diff options
| author | Greg Hudson <ghudson@mit.edu> | 2009-11-24 17:46:45 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2009-11-24 17:46:45 +0000 |
| commit | 6b684da8b8aa0aa5e7a0f122e5d6b303c6fddf00 (patch) | |
| tree | db6e8ce701a0e0a905e45c82f1c65f64a733e23c | |
| parent | 3aa283767b10ac11b035b690f4569ce5de5e0097 (diff) | |
| download | krb5-6b684da8b8aa0aa5e7a0f122e5d6b303c6fddf00.zip krb5-6b684da8b8aa0aa5e7a0f122e5d6b303c6fddf00.tar.gz krb5-6b684da8b8aa0aa5e7a0f122e5d6b303c6fddf00.tar.bz2 | |
Mark and reindent what's left of the appl directory
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23342 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/Makefile.in | 1 | ||||
| -rw-r--r-- | src/appl/gss-sample/gss-client.c | 862 | ||||
| -rw-r--r-- | src/appl/gss-sample/gss-misc.c | 223 | ||||
| -rw-r--r-- | src/appl/gss-sample/gss-misc.h | 32 | ||||
| -rw-r--r-- | src/appl/gss-sample/gss-server.c | 763 | ||||
| -rw-r--r-- | src/appl/sample/sample.h | 1 | ||||
| -rw-r--r-- | src/appl/sample/sclient/sclient.c | 218 | ||||
| -rw-r--r-- | src/appl/sample/sserver/sserver.c | 189 | ||||
| -rw-r--r-- | src/appl/simple/client/sim_client.c | 188 | ||||
| -rw-r--r-- | src/appl/simple/server/sim_server.c | 163 | ||||
| -rw-r--r-- | src/appl/simple/simple.h | 5 | ||||
| -rw-r--r-- | src/appl/user_user/client.c | 447 | ||||
| -rw-r--r-- | src/appl/user_user/server.c | 318 |
13 files changed, 1700 insertions, 1710 deletions
diff --git a/src/Makefile.in b/src/Makefile.in index 26b5833..9a5c4ac 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -659,6 +659,7 @@ EMACS = emacs PYTHON = python INDENTDIRS = \ + appl \ clients \ include \ kadmin \ diff --git a/src/appl/gss-sample/gss-client.c b/src/appl/gss-sample/gss-client.c index 3f86168..ad314c2 100644 --- a/src/appl/gss-sample/gss-client.c +++ b/src/appl/gss-sample/gss-client.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1994 by OpenVision Technologies, Inc. * @@ -88,8 +89,8 @@ usage() * * Arguments: * - * host (r) the target host name - * port (r) the target port, in host byte order + * host (r) the target host name + * port (r) the target port, in host byte order * * Returns: the established socket file desciptor, or -1 on failure * @@ -100,17 +101,15 @@ usage() * displayed and -1 is returned. */ static int -connect_to_server(host, port) - char *host; - u_short port; +connect_to_server(char *host, u_short port) { struct sockaddr_in saddr; struct hostent *hp; int s; if ((hp = gethostbyname(host)) == NULL) { - fprintf(stderr, "Unknown host: %s\n", host); - return -1; + fprintf(stderr, "Unknown host: %s\n", host); + return -1; } saddr.sin_family = hp->h_addrtype; @@ -118,13 +117,13 @@ connect_to_server(host, port) saddr.sin_port = htons(port); if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { - perror("creating socket"); - return -1; + perror("creating socket"); + return -1; } if (connect(s, (struct sockaddr *) &saddr, sizeof(saddr)) < 0) { - perror("connecting to server"); - (void) close(s); - return -1; + perror("connecting to server"); + (void) close(s); + return -1; } return s; } @@ -137,14 +136,14 @@ connect_to_server(host, port) * * Arguments: * - * s (r) an established TCP connection to the service - * service_name(r) the ASCII service name of the service - * gss_flags (r) GSS-API delegation flag (if any) - * auth_flag (r) whether to actually do authentication + * s (r) an established TCP connection to the service + * service_name(r) the ASCII service name of the service + * gss_flags (r) GSS-API delegation flag (if any) + * auth_flag (r) whether to actually do authentication * v1_format (r) whether the v1 sample protocol should be used - * oid (r) OID of the mechanism to use - * context (w) the established GSS-API context - * ret_flags (w) the returned flags from init_sec_context + * oid (r) OID of the mechanism to use + * context (w) the established GSS-API context + * ret_flags (w) the returned flags from init_sec_context * * Returns: 0 on success, -1 on failure * @@ -161,113 +160,110 @@ connect_to_server(host, port) * and -1 is returned. */ static int -client_establish_context(s, service_name, gss_flags, auth_flag, - v1_format, oid, gss_context, ret_flags) - int s; - char *service_name; - gss_OID oid; - OM_uint32 gss_flags; - int auth_flag; - int v1_format; - gss_ctx_id_t *gss_context; - OM_uint32 *ret_flags; +client_establish_context(int s, char *service_name, OM_uint32 gss_flags, + int auth_flag, int v1_format, gss_OID oid, + gss_ctx_id_t *gss_context, OM_uint32 *ret_flags) { if (auth_flag) { - gss_buffer_desc send_tok, recv_tok, *token_ptr; - gss_name_t target_name; - OM_uint32 maj_stat, min_stat, init_sec_min_stat; - int token_flags; - - /* - * Import the name into target_name. Use send_tok to save - * local variable space. - */ - send_tok.value = service_name; - send_tok.length = strlen(service_name); - maj_stat = gss_import_name(&min_stat, &send_tok, - (gss_OID) gss_nt_service_name, - &target_name); - if (maj_stat != GSS_S_COMPLETE) { - display_status("parsing name", maj_stat, min_stat); - return -1; - } - - if (!v1_format) { - if (send_token(s, TOKEN_NOOP | TOKEN_CONTEXT_NEXT, empty_token) < - 0) { - (void) gss_release_name(&min_stat, &target_name); - return -1; - } - } - - /* - * Perform the context-establishement loop. - * - * On each pass through the loop, token_ptr points to the token - * to send to the server (or GSS_C_NO_BUFFER on the first pass). - * Every generated token is stored in send_tok which is then - * transmitted to the server; every received token is stored in - * recv_tok, which token_ptr is then set to, to be processed by - * the next call to gss_init_sec_context. - * - * GSS-API guarantees that send_tok's length will be non-zero - * if and only if the server is expecting another token from us, - * and that gss_init_sec_context returns GSS_S_CONTINUE_NEEDED if - * and only if the server has another token to send us. - */ - - token_ptr = GSS_C_NO_BUFFER; - *gss_context = GSS_C_NO_CONTEXT; - - do { - maj_stat = gss_init_sec_context(&init_sec_min_stat, GSS_C_NO_CREDENTIAL, gss_context, target_name, oid, gss_flags, 0, NULL, /* no channel bindings */ - token_ptr, NULL, /* ignore mech type */ - &send_tok, ret_flags, NULL); /* ignore time_rec */ - - if (token_ptr != GSS_C_NO_BUFFER) - free(recv_tok.value); - - if (send_tok.length != 0) { - if (verbose) - printf("Sending init_sec_context token (size=%d)...", - (int) send_tok.length); - if (send_token(s, v1_format ? 0 : TOKEN_CONTEXT, &send_tok) < - 0) { - (void) gss_release_buffer(&min_stat, &send_tok); - (void) gss_release_name(&min_stat, &target_name); - return -1; - } - } - (void) gss_release_buffer(&min_stat, &send_tok); - - if (maj_stat != GSS_S_COMPLETE - && maj_stat != GSS_S_CONTINUE_NEEDED) { - display_status("initializing context", maj_stat, - init_sec_min_stat); - (void) gss_release_name(&min_stat, &target_name); - if (*gss_context != GSS_C_NO_CONTEXT) - gss_delete_sec_context(&min_stat, gss_context, - GSS_C_NO_BUFFER); - return -1; - } - - if (maj_stat == GSS_S_CONTINUE_NEEDED) { - if (verbose) - printf("continue needed..."); - if (recv_token(s, &token_flags, &recv_tok) < 0) { - (void) gss_release_name(&min_stat, &target_name); - return -1; - } - token_ptr = &recv_tok; - } - if (verbose) - printf("\n"); - } while (maj_stat == GSS_S_CONTINUE_NEEDED); - - (void) gss_release_name(&min_stat, &target_name); + gss_buffer_desc send_tok, recv_tok, *token_ptr; + gss_name_t target_name; + OM_uint32 maj_stat, min_stat, init_sec_min_stat; + int token_flags; + + /* + * Import the name into target_name. Use send_tok to save + * local variable space. + */ + send_tok.value = service_name; + send_tok.length = strlen(service_name); + maj_stat = gss_import_name(&min_stat, &send_tok, + (gss_OID) gss_nt_service_name, + &target_name); + if (maj_stat != GSS_S_COMPLETE) { + display_status("parsing name", maj_stat, min_stat); + return -1; + } + + if (!v1_format) { + if (send_token(s, TOKEN_NOOP | TOKEN_CONTEXT_NEXT, empty_token) < + 0) { + (void) gss_release_name(&min_stat, &target_name); + return -1; + } + } + + /* + * Perform the context-establishement loop. + * + * On each pass through the loop, token_ptr points to the token + * to send to the server (or GSS_C_NO_BUFFER on the first pass). + * Every generated token is stored in send_tok which is then + * transmitted to the server; every received token is stored in + * recv_tok, which token_ptr is then set to, to be processed by + * the next call to gss_init_sec_context. + * + * GSS-API guarantees that send_tok's length will be non-zero + * if and only if the server is expecting another token from us, + * and that gss_init_sec_context returns GSS_S_CONTINUE_NEEDED if + * and only if the server has another token to send us. + */ + + token_ptr = GSS_C_NO_BUFFER; + *gss_context = GSS_C_NO_CONTEXT; + + do { + maj_stat = gss_init_sec_context(&init_sec_min_stat, + GSS_C_NO_CREDENTIAL, gss_context, + target_name, oid, gss_flags, 0, + NULL, /* channel bindings */ + token_ptr, NULL, /* mech type */ + &send_tok, ret_flags, + NULL); /* time_rec */ + + if (token_ptr != GSS_C_NO_BUFFER) + free(recv_tok.value); + + if (send_tok.length != 0) { + if (verbose) + printf("Sending init_sec_context token (size=%d)...", + (int) send_tok.length); + if (send_token(s, v1_format ? 0 : TOKEN_CONTEXT, &send_tok) < + 0) { + (void) gss_release_buffer(&min_stat, &send_tok); + (void) gss_release_name(&min_stat, &target_name); + return -1; + } + } + (void) gss_release_buffer(&min_stat, &send_tok); + + if (maj_stat != GSS_S_COMPLETE + && maj_stat != GSS_S_CONTINUE_NEEDED) { + display_status("initializing context", maj_stat, + init_sec_min_stat); + (void) gss_release_name(&min_stat, &target_name); + if (*gss_context != GSS_C_NO_CONTEXT) + gss_delete_sec_context(&min_stat, gss_context, + GSS_C_NO_BUFFER); + return -1; + } + + if (maj_stat == GSS_S_CONTINUE_NEEDED) { + if (verbose) + printf("continue needed..."); + if (recv_token(s, &token_flags, &recv_tok) < 0) { + (void) gss_release_name(&min_stat, &target_name); + return -1; + } + token_ptr = &recv_tok; + } + if (verbose) + printf("\n"); + } while (maj_stat == GSS_S_CONTINUE_NEEDED); + + (void) gss_release_name(&min_stat, &target_name); } else { - if (send_token(s, TOKEN_NOOP, empty_token) < 0) - return -1; + if (send_token(s, TOKEN_NOOP, empty_token) < 0) + return -1; } return 0; @@ -282,25 +278,25 @@ read_file(file_name, in_buf) struct stat stat_buf; if ((fd = open(file_name, O_RDONLY, 0)) < 0) { - perror("open"); - fprintf(stderr, "Couldn't open file %s\n", file_name); - exit(1); + perror("open"); + fprintf(stderr, "Couldn't open file %s\n", file_name); + exit(1); } if (fstat(fd, &stat_buf) < 0) { - perror("fstat"); - exit(1); + perror("fstat"); + exit(1); } in_buf->length = stat_buf.st_size; if (in_buf->length == 0) { - in_buf->value = NULL; - return; + in_buf->value = NULL; + return; } if ((in_buf->value = malloc(in_buf->length)) == 0) { - fprintf(stderr, "Couldn't allocate %d byte buffer for reading file\n", - (int) in_buf->length); - exit(1); + fprintf(stderr, "Couldn't allocate %d byte buffer for reading file\n", + (int) in_buf->length); + exit(1); } /* this code used to check for incomplete reads, but you can't get @@ -308,12 +304,12 @@ read_file(file_name, in_buf) count = read(fd, in_buf->value, in_buf->length); if (count < 0) { - perror("read"); - exit(1); + perror("read"); + exit(1); } if (count < in_buf->length) - fprintf(stderr, "Warning, only read in %d bytes, expected %d\n", - count, (int) in_buf->length); + fprintf(stderr, "Warning, only read in %d bytes, expected %d\n", + count, (int) in_buf->length); } /* @@ -323,17 +319,17 @@ read_file(file_name, in_buf) * * Arguments: * - * host (r) the host providing the service - * port (r) the port to connect to on host - * service_name (r) the GSS-API service name to authenticate to - * gss_flags (r) GSS-API delegation flag (if any) - * auth_flag (r) whether to do authentication - * wrap_flag (r) whether to do message wrapping at all - * encrypt_flag (r) whether to do encryption while wrapping - * mic_flag (r) whether to request a MIC from the server - * msg (r) the message to have "signed" - * use_file (r) whether to treat msg as an input file name - * mcount (r) the number of times to send the message + * host (r) the host providing the service + * port (r) the port to connect to on host + * service_name (r) the GSS-API service name to authenticate to + * gss_flags (r) GSS-API delegation flag (if any) + * auth_flag (r) whether to do authentication + * wrap_flag (r) whether to do message wrapping at all + * encrypt_flag (r) whether to do encryption while wrapping + * mic_flag (r) whether to request a MIC from the server + * msg (r) the message to have "signed" + * use_file (r) whether to treat msg as an input file name + * mcount (r) the number of times to send the message * * Returns: 0 on success, -1 on failure * @@ -347,8 +343,8 @@ read_file(file_name, in_buf) * otherwise 0 is returned. */ static int call_server(host, port, oid, service_name, gss_flags, auth_flag, - wrap_flag, encrypt_flag, mic_flag, v1_format, msg, use_file, - mcount) + wrap_flag, encrypt_flag, mic_flag, v1_format, msg, use_file, + mcount) char *host; u_short port; gss_OID oid; @@ -380,184 +376,184 @@ call_server(host, port, oid, service_name, gss_flags, auth_flag, /* Open connection */ if ((s = connect_to_server(host, port)) < 0) - return -1; + return -1; /* Establish context */ if (client_establish_context(s, service_name, gss_flags, auth_flag, - v1_format, oid, &context, &ret_flags) < 0) { - (void) close(s); - return -1; + v1_format, oid, &context, &ret_flags) < 0) { + (void) close(s); + return -1; } if (auth_flag && verbose) { - /* display the flags */ - display_ctx_flags(ret_flags); - - /* Get context information */ - maj_stat = gss_inquire_context(&min_stat, context, - &src_name, &targ_name, &lifetime, - &mechanism, &context_flags, - &is_local, &is_open); - if (maj_stat != GSS_S_COMPLETE) { - display_status("inquiring context", maj_stat, min_stat); - return -1; - } - - maj_stat = gss_display_name(&min_stat, src_name, &sname, &name_type); - if (maj_stat != GSS_S_COMPLETE) { - display_status("displaying source name", maj_stat, min_stat); - return -1; - } - maj_stat = gss_display_name(&min_stat, targ_name, &tname, - (gss_OID *) NULL); - if (maj_stat != GSS_S_COMPLETE) { - display_status("displaying target name", maj_stat, min_stat); - return -1; - } - printf("\"%.*s\" to \"%.*s\", lifetime %d, flags %x, %s, %s\n", - (int) sname.length, (char *) sname.value, - (int) tname.length, (char *) tname.value, lifetime, - context_flags, - (is_local) ? "locally initiated" : "remotely initiated", - (is_open) ? "open" : "closed"); - - (void) gss_release_name(&min_stat, &src_name); - (void) gss_release_name(&min_stat, &targ_name); - (void) gss_release_buffer(&min_stat, &sname); - (void) gss_release_buffer(&min_stat, &tname); - - maj_stat = gss_oid_to_str(&min_stat, name_type, &oid_name); - if (maj_stat != GSS_S_COMPLETE) { - display_status("converting oid->string", maj_stat, min_stat); - return -1; - } - printf("Name type of source name is %.