search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
lib/gssapi/krb5: implement GSS_C_CHANNEL_BOUND_FLAG for gss_init_sec_context()
[heimdal.git] / lib / gssapi / test_acquire_cred.c
blobef49311bcf907c0bf9cfae73e9c037d18b009ac7
1 /*
2 * Copyright (c) 2003-2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of KTH nor the names of its contributors may be
18 * used to endorse or promote products derived from this software without
19 * specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
22 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
25 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
28 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
30 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
31 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
33
34 #ifdef HAVE_CONFIG_H
35 #include <config.h>
36 #endif
37
38 #include <roken.h>
39 #include <stdio.h>
40 #include <stdlib.h>
41 #include <string.h>
42 #include <stdarg.h>
43 #include <gssapi.h>
44 #include <gssapi_krb5.h>
45 #include <gssapi_spnego.h>
46 #include <err.h>
47 #include <getarg.h>
48
49 #include "test_common.h"
50
51 static void
52 print_time(OM_uint32 time_rec)
53 {
54 if (time_rec == GSS_C_INDEFINITE) {
55 printf("cred never expire\n");
56 } else {
57 time_t t = time_rec + time(NULL);
58 printf("expiration time: %s", ctime(&t));
59 }
60 }
61
62 #if 0
63
64 static void
65 test_add(gss_cred_id_t cred_handle)
66 {
67 OM_uint32 major_status, minor_status;
68 gss_cred_id_t copy_cred;
69 OM_uint32 time_rec;
70
71 major_status = gss_add_cred (&minor_status,
72 cred_handle,
73 GSS_C_NO_NAME,
74 GSS_KRB5_MECHANISM,
75 GSS_C_INITIATE,
76 0,
77 0,
78 &copy_cred,
79 NULL,
80 &time_rec,
81 NULL);
82
83 if (GSS_ERROR(major_status))
84 errx(1, "add_cred failed");
85
86 print_time(time_rec);
87
88 major_status = gss_release_cred(&minor_status,
89 &copy_cred);
90 if (GSS_ERROR(major_status))
91 errx(1, "release_cred failed");
92 }
93
94 static void
95 copy_cred(void)
96 {
97 OM_uint32 major_status, minor_status;
98 gss_cred_id_t cred_handle;
99 OM_uint32 time_rec;
100
101 major_status = gss_acquire_cred(&minor_status,
102 GSS_C_NO_NAME,
103 0,
104 NULL,
105 GSS_C_INITIATE,
106 &cred_handle,
107 NULL,
108 &time_rec);
109 if (GSS_ERROR(major_status))
110 errx(1, "acquire_cred failed");
111
112 print_time(time_rec);
113
114 test_add(cred_handle);
115 test_add(cred_handle);
116 test_add(cred_handle);
117
118 major_status = gss_release_cred(&minor_status,
119 &cred_handle);
120 if (GSS_ERROR(major_status))
121 errx(1, "release_cred failed");
122 }
123 #endif
124
125 static gss_cred_id_t
126 acquire_cred_service(const char *service,
127 gss_OID nametype,
128 gss_OID_set oidset,
129 gss_cred_usage_t usage,
130 gss_const_key_value_set_t cred_store)
131 {
132 OM_uint32 major_status, minor_status;
133 gss_cred_id_t cred_handle;
134 OM_uint32 time_rec;
135 gss_buffer_desc name_buffer;
136 gss_name_t name = GSS_C_NO_NAME;
137
138 if (service) {
139 name_buffer.value = rk_UNCONST(service);
140 name_buffer.length = strlen(service);
141
142 major_status = gss_import_name(&minor_status,
143 &name_buffer,
144 nametype,
145 &name);
146 if (GSS_ERROR(major_status))
147 errx(1, "import_name failed");
148 }
149
150 major_status = gss_acquire_cred_from(&minor_status,
151 name,
152 0,
153 oidset,
154 usage,
155 cred_store,
156 &cred_handle,
157 NULL,
158 &time_rec);
159 if (GSS_ERROR(major_status)) {
160 warnx("acquire_cred failed: %s",
161 gssapi_err(major_status, minor_status, GSS_C_NO_OID));
162 } else {
163 print_time(time_rec);
164 gss_release_cred(&minor_status, &cred_handle);
165 }
166
167 if (name != GSS_C_NO_NAME)
168 gss_release_name(&minor_status, &name);
169
170 if (GSS_ERROR(major_status))
171 exit(1);
172
173 return cred_handle;
174 }
175
176 static int version_flag = 0;
177 static int help_flag = 0;
178 static int kerberos_flag = 0;
179 static int enctype = 0;
180 static char *acquire_name;
181 static char *acquire_type;
182 static char *target_name;
183 static char *name_type;
184 static char *ccache;
185 static char *client_keytab;
186 static int num_loops = 1;
187
188 static struct getargs args[] = {
189 {"acquire-name", 0, arg_string, &acquire_name, "name", NULL },
190 {"acquire-type", 0, arg_string, &acquire_type, "type", NULL },
191 {"enctype", 0, arg_integer, &enctype, "enctype-num", NULL },
