Print this page
first pass
Split |
Close |
Expand all |
Collapse all |
--- old/usr/src/cmd/gss/gssd/gssdtest.c
+++ new/usr/src/cmd/gss/gssd/gssdtest.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License, Version 1.0 only
6 6 * (the "License"). You may not use this file except in compliance
7 7 * with the License.
8 8 *
9 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 10 * or http://www.opensolaris.org/os/licensing.
11 11 * See the License for the specific language governing permissions
12 12 * and limitations under the License.
13 13 *
14 14 * When distributing Covered Code, include this CDDL HEADER in each
15 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 16 * If applicable, add the following below this CDDL HEADER, with the
17 17 * fields enclosed by brackets "[]" replaced with your own identifying
18 18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 19 *
20 20 * CDDL HEADER END
21 21 */
22 22 /*
23 23 * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
24 24 * Use is subject to license terms.
25 25 */
26 26
27 27 #pragma ident "%Z%%M% %I% %E% SMI"
28 28
29 29 /*
30 30 * Test client for gssd. This program is not shipped on the binary
31 31 * release.
32 32 */
33 33
34 34 #include <stdio.h>
35 35 #include <strings.h>
36 36 #include <ctype.h>
37 37 #include <stdlib.h>
38 38 #include <gssapi/gssapi.h>
39 39 #include <gssapi/gssapi_ext.h>
40 40 #include "gssd.h"
41 41 #include <rpc/rpc.h>
42 42
43 43 #define _KERNEL
44 44 #include <gssapi/gssapi.h>
45 45 #undef _KERNEL
46 46
47 47 int gss_major_code;
48 48 int gss_minor_code;
49 49
50 50 int init_sec_context_phase = 0;
51 51 int accept_sec_context_phase = 0;
52 52
53 53 gss_ctx_id_t initiator_context_handle;
54 54 gss_ctx_id_t acceptor_context_handle;
55 55 gss_cred_id_t acceptor_credentials;
56 56 gss_buffer_desc init_token_buffer;
57 57 gss_buffer_desc accept_token_buffer;
58 58 gss_buffer_desc delete_token_buffer;
59 59 gss_buffer_desc message_buffer;
60 60 gss_buffer_desc msg_token;
61 61
62 62 #define LOOP_COUNTER 100
63 63 #define GSS_KRB5_MECH_OID "1.2.840.113554.1.2.2"
64 64 #define GSS_DUMMY_MECH_OID "1.3.6.1.4.1.42.2.26.1.2"
65 65 #ifdef _KERNEL
66 66 #define OCTAL_MACRO "%03o."
67 67 #define MALLOC(n) kmem_alloc((n), KM_SLEEP)
68 68 #define CALLOC(n, s) kmem_zalloc((n)*(s), KM_SLEEP)
69 69 #define FREE(x, n) kmem_free((x), (n))
70 70 #define memcpy(dst, src, n) bcopy((src), (dst), (n))
71 71 #define fprintf(s, m) printf(m)
72 72 #define isspace(s) ((s) == ' ' || (s) == '\t' || (s) == '\n' || \
73 73 (s) == '\r' || (s) == '\v' || (s) == '\f')
74 74
75 75 static char *strdup(const char *s)
76 76 {
77 77 int len = strlen(s);
78 78 char *new = MALLOC(len+1);
79 79 strcpy(new, s);
80 80 return (new);
81 81 }
82 82
83 83 #else /* !_KERNEL */
84 84 #define OCTAL_MACRO "%03.3o."
85 85 #define MALLOC(n) malloc(n)
86 86 #define CALLOC(n, s) calloc((n), (s))
87 87 #define FREE(x, n) free(x)
88 88 #endif /* _KERNEL */
89 89
90 90 static gss_OID gss_str2oid(char *);
91 91 static char * gss_oid2str(gss_OID);
92 92 static void instructs();
93 93 static void usage();
94 94 static int parse_input_line(char *, int *, char ***);
95 95 extern uid_t getuid();
96 96
↓ open down ↓ |
96 lines elided |
↑ open up ↑ |
97 97 static void _gss_init_sec_context(int, char **);
98 98 static void _gss_acquire_cred(int, char **);
99 99 static void _gss_add_cred(int, char **);
100 100 static void _gss_sign(int, char **);
101 101 static void _gss_release_cred(int, char **);
102 102 static void _gss_accept_sec_context(int, char **);
103 103 static void _gss_process_context_token(int, char **);
104 104 static void _gss_delete_sec_context(int, char **);
105 105 static void _gss_context_time(int, char **);
106 106 static void _gss_verify(int, char **);
107 -/* EXPORT DELETE START */
108 107 static void _gss_seal(int, char **);
109 108 static void _gss_unseal(int, char **);
110 -/* EXPORT DELETE END */
111 109 static void _gss_display_status(int, char **);
112 110 static void _gss_indicate_mechs(int, char **);
113 111 static void _gss_inquire_cred(int, char **);
114 112 static void _gssd_expname_to_unix_cred(int, char **);
115 113 static void _gssd_name_to_unix_cred(int, char **);
116 114 static void _gssd_get_group_info(int, char **);
117 115
118 116 static int do_gssdtest(char *buf);
119 117
120 118
121 119 #ifndef _KERNEL
122 120 static int read_line(char *buf, int size)
123 121 {
124 122 int len;
125 123
126 124 /* read the next line. If cntl-d, return with zero char count */
127 125 printf(gettext("\n> "));
128 126
129 127 if (fgets(buf, size, stdin) == NULL)
130 128 return (0);
131 129
132 130 len = strlen(buf);
133 131 buf[--len] = '\0';
134 132 return (len);
135 133 }
136 134
137 135 int
138 136 main()
139 137 {
140 138 char buf[512];
141 139 int len, ret;
142 140
143 141 /* Print out usage and instructions to start off the session */
144 142
145 143 instructs();
146 144 usage();
147 145
148 146 /*
149 147 * Loop, repeatedly calling parse_input_line() to get the
150 148 * next line and parse it into argc and argv. Act on the
151 149 * arguements found on the line.
152 150 */
153 151
154 152 do {
155 153 len = read_line(buf, 512);
156 154 if (len)
157 155 ret = do_gssdtest(buf);
158 156 } while (len && !ret);
159 157
160 158 return (0);
161 159 }
162 160 #endif /* !_KERNEL */
163 161
164 162 static int
165 163 do_gssdtest(char *buf)
166 164 {
167 165 int argc, seal_argc;
168 166 int i;
169 167 char **argv, **argv_array;
170 168
171 169 char *cmd;
172 170 char *seal_ini_array [] = { "initiator", " Hello"};
173 171 char *seal_acc_array [] = { "acceptor", " Hello"};
174 172 char *unseal_acc_array [] = {"acceptor"};
175 173 char *unseal_ini_array [] = {"initiator"};
176 174 char *delet_acc_array [] = {"acceptor"};
177 175 char *delet_ini_array [] = {"initiator"};
178 176
179 177 argv = 0;
180 178
181 179 if (parse_input_line(buf, &argc, &argv) == 0) {
182 180 printf(gettext("\n"));
183 181 return (1);
184 182 }
185 183
186 184 if (argc == 0) {
187 185 usage();
188 186 /*LINTED*/
189 187 FREE(argv_array, (argc+1)*sizeof (char *));
190 188 return (0);
191 189 }
192 190
193 191 /*
194 192 * remember argv_array address, which is memory calloc'd by
195 193 * parse_input_line, so it can be free'd at the end of the loop.
196 194 */
197 195
198 196 argv_array = argv;
199 197
200 198 cmd = argv[0];
201 199
202 200 argc--;
203 201 argv++;
204 202
205 203 if (strcmp(cmd, "gss_loop") == 0 ||
206 204 strcmp(cmd, "loop") == 0) {
207 205
208 206 if (argc < 1) {
209 207 usage();
210 208 FREE(argv_array, (argc+2) * sizeof (char *));
211 209 return (0);
212 210 }
↓ open down ↓ |
92 lines elided |
↑ open up ↑ |
213 211 for (i = 0; i < LOOP_COUNTER; i++) {
214 212 printf(gettext("Loop Count is %d \n"), i);
215 213 /*
216 214 * if (i > 53)
217 215 * printf ("Loop counter is greater than 55\n");
218 216 */
219 217 _gss_acquire_cred(argc, argv);
220 218 _gss_init_sec_context(argc, argv);
221 219 _gss_accept_sec_context(0, argv);
222 220 _gss_init_sec_context(argc, argv);
223 -/* EXPORT DELETE START */
221 +
224 222 seal_argc = 2;
225 223 _gss_seal(seal_argc, seal_ini_array);
226 224 seal_argc = 1;
227 225 _gss_unseal(seal_argc, unseal_acc_array);
228 226 seal_argc = 2;
229 227 _gss_seal(seal_argc, seal_acc_array);
230 228 seal_argc = 1;
231 229 _gss_unseal(seal_argc, unseal_ini_array);
232 -/* EXPORT DELETE END */
233 230 seal_argc = 2;
234 231 _gss_sign(seal_argc, seal_ini_array);
235 232 seal_argc = 1;
236 233 _gss_verify(seal_argc, unseal_acc_array);
237 234 seal_argc = 2;
238 235 _gss_sign(seal_argc, seal_acc_array);
239 236 seal_argc = 1;
240 237 _gss_verify(seal_argc, unseal_ini_array);
241 238 _gss_delete_sec_context(argc, delet_acc_array);
242 239 _gss_delete_sec_context(argc, delet_ini_array);
243 240 }
244 241 }
245 242 if (strcmp(cmd, "gss_all") == 0 ||
246 243 strcmp(cmd, "all") == 0) {
247 244 _gss_acquire_cred(argc, argv);
248 245 _gss_init_sec_context(argc, argv);
249 246 _gss_accept_sec_context(0, argv);
250 247 _gss_init_sec_context(argc, argv);
251 -/* EXPORT DELETE START */
248 +
252 249 seal_argc = 2;
253 250 _gss_seal(seal_argc, seal_acc_array);
254 251 seal_argc = 1;
255 252 _gss_unseal(seal_argc, unseal_ini_array);
256 253 seal_argc = 2;
257 254 _gss_seal(seal_argc, seal_ini_array);
258 255 seal_argc = 1;
259 256 _gss_unseal(seal_argc, unseal_acc_array);
260 -/* EXPORT DELETE END */
261 257 seal_argc = 2;
262 258 _gss_sign(seal_argc, seal_ini_array);
263 259 seal_argc = 1;
264 260 _gss_verify(seal_argc, unseal_acc_array);
265 261 seal_argc = 2;
266 262 _gss_sign(seal_argc, seal_acc_array);
267 263 seal_argc = 1;
268 264 _gss_verify(seal_argc, unseal_ini_array);
269 265
270 266 }
271 267 if (strcmp(cmd, "gss_acquire_cred") == 0 ||
272 268 strcmp(cmd, "acquire") == 0) {
