krb5_ccache cc;
krb5_creds creds, *new_creds;
krb5_data reply, msg, princ_data;
- krb5_auth_context auth_context = NULL;
- krb5_ticket * ticket = NULL;
- krb5_context context;
+ krb5_auth_context auth_context = NULL;
+ krb5_ticket * ticket = NULL;
+ krb5_context context;
unsigned short port;
- if (argc < 2 || argc > 4)
- {
+ if (argc < 2 || argc > 4) {
fputs ("usage: uu-client <hostname> [message [port]]\n", stderr);
return 1;
- }
+ }
retval = krb5_init_context(&context);
if (retval) {
- com_err(argv[0], retval, "while initializing krb5");
- exit(1);
+ com_err(argv[0], retval, "while initializing krb5");
+ exit(1);
}
- if (argc == 4)
- {
+ if (argc == 4) {
port = htons(atoi(argv[3]));
- }
+ }
else if ((serv = getservbyname ("uu-sample", "tcp")) == NULL)
- {
+ {
fputs ("uu-client: unknown service \"uu-sample/tcp\"\n", stderr);
return 2;
- }
- else
- {
+ } else {
port = serv->s_port;
- }
+ }
- if ((host = gethostbyname (argv[1])) == NULL)
- {
- fprintf (stderr, "uu-client: can't get address of host \"%s\".\n", argv[1]);
+ if ((host = gethostbyname (argv[1])) == NULL) {
+ fprintf (stderr, "uu-client: can't get address of host \"%s\".\n",
+ argv[1]);
return 3;
- }
-
- if (host->h_addrtype != AF_INET)
- {
+ }
+
+ if (host->h_addrtype != AF_INET) {
fprintf (stderr, "uu-client: bad address type %d for \"%s\".\n",
host->h_addrtype, argv[1]);
return 3;
- }
+ }
hname = strdup (host->h_name);
#ifndef USE_STDOUT
- if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0)
- {
+ if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
com_err ("uu-client", errno, "creating socket");
return 4;
- } else {
+ } else {
cli_net_addr.sin_family = AF_INET;
cli_net_addr.sin_port = 0;
cli_net_addr.sin_addr.s_addr = 0;
- if (bind (s, (struct sockaddr *)&cli_net_addr, sizeof (cli_net_addr)) < 0)
- {
+ if (bind (s, (struct sockaddr *)&cli_net_addr,
+ sizeof (cli_net_addr)) < 0) {
com_err ("uu-client", errno, "binding socket");
return 4;
- }
- }
-
+ }
+ }
+
serv_net_addr.sin_family = AF_INET;
serv_net_addr.sin_port = port;
i = 0;
- while (1)
- {
- if (host->h_addr_list[i] == 0)
- {
+ while (1) {
+ if (host->h_addr_list[i] == 0) {
fprintf (stderr, "uu-client: unable to connect to \"%s\"\n", hname);
return 5;
- }
+ }
+
memcpy ((char *)&serv_net_addr.sin_addr, host->h_addr_list[i++],
sizeof(serv_net_addr.sin_addr));
- if (connect(s, (struct sockaddr *)&serv_net_addr, sizeof (serv_net_addr)) == 0)
- break;
+
+ if (connect(s, (struct sockaddr *)&serv_net_addr,
+ sizeof (serv_net_addr)) == 0)
+ break;
com_err ("uu-client", errno, "connecting to \"%s\" (%s).",
hname, inet_ntoa(serv_net_addr.sin_addr));
- }
+ }
#else
s = 1;
#endif
- if (retval = krb5_cc_default(context, &cc))
- {
+ retval = krb5_cc_default(context, &cc);
+ if (retval) {
com_err("uu-client", retval, "getting credentials cache");
return 6;
- }
+ }
memset ((char*)&creds, 0, sizeof(creds));
- if (retval = krb5_cc_get_principal(context, cc, &creds.client))
- {
+
+ retval = krb5_cc_get_principal(context, cc, &creds.client);
+ if (retval) {
com_err("uu-client", retval, "getting principal name");
return 6;
- }
-
- if (retval = krb5_unparse_name(context, creds.client, &princ))
- com_err("uu-client", retval, "printing principal name");
+ }
+
+ retval = krb5_unparse_name(context, creds.client, &princ);
+ if (retval) {
+ com_err("uu-client", retval, "printing principal name");
+ return 7;
+ }
else
- fprintf(stderr, "uu-client: client principal is \"%s\".\n", princ);
+ fprintf(stderr, "uu-client: client principal is \"%s\".\n", princ);
- if (retval = krb5_get_host_realm(context, hname, &srealms))
- {
+ retval = krb5_get_host_realm(context, hname, &srealms);
+ if (retval) {
com_err("uu-client", retval, "getting realms for \"%s\"", hname);
return 7;
- }
+ }
- if (retval = krb5_build_principal_ext(context, &creds.server,
