oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Test gsskrb5_extract_service_keyblock, needed in PAC valication.

Browse Source 
From Andrew Bartlett


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18917 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-11-05 00:46:21 +00:00
parent 15ffd5b195
commit acaa0b8655
1 changed files with 84 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
lib/gssapi/test_context.c
View File

@@ -44,6 +44,32 @@ static int version_flag = 0;
static int verbose_flag = 0; static int verbose_flag = 0;
static int help_flag = 0; static int help_flag = 0;
static char *gssapi_err(OM_uint32 maj_stat, OM_uint32 min_stat,
gss_OID mech)
{
OM_uint32 disp_min_stat, disp_maj_stat;
gss_buffer_desc maj_error_message;
gss_buffer_desc min_error_message;
OM_uint32 msg_ctx = 0;
char *ret = NULL;
maj_error_message.value = NULL;
min_error_message.value = NULL;
disp_maj_stat = gss_display_status(&disp_min_stat, maj_stat, GSS_C_GSS_CODE,
mech, &msg_ctx, &maj_error_message);
disp_maj_stat = gss_display_status(&disp_min_stat, min_stat, GSS_C_MECH_CODE,
mech, &msg_ctx, &min_error_message);
asprintf(&ret, "%s: %s", (char *)maj_error_message.value, (char *)min_error_message.value);
gss_release_buffer(&disp_min_stat, &maj_error_message);
gss_release_buffer(&disp_min_stat, &min_error_message);
return ret;
}
static void static void
loop(gss_OID mechoid, loop(gss_OID mechoid,
gss_OID nameoid, const char *target, gss_OID nameoid, const char *target,
@@ -55,6 +81,7 @@ loop(gss_OID mechoid,
gss_buffer_desc input_token, output_token; gss_buffer_desc input_token, output_token;
OM_uint32 flags = 0, ret_cflags, ret_sflags; OM_uint32 flags = 0, ret_cflags, ret_sflags;
gss_cred_id_t deleg_cred = GSS_C_NO_CREDENTIAL; gss_cred_id_t deleg_cred = GSS_C_NO_CREDENTIAL;
gss_OID mechoid_out;
input_token.value = rk_UNCONST(target); input_token.value = rk_UNCONST(target);
input_token.length = strlen(target); input_token.length = strlen(target);
@@ -85,7 +112,8 @@ loop(gss_OID mechoid,
&ret_cflags, &ret_cflags,
NULL); NULL);
if (GSS_ERROR(maj_stat)) if (GSS_ERROR(maj_stat))
errx(1, "init_sec_context: %d", (int)maj_stat); errx(1, "init_sec_context: %s",
gssapi_err(maj_stat, min_stat, mechoid));
if (maj_stat & GSS_S_CONTINUE_NEEDED) if (maj_stat & GSS_S_CONTINUE_NEEDED)
; ;
else else
@@ -100,13 +128,14 @@ loop(gss_OID mechoid,
&output_token, &output_token,
GSS_C_NO_CHANNEL_BINDINGS, GSS_C_NO_CHANNEL_BINDINGS,
NULL, NULL,
NULL, &mechoid_out,
&input_token, &input_token,
&ret_sflags, &ret_sflags,
NULL, NULL,
&deleg_cred); &deleg_cred);
if (GSS_ERROR(maj_stat)) if (GSS_ERROR(maj_stat))
errx(1, "accept_sec_context: %d", (int)maj_stat); errx(1, "accept_sec_context: %s",
gssapi_err(maj_stat, min_stat, mechoid_out));
if (verbose_flag) if (verbose_flag)
printf("%.*s", (int)input_token.length, (char *)input_token.value); printf("%.*s", (int)input_token.length, (char *)input_token.value);
@@ -201,18 +230,23 @@ main(int argc, char **argv)
