[pubcookie-dev] WEBISO CVS update: ryanc;pbc_config.h,1.72,1.73
Ryan Campbell
ryanc at cac.washington.edu
Fri Mar 7 11:19:19 PST 2003
Update of /usr/local/cvsroot/webiso/pubcookie/src
In directory webiso-cvs.cac.washington.edu:/var/tmp/cvs-serv31595
Modified Files:
keyclient.c libpubcookie.h pbc_config.h
Log Message:
Keyclient:
Removed PBC_LOGIN_HOST in favor of new config. variable PBC_KEYMGT_URI
Changed -L option to -K and text to reflect new functionality
Changed local p pointer to cp to avoid name collision with PBC macros
PubCookieFilter:
Renamed AuthTypeName2 to AuthTypeName3 to reflect current SECURID usage
Index: webiso/pubcookie/src/keyclient.c
diff -c webiso/pubcookie/src/keyclient.c:2.26 webiso/pubcookie/src/keyclient.c:2.27
*** webiso/pubcookie/src/keyclient.c:2.26 Wed Mar 5 14:38:47 2003
--- webiso/pubcookie/src/keyclient.c Fri Mar 7 11:19:17 2003
***************
*** 19,25 ****
*/
/*
! $Id: keyclient.c,v 2.26 2003/03/05 22:38:47 willey Exp $
*/
#ifdef HAVE_CONFIG_H
--- 19,25 ----
*/
/*
! $Id: keyclient.c,v 2.27 2003/03/07 19:19:17 ryanc Exp $
*/
#ifdef HAVE_CONFIG_H
***************
*** 118,124 ****
printf(" -a : expect keyfile in ASN.1\n");
printf(" -p (default) : expect keyfile in PEM\n");
printf(" -h <hostname> : pretend to be <hostname> (dangerous!)\n");
! printf(" -L <hostname> : connect to loginhost <hostname>\n");
printf(" -C <cert file> : CA cert to use for client verification\n");
printf(" -D <ca dir> : directory of trusted CAs, hashed OpenSSL-style\n");
--- 118,124 ----
printf(" -a : expect keyfile in ASN.1\n");
printf(" -p (default) : expect keyfile in PEM\n");
printf(" -h <hostname> : pretend to be <hostname> (dangerous!)\n");
! printf(" -K <URI> : base URL of key management server\n");
printf(" -C <cert file> : CA cert to use for client verification\n");
printf(" -D <ca dir> : directory of trusted CAs, hashed OpenSSL-style\n");
***************
*** 154,160 ****
int sd;
struct sockaddr_in sa;
struct hostent *h;
! char *str, *p;
char buf[2 * PBC_DES_KEY_BUF]; /* plenty of room for base64 encoding */
unsigned char thekey[PBC_DES_KEY_BUF];
crypt_stuff c_stuff;
--- 154,160 ----
int sd;
struct sockaddr_in sa;
struct hostent *h;
! char *str, *cp;
char buf[2 * PBC_DES_KEY_BUF]; /* plenty of room for base64 encoding */
unsigned char thekey[PBC_DES_KEY_BUF];
crypt_stuff c_stuff;
***************
*** 172,178 ****
char *keyhost = NULL;
int keyport = 443;
int r;
! pool *pp = NULL;
#ifdef WIN32
SystemRoot = malloc(MAX_PATH*sizeof(char));
--- 172,178 ----
char *keyhost = NULL;
int keyport = 443;
int r;
! pool *p = NULL;
#ifdef WIN32
SystemRoot = malloc(MAX_PATH*sizeof(char));
***************
*** 191,207 ****
}
#endif
! libpbc_config_init(pp, NULL, "keyclient");
! libpbc_pubcookie_init(pp);
! keyfile = libpbc_config_getstring(pp, "ssl_key_file", "server.pem");
! certfile = libpbc_config_getstring(pp, "ssl_cert_file", "server.pem");
! cafile = libpbc_config_getstring(pp, "ssl_ca_file", NULL);
! cadir = libpbc_config_getstring(pp, "ssl_ca_path", NULL);
hostname = NULL;
newkeyp = 1;
! while ((c = getopt(argc, argv, "apc:k:C:D:nudH:L:")) != -1) {
switch (c) {
case 'a':
filetype = SSL_FILETYPE_ASN1;
--- 191,207 ----
}
#endif
! libpbc_config_init(p, NULL, "keyclient");
! libpbc_pubcookie_init(p);
! keyfile = libpbc_config_getstring(p, "ssl_key_file", "server.pem");
