From 400a2a34cdf68fe96ec5b69b56afcf4b223a24ad Mon Sep 17 00:00:00 2001 From: Assar Westerlund Date: Tue, 21 Sep 1999 05:06:06 +0000 Subject: [PATCH] new files git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6999 ec53bebd-3082-4978-b11e-865c3cabbd6b --- appl/test/nt_gss_client.c | 204 +++++++++++++++++++++++++++++++ appl/test/nt_gss_common.c | 136 +++++++++++++++++++++ appl/test/nt_gss_common.h | 50 ++++++++ appl/test/nt_gss_server.c | 247 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 637 insertions(+) create mode 100644 appl/test/nt_gss_client.c create mode 100644 appl/test/nt_gss_common.c create mode 100644 appl/test/nt_gss_common.h create mode 100644 appl/test/nt_gss_server.c diff --git a/appl/test/nt_gss_client.c b/appl/test/nt_gss_client.c new file mode 100644 index 000000000..019d9abb7 --- /dev/null +++ b/appl/test/nt_gss_client.c @@ -0,0 +1,204 @@ +/* + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "test_locl.h" +#include +#include "nt_gss_common.h" + +RCSID("$Id$"); + +/* + * This program tries to act as a client for the sample in `Sample + * SSPI Code' in Windows 2000 RC1 SDK. + */ + +static int +proto (int sock, const char *hostname, const char *service) +{ + struct sockaddr_in remote, local; + int addrlen; + + int context_established = 0; + gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT; + gss_buffer_t input_token, output_token; + gss_buffer_desc real_input_token, real_output_token; + OM_uint32 maj_stat, min_stat; + gss_name_t server; + gss_buffer_desc name_token; + + name_token.length = asprintf ((char **)&name_token.value, + "%s@%s", service, hostname); + + maj_stat = gss_import_name (&min_stat, + &name_token, + GSS_C_NT_HOSTBASED_SERVICE, + &server); + if (GSS_ERROR(maj_stat)) + gss_err (1, min_stat, + "Error importing name `%s@%s':\n", service, hostname); + + addrlen = sizeof(local); + if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0 + || addrlen != sizeof(local)) + err (1, "getsockname(%s)", hostname); + + addrlen = sizeof(remote); + if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0 + || addrlen != sizeof(remote)) + err (1, "getpeername(%s)", hostname); + + input_token = &real_input_token; + output_token = &real_output_token; + + input_token->length = 0; + output_token->length = 0; + + while(!context_established) { + maj_stat = + gss_init_sec_context(&min_stat, + GSS_C_NO_CREDENTIAL, + &context_hdl, + server, + GSS_C_NO_OID, + GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG, + 0, + GSS_C_NO_CHANNEL_BINDINGS, + input_token, + NULL, + output_token, + NULL, + NULL); + if (GSS_ERROR(maj_stat)) + gss_err (1, min_stat, "gss_init_sec_context"); + if (output_token->length != 0) + nt_write_token (sock, output_token); + if (GSS_ERROR(maj_stat)) { + if (context_hdl != GSS_C_NO_CONTEXT) + gss_delete_sec_context (&min_stat, + &context_hdl, + GSS_C_NO_BUFFER); + break; + } + if (maj_stat & GSS_S_CONTINUE_NEEDED) { + nt_read_token (sock, input_token); + } else { + context_established = 1; + } + + } + + /* get_mic */ + + input_token->length = 3; + input_token->value = strdup("hej"); + + maj_stat = gss_get_mic(&min_stat, + context_hdl, + GSS_C_QOP_DEFAULT, + input_token, + output_token); + if (GSS_ERROR(maj_stat)) + gss_err (1, min_stat, "gss_get_mic"); + + nt_write_token (sock, input_token); + nt_write_token (sock, output_token); + + /* wrap */ + + input_token->length = 7; + input_token->value = "hemligt"; + + + maj_stat = gss_wrap (&min_stat, + context_hdl, + 1, + GSS_C_QOP_DEFAULT, + input_token, + NULL, + output_token); + if (GSS_ERROR(maj_stat)) + gss_err (1, min_stat, "gss_wrap"); + + nt_write_token (sock, output_token); + + return 0; +} + +static int +doit (const char *hostname, int port, const char *service) +{ + struct in_addr **h; + struct hostent *hostent; + + hostent = roken_gethostbyname (hostname); + if (hostent == NULL) + errx (1, "gethostbyname '%s' failed: %s", + hostname, + hstrerror(h_errno)); + + for (h = (struct in_addr **)hostent->h_addr_list; + *h != NULL; + ++h) { + struct sockaddr_in addr; + int s; + + memset (&addr, 0, sizeof(addr)); + addr.sin_family = AF_INET; + addr.sin_port = port; + addr.sin_addr = **h; + + s = socket (AF_INET, SOCK_STREAM, 