src - FreeBSD source tree

diff options


context:
space:
mode:

author	Stanislav Sedov <stas@FreeBSD.org>	2011-10-05 07:23:29 +0000
committer	Stanislav Sedov <stas@FreeBSD.org>	2011-10-05 07:23:29 +0000
commit	7c450da7b446c557e05f34a100b597800967d987 (patch)
tree	57a48e7e9b592f2d5b713e80a4455820625c2b7b /lib/gssapi/test_acquire_cred.c
parent	b4e3a10e9339a8400197298021d6ca9b8e3aa039 (diff)

vendor/heimdal/1.5

Diffstat (limited to 'lib/gssapi/test_acquire_cred.c')

-rw-r--r--

lib/gssapi/test_acquire_cred.c

142

1 files changed, 109 insertions, 33 deletions

diff --git a/lib/gssapi/test_acquire_cred.c b/lib/gssapi/test_acquire_cred.c
index fd2bc32dd52b..e1a929bf9620 100644
--- a/lib/gssapi/test_acquire_cred.c
+++ b/lib/gssapi/test_acquire_cred.c

@@ -1,18 +1,18 @@

- * (Royal Institute of Technology, Stockholm, Sweden).

+ * (Royal Institute of Technology, Stockholm, Sweden).

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

+ * Redistribution and use in source and binary forms, with or without

+ * modification, are permitted provided that the following conditions

+ * are met:

- * 1. Redistributions of source code must retain the above copyright

- * notice, this list of conditions and the following disclaimer.

+ * 1. Redistributions of source code must retain the above copyright

+ * notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- * notice, this list of conditions and the following disclaimer in the

- * documentation and/or other materials provided with the distribution.

+ * 2. Redistributions in binary form must reproduce the above copyright

+ * notice, this list of conditions and the following disclaimer in the

+ * documentation and/or other materials provided with the distribution.

* 3. Neither the name of KTH nor the names of its contributors may be

* used to endorse or promote products derived from this software without

@@ -35,19 +35,19 @@

#include <config.h>

#endif

+#include <roken.h>

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

#include <stdarg.h>

#include <gssapi.h>

+#include <gssapi_krb5.h>

+#include <gssapi_spnego.h>

#include <err.h>

-#include <roken.h>

#include <getarg.h>

#include "test_common.h"

-RCSID("$Id: test_acquire_cred.c 22129 2007-12-04 01:13:13Z lha $");

static void

print_time(OM_uint32 time_rec)

{

@@ -79,7 +79,7 @@ test_add(gss_cred_id_t cred_handle)

NULL,

&time_rec,

NULL);

if (GSS_ERROR(major_status))

errx(1, "add_cred failed");

@@ -98,7 +98,7 @@ copy_cred(void)

gss_cred_id_t cred_handle;

OM_uint32 time_rec;

- major_status = gss_acquire_cred(&minor_status,

+ major_status = gss_acquire_cred(&minor_status,

GSS_C_NO_NAME,

NULL,

@@ -108,7 +108,7 @@ copy_cred(void)

&time_rec);

if (GSS_ERROR(major_status))

errx(1, "acquire_cred failed");

print_time(time_rec);

test_add(cred_handle);

@@ -122,9 +122,10 @@ copy_cred(void)

}

#endif

-static void

+static gss_cred_id_t

acquire_cred_service(const char *service,

gss_OID nametype,

+ gss_OID_set oidset,

int flags)

{

OM_uint32 major_status, minor_status;

@@ -136,7 +137,7 @@ acquire_cred_service(const char *service,

if (service) {

name_buffer.value = rk_UNCONST(service);

name_buffer.length = strlen(service);

major_status = gss_import_name(&minor_status,

&name_buffer,

nametype,

@@ -145,18 +146,18 @@ acquire_cred_service(const char *service,

errx(1, "import_name failed");

}

- major_status = gss_acquire_cred(&minor_status,

+ major_status = gss_acquire_cred(&minor_status,

name,

- NULL,

+ oidset,

flags,

&cred_handle,

NULL,

&time_rec);

if (GSS_ERROR(major_status)) {

- warnx("acquire_cred failed: %s",

+ warnx("acquire_cred failed: %s",

gssapi_err(major_status, minor_status, GSS_C_NO_OID));

- } else {

+ } else {

print_time(time_rec);

gss_release_cred(&minor_status, &cred_handle);

}

@@ -166,18 +167,28 @@ acquire_cred_service(const char *service,

if (GSS_ERROR(major_status))

exit(1);

+ return cred_handle;

}

static int version_flag = 0;

static int help_flag = 0;

+static int kerberos_flag = 0;

