search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Sync usage with man page.
[netbsd-mini2440.git] / crypto / dist / heimdal / appl / test / gssapi_server.c
blob37f32a17268df6f110d8e0c3704fa818c0fd4f1f
1 /*
2 * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "test_locl.h"
35 #include <gssapi.h>
36 #include "gss_common.h"
37 __RCSID("$Heimdal: gssapi_server.c 14762 2005-04-10 14:47:41Z lha $"
38 "$NetBSD$");
39
40 static int
41 process_it(int sock,
42 gss_ctx_id_t context_hdl,
43 gss_name_t client_name
44 )
45 {
46 OM_uint32 maj_stat, min_stat;
47 gss_buffer_desc real_input_token, real_output_token;
48 gss_buffer_t input_token = &real_input_token,
49 output_token = &real_output_token;
50 gss_name_t server_name;
51 int conf_flag;
52
53 print_gss_name("User is", client_name);
54
55 maj_stat = gss_inquire_context(&min_stat,
56 context_hdl,
57 NULL,
58 &server_name,
59 NULL,
60 NULL,
61 NULL,
62 NULL,
63 NULL);
64 if (GSS_ERROR(maj_stat))
65 gss_err (1, min_stat, "gss_inquire_context");
66
67 print_gss_name("Server is", server_name);
68
69 maj_stat = gss_release_name(&min_stat, &server_name);
70 if (GSS_ERROR(maj_stat))
71 gss_err (1, min_stat, "gss_release_name");
72
73 /* gss_verify_mic */
74
75 read_token (sock, input_token);
76 read_token (sock, output_token);
77
78 maj_stat = gss_verify_mic (&min_stat,
79 context_hdl,
80 input_token,
81 output_token,
82 NULL);
83 if (GSS_ERROR(maj_stat))
84 gss_err (1, min_stat, "gss_verify_mic");
85
86 fprintf (stderr, "gss_verify_mic: %.*s\n", (int)input_token->length,
87 (char *)input_token->value);
88
89 gss_release_buffer (&min_stat, input_token);
90 gss_release_buffer (&min_stat, output_token);
91
92 /* gss_unwrap */
93
94 read_token (sock, input_token);
95
96 maj_stat = gss_unwrap (&min_stat,
97 context_hdl,
98 input_token,
99 output_token,
100 &conf_flag,
101 NULL);
102 if(GSS_ERROR(maj_stat))
103 gss_err (1, min_stat, "gss_unwrap");
104
105 fprintf (stderr, "gss_unwrap: %.*s %s\n", (int)output_token->length,
106 (char *)output_token->value,
107 conf_flag ? "CONF" : "INT");
108
109 gss_release_buffer (&min_stat, input_token);
110 gss_release_buffer (&min_stat, output_token);
111
112 read_token (sock, input_token);
113
114 maj_stat = gss_unwrap (&min_stat,
115 context_hdl,
116 input_token,
117 output_token,
118 &conf_flag,
119 NULL);
120 if(GSS_ERROR(maj_stat))
121 gss_err (1, min_stat, "gss_unwrap");
122
123 fprintf (stderr, "gss_unwrap: %.*s %s\n", (int)output_token->length,
124 (char *)output_token->value,
125 conf_flag ? "CONF" : "INT");
126
127 gss_release_buffer (&min_stat, input_token);
128 gss_release_buffer (&min_stat, output_token);
129
130 return 0;
131 }
132
133 static int
134 proto (int sock, const char *service)
135 {
136 struct sockaddr_in remote, local;
137 socklen_t addrlen;
138 gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
139 gss_buffer_desc real_input_token, real_output_token;
140 gss_buffer_t input_token = &real_input_token,
141 output_token = &real_output_token;
142 OM_uint32 maj_stat, min_stat;
143 gss_name_t client_name;
144 struct gss_channel_bindings_struct input_chan_bindings;
145 gss_cred_id_t delegated_cred_handle = NULL;
146 krb5_ccache ccache;
147 u_char init_buf[4];
148 u_char acct_buf[4];
149 gss_OID mech_oid;
150 char *mech, *p;
151
152 addrlen = sizeof(local);
153 if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
154 || addrlen != sizeof(local))
155 err (1, "getsockname)");
156
157 addrlen = sizeof(remote);
158 if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
159 || addrlen != sizeof(remote))
160 err (1, "getpeername");
161
162 input_chan_bindings.initiator_addrtype = GSS_C_AF_INET;
163 input_chan_bindings.initiator_address.length = 4;
164 init_buf[0] = (remote.sin_addr.s_addr >> 24) & 0xFF;
165 init_buf[1] = (remote.sin_addr.s_addr >> 16) & 0xFF;
166 init_buf[2] = (remote.sin_addr.s_addr >> 8) & 0xFF;
167 init_buf[3] = (remote.sin_addr.s_addr >> 0) & 0xFF;
168
169 input_chan_bindings.initiator_address.value = init_buf;
170 input_chan_bindings.acceptor_addrtype = GSS_C_AF_INET;
171
172 input_chan_bindings.acceptor_address.length = 4;
173 acct_buf[0] = (local.sin_addr.s_addr >> 24) & 0xFF;
174 acct_buf[1] = (local.sin_addr.s_addr >> 16) & 0xFF;
175 acct_buf[2] = (local.sin_addr.s_addr >> 8) & 0xFF;
176 acct_buf[3] = (local.sin_addr.s_addr >> 0) & 0xFF;
