Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/heimdal/appl/test/gssapi_server.c
34870 views
1
/*

2
 * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan

3
 * (Royal Institute of Technology, Stockholm, Sweden).

4
 * All rights reserved.

5
 *

6
 * Redistribution and use in source and binary forms, with or without

7
 * modification, are permitted provided that the following conditions

8
 * are met:

9
 *

10
 * 1. Redistributions of source code must retain the above copyright

11
 *    notice, this list of conditions and the following disclaimer.

12
 *

13
 * 2. Redistributions in binary form must reproduce the above copyright

14
 *    notice, this list of conditions and the following disclaimer in the

15
 *    documentation and/or other materials provided with the distribution.

16
 *

17
 * 3. Neither the name of the Institute nor the names of its contributors

18
 *    may be used to endorse or promote products derived from this software

19
 *    without specific prior written permission.

20
 *

21
 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND

22
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

23
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

24
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE

25
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

26
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

27
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

28
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

29
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

30
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

31
 * SUCH DAMAGE.

32
 */

33


34
#include "test_locl.h"

35
#include <gssapi/gssapi.h>

36
#include <gssapi/gssapi_krb5.h>

37
#include <gssapi/gssapi_spnego.h>

38
#include "gss_common.h"

39
RCSID("$Id$");

40


41
static int

42
process_it(int sock,

43
	   gss_ctx_id_t context_hdl,

44
	   gss_name_t client_name

45
	   )

46
{

47
    OM_uint32 maj_stat, min_stat;

48
    gss_buffer_desc real_input_token, real_output_token;

49
    gss_buffer_t input_token = &real_input_token,

50
	output_token = &real_output_token;

51
    gss_name_t server_name;

52
    int conf_flag;

53


54
    print_gss_name("User is", client_name);

55


56
    maj_stat = gss_inquire_context(&min_stat,

57
				   context_hdl,

58
				   NULL,

59
				   &server_name,

60
				   NULL,

61
				   NULL,

62
				   NULL,

63
				   NULL,

64
				   NULL);

65
    if (GSS_ERROR(maj_stat))

66
	gss_err (1, min_stat, "gss_inquire_context");

67


68
    print_gss_name("Server is", server_name);

69


70
    maj_stat = gss_release_name(&min_stat, &server_name);

71
    if (GSS_ERROR(maj_stat))

72
	gss_err (1, min_stat, "gss_release_name");

73


74
    /* gss_verify_mic */

75


76
    read_token (sock, input_token);

77
    read_token (sock, output_token);

78


79
    maj_stat = gss_verify_mic (&min_stat,

80
			       context_hdl,

81
			       input_token,

82
			       output_token,

83
			       NULL);

84
    if (GSS_ERROR(maj_stat))

85
	gss_err (1, min_stat, "gss_verify_mic");

86


87
    fprintf (stderr, "gss_verify_mic: %.*s\n", (int)input_token->length,

88
	    (char *)input_token->value);

89


90
    gss_release_buffer (&min_stat, input_token);

91
    gss_release_buffer (&min_stat, output_token);

92


93
    /* gss_unwrap */

94


95
    read_token (sock, input_token);

96


97
    maj_stat = gss_unwrap (&min_stat,

98
			   context_hdl,

99
			   input_token,

100
			   output_token,

101
			   &conf_flag,

102
			   NULL);

103
    if(GSS_ERROR(maj_stat))

104
	gss_err (1, min_stat, "gss_unwrap");

105


106
    fprintf (stderr, "gss_unwrap: %.*s %s\n", (int)output_token->length,

107
	    (char *)output_token->value,

108
	     conf_flag ? "CONF" : "INT");

109


110
    gss_release_buffer (&min_stat, input_token);

111
    gss_release_buffer (&min_stat, output_token);

112


113
    read_token (sock, input_token);

114


115
    maj_stat = gss_unwrap (&min_stat,

116
			   context_hdl,

117
			   input_token,

118
			   output_token,

119
			   &conf_flag,

120
			   NULL);

121
    if(GSS_ERROR(maj_stat))

122
	gss_err (1, min_stat, "gss_unwrap");

123


124
    fprintf (stderr, "gss_unwrap: %.*s %s\n", (int)output_token->length,

125
	     (char *)output_token->value,

126
	     conf_flag ? "CONF" : "INT");

