static int verbose = 1;
-static void usage()
+static void
+usage()
{
- fprintf(stderr, "Usage: gss-client [-port port] [-mech mechanism] [-d]\n");
- fprintf(stderr, " [-seq] [-noreplay] [-nomutual]");
+ fprintf(stderr, "Usage: gss-client [-port port] [-mech mechanism] [-d]\n");
+ fprintf(stderr, " [-seq] [-noreplay] [-nomutual]");
#ifdef _WIN32
- fprintf(stderr, " [-threads num]");
-#endif
- fprintf(stderr, "\n");
- fprintf(stderr, " [-f] [-q] [-ccount count] [-mcount count]\n");
- fprintf(stderr, " [-v1] [-na] [-nw] [-nx] [-nm] host service msg\n");
- exit(1);
+ fprintf(stderr, " [-threads num]");
+#endif
+ fprintf(stderr, "\n");
+ fprintf(stderr, " [-f] [-q] [-ccount count] [-mcount count]\n");
+ fprintf(stderr, " [-v1] [-na] [-nw] [-nx] [-nm] host service msg\n");
+ exit(1);
}
/*
* opened and connected. If an error occurs, an error message is
* displayed and -1 is returned.
*/
-static int connect_to_server(host, port)
- char *host;
- u_short port;
+static int
+connect_to_server(host, port)
+ char *host;
+ u_short port;
{
- struct sockaddr_in saddr;
- struct hostent *hp;
- int s;
-
- if ((hp = gethostbyname(host)) == NULL) {
- fprintf(stderr, "Unknown host: %s\n", host);
- return -1;
- }
-
- saddr.sin_family = hp->h_addrtype;
- memcpy((char *)&saddr.sin_addr, hp->h_addr, sizeof(saddr.sin_addr));
- saddr.sin_port = htons(port);
-
- if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
- perror("creating socket");
- return -1;
- }
- if (connect(s, (struct sockaddr *)&saddr, sizeof(saddr)) < 0) {
- perror("connecting to server");
- (void) close(s);
- return -1;
- }
- return s;
+ struct sockaddr_in saddr;
+ struct hostent *hp;
+ int s;
+
+ if ((hp = gethostbyname(host)) == NULL) {
+ fprintf(stderr, "Unknown host: %s\n", host);
+ return -1;
+ }
+
+ saddr.sin_family = hp->h_addrtype;
+ memcpy((char *) &saddr.sin_addr, hp->h_addr, sizeof(saddr.sin_addr));
+ saddr.sin_port = htons(port);
+
+ if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+ perror("creating socket");
+ return -1;
+ }
+ if (connect(s, (struct sockaddr *) &saddr, sizeof(saddr)) < 0) {
+ perror("connecting to server");
+ (void) close(s);
+ return -1;
+ }
+ return s;
}
/*
* unsuccessful, the GSS-API error messages are displayed on stderr
* and -1 is returned.
*/
-static int client_establish_context(s, service_name, gss_flags, auth_flag,
- v1_format, oid, gss_context, ret_flags)
- int s;
- char *service_name;
- gss_OID oid;
- OM_uint32 gss_flags;
- int auth_flag;
- int v1_format;
- gss_ctx_id_t *gss_context;
- OM_uint32 *ret_flags;
+static int
+client_establish_context(s, service_name, gss_flags, auth_flag,
+ v1_format, oid, gss_context, ret_flags)
+ int s;
+ char *service_name;
+ gss_OID oid;
+ OM_uint32 gss_flags;
+ int auth_flag;
+ int v1_format;
+ gss_ctx_id_t *gss_context;
+ OM_uint32 *ret_flags;
{
- if (auth_flag) {
- gss_buffer_desc send_tok, recv_tok, *token_ptr;
- gss_name_t target_name;
- OM_uint32 maj_stat, min_stat, init_sec_min_stat;
- int token_flags;
-
- /*
- * Import the name into target_name. Use send_tok to save
- * local variable space.
- */
- send_tok.value = service_name;
- send_tok.length = strlen(service_name) ;
- maj_stat = gss_import_name(&min_stat, &send_tok,
- (gss_OID) gss_nt_service_name, &target_name);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("parsing name", maj_stat, min_stat);
- return -1;
- }
-
- if (!v1_format) {
- if (send_token(s, TOKEN_NOOP|TOKEN_CONTEXT_NEXT, empty_token) < 0) {
- (void) gss_release_name(&min_stat, &target_name);
- return -1;
- }
- }
-
- /*
- * Perform the context-establishement loop.
- *
- * On each pass through the loop, token_ptr points to the token
- * to send to the server (or GSS_C_NO_BUFFER on the first pass).
- * Every generated token is stored in send_tok which is then
- * transmitted to the server; every received token is stored in
- * recv_tok, which token_ptr is then set to, to be processed by
- * the next call to gss_init_sec_context.
- *
- * GSS-API guarantees that send_tok's length will be non-zero
- * if and only if the server is expecting another token from us,
- * and that gss_init_sec_context returns GSS_S_CONTINUE_NEEDED if
- * and only if the server has another token to send us.
- */
-
- token_ptr = GSS_C_NO_BUFFER;
- *gss_context = GSS_C_NO_CONTEXT;
-
- do {
- maj_stat =
- gss_init_sec_context(&init_sec_min_stat,
- GSS_C_NO_CREDENTIAL,
- gss_context,
- target_name,
- oid,
- gss_flags,
- 0,
- NULL, /* no channel bindings */
- token_ptr,
- NULL, /* ignore mech type */
- &send_tok,
- ret_flags,
- NULL); /* ignore time_rec */
-
- if (token_ptr != GSS_C_NO_BUFFER)
- free (recv_tok.value);
-
- if (send_tok.length != 0) {
- if (verbose)
- printf("Sending init_sec_context token (size=%d)...",
- (int) send_tok.length);
- if (send_token(s, v1_format?0:TOKEN_CONTEXT, &send_tok) < 0) {
- (void) gss_release_buffer(&min_stat, &send_tok);
- (void) gss_release_name(&min_stat, &target_name);
- return -1;
- }
- }
- (void) gss_release_buffer(&min_stat, &send_tok);
-
- if (maj_stat!=GSS_S_COMPLETE && maj_stat!=GSS_S_CONTINUE_NEEDED) {
- display_status("initializing context", maj_stat,
- init_sec_min_stat);
- (void) gss_release_name(&min_stat, &target_name);
- if (*gss_context != GSS_C_NO_CONTEXT)
- gss_delete_sec_context(&min_stat, gss_context,
- GSS_C_NO_BUFFER);
- return -1;
- }
-
- if (maj_stat == GSS_S_CONTINUE_NEEDED) {
- if (verbose)
- printf("continue needed...");
- if (recv_token(s, &token_flags, &recv_tok) < 0) {
- (void) gss_release_name(&min_stat, &target_name);
- return -1;
- }
- token_ptr = &recv_tok;
- }
- if (verbose)
- printf("\n");
- } while (maj_stat == GSS_S_CONTINUE_NEEDED);
-
- (void) gss_release_name(&min_stat, &target_name);
- }
- else {
- if (send_token(s, TOKEN_NOOP, empty_token) < 0)
- return -1;
- }
-
- return 0;
+ if (auth_flag) {
+ gss_buffer_desc send_tok, recv_tok, *token_ptr;
+ gss_name_t target_name;
+ OM_uint32 maj_stat, min_stat, init_sec_min_stat;
+ int token_flags;
+
+ /*
+ * Import the name into target_name. Use send_tok to save
+ * local variable space.
+ */
+ send_tok.value = service_name;
+ send_tok.length = strlen(service_name);
+ maj_stat = gss_import_name(&min_stat, &send_tok,
+ (gss_OID) gss_nt_service_name,
+ &target_name);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("parsing name", maj_stat, min_stat);
+ return -1;
+ }
+
+ if (!v1_format) {
+ if (send_token(s, TOKEN_NOOP | TOKEN_CONTEXT_NEXT, empty_token) <
+ 0) {
+ (void) gss_release_name(&min_stat, &target_name);
+ return -1;
+ }
+ }
+
+ /*
+ * Perform the context-establishement loop.
+ *
+ * On each pass through the loop, token_ptr points to the token
+ * to send to the server (or GSS_C_NO_BUFFER on the first pass).
+ * Every generated token is stored in send_tok which is then
+ * transmitted to the server; every received token is stored in
+ * recv_tok, which token_ptr is then set to, to be processed by
+ * the next call to gss_init_sec_context.
+ *
+ * GSS-API guarantees that send_tok's length will be non-zero
+ * if and only if the server is expecting another token from us,
+ * and that gss_init_sec_context returns GSS_S_CONTINUE_NEEDED if
+ * and only if the server has another token to send us.
