PYTHON = python
INDENTDIRS = \
+ appl \
clients \
include \
kadmin \
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1994 by OpenVision Technologies, Inc.
*
*
* Arguments:
*
- * host (r) the target host name
- * port (r) the target port, in host byte order
+ * host (r) the target host name
+ * port (r) the target port, in host byte order
*
* Returns: the established socket file desciptor, or -1 on failure
*
* displayed and -1 is returned.
*/
static int
-connect_to_server(host, port)
- char *host;
- u_short port;
+connect_to_server(char *host, u_short port)
{
struct sockaddr_in saddr;
struct hostent *hp;
int s;
if ((hp = gethostbyname(host)) == NULL) {
- fprintf(stderr, "Unknown host: %s\n", host);
- return -1;
+ fprintf(stderr, "Unknown host: %s\n", host);
+ return -1;
}
saddr.sin_family = hp->h_addrtype;
saddr.sin_port = htons(port);
if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
- perror("creating socket");
- return -1;
+ perror("creating socket");
+ return -1;
}
if (connect(s, (struct sockaddr *) &saddr, sizeof(saddr)) < 0) {
- perror("connecting to server");
- (void) close(s);
- return -1;
+ perror("connecting to server");
+ (void) close(s);
+ return -1;
}
return s;
}
*
* Arguments:
*
- * s (r) an established TCP connection to the service
- * service_name(r) the ASCII service name of the service
- * gss_flags (r) GSS-API delegation flag (if any)
- * auth_flag (r) whether to actually do authentication
+ * s (r) an established TCP connection to the service
+ * service_name(r) the ASCII service name of the service
+ * gss_flags (r) GSS-API delegation flag (if any)
+ * auth_flag (r) whether to actually do authentication
* v1_format (r) whether the v1 sample protocol should be used
- * oid (r) OID of the mechanism to use
- * context (w) the established GSS-API context
- * ret_flags (w) the returned flags from init_sec_context
+ * oid (r) OID of the mechanism to use
+ * context (w) the established GSS-API context
+ * ret_flags (w) the returned flags from init_sec_context
*
* Returns: 0 on success, -1 on failure
*
* and -1 is returned.
*/
static int
-client_establish_context(s, service_name, gss_flags, auth_flag,
- v1_format, oid, gss_context, ret_flags)
- int s;
- char *service_name;
- gss_OID oid;
- OM_uint32 gss_flags;
- int auth_flag;
- int v1_format;
- gss_ctx_id_t *gss_context;
- OM_uint32 *ret_flags;
+client_establish_context(int s, char *service_name, OM_uint32 gss_flags,
+ int auth_flag, int v1_format, gss_OID oid,
+ gss_ctx_id_t *gss_context, OM_uint32 *ret_flags)
{
if (auth_flag) {
- gss_buffer_desc send_tok, recv_tok, *token_ptr;
- gss_name_t target_name;
- OM_uint32 maj_stat, min_stat, init_sec_min_stat;
- int token_flags;
-
- /*
- * Import the name into target_name. Use send_tok to save
- * local variable space.
- */
- send_tok.value = service_name;
- send_tok.length = strlen(service_name);
- maj_stat = gss_import_name(&min_stat, &send_tok,
- (gss_OID) gss_nt_service_name,
- &target_name);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("parsing name", maj_stat, min_stat);
- return -1;
- }
-
- if (!v1_format) {
- if (send_token(s, TOKEN_NOOP | TOKEN_CONTEXT_NEXT, empty_token) <
- 0) {
- (void) gss_release_name(&min_stat, &target_name);
- return -1;
- }
- }
-
- /*
- * Perform the context-establishement loop.
- *
- * On each pass through the loop, token_ptr points to the token
- * to send to the server (or GSS_C_NO_BUFFER on the first pass).
- * Every generated token is stored in send_tok which is then
- * transmitted to the server; every received token is stored in
- * recv_tok, which token_ptr is then set to, to be processed by
- * the next call to gss_init_sec_context.
- *
- * GSS-API guarantees that send_tok's length will be non-zero
- * if and only if the server is expecting another token from us,
- * and that gss_init_sec_context returns GSS_S_CONTINUE_NEEDED if
- * and only if the server has another token to send us.
- */
-
- token_ptr = GSS_C_NO_BUFFER;
- *gss_context = GSS_C_NO_CONTEXT;
-
- do {
- maj_stat = gss_init_sec_context(&init_sec_min_stat, GSS_C_NO_CREDENTIAL, gss_context, target_name, oid, gss_flags, 0, NULL, /* no channel bindings */
- token_ptr, NULL, /* ignore mech type */
- &send_tok, ret_flags, NULL); /* ignore time_rec */
-
- if (token_ptr != GSS_C_NO_BUFFER)
- free(recv_tok.value);
-
- if (send_tok.length != 0) {
- if (verbose)
- printf("Sending init_sec_context token (size=%d)...",
- (int) send_tok.length);
- if (send_token(s, v1_format ? 0 : TOKEN_CONTEXT, &send_tok) <
- 0) {
- (void) gss_release_buffer(&min_stat, &send_tok);
- (void) gss_release_name(&min_stat, &target_name);
- return -1;
- }
- }
- (void) gss_release_buffer(&min_stat, &send_tok);
-
- if (maj_stat != GSS_S_COMPLETE
- && maj_stat != GSS_S_CONTINUE_NEEDED) {
- display_status("initializing context", maj_stat,
- init_sec_min_stat);
- (void) gss_release_name(&min_stat, &target_name);
- if (*gss_context != GSS_C_NO_CONTEXT)
- gss_delete_sec_context(&min_stat, gss_context,
- GSS_C_NO_BUFFER);
- return -1;
- }
-
- if (maj_stat == GSS_S_CONTINUE_NEEDED) {
- if (verbose)
- printf("continue needed...");
- if (recv_token(s, &token_flags, &recv_tok) < 0) {
- (void) gss_release_name(&min_stat, &target_name);
- return -1;
- }
- token_ptr = &recv_tok;
- }
- if (verbose)
- printf("\n");
- } while (maj_stat == GSS_S_CONTINUE_NEEDED);
-
- (void) gss_release_name(&min_stat, &target_name);
+ gss_buffer_desc send_tok, recv_tok, *token_ptr;
+ gss_name_t target_name;
+ OM_uint32 maj_stat, min_stat, init_sec_min_stat;
+ int token_flags;
+
+ /*
+ * Import the name into target_name. Use send_tok to save
+ * local variable space.
+ */
+ send_tok.value = service_name;
+ send_tok.length = strlen(service_name);
+ maj_stat = gss_import_name(&min_stat, &send_tok,
+ (gss_OID) gss_nt_service_name,
+ &target_name);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("parsing name", maj_stat, min_stat);
+ return -1;
+ }
+
+ if (!v1_format) {
+ if (send_token(s, TOKEN_NOOP | TOKEN_CONTEXT_NEXT, empty_token) <
+ 0) {
+ (void) gss_release_name(&min_stat, &target_name);
+ return -1;
+ }
+ }
+
+ /*
+ * Perform the context-establishement loop.
+ *
+ * On each pass through the loop, token_ptr points to the token
+ * to send to the server (or GSS_C_NO_BUFFER on the first pass).
+ * Every generated token is stored in send_tok which is then
+ * transmitted to the server; every received token is stored in
+ * recv_tok, which token_ptr is then set to, to be processed by
+ * the next call to gss_init_sec_context.
+ *
+ * GSS-API guarantees that send_tok's length will be non-zero
+ * if and only if the server is expecting another token from us,
+ * and that gss_init_sec_context returns GSS_S_CONTINUE_NEEDED if
+ * and only if the server has another token to send us.
+ */
+
+ token_ptr = GSS_C_NO_BUFFER;
+ *gss_context = GSS_C_NO_CONTEXT;
+
+ do {
+ maj_stat = gss_init_sec_context(&init_sec_min_stat,
+ GSS_C_NO_CREDENTIAL, gss_context,
+ target_name, oid, gss_flags, 0,
+ NULL, /* channel bindings */
+ token_ptr, NULL, /* mech type */
+ &send_tok, ret_flags,
+ NULL); /* time_rec */
+
+ if (token_ptr != GSS_C_NO_BUFFER)
+ free(recv_tok.value);
+
+ if (send_tok.length != 0) {
+ if (verbose)
+ printf("Sending init_sec_context token (size=%d)...",
+ (int) send_tok.length);
+ if (send_token(s, v1_format ? 0 : TOKEN_CONTEXT, &send_tok) <
+ 0) {
+ (void) gss_release_buffer(&min_stat, &send_tok);
+ (void) gss_release_name(&min_stat, &target_name);
+ return -1;
+ }
+ }
+ (void) gss_release_buffer(&min_stat, &send_tok);
+
+ if (maj_stat != GSS_S_COMPLETE
+ && maj_stat != GSS_S_CONTINUE_NEEDED) {
+ display_status("initializing context", maj_stat,
+ init_sec_min_stat);
+ (void) gss_release_name(&min_stat, &target_name);
+ if (*gss_context != GSS_C_NO_CONTEXT)
+ gss_delete_sec_context(&min_stat, gss_context,
+ GSS_C_NO_BUFFER);
+ return -1;
+ }
+
+ if (maj_stat == GSS_S_CONTINUE_NEEDED) {
+ if (verbose)
+ printf("continue needed...");
+ if (recv_token(s, &token_flags, &recv_tok) < 0) {
+ (void) gss_release_name(&min_stat, &target_name);
+ return -1;
+ }
+ token_ptr = &recv_tok;
+ }
+ if (verbose)
+ printf("\n");
+ } while (maj_stat == GSS_S_CONTINUE_NEEDED);
+
+ (void) gss_release_name(&min_stat, &target_name);
} else {
- if (send_token(s, TOKEN_NOOP, empty_token) < 0)
- return -1;
+ if (send_token(s, TOKEN_NOOP, empty_token) < 0)
+ return -1;
}
return 0;
struct stat stat_buf;
if ((fd = open(file_name, O_RDONLY, 0)) < 0) {
- perror("open");
- fprintf(stderr, "Couldn't open file %s\n", file_name);
- exit(1);
+ perror("open");
+ fprintf(stderr, "Couldn't open file %s\n", file_name);
+ exit(1);
}
if (fstat(fd, &stat_buf) < 0) {
- perror("fstat");
- exit(1);
+ perror("fstat");
+ exit(1);
}
in_buf->length = stat_buf.st_size;
if (in_buf->length == 0) {
- in_buf->value = NULL;
- return;
+ in_buf->value = NULL;
+ return;
}
if ((in_buf->value = malloc(in_buf->length)) == 0) {
- fprintf(stderr, "Couldn't allocate %d byte buffer for reading file\n",
- (int) in_buf->length);
- exit(1);
+ fprintf(stderr, "Couldn't allocate %d byte buffer for reading file\n",
+ (int) in_buf->length);
+ exit(1);
}
/* this code used to check for incomplete reads, but you can't get
count = read(fd, in_buf->value, in_buf->length);
if (count < 0) {
- perror("read");
- exit(1);
+ perror("read");
+ exit(1);
}
if (count < in_buf->length)
- fprintf(stderr, "Warning, only read in %d bytes, expected %d\n",
- count, (int) in_buf->length);
+ fprintf(stderr, "Warning, only read in %d bytes, expected %d\n",
+ count, (int) in_buf->length);
}
/*
*
* Arguments:
*
- * host (r) the host providing the service
- * port (r) the port to connect to on host
- * service_name (r) the GSS-API service name to authenticate to
- * gss_flags (r) GSS-API delegation flag (if any)
- * auth_flag (r) whether to do authentication
- * wrap_flag (r) whether to do message wrapping at all
- * encrypt_flag (r) whether to do encryption while wrapping
- * mic_flag (r) whether to request a MIC from the server
- * msg (r) the message to have "signed"
- * use_file (r) whether to treat msg as an input file name
- * mcount (r) the number of times to send the message
+ * host (r) the host providing the service
+ * port (r) the port to connect to on host
+ * service_name (r) the GSS-API service name to authenticate to
+ * gss_flags (r) GSS-API delegation flag (if any)
+ * auth_flag (r) whether to do authentication
+ * wrap_flag (r) whether to do message wrapping at all
+ * encrypt_flag (r) whether to do encryption while wrapping
+ * mic_flag (r) whether to request a MIC from the server
+ * msg (r) the message to have "signed"
+ * use_file (r) whether to treat msg as an input file name
+ * mcount (r) the number of times to send the message
*
* Returns: 0 on success, -1 on failure
*
* otherwise 0 is returned. */
static int
call_server(host, port, oid, service_name, gss_flags, auth_flag,
- wrap_flag, encrypt_flag, mic_flag, v1_format, msg, use_file,
- mcount)
+ wrap_flag, encrypt_flag, mic_flag, v1_format, msg, use_file,
+ mcount)
char *host;
u_short port;
gss_OID oid;
/* Open connection */
if ((s = connect_to_server(host, port)) < 0)
- return -1;
+ return -1;
/* Establish context */
if (client_establish_context(s, service_name, gss_flags, auth_flag,
- v1_format, oid, &context, &ret_flags) < 0) {
- (void) close(s);
- return -1;
+ v1_format, oid, &context, &ret_flags) < 0) {
+ (void) close(s);
+ return -1;
}
if (auth_flag && verbose) {
- /* display the flags */
- display_ctx_flags(ret_flags);
-
- /* Get context information */
- maj_stat = gss_inquire_context(&min_stat, context,
- &src_name, &targ_name, &lifetime,
- &mechanism, &context_flags,
- &is_local, &is_open);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("inquiring context", maj_stat, min_stat);
- return -1;
- }
-
- maj_stat = gss_display_name(&min_stat, src_name, &sname, &name_type);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("displaying source name", maj_stat, min_stat);
- return -1;
- }
- maj_stat = gss_display_name(&min_stat, targ_name, &tname,
- (gss_OID *) NULL);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("displaying target name", maj_stat, min_stat);
- return -1;
- }
- printf("\"%.*s\" to \"%.*s\", lifetime %d, flags %x, %s, %s\n",
- (int) sname.length, (char *) sname.value,
- (int) tname.length, (char *) tname.value, lifetime,
- context_flags,
- (is_local) ? "locally initiated" : "remotely initiated",
- (is_open) ? "open" : "closed");
-
- (void) gss_release_name(&min_stat, &src_name);
- (void) gss_release_name(&min_stat, &targ_name);
- (void) gss_release_buffer(&min_stat, &sname);
- (void) gss_release_buffer(&min_stat, &tname);
-
- maj_stat = gss_oid_to_str(&min_stat, name_type, &oid_name);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("converting oid->string", maj_stat, min_stat);
- return -1;
- }
- printf("Name type of source name is %.*s.\n",
- (int) oid_name.length, (char *) oid_name.value);
- (void) gss_release_buffer(&min_stat, &oid_name);
-
- /* Now get the names supported by the mechanism */
- maj_stat = gss_inquire_names_for_mech(&min_stat,
- mechanism, &mech_names);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("inquiring mech names", maj_stat, min_stat);
- return -1;
- }
-
- maj_stat = gss_oid_to_str(&min_stat, mechanism, &oid_name);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("converting oid->string", maj_stat, min_stat);
- return -1;
- }
- printf("Mechanism %.*s supports %d names\n",
- (int) oid_name.length, (char *) oid_name.value,
- (int) mech_names->count);
- (void) gss_release_buffer(&min_stat, &oid_name);
-
- for (i = 0; i < mech_names->count; i++) {
- maj_stat = gss_oid_to_str(&min_stat,
- &mech_names->elements[i], &oid_name);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("converting oid->string", maj_stat, min_stat);
- return -1;
- }
- printf(" %d: %.*s\n", (int) i,
- (int) oid_name.length, (char *) oid_name.value);