*s.\n", - (int) oid_name.length, (char *) oid_name.value); - (void) gss_release_buffer(&min_stat, &oid_name); - - /* Now get the names supported by the mechanism */ - maj_stat = gss_inquire_names_for_mech(&min_stat, - mechanism, &mech_names); - if (maj_stat != GSS_S_COMPLETE) { - display_status("inquiring mech names", maj_stat, min_stat); - return -1; - } - - maj_stat = gss_oid_to_str(&min_stat, mechanism, &oid_name); - if (maj_stat != GSS_S_COMPLETE) { - display_status("converting oid->string", maj_stat, min_stat); - return -1; - } - printf("Mechanism %.*s supports %d names\n", - (int) oid_name.length, (char *) oid_name.value, - (int) mech_names->count); - (void) gss_release_buffer(&min_stat, &oid_name); - - for (i = 0; i < mech_names->count; i++) { - maj_stat = gss_oid_to_str(&min_stat, - &mech_names->elements[i], &oid_name); - if (maj_stat != GSS_S_COMPLETE) { - display_status("converting oid->string", maj_stat, min_stat); - return -1; - } - printf(" %d: %.*s\n", (int) i, - (int) oid_name.length, (char *) oid_name.value); - - (void) gss_release_buffer(&min_stat, &oid_name); - } - (void) gss_release_oid_set(&min_stat, &mech_names); + /* display the flags */ + display_ctx_flags(ret_flags); + + /* Get context information */ + maj_stat = gss_inquire_context(&min_stat, context, + &src_name, &targ_name, &lifetime, + &mechanism, &context_flags, + &is_local, &is_open); + if (maj_stat != GSS_S_COMPLETE) { + display_status("inquiring context", maj_stat, min_stat); + return -1; + } + + maj_stat = gss_display_name(&min_stat, src_name, &sname, &name_type); + if (maj_stat != GSS_S_COMPLETE) { + display_status("displaying source name", maj_stat, min_stat); + return -1; + } + maj_stat = gss_display_name(&min_stat, targ_name, &tname, + (gss_OID *) NULL); + if (maj_stat != GSS_S_COMPLETE) { + display_status("displaying target name", maj_stat, min_stat); + return -1; + } + printf("\"%.*s\" to \"%.*s\", lifetime %d, flags %x, %s, %s\n", + (int) sname.length, (char *) sname.value, + (int) tname.length, (char *) tname.value, lifetime, + context_flags, + (is_local) ? "locally initiated" : "remotely initiated", + (is_open) ? "open" : "closed"); + + (void) gss_release_name(&min_stat, &src_name); + (void) gss_release_name(&min_stat, &targ_name); + (void) gss_release_buffer(&min_stat, &sname); + (void) gss_release_buffer(&min_stat, &tname); + + maj_stat = gss_oid_to_str(&min_stat, name_type, &oid_name); + if (maj_stat != GSS_S_COMPLETE) { + display_status("converting oid->string", maj_stat, min_stat); + return -1; + } + printf("Name type of source name is %.*s.\n", + (int) oid_name.length, (char *) oid_name.value); + (void) gss_release_buffer(&min_stat, &oid_name); + + /* Now get the names supported by the mechanism */ + maj_stat = gss_inquire_names_for_mech(&min_stat, + mechanism, &mech_names); + if (maj_stat != GSS_S_COMPLETE) { + display_status("inquiring mech names", maj_stat, min_stat); + return -1; + } + + maj_stat = gss_oid_to_str(&min_stat, mechanism, &oid_name); + if (maj_stat != GSS_S_COMPLETE) { + display_status("converting oid->string", maj_stat, min_stat); + return -1; + } + printf("Mechanism %.*s supports %d names\n", + (int) oid_name.length, (char *) oid_name.value, + (int) mech_names->count); + (void) gss_release_buffer(&min_stat, &oid_name); + + for (i = 0; i < mech_names->count; i++) { + maj_stat = gss_oid_to_str(&min_stat, + &mech_names->elements[i], &oid_name); + if (maj_stat != GSS_S_COMPLETE) { + display_status("converting oid->string", maj_stat, min_stat); + return -1; + } + printf(" %d: %.*s\n", (int) i, + (int) oid_name.length, (char *) oid_name.value); + + (void) gss_release_buffer(&min_stat, &oid_name); + } + (void) gss_release_oid_set(&min_stat, &mech_names); } if (use_file) { - read_file(msg, &in_buf); + read_file(msg, &in_buf); } else { - /* Seal the message */ - in_buf.value = msg; - in_buf.length = strlen(msg); + /* Seal the message */ + in_buf.value = msg; + in_buf.length = strlen(msg); } for (i = 0; i < mcount; i++) { - if (wrap_flag) { - maj_stat = - gss_wrap(&min_stat, context, encrypt_flag, GSS_C_QOP_DEFAULT, - &in_buf, &state, &out_buf); - if (maj_stat != GSS_S_COMPLETE) { - display_status("wrapping message", maj_stat, min_stat); - (void) close(s); - (void) gss_delete_sec_context(&min_stat, &context, - GSS_C_NO_BUFFER); - return -1; - } else if (encrypt_flag && !state) { - fprintf(stderr, "Warning! Message not encrypted.\n"); - } - } else { - out_buf = in_buf; - } - - /* Send to server */ - if (send_token(s, (v1_format ? 0 - : (TOKEN_DATA | - (wrap_flag ? TOKEN_WRAPPED : 0) | - (encrypt_flag ? TOKEN_ENCRYPTED : 0) | - (mic_flag ? TOKEN_SEND_MIC : 0))), - &out_buf) < 0) { - (void) close(s); - (void) gss_delete_sec_context(&min_stat, &context, - GSS_C_NO_BUFFER); - return -1; - } - if (out_buf.value != in_buf.value) - (void) gss_release_buffer(&min_stat, &out_buf); - - /* Read signature block into out_buf */ - if (recv_token(s, &token_flags, &out_buf) < 0) { - (void) close(s); - (void) gss_delete_sec_context(&min_stat, &context, - GSS_C_NO_BUFFER); - return -1; - } - - if (mic_flag) { - /* Verify signature block */ - maj_stat = gss_verify_mic(&min_stat, context, &in_buf, - &out_buf, &qop_state); - if (maj_stat != GSS_S_COMPLETE) { - display_status("verifying signature", maj_stat, min_stat); - (void) close(s); - (void) gss_delete_sec_context(&min_stat, &context, - GSS_C_NO_BUFFER); - return -1; - } - - if (verbose) - printf("Signature verified.\n"); - } else { - if (verbose) - printf("Response received.\n"); - } - - free(out_buf.value); + if (wrap_flag) { + maj_stat = + gss_wrap(&min_stat, context, encrypt_flag, GSS_C_QOP_DEFAULT, + &in_buf, &state, &out_buf); + if (maj_stat != GSS_S_COMPLETE) { + display_status("wrapping message", maj_stat, min_stat); + (void) close(s); + (void) gss_delete_sec_context(&min_stat, &context, + GSS_C_NO_BUFFER); + return -1; + } else if (encrypt_flag && !state) { + fprintf(stderr, "Warning! Message not encrypted.\n"); + } + } else { + out_buf = in_buf; + } + + /* Send to server */ + if (send_token(s, (v1_format ? 0 + : (TOKEN_DATA | + (wrap_flag ? TOKEN_WRAPPED : 0) | + (encrypt_flag ? TOKEN_ENCRYPTED : 0) | + (mic_flag ? TOKEN_SEND_MIC : 0))), + &out_buf) < 0) { + (void) close(s); + (void) gss_delete_sec_context(&min_stat, &context, + GSS_C_NO_BUFFER); + return -1; + } + if (out_buf.value != in_buf.value) + (void) gss_release_buffer(&min_stat, &out_buf); + + /* Read signature block into out_buf */ + if (recv_token(s, &token_flags, &out_buf) < 0) { + (void) close(s); + (void) gss_delete_sec_context(&min_stat, &context, + GSS_C_NO_BUFFER); + return -1; + } + + if (mic_flag) { + /* Verify signature block */ + maj_stat = gss_verify_mic(&min_stat, context, &in_buf, + &out_buf, &qop_state); + if (maj_stat != GSS_S_COMPLETE) { + display_status("verifying signature", maj_stat, min_stat); + (void) close(s); + (void) gss_delete_sec_context(&min_stat, &context, + GSS_C_NO_BUFFER); + return -1; + } + + if (verbose) + printf("Signature verified.\n"); + } else { + if (verbose) + printf("Response received.\n"); + } + + free(out_buf.value); } if (use_file) - free(in_buf.value); + free(in_buf.value); /* Send NOOP */ if (!v1_format) - (void) send_token(s, TOKEN_NOOP, empty_token); + (void) send_token(s, TOKEN_NOOP, empty_token); if (auth_flag) { - /* Delete context */ - maj_stat = gss_delete_sec_context(&min_stat, &context, &out_buf); - if (maj_stat != GSS_S_COMPLETE) { - display_status("deleting context", maj_stat, min_stat); - (void) close(s); - (void) gss_delete_sec_context(&min_stat, &context, - GSS_C_NO_BUFFER); - return -1; - } - - (void) gss_release_buffer(&min_stat, &out_buf); + /* Delete context */ + maj_stat = gss_delete_sec_context(&min_stat, &context, &out_buf); + if (maj_stat != GSS_S_COMPLETE) { + display_status("deleting context", maj_stat, min_stat); + (void) close(s); + (void) gss_delete_sec_context(&min_stat, &context, + GSS_C_NO_BUFFER); + return -1; + } + + (void) gss_release_buffer(&min_stat, &out_buf); } (void) close(s); @@ -573,29 +569,29 @@ parse_oid(char *mechanism, gss_OID * oid) size_t i, mechlen = strlen(mechanism); if (isdigit((int) mechanism[0])) { - mechstr = malloc(mechlen + 5); - if (!mechstr) { - fprintf(stderr, "Couldn't allocate mechanism scratch!\n"); - return; - } - mechstr[0] = '{'; - mechstr[1] = ' '; - for (i = 0; i < mechlen; i++) - mechstr[i + 2] = (mechanism[i] == '.') ? ' ' : mechanism[i]; - mechstr[mechlen + 2] = ' '; - mechstr[mechlen + 3] = ' '; - mechstr[mechlen + 4] = '\0'; - tok.value = mechstr; + mechstr = malloc(mechlen + 5); + if (!mechstr) { + fprintf(stderr, "Couldn't allocate mechanism scratch!\n"); + return; + } + mechstr[0] = '{'; + mechstr[1] = ' '; + for (i = 0; i < mechlen; i++) + mechstr[i + 2] = (mechanism[i] == '.') ? ' ' : mechanism[i]; + mechstr[mechlen + 2] = ' '; + mechstr[mechlen + 3] = ' '; + mechstr[mechlen + 4] = '\0'; + tok.value = mechstr; } else - tok.value = mechanism; + tok.value = mechanism; tok.length = strlen(tok.value); maj_stat = gss_str_to_oid(&min_stat, &tok, oid); if (maj_stat != GSS_S_COMPLETE) { - display_status("str_to_oid", maj_stat, min_stat); - return; + display_status("str_to_oid", maj_stat, min_stat); + return; } if (mechstr) - free(mechstr); + free(mechstr); } static int max_threads = 1; @@ -623,23 +619,23 @@ BOOL WaitAndIncrementThreadCounter(void) { for (;;) { - if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) { - if (thread_count < max_threads) { - thread_count++; - ReleaseMutex(hMutex); - return TRUE; - } else { - ReleaseMutex(hMutex); - - if (WaitForSingleObject(hEvent, INFINITE) == WAIT_OBJECT_0) { - continue; - } else { - return FALSE; - } - } - } else { - return FALSE; - } + if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) { + if (thread_count < max_threads) { + thread_count++; + ReleaseMutex(hMutex); + return TRUE; + } else { + ReleaseMutex(hMutex); + + if (WaitForSingleObject(hEvent, INFINITE) == WAIT_OBJECT_0) { + continue; + } else { + return FALSE; + } + } + } else { + return FALSE; + } } } @@ -647,13 +643,13 @@ BOOL DecrementAndSignalThreadCounter(void) { if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) { - if (thread_count == max_threads) - ResetEvent(hEvent); - thread_count--; - ReleaseMutex(hMutex); - return TRUE; + if (thread_count == max_threads) + ResetEvent(hEvent); + thread_count--; + ReleaseMutex(hMutex); + return TRUE; } else { - return FALSE; + return FALSE; } } #endif @@ -672,13 +668,13 @@ static void worker_bee(void *unused) { if (call_server(server_host, port, oid, service_name, - gss_flags, auth_flag, wrap_flag, encrypt_flag, mic_flag, - v1_format, msg, use_file, mcount) < 0) - exit(1); + gss_flags, auth_flag, wrap_flag, encrypt_flag, mic_flag, + v1_format, msg, use_file, mcount) < 0) + exit(1); #ifdef _WIN32 if (max_threads > 1) - DecrementAndSignalThreadCounter(); + DecrementAndSignalThreadCounter(); #endif } @@ -697,78 +693,78 @@ main(argc, argv) argc--; argv++; while (argc) { - if (strcmp(*argv, "-port") == 0) { - argc--; - argv++; - if (!argc) - usage(); - port = atoi(*argv); - } else if (strcmp(*argv, "-mech") == 0) { - argc--; - argv++; - if (!argc) - usage(); - mechanism = *argv; - } + if (strcmp(*argv, "-port") == 0) { + argc--; + argv++; + if (!argc) + usage(); + port = atoi(*argv); + } else if (strcmp(*argv, "-mech") == 0) { + argc--; + argv++; + if (!argc) + usage(); + mechanism = *argv; + } #ifdef _WIN32 - else if (strcmp(*argv, "-threads") == 0) { - argc--; - argv++; - if (!argc) - usage(); - max_threads = atoi(*argv); - } + else if (strcmp(*argv, "-threads") == 0) { + argc--; + argv++; + if (!argc) + usage(); + max_threads = atoi(*argv); + } #endif - else if (strcmp(*argv, "-d") == 0) { - gss_flags |= GSS_C_DELEG_FLAG; - } else if (strcmp(*argv, "-seq") == 0) { - gss_flags |= GSS_C_SEQUENCE_FLAG; - } else if (strcmp(*argv, "-noreplay") == 0) { - gss_flags &= ~GSS_C_REPLAY_FLAG; - } else if (strcmp(*argv, "-nomutual") == 0) { - gss_flags &= ~GSS_C_MUTUAL_FLAG; - } else if (strcmp(*argv, "-f") == 0) { - use_file = 1; - } else if (strcmp(*argv, "-q") == 0) { - verbose = 0; - } else if (strcmp(*argv, "-ccount") == 0) { - argc--; - argv++; - if (!argc) - usage(); - ccount = atoi(*argv); - if (ccount <= 0) - usage(); - } else if (strcmp(*argv, "-mcount") == 0) { - argc--; - argv++; - if (!argc) - usage(); - mcount = atoi(*argv); - if (mcount < 0) - usage(); - } else if (strcmp(*argv, "-na") == 0) { - auth_flag = wrap_flag = encrypt_flag = mic_flag = 0; - } else if (strcmp(*argv, "-nw") == 0) { - wrap_flag = 0; - } else if (strcmp(*argv, "-nx") == 0) { - encrypt_flag = 0; - } else if (strcmp(*argv, "-nm") == 0) { - mic_flag = 0; - } else if (strcmp(*argv, "-v1") == 0) { - v1_format = 1; - } else - break; - argc--; - argv++; + else if (strcmp(*argv, "-d") == 0) { + gss_flags |= GSS_C_DELEG_FLAG; + } else if (strcmp(*argv, "-seq") == 0) { + gss_flags |= GSS_C_SEQUENCE_FLAG; + } else if (strcmp(*argv, "-noreplay") == 0) { + gss_flags &= ~GSS_C_REPLAY_FLAG; + } else if (strcmp(*argv, "-nomutual") == 0) { + gss_flags &= ~GSS_C_MUTUAL_FLAG; + } else if (strcmp(*argv, "-f") == 0) { + use_file = 1; + } else if (strcmp(*argv, "-q") == 0) { + verbose = 0; + } else if (strcmp(*argv, "-ccount") == 0) { + argc--; + argv++; + if (!argc) + usage(); + ccount = atoi(*argv); + if (ccount <= 0) + usage(); + } else if (strcmp(*argv, "-mcount") == 0) { + argc--; + argv++; + if (!argc) + usage(); + mcount = atoi(*argv); + if (mcount < 0) + usage(); + } else if (strcmp(*argv, "-na") == 0) { + auth_flag = wrap_flag = encrypt_flag = mic_flag = 0; + } else if (strcmp(*argv, "-nw") == 0) { + wrap_flag = 0; + } else if (strcmp(*argv, "-nx") == 0) { + encrypt_flag = 0; + } else if (strcmp(*argv, "-nm") == 0) { + mic_flag = 0; + } else if (strcmp(*argv, "-v1") == 0) { + v1_format = 1; + } else + break; + argc--; + argv++; } if (argc != 3) - usage(); + usage(); #ifdef _WIN32 if (max_threads < 1) { - fprintf(stderr, "warning: there must be at least one thread\n"); - max_threads = 1; + fprintf(stderr, "warning: there must be at least one thread\n"); + max_threads = 1; } #endif @@ -777,32 +773,32 @@ main(argc, argv) msg = *argv++; if (mechanism) - parse_oid(mechanism, &oid); + parse_oid(mechanism, &oid); if (max_threads == 1) { - for (i = 0; i < ccount; i++) { - worker_bee(0); - } + for (i = 0; i < ccount; i++) { + worker_bee(0); + } } else { #ifdef _WIN32 - for (i = 0; i < ccount; i++) { - if (WaitAndIncrementThreadCounter()) { - uintptr_t handle = _beginthread(worker_bee, 0, (void *) 0); - if (handle == (uintptr_t) - 1) { - exit(1); - } - } else { - exit(1); - } - } + for (i = 0; i < ccount; i++) { + if (WaitAndIncrementThreadCounter()) { + uintptr_t handle = _beginthread(worker_bee, 0, (void *) 0); + if (handle == (uintptr_t) - 1) { + exit(1); + } + } else { + exit(1); + } + } #else - /* boom */ - assert(max_threads == 1); + /* boom */ + assert(max_threads == 1); #endif } if (oid != GSS_C_NULL_OID) - (void) gss_release_oid(&min_stat, &oid); + (void) gss_release_oid(&min_stat, &oid); #ifdef _WIN32 CleanupHandles(); diff --git a/src/appl/gss-sample/gss-misc.c b/src/appl/gss-sample/gss-misc.c index 3abb0ce..77a0a61 100644 --- a/src/appl/gss-sample/gss-misc.c +++ b/src/appl/gss-sample/gss-misc.