127


128
    gss_release_buffer (&min_stat, input_token);

129
    gss_release_buffer (&min_stat, output_token);

130


131
    return 0;

132
}

133


134
static int

135
proto (int sock, const char *service)

136
{

137
    struct sockaddr_in remote, local;

138
    socklen_t addrlen;

139
    gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;

140
    gss_buffer_desc real_input_token, real_output_token;

141
    gss_buffer_t input_token = &real_input_token,

142
	output_token = &real_output_token;

143
    OM_uint32 maj_stat, min_stat;

144
    gss_name_t client_name;

145
    struct gss_channel_bindings_struct input_chan_bindings;

146
    gss_cred_id_t delegated_cred_handle = NULL;

147
    krb5_ccache ccache;

148
    u_char init_buf[4];

149
    u_char acct_buf[4];

150
    gss_OID mech_oid;

151
    char *mech, *p;

152


153
    addrlen = sizeof(local);

154
    if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0

155
	|| addrlen != sizeof(local))

156
	err (1, "getsockname)");

157


158
    addrlen = sizeof(remote);

159
    if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0

160
	|| addrlen != sizeof(remote))

161
	err (1, "getpeername");

162


163
    input_chan_bindings.initiator_addrtype = GSS_C_AF_INET;

164
    input_chan_bindings.initiator_address.length = 4;

165
    init_buf[0] = (remote.sin_addr.s_addr >> 24) & 0xFF;

166
    init_buf[1] = (remote.sin_addr.s_addr >> 16) & 0xFF;

167
    init_buf[2] = (remote.sin_addr.s_addr >>  8) & 0xFF;

168
    init_buf[3] = (remote.sin_addr.s_addr >>  0) & 0xFF;

169


170
    input_chan_bindings.initiator_address.value = init_buf;

171
    input_chan_bindings.acceptor_addrtype = GSS_C_AF_INET;

172


173
    input_chan_bindings.acceptor_address.length = 4;

174
    acct_buf[0] = (local.sin_addr.s_addr >> 24) & 0xFF;

175
    acct_buf[1] = (local.sin_addr.s_addr >> 16) & 0xFF;

176
    acct_buf[2] = (local.sin_addr.s_addr >>  8) & 0xFF;

177
    acct_buf[3] = (local.sin_addr.s_addr >>  0) & 0xFF;

178
    input_chan_bindings.acceptor_address.value = acct_buf;

179
    input_chan_bindings.application_data.value = emalloc(4);

180
#if 0

181
    * (unsigned short *)input_chan_bindings.application_data.value =

182
                          remote.sin_port;

183
    * ((unsigned short *)input_chan_bindings.application_data.value + 1) =

184
                          local.sin_port;

185
    input_chan_bindings.application_data.length = 4;

186
#else

187
    input_chan_bindings.application_data.length = 0;

188
    input_chan_bindings.application_data.value = NULL;

189
#endif

190


191
    delegated_cred_handle = GSS_C_NO_CREDENTIAL;

192


193
    do {

194
	read_token (sock, input_token);

195
	maj_stat =

196
	    gss_accept_sec_context (&min_stat,

197
				    &context_hdl,

198
				    GSS_C_NO_CREDENTIAL,

199
				    input_token,

200
				    &input_chan_bindings,

201
				    &client_name,

202
				    &mech_oid,

203
				    output_token,

204
				    NULL,

205
				    NULL,

206
				    &delegated_cred_handle);

207
	if(GSS_ERROR(maj_stat))

208
	    gss_err (1, min_stat, "gss_accept_sec_context");

209
	if (output_token->length != 0)

210
	    write_token (sock, output_token);

211
	if (GSS_ERROR(maj_stat)) {

212
	    if (context_hdl != GSS_C_NO_CONTEXT)

213
		gss_delete_sec_context (&min_stat,

214
					&context_hdl,

215
					GSS_C_NO_BUFFER);

216
	    break;

217
	}

218
    } while(maj_stat & GSS_S_CONTINUE_NEEDED);

219


220
    p = (char *)mech_oid->elements;

221
    if (mech_oid->length == GSS_KRB5_MECHANISM->length

222
	&& memcmp(p, GSS_KRB5_MECHANISM->elements, mech_oid->length) == 0)

223
	mech = "Kerberos 5";