+ */
+
+ token_ptr = GSS_C_NO_BUFFER;
+ *gss_context = GSS_C_NO_CONTEXT;
+
+ do {
+ maj_stat = gss_init_sec_context(&init_sec_min_stat, GSS_C_NO_CREDENTIAL, gss_context, target_name, oid, gss_flags, 0, NULL, /* no channel bindings */
+ token_ptr, NULL, /* ignore mech type */
+ &send_tok, ret_flags, NULL); /* ignore time_rec */
+
+ if (token_ptr != GSS_C_NO_BUFFER)
+ free(recv_tok.value);
+
+ if (send_tok.length != 0) {
+ if (verbose)
+ printf("Sending init_sec_context token (size=%d)...",
+ (int) send_tok.length);
+ if (send_token(s, v1_format ? 0 : TOKEN_CONTEXT, &send_tok) <
+ 0) {
+ (void) gss_release_buffer(&min_stat, &send_tok);
+ (void) gss_release_name(&min_stat, &target_name);
+ return -1;
+ }
+ }
+ (void) gss_release_buffer(&min_stat, &send_tok);
+
+ if (maj_stat != GSS_S_COMPLETE
+ && maj_stat != GSS_S_CONTINUE_NEEDED) {
+ display_status("initializing context", maj_stat,
+ init_sec_min_stat);
+ (void) gss_release_name(&min_stat, &target_name);
+ if (*gss_context != GSS_C_NO_CONTEXT)
+ gss_delete_sec_context(&min_stat, gss_context,
+ GSS_C_NO_BUFFER);
+ return -1;
+ }
+
+ if (maj_stat == GSS_S_CONTINUE_NEEDED) {
+ if (verbose)
+ printf("continue needed...");
+ if (recv_token(s, &token_flags, &recv_tok) < 0) {
+ (void) gss_release_name(&min_stat, &target_name);
+ return -1;
+ }
+ token_ptr = &recv_tok;
+ }
+ if (verbose)
+ printf("\n");
+ } while (maj_stat == GSS_S_CONTINUE_NEEDED);
+
+ (void) gss_release_name(&min_stat, &target_name);
+ } else {
+ if (send_token(s, TOKEN_NOOP, empty_token) < 0)
+ return -1;
+ }
+
+ return 0;
}
-static void read_file(file_name, in_buf)
- char *file_name;
- gss_buffer_t in_buf;
+static void
+read_file(file_name, in_buf)
+ char *file_name;
+ gss_buffer_t in_buf;
{
- int fd, count;
+ int fd, count;
struct stat stat_buf;
-
+
if ((fd = open(file_name, O_RDONLY, 0)) < 0) {
perror("open");
fprintf(stderr, "Couldn't open file %s\n", file_name);
}
/* this code used to check for incomplete reads, but you can't get
- an incomplete read on any file for which fstat() is meaningful */
+ * an incomplete read on any file for which fstat() is meaningful */
count = read(fd, in_buf->value, in_buf->length);
if (count < 0) {
* reads back a GSS-API signature block for msg from the server, and
* verifies it with gss_verify. -1 is returned if any step fails,
* otherwise 0 is returned. */
-static int call_server(host, port, oid, service_name, gss_flags, auth_flag,
- wrap_flag, encrypt_flag, mic_flag, v1_format, msg, use_file,
- mcount)
- char *host;
- u_short port;
- gss_OID oid;
- char *service_name;
- OM_uint32 gss_flags;
- int auth_flag, wrap_flag, encrypt_flag, mic_flag;
- int v1_format;
- char *msg;
- int use_file;
- int mcount;
+static int
+call_server(host, port, oid, service_name, gss_flags, auth_flag,
+ wrap_flag, encrypt_flag, mic_flag, v1_format, msg, use_file,
+ mcount)
+ char *host;
+ u_short port;
+ gss_OID oid;
+ char *service_name;
+ OM_uint32 gss_flags;
+ int auth_flag, wrap_flag, encrypt_flag, mic_flag;
+ int v1_format;
+ char *msg;
+ int use_file;
+ int mcount;
{
- gss_ctx_id_t context;
- gss_buffer_desc in_buf, out_buf;
- int s, state;
- OM_uint32 ret_flags;
- OM_uint32 maj_stat, min_stat;
- gss_name_t src_name, targ_name;
- gss_buffer_desc sname, tname;
- OM_uint32 lifetime;
- gss_OID mechanism, name_type;
- int is_local;
- OM_uint32 context_flags;
- int is_open;
- gss_qop_t qop_state;
- gss_OID_set mech_names;
- gss_buffer_desc oid_name;
- size_t i;
- int token_flags;
-
- /* Open connection */
- if ((s = connect_to_server(host, port)) < 0)
- return -1;
-
- /* Establish context */
- if (client_establish_context(s, service_name, gss_flags, auth_flag,
- v1_format, oid, &context,
- &ret_flags) < 0) {
- (void) close(s);
- return -1;
- }
-
- if (auth_flag && verbose) {
- /* display the flags */
- display_ctx_flags(ret_flags);
-
- /* Get context information */
- maj_stat = gss_inquire_context( &min_stat, context,
- &src_name, &targ_name, &lifetime,
- &mechanism, &context_flags,
- &is_local,
- &is_open);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("inquiring context", maj_stat, min_stat);
- return -1;
- }
-
- maj_stat = gss_display_name(&min_stat, src_name, &sname,
- &name_type);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("displaying source name", maj_stat, min_stat);
- return -1;
- }
- maj_stat = gss_display_name(&min_stat, targ_name, &tname,
- (gss_OID *) NULL);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("displaying target name", maj_stat, min_stat);
- return -1;
- }
- printf("\"%.*s\" to \"%.*s\", lifetime %d, flags %x, %s, %s\n",
- (int) sname.length, (char *) sname.value,
- (int) tname.length, (char *) tname.value, lifetime,
- context_flags,
- (is_local) ? "locally initiated" : "remotely initiated",
- (is_open) ? "open" : "closed");
-
- (void) gss_release_name(&min_stat, &src_name);
- (void) gss_release_name(&min_stat, &targ_name);
- (void) gss_release_buffer(&min_stat, &sname);
- (void) gss_release_buffer(&min_stat, &tname);
-
- maj_stat = gss_oid_to_str(&min_stat,
- name_type,
- &oid_name);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("converting oid->string", maj_stat, min_stat);
- return -1;
- }
- printf("Name type of source name is %.*s.\n",
- (int) oid_name.length, (char *) oid_name.value);
- (void) gss_release_buffer(&min_stat, &oid_name);
-
- /* Now get the names supported by the mechanism */
- maj_stat = gss_inquire_names_for_mech(&min_stat,
- mechanism,
- &mech_names);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("inquiring mech names", maj_stat, min_stat);
- return -1;
- }
-
- maj_stat = gss_oid_to_str(&min_stat,
- mechanism,
- &oid_name);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("converting oid->string", maj_stat, min_stat);
- return -1;
- }
- printf("Mechanism %.*s supports %d names\n",
- (int) oid_name.length, (char *) oid_name.value,
- (int) mech_names->count);
- (void) gss_release_buffer(&min_stat, &oid_name);
-
- for (i=0; i<mech_names->count; i++) {
- maj_stat = gss_oid_to_str(&min_stat,
- &mech_names->elements[i],
- &oid_name);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("converting oid->string", maj_stat, min_stat);
- return -1;
- }
- printf(" %d: %.*s\n", (int) i,
- (int) oid_name.length, (char *) oid_name.value);
-
- (void) gss_release_buffer(&min_stat, &oid_name);
- }
- (void) gss_release_oid_set(&min_stat, &mech_names);
- }
+ gss_ctx_id_t context;
+ gss_buffer_desc in_buf, out_buf;
+ int s, state;
+ OM_uint32 ret_flags;
+ OM_uint32 maj_stat, min_stat;
+ gss_name_t src_name, targ_name;
+ gss_buffer_desc sname, tname;
+ OM_uint32 lifetime;
+ gss_OID mechanism, name_type;
+ int is_local;
+ OM_uint32 context_flags;
+ int is_open;
+ gss_qop_t qop_state;
+ gss_OID_set mech_names;
+ gss_buffer_desc oid_name;
+ size_t i;
+ int token_flags;
+
+ /* Open connection */
+ if ((s = connect_to_server(host, port)) < 0)
+ return -1;
+
+ /* Establish context */
+ if (client_establish_context(s, service_name, gss_flags, auth_flag,
+ v1_format, oid, &context, &ret_flags) < 0) {
+ (void) close(s);
+ return -1;
+ }
+
+ if (auth_flag && verbose) {
+ /* display the flags */
+ display_ctx_flags(ret_flags);
+
+ /* Get context information */
+ maj_stat = gss_inquire_context(&min_stat, context,
+ &src_name, &targ_name, &lifetime,
+ &mechanism, &context_flags,
+ &is_local, &is_open);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("inquiring context", maj_stat, min_stat);
+ return -1;
+ }
+
+ maj_stat = gss_display_name(&min_stat, src_name, &sname, &name_type);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("displaying source name", maj_stat, min_stat);
+ return -1;
+ }
+ maj_stat = gss_display_name(&min_stat, targ_name, &tname,
+ (gss_OID *) NULL);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("displaying target name", maj_stat, min_stat);
+ return -1;
+ }
+ printf("\"%.*s\" to \"%.*s\", lifetime %d, flags %x, %s, %s\n",
+ (int) sname.length, (char *) sname.value,
+ (int) tname.length, (char *) tname.value, lifetime,
+ context_flags,
+ (is_local) ? "locally initiated" : "remotely initiated",
+ (is_open) ? "open" : "closed");
+
+ (void) gss_release_name(&min_stat, &src_name);
+ (void) gss_release_name(&min_stat, &targ_name);
+ (void) gss_release_buffer(&min_stat, &sname);