-
- (void) gss_release_buffer(&min_stat, &oid_name);
- }
- (void) gss_release_oid_set(&min_stat, &mech_names);
+ /* display the flags */
+ display_ctx_flags(ret_flags);
+
+ /* Get context information */
+ maj_stat = gss_inquire_context(&min_stat, context,
+ &src_name, &targ_name, &lifetime,
+ &mechanism, &context_flags,
+ &is_local, &is_open);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("inquiring context", maj_stat, min_stat);
+ return -1;
+ }
+
+ maj_stat = gss_display_name(&min_stat, src_name, &sname, &name_type);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("displaying source name", maj_stat, min_stat);
+ return -1;
+ }
+ maj_stat = gss_display_name(&min_stat, targ_name, &tname,
+ (gss_OID *) NULL);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("displaying target name", maj_stat, min_stat);
+ return -1;
+ }
+ printf("\"%.*s\" to \"%.*s\", lifetime %d, flags %x, %s, %s\n",
+ (int) sname.length, (char *) sname.value,
+ (int) tname.length, (char *) tname.value, lifetime,
+ context_flags,
+ (is_local) ? "locally initiated" : "remotely initiated",
+ (is_open) ? "open" : "closed");
+
+ (void) gss_release_name(&min_stat, &src_name);
+ (void) gss_release_name(&min_stat, &targ_name);
+ (void) gss_release_buffer(&min_stat, &sname);
+ (void) gss_release_buffer(&min_stat, &tname);
+
+ maj_stat = gss_oid_to_str(&min_stat, name_type, &oid_name);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("converting oid->string", maj_stat, min_stat);
+ return -1;
+ }
+ printf("Name type of source name is %.*s.\n",
+ (int) oid_name.length, (char *) oid_name.value);
+ (void) gss_release_buffer(&min_stat, &oid_name);
+
+ /* Now get the names supported by the mechanism */
+ maj_stat = gss_inquire_names_for_mech(&min_stat,
+ mechanism, &mech_names);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("inquiring mech names", maj_stat, min_stat);
+ return -1;
+ }
+
+ maj_stat = gss_oid_to_str(&min_stat, mechanism, &oid_name);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("converting oid->string", maj_stat, min_stat);
+ return -1;
+ }
+ printf("Mechanism %.*s supports %d names\n",
+ (int) oid_name.length, (char *) oid_name.value,
+ (int) mech_names->count);
+ (void) gss_release_buffer(&min_stat, &oid_name);
+
+ for (i = 0; i < mech_names->count; i++) {
+ maj_stat = gss_oid_to_str(&min_stat,
+ &mech_names->elements[i], &oid_name);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("converting oid->string", maj_stat, min_stat);
+ return -1;
+ }
+ printf(" %d: %.*s\n", (int) i,
+ (int) oid_name.length, (char *) oid_name.value);
+
+ (void) gss_release_buffer(&min_stat, &oid_name);
+ }
+ (void) gss_release_oid_set(&min_stat, &mech_names);
}
if (use_file) {
- read_file(msg, &in_buf);
+ read_file(msg, &in_buf);
} else {
- /* Seal the message */
- in_buf.value = msg;
- in_buf.length = strlen(msg);
+ /* Seal the message */
+ in_buf.value = msg;
+ in_buf.length = strlen(msg);
}
for (i = 0; i < mcount; i++) {
- if (wrap_flag) {
- maj_stat =
- gss_wrap(&min_stat, context, encrypt_flag, GSS_C_QOP_DEFAULT,
- &in_buf, &state, &out_buf);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("wrapping message", maj_stat, min_stat);
- (void) close(s);
- (void) gss_delete_sec_context(&min_stat, &context,
- GSS_C_NO_BUFFER);
- return -1;
- } else if (encrypt_flag && !state) {
- fprintf(stderr, "Warning! Message not encrypted.\n");
- }
- } else {
- out_buf = in_buf;
- }
-
- /* Send to server */
- if (send_token(s, (v1_format ? 0
- : (TOKEN_DATA |
- (wrap_flag ? TOKEN_WRAPPED : 0) |
- (encrypt_flag ? TOKEN_ENCRYPTED : 0) |
- (mic_flag ? TOKEN_SEND_MIC : 0))),
- &out_buf) < 0) {
- (void) close(s);
- (void) gss_delete_sec_context(&min_stat, &context,
- GSS_C_NO_BUFFER);
- return -1;
- }
- if (out_buf.value != in_buf.value)
- (void) gss_release_buffer(&min_stat, &out_buf);
-
- /* Read signature block into out_buf */
- if (recv_token(s, &token_flags, &out_buf) < 0) {
- (void) close(s);
- (void) gss_delete_sec_context(&min_stat, &context,
- GSS_C_NO_BUFFER);
- return -1;
- }
-
- if (mic_flag) {
- /* Verify signature block */
- maj_stat = gss_verify_mic(&min_stat, context, &in_buf,
- &out_buf, &qop_state);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("verifying signature", maj_stat, min_stat);
- (void) close(s);
- (void) gss_delete_sec_context(&min_stat, &context,
- GSS_C_NO_BUFFER);
- return -1;
- }
-
- if (verbose)
- printf("Signature verified.\n");
- } else {
- if (verbose)
- printf("Response received.\n");
- }
-
- free(out_buf.value);
+ if (wrap_flag) {
+ maj_stat =
+ gss_wrap(&min_stat, context, encrypt_flag, GSS_C_QOP_DEFAULT,
+ &in_buf, &state, &out_buf);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("wrapping message", maj_stat, min_stat);
+ (void) close(s);
+ (void) gss_delete_sec_context(&min_stat, &context,
+ GSS_C_NO_BUFFER);
+ return -1;
+ } else if (encrypt_flag && !state) {
+ fprintf(stderr, "Warning! Message not encrypted.\n");
+ }
+ } else {
+ out_buf = in_buf;
+ }
+
+ /* Send to server */
+ if (send_token(s, (v1_format ? 0
+ : (TOKEN_DATA |
+ (wrap_flag ? TOKEN_WRAPPED : 0) |
+ (encrypt_flag ? TOKEN_ENCRYPTED : 0) |
+ (mic_flag ? TOKEN_SEND_MIC : 0))),
+ &out_buf) < 0) {
+ (void) close(s);
+ (void) gss_delete_sec_context(&min_stat, &context,
+ GSS_C_NO_BUFFER);
+ return -1;
+ }
+ if (out_buf.value != in_buf.value)
+ (void) gss_release_buffer(&min_stat, &out_buf);
+
+ /* Read signature block into out_buf */
+ if (recv_token(s, &token_flags, &out_buf) < 0) {
+ (void) close(s);
+ (void) gss_delete_sec_context(&min_stat, &context,
+ GSS_C_NO_BUFFER);
+ return -1;
+ }
+
+ if (mic_flag) {
+ /* Verify signature block */
+ maj_stat = gss_verify_mic(&min_stat, context, &in_buf,
+ &out_buf, &qop_state);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("verifying signature", maj_stat, min_stat);
+ (void) close(s);
+ (void) gss_delete_sec_context(&min_stat, &context,
+ GSS_C_NO_BUFFER);
+ return -1;
+ }
+
+ if (verbose)
+ printf("Signature verified.\n");
+ } else {
+ if (verbose)
+ printf("Response received.\n");
+ }
+
+ free(out_buf.value);
}
if (use_file)
- free(in_buf.value);
+ free(in_buf.value);
/* Send NOOP */
if (!v1_format)
- (void) send_token(s, TOKEN_NOOP, empty_token);
+ (void) send_token(s, TOKEN_NOOP, empty_token);
if (auth_flag) {
- /* Delete context */
- maj_stat = gss_delete_sec_context(&min_stat, &context, &out_buf);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("deleting context", maj_stat, min_stat);
- (void) close(s);
- (void) gss_delete_sec_context(&min_stat, &context,
- GSS_C_NO_BUFFER);
- return -1;
- }
-
- (void) gss_release_buffer(&min_stat, &out_buf);
+ /* Delete context */
+ maj_stat = gss_delete_sec_context(&min_stat, &context, &out_buf);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("deleting context", maj_stat, min_stat);
+ (void) close(s);
+ (void) gss_delete_sec_context(&min_stat, &context,
+ GSS_C_NO_BUFFER);
+ return -1;
+ }
+
+ (void) gss_release_buffer(&min_stat, &out_buf);
}
(void) close(s);
size_t i, mechlen = strlen(mechanism);
if (isdigit((int) mechanism[0])) {
- mechstr = malloc(mechlen + 5);
- if (!mechstr) {
- fprintf(stderr, "Couldn't allocate mechanism scratch!\n");
- return;
- }
- mechstr[0] = '{';
- mechstr[1] = ' ';
- for (i = 0; i < mechlen; i++)
- mechstr[i + 2] = (mechanism[i] == '.') ? ' ' : mechanism[i];
- mechstr[mechlen + 2] = ' ';
- mechstr[mechlen + 3] = ' ';
- mechstr[mechlen + 4] = '\0';
- tok.value = mechstr;
+ mechstr = malloc(mechlen + 5);
+ if (!mechstr) {
+ fprintf(stderr, "Couldn't allocate mechanism scratch!\n");
+ return;
+ }
+ mechstr[0] = '{';
+ mechstr[1] = ' ';
+ for (i = 0; i < mechlen; i++)
+ mechstr[i + 2] = (mechanism[i] == '.') ? ' ' : mechanism[i];
+ mechstr[mechlen + 2] = ' ';
+ mechstr[mechlen + 3] = ' ';
+ mechstr[mechlen + 4] = '\0';
+ tok.value = mechstr;
} else
- tok.value = mechanism;
+ tok.value = mechanism;
tok.length = strlen(tok.value);
maj_stat = gss_str_to_oid(&min_stat, &tok, oid);
if (maj_stat != GSS_S_COMPLETE) {
- display_status("str_to_oid", maj_stat, min_stat);
- return;
+ display_status("str_to_oid", maj_stat, min_stat);
+ return;
}
if (mechstr)
- free(mechstr);
+ free(mechstr);
}
static int max_threads = 1;
WaitAndIncrementThreadCounter(void)
{
for (;;) {
- if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) {
- if (thread_count < max_threads) {
- thread_count++;
- ReleaseMutex(hMutex);
- return TRUE;
- } else {
- ReleaseMutex(hMutex);
-
- if (WaitForSingleObject(hEvent, INFINITE) == WAIT_OBJECT_0) {
- continue;
- } else {
- return FALSE;
- }
- }
- } else {
- return FALSE;
- }
+ if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) {
+ if (thread_count < max_threads) {
+ thread_count++;
+ ReleaseMutex(hMutex);
+ return TRUE;
+ } else {
+ ReleaseMutex(hMutex);
+
+ if (WaitForSingleObject(hEvent, INFINITE) == WAIT_OBJECT_0) {
+ continue;
+ } else {
+ return FALSE;
+ }
+ }
+ } else {
+ return FALSE;
+ }
}
}
DecrementAndSignalThreadCounter(void)
{
if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) {
- if (thread_count == max_threads)
- ResetEvent(hEvent);
- thread_count--;
- ReleaseMutex(hMutex);
- return TRUE;
+ if (thread_count == max_threads)
+ ResetEvent(hEvent);
+ thread_count--;
+ ReleaseMutex(hMutex);
+ return TRUE;
} else {
- return FALSE;
+ return FALSE;
}
}
#endif
worker_bee(void *unused)
{
if (call_server(server_host, port, oid, service_name,
- gss_flags, auth_flag, wrap_flag, encrypt_flag, mic_flag,
- v1_format, msg, use_file, mcount) < 0)
- exit(1);
+ gss_flags, auth_flag, wrap_flag, encrypt_flag, mic_flag,
+ v1_format, msg, use_file, mcount) < 0)
+ exit(1);
#ifdef _WIN32
if (max_threads > 1)
- DecrementAndSignalThreadCounter();
+ DecrementAndSignalThreadCounter();
#endif
}
argc--;
argv++;
while (argc) {
- if (strcmp(*argv, "-port") == 0) {
- argc--;
- argv++;
- if (!argc)
- usage();
- port = atoi(*argv);
- } else if (strcmp(*argv, "-mech") == 0) {
- argc--;
- argv++;
- if (!argc)
- usage();
- mechanism = *argv;
- }
+ if (strcmp(*argv, "-port") == 0) {
+ argc--;
+ argv++;
+ if (!argc)
+ usage();
+ port = atoi(*argv);
+ } else if (strcmp(*argv, "-mech") == 0) {
+ argc--;
+ argv++;
+ if (!argc)
+ usage();
+ mechanism = *argv;
+ }
#ifdef _WIN32
- else if (strcmp(*argv, "-threads") == 0) {
- argc--;
- argv++;
- if (!argc)
- usage();
- max_threads = atoi(*argv);
- }
+ else if (strcmp(*argv, "-threads") == 0) {
+ argc--;
+ argv++;
+ if (!argc)
+ usage();
+ max_threads = atoi(*argv);
+ }
#endif
- else if (strcmp(*argv, "-d") == 0) {
- gss_flags |= GSS_C_DELEG_FLAG;
- } else if (strcmp(*argv, "-seq") == 0) {
- gss_flags |= GSS_C_SEQUENCE_FLAG;
- } else if (strcmp(*argv, "-noreplay") == 0) {
- gss_flags &= ~GSS_C_REPLAY_FLAG;
- } else if (strcmp(*argv, "-nomutual") == 0) {
- gss_flags &= ~GSS_C_MUTUAL_FLAG;
- } else if (strcmp(*argv, "-f") == 0) {
- use_file = 1;
- } else if (strcmp(*argv, "-q") == 0) {
- verbose = 0;
- } else if (strcmp(*argv, "-ccount") == 0) {
- argc--;
- argv++;
- if (!argc)
- usage();
- ccount = atoi(*argv);
- if (ccount <= 0)
- usage();
- } else if (strcmp(*argv, "-mcount") == 0) {
- argc--;
- argv++;
- if (!argc)
- usage();
- mcount = atoi(*argv);
- if (mcount < 0)
- usage();
- } else if (strcmp(*argv, "-na") == 0) {
- auth_flag = wrap_flag = encrypt_flag = mic_flag = 0;
- } else if (strcmp(*argv, "-nw") == 0) {
- wrap_flag = 0;
- } else if (strcmp(*argv, "-nx") == 0) {
- encrypt_flag = 0;
- } else if (strcmp(*argv, "-nm") == 0) {
- mic_flag = 0;
- } else if (strcmp(*argv, "-v1") == 0) {
- v1_format = 1;
- } else
- break;
- argc--;
- argv++;
+ else if (strcmp(*argv, "-d") == 0) {
+ gss_flags |= GSS_C_DELEG_FLAG;
+ } else if (strcmp(*argv, "-seq") == 0) {
+ gss_flags |= GSS_C_SEQUENCE_FLAG;
+ } else if (strcmp(*argv, "-noreplay") == 0) {
+ gss_flags &= ~GSS_C_REPLAY_FLAG;
+ } else if (strcmp(*argv, "-nomutual") == 0) {
+ gss_flags &= ~GSS_C_MUTUAL_FLAG;
+ } else if (strcmp(*argv, "-f") == 0) {
+ use_file = 1;
+ } else if (strcmp(*argv, "-q") == 0) {
+ verbose = 0;
+ } else if (strcmp(*argv, "-ccount") == 0) {
+ argc--;
+ argv++;
+ if (!argc)
+ usage();
+ ccount = atoi(*argv);
+ if (ccount <= 0)
+ usage();
+ } else if (strcmp(*argv, "-mcount") == 0) {
+ argc--;
+ argv++;
+ if (!argc)
+ usage();
+ mcount = atoi(*argv);
+ if (mcount < 0)
+ usage();
+ } else if (strcmp(*argv, "-na") == 0) {
+ auth_flag = wrap_flag = encrypt_flag = mic_flag = 0;
+ } else if (strcmp(*argv, "-nw") == 0) {
+ wrap_flag = 0;
+ } else if (strcmp(*argv, "-nx") == 0) {
+ encrypt_flag = 0;
+ } else if (strcmp(*argv, "-nm") == 0) {
+ mic_flag = 0;
+ } else if (strcmp(*argv, "-v1") == 0) {
+ v1_format = 1;
+ } else
+ break;
+ argc--;
+ argv++;
}
if (argc != 3)
- usage();
+ usage();
#ifdef _WIN32
if (max_threads < 1) {
- fprintf(stderr, "warning: there must be at least one thread\n");
- max_threads = 1;
+ fprintf(stderr, "warning: there must be at least one thread\n");
+ max_threads = 1;
}
#endif
msg = *argv++;
if (mechanism)
- parse_oid(mechanism, &oid);
+ parse_oid(mechanism, &oid);
if (max_threads == 1) {
- for (i = 0; i < ccount; i++) {
- worker_bee(0);
- }
+ for (i = 0; i < ccount; i++) {
+ worker_bee(0);
+ }
} else {
#ifdef _WIN32
- for (i = 0; i < ccount; i++) {
- if (WaitAndIncrementThreadCounter()) {
- uintptr_t handle = _beginthread(worker_bee, 0, (void *) 0);
- if (handle == (uintptr_t) - 1) {
- exit(1);
- }
- } else {
- exit(1);
- }
- }
+ for (i = 0; i < ccount; i++) {
+ if (WaitAndIncrementThreadCounter()) {
+ uintptr_t handle = _beginthread(worker_bee, 0, (void *) 0);
+ if (handle == (uintptr_t) - 1) {
+ exit(1);
+ }
+ } else {
+ exit(1);
+ }
+ }
#else
- /* boom */
- assert(max_threads == 1);
+ /* boom */
+ assert(max_threads == 1);
#endif
}
if (oid != GSS_C_NULL_OID)
- (void) gss_release_oid(&min_stat, &oid);
+ (void) gss_release_oid(&min_stat, &oid);
#ifdef _WIN32
CleanupHandles();
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1994 by OpenVision Technologies, Inc.