224
    else if (mech_oid->length == GSS_SPNEGO_MECHANISM->length

225
	&& memcmp(p, GSS_SPNEGO_MECHANISM->elements, mech_oid->length) == 0)

226
	mech = "SPNEGO"; /* XXX Silly, wont show up */

227
    else

228
	mech = "Unknown";

229


230
    printf("Using mech: %s\n", mech);

231


232
    if (delegated_cred_handle != GSS_C_NO_CREDENTIAL) {

233
       krb5_context context;

234


235
       printf("Delegated cred found\n");

236


237
       maj_stat = krb5_init_context(&context);

238
       maj_stat = krb5_cc_resolve(context, "FILE:/tmp/krb5cc_test", &ccache);

239
       maj_stat = gss_krb5_copy_ccache(&min_stat,

240
				       delegated_cred_handle,

241
				       ccache);

242
       if (maj_stat == 0) {

243
	   krb5_principal p;

244
	   maj_stat = krb5_cc_get_principal(context, ccache, &p);

245
	   if (maj_stat == 0) {

246
	       char *name;

247
	       maj_stat = krb5_unparse_name(context, p, &name);

248
	       if (maj_stat == 0) {

249
		   printf("Delegated user is: `%s'\n", name);

250
		   free(name);

251
	       }

252
	       krb5_free_principal(context, p);

253
	   }

254
       }

255
       krb5_cc_close(context, ccache);

256
       gss_release_cred(&min_stat, &delegated_cred_handle);

257
    }

258


259
    if (fork_flag) {

260
	pid_t pid;

261
	int pipefd[2];

262


263
	if (pipe (pipefd) < 0)

264
	    err (1, "pipe");

265


266
	pid = fork ();

267
	if (pid < 0)

268
	    err (1, "fork");

269
	if (pid != 0) {

270
	    gss_buffer_desc buf;

271


272
	    maj_stat = gss_export_sec_context (&min_stat,

273
					       &context_hdl,

274
					       &buf);

275
	    if (GSS_ERROR(maj_stat))

276
		gss_err (1, min_stat, "gss_export_sec_context");

277
	    write_token (pipefd[1], &buf);

278
	    exit (0);

279
	} else {

280
	    gss_ctx_id_t context_hdl;

281
	    gss_buffer_desc buf;

282


283
	    close (pipefd[1]);

284
	    read_token (pipefd[0], &buf);

285
	    close (pipefd[0]);

286
	    maj_stat = gss_import_sec_context (&min_stat, &buf, &context_hdl);

287
	    if (GSS_ERROR(maj_stat))

288
		gss_err (1, min_stat, "gss_import_sec_context");

289
	    gss_release_buffer (&min_stat, &buf);

290
	    return process_it (sock, context_hdl, client_name);

291
	}

292
    } else {

293
	return process_it (sock, context_hdl, client_name);

294
    }

295
}

296


297
static int

298
doit (int port, const char *service)

299
{

300
    int sock, sock2;

301
    struct sockaddr_in my_addr;

302
    int one = 1;

303
    int ret;

304


305
    sock = socket (AF_INET, SOCK_STREAM, 0);

306
    if (sock < 0)

307
	err (1, "socket");

308


309
    memset (&my_addr, 0, sizeof(my_addr));

310
    my_addr.sin_family      = AF_INET;

311
    my_addr.sin_port        = port;

312
    my_addr.sin_addr.s_addr = INADDR_ANY;

313


314
    if (setsockopt (sock, SOL_SOCKET, SO_REUSEADDR,

315
		    (void *)&one, sizeof(one)) < 0)

316
	warn ("setsockopt SO_REUSEADDR");

317


318
    if (bind (sock, (struct sockaddr *)&my_addr, sizeof(my_addr)) < 0)

319
	err (1, "bind");

320


321
    while (1) {

322
        if (listen (sock, 1) < 0)

323
	    err (1, "listen");

324


325
        sock2 = accept (sock, NULL, NULL);

326
        if (sock2 < 0)

327
	    err (1, "accept");

328


329
        ret = proto (sock2, service);

330
    }

331
    return ret;

332
}

333


334
int

335
main(int argc, char **argv)

336
{

337
    krb5_context context = NULL; /* XXX */

338
    int port = server_setup(&context, argc, argv);

339
    return doit (port, service);

340
}

341


342


343