3 files changed, 141 insertions, 15 deletions

diff --git a/src/appl/gss-sample/ChangeLog b/src/appl/gss-sample/ChangeLog
index d82e360ef..dd6dadef2 100644
--- a/src/appl/gss-sample/ChangeLog
+++ b/src/appl/gss-sample/ChangeLog
@@ -1,3 +1,15 @@
+Mon Oct 21 20:03:53 1996  Theodore Y. Ts'o  <tytso@mit.edu>
+
+	* gss-server.c: Re-added code to test import and export security
+ 		context.  Yes, yes, I know this isn't the best place to
+ 		have this test, but DO NOT REMOVE THIS TEST UNTIL WE HAVE
+ 		IT CODED ELSEWHERE.  Better slightly ugly sample server
+ 		code than untested (and broken) library code....  Add code
+ 		to print out the mechanism OID used by accept_sec_context.
+
+	* gss-client.c: Add code to allow user to specify the mechanism
+		OID that gss-client should use.
+
 Wed Jun  5 00:08:32 1996  Theodore Y. Ts'o  <tytso@mit.edu>
 
 	* gss-client.c (call_server): When reading in the test value from
diff --git a/src/appl/gss-sample/gss-client.c b/src/appl/gss-sample/gss-client.c
index fca0ef231..170bc6340 100644
--- a/src/appl/gss-sample/gss-client.c
+++ b/src/appl/gss-sample/gss-client.c
@@ -27,6 +27,8 @@ static char *rcsid = "$Header$";
 #include <stdio.h>
 #include <unistd.h>
 #include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
@@ -119,10 +121,11 @@ int connect_to_server(host, port)
  * unsuccessful, the GSS-API error messages are displayed on stderr
  * and -1 is returned.
  */
-int client_establish_context(s, service_name, deleg_flag,
+int client_establish_context(s, service_name, deleg_flag, oid,
 			     gss_context, ret_flags)
      int s;
      char *service_name;
+     gss_OID oid;
      OM_uint32 deleg_flag;
      gss_ctx_id_t *gss_context;
      OM_uint32 *ret_flags;
@@ -169,7 +172,7 @@ int client_establish_context(s, service_name, deleg_flag,
 				    GSS_C_NO_CREDENTIAL,
 				    gss_context,
 				    target_name,
-				    GSS_C_NULL_OID,
+				    oid,
 				    GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG |
 							deleg_flag,
 				    0,
@@ -276,9 +279,10 @@ void read_file(file_name, in_buf)
  * verifies it with gss_verify.  -1 is returned if any step fails,
  * otherwise 0 is returned.
  */
-int call_server(host, port, service_name, deleg_flag, msg, use_file)
+int call_server(host, port, oid, service_name, deleg_flag, msg, use_file)
      char *host;
      u_short port;
+     gss_OID oid;
      char *service_name;
      OM_uint32 deleg_flag;
      char *msg;
@@ -306,7 +310,7 @@ int call_server(host, port, service_name, deleg_flag, msg, use_file)
 	  return -1;
 
      /* Establish context */
-     if (client_establish_context(s, service_name, deleg_flag, &context,
+     if (client_establish_context(s, service_name, deleg_flag, oid, &context,
 				  &ret_flags) < 0) {
 	  (void) close(s);
 	  return -1;
@@ -461,14 +465,45 @@ int call_server(host, port, service_name, deleg_flag, msg, use_file)
      return 0;
 }
 
