change to use sendauth
authorJohn Kohl <jtkohl@mit.edu>
Fri, 29 Mar 1991 08:53:53 +0000 (08:53 +0000)
committerJohn Kohl <jtkohl@mit.edu>
Fri, 29 Mar 1991 08:53:53 +0000 (08:53 +0000)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1960 dc483132-0cff-0310-8789-dd5450dbe970

src/appl/sample/sclient/sclient.c
src/appl/sample/sserver/sserver.c

index 16784f2e21b6c4a1b58452f280c1218f2eb90659..efb08a730f531ee0401fb73a4a7a4a207c697e82 100644 (file)
@@ -2,7 +2,7 @@
  * $Source$
  * $Author$
  *
- * Copyright 1990 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * For copying and distribution information, please see the file
@@ -42,17 +42,15 @@ char *argv[];
     struct servent *sp;
     struct hostent *hp;
     struct sockaddr_in sin, lsin;
-    char *remote_host;
-    register char *cp;
     int sock, namelen;
-    krb5_data send_data;
+    krb5_data recv_data;
     krb5_checksum send_cksum;
     krb5_error_code retval;
     krb5_ccache ccdef;
-    krb5_principal server;
-    char **hrealms;
+    krb5_principal client, server;
+    krb5_error *err_ret;
+    krb5_ap_rep_enc_part *rep_ret;
     short xmitlen;
-    char sbuf[512];
 
     if (argc != 2) {
        fprintf(stderr, "usage: %s <hostname>\n",argv[0]);
@@ -89,35 +87,12 @@ char *argv[];
        exit(1);
     }
 
-    if (retval = krb5_get_host_realm(hp->h_name, &hrealms)) {
-       com_err(argv[0], retval, "while determining realm(s) of %s",
-               hp->h_name);
-       exit(1);
-    }
-    if (strlen(hp->h_name)+strlen(SAMPLE_SERVICE)+strlen(hrealms[0])+3 >
-       sizeof(sbuf)) {
-       fprintf(stderr, "hostname too long!\n");
-       exit(1);
-    }
-
-    /* copy the hostname into non-volatile storage */
-    remote_host = malloc(strlen(hp->h_name) + 1);
-    (void) strcpy(remote_host, hp->h_name);
-
-    /* lower-case to get name for "instance" part of service name */
-    for (cp = remote_host; *cp; cp++)
-       if (isupper(*cp))
-           *cp = tolower(*cp);
-
-    memset(sbuf, 0, sizeof(sbuf));
-    strcpy(sbuf, SAMPLE_SERVICE);
-    strcat(sbuf, "/");
-    strcat(sbuf, remote_host);
-    strcat(sbuf, "@");
-    strcat(sbuf, hrealms[0]);
-    (void) krb5_free_host_realm(hrealms);
-    if (retval = krb5_parse_name(sbuf, &server)) {
-       com_err(argv[0], retval, "while parsing service name %s", sbuf);
+    if (retval = krb5_sname_to_principal(argv[1], SAMPLE_SERVICE,
+                                        TRUE, /* TRUE means canonicalize
+                                                 hostname */
+                                        &server)) {
+       com_err(argv[0], retval, "while creating server name for %s",
+               argv[1]);
        exit(1);
     }
 
@@ -157,8 +132,8 @@ char *argv[];
     }
     /* choose some random stuff to compute checksum from */
     if (retval = krb5_calculate_checksum(CKSUMTYPE_CRC32,
-                                        remote_host,
-                                        strlen(remote_host),
+                                        argv[1],
+                                        strlen(argv[1]),
                                         0,
                                         0, /* if length is 0, crc-32 doesn't
                                               use the seed */
@@ -172,43 +147,59 @@ char *argv[];
        exit(1);
     }
 
