Use the krb5_digest api. Return useful errorstring on no-existant command.
Add client request command. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17902 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
160
kuser/kdigest.c
160
kuser/kdigest.c
@@ -39,8 +39,11 @@ RCSID("$Id$");
|
||||
|
||||
static int version_flag = 0;
|
||||
static int help_flag = 0;
|
||||
static char *ccache_string;
|
||||
static krb5_ccache id;
|
||||
|
||||
static struct getargs args[] = {
|
||||
{"ccache", 0, arg_string, &ccache_string, "credential cache", NULL },
|
||||
{"version", 0, arg_flag, &version_flag, "print version", NULL },
|
||||
{"help", 0, arg_flag, &help_flag, NULL, NULL }
|
||||
};
|
||||
@@ -53,27 +56,52 @@ usage (int ret)
|
||||
exit (ret);
|
||||
}
|
||||
|
||||
const static char *secret = "secret";
|
||||
static char server_nonce[16];
|
||||
static char server_identifier;
|
||||
static krb5_context context;
|
||||
|
||||
int
|
||||
server_init(struct server_init_options *opt, int argc, char ** argv)
|
||||
{
|
||||
char *s;
|
||||
krb5_error_code ret;
|
||||
krb5_digest digest;
|
||||
|
||||
if (opt->kerberos_realm_string == NULL)
|
||||
errx(1, "realm argument missing");
|
||||
|
||||
if (strcasecmp(opt->type_string, "CHAP") != 0)
|
||||
errx(1, "type not CHAP");
|
||||
|
||||
RAND_pseudo_bytes(&server_identifier, sizeof(server_identifier));
|
||||
RAND_pseudo_bytes(&server_nonce, sizeof(server_nonce));
|
||||
|
||||
ret = krb5_digest_alloc(context, &digest);
|
||||
if (ret)
|
||||
krb5_err(context, 1, ret, "digest_alloc");
|
||||
|
||||
ret = krb5_digest_set_type(context, digest, opt->type_string);
|
||||
if (ret)
|
||||
krb5_err(context, 1, ret, "krb5_digest_set_type");
|
||||
|
||||
if (opt->cb_type_string && opt->cb_value_string) {
|
||||
ret = krb5_digest_set_server_cb(context, digest,
|
||||
opt->cb_type_string,
|
||||
opt->cb_value_string);
|
||||
if (ret)
|
||||
krb5_err(context, 1, ret, "krb5_digest_set_server_cb");
|
||||
}
|
||||
ret = krb5_digest_init_request(context,
|
||||
digest,
|
||||
opt->kerberos_realm_string,
|
||||
id);
|
||||
if (ret)
|
||||
krb5_err(context, 1, ret, "krb5_digest_init_request");
|
||||
|
||||
printf("type=%s\n", opt->type_string);
|
||||
hex_encode(server_nonce, sizeof(server_nonce), &s);
|
||||
printf("server-nonce=%s\n", s);
|
||||
free(s);
|
||||
printf("identifier=%02X\n", (server_identifier & 0xff));
|
||||
printf("opaque=bar\n");
|
||||
printf("server-nonce=%s\n",
|
||||
krb5_digest_get_server_nonce(context, digest));
|
||||
{
|
||||
const char *s = krb5_digest_get_identifier(context, digest);
|
||||
if (s)
|
||||
printf("identifier=%s\n", s);
|
||||
}
|
||||
printf("opaque=%s\n", krb5_digest_get_opaque(context, digest));
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -81,6 +109,68 @@ server_init(struct server_init_options *opt, int argc, char ** argv)
|
||||
int
|
||||
server_request(struct server_request_options *opt, int argc, char **argv)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
krb5_digest digest;
|
||||
const char *h;
|
||||
|
||||
if (opt->kerberos_realm_string == NULL)
|
||||
errx(1, "realm argument missing");
|
||||
if (opt->server_nonce_string == NULL)
|
||||
errx(1, "server nonce missing");
|
||||
if (opt->type_string == NULL)
|
||||
errx(1, "type missing");
|
||||
if (opt->opaque_string == NULL)
|
||||
errx(1, "opaque missing");
|
||||
|
||||
ret = krb5_digest_alloc(context, &digest);
|
||||
if (ret)
|
||||
krb5_err(context, 1, ret, "digest_alloc");
|
||||
|
||||
if (strcasecmp(opt->type_string, "CHAP") == 0) {
|
||||
if (opt->server_identifier_string == NULL)
|
||||
errx(1, "server identifier missing");
|
||||
|
||||
ret = krb5_digest_set_identifier(context, digest,
|
||||
opt->server_identifier_string);
|
||||
if (ret)
|
||||
krb5_err(context, 1, ret, "krb5_digest_set_type");
|
||||
}
|
||||
|
||||
