src/server.c

   1 /* server.c     sample kerberos authenticated server
   2  * Copyright (C) 2003  Simon Josefsson
   3  *
   4  * This file is part of Shishi.
   5  *
   6  * Shishi is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License as published by
   8  * the Free Software Foundation; either version 2 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * Shishi is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with Shishi; if not, write to the Free Software
  18  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  19  *
  20  */
  21
  22 #include <stdio.h>
  23 #include <stdlib.h>
  24
  25 #include <shishi.h>
  26
  27 #define SERVICE "sample"
  28
  29 /* XXX remove this */
  30 const char *program_name = "client";
  31
  32 int
  33 doit (Shishi * h, int verbose)
  34 {
  35   char line[BUFSIZ];
  36
  37 #if 0
  38   res = shishi_encticketpart_get_key
  39     (handle, shishi_tkt_encticketpart (shishi_ap_tkt (ap)), &tktkey);
  40   if (res != SHISHI_OK)
  41     {
  42       fprintf (stderr, _("Could not extract key:\n%s\n%s\n"),
  43                shishi_strerror (res), shishi_strerror_details (handle));
  44       return 1;
  45     }
  46
  47   res = shishi_safe_parse (handle, stdin, &asn1safe);
  48   if (res != SHISHI_OK)
  49     {
  50       fprintf (stderr, _("Could not read SAFE:\n%s\n%s\n"),
  51                shishi_strerror (res), shishi_strerror_details (handle));
  52       return 1;
  53     }
  54
  55   res = shishi_safe (handle, &safe);
  56   if (res != SHISHI_OK)
  57     {
  58       fprintf (stderr, _("Could not create SAFE:\n%s\n%s\n"),
  59                shishi_strerror (res), shishi_strerror_details (handle));
  60       return 1;
  61     }
  62
  63   shishi_safe_safe_set (safe, asn1safe);
  64
  65   res = shishi_safe_verify (safe, tktkey);
  66   if (res != SHISHI_OK)
  67     {
  68       fprintf (stderr, _("Could not verify SAFE:\n%s\n%s\n"),
  69                shishi_strerror (res), shishi_strerror_details (handle));
  70       return 1;
  71     }
  72
  73   printf ("Verified SAFE successfully...\n");
  74
  75   userdatalen = sizeof(userdata);
  76   res = shishi_safe_user_data (handle, asn1safe, userdata, &userdatalen);
  77   if (res != SHISHI_OK)
  78     {
  79       fprintf (stderr, _("Could not extract user data:\n%s\n%s\n"),
  80                shishi_strerror (res), shishi_strerror_details (handle));
  81       return 1;
  82     }
  83   userdata[userdatalen] = '\0';
  84   printf("user data: `%s'\n", userdata);
  85 #endif
  86
  87   printf("Application exchange start.  Press ^D to finish.\n");
  88
  89   while (fgets (line, sizeof(line), stdin))
  90     {
  91       printf("read: %s", line);
  92     }
  93
  94   if (ferror (stdin))
  95     {
  96       printf ("error reading stdin\n");
  97       return 1;
  98     }
  99
 100   return 0;
 101 }
 102
 103 int
 104 auth (Shishi * h, int verbose, const char *cname, const char *sname)
 105 {
 106   Shishi_key *key;
 107   Shishi_ap *ap;
 108   Shishi_asn1 apreq;
 109   char buf[BUFSIZ];
 110   int buflen;
 111   int rc;
 112
 113   printf ("Client: %s\n", cname);
 114   printf ("Server: %s\n", sname);
 115
 116   /* Get key for the server. */
 117
 118   key = shishi_hostkeys_for_server (h, sname);
 119   if (!key)
 120     {
 121       printf ("could not find key: %s\n", shishi_strerror_details (h));
 122       return 1;
 123     }
