KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_read_safe_message(krb5_context context,
krb5_auth_context ac,
krb5_pointer p_fd,
krb5_data *data)
{
krb5_error_code ret;
krb5_data packet;
ret = krb5_read_message(context, p_fd, &packet);
if(ret)
return ret;
ret = krb5_rd_safe (context, ac, &packet, data, NULL);
krb5_data_free(&packet);
return ret;
}
/*
* Now we send over the database. We use the following protocol:
* Send over a KRB_SAFE message with the size. Then we send over the
* database in blocks of KPROP_BLKSIZE, encrypted using KRB_PRIV.
* Then we expect to see a KRB_SAFE message with the size sent back.
*
* At any point in the protocol, we may send a KRB_ERROR message; this
* will abort the entire operation.
*/
static void
xmit_database(krb5_context context, krb5_auth_context auth_context,
krb5_creds *my_creds, int fd, int database_fd,
int in_database_size)
{
krb5_int32 n;
krb5_data inbuf, outbuf;
char buf[KPROP_BUFSIZ];
krb5_error_code retval;
krb5_error *error;
krb5_ui_4 database_size = in_database_size, send_size, sent_size;
/* Send over the size. */
send_size = htonl(database_size);
inbuf.data = (char *)&send_size;
inbuf.length = sizeof(send_size); /* must be 4, really */
/* KPROP_CKSUMTYPE */
retval = krb5_mk_safe(context, auth_context, &inbuf, &outbuf, NULL);
if (retval) {
com_err(progname, retval, _("while encoding database size"));
send_error(context, my_creds, fd, _("while encoding database size"),
retval);
exit(1);
}
retval = krb5_write_message(context, &fd, &outbuf);
if (retval) {
krb5_free_data_contents(context, &outbuf);
com_err(progname, retval, _("while sending database size"));
exit(1);
}
krb5_free_data_contents(context, &outbuf);
/* Initialize the initial vector. */
retval = krb5_auth_con_initivector(context, auth_context);
if (retval) {
send_error(context, my_creds, fd,
"failed while initializing i_vector", retval);
com_err(progname, retval, _("while allocating i_vector"));
exit(1);
}
/* Send over the file, block by block. */
inbuf.data = buf;
sent_size = 0;
while ((n = read(database_fd, buf, sizeof(buf)))) {
inbuf.length = n;
retval = krb5_mk_priv(context, auth_context, &inbuf, &outbuf, NULL);
if (retval) {
snprintf(buf, sizeof(buf),
"while encoding database block starting at %d",
sent_size);
com_err(progname, retval, "%s", buf);
send_error(context, my_creds, fd, buf, retval);
exit(1);
}
retval = krb5_write_message(context, &fd, &outbuf);
if (retval) {
krb5_free_data_contents(context, &outbuf);
com_err(progname, retval,
_("while sending database block starting at %d"),
sent_size);
exit(1);
}
krb5_free_data_contents(context, &outbuf);
sent_size += n;
if (debug)
printf("%d bytes sent.\n", sent_size);
}
if (sent_size != database_size) {
com_err(progname, 0, _("Premature EOF found for database file!"));
send_error(context, my_creds, fd,
"Premature EOF found for database file!",
KRB5KRB_ERR_GENERIC);
exit(1);
}
/*
* OK, we've sent the database; now let's wait for a success
* indication from the remote end.
*/
retval = krb5_read_message(context, &fd, &inbuf);
if (retval) {
com_err(progname, retval, _("while reading response from server"));
exit(1);
}
/*
* If we got an error response back from the server, display
* the error message
*/
if (krb5_is_krb_error(&inbuf)) {
retval = krb5_rd_error(context, &inbuf, &error);
if (retval) {
com_err(progname, retval,
_("while decoding error response from server"));
exit(1);
}
if (error->error == KRB_ERR_GENERIC) {
if (error->text.data) {
fprintf(stderr, _("Generic remote error: %s\n"),
error->text.data);
}
} else if (error->error) {
com_err(progname,
(krb5_error_code)error->error + ERROR_TABLE_BASE_krb5,
_("signalled from server"));
if (error->text.data) {
fprintf(stderr, _("Error text from server: %s\n"),
error->text.data);
}
}
krb5_free_error(context, error);
exit(1);
}
retval = krb5_rd_safe(context,auth_context,&inbuf,&outbuf,NULL);
if (retval) {
com_err(progname, retval,
"while decoding final size packet from server");
exit(1);
}
memcpy(&send_size, outbuf.data, sizeof(send_size));
send_size = ntohl(send_size);
if (send_size != database_size) {
com_err(progname, 0, _("Kpropd sent database size %d, expecting %d"),
send_size, database_size);
exit(1);
}
free(outbuf.data);
}
static int
proto (int sock, const char *service)
{
krb5_auth_context auth_context;
krb5_error_code status;
krb5_principal server;
krb5_ticket *ticket;
char *name;
char hostname[MAXHOSTNAMELEN];
krb5_data packet;
krb5_data data;
u_int32_t len, net_len;
ssize_t n;
status = krb5_auth_con_init (context, &auth_context);
if (status)
krb5_err (context, 1, status, "krb5_auth_con_init");
status = krb5_auth_con_setaddrs_from_fd (context,
auth_context,
&sock);
if (status)
krb5_err (context, 1, status, "krb5_auth_con_setaddrs_from_fd");
if(gethostname (hostname, sizeof(hostname)) < 0)
krb5_err (context, 1, errno, "gethostname");
status = krb5_sname_to_principal (context,
hostname,
service,