273 269 _gss_acquire_cred(argc, argv);
274 270 if (argc == 1)
275 271 _gss_add_cred(argc, argv);
276 272 }
277 273
278 274 else if (strcmp(cmd, "gss_release_cred") == 0 ||
279 275 strcmp(cmd, "release") == 0)
280 276 _gss_release_cred(argc, argv);
281 277 else if (strcmp(cmd, "gss_init_sec_context") == 0 ||
282 278 strcmp(cmd, "init") == 0)
283 279 _gss_init_sec_context(argc, argv);
284 280 else if (strcmp(cmd, "gss_accept_sec_context") == 0 ||
285 281 strcmp(cmd, "accept") == 0)
286 282 _gss_accept_sec_context(argc, argv);
287 283 else if (strcmp(cmd, "gss_process_context_token") == 0 ||
288 284 strcmp(cmd, "process") == 0)
289 285 _gss_process_context_token(argc, argv);
290 286 else if (strcmp(cmd, "gss_delete_sec_context") == 0 ||
291 287 strcmp(cmd, "delete") == 0)
↓ open down ↓ |
21 lines elided |
↑ open up ↑ |
292 288 _gss_delete_sec_context(argc, argv);
293 289 else if (strcmp(cmd, "gss_context_time") == 0 ||
294 290 strcmp(cmd, "time") == 0)
295 291 _gss_context_time(argc, argv);
296 292 else if (strcmp(cmd, "gss_sign") == 0 ||
297 293 strcmp(cmd, "sign") == 0)
298 294 _gss_sign(argc, argv);
299 295 else if (strcmp(cmd, "gss_verify") == 0 ||
300 296 strcmp(cmd, "verify") == 0)
301 297 _gss_verify(argc, argv);
302 -/* EXPORT DELETE START */
303 298 else if (strcmp(cmd, "gss_seal") == 0 ||
304 299 strcmp(cmd, "seal") == 0)
305 300 _gss_seal(argc, argv);
306 301 else if (strcmp(cmd, "gss_unseal") == 0 ||
307 302 strcmp(cmd, "unseal") == 0)
308 303 _gss_unseal(argc, argv);
309 -/* EXPORT DELETE END */
310 304 else if (strcmp(cmd, "gss_display_status") == 0||
311 305 strcmp(cmd, "status") == 0)
312 306 _gss_display_status(argc, argv);
313 307 else if (strcmp(cmd, "gss_indicate_mechs") == 0 ||
314 308 strcmp(cmd, "indicate") == 0)
315 309 _gss_indicate_mechs(argc, argv);
316 310 else if (strcmp(cmd, "gss_inquire_cred") == 0 ||
317 311 strcmp(cmd, "inquire") == 0)
318 312 _gss_inquire_cred(argc, argv);
319 313 else if (strcmp(cmd, "expname2unixcred") == 0 ||
320 314 strcmp(cmd, "gsscred_expname_to_unix_cred") == 0)
321 315 _gssd_expname_to_unix_cred(argc, argv);
322 316 else if (strcmp(cmd, "name2unixcred") == 0 ||
323 317 strcmp(cmd, "gsscred_name_to_unix_cred") == 0)
324 318 _gssd_name_to_unix_cred(argc, argv);
325 319 else if (strcmp(cmd, "grpinfo") == 0 ||
326 320 strcmp(cmd, "gss_get_group_info") == 0)
327 321 _gssd_get_group_info(argc, argv);
328 322 else if (strcmp(cmd, "exit") == 0) {
329 323 printf(gettext("\n"));
330 324 FREE(argv_array, (argc+2) * sizeof (char *));
331 325 return (1);
332 326 } else
333 327 usage();
334 328
335 329 /* free argv array */
336 330
337 331 FREE(argv_array, (argc+2) * sizeof (char *));
338 332 return (0);
339 333 }
340 334
341 335 static void
342 336 _gss_acquire_cred(argc, argv)
343 337 int argc;
344 338 char **argv;
345 339 {
346 340
347 341 OM_UINT32 status, minor_status;
348 342 gss_buffer_desc name;
349 343 gss_name_t desired_name = (gss_name_t) 0;
350 344 OM_uint32 time_req;
351 345 gss_OID_set_desc desired_mechs_desc;
352 346 gss_OID_set desired_mechs = &desired_mechs_desc;
353 347 int cred_usage;
354 348 gss_OID_set actual_mechs = GSS_C_NULL_OID_SET;
355 349 gss_OID_set inquire_mechs = GSS_C_NULL_OID_SET;
356 350 OM_UINT32 time_rec;
357 351 char * string;
358 352 char * inq_string;
359 353 uid_t uid;
360 354 gss_OID mech_type;
361 355
362 356 /*
363 357 * First set up the command line independent input arguments.
364 358 */
365 359
366 360 time_req = (OM_uint32) 0;
367 361 cred_usage = GSS_C_ACCEPT;
368 362 uid = getuid();
369 363
370 364 /* Parse the command line for the variable input arguments */
371 365
372 366 if (argc == 0) {
373 367 usage();
374 368 return;
375 369 }
376 370
377 371 /*
378 372 * Get the name of the principal.
379 373 */
380 374
381 375 name.length = strlen(argv[0])+1;
382 376 name.value = argv[0];
383 377
384 378 /*
385 379 * Now convert the string given by the first argument into internal
386 380 * form suitable for input to gss_acquire_cred()
387 381 */
388 382
389 383 if ((status = gss_import_name(&minor_status, &name,
390 384 (gss_OID)GSS_C_NT_HOSTBASED_SERVICE, &desired_name))
391 385 != GSS_S_COMPLETE) {
392 386 printf(gettext(
393 387 "could not parse desired name: err (octal) %o (%s)\n"),
394 388 status, gettext("gss_acquire_cred error"));
395 389 return;
396 390 }
397 391
398 392 argc--;
399 393 argv++;
400 394
401 395 /*
402 396 * The next argument is an OID in dotted decimal form.
403 397 */
404 398
405 399 if (argc == 0) {
406 400 printf(gettext("Assuming Kerberos V5 as the mechanism\n"));
407 401 printf(gettext(
408 402 "The mech OID 1.2.840.113554.1.2.2 will be used\n"));
409 403 mech_type = gss_str2oid((char *)GSS_KRB5_MECH_OID);
410 404 } else
411 405 mech_type = gss_str2oid(argv[0]);
412 406
413 407 if (mech_type == 0 || mech_type->length == 0) {
414 408 printf(gettext("improperly formated mechanism OID\n"));
415 409 return;
416 410 }
417 411
418 412 /*
419 413 * set up desired_mechs so it points to mech_type.
420 414 */
421 415
422 416 desired_mechs = (gss_OID_set) MALLOC(sizeof (gss_OID_desc));
423 417
424 418 desired_mechs->count = 1;
425 419 desired_mechs->elements = mech_type;
426 420
427 421 status = kgss_acquire_cred(
428 422 &minor_status,
429 423 desired_name,
430 424 time_req,
431 425 desired_mechs,
432 426 cred_usage,
433 427 &acceptor_credentials,
434 428 &actual_mechs,
435 429 &time_rec,
436 430 uid);
437 431
438 432 /* store major and minor status for gss_display_status() call */
439 433
440 434 gss_major_code = status;
441 435 gss_minor_code = minor_status;
442 436
443 437 if (status == GSS_S_COMPLETE) {
444 438 /* process returned values */
445 439
446 440 printf(gettext("\nacquire succeeded\n\n"));
447 441
448 442 /*
449 443 * print out the actual mechs returned NB: Since only one
450 444 * mechanism is specified in desired_mechs, only one
451 445 * can be returned in actual_mechs. Consequently,
452 446 * actual_mechs->elements points to an array of only one
453 447 * element.
454 448 */
455 449
456 450 if ((string = gss_oid2str(actual_mechs->elements)) == 0) {
457 451 printf(gettext("actual mechs == NULL\n\n"));
458 452 } else {
459 453 printf(gettext("actual mechs = %s\n\n"), string);
460 454 FREE(string, (actual_mechs->elements->length+1)*4+1);
461 455 }
462 456
463 457 if (cred_usage == GSS_C_BOTH)
464 458 printf(gettext("GSS_C_BOTH\n\n"));
465 459
466 460 if (cred_usage == GSS_C_INITIATE)
467 461 printf(gettext("GSS_C_INITIATE\n\n"));
468 462
469 463 if (cred_usage == GSS_C_ACCEPT)
470 464 printf(gettext("GSS_C_ACCEPT\n\n"));
471 465 status = kgss_inquire_cred(
472 466 &minor_status,
473 467 acceptor_credentials,
474 468 NULL,
475 469 &time_req,
476 470 &cred_usage,
477 471 &inquire_mechs,
478 472 uid);
479 473
480 474 if (status != GSS_S_COMPLETE)
481 475 printf(gettext("server ret err (octal) %o (%s)\n"),
482 476 status, gettext("gss_inquire_cred error"));
483 477 else {
484 478 if ((inq_string =
485 479 gss_oid2str(inquire_mechs->elements)) == 0) {
486 480 printf(gettext
487 481 ("mechs from inquire == NULL\n\n"));
488 482 } else {
489 483 printf(gettext
490 484 ("mechs from inquiry = %s\n\n"),
491 485 inq_string);
492 486 FREE(inq_string,
493 487 (inquire_mechs->elements->length+1)*4+1);
494 488 }
495 489 printf(gettext("inquire_cred successful \n\n"));
496 490 }
497 491
498 492 } else {
499 493 printf(gettext("server ret err (octal) %o (%s)\n"),
500 494 status, gettext("gss_acquire_cred error"));
501 495 }
502 496
503 497 /* free allocated memory */
504 498
505 499 /* actual mechs is allocated by clnt_stubs. Release it here */
506 500 if (actual_mechs != GSS_C_NULL_OID_SET)
507 501 gss_release_oid_set_and_oids(&minor_status, &actual_mechs);
508 502 if (inquire_mechs != GSS_C_NULL_OID_SET)
509 503 gss_release_oid_set_and_oids(&minor_status, &inquire_mechs);
510 504
511 505 gss_release_name(&minor_status, &desired_name);
512 506
513 507 /* mech_type and desired_mechs are allocated above. Release it here */
514 508
515 509 FREE(mech_type->elements, mech_type->length);
516 510 FREE(mech_type, sizeof (gss_OID_desc));
517 511 FREE(desired_mechs, sizeof (gss_OID_desc));
518 512 }
519 513
520 514 static void
521 515 _gss_add_cred(argc, argv)
522 516 int argc;
523 517 char **argv;
524 518 {
525 519
526 520 OM_UINT32 status, minor_status;
527 521 gss_buffer_desc name;
528 522 gss_name_t desired_name = (gss_name_t) 0;
529 523 OM_uint32 time_req;
530 524 OM_uint32 initiator_time_req;
531 525 OM_uint32 acceptor_time_req;
532 526 int cred_usage;
533 527 gss_OID_set actual_mechs = GSS_C_NULL_OID_SET;
534 528 gss_OID_set inquire_mechs = GSS_C_NULL_OID_SET;
535 529 char * string;
536 530 uid_t uid;
537 531 gss_OID mech_type;
538 532 int i;
539 533
540 534 /*
541 535 * First set up the command line independent input arguments.
