From 8f962a4f65b4fb609b58f91b667f8de16e958efd Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Fri, 30 Jan 2004 23:52:07 +0000 Subject: [PATCH] Address issues discovered while testing updated Windows gss sample client. A Missing parameter to a sign_server call in gss-server.c and the need for a select() call in read_all() to prevent blocking indefinitely. ticket: new target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15986 dc483132-0cff-0310-8789-dd5450dbe970 --- src/appl/gss-sample/ChangeLog | 6 + src/appl/gss-sample/gss-misc.c | 16 +- src/appl/gss-sample/gss-server.c | 284 +++++++++++++++---------------- 3 files changed, 161 insertions(+), 145 deletions(-) diff --git a/src/appl/gss-sample/ChangeLog b/src/appl/gss-sample/ChangeLog index 50b003c04..4a8319b80 100644 --- a/src/appl/gss-sample/ChangeLog +++ b/src/appl/gss-sample/ChangeLog @@ -1,3 +1,9 @@ +2004-01-30 Jeffrey Altman + + * gss-misc.c (read_all): Add call to select() so we don't block forever + + * gss-server.c (main): Add missing "export" parameter to second sign_server() + 2003-01-08 Sam Hartman * gss-misc.c (recv_token): Support reading 0 token flags as part of length diff --git a/src/appl/gss-sample/gss-misc.c b/src/appl/gss-sample/gss-misc.c index 183306c29..c1778132e 100644 --- a/src/appl/gss-sample/gss-misc.c +++ b/src/appl/gss-sample/gss-misc.c @@ -77,11 +77,21 @@ static int write_all(int fildes, char *buf, unsigned int nbyte) static int read_all(int fildes, char *buf, unsigned int nbyte) { - int ret; - char *ptr; + int ret; + char *ptr; + fd_set rfds; + struct timeval tv; + + FD_ZERO(&rfds); + FD_SET(fildes, &rfds); + tv.tv_sec = 10; + tv.tv_usec = 0; + for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) { - ret = recv(fildes, ptr, nbyte, 0); + if ( select(FD_SETSIZE, &rfds, NULL, NULL, &tv) <= 0 || !FD_ISSET(fildes, &rfds) ) + return(ptr-buf); + ret = recv(fildes, ptr, nbyte, 0); if (ret < 0) { if (errno == EINTR) continue; diff --git a/src/appl/gss-sample/gss-server.c b/src/appl/gss-sample/gss-server.c index b3229f1be..5677f8d6c 100644 --- a/src/appl/gss-sample/gss-server.c +++ b/src/appl/gss-sample/gss-server.c @@ -388,147 +388,147 @@ static int sign_server(s, server_creds, export) gss_cred_id_t server_creds; int export; { - gss_buffer_desc client_name, xmit_buf, msg_buf; - gss_ctx_id_t context; - OM_uint32 maj_stat, min_stat; - int i, conf_state, ret_flags; - char *cp; - int token_flags; - - /* Establish a context with the client */ - if (server_establish_context(s, server_creds, &context, - &client_name, &ret_flags) < 0) - return(-1); - - if (context == GSS_C_NO_CONTEXT) { - printf("Accepted unauthenticated connection.\n"); - } - else { - printf("Accepted connection: \"%.*s\"\n", - (int) client_name.length, (char *) client_name.value); - (void) gss_release_buffer(&min_stat, &client_name); - - if (export) { - for (i=0; i < 3; i++) - if (test_import_export_context(&context)) - return -1; - } - } - - do { - /* Receive the message token */ - if (recv_token(s, &token_flags, &xmit_buf) < 0) - return(-1); - - if (token_flags & TOKEN_NOOP) { - if (log) - fprintf(log, "NOOP token\n"); - if(xmit_buf.value) { - free(xmit_buf.value); - xmit_buf.value = 0; - } - break; - } - - if (verbose && log) { - fprintf(log, "Message token (flags=%d):\n", token_flags); - print_token(&xmit_buf); - } - - if ((context == GSS_C_NO_CONTEXT) && - (token_flags & (TOKEN_WRAPPED|TOKEN_ENCRYPTED|TOKEN_SEND_MIC))) { - if (log) - fprintf(log, - "Unauthenticated client requested authenticated services!\n"); - if(xmit_buf.value) { - free (xmit_buf.value); - xmit_buf.value = 0; - } - return(-1); - } - - if (token_flags & TOKEN_WRAPPED) { - maj_stat = gss_unwrap(&min_stat, context, &xmit_buf, &msg_buf, - &conf_state, (gss_qop_t *) NULL); - if (maj_stat != GSS_S_COMPLETE) { - display_status("unsealing message", maj_stat, min_stat); - if(xmit_buf.value) { - free (xmit_buf.value); - xmit_buf.value = 0; - } - return(-1); - } else if (! conf_state && (token_flags & TOKEN_ENCRYPTED)) { - fprintf(stderr, "Warning! Message not encrypted.\n"); - } - - if(xmit_buf.value) { - free (xmit_buf.value); - xmit_buf.value = 0; - } - } - else { - msg_buf = xmit_buf; - } - - if (log) { - fprintf(log, "Received message: "); - cp = msg_buf.value; - if ((isprint((int) cp[0]) || isspace((int) cp[0])) && - (isprint((int) cp[1]) || isspace((int) cp[1]))) { - fprintf(log, "\"%.