search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add GPLv3, since automake installs GPLv2.
[shishi.git] / examples / client-priv.c
blob964d4a1e9aa519174ce703b221e60c07085e7979
1 /* client-priv.c --- Sample Shishi authenticated client, with privacy
2 * protected application data exchange.
3 * Copyright (C) 2003, 2004, 2007 Simon Josefsson
4 *
5 * This file is part of Shishi.
6 *
7 * Shishi is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * Shishi is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with Shishi; if not, see http://www.gnu.org/licenses or write
19 * to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
20 * Floor, Boston, MA 02110-1301, USA
21 *
22 */
23
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <string.h>
27
28 #include <shishi.h>
29
30 #define SERVICE "sample"
31
32 /* XXX remove this */
33 const char *program_name = "client";
34
35 static int
36 doit (Shishi * handle, Shishi_ap * ap, int verbose)
37 {
38 char line[BUFSIZ];
39 int res;
40
41 printf ("Application exchange start. Press ^D to finish.\n");
42
43 while (fgets (line, sizeof (line), stdin))
44 {
45 Shishi_priv *priv;
46
47 line[strlen(line)-1] = '\0';
48 printf ("read: %s\n", line);
49
50 res = shishi_priv (handle, &priv);
51 if (res != SHISHI_OK)
52 {
53 printf ("Could not build PRIV: %s\n", shishi_strerror (res));
54 return res;
55 }
56
57 res = shishi_encprivpart_set_user_data (handle,
58 shishi_priv_encprivpart (priv),
59 line, strlen (line));
60 if (res != SHISHI_OK)
61 {
62 printf ("Could not set application data in PRIV: %s\n",
63 shishi_strerror (res));
64 return res;
65 }
66
67 res = shishi_priv_build (priv, shishi_ap_key (ap));
68 if (res != SHISHI_OK)
69 {
70 printf ("Could not build PRIV: %s\n", shishi_strerror (res));
71 return res;
72 }
73
74 res = shishi_priv_print (handle, stdout, shishi_priv_priv (priv));
75 if (res != SHISHI_OK)
76 {
77 printf ("Could not print PRIV: %s\n", shishi_strerror (res));
78 return res;
79 }
80 }
81
82 if (ferror (stdin))
83 {
84 printf ("error reading stdin\n");
85 return 1;
86 }
87
88 return 0;
89 }
90
91 static Shishi_ap *
92 auth (Shishi * h, int verbose, const char *cname, const char *sname)
93 {
94 Shishi_ap *ap;
95 Shishi_tkt *tkt;
96 Shishi_tkts_hint hint;
97 int rc;
98
99 printf ("Client: %s\n", cname);
100 printf ("Server: %s\n", sname);
101
102 /* Get a ticket for the server. */
103
104 memset (&hint, 0, sizeof (hint));
105 hint.client = (char *) cname;
106 hint.server = (char *) sname;
107 tkt = shishi_tkts_get (shishi_tkts_default (h), &hint);
108 if (!tkt)
109 {
110 printf ("cannot find ticket for \"%s\"\n", sname);
111 return NULL;
112 }
113
114 if (verbose)
115 shishi_tkt_pretty_print (tkt, stderr);
116
117 /* Create Authentication context */
118
119 rc = shishi_ap_tktoptions (h, &ap, tkt, SHISHI_APOPTIONS_MUTUAL_REQUIRED);
120 if (rc != SHISHI_OK)
121 {
122 printf ("cannot create authentication context\n");
123 return NULL;
124 }
125
126 /* Build Authentication request */
127
128 rc = shishi_ap_req_build (ap);
129 if (rc != SHISHI_OK)
130 {
131 printf ("cannot build authentication request: %s\n",
132 shishi_strerror (rc));
133 return NULL;
134 }
135
136 if (verbose)
137 shishi_authenticator_print (h, stderr, shishi_ap_authenticator (ap));
138
139 /* Authentication ourself to server */
140
141 shishi_apreq_print (h, stdout, shishi_ap_req (ap));
142 /* Note: to get the binary blob to send, use:
143 *
144 * char *out; int outlen;
145 * ...
146 * rc = shishi_ap_req_der (ap, &out, &outlen);
147 * ...
148 * write(fd, out, outlen);
149 */
150
151 /* For mutual authentication, wait for server reply. */
152
153 if (shishi_apreq_mutual_required_p (h, shishi_ap_req (ap)))
154 {
155 Shishi_asn1 aprep;
156
157 printf ("Waiting for server to authenticate itself...\n");
158
159 rc = shishi_aprep_parse (h, stdin, &aprep);
160 if (rc != SHISHI_OK)
161 {
162 printf ("Cannot parse AP-REP from server: %s\n",
163 shishi_strerror (rc));
164 return NULL;
165 }
166
167 rc = shishi_ap_rep_verify_asn1 (ap, aprep);
168 if (rc == SHISHI_OK)
169 printf ("AP-REP verification OK...\n");
170 else
171 {
172 if (rc == SHISHI_APREP_VERIFY_FAILED)
173 printf ("AP-REP verification failed...\n");
174 else
175 printf ("AP-REP verification error: %s\n", shishi_strerror (rc));
176 return NULL;
177 }
178
179 /* The server is authenticated. */
180 printf ("Server authenticated.\n");
181 }
182
183 /* We are now authenticated. */
184 printf ("User authenticated.\n");
185
186 return ap;
187 }
188
189 int
190 main (int argc, char *argv[])
191 {
192 Shishi *h;
193 Shishi_ap *ap;
194 char *sname;
195 int rc;
196
197 printf ("sample-client (shishi " SHISHI_VERSION ")\n");
198
199 if (!shishi_check_version (SHISHI_VERSION))
200 {
201 printf ("shishi_check_version() failed:\n"
202 "Header file incompatible with shared library.\n");
203 return 1;
204 }
205
206 rc = shishi_init (&h);
207 if (rc != SHISHI_OK)
208 {
209 printf ("error initializing shishi: %s\n", shishi_strerror (rc));
210 return 1;
211 }
212
213 if (argc > 1)
214 sname = argv[1];
215 else
216 sname = shishi_server_for_local_service (h, SERVICE);
217
218 ap = auth (h, 1, shishi_principal_default (h), sname);
219
220 if (ap)
221 rc = doit (h, ap, 1);
222 else
223 rc = 1;
224
225 shishi_done (h);
226
227 return rc;
228 }
Free Kerberos V5 implementation