diff options
| author | Theodore Tso <tytso@mit.edu> | 1996-10-22 00:07:59 +0000 |
|---|---|---|
| committer | Theodore Tso <tytso@mit.edu> | 1996-10-22 00:07:59 +0000 |
| commit | cf99c29aaf0ee262cf70f4bf5c5d937467652aed (patch) | |
| tree | b19c8f53159caae97c24c22c15760ad4eb1a36d6 /src/appl/gss-sample/gss-server.c | |
| parent | 31f6033a9c59fd930c7eecd9008bbe1275299d06 (diff) | |
| download | krb5-cf99c29aaf0ee262cf70f4bf5c5d937467652aed.zip krb5-cf99c29aaf0ee262cf70f4bf5c5d937467652aed.tar.gz krb5-cf99c29aaf0ee262cf70f4bf5c5d937467652aed.tar.bz2 | |
gss-server.c: Re-added code to test import and export security
context. Yes, yes, I know this isn't the best place to have this
test, but DO NOT REMOVE THIS TEST UNTIL WE HAVE IT CODED ELSEWHERE.
Better slightly ugly sample server code than untested (and broken)
library code.... Add code to print out the mechanism OID used by
accept_sec_context.
gss-client.c: Add code to allow user to specify the mechanism
OID that gss-client should use.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9230 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/appl/gss-sample/gss-server.c')
| -rw-r--r-- | src/appl/gss-sample/gss-server.c | 85 |
1 files changed, 77 insertions, 8 deletions
diff --git a/src/appl/gss-sample/gss-server.c b/src/appl/gss-sample/gss-server.c index bd4e7fe..c2549e4 100644 --- a/src/appl/gss-sample/gss-server.c +++ b/src/appl/gss-sample/gss-server.c @@ -27,6 +27,7 @@ static char *rcsid = "$Header$"; #include <stdio.h> #include <sys/types.h> #include <sys/socket.h> +#include <sys/time.h> #include <netinet/in.h> #ifdef HAVE_UNISTD_H #include <unistd.h> @@ -43,7 +44,7 @@ static char *rcsid = "$Header$"; #include <strings.h> #endif -usage() +void usage() { fprintf(stderr, "Usage: gss-server [-port port] [-verbose]\n"); fprintf(stderr, " [-inetd] [-logfile file] [service_name]\n"); @@ -137,6 +138,7 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags) gss_name_t client; gss_OID doid; OM_uint32 maj_stat, min_stat; + gss_buffer_desc oid_name; *context = GSS_C_NO_CONTEXT; @@ -145,7 +147,7 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags) return -1; if (verbose && log) { - fprintf(log, "Received token: \n"); + fprintf(log, "Received token (size=%d): \n", recv_tok.length); print_token(&recv_tok); } @@ -173,7 +175,7 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags) if (send_tok.length != 0) { if (verbose && log) { fprintf(log, - "Sending accept_sec_context token (size=%d)...", + "Sending accept_sec_context token (size=%d):\n", send_tok.length); print_token(&send_tok); } @@ -184,11 +186,11 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags) (void) gss_release_buffer(&min_stat, &send_tok); } - if (log) { + if (verbose && log) { if (maj_stat == GSS_S_CONTINUE_NEEDED) - fprintf(log, "\n"); - else fprintf(log, "continue needed...\n"); + else + fprintf(log, "\n"); fflush(log); } } while (maj_stat == GSS_S_CONTINUE_NEEDED); @@ -196,6 +198,17 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags) /* display the flags */ display_ctx_flags(*ret_flags); + if (verbose && log) { + maj_stat = gss_oid_to_str(&min_stat, doid, &oid_name); + if (maj_stat != GSS_S_COMPLETE) { + display_status("converting oid->string", maj_stat, min_stat); + return -1; + } + fprintf(log, "Accepted connection using mechanism OID %.*s.\n", + (int) oid_name.length, (char *) oid_name.value); + (void) gss_release_buffer(&min_stat, &oid_name); + } + maj_stat = gss_display_name(&min_stat, client, client_name, &doid); if (maj_stat != GSS_S_COMPLETE) { display_status("displaying name", maj_stat, min_stat); @@ -255,6 +268,58 @@ int create_socket(port) return s; } +static float timeval_subtract(tv1, tv2) + struct timeval *tv1, *tv2; +{ + return ((tv1->tv_sec - tv2->tv_sec) + + ((float) (tv1->tv_usec - tv2->tv_usec)) / 1000000); +} + +/* + * Yes, yes, this isn't the best place for doing this test. + * DO NOT REMOVE THIS UNTIL A BETTER TEST HAS BEEN WRITTEN, THOUGH. + * -TYT + */ +int test_import_export_context(context) + gss_ctx_id_t *context; +{ + OM_uint32 min_stat, maj_stat; + gss_buffer_desc context_token, copied_token; + struct timeval tm1, tm2; + + /* + * Attempt to save and then restore the context. + */ + gettimeofday(&tm1, (struct timezone *)0); + maj_stat = gss_export_sec_context(&min_stat, context, &context_token); + if (maj_stat != GSS_S_COMPLETE) { + display_status("exporting context", maj_stat, min_stat); + return 1; + } + gettimeofday(&tm2, (struct timezone *)0); + if (verbose && log) + fprintf(log, "Exported context: %d bytes, %7.4f seconds\n", + context_token.length, timeval_subtract(&tm2, &tm1)); + copied_token.length = context_token.length; + copied_token.value = malloc(context_token.length); + if (copied_token.value == 0) { + fprintf(log, "Couldn't allocate memory to copy context token.\n"); + return 1; + } + memcpy(copied_token.value, context_token.value, copied_token.length); + maj_stat = gss_import_sec_context(&min_stat, &copied_token, context); + if (maj_stat != GSS_S_COMPLETE) { + display_status("importing context", maj_stat, min_stat); + return 1; + } + gettimeofday(&tm1, (struct timezone *)0); + if (verbose && log) + fprintf(log, "Importing context: %7.4f seconds\n", + timeval_subtract(&tm1, &tm2)); + (void) gss_release_buffer(&min_stat, &context_token); + return 0; +} + /* * Function: sign_server * @@ -296,9 +361,13 @@ int sign_server(s, server_creds) return(-1); printf("Accepted connection: \"%.*s\"\n", - client_name.length, client_name.value); + (int) client_name.length, (char *) client_name.value); (void) gss_release_buffer(&min_stat, &client_name); + for (i=0; i < 3; i++) + if (test_import_export_context(&context)) + return -1; + /* Receive the sealed message token */ if (recv_token(s, &xmit_buf) < 0) return(-1); @@ -416,7 +485,7 @@ main(argc, argv) } else { int stmp; - if (stmp = create_socket(port)) { + if ((stmp = create_socket(port))) { do { /* Accept a TCP connection */ if ((s = accept(stmp, NULL, 0)) < 0) { |