Between the 1.1 and 1.2 releases of Kerberos, the gss-sample protocol

changed. People seem to use this sample for interop testing, so support for the old protocol is needed. This commit adds a -v1 flag to the gss-client that will use the old protocol. The server does not yet support the old protocol, so the ticket remains open. Ticket: 881 Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15103 dc483132-0cff-0310-8789-dd5450dbe970
author: Sam Hartman <hartmans@mit.edu> 2003-01-09 21:12:34 +0000
committer: Sam Hartman <hartmans@mit.edu> 2003-01-09 21:12:34 +0000
commit: 31d1da1652f8bd41ed923a8f9ebfee53c56bca77 (patch)
tree: b862c055b8f9df995e92b685d7692d1a993dc8b5 /src/appl
parent: feeddfda374fa7ed597c0ee81e40839923d66c53 (diff)
download: krb5-31d1da1652f8bd41ed923a8f9ebfee53c56bca77.zip
krb5-31d1da1652f8bd41ed923a8f9ebfee53c56bca77.tar.gz
krb5-31d1da1652f8bd41ed923a8f9ebfee53c56bca77.tar.bz2
4 files changed, 69 insertions, 30 deletions
diff --git a/src/appl/gss-sample/ChangeLog b/src/appl/gss-sample/ChangeLog
index 08e8491..50b003c 100644
--- a/src/appl/gss-sample/ChangeLog
+++ b/src/appl/gss-sample/ChangeLog
@@ -1,3 +1,11 @@
+2003-01-08  Sam Hartman  <hartmans@mit.edu>
+
+	* gss-misc.c (recv_token): Support reading 0 token flags as part of length
+
+	* gss-client.c :  Support a -v1 argument meaning that no token flags are used o,
+
+	* gss-misc.c (send_token): If token flags are null, do not send them.
+
 2002-12-30  Ken Raeburn  <raeburn@mit.edu>
 
 	* gss-misc.c (send_token, recv_token): Open-code the math to send
diff --git a/src/appl/gss-sample/README b/src/appl/gss-sample/README
index ac90086..8fc7cfe 100644
--- a/src/appl/gss-sample/README
+++ b/src/appl/gss-sample/README
@@ -51,6 +51,10 @@ times|
   
 	8. The client and server close the TCP/IP connection and
 	   destroy the GSS-API context.
+
+The client also supports the -v1 flag which uses an older exchange
+format compatible with previous releases of Kerberos and with samples
+shipped in the Microsoft SDK.
   
 The server's command line usage is
   
diff --git a/src/appl/gss-sample/gss-client.c b/src/appl/gss-sample/gss-client.c
index efd0f4c..a66c0c9 100644
--- a/src/appl/gss-sample/gss-client.c
+++ b/src/appl/gss-sample/gss-client.c
@@ -47,7 +47,7 @@ static void usage()
 {
      fprintf(stderr, "Usage: gss-client [-port port] [-mech mechanism] [-d]\n");
      fprintf(stderr, "       [-f] [-q] [-ccount count] [-mcount count]\n");
-     fprintf(stderr, "       [-na] [-nw] [-nx] [-nm] host service msg\n");
+     fprintf(stderr, "       [-v1] [-na] [-nw] [-nx] [-nm] host service msg\n");
      exit(1);
 }
 
@@ -128,13 +128,14 @@ static int connect_to_server(host, port)
  * unsuccessful, the GSS-API error messages are displayed on stderr
  * and -1 is returned.
  */
-static int client_establish_context(s, service_name, deleg_flag, auth_flag, 
-				    oid, gss_context, ret_flags)
+static int client_establish_context(s, service_name, deleg_flag, auth_flag,
+				    v1_format, oid, gss_context, ret_flags)
      int s;
      char *service_name;
      gss_OID oid;
      OM_uint32 deleg_flag;
      int auth_flag;
+     int v1_format;
      gss_ctx_id_t *gss_context;
      OM_uint32 *ret_flags;
 {
@@ -157,9 +158,11 @@ static int client_establish_context(s, service_name, deleg_flag, auth_flag,
 	 return -1;
        }
      