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1994 by OpenVision Technologies, Inc. * @@ -95,14 +96,14 @@ write_all(int fildes, char *buf, unsigned int nbyte) char *ptr; for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) { - ret = send(fildes, ptr, nbyte, 0); - if (ret < 0) { - if (errno == EINTR) - continue; - return (ret); - } else if (ret == 0) { - return (ptr - buf); - } + ret = send(fildes, ptr, nbyte, 0); + if (ret < 0) { + if (errno == EINTR) + continue; + return (ret); + } else if (ret == 0) { + return (ptr - buf); + } } return (ptr - buf); @@ -122,17 +123,17 @@ read_all(int fildes, char *buf, unsigned int nbyte) tv.tv_usec = 0; for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) { - if (select(FD_SETSIZE, &rfds, NULL, NULL, &tv) <= 0 - || !FD_ISSET(fildes, &rfds)) - return (ptr - buf); - ret = recv(fildes, ptr, nbyte, 0); - if (ret < 0) { - if (errno == EINTR) - continue; - return (ret); - } else if (ret == 0) { - return (ptr - buf); - } + if (select(FD_SETSIZE, &rfds, NULL, NULL, &tv) <= 0 + || !FD_ISSET(fildes, &rfds)) + return (ptr - buf); + ret = recv(fildes, ptr, nbyte, 0); + if (ret < 0) { + if (errno == EINTR) + continue; + return (ret); + } else if (ret == 0) { + return (ptr - buf); + } } return (ptr - buf); @@ -145,9 +146,9 @@ read_all(int fildes, char *buf, unsigned int nbyte) * * Arguments: * - * s (r) an open file descriptor - * flags (r) the flags to write - * tok (r) the token to write + * s (r) an open file descriptor + * flags (r) the flags to write + * tok (r) the token to write * * Returns: 0 on success, -1 on failure * @@ -170,14 +171,14 @@ send_token(s, flags, tok) unsigned char lenbuf[4]; if (char_flags) { - ret = write_all(s, (char *) &char_flags, 1); - if (ret != 1) { - perror("sending token flags"); - return -1; - } + ret = write_all(s, (char *) &char_flags, 1); + if (ret != 1) { + perror("sending token flags"); + return -1; + } } if (tok->length > 0xffffffffUL) - abort(); + abort(); lenbuf[0] = (tok->length >> 24) & 0xff; lenbuf[1] = (tok->length >> 16) & 0xff; lenbuf[2] = (tok->length >> 8) & 0xff; @@ -185,25 +186,25 @@ send_token(s, flags, tok) ret = write_all(s, lenbuf, 4); if (ret < 0) { - perror("sending token length"); - return -1; + perror("sending token length"); + return -1; } else if (ret != 4) { - if (display_file) - fprintf(display_file, - "sending token length: %d of %d bytes written\n", ret, 4); - return -1; + if (display_file) + fprintf(display_file, + "sending token length: %d of %d bytes written\n", ret, 4); + return -1; } ret = write_all(s, tok->value, tok->length); if (ret < 0) { - perror("sending token data"); - return -1; + perror("sending token data"); + return -1; } else if (ret != tok->length) { - if (display_file) - fprintf(display_file, - "sending token data: %d of %d bytes written\n", - ret, (int) tok->length); - return -1; + if (display_file) + fprintf(display_file, + "sending token data: %d of %d bytes written\n", + ret, (int) tok->length); + return -1; } return 0; @@ -216,9 +217,9 @@ send_token(s, flags, tok) * * Arguments: * - * s (r) an open file descriptor - * flags (w) the read flags - * tok (w) the read token + * s (r) an open file descriptor + * flags (w) the read flags + * tok (w) the read token * * Returns: 0 on success, -1 on failure * @@ -244,62 +245,62 @@ recv_token(s, flags, tok) ret = read_all(s, (char *) &char_flags, 1); if (ret < 0) { - perror("reading token flags"); - return -1; + perror("reading token flags"); + return -1; } else if (!ret) { - if (display_file) - fputs("reading token flags: 0 bytes read\n", display_file); - return -1; + if (display_file) + fputs("reading token flags: 0 bytes read\n", display_file); + return -1; } else { - *flags = (int) char_flags; + *flags = (int) char_flags; } if (char_flags == 0) { - lenbuf[0] = 0; - ret = read_all(s, &lenbuf[1], 3); - if (ret < 0) { - perror("reading token length"); - return -1; - } else if (ret != 3) { - if (display_file) - fprintf(display_file, - "reading token length: %d of %d bytes read\n", ret, 3); - return -1; - } + lenbuf[0] = 0; + ret = read_all(s, &lenbuf[1], 3); + if (ret < 0) { + perror("reading token length"); + return -1; + } else if (ret != 3) { + if (display_file) + fprintf(display_file, + "reading token length: %d of %d bytes read\n", ret, 3); + return -1; + } } else { - ret = read_all(s, lenbuf, 4); - if (ret < 0) { - perror("reading token length"); - return -1; - } else if (ret != 4) { - if (display_file) - fprintf(display_file, - "reading token length: %d of %d bytes read\n", ret, 4); - return -1; - } + ret = read_all(s, lenbuf, 4); + if (ret < 0) { + perror("reading token length"); + return -1; + } else if (ret != 4) { + if (display_file) + fprintf(display_file, + "reading token length: %d of %d bytes read\n", ret, 4); + return -1; + } } tok->length = ((lenbuf[0] << 24) - | (lenbuf[1] << 16) - | (lenbuf[2] << 8) - | lenbuf[3]); + | (lenbuf[1] << 16) + | (lenbuf[2] << 8) + | lenbuf[3]); tok->value = (char *) malloc(tok->length ? tok->length : 1); if (tok->length && tok->value == NULL) { - if (display_file) - fprintf(display_file, "Out of memory allocating token data\n"); - return -1; + if (display_file) + fprintf(display_file, "Out of memory allocating token data\n"); + return -1; } ret = read_all(s, (char *) tok->value, tok->length); if (ret < 0) { - perror("reading token data"); - free(tok->value); - return -1; + perror("reading token data"); + free(tok->value); + return -1; } else if (ret != tok->length) { - fprintf(stderr, "sending token data: %d of %d bytes written\n", - ret, (int) tok->length); - free(tok->value); - return -1; + fprintf(stderr, "sending token data: %d of %d bytes written\n", + ret, (int) tok->length); + free(tok->value); + return -1; } return 0; @@ -317,15 +318,15 @@ display_status_1(m, code, type) msg_ctx = 0; while (1) { - maj_stat = gss_display_status(&min_stat, code, - type, GSS_C_NULL_OID, &msg_ctx, &msg); - if (display_file) - fprintf(display_file, "GSS-API error %s: %s\n", m, - (char *) msg.value); - (void) gss_release_buffer(&min_stat, &msg); - - if (!msg_ctx) - break; + maj_stat = gss_display_status(&min_stat, code, + type, GSS_C_NULL_OID, &msg_ctx, &msg); + if (display_file) + fprintf(display_file, "GSS-API error %s: %s\n", m, + (char *) msg.value); + (void) gss_release_buffer(&min_stat, &msg); + + if (!msg_ctx) + break; } } @@ -336,9 +337,9 @@ display_status_1(m, code, type) * * Arguments: * - * msg a string to be displayed with the message - * maj_stat the GSS-API major status code - * min_stat the GSS-API minor status code + * msg a string to be displayed with the message + * maj_stat the GSS-API major status code + * min_stat the GSS-API minor status code * * Effects: * @@ -360,11 +361,11 @@ display_status(msg, maj_stat, min_stat) * Function: display_ctx_flags * * Purpose: displays the flags returned by context initation in - * a human-readable form + * a human-readable form * * Arguments: * - * int ret_flags + * int ret_flags * * Effects: * @@ -377,17 +378,17 @@ display_ctx_flags(flags) OM_uint32 flags; { if (flags & GSS_C_DELEG_FLAG) - fprintf(display_file, "context flag: GSS_C_DELEG_FLAG\n"); + fprintf(display_file, "context flag: GSS_C_DELEG_FLAG\n"); if (flags & GSS_C_MUTUAL_FLAG) - fprintf(display_file, "context flag: GSS_C_MUTUAL_FLAG\n"); + fprintf(display_file, "context flag: GSS_C_MUTUAL_FLAG\n"); if (flags & GSS_C_REPLAY_FLAG) - fprintf(display_file, "context flag: GSS_C_REPLAY_FLAG\n"); + fprintf(display_file, "context flag: GSS_C_REPLAY_FLAG\n"); if (flags & GSS_C_SEQUENCE_FLAG) - fprintf(display_file, "context flag: GSS_C_SEQUENCE_FLAG\n"); + fprintf(display_file, "context flag: GSS_C_SEQUENCE_FLAG\n"); if (flags & GSS_C_CONF_FLAG) - fprintf(display_file, "context flag: GSS_C_CONF_FLAG \n"); + fprintf(display_file, "context flag: GSS_C_CONF_FLAG \n"); if (flags & GSS_C_INTEG_FLAG) - fprintf(display_file, "context flag: GSS_C_INTEG_FLAG \n"); + fprintf(display_file, "context flag: GSS_C_INTEG_FLAG \n"); } void @@ -398,12 +399,12 @@ print_token(tok) unsigned char *p = tok->value; if (!display_file) - return; + return; for (i = 0; i < tok->length; i++, p++) { - fprintf(display_file, "%02x ", *p); - if ((i % 16) == 15) { - fprintf(display_file, "\n"); - } + fprintf(display_file, "%02x ", *p); + if ((i % 16) == 15) { + fprintf(display_file, "\n"); + } } fprintf(display_file, "\n"); fflush(display_file); @@ -420,8 +421,8 @@ gettimeofday(struct timeval *tv, void *ignore_tz) _tzset(); _ftime(&tb); if (tv) { - tv->tv_sec = tb.time; - tv->tv_usec = tb.millitm * 1000; + tv->tv_sec = tb.time; + tv->tv_usec = tb.millitm * 1000; } return 0; } diff --git a/src/appl/gss-sample/gss-misc.h b/src/appl/gss-sample/gss-misc.h index 77d8190..98bcc22 100644 --- a/src/appl/gss-sample/gss-misc.h +++ b/src/appl/gss-sample/gss-misc.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1994 by OpenVision Technologies, Inc. * @@ -32,28 +33,23 @@ extern FILE *display_file; -int send_token - (int s, int flags, gss_buffer_t tok); -int recv_token - (int s, int *flags, gss_buffer_t tok); -void display_status - (char *msg, OM_uint32 maj_stat, OM_uint32 min_stat); -void display_ctx_flags - (OM_uint32 flags); -void print_token - (gss_buffer_t tok); +int send_token(int s, int flags, gss_buffer_t tok); +int recv_token(int s, int *flags, gss_buffer_t tok); +void display_status(char *msg, OM_uint32 maj_stat, OM_uint32 min_stat); +void display_ctx_flags(OM_uint32 flags); +void print_token(gss_buffer_t tok); /* Token types */ -#define TOKEN_NOOP (1<<0) -#define TOKEN_CONTEXT (1<<1) -#define TOKEN_DATA (1<<2) -#define TOKEN_MIC (1<<3) +#define TOKEN_NOOP (1<<0) +#define TOKEN_CONTEXT (1<<1) +#define TOKEN_DATA (1<<2) +#define TOKEN_MIC (1<<3) /* Token flags */ -#define TOKEN_CONTEXT_NEXT (1<<4) -#define TOKEN_WRAPPED (1<<5) -#define TOKEN_ENCRYPTED (1<<6) -#define TOKEN_SEND_MIC (1<<7) +#define TOKEN_CONTEXT_NEXT (1<<4) +#define TOKEN_WRAPPED (1<<5) +#define TOKEN_ENCRYPTED (1<<6) +#define TOKEN_SEND_MIC (1<<7) extern gss_buffer_t empty_token; diff --git a/src/appl/gss-sample/gss-server.c b/src/appl/gss-sample/gss-server.c index 158414d..0e2a275 100644 --- a/src/appl/gss-sample/gss-server.c +++ b/src/appl/gss-sample/gss-server.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1994 by OpenVision Technologies, Inc. * @@ -74,7 +75,7 @@ usage() #endif fprintf(stderr, "\n"); fprintf(stderr, - " [-inetd] [-export] [-logfile file] service_name\n"); + " [-inetd] [-export] [-logfile file] service_name\n"); exit(1); } @@ -89,8 +90,8 @@ int verbose = 0; * * Arguments: * - * service_name (r) the ASCII service name - * server_creds (w) the GSS-API service credentials + * service_name (r) the ASCII service name + * server_creds (w) the GSS-API service credentials * * Returns: 0 on success, -1 on failure * @@ -102,9 +103,7 @@ int verbose = 0; * 0 is returned. */ static int -server_acquire_creds(service_name, server_creds) - char *service_name; - gss_cred_id_t *server_creds; +server_acquire_creds(char *service_name, gss_cred_id_t *server_creds) { gss_buffer_desc name_buf; gss_name_t server_name; @@ -113,18 +112,18 @@ server_acquire_creds(service_name, server_creds) name_buf.value = service_name; name_buf.length = strlen(name_buf.value) + 1; maj_stat = gss_import_name(&min_stat, &name_buf, - (gss_OID) gss_nt_service_name, &server_name); + (gss_OID) gss_nt_service_name, &server_name); if (maj_stat != GSS_S_COMPLETE) { - display_status("importing name", maj_stat, min_stat); - return -1; + display_status("importing name", maj_stat, min_stat); + return -1; } maj_stat = gss_acquire_cred(&min_stat, server_name, 0, - GSS_C_NULL_OID_SET, GSS_C_ACCEPT, - server_creds, NULL, NULL); + GSS_C_NULL_OID_SET, GSS_C_ACCEPT, + server_creds, NULL, NULL); if (maj_stat != GSS_S_COMPLETE) { - display_status("acquiring credentials", maj_stat, min_stat); - return -1; + display_status("acquiring credentials", maj_stat, min_stat); + return -1; } (void) gss_release_name(&min_stat, &server_name); @@ -141,10 +140,10 @@ server_acquire_creds(service_name, server_creds) * * Arguments: * - * s (r) an established TCP connection to the client - * service_creds (r) server credentials, from gss_acquire_cred - * context (w) the established GSS-API context - * client_name (w) the client's ASCII name + * s (r) an established TCP connection to the client + * service_creds (r) server credentials, from gss_acquire_cred + * context (w) the established GSS-API context + * client_name (w) the client's ASCII name * * Returns: 0 on success, -1 on failure * @@ -156,12 +155,9 @@ server_acquire_creds(service_name, server_creds) * message is displayed and -1 is returned. */ static int -server_establish_context(s, server_creds, context, client_name, ret_flags) - int s; - gss_cred_id_t server_creds; - gss_ctx_id_t *context; - gss_buffer_t client_name; - OM_uint32 *ret_flags; +server_establish_context(int s, gss_cred_id_t server_creds, + gss_ctx_id_t *context, gss_buffer_t client_name, + OM_uint32 *ret_flags) { gss_buffer_desc send_tok, recv_tok; gss_name_t client; @@ -171,104 +167,109 @@ server_establish_context(s, server_creds, context, client_name, ret_flags) int token_flags; if (recv_token(s, &token_flags, &recv_tok) < 0) - return -1; + return -1; if (recv_tok.value) { - free(recv_tok.value); - recv_tok.value = NULL; + free(recv_tok.value); + recv_tok.value = NULL; } if (!(token_flags & TOKEN_NOOP)) { - if (logfile) - fprintf(logfile, "Expected NOOP token, got %d token instead\n", - token_flags); - return -1; + if (logfile) + fprintf(logfile, "Expected NOOP token, got %d token instead\n", + token_flags); + return -1; } *context = GSS_C_NO_CONTEXT; if (token_flags & TOKEN_CONTEXT_NEXT) { - do { - if (recv_token(s, &token_flags, &recv_tok) < 0) - return -1; - - if (verbose && logfile) { - fprintf(logfile, "Received token (size=%d): \n", - (int) recv_tok.length); - print_token(&recv_tok); - } - - maj_stat = gss_accept_sec_context(&acc_sec_min_stat, context, server_creds, &recv_tok, GSS_C_NO_CHANNEL_BINDINGS, &client, &doid, &send_tok, ret_flags, NULL, /* ignore time_rec */ - NULL); /* ignore del_cred_handle */ - - if (recv_tok.value) { - free(recv_tok.value); - recv_tok.value = NULL; - } - - if (send_tok.length != 0) { - if (verbose && logfile) { - fprintf(logfile, - "Sending accept_sec_context token (size=%d):\n", - (int) send_tok.length); - print_token(&send_tok); - } - if (send_token(s, TOKEN_CONTEXT, &send_tok) < 0) { - if (logfile) - fprintf(logfile, "failure sending token\n"); - return -1; - } - - (void) gss_release_buffer(&min_stat, &send_tok); - } - if (maj_stat != GSS_S_COMPLETE - && maj_stat != GSS_S_CONTINUE_NEEDED) { - display_status("accepting context", maj_stat, - acc_sec_min_stat); - if (*context != GSS_C_NO_CONTEXT) - gss_delete_sec_context(&min_stat, context, - GSS_C_NO_BUFFER); - return -1; - } - - if (verbose && logfile) { - if (maj_stat == GSS_S_CONTINUE_NEEDED) - fprintf(logfile, "continue needed...