From 014f8057c5328b3e39b5d8660a1ea1a98409006f Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 6 Oct 2010 18:25:04 +0000 Subject: Merge users/lhoward/sasl-gs2 to trunk git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24436 dc483132-0cff-0310-8789-dd5450dbe970 --- src/appl/gss-sample/gss-client.c | 42 ++++++++++++++++---- src/appl/gss-sample/gss-server.c | 84 +++++++++++++++++++++++++++++++++++++++- 2 files changed, 117 insertions(+), 9 deletions(-) (limited to 'src/appl') diff --git a/src/appl/gss-sample/gss-client.c b/src/appl/gss-sample/gss-client.c index d922cc3bd5..d439f23fbc 100644 --- a/src/appl/gss-sample/gss-client.c +++ b/src/appl/gss-sample/gss-client.c @@ -69,12 +69,17 @@ #include "gss-misc.h" static int verbose = 1; +static int spnego = 0; +static gss_OID_desc gss_spnego_mechanism_oid_desc = + {6, (void *)"\x2b\x06\x01\x05\x05\x02"}; static void usage() { - fprintf(stderr, "Usage: gss-client [-port port] [-mech mechanism] [-d]\n"); - fprintf(stderr, " [-seq] [-noreplay] [-nomutual] [-user user] [-pass pw]"); + fprintf(stderr, "Usage: gss-client [-port port] [-mech mechanism] " + "[-spnego] [-d]\n"); + fprintf(stderr, " [-seq] [-noreplay] [-nomutual] [-user user] " + "[-pass pw]"); #ifdef _WIN32 fprintf(stderr, " [-threads num]"); #endif @@ -176,10 +181,17 @@ client_establish_context(int s, char *service_name, OM_uint32 gss_flags, gss_name_t gss_username = GSS_C_NO_NAME; gss_OID_set_desc mechs, *mechsp = GSS_C_NO_OID_SET; - if (oid != GSS_C_NO_OID) { + if (spnego) { + mechs.elements = &gss_spnego_mechanism_oid_desc; + mechs.count = 1; + mechsp = &mechs; + } else if (oid != GSS_C_NO_OID) { mechs.elements = oid; mechs.count = 1; mechsp = &mechs; + } else { + mechs.elements = NULL; + mechs.count = 0; } if (username != NULL) { @@ -218,6 +230,20 @@ client_establish_context(int s, char *service_name, OM_uint32 gss_flags, gss_release_name(&min_stat, &gss_username); return -1; } + if (spnego && oid != GSS_C_NO_OID) { + gss_OID_set_desc neg_mechs; + + neg_mechs.elements = oid; + neg_mechs.count = 1; + + maj_stat = gss_set_neg_mechs(&min_stat, cred, &neg_mechs); + if (maj_stat != GSS_S_COMPLETE) { + display_status("setting neg mechs", maj_stat, min_stat); + gss_release_name(&min_stat, &gss_username); + gss_release_cred(&min_stat, &cred); + return -1; + } + } gss_release_name(&min_stat, &gss_username); /* @@ -264,7 +290,8 @@ client_establish_context(int s, char *service_name, OM_uint32 gss_flags, do { maj_stat = gss_init_sec_context(&init_sec_min_stat, cred, gss_context, - target_name, oid, gss_flags, 0, + target_name, mechs.elements, + gss_flags, 0, NULL, /* channel bindings */ token_ptr, NULL, /* mech type */ &send_tok, ret_flags, @@ -409,7 +436,7 @@ call_server(host, port, oid, service_name, gss_flags, auth_flag, char *username; char *password; { - gss_ctx_id_t context; + gss_ctx_id_t context = GSS_C_NO_CONTEXT; gss_buffer_desc in_buf, out_buf; int s, state; OM_uint32 ret_flags; @@ -523,7 +550,7 @@ call_server(host, port, oid, service_name, gss_flags, auth_flag, } else { /* Seal the message */ in_buf.value = msg; - in_buf.length = strlen(msg); + in_buf.length = strlen((char *)in_buf.value); } for (i = 0; i < mcount; i++) { @@ -611,6 +638,7 @@ call_server(host, port, oid, service_name, gss_flags, auth_flag, } (void) close(s); + return 0; } @@ -776,7 +804,7 @@ main(argc, argv) } else if (strcmp(*argv, "-iakerb") == 0) { mechanism = "{ 1 3 6 1 5 2 5 }"; } else