An "Authenticator" is a ASN.1 structure that work as a proof that an entity owns a ticket. It is usually embedded in the AP-REQ structure (Section 6.4), and you most likely want to use an AP-REQ instead of a Authenticator in normal applications. The following illustrates the Authenticator ASN.1 structure.
Authenticator ::= [APPLICATION 2] SEQUENCE {
authenticator-vno [0] INTEGER (5),
crealm [1] Realm,
cname [2] PrincipalName,
cksum [3] Checksum OPTIONAL,
cusec [4] Microseconds,
ctime [5] KerberosTime,
subkey [6] EncryptionKey OPTIONAL,
seq-number [7] UInt32 OPTIONAL,
authorization-data [8] AuthorizationData OPTIONAL
}Shishi_asn1 shishi_authenticator (Shishi * handle)
handle: shishi handle as allocated by shishi_init().
This function creates a new Authenticator, populated with some default values. It uses the current time as returned by the system for the ctime and cusec fields.
Return value: Returns the authenticator or NULL on failure.
Shishi_asn1 shishi_authenticator_subkey (Shishi * handle)
handle: shishi handle as allocated by shishi_init().
This function creates a new Authenticator, populated with some default values. It uses the current time as returned by the system for the ctime and cusec fields. It adds a random subkey.
Return value: Returns the authenticator or NULL on failure.
int shishi_authenticator_print (Shishi * handle, FILE * fh, Shishi_asn1 authenticator)
handle: shishi handle as allocated by shishi_init().
fh: file handle open for writing.
authenticator: authenticator as allocated by shishi_authenticator().
Print ASCII armored DER encoding of authenticator to file.
Return value: Returns SHISHI_OK iff successful.
int shishi_authenticator_save (Shishi * handle, FILE * fh, Shishi_asn1 authenticator)
handle: shishi handle as allocated by shishi_init().
fh: file handle open for writing.
authenticator: authenticator as allocated by shishi_authenticator().
Save DER encoding of authenticator to file.
Return value: Returns SHISHI_OK iff successful.
int shishi_authenticator_to_file (Shishi * handle, Shishi_asn1 authenticator, int filetype, char * filename)
handle: shishi handle as allocated by shishi_init().
authenticator: Authenticator to save.
filetype: input variable specifying type of file to be written, see Shishi_filetype.
filename: input variable with filename to write to.
Write Authenticator to file in specified TYPE. The file will be truncated if it exists.
Return value: Returns SHISHI_OK iff successful.
int shishi_authenticator_parse (Shishi * handle, FILE * fh, Shishi_asn1 * authenticator)
handle: shishi handle as allocated by shishi_init().
fh: file handle open for reading.
authenticator: output variable with newly allocated authenticator.
Read ASCII armored DER encoded authenticator from file and populate given authenticator variable.
Return value: Returns SHISHI_OK iff successful.
int shishi_authenticator_read (Shishi * handle, FILE * fh, Shishi_asn1 * authenticator)
handle: shishi handle as allocated by shishi_init().
fh: file handle open for reading.
authenticator: output variable with newly allocated authenticator.
Read DER encoded authenticator from file and populate given authenticator variable.
Return value: Returns SHISHI_OK iff successful.
int shishi_authenticator_from_file (Shishi * handle, Shishi_asn1 * authenticator, int filetype, char * filename)
handle: shishi handle as allocated by shishi_init().
authenticator: output variable with newly allocated Authenticator.
filetype: input variable specifying type of file to be read, see Shishi_filetype.
filename: input variable with filename to read from.
Read Authenticator from file in specified TYPE.
Return value: Returns SHISHI_OK iff successful.
int shishi_authenticator_set_crealm (Shishi * handle, Shishi_asn1 authenticator, const char * crealm)
handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
crealm: input array with realm.
Set realm field in authenticator to specified value.
Return value: Returns SHISHI_OK iff successful.
int shishi_authenticator_set_cname (Shishi * handle, Shishi_asn1 authenticator, Shishi_name_type name_type, const char * [] cname)
handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
name_type: type of principial, see Shishi_name_type, usually SHISHI_NT_UNKNOWN.
cname: input array with principal name.
Set principal field in authenticator to specified value.
Return value: Returns SHISHI_OK iff successful.
int shishi_authenticator_client_set (Shishi * handle, Shishi_asn1 authenticator, const char * client)
handle: shishi handle as allocated by shishi_init().
authenticator: Authenticator to set client name field in.
client: zero-terminated string with principal name on RFC 1964 form.
Set the client name field in the Authenticator.
Return value: Returns SHISHI_OK iff successful.
int shishi_authenticator_ctime (Shishi * handle, Shishi_asn1 authenticator, char ** ctime)
handle: shishi handle as allocated by shishi_init().
authenticator: Authenticator as allocated by shishi_authenticator().
ctime: newly allocated zero-terminated character array with client time.
Extract client time from Authenticator.
Return value: Returns SHISHI_OK iff successful.
int shishi_authenticator_ctime_set (Shishi * handle, Shishi_asn1 authenticator, char * ctime)
handle: shishi handle as allocated by shishi_init().
authenticator: Authenticator as allocated by shishi_authenticator().
ctime: string with generalized time value to store in Authenticator.
Store client time in Authenticator.
