Print this page
8485 Remove set but unused variables in usr/src/cmd
Split |
Close |
Expand all |
Collapse all |
--- old/usr/src/cmd/gss/gssd/gssdtest.c
+++ new/usr/src/cmd/gss/gssd/gssdtest.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License, Version 1.0 only
6 6 * (the "License"). You may not use this file except in compliance
7 7 * with the License.
8 8 *
9 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 10 * or http://www.opensolaris.org/os/licensing.
11 11 * See the License for the specific language governing permissions
12 12 * and limitations under the License.
↓ open down ↓ |
12 lines elided |
↑ open up ↑ |
13 13 *
14 14 * When distributing Covered Code, include this CDDL HEADER in each
15 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 16 * If applicable, add the following below this CDDL HEADER, with the
17 17 * fields enclosed by brackets "[]" replaced with your own identifying
18 18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 19 *
20 20 * CDDL HEADER END
21 21 */
22 22 /*
23 + * Copyright 2017 Gary Mills
23 24 * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
24 25 * Use is subject to license terms.
25 26 */
26 27
27 28 /*
28 29 * Test client for gssd. This program is not shipped on the binary
29 30 * release.
30 31 */
31 32
32 33 #include <stdio.h>
33 34 #include <strings.h>
34 35 #include <ctype.h>
35 36 #include <stdlib.h>
36 37 #include <gssapi/gssapi.h>
37 38 #include <gssapi/gssapi_ext.h>
38 39 #include "gssd.h"
39 40 #include <rpc/rpc.h>
40 41
41 42 #define _KERNEL
42 43 #include <gssapi/gssapi.h>
43 44 #undef _KERNEL
44 45
45 46 int gss_major_code;
46 47 int gss_minor_code;
47 48
48 49 int init_sec_context_phase = 0;
49 50 int accept_sec_context_phase = 0;
50 51
51 52 gss_ctx_id_t initiator_context_handle;
52 53 gss_ctx_id_t acceptor_context_handle;
53 54 gss_cred_id_t acceptor_credentials;
54 55 gss_buffer_desc init_token_buffer;
55 56 gss_buffer_desc accept_token_buffer;
56 57 gss_buffer_desc delete_token_buffer;
57 58 gss_buffer_desc message_buffer;
58 59 gss_buffer_desc msg_token;
59 60
60 61 #define LOOP_COUNTER 100
61 62 #define GSS_KRB5_MECH_OID "1.2.840.113554.1.2.2"
62 63 #define GSS_DUMMY_MECH_OID "1.3.6.1.4.1.42.2.26.1.2"
63 64 #ifdef _KERNEL
64 65 #define OCTAL_MACRO "%03o."
65 66 #define MALLOC(n) kmem_alloc((n), KM_SLEEP)
66 67 #define CALLOC(n, s) kmem_zalloc((n)*(s), KM_SLEEP)
67 68 #define FREE(x, n) kmem_free((x), (n))
68 69 #define memcpy(dst, src, n) bcopy((src), (dst), (n))
69 70 #define fprintf(s, m) printf(m)
70 71 #define isspace(s) ((s) == ' ' || (s) == '\t' || (s) == '\n' || \
71 72 (s) == '\r' || (s) == '\v' || (s) == '\f')
72 73
73 74 static char *strdup(const char *s)
74 75 {
75 76 int len = strlen(s);
76 77 char *new = MALLOC(len+1);
77 78 strcpy(new, s);
78 79 return (new);
79 80 }
80 81
81 82 #else /* !_KERNEL */
82 83 #define OCTAL_MACRO "%03.3o."
