examples/server.c

   1 /* server.c --- Sample server with authentication using Shishi.
   2  * Copyright (C) 2003, 2004  Simon Josefsson
   3  *
   4  * This file is part of Shishi.
   5  *
   6  * Shishi is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License as published by
   8  * the Free Software Foundation; either version 2 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * Shishi is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with Shishi; if not, write to the Free Software
  18  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  19  *
  20  */
  21
  22 #include <stdio.h>
  23 #include <stdlib.h>
  24
  25 #include <shishi.h>
  26
  27 #define SERVICE "sample"
  28
  29 /* XXX remove this */
  30 const char *program_name = "client";
  31
  32 static int
  33 doit (Shishi * h, Shishi_ap * ap, int verbose)
  34 {
  35   Shishi_asn1 asn1safe;
  36   Shishi_safe *safe;
  37   char *userdata;
  38   size_t userdatalen;
  39   int res;
  40
  41   printf ("Application exchange start.  Press ^D to finish.\n");
  42
  43   while ((res = shishi_safe_parse (h, stdin, &asn1safe)) == SHISHI_OK)
  44     {
  45       if (res != SHISHI_OK)
  46         {
  47           fprintf (stderr, "Could not read SAFE:\n%s\n%s\n",
  48                    shishi_strerror (res), shishi_error (h));
  49           return 1;
  50         }
  51
  52       res = shishi_safe (h, &safe);
  53       if (res != SHISHI_OK)
  54         {
  55           fprintf (stderr, "Could not create SAFE:\n%s\n%s\n",
  56                    shishi_strerror (res), shishi_error (h));
  57           return 1;
  58         }
  59
  60       shishi_safe_safe_set (safe, asn1safe);
  61
  62       res = shishi_safe_verify (safe, shishi_ap_key (ap));
  63       if (res != SHISHI_OK)
  64         {
  65           fprintf (stderr, "Could not verify SAFE:\n%s\n%s\n",
  66                    shishi_strerror (res), shishi_error (h));
  67           return 1;
  68         }
  69
  70       printf ("Verified SAFE successfully...\n");
  71
  72       res = shishi_safe_user_data (h, asn1safe, &userdata, &userdatalen);
  73       if (res != SHISHI_OK)
  74         {
  75           fprintf (stderr, "Could not extract user data:\n%s\n%s\n",
  76                    shishi_strerror (res), shishi_error (h));
  77           return 1;
  78         }
  79       userdata[userdatalen] = '\0';
  80       printf ("user data: `%s'\n", userdata);
  81
  82     }
  83
  84   if (ferror (stdin))
  85     {
  86       printf ("error reading stdin\n");
  87       return 1;
  88     }
  89
  90   return 0;
  91 }
  92
  93 static Shishi_ap *
  94 auth (Shishi * h, int verbose, const char *cname, const char *sname)
  95 {
  96   Shishi_key *key;
  97   Shishi_ap *ap;
  98   Shishi_asn1 apreq;
  99   char buf[BUFSIZ];
 100   int buflen;
 101   int rc;
 102
 103   printf ("Client: %s\n", cname);
 104   printf ("Server: %s\n", sname);
 105
 106   /* Get key for the server. */
 107
 108   key = shishi_hostkeys_for_server (h, sname);
 109   if (!key)
 110     {
 111       printf ("could not find key: %s\n", shishi_error (h));
 112       return NULL;
 113     }
 114
 115   if (verbose)
 116     shishi_key_print (h, stderr, key);
 117
 118   /* Read Authentication request from client */
 119
 120   printf ("Waiting for client to authenticate itself...\n");
 121
 122   rc = shishi_apreq_parse (h, stdin, &apreq);
 123   if (rc != SHISHI_OK)
 124     {
 125       printf ("could not read AP-REQ: %s\n", shishi_strerror (rc));
 126       return NULL;
 127     }
 128
 129   /* Create Authentication context */
 130
 131   rc = shishi_ap (h, &ap);
 132   if (rc != SHISHI_OK)
 133     {
 134       printf ("Could not create AP: %s\n", shishi_strerror (rc));
 135       return NULL;
 136     }
 137
 138   /* Store request in context */
 139
 140   shishi_ap_req_set (ap, apreq);
 141
 142   /* Process authentication request */
 143
 144   rc = shishi_ap_req_process (ap, key);
 145   if (rc != SHISHI_OK)
 146     {
 147       printf ("Could not process AP-REQ: %s\n", shishi_strerror (rc));
 148       return NULL;
 149     }
 150
 151   if (verbose)
 152     shishi_authenticator_print (h, stderr, shishi_ap_authenticator (ap));
 153
 154   buflen = sizeof (buf);
 155   rc = shishi_authenticator_cnamerealm_get (h, shishi_ap_authenticator (ap),
 156                                             buf, &buflen);
 157   buf[buflen] = '\0';
 158   printf ("Client name (from authenticator): %s\n", buf);
 159
 160   buflen = sizeof (buf);
 161   rc = shishi_encticketpart_cnamerealm_get
 162     (h, shishi_tkt_encticketpart (shishi_ap_tkt (ap)), buf, &buflen);
 163   buf[buflen] = '\0';
 164   printf ("Client name (from encticketpart): %s\n", buf);
 165
 166   buflen = sizeof (buf);
 167   rc =
 168     shishi_ticket_snamerealm_get (h, shishi_tkt_ticket (shishi_ap_tkt (ap)),
 169                                   buf, &buflen);
 170   buf[buflen] = '\0';
 171   printf ("Server name (from ticket): %s\n", buf);
 172
 173   /* User is authenticated. */
 174
 175   printf ("User authenticated.\n");
 176
 177   /* Authenticate ourself to client, if request */
 178
 179   if (shishi_apreq_mutual_required_p (h, apreq))
 180     {
 181       Shishi_asn1 aprep;
 182
 183       printf ("Mutual authentication required.\n");
 184
 185       rc = shishi_ap_rep_asn1 (ap, &aprep);
 186       if (rc != SHISHI_OK)
 187         {
 188           printf ("Error creating AP-REP: %s\n", shishi_strerror (rc));
 189           return NULL;
 190         }
 191
 192       if (verbose)
 193         shishi_encapreppart_print (h, stderr, shishi_ap_encapreppart (ap));
 194
 195       shishi_aprep_print (h, stdout, aprep);
 196
 197       /* We are authenticated to client */
 198     }
 199
 200   return ap;
 201 }
 202
 203 int
 204 main (int argc, char *argv[])
 205 {
 206   Shishi *h;
 207   Shishi_ap *ap;
 208   char *sname;
 209   int rc;
 210
 211   printf ("sample-server (shishi " SHISHI_VERSION ")\n");
 212
 213   if (!shishi_check_version (SHISHI_VERSION))
 214     {
 215       printf ("shishi_check_version() failed:\n"
 216               "Header file incompatible with shared library.\n");
 217       return 1;
 218     }
 219
 220   rc = shishi_init_server (&h);
 221   if (rc != SHISHI_OK)
 222     {
 223       printf ("error initializing shishi: %s\n", shishi_strerror (rc));
 224       return 1;
 225     }
 226
 227   if (argc > 1)
 228     sname = argv[1];
 229   else
 230     sname = shishi_server_for_local_service (h, SERVICE);
 231
 232   ap = auth (h, 1, shishi_principal_default (h), sname);
 233
 234   if (ap)
 235     rc = doit (h, ap, 1);
 236   else
 237     rc = 1;
 238
 239   shishi_done (h);
 240
 241   return rc;
 242 }