summaryrefslogtreecommitdiffstats
path: root/src/tests/gssapi/t_namingexts.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/tests/gssapi/t_namingexts.c')
-rw-r--r--src/tests/gssapi/t_namingexts.c458
1 files changed, 95 insertions, 363 deletions
diff --git a/src/tests/gssapi/t_namingexts.c b/src/tests/gssapi/t_namingexts.c
index 86d276e22..7d06f337f 100644
--- a/src/tests/gssapi/t_namingexts.c
+++ b/src/tests/gssapi/t_namingexts.c
@@ -27,280 +27,90 @@
#include <stdlib.h>
#include <string.h>
-#include <gssapi/gssapi_krb5.h>
-#include <gssapi/gssapi_generic.h>
-
-static gss_OID_desc spnego_mech = { 6, "\053\006\001\005\005\002" };
+#include "common.h"
static int use_spnego = 0;
-static void displayStatus_1(m, code, type)
- char *m;
- OM_uint32 code;
- int type;
-{
- OM_uint32 maj_stat, min_stat;
- gss_buffer_desc msg;
- OM_uint32 msg_ctx;
-
- msg_ctx = 0;
- while (1) {
- maj_stat = gss_display_status(&min_stat, code,
- type, GSS_C_NULL_OID,
- &msg_ctx, &msg);
- fprintf(stderr, "%s: %s\n", m, (char *)msg.value);
- (void) gss_release_buffer(&min_stat, &msg);
-
- if (!msg_ctx)
- break;
- }
-}
-
-static void displayStatus(msg, maj_stat, min_stat)
- char *msg;
- OM_uint32 maj_stat;
- OM_uint32 min_stat;
-{
- displayStatus_1(msg, maj_stat, GSS_C_GSS_CODE);
- displayStatus_1(msg, min_stat, GSS_C_MECH_CODE);
-}
-
-static OM_uint32
-displayCanonName(OM_uint32 *minor, gss_name_t name, char *tag)
-{
- gss_name_t canon;
- OM_uint32 major, tmp;
- gss_buffer_desc buf;
-
- major = gss_canonicalize_name(minor, name, (gss_OID)gss_mech_krb5, &canon);
- if (GSS_ERROR(major)) {
- displayStatus("gss_canonicalize_name", major, *minor);
- return major;
- }
-
- major = gss_display_name(minor, canon, &buf, NULL);
- if (GSS_ERROR(major)) {
- gss_release_name(&tmp, &canon);
- displayStatus("gss_display_name", major, *minor);
- return major;
- }
-
- printf("%s:\t%s\n", tag, (char *)buf.value);
-
- gss_release_name(&tmp, &canon);
- gss_release_buffer(&tmp, &buf);
-
- return GSS_S_COMPLETE;
-}
-
static void
-dumpAttribute(OM_uint32 *minor,
- gss_name_t name,
- gss_buffer_t attribute,
- int noisy)
-{
- OM_uint32 major, tmp;
- gss_buffer_desc value;
- gss_buffer_desc display_value;
- int authenticated = 0;
- int complete = 0;
- int more = -1;
- unsigned int i;
-
- while (more != 0) {
- value.value = NULL;
- display_value.value = NULL;
-
- major = gss_get_name_attribute(minor,
- name,
- attribute,
- &authenticated,
- &complete,
- &value,
- &display_value,
- &more);
- if (GSS_ERROR(major)) {
- displayStatus("gss_get_name_attribute", major, *minor);
- break;
- }
-
- printf("Attribute %.*s %s %s\n\n%.*s\n",
- (int)attribute->length, (char *)attribute->value,
- authenticated ? "Authenticated" : "",
- complete ? "Complete" : "",
- (int)display_value.length, (char *)display_value.value);
-
- if (noisy) {
- for (i = 0; i < value.length; i++) {
- if ((i % 32) == 0)
- printf("\n");
- printf("%02x", ((char *)value.value)[i] & 0xFF);
- }
- printf("\n\n");
- }
-
- gss_release_buffer(&tmp, &value);
- gss_release_buffer(&tmp, &display_value);
- }
-}
-
-static OM_uint32
-enumerateAttributes(OM_uint32 *minor,
- gss_name_t name,
- int noisy)
-{
- OM_uint32 major, tmp;
- int name_is_MN;
- gss_OID mech = GSS_C_NO_OID;
- gss_buffer_set_t attrs = GSS_C_NO_BUFFER_SET;
- unsigned int i;
-
- major = gss_inquire_name(minor,
- name,
- &name_is_MN,
- &mech,
- &attrs);
- if (GSS_ERROR(major)) {
- displayStatus("gss_inquire_name", major, *minor);
- return major;
- }
-
- if (attrs != GSS_C_NO_BUFFER_SET) {
- for (i = 0; i < attrs->count; i++)
- dumpAttribute(minor, name, &attrs->elements[i], noisy);
- }
-
- gss_release_oid(&tmp, &mech);