542 536 */
543 537
544 538 initiator_time_req = (OM_uint32) 0;
545 539 acceptor_time_req = (OM_uint32) 0;
546 540 cred_usage = GSS_C_ACCEPT;
547 541 uid = getuid();
548 542
549 543 /* Parse the command line for the variable input arguments */
550 544
551 545 if (argc == 0) {
552 546 usage();
553 547 return;
554 548 }
555 549
556 550 /*
557 551 * Get the name of the principal.
558 552 */
559 553
560 554 name.length = strlen(argv[0])+1;
561 555 name.value = argv[0];
562 556
563 557 /*
564 558 * Now convert the string given by the first argument into internal
565 559 * form suitable for input to gss_acquire_cred()
566 560 */
567 561
568 562 if ((status = gss_import_name(&minor_status, &name,
569 563 (gss_OID)GSS_C_NT_HOSTBASED_SERVICE, &desired_name))
570 564 != GSS_S_COMPLETE) {
571 565 printf(gettext(
572 566 "could not parse desired name: err (octal) %o (%s)\n"),
573 567 status, gettext("gss_acquire_cred error"));
574 568 return;
575 569 }
576 570
577 571 argc--;
578 572 argv++;
579 573
580 574 /*
581 575 * The next argument is an OID in dotted decimal form.
582 576 */
583 577
584 578 if (argc == 0) {
585 579 printf(gettext("Assuming dummy as the mechanism\n"));
586 580 printf(gettext(
587 581 "The mech OID 1.3.6.1.4.1.42.2.26.1.2 will be used\n"));
588 582 mech_type = gss_str2oid((char *)GSS_DUMMY_MECH_OID);
589 583 } else
590 584 mech_type = gss_str2oid(argv[0]);
591 585
592 586 if (mech_type == 0 || mech_type->length == 0) {
593 587 printf(gettext("improperly formated mechanism OID\n"));
594 588 return;
595 589 }
596 590
597 591 /*
598 592 * set up desired_mechs so it points to mech_type.
599 593 */
600 594
601 595 status = kgss_add_cred(
602 596 &minor_status,
603 597 acceptor_credentials,
604 598 desired_name,
605 599 mech_type,
606 600 cred_usage,
607 601 initiator_time_req,
608 602 acceptor_time_req,
609 603 &actual_mechs,
610 604 NULL,
611 605 NULL,
612 606 uid);
613 607
614 608 /* store major and minor status for gss_display_status() call */
615 609
616 610 gss_major_code = status;
617 611 gss_minor_code = minor_status;
618 612 if (status == GSS_S_COMPLETE) {
619 613 /* process returned values */
620 614
621 615 printf(gettext("\nadd succeeded\n\n"));
622 616 if (actual_mechs) {
623 617 for (i = 0; i < actual_mechs->count; i++) {
624 618 if ((string =
625 619 gss_oid2str
626 620 (&actual_mechs->elements[i])) == 0) {
627 621 printf(gettext
628 622 ("actual mechs == NULL\n\n"));
629 623 } else {
630 624 printf(gettext
631 625 ("actual mechs = %s\n\n"), string);
632 626 FREE(string,
633 627 (actual_mechs->elements->length+1)*4+1);
634 628 }
635 629 }
636 630 }
637 631 /*
638 632 * Try adding the cred again for the same mech
639 633 * We should get GSS_S_DUPLICATE_ELEMENT
640 634 * if not return an error
641 635 */
642 636 status = kgss_add_cred(
643 637 &minor_status,
644 638 acceptor_credentials,
645 639 desired_name,
646 640 mech_type,
647 641 cred_usage,
648 642 initiator_time_req,
649 643 acceptor_time_req,
650 644 NULL, /* &actual_mechs, */
651 645 NULL,
652 646 NULL,
653 647 uid);
654 648 if (status != GSS_S_DUPLICATE_ELEMENT) {
655 649 printf(gettext("Expected duplicate element, Got "
656 650 " (octal) %o (%s)\n"),
657 651 status, gettext("gss_add_cred error"));
658 652 }
659 653 status = kgss_inquire_cred(
660 654 &minor_status,
661 655 acceptor_credentials,
662 656 NULL,
663 657 &time_req,
664 658 &cred_usage,
665 659 &inquire_mechs,
666 660 uid);
667 661
668 662 if (status != GSS_S_COMPLETE)
669 663 printf(gettext("server ret err (octal) %o (%s)\n"),
670 664 status, gettext("gss_inquire_cred error"));
671 665 else {
672 666 for (i = 0; i < inquire_mechs->count; i++) {
673 667 if ((string =
674 668 gss_oid2str
675 669 (&inquire_mechs->elements[i])) == 0) {
676 670 printf(gettext
677 671 ("inquire_mechs mechs == NULL\n\n"));
678 672 } else {
679 673 printf(gettext
680 674 ("inquire_cred mechs = %s\n\n"),
681 675 string);
682 676 FREE(string,
683 677 (inquire_mechs->elements->length+1)*4
684 678 +1);
685 679 }
686 680 }
687 681 printf(gettext("inquire_cred successful \n\n"));
688 682 }
689 683
690 684 } else {
691 685 printf(gettext("server ret err (octal) %o (%s)\n"),
692 686 status, gettext("gss_acquire_cred error"));
693 687 }
694 688
695 689 /* Let us do inquire_cred_by_mech for both mechanisms */
696 690 status = kgss_inquire_cred_by_mech(
697 691 &minor_status,
698 692 acceptor_credentials,
699 693 mech_type,
700 694 uid);
701 695 if (status != GSS_S_COMPLETE)
702 696 printf(gettext("server ret err (octal) %o (%s)\n"),
703 697 status, gettext("gss_inquire_cred_by_mech"));
704 698 else
705 699 printf(gettext("gss_inquire_cred_by_mech successful"));
706 700
707 701
708 702 FREE(mech_type->elements, mech_type->length);
709 703 FREE(mech_type, sizeof (gss_OID_desc));
710 704 mech_type = gss_str2oid((char *)GSS_KRB5_MECH_OID);
711 705 status = kgss_inquire_cred_by_mech(
712 706 &minor_status,
713 707 acceptor_credentials,
714 708 mech_type,
715 709 uid);
716 710 if (status != GSS_S_COMPLETE)
717 711 printf(gettext("server ret err (octal) %o (%s)\n"),
718 712 status, gettext
719 713 ("gss_inquire_cred_by_mech for dummy mech error"));
720 714
721 715 /* free allocated memory */
722 716
723 717 /* actual mechs is allocated by clnt_stubs. Release it here */
724 718 if (actual_mechs != GSS_C_NULL_OID_SET)
725 719 gss_release_oid_set_and_oids(&minor_status, &actual_mechs);
726 720 if (inquire_mechs != GSS_C_NULL_OID_SET)
727 721 gss_release_oid_set_and_oids(&minor_status, &inquire_mechs);
728 722
729 723 gss_release_name(&minor_status, &desired_name);
730 724
731 725 /* mech_type and desired_mechs are allocated above. Release it here */
732 726
733 727 FREE(mech_type->elements, mech_type->length);
734 728 FREE(mech_type, sizeof (gss_OID_desc));
735 729 }
736 730
737 731 /*ARGSUSED*/
738 732 static void
739 733 _gss_release_cred(argc, argv)
740 734 int argc;
741 735 char **argv;
742 736 {
743 737 OM_UINT32 status;
744 738 OM_UINT32 minor_status;
745 739 uid_t uid;
746 740
747 741 /* set up input arguments here */
748 742
749 743 if (argc != 0) {
750 744 usage();
751 745 return;
752 746 }
753 747
754 748 uid = getuid();
755 749
756 750 status = kgss_release_cred(
757 751 &minor_status,
758 752 &acceptor_credentials,
759 753 uid);
760 754
761 755 /* store major and minor status for gss_display_status() call */
762 756
763 757 gss_major_code = status;
764 758 gss_minor_code = minor_status;
765 759
766 760 if (status == GSS_S_COMPLETE) {
767 761 printf(gettext("\nrelease succeeded\n\n"));
768 762 } else {
769 763 printf(gettext("server ret err (octal) %o (%s)\n"),
770 764 status, gettext("gss_release_cred error"));
771 765 }
772 766 }
773 767
774 768 static void
775 769 _gss_init_sec_context(argc, argv)
776 770 int argc;
777 771 char **argv;
778 772 {
779 773
780 774 OM_uint32 status;
781 775
782 776 OM_uint32 minor_status;
783 777 gss_cred_id_t claimant_cred_handle;
784 778 gss_name_t target_name = (gss_name_t) 0;
785 779 gss_OID mech_type = (gss_OID) 0;
786 780 int req_flags;
787 781 OM_uint32 time_req;
788 782 gss_channel_bindings_t input_chan_bindings;
789 783 gss_buffer_t input_token;
790 784 gss_buffer_desc context_token;
791 785 gss_OID actual_mech_type;
792 786 int ret_flags;
793 787 OM_uint32 time_rec;
794 788 uid_t uid;
795 789 char * string;
796 790 gss_buffer_desc name;
797 791
798 792 /*
799 793 * If this is the first phase of the context establishment,
800 794 * clear initiator_context_handle and indicate next phase.
801 795 */
802 796
803 797 if (init_sec_context_phase == 0) {
804 798 initiator_context_handle = GSS_C_NO_CONTEXT;
805 799 input_token = GSS_C_NO_BUFFER;
806 800 init_sec_context_phase = 1;
807 801 } else
808 802 input_token = &init_token_buffer;
809 803
810 804 /*
811 805 * First set up the non-variable command line independent input
812 806 * arguments
813 807 */
814 808
815 809 claimant_cred_handle = GSS_C_NO_CREDENTIAL;
816 810
817 811 req_flags = GSS_C_MUTUAL_FLAG;
818 812 time_req = (OM_uint32) 0;
819 813 input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS;
820 814 uid = getuid();
821 815
822 816 /* Now parse the command line for the remaining input arguments */
823 817
824 818 if (argc == 0) {
825 819 usage();
826 820 return;
827 821 }
828 822
829 823 /*
830 824 * Get the name of the target.