loop(mechoid, nameoid, argv[0], &sctx, &cctx); loop(mechoid, nameoid, argv[0], &sctx, &cctx);
if (gss_oid_equal(mechoid, GSS_KRB5_MECHANISM)) { if (gss_oid_equal(mechoid, GSS_KRB5_MECHANISM)) {
time_t time;
gss_buffer_desc authz_data;
krb5_keyblock *keyblock;
/* client */ /* client */
maj_stat = gss_krb5_export_lucid_sec_context(&min_stat, maj_stat = gss_krb5_export_lucid_sec_context(&min_stat,
&cctx, &cctx,
1, /* version */ 1, /* version */
&ctx); &ctx);
if (maj_stat != GSS_S_COMPLETE) if (maj_stat != GSS_S_COMPLETE)
errx(1, "gss_krb5_export_lucid_sec_context failed"); errx(1, "gss_krb5_export_lucid_sec_context failed: %s",
gssapi_err(maj_stat, min_stat, mechoid));
maj_stat = gss_krb5_free_lucid_sec_context(&maj_stat, ctx); maj_stat = gss_krb5_free_lucid_sec_context(&maj_stat, ctx);
if (maj_stat != GSS_S_COMPLETE) if (maj_stat != GSS_S_COMPLETE)
errx(1, "gss_krb5_free_lucid_sec_context failed"); errx(1, "gss_krb5_free_lucid_sec_context failed: %s",
gssapi_err(maj_stat, min_stat, mechoid));
/* server */ /* server */
maj_stat = gss_krb5_export_lucid_sec_context(&min_stat, maj_stat = gss_krb5_export_lucid_sec_context(&min_stat,
@@ -220,10 +254,53 @@ main(int argc, char **argv)
1, /* version */ 1, /* version */
&ctx); &ctx);
if (maj_stat != GSS_S_COMPLETE) if (maj_stat != GSS_S_COMPLETE)
errx(1, "gss_krb5_export_lucid_sec_context failed"); errx(1, "gss_krb5_export_lucid_sec_context failed: %s",
gssapi_err(maj_stat, min_stat, mechoid));
maj_stat = gss_krb5_free_lucid_sec_context(&maj_stat, ctx); maj_stat = gss_krb5_free_lucid_sec_context(&maj_stat, ctx);
if (maj_stat != GSS_S_COMPLETE) if (maj_stat != GSS_S_COMPLETE)
errx(1, "gss_krb5_free_lucid_sec_context failed"); errx(1, "gss_krb5_free_lucid_sec_context failed: %s",
gssapi_err(maj_stat, min_stat, mechoid));
maj_stat = gsskrb5_extract_authtime_from_sec_context(&min_stat,
sctx,
&time);
if (maj_stat != GSS_S_COMPLETE)
errx(1, "gss_krb5_extract_authtime_from_sec_context failed: %s",
gssapi_err(maj_stat, min_stat, mechoid));
maj_stat = gsskrb5_extract_service_keyblock(&min_stat,
sctx,
&keyblock);
if (maj_stat != GSS_S_COMPLETE)
errx(1, "gss_krb5_export_service_keyblock failed: %s",
gssapi_err(maj_stat, min_stat, mechoid));
krb5_free_keyblock(_gsskrb5_context, keyblock);
maj_stat = gsskrb5_get_subkey(&min_stat,
sctx,
&keyblock);
if (maj_stat != GSS_S_COMPLETE)
errx(1, "gss_krb5_get_subkey failed: %s",
gssapi_err(maj_stat, min_stat, mechoid));
krb5_free_keyblock(_gsskrb5_context, keyblock);
maj_stat = gsskrb5_get_initiator_subkey(&min_stat,
sctx,
&keyblock);
if (maj_stat != GSS_S_COMPLETE)
errx(1, "gss_krb5_get_initiator_subkey failed: %s",
gssapi_err(maj_stat, min_stat, mechoid));
krb5_free_keyblock(_gsskrb5_context, keyblock);
maj_stat = gsskrb5_extract_authz_data_from_sec_context(&min_stat,
sctx,
128,
&authz_data);
if (maj_stat == GSS_S_COMPLETE)
gss_release_buffer(&min_stat, &authz_data);
} }
gss_delete_sec_context(&min_stat, &cctx, NULL); gss_delete_sec_context(&min_stat, &cctx, NULL);