if (strcmp(*argv, "-spnego") == 0) { - mechanism = "{ 1 3 6 1 5 5 2 }"; + spnego = 1; } else if (strcmp(*argv, "-krb5") == 0) { mechanism = "{ 1 3 5 1 5 2 }"; #ifdef _WIN32 diff --git a/src/appl/gss-sample/gss-server.c b/src/appl/gss-sample/gss-server.c index 0ddfaeee87..e83326791a 100644 --- a/src/appl/gss-sample/gss-server.c +++ b/src/appl/gss-sample/gss-server.c @@ -67,6 +67,9 @@ #include #endif +static OM_uint32 +enumerateAttributes(OM_uint32 *minor, gss_name_t name, int noisy); + static void usage() { @@ -104,6 +107,7 @@ int verbose = 0; * fails, an error message is displayed and -1 is returned; otherwise, * 0 is returned. */ + static int server_acquire_creds(char *service_name, gss_cred_id_t *server_creds) { @@ -121,7 +125,7 @@ server_acquire_creds(char *service_name, gss_cred_id_t *server_creds) } maj_stat = gss_acquire_cred(&min_stat, server_name, 0, - GSS_C_NULL_OID_SET, GSS_C_ACCEPT, + GSS_C_NO_OID_SET, GSS_C_ACCEPT, server_creds, NULL, NULL); if (maj_stat != GSS_S_COMPLETE) { display_status("acquiring credentials", maj_stat, min_stat); @@ -262,6 +266,7 @@ server_establish_context(int s, gss_cred_id_t server_creds, display_status("displaying name", maj_stat, min_stat); return -1; } + enumerateAttributes(&min_stat, client, TRUE); maj_stat = gss_release_name(&min_stat, &client); if (maj_stat != GSS_S_COMPLETE) { display_status("releasing name", maj_stat, min_stat); @@ -410,7 +415,8 @@ sign_server(int s, gss_cred_id_t server_creds, int export) gss_buffer_desc client_name, xmit_buf, msg_buf; gss_ctx_id_t context; OM_uint32 maj_stat, min_stat; - int i, conf_state, ret_flags; + int i, conf_state; + OM_uint32 ret_flags; char *cp; int token_flags; @@ -796,3 +802,77 @@ main(int argc, char **argv) return 0; } + +static void +dumpAttribute(OM_uint32 *minor, + gss_name_t name, + gss_buffer_t attribute, + int noisy) +{ + OM_uint32 major, tmp; + gss_buffer_desc value; + gss_buffer_desc display_value; + int authenticated = 0; + int complete = 0; + int more = -1; + unsigned int i; + + while (more != 0) { + value.value = NULL; + display_value.value = NULL; + + major = gss_get_name_attribute(minor, name, attribute, &authenticated, + &complete, &value, &display_value, + &more); + if (GSS_ERROR(major)) { + display_status("gss_get_name_attribute", major, *minor); + break; + } + + printf("Attribute %.*s %s %s\n\n%.*s\n", + (int)attribute->length, (char *)attribute->value, + authenticated ? "Authenticated" : "", + complete ? "Complete" : "", + (int)display_value.length, (char *)display_value.value); + + if (noisy) { + for (i = 0; i < value.length; i++) { + if ((i % 32) == 0) + printf("\n"); + printf("%02x", ((char *)value.value)[i] & 0xFF); + } + printf("\n\n"); + } + + gss_release_buffer(&tmp, &value); + gss_release_buffer(&tmp, &display_value); + } +} + +static OM_uint32 +enumerateAttributes(OM_uint32 *minor, + gss_name_t name, + int noisy) +{ + OM_uint32 major, tmp; + int name_is_MN; + gss_OID mech = GSS_C_NO_OID; + gss_buffer_set_t attrs = GSS_C_NO_BUFFER_SET; + unsigned int i; + + major = gss_inquire_name(minor, name, &name_is_MN, &mech, &attrs); + if (GSS_ERROR(major)) { + display_status("gss_inquire_name", major, *minor); + return major; + } + + if (attrs != GSS_C_NO_BUFFER_SET) { + for (i = 0; i < attrs->count; i++) + dumpAttribute(minor, name, &attrs->elements[i], noisy); + } + + gss_release_oid(&tmp, &mech); + gss_release_buffer_set(&tmp, &attrs); + + return major; +} -- cgit