*
char *ptr;
for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) {
- ret = send(fildes, ptr, nbyte, 0);
- if (ret < 0) {
- if (errno == EINTR)
- continue;
- return (ret);
- } else if (ret == 0) {
- return (ptr - buf);
- }
+ ret = send(fildes, ptr, nbyte, 0);
+ if (ret < 0) {
+ if (errno == EINTR)
+ continue;
+ return (ret);
+ } else if (ret == 0) {
+ return (ptr - buf);
+ }
}
return (ptr - buf);
tv.tv_usec = 0;
for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) {
- if (select(FD_SETSIZE, &rfds, NULL, NULL, &tv) <= 0
- || !FD_ISSET(fildes, &rfds))
- return (ptr - buf);
- ret = recv(fildes, ptr, nbyte, 0);
- if (ret < 0) {
- if (errno == EINTR)
- continue;
- return (ret);
- } else if (ret == 0) {
- return (ptr - buf);
- }
+ if (select(FD_SETSIZE, &rfds, NULL, NULL, &tv) <= 0
+ || !FD_ISSET(fildes, &rfds))
+ return (ptr - buf);
+ ret = recv(fildes, ptr, nbyte, 0);
+ if (ret < 0) {
+ if (errno == EINTR)
+ continue;
+ return (ret);
+ } else if (ret == 0) {
+ return (ptr - buf);
+ }
}
return (ptr - buf);
*
* Arguments:
*
- * s (r) an open file descriptor
- * flags (r) the flags to write
- * tok (r) the token to write
+ * s (r) an open file descriptor
+ * flags (r) the flags to write
+ * tok (r) the token to write
*
* Returns: 0 on success, -1 on failure
*
unsigned char lenbuf[4];
if (char_flags) {
- ret = write_all(s, (char *) &char_flags, 1);
- if (ret != 1) {
- perror("sending token flags");
- return -1;
- }
+ ret = write_all(s, (char *) &char_flags, 1);
+ if (ret != 1) {
+ perror("sending token flags");
+ return -1;
+ }
}
if (tok->length > 0xffffffffUL)
- abort();
+ abort();
lenbuf[0] = (tok->length >> 24) & 0xff;
lenbuf[1] = (tok->length >> 16) & 0xff;
lenbuf[2] = (tok->length >> 8) & 0xff;
ret = write_all(s, lenbuf, 4);
if (ret < 0) {
- perror("sending token length");
- return -1;
+ perror("sending token length");
+ return -1;
} else if (ret != 4) {
- if (display_file)
- fprintf(display_file,
- "sending token length: %d of %d bytes written\n", ret, 4);
- return -1;
+ if (display_file)
+ fprintf(display_file,
+ "sending token length: %d of %d bytes written\n", ret, 4);
+ return -1;
}
ret = write_all(s, tok->value, tok->length);
if (ret < 0) {
- perror("sending token data");
- return -1;
+ perror("sending token data");
+ return -1;
} else if (ret != tok->length) {
- if (display_file)
- fprintf(display_file,
- "sending token data: %d of %d bytes written\n",
- ret, (int) tok->length);
- return -1;
+ if (display_file)
+ fprintf(display_file,
+ "sending token data: %d of %d bytes written\n",
+ ret, (int) tok->length);
+ return -1;
}
return 0;
*
* Arguments:
*
- * s (r) an open file descriptor
- * flags (w) the read flags
- * tok (w) the read token
+ * s (r) an open file descriptor
+ * flags (w) the read flags
+ * tok (w) the read token
*
* Returns: 0 on success, -1 on failure
*
ret = read_all(s, (char *) &char_flags, 1);
if (ret < 0) {
- perror("reading token flags");
- return -1;
+ perror("reading token flags");
+ return -1;
} else if (!ret) {
- if (display_file)
- fputs("reading token flags: 0 bytes read\n", display_file);
- return -1;
+ if (display_file)
+ fputs("reading token flags: 0 bytes read\n", display_file);
+ return -1;
} else {
- *flags = (int) char_flags;
+ *flags = (int) char_flags;
}
if (char_flags == 0) {
- lenbuf[0] = 0;
- ret = read_all(s, &lenbuf[1], 3);
- if (ret < 0) {
- perror("reading token length");
- return -1;
- } else if (ret != 3) {
- if (display_file)
- fprintf(display_file,
- "reading token length: %d of %d bytes read\n", ret, 3);
- return -1;
- }
+ lenbuf[0] = 0;
+ ret = read_all(s, &lenbuf[1], 3);
+ if (ret < 0) {
+ perror("reading token length");
+ return -1;
+ } else if (ret != 3) {
+ if (display_file)
+ fprintf(display_file,
+ "reading token length: %d of %d bytes read\n", ret, 3);
+ return -1;
+ }
} else {
- ret = read_all(s, lenbuf, 4);
- if (ret < 0) {
- perror("reading token length");
- return -1;
- } else if (ret != 4) {
- if (display_file)
- fprintf(display_file,
- "reading token length: %d of %d bytes read\n", ret, 4);
- return -1;
- }
+ ret = read_all(s, lenbuf, 4);
+ if (ret < 0) {
+ perror("reading token length");
+ return -1;
+ } else if (ret != 4) {
+ if (display_file)
+ fprintf(display_file,
+ "reading token length: %d of %d bytes read\n", ret, 4);
+ return -1;
+ }
}
tok->length = ((lenbuf[0] << 24)
- | (lenbuf[1] << 16)
- | (lenbuf[2] << 8)
- | lenbuf[3]);
+ | (lenbuf[1] << 16)
+ | (lenbuf[2] << 8)
+ | lenbuf[3]);
tok->value = (char *) malloc(tok->length ? tok->length : 1);
if (tok->length && tok->value == NULL) {
- if (display_file)
- fprintf(display_file, "Out of memory allocating token data\n");
- return -1;
+ if (display_file)
+ fprintf(display_file, "Out of memory allocating token data\n");
+ return -1;
}
ret = read_all(s, (char *) tok->value, tok->length);
if (ret < 0) {
- perror("reading token data");
- free(tok->value);
- return -1;
+ perror("reading token data");
+ free(tok->value);
+ return -1;
} else if (ret != tok->length) {
- fprintf(stderr, "sending token data: %d of %d bytes written\n",
- ret, (int) tok->length);
- free(tok->value);
- return -1;
+ fprintf(stderr, "sending token data: %d of %d bytes written\n",
+ ret, (int) tok->length);
+ free(tok->value);
+ return -1;
}
return 0;
msg_ctx = 0;
while (1) {
- maj_stat = gss_display_status(&min_stat, code,
- type, GSS_C_NULL_OID, &msg_ctx, &msg);
- if (display_file)
- fprintf(display_file, "GSS-API error %s: %s\n", m,
- (char *) msg.value);
- (void) gss_release_buffer(&min_stat, &msg);
-
- if (!msg_ctx)
- break;
+ maj_stat = gss_display_status(&min_stat, code,
+ type, GSS_C_NULL_OID, &msg_ctx, &msg);
+ if (display_file)
+ fprintf(display_file, "GSS-API error %s: %s\n", m,
+ (char *) msg.value);
+ (void) gss_release_buffer(&min_stat, &msg);
+
+ if (!msg_ctx)
+ break;
}
}
*
* Arguments:
*
- * msg a string to be displayed with the message
- * maj_stat the GSS-API major status code
- * min_stat the GSS-API minor status code
+ * msg a string to be displayed with the message
+ * maj_stat the GSS-API major status code
+ * min_stat the GSS-API minor status code
*
* Effects:
*
* Function: display_ctx_flags
*
* Purpose: displays the flags returned by context initation in
- * a human-readable form
+ * a human-readable form
*
* Arguments:
*
- * int ret_flags
+ * int ret_flags
*
* Effects:
*
OM_uint32 flags;
{
if (flags & GSS_C_DELEG_FLAG)
- fprintf(display_file, "context flag: GSS_C_DELEG_FLAG\n");
+ fprintf(display_file, "context flag: GSS_C_DELEG_FLAG\n");
if (flags & GSS_C_MUTUAL_FLAG)
- fprintf(display_file, "context flag: GSS_C_MUTUAL_FLAG\n");
+ fprintf(display_file, "context flag: GSS_C_MUTUAL_FLAG\n");
if (flags & GSS_C_REPLAY_FLAG)
- fprintf(display_file, "context flag: GSS_C_REPLAY_FLAG\n");
+ fprintf(display_file, "context flag: GSS_C_REPLAY_FLAG\n");
if (flags & GSS_C_SEQUENCE_FLAG)
- fprintf(display_file, "context flag: GSS_C_SEQUENCE_FLAG\n");
+ fprintf(display_file, "context flag: GSS_C_SEQUENCE_FLAG\n");
if (flags & GSS_C_CONF_FLAG)
- fprintf(display_file, "context flag: GSS_C_CONF_FLAG \n");
+ fprintf(display_file, "context flag: GSS_C_CONF_FLAG \n");
if (flags & GSS_C_INTEG_FLAG)
- fprintf(display_file, "context flag: GSS_C_INTEG_FLAG \n");
+ fprintf(display_file, "context flag: GSS_C_INTEG_FLAG \n");
}
void
unsigned char *p = tok->value;
if (!display_file)
- return;
+ return;
for (i = 0; i < tok->length; i++, p++) {
- fprintf(display_file, "%02x ", *p);
- if ((i % 16) == 15) {
- fprintf(display_file, "\n");
- }
+ fprintf(display_file, "%02x ", *p);
+ if ((i % 16) == 15) {
+ fprintf(display_file, "\n");
+ }
}
fprintf(display_file, "\n");
fflush(display_file);
_tzset();
_ftime(&tb);
if (tv) {
- tv->tv_sec = tb.time;
- tv->tv_usec = tb.millitm * 1000;
+ tv->tv_sec = tb.time;
+ tv->tv_usec = tb.millitm * 1000;
}
return 0;
}
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1994 by OpenVision Technologies, Inc.
*
extern FILE *display_file;
-int send_token
- (int s, int flags, gss_buffer_t tok);
-int recv_token
- (int s, int *flags, gss_buffer_t tok);
-void display_status
- (char *msg, OM_uint32 maj_stat, OM_uint32 min_stat);
-void display_ctx_flags
- (OM_uint32 flags);
-void print_token
- (gss_buffer_t tok);
+int send_token(int s, int flags, gss_buffer_t tok);
+int recv_token(int s, int *flags, gss_buffer_t tok);
+void display_status(char *msg, OM_uint32 maj_stat, OM_uint32 min_stat);
+void display_ctx_flags(OM_uint32 flags);
+void print_token(gss_buffer_t tok);
/* Token types */
-#define TOKEN_NOOP (1<<0)
-#define TOKEN_CONTEXT (1<<1)
-#define TOKEN_DATA (1<<2)
-#define TOKEN_MIC (1<<3)
+#define TOKEN_NOOP (1<<0)
+#define TOKEN_CONTEXT (1<<1)
+#define TOKEN_DATA (1<<2)
+#define TOKEN_MIC (1<<3)
/* Token flags */
-#define TOKEN_CONTEXT_NEXT (1<<4)
-#define TOKEN_WRAPPED (1<<5)
-#define TOKEN_ENCRYPTED (1<<6)
-#define TOKEN_SEND_MIC (1<<7)
+#define TOKEN_CONTEXT_NEXT (1<<4)
+#define TOKEN_WRAPPED (1<<5)
+#define TOKEN_ENCRYPTED (1<<6)
+#define TOKEN_SEND_MIC (1<<7)
extern gss_buffer_t empty_token;
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1994 by OpenVision Technologies, Inc.
*
#endif
fprintf(stderr, "\n");
fprintf(stderr,
- " [-inetd] [-export] [-logfile file] service_name\n");
+ " [-inetd] [-export] [-logfile file] service_name\n");
exit(1);
}
*
* Arguments:
*
- * service_name (r) the ASCII service name
- * server_creds (w) the GSS-API service credentials
+ * service_name (r) the ASCII service name
+ * server_creds (w) the GSS-API service credentials
*
* Returns: 0 on success, -1 on failure
*
* 0 is returned.
*/
static int
-server_acquire_creds(service_name, server_creds)
- char *service_name;
- gss_cred_id_t *server_creds;
+server_acquire_creds(char *service_name, gss_cred_id_t *server_creds)
{
gss_buffer_desc name_buf;
gss_name_t server_name;
name_buf.value = service_name;
name_buf.length = strlen(name_buf.value) + 1;
maj_stat = gss_import_name(&min_stat, &name_buf,
- (gss_OID) gss_nt_service_name, &server_name);
+ (gss_OID) gss_nt_service_name, &server_name);
if (maj_stat != GSS_S_COMPLETE) {
- display_status("importing name", maj_stat, min_stat);
- return -1;
+ display_status("importing name", maj_stat, min_stat);
+ return -1;
}
maj_stat = gss_acquire_cred(&min_stat, server_name, 0,
- GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
- server_creds, NULL, NULL);
+ GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
+ server_creds, NULL, NULL);
if (maj_stat != GSS_S_COMPLETE) {
- display_status("acquiring credentials", maj_stat, min_stat);
- return -1;
+ display_status("acquiring credentials", maj_stat, min_stat);
+ return -1;
}
(void) gss_release_name(&min_stat, &server_name);
*
* Arguments:
*
- * s (r) an established TCP connection to the client
- * service_creds (r) server credentials, from gss_acquire_cred
- * context (w) the established GSS-API context
- * client_name (w) the client's ASCII name
+ * s (r) an established TCP connection to the client
+ * service_creds (r) server credentials, from gss_acquire_cred
+ * context (w) the established GSS-API context
+ * client_name (w) the client's ASCII name
*
* Returns: 0 on success, -1 on failure
*
* message is displayed and -1 is returned.
*/
static int
-server_establish_context(s, server_creds, context, client_name, ret_flags)
- int s;
- gss_cred_id_t server_creds;
- gss_ctx_id_t *context;
- gss_buffer_t client_name;
- OM_uint32 *ret_flags;
+server_establish_context(int s, gss_cred_id_t server_creds,
+ gss_ctx_id_t *context, gss_buffer_t client_name,
+ OM_uint32 *ret_flags)
{
gss_buffer_desc send_tok, recv_tok;
gss_name_t client;
int token_flags;
if (recv_token(s, &token_flags, &recv_tok) < 0)
- return -1;
+ return -1;
if (recv_tok.value) {
- free(recv_tok.value);
- recv_tok.value = NULL;
+ free(recv_tok.value);
+ recv_tok.value = NULL;
}
if (!(token_flags & TOKEN_NOOP)) {
- if (logfile)
- fprintf(logfile, "Expected NOOP token, got %d token instead\n",
- token_flags);
- return -1;
+ if (logfile)
+ fprintf(logfile, "Expected NOOP token, got %d token instead\n",
+ token_flags);
+ return -1;
}
*context = GSS_C_NO_CONTEXT;
if (token_flags & TOKEN_CONTEXT_NEXT) {
- do {
- if (recv_token(s, &token_flags, &recv_tok) < 0)
- return -1;
-
- if (verbose && logfile) {
- fprintf(logfile, "Received token (size=%d): \n",
- (int) recv_tok.length);
- print_token(&recv_tok);
- }
-
- maj_stat = gss_accept_sec_context(&acc_sec_min_stat, context, server_creds, &recv_tok, GSS_C_NO_CHANNEL_BINDINGS, &client, &doid, &send_tok, ret_flags, NULL, /* ignore time_rec */
- NULL); /* ignore del_cred_handle */
-
- if (recv_tok.value) {
- free(recv_tok.value);
- recv_tok.value = NULL;
- }
-
- if (send_tok.length != 0) {
- if (verbose && logfile) {
- fprintf(logfile,
- "Sending accept_sec_context token (size=%d):\n",
- (int) send_tok.length);
- print_token(&send_tok);
- }
- if (send_token(s, TOKEN_CONTEXT, &send_tok) < 0) {
- if (logfile)
- fprintf(logfile, "failure sending token\n");
- return -1;
- }
-
- (void) gss_release_buffer(&min_stat, &send_tok);
- }
- if (maj_stat != GSS_S_COMPLETE
- && maj_stat != GSS_S_CONTINUE_NEEDED) {
- display_status("accepting context", maj_stat,
- acc_sec_min_stat);
- if (*context != GSS_C_NO_CONTEXT)
- gss_delete_sec_context(&min_stat, context,
- GSS_C_NO_BUFFER);
- return -1;
- }
-
- if (verbose && logfile) {
- if (maj_stat == GSS_S_CONTINUE_NEEDED)
- fprintf(logfile, "continue needed...\n");
- else
- fprintf(logfile, "\n");
- fflush(logfile);
- }
- } while (maj_stat == GSS_S_CONTINUE_NEEDED);
-
- /* display the flags */
- display_ctx_flags(*ret_flags);
-
- if (verbose && logfile) {
- maj_stat = gss_oid_to_str(&min_stat, doid, &oid_name);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("converting oid->string", maj_stat, min_stat);
- return -1;
- }
- fprintf(logfile, "Accepted connection using mechanism OID %.*s.\n",
- (int) oid_name.length, (char *) oid_name.value);
- (void) gss_release_buffer(&min_stat, &oid_name);
- }
-
- maj_stat = gss_display_name(&min_stat, client, client_name, &doid);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("displaying name", maj_stat, min_stat);
- return -1;
- }
- maj_stat = gss_release_name(&min_stat, &client);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("releasing name", maj_stat, min_stat);
- return -1;
- }
+ do {
+ if (recv_token(s, &token_flags, &recv_tok) < 0)
+ return -1;
+
+ if (verbose && logfile) {
+ fprintf(logfile, "Received token (size=%d): \n",
+ (int) recv_tok.length);
+ print_token(&recv_tok);
+ }
+
+ maj_stat = gss_accept_sec_context(&acc_sec_min_stat, context,
+ server_creds, &recv_tok,
+ GSS_C_NO_CHANNEL_BINDINGS,
+ &client, &doid, &send_tok,
+ ret_flags,
+ NULL, /* time_rec */
+ NULL); /* del_cred_handle */
+
+ if (recv_tok.value) {
+ free(recv_tok.value);
+ recv_tok.value = NULL;
+ }
+
+ if (send_tok.length != 0) {
+ if (verbose && logfile) {
+ fprintf(logfile,
+ "Sending accept_sec_context token (size=%d):\n",
+ (int) send_tok.length);
+ print_token(&send_tok);
+ }
+ if (send_token(s, TOKEN_CONTEXT, &send_tok) < 0) {
+ if (logfile)
+ fprintf(logfile, "failure sending token\n");
+ return -1;
+ }
+
+ (void) gss_release_buffer(&min_stat, &send_tok);
+ }
+ if (maj_stat != GSS_S_COMPLETE
+ && maj_stat != GSS_S_CONTINUE_NEEDED) {
+ display_status("accepting context", maj_stat,
+ acc_sec_min_stat);
+ if (*context != GSS_C_NO_CONTEXT)
+ gss_delete_sec_context(&min_stat, context,
+ GSS_C_NO_BUFFER);
+ return -1;
+ }
+
+ if (verbose && logfile) {
+ if (maj_stat == GSS_S_CONTINUE_NEEDED)
+ fprintf(logfile, "continue needed...\n");
+ else
+ fprintf(logfile, "\n");
+ fflush(logfile);
+ }
+ } while (maj_stat == GSS_S_CONTINUE_NEEDED);
+
+ /* display the flags */
+ display_ctx_flags(*ret_flags);
+
+ if (verbose && logfile) {
+ maj_stat = gss_oid_to_str(&min_stat, doid, &oid_name);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("converting oid->string", maj_stat, min_stat);
+ return -1;
+ }
+ fprintf(logfile, "Accepted connection using mechanism OID %.*s.\n",
+ (int) oid_name.length, (char *) oid_name.value);
+ (void) gss_release_buffer(&min_stat, &oid_name);
+ }
+
+ maj_stat = gss_display_name(&min_stat, client, client_name, &doid);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("displaying name", maj_stat, min_stat);
+ return -1;
+ }
+ maj_stat = gss_release_name(&min_stat, &client);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("releasing name", maj_stat, min_stat);
+ return -1;
+ }
} else {
- client_name->length = *ret_flags = 0;
+ client_name->length = *ret_flags = 0;
- if (logfile)
- fprintf(logfile, "Accepted unauthenticated connection.\n");
+ if (logfile)
+ fprintf(logfile, "Accepted unauthenticated connection.\n");
}
return 0;
*
* Arguments:
*
- * port (r) the port number on which to listen
+ * port (r) the port number on which to listen
*
* Returns: the listening socket file descriptor, or -1 on failure
*
* On error, an error message is displayed and -1 is returned.
