src/server.c

   1 /* server.c     sample kerberos authenticated server
   2  * Copyright (C) 2003  Simon Josefsson
   3  *
   4  * This file is part of Shishi.
   5  *
   6  * Shishi is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License as published by
   8  * the Free Software Foundation; either version 2 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * Shishi is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with Shishi; if not, write to the Free Software
  18  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  19  *
  20  */
  21
  22 #include <stdio.h>
  23 #include <stdlib.h>
  24
  25 #include <shishi.h>
  26
  27 #define SERVICE "sample"
  28
  29 int
  30 doit (Shishi * h, int verbose)
  31 {
  32   char line[BUFSIZ];
  33
  34 #if 0
  35   res = shishi_encticketpart_get_key
  36     (handle, shishi_tkt_encticketpart (shishi_ap_tkt (ap)), &tktkey);
  37   if (res != SHISHI_OK)
  38     {
  39       fprintf (stderr, _("Could not extract key:\n%s\n%s\n"),
  40                shishi_strerror (res), shishi_strerror_details (handle));
  41       return 1;
  42     }
  43
  44   res = shishi_safe_parse (handle, stdin, &asn1safe);
  45   if (res != SHISHI_OK)
  46     {
  47       fprintf (stderr, _("Could not read SAFE:\n%s\n%s\n"),
  48                shishi_strerror (res), shishi_strerror_details (handle));
  49       return 1;
  50     }
  51
  52   res = shishi_safe (handle, &safe);
  53   if (res != SHISHI_OK)
  54     {
  55       fprintf (stderr, _("Could not create SAFE:\n%s\n%s\n"),
  56                shishi_strerror (res), shishi_strerror_details (handle));
  57       return 1;
  58     }
  59
  60   shishi_safe_safe_set (safe, asn1safe);
  61
  62   res = shishi_safe_verify (safe, tktkey);
  63   if (res != SHISHI_OK)
  64     {
  65       fprintf (stderr, _("Could not verify SAFE:\n%s\n%s\n"),
  66                shishi_strerror (res), shishi_strerror_details (handle));
  67       return 1;
  68     }
  69
  70   printf ("Verified SAFE successfully...\n");
  71
  72   userdatalen = sizeof(userdata);
  73   res = shishi_safe_user_data (handle, asn1safe, userdata, &userdatalen);
  74   if (res != SHISHI_OK)
  75     {
  76       fprintf (stderr, _("Could not extract user data:\n%s\n%s\n"),
  77                shishi_strerror (res), shishi_strerror_details (handle));
  78       return 1;
  79     }
  80   userdata[userdatalen] = '\0';
  81   printf("user data: `%s'\n", userdata);
  82 #endif
  83
  84   printf("Application exchange start.  Press ^D to finish.\n");
  85
  86   while (fgets (line, sizeof(line), stdin))
  87     {
  88       printf("read: %s", line);
  89     }
  90
  91   if (ferror (stdin))
  92     {
  93       printf ("error reading stdin\n");
  94       return 1;
  95     }
  96
  97   return 0;
  98 }
  99
 100 int
 101 auth (Shishi * h, int verbose, const char *cname, const char *sname)
 102 {
 103   Shishi_key *key;
 104   Shishi_ap *ap;
 105   Shishi_asn1 apreq;
 106   char buf[BUFSIZ];
 107   int buflen;
 108   int rc;
 109
 110   printf ("Client: %s\n", cname);
 111   printf ("Server: %s\n", sname);
 112
 113   /* Get key for the server. */
 114
 115   key = shishi_hostkeys_for_server (h, sname);
 116   if (!key)
 117     {
 118       printf ("could not find key: %s\n", shishi_strerror_details (h));
 119       return 1;
 120     }
 121
 122   if (verbose)
 123     shishi_key_print (h, stderr, key);
 124
 125   /* Read Authentication request from client */
 126
 127   rc = shishi_apreq_parse (h, stdin, &apreq);
 128   if (rc != SHISHI_OK)
 129     {
 130       printf ("could not read AP-REQ: %s\n", shishi_strerror (rc));
 131       return 1;
 132     }
 133
 134   /* Create Authentication context */
 135
 136   rc = shishi_ap (h, &ap);
 137   if (rc != SHISHI_OK)
 138     {
 139       printf ("Could not create AP: %s\n", shishi_strerror (rc));
 140       return 1;
 141     }
 142
 143   /* Store request in context */
 144
 145   shishi_ap_req_set (ap, apreq);
 146
 147   /* Process authentication request */
 148
 149   rc = shishi_ap_req_process (ap, key);
 150   if (rc != SHISHI_OK)
 151     {
 152       printf ("Could not process AP-REQ: %s\n", shishi_strerror (rc));
 153       return 1;
 154     }
 155
 156   if (verbose)
 157     shishi_authenticator_print (h, stderr, shishi_ap_authenticator (ap));
 158
 159   buflen = sizeof (buf);
 160   rc = shishi_authenticator_cnamerealm_get (h, shishi_ap_authenticator (ap),
 161                                             buf, &buflen);
 162   buf[buflen] = '\0';
 163   printf ("Client name (from authenticator): %s\n", buf);
 164
 165   buflen = sizeof (buf);
 166   rc = shishi_encticketpart_cnamerealm_get
 167     (h, shishi_tkt_encticketpart (shishi_ap_tkt (ap)),
 168      buf, &buflen);
 169   buf[buflen] = '\0';
 170   printf ("Client name (from encticketpart): %s\n", buf);
 171
 172   buflen = sizeof (buf);
 173   rc = shishi_ticket_snamerealm_get (h, shishi_tkt_ticket (shishi_ap_tkt (ap)),
 174                                      buf, &buflen);
 175   buf[buflen] = '\0';
 176   printf ("Server name (from ticket): %s\n", buf);
 177
 178   /* User is authenticated. */
 179
 180   printf ("User authenticated.\n");
 181
 182   /* Authenticate ourself to client, if request */
 183
 184   if (shishi_apreq_mutual_required_p (h, apreq))
 185     {
 186       Shishi_asn1 aprep;
 187
 188       printf ("Mutual authentication required.\n");
 189
 190       rc = shishi_ap_rep_asn1 (ap, &aprep);
 191       if (rc != SHISHI_OK)
 192         {
 193           printf ("Error creating AP-REP: %s\n", shishi_strerror (rc));
 194           return 1;
 195         }
 196
 197       if (verbose)
 198         shishi_encapreppart_print (h, stderr, shishi_ap_encapreppart (ap));
 199
 200       shishi_aprep_print (h, stdout, aprep);
 201
 202       /* We are authenticated to client */
 203     }
 204
 205   return doit (h, verbose);
 206 }
 207
 208 int
 209 main (int argc, char *argv[])
 210 {
 211   Shishi *h;
 212   char *sname;
 213   int rc;
 214
 215   printf ("sample-server (shishi " SHISHI_VERSION ")\n");
 216
 217   if (!shishi_check_version (SHISHI_VERSION))
 218     {
 219       printf ("shishi_check_version() failed:\n"
 220               "Header file incompatible with shared library.\n");
 221       return 1;
 222     }
 223
 224   rc = shishi_init_server (&h);
 225   if (rc != SHISHI_OK)
 226     {
 227       printf ("error initializing shishi: %s\n", shishi_strerror (rc));
 228       return 1;
 229     }
 230
 231   if (argc > 1)
 232     sname = argv[1];
 233   else
 234     sname = shishi_server_for_local_service (h, SERVICE);
 235
 236   auth (h, 1, shishi_principal_default (h), sname);
 237
 238   shishi_done (h);
 239
 240   return 0;
 241 }