Next: KRB-ERROR Functions, Previous: AS/TGS Functions, Up: Programming Manual
An “Authenticator” is an ASN.1 structure that work as a proof that an entity owns a ticket. It is usually embedded in the AP-REQ structure (see AP-REQ and AP-REP Functions), and you most likely want to use an AP-REQ instead of a Authenticator in normal applications. The following illustrates the Authenticator ASN.1 structure.
Authenticator ::= [APPLICATION 2] SEQUENCE { authenticator-vno [0] INTEGER (5), crealm [1] Realm, cname [2] PrincipalName, cksum [3] Checksum OPTIONAL, cusec [4] Microseconds, ctime [5] KerberosTime, subkey [6] EncryptionKey OPTIONAL, seq-number [7] UInt32 OPTIONAL, authorization-data [8] AuthorizationData OPTIONAL }
handle: shishi handle as allocated by
shishi_init()
.This function creates a new Authenticator, populated with some default values. It uses the current time as returned by the system for the ctime and cusec fields.
Return value: Returns the authenticator or NULL on failure.
handle: shishi handle as allocated by
shishi_init()
.This function creates a new Authenticator, populated with some default values. It uses the current time as returned by the system for the ctime and cusec fields. It adds a random subkey.
Return value: Returns the authenticator or NULL on failure.
handle: shishi handle as allocated by
shishi_init()
.fh: file handle open for writing.
authenticator: authenticator as allocated by
shishi_authenticator()
.Print ASCII armored DER encoding of authenticator to file.
Return value: Returns SHISHI_OK iff successful.
handle: shishi handle as allocated by
shishi_init()
.fh: file handle open for writing.
authenticator: authenticator as allocated by
shishi_authenticator()
.Save DER encoding of authenticator to file.
Return value: Returns SHISHI_OK iff successful.
handle: shishi handle as allocated by
shishi_init()
.authenticator: Authenticator to save.
filetype: input variable specifying type of file to be written, see Shishi_filetype.
filename: input variable with filename to write to.
Write Authenticator to file in specified TYPE. The file will be truncated if it exists.
Return value: Returns SHISHI_OK iff successful.
handle: shishi handle as allocated by
shishi_init()
.fh: file handle open for reading.
authenticator: output variable with newly allocated authenticator.
Read ASCII armored DER encoded authenticator from file and populate given authenticator variable.
Return value: Returns SHISHI_OK iff successful.
handle: shishi handle as allocated by
shishi_init()
.fh: file handle open for reading.
authenticator: output variable with newly allocated authenticator.
Read DER encoded authenticator from file and populate given authenticator variable.
Return value: Returns SHISHI_OK iff successful.
handle: shishi handle as allocated by
shishi_init()
.authenticator: output variable with newly allocated Authenticator.
filetype: input variable specifying type of file to be read, see Shishi_filetype.
filename: input variable with filename to read from.
Read Authenticator from file in specified TYPE.
Return value: Returns SHISHI_OK iff successful.
handle: shishi handle as allocated by
shishi_init()
.authenticator: authenticator as allocated by
shishi_authenticator()
.crealm: input array with realm.
Set realm field in authenticator to specified value.
Return value: Returns SHISHI_OK iff successful.
handle: shishi handle as allocated by
shishi_init()
.authenticator: authenticator as allocated by
shishi_authenticator()
.name_type: type of principial, see Shishi_name_type, usually SHISHI_NT_UNKNOWN.
cname: input array with principal name.
Set principal field in authenticator to specified value.
Return value: Returns SHISHI_OK iff successful.
handle: shishi handle as allocated by
shishi_init()
.authenticator: Authenticator to set client name field in.
client: zero-terminated string with principal name on RFC 1964 form.
Set the client name field in the Authenticator.
Return value: Returns SHISHI_OK iff successful.
handle: shishi handle as allocated by
shishi_init()
.authenticator: Authenticator as allocated by
shishi_authenticator()
.t: newly allocated zero-terminated character array with client time.
Extract client time from Authenticator.
Return value: Returns SHISHI_OK iff successful.
handle: shishi handle as allocated by
shishi_init()
.authenticator: Authenticator as allocated by
shishi_authenticator()
.t: string with generalized time value to store in Authenticator.
Store client time in Authenticator.
Return value: Returns SHISHI_OK iff successful.
handle: shishi handle as allocated by
shishi_init()
.authenticator: Authenticator as allocated by
shishi_authenticator()
.cusec: output integer with client microseconds field.
Extract client microseconds field from Authenticator.
Return value: Returns SHISHI_OK iff successful.
handle: shishi handle as allocated by
shishi_init()
.authenticator: authenticator as allocated by
shishi_authenticator()
.cusec: client microseconds to set in authenticator, 0-999999.
Set the cusec field in the Authenticator.
Return value: Returns SHISHI_OK iff successful.
handle: shishi handle as allocated by
shishi_init()
.authenticator: authenticator as allocated by
shishi_authenticator()
.seqnumber: output integer with sequence number field.
Extract sequence number field from Authenticator.
Return value: Returns
SHISHI_OK
iff successful.
handle: shishi handle as allocated by
shishi_init()
.authenticator: authenticator as allocated by
shishi_authenticator()
.Remove sequence number field in Authenticator.
Return value: Returns
SHISHI_OK
iff successful.
handle: shishi handle as allocated by
shishi_init()
.authenticator: authenticator as allocated by
shishi_authenticator()
.seqnumber: integer with sequence number field to store in Authenticator.
Store sequence number field in Authenticator.
