From d630567f70a9f8bc82466be332874fa7d099df4f Mon Sep 17 00:00:00 2001 From: Nicolas Williams Date: Tue, 22 Nov 2011 17:05:06 -0600 Subject: [PATCH] Add performance measurements for FAST (with host key and user keys, not password) --- kdc/kdc-tester.c | 72 ++++++++++++++++++++++++++++++++++++++- tests/kdc/check-tester.in | 5 +++ 2 files changed, 76 insertions(+), 1 deletion(-) diff --git a/kdc/kdc-tester.c b/kdc/kdc-tester.c index 878d3b61b..ceaf82848 100644 --- a/kdc/kdc-tester.c +++ b/kdc/kdc-tester.c @@ -76,13 +76,76 @@ send_to_kdc(krb5_context c, void *ptr, krb5_krbhst_info *hi, time_t timeout, * */ +static krb5_ccache fast_ccache = NULL; +static void +get_fast_armor_ccache(const char *fast_armor_princ, const char *keytab, + krb5_ccache *cc) +{ + krb5_keytab kt = NULL; + krb5_init_creds_context ctx; + krb5_principal princ; + krb5_creds creds; + krb5_error_code ret; + + if (fast_ccache) { + *cc = fast_ccache; + return; + } + + ret = krb5_parse_name(kdc_context, fast_armor_princ, &princ); + if (ret) + krb5_err(kdc_context, 1, ret, "krb5_parse_name"); + + if (keytab) { + ret = krb5_kt_resolve(kdc_context, keytab, &kt); + if (ret) + krb5_err(kdc_context, 1, ret, "krb5_kt_resolve"); + } else { + ret = krb5_kt_default(kdc_context, &kt); + if (ret) + krb5_err(kdc_context, 1, ret, "krb5_kt_default"); + } + + ret = krb5_cc_new_unique(kdc_context, "MEMORY", NULL, &fast_ccache); + if (ret) + krb5_err(kdc_context, 1, ret, "krb5_cc_new_unique"); + + ret = krb5_cc_initialize(kdc_context, fast_ccache, princ); + if (ret) + krb5_err(kdc_context, 1, ret, "krb5_cc_initialize"); + + ret = krb5_init_creds_init(kdc_context, princ, NULL, NULL, 0, NULL, &ctx); + if (ret) + krb5_err(kdc_context, 1, ret, "krb5_init_creds_init"); + + ret = krb5_init_creds_set_keytab(kdc_context, ctx, kt); + if (ret) + krb5_err(kdc_context, 1, ret, "krb5_init_creds_set_keytab"); + + ret = krb5_init_creds_get(kdc_context, ctx); + if (ret) + krb5_err(kdc_context, 1, ret, "krb5_init_creds_get"); + + ret = krb5_init_creds_get_creds(kdc_context, ctx, &creds); + if (ret) + krb5_err(kdc_context, 1, ret, "krb5_init_creds_get_creds"); + + ret = krb5_cc_store_cred(kdc_context, fast_ccache, &creds); + if (ret) + krb5_err(kdc_context, 1, ret, "krb5_cc_store_cred"); + *cc = fast_ccache; + + return; +} + static void eval_kinit(heim_dict_t o) { - heim_string_t user, password, keytab; + heim_string_t user, password, keytab, fast_armor_princ; krb5_init_creds_context ctx; krb5_principal client; krb5_keytab kt = NULL; + krb5_ccache fast_cc; krb5_error_code ret; if (ptop) @@ -104,6 +167,13 @@ eval_kinit(heim_dict_t o) ret = krb5_init_creds_init(kdc_context, client, NULL, NULL, 0, NULL, &ctx); if (ret) krb5_err(kdc_context, 1, ret, "krb5_init_creds_init"); + + fast_armor_princ = heim_dict_get_value(o, HSTR("fast-armor-princ")); + if (fast_armor_princ != NULL) { + get_fast_armor_ccache(heim_string_get_utf8(fast_armor_princ), + heim_string_get_utf8(keytab), &fast_cc); + ret = krb5_init_creds_set_fast_ccache(kdc_context, ctx, fast_cc); + } if (password) { ret = krb5_init_creds_set_password(kdc_context, ctx, diff --git a/tests/kdc/check-tester.in b/tests/kdc/check-tester.in index 89ebe807f..16edf8fa9 100644 --- a/tests/kdc/check-tester.in +++ b/tests/kdc/check-tester.in @@ -70,8 +70,10 @@ ${kadmin} \ --realm-max-renewable-life=1month \ ${R} || exit 1 +${kadmin} add -p foo --use-defaults ${server}@${R} || exit 1 ${kadmin} add -p foo --use-defaults foo@${R} || exit 1 ${kadmin} ext -k ${keytab} foo@${R} || exit 1 +${kadmin} ext -k ${keytab} ${server}@${R} || exit 1 echo "password" ${kdc_tester} ${srcdir}/kdc-tester1.json || exit 1 @@ -79,5 +81,8 @@ ${kdc_tester} ${srcdir}/kdc-tester1.json || exit 1 echo "keytab" ${kdc_tester} ${srcdir}/kdc-tester2.json || exit 1 +echo "fast + keytab" +${kdc_tester} ${srcdir}/kdc-tester3.json || exit 1 + exit $ec