83 84 #define MALLOC(n) malloc(n)
84 85 #define CALLOC(n, s) calloc((n), (s))
85 86 #define FREE(x, n) free(x)
86 87 #endif /* _KERNEL */
87 88
88 89 static gss_OID gss_str2oid(char *);
89 90 static char * gss_oid2str(gss_OID);
90 91 static void instructs();
91 92 static void usage();
92 93 static int parse_input_line(char *, int *, char ***);
93 94 extern uid_t getuid();
94 95
95 96 static void _gss_init_sec_context(int, char **);
96 97 static void _gss_acquire_cred(int, char **);
97 98 static void _gss_add_cred(int, char **);
98 99 static void _gss_sign(int, char **);
99 100 static void _gss_release_cred(int, char **);
100 101 static void _gss_accept_sec_context(int, char **);
101 102 static void _gss_process_context_token(int, char **);
102 103 static void _gss_delete_sec_context(int, char **);
103 104 static void _gss_context_time(int, char **);
104 105 static void _gss_verify(int, char **);
105 106 static void _gss_seal(int, char **);
106 107 static void _gss_unseal(int, char **);
107 108 static void _gss_display_status(int, char **);
108 109 static void _gss_indicate_mechs(int, char **);
109 110 static void _gss_inquire_cred(int, char **);
110 111 static void _gssd_expname_to_unix_cred(int, char **);
111 112 static void _gssd_name_to_unix_cred(int, char **);
112 113 static void _gssd_get_group_info(int, char **);
113 114
114 115 static int do_gssdtest(char *buf);
115 116
116 117
117 118 #ifndef _KERNEL
118 119 static int read_line(char *buf, int size)
119 120 {
120 121 int len;
121 122
122 123 /* read the next line. If cntl-d, return with zero char count */
123 124 printf(gettext("\n> "));
124 125
125 126 if (fgets(buf, size, stdin) == NULL)
126 127 return (0);
127 128
128 129 len = strlen(buf);
129 130 buf[--len] = '\0';
130 131 return (len);
131 132 }
132 133
133 134 int
134 135 main()
135 136 {
136 137 char buf[512];
137 138 int len, ret;
138 139
139 140 /* Print out usage and instructions to start off the session */
140 141
141 142 instructs();
142 143 usage();
143 144
144 145 /*
145 146 * Loop, repeatedly calling parse_input_line() to get the
146 147 * next line and parse it into argc and argv. Act on the
147 148 * arguements found on the line.
148 149 */
149 150
150 151 do {
151 152 len = read_line(buf, 512);
152 153 if (len)
153 154 ret = do_gssdtest(buf);
154 155 } while (len && !ret);
155 156
156 157 return (0);
157 158 }
158 159 #endif /* !_KERNEL */
159 160
160 161 static int
161 162 do_gssdtest(char *buf)
162 163 {
163 164 int argc, seal_argc;
164 165 int i;
165 166 char **argv, **argv_array;
166 167
167 168 char *cmd;
168 169 char *seal_ini_array [] = { "initiator", " Hello"};
169 170 char *seal_acc_array [] = { "acceptor", " Hello"};
170 171 char *unseal_acc_array [] = {"acceptor"};
171 172 char *unseal_ini_array [] = {"initiator"};
172 173 char *delet_acc_array [] = {"acceptor"};
173 174 char *delet_ini_array [] = {"initiator"};
174 175
175 176 argv = 0;
176 177
177 178 if (parse_input_line(buf, &argc, &argv) == 0) {
178 179 printf(gettext("\n"));
179 180 return (1);
180 181 }
181 182
182 183 if (argc == 0) {
183 184 usage();
184 185 /*LINTED*/
185 186 FREE(argv_array, (argc+1)*sizeof (char *));
186 187 return (0);
187 188 }
188 189
189 190 /*
190 191 * remember argv_array address, which is memory calloc'd by
191 192 * parse_input_line, so it can be free'd at the end of the loop.
