Add comments to tcp_server.c, to make it easier for a newcomer to understand the krb5 API usage.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
This commit is contained in:
Marco Molteni
committed by
Love Hornquist Astrand
Love Hornquist Astrand
parent
894008ab82
commit
8cdcd53a5a
@@ -33,11 +33,15 @@
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* A sample server that uses the Kerberos V5 API.
|
* A sample server that uses the Kerberos V5 API.
|
||||||
|
*
|
||||||
|
* See "Introduction to the Kerberos 5 API" in the Doxygen documentation
|
||||||
|
* for a walkthrough of this code.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "test_locl.h"
|
#include "test_locl.h"
|
||||||
RCSID("$Id$");
|
RCSID("$Id$");
|
||||||
|
|
||||||
|
/* The API needs one Kerberos context per thread. */
|
||||||
krb5_context context;
|
krb5_context context;
|
||||||
|
|
||||||
static int
|
static int
|
||||||
@@ -54,20 +58,22 @@ proto (int sock, const char *service)
|
|||||||
uint32_t len, net_len;
|
uint32_t len, net_len;
|
||||||
ssize_t n;
|
ssize_t n;
|
||||||
|
|
||||||
|
/* Initialize the authentication context, to be used to authenticate the peer. */
|
||||||
status = krb5_auth_con_init (context, &auth_context);
|
status = krb5_auth_con_init (context, &auth_context);
|
||||||
if (status)
|
if (status)
|
||||||
krb5_err (context, 1, status, "krb5_auth_con_init");
|
krb5_err (context, 1, status, "krb5_auth_con_init");
|
||||||
|
|
||||||
|
/* Extract the local and remote address from the socket into auth_context. */
|
||||||
status = krb5_auth_con_setaddrs_from_fd (context,
|
status = krb5_auth_con_setaddrs_from_fd (context,
|
||||||
auth_context,
|
auth_context,
|
||||||
&sock);
|
&sock);
|
||||||
|
|
||||||
if (status)
|
if (status)
|
||||||
krb5_err (context, 1, status, "krb5_auth_con_setaddrs_from_fd");
|
krb5_err (context, 1, status, "krb5_auth_con_setaddrs_from_fd");
|
||||||
|
|
||||||
if(gethostname (hostname, sizeof(hostname)) < 0)
|
if (gethostname (hostname, sizeof(hostname)) < 0)
|
||||||
krb5_err (context, 1, errno, "gethostname");
|
krb5_err (context, 1, errno, "gethostname");
|
||||||
|
|
||||||
|
/* Create principal "server" for "service" on "hostname" (this host). */
|
||||||
status = krb5_sname_to_principal (context,
|
status = krb5_sname_to_principal (context,
|
||||||
hostname,
|
hostname,
|
||||||
service,
|
service,
|
||||||
@@ -76,17 +82,22 @@ proto (int sock, const char *service)
|
|||||||
if (status)
|
if (status)
|
||||||
krb5_err (context, 1, status, "krb5_sname_to_principal");
|
krb5_err (context, 1, status, "krb5_sname_to_principal");
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Perform the server side of the sendauth protocol. On success, "ticket"
|
||||||
|
* contains the authenticated credentials of the client.
|
||||||
|
*/
|
||||||
status = krb5_recvauth (context,
|
status = krb5_recvauth (context,
|
||||||
&auth_context,
|
&auth_context,
|
||||||
&sock,
|
&sock,
|
||||||
VERSION,
|
VERSION,
|
||||||
server,
|
server,
|
||||||
0,
|
0, /* flags */
|
||||||
keytab,
|
keytab,
|
||||||
&ticket);
|
&ticket);
|
||||||
if (status)
|
if (status)
|
||||||
krb5_err (context, 1, status, "krb5_recvauth");
|
krb5_err (context, 1, status, "krb5_recvauth");
|
||||||
|
|
||||||
|
/* Extract the client name as a string. */
|
||||||
status = krb5_unparse_name (context,
|
status = krb5_unparse_name (context,
|
||||||
ticket->client,
|
ticket->client,
|
||||||
&name);
|
&name);
|
||||||
@@ -99,6 +110,9 @@ proto (int sock, const char *service)
|
|||||||
krb5_data_zero (&data);
|
krb5_data_zero (&data);
|
||||||
krb5_data_zero (&packet);
|
krb5_data_zero (&packet);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Read the payload (encoded as length, value).
|
||||||
|
*/
|
||||||
n = krb5_net_read (context, &sock, &net_len, 4);
|
n = krb5_net_read (context, &sock, &net_len, 4);
|
||||||
if (n == 0)
|
if (n == 0)
|
||||||
krb5_errx (context, 1, "EOF in krb5_net_read");
|
krb5_errx (context, 1, "EOF in krb5_net_read");
|
||||||
@@ -115,6 +129,9 @@ proto (int sock, const char *service)
|
|||||||
if (n < 0)
|
if (n < 0)
|
||||||
krb5_err (context, 1, errno, "krb5_net_read");
|
krb5_err (context, 1, errno, "krb5_net_read");
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Expect a KRB_SAFE message (authenticated, not encrypted)
|
||||||
|
*/
|
||||||
status = krb5_rd_safe (context,
|
status = krb5_rd_safe (context,
|
||||||
auth_context,
|
auth_context,
|
||||||
&packet,
|
&packet,
|
||||||
@@ -126,6 +143,9 @@ proto (int sock, const char *service)
|
|||||||
fprintf (stderr, "safe packet: %.*s\n", (int)data.length,
|
fprintf (stderr, "safe packet: %.*s\n", (int)data.length,
|
||||||
(char *)data.data);
|
(char *)data.data);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Read the payload (encoded as length, value).
|
||||||
|
*/
|
||||||
n = krb5_net_read (context, &sock, &net_len, 4);
|
n = krb5_net_read (context, &sock, &net_len, 4);
|
||||||
if (n == 0)
|
if (n == 0)
|
||||||
krb5_errx (context, 1, "EOF in krb5_net_read");
|
krb5_errx (context, 1, "EOF in krb5_net_read");
|
||||||
@@ -142,6 +162,9 @@ proto (int sock, const char *service)
|
|||||||
if (n < 0)
|
if (n < 0)
|
||||||
krb5_err (context, 1, errno, "krb5_net_read");
|
krb5_err (context, 1, errno, "krb5_net_read");
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Expect a KRB_PRIV message (authenticated and encrypted)
|
||||||
|
*/
|
||||||
status = krb5_rd_priv (context,
|
status = krb5_rd_priv (context,
|
||||||
auth_context,
|
auth_context,
|
||||||
&packet,
|
&packet,
|
||||||
@@ -159,6 +182,7 @@ proto (int sock, const char *service)
|
|||||||
static int
|
static int
|
||||||
doit (int port, const char *service)
|
doit (int port, const char *service)
|
||||||
{
|
{
|
||||||
|
/* Block waiting for a connection. */
|
||||||
mini_inetd (port, NULL);
|
mini_inetd (port, NULL);
|
||||||
|
|
||||||
return proto (STDIN_FILENO, service);
|
return proto (STDIN_FILENO, service);
|
||||||
|
|||||||
Reference in New Issue
Block a user