1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
|
/*
* $Source$
* $Author$
*
* Copyright 1990 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* For copying and distribution information, please see the file
* <krb5/copyright.h>.
*
* Sample Kerberos v5 server.
*
* sample_server:
* A sample Kerberos server, which reads an AP_REQ from a TCP socket,
* decodes it, and writes back the results (in ASCII) to the client.
*
* Usage:
* sample_server servername
*
* file descriptor 0 (zero) should be a socket connected to the requesting
* client (this will be correct if this server is started by inetd).
*/
#if !defined(lint) && !defined(SABER)
static char rcsid_sserver_c [] =
"$Id$";
#endif /* !lint & !SABER */
#include <krb5/krb5.h>
#include <krb5/ext-proto.h>
#include <krb5/los-proto.h>
#include <ctype.h>
#include <com_err.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <syslog.h>
#include "sample.h"
extern krb5_deltat krb5_clockskew;
void
main(argc, argv)
int argc;
char *argv[];
{
struct sockaddr_in peername;
krb5_address peeraddr;
int namelen = sizeof(peername);
krb5_data recv_data;
short xmitlen;
krb5_error_code retval;
krb5_tkt_authent *authdat;
krb5_principal server;
char repbuf[BUFSIZ];
char *cname;
krb5_init_ets();
/* open a log connection */
openlog("sserver", 0, LOG_DAEMON);
if (argc < 2) {
syslog(LOG_ERR, "needs server argument");
exit(1);
}
if (retval = krb5_parse_name(argv[1], &server)) {
syslog(LOG_ERR, "parse server name %s: %s", argv[1],
error_message(retval));
exit(1);
}
#ifdef DEBUG
{
int sock, acc;
struct sockaddr_in sin;
if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
syslog(LOG_ERR, "socket: %m");
exit(3);
}
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = 0;
sin.sin_port = htons(5555);
if (bind(sock, &sin, sizeof(sin))) {
syslog(LOG_ERR, "bind: %m");
exit(3);
}
if (listen(sock, 1) == -1) {
syslog(LOG_ERR, "listen: %m");
exit(3);
}
if ((acc = accept(sock, (struct sockaddr *)&peername, &namelen)) == -1) {
syslog(LOG_ERR, "accept: %m");
exit(3);
}
dup2(acc, 0);
close(sock);
}
#else
/*
* To verify authenticity, we need to know the address of the
* client.
*/
if (getpeername(0, (struct sockaddr *)&peername, &namelen) < 0) {
syslog(LOG_ERR, "getpeername: %m");
exit(1);
}
#endif
peeraddr.addrtype = peername.sin_family;
peeraddr.length = sizeof(peername.sin_addr);
if (!(peeraddr.contents = (krb5_octet *)malloc(peeraddr.length))) {
syslog(LOG_ERR, "no memory allocating addr");
exit(1);
}
memcpy((char *)peeraddr.contents, (char *)&peername.sin_addr,
peeraddr.length);
if ((retval = krb5_net_read(0, (char *)&xmitlen, sizeof(xmitlen))) <= 0) {
if (retval == 0)
errno = ECONNRESET; /* XXX */
syslog(LOG_ERR, "read size: %m");
exit(1);
}
recv_data.length = ntohs(xmitlen);
if (!(recv_data.data = (char *) malloc(recv_data.length))) {
syslog(LOG_ERR, "no memory allocating packet");
exit(1);
}
if ((retval = krb5_net_read(0, (char *)recv_data.data,
recv_data.length)) <= 0) {
if (retval == 0)
errno = ECONNRESET; /* XXX */
syslog(LOG_ERR, "read contents: %m");
exit(1);
}
if (retval = krb5_rd_req_simple(&recv_data, server, &peeraddr, &authdat)) {
syslog(LOG_ERR, "rd_req failed: %s", error_message(retval));
sprintf(repbuf, "RD_REQ failed: %s\n", error_message(retval));
goto sendreply;
}
xfree(recv_data.data);
if (retval = krb5_unparse_name(authdat->ticket->enc_part2->client, &cname)) {
syslog(LOG_ERR, "unparse failed: %s", error_message(retval));
cname = "<unparse error>";
}
krb5_free_tkt_authent(authdat);
sprintf(repbuf, "You are %s\n", cname);
if (!retval)
free(cname);
sendreply:
xmitlen = htons(strlen(repbuf));
recv_data.length = strlen(repbuf);
recv_data.data = repbuf;
if ((retval = krb5_net_write(0, (char *)&xmitlen,
sizeof(xmitlen))) < 0) {
syslog(LOG_ERR, "%m: while writing len to client");
exit(1);
}
if ((retval = krb5_net_write(0, (char *)recv_data.data,
recv_data.length)) < 0) {
syslog(LOG_ERR, "%m: while writing data to client");
exit(1);
}
exit(0);
}
|