192 193 */
193 194
194 195 argv_array = argv;
195 196
196 197 cmd = argv[0];
197 198
198 199 argc--;
199 200 argv++;
200 201
201 202 if (strcmp(cmd, "gss_loop") == 0 ||
202 203 strcmp(cmd, "loop") == 0) {
203 204
204 205 if (argc < 1) {
205 206 usage();
206 207 FREE(argv_array, (argc+2) * sizeof (char *));
207 208 return (0);
208 209 }
209 210 for (i = 0; i < LOOP_COUNTER; i++) {
210 211 printf(gettext("Loop Count is %d \n"), i);
211 212 /*
212 213 * if (i > 53)
213 214 * printf ("Loop counter is greater than 55\n");
214 215 */
215 216 _gss_acquire_cred(argc, argv);
216 217 _gss_init_sec_context(argc, argv);
217 218 _gss_accept_sec_context(0, argv);
218 219 _gss_init_sec_context(argc, argv);
219 220
220 221 seal_argc = 2;
221 222 _gss_seal(seal_argc, seal_ini_array);
222 223 seal_argc = 1;
223 224 _gss_unseal(seal_argc, unseal_acc_array);
224 225 seal_argc = 2;
225 226 _gss_seal(seal_argc, seal_acc_array);
226 227 seal_argc = 1;
227 228 _gss_unseal(seal_argc, unseal_ini_array);
228 229 seal_argc = 2;
229 230 _gss_sign(seal_argc, seal_ini_array);
230 231 seal_argc = 1;
231 232 _gss_verify(seal_argc, unseal_acc_array);
232 233 seal_argc = 2;
233 234 _gss_sign(seal_argc, seal_acc_array);
234 235 seal_argc = 1;
235 236 _gss_verify(seal_argc, unseal_ini_array);
236 237 _gss_delete_sec_context(argc, delet_acc_array);
237 238 _gss_delete_sec_context(argc, delet_ini_array);
238 239 }
239 240 }
240 241 if (strcmp(cmd, "gss_all") == 0 ||
241 242 strcmp(cmd, "all") == 0) {
242 243 _gss_acquire_cred(argc, argv);
243 244 _gss_init_sec_context(argc, argv);
244 245 _gss_accept_sec_context(0, argv);
245 246 _gss_init_sec_context(argc, argv);
246 247
247 248 seal_argc = 2;
248 249 _gss_seal(seal_argc, seal_acc_array);
249 250 seal_argc = 1;
250 251 _gss_unseal(seal_argc, unseal_ini_array);
251 252 seal_argc = 2;
252 253 _gss_seal(seal_argc, seal_ini_array);
253 254 seal_argc = 1;
254 255 _gss_unseal(seal_argc, unseal_acc_array);
255 256 seal_argc = 2;
256 257 _gss_sign(seal_argc, seal_ini_array);
257 258 seal_argc = 1;
258 259 _gss_verify(seal_argc, unseal_acc_array);
259 260 seal_argc = 2;
260 261 _gss_sign(seal_argc, seal_acc_array);
261 262 seal_argc = 1;
262 263 _gss_verify(seal_argc, unseal_ini_array);
263 264
264 265 }
265 266 if (strcmp(cmd, "gss_acquire_cred") == 0 ||
266 267 strcmp(cmd, "acquire") == 0) {
267 268 _gss_acquire_cred(argc, argv);
268 269 if (argc == 1)
269 270 _gss_add_cred(argc, argv);
270 271 }
271 272
272 273 else if (strcmp(cmd, "gss_release_cred") == 0 ||
273 274 strcmp(cmd, "release") == 0)
274 275 _gss_release_cred(argc, argv);
275 276 else if (strcmp(cmd, "gss_init_sec_context") == 0 ||
276 277 strcmp(cmd, "init") == 0)
277 278 _gss_init_sec_context(argc, argv);
278 279 else if (strcmp(cmd, "gss_accept_sec_context") == 0 ||
279 280 strcmp(cmd, "accept") == 0)
280 281 _gss_accept_sec_context(argc, argv);
281 282 else if (strcmp(cmd, "gss_process_context_token") == 0 ||
282 283 strcmp(cmd, "process") == 0)
283 284 _gss_process_context_token(argc, argv);
284 285 else if (strcmp(cmd, "gss_delete_sec_context") == 0 ||
285 286 strcmp(cmd, "delete") == 0)
286 287 _gss_delete_sec_context(argc, argv);
287 288 else if (strcmp(cmd, "gss_context_time") == 0 ||
288 289 strcmp(cmd, "time") == 0)
289 290 _gss_context_time(argc, argv);
290 291 else if (strcmp(cmd, "gss_sign") == 0 ||
