2 * Copyright (c) 2012, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
25 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
26 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
27 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
29 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
31 * OF THE POSSIBILITY OF SUCH DAMAGE.
33 * This code was adapted from the MIT Kerberos Consortium's
34 * GSS example code, which was distributed under the following
37 * Copyright 2004-2006 Massachusetts Institute of Technology.
38 * All Rights Reserved.
40 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
41 * distribute this software and its documentation for any purpose and
42 * without fee is hereby granted, provided that the above copyright
43 * notice appear in all copies and that both that copyright notice and
44 * this permission notice appear in supporting documentation, and that
45 * the name of M.I.T. not be used in advertising or publicity pertaining
46 * to distribution of the software without specific, written prior
47 * permission. Furthermore if you modify this software you must label
48 * your software as modified software and not distribute it in such a
49 * fashion that it might be confused with the original M.I.T. software.
50 * M.I.T. makes no representations about the suitability of
51 * this software for any purpose. It is provided "as is" without express
52 * or implied warranty.
58 static int cb_print_names(gss_name_t clientName,
59 gss_buffer_t displayName,
62 assert(clientName != NULL);
64 printf("Gss name: %-*s\n",
65 displayName->length, displayName->value);
70 /* --------------------------------------------------------------------------- */
72 static int SetupListeningSocket (int inPort,
78 if (!outFD) { err = EINVAL; }
81 fd = socket (AF_INET, SOCK_STREAM, 0);
82 if (fd < 0) { err = errno; }
86 struct sockaddr_storage addressStorage;
87 struct sockaddr_in *saddr = (struct sockaddr_in *) &addressStorage;
89 saddr->sin_port = htons (inPort);
90 // saddr->sin_len = sizeof (struct sockaddr_in);
91 saddr->sin_family = AF_INET;
92 saddr->sin_addr.s_addr = INADDR_ANY;
94 err = bind (fd, (struct sockaddr *) saddr, sizeof(struct sockaddr_in));
95 if (err < 0) { err = errno; }
100 if (err < 0) { err = errno; }
104 printf ("listening on port %d\n", inPort);
106 fd = -1; /* only close on error */
108 gsscon_print_error (err, "SetupListeningSocket failed");
111 if (fd >= 0) { close (fd); }
116 /* --------------------------------------------------------------------------- */
118 static void Usage (const char *argv[])
120 fprintf (stderr, "Usage: %s [--port portNumber] [--service serviceName]\n",
125 /* --------------------------------------------------------------------------- */
127 int main (int argc, const char *argv[])
130 OM_uint32 minorStatus;
131 int port = kDefaultPort;
134 gss_ctx_id_t gssContext = GSS_C_NO_CONTEXT;
136 gss_buffer_desc nameBuffer = {0, "trustidentity"};
138 for (i = 1; (i < argc) && !err; i++) {
139 if ((strcmp (argv[i], "--port") == 0) && (i < (argc - 1))) {
140 errno = 0; /* ensure this starts off at 0 */
141 tmp = strtol (argv[++i], NULL, 0);
144 else if ((tmp <= 0) || (tmp > 65535))
148 } else if ((strcmp(argv[i], "--service") == 0) && (i < (argc - 1))) {
149 gServiceName = argv[++i];
156 printf ("%s: Starting up...\n", argv[0]);
158 err = SetupListeningSocket (port, &listenFD);
162 int connectionErr = 0;
163 int connectionFD = -1;
165 int authorizationError = 0;
167 connectionFD = accept (listenFD, NULL, NULL);
169 if (connectionFD < 0) {
170 if (errno != EINTR) {
173 continue; /* Try again */
176 printf ("Accepting new connection...\n");
177 connectionErr = gsscon_passive_authenticate (connectionFD, nameBuffer, &gssContext,
178 cb_print_names, NULL);
180 if (!connectionErr) {
181 connectionErr = gsscon_authorize (gssContext,
183 &authorizationError);
186 if (!connectionErr) {
188 memset (buffer, 0, sizeof (buffer));
191 * Here is where your protocol would go. This sample server just
192 * writes a nul terminated string to the client telling whether
196 snprintf (buffer, sizeof (buffer), "SUCCESS!");
198 snprintf (buffer, sizeof(buffer), "FAILURE! %s (err = %d)",
199 error_message (authorizationError),
202 connectionErr = gsscon_write_encrypted_token (connectionFD, gssContext,
203 buffer, strlen (buffer) + 1);
207 gsscon_print_error (connectionErr, "Connection failed");
210 if (connectionFD >= 0) {
211 printf ("Closing connection.\n");
212 close (connectionFD);
220 gsscon_print_error (err, "Server failed");
224 if (listenFD >= 0) { close (listenFD); }
225 if (gssContext != GSS_C_NO_CONTEXT) {
226 gss_delete_sec_context (&minorStatus, &gssContext, GSS_C_NO_BUFFER); }