- gss_release_buffer_set(&tmp, &attrs);
-
- return major;
-}
-
-static OM_uint32
-testExportImportName(OM_uint32 *minor,
- gss_name_t name)
+test_export_import_name(gss_name_t name)
{
- OM_uint32 major, tmp;
- gss_buffer_desc exported_name;
+ OM_uint32 major, minor;
+ gss_buffer_desc exported_name = GSS_C_EMPTY_BUFFER;
gss_name_t imported_name = GSS_C_NO_NAME;
unsigned int i;
- exported_name.value = NULL;
-
- major = gss_export_name_composite(minor,
- name,
- &exported_name);
- if (GSS_ERROR(major)) {
- displayStatus("gss_export_name_composite", major, *minor);
- return major;
- }
+ major = gss_export_name_composite(&minor, name, &exported_name);
+ check_gsserr("gss_export_name_composite", major, minor);
printf("Exported name:\n");
-
for (i = 0; i < exported_name.length; i++) {
if ((i % 32) == 0)
printf("\n");
printf("%02x", ((char *)exported_name.value)[i] & 0xFF);
}
-
printf("\n");
- major = gss_import_name(minor, &exported_name, gss_nt_exported_name,
+ major = gss_import_name(&minor, &exported_name, GSS_C_NT_EXPORT_NAME,
&imported_name);
- if (GSS_ERROR(major)) {
- displayStatus("gss_import_name", major, *minor);
- gss_release_buffer(&tmp, &exported_name);
- return major;
- }
-
- gss_release_buffer(&tmp, &exported_name);
+ check_gsserr("gss_import_name", major, minor);
+ (void)gss_release_buffer(&minor, &exported_name);
printf("\n");
- displayCanonName(minor, imported_name, "Re-imported name");
+ display_canon_name("Re-imported name", imported_name, &mech_krb5);
printf("Re-imported attributes:\n\n");
- major = enumerateAttributes(minor, imported_name, 0);
+ enumerate_attributes(imported_name, 0);
- gss_release_name(&tmp, &imported_name);
-
- return major;
+ (void)gss_release_name(&minor, &imported_name);
}
-static OM_uint32
-testGreetAuthzData(OM_uint32 *minor,
- gss_name_t name)
+static void
+test_greet_authz_data(gss_name_t name)
{
- OM_uint32 major;
+ OM_uint32 major, minor;
gss_buffer_desc attr;
gss_buffer_desc value;
attr.value = "urn:greet:greeting";
attr.length = strlen((char *)attr.value);
- major = gss_delete_name_attribute(minor,
- name,
- &attr);
+ major = gss_delete_name_attribute(&minor, name, &attr);
if (major == GSS_S_UNAVAILABLE) {
fprintf(stderr, "Warning: greet_client plugin not installed\n");
- return GSS_S_COMPLETE;
- } else if (GSS_ERROR(major)) {
- displayStatus("gss_delete_name_attribute", major, *minor);
- return major;
+ exit(1);
}
+ check_gsserr("gss_delete_name_attribute", major, minor);
value.value = "Hello, acceptor world!";
value.length = strlen((char *)value.value);
-
- major = gss_set_name_attribute(minor,
- name,
- 1,
- &attr,
- &value);
+ major = gss_set_name_attribute(&minor, name, 1, &attr, &value);
if (major == GSS_S_UNAVAILABLE)
- return GSS_S_COMPLETE;
- else if (GSS_ERROR(major))
- displayStatus("gss_set_name_attribute", major, *minor);
-
- return major;
+ return;
+ check_gsserr("gss_set_name_attribute", major, minor);
}
-static OM_uint32
-testMapNameToAny(OM_uint32 *minor,
- gss_name_t name)
+static void
+test_map_name_to_any(gss_name_t name)
{
- OM_uint32 major;
- OM_uint32 tmp_minor;
+ OM_uint32 major, minor;
gss_buffer_desc type_id;
krb5_pac pac;
- krb5_context context;
- krb5_error_code code;
- size_t len;
+ krb5_context context = NULL;
+ krb5_error_code ret;
+ size_t len, i;
krb5_ui_4 *types;
type_id.value = "mspac";
type_id.length = strlen((char *)type_id.value);
- major = gss_map_name_to_any(minor,
- name,
- 1, /* authenticated */
- &type_id,
- (gss_any_t *)&pac);
+ major = gss_map_name_to_any(&minor, name, 1, &type_id, (gss_any_t *)&pac);
if (major == GSS_S_UNAVAILABLE)
- return GSS_S_COMPLETE;
- else if (GSS_ERROR(major))
