more clean-up
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6492 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
214
appl/kf/kf.c
214
appl/kf/kf.c
@@ -43,10 +43,10 @@ krb5_context context;
|
|||||||
static int help_flag;
|
static int help_flag;
|
||||||
static int version_flag;
|
static int version_flag;
|
||||||
static char *port_str;
|
static char *port_str;
|
||||||
char *service = SERVICE;
|
char *service = SERVICE;
|
||||||
char *remote_name=NULL;
|
char *remote_name = NULL;
|
||||||
int forwardable=0;
|
int forwardable = 0;
|
||||||
char *tk_file=NULL;
|
char *tk_file = NULL;
|
||||||
|
|
||||||
static struct getargs args[] = {
|
static struct getargs args[] = {
|
||||||
{ "port", 'p', arg_string, &port_str, "port to connect to", "port" },
|
{ "port", 'p', arg_string, &port_str, "port to connect to", "port" },
|
||||||
@@ -82,7 +82,7 @@ client_setup(krb5_context *context, int *argc, char **argv)
|
|||||||
exit(0);
|
exit(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(port_str){
|
if(port_str) {
|
||||||
struct servent *s = roken_getservbyname(port_str, "tcp");
|
struct servent *s = roken_getservbyname(port_str, "tcp");
|
||||||
if(s)
|
if(s)
|
||||||
port = s->s_port;
|
port = s->s_port;
|
||||||
@@ -101,11 +101,16 @@ client_setup(krb5_context *context, int *argc, char **argv)
|
|||||||
|
|
||||||
if(*argc - optind < 1)
|
if(*argc - optind < 1)
|
||||||
usage(1, args, num_args);
|
usage(1, args, num_args);
|
||||||
*argc=optind;
|
*argc = optind;
|
||||||
|
|
||||||
return port;
|
return port;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* forward creds to `hostname'/`service' over `sock'
|
||||||
|
* return 0 iff OK
|
||||||
|
*/
|
||||||
|
|
||||||
static int
|
static int
|
||||||
proto (int sock, const char *hostname, const char *service)
|
proto (int sock, const char *hostname, const char *service)
|
||||||
{
|
{
|
||||||
@@ -125,41 +130,34 @@ proto (int sock, const char *hostname, const char *service)
|
|||||||
krb5_creds creds;
|
krb5_creds creds;
|
||||||
krb5_kdc_flags flags;
|
krb5_kdc_flags flags;
|
||||||
krb5_principal principal;
|
krb5_principal principal;
|
||||||
struct passwd *pwd;
|
|
||||||
char ret_string[10];
|
char ret_string[10];
|
||||||
char buf[1000];
|
char buf[1000];
|
||||||
|
|
||||||
addrlen = sizeof(local);
|
addrlen = sizeof(local);
|
||||||
if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
|
if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
|
||||||
|| addrlen != sizeof(local))
|
|| addrlen != sizeof(local)) {
|
||||||
{warn ("getsockname(%s)", hostname);
|
warn ("getsockname(%s)", hostname);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
addrlen = sizeof(remote);
|
addrlen = sizeof(remote);
|
||||||
if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
|
if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
|
||||||
|| addrlen != sizeof(remote))
|
|| addrlen != sizeof(remote)) {
|
||||||
{warn ("getpeername(%s)", hostname);
|
warn ("getpeername(%s)", hostname);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = krb5_init_context(&context);
|
|
||||||
if (status)
|
|
||||||
errx (1, "krb5_init_context: %s",
|
|
||||||
krb5_get_err_text(context, status));
|
|
||||||
|
|
||||||
status = krb5_auth_con_init (context, &auth_context);
|
status = krb5_auth_con_init (context, &auth_context);
|
||||||
if (status)
|
if (status) {
|
||||||
{warn ("krb5_auth_con_init: %s",
|
krb5_warn (context, status, "krb5_auth_con_init");
|
||||||
krb5_get_err_text(context, status));
|
return 1;
|
||||||
return 1;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
local_addr.addr_type = AF_INET;
|
local_addr.addr_type = AF_INET;
|
||||||
local_addr.address.length = sizeof(local.sin_addr);
|
local_addr.address.length = sizeof(local.sin_addr);
|
||||||
local_addr.address.data = &local.sin_addr;
|
local_addr.address.data = &local.sin_addr;
|
||||||
|
|
||||||
remote_addr.addr_type = AF_INET;
|
remote_addr.addr_type = AF_INET;
|
||||||
remote_addr.address.length = sizeof(remote.sin_addr);
|
remote_addr.address.length = sizeof(remote.sin_addr);
|
||||||
remote_addr.address.data = &remote.sin_addr;
|
remote_addr.address.data = &remote.sin_addr;
|
||||||
|
|
||||||
@@ -167,10 +165,9 @@ proto (int sock, const char *hostname, const char *service)
|
|||||||
auth_context,
|