+ (void) gss_release_buffer(&min_stat, &tname);
+
+ maj_stat = gss_oid_to_str(&min_stat, name_type, &oid_name);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("converting oid->string", maj_stat, min_stat);
+ return -1;
+ }
+ printf("Name type of source name is %.*s.\n",
+ (int) oid_name.length, (char *) oid_name.value);
+ (void) gss_release_buffer(&min_stat, &oid_name);
+
+ /* Now get the names supported by the mechanism */
+ maj_stat = gss_inquire_names_for_mech(&min_stat,
+ mechanism, &mech_names);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("inquiring mech names", maj_stat, min_stat);
+ return -1;
+ }
+
+ maj_stat = gss_oid_to_str(&min_stat, mechanism, &oid_name);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("converting oid->string", maj_stat, min_stat);
+ return -1;
+ }
+ printf("Mechanism %.*s supports %d names\n",
+ (int) oid_name.length, (char *) oid_name.value,
+ (int) mech_names->count);
+ (void) gss_release_buffer(&min_stat, &oid_name);
+
+ for (i = 0; i < mech_names->count; i++) {
+ maj_stat = gss_oid_to_str(&min_stat,
+ &mech_names->elements[i], &oid_name);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("converting oid->string", maj_stat, min_stat);
+ return -1;
+ }
+ printf(" %d: %.*s\n", (int) i,
+ (int) oid_name.length, (char *) oid_name.value);
+
+ (void) gss_release_buffer(&min_stat, &oid_name);
+ }
+ (void) gss_release_oid_set(&min_stat, &mech_names);
+ }
if (use_file) {
- read_file(msg, &in_buf);
+ read_file(msg, &in_buf);
} else {
- /* Seal the message */
- in_buf.value = msg;
- in_buf.length = strlen(msg);
+ /* Seal the message */
+ in_buf.value = msg;
+ in_buf.length = strlen(msg);
}
for (i = 0; i < mcount; i++) {
- if (wrap_flag) {
- maj_stat = gss_wrap(&min_stat, context, encrypt_flag, GSS_C_QOP_DEFAULT,
- &in_buf, &state, &out_buf);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("wrapping message", maj_stat, min_stat);
- (void) close(s);
- (void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER);
- return -1;
- } else if (encrypt_flag && ! state) {
- fprintf(stderr, "Warning! Message not encrypted.\n");
- }
- }
- else {
- out_buf = in_buf;
- }
-
- /* Send to server */
- if (send_token(s, (v1_format?0
- :(TOKEN_DATA |
- (wrap_flag ? TOKEN_WRAPPED : 0) |
- (encrypt_flag ? TOKEN_ENCRYPTED : 0) |
- (mic_flag ? TOKEN_SEND_MIC : 0))), &out_buf) < 0) {
- (void) close(s);
- (void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER);
- return -1;
- }
- if (out_buf.value != in_buf.value)
- (void) gss_release_buffer(&min_stat, &out_buf);
-
- /* Read signature block into out_buf */
- if (recv_token(s, &token_flags, &out_buf) < 0) {
- (void) close(s);
- (void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER);
- return -1;
- }
-
- if (mic_flag) {
- /* Verify signature block */
- maj_stat = gss_verify_mic(&min_stat, context, &in_buf,
- &out_buf, &qop_state);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("verifying signature", maj_stat, min_stat);
- (void) close(s);
- (void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER);
- return -1;
- }
-
- if (verbose)
- printf("Signature verified.\n");
- }
- else {
- if (verbose)
- printf("Response received.\n");
- }
-
- free (out_buf.value);
+ if (wrap_flag) {
+ maj_stat =
+ gss_wrap(&min_stat, context, encrypt_flag, GSS_C_QOP_DEFAULT,
+ &in_buf, &state, &out_buf);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("wrapping message", maj_stat, min_stat);
+ (void) close(s);
+ (void) gss_delete_sec_context(&min_stat, &context,
+ GSS_C_NO_BUFFER);
+ return -1;
+ } else if (encrypt_flag && !state) {
+ fprintf(stderr, "Warning! Message not encrypted.\n");
+ }
+ } else {
+ out_buf = in_buf;
+ }
+
+ /* Send to server */
+ if (send_token(s, (v1_format ? 0
+ : (TOKEN_DATA |
+ (wrap_flag ? TOKEN_WRAPPED : 0) |
+ (encrypt_flag ? TOKEN_ENCRYPTED : 0) |
+ (mic_flag ? TOKEN_SEND_MIC : 0))),
+ &out_buf) < 0) {
+ (void) close(s);
+ (void) gss_delete_sec_context(&min_stat, &context,
+ GSS_C_NO_BUFFER);
+ return -1;
+ }
+ if (out_buf.value != in_buf.value)
+ (void) gss_release_buffer(&min_stat, &out_buf);
+
+ /* Read signature block into out_buf */
+ if (recv_token(s, &token_flags, &out_buf) < 0) {
+ (void) close(s);
+ (void) gss_delete_sec_context(&min_stat, &context,
+ GSS_C_NO_BUFFER);
+ return -1;
+ }
+
+ if (mic_flag) {
+ /* Verify signature block */
+ maj_stat = gss_verify_mic(&min_stat, context, &in_buf,
+ &out_buf, &qop_state);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("verifying signature", maj_stat, min_stat);
+ (void) close(s);
+ (void) gss_delete_sec_context(&min_stat, &context,
+ GSS_C_NO_BUFFER);
+ return -1;
+ }
+
+ if (verbose)
+ printf("Signature verified.\n");
+ } else {
+ if (verbose)
+ printf("Response received.\n");
+ }
+
+ free(out_buf.value);
}
if (use_file)
- free(in_buf.value);
+ free(in_buf.value);
/* Send NOOP */
if (!v1_format)
- (void) send_token(s, TOKEN_NOOP, empty_token);
+ (void) send_token(s, TOKEN_NOOP, empty_token);
if (auth_flag) {
- /* Delete context */
- maj_stat = gss_delete_sec_context(&min_stat, &context, &out_buf);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("deleting context", maj_stat, min_stat);
- (void) close(s);
- (void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER);
- return -1;
- }
-
- (void) gss_release_buffer(&min_stat, &out_buf);
+ /* Delete context */
+ maj_stat = gss_delete_sec_context(&min_stat, &context, &out_buf);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("deleting context", maj_stat, min_stat);
+ (void) close(s);
+ (void) gss_delete_sec_context(&min_stat, &context,
+ GSS_C_NO_BUFFER);
+ return -1;
+ }
+
+ (void) gss_release_buffer(&min_stat, &out_buf);
}
(void) close(s);
return 0;
}
-static void parse_oid(char *mechanism, gss_OID *oid)
+static void
+parse_oid(char *mechanism, gss_OID * oid)
{
- char *mechstr = 0, *cp;
+ char *mechstr = 0, *cp;
gss_buffer_desc tok;
OM_uint32 maj_stat, min_stat;
-
+
if (isdigit((int) mechanism[0])) {
- mechstr = malloc(strlen(mechanism)+5);
+ mechstr = malloc(strlen(mechanism) + 5);
if (!mechstr) {
fprintf(stderr, "Couldn't allocate mechanism scratch!\n");
return;
static int max_threads = 1;
#ifdef _WIN32
-static thread_count = 0;
+static thread_count = 0;
static HANDLE hMutex = NULL;
static HANDLE hEvent = NULL;
WaitAndIncrementThreadCounter(void)
{
for (;;) {
- if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) {
- if ( thread_count < max_threads ) {
- thread_count++;
- ReleaseMutex(hMutex);
- return TRUE;
- } else {
- ReleaseMutex(hMutex);
-
- if (WaitForSingleObject(hEvent, INFINITE) == WAIT_OBJECT_0) {
- continue;
- } else {
- return FALSE;
- }
- }
- } else {
- return FALSE;
- }
+ if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) {
+ if (thread_count < max_threads) {
+ thread_count++;
+ ReleaseMutex(hMutex);
+ return TRUE;
+ } else {
+ ReleaseMutex(hMutex);
+
+ if (WaitForSingleObject(hEvent, INFINITE) == WAIT_OBJECT_0) {
+ continue;
+ } else {
+ return FALSE;
+ }
+ }
+ } else {
+ return FALSE;
+ }
}
}
DecrementAndSignalThreadCounter(void)
{
if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) {
- if ( thread_count == max_threads )
- ResetEvent(hEvent);
- thread_count--;
- ReleaseMutex(hMutex);
- return TRUE;
+ if (thread_count == max_threads)
+ ResetEvent(hEvent);
+ thread_count--;
+ ReleaseMutex(hMutex);
+ return TRUE;
} else {
- return FALSE;
+ return FALSE;
}
}
#endif
static int mcount = 1, ccount = 1;
static int auth_flag, wrap_flag, encrypt_flag, mic_flag, v1_format;
-void worker_bee(void * unused)
+void
+worker_bee(void *unused)
{
if (call_server(server_host, port, oid, service_name,
- gss_flags, auth_flag, wrap_flag, encrypt_flag, mic_flag,
- v1_format, msg, use_file, mcount) < 0)
- exit(1);
+ gss_flags, auth_flag, wrap_flag, encrypt_flag, mic_flag,
+ v1_format, msg, use_file, mcount) < 0)
+ exit(1);
#ifdef _WIN32
- if ( max_threads > 1 )
- DecrementAndSignalThreadCounter();
+ if (max_threads > 1)
+ DecrementAndSignalThreadCounter();
#endif
}
-int main(argc, argv)
- int argc;
- char **argv;
+int
+main(argc, argv)
+ int argc;
+ char **argv;
{
- int i;
-
- display_file = stdout;
- auth_flag = wrap_flag = encrypt_flag = mic_flag = 1;
- v1_format = 0;
-
- /* Parse arguments. */
- argc--; argv++;
- while (argc) {
- if (strcmp(*argv, "-port") == 0) {
- argc--; argv++;