\n"); - else - fprintf(logfile, "\n"); - fflush(logfile); - } - } while (maj_stat == GSS_S_CONTINUE_NEEDED); - - /* display the flags */ - display_ctx_flags(*ret_flags); - - if (verbose && logfile) { - maj_stat = gss_oid_to_str(&min_stat, doid, &oid_name); - if (maj_stat != GSS_S_COMPLETE) { - display_status("converting oid->string", maj_stat, min_stat); - return -1; - } - fprintf(logfile, "Accepted connection using mechanism OID %.*s.\n", - (int) oid_name.length, (char *) oid_name.value); - (void) gss_release_buffer(&min_stat, &oid_name); - } - - maj_stat = gss_display_name(&min_stat, client, client_name, &doid); - if (maj_stat != GSS_S_COMPLETE) { - display_status("displaying name", maj_stat, min_stat); - return -1; - } - maj_stat = gss_release_name(&min_stat, &client); - if (maj_stat != GSS_S_COMPLETE) { - display_status("releasing name", maj_stat, min_stat); - return -1; - } + do { + if (recv_token(s, &token_flags, &recv_tok) < 0) + return -1; + + if (verbose && logfile) { + fprintf(logfile, "Received token (size=%d): \n", + (int) recv_tok.length); + print_token(&recv_tok); + } + + maj_stat = gss_accept_sec_context(&acc_sec_min_stat, context, + server_creds, &recv_tok, + GSS_C_NO_CHANNEL_BINDINGS, + &client, &doid, &send_tok, + ret_flags, + NULL, /* time_rec */ + NULL); /* del_cred_handle */ + + if (recv_tok.value) { + free(recv_tok.value); + recv_tok.value = NULL; + } + + if (send_tok.length != 0) { + if (verbose && logfile) { + fprintf(logfile, + "Sending accept_sec_context token (size=%d):\n", + (int) send_tok.length); + print_token(&send_tok); + } + if (send_token(s, TOKEN_CONTEXT, &send_tok) < 0) { + if (logfile) + fprintf(logfile, "failure sending token\n"); + return -1; + } + + (void) gss_release_buffer(&min_stat, &send_tok); + } + if (maj_stat != GSS_S_COMPLETE + && maj_stat != GSS_S_CONTINUE_NEEDED) { + display_status("accepting context", maj_stat, + acc_sec_min_stat); + if (*context != GSS_C_NO_CONTEXT) + gss_delete_sec_context(&min_stat, context, + GSS_C_NO_BUFFER); + return -1; + } + + if (verbose && logfile) { + if (maj_stat == GSS_S_CONTINUE_NEEDED) + fprintf(logfile, "continue needed...\n"); + else + fprintf(logfile, "\n"); + fflush(logfile); + } + } while (maj_stat == GSS_S_CONTINUE_NEEDED); + + /* display the flags */ + display_ctx_flags(*ret_flags); + + if (verbose && logfile) { + maj_stat = gss_oid_to_str(&min_stat, doid, &oid_name); + if (maj_stat != GSS_S_COMPLETE) { + display_status("converting oid->string", maj_stat, min_stat); + return -1; + } + fprintf(logfile, "Accepted connection using mechanism OID %.*s.\n", + (int) oid_name.length, (char *) oid_name.value); + (void) gss_release_buffer(&min_stat, &oid_name); + } + + maj_stat = gss_display_name(&min_stat, client, client_name, &doid); + if (maj_stat != GSS_S_COMPLETE) { + display_status("displaying name", maj_stat, min_stat); + return -1; + } + maj_stat = gss_release_name(&min_stat, &client); + if (maj_stat != GSS_S_COMPLETE) { + display_status("releasing name", maj_stat, min_stat); + return -1; + } } else { - client_name->length = *ret_flags = 0; + client_name->length = *ret_flags = 0; - if (logfile) - fprintf(logfile, "Accepted unauthenticated connection.\n"); + if (logfile) + fprintf(logfile, "Accepted unauthenticated connection.\n"); } return 0; @@ -281,7 +282,7 @@ server_establish_context(s, server_creds, context, client_name, ret_flags) * * Arguments: * - * port (r) the port number on which to listen + * port (r) the port number on which to listen * * Returns: the listening socket file descriptor, or -1 on failure * @@ -291,8 +292,7 @@ server_establish_context(s, server_creds, context, client_name, ret_flags) * On error, an error message is displayed and -1 is returned. */ static int -create_socket(port) - u_short port; +create_socket(u_short port) { struct sockaddr_in saddr; int s; @@ -303,40 +303,38 @@ create_socket(port) saddr.sin_addr.s_addr = INADDR_ANY; if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { - perror("creating socket"); - return -1; + perror("creating socket"); + return -1; } /* Let the socket be reused right away */ (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *) &on, sizeof(on)); if (bind(s, (struct sockaddr *) &saddr, sizeof(saddr)) < 0) { - perror("binding socket"); - (void) close(s); - return -1; + perror("binding socket"); + (void) close(s); + return -1; } if (listen(s, 5) < 0) { - perror("listening on socket"); - (void) close(s); - return -1; + perror("listening on socket"); + (void) close(s); + return -1; } return s; } static float -timeval_subtract(tv1, tv2) - struct timeval *tv1, *tv2; +timeval_subtract(struct timeval *tv1, struct timeval *tv2) { return ((tv1->tv_sec - tv2->tv_sec) + - ((float) (tv1->tv_usec - tv2->tv_usec)) / 1000000); + ((float) (tv1->tv_usec - tv2->tv_usec)) / 1000000); } /* * Yes, yes, this isn't the best place for doing this test. * DO NOT REMOVE THIS UNTIL A BETTER TEST HAS BEEN WRITTEN, THOUGH. - * -TYT + * -TYT */ static int -test_import_export_context(context) - gss_ctx_id_t *context; +test_import_export_context(gss_ctx_id_t *context) { OM_uint32 min_stat, maj_stat; gss_buffer_desc context_token, copied_token; @@ -348,32 +346,32 @@ test_import_export_context(context) gettimeofday(&tm1, (struct timezone *) 0); maj_stat = gss_export_sec_context(&min_stat, context, &context_token); if (maj_stat != GSS_S_COMPLETE) { - display_status("exporting context", maj_stat, min_stat); - return 1; + display_status("exporting context", maj_stat, min_stat); + return 1; } gettimeofday(&tm2, (struct timezone *) 0); if (verbose && logfile) - fprintf(logfile, "Exported context: %d bytes, %7.4f seconds\n", - (int) context_token.length, timeval_subtract(&tm2, &tm1)); + fprintf(logfile, "Exported context: %d bytes, %7.4f seconds\n", + (int) context_token.length, timeval_subtract(&tm2, &tm1)); copied_token.length = context_token.length; copied_token.value = malloc(context_token.length); if (copied_token.value == 0) { - if (logfile) - fprintf(logfile, - "Couldn't allocate memory to copy context token.\n"); - return 1; + if (logfile) + fprintf(logfile, + "Couldn't allocate memory to copy context token.\n"); + return 1; } memcpy(copied_token.value, context_token.value, copied_token.length); maj_stat = gss_import_sec_context(&min_stat, &copied_token, context); if (maj_stat != GSS_S_COMPLETE) { - display_status("importing context", maj_stat, min_stat); - return 1; + display_status("importing context", maj_stat, min_stat); + return 1; } free(copied_token.value); gettimeofday(&tm1, (struct timezone *) 0); if (verbose && logfile) - fprintf(logfile, "Importing context: %7.4f seconds\n", - timeval_subtract(&tm1, &tm2)); + fprintf(logfile, "Importing context: %7.4f seconds\n", + timeval_subtract(&tm1, &tm2)); (void) gss_release_buffer(&min_stat, &context_token); return 0; } @@ -385,11 +383,11 @@ test_import_export_context(context) * * Arguments: * - * s (r) a TCP socket on which a connection has been - * accept()ed - * service_name (r) the ASCII name of the GSS-API service to - * establish a context as - * export (r) whether to test context exporting + * s (r) a TCP socket on which a connection has been + * accept()ed + * service_name (r) the ASCII name of the GSS-API service to + * establish a context as + * export (r) whether to test context exporting * * Returns: -1 on error * @@ -405,10 +403,7 @@ test_import_export_context(context) * If any error occurs, -1 is returned. */ static int -sign_server(s, server_creds, export) - int s; - gss_cred_id_t server_creds; - int export; +sign_server(int s, gss_cred_id_t server_creds, int export) { gss_buffer_desc client_name, xmit_buf, msg_buf; gss_ctx_id_t context; @@ -419,134 +414,134 @@ sign_server(s, server_creds, export) /* Establish a context with the client */ if (server_establish_context(s, server_creds, &context, - &client_name, &ret_flags) < 0) - return (-1); + &client_name, &ret_flags) < 0) + return (-1); if (context == GSS_C_NO_CONTEXT) { - printf("Accepted unauthenticated connection.\n"); + printf("Accepted unauthenticated connection.\n"); } else { - printf("Accepted connection: \"%.*s\"\n", - (int) client_name.length, (char *) client_name.value); - (void) gss_release_buffer(&min_stat, &client_name); - - if (export) { - for (i = 0; i < 3; i++) - if (test_import_export_context(&context)) - return -1; - } + printf("Accepted connection: \"%.*s\"\n", + (int) client_name.length, (char *) client_name.value); + (void) gss_release_buffer(&min_stat, &client_name); + + if (export) { + for (i = 0; i < 3; i++) + if (test_import_export_context(&context)) + return -1; + } } do { - /* Receive the message token */ - if (recv_token(s, &token_flags, &xmit_buf) < 0) - return (-1); - - if (token_flags & TOKEN_NOOP) { - if (logfile) - fprintf(logfile, "NOOP token\n"); - if (xmit_buf.value) { - free(xmit_buf.value); - xmit_buf.value = 0; - } - break; - } - - if (verbose && logfile) { - fprintf(logfile, "Message token (flags=%d):\n", token_flags); - print_token(&xmit_buf); - } - - if ((context == GSS_C_NO_CONTEXT) && - (token_flags & (TOKEN_WRAPPED | TOKEN_ENCRYPTED | TOKEN_SEND_MIC))) - { - if (logfile) - fprintf(logfile, - "Unauthenticated client requested authenticated services!\n"); - if (xmit_buf.value) { - free(xmit_buf.value); - xmit_buf.value = 0; - } - return (-1); - } - - if (token_flags & TOKEN_WRAPPED) { - maj_stat = gss_unwrap(&min_stat, context, &xmit_buf, &msg_buf, - &conf_state, (gss_qop_t *) NULL); - if (maj_stat != GSS_S_COMPLETE) { - display_status("unsealing message", maj_stat, min_stat); - if (xmit_buf.value) { - free(xmit_buf.value); - xmit_buf.value = 0; - } - return (-1); - } else if (!conf_state && (token_flags & TOKEN_ENCRYPTED)) { - fprintf(stderr, "Warning! Message not encrypted.\n"); - } - - if (xmit_buf.value) { - free(xmit_buf.value); - xmit_buf.value = 0; - } - } else { - msg_buf = xmit_buf; - } - - if (logfile) { - fprintf(logfile, "Received message: "); - cp = msg_buf.value; - if ((isprint((int) cp[0]) || isspace((int) cp[0])) && - (isprint((int) cp[1]) || isspace((int) cp[1]))) { - fprintf(logfile, "\"%.*s\"\n", (int) msg_buf.length, - (char *) msg_buf.value); - } else { - fprintf(logfile, "\n"); - print_token(&msg_buf); - } - } - - if (token_flags & TOKEN_SEND_MIC) { - /* Produce a signature block for the message */ - maj_stat = gss_get_mic(&min_stat, context, GSS_C_QOP_DEFAULT, - &msg_buf, &xmit_buf); - if (maj_stat != GSS_S_COMPLETE) { - display_status("signing message", maj_stat, min_stat); - return (-1); - } - - if (msg_buf.value) { - free(msg_buf.value); - msg_buf.value = 0; - } - - /* Send the signature block to the client */ - if (send_token(s, TOKEN_MIC, &xmit_buf) < 0) - return (-1); - - if (xmit_buf.value) { - free(xmit_buf.value); - xmit_buf.value = 0; - } - } else { - if (msg_buf.value) { - free(msg_buf.value); - msg_buf.value = 0; - } - if (send_token(s, TOKEN_NOOP, empty_token) < 0) - return (-1); - } + /* Receive the message token */ + if (recv_token(s, &token_flags, &xmit_buf) < 0) + return (-1); + + if (token_flags & TOKEN_NOOP) { + if (logfile) + fprintf(logfile, "NOOP token\n"); + if (xmit_buf.value) { + free(xmit_buf.value); + xmit_buf.value = 0; + } + break; + } + + if (verbose && logfile) { + fprintf(logfile, "Message token (flags=%d):\n", token_flags); + print_token(&xmit_buf); + } + + if ((context == GSS_C_NO_CONTEXT) && + (token_flags & (TOKEN_WRAPPED | TOKEN_ENCRYPTED | TOKEN_SEND_MIC))) + { + if (logfile) + fprintf(logfile, + "Unauthenticated client requested authenticated services!\n"); + if (xmit_buf.value) { + free(xmit_buf.value); + xmit_buf.value = 0; + } + return (-1); + } + + if (token_flags & TOKEN_WRAPPED) { + maj_stat = gss_unwrap(&min_stat, context, &xmit_buf, &msg_buf, + &conf_state, (gss_qop_t *) NULL); + if (maj_stat != GSS_S_COMPLETE) { + display_status("unsealing message", maj_stat, min_stat); + if (xmit_buf.value) { + free(xmit_buf.value); + xmit_buf.value = 0; + } + return (-1); + } else if (!conf_state && (token_flags & TOKEN_ENCRYPTED)) { + fprintf(stderr, "Warning! Message not encrypted.\n"); + } + + if (xmit_buf.value) { + free(xmit_buf.value); + xmit_buf.value = 0; + } + } else { + msg_buf = xmit_buf; + } + + if (logfile) { + fprintf(logfile, "Received message: "); + cp = msg_buf.value; + if ((isprint((int) cp[0]) || isspace((int) cp[0])) && + (isprint((int) cp[1]) || isspace((int) cp[1]))) { + fprintf(logfile, "\"%.*s\"\n", (int) msg_buf.length, + (char *) msg_buf.value); + } else { + fprintf(logfile, "\n"); + print_token(&msg_buf); + } + } + + if (token_flags & TOKEN_SEND_MIC) { + /* Produce a signature block for the message */ + maj_stat = gss_get_mic(&min_stat, context, GSS_C_QOP_DEFAULT, + &msg_buf, &xmit_buf); + if (maj_stat != GSS_S_COMPLETE) { + display_status("signing message", maj_stat, min_stat); + return (-1); + } + + if (msg_buf.value) { + free(msg_buf.value); + msg_buf.value = 0; + } + + /* Send the signature block to the client */ + if (send_token(s, TOKEN_MIC, &xmit_buf) < 0) + return (-1); + + if (xmit_buf.value) { + free(xmit_buf.value); + xmit_buf.value = 0; + } + } else { + if (msg_buf.value) { + free(msg_buf.value); + msg_buf.value = 0; + } + if (send_token(s, TOKEN_NOOP, empty_token) < 0) + return (-1); + } } while (1 /* loop will break if NOOP received */ ); if (context != GSS_C_NO_CONTEXT) { - /* Delete context */ - maj_stat = gss_delete_sec_context(&min_stat, &context, NULL); - if (maj_stat != GSS_S_COMPLETE) { - display_status("deleting context", maj_stat, min_stat); - return (-1); - } + /* Delete context */ + maj_stat = gss_delete_sec_context(&min_stat, &context, NULL); + if (maj_stat != GSS_S_COMPLETE) { + display_status("deleting context", maj_stat, min_stat); + return (-1); + } } if (logfile) - fflush(logfile); + fflush(logfile); return (0); } @@ -576,23 +571,23 @@ BOOL WaitAndIncrementThreadCounter(void) { for (;;) { - if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) { - if (thread_count < max_threads) { - thread_count++; - ReleaseMutex(hMutex); - return TRUE; - } else { - ReleaseMutex(hMutex); - - if (WaitForSingleObject(hEvent, INFINITE) == WAIT_OBJECT_0) { - continue; - } else { - return FALSE; - } - } - } else { - return FALSE; - } + if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) { + if (thread_count < max_threads) { + thread_count++; + ReleaseMutex(hMutex); + return TRUE; + } else { + ReleaseMutex(hMutex); + + if (WaitForSingleObject(hEvent, INFINITE) == WAIT_OBJECT_0) { + continue; + } else { + return FALSE; + } + } + } else { + return FALSE; + } } } @@ -600,13 +595,13 @@ BOOL DecrementAndSignalThreadCounter(void) { if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) { - if (thread_count == max_threads) - ResetEvent(hEvent); - thread_count--; - ReleaseMutex(hMutex); - return TRUE; + if (thread_count == max_threads) + ResetEvent(hEvent); + thread_count--; + ReleaseMutex(hMutex); + return TRUE; } else { - return FALSE; + return FALSE; } } #endif @@ -632,14 +627,12 @@ worker_bee(void *param) #ifdef _WIN32 if (max_threads > 1) - DecrementAndSignalThreadCounter(); + DecrementAndSignalThreadCounter(); #endif } int -main(argc, argv) - int argc; - char **argv; +main(int argc, char **argv) { char *service_name; gss_cred_id_t server_creds; @@ -654,69 +647,69 @@ main(argc, argv) argc--; argv++; while (argc) { - if (strcmp(*argv, "-port") == 0) { - argc--; - argv++; - if (!argc) - usage(); - port = atoi(*argv); - } + if (strcmp(*argv, "-port") == 0) { + argc--; + argv++; + if (!argc) + usage(); + port = atoi(*argv); + } #ifdef _WIN32 - else if (strcmp(*argv, "-threads") == 0) { - argc--; - argv++; - if (!argc) - usage(); - max_threads = atoi(*argv); - } + else if (strcmp(*argv, "-threads") == 0) { + argc--; + argv++; + if (!argc) + usage(); + max_threads = atoi(*argv); + } #endif - else if (strcmp(*argv, "-verbose") == 0) { - verbose = 1; - } else if (strcmp(*argv, "-once") == 0) { - once = 1; - } else if (strcmp(*argv, "-inetd") == 0) { - do_inetd = 1; - } else if (strcmp(*argv, "-export") == 0) { - export = 1; - } else if (strcmp(*argv, "-logfile") == 0) { - argc--; - argv++; - if (!argc) - usage(); - /* Gross hack, but it makes it unnecessary to add an - * extra argument to disable logging, and makes the code - * more efficient because it doesn't actually write data - * to /dev/null. */ - if (!strcmp(*argv, "/dev/null")) { - logfile = display_file = NULL; - } else { - logfile = fopen(*argv, "a"); - display_file = logfile; - if (!logfile) { - perror(*argv); - exit(1); - } - } - } else - break; - argc--; - argv++; + else if (strcmp(*argv, "-verbose") == 0) { + verbose = 1; + } else if (strcmp(*argv, "-once") == 0) { + once = 1; + } else if (strcmp(*argv, "-inetd") == 0) { + do_inetd = 1; + } else if (strcmp(*argv, "-export") == 0) { + export = 1; + } else if (strcmp(*argv, "-logfile") == 0) { + argc--; + argv++; + if (!argc) + usage(); + /* Gross hack, but it makes it unnecessary to add an + * extra argument to disable logging, and makes the code + * more efficient because it doesn't actually write data + * to /dev/null. */ + if (!strcmp(*argv, "/dev/null")) { + logfile = display_file = NULL; + } else { + logfile = fopen(*argv, "a"); + display_file = logfile; + if (!logfile) { + perror(*argv); + exit(1); + } + } + } else + break; + argc--; + argv++; } if (argc != 1) - usage(); + usage(); if ((*argv)[0] == '-') - usage(); + usage(); #ifdef _WIN32 if (max_threads < 1) { - fprintf(stderr, "warning: there must be at least one thread\n"); - max_threads = 1; + fprintf(stderr, "warning: there must be at least one thread\n"); + max_threads = 1; } if (max_threads > 1 && do_inetd) - fprintf(stderr, - "warning: one thread may be used in conjunction with inetd\n"); + fprintf(stderr, + "warning: one thread may be used in conjunction with inetd\n"); InitHandles(); #endif @@ -724,63 +717,63 @@ main(argc, argv) service_name = *argv; if (server_acquire_creds(service_name, &server_creds) < 0) - return -1; + return -1; if (do_inetd) { - close(1); - close(2); + close(1); + close(2); - sign_server(0, server_creds, export); - close(0); + sign_server(0, server_creds, export); + close(0); } else { - int stmp; + int stmp; - if ((stmp = create_socket(port)) >= 0) { - if (listen(stmp, max_threads == 1 ? 0 : max_threads) < 0) - perror("listening on socket"); + if ((stmp = create_socket(port)) >= 0) { + if (listen(stmp, max_threads == 1 ? 0 : max_threads) < 0) + perror("listening on socket"); - do { - struct _work_plan *work = malloc(sizeof(struct _work_plan)); + do { + struct _work_plan *work = malloc(sizeof(struct _work_plan)); - if (work == NULL) { - fprintf(stderr, "fatal error: out of memory"); - break; - } + if (work == NULL) { + fprintf(stderr, "fatal error: out of memory"); + break; + } - /* Accept a TCP connection */ - if ((work->s = accept(stmp, NULL, 0)) < 0) { - perror("accepting connection"); - continue; - } + /* Accept a TCP connection */ + if ((work->s = accept(stmp, NULL, 0)) < 0) { + perror("accepting connection"); + continue; + } - work->server_creds = server_creds; - work->export = export; + work->server_creds = server_creds; + work->export = export; - if (max_threads == 1) { - worker_bee((void *) work); - } + if (max_threads == 1) { + worker_bee((void *) work); + } #ifdef _WIN32 - else { - if (WaitAndIncrementThreadCounter()) { - uintptr_t handle = - _beginthread(worker_bee, 0, (void *) work); - if (handle == (uintptr_t) - 1) { - closesocket(work->s); - free(work); - } - } else { - fprintf(stderr, - "fatal error incrementing thread counter"); - closesocket(work->s); - free(work); - break; - } - } + else { + if (WaitAndIncrementThreadCounter()) { + uintptr_t handle = + _beginthread(worker_bee, 0, (void *) work); + if (handle == (uintptr_t) - 1) { + closesocket(work->s); + free(work); + } + } else { + fprintf(stderr, + "fatal error incrementing thread counter"); + closesocket(work->s); + free(work); + break; + } + } #endif - } while (!once); + } while (!once); - closesocket(stmp); - } + closesocket(stmp); + } } (void) gss_release_cred(&min_stat, &server_creds); diff --git a/src/appl/sample/sample.h b/src/appl/sample/sample.h index e61a2f3..be6ef18 100644 --- a/src/appl/sample/sample.h +++ b/src/appl/sample/sample.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * appl/sample/sample.h * diff --git a/src/appl/sample/sclient/sclient.c b/src/appl/sample/sclient/sclient.c index 2f9b479..cf5a39f 100644 --- a/src/appl/sample/sclient/sclient.c +++ b/src/appl/sample/sclient/sclient.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * appl/sample/sclient/sclient.c * @@ -58,31 +59,28 @@ #endif static int -net_read(fd, buf, len) - int fd; - char *buf; - int len; +net_read(int fd, char *buf, int len) { int cc, len2 = 0; do { - cc = SOCKET_READ((SOCKET)fd, buf, len); - if (cc < 0) { - if (SOCKET_ERRNO == SOCKET_EINTR) - continue; + cc = SOCKET_READ((SOCKET)fd, buf, len); + if (cc < 0) { + if (SOCKET_ERRNO == SOCKET_EINTR) + continue; - /* XXX this interface sucks! */ - errno = SOCKET_ERRNO; + /* XXX this interface sucks! */ + errno = SOCKET_ERRNO; - return(cc); /* errno is already set */ - } - else if (cc == 0) { - return(len2); - } else { - buf += cc; - len2 += cc; - len -= cc; - } + return(cc); /* errno is already set */ + } + else if (cc == 0) { + return(len2); + } else { + buf += cc; + len2 += cc; + len -= cc; + } } while (len > 0); return(len2); } @@ -107,84 +105,84 @@ main(int argc, char *argv[]) char *service = SAMPLE_SERVICE; if (argc != 2 && argc != 3 && argc != 4) { - fprintf(stderr, "usage: %s <hostname> [port] [service]\n",argv[0]); - exit(1); + fprintf(stderr, "usage: %s <hostname> [port] [service]\n",argv[0]); + exit(1); } retval = krb5_init_context(&context); if (retval) { - com_err(argv[0], retval, "while initializing krb5"); - exit(1); + com_err(argv[0], retval, "while initializing krb5"); + exit(1); } (void) signal(SIGPIPE, SIG_IGN); if (argc > 2) - portstr = argv[2]; + portstr = argv[2]; else - portstr = SAMPLE_PORT; + portstr = SAMPLE_PORT; memset(&aihints, 0, sizeof(aihints)); aihints.ai_socktype = SOCK_STREAM; aierr = getaddrinfo(argv[1], portstr, &aihints, &ap); if (aierr) { - fprintf(stderr, "%s: error looking up host '%s' port '%s'/tcp: %s\n", - argv[0], argv[1], portstr, gai_strerror(aierr)); - exit(1); + fprintf(stderr, "%s: error looking up host '%s' port '%s'/tcp: %s\n", + argv[0], argv[1], portstr, gai_strerror(aierr)); + exit(1); } if (ap == 0) { - /* Should never happen. */ - fprintf(stderr, "%s: error looking up host '%s' port '%s'/tcp: no addresses returned?\n", - argv[0], argv[1], portstr); - exit(1); + /* Should never happen. */ + fprintf(stderr, "%s: error looking up host '%s' port '%s'/tcp: no addresses returned?\n", + argv[0], argv[1], portstr); + exit(1); } if (argc > 3) { - service = argv[3]; + service = argv[3]; } retval = krb5_sname_to_principal(context, argv[1], service, - KRB5_NT_SRV_HST, &server); + KRB5_NT_SRV_HST, &server); if (retval) { - com_err(argv[0], retval, "while creating server name for host %s service %s", - argv[1], service); - exit(1); + com_err(argv[0], retval, "while creating server name for host %s service %s", + argv[1], service); + exit(1); } /* set up the address of the foreign socket for connect() */ apstart = ap; /* For freeing later */ for (sock = -1; ap && sock == -1; ap = ap->ai_next) { - char abuf[NI_MAXHOST], pbuf[NI_MAXSERV]; - char mbuf[NI_MAXHOST + NI_MAXSERV + 64]; - if (getnameinfo(ap->ai_addr, ap->ai_addrlen, abuf, sizeof(abuf), - pbuf, sizeof(pbuf), NI_NUMERICHOST | NI_NUMERICSERV)) { - memset(abuf, 0, sizeof(abuf)); - memset(pbuf, 0, sizeof(pbuf)); - strncpy(abuf, "[error, cannot print address?]", - sizeof(abuf)-1); - strncpy(pbuf, "[?]", sizeof(pbuf)-1); - } - memset(mbuf, 0, sizeof(mbuf)); - strncpy(mbuf, "error contacting ", sizeof(mbuf)-1); - strncat(mbuf, abuf, sizeof(mbuf) - strlen(mbuf) - 1); - strncat(mbuf, " port ", sizeof(mbuf) - strlen(mbuf) - 1); - strncat(mbuf, pbuf, sizeof(mbuf) - strlen(mbuf) - 1); - sock = socket(ap->ai_family, SOCK_STREAM, 0); - if (sock < 0) { - fprintf(stderr, "%s: socket: %s\n", mbuf, strerror(errno)); - continue; - } - if (connect(sock, ap->ai_addr, ap->ai_addrlen) < 0) { - fprintf(stderr, "%s: connect: %s\n", mbuf, strerror(errno)); - close(sock); - sock = -1; - continue; - } - /* connected, yay! */ + char abuf[NI_MAXHOST], pbuf[NI_MAXSERV]; + char mbuf[NI_MAXHOST + NI_MAXSERV + 64]; + if (getnameinfo(ap->ai_addr, ap->ai_addrlen, abuf, sizeof(abuf), + pbuf, sizeof(pbuf), NI_NUMERICHOST | NI_NUMERICSERV)) { + memset(abuf, 0, sizeof(abuf)); + memset(pbuf, 0, sizeof(pbuf)); + strncpy(abuf, "[error, cannot print address?]", + sizeof(abuf)-1); + strncpy(pbuf, "[?]", sizeof(pbuf)-1); + } + memset(mbuf, 0, sizeof(mbuf)); + strncpy(mbuf, "error contacting ", sizeof(mbuf)-1); + strncat(mbuf, abuf, sizeof(mbuf) - strlen(mbuf) - 1); + strncat(mbuf, " port ", sizeof(mbuf) - strlen(mbuf) - 1); + strncat(mbuf, pbuf, sizeof(mbuf) - strlen(mbuf) - 1); + sock = socket(ap->ai_family, SOCK_STREAM, 0); + if (sock < 0) { + fprintf(stderr, "%s: socket: %s\n", mbuf, strerror(errno)); + continue; + } + if (connect(sock, ap->ai_addr, ap->ai_addrlen) < 0) { + fprintf(stderr, "%s: connect: %s\n", mbuf, strerror(errno)); + close(sock); + sock = -1; + continue; + } + /* connected, yay! */ } if (sock == -1) - /* Already printed error message above. */ - exit(1); + /* Already printed error message above. */ + exit(1); printf("connected\n"); cksum_data.data = argv[1]; @@ -192,67 +190,67 @@ main(int argc, char *argv[]) retval = krb5_cc_default(context, &ccdef); if (retval) { - com_err(argv[0], retval, "while getting default ccache"); - exit(1); + com_err(argv[0], retval, "while getting default ccache"); + exit(1); } retval = krb5_cc_get_principal(context, ccdef, &client); if (retval) { - com_err(argv[0], retval, "while getting client principal name"); - exit(1); + com_err(argv[0], retval, "while getting client principal name"); + exit(1); } retval = krb5_sendauth(context, &auth_context, (krb5_pointer) &sock, - SAMPLE_VERSION, client, server, - AP_OPTS_MUTUAL_REQUIRED, - &cksum_data, - 0, /* no creds, use ccache instead */ - ccdef, &err_ret, &rep_ret, NULL); + SAMPLE_VERSION, client, server, + AP_OPTS_MUTUAL_REQUIRED, + &cksum_data, + 0, /* no creds, use ccache instead */ + ccdef, &err_ret, &rep_ret, NULL); - krb5_free_principal(context, server); /* finished using it */ + krb5_free_principal(context, server); /* finished using it */ krb5_free_principal(context, client); krb5_cc_close(context, ccdef); if (auth_context) krb5_auth_con_free(context, auth_context); if (retval && retval != KRB5_SENDAUTH_REJECTED) { - com_err(argv[0], retval, "while using sendauth"); - exit(1); + com_err(argv[0], retval, "while using sendauth"); + exit(1); } if (retval == KRB5_SENDAUTH_REJECTED) { - /* got an error */ - printf("sendauth rejected, error reply is:\n\t\"%*s\"\n", - err_ret->text.length, err_ret->text.data); + /* got an error */ + printf("sendauth rejected, error reply is:\n\t\"%*s\"\n", + err_ret->text.length, err_ret->text.data); } else if (rep_ret) { - /* got a reply */ - krb5_free_ap_rep_enc_part(context, rep_ret); + /* got a reply */ + krb5_free_ap_rep_enc_part(context, rep_ret); - printf("sendauth succeeded, reply is:\n"); - if ((retval = net_read(sock, (char *)&xmitlen, - sizeof(xmitlen))) <= 0) { - if (retval == 0) - errno = ECONNABORTED; - com_err(argv[0], errno, "while reading data from server"); - exit(1); - } - recv_data.length = ntohs(xmitlen); - if (!(recv_data.data = (char *)malloc((size_t) recv_data.length + 1))) { - com_err(argv[0], ENOMEM, - "while allocating buffer to read from server"); - exit(1); - } - if ((retval = net_read(sock, (char *)recv_data.data, - recv_data.length)) <= 0) { - if (retval == 0) - errno = ECONNABORTED; - com_err(argv[0], errno, "while reading data from server"); - exit(1); - } - recv_data.data[recv_data.length] = '\0'; - printf("reply len %d, contents:\n%s\n", - recv_data.length,recv_data.data); - free(recv_data.data); + printf("sendauth succeeded, reply is:\n"); + if ((retval = net_read(sock, (char *)&xmitlen, + sizeof(xmitlen))) <= 0) { + if (retval == 0) + errno = ECONNABORTED; + com_err(argv[0], errno, "while reading data from server"); + exit(1); + } + recv_data.length = ntohs(xmitlen); + if (!(recv_data.data = (char *)malloc((size_t) recv_data.length + 1))) { + com_err(argv[0], ENOMEM, + "while allocating buffer to read from server"); + exit(1); + } + if ((retval = net_read(sock, (char *)recv_data.data, + recv_data.length)) <= 0) { + if (retval == 0) + errno = ECONNABORTED; + com_err(argv[0], errno, "while reading data from server"); + exit(1); + } + recv_data.data[recv_data.length] = '\0'; + printf("reply len %d, contents:\n%s\n", + recv_data.length,recv_data.data); + free(recv_data.data); } else { - com_err(argv[0], 0, "no error or reply from sendauth!"); - exit(1); + com_err(argv[0], 0, "no error or reply from sendauth!"); + exit(1); } freeaddrinfo(apstart); krb5_free_context(context); diff --git a/src/appl/sample/sserver/sserver.c b/src/appl/sample/sserver/sserver.c index 0ad9c07..bdd69a8 100644 --- a/src/appl/sample/sserver/sserver.c +++ b/src/appl/sample/sserver/sserver.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * appl/sample/sserver/sserver.c * @@ -64,24 +65,21 @@ extern krb5_deltat krb5_clockskew; #define DEBUG static void -usage(name) - char *name; +usage(char *name) { - fprintf(stderr, "usage: %s [-p port] [-s service] [-S keytab]\n", - name); + fprintf(stderr, "usage: %s [-p port] [-s service] [-S keytab]\n", + name); } int -main(argc, argv) - int argc; - char *argv[]; +main(int argc, char *argv[]) { krb5_context context; krb5_auth_context auth_context = NULL; krb5_ticket * ticket; struct sockaddr_in peername; GETPEERNAME_ARG3_TYPE namelen = sizeof(peername); - int sock = -1; /* incoming connection fd */ + int sock = -1; /* incoming connection fd */ krb5_data recv_data; short xmitlen; krb5_error_code retval; @@ -89,11 +87,11 @@ main(argc, argv) char repbuf[BUFSIZ]; char *cname; char *service = SAMPLE_SERVICE; - short port = 0; /* If user specifies port */ + short port = 0; /* If user specifies port */ extern int opterr, optind; extern char * optarg; int ch; - krb5_keytab keytab = NULL; /* Allow specification on command line */ + krb5_keytab keytab = NULL; /* Allow specification on command line */ char *progname; int on = 1; @@ -101,8 +99,8 @@ main(argc, argv) retval = krb5_init_context(&context); if (retval) { - com_err(argv[0], retval, "while initializing krb5"); - exit(1); + com_err(argv[0], retval, "while initializing krb5"); + exit(1); } /* open a log connection */ @@ -113,27 +111,28 @@ main(argc, argv) * */ opterr = 0; - while ((ch = getopt(argc, argv, "p:S:s:")) != -1) - switch (ch) { - case 'p': - port = atoi(optarg); - break; - case 's': - service = optarg; - break; - case 'S': - if ((retval = krb5_kt_resolve(context, optarg, &keytab))) { - com_err(progname, retval, - "while resolving keytab file %s", optarg); - exit(2); - } - break; - - case '?': - default: - usage(progname); - exit(1); - break; + while ((ch = getopt(argc, argv, "p:S:s:")) != -1) { + switch (ch) { + case 'p': + port = atoi(optarg); + break; + case 's': + service = optarg; + break; + case 'S': + if ((retval = krb5_kt_resolve(context, optarg, &keytab))) { + com_err(progname, retval, + "while resolving keytab file %s", optarg); + exit(2); + } + break; + + case '?': + default: + usage(progname); + exit(1); + break; + } } argc -= optind; @@ -141,15 +140,15 @@ main(argc, argv) /* Backwards compatibility, allow port to be specified at end */ if (argc > 1) { - port = atoi(argv[1]); + port = atoi(argv[1]); } retval = krb5_sname_to_principal(context, NULL, service, - KRB5_NT_SRV_HST, &server); + KRB5_NT_SRV_HST, &server); if (retval) { - syslog(LOG_ERR, "while generating service name (%s): %s", - service, error_message(retval)); - exit(1); + syslog(LOG_ERR, "while generating service name (%s): %s", + service, error_message(retval)); + exit(1); } /* @@ -158,86 +157,86 @@ main(argc, argv) */ if (port) { - int acc; - struct sockaddr_in sockin; - - if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) { - syslog(LOG_ERR, "socket: %m"); - exit(3); - } - /* Let the socket be reused right away */ - (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&on, - sizeof(on)); - - sockin.sin_family = AF_INET; - sockin.sin_addr.s_addr = 0; - sockin.sin_port = htons(port); - if (bind(sock, (struct sockaddr *) &sockin, sizeof(sockin))) { - syslog(LOG_ERR, "bind: %m"); - exit(3); - } - if (listen(sock, 1) == -1) { - syslog(LOG_ERR, "listen: %m"); - exit(3); - } - if ((acc = accept(sock, (struct sockaddr *)&peername, &namelen)) == -1){ - syslog(LOG_ERR, "accept: %m"); - exit(3); - } - dup2(acc, 0); - close(sock); - sock = 0; + int acc; + struct sockaddr_in sockin; + + if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) { + syslog(LOG_ERR, "socket: %m"); + exit(3); + } + /* Let the socket be reused right away */ + (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&on, + sizeof(on)); + + sockin.sin_family = AF_INET; + sockin.sin_addr.s_addr = 0; + sockin.sin_port = htons(port); + if (bind(sock, (struct sockaddr *) &sockin, sizeof(sockin))) { + syslog(LOG_ERR, "bind: %m"); + exit(3); + } + if (listen(sock, 1) == -1) { + syslog(LOG_ERR, "listen: %m"); + exit(3); + } + if ((acc = accept(sock, (struct sockaddr *)&peername, &namelen)) == -1){ + syslog(LOG_ERR, "accept: %m"); + exit(3); + } + dup2(acc, 0); + close(sock); + sock = 0; } else { - /* - * To verify authenticity, we need to know the address of the - * client. - */ - if (getpeername(0, (struct sockaddr *)&peername, &namelen) < 0) { - syslog(LOG_ERR, "getpeername: %m"); - exit(1); - } - sock = 0; + /* + * To verify authenticity, we need to know the address of the + * client. + */ + if (getpeername(0, (struct sockaddr *)&peername, &namelen) < 0) { + syslog(LOG_ERR, "getpeername: %m"); + exit(1); + } + sock = 0; } retval = krb5_recvauth(context, &auth_context, (krb5_pointer)&sock, - SAMPLE_VERSION, server, - 0, /* no flags */ - keytab, /* default keytab is NULL */ - &ticket); + SAMPLE_VERSION, server, + 0, /* no flags */ + keytab, /* default keytab is NULL */ + &ticket); if (retval) { - syslog(LOG_ERR, "recvauth failed--%s", error_message(retval)); - exit(1); + syslog(LOG_ERR, "recvauth failed--%s", error_message(retval)); + exit(1); } /* Get client name */ repbuf[sizeof(repbuf) - 1] = '\0'; retval = krb5_unparse_name(context, ticket->enc_part2->client, &cname); if (retval){ - syslog(LOG_ERR, "unparse failed: %s", error_message(retval)); - strncpy(repbuf, "You are <unparse error>\n", sizeof(repbuf) - 1); + syslog(LOG_ERR, "unparse failed: %s", error_message(retval)); + strncpy(repbuf, "You are <unparse error>\n", sizeof(repbuf) - 1); } else { - strncpy(repbuf, "You are ", sizeof(repbuf) - 1); - strncat(repbuf, cname, sizeof(repbuf) - 1 - strlen(repbuf)); - strncat(repbuf, "\n", sizeof(repbuf) - 1 - strlen(repbuf)); - free(cname); + strncpy(repbuf, "You are ", sizeof(repbuf) - 1); + strncat(repbuf, cname, sizeof(repbuf) - 1 - strlen(repbuf)); + strncat(repbuf, "\n", sizeof(repbuf) - 1 - strlen(repbuf)); + free(cname); } xmitlen = htons(strlen(repbuf)); recv_data.length = strlen(repbuf); recv_data.data = repbuf; if ((retval = krb5_net_write(context, 0, (char *)&xmitlen, - sizeof(xmitlen))) < 0) { - syslog(LOG_ERR, "%m: while writing len to client"); - exit(1); + sizeof(xmitlen))) < 0) { + syslog(LOG_ERR, "%m: while writing len to client"); + exit(1); } if ((retval = krb5_net_write(context, 0, (char *)recv_data.data, - recv_data.length)) < 0) { - syslog(LOG_ERR, "%m: while writing data to client"); - exit(1); + recv_data.length)) < 0) { + syslog(LOG_ERR, "%m: while writing data to client"); + exit(1); } krb5_free_ticket(context, ticket); if(keytab) - krb5_kt_close(context, keytab); + krb5_kt_close(context, keytab); krb5_free_principal(context, server); krb5_auth_con_free(context, auth_context); krb5_free_context(context); diff --git a/src/appl/simple/client/sim_client.c b/src/appl/simple/client/sim_client.c index 4f5e403..57e4988 100644 --- a/src/appl/simple/client/sim_client.c +++ b/src/appl/simple/client/sim_client.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * appl/simple/client/sim_client.c * @@ -52,25 +53,22 @@ #define MAXHOSTNAMELEN 64 #endif -#define MSG "hi there!" /* message text */ +#define MSG "hi there!" /* message text */ void usage (char *); void -usage(name) - char *name; +usage(char *name) { - fprintf(stderr, "usage: %s [-p port] [-h host] [-m message] [-s service] [host]\n", name); + fprintf(stderr, "usage: %s [-p port] [-h host] [-m message] [-s service] [host]\n", name); } int -main(argc, argv) - int argc; - char *argv[]; +main(int argc, char *argv[]) { int sock, i; unsigned int len; - int flags = 0; /* flags for sendto() */ + int flags = 0; /* flags for sendto() */ struct servent *serv; struct hostent *host; char *cp; @@ -78,11 +76,11 @@ main(argc, argv) #ifdef BROKEN_STREAMS_SOCKETS char my_hostname[MAXHOSTNAMELEN]; #endif - struct sockaddr_in s_sock; /* server address */ - struct sockaddr_in c_sock; /* client address */ + struct sockaddr_in s_sock; /* server address */ + struct sockaddr_in c_sock; /* client address */ extern int opterr, optind; extern char * optarg; - int ch; + int ch; short port = 0; char *message = MSG; @@ -95,15 +93,15 @@ main(argc, argv) krb5_ccache ccdef; krb5_address addr, *portlocal_addr; krb5_rcache rcache; - krb5_data rcache_name; + krb5_data rcache_name; - krb5_context context; - krb5_auth_context auth_context = NULL; + krb5_context context; + krb5_auth_context auth_context = NULL; retval = krb5_init_context(&context); if (retval) { - com_err(argv[0], retval, "while initializing krb5"); - exit(1); + com_err(argv[0], retval, "while initializing krb5"); + exit(1); } progname = argv[0]; @@ -114,43 +112,43 @@ main(argc, argv) */ opterr = 0; while ((ch = getopt(argc, argv, "p:m:h:s:")) != -1) - switch (ch) { - case 'p': - port = atoi(optarg); - break; - case 'm': - message = optarg; - break; - case 'h': - hostname = optarg; - break; - case 's': - service = optarg; - break; - case '?': - default: - usage(progname); - exit(1); - break; - } + switch (ch) { + case 'p': + port = atoi(optarg); + break; + case 'm': + message = optarg; + break; + case 'h': + hostname = optarg; + break; + case 's': + service = optarg; + break; + case '?': + default: + usage(progname); + exit(1); + break; + } argc -= optind; argv += optind; if (argc > 0) { - if (hostname) - usage(progname); - hostname = argv[0]; + if (hostname) + usage(progname); + hostname = argv[0]; } if (hostname == 0) { - fprintf(stderr, "You must specify a hostname to contact.\n\n"); - usage(progname); - exit(1); + fprintf(stderr, "You must specify a hostname to contact.\n\n"); + usage(progname); + exit(1); } /* Look up server host */ if ((host = gethostbyname(hostname)) == (struct hostent *) 0) { - fprintf(stderr, "%s: unknown host\n", hostname); - exit(1); + fprintf(stderr, "%s: unknown host\n", hostname); + exit(1); } strncpy(full_hname, host->h_name, sizeof(full_hname)-1); full_hname[sizeof(full_hname)-1] = '\0'; @@ -170,33 +168,33 @@ main(argc, argv) s_sock.sin_family = AF_INET; if (port == 0) { - /* Look up service */ - if ((serv = getservbyname(SIMPLE_PORT, "udp")) == NULL) { - fprintf(stderr, "service unknown: %s/udp\n", SIMPLE_PORT); - exit(1); - } - s_sock.sin_port = serv->s_port; + /* Look up service */ + if ((serv = getservbyname(SIMPLE_PORT, "udp")) == NULL) { + fprintf(stderr, "service unknown: %s/udp\n", SIMPLE_PORT); + exit(1); + } + s_sock.sin_port = serv->s_port; } else { - s_sock.sin_port = htons(port); + s_sock.sin_port = htons(port); } /* Open a socket */ if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { - com_err(progname, errno, "opening datagram socket"); - exit(1); + com_err(progname, errno, "opening datagram socket"); + exit(1); } memset(&c_sock, 0, sizeof(c_sock)); c_sock.sin_family = AF_INET; #ifdef BROKEN_STREAMS_SOCKETS if (gethostname(my_hostname, sizeof(my_hostname)) < 0) { - perror("gethostname"); - exit(1); + perror("gethostname"); + exit(1); } if ((host = gethostbyname(my_hostname)) == (struct hostent *)0) { - fprintf(stderr, "%s: unknown host\n", hostname); - exit(1); + fprintf(stderr, "%s: unknown host\n", hostname); + exit(1); } memcpy(&c_sock.sin_addr, host->h_addr, sizeof(c_sock.sin_addr)); #endif @@ -204,8 +202,8 @@ main(argc, argv) /* Bind it to set the address; kernel will fill in port # */ if (bind(sock, (struct sockaddr *)&c_sock, sizeof(c_sock)) < 0) { - com_err(progname, errno, "while binding datagram socket"); - exit(1); + com_err(progname, errno, "while binding datagram socket"); + exit(1); } /* PREPARE KRB_AP_REQ MESSAGE */ @@ -215,14 +213,14 @@ main(argc, argv) /* Get credentials for server */ if ((retval = krb5_cc_default(context, &ccdef))) { - com_err(progname, retval, "while getting default ccache"); - exit(1); + com_err(progname, retval, "while getting default ccache"); + exit(1); } if ((retval = krb5_mk_req(context, &auth_context, 0, service, full_hname, - &inbuf, ccdef, &packet))) { - com_err(progname, retval, "while preparing AP_REQ"); - exit(1); + &inbuf, ccdef, &packet))) { + com_err(progname, retval, "while preparing AP_REQ"); + exit(1); } printf("Got credentials for %s.\n", service); @@ -230,13 +228,13 @@ main(argc, argv) properly bound for getsockname() below. */ if (connect(sock, (struct sockaddr *)&s_sock, sizeof(s_sock)) == -1) { - com_err(progname, errno, "while connecting to server"); - exit(1); + com_err(progname, errno, "while connecting to server"); + exit(1); } /* Send authentication info to server */ if ((i = send(sock, (char *)packet.data, (unsigned) packet.length, - flags)) < 0) - com_err(progname, errno, "while sending KRB_AP_REQ message"); + flags)) < 0) + com_err(progname, errno, "while sending KRB_AP_REQ message"); printf("Sent authentication data: %d bytes\n", i); krb5_free_data_contents(context, &packet); @@ -246,48 +244,48 @@ main(argc, argv) memset(&c_sock, 0, sizeof(c_sock)); len = sizeof(c_sock); if (getsockname(sock, (struct sockaddr *)&c_sock, &len) < 0) { - com_err(progname, errno, "while getting socket name"); - exit(1); + com_err(progname, errno, "while getting socket name"); + exit(1); } addr.addrtype = ADDRTYPE_IPPORT; addr.length = sizeof(c_sock.sin_port); addr.contents = (krb5_octet *)&c_sock.sin_port; if ((retval = krb5_auth_con_setports(context, auth_context, - &addr, NULL))) { - com_err(progname, retval, "while setting local port\n"); - exit(1); + &addr, NULL))) { + com_err(progname, retval, "while setting local port\n"); + exit(1); } addr.addrtype = ADDRTYPE_INET; addr.length = sizeof(c_sock.sin_addr); addr.contents = (krb5_octet *)&c_sock.sin_addr; if ((retval = krb5_auth_con_setaddrs(context, auth_context, - &addr, NULL))) { - com_err(progname, retval, "while setting local addr\n"); - exit(1); + &addr, NULL))) { + com_err(progname, retval, "while setting local addr\n"); + exit(1); } /* THIS IS UGLY */ if ((retval = krb5_gen_portaddr(context, &addr, - (krb5_pointer) &c_sock.sin_port, - &portlocal_addr))) { - com_err(progname, retval, "while generating port address"); - exit(1); + (krb5_pointer) &c_sock.sin_port, + &portlocal_addr))) { + com_err(progname, retval, "while generating port address"); + exit(1); } if ((retval = krb5_gen_replay_name(context,portlocal_addr, - "_sim_clt",&cp))) { - com_err(progname, retval, "while generating replay cache name"); - exit(1); + "_sim_clt",&cp))) { + com_err(progname, retval, "while generating replay cache name"); + exit(1); } rcache_name.length = strlen(cp); rcache_name.data = cp; if ((retval = krb5_get_server_rcache(context, &rcache_name, &rcache))) { - com_err(progname, retval, "while getting server rcache"); - exit(1); + com_err(progname, retval, "while getting server rcache"); + exit(1); } /* set auth_context rcache */ @@ -298,14 +296,14 @@ main(argc, argv) inbuf.length = strlen(message); if ((retval = krb5_mk_safe(context, auth_context, &inbuf, &packet, NULL))){ - com_err(progname, retval, "while making KRB_SAFE message"); - exit(1); + com_err(progname, retval, "while making KRB_SAFE message"); + exit(1); } /* Send it */ if ((i = send(sock, (char *)packet.data, (unsigned) packet.length, - flags)) < 0) - com_err(progname, errno, "while sending SAFE message"); + flags)) < 0) + com_err(progname, errno, "while sending SAFE message"); printf("Sent checksummed message: %d bytes\n", i); krb5_free_data_contents(context, &packet); @@ -313,22 +311,22 @@ main(argc, argv) /* Make the encrypted message */ if ((retval = krb5_mk_priv(context, auth_context, &inbuf, - &packet, NULL))) { - com_err(progname, retval, "while making KRB_PRIV message"); - exit(1); + &packet, NULL))) { + com_err(progname, retval, "while making KRB_PRIV message"); + exit(1); } /* Send it */ if ((i = send(sock, (char *)packet.data, (unsigned) packet.length, - flags)) < 0) - com_err(progname, errno, "while sending PRIV message"); + flags)) < 0) + com_err(progname, errno, "while sending PRIV message"); printf("Sent encrypted message: %d bytes\n", i); krb5_free_data_contents(context, &packet); retval = krb5_rc_destroy(context, rcache); if (retval) { - com_err(progname, retval, "while deleting replay cache"); - exit(1); + com_err(progname, retval, "while deleting replay cache"); + exit(1); } krb5_auth_con_setrcache(context, auth_context, NULL); krb5_auth_con_free(context, auth_context); diff --git a/src/appl/simple/server/sim_server.c b/src/appl/simple/server/sim_server.c index c82c6f3..d06c255 100644 --- a/src/appl/simple/server/sim_server.c +++ b/src/appl/simple/server/sim_server.