From: John Kohl Date: Fri, 29 Mar 1991 08:53:53 +0000 (+0000) Subject: change to use sendauth X-Git-Tag: krb5-1.0-alpha4~13 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=0daa05ffe65022c0c7219b01401bc97ab25c27ce;p=krb5.git change to use sendauth git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1960 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/appl/sample/sclient/sclient.c b/src/appl/sample/sclient/sclient.c index 16784f2e2..efb08a730 100644 --- a/src/appl/sample/sclient/sclient.c +++ b/src/appl/sample/sclient/sclient.c @@ -2,7 +2,7 @@ * $Source$ * $Author$ * - * Copyright 1990 by the Massachusetts Institute of Technology. + * Copyright 1990,1991 by the Massachusetts Institute of Technology. * All Rights Reserved. * * For copying and distribution information, please see the file @@ -42,17 +42,15 @@ char *argv[]; struct servent *sp; struct hostent *hp; struct sockaddr_in sin, lsin; - char *remote_host; - register char *cp; int sock, namelen; - krb5_data send_data; + krb5_data recv_data; krb5_checksum send_cksum; krb5_error_code retval; krb5_ccache ccdef; - krb5_principal server; - char **hrealms; + krb5_principal client, server; + krb5_error *err_ret; + krb5_ap_rep_enc_part *rep_ret; short xmitlen; - char sbuf[512]; if (argc != 2) { fprintf(stderr, "usage: %s \n",argv[0]); @@ -89,35 +87,12 @@ char *argv[]; exit(1); } - if (retval = krb5_get_host_realm(hp->h_name, &hrealms)) { - com_err(argv[0], retval, "while determining realm(s) of %s", - hp->h_name); - exit(1); - } - if (strlen(hp->h_name)+strlen(SAMPLE_SERVICE)+strlen(hrealms[0])+3 > - sizeof(sbuf)) { - fprintf(stderr, "hostname too long!\n"); - exit(1); - } - - /* copy the hostname into non-volatile storage */ - remote_host = malloc(strlen(hp->h_name) + 1); - (void) strcpy(remote_host, hp->h_name); - - /* lower-case to get name for "instance" part of service name */ - for (cp = remote_host; *cp; cp++) - if (isupper(*cp)) - *cp = tolower(*cp); - - memset(sbuf, 0, sizeof(sbuf)); - strcpy(sbuf, SAMPLE_SERVICE); - strcat(sbuf, "/"); - strcat(sbuf, remote_host); - strcat(sbuf, "@"); - strcat(sbuf, hrealms[0]); - (void) krb5_free_host_realm(hrealms); - if (retval = krb5_parse_name(sbuf, &server)) { - com_err(argv[0], retval, "while parsing service name %s", sbuf); + if (retval = krb5_sname_to_principal(argv[1], SAMPLE_SERVICE, + TRUE, /* TRUE means canonicalize + hostname */ + &server)) { + com_err(argv[0], retval, "while creating server name for %s", + argv[1]); exit(1); } @@ -157,8 +132,8 @@ char *argv[]; } /* choose some random stuff to compute checksum from */ if (retval = krb5_calculate_checksum(CKSUMTYPE_CRC32, - remote_host, - strlen(remote_host), + argv[1], + strlen(argv[1]), 0, 0, /* if length is 0, crc-32 doesn't use the seed */ @@ -172,43 +147,59 @@ char *argv[]; exit(1); } - if (retval = krb5_mk_req(server, 0, &send_cksum, ccdef, &send_data)) { - com_err(argv[0], retval, "while preparing AP_REQ"); - exit(1); - } - xmitlen = htons(send_data.length); - - if ((retval = krb5_net_write(sock, (char *)&xmitlen, - sizeof(xmitlen))) < 0) { - com_err(argv[0], errno, "while writing len to server"); - exit(1); - } - if ((retval = krb5_net_write(sock, (char *)send_data.data, - send_data.length)) < 0) { - com_err(argv[0], errno, "while writing data to server"); - exit(1); - } - xfree(send_data.data); - if ((retval = krb5_net_read(sock, (char *)&xmitlen, - sizeof(xmitlen))) <= 0) { - if (retval == 0) - errno = ECONNRESET; /* XXX */ - com_err(argv[0], errno, "while reading data from server"); - exit(1); - } - send_data.length = ntohs(xmitlen); - if (!