1 /* $FreeBSD: src/crypto/kerberosIV/appl/sample/sample_server.c,v 1.1.1.2.2.1 2000/07/20 14:04:34 assar Exp $ */
2 /* $DragonFly: src/crypto/kerberosIV/appl/sample/Attic/sample_server.c,v 1.2 2003/06/17 04:24:36 dillon Exp $ */
6 * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
8 * For copying and distribution information,
9 * please see the file <mit-copyright.h>.
12 * A sample Kerberos server, which reads a ticket from a TCP socket,
13 * decodes it, and writes back the results (in ASCII) to the client.
18 * file descriptor 0 (zero) should be a socket connected to the requesting
19 * client (this will be correct if this server is started by inetd).
24 RCSID("$Id: sample_server.c,v 1.14.2.1 2000/06/28 19:08:00 assar Exp $");
29 fprintf (stderr, "Usage: %s [-i] [-s service] [-t srvtab]\n",
35 main(int argc, char **argv)
37 struct sockaddr_in peername, myname;
38 int namelen = sizeof(peername);
39 int status, count, len;
43 des_key_schedule sched;
44 char instance[INST_SZ];
45 char service[ANAME_SZ];
46 char version[KRB_SENDAUTH_VLEN+1];
49 char srvtab[MaxPathLen];
53 /* open a log connection */
55 set_progname (argv[0]);
57 roken_openlog(__progname, LOG_ODELAY, LOG_DAEMON);
59 strlcpy (service, SAMPLE_SERVICE, sizeof(service));
62 while ((c = getopt (argc, argv, "s:t:i")) != -1)
65 strlcpy (service, optarg, sizeof(service));
68 strlcpy (srvtab, optarg, sizeof(srvtab));
79 mini_inetd (htons(SAMPLE_PORT));
82 * To verify authenticity, we need to know the address of the
85 if (getpeername(STDIN_FILENO,
86 (struct sockaddr *)&peername,
88 syslog(LOG_ERR, "getpeername: %m");
92 /* for mutual authentication, we need to know our address */
93 namelen = sizeof(myname);
94 if (getsockname(STDIN_FILENO, (struct sockaddr *)&myname, &namelen) < 0) {
95 syslog(LOG_ERR, "getsocknamename: %m");
99 /* read the authenticator and decode it. Using `k_getsockinst' we
100 * always get the right instance on a multi-homed host.
102 k_getsockinst (STDIN_FILENO, instance, sizeof(instance));
104 /* we want mutual authentication */
105 authopts = KOPT_DO_MUTUAL;
106 status = krb_recvauth(authopts, STDIN_FILENO, &clt_ticket,
107 service, instance, &peername, &myname,
110 if (status != KSUCCESS) {
111 snprintf(retbuf, sizeof(retbuf),
112 "Kerberos error: %s\n",
113 krb_get_err_text(status));
114 syslog(LOG_ERR, "%s", retbuf);
116 /* Check the version string (KRB_SENDAUTH_VLEN chars) */
117 if (strncmp(version, SAMPLE_VERSION, KRB_SENDAUTH_VLEN)) {
118 /* didn't match the expected version */
119 /* could do something different, but we just log an error
121 version[8] = '\0'; /* make sure null term */
122 syslog(LOG_ERR, "Version mismatch: '%s' isn't '%s'",
123 version, SAMPLE_VERSION);
125 /* now that we have decoded the authenticator, translate
126 the kerberos principal.instance@realm into a local name */
127 if (krb_kntoln(&auth_data, lname) != KSUCCESS)
129 "*No local name returned by krb_kntoln*",
131 /* compose the reply */
132 snprintf(retbuf, sizeof(retbuf),
133 "You are %s.%s@%s (local name %s),\n at address %s, version %s, cksum %ld\n",
138 inet_ntoa(peername.sin_addr),
140 (long)auth_data.checksum);
143 /* write back the response */
144 if ((count = write(0, retbuf, (len = strlen(retbuf) + 1))) < 0) {
145 syslog(LOG_ERR,"write: %m");
147 } else if (count != len) {
148 syslog(LOG_ERR, "write count incorrect: %d != %d\n",
153 /* close up and exit */