appl/test/tcp_server.c

   1 /*
   2  * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 /*
  35  * A sample server that uses the Kerberos V5 API.
  36  *
  37  * See "Introduction to the Kerberos 5 API" in the Doxygen documentation
  38  * for a walkthrough of this code.
  39  */
  40
  41 #include "test_locl.h"
  42 RCSID("$Id$");
  43
  44 /* The API needs one Kerberos context per thread. */
  45 krb5_context context;
  46
  47 static int
  48 proto (int sock, const char *service)
  49 {
  50     krb5_auth_context auth_context;
  51     krb5_error_code status;
  52     krb5_principal server;
  53     krb5_ticket *ticket;
  54     char *name;
  55     char hostname[MAXHOSTNAMELEN];
  56     krb5_data packet;
  57     krb5_data data;
  58     uint32_t len, net_len;
  59     ssize_t n;
  60
  61     /* Initialize the authentication context, to be used to authenticate the peer. */
  62     status = krb5_auth_con_init (context, &auth_context);
  63     if (status)
  64         krb5_err (context, 1, status, "krb5_auth_con_init");
  65
  66     /* Extract the local and remote address from the socket into auth_context. */
  67     status = krb5_auth_con_setaddrs_from_fd (context,
  68                                              auth_context,
  69                                              &sock);
  70     if (status)
  71         krb5_err (context, 1, status, "krb5_auth_con_setaddrs_from_fd");
  72
  73     if (gethostname (hostname, sizeof(hostname)) < 0)
  74         krb5_err (context, 1, errno, "gethostname");
  75
  76     /* Create principal "server" for "service" on "hostname" (this host). */
  77     status = krb5_sname_to_principal (context,
  78                                       hostname,
  79                                       service,
  80                                       KRB5_NT_SRV_HST,
  81                                       &server);
  82     if (status)
  83         krb5_err (context, 1, status, "krb5_sname_to_principal");
  84
  85     /*
  86      * Perform the server side of the sendauth protocol. On success, "ticket"
  87      * contains the authenticated credentials of the client.
  88      */
  89     status = krb5_recvauth (context,
  90                             &auth_context,
  91                             &sock,
  92                             VERSION,
  93                             server,
  94                             0,            /* flags */
  95                             keytab,
  96                             &ticket);
  97     if (status)
  98         krb5_err (context, 1, status, "krb5_recvauth");
  99
 100     /* Extract the client name as a string. */
 101     status = krb5_unparse_name (context,
 102                                 ticket->client,
 103                                 &name);
 104     if (status)
 105         krb5_err (context, 1, status, "krb5_unparse_name");
 106
 107     fprintf (stderr, "User is `%s'\n", name);
 108     free (name);
 109
 110     krb5_data_zero (&data);
 111     krb5_data_zero (&packet);
 112
 113     /*
 114      * Read the payload (encoded as length, value).
 115      */
 116     n = krb5_net_read (context, &sock, &net_len, 4);
 117     if (n == 0)
 118         krb5_errx (context, 1, "EOF in krb5_net_read");
 119     if (n < 0)
 120         krb5_err (context, 1, errno, "krb5_net_read");
 121
 122     len = ntohl(net_len);
 123
 124     krb5_data_alloc (&packet, len);
 125
 126     n = krb5_net_read (context, &sock, packet.data, len);
 127     if (n == 0)
 128         krb5_errx (context, 1, "EOF in krb5_net_read");
 129     if (n < 0)
 130         krb5_err (context, 1, errno, "krb5_net_read");
 131
 132     /*
 133      * Expect a KRB_SAFE message (authenticated, not encrypted)
 134      */
 135     status = krb5_rd_safe (context,
 136                            auth_context,
 137                            &packet,
 138                            &data,
 139                            NULL);
 140     if (status)
 141         krb5_err (context, 1, status, "krb5_rd_safe");
 142
 143     fprintf (stderr, "safe packet: %.*s\n", (int)data.length,
 144             (char *)data.data);
 145
 146     /*
 147      * Read the payload (encoded as length, value).
 148      */
 149     n = krb5_net_read (context, &sock, &net_len, 4);
 150     if (n == 0)
 151         krb5_errx (context, 1, "EOF in krb5_net_read");
 152     if (n < 0)
 153         krb5_err (context, 1, errno, "krb5_net_read");
 154
 155     len = ntohl(net_len);
 156
 157     krb5_data_alloc (&packet, len);
 158
 159     n = krb5_net_read (context, &sock, packet.data, len);
 160     if (n == 0)
 161         krb5_errx (context, 1, "EOF in krb5_net_read");
 162     if (n < 0)
 163         krb5_err (context, 1, errno, "krb5_net_read");
 164
 165     /*
 166      * Expect a KRB_PRIV message (authenticated and encrypted)
 167      */
 168     status = krb5_rd_priv (context,
 169                            auth_context,
 170                            &packet,
 171                            &data,
 172                            NULL);
 173     if (status)
 174         krb5_err (context, 1, status, "krb5_rd_priv");
 175
 176     fprintf (stderr, "priv packet: %.*s\n", (int)data.length,
 177             (char *)data.data);
 178
 179     return 0;
 180 }
 181
 182 static int
 183 doit (int port, const char *service)
 184 {
 185     /* Block waiting for a connection. */
 186     mini_inetd (port, NULL);
 187
 188     return proto (STDIN_FILENO, service);
 189 }
 190
 191 /*
 192  * Process only one connection and then exit.
 193  */
 194 int
 195 main(int argc, char **argv)
 196 {
 197     int port = server_setup(&context, argc, argv);
 198     krb5_error_code ret;
 199
 200     ret = krb5_kt_have_content(context, keytab);
 201     if (ret)
 202         krb5_err (context, 1, ret, "krb5_kt_have_content");
 203
 204     return doit (port, service);
 205 }