831 825 */
832 826
833 827 name.length = strlen(argv[0])+1;
834 828 name.value = argv[0];
835 829
836 830 /*
837 831 * Now convert the string given by the first argument into a target
838 832 * name suitable for input to gss_init_sec_context()
839 833 */
840 834
841 835 if ((status = gss_import_name(&minor_status, &name,
842 836 /* GSS_C_NULL_OID, &target_name)) */
843 837 (gss_OID)GSS_C_NT_HOSTBASED_SERVICE, &target_name))
844 838 != GSS_S_COMPLETE) {
845 839 printf(gettext(
846 840 "could not parse target name: err (octal) %o (%s)\n"),
847 841 status,
848 842 gettext("gss_init_sec_context error"));
849 843 if (input_token != GSS_C_NO_BUFFER)
850 844 gss_release_buffer(&minor_status, &init_token_buffer);
851 845 init_sec_context_phase = 0;
852 846 return;
853 847 }
854 848
855 849 argc--;
856 850 argv++;
857 851
858 852 if (argc == 0) {
859 853 printf(gettext("Assuming Kerberos V5 as the mechanism\n"));
860 854 printf(gettext(
861 855 "The mech OID 1.2.840.113554.1.2.2 will be used\n"));
862 856 mech_type = gss_str2oid((char *)GSS_KRB5_MECH_OID);
863 857 } else {
864 858 mech_type = gss_str2oid(argv[0]);
865 859 }
866 860
867 861 if (mech_type == 0 || mech_type->length == 0) {
868 862 printf(gettext("improperly formated mechanism OID\n"));
869 863 if (input_token != GSS_C_NO_BUFFER)
870 864 gss_release_buffer(&minor_status, &init_token_buffer);
871 865 init_sec_context_phase = 0;
872 866 return;
873 867 }
874 868
875 869 /* call kgss_init_sec_context */
876 870
877 871 status = kgss_init_sec_context(&minor_status,
878 872 claimant_cred_handle,
879 873 &initiator_context_handle,
880 874 target_name,
881 875 mech_type,
882 876 req_flags,
883 877 time_req,
884 878 input_chan_bindings,
885 879 input_token,
886 880 &actual_mech_type,
887 881 &accept_token_buffer,
888 882 &ret_flags,
889 883 &time_rec,
890 884 uid);
891 885
892 886 /* store major and minor status for gss_display_status() call */
893 887 gss_major_code = status;
894 888 gss_minor_code = minor_status;
895 889
896 890 if (status != GSS_S_COMPLETE &&
897 891 status != GSS_S_CONTINUE_NEEDED) {
898 892
899 893 printf(gettext("server ret err (octal) %o (%s)\n"),
900 894 status, "gss_init_sec_context error");
901 895 init_sec_context_phase = 0;
902 896 if (status == GSS_S_NO_CRED)
903 897 printf(gettext(" : no credentials"));
904 898 if (input_token != GSS_C_NO_BUFFER)
905 899 gss_release_buffer(&minor_status, &init_token_buffer);
906 900 if (status != GSS_S_FAILURE && minor_status != 0xffffffff)
907 901 status = kgss_delete_sec_context(&minor_status,
908 902 &initiator_context_handle,
909 903 &msg_token);
910 904 return;
911 905
912 906 } else if (status == GSS_S_COMPLETE) {
913 907
914 908 /* process returned values */
915 909
916 910 printf(gettext("\ninit succeeded\n\n"));
917 911
918 912 /* print out the actual mechanism type */
919 913
920 914 if ((string = gss_oid2str(actual_mech_type)) == 0) {
921 915
922 916 printf(gettext(
923 917 "gssapi internal err : actual "
924 918 "mech type null\n"));
925 919 init_sec_context_phase = 0;
926 920 if (input_token != GSS_C_NO_BUFFER)
927 921 gss_release_buffer(&minor_status,
928 922 &init_token_buffer);
929 923 gss_release_buffer(&minor_status, &accept_token_buffer);
930 924 status = kgss_delete_sec_context(&minor_status,
931 925 &initiator_context_handle,
932 926 &msg_token);
933 927 return;
934 928 } else {
935 929 printf(gettext("actual mech type = %s\n\n"), string);
936 930 FREE(string, (actual_mech_type->length+1)*4+1);
937 931 }
938 932
939 933 /* print out value of ret_flags and time_req */
940 934
941 935 if (ret_flags & GSS_C_DELEG_FLAG)
942 936 printf(gettext("GSS_C_DELEG_FLAG = True\n"));
943 937 else
944 938 printf(gettext("GSS_C_DELEG_FLAG = False\n"));
945 939
946 940 if (ret_flags & GSS_C_MUTUAL_FLAG)
947 941 printf(gettext("GSS_C_MUTUAL_FLAG = True\n"));
948 942 else
949 943 printf(gettext("GSS_C_MUTUAL_FLAG = False\n"));
950 944
951 945 if (ret_flags & GSS_C_REPLAY_FLAG)
952 946 printf(gettext("GSS_C_REPLAY_FLAG = True\n"));
953 947 else
954 948 printf(gettext("GSS_C_REPLAY_FLAG = False\n"));
955 949
956 950 if (ret_flags & GSS_C_SEQUENCE_FLAG)
957 951 printf(gettext("GSS_C_SEQUENCE_FLAG = True\n"));
958 952 else
959 953 printf(gettext("GSS_C_SEQUENCE_FLAG = False\n"));
960 954
961 955 if (ret_flags & GSS_C_CONF_FLAG)
962 956 printf(gettext("GSS_C_CONF_FLAG = True\n"));
963 957 else
964 958 printf(gettext("GSS_C_CONF_FLAG = False\n"));
965 959
966 960 if (ret_flags & GSS_C_INTEG_FLAG)
967 961 printf(gettext("GSS_C_INTEG_FLAG = True\n\n"));
968 962 else
969 963 printf(gettext("GSS_C_INTEG_FLAG = False\n\n"));
970 964
971 965 printf(gettext("time_req = %u seconds\n\n"), time_rec);
972 966
973 967 /* free allocated memory */
974 968
975 969 FREE(mech_type->elements, mech_type->length);
976 970 FREE(mech_type, sizeof (gss_OID_desc));
977 971
978 972 /* these two were malloc'd by kgss_init_sec_context() */
979 973
980 974 FREE(actual_mech_type->elements, actual_mech_type->length);
981 975 FREE(actual_mech_type, sizeof (gss_OID_desc));
982 976
983 977 gss_release_name(&minor_status, &target_name);
984 978
985 979 if (input_token != GSS_C_NO_BUFFER)
986 980 gss_release_buffer(&minor_status, &init_token_buffer);
987 981
988 982 /*
989 983 * if status == GSS_S_COMPLETE, reset the phase to 0 and
990 984 * release token in accept_token_buffer
991 985 */
992 986
993 987 init_sec_context_phase = 0;
994 988 /* Save and restore the context */
995 989 status = kgss_export_sec_context(&minor_status,
996 990 &initiator_context_handle,
997 991 &context_token);
998 992 if (status != GSS_S_COMPLETE) {
999 993 printf(gettext("server ret err (octal) %o (%s)\n"),
1000 994 status, gettext("gss_export_sec_context_error"));
1001 995 return;
1002 996 }
1003 997 status = kgss_import_sec_context(&minor_status,
1004 998 &context_token,
1005 999 &initiator_context_handle);
1006 1000 if (status != GSS_S_COMPLETE) {
1007 1001 printf(gettext("server ret err (octal) %o (%s)\n"),
1008 1002 status, gettext("gss_import_sec_context_error"));
1009 1003 return;
1010 1004 }
1011 1005 (void) gss_release_buffer(&minor_status, &context_token);
1012 1006
1013 1007 /* gss_export & gss_import secxc_context worked, return */
1014 1008 printf(gettext("\nexport and import of contexts succeeded\n"));
1015 1009 printf(gettext("\ninit completed"));
1016 1010
1017 1011 } else {
1018 1012 printf(gettext("\nfirst phase of init succeeded"));
1019 1013 printf(gettext("\ninit must be called again\n\n"));
1020 1014 }
1021 1015
1022 1016 }
1023 1017
1024 1018 /*ARGSUSED*/
1025 1019 static void
1026 1020 _gss_accept_sec_context(argc, argv)
1027 1021 int argc;
1028 1022 char **argv;
1029 1023 {
1030 1024 OM_UINT32 status;
1031 1025
1032 1026 OM_uint32 minor_status;
1033 1027 gss_channel_bindings_t input_chan_bindings;
1034 1028 gss_OID mech_type;
1035 1029 int ret_flags;
1036 1030 OM_uint32 time_rec;
1037 1031 gss_cred_id_t delegated_cred_handle;
1038 1032 uid_t uid;
1039 1033 char *string;
1040 1034 gss_buffer_desc src_name, src_name_string;
1041 1035 gss_buffer_desc output_token;
1042 1036 gss_name_t gss_name;
1043 1037 gss_buffer_desc context_token;
1044 1038
1045 1039 /*
1046 1040 * If this is the first phase of the context establishment,
1047 1041 * clear acceptor_context_handle and indicate next phase.
1048 1042 */
1049 1043
1050 1044 if (accept_sec_context_phase == 0) {
1051 1045 acceptor_context_handle = GSS_C_NO_CONTEXT;
1052 1046 accept_sec_context_phase = 1;
1053 1047 }
1054 1048
1055 1049 /* Now set up the other command line independent input arguments */
1056 1050
1057 1051 input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS;
1058 1052
1059 1053 uid = (uid_t) getuid();
1060 1054
1061 1055 if (argc != 0) {
1062 1056 usage();
1063 1057 return;
1064 1058 }
1065 1059
1066 1060 status = kgss_accept_sec_context(&minor_status,
1067 1061 &acceptor_context_handle,
1068 1062 acceptor_credentials,
1069 1063 &accept_token_buffer,
1070 1064 input_chan_bindings,
1071 1065 &src_name,
1072 1066 &mech_type,
1073 1067 &init_token_buffer,
1074 1068 &ret_flags,
1075 1069 &time_rec,
1076 1070 &delegated_cred_handle,
1077 1071 uid);
1078 1072
1079 1073 /* store major and minor status for gss_display_status() call */
1080 1074
1081 1075 gss_major_code = status;
1082 1076 gss_minor_code = minor_status;
1083 1077
1084 1078 if (status != GSS_S_COMPLETE && status != GSS_S_CONTINUE_NEEDED) {
1085 1079 printf(gettext("server ret err (octal) %o (%s)\n"),
1086 1080 status, gettext("gss_accept_sec_context error"));
1087 1081 gss_release_buffer(&minor_status, &accept_token_buffer);
1088 1082 return;
1089 1083 } else if (status == GSS_S_COMPLETE) {
1090 1084
1091 1085 /* process returned values */
1092 1086
1093 1087 printf(gettext("\naccept succeeded\n\n"));
1094 1088
1095 1089 /*
1096 1090 * convert the exported name returned in src_name into
1097 1091 * a string and print it.
