Avoid using internal APIs in sim_client

In sim_client.c, remove the calls to krb5_gen_portaddr() and krb5_gen_replay_name() as they don't do anything after commit dcb853ac32779b173f39e19c0f24b0087de85771. Remove them, and include krb5.h plus appropriate system headers rather than k5-int.h. Also use a subkey when negotiating the auth context. Kerberos application protocols should generally use subkeys to prevent cross-connection replay attacks.
author: Greg Hudson <ghudson@mit.edu> 2023-02-24 14:15:14 -0500
committer: Greg Hudson <ghudson@mit.edu> 2023-02-27 23:14:12 -0500
commit: 9139a60c94c24e41109574e84e7cda9c2dc3fb38 (patch)
tree: 9cdf92210d761dcbf6f79b7e6c5256356a4afec7
parent: 0108d7d7fbb1111c062ac580e69e97103662fc2b (diff)
download: krb5-9139a60c94c24e41109574e84e7cda9c2dc3fb38.tar.gz
1 files changed, 9 insertions, 20 deletions
diff --git a/src/appl/simple/client/sim_client.c b/src/appl/simple/client/sim_client.c
index 08f06abe5..ea1379e60 100644
--- a/src/appl/simple/client/sim_client.c
+++ b/src/appl/simple/client/sim_client.c
@@ -29,14 +29,17 @@
  * This program performs no useful function.
  */
 
-#include <k5-int.h>
+#include <krb5.h>
 #include "com_err.h"
 
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
 #include <netdb.h>
-#include <ctype.h>
+#include <getopt.h>
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
@@ -66,7 +69,6 @@ main(int argc, char *argv[])
     int flags = 0;                      /* flags for sendto() */
     struct servent *serv;
     struct hostent *host;
-    char *cp;
 #ifdef BROKEN_STREAMS_SOCKETS
     char my_hostname[MAXHOSTNAMELEN];
 #endif
@@ -85,7 +87,7 @@ main(int argc, char *argv[])
     krb5_error_code retval;
     krb5_data packet, inbuf;
     krb5_ccache ccdef;
-    krb5_address addr, *portlocal_addr;
+    krb5_address addr;
 
     krb5_context          context;
     krb5_auth_context     auth_context = NULL;
@@ -202,8 +204,9 @@ main(int argc, char *argv[])
         exit(1);
     }
 
-    if ((retval = krb5_mk_req(context, &auth_context, 0, service, hostname,
-                              &inbuf, ccdef, &packet))) {
+    retval = krb5_mk_req(context, &auth_context, AP_OPTS_USE_SUBKEY, service,
+                         hostname, &inbuf, ccdef, &packet);
+    if (retval) {
         com_err(progname, retval, "while preparing AP_REQ");
         exit(1);
     }
@@ -251,20 +254,6 @@ main(int argc, char *argv[])
         exit(1);
     }
 
-    /* THIS IS UGLY */
-    if ((retval = krb5_gen_portaddr(context, &addr,
-                                    (krb5_pointer) &c_sock.sin_port,
-                                    &portlocal_addr))) {
-        com_err(progname, retval, "while generating port address");
-        exit(1);
-    }
-
-    if ((retval = krb5_gen_replay_name(context,portlocal_addr,
-                                       "_sim_clt",&cp))) {
-        com_err(progname, retval, "while generating replay cache name");
-        exit(1);
-    }
-
     /* Make the safe message */
     inbuf.data = message;
     inbuf.length = strlen(message);
author	Greg Hudson <ghudson@mit.edu>	2023-02-24 14:15:14 -0500
committer	Greg Hudson <ghudson@mit.edu>	2023-02-27 23:14:12 -0500
commit	9139a60c94c24e41109574e84e7cda9c2dc3fb38 (patch)
tree	9cdf92210d761dcbf6f79b7e6c5256356a4afec7
parent	0108d7d7fbb1111c062ac580e69e97103662fc2b (diff)
download	krb5-9139a60c94c24e41109574e84e7cda9c2dc3fb38.tar.gz