auth_context,
|
||||||
&local_addr,
|
&local_addr,
|
||||||
&remote_addr);
|
&remote_addr);
|
||||||
if (status)
|
if (status) {
|
||||||
{warn ("krb5_auth_con_setaddr: %s",
|
krb5_warn (context, status, "krb5_auth_con_setaddr");
|
||||||
krb5_get_err_text(context, status));
|
return 1;
|
||||||
return 1;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
status = krb5_sname_to_principal (context,
|
status = krb5_sname_to_principal (context,
|
||||||
@@ -178,11 +175,10 @@ proto (int sock, const char *hostname, const char *service)
|
|||||||
service,
|
service,
|
||||||
KRB5_NT_SRV_HST,
|
KRB5_NT_SRV_HST,
|
||||||
&server);
|
&server);
|
||||||
if (status)
|
if (status) {
|
||||||
{warn ("krb5_sname_to_principal: %s",
|
krb5_warn (context, status, "krb5_sname_to_principal");
|
||||||
krb5_get_err_text(context, status));
|
return 1;
|
||||||
return 1;
|
}
|
||||||
}
|
|
||||||
|
|
||||||
status = krb5_sendauth (context,
|
status = krb5_sendauth (context,
|
||||||
&auth_context,
|
&auth_context,
|
||||||
@@ -197,65 +193,64 @@ proto (int sock, const char *hostname, const char *service)
|
|||||||
NULL,
|
NULL,
|
||||||
NULL,
|
NULL,
|
||||||
NULL);
|
NULL);
|
||||||
if (status)
|
if (status) {
|
||||||
{warn("krb5_sendauth: %s",
|
krb5_warn(context, status, "krb5_sendauth");
|
||||||
krb5_get_err_text(context, status));
|
return 1;
|
||||||
return 1;
|
}
|
||||||
}
|
|
||||||
|
|
||||||
if (remote_name == NULL)
|
if (remote_name == NULL) {
|
||||||
{
|
remote_name = get_default_username ();
|
||||||
pwd = getpwuid (getuid());
|
if (remote_name == NULL)
|
||||||
if (pwd == NULL)
|
errx (1, "who are you?");
|
||||||
errx (1, "who are you?");
|
}
|
||||||
remote_name=pwd->pw_name;
|
|
||||||
}
|
|
||||||
|
|
||||||
krb5_data_zero(&data_send);
|
krb5_data_zero(&data_send);
|
||||||
data_send.data=remote_name;
|
data_send.data = remote_name;
|
||||||
data_send.length=strlen(remote_name) + 1;
|
data_send.length = strlen(remote_name) + 1;
|
||||||
status=krb5_write_message(context,&sock,&data_send);
|
status = krb5_write_message(context, &sock, &data_send);
|
||||||
if (status)
|
if (status) {
|
||||||
{err(1,"krb5_write_message");
|
krb5_warnx (context, status, "krb5_write_message");
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (tk_file) snprintf (buf, sizeof(buf), "%s", tk_file);
|
if (tk_file)
|
||||||
else snprintf (buf, sizeof(buf), "");
|
snprintf (buf, sizeof(buf), "%s", tk_file);
|
||||||
data_send.data=buf;
|
else
|
||||||
data_send.length=strlen(buf)+1;
|
snprintf (buf, sizeof(buf), "");
|
||||||
status=krb5_write_message(context,&sock,&data_send);
|
data_send.data = buf;
|
||||||
if (status)
|
data_send.length = strlen(buf)+1;
|
||||||
{err(1,"krb5_write_message");
|
status = krb5_write_message(context, &sock, &data_send);
|
||||||
|
if (status) {
|
||||||
|
krb5_warnx (context, status, "krb5_write_message");
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
memset (&creds, 0, sizeof(creds));
|
memset (&creds, 0, sizeof(creds));
|
||||||
|
|
||||||
status = krb5_cc_default (context, &ccache);
|
status = krb5_cc_default (context, &ccache);
|
||||||
if (status) {
|
if (status) {
|
||||||
warn ("could not forward creds: krb5_cc_default: %s",
|
krb5_warn (context, status, "krb5_cc_default");
|
||||||
krb5_get_err_text (context, status));
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = krb5_cc_get_principal (context, ccache, &principal);
|
status = krb5_cc_get_principal (context, ccache, &principal);
|
||||||
if (status) {
|
if (status) {
|
||||||
warn ("could not forward creds: krb5_cc_get_principal: %s",
|
krb5_warn (context, status, "krb5_cc_get_principal");
|
||||||
krb5_get_err_text (context, status));
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
creds.client = principal;
|
creds.client = principal;
|
||||||
|
|
||||||
status = krb5_build_principal (context,
|
status = krb5_build_principal (context,
|
||||||
&creds.server,
|
&creds.server,
|
||||||
strlen(principal->realm),
|
strlen(principal->realm),
|
||||||
principal->realm,
|
principal->realm,
|
||||||
"krbtgt",
|
KRB5_TGS_NAME,
|
||||||
principal->realm,
|
principal->realm,
|
||||||
NULL);
|
NULL);
|
||||||
|
|
||||||
if (status) {
|
if (status) {
|
||||||
warn ("could not forward creds: krb5_build_principal: %s",
|
krb5_warn (context, status, "krb5_build_principal");