1098 1092 */
1099 1093 if ((status = gss_import_name(&minor_status, &src_name,
1100 1094 (gss_OID) GSS_C_NT_EXPORT_NAME, &gss_name))
1101 1095 != GSS_S_COMPLETE) {
1102 1096 printf(gettext(
1103 1097 "could not import src name 0x%x\n"), status);
1104 1098 accept_sec_context_phase = 0;
1105 1099 status = kgss_delete_sec_context(&minor_status,
1106 1100 &acceptor_context_handle,
1107 1101 &output_token);
1108 1102 gss_release_buffer(&minor_status, &accept_token_buffer);
1109 1103 if (status == GSS_S_CONTINUE_NEEDED)
1110 1104 gss_release_buffer(&minor_status,
1111 1105 &init_token_buffer);
1112 1106 gss_release_buffer(&minor_status, &src_name);
1113 1107 return;
1114 1108 }
1115 1109
1116 1110 memset(&src_name_string, 0, sizeof (src_name_string));
1117 1111 if ((status = gss_display_name(&minor_status, gss_name,
1118 1112 &src_name_string, NULL)) != GSS_S_COMPLETE) {
1119 1113 printf(gettext("could not display src name: "
1120 1114 "err (octal) %o (%s)\n"), status,
1121 1115 "gss_init_sec_context error");
1122 1116 accept_sec_context_phase = 0;
1123 1117 status = kgss_delete_sec_context(&minor_status,
1124 1118 &acceptor_context_handle,
1125 1119 &output_token);
1126 1120 gss_release_buffer(&minor_status, &accept_token_buffer);
1127 1121 if (status == GSS_S_CONTINUE_NEEDED)
1128 1122 gss_release_buffer(&minor_status,
1129 1123 &init_token_buffer);
1130 1124 gss_release_buffer(&minor_status, &src_name);
1131 1125 return;
1132 1126 }
1133 1127 printf(gettext("src name = %s\n"), src_name_string.value);
1134 1128 gss_release_name(&minor_status, &gss_name);
1135 1129 gss_release_buffer(&minor_status, &src_name_string);
1136 1130 gss_release_buffer(&minor_status, &src_name);
1137 1131
1138 1132 /* print out the mechanism type */
1139 1133
1140 1134 if ((string = gss_oid2str(mech_type)) == 0) {
1141 1135
1142 1136 printf(gettext(
1143 1137 "gssapi internal err :"
1144 1138 " actual mech type null\n"));
1145 1139 accept_sec_context_phase = 0;
1146 1140 status = kgss_delete_sec_context(&minor_status,
1147 1141 &acceptor_context_handle,
1148 1142 &output_token);
1149 1143 gss_release_buffer(&minor_status, &accept_token_buffer);
1150 1144 if (status == GSS_S_CONTINUE_NEEDED)
1151 1145 gss_release_buffer(&minor_status,
1152 1146 &init_token_buffer);
1153 1147 return;
1154 1148 } else {
1155 1149
1156 1150 printf(gettext("actual mech type = %s\n\n"), string);
1157 1151 FREE(string, (mech_type->length+1)*4+1);
1158 1152 }
1159 1153
1160 1154 /* Save and restore the context */
1161 1155 status = kgss_export_sec_context(&minor_status,
1162 1156 &initiator_context_handle,
1163 1157 &context_token);
1164 1158 if (status != GSS_S_COMPLETE) {
1165 1159 printf(gettext("server ret err (octal) %o (%s)\n"),
1166 1160 status, gettext("gss_export_sec_context_error"));
1167 1161 return;
1168 1162 }
1169 1163 status = kgss_import_sec_context(&minor_status,
1170 1164 &context_token,
1171 1165 &initiator_context_handle);
1172 1166 if (status != GSS_S_COMPLETE) {
1173 1167 printf(gettext("server ret err (octal) %o (%s)\n"),
1174 1168 status, gettext("gss_import_sec_context_error"));
1175 1169 return;
1176 1170 }
1177 1171 (void) gss_release_buffer(&minor_status, &context_token);
1178 1172
1179 1173 /* gss_export & gss_import secxc_context worked, return */
1180 1174
1181 1175 /* print out value of ret_flags and time_req */
1182 1176
1183 1177 if (ret_flags & GSS_C_DELEG_FLAG)
1184 1178 printf(gettext("GSS_C_DELEG_FLAG = True\n"));
1185 1179 else
1186 1180 printf(gettext("GSS_C_DELEG_FLAG = False\n"));
1187 1181
1188 1182 if (ret_flags & GSS_C_MUTUAL_FLAG)
1189 1183 printf(gettext("GSS_C_MUTUAL_FLAG = True\n"));
1190 1184 else
1191 1185 printf(gettext("GSS_C_MUTUAL_FLAG = False\n"));
1192 1186
1193 1187 if (ret_flags & GSS_C_REPLAY_FLAG)
1194 1188 printf(gettext("GSS_C_REPLAY_FLAG = True\n"));
1195 1189 else
1196 1190 printf(gettext("GSS_C_REPLAY_FLAG = False\n"));
1197 1191
1198 1192 if (ret_flags & GSS_C_SEQUENCE_FLAG)
1199 1193 printf(gettext("GSS_C_SEQUENCE_FLAG = True\n"));
1200 1194 else
1201 1195 printf(gettext("GSS_C_SEQUENCE_FLAG = False\n"));
1202 1196
1203 1197 if (ret_flags & GSS_C_CONF_FLAG)
1204 1198 printf(gettext("GSS_C_CONF_FLAG = True\n"));
1205 1199 else
1206 1200 printf(gettext("GSS_C_CONF_FLAG = False\n"));
1207 1201
1208 1202 if (ret_flags & GSS_C_INTEG_FLAG)
1209 1203 printf(gettext("GSS_C_INTEG_FLAG = True\n\n"));
1210 1204 else
1211 1205 printf(gettext("GSS_C_INTEG_FLAG = False\n\n"));
1212 1206
1213 1207 printf(gettext("time_rec = %d seconds\n\n"), time_rec);
1214 1208
1215 1209 /* free allocated memory */
1216 1210
1217 1211 printf(gettext("\nexport and import of contexts succeeded\n"));
1218 1212
1219 1213 FREE(mech_type->elements, mech_type->length);
1220 1214 FREE(mech_type, sizeof (gss_OID_desc));
1221 1215 } else {
1222 1216 printf(gettext("\nfirst phase of accept succeeded"));
1223 1217 printf(gettext("\naccept must be called again\n\n"));
1224 1218 }
1225 1219
1226 1220
1227 1221 /* free the input token in accept_token_buffer */
1228 1222 gss_release_buffer(&minor_status, &accept_token_buffer);
1229 1223
1230 1224 /* if status == GSS_S_COMPLETE, reset the phase to 0 */
1231 1225
1232 1226 if (status == GSS_S_COMPLETE)
1233 1227 accept_sec_context_phase = 0;
1234 1228
1235 1229 /* gss_accept_sec_context worked, return */
1236 1230 }
1237 1231
1238 1232 void
1239 1233 _gss_process_context_token(argc, argv)
1240 1234 int argc;
1241 1235 char **argv;
1242 1236 {
1243 1237 OM_UINT32 status;
1244 1238
1245 1239 gss_ctx_id_t context_handle;
1246 1240 OM_uint32 minor_status;
1247 1241 uid_t uid;
1248 1242
1249 1243 uid = (uid_t) getuid();
1250 1244
1251 1245 /* parse the command line to determine the variable input argument */
1252 1246
1253 1247 if (argc == 0) {
1254 1248 usage();
1255 1249 return;
1256 1250 }
1257 1251
1258 1252 if (strcmp(argv[0], "initiator") == 0)
1259 1253 context_handle = initiator_context_handle;
1260 1254 else if (strcmp(argv[0], "acceptor") == 0)
1261 1255 context_handle = acceptor_context_handle;
1262 1256 else {
1263 1257 printf(gettext(
1264 1258 "must specify either \"initiator\" or \"acceptor\"\n"));
1265 1259 return;
1266 1260 }
1267 1261
1268 1262 argc--;
1269 1263 argv++;
1270 1264
1271 1265 if (argc != 0) {
1272 1266 usage();
1273 1267 return;
1274 1268 }
1275 1269
1276 1270 status = kgss_process_context_token(&minor_status,
1277 1271 context_handle,
1278 1272 delete_token_buffer,
1279 1273 uid);
1280 1274
1281 1275 /* store major and minor status for gss_display_status() call */
1282 1276
1283 1277 gss_major_code = status;
1284 1278 gss_minor_code = minor_status;
1285 1279
1286 1280 if (status != GSS_S_COMPLETE) {
1287 1281 printf(gettext("server ret err (octal) %o (%s)\n"),
1288 1282 status, gettext("gss_process_context_token error"));
1289 1283 return;
1290 1284
1291 1285 } else {
1292 1286 printf(gettext("\nprocess succeeded\n\n"));
1293 1287 return;
1294 1288 }
1295 1289 }
1296 1290
1297 1291 static void
1298 1292 _gss_delete_sec_context(argc, argv)
1299 1293 int argc;
1300 1294 char **argv;
1301 1295 {
1302 1296 OM_UINT32 status;
1303 1297 gss_ctx_id_t *context_handle;
1304 1298 OM_uint32 minor_status;
1305 1299 uid_t uid;
1306 1300
1307 1301 uid = (uid_t) getuid();
1308 1302
1309 1303 /* parse the command line to determine the variable input argument */
1310 1304
1311 1305 if (argc == 0) {
1312 1306 usage();
1313 1307 return;
1314 1308 }
1315 1309
1316 1310 if (strcmp(argv[0], "initiator") == 0) {
1317 1311 context_handle = &initiator_context_handle;
1318 1312 } else if (strcmp(argv[0], "acceptor") == 0) {
1319 1313 context_handle = &acceptor_context_handle;
1320 1314 } else {
1321 1315 printf(gettext(
1322 1316 "must specify either \"initiator\" or \"acceptor\"\n"));
1323 1317 return;
1324 1318 }
1325 1319
1326 1320 argc--;
1327 1321 argv++;
1328 1322
1329 1323 if (argc != 0) {
1330 1324 usage();
1331 1325 return;
1332 1326 }
1333 1327
1334 1328
1335 1329 status = kgss_delete_sec_context(&minor_status,
1336 1330 context_handle,
1337 1331 &delete_token_buffer);
1338 1332
1339 1333
1340 1334 /* store major and minor status for gss_display_status() call */
1341 1335
1342 1336 gss_major_code = status;
1343 1337 gss_minor_code = minor_status;
1344 1338
1345 1339 if (status != GSS_S_COMPLETE) {
1346 1340
1347 1341 printf(gettext("server ret err (octal) %o (%s)\n"),
1348 1342 status, gettext("gss_delete_sec_context error"));
1349 1343 return;
1350 1344
1351 1345 } else {
1352 1346 printf(gettext("\ndelete succeeded\n\n"));
1353 1347 return;
1354 1348 }
1355 1349 }
1356 1350
1357 1351 /*ARGSUSED*/
1358 1352 static void
1359 1353 _gss_context_time(argc, argv)
1360 1354 int argc;
1361 1355 char **argv;
1362 1356 {
1363 1357 /*
1364 1358 * set up input arguments here
1365 1359 * this function is unimplemented. Call usage() and return
