_tkts_get_for_server
|
1
|
1
|
6
|
tkts.c
|
|
|
shishi_encrypt_iv
|
1
|
1
|
12
|
crypto.c
|
|
|
shishi_asn1_print
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_tgs_tgtkt_set
|
1
|
1
|
5
|
tgs.c
|
|
|
shishi_server
|
1
|
1
|
5
|
init.c
|
|
|
shishi_encrypt_ivupdate
|
1
|
1
|
14
|
crypto.c
|
|
|
shishi_der2asn1_encapreppart
|
1
|
1
|
6
|
asn1.c
|
|
|
shishi_safe_key
|
1
|
1
|
5
|
safe.c
|
|
|
shishi_der2asn1_aprep
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_encrypt_etype
|
1
|
1
|
13
|
crypto.c
|
|
|
shishi_der2asn1_apreq
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_ap_encapreppart
|
1
|
1
|
5
|
ap.c
|
|
|
shishi_tkt_valid_now_p
|
1
|
1
|
5
|
tkt.c
|
|
|
shishi_der2asn1_encprivpart
|
1
|
1
|
6
|
asn1.c
|
|
|
shishi_key_type_set
|
1
|
1
|
5
|
key.c
|
|
|
shishi_kdcrep_save
|
1
|
1
|
5
|
kdcrep.c
|
|
|
shishi_der2asn1_priv
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_encrypt_iv_etype
|
1
|
1
|
13
|
crypto.c
|
|
|
shishi_encapreppart_save
|
1
|
1
|
6
|
encapreppart.c
|
|
|
shishi_tgs_tgtkt
|
1
|
1
|
5
|
tgs.c
|
|
|
shishi_der2asn1_krbsafe
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_der2asn1_krberror
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_tkt_renew_till
|
1
|
1
|
7
|
tkt.c
|
|
|
shishi_hostkeys_for_localservicerealm
|
1
|
1
|
7
|
hostkeys.c
|
|
|
shishi_der2asn1_authenticator
|
1
|
1
|
7
|
asn1.c
|
|
|
shishi_aprep_save
|
1
|
1
|
5
|
aprep.c
|
|
|
shishi_der2asn1_enckdcreppart
|
1
|
1
|
7
|
asn1.c
|
|
|
shishi
|
1
|
1
|
5
|
init.c
|
|
|
shishi_as_req
|
1
|
1
|
5
|
as.c
|
|
|
shishi_tkts_default_to_file
|
1
|
1
|
5
|
tkts.c
|
|
|
shishi_tkt_endtime
|
1
|
1
|
6
|
tkt.c
|
|
|
shishi_der2asn1_enctgsreppart
|
1
|
1
|
7
|
asn1.c
|
|
|
shishi_der2asn1_encasreppart
|
1
|
1
|
6
|
asn1.c
|
|
|
shishi_ticket_server
|
1
|
1
|
6
|
ticket.c
|
|
|
shishi_der2asn1_kdcrep
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_key_type
|
1
|
1
|
5
|
key.c
|
|
|
shishi_tkt_starttime
|
1
|
1
|
7
|
tkt.c
|
|
|
shishi_der2asn1_tgsrep
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_kdcrep_print
|
1
|
1
|
5
|
kdcrep.c
|
|
|
shishi_der2asn1_asrep
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_tkt_authtime
|
1
|
1
|
6
|
tkt.c
|
|
|
des3none_decrypt
|
1
|
1
|
11
|
crypto-3des.c
|
|
|
shishi_der2asn1_tgsreq
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_krberror_save
|
1
|
1
|
5
|
krberror.c
|
|
|
shishi_der2asn1_asreq
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_encapreppart_print
|
1
|
1
|
7
|
encapreppart.c
|
|
|
shishi_der2asn1_encticketpart
|
1
|
1
|
7
|
asn1.c
|
|
|
shishi_krberror_edata
|
1
|
1
|
6
|
krberror.c
|
|
|
shishi_ap_rep
|
1
|
1
|
5
|
ap.c
|
|
|
shishi_der2asn1_ticket
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_aprep_print
|
1
|
1
|
5
|
aprep.c
|
|
|
shishi_der2asn1_etype_info2
|
1
|
1
|
6
|
asn1.c
|
|
|
shishi_der2asn1_etype_info
|
1
|
1
|
5
|
asn1.c
|
|
|
shishi_der2asn1_methoddata
|
1
|
1
|
6
|
asn1.c
|
|
|
shishi_hostkeys_for_serverrealm
|
1
|
1
|
7
|
hostkeys.c
|
|
|
shishi_krberror_etext
|
1
|
1
|
6
|
krberror.c
|
|
|
shishi_ap_req_process
|
1
|
1
|
6
|
ap.c
|
|
|
des3none_encrypt
|
1
|
1
|
11
|
crypto-3des.c
|