*/
static int
-create_socket(port)
- u_short port;
+create_socket(u_short port)
{
struct sockaddr_in saddr;
int s;
saddr.sin_addr.s_addr = INADDR_ANY;
if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
- perror("creating socket");
- return -1;
+ perror("creating socket");
+ return -1;
}
/* Let the socket be reused right away */
(void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *) &on, sizeof(on));
if (bind(s, (struct sockaddr *) &saddr, sizeof(saddr)) < 0) {
- perror("binding socket");
- (void) close(s);
- return -1;
+ perror("binding socket");
+ (void) close(s);
+ return -1;
}
if (listen(s, 5) < 0) {
- perror("listening on socket");
- (void) close(s);
- return -1;
+ perror("listening on socket");
+ (void) close(s);
+ return -1;
}
return s;
}
static float
-timeval_subtract(tv1, tv2)
- struct timeval *tv1, *tv2;
+timeval_subtract(struct timeval *tv1, struct timeval *tv2)
{
return ((tv1->tv_sec - tv2->tv_sec) +
- ((float) (tv1->tv_usec - tv2->tv_usec)) / 1000000);
+ ((float) (tv1->tv_usec - tv2->tv_usec)) / 1000000);
}
/*
* Yes, yes, this isn't the best place for doing this test.
* DO NOT REMOVE THIS UNTIL A BETTER TEST HAS BEEN WRITTEN, THOUGH.
- * -TYT
+ * -TYT
*/
static int
-test_import_export_context(context)
- gss_ctx_id_t *context;
+test_import_export_context(gss_ctx_id_t *context)
{
OM_uint32 min_stat, maj_stat;
gss_buffer_desc context_token, copied_token;
gettimeofday(&tm1, (struct timezone *) 0);
maj_stat = gss_export_sec_context(&min_stat, context, &context_token);
if (maj_stat != GSS_S_COMPLETE) {
- display_status("exporting context", maj_stat, min_stat);
- return 1;
+ display_status("exporting context", maj_stat, min_stat);
+ return 1;
}
gettimeofday(&tm2, (struct timezone *) 0);
if (verbose && logfile)
- fprintf(logfile, "Exported context: %d bytes, %7.4f seconds\n",
- (int) context_token.length, timeval_subtract(&tm2, &tm1));
+ fprintf(logfile, "Exported context: %d bytes, %7.4f seconds\n",
+ (int) context_token.length, timeval_subtract(&tm2, &tm1));
copied_token.length = context_token.length;
copied_token.value = malloc(context_token.length);
if (copied_token.value == 0) {
- if (logfile)
- fprintf(logfile,
- "Couldn't allocate memory to copy context token.\n");
- return 1;
+ if (logfile)
+ fprintf(logfile,
+ "Couldn't allocate memory to copy context token.\n");
+ return 1;
}
memcpy(copied_token.value, context_token.value, copied_token.length);
maj_stat = gss_import_sec_context(&min_stat, &copied_token, context);
if (maj_stat != GSS_S_COMPLETE) {
- display_status("importing context", maj_stat, min_stat);
- return 1;
+ display_status("importing context", maj_stat, min_stat);
+ return 1;
}
free(copied_token.value);
gettimeofday(&tm1, (struct timezone *) 0);
if (verbose && logfile)
- fprintf(logfile, "Importing context: %7.4f seconds\n",
- timeval_subtract(&tm1, &tm2));
+ fprintf(logfile, "Importing context: %7.4f seconds\n",
+ timeval_subtract(&tm1, &tm2));
(void) gss_release_buffer(&min_stat, &context_token);
return 0;
}
*
* Arguments:
*
- * s (r) a TCP socket on which a connection has been
- * accept()ed
- * service_name (r) the ASCII name of the GSS-API service to
- * establish a context as
- * export (r) whether to test context exporting
+ * s (r) a TCP socket on which a connection has been
+ * accept()ed
+ * service_name (r) the ASCII name of the GSS-API service to
+ * establish a context as
+ * export (r) whether to test context exporting
*
* Returns: -1 on error
*
* If any error occurs, -1 is returned.
*/
static int
-sign_server(s, server_creds, export)
- int s;
- gss_cred_id_t server_creds;
- int export;
+sign_server(int s, gss_cred_id_t server_creds, int export)
{
gss_buffer_desc client_name, xmit_buf, msg_buf;
gss_ctx_id_t context;
/* Establish a context with the client */
if (server_establish_context(s, server_creds, &context,
- &client_name, &ret_flags) < 0)
- return (-1);
+ &client_name, &ret_flags) < 0)
+ return (-1);
if (context == GSS_C_NO_CONTEXT) {
- printf("Accepted unauthenticated connection.\n");
+ printf("Accepted unauthenticated connection.\n");
} else {
- printf("Accepted connection: \"%.*s\"\n",
- (int) client_name.length, (char *) client_name.value);
- (void) gss_release_buffer(&min_stat, &client_name);
-
- if (export) {
- for (i = 0; i < 3; i++)
- if (test_import_export_context(&context))
- return -1;
- }
+ printf("Accepted connection: \"%.*s\"\n",
+ (int) client_name.length, (char *) client_name.value);
+ (void) gss_release_buffer(&min_stat, &client_name);
+
+ if (export) {
+ for (i = 0; i < 3; i++)
+ if (test_import_export_context(&context))
+ return -1;
+ }
}
do {
- /* Receive the message token */
- if (recv_token(s, &token_flags, &xmit_buf) < 0)
- return (-1);
-
- if (token_flags & TOKEN_NOOP) {
- if (logfile)
- fprintf(logfile, "NOOP token\n");
- if (xmit_buf.value) {
- free(xmit_buf.value);
- xmit_buf.value = 0;
- }
- break;
- }
-
- if (verbose && logfile) {
- fprintf(logfile, "Message token (flags=%d):\n", token_flags);
- print_token(&xmit_buf);
- }
-
- if ((context == GSS_C_NO_CONTEXT) &&
- (token_flags & (TOKEN_WRAPPED | TOKEN_ENCRYPTED | TOKEN_SEND_MIC)))
- {
- if (logfile)
- fprintf(logfile,
- "Unauthenticated client requested authenticated services!\n");
- if (xmit_buf.value) {
- free(xmit_buf.value);
- xmit_buf.value = 0;
- }
- return (-1);
- }
-
- if (token_flags & TOKEN_WRAPPED) {
- maj_stat = gss_unwrap(&min_stat, context, &xmit_buf, &msg_buf,
- &conf_state, (gss_qop_t *) NULL);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("unsealing message", maj_stat, min_stat);
- if (xmit_buf.value) {
- free(xmit_buf.value);
- xmit_buf.value = 0;
- }
- return (-1);
- } else if (!conf_state && (token_flags & TOKEN_ENCRYPTED)) {
- fprintf(stderr, "Warning! Message not encrypted.\n");
- }
-
- if (xmit_buf.value) {
- free(xmit_buf.value);
- xmit_buf.value = 0;
- }
- } else {
- msg_buf = xmit_buf;
- }
-
- if (logfile) {
- fprintf(logfile, "Received message: ");
- cp = msg_buf.value;
- if ((isprint((int) cp[0]) || isspace((int) cp[0])) &&
- (isprint((int) cp[1]) || isspace((int) cp[1]))) {
- fprintf(logfile, "\"%.*s\"\n", (int) msg_buf.length,
- (char *) msg_buf.value);
- } else {
- fprintf(logfile, "\n");
- print_token(&msg_buf);
- }
- }
-
- if (token_flags & TOKEN_SEND_MIC) {
- /* Produce a signature block for the message */
- maj_stat = gss_get_mic(&min_stat, context, GSS_C_QOP_DEFAULT,
- &msg_buf, &xmit_buf);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("signing message", maj_stat, min_stat);
- return (-1);
- }
-
- if (msg_buf.value) {
- free(msg_buf.value);
- msg_buf.value = 0;
- }
-
- /* Send the signature block to the client */
- if (send_token(s, TOKEN_MIC, &xmit_buf) < 0)
- return (-1);
-
- if (xmit_buf.value) {
- free(xmit_buf.value);
- xmit_buf.value = 0;
- }
- } else {
- if (msg_buf.value) {
- free(msg_buf.value);
- msg_buf.value = 0;
- }
- if (send_token(s, TOKEN_NOOP, empty_token) < 0)
- return (-1);
- }
+ /* Receive the message token */
+ if (recv_token(s, &token_flags, &xmit_buf) < 0)
+ return (-1);
+
+ if (token_flags & TOKEN_NOOP) {
+ if (logfile)
+ fprintf(logfile, "NOOP token\n");
+ if (xmit_buf.value) {
+ free(xmit_buf.value);
+ xmit_buf.value = 0;
+ }
+ break;
+ }
+
+ if (verbose && logfile) {
+ fprintf(logfile, "Message token (flags=%d):\n", token_flags);
+ print_token(&xmit_buf);
+ }
+
+ if ((context == GSS_C_NO_CONTEXT) &&
+ (token_flags & (TOKEN_WRAPPED | TOKEN_ENCRYPTED | TOKEN_SEND_MIC)))
+ {
+ if (logfile)
+ fprintf(logfile,
+ "Unauthenticated client requested authenticated services!\n");
+ if (xmit_buf.value) {
+ free(xmit_buf.value);
+ xmit_buf.value = 0;
+ }
+ return (-1);
+ }
+
+ if (token_flags & TOKEN_WRAPPED) {
+ maj_stat = gss_unwrap(&min_stat, context, &xmit_buf, &msg_buf,
+ &conf_state, (gss_qop_t *) NULL);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("unsealing message", maj_stat, min_stat);
+ if (xmit_buf.value) {
+ free(xmit_buf.value);
+ xmit_buf.value = 0;
+ }
+ return (-1);
+ } else if (!conf_state && (token_flags & TOKEN_ENCRYPTED)) {
+ fprintf(stderr, "Warning! Message not encrypted.\n");
+ }
+
+ if (xmit_buf.value) {
+ free(xmit_buf.value);
+ xmit_buf.value = 0;
+ }
+ } else {
+ msg_buf = xmit_buf;
+ }
+
+ if (logfile) {
+ fprintf(logfile, "Received message: ");
+ cp = msg_buf.value;
+ if ((isprint((int) cp[0]) || isspace((int) cp[0])) &&
+ (isprint((int) cp[1]) || isspace((int) cp[1]))) {
+ fprintf(logfile, "\"%.*s\"\n", (int) msg_buf.length,
+ (char *) msg_buf.value);
+ } else {
+ fprintf(logfile, "\n");
+ print_token(&msg_buf);
+ }
+ }
+
+ if (token_flags & TOKEN_SEND_MIC) {
+ /* Produce a signature block for the message */
+ maj_stat = gss_get_mic(&min_stat, context, GSS_C_QOP_DEFAULT,
+ &msg_buf, &xmit_buf);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("signing message", maj_stat, min_stat);
+ return (-1);
+ }
+
+ if (msg_buf.value) {
+ free(msg_buf.value);
+ msg_buf.value = 0;
+ }
+
+ /* Send the signature block to the client */
+ if (send_token(s, TOKEN_MIC, &xmit_buf) < 0)
+ return (-1);
+
+ if (xmit_buf.value) {
+ free(xmit_buf.value);
+ xmit_buf.value = 0;
+ }
+ } else {
+ if (msg_buf.value) {
+ free(msg_buf.value);
+ msg_buf.value = 0;
+ }
+ if (send_token(s, TOKEN_NOOP, empty_token) < 0)
+ return (-1);
+ }
} while (1 /* loop will break if NOOP received */ );
if (context != GSS_C_NO_CONTEXT) {
- /* Delete context */
- maj_stat = gss_delete_sec_context(&min_stat, &context, NULL);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("deleting context", maj_stat, min_stat);
- return (-1);
- }
+ /* Delete context */
+ maj_stat = gss_delete_sec_context(&min_stat, &context, NULL);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("deleting context", maj_stat, min_stat);
+ return (-1);
+ }
}
if (logfile)
- fflush(logfile);
+ fflush(logfile);
return (0);
}
WaitAndIncrementThreadCounter(void)
{
for (;;) {
- if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) {
- if (thread_count < max_threads) {
- thread_count++;
- ReleaseMutex(hMutex);
- return TRUE;
- } else {
- ReleaseMutex(hMutex);
-
- if (WaitForSingleObject(hEvent, INFINITE) == WAIT_OBJECT_0) {
- continue;
- } else {
- return FALSE;
- }
- }
- } else {
- return FALSE;
- }
+ if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) {
+ if (thread_count < max_threads) {
+ thread_count++;
+ ReleaseMutex(hMutex);
+ return TRUE;
+ } else {
+ ReleaseMutex(hMutex);
+
+ if (WaitForSingleObject(hEvent, INFINITE) == WAIT_OBJECT_0) {
+ continue;
+ } else {
+ return FALSE;
+ }
+ }
+ } else {
+ return FALSE;
+ }
}
}
DecrementAndSignalThreadCounter(void)
{
if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) {
- if (thread_count == max_threads)
- ResetEvent(hEvent);
- thread_count--;
- ReleaseMutex(hMutex);
- return TRUE;
+ if (thread_count == max_threads)
+ ResetEvent(hEvent);
+ thread_count--;
+ ReleaseMutex(hMutex);
+ return TRUE;
} else {
- return FALSE;
+ return FALSE;
}
}
#endif
#ifdef _WIN32
if (max_threads > 1)
- DecrementAndSignalThreadCounter();
+ DecrementAndSignalThreadCounter();
#endif
}
int
-main(argc, argv)
- int argc;
- char **argv;
+main(int argc, char **argv)
{
char *service_name;
gss_cred_id_t server_creds;
argc--;
argv++;
while (argc) {
- if (strcmp(*argv, "-port") == 0) {
- argc--;
- argv++;
- if (!argc)
- usage();
- port = atoi(*argv);
- }
+ if (strcmp(*argv, "-port") == 0) {
+ argc--;
+ argv++;
+ if (!argc)
+ usage();
+ port = atoi(*argv);
+ }
#ifdef _WIN32
- else if (strcmp(*argv, "-threads") == 0) {
- argc--;
- argv++;
- if (!argc)
- usage();
- max_threads = atoi(*argv);
- }
+ else if (strcmp(*argv, "-threads") == 0) {
+ argc--;
+ argv++;
+ if (!argc)
+ usage();
+ max_threads = atoi(*argv);
+ }
#endif
- else if (strcmp(*argv, "-verbose") == 0) {
- verbose = 1;
- } else if (strcmp(*argv, "-once") == 0) {
- once = 1;
- } else if (strcmp(*argv, "-inetd") == 0) {
- do_inetd = 1;
- } else if (strcmp(*argv, "-export") == 0) {
- export = 1;
- } else if (strcmp(*argv, "-logfile") == 0) {
- argc--;
- argv++;
- if (!argc)
- usage();
- /* Gross hack, but it makes it unnecessary to add an
- * extra argument to disable logging, and makes the code
- * more efficient because it doesn't actually write data
- * to /dev/null. */
- if (!strcmp(*argv, "/dev/null")) {
- logfile = display_file = NULL;
- } else {
- logfile = fopen(*argv, "a");
- display_file = logfile;
- if (!logfile) {
- perror(*argv);
- exit(1);
- }
- }
- } else
- break;
- argc--;
- argv++;
+ else if (strcmp(*argv, "-verbose") == 0) {
+ verbose = 1;
+ } else if (strcmp(*argv, "-once") == 0) {
+ once = 1;
+ } else if (strcmp(*argv, "-inetd") == 0) {
+ do_inetd = 1;
+ } else if (strcmp(*argv, "-export") == 0) {
+ export = 1;
+ } else if (strcmp(*argv, "-logfile") == 0) {
+ argc--;
+ argv++;
+ if (!argc)
+ usage();
+ /* Gross hack, but it makes it unnecessary to add an
+ * extra argument to disable logging, and makes the code
+ * more efficient because it doesn't actually write data
+ * to /dev/null. */
+ if (!strcmp(*argv, "/dev/null")) {
+ logfile = display_file = NULL;
+ } else {
+ logfile = fopen(*argv, "a");
+ display_file = logfile;
+ if (!logfile) {
+ perror(*argv);
+ exit(1);
+ }
+ }
+ } else
+ break;
+ argc--;
+ argv++;
}
if (argc != 1)
- usage();
+ usage();
if ((*argv)[0] == '-')
- usage();
+ usage();
#ifdef _WIN32
if (max_threads < 1) {
- fprintf(stderr, "warning: there must be at least one thread\n");
- max_threads = 1;
+ fprintf(stderr, "warning: there must be at least one thread\n");
+ max_threads = 1;
}
if (max_threads > 1 && do_inetd)
- fprintf(stderr,
- "warning: one thread may be used in conjunction with inetd\n");
+ fprintf(stderr,
+ "warning: one thread may be used in conjunction with inetd\n");
InitHandles();
#endif
service_name = *argv;
if (server_acquire_creds(service_name, &server_creds) < 0)
- return -1;
+ return -1;
if (do_inetd) {
- close(1);
- close(2);
+ close(1);
+ close(2);
- sign_server(0, server_creds, export);
- close(0);
+ sign_server(0, server_creds, export);
+ close(0);
} else {
- int stmp;
+ int stmp;
- if ((stmp = create_socket(port)) >= 0) {
- if (listen(stmp, max_threads == 1 ? 0 : max_threads) < 0)
- perror("listening on socket");
+ if ((stmp = create_socket(port)) >= 0) {
+ if (listen(stmp, max_threads == 1 ? 0 : max_threads) < 0)
+ perror("listening on socket");