291 292 strcmp(cmd, "sign") == 0)
292 293 _gss_sign(argc, argv);
293 294 else if (strcmp(cmd, "gss_verify") == 0 ||
294 295 strcmp(cmd, "verify") == 0)
295 296 _gss_verify(argc, argv);
296 297 else if (strcmp(cmd, "gss_seal") == 0 ||
297 298 strcmp(cmd, "seal") == 0)
298 299 _gss_seal(argc, argv);
299 300 else if (strcmp(cmd, "gss_unseal") == 0 ||
300 301 strcmp(cmd, "unseal") == 0)
301 302 _gss_unseal(argc, argv);
302 303 else if (strcmp(cmd, "gss_display_status") == 0||
303 304 strcmp(cmd, "status") == 0)
304 305 _gss_display_status(argc, argv);
305 306 else if (strcmp(cmd, "gss_indicate_mechs") == 0 ||
306 307 strcmp(cmd, "indicate") == 0)
307 308 _gss_indicate_mechs(argc, argv);
308 309 else if (strcmp(cmd, "gss_inquire_cred") == 0 ||
309 310 strcmp(cmd, "inquire") == 0)
310 311 _gss_inquire_cred(argc, argv);
311 312 else if (strcmp(cmd, "expname2unixcred") == 0 ||
312 313 strcmp(cmd, "gsscred_expname_to_unix_cred") == 0)
313 314 _gssd_expname_to_unix_cred(argc, argv);
314 315 else if (strcmp(cmd, "name2unixcred") == 0 ||
315 316 strcmp(cmd, "gsscred_name_to_unix_cred") == 0)
316 317 _gssd_name_to_unix_cred(argc, argv);
317 318 else if (strcmp(cmd, "grpinfo") == 0 ||
318 319 strcmp(cmd, "gss_get_group_info") == 0)
319 320 _gssd_get_group_info(argc, argv);
320 321 else if (strcmp(cmd, "exit") == 0) {
321 322 printf(gettext("\n"));
322 323 FREE(argv_array, (argc+2) * sizeof (char *));
323 324 return (1);
324 325 } else
325 326 usage();
326 327
327 328 /* free argv array */
328 329
329 330 FREE(argv_array, (argc+2) * sizeof (char *));
330 331 return (0);
331 332 }
332 333
333 334 static void
334 335 _gss_acquire_cred(argc, argv)
335 336 int argc;
336 337 char **argv;
337 338 {
338 339
339 340 OM_UINT32 status, minor_status;
340 341 gss_buffer_desc name;
341 342 gss_name_t desired_name = (gss_name_t) 0;
342 343 OM_uint32 time_req;
343 344 gss_OID_set_desc desired_mechs_desc;
344 345 gss_OID_set desired_mechs = &desired_mechs_desc;
345 346 int cred_usage;
346 347 gss_OID_set actual_mechs = GSS_C_NULL_OID_SET;
347 348 gss_OID_set inquire_mechs = GSS_C_NULL_OID_SET;
348 349 OM_UINT32 time_rec;
349 350 char * string;
350 351 char * inq_string;
351 352 uid_t uid;
352 353 gss_OID mech_type;
353 354
354 355 /*
355 356 * First set up the command line independent input arguments.
356 357 */
357 358
358 359 time_req = (OM_uint32) 0;
359 360 cred_usage = GSS_C_ACCEPT;
360 361 uid = getuid();
361 362
362 363 /* Parse the command line for the variable input arguments */
363 364
364 365 if (argc == 0) {
365 366 usage();
366 367 return;
367 368 }
368 369
369 370 /*
370 371 * Get the name of the principal.
371 372 */
372 373
373 374 name.length = strlen(argv[0])+1;
374 375 name.value = argv[0];
375 376
376 377 /*
377 378 * Now convert the string given by the first argument into internal
378 379 * form suitable for input to gss_acquire_cred()
379 380 */
380 381
381 382 if ((status = gss_import_name(&minor_status, &name,
382 383 (gss_OID)GSS_C_NT_HOSTBASED_SERVICE, &desired_name))
383 384 != GSS_S_COMPLETE) {
384 385 printf(gettext(
385 386 "could not parse desired name: err (octal) %o (%s)\n"),
386 387 status, gettext("gss_acquire_cred error"));
387 388 return;
388 389 }
389 390
390 391 argc--;
391 392 argv++;
392 393
393 394 /*
394 395 * The next argument is an OID in dotted decimal form.