- displayStatus("gss_map_name_to_any", major, *minor);
-
- code = krb5_init_context(&context);
- if (code != 0) {
- gss_release_any_name_mapping(&tmp_minor, name,
- &type_id, (gss_any_t *)&pac);
- *minor = code;
- return GSS_S_FAILURE;
- }
+ return;
+ check_gsserr("gss_map_name_to_any", major, minor);
- code = krb5_pac_get_types(context, pac, &len, &types);
- if (code == 0) {
- size_t i;
+ ret = krb5_init_context(&context);
+ check_k5err(context, "krb5_init_context", ret);
+ if (krb5_pac_get_types(context, pac, &len, &types) == 0) {
printf("PAC buffer types:");
for (i = 0; i < len; i++)
printf(" %d", types[i]);
@@ -308,101 +118,62 @@ testMapNameToAny(OM_uint32 *minor,
free(types);
}
- gss_release_any_name_mapping(&tmp_minor, name,
- &type_id, (gss_any_t *)&pac);
-
- return GSS_S_COMPLETE;
+ (void)gss_release_any_name_mapping(&minor, name, &type_id,
+ (gss_any_t *)&pac);
}
-static OM_uint32
-initAcceptSecContext(OM_uint32 *minor,
- gss_cred_id_t verifier_cred_handle)
+static void
+init_accept_sec_context(gss_cred_id_t verifier_cred_handle)
{
- OM_uint32 major;
- gss_buffer_desc token, tmp;
+ OM_uint32 major, minor;
+ gss_buffer_desc token = GSS_C_EMPTY_BUFFER, tmp = GSS_C_EMPTY_BUFFER;
+ gss_name_t source_name = GSS_C_NO_NAME, target_name = GSS_C_NO_NAME;
gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
- gss_name_t source_name = GSS_C_NO_NAME;
- gss_name_t target_name = GSS_C_NO_NAME;
+ gss_OID mech = use_spnego ? &mech_spnego : &mech_krb5;
OM_uint32 time_rec;
- token.value = NULL;
- token.length = 0;
-
- tmp.value = NULL;
- tmp.length = 0;
-
- major = gss_inquire_cred(minor, verifier_cred_handle,
- &target_name, NULL, NULL, NULL);
- if (GSS_ERROR(major)) {
- displayStatus("gss_inquire_cred", major, *minor);
- return major;
- }
+ major = gss_inquire_cred(&minor, verifier_cred_handle, &target_name, NULL,
+ NULL, NULL);
+ check_gsserr("gss_inquire_cred", major, minor);
- displayCanonName(minor, target_name, "Target name");
+ display_canon_name("Target name", target_name, &mech_krb5);
- major = gss_init_sec_context(minor,
- verifier_cred_handle,
- &initiator_context,
- target_name,
- use_spnego ?
- (gss_OID)&spnego_mech :
- (gss_OID)gss_mech_krb5,
+ major = gss_init_sec_context(&minor, verifier_cred_handle,
+ &initiator_context, target_name, mech,
GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
- GSS_C_INDEFINITE,
- GSS_C_NO_CHANNEL_BINDINGS,
- GSS_C_NO_BUFFER,
- NULL,
- &token,
- NULL,
+ GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
+ GSS_C_NO_BUFFER, NULL, &token, NULL,
&time_rec);
-
- if (target_name != GSS_C_NO_NAME)
- (void) gss_release_name(minor, &target_name);
-
- if (GSS_ERROR(major)) {
- displayStatus("gss_init_sec_context", major, *minor);
- return major;
- }
-
- (void) gss_delete_sec_context(minor, &initiator_context, NULL);
-
- major = gss_accept_sec_context(minor,
- &acceptor_context,
- verifier_cred_handle,
- &token,
- GSS_C_NO_CHANNEL_BINDINGS,
- &source_name,
- NULL,
- &tmp,
- NULL,
- &time_rec,
- NULL);
-
- if (GSS_ERROR(major))
- displayStatus("gss_accept_sec_context", major, *minor);
- else {
- displayCanonName(minor, source_name, "Source name");
- enumerateAttributes(minor, source_name, 1);
- testExportImportName(minor, source_name);
- testMapNameToAny(minor, source_name);
- }
-
- (void) gss_release_name(minor, &source_name);
- (void) gss_delete_sec_context(minor, &acceptor_context, NULL);
- (void) gss_release_buffer(minor, &token);
- (void) gss_release_buffer(minor, &tmp);
-
- return major;
+ check_gsserr("gss_init_sec_context", major, minor);
+
+ (void)gss_release_name(&minor, &target_name);
+ (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
+
