* $Source$
* $Author$
*
- * Copyright 1990 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* For copying and distribution information, please see the file
struct servent *sp;
struct hostent *hp;
struct sockaddr_in sin, lsin;
- char *remote_host;
- register char *cp;
int sock, namelen;
- krb5_data send_data;
+ krb5_data recv_data;
krb5_checksum send_cksum;
krb5_error_code retval;
krb5_ccache ccdef;
- krb5_principal server;
- char **hrealms;
+ krb5_principal client, server;
+ krb5_error *err_ret;
+ krb5_ap_rep_enc_part *rep_ret;
short xmitlen;
- char sbuf[512];
if (argc != 2) {
fprintf(stderr, "usage: %s <hostname>\n",argv[0]);
exit(1);
}
- if (retval = krb5_get_host_realm(hp->h_name, &hrealms)) {
- com_err(argv[0], retval, "while determining realm(s) of %s",
- hp->h_name);
- exit(1);
- }
- if (strlen(hp->h_name)+strlen(SAMPLE_SERVICE)+strlen(hrealms[0])+3 >
- sizeof(sbuf)) {
- fprintf(stderr, "hostname too long!\n");
- exit(1);
- }
-
- /* copy the hostname into non-volatile storage */
- remote_host = malloc(strlen(hp->h_name) + 1);
- (void) strcpy(remote_host, hp->h_name);
-
- /* lower-case to get name for "instance" part of service name */
- for (cp = remote_host; *cp; cp++)
- if (isupper(*cp))
- *cp = tolower(*cp);
-
- memset(sbuf, 0, sizeof(sbuf));
- strcpy(sbuf, SAMPLE_SERVICE);
- strcat(sbuf, "/");
- strcat(sbuf, remote_host);
- strcat(sbuf, "@");
- strcat(sbuf, hrealms[0]);
- (void) krb5_free_host_realm(hrealms);
- if (retval = krb5_parse_name(sbuf, &server)) {
- com_err(argv[0], retval, "while parsing service name %s", sbuf);
+ if (retval = krb5_sname_to_principal(argv[1], SAMPLE_SERVICE,
+ TRUE, /* TRUE means canonicalize
+ hostname */
+ &server)) {
+ com_err(argv[0], retval, "while creating server name for %s",
+ argv[1]);
exit(1);
}
}
/* choose some random stuff to compute checksum from */
if (retval = krb5_calculate_checksum(CKSUMTYPE_CRC32,
- remote_host,
- strlen(remote_host),
+ argv[1],
+ strlen(argv[1]),
0,
0, /* if length is 0, crc-32 doesn't
use the seed */
exit(1);
}
- if (retval = krb5_mk_req(server, 0, &send_cksum, ccdef, &send_data)) {
- com_err(argv[0], retval, "while preparing AP_REQ");
- exit(1);
- }
- xmitlen = htons(send_data.length);
-
- if ((retval = krb5_net_write(sock, (char *)&xmitlen,
- sizeof(xmitlen))) < 0) {
- com_err(argv[0], errno, "while writing len to server");
- exit(1);
- }
- if ((retval = krb5_net_write(sock, (char *)send_data.data,
- send_data.length)) < 0) {
- com_err(argv[0], errno, "while writing data to server");
- exit(1);
- }
- xfree(send_data.data);
- if ((retval = krb5_net_read(sock, (char *)&xmitlen,
- sizeof(xmitlen))) <= 0) {
- if (retval == 0)
- errno = ECONNRESET; /* XXX */
- com_err(argv[0], errno, "while reading data from server");
- exit(1);
- }
- send_data.length = ntohs(xmitlen);
- if (!(send_data.data = (char *)malloc(send_data.length + 1))) {
- com_err(argv[0], ENOMEM, "while allocating buffer to read from server");
- exit(1);
- }
- if ((retval = krb5_net_read(sock, (char *)send_data.data,
- send_data.length)) <= 0) {
- if (retval == 0)
- errno = ECONNRESET; /* XXX */
- com_err(argv[0], errno, "while reading data from server");
+ if (retval = krb5_cc_get_principal(ccdef, &client)) {
+ com_err(argv[0], retval, "while getting client principal name");
+ exit(1);
+ }
+ retval = krb5_sendauth((krb5_pointer) &sock,
+ SAMPLE_VERSION, client, server,
+ AP_OPTS_MUTUAL_REQUIRED,
+ &send_cksum,
+ 0, /* no creds, use ccache instead */
+ ccdef,
+ 0, /* don't need seq # */
+ 0, /* don't need a subsession key */
+ &err_ret,
+ &rep_ret);
+
+ krb5_free_principal(server); /* finished using it */
+
+ if (retval && retval != KRB5_SENDAUTH_REJECTED) {
+ com_err(argv[0], retval, "while using sendauth");
+ exit(1);
+ }
+ if (retval == KRB5_SENDAUTH_REJECTED) {
+ /* got an error */
+ printf("sendauth rejected, error reply is:\n\t\"%*s\"",
+ err_ret->text.length, err_ret->text.data);
+ } else if (rep_ret) {
+ /* got a reply */
+ printf("sendauth succeeded, reply is:\n");
+ if ((retval = krb5_net_read(sock, (char *)&xmitlen,
+ sizeof(xmitlen))) <= 0) {
+ if (retval == 0)
+ errno = ECONNABORTED;
+ com_err(argv[0], errno, "while reading data from server");
+ exit(1);
+ }
+ recv_data.length = ntohs(xmitlen);
+ if (!(recv_data.data = (char *)malloc(recv_data.length + 1))) {