1366 1360 */
1367 1361
1368 1362 printf(gettext("\nunimplemented function"));
1369 1363 }
1370 1364
1371 1365 static void
1372 1366 _gss_sign(argc, argv)
1373 1367 int argc;
1374 1368 char **argv;
1375 1369 {
1376 1370 OM_UINT32 status;
1377 1371 OM_uint32 minor_status;
1378 1372 gss_ctx_id_t context_handle;
1379 1373 int qop_req;
1380 1374 uid_t uid;
1381 1375
1382 1376 uid = (uid_t) getuid();
1383 1377
1384 1378 /* specify the default quality of protection */
1385 1379
1386 1380 qop_req = GSS_C_QOP_DEFAULT;
1387 1381
1388 1382 /* set up the arguments specified in the input parameters */
1389 1383
1390 1384 if (argc == 0) {
1391 1385 usage();
1392 1386 return;
1393 1387 }
1394 1388
1395 1389
1396 1390 if (strcmp(argv[0], "initiator") == 0)
1397 1391 context_handle = initiator_context_handle;
1398 1392 else if (strcmp(argv[0], "acceptor") == 0)
1399 1393 context_handle = acceptor_context_handle;
1400 1394 else {
1401 1395 printf(gettext(
1402 1396 "must specify either \"initiator\" or \"acceptor\"\n"));
1403 1397 return;
1404 1398 }
1405 1399
1406 1400 argc--;
1407 1401 argv++;
1408 1402
1409 1403 if (argc == 0) {
1410 1404 usage();
1411 1405 return;
1412 1406 }
1413 1407
1414 1408 message_buffer.length = strlen(argv[0])+1;
1415 1409 message_buffer.value = (void *) MALLOC(message_buffer.length);
1416 1410 strcpy(message_buffer.value, argv[0]);
1417 1411
1418 1412 argc--;
1419 1413 argv++;
1420 1414
1421 1415 if (argc != 0) {
1422 1416 usage();
1423 1417 return;
1424 1418 }
1425 1419
1426 1420 status = kgss_sign(&minor_status,
1427 1421 context_handle,
1428 1422 qop_req,
1429 1423 &message_buffer,
1430 1424 &msg_token,
1431 1425 uid);
1432 1426
1433 1427 /* store major and minor status for gss_display_status() call */
1434 1428
1435 1429 gss_major_code = status;
1436 1430 gss_minor_code = minor_status;
1437 1431
1438 1432 if (status != GSS_S_COMPLETE) {
1439 1433 printf(gettext("server ret err (octal) %o (%s)\n"),
1440 1434 status, gettext("gss_sign error"));
1441 1435 return;
1442 1436
1443 1437 } else {
1444 1438 printf(gettext("\nsign succeeded\n\n"));
1445 1439 return;
1446 1440 }
1447 1441 }
1448 1442
1449 1443 static void
1450 1444 _gss_verify(argc, argv)
1451 1445 int argc;
1452 1446 char **argv;
1453 1447 {
1454 1448 OM_UINT32 status, minor_status;
1455 1449 gss_ctx_id_t context_handle;
1456 1450 int qop_state;
1457 1451 uid_t uid;
1458 1452
1459 1453 uid = (uid_t) getuid();
1460 1454
1461 1455 /* set up the arguments specified in the input parameters */
1462 1456
1463 1457 if (argc == 0) {
1464 1458 usage();
1465 1459 return;
1466 1460 }
1467 1461
1468 1462
1469 1463 if (strcmp(argv[0], "initiator") == 0)
1470 1464 context_handle = initiator_context_handle;
1471 1465 else if (strcmp(argv[0], "acceptor") == 0)
1472 1466 context_handle = acceptor_context_handle;
1473 1467 else {
1474 1468 printf(gettext(
1475 1469 "must specify either \"initiator\" or \"acceptor\"\n"));
1476 1470 return;
1477 1471 }
1478 1472
1479 1473 argc--;
1480 1474 argv++;
1481 1475
1482 1476 if (argc != 0) {
1483 1477 usage();
1484 1478 return;
1485 1479 }
1486 1480
1487 1481 status = kgss_verify(&minor_status,
1488 1482 context_handle,
1489 1483 &message_buffer,
1490 1484 &msg_token,
1491 1485 &qop_state,
1492 1486 uid);
1493 1487
1494 1488 /* store major and minor status for gss_display_status() call */
1495 1489
1496 1490 gss_major_code = status;
1497 1491 gss_minor_code = minor_status;
1498 1492
1499 1493 if (status != GSS_S_COMPLETE) {
1500 1494 printf(gettext("server ret err (octal) %o (%s)\n"),
1501 1495 status, gettext("gss_verify error"));
1502 1496 return;
1503 1497 } else {
1504 1498
1505 1499 /* print out the verified message */
1506 1500
1507 1501 printf(gettext(
1508 1502 "verified message = \"%s\"\n\n"), message_buffer.value);
1509 1503
1510 1504 /* print out the quality of protection returned */
1511 1505
1512 1506 printf(gettext("quality of protection = %d \n\n"), qop_state);
↓ open down ↓ |
1193 lines elided |
↑ open up ↑ |
1513 1507
1514 1508 /* free the message buffer and message token and return */
1515 1509
1516 1510 gss_release_buffer(&minor_status, &message_buffer);
1517 1511 gss_release_buffer(&minor_status, &msg_token);
1518 1512
1519 1513 return;
1520 1514 }
1521 1515 }
1522 1516
1523 -/* EXPORT DELETE START */
1524 1517 static void
1525 1518 _gss_seal(argc, argv)
1526 1519 int argc;
1527 1520 char **argv;
1528 1521 {
1529 1522 OM_UINT32 status;
1530 1523
1531 1524 OM_uint32 minor_status;
1532 1525 gss_ctx_id_t context_handle;
1533 1526 int conf_req_flag;
1534 1527 int qop_req;
1535 1528 gss_buffer_desc input_message_buffer;
1536 1529 int conf_state;
1537 1530 uid_t uid;
1538 1531
1539 1532 uid = (uid_t) getuid();
1540 1533
1541 1534 /*
1542 1535 * specify the default confidentiality requested (both integrity
1543 1536 * and confidentiality) and quality of protection
1544 1537 */
1545 1538
1546 1539 conf_req_flag = 1;
1547 1540 qop_req = GSS_C_QOP_DEFAULT;
1548 1541
1549 1542 /* set up the arguments specified in the input parameters */
1550 1543
1551 1544 if (argc == 0) {
1552 1545 usage();
1553 1546 return;
1554 1547 }
1555 1548
1556 1549
1557 1550 if (strcmp(argv[0], "initiator") == 0)
1558 1551 context_handle = initiator_context_handle;
1559 1552 else if (strcmp(argv[0], "acceptor") == 0)
1560 1553 context_handle = acceptor_context_handle;
1561 1554 else {
1562 1555 printf(gettext(
1563 1556 "must specify either \"initiator\" or \"acceptor\"\n"));
1564 1557 return;
1565 1558 }
1566 1559
1567 1560 argc--;
1568 1561 argv++;
1569 1562
1570 1563 if (argc == 0) {
1571 1564 usage();
1572 1565 return;
1573 1566 }
1574 1567
1575 1568
1576 1569 input_message_buffer.length = strlen(argv[0])+1;
1577 1570 input_message_buffer.value =
1578 1571 (void *) MALLOC(input_message_buffer.length);
1579 1572 strcpy(input_message_buffer.value, argv[0]);
1580 1573
1581 1574 argc--;
1582 1575 argv++;
1583 1576
1584 1577 if (argc != 0) {
1585 1578 usage();
1586 1579 return;
1587 1580 }
1588 1581
1589 1582 status = kgss_seal(&minor_status,
1590 1583 context_handle,
1591 1584 conf_req_flag,
1592 1585 qop_req,
1593 1586 &input_message_buffer,
1594 1587 &conf_state,
1595 1588 &message_buffer,
1596 1589 uid);
1597 1590
1598 1591 /* store major and minor status for gss_display_status() call */
1599 1592
1600 1593 gss_major_code = status;
1601 1594 gss_minor_code = minor_status;
1602 1595
1603 1596 /* free the inputmessage buffer */
1604 1597
1605 1598 gss_release_buffer(&minor_status, &input_message_buffer);
1606 1599
1607 1600 if (status != GSS_S_COMPLETE) {
1608 1601 printf(gettext("server ret err (octal) %o (%s)\n"),
1609 1602 status, gettext("gss_seal error"));
1610 1603 return;
1611 1604 } else {
1612 1605 printf(gettext("\nseal succeeded\n\n"));
1613 1606 return;
1614 1607 }
1615 1608 }
1616 1609
1617 1610 static void
1618 1611 _gss_unseal(argc, argv)
1619 1612 int argc;
1620 1613 char **argv;
1621 1614 {
1622 1615 OM_UINT32 status;
1623 1616
1624 1617 OM_uint32 minor_status;
1625 1618 gss_ctx_id_t context_handle;
1626 1619 gss_buffer_desc output_message_buffer;
1627 1620 int conf_state;
1628 1621 int qop_state;
1629 1622 uid_t uid;
1630 1623
1631 1624 uid = (uid_t) getuid();
1632 1625
1633 1626 /* set up the arguments specified in the input parameters */
1634 1627
1635 1628 if (argc == 0) {
1636 1629 usage();
1637 1630 return;
1638 1631 }
1639 1632
1640 1633
1641 1634 if (strcmp(argv[0], "initiator") == 0)
1642 1635 context_handle = initiator_context_handle;
1643 1636 else if (strcmp(argv[0], "acceptor") == 0)
1644 1637 context_handle = acceptor_context_handle;
1645 1638 else {
1646 1639 printf(gettext(
1647 1640 "must specify either \"initiator\" or \"acceptor\"\n"));
1648 1641 return;
1649 1642 }
1650 1643
1651 1644 argc--;
1652 1645 argv++;
1653 1646
1654 1647 if (argc != 0) {
1655 1648 usage();
1656 1649 return;
1657 1650 }
1658 1651
1659 1652 status = kgss_unseal(&minor_status,
1660 1653 context_handle,
1661 1654 &message_buffer,
1662 1655 &output_message_buffer,
1663 1656 &conf_state,
1664 1657 &qop_state,
1665 1658 uid);
1666 1659
1667 1660 /* store major and minor status for gss_display_status() call */
1668 1661
1669 1662 gss_major_code = status;
1670 1663 gss_minor_code = minor_status;
1671 1664
1672 1665 if (status == GSS_S_COMPLETE) {
1673 1666 printf(gettext("\nunseal succeeded\n\n"));
1674 1667 printf(gettext("unsealed message = \"%s\"\n\n"),
1675 1668 output_message_buffer.value);
1676 1669 if (conf_state)
1677 1670 printf(gettext("confidentiality and integrity used\n"));
1678 1671 else
1679 1672 printf(gettext("only integrity used\n"));
1680 1673 printf(gettext("quality of protection = %d\n\n"), qop_state);
↓ open down ↓ |
147 lines elided |
↑ open up ↑ |
1681 1674 gss_release_buffer(&minor_status, &output_message_buffer);
