+Fri Apr 28 15:30:00 1995 Theodore Y. Ts'o <tytso@dcl>
+
+ * gss-server.c (main, sign_server): Make changes to allow
+ gss-server to be fired out of inetd. New options: -inetd
+ and -logfile. The -logfile allows the output of
+ gss-server to be redirected to a file.
+
+ * gss-misc.c (send_token, recv_token, display_status_1): Add
+ support for -logfile option. If the external FILE
+ *display_file is set, redirect error messages to
+ display_file instead of stderr.
+
Wed Apr 26 17:17:22 1995 Mark Eichin <eichin@cygnus.com>
* configure.in: use AC_CONST since we don't learn it from the krb5
static void display_status_1();
+FILE *display_file = NULL;
+
/*
* Function: send_token
*
{
int len, ret;
+ if (display_file == 0)
+ display_file = stderr;
+
len = htonl(tok->length);
ret = write(s, (char *) &len, 4);
perror("sending token length");
return -1;
} else if (ret != 4) {
- fprintf(stderr, "sending token length: %d of %d bytes written\n",
+ fprintf(display_file,
+ "sending token length: %d of %d bytes written\n",
ret, 4);
return -1;
}
perror("sending token data");
return -1;
} else if (ret != tok->length) {
- fprintf(stderr, "sending token data: %d of %d bytes written\n",
+ fprintf(display_file,
+ "sending token data: %d of %d bytes written\n",
ret, tok->length);
return -1;
}
{
int ret;
+ if (display_file == 0)
+ display_file = stderr;
+
ret = read(s, (char *) &tok->length, 4);
if (ret < 0) {
perror("reading token length");
return -1;
} else if (ret != 4) {
- fprintf(stderr, "reading token length: %d of %d bytes read\n",
+ fprintf(display_file,
+ "reading token length: %d of %d bytes read\n",
ret, 4);
return -1;
}
tok->length = ntohl(tok->length);
tok->value = (char *) malloc(tok->length);
if (tok->value == NULL) {
- fprintf(stderr, "Out of memory allocating token data\n");
+ fprintf(display_file,
+ "Out of memory allocating token data\n");
return -1;
}
free(tok->value);
return -1;
} else if (ret != tok->length) {
- fprintf(stderr, "sending token data: %d of %d bytes written\n",
+ fprintf(display_file,
+ "sending token data: %d of %d bytes written\n",
ret, tok->length);
free(tok->value);
return -1;
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
+#include <sys/time.h>
+#include <time.h>
#include <gssapi/gssapi.h>
#include <gssapi/gssapi_generic.h>
int recv_token();
void display_status();
+extern FILE *display_file;
+FILE *log;
+
usage()
{
- fprintf(stderr, "Usage: gss-server [-port port] service_name\n");
+ fprintf(stderr, "Usage: gss-server [-port port] [-inetd] [-logfile file] service_name\n");
exit(1);
}
char *service_name;
u_short port = 4444;
int s;
+ int do_inetd = 0;
+ log = stdout;
argc--; argv++;
while (argc) {
if (strcmp(*argv, "-port") == 0) {
argc--; argv++;
if (!argc) usage();
port = atoi(*argv);
+ } else if (strcmp(*argv, "-inetd") == 0) {
+ do_inetd = 1;
+ } else if (strcmp(*argv, "-logfile") == 0) {
+ argc--; argv++;
+ if (!argc) usage();
+ log = fopen(*argv, "a");
+ display_file = log;
+ if (!log) {
+ perror(*argv);
+ exit(1);
+ }
} else
break;
argc--; argv++;
service_name = *argv;
- if ((s = create_socket(port)) < 0)
- exit(1);
+ if (do_inetd == 0) {
+ if ((s = create_socket(port)) < 0)
+ exit(1);
+ } else {
+ s = -1;
+ close(1);
+ close(2);
+ }
if (sign_server(s, service_name) < 0)
exit(1);
*
* Arguments:
*
- * s (r) a TCP socket on which to listen for connections
+ * s (r) a TCP socket on which to listen for connections.
+ * If s is -1, then assume that we were started out of
+ * inetd and use file descriptor 0.
* service_name (r) the ASCII name of the GSS-API service to
* establish a context as
*
gss_ctx_id_t context;
OM_uint32 maj_stat, min_stat;
int s2;
+ time_t now;
if (server_acquire_creds(service_name, &server_creds) < 0)
return -1;
while (1) {
- /* Accept a TCP connection */
- if ((s2 = accept(s, NULL, 0)) < 0) {
- perror("accepting connection");
- exit(1);
- }
+ if (s >= 0) {
+ /* Accept a TCP connection */
+ if ((s2 = accept(s, NULL, 0)) < 0) {
+ perror("accepting connection");
+ exit(1);
+ }
+ } else
+ s2 = 0;
/* Establish a context with the client */
if (server_establish_context(s2, server_creds, &context,
&client_name) < 0)
break;
- printf("Accepted connection: \"%s\"\n", client_name.value);
+ time(&now);
+ fprintf(log, "Accepted connection: \"%s\" at %s",
+ client_name.value, ctime(&now));
(void) gss_release_buffer(&min_stat, &client_name);
/* Receive the sealed message token */
(void) gss_release_buffer(&min_stat, &xmit_buf);
- printf("Received message: \"%s\"\n", msg_buf.value);
+ fprintf(log, "Received message: \"%s\"\n", msg_buf.value);
/* Produce a signature block for the message */
maj_stat = gss_sign(&min_stat, context, GSS_C_QOP_DEFAULT,
/* Close TCP connection */
close(s2);
+
+ fflush(log);
+
+ if (s < 0)
+ break;
}
/*NOTREACHED*/
if (send_tok.length != 0) {
if (send_token(s, &send_tok) < 0) {
- fprintf(stderr, "failure sending token\n");
+ fprintf(log, "failure sending token\n");
return -1;
}