1 /* client-priv.c --- Sample Shishi authenticated client, with privacy
2 * protected application data exchange.
3 * Copyright (C) 2003, 2004, 2007 Simon Josefsson
5 * This file is part of Shishi.
7 * Shishi is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * Shishi is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with Shishi; if not, see http://www.gnu.org/licenses or write
19 * to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
20 * Floor, Boston, MA 02110-1301, USA
30 #define SERVICE "sample"
33 const char *program_name
= "client";
36 doit (Shishi
* handle
, Shishi_ap
* ap
, int verbose
)
41 printf ("Application exchange start. Press ^D to finish.\n");
43 while (fgets (line
, sizeof (line
), stdin
))
47 line
[strlen(line
)-1] = '\0';
48 printf ("read: %s\n", line
);
50 res
= shishi_priv (handle
, &priv
);
53 printf ("Could not build PRIV: %s\n", shishi_strerror (res
));
57 res
= shishi_encprivpart_set_user_data (handle
,
58 shishi_priv_encprivpart (priv
),
62 printf ("Could not set application data in PRIV: %s\n",
63 shishi_strerror (res
));
67 res
= shishi_priv_build (priv
, shishi_ap_key (ap
));
70 printf ("Could not build PRIV: %s\n", shishi_strerror (res
));
74 res
= shishi_priv_print (handle
, stdout
, shishi_priv_priv (priv
));
77 printf ("Could not print PRIV: %s\n", shishi_strerror (res
));
84 printf ("error reading stdin\n");
92 auth (Shishi
* h
, int verbose
, const char *cname
, const char *sname
)
96 Shishi_tkts_hint hint
;
99 printf ("Client: %s\n", cname
);
100 printf ("Server: %s\n", sname
);
102 /* Get a ticket for the server. */
104 memset (&hint
, 0, sizeof (hint
));
105 hint
.client
= (char *) cname
;
106 hint
.server
= (char *) sname
;
107 tkt
= shishi_tkts_get (shishi_tkts_default (h
), &hint
);
110 printf ("cannot find ticket for \"%s\"\n", sname
);
115 shishi_tkt_pretty_print (tkt
, stderr
);
117 /* Create Authentication context */
119 rc
= shishi_ap_tktoptions (h
, &ap
, tkt
, SHISHI_APOPTIONS_MUTUAL_REQUIRED
);
122 printf ("cannot create authentication context\n");
126 /* Build Authentication request */
128 rc
= shishi_ap_req_build (ap
);
131 printf ("cannot build authentication request: %s\n",
132 shishi_strerror (rc
));
137 shishi_authenticator_print (h
, stderr
, shishi_ap_authenticator (ap
));
139 /* Authentication ourself to server */
141 shishi_apreq_print (h
, stdout
, shishi_ap_req (ap
));
142 /* Note: to get the binary blob to send, use:
144 * char *out; int outlen;
146 * rc = shishi_ap_req_der (ap, &out, &outlen);
148 * write(fd, out, outlen);
151 /* For mutual authentication, wait for server reply. */
153 if (shishi_apreq_mutual_required_p (h
, shishi_ap_req (ap
)))
157 printf ("Waiting for server to authenticate itself...\n");
159 rc
= shishi_aprep_parse (h
, stdin
, &aprep
);
162 printf ("Cannot parse AP-REP from server: %s\n",
163 shishi_strerror (rc
));
167 rc
= shishi_ap_rep_verify_asn1 (ap
, aprep
);
169 printf ("AP-REP verification OK...\n");
172 if (rc
== SHISHI_APREP_VERIFY_FAILED
)
173 printf ("AP-REP verification failed...\n");
175 printf ("AP-REP verification error: %s\n", shishi_strerror (rc
));
179 /* The server is authenticated. */
180 printf ("Server authenticated.\n");
183 /* We are now authenticated. */
184 printf ("User authenticated.\n");
190 main (int argc
, char *argv
[])
197 printf ("sample-client (shishi " SHISHI_VERSION
")\n");
199 if (!shishi_check_version (SHISHI_VERSION
))
201 printf ("shishi_check_version() failed:\n"
202 "Header file incompatible with shared library.\n");
206 rc
= shishi_init (&h
);
209 printf ("error initializing shishi: %s\n", shishi_strerror (rc
));
216 sname
= shishi_server_for_local_service (h
, SERVICE
);
218 ap
= auth (h
, 1, shishi_principal_default (h
), sname
);
221 rc
= doit (h
, ap
, 1);