-    if (retval = krb5_mk_req(server, 0, &send_cksum, ccdef, &send_data)) {
-       com_err(argv[0], retval, "while preparing AP_REQ");
-       exit(1);
-    }
-    xmitlen = htons(send_data.length);
-
-    if ((retval = krb5_net_write(sock, (char *)&xmitlen,
-                                sizeof(xmitlen))) < 0) {
-       com_err(argv[0], errno, "while writing len to server");
-       exit(1);
-    }
-    if ((retval = krb5_net_write(sock, (char *)send_data.data,
-                                send_data.length)) < 0) {
-       com_err(argv[0], errno, "while writing data to server");
-       exit(1);
-    }
-    xfree(send_data.data);
-    if ((retval = krb5_net_read(sock, (char *)&xmitlen,
-                               sizeof(xmitlen))) <= 0) {
-       if (retval == 0)
-           errno = ECONNRESET;         /* XXX */
-       com_err(argv[0], errno, "while reading data from server");
-       exit(1);
-    }
-    send_data.length = ntohs(xmitlen);
-    if (!(send_data.data = (char *)malloc(send_data.length + 1))) {
-       com_err(argv[0], ENOMEM, "while allocating buffer to read from server");
-       exit(1);
-    }
-    if ((retval = krb5_net_read(sock, (char *)send_data.data,
-                               send_data.length)) <= 0) {
-       if (retval == 0)
-           errno = ECONNRESET;         /* XXX */
-       com_err(argv[0], errno, "while reading data from server");
+    if (retval = krb5_cc_get_principal(ccdef, &client)) {
+       com_err(argv[0], retval, "while getting client principal name");
+       exit(1);
+    }
+    retval = krb5_sendauth((krb5_pointer) &sock,
+                          SAMPLE_VERSION, client, server,
+                          AP_OPTS_MUTUAL_REQUIRED,
+                          &send_cksum,
+                          0,           /* no creds, use ccache instead */
+                          ccdef,
+                          0,           /* don't need seq # */
+                          0,           /* don't need a subsession key */
+                          &err_ret,
+                          &rep_ret);
+
+    krb5_free_principal(server);       /* finished using it */
+
+    if (retval && retval != KRB5_SENDAUTH_REJECTED) {
+       com_err(argv[0], retval, "while using sendauth");
+       exit(1);
+    }
+    if (retval == KRB5_SENDAUTH_REJECTED) {
+       /* got an error */
+       printf("sendauth rejected, error reply is:\n\t\"%*s\"",
+              err_ret->text.length, err_ret->text.data);
+    } else if (rep_ret) {
+       /* got a reply */
+       printf("sendauth succeeded, reply is:\n");
+       if ((retval = krb5_net_read(sock, (char *)&xmitlen,
+                                   sizeof(xmitlen))) <= 0) {
+           if (retval == 0)
+               errno = ECONNABORTED;
+           com_err(argv[0], errno, "while reading data from server");
+           exit(1);
+       }
+       recv_data.length = ntohs(xmitlen);
+       if (!(recv_data.data = (char *)malloc(recv_data.length + 1))) {
+           com_err(argv[0], ENOMEM,
+                   "while allocating buffer to read from server");
+           exit(1);
+       }
+       if ((retval = krb5_net_read(sock, (char *)recv_data.data,
+                                   recv_data.length)) <= 0) {
+           if (retval == 0)
+               errno = ECONNABORTED;
+           com_err(argv[0], errno, "while reading data from server");
+           exit(1);
+       }
+       printf("reply len %d, contents:\n%*s\n",
+              recv_data.length,recv_data.length,recv_data.data);
+    } else {
+       com_err(argv[0], 0, "no error or reply from sendauth!");
        exit(1);
     }
-    send_data.data[send_data.length] = '\0';
-    printf("reply len %d, contents:\n%s\n",send_data.length,send_data.data);
     exit(0);
 }
index 7c0c3668c68167785337c420822468551394fe3a..817d03c1e754e834e01b98907eb484f06be7743c 100644 (file)
@@ -2,7 +2,7 @@
  * $Source$
  * $Author$
  *
- * Copyright 1990 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * For copying and distribution information, please see the file
@@ -50,11 +50,11 @@ char *argv[];
     struct sockaddr_in peername;
     krb5_address peeraddr;
     int namelen = sizeof(peername);
+    int sock = 0;                      /* incoming connection fd */
     krb5_data recv_data;
     short xmitlen;
     krb5_error_code retval;
-    krb5_tkt_authent *authdat;
-    krb5_principal server;
+    krb5_principal server, client;
     char repbuf[BUFSIZ];
     char *cname;
 
@@ -72,35 +72,36 @@ char *argv[];
               error_message(retval));
        exit(1);
     }
-
+    
 #ifdef DEBUG
-{
-    int sock, acc;
-    struct sockaddr_in sin;
+    {
+       int acc;
+       struct sockaddr_in sin;
 