1682 1675 } else {
1683 1676 printf(gettext("server ret err (octal) %o (%s)\n"),
1684 1677 status, gettext("gss_unseal error"));
1685 1678 }
1686 1679
1687 1680 /* free the message buffer and return */
1688 1681
1689 1682 gss_release_buffer(&minor_status, &message_buffer);
1690 1683 }
1691 -/* EXPORT DELETE END */
1692 1684
1693 1685 static void
1694 1686 _gss_display_status(argc, argv)
1695 1687 int argc;
1696 1688 char **argv;
1697 1689 {
1698 1690 OM_UINT32 status;
1699 1691 OM_uint32 minor_status;
1700 1692 int status_type;
1701 1693 int status_value;
1702 1694 gss_OID mech_type = (gss_OID) 0;
1703 1695 int message_context;
1704 1696 gss_buffer_desc status_string;
1705 1697 uid_t uid;
1706 1698
1707 1699 uid = (uid_t) getuid();
1708 1700
1709 1701 /* initialize message context to zero */
1710 1702
1711 1703 message_context = 0;
1712 1704
1713 1705 if (argc == 0) {
1714 1706 printf(gettext("Assuming Kerberos V5 as the mechanism\n"));
1715 1707 printf(gettext(
1716 1708 "The mech OID 1.2.840.113554.1.2.2 will be used\n"));
1717 1709 mech_type = gss_str2oid((char *)GSS_KRB5_MECH_OID);
1718 1710 } else
1719 1711 mech_type = gss_str2oid(argv[0]);
1720 1712
1721 1713 if (mech_type == 0 || mech_type->length == 0) {
1722 1714 printf(gettext("improperly formated mechanism OID\n"));
1723 1715 return;
1724 1716 }
1725 1717
1726 1718 /* Is this call for the major or minor status? */
1727 1719
1728 1720 if (strcmp(argv[0], "major") == 0) {
1729 1721 status_type = GSS_C_GSS_CODE;
1730 1722 status_value = gss_major_code;
1731 1723 } else if (strcmp(argv[0], "minor") == 0) {
1732 1724 status_type = GSS_C_MECH_CODE;
1733 1725 status_value = gss_minor_code;
1734 1726 } else {
1735 1727 printf(gettext("must specify either \"major\" or \"minor\"\n"));
1736 1728 return;
1737 1729 }
1738 1730
1739 1731 argc--;
1740 1732 argv++;
1741 1733
1742 1734 if (argc != 0) {
1743 1735 usage();
1744 1736 return;
1745 1737 }
1746 1738
1747 1739 status = kgss_display_status(&minor_status,
1748 1740 status_value,
1749 1741 status_type,
1750 1742 mech_type,
1751 1743 &message_context,
1752 1744 &status_string,
1753 1745 uid);
1754 1746
1755 1747 if (status == GSS_S_COMPLETE) {
1756 1748 printf(gettext("status =\n %s\n\n"), status_string.value);
1757 1749 } else if (status == GSS_S_BAD_MECH) {
1758 1750 printf(gettext("invalide mechanism OID\n\n"));
1759 1751 } else {
1760 1752 printf(gettext("server ret err (octal) %o (%s)\n"),
1761 1753 status, gettext("gss_display_status error"));
1762 1754 }
1763 1755 }
1764 1756
1765 1757 /*ARGSUSED*/
1766 1758 static void
1767 1759 _gss_indicate_mechs(argc, argv)
1768 1760 int argc;
1769 1761 char **argv;
1770 1762 {
1771 1763 OM_UINT32 status;
1772 1764 OM_UINT32 minor_status;
1773 1765 gss_OID_set oid_set = GSS_C_NULL_OID_SET;
1774 1766 uid_t uid;
1775 1767
1776 1768 uid = (uid_t) getuid();
1777 1769
1778 1770 /* set up input arguments here */
1779 1771
1780 1772 if (argc != 0) {
1781 1773 usage();
1782 1774 return;
1783 1775 }
1784 1776
1785 1777 status = kgss_indicate_mechs(&minor_status, &oid_set, uid);
1786 1778
1787 1779 if (status == GSS_S_COMPLETE) {
1788 1780 int i;
1789 1781 char *string;
1790 1782
1791 1783 printf(gettext("%d supported mechanism%s%s\n"), oid_set->count,
1792 1784 (oid_set->count == 1) ? "" : "s",
1793 1785 (oid_set->count > 0) ? ":" : "");
1794 1786
1795 1787 for (i = 0; i < oid_set->count; i++) {
1796 1788 string = gss_oid2str(&oid_set->elements[i]);
1797 1789 printf(gettext("\t%s\n"), string);
1798 1790 FREE(string, ((oid_set->elements[i].length+1)*4)+1);
1799 1791 }
1800 1792 printf("\n");
1801 1793
1802 1794 } else {
1803 1795 printf(gettext("server ret err (octal) %o (%s)\n"),
1804 1796 status, gettext("gss_indicate_mechs error"));
1805 1797 }
1806 1798
1807 1799 if (oid_set)
1808 1800 gss_release_oid_set_and_oids(&minor_status, &oid_set);
1809 1801 }
1810 1802
1811 1803 /*ARGSUSED*/
1812 1804 static void
1813 1805 _gss_inquire_cred(argc, argv)
1814 1806 int argc;
1815 1807 char **argv;
1816 1808 {
1817 1809 /* set up input arguments here */
1818 1810
1819 1811 if (argc != 0) {
1820 1812 usage();
1821 1813 return;
1822 1814 }
1823 1815
1824 1816
1825 1817 /* this function is unimplemented. Call usage() and return */
1826 1818
1827 1819 printf(gettext("\nUnsupported function"));
1828 1820 }
1829 1821
1830 1822 static char hexChars[] = "0123456789ABCDEF";
1831 1823
1832 1824 static void
1833 1825 _gssd_expname_to_unix_cred(argc, argv)
1834 1826 int argc;
1835 1827 char **argv;
1836 1828 {
1837 1829 OM_uint32 major;
1838 1830 gss_buffer_desc expName;
1839 1831 char krb5_root_name[] = "040100092A864886F712010202000000"
1840 1832 "25000A2A864886F71201020101726F6F744053554E534F46"
1841 1833 "542E454E472E53554E2E434F4D00";
1842 1834 unsigned char *byteStr, *hexStr;
1843 1835 uid_t uidOut, uidIn;
1844 1836 gid_t *gids, gidOut;
1845 1837 int gidsLen, i, newLen;
1846 1838
1847 1839 /* set up the arguments */
1848 1840 uidIn = (uid_t) getuid();
1849 1841
1850 1842 if (argc < 1) {
1851 1843 printf(gettext(
1852 1844 "Using principal name of root for krberos_v5\n"));
1853 1845 expName.value = (void*)krb5_root_name;
1854 1846 expName.length = strlen(krb5_root_name);
1855 1847 } else {
1856 1848 expName.value = (void*)argv[0];
1857 1849 expName.length = strlen(argv[0]);
1858 1850 }
1859 1851
1860 1852 /* convert the name from hex to byte... */
1861 1853 hexStr = (unsigned char *)expName.value;
1862 1854 newLen = expName.length/2;
1863 1855 byteStr = (unsigned char *)MALLOC(newLen+1);
1864 1856 expName.value = (char *)byteStr;
1865 1857 for (i = 0; i < expName.length; i += 2) {
1866 1858 *byteStr = (strchr(hexChars, *hexStr++) - hexChars) << 4;
1867 1859 *byteStr += (strchr(hexChars, *hexStr++) - hexChars);
1868 1860 byteStr++;
1869 1861 }
1870 1862 expName.length = newLen;
1871 1863
1872 1864 major = kgsscred_expname_to_unix_cred(&expName, &uidOut, &gidOut,
1873 1865 &gids, &gidsLen, uidIn);
1874 1866
1875 1867 FREE(expName.value, newLen);
1876 1868
1877 1869 if (major == GSS_S_COMPLETE) {
1878 1870 printf(gettext("uid = <%d>\tgid = <%d>\t"), uidOut, gidOut);
1879 1871 if (gidsLen > 0)
1880 1872 printf(gettext(" %d gids <"), gidsLen);
1881 1873 else
1882 1874 printf(gettext(
1883 1875 " no supplementary group information\n"));
1884 1876 for (i = 0; i < gidsLen; i++)
1885 1877 printf(" %d ", gids[i]);
1886 1878 if (gidsLen > 0) {
1887 1879 printf(">\n");
1888 1880 FREE(gids, gidsLen * sizeof (gid_t));
1889 1881 }
1890 1882 } else {
1891 1883 printf(gettext("server ret err (octal) %o (%s)\n"),
1892 1884 major, gettext("gsscred_expname_to_unix_cred"));
1893 1885 }
1894 1886 }
1895 1887
1896 1888 static void
1897 1889 _gssd_name_to_unix_cred(argc, argv)
1898 1890 int argc;
1899 1891 char **argv;
1900 1892 {
1901 1893 OM_uint32 major, minor;
1902 1894 gss_name_t gssName;
1903 1895 gss_buffer_desc gssBuf = GSS_C_EMPTY_BUFFER;
1904 1896 int gidsLen, i;
1905 1897 gid_t *gids, gidOut;
1906 1898 uid_t uidOut, uid;
1907 1899 char defaultPrincipal[] = "root";
1908 1900 gss_OID mechType, nameType;
1909 1901
1910 1902 uid = getuid();
1911 1903
1912 1904 /* optional argument 1 - contains principal name */
1913 1905 if (argc > 0) {
1914 1906 gssBuf.value = (void *)argv[0];
1915 1907 gssBuf.length = strlen((char *)argv[0]);
1916 1908 } else {
1917 1909 gssBuf.value = (void *)defaultPrincipal;
1918 1910 gssBuf.length = strlen(defaultPrincipal);
1919 1911 }
1920 1912 printf(gettext(
1921 1913 "Using <%s> as the principal name.\n"), (char *)gssBuf.value);
1922 1914
1923 1915
1924 1916 /* optional argument 2 - contains name oid */
1925 1917 if (argc > 1)
1926 1918 nameType = gss_str2oid((char *) argv[1]);
1927 1919 else
1928 1920 nameType = (gss_OID)GSS_C_NT_USER_NAME;
1929 1921
1930 1922 if (nameType == NULL || nameType->length == 0) {
1931 1923 printf(gettext("improperly formated name OID\n"));
1932 1924 return;
1933 1925 }
1934 1926 printf(gettext("Principal name of type: <%s>.\n"),
1935 1927 (argc > 1) ? argv[1] : "GSS_C_NT_USER_NAME");
1936 1928
1937 1929
1938 1930 /* optional argument 3 - contains mech oid */
1939 1931 if (argc > 2)
1940 1932 mechType = gss_str2oid(argv[2]);
1941 1933 else
1942 1934 mechType = gss_str2oid((char *)GSS_KRB5_MECH_OID);
1943 1935
1944 1936 if (mechType == NULL || mechType->length == NULL) {
1945 1937 FREE(nameType->elements, nameType->length);
1946 1938 FREE(nameType, sizeof (gss_OID_desc));
1947 1939 printf(gettext("improperly formated mech OID\n"));
1948 1940 return;
1949 1941 }
1950 1942 printf(gettext("Mechanism oid: <%s>.\n"),
1951 1943 (argc > 2) ? argv[2] :
1952 1944 (char *)GSS_KRB5_MECH_OID "(Kerberos v5)");
1953 1945
1954 1946
1955 1947 /* convert the name to internal format */
1956 1948 if ((major = gss_import_name(&minor, &gssBuf,
1957 1949 nameType, &gssName)) != GSS_S_COMPLETE) {