Return value: Returns
SHISHI_OK
iff successful.
handle: Shishi library handle create by
shishi_init()
.authenticator: Authenticator variable to get client name from.
client: pointer to newly allocated zero terminated string containing principal name. May be
NULL
(to only populateclientlen
).clientlen: pointer to length of
client
on output, excluding terminating zero. May beNULL
(to only populateclient
).Represent client principal name in Authenticator as zero-terminated string. The string is allocate by this function, and it is the responsibility of the caller to deallocate it. Note that the output length
clientlen
does not include the terminating zero.Return value: Returns SHISHI_OK iff successful.
handle: Shishi library handle create by
shishi_init()
.authenticator: Authenticator variable to get client name and realm from.
client: pointer to newly allocated zero terminated string containing principal name and realm. May be
NULL
(to only populateclientlen
).clientlen: pointer to length of
client
on output, excluding terminating zero. May beNULL
(to only populateclient
).Convert cname and realm fields from Authenticator to printable principal name format. The string is allocate by this function, and it is the responsibility of the caller to deallocate it. Note that the output length
clientlen
does not include the terminating zero.Return value: Returns SHISHI_OK iff successful.
handle: shishi handle as allocated by
shishi_init()
.authenticator: authenticator as allocated by
shishi_authenticator()
.cksumtype: output checksum type.
cksum: newly allocated output checksum data from authenticator.
cksumlen: on output, actual size of allocated output checksum data buffer.
Read checksum value from authenticator.
cksum
is allocated by this function, and it is the responsibility of caller to deallocate it.Return value: Returns SHISHI_OK iff successful.
handle: shishi handle as allocated by
shishi_init()
.authenticator: authenticator as allocated by
shishi_authenticator()
.cksumtype: input checksum type to store in authenticator.
cksum: input checksum data to store in authenticator.
cksumlen: size of input checksum data to store in authenticator.
Store checksum value in authenticator. A checksum is usually created by calling
shishi_checksum()
on some application specific data using the key from the ticket that is being used. To save time, you may want to useshishi_authenticator_add_cksum()
instead, which calculates the checksum and calls this function in one step.Return value: Returns SHISHI_OK iff successful.
handle: shishi handle as allocated by
shishi_init()
.authenticator: authenticator as allocated by
shishi_authenticator()
.key: key to to use for encryption.
keyusage: cryptographic key usage value to use in encryption.
data: input array with data to calculate checksum on.
datalen: size of input array with data to calculate checksum on.
Calculate checksum for data and store it in the authenticator.
Return value: Returns SHISHI_OK iff successful.
handle: shishi handle as allocated by
shishi_init()
.authenticator: authenticator as allocated by
shishi_authenticator()
.key: key to to use for encryption.
keyusage: cryptographic key usage value to use in encryption.
cksumtype: checksum to type to calculate checksum.
data: input array with data to calculate checksum on.
datalen: size of input array with data to calculate checksum on.
Calculate checksum for data and store it in the authenticator.
Return value: Returns SHISHI_OK iff successful.
handle: shishi handle as allocated by
shishi_init()
.authenticator: Authenticator as allocated by
shishi_authenticator()
.Remove the authorization-data field from Authenticator.
Return value: Returns SHISHI_OK iff successful.
handle: shishi handle as allocated by
shishi_init()
.authenticator: authenticator as allocated by
shishi_authenticator()
.adtype: input authorization data type to add.
addata: input authorization data to add.
addatalen: size of input authorization data to add.
Add authorization data to authenticator.
Return value: Returns SHISHI_OK iff successful.
handle: shishi handle as allocated by
shishi_init()
.authenticator: authenticator as allocated by
shishi_authenticator()
.adtype: output authorization data type.
addata: newly allocated output authorization data.
addatalen: on output, actual size of newly allocated authorization data.
nth: element number of authorization-data to extract.
Extract n: th authorization data from authenticator. The first field is 1.
Return value: Returns SHISHI_OK iff successful.
handle: shishi handle as allocated by
shishi_init()
.authenticator: authenticator as allocated by
shishi_authenticator()
.Remove subkey from the authenticator.
Return value: Returns SHISHI_OK iff successful.
handle: shishi handle as allocated by
shishi_init()
.authenticator: authenticator as allocated by
shishi_authenticator()
.subkey: output newly allocated subkey from authenticator.
Read subkey value from authenticator.
Return value: Returns SHISHI_OK if successful or SHISHI_ASN1_NO_ELEMENT if subkey is not present.
handle: shishi handle as allocated by
shishi_init()
.authenticator: authenticator as allocated by
shishi_authenticator()
.subkeytype: input subkey type to store in authenticator.
subkey: input subkey data to store in authenticator.
subkeylen: size of input subkey data to store in authenticator.
Store subkey value in authenticator. A subkey is usually created by calling
shishi_key_random()
using the default encryption type of the key from the ticket that is being used. To save time, you may want to useshishi_authenticator_add_subkey()
instead, which calculates the subkey and calls this function in one step.Return value: Returns SHISHI_OK iff successful.
handle: shishi handle as allocated by
shishi_init()
.authenticator: authenticator as allocated by
shishi_authenticator()
.Generate random subkey, of the default encryption type from configuration, and store it in the authenticator.
Return value: Returns SHISHI_OK iff successful.
handle: shishi handle as allocated by
shishi_init()
.authenticator: authenticator as allocated by
shishi_authenticator()
.etype: encryption type of random key to generate.
Generate random subkey of indicated encryption type, and store it in the authenticator.
Return value: Returns SHISHI_OK iff successful.
handle: shishi handle as allocated by
shishi_init()
.authenticator: authenticator as allocated by
shishi_authenticator()
.subkey: subkey to add to authenticator.
Store subkey in the authenticator.
Return value: Returns SHISHI_OK iff successful.