+static void parse_oid(char *mechanism, gss_OID *oid)
+{
+    char	*mechstr = 0, *cp;
+    gss_buffer_desc tok;
+    OM_uint32 maj_stat, min_stat;
+    
+    if (isdigit(mechanism[0])) {
+	mechstr = malloc(strlen(mechanism)+5);
+	if (!mechstr) {
+	    printf("Couldn't allocate mechanism scratch!\n");
+	    return;
+	}
+	sprintf(mechstr, "{ %s }", mechanism);
+	for (cp = mechstr; *cp; cp++)
+	    if (*cp == '.')
+		*cp = ' ';
+	tok.value = mechstr;
+    } else
+	tok.value = mechanism;
+    tok.length = strlen(tok.value);
+    maj_stat = gss_str_to_oid(&min_stat, &tok, oid);
+    if (maj_stat != GSS_S_COMPLETE) {
+	display_status("str_to_oid", maj_stat, min_stat);
+	return;
+    }
+    if (mechstr)
+	free(mechstr);
+}
+
 int main(argc, argv)
      int argc;
      char **argv;
 {
      char *service_name, *server_host, *msg;
+     char *mechanism = 0;
      u_short port = 4444;
      int use_file = 0;
-     OM_uint32 deleg_flag = 0;
+     OM_uint32 deleg_flag = 0, min_stat;
+     gss_OID oid = GSS_C_NULL_OID;
      
      display_file = stdout;
 
@@ -479,7 +514,11 @@ int main(argc, argv)
 	       argc--; argv++;
 	       if (!argc) usage();
 	       port = atoi(*argv);
-	  } else if (strcmp(*argv, "-d") == 0) {
+	   } else if (strcmp(*argv, "-mech") == 0) {
+	       argc--; argv++;
+	       if (!argc) usage();
+	       mechanism = *argv;
+	   } else if (strcmp(*argv, "-d") == 0) {
 	       deleg_flag = GSS_C_DELEG_FLAG;
 	  } else if (strcmp(*argv, "-f") == 0) {
 	       use_file = 1;
@@ -494,10 +533,16 @@ int main(argc, argv)
      service_name = *argv++;
      msg = *argv++;
 
-     if (call_server(server_host, port, service_name,
+     if (mechanism)
+	 parse_oid(mechanism, &oid);
+
+     if (call_server(server_host, port, oid, service_name,
 		     deleg_flag, msg, use_file) < 0)
 	  exit(1);
 
+     if (oid != GSS_C_NULL_OID)
+	 (void) gss_release_oid(&min_stat, &oid);
+	 
      return 0;
 }
 
diff --git a/src/appl/gss-sample/gss-server.c b/src/appl/gss-sample/gss-server.c
index bd4e7fe90..c2549e4b6 100644
--- a/src/appl/gss-sample/gss-server.c
+++ b/src/appl/gss-sample/gss-server.c
@@ -27,6 +27,7 @@ static char *rcsid = "$Header$";
 #include <stdio.h>
 #include <sys/types.h>
 #include <sys/socket.h>
+#include <sys/time.h>
 #include <netinet/in.h>
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
@@ -43,7 +44,7 @@ static char *rcsid = "$Header$";
 #include <strings.h>
 #endif
 
-usage()
+void usage()
 {
      fprintf(stderr, "Usage: gss-server [-port port] [-verbose]\n");
      fprintf(stderr, "       [-inetd] [-logfile file] [service_name]\n");
@@ -137,6 +138,7 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags)
      gss_name_t client;
      gss_OID doid;
      OM_uint32 maj_stat, min_stat;
+     gss_buffer_desc	oid_name;
 
      *context = GSS_C_NO_CONTEXT;
      
@@ -145,7 +147,7 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags)
 	       return -1;
 
 	  if (verbose && log) {
-	      fprintf(log, "Received token: \n");
+	      fprintf(log, "Received token (size=%d): \n", recv_tok.length);
 	      print_token(&recv_tok);
 	  }
 
@@ -173,7 +175,7 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags)
 	  if (send_tok.length != 0) {
 	      if (verbose && log) {
 		  fprintf(log,
-			  "Sending accept_sec_context token (size=%d)...",
+			  "Sending accept_sec_context token (size=%d):\n",
 			  send_tok.length);
 		  print_token(&send_tok);
 	      }
@@ -184,11 +186,11 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags)
 
 	       (void) gss_release_buffer(&min_stat, &send_tok);
 	  }
-	  if (log) {
+	  if (verbose && log) {
 	      if (maj_stat == GSS_S_CONTINUE_NEEDED)
-		  fprintf(log, "\n");
-	      else
 		  fprintf(log, "continue needed...\n");
+	      else
+		  fprintf(log, "\n");
 	      fflush(log);
 	  }
      } while (maj_stat == GSS_S_CONTINUE_NEEDED);
@@ -196,6 +198,17 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags)
      /* display the flags */
      display_ctx_flags(*ret_flags);
 
