1  /*
  2   * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
  3   * (Royal Institute of Technology, Stockholm, Sweden).
  4   * All rights reserved.
  5   *
  6   * Redistribution and use in source and binary forms, with or without
  7   * modification, are permitted provided that the following conditions
  8   * are met:
  9   *
 10   * 1. Redistributions of source code must retain the above copyright
 11   *    notice, this list of conditions and the following disclaimer.
 12   *
 13   * 2. Redistributions in binary form must reproduce the above copyright
 14   *    notice, this list of conditions and the following disclaimer in the
 15   *    documentation and/or other materials provided with the distribution.
 16   *
 17   * 3. Neither the name of the Institute nor the names of its contributors
 18   *    may be used to endorse or promote products derived from this software
 19   *    without specific prior written permission.
 20   *
 21   * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
 22   * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 23   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 24   * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
 25   * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 26   * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 27   * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 28   * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 29   * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 30   * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 31   * SUCH DAMAGE.
 32   */
 33  
 34  #include "test_locl.h"
 35  #include <gssapi/gssapi.h>
 36  #include <gssapi/gssapi_krb5.h>
 37  #include <gssapi/gssapi_spnego.h>
 38  #include <krb5.h>
 39  #include "nt_gss_common.h"
 40  
 41  RCSID("$Id$");
 42  
 43  /*
 44   * This program tries to act as a server for the sample in `Sample
 45   * SSPI Code' in Windows 2000 RC1 SDK.
 46   *
 47   * use --dump-auth to get a binary dump of the authorization data in the ticket
 48   */
 49  
 50  static int help_flag;
 51  static int version_flag;
 52  static char *port_str;
 53  char *service = SERVICE;
 54  static char *auth_file;
 55  
 56  static struct getargs args[] = {
 57      { "port", 'p', arg_string, &port_str, "port to listen to", "port" },
 58      { "service", 's', arg_string, &service, "service to use", "service" },
 59      { "dump-auth", 0, arg_string, &auth_file, "dump authorization data",
 60        "file" },
 61      { "help", 'h', arg_flag, &help_flag },
 62      { "version", 0, arg_flag, &version_flag }
 63  };
 64  
 65  static int num_args = sizeof(args) / sizeof(args[0]);
 66  
 67  static int
 68  proto (int sock, const char *service)
 69  {
 70      struct sockaddr_in remote, local;
 71      socklen_t addrlen;
 72      gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
 73      gss_buffer_t input_token, output_token;
 74      gss_buffer_desc real_input_token, real_output_token;
 75      OM_uint32 maj_stat, min_stat;
 76      gss_name_t client_name;
 77      gss_buffer_desc name_token;
 78  
 79      addrlen = sizeof(local);
 80      if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
 81  	|| addrlen != sizeof(local))
 82  	err (1, "getsockname)");
 83  
 84      addrlen = sizeof(remote);
 85      if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
 86  	|| addrlen != sizeof(remote))
 87  	err (1, "getpeername");
 88  
 89      input_token = &real_input_token;
 90      output_token = &real_output_token;
 91  
 92      do {
 93  	nt_read_token (sock, input_token);
 94  	maj_stat =
 95  	    gss_accept_sec_context (&min_stat,
 96  				    &context_hdl,
 97  				    GSS_C_NO_CREDENTIAL,
 98  				    input_token,
 99  				    GSS_C_NO_CHANNEL_BINDINGS,
100  				    &client_name,
101  				    NULL,
102  				    output_token,
103  				    NULL,
104  				    NULL,
105  				    NULL);
106  	if(GSS_ERROR(maj_stat))
