diff --git a/lib/gssapi/Makefile.am b/lib/gssapi/Makefile.am index f09c7ef59..df2b12eb3 100644 --- a/lib/gssapi/Makefile.am +++ b/lib/gssapi/Makefile.am @@ -279,7 +279,7 @@ TESTS = test_oid test_names test_cfx test_cfx_SOURCES = krb5/test_cfx.c -check_PROGRAMS = test_acquire_cred test_init_creds $(TESTS) +check_PROGRAMS = test_acquire_cred $(TESTS) bin_PROGRAMS = gss noinst_PROGRAMS = test_cred test_kcred test_context test_ntlm @@ -287,7 +287,6 @@ noinst_PROGRAMS = test_cred test_kcred test_context test_ntlm test_context_SOURCES = test_context.c test_common.c test_common.h test_ntlm_SOURCES = test_ntlm.c test_common.c test_common.h test_acquire_cred_SOURCES = test_acquire_cred.c test_common.c test_common.h -test_init_creds_SOURCES = test_init_creds.c test_common.c test_common.h test_ntlm_LDADD = \ $(top_builddir)/lib/ntlm/libheimntlm.la \ diff --git a/lib/gssapi/test_acquire_cred.c b/lib/gssapi/test_acquire_cred.c index 632a92495..dbb17db7f 100644 --- a/lib/gssapi/test_acquire_cred.c +++ b/lib/gssapi/test_acquire_cred.c @@ -124,9 +124,10 @@ copy_cred(void) } #endif -static void +static gss_cred_id_t acquire_cred_service(const char *service, gss_OID nametype, + gss_OID_set oidset, int flags) { OM_uint32 major_status, minor_status; @@ -150,7 +151,7 @@ acquire_cred_service(const char *service, major_status = gss_acquire_cred(&minor_status, name, 0, - NULL, + oidset, flags, &cred_handle, NULL, @@ -168,18 +169,28 @@ acquire_cred_service(const char *service, if (GSS_ERROR(major_status)) exit(1); + + return cred_handle; } static int version_flag = 0; static int help_flag = 0; +static int kerberos_flag = 0; +static int enctype = 0; static char *acquire_name; static char *acquire_type; +static char *target_name; static char *name_type; static char *ccache; +static int num_loops = 1; static struct getargs args[] = { {"acquire-name", 0, arg_string, &acquire_name, "name", NULL }, {"acquire-type", 0, arg_string, &acquire_type, "type", NULL }, + {"enctype", 0, arg_integer, &enctype, "enctype-num", NULL }, + {"loops", 0, arg_integer, &num_loops, "enctype-num", NULL }, + {"kerberos", 0, arg_flag, &kerberos_flag, "enctype-num", NULL }, + {"target-name", 0, arg_string, &target_name, "name", NULL }, {"ccache", 0, arg_string, &ccache, "name", NULL }, {"name-type", 0, arg_string, &name_type, "type", NULL }, {"version", 0, arg_flag, &version_flag, "print version", NULL }, @@ -196,7 +207,12 @@ usage (int ret) int main(int argc, char **argv) { - int optidx = 0; + gss_OID_set oidset = GSS_C_NULL_OID_SET; + gss_OID mechoid = GSS_C_NO_OID; + OM_uint32 maj_stat, min_stat; + gss_cred_id_t cred; + gss_name_t target = GSS_C_NO_NAME; + int i, optidx = 0; OM_uint32 flag; gss_OID type; @@ -241,15 +257,75 @@ main(int argc, char **argv) type = GSS_C_NT_HOSTBASED_SERVICE; if (ccache) { - OM_uint32 major_status, minor_status; - major_status = gss_krb5_ccache_name(&minor_status, - ccache, NULL); - if (GSS_ERROR(major_status)) + maj_stat = gss_krb5_ccache_name(&min_stat, ccache, NULL); + if (GSS_ERROR(maj_stat)) errx(1, "gss_krb5_ccache_name %s", - gssapi_err(major_status, minor_status, GSS_C_NO_OID)); + gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); + } + + if (kerberos_flag) { + mechoid = GSS_KRB5_MECHANISM; + + maj_stat = gss_create_empty_oid_set(&min_stat, &oidset); + if (maj_stat != GSS_S_COMPLETE) + errx(1, "gss_create_empty_oid_set: %s", + gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); + + maj_stat = gss_add_oid_set_member(&min_stat, GSS_KRB5_MECHANISM, &oidset); + if (maj_stat != GSS_S_COMPLETE) + errx(1, "gss_add_oid_set_member: %s", + gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); + } + + if (target_name) { + gss_buffer_desc name; + + name.value = target_name; + name.length = strlen(target_name); + maj_stat = gss_import_name(&min_stat, &name, + GSS_C_NT_HOSTBASED_SERVICE, &target); + if (maj_stat != GSS_S_COMPLETE) + errx(1, "gss_import_name: %s", + gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); + } + + for (i = 0; i < num_loops; i++) { + + cred = acquire_cred_service(acquire_name, type, oidset, flag); + + if (enctype) { + int32_t enctypelist = enctype; + + maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, cred, + 1, &enctypelist); + if (maj_stat) + errx(1, "gss_krb5_set_allowable_enctypes: %s", + gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); + } + + if (target) { + gss_ctx_id_t context = GSS_C_NO_CONTEXT; + gss_buffer_desc out; + + out.length = 0; + out.value = NULL; + + maj_stat = gss_init_sec_context(&min_stat, + cred, &context, + target, mechoid, + GSS_C_MUTUAL_FLAG, 