oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Add delegate flag and check that the delegated cred works.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19044 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-11-15 10:19:41 +00:00
parent c00799be18
commit 0be2851d8e
1 changed files with 22 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
lib/gssapi/test_context.c
View File

@@ -42,6 +42,7 @@ static char *mech_string;
static int dns_canon_flag = -1; static int dns_canon_flag = -1;
static int mutual_auth_flag = 0; static int mutual_auth_flag = 0;
static int dce_style_flag = 0; static int dce_style_flag = 0;
static int deleg_flag = 0;
static int version_flag = 0; static int version_flag = 0;
static int verbose_flag = 0; static int verbose_flag = 0;
static int help_flag = 0; static int help_flag = 0;
@@ -75,20 +76,23 @@ static char *gssapi_err(OM_uint32 maj_stat, OM_uint32 min_stat,
static void static void
loop(gss_OID mechoid, loop(gss_OID mechoid,
gss_OID nameoid, const char *target, gss_OID nameoid, const char *target,
gss_ctx_id_t *sctx, gss_ctx_id_t *cctx) gss_cred_id_t init_cred,
gss_ctx_id_t *sctx, gss_ctx_id_t *cctx,
gss_cred_id_t *deleg_cred)
{ {
int server_done = 0, client_done = 0; int server_done = 0, client_done = 0;
OM_uint32 maj_stat, min_stat; OM_uint32 maj_stat, min_stat;
gss_name_t gss_target_name; gss_name_t gss_target_name;
gss_buffer_desc input_token, output_token; gss_buffer_desc input_token, output_token;
OM_uint32 flags = 0, ret_cflags, ret_sflags; OM_uint32 flags = 0, ret_cflags, ret_sflags;
gss_cred_id_t deleg_cred = GSS_C_NO_CREDENTIAL;
gss_OID mechoid_out; gss_OID mechoid_out;
if (mutual_auth_flag) if (mutual_auth_flag)
flags |= GSS_C_MUTUAL_FLAG; flags |= GSS_C_MUTUAL_FLAG;
if (dce_style_flag) if (dce_style_flag)
flags |= GSS_C_DCE_STYLE; flags |= GSS_C_DCE_STYLE;
if (deleg_flag)
flags |= GSS_C_DELEG_FLAG;
input_token.value = rk_UNCONST(target); input_token.value = rk_UNCONST(target);
input_token.length = strlen(target); input_token.length = strlen(target);
@@ -106,7 +110,7 @@ loop(gss_OID mechoid,
while (!server_done || !client_done) { while (!server_done || !client_done) {
maj_stat = gss_init_sec_context(&min_stat, maj_stat = gss_init_sec_context(&min_stat,
GSS_C_NO_CREDENTIAL, init_cred,
cctx, cctx,
gss_target_name, gss_target_name,
mechoid, mechoid,
@@ -142,7 +146,7 @@ loop(gss_OID mechoid,
&input_token, &input_token,
&ret_sflags, &ret_sflags,
NULL, NULL,
&deleg_cred); deleg_cred);
if (GSS_ERROR(maj_stat)) if (GSS_ERROR(maj_stat))
errx(1, "accept_sec_context: %s", errx(1, "accept_sec_context: %s",
gssapi_err(maj_stat, min_stat, mechoid_out)); gssapi_err(maj_stat, min_stat, mechoid_out));
@@ -199,6 +203,7 @@ static struct getargs args[] = {
"use dns to canonicalize", NULL }, "use dns to canonicalize", NULL },
{"mutual-auth",0, arg_flag, &mutual_auth_flag,"mutual auth", NULL }, {"mutual-auth",0, arg_flag, &mutual_auth_flag,"mutual auth", NULL },
{"dce-style",0, arg_flag, &dce_style_flag, "dce-style", NULL }, {"dce-style",0, arg_flag, &dce_style_flag, "dce-style", NULL },
{"delegate",0, arg_flag, &deleg_flag, "delegate credential", NULL },
{"version", 0, arg_flag, &version_flag, "print version", NULL }, {"version", 0, arg_flag, &version_flag, "print version", NULL },
{"verbose", 'v', arg_flag, &verbose_flag, "verbose", NULL }, {"verbose", 'v', arg_flag, &verbose_flag, "verbose", NULL },
{"help", 0, arg_flag, &help_flag, NULL, NULL } {"help", 0, arg_flag, &help_flag, NULL, NULL }
@@ -220,6 +225,8 @@ main(int argc, char **argv)
gss_ctx_id_t cctx, sctx; gss_ctx_id_t cctx, sctx;
void *ctx; void *ctx;
gss_OID nameoid, mechoid; gss_OID nameoid, mechoid;
gss_cred_id_t deleg_cred = GSS_C_NO_CREDENTIAL;
setprogname(argv[0]); setprogname(argv[0]);
@@ -265,7 +272,8 @@ main(int argc, char **argv)
else else
errx(1, "%s not suppported", mech_string); errx(1, "%s not suppported", mech_string);
loop(mechoid, nameoid, argv[0], &sctx, &cctx); loop(mechoid, nameoid, argv[0], GSS_C_NO_CREDENTIAL,
&sctx, &cctx, &deleg_cred);
if (gss_oid_equal(mechoid, GSS_KRB5_MECHANISM)) { if (gss_oid_equal(mechoid, GSS_KRB5_MECHANISM)) {
krb5_context context; krb5_context context;
@@ -373,5 +381,14 @@ main(int argc, char **argv)
gss_delete_sec_context(&min_stat, &cctx, NULL); gss_delete_sec_context(&min_stat, &cctx, NULL);
gss_delete_sec_context(&min_stat, &sctx, NULL); gss_delete_sec_context(&min_stat, &sctx, NULL);
if (deleg_cred != GSS_C_NO_CREDENTIAL) {
loop(mechoid, nameoid, argv[0], deleg_cred, &cctx, &sctx, NULL);
gss_delete_sec_context(&min_stat, &cctx, NULL);
gss_delete_sec_context(&min_stat, &sctx, NULL);
}
return 0; return 0;
} }