ret = krb5_digest_set_type(context, digest, opt->type_string);
|
||||
if (ret)
|
||||
krb5_err(context, 1, ret, "krb5_digest_set_type");
|
||||
|
||||
ret = krb5_digest_set_username(context, digest, opt->username_string);
|
||||
if (ret)
|
||||
krb5_err(context, 1, ret, "krb5_digest_set_username");
|
||||
|
||||
ret = krb5_digest_set_server_nonce(context, digest,
|
||||
opt->server_nonce_string);
|
||||
if (ret)
|
||||
krb5_err(context, 1, ret, "krb5_digest_set_server_nonce");
|
||||
|
||||
ret = krb5_digest_set_opaque(context, digest, opt->opaque_string);
|
||||
if (ret)
|
||||
krb5_err(context, 1, ret, "krb5_digest_set_opaque");
|
||||
|
||||
ret = krb5_digest_request(context, digest,
|
||||
opt->kerberos_realm_string, id);
|
||||
if (ret)
|
||||
krb5_err(context, 1, ret, "krb5_digest_request");
|
||||
|
||||
h = krb5_digest_get_responseData(context, digest);
|
||||
|
||||
printf("responseData=%s\n", h);
|
||||
printf("tickets=no\n");
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
client_request(struct client_request_options *opt, int argc, char **argv)
|
||||
{
|
||||
char *server_nonce, server_identifier;
|
||||
ssize_t size;
|
||||
MD5_CTX ctx;
|
||||
char md[16], *h;
|
||||
|
||||
@@ -88,35 +178,34 @@ server_request(struct server_request_options *opt, int argc, char **argv)
|
||||
errx(1, "server nonce missing");
|
||||
if (opt->server_identifier_string == NULL)
|
||||
errx(1, "server identifier missing");
|
||||
if (opt->password_string == NULL)
|
||||
errx(1, "password missing");
|
||||
|
||||
if (opt->opaque_string == NULL)
|
||||
errx(1, "opaque missing");
|
||||
if (strcmp(opt->opaque_string, "bar") != 0)
|
||||
errx(1, "opaque wrong string");
|
||||
|
||||
if (hex_decode(opt->server_nonce_string, server_nonce, 16) != 16)
|
||||
errx(1, "server nonce wrong length");
|
||||
size = strlen(opt->server_nonce_string);
|
||||
server_nonce = malloc(size);
|
||||
if (server_nonce == NULL)
|
||||
errx(1, "server_nonce");
|
||||
|
||||
size = hex_decode(opt->server_nonce_string, server_nonce, size);
|
||||
if (size <= 0)
|
||||
errx(1, "server nonce wrong");
|
||||
|
||||
if (hex_decode(opt->server_identifier_string, &server_identifier, 1) != 1)
|
||||
errx(1, "server identifier wrong length");
|
||||
|
||||
MD5_Init(&ctx);
|
||||
MD5_Update(&ctx, &server_identifier, 1);
|
||||
MD5_Update(&ctx, secret, strlen(secret));
|
||||
MD5_Update(&ctx, server_nonce, 16);
|
||||
MD5_Update(&ctx, opt->password_string, strlen(opt->password_string));
|
||||
MD5_Update(&ctx, server_nonce, size);
|
||||
MD5_Final(md, &ctx);
|
||||
|
||||
hex_encode(md, 16, &h);
|
||||
|
||||
printf("responseData=%s\n", h);
|
||||
printf("tickets=no\n");
|
||||
|
||||
/*
|
||||
printf("rsp=bar\n");
|
||||
printf("cb-type=type\n");
|
||||
printf("cb-binding=binding\n");
|
||||
printf("hash-a1=bar\n");
|
||||
printf("message=message here\n");
|
||||
*/
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -161,9 +250,17 @@ help(void *opt, int argc, char **argv)
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
int optidx = 0;
|
||||
|
||||
setprogname(argv[0]);
|
||||
|
||||
ret = krb5_init_context (&context);
|
||||
if (ret == KRB5_CONFIG_BADFORMAT)
|
||||
errx (1, "krb5_init_context failed to parse configuration file");
|
||||
else if (ret)
|
||||
errx(1, "krb5_init_context failed: %d", ret);
|
||||
|
||||
if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
|
||||
usage(1);
|
||||
|
||||
@@ -183,5 +280,16 @@ main(int argc, char **argv)
|
||||
return 1;
|
||||
}
|
||||
|
||||
return sl_command (commands, argc, argv);
|
||||
if (ccache_string) {
|
||||
ret = krb5_cc_resolve(context, ccache_string, &id);
|
||||
if (ret)
|
||||
krb5_err(context, 1, ret, "krb5_cc_resolve");
|
||||
}
|
||||
|
||||
ret = sl_command (commands, argc, argv);
|
||||
if (ret == -1) {
|
||||
help(NULL, argc, argv);
|
||||
return 1;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user