177 input_chan_bindings.acceptor_address.value = acct_buf;
178 input_chan_bindings.application_data.value = emalloc(4);
179 #if 0
180 * (unsigned short *)input_chan_bindings.application_data.value =
181 remote.sin_port;
182 * ((unsigned short *)input_chan_bindings.application_data.value + 1) =
183 local.sin_port;
184 input_chan_bindings.application_data.length = 4;
185 #else
186 input_chan_bindings.application_data.length = 0;
187 input_chan_bindings.application_data.value = NULL;
188 #endif
189
190 delegated_cred_handle = GSS_C_NO_CREDENTIAL;
191
192 do {
193 read_token (sock, input_token);
194 maj_stat =
195 gss_accept_sec_context (&min_stat,
196 &context_hdl,
197 GSS_C_NO_CREDENTIAL,
198 input_token,
199 &input_chan_bindings,
200 &client_name,
201 &mech_oid,
202 output_token,
203 NULL,
204 NULL,
205 &delegated_cred_handle);
206 if(GSS_ERROR(maj_stat))
207 gss_err (1, min_stat, "gss_accept_sec_context");
208 if (output_token->length != 0)
209 write_token (sock, output_token);
210 if (GSS_ERROR(maj_stat)) {
211 if (context_hdl != GSS_C_NO_CONTEXT)
212 gss_delete_sec_context (&min_stat,
213 &context_hdl,
214 GSS_C_NO_BUFFER);
215 break;
216 }
217 } while(maj_stat & GSS_S_CONTINUE_NEEDED);
218
219 p = (char *)mech_oid->elements;
220 if (mech_oid->length == GSS_KRB5_MECHANISM->length
221 && memcmp(p, GSS_KRB5_MECHANISM->elements, mech_oid->length) == 0)
222 mech = "Kerberos 5";
223 else if (mech_oid->length == GSS_SPNEGO_MECHANISM->length
224 && memcmp(p, GSS_SPNEGO_MECHANISM->elements, mech_oid->length) == 0)
225 mech = "SPNEGO"; /* XXX Silly, wont show up */
226 else
227 mech = "Unknown";
228
229 printf("Using mech: %s\n", mech);
230
231 if (delegated_cred_handle != GSS_C_NO_CREDENTIAL) {
232 krb5_context context;
233
234 printf("Delegated cred found\n");
235
236 maj_stat = krb5_init_context(&context);
237 maj_stat = krb5_cc_resolve(context, "FILE:/tmp/krb5cc_test", &ccache);
238 maj_stat = gss_krb5_copy_ccache(&min_stat,
239 delegated_cred_handle,
240 ccache);
241 if (maj_stat == 0) {
242 krb5_principal p;
243 maj_stat = krb5_cc_get_principal(context, ccache, &p);
244 if (maj_stat == 0) {
245 char *name;
246 maj_stat = krb5_unparse_name(context, p, &name);
247 if (maj_stat == 0) {
248 printf("Delegated user is: `%s'\n", name);
249 free(name);
250 }
251 krb5_free_principal(context, p);
252 }
253 }
254 krb5_cc_close(context, ccache);
255 gss_release_cred(&min_stat, &delegated_cred_handle);
256 }
257
258 if (fork_flag) {
259 pid_t pid;
260 int pipefd[2];
261
262 if (pipe (pipefd) < 0)
263 err (1, "pipe");
264
265 pid = fork ();
266 if (pid < 0)
267 err (1, "fork");
268 if (pid != 0) {
269 gss_buffer_desc buf;
270
271 maj_stat = gss_export_sec_context (&min_stat,
272 &context_hdl,
273 &buf);
274 if (GSS_ERROR(maj_stat))
275 gss_err (1, min_stat, "gss_export_sec_context");
276 write_token (pipefd[1], &buf);
277 exit (0);
278 } else {
279 gss_ctx_id_t context_hdl;
280 gss_buffer_desc buf;
281
282 close (pipefd[1]);
283 read_token (pipefd[0], &buf);
284 close (pipefd[0]);
285 maj_stat = gss_import_sec_context (&min_stat, &buf, &context_hdl);
286 if (GSS_ERROR(maj_stat))
287 gss_err (1, min_stat, "gss_import_sec_context");
288 gss_release_buffer (&min_stat, &buf);
289 return process_it (sock, context_hdl, client_name);
290 }
291 } else {
292 return process_it (sock, context_hdl, client_name);
293 }
294 }
295
296 static int
297 doit (int port, const char *service)
298 {
299 int sock, sock2;
300 struct sockaddr_in my_addr;
301 int one = 1;
302
303 sock = socket (AF_INET, SOCK_STREAM, 0);
304 if (sock < 0)
305 err (1, "socket");
306
307 memset (&my_addr, 0, sizeof(my_addr));
308 my_addr.sin_family = AF_INET;
309 my_addr.sin_port = port;
310 my_addr.sin_addr.s_addr = INADDR_ANY;
311
312 if (setsockopt (sock, SOL_SOCKET, SO_REUSEADDR,
313 (void *)&one, sizeof(one)) < 0)
314 warn ("setsockopt SO_REUSEADDR");
315
316 if (bind (sock, (struct sockaddr *)&my_addr, sizeof(my_addr)) < 0)
317 err (1, "bind");
318
319 if (listen (sock, 1) < 0)
320 err (1, "listen");
321
322 sock2 = accept (sock, NULL, NULL);
323 if (sock2 < 0)
324 err (1, "accept");
325
326 return proto (sock2, service);
327 }
328
329 int
330 main(int argc, char **argv)
331 {
332 krb5_context context = NULL; /* XXX */
333 int port = server_setup(&context, argc, argv);
334 return doit (port, service);
335 }
NetBSD on the FriendlyARM MINI2440