Merge branch 'master' of github.com:heimdal/heimdal

Conflicts:
	lib/gssapi/gssapi/gssapi.h
	lib/gssapi/gssapi_mech.h
	lib/gssapi/mech/gss_mech_switch.c

appl/test/common.c

@@ -43,12 +43,14 @@ krb5_keytab keytab;
 char *service = SERVICE;
 char *mech = "krb5";
 int fork_flag;
+char *password = NULL;
 
 static struct getargs args[] = {
     { "port", 'p', arg_string, &port_str, "port to listen to", "port" },
     { "service", 's', arg_string, &service, "service to use", "service" },
     { "keytab", 'k', arg_string, &keytab_str, "keytab to use", "keytab" },
     { "mech", 'm', arg_string, &mech, "gssapi mech to use", "mech" },
+    { "password", 'P', arg_string, &password, "password to use", "password" },
     { "fork", 'f', arg_flag, &fork_flag, "do fork" },
     { "help", 'h', arg_flag, &help_flag },
     { "version", 0, arg_flag, &version_flag }

appl/test/gss_common.c

@@ -30,6 +30,30 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */
+/*
+ * Portions Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
 
 #include "test_locl.h"
 #include <gssapi/gssapi.h>
@@ -119,6 +143,11 @@ gss_err(int exitval, int status, const char *fmt, ...)
     va_end(args);
 }
 
+static gss_OID_desc eapMechs[] = {
+    { 10, "\x2B\x06\x01\x04\x01\xA9\x4A\x16\x01\x11" },
+    { 10, "\x2B\x06\x01\x04\x01\xA9\x4A\x16\x01\x12" },
+};
+
 gss_OID
 select_mech(const char *mech)
 {
@@ -126,10 +155,86 @@ select_mech(const char *mech)
 	return GSS_KRB5_MECHANISM;
     else if (strcasecmp(mech, "spnego") == 0)
 	return GSS_SPNEGO_MECHANISM;
+    else if (strcasecmp(mech, "eap-aes128") == 0)
+	return &eapMechs[0];
+    else if (strcasecmp(mech, "eap-aes256") == 0)
+	return &eapMechs[1];
     else if (strcasecmp(mech, "no-oid") == 0)
 	return GSS_C_NO_OID;
     else
-	errx (1, "Unknown mechanism '%s' (spnego, krb5, no-oid)", mech);
+	errx (1, "Unknown mechanism '%s' (spnego, krb5, eap-aes128, eap-aes256, no-oid)", mech);
+}
+
+static void
+dumpAttribute(OM_uint32 *minor,
+              gss_name_t name,
+              gss_buffer_t attribute,
+              int noisy)
+{
+    OM_uint32 major, tmp;
+    gss_buffer_desc value;
+    gss_buffer_desc display_value;
+    int authenticated = 0;
+    int complete = 0;
+    int more = -1;
+    unsigned int i;
+
+    while (more != 0) {
+        value.value = NULL;
+        display_value.value = NULL;
+
+        major = gss_get_name_attribute(minor, name, attribute, &authenticated,
+                                       &complete, &value, &display_value,
+                                       &more);
+        if (GSS_ERROR(major))
+            break;
+
+        fprintf(stderr, "Attribute %.*s %s %s\n\n%.*s\n",
+                (int)attribute->length, (char *)attribute->value,
+                authenticated ? "Authenticated" : "",
+                complete ? "Complete" : "",
+                (int)display_value.length, (char *)display_value.value);
+
+        if (noisy) {
+            for (i = 0; i < value.length; i++) {
+                if ((i % 32) == 0)
+                    fprintf(stderr, "\n");
+                fprintf(stderr, "%02x", ((char *)value.value)[i] & 0xFF);
+            }
+            fprintf(stderr, "\n\n");
+        }
+
+        gss_release_buffer(&tmp, &value);
+        gss_release_buffer(&tmp, &display_value);
+    }
+}
+
+static OM_uint32
+enumerateAttributes(OM_uint32 *minor,
+                    gss_name_t name,
+                    int noisy)
+{
+    OM_uint32 major, tmp;
+    int name_is_MN;
+    gss_OID mech = GSS_C_NO_OID;
+    gss_buffer_set_t attrs = GSS_C_NO_BUFFER_SET;
+    unsigned int i;
+
+    major = gss_inquire_name(minor, name, &name_is_MN, &mech, &attrs);
+    if (GSS_ERROR(major))
+        return major;
+
+    if (attrs != GSS_C_NO_BUFFER_SET) {
+        for (i = 0; i < attrs->count; i++)
+            dumpAttribute(minor, name, &attrs->elements[i], noisy);
+    }
+
+#if 0
+    gss_release_oid(&tmp, &mech);
+#endif
+    gss_release_buffer_set(&tmp, &attrs);
+
+    return major;
 }
 
 void
@@ -149,6 +254,7 @@ print_gss_name(const char *prefix, gss_name_t name)
 	     (int)name_token.length,
 	     (char *)name_token.value);
 