*s\"\n", (int) msg_buf.length, - (char *) msg_buf.value); - } else { - fprintf(log, "\n"); - print_token(&msg_buf); - } - } - - if (token_flags & TOKEN_SEND_MIC) { - /* Produce a signature block for the message */ - maj_stat = gss_get_mic(&min_stat, context, GSS_C_QOP_DEFAULT, - &msg_buf, &xmit_buf); - if (maj_stat != GSS_S_COMPLETE) { - display_status("signing message", maj_stat, min_stat); - return(-1); - } - - if(msg_buf.value) { - free (msg_buf.value); - msg_buf.value = 0; - } - - /* Send the signature block to the client */ - if (send_token(s, TOKEN_MIC, &xmit_buf) < 0) - return(-1); - - if(xmit_buf.value) { - free (xmit_buf.value); - xmit_buf.value = 0; - } - } - else { - if(msg_buf.value) { - free (msg_buf.value); - msg_buf.value = 0; - } - if (send_token(s, TOKEN_NOOP, empty_token) < 0) - return(-1); - } - } while (1 /* loop will break if NOOP received */); - - if (context != GSS_C_NO_CONTEXT) { - /* Delete context */ - maj_stat = gss_delete_sec_context(&min_stat, &context, NULL); - if (maj_stat != GSS_S_COMPLETE) { - display_status("deleting context", maj_stat, min_stat); - return(-1); - } - } - - if (log) - fflush(log); - - return(0); + gss_buffer_desc client_name, xmit_buf, msg_buf; + gss_ctx_id_t context; + OM_uint32 maj_stat, min_stat; + int i, conf_state, ret_flags; + char *cp; + int token_flags; + + /* Establish a context with the client */ + if (server_establish_context(s, server_creds, &context, + &client_name, &ret_flags) < 0) + return(-1); + + if (context == GSS_C_NO_CONTEXT) { + printf("Accepted unauthenticated connection.\n"); + } + else { + printf("Accepted connection: \"%.*s\"\n", + (int) client_name.length, (char *) client_name.value); + (void) gss_release_buffer(&min_stat, &client_name); + + if (export) { + for (i=0; i < 3; i++) + if (test_import_export_context(&context)) + return -1; + } + } + + do { + /* Receive the message token */ + if (recv_token(s, &token_flags, &xmit_buf) < 0) + return(-1); + + if (token_flags & TOKEN_NOOP) { + if (log) + fprintf(log, "NOOP token\n"); + if(xmit_buf.value) { + free(xmit_buf.value); + xmit_buf.value = 0; + } + break; + } + + if (verbose && log) { + fprintf(log, "Message token (flags=%d):\n", token_flags); + print_token(&xmit_buf); + } + + if ((context == GSS_C_NO_CONTEXT) && + ( token_flags & (TOKEN_WRAPPED|TOKEN_ENCRYPTED|TOKEN_SEND_MIC))) { + if (log) + fprintf(log, + "Unauthenticated client requested authenticated services!\n"); + if(xmit_buf.value) { + free (xmit_buf.value); + xmit_buf.value = 0; + } + return(-1); + } + + if (token_flags & TOKEN_WRAPPED) { + maj_stat = gss_unwrap(&min_stat, context, &xmit_buf, &msg_buf, + &conf_state, (gss_qop_t *) NULL); + if (maj_stat != GSS_S_COMPLETE) { + display_status("unsealing message", maj_stat, min_stat); + if(xmit_buf.value) { + free (xmit_buf.value); + xmit_buf.value = 0; + } + return(-1); + } else if (! conf_state && (token_flags & TOKEN_ENCRYPTED)) { + fprintf(stderr, "Warning! Message not encrypted.\n"); + } + + if(xmit_buf.value) { + free (xmit_buf.value); + xmit_buf.value = 0; + } + } + else { + msg_buf = xmit_buf; + } + + if (log) { + fprintf(log, "Received message: "); + cp = msg_buf.value; + if ((isprint((int) cp[0]) || isspace((int) cp[0])) && + (isprint((int) cp[1]) || isspace((int) cp[1]))) { + fprintf(log, "\"%.*s\"\n", (int) msg_buf.length, + (char *) msg_buf.value); + } else { + fprintf(log, "\n"); + print_token(&msg_buf); + } + } + + if (token_flags & TOKEN_SEND_MIC) { + /* Produce a signature block for the message */ + maj_stat = gss_get_mic(&min_stat, context, GSS_C_QOP_DEFAULT, + &msg_buf, &xmit_buf); + if (maj_stat != GSS_S_COMPLETE) { + display_status("signing message", maj_stat, min_stat); + return(-1); + } + + if(msg_buf.value) { + free (msg_buf.value); + msg_buf.value = 0; + } + + /* Send the signature block to the client */ + if (send_token(s, TOKEN_MIC, &xmit_buf) < 0) + return(-1); + + if(xmit_buf.value) { + free (xmit_buf.value); + xmit_buf.value = 0; + } + } + else { + if(msg_buf.value) { + free (msg_buf.value); + msg_buf.value = 0; + } + if (send_token(s, TOKEN_NOOP, empty_token) < 0) + return(-1); + } + } while (1 /* loop will break if NOOP received */); + + if (context != GSS_C_NO_CONTEXT) { + /* Delete context */ + maj_stat = gss_delete_sec_context(&min_stat, &context, NULL); + if (maj_stat != GSS_S_COMPLETE) { + display_status("deleting context", maj_stat, min_stat); + return(-1); + } + } + + if (log) + fflush(log); + + return(0); } int @@ -612,7 +612,7 @@ main(argc, argv) } /* this return value is not checked, because there's not really anything to do if it fails */ - sign_server(s, server_creds); + sign_server(s, server_creds, export); close(s); } while (!once); -- 2.26.2