+static int enctype = 0;

static char *acquire_name;

static char *acquire_type;

+static char *target_name;

static char *name_type;

static char *ccache;

+static int num_loops = 1;

static struct getargs args[] = {

{"acquire-name", 0, arg_string, &acquire_name, "name", NULL },

{"acquire-type", 0, arg_string, &acquire_type, "type", NULL },

+ {"enctype", 0, arg_integer, &enctype, "enctype-num", NULL },

+ {"loops", 0, arg_integer, &num_loops, "enctype-num", NULL },

+ {"kerberos", 0, arg_flag, &kerberos_flag, "enctype-num", NULL },

+ {"target-name", 0, arg_string, &target_name, "name", NULL },

{"ccache", 0, arg_string, &ccache, "name", NULL },

{"name-type", 0, arg_string, &name_type, "type", NULL },

{"version", 0, arg_flag, &version_flag, "print version", NULL },

@@ -194,14 +205,19 @@ usage (int ret)

int

main(int argc, char **argv)

{

- int optidx = 0;

+ gss_OID_set oidset = GSS_C_NULL_OID_SET;

+ gss_OID mechoid = GSS_C_NO_OID;

+ OM_uint32 maj_stat, min_stat;

+ gss_cred_id_t cred;

+ gss_name_t target = GSS_C_NO_NAME;

+ int i, optidx = 0;

OM_uint32 flag;

gss_OID type;

setprogname(argv[0]);

if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))

usage(1);

if (help_flag)

usage (0);

@@ -227,7 +243,7 @@ main(int argc, char **argv)

errx(1, "unknown type %s", acquire_type);

} else

flag = GSS_C_ACCEPT;

if (name_type) {

if (strcasecmp("hostbased-service", name_type) == 0)

type = GSS_C_NT_HOSTBASED_SERVICE;

@@ -239,15 +255,75 @@ main(int argc, char **argv)

type = GSS_C_NT_HOSTBASED_SERVICE;

if (ccache) {

- OM_uint32 major_status, minor_status;

- major_status = gss_krb5_ccache_name(&minor_status,

- ccache, NULL);

- if (GSS_ERROR(major_status))

- errx(1, "gss_krb5_ccache_name %s",

- gssapi_err(major_status, minor_status, GSS_C_NO_OID));

+ maj_stat = gss_krb5_ccache_name(&min_stat, ccache, NULL);

+ if (GSS_ERROR(maj_stat))

+ errx(1, "gss_krb5_ccache_name %s",

+ gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));

+ }

+ if (kerberos_flag) {

+ mechoid = GSS_KRB5_MECHANISM;

+ maj_stat = gss_create_empty_oid_set(&min_stat, &oidset);

+ if (maj_stat != GSS_S_COMPLETE)

+ errx(1, "gss_create_empty_oid_set: %s",

+ gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));

+ maj_stat = gss_add_oid_set_member(&min_stat, GSS_KRB5_MECHANISM, &oidset);

+ if (maj_stat != GSS_S_COMPLETE)

+ errx(1, "gss_add_oid_set_member: %s",

+ gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));

+ }

+ if (target_name) {

+ gss_buffer_desc name;

+ name.value = target_name;

+ name.length = strlen(target_name);

+ maj_stat = gss_import_name(&min_stat, &name,

+ GSS_C_NT_HOSTBASED_SERVICE, &target);

+ if (maj_stat != GSS_S_COMPLETE)

+ errx(1, "gss_import_name: %s",

+ gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));

+ }

+ for (i = 0; i < num_loops; i++) {

+ cred = acquire_cred_service(acquire_name, type, oidset, flag);

+ if (enctype) {

+ int32_t enctypelist = enctype;

+ maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, cred,

+ 1, &enctypelist);

+ if (maj_stat)

+ errx(1, "gss_krb5_set_allowable_enctypes: %s",

+ gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));

+ }

+ if (target) {

+ gss_ctx_id_t context = GSS_C_NO_CONTEXT;

+ gss_buffer_desc out;

+ out.length = 0;

+ out.value = NULL;

+ maj_stat = gss_init_sec_context(&min_stat,

+ cred, &context,

+ target, mechoid,

+ GSS_C_MUTUAL_FLAG, 0, NULL,

+ GSS_C_NO_BUFFER, NULL,

+ &out, NULL, NULL);

+ if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED)

+ errx(1, "init_sec_context failed: %s",

+ gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));

+ gss_release_buffer(&min_stat, &out);

+ gss_delete_sec_context(&min_stat, &context, NULL);

+ }

+ gss_release_cred(&min_stat, &cred);

}

- acquire_cred_service(acquire_name, type, flag);

return 0;

}