|
||||||
krb5_get_err_text (context, status));
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -266,15 +261,14 @@ proto (int sock, const char *hostname, const char *service)
|
|||||||
flags.b.forwardable = forwardable;
|
flags.b.forwardable = forwardable;
|
||||||
|
|
||||||
status = krb5_get_forwarded_creds (context,
|
status = krb5_get_forwarded_creds (context,
|
||||||
auth_context,
|
auth_context,
|
||||||
ccache,
|
ccache,
|
||||||
flags.i,
|
flags.i,
|
||||||
hostname,
|
hostname,
|
||||||
&creds,
|
&creds,
|
||||||
&data);
|
&data);
|
||||||
if (status) {
|
if (status) {
|
||||||
warn ("could not forward creds: krb5_get_forwarded_creds: %s",
|
krb5_warn (context, status, "krb5_get_forwarded_creds");
|
||||||
krb5_get_err_text (context, status));
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -283,28 +277,39 @@ proto (int sock, const char *hostname, const char *service)
|
|||||||
&data,
|
&data,
|
||||||
&packet,
|
&packet,
|
||||||
NULL);
|
NULL);
|
||||||
if (status)
|
if (status) {
|
||||||
{warn ("krb5_mk_priv: %s",
|
krb5_warn (context, status, "krb5_mk_priv");
|
||||||
krb5_get_err_text(context, status));
|
return 1;
|
||||||
return 1;}
|
}
|
||||||
|
|
||||||
len = packet.length;
|
len = packet.length;
|
||||||
net_len = htonl(len);
|
net_len = htonl(len);
|
||||||
|
|
||||||
if (krb5_net_write (context, &sock, &net_len, 4) != 4)
|
if (krb5_net_write (context, &sock, &net_len, 4) != 4) {
|
||||||
{warn("krb5_net_write");
|
krb5_warn (context, status, "krb5_net_write");
|
||||||
return 1;}
|
return 1;
|
||||||
if (krb5_net_write (context, &sock, packet.data, len) != len)
|
}
|
||||||
{warn ("krb5_net_write");
|
if (krb5_net_write (context, &sock, packet.data, len) != len) {
|
||||||
return 1;}
|
krb5_warn (context, status, "krb5_net_write");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
krb5_data_free (&data);
|
krb5_data_free (&data);
|
||||||
|
|
||||||
if (krb5_net_read (context, &sock, &net_len, 4) != 4)
|
if (krb5_net_read (context, &sock, &net_len, 4) != 4) {
|
||||||
err (1, "krb5_net_read");
|
krb5_warn (context, status, "krb5_net_read");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
len = ntohl(net_len);
|
len = ntohl(net_len);
|
||||||
if (krb5_net_read (context, &sock, ret_string, len) != len)
|
if (len >= sizeof(ret_string)) {
|
||||||
err (1, "krb5_net_read");
|
krb5_warnx (context, "too long string back from %s", hostname);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
if (krb5_net_read (context, &sock, ret_string, len) != len) {
|
||||||
|
krb5_warnx (context, "read too short from %s", hostname);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
ret_string[sizeof(ret_string) - 1] = '\0';
|
||||||
|
|
||||||
return(strcmp(ret_string,"ok"));
|
return(strcmp(ret_string,"ok"));
|
||||||
}
|
}
|
||||||
@@ -316,11 +321,11 @@ doit (const char *hostname, int port, const char *service)
|
|||||||
struct hostent *hostent;
|
struct hostent *hostent;
|
||||||
|
|
||||||
hostent = roken_gethostbyname (hostname);
|
hostent = roken_gethostbyname (hostname);
|
||||||
if (hostent == NULL)
|
if (hostent == NULL) {
|
||||||
{warn ("gethostbyname '%s' failed: %s",
|
warn ("gethostbyname '%s' failed: %s",
|
||||||
hostname,
|
hostname,
|
||||||
hstrerror(h_errno));
|
hstrerror(h_errno));
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
for (h = (struct in_addr **)hostent->h_addr_list;
|
for (h = (struct in_addr **)hostent->h_addr_list;
|
||||||
@@ -349,15 +354,18 @@ doit (const char *hostname, int port, const char *service)
|
|||||||
|
|
||||||
int
|
int
|
||||||
main(int argc, char **argv)
|
main(int argc, char **argv)
|
||||||
{ int argcc,port,i;
|
{
|
||||||
int ret=0;
|
int argcc,port,i;
|
||||||
|
int ret=0;
|
||||||
|
|
||||||
argcc=argc;
|
argcc = argc;
|
||||||
port=client_setup(&context, &argcc, argv);
|
port = client_setup(&context, &argcc, argv);
|
||||||
|
|
||||||
for (i=argcc;i<argc;i++)
|
for (i = argcc;i < argc; i++) {
|
||||||
{ret=doit (argv[i], port, service);
|
ret = doit (argv[i], port, service);
|
||||||
printf("%s:%s\n",argv[i],ret ? "failed" : "ok");
|
warn (")
|
||||||
}
|
|
||||||
return(ret);
|
printf("%s:%s\n",argv[i],ret ? "failed" : "ok");
|
||||||
|
}
|
||||||
|
return(ret);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user