- if (!argc) usage();
- port = atoi(*argv);
- } else if (strcmp(*argv, "-mech") == 0) {
- argc--; argv++;
- if (!argc) usage();
- mechanism = *argv;
- }
+ int i;
+
+ display_file = stdout;
+ auth_flag = wrap_flag = encrypt_flag = mic_flag = 1;
+ v1_format = 0;
+
+ /* Parse arguments. */
+ argc--;
+ argv++;
+ while (argc) {
+ if (strcmp(*argv, "-port") == 0) {
+ argc--;
+ argv++;
+ if (!argc)
+ usage();
+ port = atoi(*argv);
+ } else if (strcmp(*argv, "-mech") == 0) {
+ argc--;
+ argv++;
+ if (!argc)
+ usage();
+ mechanism = *argv;
+ }
#ifdef _WIN32
- else if (strcmp(*argv, "-threads") == 0) {
- argc--; argv++;
- if (!argc) usage();
- max_threads = atoi(*argv);
- }
+ else if (strcmp(*argv, "-threads") == 0) {
+ argc--;
+ argv++;
+ if (!argc)
+ usage();
+ max_threads = atoi(*argv);
+ }
#endif
- else if (strcmp(*argv, "-d") == 0) {
- gss_flags |= GSS_C_DELEG_FLAG;
- } else if (strcmp(*argv, "-seq") == 0) {
- gss_flags |= GSS_C_SEQUENCE_FLAG;
- } else if (strcmp(*argv, "-noreplay") == 0) {
- gss_flags &= ~GSS_C_REPLAY_FLAG;
- } else if (strcmp(*argv, "-nomutual") == 0) {
- gss_flags &= ~GSS_C_MUTUAL_FLAG;
- } else if (strcmp(*argv, "-f") == 0) {
- use_file = 1;
- } else if (strcmp(*argv, "-q") == 0) {
- verbose = 0;
- } else if (strcmp(*argv, "-ccount") == 0) {
- argc--; argv++;
- if (!argc) usage();
+ else if (strcmp(*argv, "-d") == 0) {
+ gss_flags |= GSS_C_DELEG_FLAG;
+ } else if (strcmp(*argv, "-seq") == 0) {
+ gss_flags |= GSS_C_SEQUENCE_FLAG;
+ } else if (strcmp(*argv, "-noreplay") == 0) {
+ gss_flags &= ~GSS_C_REPLAY_FLAG;
+ } else if (strcmp(*argv, "-nomutual") == 0) {
+ gss_flags &= ~GSS_C_MUTUAL_FLAG;
+ } else if (strcmp(*argv, "-f") == 0) {
+ use_file = 1;
+ } else if (strcmp(*argv, "-q") == 0) {
+ verbose = 0;
+ } else if (strcmp(*argv, "-ccount") == 0) {
+ argc--;
+ argv++;
+ if (!argc)
+ usage();
ccount = atoi(*argv);
- if (ccount <= 0) usage();
- } else if (strcmp(*argv, "-mcount") == 0) {
- argc--; argv++;
- if (!argc) usage();
+ if (ccount <= 0)
+ usage();
+ } else if (strcmp(*argv, "-mcount") == 0) {
+ argc--;
+ argv++;
+ if (!argc)
+ usage();
mcount = atoi(*argv);
- if (mcount < 0) usage();
- } else if (strcmp(*argv, "-na") == 0) {
+ if (mcount < 0)
+ usage();
+ } else if (strcmp(*argv, "-na") == 0) {
auth_flag = wrap_flag = encrypt_flag = mic_flag = 0;
- } else if (strcmp(*argv, "-nw") == 0) {
+ } else if (strcmp(*argv, "-nw") == 0) {
wrap_flag = 0;
- } else if (strcmp(*argv, "-nx") == 0) {
+ } else if (strcmp(*argv, "-nx") == 0) {
encrypt_flag = 0;
- } else if (strcmp(*argv, "-nm") == 0) {
+ } else if (strcmp(*argv, "-nm") == 0) {
mic_flag = 0;
- } else if (strcmp(*argv, "-v1") == 0) {
+ } else if (strcmp(*argv, "-v1") == 0) {
v1_format = 1;
- } else
+ } else
break;
- argc--; argv++;
- }
- if (argc != 3)
- usage();
+ argc--;
+ argv++;
+ }
+ if (argc != 3)
+ usage();
#ifdef _WIN32
- if (max_threads < 1) {
- fprintf(stderr, "warning: there must be at least one thread\n");
- max_threads = 1;
- }
+ if (max_threads < 1) {
+ fprintf(stderr, "warning: there must be at least one thread\n");
+ max_threads = 1;
+ }
#endif
- server_host = *argv++;
- service_name = *argv++;
- msg = *argv++;
+ server_host = *argv++;
+ service_name = *argv++;
+ msg = *argv++;
- if (mechanism)
- parse_oid(mechanism, &oid);
+ if (mechanism)
+ parse_oid(mechanism, &oid);
- if (max_threads == 1) {
- for (i = 0; i < ccount; i++) {
- worker_bee(0);
- }
- } else {
+ if (max_threads == 1) {
+ for (i = 0; i < ccount; i++) {
+ worker_bee(0);
+ }
+ } else {
#ifdef _WIN32
- for (i = 0; i < ccount; i++) {
- if ( WaitAndIncrementThreadCounter() ) {
- uintptr_t handle = _beginthread(worker_bee, 0, (void *)0);
- if (handle == (uintptr_t)-1) {
- exit(1);
- }
- } else {
+ for (i = 0; i < ccount; i++) {
+ if (WaitAndIncrementThreadCounter()) {
+ uintptr_t handle = _beginthread(worker_bee, 0, (void *) 0);
+ if (handle == (uintptr_t) - 1) {
exit(1);
- }
- }
+ }
+ } else {
+ exit(1);
+ }
+ }
#else
- /* boom */
- assert(max_threads == 1);
+ /* boom */
+ assert(max_threads == 1);
#endif
- }
+ }
+
+ if (oid != GSS_C_NULL_OID)
+ (void) gss_release_oid(&min_stat, &oid);
- if (oid != GSS_C_NULL_OID)
- (void) gss_release_oid(&min_stat, &oid);
-
#ifdef _WIN32
- CleanupHandles();
+ CleanupHandles();
#endif
- return 0;
+ return 0;
}
extern char *malloc();
#endif
-FILE *display_file;
+FILE *display_file;
gss_buffer_desc empty_token_buf = { 0, (void *) "" };
gss_buffer_t empty_token = &empty_token_buf;
-static void display_status_1
- (char *m, OM_uint32 code, int type);
+static void display_status_1(char *m, OM_uint32 code, int type);
-static int write_all(int fildes, char *buf, unsigned int nbyte)
+static int
+write_all(int fildes, char *buf, unsigned int nbyte)
{
- int ret;
- char *ptr;
-
- for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) {
- ret = send(fildes, ptr, nbyte, 0);
- if (ret < 0) {
- if (errno == EINTR)
- continue;
- return(ret);
- } else if (ret == 0) {
- return(ptr-buf);
- }
- }
-
- return(ptr-buf);
+ int ret;
+ char *ptr;
+
+ for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) {
+ ret = send(fildes, ptr, nbyte, 0);
+ if (ret < 0) {
+ if (errno == EINTR)
+ continue;
+ return (ret);
+ } else if (ret == 0) {
+ return (ptr - buf);
+ }
+ }
+
+ return (ptr - buf);
}
-static int read_all(int fildes, char *buf, unsigned int nbyte)
+static int
+read_all(int fildes, char *buf, unsigned int nbyte)
{
- int ret;
- char *ptr;
- fd_set rfds;
+ int ret;
+ char *ptr;
+ fd_set rfds;
struct timeval tv;
FD_ZERO(&rfds);
for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) {
if (select(FD_SETSIZE, &rfds, NULL, NULL, &tv) <= 0
|| !FD_ISSET(fildes, &rfds))
- return(ptr-buf);
+ return (ptr - buf);
ret = recv(fildes, ptr, nbyte, 0);
if (ret < 0) {
if (errno == EINTR)
continue;
- return(ret);
+ return (ret);
} else if (ret == 0) {
- return(ptr-buf);
+ return (ptr - buf);
}
}
- return(ptr-buf);
+ return (ptr - buf);
}
/*
* written to the file descriptor s. It returns 0 on success, and -1
* if an error occurs or if it could not write all the data.
*/
-int send_token(s, flags, tok)
- int s;
- int flags;
- gss_buffer_t tok;
+int
+send_token(s, flags, tok)
+ int s;
+ int flags;
+ gss_buffer_t tok;
{
- int ret;
- unsigned char char_flags = (unsigned char) flags;
- unsigned char lenbuf[4];
-
- if (char_flags) {
- ret = write_all(s, (char *)&char_flags, 1);
- if (ret != 1) {
- perror("sending token flags");
- return -1;
- }
- }
- if (tok->length > 0xffffffffUL)
- abort();
- lenbuf[0] = (tok->length >> 24) & 0xff;
- lenbuf[1] = (tok->length >> 16) & 0xff;
- lenbuf[2] = (tok->length >> 8) & 0xff;
- lenbuf[3] = tok->length & 0xff;
-
- ret = write_all(s, lenbuf, 4);
- if (ret < 0) {
- perror("sending token length");
- return -1;
- } else if (ret != 4) {
- if (display_file)
- fprintf(display_file,
- "sending token length: %d of %d bytes written\n",
- ret, 4);
- return -1;
- }
-
- ret = write_all(s, tok->value, tok->length);
- if (ret < 0) {
- perror("sending token data");
- return -1;
- } else if (ret != tok->length) {
- if (display_file)
- fprintf(display_file,
- "sending token data: %d of %d bytes written\n",
- ret, (int) tok->length);
- return -1;
- }
-
- return 0;
+ int ret;
+ unsigned char char_flags = (unsigned char) flags;
+ unsigned char lenbuf[4];
+
+ if (char_flags) {
+ ret = write_all(s, (char *) &char_flags, 1);
+ if (ret != 1) {
+ perror("sending token flags");
+ return -1;
+ }
+ }
+ if (tok->length > 0xffffffffUL)
+ abort();
+ lenbuf[0] = (tok->length >> 24) & 0xff;
+ lenbuf[1] = (tok->length >> 16) & 0xff;
+ lenbuf[2] = (tok->length >> 8) & 0xff;
+ lenbuf[3] = tok->length & 0xff;
+
+ ret = write_all(s, lenbuf, 4);
+ if (ret < 0) {
+ perror("sending token length");
+ return -1;
+ } else if (ret != 4) {
+ if (display_file)
+ fprintf(display_file,
+ "sending token length: %d of %d bytes written\n", ret, 4);
+ return -1;
+ }
+
+ ret = write_all(s, tok->value, tok->length);
+ if (ret < 0) {
+ perror("sending token data");
+ return -1;
+ } else if (ret != tok->length) {
+ if (display_file)
+ fprintf(display_file,
+ "sending token data: %d of %d bytes written\n",
+ ret, (int) tok->length);
+ return -1;
+ }
+
+ return 0;
}
/*
* should be freed with gss_release_buffer. It returns 0 on success,
* and -1 if an error occurs or if it could not read all the data.