! certfile = libpbc_config_getstring(p, "ssl_cert_file", "server.pem");
! cafile = libpbc_config_getstring(p, "ssl_ca_file", NULL);
! cadir = libpbc_config_getstring(p, "ssl_ca_path", NULL);
hostname = NULL;
newkeyp = 1;
! while ((c = getopt(argc, argv, "apc:k:C:D:nudH:L:K:")) != -1) {
switch (c) {
case 'a':
filetype = SSL_FILETYPE_ASN1;
***************
*** 251,258 ****
break;
case 'L':
! /* connect to the specified login server */
! keyhost = strdup(optarg);
break;
case '?':
--- 251,260 ----
break;
case 'L':
! case 'K':
! /* connect to the specified key management server
! Overrides PBC_KEYMGT_URI */
! keymgturi = strdup(optarg);
break;
case '?':
***************
*** 275,281 ****
RAND_seed((unsigned char *)&pid, sizeof(pid));
#ifndef WIN32
! capture_cmd_output(pp, cmd, buf, sizeof(buf));
RAND_seed((unsigned char *)buf, sizeof(buf));
#endif
}
--- 277,283 ----
RAND_seed((unsigned char *)&pid, sizeof(pid));
#ifndef WIN32
! capture_cmd_output(p, cmd, buf, sizeof(buf));
RAND_seed((unsigned char *)buf, sizeof(buf));
#endif
}
***************
*** 313,339 ****
}
/* figure out the key management server */
! keymgturi = libpbc_config_getstring(p, "keymgt_uri", NULL);
! if (keymgturi == NULL) {
! keymgturi = malloc(1024);
! snprintf((char *) keymgturi, 1024, "https://%s/cgi-bin/keyserver",
! PBC_LOGIN_HOST);
! }
!
! if (!keyhost) {
! keyhost = strdup(keymgturi);
! }
if (!strncmp(keyhost, "https://", 8)) keyhost += 8;
! p = strchr(keyhost, '/');
! if (p) {
! *p = '\0';
}
! p = strchr(keyhost, ':');
! if (p) {
! *p++ = '\0';
! keyport = atoi(p);
}
/* connect to the keyserver */
--- 315,335 ----
}
/* figure out the key management server */
! if (!keymgturi) {
! keymgturi = PBC_KEYMGT_URI;
! }
! keyhost = strdup(keymgturi);
if (!strncmp(keyhost, "https://", 8)) keyhost += 8;
! cp = strchr(keyhost, '/');
! if (cp) {
! *cp = '\0';
}
! cp = strchr(keyhost, ':');
! if (cp) {
! *cp++ = '\0';
! keyport = atoi(cp);
}
/* connect to the keyserver */
***************
*** 376,389 ****
}
str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0);
! p = extract_cn(str);
! if (p == NULL) {
fprintf(stderr, "str == NULL???\n");
exit(1);
}
! if (strcasecmp(p, PBC_LOGIN_HOST)) {
! fprintf(stderr, "certificate presented isn't the login host: %s != %s\n",
! p, PBC_LOGIN_HOST);
exit(1);
}
free(str);
--- 372,385 ----
}
str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0);
! cp = extract_cn(str);
! if (cp == NULL) {
fprintf(stderr, "str == NULL???\n");
exit(1);
}
! if (strcasecmp(cp, keyhost)) {
! fprintf(stderr, "certificate presented isn't the key server: %s != %s\n",
! cp, keyhost);
exit(1);
}
free(str);
***************
*** 421,427 ****
exit(1);
}
! libpbc_base64_encode(p, c_stuff.key_a, (unsigned char *) enckey, PBC_DES_KEY_BUF);
/* we're uploading! */
snprintf(buf, sizeof(buf),
--- 417,423 ----
exit(1);
}
! libpbc_base64_encode(cp, c_stuff.key_a, (unsigned char *) enckey, PBC_DES_KEY_BUF);
/* we're uploading! */
snprintf(buf, sizeof(buf),
***************
*** 445,454 ****
exit(1);
}
! p = buf;
for (;;) {
/* read the response */
! r = SSL_read(ssl, p, sizeof(buf) - 1 - (p - buf));
if (r < 0) {
fprintf(stderr, "SSL_read failed:\n");
ERR_print_errors_fp(stderr);
--- 441,450 ----
exit(1);
}
! cp = buf;
for (;;) {
/* read the response */
! r = SSL_read(ssl, cp, sizeof(buf) - 1 - (cp - buf));
if (r < 0) {
fprintf(stderr, "SSL_read failed:\n");