- krb5_princ_realm(context, creds.client)->length,
- krb5_princ_realm(context, creds.client)->data,
- 6, "krbtgt",
- krb5_princ_realm(context, creds.client)->length,
- krb5_princ_realm(context, creds.client)->data,
- 0))
- {
+ retval =
+ krb5_build_principal_ext(context, &creds.server,
+ krb5_princ_realm(context, creds.client)->length,
+ krb5_princ_realm(context, creds.client)->data,
+ 6, "krbtgt",
+ krb5_princ_realm(context, creds.client)->length,
+ krb5_princ_realm(context, creds.client)->data,
+ 0);
+ if (retval) {
com_err("uu-client", retval, "setting up tgt server name");
return 7;
- }
-
+ }
+
/* Get TGT from credentials cache */
- if (retval = krb5_get_credentials(context, KRB5_GC_CACHED, cc,
- &creds, &new_creds))
- {
+ retval = krb5_get_credentials(context, KRB5_GC_CACHED, cc,
+ &creds, &new_creds);
+ if (retval) {
com_err("uu-client", retval, "getting TGT");
return 6;
- }
+ }
i = strlen(princ) + 1;
princ_data.length = i; /* include null terminator for
server's convenience */
retval = krb5_write_message(context, (krb5_pointer) &s, &princ_data);
- if (retval)
- {
+ if (retval) {
com_err("uu-client", retval, "sending principal name to server");
return 8;
- }
+ }
+
free(princ);
+
retval = krb5_write_message(context, (krb5_pointer) &s, &new_creds->ticket);
- if (retval)
- {
+ if (retval) {
com_err("uu-client", retval, "sending ticket to server");
return 8;
- }
+ }
retval = krb5_read_message(context, (krb5_pointer) &s, &reply);
- if (retval)
- {
- com_err("uu-client", retval, "reading reply from server");
+ if (retval) {
+ com_err("uu-client", retval, "reading reply from server");
return 9;
- }
-
- if (retval = krb5_auth_con_init(context, &auth_context)) {
- com_err("uu-client", retval, "initializing the auth_context");
- return 9;
- }
+ }
- if (retval = krb5_auth_con_genaddrs(context, auth_context, s,
- KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR |
- KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR)) {
- com_err("uu-client", retval, "generating addrs for auth_context");
+ retval = krb5_auth_con_init(context, &auth_context);
+ if (retval) {
+ com_err("uu-client", retval, "initializing the auth_context");
+ return 9;
+ }
+
+ retval =
+ krb5_auth_con_genaddrs(context, auth_context, s,
+ KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR |
+ KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR);
+ if (retval) {
+ com_err("uu-client", retval, "generating addrs for auth_context");
return 9;
}
- if (retval = krb5_auth_con_setflags(context, auth_context,
- KRB5_AUTH_CONTEXT_DO_SEQUENCE)) {
- com_err("uu-client", retval, "initializing the auth_context flags");
- return 9;
- }
-
- if (retval = krb5_auth_con_setuseruserkey(context, auth_context,
- &new_creds->keyblock)) {
- com_err("uu-client", retval, "setting useruserkey for authcontext");
- return 9;
- }
-
+ retval = krb5_auth_con_setflags(context, auth_context,
+ KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+ if (retval) {
+ com_err("uu-client", retval, "initializing the auth_context flags");
+ return 9;
+ }
+
+ retval = krb5_auth_con_setuseruserkey(context, auth_context,
+ &new_creds->keyblock);
+ if (retval) {
+ com_err("uu-client", retval, "setting useruserkey for authcontext");
+ return 9;
+ }
+
#if 1
- /* read the ap_req to get the session key */
- retval = krb5_rd_req(context, &auth_context, &reply,
- NULL, NULL, NULL, &ticket);
- free(reply.data);
+ /* read the ap_req to get the session key */
+ retval = krb5_rd_req(context, &auth_context, &reply,
+ NULL, NULL, NULL, &ticket);
+ free(reply.data);
#else
- retval = krb5_recvauth(context, &auth_context, (krb5_pointer)&s, "???",
+ retval = krb5_recvauth(context, &auth_context, (krb5_pointer)&s, "???",
0, /* server */, 0, NULL, &ticket);
#endif
-
+
if (retval) {