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * appl/simple/server/sim_server.c * @@ -53,33 +54,30 @@ #define PROGNAME argv[0] static void -usage(name) - char *name; +usage(char *name) { - fprintf(stderr, "usage: %s [-p port] [-s service] [-S keytab]\n", name); + fprintf(stderr, "usage: %s [-p port] [-s service] [-S keytab]\n", name); } int -main(argc, argv) -int argc; -char *argv[]; +main(int argc, char *argv[]) { int sock, i; unsigned int len; - int flags = 0; /* for recvfrom() */ + int flags = 0; /* for recvfrom() */ int on = 1; struct servent *serv; struct hostent *host; - struct sockaddr_in s_sock; /* server's address */ - struct sockaddr_in c_sock; /* client's address */ + struct sockaddr_in s_sock; /* server's address */ + struct sockaddr_in c_sock; /* client's address */ char full_hname[MAXHOSTNAMELEN]; char *cp; extern int opterr, optind; extern char * optarg; - int ch; + int ch; - short port = 0; /* If user specifies port */ - krb5_keytab keytab = NULL; /* Allow specification on command line */ + short port = 0; /* If user specifies port */ + krb5_keytab keytab = NULL; /* Allow specification on command line */ char *service = SIMPLE_SERVICE; krb5_error_code retval; @@ -93,8 +91,8 @@ char *argv[]; retval = krb5_init_context(&context); if (retval) { - com_err(argv[0], retval, "while initializing krb5"); - exit(1); + com_err(argv[0], retval, "while initializing krb5"); + exit(1); } /* @@ -102,33 +100,34 @@ char *argv[]; * */ opterr = 0; - while ((ch = getopt(argc, argv, "p:s:S:")) != -1) - switch (ch) { - case 'p': - port = atoi(optarg); - break; - case 's': - service = optarg; - break; - case 'S': - if ((retval = krb5_kt_resolve(context, optarg, &keytab))) { - com_err(PROGNAME, retval, - "while resolving keytab file %s", optarg); - exit(2); - } - break; - - case '?': - default: - usage(PROGNAME); - exit(1); - break; + while ((ch = getopt(argc, argv, "p:s:S:")) != -1) { + switch (ch) { + case 'p': + port = atoi(optarg); + break; + case 's': + service = optarg; + break; + case 'S': + if ((retval = krb5_kt_resolve(context, optarg, &keytab))) { + com_err(PROGNAME, retval, + "while resolving keytab file %s", optarg); + exit(2); + } + break; + + case '?': + default: + usage(PROGNAME); + exit(1); + break; + } } if ((retval = krb5_sname_to_principal(context, NULL, service, - KRB5_NT_SRV_HST, &sprinc))) { - com_err(PROGNAME, retval, "while generating service name %s", service); - exit(1); + KRB5_NT_SRV_HST, &sprinc))) { + com_err(PROGNAME, retval, "while generating service name %s", service); + exit(1); } /* Set up server address */ @@ -136,41 +135,41 @@ char *argv[]; s_sock.sin_family = AF_INET; if (port == 0) { - /* Look up service */ - if ((serv = getservbyname(SIMPLE_PORT, "udp")) == NULL) { - fprintf(stderr, "service unknown: %s/udp\n", SIMPLE_PORT); - exit(1); - } - s_sock.sin_port = serv->s_port; + /* Look up service */ + if ((serv = getservbyname(SIMPLE_PORT, "udp")) == NULL) { + fprintf(stderr, "service unknown: %s/udp\n", SIMPLE_PORT); + exit(1); + } + s_sock.sin_port = serv->s_port; } else { - s_sock.sin_port = htons(port); + s_sock.sin_port = htons(port); } if (gethostname(full_hname, sizeof(full_hname)) < 0) { - perror("gethostname"); - exit(1); + perror("gethostname"); + exit(1); } if ((host = gethostbyname(full_hname)) == (struct hostent *)0) { - fprintf(stderr, "%s: host unknown\n", full_hname); - exit(1); + fprintf(stderr, "%s: host unknown\n", full_hname); + exit(1); } memcpy(&s_sock.sin_addr, host->h_addr, sizeof(s_sock.sin_addr)); /* Open socket */ if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { - perror("opening datagram socket"); - exit(1); + perror("opening datagram socket"); + exit(1); } - /* Let the socket be reused right away */ - (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&on, - sizeof(on)); + /* Let the socket be reused right away */ + (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&on, + sizeof(on)); /* Bind the socket */ if (bind(sock, (struct sockaddr *)&s_sock, sizeof(s_sock))) { - perror("binding datagram socket"); - exit(1); + perror("binding datagram socket"); + exit(1); } #ifdef DEBUG @@ -182,9 +181,9 @@ char *argv[]; /* use "recvfrom" so we know client's address */ len = sizeof(struct sockaddr_in); if ((i = recvfrom(sock, (char *)pktbuf, sizeof(pktbuf), flags, - (struct sockaddr *)&c_sock, &len)) < 0) { - perror("receiving datagram"); - exit(1); + (struct sockaddr *)&c_sock, &len)) < 0) { + perror("receiving datagram"); + exit(1); } printf("Received %d bytes\n", i); @@ -193,14 +192,14 @@ char *argv[]; /* Check authentication info */ if ((retval = krb5_rd_req(context, &auth_context, &packet, - sprinc, keytab, NULL, &ticket))) { - com_err(PROGNAME, retval, "while reading request"); - exit(1); + sprinc, keytab, NULL, &ticket))) { + com_err(PROGNAME, retval, "while reading request"); + exit(1); } if ((retval = krb5_unparse_name(context, ticket->enc_part2->client, - &cp))) { - com_err(PROGNAME, retval, "while unparsing client name"); - exit(1); + &cp))) { + com_err(PROGNAME, retval, "while unparsing client name"); + exit(1); } printf("Got authentication info from %s\n", cp); free(cp); @@ -210,8 +209,8 @@ char *argv[]; addr.length = sizeof(c_sock.sin_addr); addr.contents = (krb5_octet *)&c_sock.sin_addr; if ((retval = krb5_auth_con_setaddrs(context, auth_context, - NULL, &addr))) { - com_err(PROGNAME, retval, "while setting foreign addr"); + NULL, &addr))) { + com_err(PROGNAME, retval, "while setting foreign addr"); exit(1); } @@ -219,8 +218,8 @@ char *argv[]; addr.length = sizeof(c_sock.sin_port); addr.contents = (krb5_octet *)&c_sock.sin_port; if ((retval = krb5_auth_con_setports(context, auth_context, - NULL, &addr))) { - com_err(PROGNAME, retval, "while setting foreign port"); + NULL, &addr))) { + com_err(PROGNAME, retval, "while setting foreign port"); exit(1); } @@ -229,9 +228,9 @@ char *argv[]; /* use "recvfrom" so we know client's address */ len = sizeof(struct sockaddr_in); if ((i = recvfrom(sock, (char *)pktbuf, sizeof(pktbuf), flags, - (struct sockaddr *)&c_sock, &len)) < 0) { - perror("receiving datagram"); - exit(1); + (struct sockaddr *)&c_sock, &len)) < 0) { + perror("receiving datagram"); + exit(1); } #ifdef DEBUG printf("&c_sock.sin_addr is %s\n", inet_ntoa(c_sock.sin_addr)); @@ -242,9 +241,9 @@ char *argv[]; packet.data = (krb5_pointer) pktbuf; if ((retval = krb5_rd_safe(context, auth_context, &packet, - &message, NULL))) { - com_err(PROGNAME, retval, "while verifying SAFE message"); - exit(1); + &message, NULL))) { + com_err(PROGNAME, retval, "while verifying SAFE message"); + exit(1); } printf("Safe message is: '%.*s'\n", (int) message.length, message.data); @@ -255,9 +254,9 @@ char *argv[]; /* use "recvfrom" so we know client's address */ len = sizeof(struct sockaddr_in); if ((i = recvfrom(sock, (char *)pktbuf, sizeof(pktbuf), flags, - (struct sockaddr *)&c_sock, &len)) < 0) { - perror("receiving datagram"); - exit(1); + (struct sockaddr *)&c_sock, &len)) < 0) { + perror("receiving datagram"); + exit(1); } printf("Received %d bytes\n", i); @@ -265,12 +264,12 @@ char *argv[]; packet.data = (krb5_pointer) pktbuf; if ((retval = krb5_rd_priv(context, auth_context, &packet, - &message, NULL))) { - com_err(PROGNAME, retval, "while verifying PRIV message"); - exit(1); + &message, NULL))) { + com_err(PROGNAME, retval, "while verifying PRIV message"); + exit(1); } printf("Decrypted message is: '%.*s'\n", (int) message.length, - message.data); + message.data); krb5_auth_con_free(context, auth_context); krb5_free_context(context); diff --git a/src/appl/simple/simple.h b/src/appl/simple/simple.h index bbee794..8d8f176 100644 --- a/src/appl/simple/simple.h +++ b/src/appl/simple/simple.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * appl/simple/simple.h * @@ -28,5 +29,5 @@ * server & client applications. */ -#define SIMPLE_SERVICE "sample" -#define SIMPLE_PORT "sample" +#define SIMPLE_SERVICE "sample" +#define SIMPLE_PORT "sample" diff --git a/src/appl/user_user/client.c b/src/appl/user_user/client.c index a2f8e7f..39bd188 100644 --- a/src/appl/user_user/client.c +++ b/src/appl/user_user/client.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * appl/user_user/client.c * @@ -39,239 +40,243 @@ #include "k5-int.h" #include "com_err.h" -int main (argc, argv) -int argc; -char *argv[]; +int main (int argc, char *argv[]) { - int s; - register int retval, i; - char *hname; /* full name of server */ - char **srealms; /* realm(s) of server */ - char *princ; /* principal in credentials cache */ - struct servent *serv; - struct hostent *host; - struct sockaddr_in serv_net_addr, cli_net_addr; - krb5_ccache cc; - krb5_creds creds, *new_creds; - krb5_data reply, msg, princ_data; - krb5_auth_context auth_context = NULL; - krb5_ticket * ticket = NULL; - krb5_context context; - unsigned short port; - - if (argc < 2 || argc > 4) { - fputs ("usage: uu-client <hostname> [message [port]]\n", stderr); - return 1; - } - - retval = krb5_init_context(&context); - if (retval) { - com_err(argv[0], retval, "while initializing krb5"); - exit(1); - } - - if (argc == 4) { - port = htons(atoi(argv[3])); - } - else if ((serv = getservbyname ("uu-sample", "tcp")) == NULL) - { - fputs ("uu-client: unknown service \"uu-sample/tcp\"\n", stderr); - return 2; - } else { - port = serv->s_port; - } - - if ((host = gethostbyname (argv[1])) == NULL) { - fprintf (stderr, "uu-client: can't get address of host \"%s\".\n", - argv[1]); - return 3; - } - - if (host->h_addrtype != AF_INET) { - fprintf (stderr, "uu-client: bad address type %d for \"%s\".\n", - host->h_addrtype, argv[1]); - return 3; - } - - hname = strdup (host->h_name); + int s; + register int retval, i; + char *hname; /* full name of server */ + char **srealms; /* realm(s) of server */ + char *princ; /* principal in credentials cache */ + struct servent *serv; + struct hostent *host; + struct sockaddr_in serv_net_addr, cli_net_addr; + krb5_ccache cc; + krb5_creds creds, *new_creds; + krb5_data reply, msg, princ_data; + krb5_auth_context auth_context = NULL; + krb5_ticket * ticket = NULL; + krb5_context context; + unsigned short port; + + if (argc < 2 || argc > 4) { + fputs ("usage: uu-client <hostname> [message [port]]\n", stderr); + return 1; + } + + retval = krb5_init_context(&context); + if (retval) { + com_err(argv[0], retval, "while initializing krb5"); + exit(1); + } + + if (argc == 4) { + port = htons(atoi(argv[3])); + } + else if ((serv = getservbyname ("uu-sample", "tcp")) == NULL) + { + fputs ("uu-client: unknown service \"uu-sample/tcp\"\n", stderr); + return 2; + } else { + port = serv->s_port; + } + + if ((host = gethostbyname (argv[1])) == NULL) { + fprintf (stderr, "uu-client: can't get address of host \"%s\".\n", + argv[1]); + return 3; + } + + if (host->h_addrtype != AF_INET) { + fprintf (stderr, "uu-client: bad address type %d for \"%s\".\n", + host->h_addrtype, argv[1]); + return 3; + } + + hname = strdup (host->h_name); #ifndef USE_STDOUT - if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { - com_err ("uu-client", errno, "creating socket"); - return 4; - } else { - cli_net_addr.sin_family = AF_INET; - cli_net_addr.sin_port = 0; - cli_net_addr.sin_addr.s_addr = 0; - if (bind (s, (struct sockaddr *)&cli_net_addr, - sizeof (cli_net_addr)) < 0) { - com_err ("uu-client", errno, "binding socket"); - return 4; - } - } - - serv_net_addr.sin_family = AF_INET; - serv_net_addr.sin_port = port; - - i = 0; - while (1) { - if (host->h_addr_list[i] == 0) { - fprintf (stderr, "uu-client: unable to connect to \"%s\"\n", hname); - return 5; - } - - memcpy (&serv_net_addr.sin_addr, host->h_addr_list[i++], - sizeof(serv_net_addr.sin_addr)); - - if (connect(s, (struct sockaddr *)&serv_net_addr, - sizeof (serv_net_addr)) == 0) - break; - com_err ("uu-client", errno, "connecting to \"%s\" (%s).", - hname, inet_ntoa(serv_net_addr.sin_addr)); - } + if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { + com_err ("uu-client", errno, "creating socket"); + return 4; + } else { + cli_net_addr.sin_family = AF_INET; + cli_net_addr.sin_port = 0; + cli_net_addr.sin_addr.s_addr = 0; + if (bind (s, (struct sockaddr *)&cli_net_addr, + sizeof (cli_net_addr)) < 0) { + com_err ("uu-client", errno, "binding socket"); + return 4; + } + } + + serv_net_addr.sin_family = AF_INET; + serv_net_addr.sin_port = port; + + i = 0; + while (1) { + if (host->h_addr_list[i] == 0) { + fprintf (stderr, "uu-client: unable to connect to \"%s\"\n", hname); + return 5; + } + + memcpy (&serv_net_addr.sin_addr, host->h_addr_list[i++], + sizeof(serv_net_addr.sin_addr)); + + if (connect(s, (struct sockaddr *)&serv_net_addr, + sizeof (serv_net_addr)) == 0) + break; + com_err ("uu-client", errno, "connecting to \"%s\" (%s).", + hname, inet_ntoa(serv_net_addr.sin_addr)); + } #else - s = 1; + s = 1; #endif - retval = krb5_cc_default(context, &cc); - if (retval) { - com_err("uu-client", retval, "getting credentials cache"); - return 6; - } - - memset (&creds, 0, sizeof(creds)); - - retval = krb5_cc_get_principal(context, cc, &creds.client); - if (retval) { - com_err("uu-client", retval, "getting principal name"); - return 6; - } - - retval = krb5_unparse_name(context, creds.client, &princ); - if (retval) { - com_err("uu-client", retval, "printing principal name"); - return 7; - } - else - fprintf(stderr, "uu-client: client principal is \"%s\".\n", princ); - - retval = krb5_get_host_realm(context, hname, &srealms); - if (retval) { - com_err("uu-client", retval, "getting realms for \"%s\"", hname); - return 7; - } - - retval = - krb5_build_principal_ext(context, &creds.server, - krb5_princ_realm(context, creds.client)->length, - krb5_princ_realm(context, creds.client)->data, - 6, "krbtgt", - krb5_princ_realm(context, creds.client)->length, - krb5_princ_realm(context, creds.client)->data, - 0); - if (retval) { - com_err("uu-client", retval, "setting up tgt server name"); - return 7; - } - - /* Get TGT from credentials cache */ - retval = krb5_get_credentials(context, KRB5_GC_CACHED, cc, - &creds, &new_creds); - if (retval) { - com_err("uu-client", retval, "getting TGT"); - return 6; - } - - i = strlen(princ) + 1; - - fprintf(stderr, "uu-client: sending %d bytes\n",new_creds->ticket.length + i); - princ_data.data = princ; - princ_data.length = i; /* include null terminator for - server's convenience */ - retval = krb5_write_message(context, (krb5_pointer) &s, &princ_data); - if (retval) { - com_err("uu-client", retval, "sending principal name to server"); - return 8; - } - - free(princ); - - retval = krb5_write_message(context, (krb5_pointer) &s, &new_creds->ticket); - if (retval) { - com_err("uu-client", retval, "sending ticket to server"); - return 8; - } - - retval = krb5_read_message(context, (krb5_pointer) &s, &reply); - if (retval) { - com_err("uu-client", retval, "reading reply from server"); - return 9; - } - - retval = krb5_auth_con_init(context, &auth_context); - if (retval) { - com_err("uu-client", retval, "initializing the auth_context"); - return 9; - } - - retval = - krb5_auth_con_genaddrs(context, auth_context, s, - KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR | - KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR); - if (retval) { - com_err("uu-client", retval, "generating addrs for auth_context"); - return 9; + retval = krb5_cc_default(context, &cc); + if (retval) { + com_err("uu-client", retval, "getting credentials cache"); + return 6; + } + + memset (&creds, 0, sizeof(creds)); + + retval = krb5_cc_get_principal(context, cc, &creds.client); + if (retval) { + com_err("uu-client", retval, "getting principal name"); + return 6; + } + + retval = krb5_unparse_name(context, creds.client, &princ); + if (retval) { + com_err("uu-client", retval, "printing principal name"); + return 7; } + else + fprintf(stderr, "uu-client: client principal is \"%s\".