ERR_print_errors_fp(stderr);
***************
*** 457,500 ****
if (r == 0) {
break;
}
! p += r;
! *p = '\0';
}
! p = buf;
/* look for the 'OK' */
! while (*p) {
! if (p[0] == '\r' && p[1] == '\n' &&
! p[2] == 'O' && p[3] == 'K' &&
! p[4] == ' ') {
! p += 5;
! /* p points to a base64 key we should decode */
! if (strlen(p) >= (4 * PBC_DES_KEY_BUF + 100) / 3) {
fprintf(stderr, "key too long\n");
exit(1);
}
if (newkeyp != -1) {
! if (strchr(p, '\r')) {
/* chomp new line */
! *(strchr(p, '\r')) = '\0';
}
! if (strchr(p, '\n')) {
/* chomp new line */
! *(strchr(p, '\n')) = '\0';
}
if (noop) {
! printf("would have set key to '%s'\n", p);
} else {
int osize = 0;
int ret;
! if (strchr(p, '\r')) {
/* chomp new line */
! *strchr(p, '\r') = '\0';
}
! ret = libpbc_base64_decode(p, (unsigned char *) p, thekey, &osize);
if (osize != PBC_DES_KEY_BUF) {
fprintf(stderr, "keyserver returned wrong key size: expected %d got %d\n", PBC_DES_KEY_BUF, osize);
exit(1);
--- 453,496 ----
if (r == 0) {
break;
}
! cp += r;
! *cp = '\0';
}
! cp = buf;
/* look for the 'OK' */
! while (*cp) {
! if (cp[0] == '\r' && cp[1] == '\n' &&
! cp[2] == 'O' && cp[3] == 'K' &&
! cp[4] == ' ') {
! cp += 5;
! /* cp points to a base64 key we should decode */
! if (strlen(cp) >= (4 * PBC_DES_KEY_BUF + 100) / 3) {
fprintf(stderr, "key too long\n");
exit(1);
}
if (newkeyp != -1) {
! if (strchr(cp, '\r')) {
/* chomp new line */
! *(strchr(cp, '\r')) = '\0';
}
! if (strchr(cp, '\n')) {
/* chomp new line */
! *(strchr(cp, '\n')) = '\0';
}
if (noop) {
! printf("would have set key to '%s'\n", cp);
} else {
int osize = 0;
int ret;
! if (strchr(cp, '\r')) {
/* chomp new line */
! *strchr(cp, '\r') = '\0';
}
! ret = libpbc_base64_decode(cp, (unsigned char *) cp, thekey, &osize);
if (osize != PBC_DES_KEY_BUF) {
fprintf(stderr, "keyserver returned wrong key size: expected %d got %d\n", PBC_DES_KEY_BUF, osize);
exit(1);
***************
*** 505,511 ****
exit(1);
}
! if (libpbc_set_crypt_key(p, (const char *) thekey, hostname) != PBC_OK) {
fprintf(stderr, "libpbc_set_crypt_key() failed\n");
exit(1);
}
--- 501,507 ----
exit(1);
}
! if (libpbc_set_crypt_key(cp, (const char *) thekey, hostname) != PBC_OK) {
fprintf(stderr, "libpbc_set_crypt_key() failed\n");
exit(1);
}
***************
*** 515,521 ****
done = 1;
goto jump;
}
! p++;
}
jump:
--- 511,517 ----
done = 1;
goto jump;
}
! cp++;
}
jump:
Index: webiso/pubcookie/src/libpubcookie.h
diff -c webiso/pubcookie/src/libpubcookie.h:1.31 webiso/pubcookie/src/libpubcookie.h:1.32
*** webiso/pubcookie/src/libpubcookie.h:1.31 Wed Mar 5 14:38:47 2003
--- webiso/pubcookie/src/libpubcookie.h Fri Mar 7 11:19:17 2003
***************
*** 26,32 ****
*/
/*
! $Id: libpubcookie.h,v 1.31 2003/03/05 22:38:47 willey Exp $
*/
#ifndef PUBCOOKIE_LIB
--- 26,32 ----
*/
/*
! $Id: libpubcookie.h,v 1.32 2003/03/07 19:19:17 ryanc Exp $
*/
#ifndef PUBCOOKIE_LIB
***************
*** 150,162 ****
# define strcasecmp(a,b) _stricmp(a,b)
# define bcopy(s, d, siz) memcpy((d), (s), (siz))
# define bzero(d, siz) memset((d), '\0', (siz))
! void syslog(int whichlog, const char *message,...);
! void pbc_log_activity(pool *p, int logging_level, const char *message,...);
! //int snprintf( char *buffer, size_t count, const char *format, ... ); /* Windows version is broken */
! #define snprintf _snprintf
! #define LOG_ERR 0
! #define LOG_DEBUG 1
!