- do {
- struct _work_plan *work = malloc(sizeof(struct _work_plan));
+ do {
+ struct _work_plan *work = malloc(sizeof(struct _work_plan));
- if (work == NULL) {
- fprintf(stderr, "fatal error: out of memory");
- break;
- }
+ if (work == NULL) {
+ fprintf(stderr, "fatal error: out of memory");
+ break;
+ }
- /* Accept a TCP connection */
- if ((work->s = accept(stmp, NULL, 0)) < 0) {
- perror("accepting connection");
- continue;
- }
+ /* Accept a TCP connection */
+ if ((work->s = accept(stmp, NULL, 0)) < 0) {
+ perror("accepting connection");
+ continue;
+ }
- work->server_creds = server_creds;
- work->export = export;
+ work->server_creds = server_creds;
+ work->export = export;
- if (max_threads == 1) {
- worker_bee((void *) work);
- }
+ if (max_threads == 1) {
+ worker_bee((void *) work);
+ }
#ifdef _WIN32
- else {
- if (WaitAndIncrementThreadCounter()) {
- uintptr_t handle =
- _beginthread(worker_bee, 0, (void *) work);
- if (handle == (uintptr_t) - 1) {
- closesocket(work->s);
- free(work);
- }
- } else {
- fprintf(stderr,
- "fatal error incrementing thread counter");
- closesocket(work->s);
- free(work);
- break;
- }
- }
+ else {
+ if (WaitAndIncrementThreadCounter()) {
+ uintptr_t handle =
+ _beginthread(worker_bee, 0, (void *) work);
+ if (handle == (uintptr_t) - 1) {
+ closesocket(work->s);
+ free(work);
+ }
+ } else {
+ fprintf(stderr,
+ "fatal error incrementing thread counter");
+ closesocket(work->s);
+ free(work);
+ break;
+ }
+ }
#endif
- } while (!once);
+ } while (!once);
- closesocket(stmp);
- }
+ closesocket(stmp);
+ }
}
(void) gss_release_cred(&min_stat, &server_creds);
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* appl/sample/sample.h
*
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* appl/sample/sclient/sclient.c
*
#endif
static int
-net_read(fd, buf, len)
- int fd;
- char *buf;
- int len;
+net_read(int fd, char *buf, int len)
{
int cc, len2 = 0;
do {
- cc = SOCKET_READ((SOCKET)fd, buf, len);
- if (cc < 0) {
- if (SOCKET_ERRNO == SOCKET_EINTR)
- continue;
+ cc = SOCKET_READ((SOCKET)fd, buf, len);
+ if (cc < 0) {
+ if (SOCKET_ERRNO == SOCKET_EINTR)
+ continue;
- /* XXX this interface sucks! */
- errno = SOCKET_ERRNO;
+ /* XXX this interface sucks! */
+ errno = SOCKET_ERRNO;
- return(cc); /* errno is already set */
- }
- else if (cc == 0) {
- return(len2);
- } else {
- buf += cc;
- len2 += cc;
- len -= cc;
- }
+ return(cc); /* errno is already set */
+ }
+ else if (cc == 0) {
+ return(len2);
+ } else {
+ buf += cc;
+ len2 += cc;
+ len -= cc;
+ }
} while (len > 0);
return(len2);
}
char *service = SAMPLE_SERVICE;
if (argc != 2 && argc != 3 && argc != 4) {
- fprintf(stderr, "usage: %s <hostname> [port] [service]\n",argv[0]);
- exit(1);
+ fprintf(stderr, "usage: %s <hostname> [port] [service]\n",argv[0]);
+ exit(1);
}
retval = krb5_init_context(&context);
if (retval) {
- com_err(argv[0], retval, "while initializing krb5");
- exit(1);
+ com_err(argv[0], retval, "while initializing krb5");
+ exit(1);
}
(void) signal(SIGPIPE, SIG_IGN);
if (argc > 2)
- portstr = argv[2];
+ portstr = argv[2];
else
- portstr = SAMPLE_PORT;
+ portstr = SAMPLE_PORT;
memset(&aihints, 0, sizeof(aihints));
aihints.ai_socktype = SOCK_STREAM;
aierr = getaddrinfo(argv[1], portstr, &aihints, &ap);
if (aierr) {
- fprintf(stderr, "%s: error looking up host '%s' port '%s'/tcp: %s\n",
- argv[0], argv[1], portstr, gai_strerror(aierr));
- exit(1);
+ fprintf(stderr, "%s: error looking up host '%s' port '%s'/tcp: %s\n",
+ argv[0], argv[1], portstr, gai_strerror(aierr));
+ exit(1);
}
if (ap == 0) {
- /* Should never happen. */
- fprintf(stderr, "%s: error looking up host '%s' port '%s'/tcp: no addresses returned?\n",
- argv[0], argv[1], portstr);
- exit(1);
+ /* Should never happen. */
+ fprintf(stderr, "%s: error looking up host '%s' port '%s'/tcp: no addresses returned?\n",
+ argv[0], argv[1], portstr);
+ exit(1);
}
if (argc > 3) {
- service = argv[3];
+ service = argv[3];
}
retval = krb5_sname_to_principal(context, argv[1], service,
- KRB5_NT_SRV_HST, &server);
+ KRB5_NT_SRV_HST, &server);
if (retval) {
- com_err(argv[0], retval, "while creating server name for host %s service %s",
- argv[1], service);
- exit(1);
+ com_err(argv[0], retval, "while creating server name for host %s service %s",
+ argv[1], service);
+ exit(1);
}
/* set up the address of the foreign socket for connect() */
apstart = ap; /* For freeing later */
for (sock = -1; ap && sock == -1; ap = ap->ai_next) {
- char abuf[NI_MAXHOST], pbuf[NI_MAXSERV];
- char mbuf[NI_MAXHOST + NI_MAXSERV + 64];
- if (getnameinfo(ap->ai_addr, ap->ai_addrlen, abuf, sizeof(abuf),
- pbuf, sizeof(pbuf), NI_NUMERICHOST | NI_NUMERICSERV)) {
- memset(abuf, 0, sizeof(abuf));
- memset(pbuf, 0, sizeof(pbuf));
- strncpy(abuf, "[error, cannot print address?]",
- sizeof(abuf)-1);
- strncpy(pbuf, "[?]", sizeof(pbuf)-1);
- }
- memset(mbuf, 0, sizeof(mbuf));
- strncpy(mbuf, "error contacting ", sizeof(mbuf)-1);
- strncat(mbuf, abuf, sizeof(mbuf) - strlen(mbuf) - 1);
- strncat(mbuf, " port ", sizeof(mbuf) - strlen(mbuf) - 1);
- strncat(mbuf, pbuf, sizeof(mbuf) - strlen(mbuf) - 1);
- sock = socket(ap->ai_family, SOCK_STREAM, 0);
- if (sock < 0) {
- fprintf(stderr, "%s: socket: %s\n", mbuf, strerror(errno));
- continue;
- }
- if (connect(sock, ap->ai_addr, ap->ai_addrlen) < 0) {
- fprintf(stderr, "%s: connect: %s\n", mbuf, strerror(errno));
- close(sock);
- sock = -1;
- continue;
- }
- /* connected, yay! */
+ char abuf[NI_MAXHOST], pbuf[NI_MAXSERV];
+ char mbuf[NI_MAXHOST + NI_MAXSERV + 64];
+ if (getnameinfo(ap->ai_addr, ap->ai_addrlen, abuf, sizeof(abuf),
+ pbuf, sizeof(pbuf), NI_NUMERICHOST | NI_NUMERICSERV)) {
+ memset(abuf, 0, sizeof(abuf));
+ memset(pbuf, 0, sizeof(pbuf));
+ strncpy(abuf, "[error, cannot print address?]",
+ sizeof(abuf)-1);
+ strncpy(pbuf, "[?]", sizeof(pbuf)-1);
+ }
+ memset(mbuf, 0, sizeof(mbuf));
+ strncpy(mbuf, "error contacting ", sizeof(mbuf)-1);
+ strncat(mbuf, abuf, sizeof(mbuf) - strlen(mbuf) - 1);
+ strncat(mbuf, " port ", sizeof(mbuf) - strlen(mbuf) - 1);
+ strncat(mbuf, pbuf, sizeof(mbuf) - strlen(mbuf) - 1);
+ sock = socket(ap->ai_family, SOCK_STREAM, 0);
+ if (sock < 0) {
+ fprintf(stderr, "%s: socket: %s\n", mbuf, strerror(errno));
+ continue;
+ }
+ if (connect(sock, ap->ai_addr, ap->ai_addrlen) < 0) {
+ fprintf(stderr, "%s: connect: %s\n", mbuf, strerror(errno));
+ close(sock);
+ sock = -1;
+ continue;
+ }
+ /* connected, yay! */
}
if (sock == -1)
- /* Already printed error message above. */
- exit(1);
+ /* Already printed error message above. */
+ exit(1);
printf("connected\n");
cksum_data.data = argv[1];
retval = krb5_cc_default(context, &ccdef);
if (retval) {
- com_err(argv[0], retval, "while getting default ccache");
- exit(1);
+ com_err(argv[0], retval, "while getting default ccache");
+ exit(1);
}
retval = krb5_cc_get_principal(context, ccdef, &client);
if (retval) {
- com_err(argv[0], retval, "while getting client principal name");
- exit(1);
+ com_err(argv[0], retval, "while getting client principal name");
+ exit(1);
}
retval = krb5_sendauth(context, &auth_context, (krb5_pointer) &sock,
- SAMPLE_VERSION, client, server,
- AP_OPTS_MUTUAL_REQUIRED,
- &cksum_data,
- 0, /* no creds, use ccache instead */
- ccdef, &err_ret, &rep_ret, NULL);
+ SAMPLE_VERSION, client, server,
+ AP_OPTS_MUTUAL_REQUIRED,
+ &cksum_data,
+ 0, /* no creds, use ccache instead */
+ ccdef, &err_ret, &rep_ret, NULL);
- krb5_free_principal(context, server); /* finished using it */
+ krb5_free_principal(context, server); /* finished using it */
krb5_free_principal(context, client);
krb5_cc_close(context, ccdef);
if (auth_context) krb5_auth_con_free(context, auth_context);
if (retval && retval != KRB5_SENDAUTH_REJECTED) {
- com_err(argv[0], retval, "while using sendauth");
- exit(1);
+ com_err(argv[0], retval, "while using sendauth");
+ exit(1);
}
if (retval == KRB5_SENDAUTH_REJECTED) {
- /* got an error */
- printf("sendauth rejected, error reply is:\n\t\"%*s\"\n",
- err_ret->text.length, err_ret->text.data);
+ /* got an error */
+ printf("sendauth rejected, error reply is:\n\t\"%*s\"\n",
+ err_ret->text.length, err_ret->text.data);
} else if (rep_ret) {
- /* got a reply */
- krb5_free_ap_rep_enc_part(context, rep_ret);
+ /* got a reply */
+ krb5_free_ap_rep_enc_part(context, rep_ret);
- printf("sendauth succeeded, reply is:\n");
- if ((retval = net_read(sock, (char *)&xmitlen,
- sizeof(xmitlen))) <= 0) {
- if (retval == 0)
- errno = ECONNABORTED;
- com_err(argv[0], errno, "while reading data from server");
- exit(1);
- }
- recv_data.length = ntohs(xmitlen);
- if (!(recv_data.data = (char *)malloc((size_t) recv_data.length + 1))) {
- com_err(argv[0], ENOMEM,
- "while allocating buffer to read from server");
- exit(1);
- }
- if ((retval = net_read(sock, (char *)recv_data.data,
- recv_data.length)) <= 0) {
- if (retval == 0)
- errno = ECONNABORTED;
- com_err(argv[0], errno, "while reading data from server");
- exit(1);
- }
- recv_data.data[recv_data.length] = '\0';
- printf("reply len %d, contents:\n%s\n",
- recv_data.length,recv_data.data);
- free(recv_data.data);
+ printf("sendauth succeeded, reply is:\n");
+ if ((retval = net_read(sock, (char *)&xmitlen,
+ sizeof(xmitlen))) <= 0) {
+ if (retval == 0)
+ errno = ECONNABORTED;
+ com_err(argv[0], errno, "while reading data from server");
+ exit(1);
+ }
+ recv_data.length = ntohs(xmitlen);
+ if (!(recv_data.data = (char *)malloc((size_t) recv_data.length + 1))) {
+ com_err(argv[0], ENOMEM,
+ "while allocating buffer to read from server");
+ exit(1);
+ }
+ if ((retval = net_read(sock, (char *)recv_data.data,
+ recv_data.length)) <= 0) {
+ if (retval == 0)
+ errno = ECONNABORTED;
+ com_err(argv[0], errno, "while reading data from server");
+ exit(1);
+ }
+ recv_data.data[recv_data.length] = '\0';
+ printf("reply len %d, contents:\n%s\n",
+ recv_data.length,recv_data.data);
+ free(recv_data.data);
} else {
- com_err(argv[0], 0, "no error or reply from sendauth!");
- exit(1);
+ com_err(argv[0], 0, "no error or reply from sendauth!");
+ exit(1);
}
freeaddrinfo(apstart);
krb5_free_context(context);
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* appl/sample/sserver/sserver.c
*
#define DEBUG
static void
-usage(name)
- char *name;
+usage(char *name)
{
- fprintf(stderr, "usage: %s [-p port] [-s service] [-S keytab]\n",
- name);
+ fprintf(stderr, "usage: %s [-p port] [-s service] [-S keytab]\n",
+ name);
}
int
-main(argc, argv)
- int argc;
- char *argv[];
+main(int argc, char *argv[])
{
krb5_context context;
krb5_auth_context auth_context = NULL;
krb5_ticket * ticket;
struct sockaddr_in peername;
GETPEERNAME_ARG3_TYPE namelen = sizeof(peername);
- int sock = -1; /* incoming connection fd */
+ int sock = -1; /* incoming connection fd */
krb5_data recv_data;
short xmitlen;
krb5_error_code retval;
char repbuf[BUFSIZ];
char *cname;
char *service = SAMPLE_SERVICE;
- short port = 0; /* If user specifies port */
+ short port = 0; /* If user specifies port */
extern int opterr, optind;
extern char * optarg;
int ch;
- krb5_keytab keytab = NULL; /* Allow specification on command line */
+ krb5_keytab keytab = NULL; /* Allow specification on command line */
char *progname;
int on = 1;
retval = krb5_init_context(&context);
if (retval) {
- com_err(argv[0], retval, "while initializing krb5");
- exit(1);
+ com_err(argv[0], retval, "while initializing krb5");
+ exit(1);
}
/* open a log connection */
*
*/
opterr = 0;
- while ((ch = getopt(argc, argv, "p:S:s:")) != -1)
- switch (ch) {
- case 'p':
- port = atoi(optarg);
- break;
- case 's':
- service = optarg;
- break;
- case 'S':
- if ((retval = krb5_kt_resolve(context, optarg, &keytab))) {
- com_err(progname, retval,
- "while resolving keytab file %s", optarg);
- exit(2);
- }
- break;
-
- case '?':
- default:
- usage(progname);
- exit(1);
- break;
+ while ((ch = getopt(argc, argv, "p:S:s:")) != -1) {
+ switch (ch) {
+ case 'p':
+ port = atoi(optarg);
+ break;
+ case 's':
+ service = optarg;
+ break;
+ case 'S':
+ if ((retval = krb5_kt_resolve(context, optarg, &keytab))) {
+ com_err(progname, retval,
+ "while resolving keytab file %s", optarg);
+ exit(2);
+ }
+ break;
+
+ case '?':
+ default:
+ usage(progname);
+ exit(1);
+ break;
+ }
}
argc -= optind;
/* Backwards compatibility, allow port to be specified at end */
if (argc > 1) {
- port = atoi(argv[1]);
+ port = atoi(argv[1]);
}
retval = krb5_sname_to_principal(context, NULL, service,
- KRB5_NT_SRV_HST, &server);
+ KRB5_NT_SRV_HST, &server);
if (retval) {
- syslog(LOG_ERR, "while generating service name (%s): %s",
- service, error_message(retval));
- exit(1);
+ syslog(LOG_ERR, "while generating service name (%s): %s",
+ service, error_message(retval));
+ exit(1);
}
/*
*/
if (port) {
- int acc;
- struct sockaddr_in sockin;
-
- if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
- syslog(LOG_ERR, "socket: %m");
- exit(3);
- }
- /* Let the socket be reused right away */
- (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&on,
- sizeof(on));
-
- sockin.sin_family = AF_INET;
- sockin.sin_addr.s_addr = 0;
- sockin.sin_port = htons(port);
- if (bind(sock, (struct sockaddr *) &sockin, sizeof(sockin))) {
- syslog(LOG_ERR, "bind: %m");
- exit(3);
- }
- if (listen(sock, 1) == -1) {
- syslog(LOG_ERR, "listen: %m");
- exit(3);
- }
- if ((acc = accept(sock, (struct sockaddr *)&peername, &namelen)) == -1){
- syslog(LOG_ERR, "accept: %m");
- exit(3);
- }
- dup2(acc, 0);
- close(sock);
- sock = 0;
+ int acc;
+ struct sockaddr_in sockin;
+
+ if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
+ syslog(LOG_ERR, "socket: %m");
+ exit(3);
+ }
+ /* Let the socket be reused right away */
+ (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&on,
+ sizeof(on));
+
+ sockin.sin_family = AF_INET;
+ sockin.sin_addr.s_addr = 0;
+ sockin.sin_port = htons(port);
+ if (bind(sock, (struct sockaddr *) &sockin, sizeof(sockin))) {
+ syslog(LOG_ERR, "bind: %m");
+ exit(3);
+ }
+ if (listen(sock, 1) == -1) {
+ syslog(LOG_ERR, "listen: %m");
+ exit(3);
+ }
+ if ((acc = accept(sock, (struct sockaddr *)&peername, &namelen)) == -1){
+ syslog(LOG_ERR, "accept: %m");
+ exit(3);
+ }
+ dup2(acc, 0);
+ close(sock);
+ sock = 0;
} else {
- /*
- * To verify authenticity, we need to know the address of the
- * client.