+ major = gss_accept_sec_context(&minor, &acceptor_context,
+ verifier_cred_handle, &token,
+ GSS_C_NO_CHANNEL_BINDINGS, &source_name,
+ NULL, &tmp, NULL, &time_rec, NULL);
+ check_gsserr("gss_accept_sec_context", major, minor);
+
+ display_canon_name("Source name", source_name, &mech_krb5);
+ enumerate_attributes(source_name, 1);
+ test_export_import_name(source_name);
+ test_map_name_to_any(source_name);
+
+ (void)gss_release_name(&minor, &source_name);
+ (void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
+ (void)gss_release_buffer(&minor, &token);
+ (void)gss_release_buffer(&minor, &tmp);
}
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- OM_uint32 minor, major, tmp;
+ OM_uint32 minor, major;
gss_cred_id_t cred_handle = GSS_C_NO_CREDENTIAL;
- gss_OID_set_desc mechs;
- gss_OID_set actual_mechs = GSS_C_NO_OID_SET;
- gss_name_t name = GSS_C_NO_NAME;
+ gss_OID_set mechs, actual_mechs = GSS_C_NO_OID_SET;
+ gss_name_t tmp_name, name;
if (argc > 1 && strcmp(argv[1], "--spnego") == 0) {
use_spnego++;
@@ -410,77 +181,38 @@ int main(int argc, char *argv[])
argv++;
}
- if (argc > 1) {
- gss_buffer_desc name_buf;
- gss_name_t tmp_name;
-
- name_buf.value = argv[1];
- name_buf.length = strlen(argv[1]);
-
- major = gss_import_name(&minor, &name_buf,
- (gss_OID)GSS_KRB5_NT_PRINCIPAL_NAME, &tmp_name);
- if (GSS_ERROR(major)) {
- displayStatus("gss_import_name", major, minor);
- goto out;
- }
-
- major = gss_canonicalize_name(&minor, tmp_name,
- (gss_OID)gss_mech_krb5, &name);
- if (GSS_ERROR(major)) {
- gss_release_name(&tmp, &tmp_name);
- displayStatus("gss_canonicalze_name", major, minor);
- goto out;
- }
-
- gss_release_name(&tmp, &tmp_name);
-
- major = testGreetAuthzData(&minor, name);
- if (GSS_ERROR(major))
- goto out;
- } else {
- fprintf(stderr, "Usage: %s [--spnego] [principal] [keytab]\n", argv[0]);
+ if (argc < 2) {
+ fprintf(stderr, "Usage: %s [--spnego] principal [keytab]\n", argv[0]);
exit(1);
}
- if (argc > 2) {
+ tmp_name = import_name(argv[1]);
+ major = gss_canonicalize_name(&minor, tmp_name, &mech_krb5, &name);
+ check_gsserr("gss_canonicalze_name", major, minor);
+ (void)gss_release_name(&minor, &tmp_name);
+
+ test_greet_authz_data(name);
+
+ if (argc >= 3) {
major = krb5_gss_register_acceptor_identity(argv[2]);
- if (GSS_ERROR(major)) {
- displayStatus("krb5_gss_register_acceptor_identity", major, minor);
- goto out;
- }
+ check_gsserr("krb5_gss_register_acceptor_identity", major, minor);
}
-
- mechs.elements = use_spnego ? (gss_OID)&spnego_mech :
- (gss_OID)gss_mech_krb5;
- mechs.count = 1;
+ mechs = use_spnego ? &mechset_spnego : &mechset_krb5;
/* get default cred */
- major = gss_acquire_cred(&minor,
- name,
- GSS_C_INDEFINITE,
- &mechs,
- GSS_C_BOTH,
- &cred_handle,
- &actual_mechs,
- NULL);
- if (GSS_ERROR(major)) {
- displayStatus("gss_acquire_cred", major, minor);
- goto out;
- }
+ major = gss_acquire_cred(&minor, name, GSS_C_INDEFINITE, mechs, GSS_C_BOTH,
+ &cred_handle, &actual_mechs, NULL);
+ check_gsserr("gss_acquire_cred", major, minor);
- (void) gss_release_oid_set(&minor, &actual_mechs);
+ (void)gss_release_oid_set(&minor, &actual_mechs);
- major = initAcceptSecContext(&minor, cred_handle);
- if (GSS_ERROR(major))
- goto out;
+ init_accept_sec_context(cred_handle);
printf("\n");
-out:
- (void) gss_release_cred(&tmp, &cred_handle);
- (void) gss_release_oid_set(&tmp, &actual_mechs);
- (void) gss_release_name(&tmp, &name);
-
- return GSS_ERROR(major) ? 1 : 0;
+ (void)gss_release_cred(&minor, &cred_handle);
+ (void)gss_release_oid_set(&minor, &actual_mechs);
+ (void)gss_release_name(&minor, &name);
+ return 0;
}
generated by cgit (git 2.34.1) at 2025-10-04 04:20:45 +0000