\n", princ); - retval = krb5_auth_con_setflags(context, auth_context, - KRB5_AUTH_CONTEXT_DO_SEQUENCE); - if (retval) { - com_err("uu-client", retval, "initializing the auth_context flags"); - return 9; - } + retval = krb5_get_host_realm(context, hname, &srealms); + if (retval) { + com_err("uu-client", retval, "getting realms for \"%s\"", hname); + return 7; + } - retval = krb5_auth_con_setuseruserkey(context, auth_context, - &new_creds->keyblock); - if (retval) { - com_err("uu-client", retval, "setting useruserkey for authcontext"); - return 9; - } + retval = + krb5_build_principal_ext(context, &creds.server, + krb5_princ_realm(context, + creds.client)->length, + krb5_princ_realm(context, + creds.client)->data, + 6, "krbtgt", + krb5_princ_realm(context, + creds.client)->length, + krb5_princ_realm(context, + creds.client)->data, + 0); + if (retval) { + com_err("uu-client", retval, "setting up tgt server name"); + return 7; + } + + /* Get TGT from credentials cache */ + retval = krb5_get_credentials(context, KRB5_GC_CACHED, cc, + &creds, &new_creds); + if (retval) { + com_err("uu-client", retval, "getting TGT"); + return 6; + } + + i = strlen(princ) + 1; + + fprintf(stderr, "uu-client: sending %d bytes\n", + new_creds->ticket.length + i); + princ_data.data = princ; + princ_data.length = i; /* include null terminator for + server's convenience */ + retval = krb5_write_message(context, (krb5_pointer) &s, &princ_data); + if (retval) { + com_err("uu-client", retval, "sending principal name to server"); + return 8; + } + + free(princ); + + retval = krb5_write_message(context, (krb5_pointer) &s, + &new_creds->ticket); + if (retval) { + com_err("uu-client", retval, "sending ticket to server"); + return 8; + } + + retval = krb5_read_message(context, (krb5_pointer) &s, &reply); + if (retval) { + com_err("uu-client", retval, "reading reply from server"); + return 9; + } + + retval = krb5_auth_con_init(context, &auth_context); + if (retval) { + com_err("uu-client", retval, "initializing the auth_context"); + return 9; + } + + retval = + krb5_auth_con_genaddrs(context, auth_context, s, + KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR | + KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR); + if (retval) { + com_err("uu-client", retval, "generating addrs for auth_context"); + return 9; + } + + retval = krb5_auth_con_setflags(context, auth_context, + KRB5_AUTH_CONTEXT_DO_SEQUENCE); + if (retval) { + com_err("uu-client", retval, "initializing the auth_context flags"); + return 9; + } + + retval = krb5_auth_con_setuseruserkey(context, auth_context, + &new_creds->keyblock); + if (retval) { + com_err("uu-client", retval, "setting useruserkey for authcontext"); + return 9; + } #if 1 - /* read the ap_req to get the session key */ - retval = krb5_rd_req(context, &auth_context, &reply, - NULL, NULL, NULL, &ticket); - free(reply.data); + /* read the ap_req to get the session key */ + retval = krb5_rd_req(context, &auth_context, &reply, + NULL, NULL, NULL, &ticket); + free(reply.data); #else - retval = krb5_recvauth(context, &auth_context, (krb5_pointer)&s, "???", - 0, /* server */, 0, NULL, &ticket); + retval = krb5_recvauth(context, &auth_context, (krb5_pointer)&s, "???", + 0, /* server */, 0, NULL, &ticket); #endif - if (retval) { - com_err("uu-client", retval, "reading AP_REQ from server"); - return 9; - } - - retval = krb5_unparse_name(context, ticket->enc_part2->client, &princ); - if (retval) - com_err("uu-client", retval, "while unparsing client name"); - else { - printf("server is named \"%s\"\n", princ); - free(princ); - } - - retval = krb5_read_message(context, (krb5_pointer) &s, &reply); - if (retval) { - com_err("uu-client", retval, "reading reply from server"); - return 9; - } - - retval = krb5_rd_safe(context, auth_context, &reply, &msg, NULL); - if (retval) { - com_err("uu-client", retval, "decoding reply from server"); - return 10; - } - - printf ("uu-client: server says \"%s\".\n", msg.data); - return 0; + if (retval) { + com_err("uu-client", retval, "reading AP_REQ from server"); + return 9; + } + + retval = krb5_unparse_name(context, ticket->enc_part2->client, &princ); + if (retval) + com_err("uu-client", retval, "while unparsing client name"); + else { + printf("server is named \"%s\"\n", princ); + free(princ); + } + + retval = krb5_read_message(context, (krb5_pointer) &s, &reply); + if (retval) { + com_err("uu-client", retval, "reading reply from server"); + return 9; + } + + retval = krb5_rd_safe(context, auth_context, &reply, &msg, NULL); + if (retval) { + com_err("uu-client", retval, "decoding reply from server"); + return 10; + } + + printf ("uu-client: server says \"%s\".\n", msg.data); + return 0; } diff --git a/src/appl/user_user/server.c b/src/appl/user_user/server.c index 8a66bbd..25c7b10 100644 --- a/src/appl/user_user/server.c +++ b/src/appl/user_user/server.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * appl/user_user/server.c * @@ -45,187 +46,188 @@ /* fd 0 is a tcp socket used to talk to the client */ int main(argc, argv) -int argc; -char *argv[]; + int argc; + char *argv[]; { - krb5_data pname_data, tkt_data; - int sock = 0; - socklen_t l; - int retval; - struct sockaddr_in l_inaddr, f_inaddr; /* local, foreign address */ - krb5_creds creds, *new_creds; - krb5_ccache cc; - krb5_data msgtext, msg; - krb5_context context; + krb5_data pname_data, tkt_data; + int sock = 0; + socklen_t l; + int retval; + struct sockaddr_in l_inaddr, f_inaddr; /* local, foreign address */ + krb5_creds creds, *new_creds; + krb5_ccache cc; + krb5_data msgtext, msg; + krb5_context context; krb5_auth_context auth_context = NULL; #ifndef DEBUG - freopen("/tmp/uu-server.log", "w", stderr); + freopen("/tmp/uu-server.log", "w", stderr); #endif - retval = krb5_init_context(&context); - if (retval) { - com_err(argv[0], retval, "while initializing krb5"); - exit(1); - } + retval = krb5_init_context(&context); + if (retval) { + com_err(argv[0], retval, "while initializing krb5"); + exit(1); + } #ifdef DEBUG - { - int one = 1; - int acc; - struct servent *sp; - socklen_t namelen = sizeof(f_inaddr); - - if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) { - com_err("uu-server", errno, "creating socket"); - exit(3); - } - - l_inaddr.sin_family = AF_INET; - l_inaddr.sin_addr.s_addr = 0; - if (!(sp = getservbyname("uu-sample", "tcp"))) { - com_err("uu-server", 0, "can't find uu-sample/tcp service"); - exit(3); - } - (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof (one)); - l_inaddr.sin_port = sp->s_port; - if (bind(sock, (struct sockaddr *)&l_inaddr, sizeof(l_inaddr))) { - com_err("uu-server", errno, "binding socket"); - exit(3); - } - if (listen(sock, 1) == -1) { - com_err("uu-server", errno, "listening"); - exit(3); - } - if ((acc = accept(sock, (struct sockaddr *)&f_inaddr, &namelen)) == -1) { - com_err("uu-server", errno, "accepting"); - exit(3); - } - dup2(acc, 0); - close(sock); - sock = 0; - } + { + int one = 1; + int acc; + struct servent *sp; + socklen_t namelen = sizeof(f_inaddr); + + if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) { + com_err("uu-server", errno, "creating socket"); + exit(3); + } + + l_inaddr.sin_family = AF_INET; + l_inaddr.sin_addr.s_addr = 0; + if (!(sp = getservbyname("uu-sample", "tcp"))) { + com_err("uu-server", 0, "can't find uu-sample/tcp service"); + exit(3); + } + (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof (one)); + l_inaddr.sin_port = sp->s_port; + if (bind(sock, (struct sockaddr *)&l_inaddr, sizeof(l_inaddr))) { + com_err("uu-server", errno, "binding socket"); + exit(3); + } + if (listen(sock, 1) == -1) { + com_err("uu-server", errno, "listening"); + exit(3); + } + if ((acc = accept(sock, (struct sockaddr *)&f_inaddr, &namelen)) == -1) { + com_err("uu-server", errno, "accepting"); + exit(3); + } + dup2(acc, 0); + close(sock); + sock = 0; + } #endif - retval = krb5_read_message(context, (krb5_pointer) &sock, &pname_data); - if (retval) { - com_err ("uu-server", retval, "reading pname"); - return 2; - } - - retval = krb5_read_message(context, (krb5_pointer) &sock, &tkt_data); - if (retval) { - com_err ("uu-server", retval, "reading ticket data"); - return 2; - } - - retval = krb5_cc_default(context, &cc); - if (retval) { - com_err("uu-server", retval, "getting credentials cache"); - return 4; - } - - memset (&creds, 0, sizeof(creds)); - retval = krb5_cc_get_principal(context, cc, &creds.client); - if (retval) { - com_err("uu-client", retval, "getting principal name"); - return 6; - } - - /* client sends it already null-terminated. */ - printf ("uu-server: client principal is \"%s\".\n", pname_data.data); - - retval = krb5_parse_name(context, pname_data.data, &creds.server); - if (retval) { - com_err("uu-server", retval, "parsing client name"); - return 3; - } - - creds.second_ticket = tkt_data; - printf ("uu-server: client ticket is %d bytes.\n", - creds.second_ticket.length); - - retval = krb5_get_credentials(context, KRB5_GC_USER_USER, cc, - &creds, &new_creds); - if (retval) { - com_err("uu-server", retval, "getting user-user ticket"); - return 5; - } + retval = krb5_read_message(context, (krb5_pointer) &sock, &pname_data); + if (retval) { + com_err ("uu-server", retval, "reading pname"); + return 2; + } + + retval = krb5_read_message(context, (krb5_pointer) &sock, &tkt_data); + if (retval) { + com_err ("uu-server", retval, "reading ticket data"); + return 2; + } + + retval = krb5_cc_default(context, &cc); + if (retval) { + com_err("uu-server", retval, "getting credentials cache"); + return 4; + } + + memset (&creds, 0, sizeof(creds)); + retval = krb5_cc_get_principal(context, cc, &creds.client); + if (retval) { + com_err("uu-client", retval, "getting principal name"); + return 6; + } + + /* client sends it already null-terminated. */ + printf ("uu-server: client principal is \"%s\".\n", pname_data.data); + + retval = krb5_parse_name(context, pname_data.data, &creds.server); + if (retval) { + com_err("uu-server", retval, "parsing client name"); + return 3; + } + + creds.second_ticket = tkt_data; + printf ("uu-server: client ticket is %d bytes.\n", + creds.second_ticket.length); + + retval = krb5_get_credentials(context, KRB5_GC_USER_USER, cc, + &creds, &new_creds); + if (retval) { + com_err("uu-server", retval, "getting user-user ticket"); + return 5; + } #ifndef DEBUG - l = sizeof(f_inaddr); - if (getpeername(0, (struct sockaddr *)&f_inaddr, &l) == -1) + l = sizeof(f_inaddr); + if (getpeername(0, (struct sockaddr *)&f_inaddr, &l) == -1) { - com_err("uu-server", errno, "getting client address"); - return 6; + com_err("uu-server", errno, "getting client address"); + return 6; } #endif - l = sizeof(l_inaddr); - if (getsockname(0, (struct sockaddr *)&l_inaddr, &l) == -1) + l = sizeof(l_inaddr); + if (getsockname(0, (struct sockaddr *)&l_inaddr, &l) == -1) { - com_err("uu-server", errno, "getting local address"); - return 6; - } - - /* send a ticket/authenticator to the other side, so it can get the key - we're using for the krb_safe below. */ - - retval = krb5_auth_con_init(context, &auth_context); - if (retval) { - com_err("uu-server", retval, "making auth_context"); - return 8; - } - - retval = krb5_auth_con_setflags(context, auth_context, - KRB5_AUTH_CONTEXT_DO_SEQUENCE); - if (retval) { - com_err("uu-server", retval, "initializing the auth_context flags"); - return 8; - } - - retval = - krb5_auth_con_genaddrs(context, auth_context, sock, - KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR | - KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR); - if (retval) { - com_err("uu-server", retval, "generating addrs for auth_context"); - return 9; - } + com_err("uu-server", errno, "getting local address"); + return 6; + } + + /* send a ticket/authenticator to the other side, so it can get the key + we're using for the krb_safe below. */ + + retval = krb5_auth_con_init(context, &auth_context); + if (retval) { + com_err("uu-server", retval, "making auth_context"); + return 8; + } + + retval = krb5_auth_con_setflags(context, auth_context, + KRB5_AUTH_CONTEXT_DO_SEQUENCE); + if (retval) { + com_err("uu-server", retval, "initializing the auth_context flags"); + return 8; + } + + retval = + krb5_auth_con_genaddrs(context, auth_context, sock, + KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR | + KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR); + if (retval) { + com_err("uu-server", retval, "generating addrs for auth_context"); + return 9; + } #if 1 - retval = krb5_mk_req_extended(context, &auth_context, - AP_OPTS_USE_SESSION_KEY, - NULL, new_creds, &msg); - if (retval) { - com_err("uu-server", retval, "making AP_REQ"); - return 8; - } - retval = krb5_write_message(context, (krb5_pointer) &sock, &msg); + retval = krb5_mk_req_extended(context, &auth_context, + AP_OPTS_USE_SESSION_KEY, + NULL, new_creds, &msg); + if (retval) { + com_err("uu-server", retval, "making AP_REQ"); + return 8; + } + retval = krb5_write_message(context, (krb5_pointer) &sock, &msg); #else - retval = krb5_sendauth(context, &auth_context, (krb5_pointer)&sock,"???", 0, - 0, AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SESSION_KEY, - NULL, &creds, cc, NULL, NULL, NULL); + retval = krb5_sendauth(context, &auth_context, (krb5_pointer)&sock, "???", + 0, 0, + AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SESSION_KEY, + NULL, &creds, cc, NULL, NULL, NULL); #endif - if (retval) - goto cl_short_wrt; + if (retval) + goto cl_short_wrt; - free(msg.data); + free(msg.data); - msgtext.length = 32; - msgtext.data = "Hello, other end of connection."; + msgtext.length = 32; + msgtext.data = "Hello, other end of connection."; - retval = krb5_mk_safe(context, auth_context, &msgtext, &msg, NULL); - if (retval) { - com_err("uu-server", retval, "encoding message to client"); - return 6; - } + retval = krb5_mk_safe(context, auth_context, &msgtext, &msg, NULL); + if (retval) { + com_err("uu-server", retval, "encoding message to client"); + return 6; + } - retval = krb5_write_message(context, (krb5_pointer) &sock, &msg); - if (retval) { - cl_short_wrt: - com_err("uu-server", retval, "writing message to client"); - return 7; - } + retval = krb5_write_message(context, (krb5_pointer) &sock, &msg); + if (retval) { + cl_short_wrt: + com_err("uu-server", retval, "writing message to client"); + return 7; + } - return 0; + return 0; } |