-       if (send_token(s, TOKEN_NOOP|TOKEN_CONTEXT_NEXT, empty_token) < 0) {
-	 (void) gss_release_name(&min_stat, &target_name);
-	 return -1;
+       if (!v1_format) {
+	 if (send_token(s, TOKEN_NOOP|TOKEN_CONTEXT_NEXT, empty_token) < 0) {
+	   (void) gss_release_name(&min_stat, &target_name);
+	   return -1;
+	 }
        }
 
        /*
@@ -205,7 +208,7 @@ static int client_establish_context(s, service_name, deleg_flag, auth_flag,
 	   if (verbose)
 	     printf("Sending init_sec_context token (size=%d)...",
 		    (int) send_tok.length);
-	   if (send_token(s, TOKEN_CONTEXT, &send_tok) < 0) {
+	   if (send_token(s, v1_format?0:TOKEN_CONTEXT, &send_tok) < 0) {
 	     (void) gss_release_buffer(&min_stat, &send_tok);
 	     (void) gss_release_name(&min_stat, &target_name);
 	     return -1;
@@ -318,7 +321,7 @@ static void read_file(file_name, in_buf)
  * verifies it with gss_verify.  -1 is returned if any step fails,
  * otherwise 0 is returned.  */
 static int call_server(host, port, oid, service_name, deleg_flag, auth_flag,
-		       wrap_flag, encrypt_flag, mic_flag, msg, use_file,
+		       wrap_flag, encrypt_flag, mic_flag, v1_format, msg, use_file,
 		       mcount)
      char *host;
      u_short port;
@@ -326,6 +329,7 @@ static int call_server(host, port, oid, service_name, deleg_flag, auth_flag,
      char *service_name;
      OM_uint32 deleg_flag;
      int auth_flag, wrap_flag, encrypt_flag, mic_flag;
+     int v1_format;
      char *msg;
      int use_file;
      int mcount;
@@ -354,7 +358,8 @@ static int call_server(host, port, oid, service_name, deleg_flag, auth_flag,
 
      /* Establish context */
      if (client_establish_context(s, service_name, deleg_flag, auth_flag,
-				  oid, &context, &ret_flags) < 0) {
+				  v1_format, oid, &context,
+				  &ret_flags) < 0) {
 	  (void) close(s);
 	  return -1;
      }
@@ -474,10 +479,11 @@ static int call_server(host, port, oid, service_name, deleg_flag, auth_flag,
        }
 
        /* Send to server */
-       if (send_token(s, (TOKEN_DATA |
+       if (send_token(s, (v1_format?0
+			  :(TOKEN_DATA |
 			  (wrap_flag ? TOKEN_WRAPPED : 0) |
 			  (encrypt_flag ? TOKEN_ENCRYPTED : 0) |
-			  (mic_flag ? TOKEN_SEND_MIC : 0)), &out_buf) < 0) {
+			  (mic_flag ? TOKEN_SEND_MIC : 0))), &out_buf) < 0) {
 	 (void) close(s);
 	 (void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER);
 	 return -1;
@@ -518,6 +524,7 @@ static int call_server(host, port, oid, service_name, deleg_flag, auth_flag,
        free(in_buf.value);
 
      /* Send NOOP */
+     if (!v1_format)
      (void) send_token(s, TOKEN_NOOP, empty_token);
 
      if (auth_flag) {
@@ -578,10 +585,11 @@ int main(argc, argv)
      gss_OID oid = GSS_C_NULL_OID;
      int mcount = 1, ccount = 1;
      int i;
-     int auth_flag, wrap_flag, encrypt_flag, mic_flag;
+     int auth_flag, wrap_flag, encrypt_flag, mic_flag, v1_format;
 
      display_file = stdout;
      auth_flag = wrap_flag = encrypt_flag = mic_flag = 1;
+     v1_format = 0;
 
      /* Parse arguments. */
      argc--; argv++;
@@ -618,8 +626,10 @@ int main(argc, argv)
 	    encrypt_flag = 0;
 	  } else if (strcmp(*argv, "-nm") == 0) {
 	    mic_flag = 0;
-	  } else 
-	       break;
+	  } else  if (strcmp(*argv, "-v1") == 0) {
+	    v1_format = 1;
+	  } else
+	    break;
 	  argc--; argv++;
      }
      if (argc != 3)
@@ -635,7 +645,7 @@ int main(argc, argv)
      for (i = 0; i < ccount; i++) {
        if (call_server(server_host, port, oid, service_name,
 		       deleg_flag, auth_flag, wrap_flag, encrypt_flag, mic_flag,
-		       msg, use_file, mcount) < 0)
+		       v1_format, 		       msg, use_file, mcount) < 0)
 	 exit(1);
      }
 
diff --git a/src/appl/gss-sample/gss-misc.c b/src/appl/gss-sample/gss-misc.c
index 9a2dd0b..183306c 100644
--- a/src/appl/gss-sample/gss-misc.c
+++ b/src/appl/gss-sample/gss-misc.c
@@ -109,11 +109,11 @@ static int read_all(int fildes, char *buf, unsigned int nbyte)
  *
  * Effects:
  *
- * send_token writes the token flags (a single byte, even though
- * they're passed in in an integer), then the token length (as a
- * network long) and then the token data to the file descriptor s.  It
- * returns 0 on success, and -1 if an error occurs or if it could not
- * write all the data.
+ * If the flags are non-null, send_token writes the token flags (a
+ * single byte, even though they're passed in in an integer). Next,
+ * the token length (as a network long) and then the token data are
+ * written to the file descriptor s.  It returns 0 on success, and -1
+ * if an error occurs or if it could not write all the data.
  */
 int send_token(s, flags, tok)
      int s;
@@ -124,12 +124,13 @@ int send_token(s, flags, tok)
      unsigned char char_flags = (unsigned char) flags;
      unsigned char lenbuf[4];
 
-     ret = write_all(s, (char *)&char_flags, 1);
-     if (ret != 1) {
-       perror("sending token flags");
-       return -1;
+     if (char_flags) {
+	 ret = write_all(s, (char *)&char_flags, 1);
+	 if (ret != 1) {
+	     perror("sending token flags");
+	     return -1;
+	 }
      }
-
      if (tok->length > 0xffffffffUL)
 	 abort();
      lenbuf[0] = (tok->length >> 24) & 0xff;
@@ -208,16 +209,32 @@ int recv_token(s, flags, tok)
        *flags = (int) char_flags;
      }
 
-     ret = read_all(s, lenbuf, 4);
+     if (char_flags == 0 ) {
+     lenbuf[0] = 0;
+     ret = read_all(s, &lenbuf[1], 3);
      if (ret < 0) {
-	  perror("reading token length");
-	  return -1;
-     } else if (ret != 4) {
+	 perror("reading token length");
+	 return -1;
+     } else if (ret != 3) {
 	 if (display_file)
 	     fprintf(display_file, 
 		     "reading token length: %d of %d bytes read\n", 
-		     ret, 4);
+		     ret, 3);
+	 return -1;
+     }
+     }
+     else {
+       ret = read_all(s, lenbuf, 4);
+       if (ret < 0) {
+	 perror("reading token length");
+	 return -1;
+       } else if (ret != 4) {
+	 if (display_file)
+	   fprintf(display_file, 
+		   "reading token length: %d of %d bytes read\n", 
+		   ret, 4);
 	 return -1;
+       }
      }
 
      tok->length = ((lenbuf[0] << 24)
author	Sam Hartman <hartmans@mit.edu>	2003-01-09 21:12:34 +0000
committer	Sam Hartman <hartmans@mit.edu>	2003-01-09 21:12:34 +0000
commit	31d1da1652f8bd41ed923a8f9ebfee53c56bca77 (patch)
tree	b862c055b8f9df995e92b685d7692d1a993dc8b5 /src/appl
parent	feeddfda374fa7ed597c0ee81e40839923d66c53 (diff)
download	krb5-31d1da1652f8bd41ed923a8f9ebfee53c56bca77.zip krb5-31d1da1652f8bd41ed923a8f9ebfee53c56bca77.tar.gz krb5-31d1da1652f8bd41ed923a8f9ebfee53c56bca77.tar.bz2