kdc/test_csr_authorizer.c

   1 #include "kdc_locl.h"
   2
   3 static int help_flag;
   4 static int version_flag;
   5 static const char *app_string = "kdc";
   6
   7 struct getargs args[] = {
   8     {   "help",     'h',    arg_flag,   &help_flag,
   9         "Print usage message", NULL },
  10     {   "version",  'v',    arg_flag,   &version_flag,
  11         "Print version", NULL },
  12     {   "app",      'a',    arg_string, &app_string,
  13         "App to test (kdc or bx509); default: kdc", "APPNAME" },
  14 };
  15 size_t num_args = sizeof(args) / sizeof(args[0]);
  16
  17 static int
  18 usage(int e)
  19 {
  20     arg_printusage(args, num_args, NULL, "PATH-TO-DER-CSR PRINCIPAL");
  21     fprintf(stderr,
  22             "\n\tExercise CSR authorization plugins for a given CSR for a\n"
  23             "\tgiven principal.\n"
  24             "\n\tExample: %s PKCS10:/tmp/csr.der foo@TEST.H5L.SE\n",
  25             getprogname());
  26     exit(e);
  27     return e;
  28 }
  29
  30 static const char *sysplugin_dirs[] =  {
  31 #ifdef _WIN32
  32     "$ORIGIN",
  33 #else
  34     "$ORIGIN/../lib/plugin/kdc",
  35 #endif
  36 #ifdef __APPLE__
  37     LIBDIR "/plugin/kdc",
  38 #endif
  39     NULL
  40 };
  41
  42 static void
  43 load_plugins(krb5_context context)
  44 {
  45     const char * const *dirs = sysplugin_dirs;
  46 #ifndef _WIN32
  47     char **cfdirs;
  48
  49     cfdirs = krb5_config_get_strings(context, NULL, "kdc", "plugin_dir", NULL);
  50     if (cfdirs)
  51         dirs = (const char * const *)cfdirs;
  52 #endif
  53
  54     _krb5_load_plugins(context, "kdc", (const char **)dirs);
  55
  56 #ifndef _WIN32
  57     krb5_config_free_strings(cfdirs);
  58 #endif
  59 }
  60
  61 int
  62 main(int argc, char **argv)
  63 {
  64     krb5_log_facility *logf;
  65     krb5_error_code ret;
  66     krb5_context context;
  67     hx509_request csr;
  68     krb5_principal princ = NULL;
  69     const char *argv0 = argv[0];
  70     int optidx = 0;
  71
  72     setprogname(argv[0]);
  73     if (getarg(args, num_args, argc, argv, &optidx))
  74         return usage(1);
  75     if (help_flag)
  76         return usage(0);
  77     if (version_flag) {
  78         print_version(argv[0]);
  79         return 0;
  80     }
  81
  82     argc -= optidx;
  83     argv += optidx;
  84
  85     if (argc != 2)
  86         usage(1);
  87
  88     if ((errno = krb5_init_context(&context)))
  89         err(1, "Could not initialize krb5_context");
  90     if ((ret = krb5_initlog(context, argv0, &logf)) ||
  91         (ret = krb5_addlog_dest(context, logf, "0-5/STDERR")))
  92         krb5_err(context, 1, ret, "Could not set up logging to stderr");
  93     load_plugins(context);
  94     if ((ret = hx509_request_parse(context->hx509ctx, argv[0], &csr)))
  95         krb5_err(context, 1, ret, "Could not parse PKCS#10 CSR from %s", argv[0]);
  96     if ((ret = krb5_parse_name(context, argv[1], &princ)))
  97         krb5_err(context, 1, ret, "Could not parse principal %s", argv[1]);
  98     if ((ret = kdc_authorize_csr(context, app_string, csr, princ)))
  99         krb5_err(context, 1, ret, "Authorization failed");
 100     printf("Authorized!\n");
 101     krb5_free_principal(context, princ);
 102     _krb5_unload_plugins(context, "kdc");
 103     krb5_free_context(context);
 104     hx509_request_free(&csr);
 105     return 0;
 106 }