- */
- if (getpeername(0, (struct sockaddr *)&peername, &namelen) < 0) {
- syslog(LOG_ERR, "getpeername: %m");
- exit(1);
- }
- sock = 0;
+ /*
+ * To verify authenticity, we need to know the address of the
+ * client.
+ */
+ if (getpeername(0, (struct sockaddr *)&peername, &namelen) < 0) {
+ syslog(LOG_ERR, "getpeername: %m");
+ exit(1);
+ }
+ sock = 0;
}
retval = krb5_recvauth(context, &auth_context, (krb5_pointer)&sock,
- SAMPLE_VERSION, server,
- 0, /* no flags */
- keytab, /* default keytab is NULL */
- &ticket);
+ SAMPLE_VERSION, server,
+ 0, /* no flags */
+ keytab, /* default keytab is NULL */
+ &ticket);
if (retval) {
- syslog(LOG_ERR, "recvauth failed--%s", error_message(retval));
- exit(1);
+ syslog(LOG_ERR, "recvauth failed--%s", error_message(retval));
+ exit(1);
}
/* Get client name */
repbuf[sizeof(repbuf) - 1] = '\0';
retval = krb5_unparse_name(context, ticket->enc_part2->client, &cname);
if (retval){
- syslog(LOG_ERR, "unparse failed: %s", error_message(retval));
- strncpy(repbuf, "You are <unparse error>\n", sizeof(repbuf) - 1);
+ syslog(LOG_ERR, "unparse failed: %s", error_message(retval));
+ strncpy(repbuf, "You are <unparse error>\n", sizeof(repbuf) - 1);
} else {
- strncpy(repbuf, "You are ", sizeof(repbuf) - 1);
- strncat(repbuf, cname, sizeof(repbuf) - 1 - strlen(repbuf));
- strncat(repbuf, "\n", sizeof(repbuf) - 1 - strlen(repbuf));
- free(cname);
+ strncpy(repbuf, "You are ", sizeof(repbuf) - 1);
+ strncat(repbuf, cname, sizeof(repbuf) - 1 - strlen(repbuf));
+ strncat(repbuf, "\n", sizeof(repbuf) - 1 - strlen(repbuf));
+ free(cname);
}
xmitlen = htons(strlen(repbuf));
recv_data.length = strlen(repbuf);
recv_data.data = repbuf;
if ((retval = krb5_net_write(context, 0, (char *)&xmitlen,
- sizeof(xmitlen))) < 0) {
- syslog(LOG_ERR, "%m: while writing len to client");
- exit(1);
+ sizeof(xmitlen))) < 0) {
+ syslog(LOG_ERR, "%m: while writing len to client");
+ exit(1);
}
if ((retval = krb5_net_write(context, 0, (char *)recv_data.data,
- recv_data.length)) < 0) {
- syslog(LOG_ERR, "%m: while writing data to client");
- exit(1);
+ recv_data.length)) < 0) {
+ syslog(LOG_ERR, "%m: while writing data to client");
+ exit(1);
}
krb5_free_ticket(context, ticket);
if(keytab)
- krb5_kt_close(context, keytab);
+ krb5_kt_close(context, keytab);
krb5_free_principal(context, server);
krb5_auth_con_free(context, auth_context);
krb5_free_context(context);
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* appl/simple/client/sim_client.c
*
#define MAXHOSTNAMELEN 64
#endif
-#define MSG "hi there!" /* message text */
+#define MSG "hi there!" /* message text */
void usage (char *);
void
-usage(name)
- char *name;
+usage(char *name)
{
- fprintf(stderr, "usage: %s [-p port] [-h host] [-m message] [-s service] [host]\n", name);
+ fprintf(stderr, "usage: %s [-p port] [-h host] [-m message] [-s service] [host]\n", name);
}
int
-main(argc, argv)
- int argc;
- char *argv[];
+main(int argc, char *argv[])
{
int sock, i;
unsigned int len;
- int flags = 0; /* flags for sendto() */
+ int flags = 0; /* flags for sendto() */
struct servent *serv;
struct hostent *host;
char *cp;
#ifdef BROKEN_STREAMS_SOCKETS
char my_hostname[MAXHOSTNAMELEN];
#endif
- struct sockaddr_in s_sock; /* server address */
- struct sockaddr_in c_sock; /* client address */
+ struct sockaddr_in s_sock; /* server address */
+ struct sockaddr_in c_sock; /* client address */
extern int opterr, optind;
extern char * optarg;
- int ch;
+ int ch;
short port = 0;
char *message = MSG;
krb5_ccache ccdef;
krb5_address addr, *portlocal_addr;
krb5_rcache rcache;
- krb5_data rcache_name;
+ krb5_data rcache_name;
- krb5_context context;
- krb5_auth_context auth_context = NULL;
+ krb5_context context;
+ krb5_auth_context auth_context = NULL;
retval = krb5_init_context(&context);
if (retval) {
- com_err(argv[0], retval, "while initializing krb5");
- exit(1);
+ com_err(argv[0], retval, "while initializing krb5");
+ exit(1);
}
progname = argv[0];
*/
opterr = 0;
while ((ch = getopt(argc, argv, "p:m:h:s:")) != -1)
- switch (ch) {
- case 'p':
- port = atoi(optarg);
- break;
- case 'm':
- message = optarg;
- break;
- case 'h':
- hostname = optarg;
- break;
- case 's':
- service = optarg;
- break;
- case '?':
- default:
- usage(progname);
- exit(1);
- break;
- }
+ switch (ch) {
+ case 'p':
+ port = atoi(optarg);
+ break;
+ case 'm':
+ message = optarg;
+ break;
+ case 'h':
+ hostname = optarg;
+ break;
+ case 's':
+ service = optarg;
+ break;
+ case '?':
+ default:
+ usage(progname);
+ exit(1);
+ break;
+ }
argc -= optind;
argv += optind;
if (argc > 0) {
- if (hostname)
- usage(progname);
- hostname = argv[0];
+ if (hostname)
+ usage(progname);
+ hostname = argv[0];
}
if (hostname == 0) {
- fprintf(stderr, "You must specify a hostname to contact.\n\n");
- usage(progname);
- exit(1);
+ fprintf(stderr, "You must specify a hostname to contact.\n\n");
+ usage(progname);
+ exit(1);
}
/* Look up server host */
if ((host = gethostbyname(hostname)) == (struct hostent *) 0) {
- fprintf(stderr, "%s: unknown host\n", hostname);
- exit(1);
+ fprintf(stderr, "%s: unknown host\n", hostname);
+ exit(1);
}
strncpy(full_hname, host->h_name, sizeof(full_hname)-1);
full_hname[sizeof(full_hname)-1] = '\0';
s_sock.sin_family = AF_INET;
if (port == 0) {
- /* Look up service */
- if ((serv = getservbyname(SIMPLE_PORT, "udp")) == NULL) {
- fprintf(stderr, "service unknown: %s/udp\n", SIMPLE_PORT);
- exit(1);
- }
- s_sock.sin_port = serv->s_port;
+ /* Look up service */
+ if ((serv = getservbyname(SIMPLE_PORT, "udp")) == NULL) {
+ fprintf(stderr, "service unknown: %s/udp\n", SIMPLE_PORT);
+ exit(1);
+ }
+ s_sock.sin_port = serv->s_port;
} else {
- s_sock.sin_port = htons(port);
+ s_sock.sin_port = htons(port);
}
/* Open a socket */
if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
- com_err(progname, errno, "opening datagram socket");
- exit(1);
+ com_err(progname, errno, "opening datagram socket");
+ exit(1);
}
memset(&c_sock, 0, sizeof(c_sock));
c_sock.sin_family = AF_INET;
#ifdef BROKEN_STREAMS_SOCKETS
if (gethostname(my_hostname, sizeof(my_hostname)) < 0) {
- perror("gethostname");
- exit(1);
+ perror("gethostname");
+ exit(1);
}
if ((host = gethostbyname(my_hostname)) == (struct hostent *)0) {
- fprintf(stderr, "%s: unknown host\n", hostname);
- exit(1);
+ fprintf(stderr, "%s: unknown host\n", hostname);
+ exit(1);
}
memcpy(&c_sock.sin_addr, host->h_addr, sizeof(c_sock.sin_addr));
#endif
/* Bind it to set the address; kernel will fill in port # */
if (bind(sock, (struct sockaddr *)&c_sock, sizeof(c_sock)) < 0) {
- com_err(progname, errno, "while binding datagram socket");
- exit(1);
+ com_err(progname, errno, "while binding datagram socket");
+ exit(1);
}
/* PREPARE KRB_AP_REQ MESSAGE */
/* Get credentials for server */
if ((retval = krb5_cc_default(context, &ccdef))) {
- com_err(progname, retval, "while getting default ccache");
- exit(1);
+ com_err(progname, retval, "while getting default ccache");
+ exit(1);
}
if ((retval = krb5_mk_req(context, &auth_context, 0, service, full_hname,
- &inbuf, ccdef, &packet))) {
- com_err(progname, retval, "while preparing AP_REQ");
- exit(1);
+ &inbuf, ccdef, &packet))) {
+ com_err(progname, retval, "while preparing AP_REQ");
+ exit(1);
}
printf("Got credentials for %s.\n", service);
properly bound for getsockname() below. */
if (connect(sock, (struct sockaddr *)&s_sock, sizeof(s_sock)) == -1) {
- com_err(progname, errno, "while connecting to server");
- exit(1);
+ com_err(progname, errno, "while connecting to server");
+ exit(1);
}
/* Send authentication info to server */
if ((i = send(sock, (char *)packet.data, (unsigned) packet.length,
- flags)) < 0)
- com_err(progname, errno, "while sending KRB_AP_REQ message");
+ flags)) < 0)
+ com_err(progname, errno, "while sending KRB_AP_REQ message");
printf("Sent authentication data: %d bytes\n", i);
krb5_free_data_contents(context, &packet);
memset(&c_sock, 0, sizeof(c_sock));
len = sizeof(c_sock);
if (getsockname(sock, (struct sockaddr *)&c_sock, &len) < 0) {
- com_err(progname, errno, "while getting socket name");
- exit(1);
+ com_err(progname, errno, "while getting socket name");
+ exit(1);
}
addr.addrtype = ADDRTYPE_IPPORT;
addr.length = sizeof(c_sock.sin_port);
addr.contents = (krb5_octet *)&c_sock.sin_port;
if ((retval = krb5_auth_con_setports(context, auth_context,
- &addr, NULL))) {
- com_err(progname, retval, "while setting local port\n");
- exit(1);
+ &addr, NULL))) {
+ com_err(progname, retval, "while setting local port\n");
+ exit(1);
}
addr.addrtype = ADDRTYPE_INET;
addr.length = sizeof(c_sock.sin_addr);
addr.contents = (krb5_octet *)&c_sock.sin_addr;
if ((retval = krb5_auth_con_setaddrs(context, auth_context,
- &addr, NULL))) {
- com_err(progname, retval, "while setting local addr\n");
- exit(1);
+ &addr, NULL))) {
+ com_err(progname, retval, "while setting local addr\n");
+ exit(1);
}
/* THIS IS UGLY */
if ((retval = krb5_gen_portaddr(context, &addr,
- (krb5_pointer) &c_sock.sin_port,
- &portlocal_addr))) {
- com_err(progname, retval, "while generating port address");
- exit(1);
+ (krb5_pointer) &c_sock.sin_port,
+ &portlocal_addr))) {
+ com_err(progname, retval, "while generating port address");
+ exit(1);
}
if ((retval = krb5_gen_replay_name(context,portlocal_addr,
- "_sim_clt",&cp))) {
- com_err(progname, retval, "while generating replay cache name");
- exit(1);
+ "_sim_clt",&cp))) {
+ com_err(progname, retval, "while generating replay cache name");
+ exit(1);
}
rcache_name.length = strlen(cp);
rcache_name.data = cp;
if ((retval = krb5_get_server_rcache(context, &rcache_name, &rcache))) {
- com_err(progname, retval, "while getting server rcache");
- exit(1);
+ com_err(progname, retval, "while getting server rcache");
+ exit(1);
}
/* set auth_context rcache */
inbuf.length = strlen(message);
if ((retval = krb5_mk_safe(context, auth_context, &inbuf, &packet, NULL))){
- com_err(progname, retval, "while making KRB_SAFE message");
- exit(1);
+ com_err(progname, retval, "while making KRB_SAFE message");
+ exit(1);
}
/* Send it */
if ((i = send(sock, (char *)packet.data, (unsigned) packet.length,
- flags)) < 0)
- com_err(progname, errno, "while sending SAFE message");
+ flags)) < 0)
+ com_err(progname, errno, "while sending SAFE message");
printf("Sent checksummed message: %d bytes\n", i);
krb5_free_data_contents(context, &packet);
/* Make the encrypted message */
if ((retval = krb5_mk_priv(context, auth_context, &inbuf,
- &packet, NULL))) {
- com_err(progname, retval, "while making KRB_PRIV message");
- exit(1);
+ &packet, NULL))) {
+ com_err(progname, retval, "while making KRB_PRIV message");
+ exit(1);
}
/* Send it */
if ((i = send(sock, (char *)packet.data, (unsigned) packet.length,
- flags)) < 0)
- com_err(progname, errno, "while sending PRIV message");
+ flags)) < 0)
+ com_err(progname, errno, "while sending PRIV message");
printf("Sent encrypted message: %d bytes\n", i);
krb5_free_data_contents(context, &packet);
retval = krb5_rc_destroy(context, rcache);
if (retval) {
- com_err(progname, retval, "while deleting replay cache");
- exit(1);
+ com_err(progname, retval, "while deleting replay cache");
+ exit(1);
}
krb5_auth_con_setrcache(context, auth_context, NULL);
krb5_auth_con_free(context, auth_context);
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* appl/simple/server/sim_server.c
*
#define PROGNAME argv[0]
static void
-usage(name)
- char *name;
+usage(char *name)
{
- fprintf(stderr, "usage: %s [-p port] [-s service] [-S keytab]\n", name);
+ fprintf(stderr, "usage: %s [-p port] [-s service] [-S keytab]\n", name);
}
int
-main(argc, argv)
-int argc;
-char *argv[];
+main(int argc, char *argv[])
{
int sock, i;
unsigned int len;
- int flags = 0; /* for recvfrom() */
+ int flags = 0; /* for recvfrom() */
int on = 1;
struct servent *serv;
struct hostent *host;
- struct sockaddr_in s_sock; /* server's address */
- struct sockaddr_in c_sock; /* client's address */
+ struct sockaddr_in s_sock; /* server's address */
+ struct sockaddr_in c_sock; /* client's address */
char full_hname[MAXHOSTNAMELEN];
char *cp;
extern int opterr, optind;
extern char * optarg;
- int ch;
+ int ch;
- short port = 0; /* If user specifies port */
- krb5_keytab keytab = NULL; /* Allow specification on command line */
+ short port = 0; /* If user specifies port */
+ krb5_keytab keytab = NULL; /* Allow specification on command line */
char *service = SIMPLE_SERVICE;
krb5_error_code retval;
retval = krb5_init_context(&context);
if (retval) {
- com_err(argv[0], retval, "while initializing krb5");
- exit(1);
+ com_err(argv[0], retval, "while initializing krb5");
+ exit(1);
}
/*
*
*/
opterr = 0;
- while ((ch = getopt(argc, argv, "p:s:S:")) != -1)
- switch (ch) {
- case 'p':
- port = atoi(optarg);
- break;
- case 's':
- service = optarg;
- break;
- case 'S':
- if ((retval = krb5_kt_resolve(context, optarg, &keytab))) {
- com_err(PROGNAME, retval,
- "while resolving keytab file %s", optarg);
- exit(2);
- }
- break;
-
- case '?':
- default:
- usage(PROGNAME);
- exit(1);
- break;
+ while ((ch = getopt(argc, argv, "p:s:S:")) != -1) {
+ switch (ch) {
+ case 'p':
+ port = atoi(optarg);
+ break;
+ case 's':
+ service = optarg;
+ break;
+ case 'S':
+ if ((retval = krb5_kt_resolve(context, optarg, &keytab))) {
+ com_err(PROGNAME, retval,
+ "while resolving keytab file %s", optarg);
+ exit(2);
+ }
+ break;
+
+ case '?':
+ default:
+ usage(PROGNAME);
+ exit(1);
+ break;
+ }
}
if ((retval = krb5_sname_to_principal(context, NULL, service,
- KRB5_NT_SRV_HST, &sprinc))) {