1958 1950 printf(gettext("could not parse name: err (octal) %o (%s)\n"),
1959 1951 major, "gss_import_name");
1960 1952
1961 1953 FREE(nameType->elements, nameType->length);
1962 1954 FREE(nameType, sizeof (gss_OID_desc));
1963 1955 return;
1964 1956 }
1965 1957
1966 1958 major = kgsscred_name_to_unix_cred(gssName, mechType, &uidOut,
1967 1959 &gidOut, &gids, &gidsLen, uid);
1968 1960
1969 1961 gss_release_name(&minor, &gssName);
1970 1962 FREE(mechType->elements, mechType->length);
1971 1963 FREE(mechType, sizeof (gss_OID_desc));
1972 1964 if (argc > 1) {
1973 1965 FREE(nameType->elements, nameType->length);
1974 1966 FREE(nameType, sizeof (gss_OID_desc));
1975 1967 }
1976 1968
1977 1969 if (major == GSS_S_COMPLETE) {
1978 1970 printf("uid = <%d>\tgid = <%d>\t", uidOut, gidOut);
1979 1971 if (gidsLen > 0)
1980 1972 printf(gettext(" %d gids <"), gidsLen);
1981 1973 else
1982 1974 printf(gettext(
1983 1975 " no supplementary group information\n"));
1984 1976 for (i = 0; i < gidsLen; i++)
1985 1977 printf(" %d ", gids[i]);
1986 1978 if (gidsLen > 0) {
1987 1979 printf(">\n");
1988 1980 FREE(gids, gidsLen * sizeof (gid_t));
1989 1981 }
1990 1982 } else {
1991 1983 printf(gettext("server ret err (octal) %o (%s)\n"),
1992 1984 major, gettext("gsscred_name_to_unix_cred"));
1993 1985 }
1994 1986 }
1995 1987
1996 1988 static void
1997 1989 _gssd_get_group_info(argc, argv)
1998 1990 int argc;
1999 1991 char **argv;
2000 1992 {
2001 1993 OM_uint32 major;
2002 1994 uid_t puid, uidIn;
2003 1995 gid_t *gids, gidOut;
2004 1996 int gidsLen, i;
2005 1997
2006 1998 /* set up the arguments */
2007 1999 uidIn = (uid_t) getuid();
2008 2000
2009 2001 if (argc < 1)
2010 2002 puid = 0;
2011 2003 else
2012 2004 puid = atol(argv[0]);
2013 2005
2014 2006 printf(gettext("Retrieving group info for uid of <%d>\n"), puid);
2015 2007
2016 2008 major = kgss_get_group_info(puid, &gidOut, &gids, &gidsLen, uidIn);
2017 2009
2018 2010 if (major == GSS_S_COMPLETE) {
2019 2011 printf(gettext("group id = <%d>\t"), gidOut);
2020 2012 if (gidsLen > 0)
2021 2013 printf(gettext(" %d gids <"), gidsLen);
2022 2014 else
2023 2015 printf(gettext(
2024 2016 " no supplementary group information\n"));
2025 2017 for (i = 0; i < gidsLen; i++)
2026 2018 printf(" %d ", gids[i]);
2027 2019 if (gidsLen > 0) {
2028 2020 printf(">\n");
2029 2021 FREE(gids, gidsLen * sizeof (gid_t));
2030 2022 }
2031 2023 } else {
2032 2024 printf(gettext("server ret err (octal) %o (%s)\n"),
2033 2025 major, "gss_get_group_info");
2034 2026 }
2035 2027 }
2036 2028
2037 2029 static gss_OID
2038 2030 gss_str2oid(string)
2039 2031 char * string;
2040 2032 {
2041 2033 /*
2042 2034 * a convenient wrapper routine for gss_str_to_oid
2043 2035 * this can handle all valid oid strings.
2044 2036 */
2045 2037 OM_uint32 minor;
2046 2038 gss_buffer_desc abuf;
2047 2039 gss_OID oidOut;
2048 2040
2049 2041 abuf.value = (void*)string;
2050 2042 abuf.length = strlen(string);
2051 2043
2052 2044 if (gss_str_to_oid(&minor, &abuf, &oidOut) != GSS_S_COMPLETE)
2053 2045 return (NULL);
2054 2046
2055 2047 return (oidOut);
2056 2048 }
2057 2049
2058 2050 static char *
2059 2051 gss_oid2str(oid)
2060 2052 gss_OID oid;
2061 2053 {
2062 2054 /*
2063 2055 * a convenient wrapper for gss_oid_to_str
2064 2056 * this calls the GSS-API routine which should
2065 2057 * be able to handle all types of oids.
2066 2058 */
2067 2059 OM_uint32 minor;
2068 2060 gss_buffer_desc oidStr;
2069 2061
2070 2062 if (gss_oid_to_str(&minor, oid, &oidStr) != GSS_S_COMPLETE)
2071 2063 return (NULL);
2072 2064
2073 2065 return ((char *)oidStr.value);
2074 2066 } /* gss_oid2str */
2075 2067
2076 2068 static void
2077 2069 instructs()
2078 2070 {
2079 2071 fprintf(stderr,
2080 2072 gettext(
2081 2073 "\nThis program must be run as root. Root must be installed on the KDC\n"
2082 2074 "and exist in srvtab as root/<hostname>, where <hostname> is the machine on\n"
2083 2075 "which the test runs. Before running gssdtest for Kerberos mechanism, the\n"
2084 2076 "operator running as root must kinit as some other principal, e.g., test.\n"
2085 2077 "There are two mechanisms avaialble: dummy and Kerberos(default).\n"
2086 2078 "The OID for dummy mechanism is 1.3.6.1.4.1.42.2.26.1.2.\n"
2087 2079 "The OID for Kerberos mechanism is 1.2.840.113554.1.2.2.\n"
2088 2080 "The order of context establishment calls is important. First, acquire must"
2089 2081 "\nbe called. This obtains the credentials used by accept. Acquire need\n"
2090 2082 "only be called once, since the credentials it returns are used each time\n"
2091 2083 "accept is called. Then init is called, followed by accept. Calling init\n"
2092 2084 "twice without calling accept or calling these in a different order gives\n"
2093 2085 "erroneous results and will cause memory leaks in the gssapi daemon. \n"
2094 2086 "Finally, after calling init and accept, init must be called again to\n"
2095 2087 "finish context establishment. So an example sequence (with data valid for\n"
2096 2088 "the Kerberos mechanism and running on the machine \"elrond\" in the realm\n"
2097 2089 "FOO.BAR.SUN.COM is :\n"));
2098 2090 fprintf(stderr,
2099 2091 gettext("\nacquire service@host 1.2.840.113554.1.2.2\n"
2100 2092 "init service@host 1.2.840.113554.1.2.2\n"
2101 2093 "accept\ninit service@host 1.2.840.113554.1.2.2\n"
2102 2094 "\nAfter a context is established, sign, seal,\n"
2103 2095 "verify and unseal may be called. Here are some examples\n"
2104 2096 "for these routines : \n\n"
2105 2097 "sign initiator ThisTestMessageIsForSigning\n"
2106 2098 "verify acceptor\nseal initiator ThisTestMessageIsForSealing\n"
2107 2099 "unseal acceptor\n\nEach input line is terminated by <cr>.\n"
2108 2100 "The program is terminated by cntl-d\nor the command \"exit\""
2109 2101 "\nfrom the prompt\n\n"));
2110 2102 }
2111 2103
2112 2104 static void
2113 2105 usage()
2114 2106 {
2115 2107 fprintf(stderr,
2116 2108 gettext(
2117 2109 "\nusage:\t[acquire | gss_acquire_cred]"
2118 2110 "desired_name mech_type\n"
2119 2111 "\t[release | gss_release_cred]\n"
2120 2112 "\t[init | gss_init_sec_context] target_name mech_type\n"
2121 2113 "\t[accept | gss_accept_sec_context]\n"
2122 2114 "\t[process | gss_process_context_token] initiator | acceptor\n"
2123 2115 "\t[delete | gss_delete_sec_context] initiator | acceptor\n"
2124 2116 "\t[time | gss_context_time] {not yet implemented}\n"
2125 2117 "\t[sign | gss_sign] initiator | acceptor message-to-sign\n"
2126 2118 "\t[verify | gss_verify] initiator | acceptor\n"
2127 2119 "\t[seal | gss_seal] initiator | acceptor message-to-seal\n"
2128 2120 "\t[unseal | gss_unseal] initiator | acceptor\n"
2129 2121 "\t[status | gss_display_status] mech_type [major | minor] \n"
2130 2122 "\t[indicate | gss_indicate_mechs]\n"
2131 2123 "\t[inquire | gss_inquire_cred] {not yet implemented}\n"
2132 2124 "\t[expname2unixcred | gsscred_expname_to_unix_cred]"
2133 2125 " export-name\n"
2134 2126 "\t[name2unixcred | gsscred_name_to_unix_cred] "
2135 2127 "pname [name_type mech_type]\n"
2136 2128 "\t[grpinfo | gss_get_group_info] uid\n"
2137 2129 "\t[gss_all | all] desired_name\n"
2138 2130 "\t[gss_loop | loop] desired_name\n"
2139 2131 "\texit\n\n"));
2140 2132 }
2141 2133
2142 2134 /* Copied from parse_argv(), then modified */
2143 2135
2144 2136 static int
2145 2137 parse_input_line(input_line, argc, argv)
2146 2138 char *input_line;
2147 2139 int * argc;
2148 2140 char ***argv;
2149 2141 {
2150 2142 const char nil = '\0';
2151 2143 char * chptr;
2152 2144 int chr_cnt;
2153 2145 int arg_cnt = 0;
2154 2146 int ch_was_space = 1;
2155 2147 int ch_is_space;
2156 2148
2157 2149 chr_cnt = strlen(input_line);
2158 2150
2159 2151 /* Count the arguments in the input_line string */
2160 2152
2161 2153 *argc = 1;
2162 2154
2163 2155 for (chptr = &input_line[0]; *chptr != nil; chptr++) {
2164 2156 ch_is_space = isspace(*chptr);
2165 2157 if (ch_is_space && !ch_was_space) {
2166 2158 (*argc)++;
2167 2159 }
2168 2160 ch_was_space = ch_is_space;
2169 2161 }
2170 2162
2171 2163 if (ch_was_space) {
2172 2164 (*argc)--;
2173 2165 } /* minus trailing spaces */
2174 2166
2175 2167 /* Now that we know how many args calloc the argv array */
2176 2168
2177 2169 *argv = (char **) CALLOC((*argc)+1, sizeof (char *));
2178 2170 chptr = (char *) (&input_line[0]);
2179 2171
2180 2172 for (ch_was_space = 1; *chptr != nil; chptr++) {
2181 2173 ch_is_space = isspace(*chptr);
2182 2174 if (ch_is_space) {
2183 2175 *chptr = nil; /* replace each space with nil */
2184 2176 } else if (ch_was_space) { /* begining of word? */
2185 2177 (*argv)[arg_cnt++] = chptr; /* new argument ? */
2186 2178 }
2187 2179
2188 2180 ch_was_space = ch_is_space;
2189 2181 }
2190 2182
2191 2183 return (chr_cnt);
2192 2184 }
↓ open down ↓ |
491 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX