examples/client.c

   1 /* client.c --- Sample client with authentication using Shishi.
   2  * Copyright (C) 2003, 2004, 2007  Simon Josefsson
   3  *
   4  * This file is part of Shishi.
   5  *
   6  * Shishi is free software; you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License as published by
   8  * the Free Software Foundation; either version 3 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * Shishi is distributed in the hope that it will be useful, but
  12  * WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with Shishi; if not, see http://www.gnu.org/licenses or write
  18  * to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
  19  * Floor, Boston, MA 02110-1301, USA
  20  *
  21  */
  22
  23 #include <stdio.h>
  24 #include <stdlib.h>
  25 #include <string.h>
  26
  27 #include <shishi.h>
  28
  29 #define SERVICE "sample"
  30
  31 /* XXX remove this */
  32 const char *program_name = "client";
  33
  34 static Shishi_ap *
  35 auth (Shishi * h, int verbose, const char *cname, const char *sname)
  36 {
  37   Shishi_ap *ap;
  38   Shishi_tkt *tkt;
  39   Shishi_tkts_hint hint;
  40   int rc;
  41
  42   printf ("Client: %s\n", cname);
  43   printf ("Server: %s\n", sname);
  44
  45   /* Get a ticket for the server. */
  46
  47   memset (&hint, 0, sizeof (hint));
  48   hint.client = (char *) cname;
  49   hint.server = (char *) sname;
  50   tkt = shishi_tkts_get (shishi_tkts_default (h), &hint);
  51   if (!tkt)
  52     {
  53       printf ("cannot find ticket for \"%s\"\n", sname);
  54       return NULL;
  55     }
  56
  57   if (verbose)
  58     shishi_tkt_pretty_print (tkt, stderr);
  59
  60   /* Create Authentication context */
  61
  62   rc = shishi_ap_tktoptions (h, &ap, tkt, SHISHI_APOPTIONS_MUTUAL_REQUIRED);
  63   if (rc != SHISHI_OK)
  64     {
  65       printf ("cannot create authentication context\n");
  66       return NULL;
  67     }
  68
  69   /* Build Authentication request */
  70
  71   rc = shishi_ap_req_build (ap);
  72   if (rc != SHISHI_OK)
  73     {
  74       printf ("cannot build authentication request: %s\n",
  75               shishi_strerror (rc));
  76       return NULL;
  77     }
  78
  79   if (verbose)
  80     shishi_authenticator_print (h, stderr, shishi_ap_authenticator (ap));
  81
  82   /* Authentication ourself to server */
  83
  84   shishi_apreq_print (h, stdout, shishi_ap_req (ap));
  85   /* Note: to get the binary blob to send, use:
  86    *
  87    * char *out; int outlen;
  88    * ...
  89    * rc = shishi_ap_req_der (ap, &out, &outlen);
  90    * ...
  91    * write(fd, out, outlen);
  92    */
  93
  94   /* For mutual authentication, wait for server reply. */
  95
  96   if (shishi_apreq_mutual_required_p (h, shishi_ap_req (ap)))
  97     {
  98       Shishi_asn1 aprep;
  99
 100       printf ("Cut'n'paste AP-REP from server...\n");
 101
 102       rc = shishi_aprep_parse (h, stdin, &aprep);
 103       if (rc != SHISHI_OK)
 104         {
 105           printf ("Cannot parse AP-REP from server: %s\n",
 106                   shishi_strerror (rc));
 107           return NULL;
 108         }
 109
 110       rc = shishi_ap_rep_verify_asn1 (ap, aprep);
 111       if (rc == SHISHI_OK)
 112         printf ("AP-REP verification OK...\n");
 113       else
 114         {
 115           if (rc == SHISHI_APREP_VERIFY_FAILED)
 116             printf ("AP-REP verification failed...\n");
 117           else
 118             printf ("AP-REP verification error: %s\n", shishi_strerror (rc));
 119           return NULL;
 120         }
 121
 122       /* The server is authenticated. */
 123       printf ("Server authenticated.\n");
 124     }
 125
 126   /* We are now authenticated. */
 127   printf ("User authenticated.\n");
 128
 129   return ap;
 130 }
 131
 132 int
 133 main (int argc, char *argv[])
 134 {
 135   Shishi *h;
 136   Shishi_ap *ap;
 137   char *sname;
 138   int rc;
 139
 140   printf ("sample-client (shishi " SHISHI_VERSION ")\n");
 141
 142   if (!shishi_check_version (SHISHI_VERSION))
 143     {
 144       printf ("shishi_check_version() failed:\n"
 145               "Header file incompatible with shared library.\n");
 146       return 1;
 147     }
 148
 149   rc = shishi_init (&h);
 150   if (rc != SHISHI_OK)
 151     {
 152       printf ("error initializing shishi: %s\n", shishi_strerror (rc));
 153       return 1;
 154     }
 155
 156   if (argc > 1)
 157     sname = argv[1];
 158   else
 159     sname = shishi_server_for_local_service (h, SERVICE);
 160
 161   ap = auth (h, 1, shishi_principal_default (h), sname);
 162
 163   if (ap)
 164     {
 165       printf ("Authentication done...\n");
 166       rc = 0;
 167     }
 168   else
 169     rc = 1;
 170
 171   shishi_done (h);
 172
 173   return rc;
 174 }