+ com_err(argv[0], ENOMEM,
+ "while allocating buffer to read from server");
+ exit(1);
+ }
+ if ((retval = krb5_net_read(sock, (char *)recv_data.data,
+ recv_data.length)) <= 0) {
+ if (retval == 0)
+ errno = ECONNABORTED;
+ com_err(argv[0], errno, "while reading data from server");
+ exit(1);
+ }
+ printf("reply len %d, contents:\n%*s\n",
+ recv_data.length,recv_data.length,recv_data.data);
+ } else {
+ com_err(argv[0], 0, "no error or reply from sendauth!");
exit(1);
}
- send_data.data[send_data.length] = '\0';
- printf("reply len %d, contents:\n%s\n",send_data.length,send_data.data);
exit(0);
}
* $Source$
* $Author$
*
- * Copyright 1990 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* For copying and distribution information, please see the file
struct sockaddr_in peername;
krb5_address peeraddr;
int namelen = sizeof(peername);
+ int sock = 0; /* incoming connection fd */
krb5_data recv_data;
short xmitlen;
krb5_error_code retval;
- krb5_tkt_authent *authdat;
- krb5_principal server;
+ krb5_principal server, client;
char repbuf[BUFSIZ];
char *cname;
error_message(retval));
exit(1);
}
-
+
#ifdef DEBUG
-{
- int sock, acc;
- struct sockaddr_in sin;
+ {
+ int acc;
+ struct sockaddr_in sin;
- if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
- syslog(LOG_ERR, "socket: %m");
- exit(3);
- }
+ if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
+ syslog(LOG_ERR, "socket: %m");
+ exit(3);
+ }
- sin.sin_family = AF_INET;
- sin.sin_addr.s_addr = 0;
- sin.sin_port = htons(5555);
- if (bind(sock, &sin, sizeof(sin))) {
- syslog(LOG_ERR, "bind: %m");
- exit(3);
- }
- if (listen(sock, 1) == -1) {
- syslog(LOG_ERR, "listen: %m");
- exit(3);
+ sin.sin_family = AF_INET;
+ sin.sin_addr.s_addr = 0;
+ sin.sin_port = htons(5555);
+ if (bind(sock, &sin, sizeof(sin))) {
+ syslog(LOG_ERR, "bind: %m");
+ exit(3);
+ }
+ if (listen(sock, 1) == -1) {
+ syslog(LOG_ERR, "listen: %m");
+ exit(3);
+ }
+ if ((acc = accept(sock, (struct sockaddr *)&peername, &namelen)) == -1) {
+ syslog(LOG_ERR, "accept: %m");
+ exit(3);
+ }
+ dup2(acc, 0);
+ close(sock);
+ sock = 0;
}
- if ((acc = accept(sock, (struct sockaddr *)&peername, &namelen)) == -1) {
- syslog(LOG_ERR, "accept: %m");
- exit(3);
- }
- dup2(acc, 0);
- close(sock);
-}
#else
/*
* To verify authenticity, we need to know the address of the
#endif
peeraddr.addrtype = peername.sin_family;
peeraddr.length = sizeof(peername.sin_addr);
- if (!(peeraddr.contents = (krb5_octet *)malloc(peeraddr.length))) {
- syslog(LOG_ERR, "no memory allocating addr");
- exit(1);
- }
- memcpy((char *)peeraddr.contents, (char *)&peername.sin_addr,
- peeraddr.length);
+ peeraddr.contents = (krb5_octet *)&peername.sin_addr;
- if ((retval = krb5_net_read(0, (char *)&xmitlen, sizeof(xmitlen))) <= 0) {
- if (retval == 0)
- errno = ECONNRESET; /* XXX */
- syslog(LOG_ERR, "read size: %m");
- exit(1);
- }
- recv_data.length = ntohs(xmitlen);
- if (!(recv_data.data = (char *) malloc(recv_data.length))) {
- syslog(LOG_ERR, "no memory allocating packet");
+ if (retval = krb5_recvauth((krb5_pointer)&sock,
+ SAMPLE_VERSION, server, &peeraddr,
+ 0, 0, 0, /* no fetchfrom, keyproc or arg */
+ 0, /* default rc type */
+ 0, /* don't need seq number */
+ &client,
+ 0, 0 /* don't care about ticket or
+ authenticator */
+ )) {
+ syslog(LOG_ERR, "recvauth failed--%s", error_message(retval));
exit(1);
}
- if ((retval = krb5_net_read(0, (char *)recv_data.data,
- recv_data.length)) <= 0) {
- if (retval == 0)
- errno = ECONNRESET; /* XXX */
- syslog(LOG_ERR, "read contents: %m");
- exit(1);
- }
- if (retval = krb5_rd_req_simple(&recv_data, server, &peeraddr, &authdat)) {
- syslog(LOG_ERR, "rd_req failed: %s", error_message(retval));
- sprintf(repbuf, "RD_REQ failed: %s\n", error_message(retval));
- goto sendreply;
- }
- xfree(recv_data.data);
- if (retval = krb5_unparse_name(authdat->ticket->enc_part2->client, &cname)) {
+ if (retval = krb5_unparse_name(client, &cname)) {
syslog(LOG_ERR, "unparse failed: %s", error_message(retval));
cname = "<unparse error>";
}
- krb5_free_tkt_authent(authdat);
+
sprintf(repbuf, "You are %s\n", cname);
if (!retval)
free(cname);
- sendreply:
xmitlen = htons(strlen(repbuf));
recv_data.length = strlen(repbuf);
recv_data.data = repbuf;