-    gss_release_buffer (&min_stat, &name_token);
+    enumerateAttributes(&min_stat, name, 1);
 
+    gss_release_buffer (&min_stat, &name_token);
 }

appl/test/gssapi_client.c

@@ -94,6 +94,8 @@ do_trans (int sock, gss_ctx_id_t context_hdl)
     return 0;
 }
 
+extern char *password;
+
 static int
 proto (int sock, const char *hostname, const char *service)
 {
@@ -102,6 +104,7 @@ proto (int sock, const char *hostname, const char *service)
 
     int context_established = 0;
     gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
+    gss_cred_id_t cred = GSS_C_NO_CREDENTIAL;
     gss_buffer_desc real_input_token, real_output_token;
     gss_buffer_t input_token = &real_input_token,
 	output_token = &real_output_token;
@@ -130,6 +133,26 @@ proto (int sock, const char *hostname, const char *service)
 	gss_err (1, min_stat,
 		 "Error importing name `%s@%s':\n", service, hostname);
 
+    if (password) {
+        gss_buffer_desc pw;
+
+        pw.value = password;
+        pw.length = strlen(password);
+
+        maj_stat = gss_acquire_cred_with_password(&min_stat,
+                                                  GSS_C_NO_NAME,
+                                                  &pw,
+                                                  GSS_C_INDEFINITE,
+                                                  GSS_C_NO_OID_SET,
+                                                  GSS_C_INITIATE,
+                                                  &cred,
+                                                  NULL,
+                                                  NULL);
+        if (GSS_ERROR(maj_stat))
+            gss_err (1, min_stat,
+                     "Error acquiring initiator credentials");
+    }
+
     addrlen = sizeof(local);
     if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
 	|| addrlen != sizeof(local))
@@ -172,7 +195,7 @@ proto (int sock, const char *hostname, const char *service)
     while(!context_established) {
 	maj_stat =
 	    gss_init_sec_context(&min_stat,
-				 GSS_C_NO_CREDENTIAL,
+				 cred,
 				 &context_hdl,
 				 server,
 				 mech_oid,

appl/test/gssapi_server.c

@@ -300,6 +300,7 @@ doit (int port, const char *service)
     int sock, sock2;
     struct sockaddr_in my_addr;
     int one = 1;
+    int ret;
 
     sock = socket (AF_INET, SOCK_STREAM, 0);
     if (sock < 0)
@@ -317,14 +318,17 @@ doit (int port, const char *service)
     if (bind (sock, (struct sockaddr *)&my_addr, sizeof(my_addr)) < 0)
 	err (1, "bind");
 
-    if (listen (sock, 1) < 0)
-	err (1, "listen");
+    while (1) {
+        if (listen (sock, 1) < 0)
+	    err (1, "listen");
 
-    sock2 = accept (sock, NULL, NULL);
-    if (sock2 < 0)
-	err (1, "accept");
+        sock2 = accept (sock, NULL, NULL);
+        if (sock2 < 0)
+	    err (1, "accept");
 
-    return proto (sock2, service);
+        ret = proto (sock2, service);
+    }
+    return ret;
 }
 
 int
@@ -334,3 +338,4 @@ main(int argc, char **argv)
     int port = server_setup(&context, argc, argv);
     return doit (port, service);
 }
+

appl/test/uu_server.c

@@ -62,8 +62,7 @@ proto (int sock, const char *service)
 
     status = krb5_auth_con_init (context, &auth_context);
     if (status)
-	errx (1, "krb5_auth_con_init: %s",
-	      krb5_get_err_text(context, status));
+	krb5_err(context, 1, status, "krb5_auth_con_init");
 
     local_addr.addr_type = AF_INET;
     local_addr.address.length = sizeof(local.sin_addr);
@@ -78,8 +77,7 @@ proto (int sock, const char *service)
 				     &local_addr,
 				     &remote_addr);
     if (status)
-	errx (1, "krb5_auth_con_setaddr: %s",
-	      krb5_get_err_text(context, status));
+	krb5_err(context, 1, status, "krb5_auth_con_setaddr");
 
     status = krb5_read_message(context, &sock, &client_name);
     if(status)
@@ -150,8 +148,7 @@ proto (int sock, const char *service)
 			   &data,
 			   NULL);
     if (status)
-	errx (1, "krb5_rd_safe: %s",
-	      krb5_get_err_text(context, status));
+	krb5_err(context, 1, status, "krb5_rd_safe");
 
     printf ("safe packet: %.*s\n", (int)data.length,
 	    (char *)data.data);
@@ -166,8 +163,7 @@ proto (int sock, const char *service)
 			   &data,
 			   NULL);
     if (status)
-	errx (1, "krb5_rd_priv: %s",
-	      krb5_get_err_text(context, status));
+	krb5_err(context, 1, status, "krb5_rd_priv");
 
     printf ("priv packet: %.*s\n", (int)data.length,
 	    (char *)data.data);