KRB5_NT_SRV_HST,
&server);
if (status)
krb5_err (context, 1, status, "krb5_sname_to_principal");
status = krb5_recvauth (context,
&auth_context,
&sock,
VERSION,
server,
0,
NULL,
&ticket);
if (status)
krb5_err (context, 1, status, "krb5_recvauth");
status = krb5_unparse_name (context,
ticket->client,
&name);
if (status)
krb5_err (context, 1, status, "krb5_unparse_name");
fprintf (stderr, "User is `%s'\n", name);
free (name);
krb5_data_zero (&data);
krb5_data_zero (&packet);
n = krb5_net_read (context, &sock, &net_len, 4);
if (n == 0)
krb5_errx (context, 1, "EOF in krb5_net_read");
if (n < 0)
krb5_err (context, 1, errno, "krb5_net_read");
len = ntohl(net_len);
krb5_data_alloc (&packet, len);
n = krb5_net_read (context, &sock, packet.data, len);
if (n == 0)
krb5_errx (context, 1, "EOF in krb5_net_read");
if (n < 0)
krb5_err (context, 1, errno, "krb5_net_read");
status = krb5_rd_safe (context,
auth_context,
&packet,
&data,
NULL);
if (status)
krb5_err (context, 1, status, "krb5_rd_safe");
fprintf (stderr, "safe packet: %.*s\n", (int)data.length,
(char *)data.data);
n = krb5_net_read (context, &sock, &net_len, 4);
if (n == 0)
krb5_errx (context, 1, "EOF in krb5_net_read");
if (n < 0)
krb5_err (context, 1, errno, "krb5_net_read");
len = ntohl(net_len);
krb5_data_alloc (&packet, len);
n = krb5_net_read (context, &sock, packet.data, len);
if (n == 0)
krb5_errx (context, 1, "EOF in krb5_net_read");
if (n < 0)
krb5_err (context, 1, errno, "krb5_net_read");
status = krb5_rd_priv (context,
auth_context,
&packet,
&data,
NULL);
if (status)
krb5_err (context, 1, status, "krb5_rd_priv");
fprintf (stderr, "priv packet: %.*s\n", (int)data.length,
(char *)data.data);
return 0;
}
static int
proto (int sock, const char *service)
{
struct sockaddr_in remote, local;
socklen_t addrlen;
krb5_address remote_addr, local_addr;
krb5_ccache ccache;
krb5_auth_context auth_context;
krb5_error_code status;
krb5_data packet;
krb5_data data;
krb5_data client_name;
krb5_creds in_creds, *out_creds;
addrlen = sizeof(local);
if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
|| addrlen != sizeof(local))
err (1, "getsockname)");
addrlen = sizeof(remote);
if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
|| addrlen != sizeof(remote))
err (1, "getpeername");
status = krb5_auth_con_init (context, &auth_context);
if (status)
errx (1, "krb5_auth_con_init: %s",
krb5_get_err_text(context, status));
local_addr.addr_type = AF_INET;
local_addr.address.length = sizeof(local.sin_addr);
local_addr.address.data = &local.sin_addr;
remote_addr.addr_type = AF_INET;
remote_addr.address.length = sizeof(remote.sin_addr);
remote_addr.address.data = &remote.sin_addr;
status = krb5_auth_con_setaddrs (context,
auth_context,
&local_addr,
&remote_addr);
if (status)
errx (1, "krb5_auth_con_setaddr: %s",
krb5_get_err_text(context, status));
status = krb5_read_message(context, &sock, &client_name);
if(status)
krb5_err(context, 1, status, "krb5_read_message");
memset(&in_creds, 0, sizeof(in_creds));
status = krb5_cc_default(context, &ccache);
if(status)
krb5_err(context, 1, status, "krb5_cc_default");
status = krb5_cc_get_principal(context, ccache, &in_creds.client);
if(status)
krb5_err(context, 1, status, "krb5_cc_get_principal");
status = krb5_read_message(context, &sock, &in_creds.second_ticket);
if(status)
krb5_err(context, 1, status, "krb5_read_message");
status = krb5_parse_name(context, client_name.data, &in_creds.server);
if(status)
krb5_err(context, 1, status, "krb5_parse_name");
status = krb5_get_credentials(context, KRB5_GC_USER_USER, ccache,
&in_creds, &out_creds);
if(status)
krb5_err(context, 1, status, "krb5_get_credentials");
status = krb5_cc_default(context, &ccache);
if(status)
krb5_err(context, 1, status, "krb5_cc_default");
status = krb5_sendauth(context,
&auth_context,
&sock,
VERSION,
in_creds.client,
in_creds.server,
AP_OPTS_USE_SESSION_KEY,
NULL,
out_creds,
ccache,
NULL,
NULL,
NULL);
if (status)
krb5_err(context, 1, status, "krb5_sendauth");
{
char *str;
krb5_unparse_name(context, in_creds.server, &str);
printf ("User is `%s'\n", str);
free(str);
krb5_unparse_name(context, in_creds.client, &str);
printf ("Server is `%s'\n", str);
free(str);
}
krb5_data_zero (&data);
krb5_data_zero (&packet);
status = krb5_read_message(context, &sock, &packet);
if(status)
krb5_err(context, 1, status, "krb5_read_message");
status = krb5_rd_safe (context,
auth_context,
&packet,
&data,
NULL);
if (status)
errx (1, "krb5_rd_safe: %s",
krb5_get_err_text(context, status));
printf ("safe packet: %.*s\n", (int)data.length,
(char *)data.data);
status = krb5_read_message(context, &sock, &packet);
if(status)
krb5_err(context, 1, status, "krb5_read_message");
status = krb5_rd_priv (context,
auth_context,
&packet,
&data,
NULL);
if (status)
errx (1, "krb5_rd_priv: %s",
krb5_get_err_text(context, status));
printf ("priv packet: %.*s\n", (int)data.length,
(char *)data.data);
return 0;
}