-    if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
-       syslog(LOG_ERR, "socket: %m");
-       exit(3);
-    }
+       if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
+           syslog(LOG_ERR, "socket: %m");
+           exit(3);
+       }
 
-    sin.sin_family = AF_INET;
-    sin.sin_addr.s_addr = 0;
-    sin.sin_port = htons(5555);
-    if (bind(sock, &sin, sizeof(sin))) {
-       syslog(LOG_ERR, "bind: %m");
-       exit(3);
-    }
-    if (listen(sock, 1) == -1) {
-       syslog(LOG_ERR, "listen: %m");
-       exit(3);
+       sin.sin_family = AF_INET;
+       sin.sin_addr.s_addr = 0;
+       sin.sin_port = htons(5555);
+       if (bind(sock, &sin, sizeof(sin))) {
+           syslog(LOG_ERR, "bind: %m");
+           exit(3);
+       }
+       if (listen(sock, 1) == -1) {
+           syslog(LOG_ERR, "listen: %m");
+           exit(3);
+       }
+       if ((acc = accept(sock, (struct sockaddr *)&peername, &namelen)) == -1) {
+           syslog(LOG_ERR, "accept: %m");
+           exit(3);
+       }
+       dup2(acc, 0);
+       close(sock);
+       sock = 0;
     }
-    if ((acc = accept(sock, (struct sockaddr *)&peername, &namelen)) == -1) {
-       syslog(LOG_ERR, "accept: %m");
-       exit(3);
-    }
-    dup2(acc, 0);
-    close(sock);
-}
 #else
     /*
      * To verify authenticity, we need to know the address of the
@@ -113,47 +114,29 @@ char *argv[];
 #endif
     peeraddr.addrtype = peername.sin_family;
     peeraddr.length = sizeof(peername.sin_addr);
-    if (!(peeraddr.contents = (krb5_octet *)malloc(peeraddr.length))) {
-       syslog(LOG_ERR, "no memory allocating addr");
-       exit(1);
-    }
-    memcpy((char *)peeraddr.contents, (char *)&peername.sin_addr,
-         peeraddr.length);
+    peeraddr.contents = (krb5_octet *)&peername.sin_addr;
 
-    if ((retval = krb5_net_read(0, (char *)&xmitlen, sizeof(xmitlen))) <= 0) {
-       if (retval == 0)
-           errno = ECONNRESET;         /* XXX */
-       syslog(LOG_ERR, "read size: %m");
-       exit(1);
-    }
-    recv_data.length = ntohs(xmitlen);
-    if (!(recv_data.data = (char *) malloc(recv_data.length))) {
-       syslog(LOG_ERR, "no memory allocating packet");
+    if (retval = krb5_recvauth((krb5_pointer)&sock,
+                              SAMPLE_VERSION, server, &peeraddr,
+                              0, 0, 0, /* no fetchfrom, keyproc or arg */
+                              0,       /* default rc type */
+                              0,       /* don't need seq number */
+                              &client,
+                              0, 0     /* don't care about ticket or
+                                          authenticator */
+                              )) {
+       syslog(LOG_ERR, "recvauth failed--%s", error_message(retval));
        exit(1);
     }
-    if ((retval = krb5_net_read(0, (char *)recv_data.data,
-                               recv_data.length)) <= 0) {
-       if (retval == 0)
-           errno = ECONNRESET;         /* XXX */
-       syslog(LOG_ERR, "read contents: %m");
-       exit(1);
-    }
-    if (retval = krb5_rd_req_simple(&recv_data, server, &peeraddr, &authdat)) {
-       syslog(LOG_ERR, "rd_req failed: %s", error_message(retval));
-       sprintf(repbuf, "RD_REQ failed: %s\n", error_message(retval));
-       goto sendreply;
-    }
-    xfree(recv_data.data);
 
-    if (retval = krb5_unparse_name(authdat->ticket->enc_part2->client, &cname)) {
+    if (retval = krb5_unparse_name(client, &cname)) {
        syslog(LOG_ERR, "unparse failed: %s", error_message(retval));
        cname = "<unparse error>";
     }
-    krb5_free_tkt_authent(authdat);
+
     sprintf(repbuf, "You are %s\n", cname);
     if (!retval)
        free(cname);
- sendreply:
     xmitlen = htons(strlen(repbuf));
     recv_data.length = strlen(repbuf);
     recv_data.data = repbuf;