 124
 125   if (verbose)
 126     shishi_key_print (h, stderr, key);
 127
 128   /* Read Authentication request from client */
 129
 130   rc = shishi_apreq_parse (h, stdin, &apreq);
 131   if (rc != SHISHI_OK)
 132     {
 133       printf ("could not read AP-REQ: %s\n", shishi_strerror (rc));
 134       return 1;
 135     }
 136
 137   /* Create Authentication context */
 138
 139   rc = shishi_ap (h, &ap);
 140   if (rc != SHISHI_OK)
 141     {
 142       printf ("Could not create AP: %s\n", shishi_strerror (rc));
 143       return 1;
 144     }
 145
 146   /* Store request in context */
 147
 148   shishi_ap_req_set (ap, apreq);
 149
 150   /* Process authentication request */
 151
 152   rc = shishi_ap_req_process (ap, key);
 153   if (rc != SHISHI_OK)
 154     {
 155       printf ("Could not process AP-REQ: %s\n", shishi_strerror (rc));
 156       return 1;
 157     }
 158
 159   if (verbose)
 160     shishi_authenticator_print (h, stderr, shishi_ap_authenticator (ap));
 161
 162   buflen = sizeof (buf);
 163   rc = shishi_authenticator_cnamerealm_get (h, shishi_ap_authenticator (ap),
 164                                             buf, &buflen);
 165   buf[buflen] = '\0';
 166   printf ("Client name (from authenticator): %s\n", buf);
 167
 168   buflen = sizeof (buf);
 169   rc = shishi_encticketpart_cnamerealm_get
 170     (h, shishi_tkt_encticketpart (shishi_ap_tkt (ap)),
 171      buf, &buflen);
 172   buf[buflen] = '\0';
 173   printf ("Client name (from encticketpart): %s\n", buf);
 174
 175   buflen = sizeof (buf);
 176   rc = shishi_ticket_snamerealm_get (h, shishi_tkt_ticket (shishi_ap_tkt (ap)),
 177                                      buf, &buflen);
 178   buf[buflen] = '\0';
 179   printf ("Server name (from ticket): %s\n", buf);
 180
 181   /* User is authenticated. */
 182
 183   printf ("User authenticated.\n");
 184
 185   /* Authenticate ourself to client, if request */
 186
 187   if (shishi_apreq_mutual_required_p (h, apreq))
 188     {
 189       Shishi_asn1 aprep;
 190
 191       printf ("Mutual authentication required.\n");
 192
 193       rc = shishi_ap_rep_asn1 (ap, &aprep);
 194       if (rc != SHISHI_OK)
 195         {
 196           printf ("Error creating AP-REP: %s\n", shishi_strerror (rc));
 197           return 1;
 198         }
 199
 200       if (verbose)
 201         shishi_encapreppart_print (h, stderr, shishi_ap_encapreppart (ap));
 202
 203       shishi_aprep_print (h, stdout, aprep);
 204
 205       /* We are authenticated to client */
 206     }
 207
 208   return doit (h, verbose);
 209 }
 210
 211 int
 212 main (int argc, char *argv[])
 213 {
 214   Shishi *h;
 215   char *sname;
 216   int rc;
 217
 218   printf ("sample-server (shishi " SHISHI_VERSION ")\n");
 219
 220   if (!shishi_check_version (SHISHI_VERSION))
 221     {
 222       printf ("shishi_check_version() failed:\n"
 223               "Header file incompatible with shared library.\n");
 224       return 1;
 225     }
 226
 227   rc = shishi_init_server (&h);
 228   if (rc != SHISHI_OK)
 229     {
 230       printf ("error initializing shishi: %s\n", shishi_strerror (rc));
 231       return 1;
 232     }
 233
 234   if (argc > 1)
 235     sname = argv[1];
 236   else
 237     sname = shishi_server_for_local_service (h, SERVICE);
 238
 239   auth (h, 1, shishi_principal_default (h), sname);
 240
 241   shishi_done (h);
 242
 243   return 0;
 244 }