+     if (verbose && log) {
+	 maj_stat = gss_oid_to_str(&min_stat, doid, &oid_name);
+	 if (maj_stat != GSS_S_COMPLETE) {
+	     display_status("converting oid->string", maj_stat, min_stat);
+	     return -1;
+	 }
+	 fprintf(log, "Accepted connection using mechanism OID %.*s.\n",
+		 (int) oid_name.length, (char *) oid_name.value);
+	 (void) gss_release_buffer(&min_stat, &oid_name);
+     }
+
      maj_stat = gss_display_name(&min_stat, client, client_name, &doid);
      if (maj_stat != GSS_S_COMPLETE) {
 	  display_status("displaying name", maj_stat, min_stat);
@@ -255,6 +268,58 @@ int create_socket(port)
      return s;
 }
 
+static float timeval_subtract(tv1, tv2)
+	struct timeval *tv1, *tv2;
+{
+	return ((tv1->tv_sec - tv2->tv_sec) +
+		((float) (tv1->tv_usec - tv2->tv_usec)) / 1000000);
+}
+
+/*
+ * Yes, yes, this isn't the best place for doing this test.
+ * DO NOT REMOVE THIS UNTIL A BETTER TEST HAS BEEN WRITTEN, THOUGH.
+ * 					-TYT
+ */
+int test_import_export_context(context)
+	gss_ctx_id_t *context;
+{
+	OM_uint32	min_stat, maj_stat;
+	gss_buffer_desc context_token, copied_token;
+	struct timeval tm1, tm2;
+	
+	/*
+	 * Attempt to save and then restore the context.
+	 */
+	gettimeofday(&tm1, (struct timezone *)0);
+	maj_stat = gss_export_sec_context(&min_stat, context, &context_token);
+	if (maj_stat != GSS_S_COMPLETE) {
+		display_status("exporting context", maj_stat, min_stat);
+		return 1;
+	}
+	gettimeofday(&tm2, (struct timezone *)0);
+	if (verbose && log)
+		fprintf(log, "Exported context: %d bytes, %7.4f seconds\n",
+			context_token.length, timeval_subtract(&tm2, &tm1));
+	copied_token.length = context_token.length;
+	copied_token.value = malloc(context_token.length);
+	if (copied_token.value == 0) {
+	    fprintf(log, "Couldn't allocate memory to copy context token.\n");
+	    return 1;
+	}
+	memcpy(copied_token.value, context_token.value, copied_token.length);
+	maj_stat = gss_import_sec_context(&min_stat, &copied_token, context);
+	if (maj_stat != GSS_S_COMPLETE) {
+		display_status("importing context", maj_stat, min_stat);
+		return 1;
+	}
+	gettimeofday(&tm1, (struct timezone *)0);
+	if (verbose && log)
+		fprintf(log, "Importing context: %7.4f seconds\n",
+			timeval_subtract(&tm1, &tm2));
+	(void) gss_release_buffer(&min_stat, &context_token);
+	return 0;
+}
+
 /*
  * Function: sign_server
  *
@@ -296,9 +361,13 @@ int sign_server(s, server_creds)
 	return(-1);
 	  
      printf("Accepted connection: \"%.*s\"\n",
-	    client_name.length, client_name.value);
+	    (int) client_name.length, (char *) client_name.value);
      (void) gss_release_buffer(&min_stat, &client_name);
 
+     for (i=0; i < 3; i++)
+	     if (test_import_export_context(&context))
+		     return -1;
+
      /* Receive the sealed message token */
      if (recv_token(s, &xmit_buf) < 0)
 	return(-1);
@@ -416,7 +485,7 @@ main(argc, argv)
      } else {
 	 int stmp;
 
-	 if (stmp = create_socket(port)) {
+	 if ((stmp = create_socket(port))) {
 	     do {
 		 /* Accept a TCP connection */
 		 if ((s = accept(stmp, NULL, 0)) < 0) {