395 396 */
396 397
397 398 if (argc == 0) {
398 399 printf(gettext("Assuming Kerberos V5 as the mechanism\n"));
399 400 printf(gettext(
400 401 "The mech OID 1.2.840.113554.1.2.2 will be used\n"));
401 402 mech_type = gss_str2oid((char *)GSS_KRB5_MECH_OID);
402 403 } else
403 404 mech_type = gss_str2oid(argv[0]);
404 405
405 406 if (mech_type == 0 || mech_type->length == 0) {
406 407 printf(gettext("improperly formated mechanism OID\n"));
407 408 return;
408 409 }
409 410
410 411 /*
411 412 * set up desired_mechs so it points to mech_type.
412 413 */
413 414
414 415 desired_mechs = (gss_OID_set) MALLOC(sizeof (gss_OID_desc));
415 416
416 417 desired_mechs->count = 1;
417 418 desired_mechs->elements = mech_type;
418 419
419 420 status = kgss_acquire_cred(
420 421 &minor_status,
421 422 desired_name,
422 423 time_req,
423 424 desired_mechs,
424 425 cred_usage,
425 426 &acceptor_credentials,
426 427 &actual_mechs,
427 428 &time_rec,
428 429 uid);
429 430
430 431 /* store major and minor status for gss_display_status() call */
431 432
432 433 gss_major_code = status;
433 434 gss_minor_code = minor_status;
434 435
435 436 if (status == GSS_S_COMPLETE) {
436 437 /* process returned values */
437 438
438 439 printf(gettext("\nacquire succeeded\n\n"));
439 440
440 441 /*
441 442 * print out the actual mechs returned NB: Since only one
442 443 * mechanism is specified in desired_mechs, only one
443 444 * can be returned in actual_mechs. Consequently,
444 445 * actual_mechs->elements points to an array of only one
445 446 * element.
446 447 */
447 448
448 449 if ((string = gss_oid2str(actual_mechs->elements)) == 0) {
449 450 printf(gettext("actual mechs == NULL\n\n"));
450 451 } else {
451 452 printf(gettext("actual mechs = %s\n\n"), string);
452 453 FREE(string, (actual_mechs->elements->length+1)*4+1);
453 454 }
454 455
455 456 if (cred_usage == GSS_C_BOTH)
456 457 printf(gettext("GSS_C_BOTH\n\n"));
457 458
458 459 if (cred_usage == GSS_C_INITIATE)
459 460 printf(gettext("GSS_C_INITIATE\n\n"));
460 461
461 462 if (cred_usage == GSS_C_ACCEPT)
462 463 printf(gettext("GSS_C_ACCEPT\n\n"));
463 464 status = kgss_inquire_cred(
464 465 &minor_status,
465 466 acceptor_credentials,
466 467 NULL,
467 468 &time_req,
468 469 &cred_usage,
469 470 &inquire_mechs,
470 471 uid);
471 472
472 473 if (status != GSS_S_COMPLETE)
473 474 printf(gettext("server ret err (octal) %o (%s)\n"),
474 475 status, gettext("gss_inquire_cred error"));
475 476 else {
476 477 if ((inq_string =
477 478 gss_oid2str(inquire_mechs->elements)) == 0) {
478 479 printf(gettext
479 480 ("mechs from inquire == NULL\n\n"));
480 481 } else {
481 482 printf(gettext
482 483 ("mechs from inquiry = %s\n\n"),
483 484 inq_string);
484 485 FREE(inq_string,
485 486 (inquire_mechs->elements->length+1)*4+1);
486 487 }
487 488 printf(gettext("inquire_cred successful \n\n"));
488 489 }
489 490
490 491 } else {
491 492 printf(gettext("server ret err (octal) %o (%s)\n"),
492 493 status, gettext("gss_acquire_cred error"));
493 494 }
494 495
495 496 /* free allocated memory */
496 497
497 498 /* actual mechs is allocated by clnt_stubs. Release it here */
498 499 if (actual_mechs != GSS_C_NULL_OID_SET)
499 500 gss_release_oid_set_and_oids(&minor_status, &actual_mechs);
500 501 if (inquire_mechs != GSS_C_NULL_OID_SET)
501 502 gss_release_oid_set_and_oids(&minor_status, &inquire_mechs);
502 503
503 504 gss_release_name(&minor_status, &desired_name);
504 505
505 506 /* mech_type and desired_mechs are allocated above. Release it here */
506 507
507 508 FREE(mech_type->elements, mech_type->length);
508 509 FREE(mech_type, sizeof (gss_OID_desc));
509 510 FREE(desired_mechs, sizeof (gss_OID_desc));
510 511 }
511 512
512 513 static void
513 514 _gss_add_cred(argc, argv)
514 515 int argc;
515 516 char **argv;
516 517 {
517 518
518 519 OM_UINT32 status, minor_status;
519 520 gss_buffer_desc name;
520 521 gss_name_t desired_name = (gss_name_t) 0;
521 522 OM_uint32 time_req;
522 523 OM_uint32 initiator_time_req;
523 524 OM_uint32 acceptor_time_req;
524 525 int cred_usage;
525 526 gss_OID_set actual_mechs = GSS_C_NULL_OID_SET;
526 527 gss_OID_set inquire_mechs = GSS_C_NULL_OID_SET;
527 528 char * string;
528 529 uid_t uid;
529 530 gss_OID mech_type;
530 531 int i;
531 532
532 533 /*
533 534 * First set up the command line independent input arguments.
