From 744b0beceea13a7ee1d9391b8a8d756b9a93fd27 Mon Sep 17 00:00:00 2001 From: Assar Westerlund Date: Wed, 21 Jun 2000 02:45:31 +0000 Subject: [PATCH] show off delegation stuff git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8433 ec53bebd-3082-4978-b11e-865c3cabbd6b --- appl/test/gssapi_client.c | 21 ++++++++++++++++++++- appl/test/gssapi_server.c | 39 +++++++++++++++++++++++++++++++++++++-- 2 files changed, 57 insertions(+), 3 deletions(-) diff --git a/appl/test/gssapi_client.c b/appl/test/gssapi_client.c index 1fa840a3c..d58075635 100644 --- a/appl/test/gssapi_client.c +++ b/appl/test/gssapi_client.c @@ -95,6 +95,7 @@ proto (int sock, const char *hostname, const char *service) OM_uint32 maj_stat, min_stat; gss_name_t server; gss_buffer_desc name_token; + struct gss_channel_bindings_struct input_chan_bindings; name_token.length = asprintf ((char **)&name_token.value, "%s@%s", service, hostname); @@ -120,6 +121,23 @@ proto (int sock, const char *hostname, const char *service) input_token->length = 0; output_token->length = 0; + input_chan_bindings.initiator_addrtype = GSS_C_AF_INET; + input_chan_bindings.initiator_address.length = 4; + input_chan_bindings.initiator_address.value = &local.sin_addr.s_addr; + input_chan_bindings.acceptor_addrtype = GSS_C_AF_INET; + input_chan_bindings.acceptor_address.length = 4; + input_chan_bindings.acceptor_address.value = &remote.sin_addr.s_addr; + +#if 0 + input_chan_bindings.application_data.value = malloc(4); + * (unsigned short*)input_chan_bindings.application_data.value = local.sin_port; + * ((unsigned short *)input_chan_bindings.application_data.value + 1) = remote.sin_port; + input_chan_bindings.application_data.length = 4; +#else + input_chan_bindings.application_data.length = 0; + input_chan_bindings.application_data.value = NULL; +#endif + while(!context_established) { maj_stat = gss_init_sec_context(&min_stat, @@ -128,8 +146,9 @@ proto (int sock, const char *hostname, const char *service) server, GSS_C_NO_OID, GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG, + | GSS_C_DELEG_FLAG, 0, - GSS_C_NO_CHANNEL_BINDINGS, + &input_chan_bindings, input_token, NULL, output_token, diff --git a/appl/test/gssapi_server.c b/appl/test/gssapi_server.c index f2b030175..b7ab53874 100644 --- a/appl/test/gssapi_server.c +++ b/appl/test/gssapi_server.c @@ -112,6 +112,9 @@ proto (int sock, const char *service) output_token = &real_output_token; OM_uint32 maj_stat, min_stat; gss_name_t client_name; + struct gss_channel_bindings_struct input_chan_bindings; + gss_cred_id_t delegated_cred_handle = NULL; + krb5_ccache ccache; addrlen = sizeof(local); if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0 @@ -123,6 +126,27 @@ proto (int sock, const char *service) || addrlen != sizeof(remote)) err (1, "getpeername"); + input_chan_bindings.initiator_addrtype = GSS_C_AF_INET; + input_chan_bindings.initiator_address.length = 4; + input_chan_bindings.initiator_address.value = &remote.sin_addr.s_addr; + input_chan_bindings.acceptor_addrtype = GSS_C_AF_INET; + input_chan_bindings.acceptor_address.length = 4; + input_chan_bindings.acceptor_address.value = &local.sin_addr.s_addr; + input_chan_bindings.application_data.value = malloc(4); +#if 0 + * (unsigned short *)input_chan_bindings.application_data.value = + remote.sin_port; + * ((unsigned short *)input_chan_bindings.application_data.value + 1) = + local.sin_port; + input_chan_bindings.application_data.length = 4; +#else + input_chan_bindings.application_data.length = 0; + input_chan_bindings.application_data.value = NULL; +#endif + + delegated_cred_handle = malloc(sizeof(*delegated_cred_handle)); + memset((char*)delegated_cred_handle, 0, sizeof(*delegated_cred_handle)); + do { read_token (sock, input_token); maj_stat = @@ -130,13 +154,13 @@ proto (int sock, const char *service) &context_hdl, GSS_C_NO_CREDENTIAL, input_token, - GSS_C_NO_CHANNEL_BINDINGS, + &input_chan_bindings, &client_name, NULL, output_token, NULL, NULL, - NULL); + /*&delegated_cred_handle*/ NULL); if(GSS_ERROR(maj_stat)) gss_err (1, min_stat, "gss_accept_sec_context"); if (output_token->length != 0) @@ -149,6 +173,17 @@ proto (int sock, const char *service) break; } } while(maj_stat & GSS_S_CONTINUE_NEEDED); + + if (delegated_cred_handle->ccache) { + krb5_context context; + + maj_stat = krb5_init_context(&context); + maj_stat = krb5_cc_resolve(context, "FILE:/tmp/krb5cc_test", &ccache); + maj_stat = krb5_cc_copy_cache(context, + delegated_cred_handle->ccache, ccache); + krb5_cc_close(context, ccache); + krb5_cc_destroy(context, delegated_cred_handle->ccache); + } if (fork_flag) { pid_t pid;