2 * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * A sample server that uses the Kerberos V5 API.
37 * See "Introduction to the Kerberos 5 API" in the Doxygen documentation
38 * for a walkthrough of this code.
41 #include "test_locl.h"
44 /* The API needs one Kerberos context per thread. */
48 proto (int sock
, const char *service
)
50 krb5_auth_context auth_context
;
51 krb5_error_code status
;
52 krb5_principal server
;
55 char hostname
[MAXHOSTNAMELEN
];
58 uint32_t len
, net_len
;
61 /* Initialize the authentication context, to be used to authenticate the peer. */
62 status
= krb5_auth_con_init (context
, &auth_context
);
64 krb5_err (context
, 1, status
, "krb5_auth_con_init");
66 /* Extract the local and remote address from the socket into auth_context. */
67 status
= krb5_auth_con_setaddrs_from_fd (context
,
71 krb5_err (context
, 1, status
, "krb5_auth_con_setaddrs_from_fd");
73 if (gethostname (hostname
, sizeof(hostname
)) < 0)
74 krb5_err (context
, 1, errno
, "gethostname");
76 /* Create principal "server" for "service" on "hostname" (this host). */
77 status
= krb5_sname_to_principal (context
,
83 krb5_err (context
, 1, status
, "krb5_sname_to_principal");
86 * Perform the server side of the sendauth protocol. On success, "ticket"
87 * contains the authenticated credentials of the client.
89 status
= krb5_recvauth (context
,
98 krb5_err (context
, 1, status
, "krb5_recvauth");
100 /* Extract the client name as a string. */
101 status
= krb5_unparse_name (context
,
105 krb5_err (context
, 1, status
, "krb5_unparse_name");
107 fprintf (stderr
, "User is `%s'\n", name
);
110 krb5_data_zero (&data
);
111 krb5_data_zero (&packet
);
114 * Read the payload (encoded as length, value).
116 n
= krb5_net_read (context
, &sock
, &net_len
, 4);
118 krb5_errx (context
, 1, "EOF in krb5_net_read");
120 krb5_err (context
, 1, errno
, "krb5_net_read");
122 len
= ntohl(net_len
);
124 krb5_data_alloc (&packet
, len
);
126 n
= krb5_net_read (context
, &sock
, packet
.data
, len
);
128 krb5_errx (context
, 1, "EOF in krb5_net_read");
130 krb5_err (context
, 1, errno
, "krb5_net_read");
133 * Expect a KRB_SAFE message (authenticated, not encrypted)
135 status
= krb5_rd_safe (context
,
141 krb5_err (context
, 1, status
, "krb5_rd_safe");
143 fprintf (stderr
, "safe packet: %.*s\n", (int)data
.length
,
147 * Read the payload (encoded as length, value).
149 n
= krb5_net_read (context
, &sock
, &net_len
, 4);
151 krb5_errx (context
, 1, "EOF in krb5_net_read");
153 krb5_err (context
, 1, errno
, "krb5_net_read");
155 len
= ntohl(net_len
);
157 krb5_data_alloc (&packet
, len
);
159 n
= krb5_net_read (context
, &sock
, packet
.data
, len
);
161 krb5_errx (context
, 1, "EOF in krb5_net_read");
163 krb5_err (context
, 1, errno
, "krb5_net_read");
166 * Expect a KRB_PRIV message (authenticated and encrypted)
168 status
= krb5_rd_priv (context
,
174 krb5_err (context
, 1, status
, "krb5_rd_priv");
176 fprintf (stderr
, "priv packet: %.*s\n", (int)data
.length
,
183 doit (int port
, const char *service
)
185 /* Block waiting for a connection. */
186 mini_inetd (port
, NULL
);
188 return proto (STDIN_FILENO
, service
);
192 * Process only one connection and then exit.
195 main(int argc
, char **argv
)
197 int port
= server_setup(&context
, argc
, argv
);
200 ret
= krb5_kt_have_content(context
, keytab
);
202 krb5_err (context
, 1, ret
, "krb5_kt_have_content");
204 return doit (port
, service
);