gss_cred_id_t server_creds;
int export;
{
- gss_buffer_desc client_name, xmit_buf, msg_buf;
- gss_ctx_id_t context;
- OM_uint32 maj_stat, min_stat;
- int i, conf_state, ret_flags;
- char *cp;
- int token_flags;
-
- /* Establish a context with the client */
- if (server_establish_context(s, server_creds, &context,
- &client_name, &ret_flags) < 0)
- return(-1);
-
- if (context == GSS_C_NO_CONTEXT) {
- printf("Accepted unauthenticated connection.\n");
- }
- else {
- printf("Accepted connection: \"%.*s\"\n",
- (int) client_name.length, (char *) client_name.value);
- (void) gss_release_buffer(&min_stat, &client_name);
-
- if (export) {
- for (i=0; i < 3; i++)
- if (test_import_export_context(&context))
- return -1;
- }
- }
-
- do {
- /* Receive the message token */
- if (recv_token(s, &token_flags, &xmit_buf) < 0)
- return(-1);
-
- if (token_flags & TOKEN_NOOP) {
- if (log)
- fprintf(log, "NOOP token\n");
- if(xmit_buf.value) {
- free(xmit_buf.value);
- xmit_buf.value = 0;
- }
- break;
- }
-
- if (verbose && log) {
- fprintf(log, "Message token (flags=%d):\n", token_flags);
- print_token(&xmit_buf);
- }
-
- if ((context == GSS_C_NO_CONTEXT) &&
- (token_flags & (TOKEN_WRAPPED|TOKEN_ENCRYPTED|TOKEN_SEND_MIC))) {
- if (log)
- fprintf(log,
- "Unauthenticated client requested authenticated services!\n");
- if(xmit_buf.value) {
- free (xmit_buf.value);
- xmit_buf.value = 0;
- }
- return(-1);
- }
-
- if (token_flags & TOKEN_WRAPPED) {
- maj_stat = gss_unwrap(&min_stat, context, &xmit_buf, &msg_buf,
- &conf_state, (gss_qop_t *) NULL);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("unsealing message", maj_stat, min_stat);
- if(xmit_buf.value) {
- free (xmit_buf.value);
- xmit_buf.value = 0;
- }
- return(-1);
- } else if (! conf_state && (token_flags & TOKEN_ENCRYPTED)) {
- fprintf(stderr, "Warning! Message not encrypted.\n");
- }
-
- if(xmit_buf.value) {
- free (xmit_buf.value);
- xmit_buf.value = 0;
- }
- }
- else {
- msg_buf = xmit_buf;
- }
-
- if (log) {
- fprintf(log, "Received message: ");
- cp = msg_buf.value;
- if ((isprint((int) cp[0]) || isspace((int) cp[0])) &&
- (isprint((int) cp[1]) || isspace((int) cp[1]))) {
- fprintf(log, "\"%.*s\"\n", (int) msg_buf.length,
- (char *) msg_buf.value);
- } else {
- fprintf(log, "\n");
- print_token(&msg_buf);
- }
- }
-
- if (token_flags & TOKEN_SEND_MIC) {
- /* Produce a signature block for the message */
- maj_stat = gss_get_mic(&min_stat, context, GSS_C_QOP_DEFAULT,
- &msg_buf, &xmit_buf);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("signing message", maj_stat, min_stat);
- return(-1);
- }
-
- if(msg_buf.value) {
- free (msg_buf.value);
- msg_buf.value = 0;
- }
-
- /* Send the signature block to the client */
- if (send_token(s, TOKEN_MIC, &xmit_buf) < 0)
- return(-1);
-
- if(xmit_buf.value) {
- free (xmit_buf.value);
- xmit_buf.value = 0;
- }
- }
- else {
- if(msg_buf.value) {
- free (msg_buf.value);
- msg_buf.value = 0;
- }
- if (send_token(s, TOKEN_NOOP, empty_token) < 0)
- return(-1);
- }
- } while (1 /* loop will break if NOOP received */);
-
- if (context != GSS_C_NO_CONTEXT) {
- /* Delete context */
- maj_stat = gss_delete_sec_context(&min_stat, &context, NULL);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("deleting context", maj_stat, min_stat);
- return(-1);
- }
- }
-
- if (log)
- fflush(log);
-
- return(0);
+ gss_buffer_desc client_name, xmit_buf, msg_buf;
+ gss_ctx_id_t context;
+ OM_uint32 maj_stat, min_stat;
