blob: 2a7491aa7554807ed32d2baa2c95205f76a19097 [file] [log] [blame]
// Package kadmin provides Kerberos administration capabilities.
package kadmin
import (
"gopkg.in/jcmturner/gokrb5.v7/crypto"
"gopkg.in/jcmturner/gokrb5.v7/krberror"
"gopkg.in/jcmturner/gokrb5.v7/messages"
"gopkg.in/jcmturner/gokrb5.v7/types"
)
// ChangePasswdMsg generate a change password request and also return the key needed to decrypt the reply.
func ChangePasswdMsg(cname types.PrincipalName, realm, password string, tkt messages.Ticket, sessionKey types.EncryptionKey) (r Request, k types.EncryptionKey, err error) {
// Create change password data struct and marshal to bytes
chgpasswd := ChangePasswdData{
NewPasswd: []byte(password),
TargName: cname,
TargRealm: realm,
}
chpwdb, err := chgpasswd.Marshal()
if err != nil {
err = krberror.Errorf(err, krberror.KRBMsgError, "error marshaling change passwd data")
return
}
// Generate authenticator
auth, err := types.NewAuthenticator(realm, cname)
if err != nil {
err = krberror.Errorf(err, krberror.KRBMsgError, "error generating new authenticator")
return
}
etype, err := crypto.GetEtype(sessionKey.KeyType)
if err != nil {
err = krberror.Errorf(err, krberror.KRBMsgError, "error generating subkey etype")
return
}
err = auth.GenerateSeqNumberAndSubKey(etype.GetETypeID(), etype.GetKeyByteSize())
if err != nil {
err = krberror.Errorf(err, krberror.KRBMsgError, "error generating subkey")
return
}
k = auth.SubKey
// Generate AP_REQ
APreq, err := messages.NewAPReq(tkt, sessionKey, auth)
if err != nil {
return
}
// Form the KRBPriv encpart data
kp := messages.EncKrbPrivPart{
UserData: chpwdb,
Timestamp: auth.CTime,
Usec: auth.Cusec,
SequenceNumber: auth.SeqNumber,
}
kpriv := messages.NewKRBPriv(kp)
err = kpriv.EncryptEncPart(k)
if err != nil {
err = krberror.Errorf(err, krberror.EncryptingError, "error encrypting change passwd data")
return
}
r = Request{
APREQ: APreq,
KRBPriv: kpriv,
}
return
}