#endif
--- 150,158 ----
# define strcasecmp(a,b) _stricmp(a,b)
# define bcopy(s, d, siz) memcpy((d), (s), (siz))
# define bzero(d, siz) memset((d), '\0', (siz))
! # define snprintf _snprintf
! # define LOG_ERR 0
! # define LOG_DEBUG 1
#endif
Index: webiso/pubcookie/src/pbc_config.h
diff -c webiso/pubcookie/src/pbc_config.h:1.72 webiso/pubcookie/src/pbc_config.h:1.73
*** webiso/pubcookie/src/pbc_config.h:1.72 Wed Mar 5 14:38:47 2003
--- webiso/pubcookie/src/pbc_config.h Fri Mar 7 11:19:17 2003
***************
*** 26,32 ****
*/
/*
! $Id: pbc_config.h,v 1.72 2003/03/05 22:38:47 willey Exp $
*/
#ifndef PUBCOOKIE_CONFIG
--- 26,32 ----
*/
/*
! $Id: pbc_config.h,v 1.73 2003/03/07 19:19:17 ryanc Exp $
*/
#ifndef PUBCOOKIE_CONFIG
***************
*** 56,64 ****
#endif /* HAVE_DMALLOC_H */
/* names of the login servers */
! #define PBC_LOGIN_HOST (libpbc_config_getstring(p, "login_host", "weblogin.washington.edu"))
! #define PBC_LOGIN_URI (libpbc_config_getstring(p, "login_uri", "https://weblogin.washington.edu/"))
! #define PBC_ENTRPRS_DOMAIN (libpbc_config_getstring(p, "enterprise_domain", ".washington.edu"))
#if defined (WIN32)
#define PBC_PUBLIC_NAME (libpbc_config_getstring(p, "PUBLIC_dir_name", "PUBLIC"))
--- 56,67 ----
#endif /* HAVE_DMALLOC_H */
/* names of the login servers */
! #ifndef WIN32
! #define PBC_LOGIN_HOST (libpbc_config_getstring(p,"login_host", "weblogin.washington.edu"))
! #endif
! #define PBC_LOGIN_URI (libpbc_config_getstring(p,"login_uri", "https://weblogin.washington.edu/"))
! #define PBC_KEYMGT_URI (libpbc_config_getstring(p,"keymgt_uri", "https://weblogin.washington.edu/cgi-bin/keyserver"))
! #define PBC_ENTRPRS_DOMAIN (libpbc_config_getstring(p,"enterprise_domain", ".washington.edu"))
#if defined (WIN32)
#define PBC_PUBLIC_NAME (libpbc_config_getstring(p, "PUBLIC_dir_name", "PUBLIC"))
***************
*** 72,78 ****
#define PBC_SYSTEM_ROOT (libpbc_config_getstring(p, "System_Root","")) /*blank for Windows System*/
#define PBC_AUTHTYPE0 (libpbc_config_getstring(p, "AuthTypeName0", "NONE"))
#define PBC_AUTHTYPE1 (libpbc_config_getstring(p, "AuthTypeName1", "UWNETID"))
! #define PBC_AUTHTYPE2 (libpbc_config_getstring(p, "AuthTypeName2", "SECURID"))
#define PBC_CRYPT_KEYFILE (PBC_PATH "c_key")
#define PBC_PUBKEY "System\\CurrentControlSet\\Services\\PubcookieFilter"
--- 75,81 ----
#define PBC_SYSTEM_ROOT (libpbc_config_getstring(p, "System_Root","")) /*blank for Windows System*/
#define PBC_AUTHTYPE0 (libpbc_config_getstring(p, "AuthTypeName0", "NONE"))
#define PBC_AUTHTYPE1 (libpbc_config_getstring(p, "AuthTypeName1", "UWNETID"))
! #define PBC_AUTHTYPE3 (libpbc_config_getstring(p, "AuthTypeName3", "SECURID"))
#define PBC_CRYPT_KEYFILE (PBC_PATH "c_key")
#define PBC_PUBKEY "System\\CurrentControlSet\\Services\\PubcookieFilter"
end of message
More information about the pubcookie-dev
mailing list