0); + if (s < 0) + err (1, "socket"); + if (connect (s, (struct sockaddr *)&addr, sizeof(addr)) < 0) { + warn ("connect(%s)", hostname); + close (s); + continue; + } + return proto (s, hostname, service); + } + return 1; +} + +int +main(int argc, char **argv) +{ + krb5_context context; /* XXX */ + int port = client_setup(&context, &argc, argv); + return doit (argv[argc], port, service); +} diff --git a/appl/test/nt_gss_common.c b/appl/test/nt_gss_common.c new file mode 100644 index 000000000..ef8b95f6a --- /dev/null +++ b/appl/test/nt_gss_common.c @@ -0,0 +1,136 @@ +/* + * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "test_locl.h" +#include +#include "gss_common.h" + +RCSID("$Id$"); + +/* + * These are functions that are needed to interoperate with the + * `Sample SSPI Code' in Windows 2000 RC1 SDK. + */ + +/* + * Write the `gss_buffer_t' in `buf' onto the fd `sock', but remember that + * the length is written in little-endian-order. + */ + +void +nt_write_token (int sock, gss_buffer_t buf) +{ + unsigned char net_len[4]; + u_int32_t len; + OM_uint32 min_stat; + + len = buf->length; + + net_len[0] = (len >> 0) & 0xFF; + net_len[1] = (len >> 8) & 0xFF; + net_len[2] = (len >> 16) & 0xFF; + net_len[3] = (len >> 24) & 0xFF; + + if (write (sock, net_len, 4) != 4) + err (1, "write"); + if (write (sock, buf->value, len) != len) + err (1, "write"); + + gss_release_buffer (&min_stat, buf); +} + +/* + * + */ + +void +nt_read_token (int sock, gss_buffer_t buf) +{ + unsigned char net_len[4]; + u_int32_t len; + + if (read(sock, net_len, 4) != 4) + err (1, "read"); + len = (net_len[0] << 0) + | (net_len[1] << 8) + | (net_len[2] << 16) + | (net_len[3] << 24); + + buf->length = len; + buf->value = malloc(len); + if (read (sock, buf->value, len) != len) + err (1, "read"); +} + +void +gss_print_errors (int min_stat) +{ + OM_uint32 new_stat; + OM_uint32 msg_ctx = 0; + gss_buffer_desc status_string; + OM_uint32 ret; + + do { + ret = gss_display_status (&new_stat, + min_stat, + GSS_C_MECH_CODE, + GSS_C_NO_OID, + &msg_ctx, + &status_string); + fprintf (stderr, "%s\n", (char *)status_string.value); + gss_release_buffer (&new_stat, &status_string); + } while (!GSS_ERROR(ret) && msg_ctx != 0); +} + +void +gss_verr(int exitval, int status, const char *fmt, va_list ap) +{ + vwarnx (fmt, ap); + gss_print_errors (status); + exit (exitval); +} + +void +gss_err(int exitval, int status, const char *fmt, ...) +{ + va_list args; + + va_start(args, fmt); + gss_verr (exitval, status, fmt, args); + va_end(args); +} diff --git a/appl/test/nt_gss_common.h b/appl/test/nt_gss_common.h new file mode 100644 index 000000000..3bc3b18ac --- /dev/null +++ b/appl/test/nt_gss_common.h @@ -0,0 +1,50 @@ +/* + * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +void nt_write_token (int sock, gss_buffer_t buf); +void nt_read_token (int sock, gss_buffer_t buf); + +void gss_print_errors (int min_stat); + +void gss_verr(int exitval, int status, const char *fmt, va_list ap) + __attribute__ ((format (printf, 3, 0))); + +void gss_err(int exitval, int status, const char *fmt, ...) + __attribute__ ((format (printf, 3, 4))); diff --git a/appl/test/nt_gss_server.c b/appl/test/nt_gss_server.c new file mode 100644 index 000000000..07dcf6968 --- /dev/null +++ b/appl/test/nt_gss_server.c @@ -0,0 +1,247 @@ +/* + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "test_locl.h" +#include +#include +#include "nt_gss_common.h" + +RCSID("$Id$"); + +/* + * This program tries to act as a server for the sample in `Sample + * SSPI Code' in Windows 2000 RC1 SDK. + * + * use --dump-add to get a binary dump of the authorization data in the ticket + */ + +static int help_flag; +static int version_flag; +static char *port_str; +char *service = SERVICE; +static char *auth_file; + +static struct getargs args[] = { + { "port", 'p', arg_string, &port_str, "port to listen to", "port" }, + { "service", 's', arg_string, &service, "service to use", "service" }, + { "dump-auth", 0, arg_string, &auth_file, "dump authorization data", + "file" }, + { "help", 'h', arg_flag, &help_flag }, + { "version", 0, arg_flag, &version_flag } +}; + +static int num_args = sizeof(args) / sizeof(args[0]); + +static