search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix standalone libtasn1.
[shishi.git] / examples / client-cksum.c
blob9c9a1e624269d6fd5981eb480920be04ab4616ed
1 /* client-cksum.c sample kerberos authenticated client with checksum
2 * Copyright (C) 2003 Simon Josefsson
3 *
4 * This file is part of Shishi.
5 *
6 * Shishi is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * Shishi is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with Shishi; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 *
20 */
21
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25
26 #include <shishi.h>
27
28 #define SERVICE "sample"
29
30 /* XXX remove this */
31 const char *program_name = "client";
32
33 static int
34 doit (Shishi * handle, Shishi_ap * ap, int verbose)
35 {
36 char line[BUFSIZ];
37
38 #if 0
39 /* XXX Unfinished application-level security */
40 res = shishi_safe (handle, &safe);
41 if (res != SHISHI_OK)
42 {
43 printf ("Could not build SAFE: %s\n", shishi_strerror (res));
44 return res;
45 }
46
47 res = shishi_safe_set_user_data (handle, shishi_safe_safe (safe), "foo", 0);
48 if (res != SHISHI_OK)
49 {
50 printf ("Could not set application data in SAFE: %s\n",
51 shishi_strerror (res));
52 return res;
53 }
54
55 res = shishi_safe_build (safe, key);
56 if (res != SHISHI_OK)
57 {
58 printf ("Could not build SAFE: %s\n", shishi_strerror (res));
59 return res;
60 }
61
62 res = shishi_safe_print (handle, stdout, shishi_safe_safe (safe));
63 if (res != SHISHI_OK)
64 {
65 printf ("Could not print SAFE: %s\n", shishi_strerror (res));
66 return res;
67 }
68 #endif
69
70 printf ("Application exchange start. Press ^D to finish.\n");
71
72 while (fgets (line, sizeof (line), stdin))
73 {
74 printf ("read: %s", line);
75 }
76
77 if (ferror (stdin))
78 {
79 printf ("error reading stdin\n");
80 return 1;
81 }
82
83 return 0;
84 }
85
86 static Shishi_ap *
87 auth (Shishi * h, int verbose, const char *cname, const char *sname)
88 {
89 Shishi_ap *ap;
90 Shishi_tkt *tkt;
91 Shishi_tkts_hint hint;
92 int rc;
93
94 printf ("Client: %s\n", cname);
95 printf ("Server: %s\n", sname);
96
97 /* Get a ticket for the server. */
98
99 memset (&hint, 0, sizeof (hint));
100 hint.client = (char *) cname;
101 hint.server = (char *) sname;
102 tkt = shishi_tkts_get (shishi_tkts_default (h), &hint);
103 if (!tkt)
104 {
105 printf ("cannot find ticket for \"%s\"\n", sname);
106 return NULL;
107 }
108
109 if (verbose)
110 shishi_tkt_pretty_print (tkt, stderr);
111
112 /* Create Authentication context */
113
114 rc = shishi_ap_tktoptions (h, &ap, tkt, SHISHI_APOPTIONS_MUTUAL_REQUIRED);
115 if (rc != SHISHI_OK)
116 {
117 printf ("cannot create authentication context\n");
118 return NULL;
119 }
120
121 /* Add checksum of some application data to the AP.
122 *
123 * Note that only a pointer to this memory area is stored in the AP,
124 * so you MUST keep it allocated, at least until
125 * shishi_ap_req_build(ap) is finished. This might be changed in
126 * the future, probably by copying the data into the AP.
127 */
128
129 shishi_ap_authenticator_cksumdata_set (ap, "attack at dawn",
130 strlen ("attack at dawn"));
131
132 /* Build Authentication request */
133
134 rc = shishi_ap_req_build (ap);
135 if (rc != SHISHI_OK)
136 {
137 printf ("cannot build authentication request: %s\n",
138 shishi_strerror (rc));
139 return NULL;
140 }
141
142 if (verbose)
143 shishi_authenticator_print (h, stderr, shishi_ap_authenticator (ap));
144
145 /* Authentication ourself to server */
146
147 shishi_apreq_print (h, stdout, shishi_ap_req (ap));
148 /* Note: to get the binary blob to send, use:
149 *
150 * char *out; int outlen;
151 * ...
152 * rc = shishi_ap_req_der (ap, &out, &outlen);
153 * ...
154 * write(fd, out, outlen);
155 */
156
157 /* For mutual authentication, wait for server reply. */
158
159 if (shishi_apreq_mutual_required_p (h, shishi_ap_req (ap)))
160 {
161 Shishi_asn1 aprep;
162
163 printf ("Waiting for server to authenticate itself...\n");
164
165 rc = shishi_aprep_parse (h, stdin, &aprep);
166 if (rc != SHISHI_OK)
167 {
168 printf ("Cannot parse AP-REP from server: %s\n",
169 shishi_strerror (rc));
170 return NULL;
171 }
172
173 rc = shishi_ap_rep_verify_asn1 (ap, aprep);
174 if (rc == SHISHI_OK)
175 printf ("AP-REP verification OK...\n");
176 else
177 {
178 if (rc == SHISHI_APREP_VERIFY_FAILED)
179 printf ("AP-REP verification failed...\n");
180 else
181 printf ("AP-REP verification error: %s\n", shishi_strerror (rc));
182 return NULL;
183 }
184
185 /* The server is authenticated. */
186 printf ("Server authenticated.\n");
187 }
188
189 /* We are now authenticated. */
190 printf ("User authenticated.\n");
191
192 return ap;
193 }
194
195 int
196 main (int argc, char *argv[])
197 {
198 Shishi *h;
199 Shishi_ap *ap;
200 char *sname;
201 int rc;
202
203 printf ("sample-client (shishi " SHISHI_VERSION ")\n");
204
205 if (!shishi_check_version (SHISHI_VERSION))
206 {
207 printf ("shishi_check_version() failed:\n"
208 "Header file incompatible with shared library.\n");
209 return 1;
210 }
211
212 rc = shishi_init (&h);
213 if (rc != SHISHI_OK)
214 {
215 printf ("error initializing shishi: %s\n", shishi_strerror (rc));
216 return 1;
217 }
218
219 if (argc > 1)
220 sname = argv[1];
221 else
222 sname = shishi_server_for_local_service (h, SERVICE);
223
224 ap = auth (h, 1, shishi_principal_default (h), sname);
225
226 if (ap)
227 rc = doit (h, ap, 1);
228 else
229 rc = 1;
230
231 shishi_done (h);
232
233 return rc;
234 }
Free Kerberos V5 implementation