(send_data.data = (char *)malloc(send_data.length + 1))) { - com_err(argv[0], ENOMEM, "while allocating buffer to read from server"); - exit(1); - } - if ((retval = krb5_net_read(sock, (char *)send_data.data, - send_data.length)) <= 0) { - if (retval == 0) - errno = ECONNRESET; /* XXX */ - com_err(argv[0], errno, "while reading data from server"); + if (retval = krb5_cc_get_principal(ccdef, &client)) { + com_err(argv[0], retval, "while getting client principal name"); + exit(1); + } + retval = krb5_sendauth((krb5_pointer) &sock, + SAMPLE_VERSION, client, server, + AP_OPTS_MUTUAL_REQUIRED, + &send_cksum, + 0, /* no creds, use ccache instead */ + ccdef, + 0, /* don't need seq # */ + 0, /* don't need a subsession key */ + &err_ret, + &rep_ret); + + krb5_free_principal(server); /* finished using it */ + + if (retval && retval != KRB5_SENDAUTH_REJECTED) { + com_err(argv[0], retval, "while using sendauth"); + exit(1); + } + if (retval == KRB5_SENDAUTH_REJECTED) { + /* got an error */ + printf("sendauth rejected, error reply is:\n\t\"%*s\"", + err_ret->text.length, err_ret->text.data); + } else if (rep_ret) { + /* got a reply */ + printf("sendauth succeeded, reply is:\n"); + if ((retval = krb5_net_read(sock, (char *)&xmitlen, + sizeof(xmitlen))) <= 0) { + if (retval == 0) + errno = ECONNABORTED; + com_err(argv[0], errno, "while reading data from server"); + exit(1); + } + recv_data.length = ntohs(xmitlen); + if (!(recv_data.data = (char *)malloc(recv_data.length + 1))) { + com_err(argv[0], ENOMEM, + "while allocating buffer to read from server"); + exit(1); + } + if ((retval = krb5_net_read(sock, (char *)recv_data.data, + recv_data.length)) <= 0) { + if (retval == 0) + errno = ECONNABORTED; + com_err(argv[0], errno, "while reading data from server"); + exit(1); + } + printf("reply len %d, contents:\n%*s\n", + recv_data.length,recv_data.length,recv_data.data); + } else { + com_err(argv[0], 0, "no error or reply from sendauth!"); exit(1); } - send_data.data[send_data.length] = '\0'; - printf("reply len %d, contents:\n%s\n",send_data.length,send_data.data); exit(0); } diff --git a/src/appl/sample/sserver/sserver.c b/src/appl/sample/sserver/sserver.c index 7c0c3668c..817d03c1e 100644 --- a/src/appl/sample/sserver/sserver.c +++ b/src/appl/sample/sserver/sserver.c @@ -2,7 +2,7 @@ * $Source$ * $Author$ * - * Copyright 1990 by the Massachusetts Institute of Technology. + * Copyright 1990,1991 by the Massachusetts Institute of Technology. * All Rights Reserved. * * For copying and distribution information, please see the file @@ -50,11 +50,11 @@ char *argv[]; struct sockaddr_in peername; krb5_address peeraddr; int namelen = sizeof(peername); + int sock = 0; /* incoming connection fd */ krb5_data recv_data; short xmitlen; krb5_error_code retval; - krb5_tkt_authent *authdat; - krb5_principal server; + krb5_principal server, client; char repbuf[BUFSIZ]; char *cname; @@ -72,35 +72,36 @@ char *argv[]; error_message(retval)); exit(1); } - + #ifdef DEBUG -{ - int sock, acc; - struct sockaddr_in sin; + { + int acc; + struct sockaddr_in sin; - if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) { - syslog(LOG_ERR, "socket: %m"); - exit(3); - } + if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) { + syslog(LOG_ERR, "socket: %m"); + exit(3); + } - sin.sin_family = AF_INET; - sin.sin_addr.s_addr = 0; - sin.sin_port = htons(5555); - if (bind(sock, &sin, sizeof(sin))) { - syslog(LOG_ERR, "bind: %m"); - exit(3); - } - if (listen(sock, 1) == -1) { - syslog(LOG_ERR, "listen: %m"); - exit(3); + sin.sin_family = AF_INET; + sin.sin_addr.s_addr = 0; + sin.sin_port = htons(5555); + if (bind(sock, &sin, sizeof(sin))) { + syslog(LOG_ERR, "bind: %m"); + exit(3); + } + if (listen(sock, 1) == -1) { + syslog(LOG_ERR, "listen: %m"); + exit(3); + } + if ((acc = accept(sock, (struct sockaddr *)&peername, &namelen)) == -1) { + syslog(LOG_ERR, "accept: %m"); + exit(3); + } + dup2(acc, 0); + close(sock); + sock = 0; } - if ((acc = accept(sock, (struct sockaddr *)&peername, &namelen)) == -1) { - syslog(LOG_ERR, "accept: %m"); - exit(3); - } - dup2(acc, 0); - close(sock); -} #else /* * To verify authenticity, we need to know the address of the @@ -113,47 +114,29 @@ char *argv[]; #endif peeraddr.addrtype = peername.sin_family; peeraddr.length = sizeof(peername.sin_addr); - if (!(peeraddr.contents = (krb5_octet *)malloc(peeraddr.length))) { - syslog(LOG_ERR, "no memory allocating addr"); - exit(1); - } - memcpy((char *)peeraddr.contents, (char *)&peername.sin_addr, - peeraddr.length); + peeraddr.contents = (krb5_octet *)&peername.sin_addr; - if ((retval = krb5_net_read(0, (char *)&xmitlen, sizeof(xmitlen))) <= 0) { - if (retval == 0) - errno = ECONNRESET; /* XXX */ - syslog(LOG_ERR, "read size: %m"); - exit(1); - } - recv_data.length = ntohs(xmitlen); - if (!(recv_data.data = (char *) malloc(recv_data.length))) { - syslog(LOG_ERR, "no memory allocating packet"); + if (retval = krb5_recvauth((krb5_pointer)&sock, + SAMPLE_VERSION, server, &peeraddr, + 0, 0, 0, /* no fetchfrom, keyproc or arg */ + 0, /* default rc type */ + 0, /* don't need seq number */ + &client, + 0, 0 /* don't care about ticket or + authenticator */ + )) { + syslog(LOG_ERR, "recvauth failed--%s", error_message(retval)); exit(1); } - if ((retval = krb5_net_read(0, (char *)recv_data.data, - recv_data.length)) <= 0) { - if (retval == 0) - errno = ECONNRESET; /* XXX */ - syslog(LOG_ERR, "read contents: %m"); - exit(1); - } - if (retval = krb5_rd_req_simple(&recv_data, server, &peeraddr, &authdat)) { - syslog(LOG_ERR, "rd_req failed: %s", error_message(retval)); - sprintf(repbuf, "RD_REQ failed: %s\n", error_message(retval)); - goto sendreply; - } - xfree(recv_data.data); - if (retval = krb5_unparse_name(authdat->ticket->enc_part2->client, &cname)) { + if (retval = krb5_unparse_name(client, &cname)) { syslog(LOG_ERR, "unparse failed: %s", error_message(retval)); cname = ""; } - krb5_free_tkt_authent(authdat); + sprintf(repbuf, "You are %s\n", cname); if (!retval) free(cname); - sendreply: xmitlen = htons(strlen(repbuf)); recv_data.length = strlen(repbuf); recv_data.data = repbuf;