search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Now a separate program.
[shishi.git] / src / client.c
blob96fda7d4a49f210a333938c9a61924385b63c400
1 /* client.c sample kerberos authenticated client
2 * Copyright (C) 2003 Simon Josefsson
3 *
4 * This file is part of Shishi.
5 *
6 * Shishi is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * Shishi is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with Shishi; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 *
20 */
21
22 #include <stdio.h>
23 #include <stdlib.h>
24
25 #include <shishi.h>
26
27 #define SERVICE "sample"
28
29 int
30 doit (Shishi * h, int verbose)
31 {
32 char line[BUFSIZ];
33
34 #if 0
35 /* XXX Unfinished application-level security */
36 res = shishi_safe (handle, &safe);
37 if (res != SHISHI_OK)
38 {
39 printf ("Could not build SAFE: %s\n", shishi_strerror (res));
40 return res;
41 }
42
43 res = shishi_safe_set_user_data (handle, shishi_safe_safe (safe),
44 "foo", 0);
45 if (res != SHISHI_OK)
46 {
47 printf ("Could not set application data in SAFE: %s\n",
48 shishi_strerror (res));
49 return res;
50 }
51
52 res = shishi_safe_build (safe, key);
53 if (res != SHISHI_OK)
54 {
55 printf ("Could not build SAFE: %s\n", shishi_strerror (res));
56 return res;
57 }
58
59 res = shishi_safe_print (handle, stdout, shishi_safe_safe(safe));
60 if (res != SHISHI_OK)
61 {
62 printf ("Could not print SAFE: %s\n", shishi_strerror (res));
63 return res;
64 }
65 #endif
66
67 printf("Application exchange start. Press ^D to finish.\n");
68
69 while (fgets (line, sizeof(line), stdin))
70 {
71 printf("read: %s", line);
72 }
73
74 if (ferror (stdin))
75 {
76 printf ("error reading stdin\n");
77 return 1;
78 }
79
80 return 0;
81 }
82
83 int
84 auth (Shishi * h, int verbose, const char *cname, const char *sname)
85 {
86 Shishi_ap *ap;
87 Shishi_tkt *tkt;
88 Shishi_tkts_hint hint;
89 Shishi_key *key;
90 Shishi_safe *safe;
91 int rc;
92
93 printf ("Client: %s\n", cname);
94 printf ("Server: %s\n", sname);
95
96 /* Get a ticket for the server. */
97
98 memset (&hint, 0, sizeof(hint));
99 hint.client = (char*) cname;
100 hint.server = (char*) sname;
101 tkt = shishi_tkts_get (shishi_tkts_default (h), &hint);
102 if (!tkt)
103 {
104 printf ("cannot find ticket for \"%s\"\n", sname);
105 return 1;
106 }
107
108 if (verbose)
109 shishi_tkt_pretty_print (tkt, stderr);
110
111 /* Create Authentication context */
112
113 rc = shishi_ap_tktoptions (h, &ap, tkt, SHISHI_APOPTIONS_MUTUAL_REQUIRED);
114 if (rc != SHISHI_OK)
115 {
116 printf ("cannot create authentication context\n");
117 return 1;
118 }
119
120 /* Build Authentication request */
121
122 rc = shishi_ap_req_build (ap);
123 if (rc != SHISHI_OK)
124 {
125 printf ("cannot build authentication request: %s\n",
126 shishi_strerror (rc));
127 return 1;
128 }
129
130 if (verbose)
131 shishi_authenticator_print (h, stderr, shishi_ap_authenticator (ap));
132
133 /* Authentication ourself to server */
134
135 shishi_apreq_print (h, stdout, shishi_ap_req (ap));
136 /* Note: to get the binary blob to send, use:
137 *
138 * char *out; int outlen;
139 * ...
140 * rc = shishi_ap_req_der_new (ap, &out, &outlen);
141 * ...
142 * write(fd, out, outlen);
143 */
144
145 /* For mutual authentication, wait for server reply. */
146
147 if (shishi_apreq_mutual_required_p (h, shishi_ap_req (ap)))
148 {
149 Shishi_asn1 aprep;
150
151 printf ("Waiting for server to authenticate itself...\n");
152
153 rc = shishi_aprep_parse (h, stdin, &aprep);
154 if (rc != SHISHI_OK)
155 {
156 printf ("Cannot parse AP-REP from server: %s\n",
157 shishi_strerror (rc));
158 return 1;
159 }
160
161 rc = shishi_ap_rep_verify_asn1 (ap, aprep);
162 if (rc == SHISHI_OK)
163 printf ("AP-REP verification OK...\n");
164 else
165 {
166 if (rc == SHISHI_APREP_VERIFY_FAILED)
167 printf ("AP-REP verification failed...\n");
168 else
169 printf ("AP-REP verification error: %s\n", shishi_strerror (rc));
170 return 1;
171 }
172
173 /* The server is authenticated. */
174 printf ("Server authenticated.\n");
175 }
176
177 /* We are now authenticated. */
178 printf ("User authenticated.\n");
179
180 return doit (h, verbose);
181 }
182
183 int
184 main (int argc, char *argv[])
185 {
186 Shishi *h;
187 char *sname;
188 int rc;
189
190 printf ("sample-client (shishi " SHISHI_VERSION ")\n");
191
192 if (!shishi_check_version (SHISHI_VERSION))
193 {
194 printf ("shishi_check_version() failed:\n"
195 "Header file incompatible with shared library.\n");
196 return 1;
197 }
198
199 rc = shishi_init (&h);
200 if (rc != SHISHI_OK)
201 {
202 printf ("error initializing shishi: %s\n", shishi_strerror (rc));
203 return 1;
204 }
205
206 if (argc > 1)
207 sname = argv[1];
208 else
209 sname = shishi_server_for_local_service (h, SERVICE);
210
211 auth (h, 1, shishi_principal_default (h), sname);
212
213 shishi_done (h);
214
215 return 0;
216 }
Free Kerberos V5 implementation