2 * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * A sample server that uses the Kerberos V5 API.
37 * See "Introduction to the Kerberos 5 API" in the Doxygen documentation
38 * for a walkthrough of this code.
41 #include "test_locl.h"
44 /* The API needs one Kerberos context per thread. */
48 proto (int sock, const char *service)
50 krb5_auth_context auth_context;
51 krb5_error_code status;
52 krb5_principal server;
55 char hostname[MAXHOSTNAMELEN];
58 uint32_t len, net_len;
61 /* Initialize the authentication context, to be used to authenticate the peer. */
62 status = krb5_auth_con_init (context, &auth_context);
64 krb5_err (context, 1, status, "krb5_auth_con_init");
66 /* Extract the local and remote address from the socket into auth_context. */
67 status = krb5_auth_con_setaddrs_from_fd (context,
71 krb5_err (context, 1, status, "krb5_auth_con_setaddrs_from_fd");
73 if (gethostname (hostname, sizeof(hostname)) < 0)
74 krb5_err (context, 1, errno, "gethostname");
76 /* Create principal "server" for "service" on "hostname" (this host). */
77 status = krb5_sname_to_principal (context,
83 krb5_err (context, 1, status, "krb5_sname_to_principal");
86 * Perform the server side of the sendauth protocol. On success, "ticket"
87 * contains the authenticated credentials of the client.
89 status = krb5_recvauth (context,
98 krb5_err (context, 1, status, "krb5_recvauth");
100 /* Extract the client name as a string. */
101 status = krb5_unparse_name (context,
105 krb5_err (context, 1, status, "krb5_unparse_name");
107 fprintf (stderr, "User is `%s'\n", name);
110 krb5_data_zero (&data);
111 krb5_data_zero (&packet);
114 * Read the payload (encoded as length, value).
116 n = krb5_net_read (context, &sock, &net_len, 4);
118 krb5_errx (context, 1, "EOF in krb5_net_read");
120 krb5_err (context, 1, errno, "krb5_net_read");
122 len = ntohl(net_len);
124 krb5_data_alloc (&packet, len);
126 n = krb5_net_read (context, &sock, packet.data, len);
128 krb5_errx (context, 1, "EOF in krb5_net_read");
130 krb5_err (context, 1, errno, "krb5_net_read");
133 * Expect a KRB_SAFE message (authenticated, not encrypted)
135 status = krb5_rd_safe (context,
141 krb5_err (context, 1, status, "krb5_rd_safe");
143 fprintf (stderr, "safe packet: %.*s\n", (int)data.length,
147 * Read the payload (encoded as length, value).
149 n = krb5_net_read (context, &sock, &net_len, 4);
151 krb5_errx (context, 1, "EOF in krb5_net_read");
153 krb5_err (context, 1, errno, "krb5_net_read");
155 len = ntohl(net_len);
157 krb5_data_alloc (&packet, len);
159 n = krb5_net_read (context, &sock, packet.data, len);
161 krb5_errx (context, 1, "EOF in krb5_net_read");
163 krb5_err (context, 1, errno, "krb5_net_read");
166 * Expect a KRB_PRIV message (authenticated and encrypted)
168 status = krb5_rd_priv (context,
174 krb5_err (context, 1, status, "krb5_rd_priv");
176 fprintf (stderr, "priv packet: %.*s\n", (int)data.length,
183 doit (int port, const char *service)
185 /* Block waiting for a connection. */
186 mini_inetd (port, NULL);
188 return proto (STDIN_FILENO, service);
192 * Process only one connection and then exit.
195 main(int argc, char **argv)
197 int port = server_setup(&context, argc, argv);
200 ret = krb5_kt_have_content(context, keytab);
202 krb5_err (context, 1, ret, "krb5_kt_have_content");
204 return doit (port, service);