#include "krb5.h"
#include "com_err.h"
-krb5_error_code
-tgt_keyproc(context, keyprocarg, principal, vno, keytype, key)
- krb5_context context;
- krb5_pointer keyprocarg;
- krb5_principal principal;
- krb5_kvno vno;
- krb5_keytype keytype;
- krb5_keyblock ** key;
-{
- krb5_creds *creds = (krb5_creds *)keyprocarg;
-
- return krb5_copy_keyblock(context, &creds->keyblock, key);
-}
-
int main (argc, argv)
int argc;
char *argv[];
krb5_ccache cc;
krb5_creds creds, *new_creds;
krb5_data reply, msg, princ_data;
- krb5_tkt_authent *authdat;
- krb5_context context;
+ krb5_auth_context * auth_context = NULL;
+ krb5_ticket * ticket = NULL;
+ krb5_context context;
unsigned short port;
if (argc < 2 || argc > 4)
cli_addr.length = sizeof(cli_net_addr.sin_addr);
cli_addr.contents = (krb5_octet *)&cli_net_addr.sin_addr;
+ if (retval = krb5_auth_con_init(context, &auth_context)) {
+ com_err("uu-client", retval, "initializing the auth_context");
+ return 9;
+ }
+
+ if (retval = krb5_auth_con_setflags(context, auth_context,
+ KRB5_AUTH_CONTEXT_DO_SEQUENCE)) {
+ com_err("uu-client", retval, "initializing the auth_context flags");
+ return 9;
+ }
+
+ if (retval = krb5_auth_con_setaddrs(context, auth_context, &cli_addr,
+ &serv_addr)) {
+ com_err("uu-client", retval, "setting addresses for auth_context");
+ return 9;
+ }
+
+ if (retval = krb5_auth_con_setuseruserkey(context, auth_context,
+ &new_creds->keyblock)) {
+ com_err("uu-client", retval, "setting useruserkey for authcontext");
+ return 9;
+ }
+
#if 1
- /* read the ap_req to get the session key */
- retval = krb5_rd_req(context, &reply,
- 0, /* don't know server's name... */
- &serv_addr,
- 0, /* no fetchfrom */
- tgt_keyproc,
- (krb5_pointer)new_creds, /* credentials as arg to
- keyproc */
- 0, /* no rcache for the moment XXX */
- &authdat);
- free(reply.data);
+ /* read the ap_req to get the session key */
+ retval = krb5_rd_req(context, &auth_context, &reply,
+ NULL, NULL, NULL, &ticket);
+ free(reply.data);
#else
- retval = krb5_recvauth(context, (krb5_pointer)&s, "???",
- 0, /* server */
- &serv_addr, 0, tgt_keyproc, (krb5_pointer)new_creds,
- 0, 0,
- 0, 0, 0, 0);
+ retval = krb5_recvauth(context, &auth_context, (krb5_pointer)&s, "???",
+ 0, /* server */, NULL, 0, NULL, &ticket);
#endif
+
if (retval) {
com_err("uu-client", retval, "reading AP_REQ from server");
return 9;
}
- if (retval = krb5_unparse_name(context, authdat->ticket->enc_part2->client, &princ))
+ if (retval = krb5_unparse_name(context, ticket->enc_part2->client, &princ))
com_err("uu-client", retval, "while unparsing client name");
else {
printf("server is named \"%s\"\n", princ);
return 9;
}
-
- if (retval = krb5_rd_safe(context, &reply, authdat->ticket->enc_part2->session,
- &serv_addr, &cli_addr,
- authdat->authenticator->seq_number,
- KRB5_SAFE_NOTIME|KRB5_SAFE_DOSEQUENCE, 0, &msg))
- {
- com_err("uu-client", retval, "decoding reply from server");
- return 10;
+ if (retval = krb5_rd_safe(context, auth_context, &reply, &msg, NULL)) {
+ com_err("uu-client", retval, "decoding reply from server");
+ return 10;
}
- printf ("uu-client: server says \"%s\".\n", msg.data);
- return 0;
+ printf ("uu-client: server says \"%s\".\n", msg.data);
+ return 0;
}
krb5_creds creds, *new_creds;
krb5_ccache cc;
krb5_data msgtext, msg;
- krb5_int32 seqno;
krb5_context context;
+ krb5_auth_context * auth_context = NULL;
#ifndef DEBUG
freopen("/tmp/uu-server.log", "w", stderr);
/* send a ticket/authenticator to the other side, so it can get the key
we're using for the krb_safe below. */
- if (retval = krb5_generate_seq_number(context, &new_creds->keyblock, &seqno)){
- com_err("uu-server", retval, "generating sequence number");
- return 8;
- }
+ if (retval = krb5_auth_con_init(context, &auth_context)) {
+ com_err("uu-server", retval, "making auth_context");
+ return 8;
+ }
+
+ if (retval = krb5_auth_con_setflags(context, auth_context,
+ KRB5_AUTH_CONTEXT_DO_SEQUENCE)) {
+ com_err("uu-server", retval, "initializing the auth_context flags");
+ return 8;
+ }
+
+ if (retval = krb5_auth_con_setaddrs(context, auth_context, &laddr, &faddr)){
+ com_err("uu-server", retval, "setting addresses for auth_context");
+ return 9;
+ }
+
#if 1
- if (retval = krb5_mk_req_extended(context, AP_OPTS_USE_SESSION_KEY,
- 0, /* no application checksum here */
- seqno,
- 0, /* no need for subkey */
- &creds,
- 0, /* don't need authenticator copy */
- &msg)) {
- com_err("uu-server", retval, "making AP_REQ");
- return 8;
- }
- retval = krb5_write_message(context, (krb5_pointer) &sock, &msg);
+ if (retval = krb5_mk_req_extended(context, &auth_context,
+ AP_OPTS_USE_SESSION_KEY,
+ NULL, new_creds, &msg)) {
+ com_err("uu-server", retval, "making AP_REQ");
+ return 8;
+ }
+ retval = krb5_write_message(context, (krb5_pointer) &sock, &msg);
#else
- retval = krb5_sendauth(context, (krb5_pointer)&sock, "???", 0, 0,
- AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SESSION_KEY,
- 0, /* no checksum*/
- &creds, cc,
- 0, 0, /* no sequence number or subsession key */
- 0, 0);
+ retval = krb5_sendauth(context, &auth_context, (krb5_pointer)&sock,"???", 0,
+ 0, AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SESSION_KEY,
+ NULL, &creds, cc, NULL, NULL, NULL);
#endif
if (retval)
goto cl_short_wrt;
msgtext.length = 32;
msgtext.data = "Hello, other end of connection.";
- if (retval = krb5_mk_safe(context, &msgtext, CKSUMTYPE_RSA_MD4_DES,
- &new_creds->keyblock, &laddr, &faddr, seqno,
- KRB5_SAFE_NOTIME|KRB5_SAFE_DOSEQUENCE, 0, &msg))
+ if (retval = krb5_mk_safe(context, auth_context, &msgtext, &msg, NULL))
{
com_err("uu-server", retval, "encoding message to client");
return 6;
projects / krb5.git / commitdiff