534 535 */
535 536
536 537 initiator_time_req = (OM_uint32) 0;
537 538 acceptor_time_req = (OM_uint32) 0;
538 539 cred_usage = GSS_C_ACCEPT;
539 540 uid = getuid();
540 541
541 542 /* Parse the command line for the variable input arguments */
542 543
543 544 if (argc == 0) {
544 545 usage();
545 546 return;
546 547 }
547 548
548 549 /*
549 550 * Get the name of the principal.
550 551 */
551 552
552 553 name.length = strlen(argv[0])+1;
553 554 name.value = argv[0];
554 555
555 556 /*
556 557 * Now convert the string given by the first argument into internal
557 558 * form suitable for input to gss_acquire_cred()
558 559 */
559 560
560 561 if ((status = gss_import_name(&minor_status, &name,
561 562 (gss_OID)GSS_C_NT_HOSTBASED_SERVICE, &desired_name))
562 563 != GSS_S_COMPLETE) {
563 564 printf(gettext(
564 565 "could not parse desired name: err (octal) %o (%s)\n"),
565 566 status, gettext("gss_acquire_cred error"));
566 567 return;
567 568 }
568 569
569 570 argc--;
570 571 argv++;
571 572
572 573 /*
573 574 * The next argument is an OID in dotted decimal form.
574 575 */
575 576
576 577 if (argc == 0) {
577 578 printf(gettext("Assuming dummy as the mechanism\n"));
578 579 printf(gettext(
579 580 "The mech OID 1.3.6.1.4.1.42.2.26.1.2 will be used\n"));
580 581 mech_type = gss_str2oid((char *)GSS_DUMMY_MECH_OID);
581 582 } else
582 583 mech_type = gss_str2oid(argv[0]);
583 584
584 585 if (mech_type == 0 || mech_type->length == 0) {
585 586 printf(gettext("improperly formated mechanism OID\n"));
586 587 return;
587 588 }
588 589
589 590 /*
590 591 * set up desired_mechs so it points to mech_type.
