kdc/test_csr_authorizer.c

   1 #include "kdc_locl.h"
   2
   3 static int help_flag;
   4 static int version_flag;
   5 static const char *app_string = "kdc";
   6
   7 struct getargs args[] = {
   8     {   "help",     'h',    arg_flag,   &help_flag,
   9         "Print usage message", NULL },
  10     {   "version",  'v',    arg_flag,   &version_flag,
  11         "Print version", NULL },
  12     {   "app",      'a',    arg_string, &app_string,
  13         "App to test (kdc or bx509); default: kdc", "APPNAME" },
  14 };
  15 size_t num_args = sizeof(args) / sizeof(args[0]);
  16
  17 static int
  18 usage(int e)
  19 {
  20     arg_printusage(args, num_args, NULL, "PATH-TO-DER-CSR PRINCIPAL");
  21     fprintf(stderr,
  22             "\n\tExercise CSR authorization plugins for a given CSR for a\n"
  23             "\tgiven principal.\n"
  24             "\n\tExample: %s PKCS10:/tmp/csr.der foo@TEST.H5L.SE\n",
  25             getprogname());
  26     exit(e);
  27     return e;
  28 }
  29
  30 int
  31 main(int argc, char **argv)
  32 {
  33     krb5_kdc_configuration *config;
  34     krb5_error_code ret;
  35     krb5_context context;
  36     hx509_request csr;
  37     krb5_principal princ = NULL;
  38     const char *argv0 = argv[0];
  39     int optidx = 0;
  40
  41     setprogname(argv[0]);
  42     if (getarg(args, num_args, argc, argv, &optidx))
  43         return usage(1);
  44     if (help_flag)
  45         return usage(0);
  46     if (version_flag) {
  47         print_version(argv[0]);
  48         return 0;
  49     }
  50
  51     argc -= optidx;
  52     argv += optidx;
  53
  54     if (argc != 2)
  55         usage(1);
  56
  57     if ((errno = krb5_init_context(&context)))
  58         err(1, "Could not initialize krb5_context");
  59     if ((ret = krb5_kdc_get_config(context, &config)))
  60         krb5_err(context, 1, ret, "Could not get KDC configuration");
  61     config->app = app_string;
  62     if ((ret = krb5_initlog(context, argv0, &config->logf)) ||
  63         (ret = krb5_addlog_dest(context, config->logf, "0-5/STDERR")))
  64         krb5_err(context, 1, ret, "Could not set up logging to stderr");
  65     if ((ret = krb5_kdc_set_dbinfo(context, config)))
  66         krb5_err(context, 1, ret, "Could not get KDC configuration (HDB)");
  67     if ((ret = hx509_request_parse(context->hx509ctx, argv[0], &csr)))
  68         krb5_err(context, 1, ret, "Could not parse PKCS#10 CSR from %s", argv[0]);
  69     if ((ret = krb5_parse_name(context, argv[1], &princ)))
  70         krb5_err(context, 1, ret, "Could not parse principal %s", argv[1]);
  71     if ((ret = kdc_authorize_csr(context, config, csr, princ)))
  72         krb5_err(context, 1, ret, "Authorization failed");
  73     printf("Authorized!\n");
  74     krb5_free_principal(context, princ);
  75     _krb5_unload_plugins(context, "kdc");
  76     krb5_free_context(context);
  77     hx509_request_free(&csr);
  78     /* FIXME There's no free function for config yet */
  79     return 0;
  80 }