- com_err(PROGNAME, retval, "while generating service name %s", service);
- exit(1);
+ KRB5_NT_SRV_HST, &sprinc))) {
+ com_err(PROGNAME, retval, "while generating service name %s", service);
+ exit(1);
}
/* Set up server address */
s_sock.sin_family = AF_INET;
if (port == 0) {
- /* Look up service */
- if ((serv = getservbyname(SIMPLE_PORT, "udp")) == NULL) {
- fprintf(stderr, "service unknown: %s/udp\n", SIMPLE_PORT);
- exit(1);
- }
- s_sock.sin_port = serv->s_port;
+ /* Look up service */
+ if ((serv = getservbyname(SIMPLE_PORT, "udp")) == NULL) {
+ fprintf(stderr, "service unknown: %s/udp\n", SIMPLE_PORT);
+ exit(1);
+ }
+ s_sock.sin_port = serv->s_port;
} else {
- s_sock.sin_port = htons(port);
+ s_sock.sin_port = htons(port);
}
if (gethostname(full_hname, sizeof(full_hname)) < 0) {
- perror("gethostname");
- exit(1);
+ perror("gethostname");
+ exit(1);
}
if ((host = gethostbyname(full_hname)) == (struct hostent *)0) {
- fprintf(stderr, "%s: host unknown\n", full_hname);
- exit(1);
+ fprintf(stderr, "%s: host unknown\n", full_hname);
+ exit(1);
}
memcpy(&s_sock.sin_addr, host->h_addr, sizeof(s_sock.sin_addr));
/* Open socket */
if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
- perror("opening datagram socket");
- exit(1);
+ perror("opening datagram socket");
+ exit(1);
}
- /* Let the socket be reused right away */
- (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&on,
- sizeof(on));
+ /* Let the socket be reused right away */
+ (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&on,
+ sizeof(on));
/* Bind the socket */
if (bind(sock, (struct sockaddr *)&s_sock, sizeof(s_sock))) {
- perror("binding datagram socket");
- exit(1);
+ perror("binding datagram socket");
+ exit(1);
}
#ifdef DEBUG
/* use "recvfrom" so we know client's address */
len = sizeof(struct sockaddr_in);
if ((i = recvfrom(sock, (char *)pktbuf, sizeof(pktbuf), flags,
- (struct sockaddr *)&c_sock, &len)) < 0) {
- perror("receiving datagram");
- exit(1);
+ (struct sockaddr *)&c_sock, &len)) < 0) {
+ perror("receiving datagram");
+ exit(1);
}
printf("Received %d bytes\n", i);
/* Check authentication info */
if ((retval = krb5_rd_req(context, &auth_context, &packet,
- sprinc, keytab, NULL, &ticket))) {
- com_err(PROGNAME, retval, "while reading request");
- exit(1);
+ sprinc, keytab, NULL, &ticket))) {
+ com_err(PROGNAME, retval, "while reading request");
+ exit(1);
}
if ((retval = krb5_unparse_name(context, ticket->enc_part2->client,
- &cp))) {
- com_err(PROGNAME, retval, "while unparsing client name");
- exit(1);
+ &cp))) {
+ com_err(PROGNAME, retval, "while unparsing client name");
+ exit(1);
}
printf("Got authentication info from %s\n", cp);
free(cp);
addr.length = sizeof(c_sock.sin_addr);
addr.contents = (krb5_octet *)&c_sock.sin_addr;
if ((retval = krb5_auth_con_setaddrs(context, auth_context,
- NULL, &addr))) {
- com_err(PROGNAME, retval, "while setting foreign addr");
+ NULL, &addr))) {
+ com_err(PROGNAME, retval, "while setting foreign addr");
exit(1);
}
addr.length = sizeof(c_sock.sin_port);
addr.contents = (krb5_octet *)&c_sock.sin_port;
if ((retval = krb5_auth_con_setports(context, auth_context,
- NULL, &addr))) {
- com_err(PROGNAME, retval, "while setting foreign port");
+ NULL, &addr))) {
+ com_err(PROGNAME, retval, "while setting foreign port");
exit(1);
}
/* use "recvfrom" so we know client's address */
len = sizeof(struct sockaddr_in);
if ((i = recvfrom(sock, (char *)pktbuf, sizeof(pktbuf), flags,
- (struct sockaddr *)&c_sock, &len)) < 0) {
- perror("receiving datagram");
- exit(1);
+ (struct sockaddr *)&c_sock, &len)) < 0) {
+ perror("receiving datagram");
+ exit(1);
}
#ifdef DEBUG
printf("&c_sock.sin_addr is %s\n", inet_ntoa(c_sock.sin_addr));
packet.data = (krb5_pointer) pktbuf;
if ((retval = krb5_rd_safe(context, auth_context, &packet,
- &message, NULL))) {
- com_err(PROGNAME, retval, "while verifying SAFE message");
- exit(1);
+ &message, NULL))) {
+ com_err(PROGNAME, retval, "while verifying SAFE message");
+ exit(1);
}
printf("Safe message is: '%.*s'\n", (int) message.length, message.data);
/* use "recvfrom" so we know client's address */
len = sizeof(struct sockaddr_in);
if ((i = recvfrom(sock, (char *)pktbuf, sizeof(pktbuf), flags,
- (struct sockaddr *)&c_sock, &len)) < 0) {
- perror("receiving datagram");
- exit(1);
+ (struct sockaddr *)&c_sock, &len)) < 0) {
+ perror("receiving datagram");
+ exit(1);
}
printf("Received %d bytes\n", i);
packet.data = (krb5_pointer) pktbuf;
if ((retval = krb5_rd_priv(context, auth_context, &packet,
- &message, NULL))) {
- com_err(PROGNAME, retval, "while verifying PRIV message");
- exit(1);
+ &message, NULL))) {
+ com_err(PROGNAME, retval, "while verifying PRIV message");
+ exit(1);
}
printf("Decrypted message is: '%.*s'\n", (int) message.length,
- message.data);
+ message.data);
krb5_auth_con_free(context, auth_context);
krb5_free_context(context);
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* appl/simple/simple.h
*
* server & client applications.
*/
-#define SIMPLE_SERVICE "sample"
-#define SIMPLE_PORT "sample"
+#define SIMPLE_SERVICE "sample"
+#define SIMPLE_PORT "sample"
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* appl/user_user/client.c
*
#include "k5-int.h"
#include "com_err.h"
-int main (argc, argv)
-int argc;
-char *argv[];
+int main (int argc, char *argv[])
{
- int s;
- register int retval, i;
- char *hname; /* full name of server */
- char **srealms; /* realm(s) of server */
- char *princ; /* principal in credentials cache */
- struct servent *serv;
- struct hostent *host;
- struct sockaddr_in serv_net_addr, cli_net_addr;
- krb5_ccache cc;
- krb5_creds creds, *new_creds;
- krb5_data reply, msg, princ_data;
- krb5_auth_context auth_context = NULL;
- krb5_ticket * ticket = NULL;
- krb5_context context;
- unsigned short port;
-
- if (argc < 2 || argc > 4) {
- fputs ("usage: uu-client <hostname> [message [port]]\n", stderr);
- return 1;
- }
-
- retval = krb5_init_context(&context);
- if (retval) {
- com_err(argv[0], retval, "while initializing krb5");
- exit(1);
- }
-
- if (argc == 4) {
- port = htons(atoi(argv[3]));
- }
- else if ((serv = getservbyname ("uu-sample", "tcp")) == NULL)
- {
- fputs ("uu-client: unknown service \"uu-sample/tcp\"\n", stderr);
- return 2;
- } else {
- port = serv->s_port;
- }
-
- if ((host = gethostbyname (argv[1])) == NULL) {
- fprintf (stderr, "uu-client: can't get address of host \"%s\".\n",
- argv[1]);
- return 3;
- }
-
- if (host->h_addrtype != AF_INET) {
- fprintf (stderr, "uu-client: bad address type %d for \"%s\".\n",
- host->h_addrtype, argv[1]);
- return 3;
- }
-
- hname = strdup (host->h_name);
+ int s;
+ register int retval, i;
+ char *hname; /* full name of server */
+ char **srealms; /* realm(s) of server */
+ char *princ; /* principal in credentials cache */
+ struct servent *serv;
+ struct hostent *host;
+ struct sockaddr_in serv_net_addr, cli_net_addr;
+ krb5_ccache cc;
+ krb5_creds creds, *new_creds;
+ krb5_data reply, msg, princ_data;
+ krb5_auth_context auth_context = NULL;
+ krb5_ticket * ticket = NULL;
+ krb5_context context;
+ unsigned short port;
+
+ if (argc < 2 || argc > 4) {
+ fputs ("usage: uu-client <hostname> [message [port]]\n", stderr);
+ return 1;
+ }
+
+ retval = krb5_init_context(&context);
+ if (retval) {
+ com_err(argv[0], retval, "while initializing krb5");
+ exit(1);
+ }
+
+ if (argc == 4) {
+ port = htons(atoi(argv[3]));
+ }
+ else if ((serv = getservbyname ("uu-sample", "tcp")) == NULL)
+ {
+ fputs ("uu-client: unknown service \"uu-sample/tcp\"\n", stderr);
+ return 2;
+ } else {
+ port = serv->s_port;
+ }
+
+ if ((host = gethostbyname (argv[1])) == NULL) {
+ fprintf (stderr, "uu-client: can't get address of host \"%s\".\n",
+ argv[1]);
+ return 3;
+ }
+
+ if (host->h_addrtype != AF_INET) {
+ fprintf (stderr, "uu-client: bad address type %d for \"%s\".\n",
+ host->h_addrtype, argv[1]);
+ return 3;
+ }
+
+ hname = strdup (host->h_name);
#ifndef USE_STDOUT
- if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
- com_err ("uu-client", errno, "creating socket");
- return 4;
- } else {
- cli_net_addr.sin_family = AF_INET;
- cli_net_addr.sin_port = 0;
- cli_net_addr.sin_addr.s_addr = 0;
- if (bind (s, (struct sockaddr *)&cli_net_addr,
- sizeof (cli_net_addr)) < 0) {
- com_err ("uu-client", errno, "binding socket");
- return 4;
- }
- }
-
- serv_net_addr.sin_family = AF_INET;
- serv_net_addr.sin_port = port;
-
- i = 0;
- while (1) {
- if (host->h_addr_list[i] == 0) {
- fprintf (stderr, "uu-client: unable to connect to \"%s\"\n", hname);
- return 5;
- }
-
- memcpy (&serv_net_addr.sin_addr, host->h_addr_list[i++],
- sizeof(serv_net_addr.sin_addr));
-
- if (connect(s, (struct sockaddr *)&serv_net_addr,
- sizeof (serv_net_addr)) == 0)
- break;
- com_err ("uu-client", errno, "connecting to \"%s\" (%s).",
- hname, inet_ntoa(serv_net_addr.sin_addr));
- }
+ if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+ com_err ("uu-client", errno, "creating socket");
+ return 4;
+ } else {
+ cli_net_addr.sin_family = AF_INET;
+ cli_net_addr.sin_port = 0;
+ cli_net_addr.sin_addr.s_addr = 0;
+ if (bind (s, (struct sockaddr *)&cli_net_addr,
+ sizeof (cli_net_addr)) < 0) {
+ com_err ("uu-client", errno, "binding socket");
+ return 4;
+ }
+ }
+
+ serv_net_addr.sin_family = AF_INET;
+ serv_net_addr.sin_port = port;
+
+ i = 0;
+ while (1) {
+ if (host->h_addr_list[i] == 0) {
+ fprintf (stderr, "uu-client: unable to connect to \"%s\"\n", hname);
+ return 5;
+ }
+
+ memcpy (&serv_net_addr.sin_addr, host->h_addr_list[i++],
+ sizeof(serv_net_addr.sin_addr));
+
+ if (connect(s, (struct sockaddr *)&serv_net_addr,
+ sizeof (serv_net_addr)) == 0)
+ break;
+ com_err ("uu-client", errno, "connecting to \"%s\" (%s).",
+ hname, inet_ntoa(serv_net_addr.sin_addr));
+ }
#else
- s = 1;
+ s = 1;
#endif
- retval = krb5_cc_default(context, &cc);
- if (retval) {
- com_err("uu-client", retval, "getting credentials cache");
- return 6;
- }
-
- memset (&creds, 0, sizeof(creds));
-
- retval = krb5_cc_get_principal(context, cc, &creds.client);
- if (retval) {
- com_err("uu-client", retval, "getting principal name");
- return 6;
- }
-
- retval = krb5_unparse_name(context, creds.client, &princ);
- if (retval) {
- com_err("uu-client", retval, "printing principal name");
- return 7;
- }
- else
- fprintf(stderr, "uu-client: client principal is \"%s\".\n", princ);
-
- retval = krb5_get_host_realm(context, hname, &srealms);
- if (retval) {
- com_err("uu-client", retval, "getting realms for \"%s\"", hname);
- return 7;
- }
-
- retval =
- krb5_build_principal_ext(context, &creds.server,
- krb5_princ_realm(context, creds.client)->length,
- krb5_princ_realm(context, creds.client)->data,
- 6, "krbtgt",
- krb5_princ_realm(context, creds.client)->length,
- krb5_princ_realm(context, creds.client)->data,
- 0);
- if (retval) {
- com_err("uu-client", retval, "setting up tgt server name");
- return 7;
- }
-
- /* Get TGT from credentials cache */
- retval = krb5_get_credentials(context, KRB5_GC_CACHED, cc,
- &creds, &new_creds);
- if (retval) {
- com_err("uu-client", retval, "getting TGT");
- return 6;
- }
-
- i = strlen(princ) + 1;
-
- fprintf(stderr, "uu-client: sending %d bytes\n",new_creds->ticket.length + i);
- princ_data.data = princ;
- princ_data.length = i; /* include null terminator for
- server's convenience */
- retval = krb5_write_message(context, (krb5_pointer) &s, &princ_data);
- if (retval) {
- com_err("uu-client", retval, "sending principal name to server");
- return 8;
- }
-
- free(princ);
-
- retval = krb5_write_message(context, (krb5_pointer) &s, &new_creds->ticket);
- if (retval) {
- com_err("uu-client", retval, "sending ticket to server");
- return 8;
- }
-
- retval = krb5_read_message(context, (krb5_pointer) &s, &reply);
- if (retval) {
- com_err("uu-client", retval, "reading reply from server");
- return 9;
- }
-
- retval = krb5_auth_con_init(context, &auth_context);
- if (retval) {
- com_err("uu-client", retval, "initializing the auth_context");
- return 9;
- }
-
- retval =
- krb5_auth_con_genaddrs(context, auth_context, s,
- KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR |
- KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR);
- if (retval) {
- com_err("uu-client", retval, "generating addrs for auth_context");
- return 9;
+ retval = krb5_cc_default(context, &cc);
+ if (retval) {
+ com_err("uu-client", retval, "getting credentials cache");
+ return 6;
+ }
+
+ memset (&creds, 0, sizeof(creds));
+
+ retval = krb5_cc_get_principal(context, cc, &creds.client);
+ if (retval) {
+ com_err("uu-client", retval, "getting principal name");
+ return 6;
+ }
+
+ retval = krb5_unparse_name(context, creds.client, &princ);
+ if (retval) {
+ com_err("uu-client", retval, "printing principal name");
+ return 7;
}
+ else
+ fprintf(stderr, "uu-client: client principal is \"%s\".\n", princ);
- retval = krb5_auth_con_setflags(context, auth_context,
- KRB5_AUTH_CONTEXT_DO_SEQUENCE);
- if (retval) {
- com_err("uu-client", retval, "initializing the auth_context flags");
- return 9;
- }
+ retval = krb5_get_host_realm(context, hname, &srealms);
+ if (retval) {
+ com_err("uu-client", retval, "getting realms for \"%s\"", hname);
+ return 7;
+ }
- retval = krb5_auth_con_setuseruserkey(context, auth_context,
- &new_creds->keyblock);
- if (retval) {
- com_err("uu-client", retval, "setting useruserkey for authcontext");
- return 9;
- }
+ retval =
+ krb5_build_principal_ext(context, &creds.server,
+ krb5_princ_realm(context,
+ creds.client)->length,
+ krb5_princ_realm(context,