107  	    gss_err (1, min_stat, "gss_accept_sec_context");
108  	if (output_token->length != 0)
109  	    nt_write_token (sock, output_token);
110  	if (GSS_ERROR(maj_stat)) {
111  	    if (context_hdl != GSS_C_NO_CONTEXT)
112  		gss_delete_sec_context (&min_stat,
113  					&context_hdl,
114  					GSS_C_NO_BUFFER);
115  	    break;
116  	}
117      } while(maj_stat & GSS_S_CONTINUE_NEEDED);
118  
119      if (auth_file != NULL) {
120  	gss_buffer_desc data;
121  
122  	maj_stat = gsskrb5_extract_authz_data_from_sec_context(&min_stat,
123  							       context_hdl,
124  							       KRB5_AUTHDATA_WIN2K_PAC,
125  							       &data);
126  	if (maj_stat == GSS_S_COMPLETE) {
127  	    rk_dumpdata(auth_file, data.value, data.length);
128  	    gss_release_buffer(&min_stat, &data);
129  	}
130      }
131  
132      maj_stat = gss_display_name (&min_stat,
133  				 client_name,
134  				 &name_token,
135  				 NULL);
136      if (GSS_ERROR(maj_stat))
137  	gss_err (1, min_stat, "gss_display_name");
138  
139      fprintf (stderr, "User is `%.*s'\n", (int)name_token.length,
140  	    (char *)name_token.value);
141  
142      /* write something back */
143  
144      output_token->value  = strdup ("hejsan");
145      output_token->length = strlen (output_token->value) + 1;
146      nt_write_token (sock, output_token);
147  
148      output_token->value  = strdup ("hoppsan");
149      output_token->length = strlen (output_token->value) + 1;
150      nt_write_token (sock, output_token);
151  
152      return 0;
153  }
154  
155  static int
156  doit (int port, const char *service)
157  {
158      int sock, sock2;
159      struct sockaddr_in my_addr;
160      int one = 1;
161  
162      sock = socket (AF_INET, SOCK_STREAM, 0);
163      if (sock < 0)
164  	err (1, "socket");
165  
166      memset (&my_addr, 0, sizeof(my_addr));
167      my_addr.sin_family      = AF_INET;
168      my_addr.sin_port        = port;
169      my_addr.sin_addr.s_addr = INADDR_ANY;
170  
171      if (setsockopt (sock, SOL_SOCKET, SO_REUSEADDR,
172  		    (void *)&one, sizeof(one)) < 0)
173  	warn ("setsockopt SO_REUSEADDR");
174  
175      if (bind (sock, (struct sockaddr *)&my_addr, sizeof(my_addr)) < 0)
176  	err (1, "bind");
177  
178      if (listen (sock, 1) < 0)
179  	err (1, "listen");
180  
181      sock2 = accept (sock, NULL, NULL);
182      if (sock2 < 0)
183  	err (1, "accept");
184  
185      return proto (sock2, service);
186  }
187  
188  static void
189  usage(int code, struct getargs *args, int num_args)
190  {
191      arg_printusage(args, num_args, NULL, "");
192      exit(code);
193  }
194  
195  static int
196  common_setup(krb5_context *context, int *argc, char **argv,
197  	     void (*usage)(int, struct getargs*, int))
198  {
199      int port = 0;
200      *argc = krb5_program_setup(context, *argc, argv, args, num_args, usage);
201  
202      if(help_flag)
203  	(*usage)(0, args, num_args);
204      if(version_flag) {
205  	print_version(NULL);
206  	exit(0);
207      }
208  
209      if(port_str){
210  	struct servent *s = roken_getservbyname(port_str, "tcp");
211  	if(s)
212  	    port = s->s_port;
213  	else {
214  	    char *ptr;
215  
216  	    port = strtol (port_str, &ptr, 10);
217  	    if (port == 0 && ptr == port_str)
218  		errx (1, "Bad port `%s'", port_str);
219  	    port = htons(port);
220  	}
221      }
222  
223      if (port == 0)
224  	port = krb5_getportbyname (*context, PORT, "tcp", 4711);
225  
226      return port;
227  }
228  
229  static int
230  setup(krb5_context *context, int argc, char **argv)
231  {
232      int port = common_setup(context, &argc, argv, usage);
233      if(argv[argc] != NULL)
234  	usage(1, args, num_args);
235      return port;
236  }
237  
238  int
239  main(int argc, char **argv)
240  {
241      krb5_context context = NULL; /* XXX */
242      int port = setup(&context, argc, argv);
243      return doit (port, service_str);
244  }