diff options
| author | Aria <me@aria.rip> | 2023-10-01 22:55:08 +0100 |
|---|---|---|
| committer | Aria <me@aria.rip> | 2023-10-01 22:55:08 +0100 |
| commit | 7045a630996e08c18beb7c3d39e1b2752c8a4ba4 (patch) | |
| tree | e539793ccb588433f44cc0e1b52821cb6953a85a /client/messages.go | |
| parent | ca56d194c605ef7ba09f46eff11374b492f83804 (diff) | |
a working version with only changing passwords
Diffstat (limited to 'client/messages.go')
| -rw-r--r-- | client/messages.go | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/client/messages.go b/client/messages.go new file mode 100644 index 0000000..b3d2c4f --- /dev/null +++ b/client/messages.go @@ -0,0 +1,69 @@ +package client + +import ( + "github.com/jcmturner/gokrb5/v8/crypto" + "github.com/jcmturner/gokrb5/v8/kadmin" + "github.com/jcmturner/gokrb5/v8/krberror" + "github.com/jcmturner/gokrb5/v8/messages" + "github.com/jcmturner/gokrb5/v8/types" +) + +// ChangePasswdMsg generate a change password request and also return the key needed to decrypt the reply. +func ChangePasswdMsg(targetName types.PrincipalName, cname types.PrincipalName, realm, password string, tkt messages.Ticket, sessionKey types.EncryptionKey) (r kadmin.Request, k types.EncryptionKey, err error) { + // Create change password data struct and marshal to bytes + chgpasswd := kadmin.ChangePasswdData{ + NewPasswd: []byte(password), + TargName: targetName, + TargRealm: realm, + } + chpwdb, err := chgpasswd.Marshal() + if err != nil { + err = krberror.Errorf(err, krberror.KRBMsgError, "error marshaling change passwd data") + return + } + + // Generate authenticator + auth, err := types.NewAuthenticator(realm, cname) + if err != nil { + err = krberror.Errorf(err, krberror.KRBMsgError, "error generating new authenticator") + return + } + etype, err := crypto.GetEtype(sessionKey.KeyType) + if err != nil { + err = krberror.Errorf(err, krberror.KRBMsgError, "error generating subkey etype") + return + } + err = auth.GenerateSeqNumberAndSubKey(etype.GetETypeID(), etype.GetKeyByteSize()) + if err != nil { + err = krberror.Errorf(err, krberror.KRBMsgError, "error generating subkey") + return + } + k = auth.SubKey + + // Generate AP_REQ + APreq, err := messages.NewAPReq(tkt, sessionKey, auth) + if err != nil { + return + } + + // Form the KRBPriv encpart data + kp := messages.EncKrbPrivPart{ + UserData: chpwdb, + Timestamp: auth.CTime, + Usec: auth.Cusec, + SequenceNumber: auth.SeqNumber, + } + kpriv := messages.NewKRBPriv(kp) + + err = kpriv.EncryptEncPart(k) + if err != nil { + err = krberror.Errorf(err, krberror.EncryptingError, "error encrypting change passwd data") + return + } + + r = kadmin.Request{ + APREQ: APreq, + KRBPriv: kpriv, + } + return +} |