From: Chris Provenzano Date: Mon, 27 Mar 1995 14:50:56 +0000 (+0000) Subject: * kdc5_hammer.c (verify_cs_pair()): Use new calling conventions X-Git-Tag: krb5-1.0-beta5~443 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=95ff7195e9860a9ceb29629f2d1f08315d4cd0f2;p=krb5.git * kdc5_hammer.c (verify_cs_pair()): Use new calling conventions for krb5_rd_req() and krb5_mk_req_extended(), git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5267 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/tests/hammer/ChangeLog b/src/tests/hammer/ChangeLog index cf6f732d7..6773ba47d 100644 --- a/src/tests/hammer/ChangeLog +++ b/src/tests/hammer/ChangeLog @@ -1,3 +1,9 @@ + +Mon Mar 27 07:56:26 1995 Chris Provenzano (proven@mit.edu) + + * kdc5_hammer.c (verify_cs_pair()): Use new calling conventions + for krb5_rd_req() and krb5_mk_req_extended(), + Fri Mar 24 14:52:03 1995 * kdc5_hammer.c (get_tgt): Remove the call to krb5_os_localaddr() diff --git a/src/tests/hammer/kdc5_hammer.c b/src/tests/hammer/kdc5_hammer.c index 7b54509c7..9a16d5a98 100644 --- a/src/tests/hammer/kdc5_hammer.c +++ b/src/tests/hammer/kdc5_hammer.c @@ -60,6 +60,7 @@ int verify_cs_pair char *, krb5_principal, char *, + char *, int, int, int, krb5_ccache)); @@ -244,7 +245,7 @@ main(argc, argv) strcat(stmp, stmp2); sprintf(server, "%s@%s", stmp, cur_realm); if (verify_cs_pair(test_context, client, client_princ, - server, n, i, j, ccache)) + stmp, cur_realm, n, i, j, ccache)) errors++; n_tried++; } @@ -256,120 +257,155 @@ main(argc, argv) } -krb5_error_code get_server_key(context, keyprocarg, princ, vno, keytype, key) +static krb5_error_code +get_server_key(context, server, keytype, key) krb5_context context; - krb5_pointer keyprocarg; - krb5_principal princ; - krb5_kvno vno; + krb5_principal server; krb5_keytype keytype; krb5_keyblock ** key; { - krb5_encrypt_block eblock; - krb5_data pwd, salt; - char *princ_str, *at; - krb5_error_code code; - /* Jon Rochlis asks: Does this belong here or in libos or something? */ - /* John Kohl replies: not really; it's not a generally useful function */ - - code = krb5_unparse_name(context, princ, &princ_str); - if (code) { - com_err (prog, code, "while unparsing server name"); - return(code); - } + krb5_error_code retval; + krb5_encrypt_block eblock; + char * string; + krb5_data salt; + krb5_data pwd; - /* The kdb5_create does not include realm names in the password ... - this is ugly */ - at = strchr(princ_str, '@'); - if (at) *at = '\0'; - - pwd.data = princ_str; - pwd.length = strlen(princ_str); - - if (code = krb5_principal2salt(context, princ, &salt)) { - com_err(prog, code, "while converting principal to salt for '%s'", princ_str); - goto errout; - } + if (retval = krb5_principal2salt(context, server, &salt)) + return retval; + + if (retval = krb5_unparse_name(context, server, &string)) + goto cleanup_salt; + + pwd.data = string; + pwd.length = strlen(string); + + if (*key = (krb5_keyblock *)malloc(sizeof(krb5_keyblock))) { + krb5_use_keytype(context, &eblock, keytype); + if (retval = krb5_string_to_key(context, &eblock, keytype, + *key, &pwd, &salt)) + free(*key); + } else + retval = ENOMEM; - *key = (krb5_keyblock *)malloc(sizeof(**key)); - if (!*key) { - code = ENOMEM; - com_err(prog, code, "while allocating key for server %s", princ_str); - goto errout; - } - krb5_use_keytype(context, &eblock, keytype); - code = krb5_string_to_key(context, &eblock, keytype, *key, &pwd, &salt); - if (code) - goto errout; - -out: - if (princ_str) free(princ_str); - if (salt.data) free(salt.data); - return(code); - - errout: - if (*key) krb5_xfree(*key); - goto out; + free(string); +cleanup_salt: + free(salt.data); + return retval; } -int verify_cs_pair(context, p_client_str, p_client, p_server_str, p_num, - c_depth, s_depth, ccache) +extern krb5_flags krb5_kdc_default_options; + +int verify_cs_pair(context, p_client_str, p_client, service, hostname, + p_num, c_depth, s_depth, ccache) krb5_context context; char *p_client_str; krb5_principal p_client; - char *p_server_str; + char * service; + char * hostname; int p_num, c_depth, s_depth; krb5_ccache ccache; { - krb5_error_code code; - krb5_principal server; - krb5_data request_data; - char *returned_client; - krb5_tkt_authent *authdat; + krb5_error_code retval; + krb5_creds creds; + krb5_creds * credsp; + krb5_ticket * ticket = NULL; + krb5_keyblock * keyblock = NULL; + krb5_auth_context * auth_context = NULL; + krb5_data request_data; if (brief) fprintf(stderr, "\tprinc (%d) client (%d) for server (%d)\n", p_num, c_depth, s_depth); else fprintf(stderr, "\tclient %s for server %s\n", p_client_str, - p_server_str); + hostname); + + /* Initialize variables */ + memset((char *)&creds, 0, sizeof(creds)); - if (code = krb5_parse_name (context, p_server_str, &server)) { - com_err (prog, code, "when parsing name %s", p_server_str); - return(-1); + /* Do client side */ + if (retval = krb5_build_principal(context, &creds.server, strlen(hostname), + hostname, service, NULL, NULL)) { + com_err(prog, retval, "while building principal for %s", hostname); + return retval; } - /* test the checksum stuff? */ - if (code = krb5_mk_req(context, server, 0, 0, ccache, &request_data)) { - com_err(prog, code, "while preparing AP_REQ for %s", p_server_str); - return(-1); + /* obtain ticket & session key */ + if (retval = krb5_cc_get_principal(context, ccache, &creds.client)) { + com_err(prog, retval, "while getting client princ for %s", hostname); + krb5_free_cred_contents(context, &creds); + return retval; } - if (code = krb5_rd_req(context, &request_data, server, 0, 0, - get_server_key, 0, 0, &authdat)) { - com_err(prog, code, "while decoding AP_REQ for %s", p_server_str); - return(-1); + if (retval = krb5_get_credentials(context, krb5_kdc_default_options, + ccache, &creds, &credsp)) { + com_err(prog, retval, "while getting creds for %s", hostname); + krb5_free_cred_contents(context, &creds); + return retval; + } + + krb5_free_cred_contents(context, &creds); + + if (retval = krb5_mk_req_extended(context, &auth_context, 0, NULL, + credsp, &request_data)) { + com_err(prog, retval, "while preparing AP_REQ for %s", hostname); + krb5_auth_con_free(context, auth_context); + return retval; + } + + krb5_auth_con_free(context, auth_context); + auth_context = NULL; + + /* Do server side now */ + if (retval = get_server_key(context, credsp->server, + credsp->keyblock.keytype, &keyblock)) { + com_err(prog, retval, "while getting server key for %s", hostname); + goto cleanup_rdata; } - if (!krb5_principal_compare(context, authdat->authenticator->client, - p_client)) { - code = krb5_unparse_name(context, authdat->authenticator->client, - &returned_client); - if (code) - com_err (prog, code, - "Client not as expected, but cannot unparse client name"); - else - com_err (prog, 0, "Client not as expected (%s).", returned_client); - krb5_free_tkt_authent(context, authdat); - free(returned_client); - return(-1); + if (krb5_auth_con_init(context, &auth_context)) { + com_err(prog, retval, "while creating auth_context for %s", hostname); + goto cleanup_keyblock; } - krb5_free_tkt_authent(context, authdat); - krb5_free_principal(context, server); - if (request_data.data) krb5_xfree(request_data.data); + if (krb5_auth_con_setuseruserkey(context, auth_context, keyblock)) { + com_err(prog, retval, "while setting auth_context key %s", hostname); + goto cleanup_keyblock; + } - return(0); + if (retval = krb5_rd_req(context, &auth_context, &request_data, + NULL /* server */, 0, NULL, &ticket)) { + com_err(prog, retval, "while decoding AP_REQ for %s", hostname); + krb5_auth_con_free(context, auth_context); + goto cleanup_keyblock; + } + + krb5_auth_con_free(context, auth_context); + + if (!(krb5_principal_compare(context,ticket->enc_part2->client,p_client))){ + char *returned_client; + if (retval = krb5_unparse_name(context, ticket->enc_part2->client, + &returned_client)) + com_err (prog, retval, + "Client not as expected, but cannot unparse client name"); + else + com_err (prog, 0, "Client not as expected (%s).", returned_client); + retval = KRB5_PRINC_NOMATCH; + free(returned_client); + } else { + retval = 0; + } + + krb5_free_ticket(context, ticket); + +cleanup_keyblock: + krb5_free_keyblock(context, keyblock); + +cleanup_rdata: + krb5_xfree(request_data.data); + + return retval; } int get_tgt (context, p_client_str, p_client, ccache) @@ -417,9 +453,6 @@ int get_tgt (context, p_client_str, p_client, ccache) my_creds.client = *p_client; my_creds.server = tgt_server; - /* ugh, I'd much rather just delete the credential */ - krb5_cc_destroy(context, ccache); - code = krb5_cc_initialize (context, ccache, *p_client); if (code != 0) { com_err (prog, code, "when initializing cache %s", @@ -437,7 +470,6 @@ int get_tgt (context, p_client_str, p_client, ccache) &my_creds, 0); my_creds.server = my_creds.client = 0; krb5_free_principal(context, tgt_server); - krb5_free_addresses(context, my_addresses); krb5_free_cred_contents(context, &my_creds); if (code != 0) { com_err (prog, code, "while getting initial credentials");