*/
-int recv_token(s, flags, tok)
- int s;
- int *flags;
- gss_buffer_t tok;
+int
+recv_token(s, flags, tok)
+ int s;
+ int *flags;
+ gss_buffer_t tok;
{
- int ret;
- unsigned char char_flags;
- unsigned char lenbuf[4];
-
- ret = read_all(s, (char *) &char_flags, 1);
- if (ret < 0) {
- perror("reading token flags");
- return -1;
- } else if (! ret) {
- if (display_file)
- fputs("reading token flags: 0 bytes read\n", display_file);
- return -1;
- } else {
- *flags = (int) char_flags;
- }
-
- if (char_flags == 0 ) {
- lenbuf[0] = 0;
- ret = read_all(s, &lenbuf[1], 3);
- if (ret < 0) {
- perror("reading token length");
- return -1;
- } else if (ret != 3) {
- if (display_file)
- fprintf(display_file,
- "reading token length: %d of %d bytes read\n",
- ret, 3);
- return -1;
- }
- }
- else {
- ret = read_all(s, lenbuf, 4);
- if (ret < 0) {
- perror("reading token length");
- return -1;
- } else if (ret != 4) {
- if (display_file)
- fprintf(display_file,
- "reading token length: %d of %d bytes read\n",
- ret, 4);
- return -1;
- }
- }
-
- tok->length = ((lenbuf[0] << 24)
- | (lenbuf[1] << 16)
- | (lenbuf[2] << 8)
- | lenbuf[3]);
- tok->value = (char *) malloc(tok->length ? tok->length : 1);
- if (tok->length && tok->value == NULL) {
- if (display_file)
- fprintf(display_file,
- "Out of memory allocating token data\n");
- return -1;
- }
-
- ret = read_all(s, (char *) tok->value, tok->length);
- if (ret < 0) {
- perror("reading token data");
- free(tok->value);
- return -1;
- } else if (ret != tok->length) {
- fprintf(stderr, "sending token data: %d of %d bytes written\n",
- ret, (int) tok->length);
- free(tok->value);
- return -1;
- }
-
- return 0;
+ int ret;
+ unsigned char char_flags;
+ unsigned char lenbuf[4];
+
+ ret = read_all(s, (char *) &char_flags, 1);
+ if (ret < 0) {
+ perror("reading token flags");
+ return -1;
+ } else if (!ret) {
+ if (display_file)
+ fputs("reading token flags: 0 bytes read\n", display_file);
+ return -1;
+ } else {
+ *flags = (int) char_flags;
+ }
+
+ if (char_flags == 0) {
+ lenbuf[0] = 0;
+ ret = read_all(s, &lenbuf[1], 3);
+ if (ret < 0) {
+ perror("reading token length");
+ return -1;
+ } else if (ret != 3) {
+ if (display_file)
+ fprintf(display_file,
+ "reading token length: %d of %d bytes read\n", ret, 3);
+ return -1;
+ }
+ } else {
+ ret = read_all(s, lenbuf, 4);
+ if (ret < 0) {
+ perror("reading token length");
+ return -1;
+ } else if (ret != 4) {
+ if (display_file)
+ fprintf(display_file,
+ "reading token length: %d of %d bytes read\n", ret, 4);
+ return -1;
+ }
+ }
+
+ tok->length = ((lenbuf[0] << 24)
+ | (lenbuf[1] << 16)
+ | (lenbuf[2] << 8)
+ | lenbuf[3]);
+ tok->value = (char *) malloc(tok->length ? tok->length : 1);
+ if (tok->length && tok->value == NULL) {
+ if (display_file)
+ fprintf(display_file, "Out of memory allocating token data\n");
+ return -1;
+ }
+
+ ret = read_all(s, (char *) tok->value, tok->length);
+ if (ret < 0) {
+ perror("reading token data");
+ free(tok->value);
+ return -1;
+ } else if (ret != tok->length) {
+ fprintf(stderr, "sending token data: %d of %d bytes written\n",
+ ret, (int) tok->length);
+ free(tok->value);
+ return -1;
+ }
+
+ return 0;
}
-static void display_status_1(m, code, type)
- char *m;
- OM_uint32 code;
- int type;
+static void
+display_status_1(m, code, type)
+ char *m;
+ OM_uint32 code;
+ int type;
{
- OM_uint32 maj_stat, min_stat;
- gss_buffer_desc msg;
- OM_uint32 msg_ctx;
-
- msg_ctx = 0;
- while (1) {
- maj_stat = gss_display_status(&min_stat, code,
- type, GSS_C_NULL_OID,
- &msg_ctx, &msg);
- if (display_file)
- fprintf(display_file, "GSS-API error %s: %s\n", m,
- (char *)msg.value);
- (void) gss_release_buffer(&min_stat, &msg);
-
- if (!msg_ctx)
- break;
- }
+ OM_uint32 maj_stat, min_stat;
+ gss_buffer_desc msg;
+ OM_uint32 msg_ctx;
+
+ msg_ctx = 0;
+ while (1) {
+ maj_stat = gss_display_status(&min_stat, code,
+ type, GSS_C_NULL_OID, &msg_ctx, &msg);
+ if (display_file)
+ fprintf(display_file, "GSS-API error %s: %s\n", m,
+ (char *) msg.value);
+ (void) gss_release_buffer(&min_stat, &msg);
+
+ if (!msg_ctx)
+ break;
+ }
}
/*
* displayed on stderr, each preceeded by "GSS-API error <msg>: " and
* followed by a newline.
*/
-void display_status(msg, maj_stat, min_stat)
- char *msg;
- OM_uint32 maj_stat;
- OM_uint32 min_stat;
+void
+display_status(msg, maj_stat, min_stat)
+ char *msg;
+ OM_uint32 maj_stat;
+ OM_uint32 min_stat;
{
- display_status_1(msg, maj_stat, GSS_C_GSS_CODE);
- display_status_1(msg, min_stat, GSS_C_MECH_CODE);
+ display_status_1(msg, maj_stat, GSS_C_GSS_CODE);
+ display_status_1(msg, min_stat, GSS_C_MECH_CODE);
}
/*
* stdout, preceded by "context flag: " and followed by a newline
*/
-void display_ctx_flags(flags)
- OM_uint32 flags;
+void
+display_ctx_flags(flags)
+ OM_uint32 flags;
{
- if (flags & GSS_C_DELEG_FLAG)
- fprintf(display_file, "context flag: GSS_C_DELEG_FLAG\n");
- if (flags & GSS_C_MUTUAL_FLAG)
- fprintf(display_file, "context flag: GSS_C_MUTUAL_FLAG\n");
- if (flags & GSS_C_REPLAY_FLAG)
- fprintf(display_file, "context flag: GSS_C_REPLAY_FLAG\n");
- if (flags & GSS_C_SEQUENCE_FLAG)
- fprintf(display_file, "context flag: GSS_C_SEQUENCE_FLAG\n");
- if (flags & GSS_C_CONF_FLAG )
- fprintf(display_file, "context flag: GSS_C_CONF_FLAG \n");
- if (flags & GSS_C_INTEG_FLAG )
- fprintf(display_file, "context flag: GSS_C_INTEG_FLAG \n");
+ if (flags & GSS_C_DELEG_FLAG)
+ fprintf(display_file, "context flag: GSS_C_DELEG_FLAG\n");
+ if (flags & GSS_C_MUTUAL_FLAG)
+ fprintf(display_file, "context flag: GSS_C_MUTUAL_FLAG\n");
+ if (flags & GSS_C_REPLAY_FLAG)
+ fprintf(display_file, "context flag: GSS_C_REPLAY_FLAG\n");
+ if (flags & GSS_C_SEQUENCE_FLAG)
+ fprintf(display_file, "context flag: GSS_C_SEQUENCE_FLAG\n");
+ if (flags & GSS_C_CONF_FLAG)
+ fprintf(display_file, "context flag: GSS_C_CONF_FLAG \n");
+ if (flags & GSS_C_INTEG_FLAG)
+ fprintf(display_file, "context flag: GSS_C_INTEG_FLAG \n");
}
-void print_token(tok)
- gss_buffer_t tok;
+void
+print_token(tok)
+ gss_buffer_t tok;
{
- int i;
+ int i;
unsigned char *p = tok->value;
if (!display_file)
return;
- for (i=0; i < tok->length; i++, p++) {
+ for (i = 0; i < tok->length; i++, p++) {
fprintf(display_file, "%02x ", *p);
if ((i % 16) == 15) {
fprintf(display_file, "\n");
#include <sys\timeb.h>
#include <time.h>
-int gettimeofday (struct timeval *tv, void *ignore_tz)
+int
+gettimeofday(struct timeval *tv, void *ignore_tz)
{
struct _timeb tb;
_tzset();
#include <strings.h>
#endif
-static void usage()
+static void
+usage()
{
- fprintf(stderr, "Usage: gss-server [-port port] [-verbose] [-once]");
+ fprintf(stderr, "Usage: gss-server [-port port] [-verbose] [-once]");
#ifdef _WIN32
- fprintf(stderr, " [-threads num]");
+ fprintf(stderr, " [-threads num]");
#endif
- fprintf(stderr, "\n");
- fprintf(stderr, " [-inetd] [-export] [-logfile file] service_name\n");
- exit(1);
+ fprintf(stderr, "\n");
+ fprintf(stderr,
+ " [-inetd] [-export] [-logfile file] service_name\n");
+ exit(1);
}
-FILE *log;
+FILE *log;
-int verbose = 0;
+int verbose = 0;
/*
* Function: server_acquire_creds
* fails, an error message is displayed and -1 is returned; otherwise,
* 0 is returned.
*/
-static int server_acquire_creds(service_name, server_creds)
- char *service_name;
- gss_cred_id_t *server_creds;
+static int
+server_acquire_creds(service_name, server_creds)
+ char *service_name;
+ gss_cred_id_t *server_creds;
{
- gss_buffer_desc name_buf;
- gss_name_t server_name;
- OM_uint32 maj_stat, min_stat;
-
- name_buf.value = service_name;
- name_buf.length = strlen(name_buf.value) + 1;
- maj_stat = gss_import_name(&min_stat, &name_buf,
- (gss_OID) gss_nt_service_name, &server_name);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("importing name", maj_stat, min_stat);
- return -1;
- }
-
- maj_stat = gss_acquire_cred(&min_stat, server_name, 0,
- GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
- server_creds, NULL, NULL);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("acquiring credentials", maj_stat, min_stat);
- return -1;
- }
-
- (void) gss_release_name(&min_stat, &server_name);
-
- return 0;
+ gss_buffer_desc name_buf;
+ gss_name_t server_name;
+ OM_uint32 maj_stat, min_stat;
+
+ name_buf.value = service_name;
+ name_buf.length = strlen(name_buf.value) + 1;
+ maj_stat = gss_import_name(&min_stat, &name_buf,
+ (gss_OID) gss_nt_service_name, &server_name);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("importing name", maj_stat, min_stat);
+ return -1;
+ }
+
+ maj_stat = gss_acquire_cred(&min_stat, server_name, 0,
+ GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
+ server_creds, NULL, NULL);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("acquiring credentials", maj_stat, min_stat);
+ return -1;
+ }
+
+ (void) gss_release_name(&min_stat, &server_name);
+
+ return 0;
}
/*
* in client_name and 0 is returned. If unsuccessful, an error
* message is displayed and -1 is returned.
