From bab692ccf25c4c37c024c52de1bf0492107aba41 Mon Sep 17 00:00:00 2001 From: Chris Provenzano Date: Mon, 27 Mar 1995 14:32:20 +0000 Subject: [PATCH] * server.c: Use new calling conventions for krb5_sendauth(), krb5_mk_req_extended(), and krb5_mk_safe(). * client.c: Use new calling conventions for krb5_recvauth(), krb5_rd_req(), and krb5_rd_safe(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5258 dc483132-0cff-0310-8789-dd5450dbe970 --- src/appl/user_user/ChangeLog | 8 ++++ src/appl/user_user/client.c | 82 +++++++++++++++++------------------- src/appl/user_user/server.c | 53 ++++++++++++----------- 3 files changed, 75 insertions(+), 68 deletions(-) diff --git a/src/appl/user_user/ChangeLog b/src/appl/user_user/ChangeLog index ca2b33739..df804b0ac 100644 --- a/src/appl/user_user/ChangeLog +++ b/src/appl/user_user/ChangeLog @@ -1,3 +1,11 @@ +Mon Mar 27 07:56:26 1995 Chris Provenzano (proven@mit.edu) + + * server.c: Use new calling conventions for krb5_sendauth(), + krb5_mk_req_extended(), and krb5_mk_safe(). + + * server.c: Use new calling conventions for krb5_recvauth(), + krb5_rd_req(), and krb5_rd_safe(). + Thu Mar 2 12:28:58 1995 Theodore Y. Ts'o * Makefile.in (ISODELIB): Remove reference to $(ISODELIB). diff --git a/src/appl/user_user/client.c b/src/appl/user_user/client.c index 743c03583..ea6d39e66 100644 --- a/src/appl/user_user/client.c +++ b/src/appl/user_user/client.c @@ -35,20 +35,6 @@ #include "krb5.h" #include "com_err.h" -krb5_error_code -tgt_keyproc(context, keyprocarg, principal, vno, keytype, key) - krb5_context context; - krb5_pointer keyprocarg; - krb5_principal principal; - krb5_kvno vno; - krb5_keytype keytype; - krb5_keyblock ** key; -{ - krb5_creds *creds = (krb5_creds *)keyprocarg; - - return krb5_copy_keyblock(context, &creds->keyblock, key); -} - int main (argc, argv) int argc; char *argv[]; @@ -65,8 +51,9 @@ char *argv[]; krb5_ccache cc; krb5_creds creds, *new_creds; krb5_data reply, msg, princ_data; - krb5_tkt_authent *authdat; - krb5_context context; + krb5_auth_context * auth_context = NULL; + krb5_ticket * ticket = NULL; + krb5_context context; unsigned short port; if (argc < 2 || argc > 4) @@ -227,30 +214,44 @@ char *argv[]; cli_addr.length = sizeof(cli_net_addr.sin_addr); cli_addr.contents = (krb5_octet *)&cli_net_addr.sin_addr; + if (retval = krb5_auth_con_init(context, &auth_context)) { + com_err("uu-client", retval, "initializing the auth_context"); + return 9; + } + + if (retval = krb5_auth_con_setflags(context, auth_context, + KRB5_AUTH_CONTEXT_DO_SEQUENCE)) { + com_err("uu-client", retval, "initializing the auth_context flags"); + return 9; + } + + if (retval = krb5_auth_con_setaddrs(context, auth_context, &cli_addr, + &serv_addr)) { + com_err("uu-client", retval, "setting addresses for auth_context"); + return 9; + } + + if (retval = krb5_auth_con_setuseruserkey(context, auth_context, + &new_creds->keyblock)) { + com_err("uu-client", retval, "setting useruserkey for authcontext"); + return 9; + } + #if 1 - /* read the ap_req to get the session key */ - retval = krb5_rd_req(context, &reply, - 0, /* don't know server's name... */ - &serv_addr, - 0, /* no fetchfrom */ - tgt_keyproc, - (krb5_pointer)new_creds, /* credentials as arg to - keyproc */ - 0, /* no rcache for the moment XXX */ - &authdat); - free(reply.data); + /* read the ap_req to get the session key */ + retval = krb5_rd_req(context, &auth_context, &reply, + NULL, NULL, NULL, &ticket); + free(reply.data); #else - retval = krb5_recvauth(context, (krb5_pointer)&s, "???", - 0, /* server */ - &serv_addr, 0, tgt_keyproc, (krb5_pointer)new_creds, - 0, 0, - 0, 0, 0, 0); + retval = krb5_recvauth(context, &auth_context, (krb5_pointer)&s, "???", + 0, /* server */, NULL, 0, NULL, &ticket); #endif + if (retval) { com_err("uu-client", retval, "reading AP_REQ from server"); return 9; } - if (retval = krb5_unparse_name(context, authdat->ticket->enc_part2->client, &princ)) + if (retval = krb5_unparse_name(context, ticket->enc_part2->client, &princ)) com_err("uu-client", retval, "while unparsing client name"); else { printf("server is named \"%s\"\n", princ); @@ -263,16 +264,11 @@ char *argv[]; return 9; } - - if (retval = krb5_rd_safe(context, &reply, authdat->ticket->enc_part2->session, - &serv_addr, &cli_addr, - authdat->authenticator->seq_number, - KRB5_SAFE_NOTIME|KRB5_SAFE_DOSEQUENCE, 0, &msg)) - { - com_err("uu-client", retval, "decoding reply from server"); - return 10; + if (retval = krb5_rd_safe(context, auth_context, &reply, &msg, NULL)) { + com_err("uu-client", retval, "decoding reply from server"); + return 10; } - printf ("uu-client: server says \"%s\".\n", msg.data); - return 0; + printf ("uu-client: server says \"%s\".\n", msg.data); + return 0; } diff --git a/src/appl/user_user/server.c b/src/appl/user_user/server.c index e02c5e7dc..175fce123 100644 --- a/src/appl/user_user/server.c +++ b/src/appl/user_user/server.c @@ -51,8 +51,8 @@ char *argv[]; krb5_creds creds, *new_creds; krb5_ccache cc; krb5_data msgtext, msg; - krb5_int32 seqno; krb5_context context; + krb5_auth_context * auth_context = NULL; #ifndef DEBUG freopen("/tmp/uu-server.log", "w", stderr); @@ -165,29 +165,34 @@ char *argv[]; /* send a ticket/authenticator to the other side, so it can get the key we're using for the krb_safe below. */ - if (retval = krb5_generate_seq_number(context, &new_creds->keyblock, &seqno)){ - com_err("uu-server", retval, "generating sequence number"); - return 8; - } + if (retval = krb5_auth_con_init(context, &auth_context)) { + com_err("uu-server", retval, "making auth_context"); + return 8; + } + + if (retval = krb5_auth_con_setflags(context, auth_context, + KRB5_AUTH_CONTEXT_DO_SEQUENCE)) { + com_err("uu-server", retval, "initializing the auth_context flags"); + return 8; + } + + if (retval = krb5_auth_con_setaddrs(context, auth_context, &laddr, &faddr)){ + com_err("uu-server", retval, "setting addresses for auth_context"); + return 9; + } + #if 1 - if (retval = krb5_mk_req_extended(context, AP_OPTS_USE_SESSION_KEY, - 0, /* no application checksum here */ - seqno, - 0, /* no need for subkey */ - &creds, - 0, /* don't need authenticator copy */ - &msg)) { - com_err("uu-server", retval, "making AP_REQ"); - return 8; - } - retval = krb5_write_message(context, (krb5_pointer) &sock, &msg); + if (retval = krb5_mk_req_extended(context, &auth_context, + AP_OPTS_USE_SESSION_KEY, + NULL, new_creds, &msg)) { + com_err("uu-server", retval, "making AP_REQ"); + return 8; + } + retval = krb5_write_message(context, (krb5_pointer) &sock, &msg); #else - retval = krb5_sendauth(context, (krb5_pointer)&sock, "???", 0, 0, - AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SESSION_KEY, - 0, /* no checksum*/ - &creds, cc, - 0, 0, /* no sequence number or subsession key */ - 0, 0); + retval = krb5_sendauth(context, &auth_context, (krb5_pointer)&sock,"???", 0, + 0, AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SESSION_KEY, + NULL, &creds, cc, NULL, NULL, NULL); #endif if (retval) goto cl_short_wrt; @@ -197,9 +202,7 @@ char *argv[]; msgtext.length = 32; msgtext.data = "Hello, other end of connection."; - if (retval = krb5_mk_safe(context, &msgtext, CKSUMTYPE_RSA_MD4_DES, - &new_creds->keyblock, &laddr, &faddr, seqno, - KRB5_SAFE_NOTIME|KRB5_SAFE_DOSEQUENCE, 0, &msg)) + if (retval = krb5_mk_safe(context, auth_context, &msgtext, &msg, NULL)) { com_err("uu-server", retval, "encoding message to client"); return 6; -- 2.26.2