+ int i, conf_state, ret_flags;
+ char *cp;
+ int token_flags;
+
+ /* Establish a context with the client */
+ if (server_establish_context(s, server_creds, &context,
+ &client_name, &ret_flags) < 0)
+ return(-1);
+
+ if (context == GSS_C_NO_CONTEXT) {
+ printf("Accepted unauthenticated connection.\n");
+ }
+ else {
+ printf("Accepted connection: \"%.*s\"\n",
+ (int) client_name.length, (char *) client_name.value);
+ (void) gss_release_buffer(&min_stat, &client_name);
+
+ if (export) {
+ for (i=0; i < 3; i++)
+ if (test_import_export_context(&context))
+ return -1;
+ }
+ }
+
+ do {
+ /* Receive the message token */
+ if (recv_token(s, &token_flags, &xmit_buf) < 0)
+ return(-1);
+
+ if (token_flags & TOKEN_NOOP) {
+ if (log)
+ fprintf(log, "NOOP token\n");
+ if(xmit_buf.value) {
+ free(xmit_buf.value);
+ xmit_buf.value = 0;
+ }
+ break;
+ }
+
+ if (verbose && log) {
+ fprintf(log, "Message token (flags=%d):\n", token_flags);
+ print_token(&xmit_buf);
+ }
+
+ if ((context == GSS_C_NO_CONTEXT) &&
+ ( token_flags & (TOKEN_WRAPPED|TOKEN_ENCRYPTED|TOKEN_SEND_MIC))) {
+ if (log)
+ fprintf(log,
+ "Unauthenticated client requested authenticated services!\n");
+ if(xmit_buf.value) {
+ free (xmit_buf.value);
+ xmit_buf.value = 0;
+ }
+ return(-1);
+ }
+
+ if (token_flags & TOKEN_WRAPPED) {
+ maj_stat = gss_unwrap(&min_stat, context, &xmit_buf, &msg_buf,
+ &conf_state, (gss_qop_t *) NULL);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("unsealing message", maj_stat, min_stat);
+ if(xmit_buf.value) {
+ free (xmit_buf.value);
+ xmit_buf.value = 0;
+ }
+ return(-1);
+ } else if (! conf_state && (token_flags & TOKEN_ENCRYPTED)) {
+ fprintf(stderr, "Warning! Message not encrypted.\n");
+ }
+
+ if(xmit_buf.value) {
+ free (xmit_buf.value);
+ xmit_buf.value = 0;
+ }
+ }
+ else {
+ msg_buf = xmit_buf;
+ }
+
+ if (log) {
+ fprintf(log, "Received message: ");
+ cp = msg_buf.value;
+ if ((isprint((int) cp[0]) || isspace((int) cp[0])) &&
+ (isprint((int) cp[1]) || isspace((int) cp[1]))) {
+ fprintf(log, "\"%.*s\"\n", (int) msg_buf.length,
+ (char *) msg_buf.value);
+ } else {
+ fprintf(log, "\n");
+ print_token(&msg_buf);
+ }
+ }
+
+ if (token_flags & TOKEN_SEND_MIC) {
+ /* Produce a signature block for the message */
+ maj_stat = gss_get_mic(&min_stat, context, GSS_C_QOP_DEFAULT,
+ &msg_buf, &xmit_buf);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("signing message", maj_stat, min_stat);
+ return(-1);
+ }
+
+ if(msg_buf.value) {
+ free (msg_buf.value);
+ msg_buf.value = 0;
+ }
+
+ /* Send the signature block to the client */
+ if (send_token(s, TOKEN_MIC, &xmit_buf) < 0)
+ return(-1);
+
+ if(xmit_buf.value) {
+ free (xmit_buf.value);
+ xmit_buf.value = 0;
+ }
+ }
+ else {
+ if(msg_buf.value) {
+ free (msg_buf.value);
+ msg_buf.value = 0;
+ }
+ if (send_token(s, TOKEN_NOOP, empty_token) < 0)
+ return(-1);
+ }
+ } while (1 /* loop will break if NOOP received */);
+
+ if (context != GSS_C_NO_CONTEXT) {
+ /* Delete context */
+ maj_stat = gss_delete_sec_context(&min_stat, &context, NULL);
+ if (maj_stat != GSS_S_COMPLETE) {
+ display_status("deleting context", maj_stat, min_stat);
+ return(-1);
+ }
+ }
+
+ if (log)
+ fflush(log);
+
+ return(0);
}
int
}
/* this return value is not checked, because there's
not really anything to do if it fails */
- sign_server(s, server_creds);
+ sign_server(s, server_creds, export);
close(s);
} while (!once);
projects / krb5.git / commitdiff