591 592 */
592 593
593 594 status = kgss_add_cred(
594 595 &minor_status,
595 596 acceptor_credentials,
596 597 desired_name,
597 598 mech_type,
598 599 cred_usage,
599 600 initiator_time_req,
600 601 acceptor_time_req,
601 602 &actual_mechs,
602 603 NULL,
603 604 NULL,
604 605 uid);
605 606
606 607 /* store major and minor status for gss_display_status() call */
607 608
608 609 gss_major_code = status;
609 610 gss_minor_code = minor_status;
610 611 if (status == GSS_S_COMPLETE) {
611 612 /* process returned values */
612 613
613 614 printf(gettext("\nadd succeeded\n\n"));
614 615 if (actual_mechs) {
615 616 for (i = 0; i < actual_mechs->count; i++) {
616 617 if ((string =
617 618 gss_oid2str
618 619 (&actual_mechs->elements[i])) == 0) {
619 620 printf(gettext
620 621 ("actual mechs == NULL\n\n"));
621 622 } else {
622 623 printf(gettext
623 624 ("actual mechs = %s\n\n"), string);
624 625 FREE(string,
625 626 (actual_mechs->elements->length+1)*4+1);
626 627 }
627 628 }
628 629 }
629 630 /*
630 631 * Try adding the cred again for the same mech
631 632 * We should get GSS_S_DUPLICATE_ELEMENT
632 633 * if not return an error
633 634 */
634 635 status = kgss_add_cred(
635 636 &minor_status,
636 637 acceptor_credentials,
637 638 desired_name,
638 639 mech_type,
639 640 cred_usage,
640 641 initiator_time_req,
641 642 acceptor_time_req,
642 643 NULL, /* &actual_mechs, */
643 644 NULL,
644 645 NULL,
645 646 uid);
646 647 if (status != GSS_S_DUPLICATE_ELEMENT) {
647 648 printf(gettext("Expected duplicate element, Got "
648 649 " (octal) %o (%s)\n"),
649 650 status, gettext("gss_add_cred error"));
650 651 }
651 652 status = kgss_inquire_cred(
652 653 &minor_status,
653 654 acceptor_credentials,
654 655 NULL,
655 656 &time_req,
656 657 &cred_usage,
657 658 &inquire_mechs,
658 659 uid);
659 660
660 661 if (status != GSS_S_COMPLETE)
661 662 printf(gettext("server ret err (octal) %o (%s)\n"),
662 663 status, gettext("gss_inquire_cred error"));
663 664 else {
664 665 for (i = 0; i < inquire_mechs->count; i++) {
665 666 if ((string =
666 667 gss_oid2str
667 668 (&inquire_mechs->elements[i])) == 0) {
668 669 printf(gettext
669 670 ("inquire_mechs mechs == NULL\n\n"));
670 671 } else {
671 672 printf(gettext
672 673 ("inquire_cred mechs = %s\n\n"),
673 674 string);
674 675 FREE(string,
675 676 (inquire_mechs->elements->length+1)*4
676 677 +1);
677 678 }
678 679 }
679 680 printf(gettext("inquire_cred successful \n\n"));
680 681 }
681 682
682 683 } else {
683 684 printf(gettext("server ret err (octal) %o (%s)\n"),
684 685 status, gettext("gss_acquire_cred error"));
685 686 }
686 687
687 688 /* Let us do inquire_cred_by_mech for both mechanisms */
688 689 status = kgss_inquire_cred_by_mech(
689 690 &minor_status,
690 691 acceptor_credentials,
691 692 mech_type,
692 693 uid);
693 694 if (status != GSS_S_COMPLETE)
694 695 printf(gettext("server ret err (octal) %o (%s)\n"),
695 696 status, gettext("gss_inquire_cred_by_mech"));
696 697 else
697 698 printf(gettext("gss_inquire_cred_by_mech successful"));
698 699
699 700
700 701 FREE(mech_type->elements, mech_type->length);
701 702 FREE(mech_type, sizeof (gss_OID_desc));
702 703 mech_type = gss_str2oid((char *)GSS_KRB5_MECH_OID);
703 704 status = kgss_inquire_cred_by_mech(
704 705 &minor_status,
705 706 acceptor_credentials,
706 707 mech_type,
707 708 uid);
708 709 if (status != GSS_S_COMPLETE)
709 710 printf(gettext("server ret err (octal) %o (%s)\n"),
710 711 status, gettext
711 712 ("gss_inquire_cred_by_mech for dummy mech error"));
712 713
713 714 /* free allocated memory */
714 715
715 716 /* actual mechs is allocated by clnt_stubs. Release it here */
716 717 if (actual_mechs != GSS_C_NULL_OID_SET)
717 718 gss_release_oid_set_and_oids(&minor_status, &actual_mechs);
718 719 if (inquire_mechs != GSS_C_NULL_OID_SET)
719 720 gss_release_oid_set_and_oids(&minor_status, &inquire_mechs);
