oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

show off delegation stuff

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8433 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
2000-06-21 02:45:31 +00:00
parent 76d17e92c4
commit 744b0becee
2 changed files with 57 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
appl/test/gssapi_client.c
View File

@@ -95,6 +95,7 @@ proto (int sock, const char *hostname, const char *service)
OM_uint32 maj_stat, min_stat; OM_uint32 maj_stat, min_stat;
gss_name_t server; gss_name_t server;
gss_buffer_desc name_token; gss_buffer_desc name_token;
struct gss_channel_bindings_struct input_chan_bindings;
name_token.length = asprintf ((char **)&name_token.value, name_token.length = asprintf ((char **)&name_token.value,
"%s@%s", service, hostname); "%s@%s", service, hostname);
@@ -120,6 +121,23 @@ proto (int sock, const char *hostname, const char *service)
input_token->length = 0; input_token->length = 0;
output_token->length = 0; output_token->length = 0;
input_chan_bindings.initiator_addrtype = GSS_C_AF_INET;
input_chan_bindings.initiator_address.length = 4;
input_chan_bindings.initiator_address.value = &local.sin_addr.s_addr;
input_chan_bindings.acceptor_addrtype = GSS_C_AF_INET;
input_chan_bindings.acceptor_address.length = 4;
input_chan_bindings.acceptor_address.value = &remote.sin_addr.s_addr;
#if 0
input_chan_bindings.application_data.value = malloc(4);
* (unsigned short*)input_chan_bindings.application_data.value = local.sin_port;
* ((unsigned short *)input_chan_bindings.application_data.value + 1) = remote.sin_port;
input_chan_bindings.application_data.length = 4;
#else
input_chan_bindings.application_data.length = 0;
input_chan_bindings.application_data.value = NULL;
#endif
while(!context_established) { while(!context_established) {
maj_stat = maj_stat =
gss_init_sec_context(&min_stat, gss_init_sec_context(&min_stat,
@@ -128,8 +146,9 @@ proto (int sock, const char *hostname, const char *service)
server, server,
GSS_C_NO_OID, GSS_C_NO_OID,
GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG, GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG,
| GSS_C_DELEG_FLAG,
0, 0,
GSS_C_NO_CHANNEL_BINDINGS, &input_chan_bindings,
input_token, input_token,
NULL, NULL,
output_token, output_token,

39
appl/test/gssapi_server.c
View File

@@ -112,6 +112,9 @@ proto (int sock, const char *service)
output_token = &real_output_token; output_token = &real_output_token;
OM_uint32 maj_stat, min_stat; OM_uint32 maj_stat, min_stat;
gss_name_t client_name; gss_name_t client_name;
struct gss_channel_bindings_struct input_chan_bindings;
gss_cred_id_t delegated_cred_handle = NULL;
krb5_ccache ccache;
addrlen = sizeof(local); addrlen = sizeof(local);
if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0 if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
@@ -123,6 +126,27 @@ proto (int sock, const char *service)
|| addrlen != sizeof(remote)) || addrlen != sizeof(remote))
err (1, "getpeername"); err (1, "getpeername");
input_chan_bindings.initiator_addrtype = GSS_C_AF_INET;
input_chan_bindings.initiator_address.length = 4;
input_chan_bindings.initiator_address.value = &remote.sin_addr.s_addr;
input_chan_bindings.acceptor_addrtype = GSS_C_AF_INET;
input_chan_bindings.acceptor_address.length = 4;
input_chan_bindings.acceptor_address.value = &local.sin_addr.s_addr;
input_chan_bindings.application_data.value = malloc(4);
#if 0
* (unsigned short *)input_chan_bindings.application_data.value =
remote.sin_port;
* ((unsigned short *)input_chan_bindings.application_data.value + 1) =
local.sin_port;
input_chan_bindings.application_data.length = 4;
#else
input_chan_bindings.application_data.length = 0;
input_chan_bindings.application_data.value = NULL;
#endif
delegated_cred_handle = malloc(sizeof(*delegated_cred_handle));
memset((char*)delegated_cred_handle, 0, sizeof(*delegated_cred_handle));
do { do {
read_token (sock, input_token); read_token (sock, input_token);
maj_stat = maj_stat =
@@ -130,13 +154,13 @@ proto (int sock, const char *service)
&context_hdl, &context_hdl,
GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL,
input_token, input_token,
GSS_C_NO_CHANNEL_BINDINGS, &input_chan_bindings,
&client_name, &client_name,
NULL, NULL,
output_token, output_token,
NULL, NULL,
NULL, NULL,
NULL); /*&delegated_cred_handle*/ NULL);
if(GSS_ERROR(maj_stat)) if(GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_accept_sec_context"); gss_err (1, min_stat, "gss_accept_sec_context");
if (output_token->length != 0) if (output_token->length != 0)
@@ -149,6 +173,17 @@ proto (int sock, const char *service)
break; break;
} }
} while(maj_stat & GSS_S_CONTINUE_NEEDED); } while(maj_stat & GSS_S_CONTINUE_NEEDED);
if (delegated_cred_handle->ccache) {
krb5_context context;
maj_stat = krb5_init_context(&context);
maj_stat = krb5_cc_resolve(context, "FILE:/tmp/krb5cc_test", &ccache);
maj_stat = krb5_cc_copy_cache(context,
delegated_cred_handle->ccache, ccache);
krb5_cc_close(context, ccache);
krb5_cc_destroy(context, delegated_cred_handle->ccache);
}
if (fork_flag) { if (fork_flag) {
pid_t pid; pid_t pid;