+ creds.client)->data,
+ 6, "krbtgt",
+ krb5_princ_realm(context,
+ creds.client)->length,
+ krb5_princ_realm(context,
+ creds.client)->data,
+ 0);
+ if (retval) {
+ com_err("uu-client", retval, "setting up tgt server name");
+ return 7;
+ }
+
+ /* Get TGT from credentials cache */
+ retval = krb5_get_credentials(context, KRB5_GC_CACHED, cc,
+ &creds, &new_creds);
+ if (retval) {
+ com_err("uu-client", retval, "getting TGT");
+ return 6;
+ }
+
+ i = strlen(princ) + 1;
+
+ fprintf(stderr, "uu-client: sending %d bytes\n",
+ new_creds->ticket.length + i);
+ princ_data.data = princ;
+ princ_data.length = i; /* include null terminator for
+ server's convenience */
+ retval = krb5_write_message(context, (krb5_pointer) &s, &princ_data);
+ if (retval) {
+ com_err("uu-client", retval, "sending principal name to server");
+ return 8;
+ }
+
+ free(princ);
+
+ retval = krb5_write_message(context, (krb5_pointer) &s,
+ &new_creds->ticket);
+ if (retval) {
+ com_err("uu-client", retval, "sending ticket to server");
+ return 8;
+ }
+
+ retval = krb5_read_message(context, (krb5_pointer) &s, &reply);
+ if (retval) {
+ com_err("uu-client", retval, "reading reply from server");
+ return 9;
+ }
+
+ retval = krb5_auth_con_init(context, &auth_context);
+ if (retval) {
+ com_err("uu-client", retval, "initializing the auth_context");
+ return 9;
+ }
+
+ retval =
+ krb5_auth_con_genaddrs(context, auth_context, s,
+ KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR |
+ KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR);
+ if (retval) {
+ com_err("uu-client", retval, "generating addrs for auth_context");
+ return 9;
+ }
+
+ retval = krb5_auth_con_setflags(context, auth_context,
+ KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+ if (retval) {
+ com_err("uu-client", retval, "initializing the auth_context flags");
+ return 9;
+ }
+
+ retval = krb5_auth_con_setuseruserkey(context, auth_context,
+ &new_creds->keyblock);
+ if (retval) {
+ com_err("uu-client", retval, "setting useruserkey for authcontext");
+ return 9;
+ }
#if 1
- /* read the ap_req to get the session key */
- retval = krb5_rd_req(context, &auth_context, &reply,
- NULL, NULL, NULL, &ticket);
- free(reply.data);
+ /* read the ap_req to get the session key */
+ retval = krb5_rd_req(context, &auth_context, &reply,
+ NULL, NULL, NULL, &ticket);
+ free(reply.data);
#else
- retval = krb5_recvauth(context, &auth_context, (krb5_pointer)&s, "???",
- 0, /* server */, 0, NULL, &ticket);
+ retval = krb5_recvauth(context, &auth_context, (krb5_pointer)&s, "???",
+ 0, /* server */, 0, NULL, &ticket);
#endif
- if (retval) {
- com_err("uu-client", retval, "reading AP_REQ from server");
- return 9;
- }
-
- retval = krb5_unparse_name(context, ticket->enc_part2->client, &princ);
- if (retval)
- com_err("uu-client", retval, "while unparsing client name");
- else {
- printf("server is named \"%s\"\n", princ);
- free(princ);
- }
-
- retval = krb5_read_message(context, (krb5_pointer) &s, &reply);
- if (retval) {
- com_err("uu-client", retval, "reading reply from server");
- return 9;
- }
-
- retval = krb5_rd_safe(context, auth_context, &reply, &msg, NULL);
- if (retval) {
- com_err("uu-client", retval, "decoding reply from server");
- return 10;
- }
-
- printf ("uu-client: server says \"%s\".\n", msg.data);
- return 0;
+ if (retval) {
+ com_err("uu-client", retval, "reading AP_REQ from server");
+ return 9;
+ }
+
+ retval = krb5_unparse_name(context, ticket->enc_part2->client, &princ);
+ if (retval)
+ com_err("uu-client", retval, "while unparsing client name");
+ else {
+ printf("server is named \"%s\"\n", princ);
+ free(princ);
+ }
+
+ retval = krb5_read_message(context, (krb5_pointer) &s, &reply);
+ if (retval) {
+ com_err("uu-client", retval, "reading reply from server");
+ return 9;
+ }
+
+ retval = krb5_rd_safe(context, auth_context, &reply, &msg, NULL);
+ if (retval) {
+ com_err("uu-client", retval, "decoding reply from server");
+ return 10;
+ }
+
+ printf ("uu-client: server says \"%s\".\n", msg.data);
+ return 0;
}
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* appl/user_user/server.c
*
/* fd 0 is a tcp socket used to talk to the client */
int main(argc, argv)
-int argc;
-char *argv[];
+ int argc;
+ char *argv[];
{
- krb5_data pname_data, tkt_data;
- int sock = 0;
- socklen_t l;
- int retval;
- struct sockaddr_in l_inaddr, f_inaddr; /* local, foreign address */
- krb5_creds creds, *new_creds;
- krb5_ccache cc;
- krb5_data msgtext, msg;
- krb5_context context;
+ krb5_data pname_data, tkt_data;
+ int sock = 0;
+ socklen_t l;
+ int retval;
+ struct sockaddr_in l_inaddr, f_inaddr; /* local, foreign address */
+ krb5_creds creds, *new_creds;
+ krb5_ccache cc;
+ krb5_data msgtext, msg;
+ krb5_context context;
krb5_auth_context auth_context = NULL;
#ifndef DEBUG
- freopen("/tmp/uu-server.log", "w", stderr);
+ freopen("/tmp/uu-server.log", "w", stderr);
#endif
- retval = krb5_init_context(&context);
- if (retval) {
- com_err(argv[0], retval, "while initializing krb5");
- exit(1);
- }
+ retval = krb5_init_context(&context);
+ if (retval) {
+ com_err(argv[0], retval, "while initializing krb5");
+ exit(1);
+ }
#ifdef DEBUG
- {
- int one = 1;
- int acc;
- struct servent *sp;
- socklen_t namelen = sizeof(f_inaddr);
-
- if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
- com_err("uu-server", errno, "creating socket");
- exit(3);
- }
-
- l_inaddr.sin_family = AF_INET;
- l_inaddr.sin_addr.s_addr = 0;
- if (!(sp = getservbyname("uu-sample", "tcp"))) {
- com_err("uu-server", 0, "can't find uu-sample/tcp service");
- exit(3);
- }
- (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof (one));
- l_inaddr.sin_port = sp->s_port;
- if (bind(sock, (struct sockaddr *)&l_inaddr, sizeof(l_inaddr))) {
- com_err("uu-server", errno, "binding socket");
- exit(3);
- }
- if (listen(sock, 1) == -1) {
- com_err("uu-server", errno, "listening");
- exit(3);
- }
- if ((acc = accept(sock, (struct sockaddr *)&f_inaddr, &namelen)) == -1) {
- com_err("uu-server", errno, "accepting");
- exit(3);
- }
- dup2(acc, 0);
- close(sock);
- sock = 0;
- }
+ {
+ int one = 1;
+ int acc;
+ struct servent *sp;
+ socklen_t namelen = sizeof(f_inaddr);
+
+ if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
+ com_err("uu-server", errno, "creating socket");
+ exit(3);
+ }
+
+ l_inaddr.sin_family = AF_INET;
+ l_inaddr.sin_addr.s_addr = 0;
+ if (!(sp = getservbyname("uu-sample", "tcp"))) {
+ com_err("uu-server", 0, "can't find uu-sample/tcp service");
+ exit(3);
+ }
+ (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof (one));
+ l_inaddr.sin_port = sp->s_port;
+ if (bind(sock, (struct sockaddr *)&l_inaddr, sizeof(l_inaddr))) {
+ com_err("uu-server", errno, "binding socket");
+ exit(3);
+ }
+ if (listen(sock, 1) == -1) {
+ com_err("uu-server", errno, "listening");
+ exit(3);
+ }
+ if ((acc = accept(sock, (struct sockaddr *)&f_inaddr, &namelen)) == -1) {
+ com_err("uu-server", errno, "accepting");
+ exit(3);
+ }
+ dup2(acc, 0);
+ close(sock);
+ sock = 0;
+ }
#endif
- retval = krb5_read_message(context, (krb5_pointer) &sock, &pname_data);
- if (retval) {
- com_err ("uu-server", retval, "reading pname");
- return 2;
- }
-
- retval = krb5_read_message(context, (krb5_pointer) &sock, &tkt_data);
- if (retval) {
- com_err ("uu-server", retval, "reading ticket data");
- return 2;
- }
-
- retval = krb5_cc_default(context, &cc);
- if (retval) {
- com_err("uu-server", retval, "getting credentials cache");
- return 4;
- }
-
- memset (&creds, 0, sizeof(creds));
- retval = krb5_cc_get_principal(context, cc, &creds.client);
- if (retval) {
- com_err("uu-client", retval, "getting principal name");
- return 6;
- }
-
- /* client sends it already null-terminated. */
- printf ("uu-server: client principal is \"%s\".\n", pname_data.data);
-
- retval = krb5_parse_name(context, pname_data.data, &creds.server);
- if (retval) {
- com_err("uu-server", retval, "parsing client name");
- return 3;
- }
-
- creds.second_ticket = tkt_data;
- printf ("uu-server: client ticket is %d bytes.\n",
- creds.second_ticket.length);
-
- retval = krb5_get_credentials(context, KRB5_GC_USER_USER, cc,
- &creds, &new_creds);
- if (retval) {
- com_err("uu-server", retval, "getting user-user ticket");
- return 5;
- }
+ retval = krb5_read_message(context, (krb5_pointer) &sock, &pname_data);
+ if (retval) {
+ com_err ("uu-server", retval, "reading pname");
+ return 2;
+ }
+
+ retval = krb5_read_message(context, (krb5_pointer) &sock, &tkt_data);
+ if (retval) {
+ com_err ("uu-server", retval, "reading ticket data");
+ return 2;
+ }
+
+ retval = krb5_cc_default(context, &cc);
+ if (retval) {
+ com_err("uu-server", retval, "getting credentials cache");
+ return 4;
+ }
+
+ memset (&creds, 0, sizeof(creds));
+ retval = krb5_cc_get_principal(context, cc, &creds.client);
+ if (retval) {
+ com_err("uu-client", retval, "getting principal name");
+ return 6;
+ }
+
+ /* client sends it already null-terminated. */
+ printf ("uu-server: client principal is \"%s\".\n", pname_data.data);
+
+ retval = krb5_parse_name(context, pname_data.data, &creds.server);
+ if (retval) {
+ com_err("uu-server", retval, "parsing client name");
+ return 3;
+ }
+
+ creds.second_ticket = tkt_data;
+ printf ("uu-server: client ticket is %d bytes.\n",
+ creds.second_ticket.length);
+
+ retval = krb5_get_credentials(context, KRB5_GC_USER_USER, cc,
+ &creds, &new_creds);
+ if (retval) {
+ com_err("uu-server", retval, "getting user-user ticket");
+ return 5;
+ }
#ifndef DEBUG
- l = sizeof(f_inaddr);
- if (getpeername(0, (struct sockaddr *)&f_inaddr, &l) == -1)
+ l = sizeof(f_inaddr);
+ if (getpeername(0, (struct sockaddr *)&f_inaddr, &l) == -1)
{
- com_err("uu-server", errno, "getting client address");
- return 6;
+ com_err("uu-server", errno, "getting client address");
+ return 6;
}
#endif
- l = sizeof(l_inaddr);
- if (getsockname(0, (struct sockaddr *)&l_inaddr, &l) == -1)
+ l = sizeof(l_inaddr);
+ if (getsockname(0, (struct sockaddr *)&l_inaddr, &l) == -1)
{
- com_err("uu-server", errno, "getting local address");
- return 6;
- }
-
- /* send a ticket/authenticator to the other side, so it can get the key
- we're using for the krb_safe below. */
-
- retval = krb5_auth_con_init(context, &auth_context);
- if (retval) {
- com_err("uu-server", retval, "making auth_context");
- return 8;
- }
-
- retval = krb5_auth_con_setflags(context, auth_context,
- KRB5_AUTH_CONTEXT_DO_SEQUENCE);
- if (retval) {
- com_err("uu-server", retval, "initializing the auth_context flags");
- return 8;
- }
-
- retval =
- krb5_auth_con_genaddrs(context, auth_context, sock,
- KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR |
- KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR);
- if (retval) {
- com_err("uu-server", retval, "generating addrs for auth_context");
- return 9;
- }
+ com_err("uu-server", errno, "getting local address");
+ return 6;
+ }
+
+ /* send a ticket/authenticator to the other side, so it can get the key
+ we're using for the krb_safe below. */
+
+ retval = krb5_auth_con_init(context, &auth_context);
+ if (retval) {
+ com_err("uu-server", retval, "making auth_context");
+ return 8;
+ }
+
+ retval = krb5_auth_con_setflags(context, auth_context,
+ KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+ if (retval) {
+ com_err("uu-server", retval, "initializing the auth_context flags");
+ return 8;
+ }
+
+ retval =
+ krb5_auth_con_genaddrs(context, auth_context, sock,
+ KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR |
+ KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR);
+ if (retval) {
+ com_err("uu-server", retval, "generating addrs for auth_context");
+ return 9;
+ }
#if 1
- retval = krb5_mk_req_extended(context, &auth_context,
- AP_OPTS_USE_SESSION_KEY,
- NULL, new_creds, &msg);
- if (retval) {
- com_err("uu-server", retval, "making AP_REQ");
- return 8;
- }
- retval = krb5_write_message(context, (krb5_pointer) &sock, &msg);
+ retval = krb5_mk_req_extended(context, &auth_context,
+ AP_OPTS_USE_SESSION_KEY,
+ NULL, new_creds, &msg);
+ if (retval) {
+ com_err("uu-server", retval, "making AP_REQ");
+ return 8;
+ }
+ retval = krb5_write_message(context, (krb5_pointer) &sock, &msg);
#else
- retval = krb5_sendauth(context, &auth_context, (krb5_pointer)&sock,"???", 0,
- 0, AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SESSION_KEY,
- NULL, &creds, cc, NULL, NULL, NULL);
+ retval = krb5_sendauth(context, &auth_context, (krb5_pointer)&sock, "???",
+ 0, 0,
+ AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SESSION_KEY,
+ NULL, &creds, cc, NULL, NULL, NULL);
#endif
- if (retval)
- goto cl_short_wrt;
+ if (retval)
+ goto cl_short_wrt;
- free(msg.data);
+ free(msg.data);
- msgtext.length = 32;
- msgtext.data = "Hello, other end of connection.";
+ msgtext.length = 32;
+ msgtext.data = "Hello, other end of connection.";
- retval = krb5_mk_safe(context, auth_context, &msgtext, &msg, NULL);
- if (retval) {
- com_err("uu-server", retval, "encoding message to client");
- return 6;
- }
+ retval = krb5_mk_safe(context, auth_context, &msgtext, &msg, NULL);
+ if (retval) {
+ com_err("uu-server", retval, "encoding message to client");
+ return 6;
+ }
- retval = krb5_write_message(context, (krb5_pointer) &sock, &msg);
- if (retval) {
- cl_short_wrt:
- com_err("uu-server", retval, "writing message to client");
- return 7;
- }
+ retval = krb5_write_message(context, (krb5_pointer) &sock, &msg);
+ if (retval) {
+ cl_short_wrt:
+ com_err("uu-server", retval, "writing message to client");
+ return 7;
+ }
- return 0;
+ return 0;
}