*/
-static int server_establish_context(s, server_creds, context, client_name,
- ret_flags)
- int s;
- gss_cred_id_t server_creds;
- gss_ctx_id_t *context;
- gss_buffer_t client_name;
- OM_uint32 *ret_flags;
+static int
+server_establish_context(s, server_creds, context, client_name, ret_flags)
+ int s;
+ gss_cred_id_t server_creds;
+ gss_ctx_id_t *context;
+ gss_buffer_t client_name;
+ OM_uint32 *ret_flags;
{
- gss_buffer_desc send_tok, recv_tok;
- gss_name_t client;
- gss_OID doid;
- OM_uint32 maj_stat, min_stat, acc_sec_min_stat;
- gss_buffer_desc oid_name;
- int token_flags;
-
- if (recv_token(s, &token_flags, &recv_tok) < 0)
- return -1;
-
- if (recv_tok.value) {
- free (recv_tok.value);
- recv_tok.value = NULL;
- }
-
- if (! (token_flags & TOKEN_NOOP)) {
- if (log)
- fprintf(log, "Expected NOOP token, got %d token instead\n",
- token_flags);
- return -1;
- }
-
- *context = GSS_C_NO_CONTEXT;
-
- if (token_flags & TOKEN_CONTEXT_NEXT) {
- do {
- if (recv_token(s, &token_flags, &recv_tok) < 0)
- return -1;
-
- if (verbose && log) {
- fprintf(log, "Received token (size=%d): \n", (int) recv_tok.length);
- print_token(&recv_tok);
- }
-
- maj_stat =
- gss_accept_sec_context(&acc_sec_min_stat,
- context,
- server_creds,
- &recv_tok,
- GSS_C_NO_CHANNEL_BINDINGS,
- &client,
- &doid,
- &send_tok,
- ret_flags,
- NULL, /* ignore time_rec */
- NULL); /* ignore del_cred_handle */
-
- if(recv_tok.value) {
- free(recv_tok.value);
- recv_tok.value = NULL;
- }
-
- if (send_tok.length != 0) {
- if (verbose && log) {
- fprintf(log,
- "Sending accept_sec_context token (size=%d):\n",
- (int) send_tok.length);
- print_token(&send_tok);
- }
- if (send_token(s, TOKEN_CONTEXT, &send_tok) < 0) {
- if (log)
- fprintf(log, "failure sending token\n");
- return -1;
- }
-
- (void) gss_release_buffer(&min_stat, &send_tok);
- }
- if (maj_stat!=GSS_S_COMPLETE && maj_stat!=GSS_S_CONTINUE_NEEDED) {
- display_status("accepting context", maj_stat,
- acc_sec_min_stat);
- if (*context != GSS_C_NO_CONTEXT)
- gss_delete_sec_context(&min_stat, context,
- GSS_C_NO_BUFFER);
- return -1;
- }
-
- if (verbose && log) {
- if (maj_stat == GSS_S_CONTINUE_NEEDED)
- fprintf(log, "continue needed...\n");
- else
- fprintf(log, "\n");
- fflush(log);
- }
- } while (maj_stat == GSS_S_CONTINUE_NEEDED);
-
- /* display the flags */
- display_ctx_flags(*ret_flags);
-
- if (verbose && log) {
- maj_stat = gss_oid_to_str(&min_stat, doid, &oid_name);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("converting oid->string", maj_stat, min_stat);
- return -1;
- }
- fprintf(log, "Accepted connection using mechanism OID %.*s.\n",
- (int) oid_name.length, (char *) oid_name.value);
- (void) gss_release_buffer(&min_stat, &oid_name);
- }
-
- maj_stat = gss_display_name(&min_stat, client, client_name, &doid);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("displaying name", maj_stat, min_stat);
- return -1;
- }
- maj_stat = gss_release_name(&min_stat, &client);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("releasing name", maj_stat, min_stat);
- return -1;
- }
- }
- else {
- client_name->length = *ret_flags = 0;
-
- if (log)
- fprintf(log, "Accepted unauthenticated connection.\n");
- }
-
- return 0;
+ gss_buffer_desc send_tok, recv_tok;
+ gss_name_t client;
+ gss_OID doid;
+ OM_uint32 maj_stat, min_stat, acc_sec_min_stat;
+ gss_buffer_desc oid_name;
+ int token_flags;
+
+ if (recv_token(s, &token_flags, &recv_tok) < 0)
+ return -1;
+
+ if (recv_tok.value) {
+ free(recv_tok.value);
+ recv_tok.value = NULL;
+ }
+
+ if (!(token_flags & TOKEN_NOOP)) {
+ if (log)
+ fprintf(log, "Expected NOOP token, got %d token instead\n",
+ token_flags);
+ return -1;
+ }
+
+ *context = GSS_C_NO_CONTEXT;
+
+ if (token_flags & TOKEN_CONTEXT_NEXT) {
+ do {
+ if (recv_token(s, &token_flags, &recv_tok) < 0)
+ return -1;
+
+ if (verbose && log) {
+ fprintf(log, "Received token (size=%d): \n",
+ (int) recv_tok.length);
+ print_token(&recv_tok);
+ }
+
+ maj_stat = gss_accept_sec_context(&acc_sec_min_stat, context, server_creds, &recv_tok, GSS_C_NO_CHANNEL_BINDINGS, &client, &doid, &send_tok, ret_flags, NULL, /* ignore time_rec */
+ NULL); /* ignore del_cred_handle */
+
+ if (recv_tok.value) {
+ free(recv_tok.value);
+ recv_tok.value = NULL;
+ }
+
+ if (send_tok.length != 0) {
+ if (verbose && log) {
+ fprintf(log,
+ "Sending accept_sec_context token (size=%d):\n",
+ (int) send_tok.length);
+ print_token(&send_tok);
+ }
+ if (send_token(s, TOKEN_CONTEXT, &send_tok) < 0) {
+ if (log)
+ fprintf(log, "failure sending token\n");
+ return -1;
+ }
+
+ (void) gss_release_buffer(&min_stat, &send_tok);
+ }
+ if (maj_stat != GSS_S_COMPLETE
+ && maj_stat != GSS_S_CONTINUE_NEEDED) {
+ display_status("accepting context", maj_stat,
+ acc_sec_min_stat);
+ if (*context != GSS_C_NO_CONTEXT)
+ gss_delete_sec_context(&min_stat, context,
+ GSS_C_NO_BUFFER);
+ return -1;
+ }
+
+ if (verbose && log) {
+ if (maj_stat == GSS_S_CONTINUE_NEEDED)
+ fprintf(log, "continue needed...\n");
+ else
+ fprintf(log, "\n");
+ fflush(log);
+ }
+ } while (maj_stat == GSS_S_CONTINUE_NEEDED);
+
+ /* display the flags */
+ display_ctx_flags(*ret_flags);
+
+ if (verbose && log) {
+ maj_stat = gss_oid_to_str(&min_stat, doid, &oid_name);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("converting oid->string", maj_stat, min_stat);
+ return -1;
+ }
+ fprintf(log, "Accepted connection using mechanism OID %.*s.\n",
+ (int) oid_name.length, (char *) oid_name.value);
+ (void) gss_release_buffer(&min_stat, &oid_name);
+ }
+
+ maj_stat = gss_display_name(&min_stat, client, client_name, &doid);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("displaying name", maj_stat, min_stat);
+ return -1;
+ }
+ maj_stat = gss_release_name(&min_stat, &client);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("releasing name", maj_stat, min_stat);
+ return -1;
+ }
+ } else {
+ client_name->length = *ret_flags = 0;
+
+ if (log)
+ fprintf(log, "Accepted unauthenticated connection.\n");
+ }
+
+ return 0;
}
/*
* A listening socket on the specified port and created and returned.
* On error, an error message is displayed and -1 is returned.
*/
-static int create_socket(port)
- u_short port;
+static int
+create_socket(port)
+ u_short port;
{
- struct sockaddr_in saddr;
- int s;
- int on = 1;
-
- saddr.sin_family = AF_INET;
- saddr.sin_port = htons(port);
- saddr.sin_addr.s_addr = INADDR_ANY;
-
- if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
- perror("creating socket");
- return -1;
- }
- /* Let the socket be reused right away */
- (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof(on));
- if (bind(s, (struct sockaddr *) &saddr, sizeof(saddr)) < 0) {
- perror("binding socket");
- (void) close(s);
- return -1;
- }
- if (listen(s, 5) < 0) {
- perror("listening on socket");
- (void) close(s);
- return -1;
- }
- return s;
+ struct sockaddr_in saddr;
+ int s;
+ int on = 1;
+
+ saddr.sin_family = AF_INET;
+ saddr.sin_port = htons(port);
+ saddr.sin_addr.s_addr = INADDR_ANY;
+
+ if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+ perror("creating socket");
+ return -1;
+ }
+ /* Let the socket be reused right away */
+ (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *) &on, sizeof(on));
+ if (bind(s, (struct sockaddr *) &saddr, sizeof(saddr)) < 0) {
+ perror("binding socket");
+ (void) close(s);
+ return -1;
+ }
+ if (listen(s, 5) < 0) {
+ perror("listening on socket");
+ (void) close(s);
+ return -1;
+ }
+ return s;
}
-static float timeval_subtract(tv1, tv2)
- struct timeval *tv1, *tv2;
+static float
+timeval_subtract(tv1, tv2)
+ struct timeval *tv1, *tv2;
{
- return ((tv1->tv_sec - tv2->tv_sec) +
- ((float) (tv1->tv_usec - tv2->tv_usec)) / 1000000);
+ return ((tv1->tv_sec - tv2->tv_sec) +
+ ((float) (tv1->tv_usec - tv2->tv_usec)) / 1000000);
}
/*
* DO NOT REMOVE THIS UNTIL A BETTER TEST HAS BEEN WRITTEN, THOUGH.