int +proto (int sock, const char *service) +{ + struct sockaddr_in remote, local; + int addrlen; + gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT; + gss_buffer_t input_token, output_token; + gss_buffer_desc real_input_token, real_output_token; + OM_uint32 maj_stat, min_stat; + gss_name_t client_name; + gss_buffer_desc name_token; + + addrlen = sizeof(local); + if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0 + || addrlen != sizeof(local)) + err (1, "getsockname)"); + + addrlen = sizeof(remote); + if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0 + || addrlen != sizeof(remote)) + err (1, "getpeername"); + + input_token = &real_input_token; + output_token = &real_output_token; + + do { + nt_read_token (sock, input_token); + maj_stat = + gss_accept_sec_context (&min_stat, + &context_hdl, + GSS_C_NO_CREDENTIAL, + input_token, + GSS_C_NO_CHANNEL_BINDINGS, + &client_name, + NULL, + output_token, + NULL, + NULL, + NULL); + if(GSS_ERROR(maj_stat)) + gss_err (1, min_stat, "gss_accept_sec_context"); + if (output_token->length != 0) + nt_write_token (sock, output_token); + if (GSS_ERROR(maj_stat)) { + if (context_hdl != GSS_C_NO_CONTEXT) + gss_delete_sec_context (&min_stat, + &context_hdl, + GSS_C_NO_BUFFER); + break; + } + } while(maj_stat & GSS_S_CONTINUE_NEEDED); + + if (auth_file != NULL) { + int fd = open (auth_file, O_WRONLY | O_CREAT, 0666); + krb5_ticket *ticket = context_hdl->ticket; + krb5_data *data = &ticket->ticket.authorization_data->val[0].ad_data; + + if(fd < 0) + err (1, "open %s", auth_file); + if (write (fd, data->data, data->length) != data->length) + errx (1, "write to %s failed", auth_file); + if (close (fd)) + err (1, "close %s", auth_file); + } + + maj_stat = gss_display_name (&min_stat, + client_name, + &name_token, + NULL); + if (GSS_ERROR(maj_stat)) + gss_err (1, min_stat, "gss_display_name"); + + printf ("User is `%.*s'\n", (int)name_token.length, + (char *)name_token.value); + + /* write something back */ + + output_token->value = strdup ("hejsan"); + output_token->length = strlen (output_token->value) + 1; + nt_write_token (sock, output_token); + + output_token->value = strdup ("hoppsan"); + output_token->length = strlen (output_token->value) + 1; + nt_write_token (sock, output_token); + + return 0; +} + +static int +doit (int port, const char *service) +{ + int sock, sock2; + struct sockaddr_in my_addr; + int one = 1; + + sock = socket (AF_INET, SOCK_STREAM, 0); + if (sock < 0) + err (1, "socket"); + + memset (&my_addr, 0, sizeof(my_addr)); + my_addr.sin_family = AF_INET; + my_addr.sin_port = port; + my_addr.sin_addr.s_addr = INADDR_ANY; + + if (setsockopt (sock, SOL_SOCKET, SO_REUSEADDR, + (void *)&one, sizeof(one)) < 0) + warn ("setsockopt SO_REUSEADDR"); + + if (bind (sock, (struct sockaddr *)&my_addr, sizeof(my_addr)) < 0) + err (1, "bind"); + + if (listen (sock, 1) < 0) + err (1, "listen"); + + sock2 = accept (sock, NULL, NULL); + if (sock2 < 0) + err (1, "accept"); + + return proto (sock2, service); +} + +static void +usage(int code, struct getargs *args, int num_args) +{ + arg_printusage(args, num_args, NULL, ""); + exit(code); +} + +static int +common_setup(krb5_context *context, int *argc, char **argv, + void (*usage)(int, struct getargs*, int)) +{ + int port = 0; + *argc = krb5_program_setup(context, *argc, argv, args, num_args, usage); + + if(help_flag) + (*usage)(0, args, num_args); + if(version_flag) { + print_version(NULL); + exit(0); + } + + if(port_str){ + struct servent *s = roken_getservbyname(port_str, "tcp"); + if(s) + port = s->s_port; + else { + char *ptr; + + port = strtol (port_str, &ptr, 10); + if (port == 0 && ptr == port_str) + errx (1, "Bad port `%s'", port_str); + port = htons(port); + } + } + + if (port == 0) + port = krb5_getportbyname (*context, PORT, "tcp", 4711); + + return port; +} + +static int +setup(krb5_context *context, int argc, char **argv) +{ + int port = common_setup(context, &argc, argv, usage); + if(argv[argc] != NULL) + usage(1, args, num_args); + return port; +} + +int +main(int argc, char **argv) +{ + krb5_context context = NULL; /* XXX */ + int port = setup(&context, argc, argv); + return doit (port, service); +}