192 {"loops", 0, arg_integer, &num_loops, "num-loops", NULL },
193 {"kerberos", 0, arg_flag, &kerberos_flag, NULL, NULL },
194 {"target-name", 0, arg_string, &target_name, "name", NULL },
195 {"ccache", 0, arg_string, &ccache, "name", NULL },
196 {"client-keytab", 0,arg_string, &client_keytab, "name", NULL },
197 {"name-type", 0, arg_string, &name_type, "type", NULL },
198 {"version", 0, arg_flag, &version_flag, "print version", NULL },
199 {"help", 0, arg_flag, &help_flag, NULL, NULL }
200 };
201
202 static void
203 usage (int ret)
204 {
205 arg_printusage (args, sizeof(args)/sizeof(*args), NULL, "");
206 exit (ret);
207 }
208
209 int
210 main(int argc, char **argv)
211 {
212 gss_OID_set oidset = GSS_C_NULL_OID_SET;
213 gss_OID mechoid = GSS_C_NO_OID;
214 OM_uint32 maj_stat, min_stat;
215 gss_cred_id_t cred;
216 gss_name_t target = GSS_C_NO_NAME;
217 int i, optidx = 0;
218 gss_cred_usage_t cred_usage = GSS_C_BOTH;
219 gss_OID type = GSS_C_NT_HOSTBASED_SERVICE;
220 gss_key_value_set_desc store, *storep = GSS_C_NO_CRED_STORE;
221 gss_key_value_element_desc elements[2];
222
223 store.count = 0;
224 store.elements = elements;
225
226 setprogname(argv[0]);
227 if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
228 usage(1);
229
230 if (help_flag)
231 usage (0);
232
233 if(version_flag){
234 print_version(NULL);
235 exit(0);
236 }
237
238 argc -= optidx;
239 argv += optidx;
240
241 if (argc != 0)
242 usage(1);
243
244 if (acquire_type) {
245 if (strcasecmp(acquire_type, "both") == 0)
246 cred_usage = GSS_C_BOTH;
247 else if (strcasecmp(acquire_type, "accept") == 0)
248 cred_usage = GSS_C_ACCEPT;
249 else if (strcasecmp(acquire_type, "initiate") == 0)
250 cred_usage = GSS_C_INITIATE;
251 else
252 errx(1, "unknown type %s", acquire_type);
253 }
254
255 if (name_type) {
256 if (strcasecmp("hostbased-service", name_type) == 0)
257 type = GSS_C_NT_HOSTBASED_SERVICE;
258 else if (strcasecmp("user-name", name_type) == 0)
259 type = GSS_C_NT_USER_NAME;
260 else
261 errx(1, "unknown name type %s", name_type);
262 }
263
264 if (ccache) {
265 store.elements[store.count].key = "ccache";
266 store.elements[store.count].value = ccache;
267 store.count++;
268 }
269 if (client_keytab) {
270 store.elements[store.count].key = "client_keytab";
271 store.elements[store.count].value = client_keytab;
272 store.count++;
273 }
274
275 if (store.count)
276 storep = &store;
277
278 if (kerberos_flag) {
279 mechoid = GSS_KRB5_MECHANISM;
280
281 maj_stat = gss_create_empty_oid_set(&min_stat, &oidset);
282 if (maj_stat != GSS_S_COMPLETE)
283 errx(1, "gss_create_empty_oid_set: %s",
284 gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
285
286 maj_stat = gss_add_oid_set_member(&min_stat, GSS_KRB5_MECHANISM, &oidset);
287 if (maj_stat != GSS_S_COMPLETE)
288 errx(1, "gss_add_oid_set_member: %s",
289 gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
290 }
291
292 if (target_name) {
293 gss_buffer_desc name;
294
295 name.value = target_name;
296 name.length = strlen(target_name);
297 maj_stat = gss_import_name(&min_stat, &name,
298 GSS_C_NT_HOSTBASED_SERVICE, &target);
299 if (maj_stat != GSS_S_COMPLETE)
300 errx(1, "gss_import_name: %s",
301 gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
302 }
303
304 for (i = 0; i < num_loops; i++) {
305
306 cred = acquire_cred_service(acquire_name, type, oidset, cred_usage, storep);
307
308 if (enctype) {
309 int32_t enctypelist = enctype;
310
311 maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, cred,
312 1, &enctypelist);
313 if (maj_stat)
314 errx(1, "gss_krb5_set_allowable_enctypes: %s",
315 gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
316 }
317
318 if (target) {
319 gss_ctx_id_t context = GSS_C_NO_CONTEXT;
320 gss_buffer_desc out;
321
322 out.length = 0;
323 out.value = NULL;
324
325 maj_stat = gss_init_sec_context(&min_stat,
326 cred, &context,
327 target, mechoid,
328 GSS_C_MUTUAL_FLAG, 0, NULL,
329 GSS_C_NO_BUFFER, NULL,
330 &out, NULL, NULL);
331 if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED)
332 errx(1, "init_sec_context failed: %s",
333 gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
334
335 gss_release_buffer(&min_stat, &out);
336 gss_delete_sec_context(&min_stat, &context, NULL);
337 }
338 gss_release_cred(&min_stat, &cred);
339 }
340 gss_release_oid_set(&min_stat, &oidset);
341 gss_release_name(&min_stat, &target);
342
343 return 0;
344 }
Heimdal