* -TYT
*/
-static int test_import_export_context(context)
- gss_ctx_id_t *context;
+static int
+test_import_export_context(context)
+ gss_ctx_id_t *context;
{
- OM_uint32 min_stat, maj_stat;
- gss_buffer_desc context_token, copied_token;
- struct timeval tm1, tm2;
-
- /*
- * Attempt to save and then restore the context.
- */
- gettimeofday(&tm1, (struct timezone *)0);
- maj_stat = gss_export_sec_context(&min_stat, context, &context_token);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("exporting context", maj_stat, min_stat);
- return 1;
- }
- gettimeofday(&tm2, (struct timezone *)0);
- if (verbose && log)
- fprintf(log, "Exported context: %d bytes, %7.4f seconds\n",
- (int) context_token.length,
- timeval_subtract(&tm2, &tm1));
- copied_token.length = context_token.length;
- copied_token.value = malloc(context_token.length);
- if (copied_token.value == 0) {
- if (log)
+ OM_uint32 min_stat, maj_stat;
+ gss_buffer_desc context_token, copied_token;
+ struct timeval tm1, tm2;
+
+ /*
+ * Attempt to save and then restore the context.
+ */
+ gettimeofday(&tm1, (struct timezone *) 0);
+ maj_stat = gss_export_sec_context(&min_stat, context, &context_token);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("exporting context", maj_stat, min_stat);
+ return 1;
+ }
+ gettimeofday(&tm2, (struct timezone *) 0);
+ if (verbose && log)
+ fprintf(log, "Exported context: %d bytes, %7.4f seconds\n",
+ (int) context_token.length, timeval_subtract(&tm2, &tm1));
+ copied_token.length = context_token.length;
+ copied_token.value = malloc(context_token.length);
+ if (copied_token.value == 0) {
+ if (log)
fprintf(log, "Couldn't allocate memory to copy context token.\n");
- return 1;
- }
- memcpy(copied_token.value, context_token.value, copied_token.length);
- maj_stat = gss_import_sec_context(&min_stat, &copied_token, context);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("importing context", maj_stat, min_stat);
- return 1;
- }
- free(copied_token.value);
- gettimeofday(&tm1, (struct timezone *)0);
- if (verbose && log)
- fprintf(log, "Importing context: %7.4f seconds\n",
- timeval_subtract(&tm1, &tm2));
- (void) gss_release_buffer(&min_stat, &context_token);
- return 0;
+ return 1;
+ }
+ memcpy(copied_token.value, context_token.value, copied_token.length);
+ maj_stat = gss_import_sec_context(&min_stat, &copied_token, context);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("importing context", maj_stat, min_stat);
+ return 1;
+ }
+ free(copied_token.value);
+ gettimeofday(&tm1, (struct timezone *) 0);
+ if (verbose && log)
+ fprintf(log, "Importing context: %7.4f seconds\n",
+ timeval_subtract(&tm1, &tm2));
+ (void) gss_release_buffer(&min_stat, &context_token);
+ return 0;
}
/*
*
* If any error occurs, -1 is returned.
*/
-static int sign_server(s, server_creds, export)
- int s;
- gss_cred_id_t server_creds;
- int export;
+static int
+sign_server(s, server_creds, export)
+ int s;
+ gss_cred_id_t server_creds;
+ int export;
{
gss_buffer_desc client_name, xmit_buf, msg_buf;
gss_ctx_id_t context;
OM_uint32 maj_stat, min_stat;
- int i, conf_state, ret_flags;
- char *cp;
- int token_flags;
+ int i, conf_state, ret_flags;
+ char *cp;
+ int token_flags;
/* Establish a context with the client */
if (server_establish_context(s, server_creds, &context,
- &client_name, &ret_flags) < 0)
- return(-1);
+ &client_name, &ret_flags) < 0)
+ return (-1);
if (context == GSS_C_NO_CONTEXT) {
- printf("Accepted unauthenticated connection.\n");
- }
- else {
- printf("Accepted connection: \"%.*s\"\n",
- (int) client_name.length, (char *) client_name.value);
- (void) gss_release_buffer(&min_stat, &client_name);
-
- if (export) {
- for (i=0; i < 3; i++)
- if (test_import_export_context(&context))
- return -1;
- }
+ printf("Accepted unauthenticated connection.\n");
+ } else {
+ printf("Accepted connection: \"%.*s\"\n",
+ (int) client_name.length, (char *) client_name.value);
+ (void) gss_release_buffer(&min_stat, &client_name);
+
+ if (export) {
+ for (i = 0; i < 3; i++)
+ if (test_import_export_context(&context))
+ return -1;
+ }
}
do {
- /* Receive the message token */
- if (recv_token(s, &token_flags, &xmit_buf) < 0)
- return(-1);
-
- if (token_flags & TOKEN_NOOP) {
- if (log)
- fprintf(log, "NOOP token\n");
- if(xmit_buf.value) {
- free(xmit_buf.value);
- xmit_buf.value = 0;
- }
- break;
- }
-
- if (verbose && log) {
- fprintf(log, "Message token (flags=%d):\n", token_flags);
- print_token(&xmit_buf);
- }
-
- if ((context == GSS_C_NO_CONTEXT) &&
- ( token_flags & (TOKEN_WRAPPED|TOKEN_ENCRYPTED|TOKEN_SEND_MIC))) {
- if (log)
- fprintf(log,
- "Unauthenticated client requested authenticated services!\n");
- if(xmit_buf.value) {
- free (xmit_buf.value);
- xmit_buf.value = 0;
- }
- return(-1);
- }
-
- if (token_flags & TOKEN_WRAPPED) {
- maj_stat = gss_unwrap(&min_stat, context, &xmit_buf, &msg_buf,
- &conf_state, (gss_qop_t *) NULL);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("unsealing message", maj_stat, min_stat);
- if(xmit_buf.value) {
- free (xmit_buf.value);
- xmit_buf.value = 0;
- }
- return(-1);
- } else if (! conf_state && (token_flags & TOKEN_ENCRYPTED)) {
- fprintf(stderr, "Warning! Message not encrypted.\n");
- }
-
- if(xmit_buf.value) {
- free (xmit_buf.value);
- xmit_buf.value = 0;
- }
- }
- else {
- msg_buf = xmit_buf;
- }
-
- if (log) {
- fprintf(log, "Received message: ");
- cp = msg_buf.value;
- if ((isprint((int) cp[0]) || isspace((int) cp[0])) &&
- (isprint((int) cp[1]) || isspace((int) cp[1]))) {
- fprintf(log, "\"%.*s\"\n", (int) msg_buf.length,
- (char *) msg_buf.value);
- } else {
- fprintf(log, "\n");
- print_token(&msg_buf);
- }
- }
-
- if (token_flags & TOKEN_SEND_MIC) {
- /* Produce a signature block for the message */
- maj_stat = gss_get_mic(&min_stat, context, GSS_C_QOP_DEFAULT,
- &msg_buf, &xmit_buf);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("signing message", maj_stat, min_stat);
- return(-1);
- }
-
- if(msg_buf.value) {
- free (msg_buf.value);
- msg_buf.value = 0;
- }
-
- /* Send the signature block to the client */
- if (send_token(s, TOKEN_MIC, &xmit_buf) < 0)
- return(-1);
-
- if(xmit_buf.value) {
- free (xmit_buf.value);
- xmit_buf.value = 0;
- }
- }
- else {
- if(msg_buf.value) {
- free (msg_buf.value);
- msg_buf.value = 0;
- }
- if (send_token(s, TOKEN_NOOP, empty_token) < 0)
- return(-1);
- }
- } while (1 /* loop will break if NOOP received */);
+ /* Receive the message token */
+ if (recv_token(s, &token_flags, &xmit_buf) < 0)
+ return (-1);
+
+ if (token_flags & TOKEN_NOOP) {
+ if (log)
+ fprintf(log, "NOOP token\n");
+ if (xmit_buf.value) {
+ free(xmit_buf.value);
+ xmit_buf.value = 0;
+ }
+ break;
+ }
+
+ if (verbose && log) {
+ fprintf(log, "Message token (flags=%d):\n", token_flags);
+ print_token(&xmit_buf);
+ }
+
+ if ((context == GSS_C_NO_CONTEXT) &&
+ (token_flags & (TOKEN_WRAPPED | TOKEN_ENCRYPTED | TOKEN_SEND_MIC)))
+ {
+ if (log)
+ fprintf(log,
+ "Unauthenticated client requested authenticated services!\n");
+ if (xmit_buf.value) {
+ free(xmit_buf.value);
+ xmit_buf.value = 0;
+ }
+ return (-1);
+ }
+
+ if (token_flags & TOKEN_WRAPPED) {
+ maj_stat = gss_unwrap(&min_stat, context, &xmit_buf, &msg_buf,
+ &conf_state, (gss_qop_t *) NULL);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("unsealing message", maj_stat, min_stat);
+ if (xmit_buf.value) {
+ free(xmit_buf.value);
+ xmit_buf.value = 0;
+ }
+ return (-1);
+ } else if (!conf_state && (token_flags & TOKEN_ENCRYPTED)) {
+ fprintf(stderr, "Warning! Message not encrypted.\n");
+ }
+
+ if (xmit_buf.value) {
+ free(xmit_buf.value);
+ xmit_buf.value = 0;
+ }
+ } else {
+ msg_buf = xmit_buf;
+ }
+
+ if (log) {
+ fprintf(log, "Received message: ");
+ cp = msg_buf.value;
+ if ((isprint((int) cp[0]) || isspace((int) cp[0])) &&
+ (isprint((int) cp[1]) || isspace((int) cp[1]))) {
+ fprintf(log, "\"%.*s\"\n", (int) msg_buf.length,
+ (char *) msg_buf.value);
+ } else {
+ fprintf(log, "\n");
+ print_token(&msg_buf);
+ }
+ }
+
+ if (token_flags & TOKEN_SEND_MIC) {
+ /* Produce a signature block for the message */
+ maj_stat = gss_get_mic(&min_stat, context, GSS_C_QOP_DEFAULT,
