diff options
Diffstat (limited to 'src/appl/gss-sample/gss-server.c')
| -rw-r--r-- | src/appl/gss-sample/gss-server.c | 307 |
1 files changed, 165 insertions, 142 deletions
diff --git a/src/appl/gss-sample/gss-server.c b/src/appl/gss-sample/gss-server.c index b3229f1..e5adc61 100644 --- a/src/appl/gss-sample/gss-server.c +++ b/src/appl/gss-sample/gss-server.c @@ -19,6 +19,29 @@ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR * PERFORMANCE OF THIS SOFTWARE. */ +/* + * Copyright (C) 2004 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ #include <stdio.h> #ifdef _WIN32 @@ -388,147 +411,147 @@ static int sign_server(s, server_creds, export) gss_cred_id_t server_creds; int export; { - gss_buffer_desc client_name, xmit_buf, msg_buf; - gss_ctx_id_t context; - OM_uint32 maj_stat, min_stat; - int i, conf_state, ret_flags; - char *cp; - int token_flags; - - /* Establish a context with the client */ - if (server_establish_context(s, server_creds, &context, - &client_name, &ret_flags) < 0) - return(-1); - - if (context == GSS_C_NO_CONTEXT) { - printf("Accepted unauthenticated connection.\n"); - } - else { - printf("Accepted connection: \"%.*s\"\n", - (int) client_name.length, (char *) client_name.value); - (void) gss_release_buffer(&min_stat, &client_name); - - if (export) { - for (i=0; i < 3; i++) - if (test_import_export_context(&context)) - return -1; - } - } - - do { - /* Receive the message token */ - if (recv_token(s, &token_flags, &xmit_buf) < 0) - return(-1); - - if (token_flags & TOKEN_NOOP) { - if (log) - fprintf(log, "NOOP token\n"); - if(xmit_buf.value) { - free(xmit_buf.value); - xmit_buf.value = 0; - } - break; - } - - if (verbose && log) { - fprintf(log, "Message token (flags=%d):\n", token_flags); - print_token(&xmit_buf); - } - - if ((context == GSS_C_NO_CONTEXT) && - (token_flags & (TOKEN_WRAPPED|TOKEN_ENCRYPTED|TOKEN_SEND_MIC))) { - if (log) - fprintf(log, - "Unauthenticated client requested authenticated services!\n"); - if(xmit_buf.value) { - free (xmit_buf.value); - xmit_buf.value = 0; - } - return(-1); - } - - if (token_flags & TOKEN_WRAPPED) { - maj_stat = gss_unwrap(&min_stat, context, &xmit_buf, &msg_buf, - &conf_state, (gss_qop_t *) NULL); - if (maj_stat != GSS_S_COMPLETE) { - display_status("unsealing message", maj_stat, min_stat); - if(xmit_buf.value) { - free (xmit_buf.value); - xmit_buf.value = 0; - } - return(-1); - } else if (! conf_state && (token_flags & TOKEN_ENCRYPTED)) { - fprintf(stderr, "Warning! Message not encrypted.\n"); - } - - if(xmit_buf.value) { - free (xmit_buf.value); - xmit_buf.value = 0; - } - } - else { - msg_buf = xmit_buf; - } - - if (log) { - fprintf(log, "Received message: "); - cp = msg_buf.value; - if ((isprint((int) cp[0]) || isspace((int) cp[0])) && - (isprint((int) cp[1]) || isspace((int) cp[1]))) { - fprintf(log, "\"%.*s\"\n", (int) msg_buf.length, - (char *) msg_buf.value); - } else { - fprintf(log, "\n"); - print_token(&msg_buf); - } - } - - if (token_flags & TOKEN_SEND_MIC) { - /* Produce a signature block for the message */ - maj_stat = gss_get_mic(&min_stat, context, GSS_C_QOP_DEFAULT, - &msg_buf, &xmit_buf); - if (maj_stat != GSS_S_COMPLETE) { - display_status("signing message", maj_stat, min_stat); - return(-1); - } - - if(msg_buf.value) { - free (msg_buf.value); - msg_buf.value = 0; - } - - /* Send the signature block to the client */ - if (send_token(s, TOKEN_MIC, &xmit_buf) < 0) - return(-1); - - if(xmit_buf.value) { - free (xmit_buf.value); - xmit_buf.value = 0; - } - } - else { - if(msg_buf.value) { - free (msg_buf.value); - msg_buf.value = 0; - } - if (send_token(s, TOKEN_NOOP, empty_token) < 0) - return(-1); - } - } while (1 /* loop will break if NOOP received */); - - if (context != GSS_C_NO_CONTEXT) { - /* Delete context */ - maj_stat = gss_delete_sec_context(&min_stat, &context, NULL); - if (maj_stat != GSS_S_COMPLETE) { - display_status("deleting context", maj_stat, min_stat); - return(-1); - } - } - - if (log) - fflush(log); - - return(0); + gss_buffer_desc client_name, xmit_buf, msg_buf; + gss_ctx_id_t context; + OM_uint32 maj_stat, min_stat; + int i, conf_state, ret_flags; + char *cp; + int token_flags; + + /* Establish a context with the client */ + if (server_establish_context(s, server_creds, &context, + &client_name, &ret_flags) < 0) + return(-1); + + if (context == GSS_C_NO_CONTEXT) { + printf("Accepted unauthenticated connection.\n"); + } + else { + printf("Accepted connection: \"%.*s\"\n", + (int) client_name.length, (char *) client_name.value); + (void) gss_release_buffer(&min_stat, &client_name); + + if (export) { + for (i=0; i < 3; i++) + if (test_import_export_context(&context)) + return -1; + } + } + + do { + /* Receive the message token */ + if (recv_token(s, &token_flags, &xmit_buf) < 0) + return(-1); + + if (token_flags & TOKEN_NOOP) { + if (log) + fprintf(log, "NOOP token\n"); + if(xmit_buf.value) { + free(xmit_buf.value); + xmit_buf.value = 0; + } + break; + } + + if (verbose && log) { + fprintf(log, "Message token (flags=%d):\n", token_flags); + print_token(&xmit_buf); + } + + if ((context == GSS_C_NO_CONTEXT) && + ( token_flags & (TOKEN_WRAPPED|TOKEN_ENCRYPTED|TOKEN_SEND_MIC))) { + if (log) + fprintf(log, + "Unauthenticated client requested authenticated services!\n"); + if(xmit_buf.value) { + free (xmit_buf.value); + xmit_buf.value = 0; + } + return(-1); + } + + if (token_flags & TOKEN_WRAPPED) { + maj_stat = gss_unwrap(&min_stat, context, &xmit_buf, &msg_buf, + &conf_state, (gss_qop_t *) NULL); + if (maj_stat != GSS_S_COMPLETE) { + display_status("unsealing message", maj_stat, min_stat); + if(xmit_buf.value) { + free (xmit_buf.value); + xmit_buf.value = 0; + } + return(-1); + } else if (! conf_state && (token_flags & TOKEN_ENCRYPTED)) { + fprintf(stderr, "Warning! Message not encrypted.\n"); + } + + if(xmit_buf.value) { + free (xmit_buf.value); + xmit_buf.value = 0; + } + } + else { + msg_buf = xmit_buf; + } + + if (log) { + fprintf(log, "Received message: "); + cp = msg_buf.value; + if ((isprint((int) cp[0]) || isspace((int) cp[0])) && + (isprint((int) cp[1]) || isspace((int) cp[1]))) { + fprintf(log, "\"%.*s\"\n", (int) msg_buf.length, + (char *) msg_buf.value); + } else { + fprintf(log, "\n"); + print_token(&msg_buf); + } + } + + if (token_flags & TOKEN_SEND_MIC) { + /* Produce a signature block for the message */ + maj_stat = gss_get_mic(&min_stat, context, GSS_C_QOP_DEFAULT, + &msg_buf, &xmit_buf); + if (maj_stat != GSS_S_COMPLETE) { + display_status("signing message", maj_stat, min_stat); + return(-1); + } + + if(msg_buf.value) { + free (msg_buf.value); + msg_buf.value = 0; + } + + /* Send the signature block to the client */ + if (send_token(s, TOKEN_MIC, &xmit_buf) < 0) + return(-1); + + if(xmit_buf.value) { + free (xmit_buf.value); + xmit_buf.value = 0; + } + } + else { + if(msg_buf.value) { + free (msg_buf.value); + msg_buf.value = 0; + } + if (send_token(s, TOKEN_NOOP, empty_token) < 0) + return(-1); + } + } while (1 /* loop will break if NOOP received */); + + if (context != GSS_C_NO_CONTEXT) { + /* Delete context */ + maj_stat = gss_delete_sec_context(&min_stat, &context, NULL); + if (maj_stat != GSS_S_COMPLETE) { + display_status("deleting context", maj_stat, min_stat); + return(-1); + } + } + + if (log) + fflush(log); + + return(0); } int @@ -612,7 +635,7 @@ main(argc, argv) } /* this return value is not checked, because there's not really anything to do if it fails */ - sign_server(s, server_creds); + sign_server(s, server_creds, export); close(s); } while (!once); |