com_err("uu-client", retval, "reading AP_REQ from server");
return 9;
}
- if (retval = krb5_unparse_name(context, ticket->enc_part2->client, &princ))
+
+ retval = krb5_unparse_name(context, ticket->enc_part2->client, &princ);
+ if (retval)
com_err("uu-client", retval, "while unparsing client name");
else {
printf("server is named \"%s\"\n", princ);
free(princ);
}
+
retval = krb5_read_message(context, (krb5_pointer) &s, &reply);
- if (retval)
- {
+ if (retval) {
com_err("uu-client", retval, "reading reply from server");
return 9;
- }
+ }
+
+ retval = krb5_rd_safe(context, auth_context, &reply, &msg, NULL);
+ if (retval) {
+ com_err("uu-client", retval, "decoding reply from server");
+ return 10;
+ }
- if (retval = krb5_rd_safe(context, auth_context, &reply, &msg, NULL)) {
- com_err("uu-client", retval, "decoding reply from server");
- return 10;
- }
- printf ("uu-client: server says \"%s\".\n", msg.data);
- return 0;
+ printf ("uu-client: server says \"%s\".\n", msg.data);
+ return 0;
}
#include <arpa/inet.h>
#include <netdb.h>
#include <stdio.h>
+#include <unistd.h>
#include <fcntl.h>
#include "krb5.h"
}
#ifdef DEBUG
- {
- int one = 1;
- int acc;
- struct servent *sp;
- int namelen = sizeof(f_inaddr);
-
- if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
- com_err("uu-server", errno, "creating socket");
- exit(3);
- }
-
- l_inaddr.sin_family = AF_INET;
- l_inaddr.sin_addr.s_addr = 0;
- if (!(sp = getservbyname("uu-sample", "tcp"))) {
- com_err("uu-server", 0, "can't find uu-sample/tcp service");
- exit(3);
- }
- (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof (one));
- l_inaddr.sin_port = sp->s_port;
- if (bind(sock, (struct sockaddr *)&l_inaddr, sizeof(l_inaddr))) {
- com_err("uu-server", errno, "binding socket");
- exit(3);
- }
- if (listen(sock, 1) == -1) {
- com_err("uu-server", errno, "listening");
- exit(3);
- }
- if ((acc = accept(sock, (struct sockaddr *)&f_inaddr, &namelen)) == -1) {
- com_err("uu-server", errno, "accepting");
- exit(3);
- }
- dup2(acc, 0);
- close(sock);
- sock = 0;
- }
+ {
+ int one = 1;
+ int acc;
+ struct servent *sp;
+ int namelen = sizeof(f_inaddr);
+
+ if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
+ com_err("uu-server", errno, "creating socket");
+ exit(3);
+ }
+
+ l_inaddr.sin_family = AF_INET;
+ l_inaddr.sin_addr.s_addr = 0;
+ if (!(sp = getservbyname("uu-sample", "tcp"))) {
+ com_err("uu-server", 0, "can't find uu-sample/tcp service");
+ exit(3);
+ }
+ (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof (one));
+ l_inaddr.sin_port = sp->s_port;
+ if (bind(sock, (struct sockaddr *)&l_inaddr, sizeof(l_inaddr))) {
+ com_err("uu-server", errno, "binding socket");
+ exit(3);
+ }
+ if (listen(sock, 1) == -1) {
+ com_err("uu-server", errno, "listening");
+ exit(3);
+ }
+ if ((acc = accept(sock, (struct sockaddr *)&f_inaddr, &namelen)) == -1) {
+ com_err("uu-server", errno, "accepting");
+ exit(3);
+ }
+ dup2(acc, 0);
+ close(sock);
+ sock = 0;
+ }
#endif
- if (retval = krb5_read_message(context, (krb5_pointer) &sock, &pname_data)) {
+
+ retval = krb5_read_message(context, (krb5_pointer) &sock, &pname_data);
+ if (retval) {
com_err ("uu-server", retval, "reading pname");
return 2;
}
- if (retval = krb5_read_message(context, (krb5_pointer) &sock, &tkt_data)) {
+
+ retval = krb5_read_message(context, (krb5_pointer) &sock, &tkt_data);
+ if (retval) {
com_err ("uu-server", retval, "reading ticket data");
return 2;
}
- if (retval = krb5_cc_default(context, &cc))
- {
+ retval = krb5_cc_default(context, &cc);
+ if (retval) {
com_err("uu-server", retval, "getting credentials cache");
return 4;
- }
+ }
memset ((char*)&creds, 0, sizeof(creds));
- if (retval = krb5_cc_get_principal(context, cc, &creds.client))
- {
+ retval = krb5_cc_get_principal(context, cc, &creds.client);
+ if (retval) {
