diff options
author | Simo Sorce <simo@redhat.com> | 2013-10-17 11:37:47 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2013-10-18 16:29:51 -0400 |
commit | 3bb96c637b041a3939a870e3310829bf3470ac2d (patch) | |
tree | 6c381de0329f2be65031107ca721d034849e0c98 | |
parent | e3e42a950ada355a41f7dfa1fd4609ef4c102500 (diff) | |
download | gss-ntlmssp-connectionless.tar.gz gss-ntlmssp-connectionless.tar.xz gss-ntlmssp-connectionless.zip |
Test connectionless contextsconnectionless
-rw-r--r-- | tests/ntlmssptest.c | 235 |
1 files changed, 233 insertions, 2 deletions
diff --git a/tests/ntlmssptest.c b/tests/ntlmssptest.c index 2546041..e8a7384 100644 --- a/tests/ntlmssptest.c +++ b/tests/ntlmssptest.c @@ -24,8 +24,7 @@ #include "config.h" -#include <gssapi/gssapi.h> -#include <gssapi/gssapi_ext.h> +#include "../src/gssapi_ntlmssp.h" #include "../src/gss_ntlmssp.h" const char *hex_to_str_8(uint8_t *d) @@ -1110,6 +1109,12 @@ int test_gssapi_1(bool user_env_file) GSS_C_NO_OID_SET, GSS_C_INITIATE, &cli_cred, NULL, NULL); + if (retmaj != GSS_S_COMPLETE) { + fprintf(stderr, "gssntlm_acquire_cred_with_password failed! (%d/%d, %s)", + retmaj, retmin, strerror(retmin)); + ret = EINVAL; + goto done; + } } nbuf.value = discard_const(srvname); @@ -1296,6 +1301,228 @@ done: return ret; } +int test_gssapi_cl(void) +{ + gss_ctx_id_t cli_ctx = GSS_C_NO_CONTEXT; + gss_ctx_id_t srv_ctx = GSS_C_NO_CONTEXT; + gss_buffer_desc cli_token = { 0 }; + gss_buffer_desc srv_token = { 0 }; + gss_cred_id_t cli_cred = GSS_C_NO_CREDENTIAL; + gss_cred_id_t srv_cred = GSS_C_NO_CREDENTIAL; + const char *username = "TESTDOM\\testuser"; + const char *password = "testpassword"; + const char *srvname = "test@testserver"; + gss_name_t gss_username = NULL; + gss_name_t gss_srvname = NULL; + gss_buffer_desc pwbuf; + gss_buffer_desc nbuf; + gss_OID_desc set_seqnum_oid = { GSS_NTLMSSP_SET_SEQ_NUM_OID_LENGTH, + GSS_NTLMSSP_SET_SEQ_NUM_OID_STRING }; + gss_buffer_desc set_seqnum_buf; + uint32_t app_seq_num; + uint32_t retmin, retmaj; + char *msg = "Sample, signature checking, message."; + gss_buffer_desc message = { strlen(msg), msg }; + int ret; + + setenv("NTLM_USER_FILE", TEST_USER_FILE, 0); + + nbuf.value = discard_const(username); + nbuf.length = strlen(username); + retmaj = gssntlm_import_name(&retmin, &nbuf, + GSS_C_NT_USER_NAME, + &gss_username); + if (retmaj != GSS_S_COMPLETE) { + fprintf(stderr, "gssntlm_import_name(username) failed! (%d, %s)", + retmin, strerror(retmin)); + return EINVAL; + } + + pwbuf.value = discard_const(password); + pwbuf.length = strlen(password); + retmaj = gssntlm_acquire_cred_with_password(&retmin, + (gss_name_t)gss_username, + (gss_buffer_t)&pwbuf, + GSS_C_INDEFINITE, + GSS_C_NO_OID_SET, + GSS_C_INITIATE, + &cli_cred, NULL, NULL); + if (retmaj != GSS_S_COMPLETE) { + fprintf(stderr, "gssntlm_acquire_cred_with_password failed! (%d/%d, %s)", + retmaj, retmin, strerror(retmin)); + return EINVAL; + } + + nbuf.value = discard_const(srvname); + nbuf.length = strlen(srvname); + retmaj = gssntlm_import_name(&retmin, &nbuf, + GSS_C_NT_HOSTBASED_SERVICE, + &gss_srvname); + if (retmaj != GSS_S_COMPLETE) { + fprintf(stderr, "gssntlm_import_name(srvname) failed! (%d/%d, %s)", + retmaj, retmin, strerror(retmin)); + return EINVAL; + } + + retmaj = gssntlm_acquire_cred(&retmin, (gss_name_t)gss_srvname, + GSS_C_INDEFINITE, GSS_C_NO_OID_SET, + GSS_C_ACCEPT, &srv_cred, NULL, NULL); + if (retmaj != GSS_S_COMPLETE) { + fprintf(stderr, "gssntlm_acquire_cred(srvname) failed! (%d/%d, %s)", + retmaj, retmin, strerror(retmin)); + ret = EINVAL; + goto done; + } + + retmaj = gssntlm_accept_sec_context(&retmin, &srv_ctx, srv_cred, + &cli_token, GSS_C_NO_CHANNEL_BINDINGS, + NULL, NULL, &srv_token, + NULL, NULL, NULL); + if (retmaj != GSS_S_CONTINUE_NEEDED) { + fprintf(stderr, "gssntlm_accept_sec_context 1 failed! (%d/%d, %s)", + retmaj, retmin, strerror(retmin)); + ret = EINVAL; + goto done; + } + + gss_release_buffer(&retmin, &cli_token); + + retmaj = gssntlm_init_sec_context(&retmin, cli_cred, &cli_ctx, + gss_srvname, GSS_C_NO_OID, + GSS_C_CONF_FLAG | + GSS_C_INTEG_FLAG | + GSS_C_DATAGRAM_FLAG, + 0, GSS_C_NO_CHANNEL_BINDINGS, + &srv_token, NULL, &cli_token, + NULL, NULL); + if (retmaj != GSS_S_COMPLETE) { + fprintf(stderr, "gssntlm_init_sec_context 1 failed! (%d/%d, %s)", + retmaj, retmin, strerror(retmin)); + ret = EINVAL; + goto done; + } + + gss_release_buffer(&retmin, &srv_token); + + retmaj = gssntlm_accept_sec_context(&retmin, &srv_ctx, srv_cred, + &cli_token, GSS_C_NO_CHANNEL_BINDINGS, + NULL, NULL, &srv_token, + NULL, NULL, NULL); + if (retmaj != GSS_S_COMPLETE) { + fprintf(stderr, "gssntlm_accept_sec_context 2 failed! (%d/%d, %s)", + retmaj, retmin, strerror(retmin)); + ret = EINVAL; + goto done; + } + + gss_release_buffer(&retmin, &cli_token); + gss_release_buffer(&retmin, &srv_token); + + /* arbitrary seq number forced on the context */ + app_seq_num = 10; + set_seqnum_buf.value = &app_seq_num; + set_seqnum_buf.length = 4; + retmaj = gssntlm_set_sec_context_option(&retmin, (gss_ctx_id_t *)&cli_ctx, + &set_seqnum_oid, + &set_seqnum_buf); + if (retmaj != GSS_S_COMPLETE) { + fprintf(stderr, "gssntlm_set_sec_context_option(cli) failed! (%d/%d, %s)", + retmaj, retmin, strerror(retmin)); + ret = EINVAL; + goto done; + } + + retmaj = gssntlm_set_sec_context_option(&retmin, (gss_ctx_id_t *)&srv_ctx, + &set_seqnum_oid, + &set_seqnum_buf); + if (retmaj != GSS_S_COMPLETE) { + fprintf(stderr, "gssntlm_set_sec_context_option(srv) failed! (%d/%d, %s)", + retmaj, retmin, strerror(retmin)); + ret = EINVAL; + goto done; + } + + retmaj = gssntlm_get_mic(&retmin, cli_ctx, 0, &message, &cli_token); + if (retmaj != GSS_S_COMPLETE) { + fprintf(stderr, "gssntlm_get_mic(cli) failed! (%d/%d, %s)", + retmaj, retmin, strerror(retmin)); + ret = EINVAL; + goto done; + } + + retmaj = gssntlm_verify_mic(&retmin, srv_ctx, &message, &cli_token, NULL); + if (retmaj != GSS_S_COMPLETE) { + fprintf(stderr, "gssntlm_verify_mic(srv) failed! (%d/%d, %s)", + retmaj, retmin, strerror(retmin)); + ret = EINVAL; + goto done; + } + + gss_release_buffer(&retmin, &cli_token); + + retmaj = gssntlm_get_mic(&retmin, srv_ctx, 0, &message, &srv_token); + if (retmaj != GSS_S_COMPLETE) { + fprintf(stderr, "gssntlm_get_mic(srv) failed! (%d/%d, %s)", + retmaj, retmin, strerror(retmin)); + ret = EINVAL; + goto done; + } + + retmaj = gssntlm_verify_mic(&retmin, cli_ctx, &message, &srv_token, NULL); + if (retmaj != GSS_S_COMPLETE) { + fprintf(stderr, "gssntlm_verify_mic(cli) failed! (%d/%d, %s)", + retmaj, retmin, strerror(retmin)); + ret = EINVAL; + goto done; + } + + gss_release_buffer(&retmin, &srv_token); + + retmaj = gssntlm_wrap(&retmin, cli_ctx, 1, 0, &message, NULL, &cli_token); + if (retmaj != GSS_S_COMPLETE) { + fprintf(stderr, "gssntlm_wrap(cli) failed! (%d/%d, %s)", + retmaj, retmin, strerror(retmin)); + ret = EINVAL; + goto done; + } + + retmaj = gssntlm_unwrap(&retmin, srv_ctx, + &cli_token, &srv_token, NULL, NULL); + if (retmaj != GSS_S_COMPLETE) { + fprintf(stderr, "gssntlm_unwrap(srv) failed! (%d/%d, %s)", + retmaj, retmin, strerror(retmin)); + ret = EINVAL; + goto done; + } + + if (memcmp(message.value, srv_token.value, srv_token.length) != 0) { + fprintf(stderr, "sealing and unsealing failed to return the " + "same result (%d/%d, %s)", + retmaj, retmin, strerror(retmin)); + ret = EINVAL; + goto done; + } + + gss_release_buffer(&retmin, &cli_token); + gss_release_buffer(&retmin, &srv_token); + + gssntlm_release_name(&retmin, &gss_username); + gssntlm_release_name(&retmin, &gss_srvname); + + ret = 0; + +done: + gssntlm_delete_sec_context(&retmin, &cli_ctx, GSS_C_NO_BUFFER); + gssntlm_delete_sec_context(&retmin, &srv_ctx, GSS_C_NO_BUFFER); + gssntlm_release_name(&retmin, &gss_username); + gssntlm_release_name(&retmin, &gss_srvname); + gssntlm_release_cred(&retmin, &cli_cred); + gssntlm_release_cred(&retmin, &srv_cred); + gss_release_buffer(&retmin, &cli_token); + gss_release_buffer(&retmin, &srv_token); + return ret; +} + int main(int argc, const char *argv[]) { struct ntlm_ctx *ctx; @@ -1393,6 +1620,10 @@ int main(int argc, const char *argv[]) ret = test_gssapi_1(false); fprintf(stdout, "Test: %s\n", (ret ? "FAIL":"SUCCESS")); + fprintf(stdout, "Test Connectionless exchange\n"); + ret = test_gssapi_cl(); + fprintf(stdout, "Test: %s\n", (ret ? "FAIL":"SUCCESS")); + done: ntlm_free_ctx(&ctx); return ret; |