0, NULL, + GSS_C_NO_BUFFER, NULL, + &out, NULL, NULL); + if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED) + errx(1, "init_sec_context failed: %s", + gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); + + gss_release_buffer(&min_stat, &out); + gss_delete_sec_context(&min_stat, &context, NULL); + } + gss_release_cred(&min_stat, &cred); } - acquire_cred_service(acquire_name, type, flag); return 0; } diff --git a/lib/gssapi/test_init_creds.c b/lib/gssapi/test_init_creds.c deleted file mode 100644 index 3a3cf9720..000000000 --- a/lib/gssapi/test_init_creds.c +++ /dev/null @@ -1,172 +0,0 @@ -/* - * - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "test_common.h" - - -static char *source_name; -static char *target_name; -static gss_cred_id_t source_cred; -static int enctype; - -static int kerberos_flag = 0; -static int loop_max = 10; - -static int version_flag = 0; -static int help_flag = 0; - -static struct getargs args[] = { - {"source-name", 0, arg_string, &source_name, "name", NULL }, - {"target-name", 0, arg_string, &target_name, "name", NULL }, - {"enctype", 0, arg_integer, &enctype, "enctype-num", NULL }, - {"kerberos",0, arg_flag, &kerberos_flag, "force use kerberos", NULL }, - {"version", 0, arg_flag, &version_flag, "print version", NULL }, - {"help", 0, arg_flag, &help_flag, NULL, NULL } -}; - -static void -usage (int ret) -{ - arg_printusage (args, sizeof(args)/sizeof(*args), NULL, ""); - exit (ret); -} - - -int -main(int argc, char **argv) -{ - gss_name_t sourcegname = GSS_C_NO_NAME, targetgname; - gss_OID_set source_oidset = GSS_C_NULL_OID_SET; - gss_OID source_mechoid = GSS_C_NO_OID; - OM_uint32 maj_stat, min_stat; - gss_buffer_desc name; - int i, optidx = 0; - - setprogname(argv[0]); - if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) - usage(1); - - if (help_flag) - usage (0); - - if(version_flag){ - print_version(NULL); - exit(0); - } - - argc -= optidx; - argv += optidx; - - if (argc != 0) - usage(1); - - if (target_name == NULL) - errx(1, "no --target-name set"); - - if (source_name == NULL) - warnx("no --source name set"); - - if (source_name == NULL && enctype) - errx(1, "no --source name set but there is enctype, not possible"); - - if (kerberos_flag) { - source_mechoid = GSS_KRB5_MECHANISM; - - maj_stat = gss_create_empty_oid_set(&min_stat, &source_oidset); - if (maj_stat != GSS_S_COMPLETE) - errx(1, "gss_create_empty_oid_set: %s", - gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); - - maj_stat = gss_add_oid_set_member(&min_stat, - GSS_KRB5_MECHANISM, &source_oidset); - if (maj_stat != GSS_S_COMPLETE) - errx(1, "gss_add_oid_set_member: %s", - gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); - } - - /* - * Import source and target names - */ - - if (source_name) { - name.value = source_name; - name.length = strlen(source_name); - maj_stat = gss_import_name(&min_stat, &name, GSS_C_NT_HOSTBASED_SERVICE, &sourcegname); - if (maj_stat != GSS_S_COMPLETE) - errx(1, "gss_import_name: %s", - gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); - } - - name.value = target_name; - name.length = strlen(target_name); - maj_stat = gss_import_name(&min_stat, &name, GSS_C_NT_HOSTBASED_SERVICE, &targetgname); - if (maj_stat != GSS_S_COMPLETE) - errx(1, "gss_import_name: %s", - gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); - - /* - * Run the loop a couple of times to make sure it works... - */ - - for (i = 0; i < loop_max; i++) { - gss_ctx_id_t context; - gss_buffer_desc out; - - if (sourcegname) { - maj_stat = gss_acquire_cred(&min_stat, sourcegname, 0, source_oidset, - GSS_C_INITIATE, &source_cred, NULL, NULL); - if (maj_stat) { - errx(1, "gss_acquire_cred: %s", - gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); - } - - if (enctype) { - int32_t enctypelist = enctype; - maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, source_cred, 1, &enctypelist); - if (maj_stat) - errx(1, "gss_krb5_set_allowable_enctypes: %s", - gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); - } - } - - out.length = 0; - out.value = NULL; - - context = GSS_C_NO_CONTEXT; - - maj_stat = gss_init_sec_context(&min_stat, - source_cred, &context, - targetgname, source_mechoid, - GSS_C_MUTUAL_FLAG, 0, NULL, GSS_C_NO_BUFFER, NULL, - &out, NULL, NULL); - if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED) - errx(1, "init_sec_context failed: %s", - gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); - - gss_release_cred(&min_stat, &source_cred); - gss_release_buffer(&min_stat, &out); - gss_delete_sec_context(&min_stat, &context, NULL); - } - - gss_release_name(&min_stat, &sourcegname); - gss_release_name(&min_stat, &targetgname); - - - return 0; -}