From 31d1da1652f8bd41ed923a8f9ebfee53c56bca77 Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Thu, 9 Jan 2003 21:12:34 +0000 Subject: [PATCH] Between the 1.1 and 1.2 releases of Kerberos, the gss-sample protocol changed. People seem to use this sample for interop testing, so support for the old protocol is needed. This commit adds a -v1 flag to the gss-client that will use the old protocol. The server does not yet support the old protocol, so the ticket remains open. Ticket: 881 Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15103 dc483132-0cff-0310-8789-dd5450dbe970 --- src/appl/gss-sample/ChangeLog | 8 ++++++ src/appl/gss-sample/README | 4 +++ src/appl/gss-sample/gss-client.c | 40 +++++++++++++++++---------- src/appl/gss-sample/gss-misc.c | 47 ++++++++++++++++++++++---------- 4 files changed, 69 insertions(+), 30 deletions(-) diff --git a/src/appl/gss-sample/ChangeLog b/src/appl/gss-sample/ChangeLog index 08e8491f5..50b003c04 100644 --- a/src/appl/gss-sample/ChangeLog +++ b/src/appl/gss-sample/ChangeLog @@ -1,3 +1,11 @@ +2003-01-08 Sam Hartman + + * gss-misc.c (recv_token): Support reading 0 token flags as part of length + + * gss-client.c : Support a -v1 argument meaning that no token flags are used o, + + * gss-misc.c (send_token): If token flags are null, do not send them. + 2002-12-30 Ken Raeburn * gss-misc.c (send_token, recv_token): Open-code the math to send diff --git a/src/appl/gss-sample/README b/src/appl/gss-sample/README index ac90086ad..8fc7cfee4 100644 --- a/src/appl/gss-sample/README +++ b/src/appl/gss-sample/README @@ -51,6 +51,10 @@ times| 8. The client and server close the TCP/IP connection and destroy the GSS-API context. + +The client also supports the -v1 flag which uses an older exchange +format compatible with previous releases of Kerberos and with samples +shipped in the Microsoft SDK. The server's command line usage is diff --git a/src/appl/gss-sample/gss-client.c b/src/appl/gss-sample/gss-client.c index efd0f4c41..a66c0c9fe 100644 --- a/src/appl/gss-sample/gss-client.c +++ b/src/appl/gss-sample/gss-client.c @@ -47,7 +47,7 @@ static void usage() { fprintf(stderr, "Usage: gss-client [-port port] [-mech mechanism] [-d]\n"); fprintf(stderr, " [-f] [-q] [-ccount count] [-mcount count]\n"); - fprintf(stderr, " [-na] [-nw] [-nx] [-nm] host service msg\n"); + fprintf(stderr, " [-v1] [-na] [-nw] [-nx] [-nm] host service msg\n"); exit(1); } @@ -128,13 +128,14 @@ static int connect_to_server(host, port) * unsuccessful, the GSS-API error messages are displayed on stderr * and -1 is returned. */ -static int client_establish_context(s, service_name, deleg_flag, auth_flag, - oid, gss_context, ret_flags) +static int client_establish_context(s, service_name, deleg_flag, auth_flag, + v1_format, oid, gss_context, ret_flags) int s; char *service_name; gss_OID oid; OM_uint32 deleg_flag; int auth_flag; + int v1_format; gss_ctx_id_t *gss_context; OM_uint32 *ret_flags; { @@ -157,9 +158,11 @@ static int client_establish_context(s, service_name, deleg_flag, auth_flag, return -1; } - if (send_token(s, TOKEN_NOOP|TOKEN_CONTEXT_NEXT, empty_token) < 0) { - (void) gss_release_name(&min_stat, &target_name); - return -1; + if (!v1_format) { + if (send_token(s, TOKEN_NOOP|TOKEN_CONTEXT_NEXT, empty_token) < 0) { + (void) gss_release_name(&min_stat, &target_name); + return -1; + } } /* @@ -205,7 +208,7 @@ static int client_establish_context(s, service_name, deleg_flag, auth_flag, if (verbose) printf("Sending init_sec_context token (size=%d)...", (int) send_tok.length); - if (send_token(s, TOKEN_CONTEXT, &send_tok) < 0) { + if (send_token(s, v1_format?0:TOKEN_CONTEXT, &send_tok) < 0) { (void) gss_release_buffer(&min_stat, &send_tok); (void) gss_release_name(&min_stat, &target_name); return -1; @@ -318,7 +321,7 @@ static void read_file(file_name, in_buf) * verifies it with gss_verify. -1 is returned if any step fails, * otherwise 0 is returned. */ static int call_server(host, port, oid, service_name, deleg_flag, auth_flag, - wrap_flag, encrypt_flag, mic_flag, msg, use_file, + wrap_flag, encrypt_flag, mic_flag, v1_format, msg, use_file, mcount) char *host; u_short port; @@ -326,6 +329,7 @@ static int call_server(host, port, oid, service_name, deleg_flag, auth_flag, char *service_name; OM_uint32 deleg_flag; int auth_flag, wrap_flag, encrypt_flag, mic_flag; + int v1_format; char *msg; int use_file; int mcount; @@ -354,7 +358,8 @@ static int call_server(host, port, oid, service_name, deleg_flag, auth_flag, /* Establish context */ if (client_establish_context(s, service_name, deleg_flag, auth_flag, - oid, &context, &ret_flags) < 0) { + v1_format, oid, &context, + &ret_flags) < 0) { (void) close(s); return -1; } @@ -474,10 +479,11 @@ static int call_server(host, port, oid, service_name, deleg_flag, auth_flag, } /* Send to server */ - if (send_token(s, (TOKEN_DATA | + if (send_token(s, (v1_format?0 + :(TOKEN_DATA | (wrap_flag ? TOKEN_WRAPPED : 0) | (encrypt_flag ? TOKEN_ENCRYPTED : 0) | - (mic_flag ? TOKEN_SEND_MIC : 0)), &out_buf) < 0) { + (mic_flag ? TOKEN_SEND_MIC : 0))), &out_buf) < 0) { (void) close(s); (void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER); return -1; @@ -518,6 +524,7 @@ static int call_server(host, port, oid, service_name, deleg_flag, auth_flag, free(in_buf.value); /* Send NOOP */ + if (!v1_format) (void) send_token(s, TOKEN_NOOP, empty_token); if (auth_flag) { @@ -578,10 +585,11 @@ int main(argc, argv) gss_OID oid = GSS_C_NULL_OID; int mcount = 1, ccount = 1; int i; - int auth_flag, wrap_flag, encrypt_flag, mic_flag; + int auth_flag, wrap_flag, encrypt_flag, mic_flag, v1_format; display_file = stdout; auth_flag = wrap_flag = encrypt_flag = mic_flag = 1; + v1_format = 0; /* Parse arguments. */ argc--; argv++; @@ -618,8 +626,10 @@ int main(argc, argv) encrypt_flag = 0; } else if (strcmp(*argv, "-nm") == 0) { mic_flag = 0; - } else - break; + } else if (strcmp(*argv, "-v1") == 0) { + v1_format = 1; + } else + break; argc--; argv++; } if (argc != 3) @@ -635,7 +645,7 @@ int main(argc, argv) for (i = 0; i < ccount; i++) { if (call_server(server_host, port, oid, service_name, deleg_flag, auth_flag, wrap_flag, encrypt_flag, mic_flag, - msg, use_file, mcount) < 0) + v1_format, msg, use_file, mcount) < 0) exit(1); } diff --git a/src/appl/gss-sample/gss-misc.c b/src/appl/gss-sample/gss-misc.c index 9a2dd0b34..183306c29 100644 --- a/src/appl/gss-sample/gss-misc.c +++ b/src/appl/gss-sample/gss-misc.c @@ -109,11 +109,11 @@ static int read_all(int fildes, char *buf, unsigned int nbyte) * * Effects: * - * send_token writes the token flags (a single byte, even though - * they're passed in in an integer), then the token length (as a - * network long) and then the token data to the file descriptor s. It - * returns 0 on success, and -1 if an error occurs or if it could not - * write all the data. + * If the flags are non-null, send_token writes the token flags (a + * single byte, even though they're passed in in an integer). Next, + * the token length (as a network long) and then the token data are + * written to the file descriptor s. It returns 0 on success, and -1 + * if an error occurs or if it could not write all the data. */ int send_token(s, flags, tok) int s; @@ -124,12 +124,13 @@ int send_token(s, flags, tok) unsigned char char_flags = (unsigned char) flags; unsigned char lenbuf[4]; - ret = write_all(s, (char *)&char_flags, 1); - if (ret != 1) { - perror("sending token flags"); - return -1; + if (char_flags) { + ret = write_all(s, (char *)&char_flags, 1); + if (ret != 1) { + perror("sending token flags"); + return -1; + } } - if (tok->length > 0xffffffffUL) abort(); lenbuf[0] = (tok->length >> 24) & 0xff; @@ -208,16 +209,32 @@ int recv_token(s, flags, tok) *flags = (int) char_flags; } - ret = read_all(s, lenbuf, 4); + if (char_flags == 0 ) { + lenbuf[0] = 0; + ret = read_all(s, &lenbuf[1], 3); if (ret < 0) { - perror("reading token length"); - return -1; - } else if (ret != 4) { + perror("reading token length"); + return -1; + } else if (ret != 3) { if (display_file) fprintf(display_file, "reading token length: %d of %d bytes read\n", - ret, 4); + ret, 3); + return -1; + } + } + else { + ret = read_all(s, lenbuf, 4); + if (ret < 0) { + perror("reading token length"); + return -1; + } else if (ret != 4) { + if (display_file) + fprintf(display_file, + "reading token length: %d of %d bytes read\n", + ret, 4); return -1; + } } tok->length = ((lenbuf[0] << 24) -- 2.26.2