+ &msg_buf, &xmit_buf);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("signing message", maj_stat, min_stat);
+ return (-1);
+ }
+
+ if (msg_buf.value) {
+ free(msg_buf.value);
+ msg_buf.value = 0;
+ }
+
+ /* Send the signature block to the client */
+ if (send_token(s, TOKEN_MIC, &xmit_buf) < 0)
+ return (-1);
+
+ if (xmit_buf.value) {
+ free(xmit_buf.value);
+ xmit_buf.value = 0;
+ }
+ } else {
+ if (msg_buf.value) {
+ free(msg_buf.value);
+ msg_buf.value = 0;
+ }
+ if (send_token(s, TOKEN_NOOP, empty_token) < 0)
+ return (-1);
+ }
+ } while (1 /* loop will break if NOOP received */ );
if (context != GSS_C_NO_CONTEXT) {
- /* Delete context */
- maj_stat = gss_delete_sec_context(&min_stat, &context, NULL);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("deleting context", maj_stat, min_stat);
- return(-1);
- }
+ /* Delete context */
+ maj_stat = gss_delete_sec_context(&min_stat, &context, NULL);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("deleting context", maj_stat, min_stat);
+ return (-1);
+ }
}
if (log)
- fflush(log);
+ fflush(log);
- return(0);
+ return (0);
}
static int max_threads = 1;
#ifdef _WIN32
-static thread_count = 0;
+static thread_count = 0;
static HANDLE hMutex = NULL;
static HANDLE hEvent = NULL;
WaitAndIncrementThreadCounter(void)
{
for (;;) {
- if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) {
- if ( thread_count < max_threads ) {
- thread_count++;
- ReleaseMutex(hMutex);
- return TRUE;
- } else {
- ReleaseMutex(hMutex);
-
- if (WaitForSingleObject(hEvent, INFINITE) == WAIT_OBJECT_0) {
- continue;
- } else {
- return FALSE;
- }
- }
- } else {
- return FALSE;
- }
+ if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) {
+ if (thread_count < max_threads) {
+ thread_count++;
+ ReleaseMutex(hMutex);
+ return TRUE;
+ } else {
+ ReleaseMutex(hMutex);
+
+ if (WaitForSingleObject(hEvent, INFINITE) == WAIT_OBJECT_0) {
+ continue;
+ } else {
+ return FALSE;
+ }
+ }
+ } else {
+ return FALSE;
+ }
}
}
DecrementAndSignalThreadCounter(void)
{
if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) {
- if ( thread_count == max_threads )
- ResetEvent(hEvent);
- thread_count--;
- ReleaseMutex(hMutex);
- return TRUE;
+ if (thread_count == max_threads)
+ ResetEvent(hEvent);
+ thread_count--;
+ ReleaseMutex(hMutex);
+ return TRUE;
} else {
- return FALSE;
+ return FALSE;
}
}
#endif
-struct _work_plan {
- int s;
- gss_cred_id_t server_creds;
- int export;
+struct _work_plan
+{
+ int s;
+ gss_cred_id_t server_creds;
+ int export;
};
-void
-worker_bee(void * param)
+void
+worker_bee(void *param)
{
struct _work_plan *work = (struct _work_plan *) param;
free(work);
#ifdef _WIN32
- if ( max_threads > 1 )
- DecrementAndSignalThreadCounter();
+ if (max_threads > 1)
+ DecrementAndSignalThreadCounter();
#endif
}
int
main(argc, argv)
- int argc;
- char **argv;
+ int argc;
+ char **argv;
{
- char *service_name;
- gss_cred_id_t server_creds;
- OM_uint32 min_stat;
- u_short port = 4444;
- int once = 0;
- int do_inetd = 0;
- int export = 0;
-
- log = stdout;
- display_file = stdout;
- argc--; argv++;
- while (argc) {
- if (strcmp(*argv, "-port") == 0) {
- argc--; argv++;
- if (!argc) usage();
- port = atoi(*argv);
- }
+ char *service_name;
+ gss_cred_id_t server_creds;
+ OM_uint32 min_stat;
+ u_short port = 4444;
+ int once = 0;
+ int do_inetd = 0;
+ int export = 0;
+
+ log = stdout;
+ display_file = stdout;
+ argc--;
+ argv++;
+ while (argc) {
+ if (strcmp(*argv, "-port") == 0) {
+ argc--;
+ argv++;
+ if (!argc)
+ usage();
+ port = atoi(*argv);
+ }
#ifdef _WIN32
- else if (strcmp(*argv, "-threads") == 0) {
- argc--; argv++;
- if (!argc) usage();
- max_threads = atoi(*argv);
- }
+ else if (strcmp(*argv, "-threads") == 0) {
+ argc--;
+ argv++;
+ if (!argc)
+ usage();
+ max_threads = atoi(*argv);
+ }
#endif
- else if (strcmp(*argv, "-verbose") == 0) {
- verbose = 1;
- } else if (strcmp(*argv, "-once") == 0) {
- once = 1;
- } else if (strcmp(*argv, "-inetd") == 0) {
- do_inetd = 1;
- } else if (strcmp(*argv, "-export") == 0) {
- export = 1;
- } else if (strcmp(*argv, "-logfile") == 0) {
- argc--; argv++;
- if (!argc) usage();
- /* Gross hack, but it makes it unnecessary to add an
- extra argument to disable logging, and makes the code
- more efficient because it doesn't actually write data
- to /dev/null. */
- if (! strcmp(*argv, "/dev/null")) {
+ else if (strcmp(*argv, "-verbose") == 0) {
+ verbose = 1;
+ } else if (strcmp(*argv, "-once") == 0) {
+ once = 1;
+ } else if (strcmp(*argv, "-inetd") == 0) {
+ do_inetd = 1;
+ } else if (strcmp(*argv, "-export") == 0) {
+ export = 1;
+ } else if (strcmp(*argv, "-logfile") == 0) {
+ argc--;
+ argv++;
+ if (!argc)
+ usage();
+ /* Gross hack, but it makes it unnecessary to add an
+ * extra argument to disable logging, and makes the code
+ * more efficient because it doesn't actually write data
+ * to /dev/null. */
+ if (!strcmp(*argv, "/dev/null")) {
log = display_file = NULL;
- }
- else {
+ } else {
log = fopen(*argv, "a");
display_file = log;
if (!log) {
- perror(*argv);
- exit(1);
+ perror(*argv);
+ exit(1);
}
- }
- } else
- break;
- argc--; argv++;
- }
- if (argc != 1)
- usage();
+ }
+ } else
+ break;
+ argc--;
+ argv++;
+ }
+ if (argc != 1)
+ usage();
- if ((*argv)[0] == '-')
- usage();
+ if ((*argv)[0] == '-')
+ usage();
#ifdef _WIN32
if (max_threads < 1) {
- fprintf(stderr, "warning: there must be at least one thread\n");
- max_threads = 1;
+ fprintf(stderr, "warning: there must be at least one thread\n");
+ max_threads = 1;
}
if (max_threads > 1 && do_inetd)
- fprintf(stderr, "warning: one thread may be used in conjunction with inetd\n");
+ fprintf(stderr,
+ "warning: one thread may be used in conjunction with inetd\n");
InitHandles();
#endif
- service_name = *argv;
-
- if (server_acquire_creds(service_name, &server_creds) < 0)
- return -1;
-
- if (do_inetd) {
- close(1);
- close(2);
-
- sign_server(0, server_creds, export);
- close(0);
- } else {
- int stmp;
-
- if ((stmp = create_socket(port)) >= 0) {
- if (listen(stmp, max_threads == 1 ? 0 : max_threads) < 0)
- perror("listening on socket");
-
- do {
- struct _work_plan * work = malloc(sizeof(struct _work_plan));
-
- if ( work == NULL ) {
- fprintf(stderr, "fatal error: out of memory");
- break;
- }
-
- /* Accept a TCP connection */
- if ((work->s = accept(stmp, NULL, 0)) < 0) {
- perror("accepting connection");
- continue;
- }
-
- work->server_creds = server_creds;
- work->export = export;
-
- if (max_threads == 1) {
- worker_bee((void *)work);
- }
+ service_name = *argv;
+
+ if (server_acquire_creds(service_name, &server_creds) < 0)
+ return -1;
+
+ if (do_inetd) {
+ close(1);
+ close(2);
+
+ sign_server(0, server_creds, export);
+ close(0);
+ } else {
+ int stmp;
+
+ if ((stmp = create_socket(port)) >= 0) {
+ if (listen(stmp, max_threads == 1 ? 0 : max_threads) < 0)
+ perror("listening on socket");
+
+ do {
+ struct _work_plan *work = malloc(sizeof(struct _work_plan));
+
+ if (work == NULL) {
+ fprintf(stderr, "fatal error: out of memory");
+ break;
+ }
+
+ /* Accept a TCP connection */
+ if ((work->s = accept(stmp, NULL, 0)) < 0) {
+ perror("accepting connection");
+ continue;
+ }
+
+ work->server_creds = server_creds;
+ work->export = export;
+
+ if (max_threads == 1) {
+ worker_bee((void *) work);
+ }
#ifdef _WIN32
- else {
- if ( WaitAndIncrementThreadCounter() ) {
- uintptr_t handle = _beginthread(worker_bee, 0, (void *)work);
- if (handle == (uintptr_t)-1) {
- closesocket(work->s);
- free(work);
- }
- } else {
- fprintf(stderr, "fatal error incrementing thread counter");
- closesocket(work->s);
- free(work);
- break;
- }
- }
+ else {
+ if (WaitAndIncrementThreadCounter()) {
+ uintptr_t handle =
+ _beginthread(worker_bee, 0, (void *) work);
+ if (handle == (uintptr_t) - 1) {
+ closesocket(work->s);
+ free(work);
+ }
+ } else {
+ fprintf(stderr,
+ "fatal error incrementing thread counter");
+ closesocket(work->s);
+ free(work);
+ break;
+ }
+ }
#endif
- } while (!once);
-
- closesocket(stmp);
- }
- }
+ } while (!once);
+
+ closesocket(stmp);
+ }
+ }
- (void) gss_release_cred(&min_stat, &server_creds);
+ (void) gss_release_cred(&min_stat, &server_creds);
#ifdef _WIN32
CleanupHandles();
#endif
- return 0;
+ return 0;
}
projects / krb5.git / commitdiff