com_err("uu-client", retval, "getting principal name");
return 6;
- }
+ }
/* client sends it already null-terminated. */
printf ("uu-server: client principal is \"%s\".\n", pname_data.data);
- if (retval = krb5_parse_name(context, pname_data.data, &creds.server))
- {
+ retval = krb5_parse_name(context, pname_data.data, &creds.server);
+ if (retval) {
com_err("uu-server", retval, "parsing client name");
return 3;
- }
+ }
+
creds.second_ticket = tkt_data;
printf ("uu-server: client ticket is %d bytes.\n",
creds.second_ticket.length);
- if (retval = krb5_get_credentials(context, KRB5_GC_USER_USER, cc,
- &creds, &new_creds))
- {
+ retval = krb5_get_credentials(context, KRB5_GC_USER_USER, cc,
+ &creds, &new_creds);
+ if (retval) {
com_err("uu-server", retval, "getting user-user ticket");
return 5;
- }
+ }
#ifndef DEBUG
l = sizeof(f_inaddr);
/* send a ticket/authenticator to the other side, so it can get the key
we're using for the krb_safe below. */
- if (retval = krb5_auth_con_init(context, &auth_context)) {
- com_err("uu-server", retval, "making auth_context");
- return 8;
- }
-
- if (retval = krb5_auth_con_setflags(context, auth_context,
- KRB5_AUTH_CONTEXT_DO_SEQUENCE)) {
- com_err("uu-server", retval, "initializing the auth_context flags");
- return 8;
- }
-
- if (retval = krb5_auth_con_genaddrs(context, auth_context, sock,
- KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR |
- KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR)) {
- com_err("uu-server", retval, "generating addrs for auth_context");
- return 9;
- }
+ retval = krb5_auth_con_init(context, &auth_context);
+ if (retval) {
+ com_err("uu-server", retval, "making auth_context");
+ return 8;
+ }
+ retval = krb5_auth_con_setflags(context, auth_context,
+ KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+ if (retval) {
+ com_err("uu-server", retval, "initializing the auth_context flags");
+ return 8;
+ }
+
+ retval =
+ krb5_auth_con_genaddrs(context, auth_context, sock,
+ KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR |
+ KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR);
+ if (retval) {
+ com_err("uu-server", retval, "generating addrs for auth_context");
+ return 9;
+ }
+
#if 1
- if (retval = krb5_mk_req_extended(context, &auth_context,
- AP_OPTS_USE_SESSION_KEY,
- NULL, new_creds, &msg)) {
- com_err("uu-server", retval, "making AP_REQ");
- return 8;
- }
- retval = krb5_write_message(context, (krb5_pointer) &sock, &msg);
+ retval = krb5_mk_req_extended(context, &auth_context,
+ AP_OPTS_USE_SESSION_KEY,
+ NULL, new_creds, &msg);
+ if (retval) {
+ com_err("uu-server", retval, "making AP_REQ");
+ return 8;
+ }
+ retval = krb5_write_message(context, (krb5_pointer) &sock, &msg);
#else
- retval = krb5_sendauth(context, &auth_context, (krb5_pointer)&sock,"???", 0,
- 0, AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SESSION_KEY,
- NULL, &creds, cc, NULL, NULL, NULL);
+ retval = krb5_sendauth(context, &auth_context, (krb5_pointer)&sock,"???", 0,
+ 0, AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SESSION_KEY,
+ NULL, &creds, cc, NULL, NULL, NULL);
#endif
if (retval)
goto cl_short_wrt;
-
+
free(msg.data);
-
+
msgtext.length = 32;
msgtext.data = "Hello, other end of connection.";
-
- if (retval = krb5_mk_safe(context, auth_context, &msgtext, &msg, NULL))
- {
+
+ retval = krb5_mk_safe(context, auth_context, &msgtext, &msg, NULL);
+ if (retval) {
com_err("uu-server", retval, "encoding message to client");
return 6;
- }
+ }
retval = krb5_write_message(context, (krb5_pointer) &sock, &msg);
- if (retval)
- {
- cl_short_wrt:
- com_err("uu-server", retval, "writing message to client");
+ if (retval) {
+ cl_short_wrt:
+ com_err("uu-server", retval, "writing message to client");
return 7;
- }
+ }
return 0;
}
projects / krb5.git / commitdiff