examples/client.c

   1 /* client.c --- Sample client with authentication using Shishi.
   2  * Copyright (C) 2003, 2004  Simon Josefsson
   3  *
   4  * This file is part of Shishi.
   5  *
   6  * Shishi is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License as published by
   8  * the Free Software Foundation; either version 2 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * Shishi is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with Shishi; if not, write to the Free Software
  18  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  19  *
  20  */
  21
  22 #include <stdio.h>
  23 #include <stdlib.h>
  24 #include <string.h>
  25
  26 #include <shishi.h>
  27
  28 #define SERVICE "sample"
  29
  30 /* XXX remove this */
  31 const char *program_name = "client";
  32
  33 static Shishi_ap *
  34 auth (Shishi * h, int verbose, const char *cname, const char *sname)
  35 {
  36   Shishi_ap *ap;
  37   Shishi_tkt *tkt;
  38   Shishi_tkts_hint hint;
  39   int rc;
  40
  41   printf ("Client: %s\n", cname);
  42   printf ("Server: %s\n", sname);
  43
  44   /* Get a ticket for the server. */
  45
  46   memset (&hint, 0, sizeof (hint));
  47   hint.client = (char *) cname;
  48   hint.server = (char *) sname;
  49   tkt = shishi_tkts_get (shishi_tkts_default (h), &hint);
  50   if (!tkt)
  51     {
  52       printf ("cannot find ticket for \"%s\"\n", sname);
  53       return NULL;
  54     }
  55
  56   if (verbose)
  57     shishi_tkt_pretty_print (tkt, stderr);
  58
  59   /* Create Authentication context */
  60
  61   rc = shishi_ap_tktoptions (h, &ap, tkt, SHISHI_APOPTIONS_MUTUAL_REQUIRED);
  62   if (rc != SHISHI_OK)
  63     {
  64       printf ("cannot create authentication context\n");
  65       return NULL;
  66     }
  67
  68   /* Build Authentication request */
  69
  70   rc = shishi_ap_req_build (ap);
  71   if (rc != SHISHI_OK)
  72     {
  73       printf ("cannot build authentication request: %s\n",
  74               shishi_strerror (rc));
  75       return NULL;
  76     }
  77
  78   if (verbose)
  79     shishi_authenticator_print (h, stderr, shishi_ap_authenticator (ap));
  80
  81   /* Authentication ourself to server */
  82
  83   shishi_apreq_print (h, stdout, shishi_ap_req (ap));
  84   /* Note: to get the binary blob to send, use:
  85    *
  86    * char *out; int outlen;
  87    * ...
  88    * rc = shishi_ap_req_der (ap, &out, &outlen);
  89    * ...
  90    * write(fd, out, outlen);
  91    */
  92
  93   /* For mutual authentication, wait for server reply. */
  94
  95   if (shishi_apreq_mutual_required_p (h, shishi_ap_req (ap)))
  96     {
  97       Shishi_asn1 aprep;
  98
  99       printf ("Cut'n'paste AP-REP from server...\n");
 100
 101       rc = shishi_aprep_parse (h, stdin, &aprep);
 102       if (rc != SHISHI_OK)
 103         {
 104           printf ("Cannot parse AP-REP from server: %s\n",
 105                   shishi_strerror (rc));
 106           return NULL;
 107         }
 108
 109       rc = shishi_ap_rep_verify_asn1 (ap, aprep);
 110       if (rc == SHISHI_OK)
 111         printf ("AP-REP verification OK...\n");
 112       else
 113         {
 114           if (rc == SHISHI_APREP_VERIFY_FAILED)
 115             printf ("AP-REP verification failed...\n");
 116           else
 117             printf ("AP-REP verification error: %s\n", shishi_strerror (rc));
 118           return NULL;
 119         }
 120
 121       /* The server is authenticated. */
 122       printf ("Server authenticated.\n");
 123     }
 124
 125   /* We are now authenticated. */
 126   printf ("User authenticated.\n");
 127
 128   return ap;
 129 }
 130
 131 int
 132 main (int argc, char *argv[])
 133 {
 134   Shishi *h;
 135   Shishi_ap *ap;
 136   char *sname;
 137   int rc;
 138
 139   printf ("sample-client (shishi " SHISHI_VERSION ")\n");
 140
 141   if (!shishi_check_version (SHISHI_VERSION))
 142     {
 143       printf ("shishi_check_version() failed:\n"
 144               "Header file incompatible with shared library.\n");
 145       return 1;
 146     }
 147
 148   rc = shishi_init (&h);
 149   if (rc != SHISHI_OK)
 150     {
 151       printf ("error initializing shishi: %s\n", shishi_strerror (rc));
 152       return 1;
 153     }
 154
 155   if (argc > 1)
 156     sname = argv[1];
 157   else
 158     sname = shishi_server_for_local_service (h, SERVICE);
 159
 160   ap = auth (h, 1, shishi_principal_default (h), sname);
 161
 162   if (ap)
 163     {
 164       printf ("Authentication done...\n");
 165       rc = 0;
 166     }
 167   else
 168     rc = 1;
 169
 170   shishi_done (h);
 171
 172   return rc;
 173 }