Return value: Returns SHISHI_OK iff successful.
int shishi_authenticator_cusec_get (Shishi * handle, Shishi_asn1 authenticator, int * cusec)
handle: shishi handle as allocated by shishi_init().
authenticator: Authenticator as allocated by shishi_authenticator().
cusec: output integer with client microseconds field.
Extract client microseconds field from Authenticator.
Return value: Returns SHISHI_OK iff successful.
int shishi_authenticator_cusec_set (Shishi * handle, Shishi_asn1 authenticator, int cusec)
handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
cusec: client microseconds to set in authenticator, 0-999999.
Set the cusec field in the Authenticator.
Return value: Returns SHISHI_OK iff successful.
int shishi_authenticator_cksum (Shishi * handle, Shishi_asn1 authenticator, int32_t * cksumtype, char * cksum, size_t * cksumlen)
handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
cksumtype: output checksum type.
cksum: output checksum data from authenticator.
cksumlen: on input, maximum size of output checksum data buffer, on output, actual size of output checksum data buffer.
Read checksum value from authenticator.
Return value: Returns SHISHI_OK iff successful.
int shishi_authenticator_set_cksum (Shishi * handle, Shishi_asn1 authenticator, int32_t cksumtype, char * cksum, size_t cksumlen)
handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
cksumtype: input checksum type to store in authenticator.
cksum: input checksum data to store in authenticator.
cksumlen: size of input checksum data to store in authenticator.
Store checksum value in authenticator. A checksum is usually created by calling shishi_checksum() on some application specific data using the key from the ticket that is being used. To save time, you may want to use shishi_authenticator_add_cksum() instead, which calculates the checksum and calls this function in one step.
Return value: Returns SHISHI_OK iff successful.
int shishi_authenticator_add_cksum (Shishi * handle, Shishi_asn1 authenticator, Shishi_key * key, int keyusage, char * data, size_t datalen)
handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
key: key to to use for encryption.
keyusage: kerberos key usage value to use in encryption.
data: input array with data to calculate checksum on.
datalen: size of input array with data to calculate checksum on.
Calculate checksum for data and store it in the authenticator.
Return value: Returns SHISHI_OK iff successful.
int shishi_authenticator_add_cksum_type (Shishi * handle, Shishi_asn1 authenticator, Shishi_key * key, int keyusage, int cksumtype, char * data, size_t datalen)
handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
key: key to to use for encryption.
keyusage: kerberos key usage value to use in encryption.
cksumtype: checksum to type to calculate checksum.
data: input array with data to calculate checksum on.
datalen: size of input array with data to calculate checksum on.
Calculate checksum for data and store it in the authenticator.
Return value: Returns SHISHI_OK iff successful.
int shishi_authenticator_clear_authorizationdata (Shishi * handle, Shishi_asn1 authenticator)
handle: shishi handle as allocated by shishi_init().
authenticator: Authenticator as allocated by shishi_authenticator().
Remove the authorization-data field from Authenticator.
Return value: Returns SHISHI_OK iff successful.
int shishi_authenticator_add_authorizationdata (Shishi * handle, Shishi_asn1 authenticator, int adtype, char * addata, size_t addatalen)
handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
adtype: input authorization data type to add.
addata: input authorization data to add.
addatalen: size of input authorization data to add.
Add authorization data to authenticator.
Return value: Returns SHISHI_OK iff successful.
int shishi_authenticator_authorizationdata (Shishi * handle, Shishi_asn1 authenticator, int * adtype, char * addata, size_t * addatalen, int nth)
handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
adtype: output authorization data type.
addata: output authorization data.
addatalen: on input, maximum size of output authorization data, on output, actual size of authorization data.
nth: element number of authorization-data to extract.
Extract n: th authorization data from authenticator. The first field is 1.
Return value: Returns SHISHI_OK iff successful.
int shishi_authenticator_remove_subkey (Shishi * handle, Shishi_asn1 authenticator)
handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
Remove subkey from the authenticator.
Return value: Returns SHISHI_OK iff successful.
int shishi_authenticator_get_subkey (Shishi * handle, Shishi_asn1 authenticator, Shishi_key ** subkey)
handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
subkey: output newly allocated subkey from authenticator.
Read subkey value from authenticator.
Return value: Returns SHISHI_OK if successful or SHISHI_ASN1_NO_ELEMENT if subkey is not present.
int shishi_authenticator_set_subkey (Shishi * handle, Shishi_asn1 authenticator, int32_t subkeytype, char * subkey, size_t subkeylen)
handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
subkeytype: input subkey type to store in authenticator.
subkey: input subkey data to store in authenticator.
subkeylen: size of input subkey data to store in authenticator.
Store subkey value in authenticator. A subkey is usually created by calling shishi_key_random() using the default encryption type of the key from the ticket that is being used. To save time, you may want to use shishi_authenticator_add_subkey() instead, which calculates the subkey and calls this function in one step.
Return value: Returns SHISHI_OK iff successful.
int shishi_authenticator_add_random_subkey (Shishi * handle, Shishi_asn1 authenticator)
handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
Generate random subkey and store it in the authenticator.
Return value: Returns SHISHI_OK iff successful.
int shishi_authenticator_add_subkey (Shishi * handle, Shishi_asn1 authenticator, Shishi_key * subkey)
handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
subkey: subkey to add to authenticator.
Store subkey in the authenticator.
Return value: Returns SHISHI_OK iff successful.