720 721
721 722 gss_release_name(&minor_status, &desired_name);
722 723
723 724 /* mech_type and desired_mechs are allocated above. Release it here */
724 725
725 726 FREE(mech_type->elements, mech_type->length);
726 727 FREE(mech_type, sizeof (gss_OID_desc));
727 728 }
728 729
729 730 /*ARGSUSED*/
730 731 static void
731 732 _gss_release_cred(argc, argv)
732 733 int argc;
733 734 char **argv;
734 735 {
735 736 OM_UINT32 status;
736 737 OM_UINT32 minor_status;
737 738 uid_t uid;
738 739
739 740 /* set up input arguments here */
740 741
741 742 if (argc != 0) {
742 743 usage();
743 744 return;
744 745 }
745 746
746 747 uid = getuid();
747 748
748 749 status = kgss_release_cred(
749 750 &minor_status,
750 751 &acceptor_credentials,
751 752 uid);
752 753
753 754 /* store major and minor status for gss_display_status() call */
754 755
755 756 gss_major_code = status;
756 757 gss_minor_code = minor_status;
757 758
758 759 if (status == GSS_S_COMPLETE) {
759 760 printf(gettext("\nrelease succeeded\n\n"));
760 761 } else {
761 762 printf(gettext("server ret err (octal) %o (%s)\n"),
762 763 status, gettext("gss_release_cred error"));
763 764 }
764 765 }
765 766
766 767 static void
767 768 _gss_init_sec_context(argc, argv)
768 769 int argc;
769 770 char **argv;
770 771 {
771 772
772 773 OM_uint32 status;
773 774
774 775 OM_uint32 minor_status;
775 776 gss_cred_id_t claimant_cred_handle;
776 777 gss_name_t target_name = (gss_name_t) 0;
777 778 gss_OID mech_type = (gss_OID) 0;
778 779 int req_flags;
779 780 OM_uint32 time_req;
780 781 gss_channel_bindings_t input_chan_bindings;
781 782 gss_buffer_t input_token;
782 783 gss_buffer_desc context_token;
783 784 gss_OID actual_mech_type;
784 785 int ret_flags;
785 786 OM_uint32 time_rec;
786 787 uid_t uid;
787 788 char * string;
788 789 gss_buffer_desc name;
789 790
790 791 /*
791 792 * If this is the first phase of the context establishment,
792 793 * clear initiator_context_handle and indicate next phase.
793 794 */
794 795
795 796 if (init_sec_context_phase == 0) {
796 797 initiator_context_handle = GSS_C_NO_CONTEXT;
797 798 input_token = GSS_C_NO_BUFFER;
798 799 init_sec_context_phase = 1;
799 800 } else
800 801 input_token = &init_token_buffer;
801 802
802 803 /*
803 804 * First set up the non-variable command line independent input
804 805 * arguments
805 806 */
806 807
807 808 claimant_cred_handle = GSS_C_NO_CREDENTIAL;
808 809
809 810 req_flags = GSS_C_MUTUAL_FLAG;
810 811 time_req = (OM_uint32) 0;
811 812 input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS;
812 813 uid = getuid();
813 814
814 815 /* Now parse the command line for the remaining input arguments */
815 816
816 817 if (argc == 0) {
817 818 usage();
818 819 return;
819 820 }
820 821
821 822 /*
822 823 * Get the name of the target.
823 824 */
824 825
825 826 name.length = strlen(argv[0])+1;
826 827 name.value = argv[0];
827 828
828 829 /*
829 830 * Now convert the string given by the first argument into a target
830 831 * name suitable for input to gss_init_sec_context()
831 832 */
832 833
833 834 if ((status = gss_import_name(&minor_status, &name,
834 835 /* GSS_C_NULL_OID, &target_name)) */
835 836 (gss_OID)GSS_C_NT_HOSTBASED_SERVICE, &target_name))
836 837 != GSS_S_COMPLETE) {
837 838 printf(gettext(
838 839 "could not parse target name: err (octal) %o (%s)\n"),
839 840 status,
840 841 gettext("gss_init_sec_context error"));
841 842 if (input_token != GSS_C_NO_BUFFER)
842 843 gss_release_buffer(&minor_status, &init_token_buffer);
843 844 init_sec_context_phase = 0;
844 845 return;
845 846 }
846 847
847 848 argc--;
848 849 argv++;
849 850
850 851 if (argc == 0) {
851 852 printf(gettext("Assuming Kerberos V5 as the mechanism\n"));
852 853 printf(gettext(
853 854 "The mech OID 1.2.840.113554.1.2.2 will be used\n"));
854 855 mech_type = gss_str2oid((char *)GSS_KRB5_MECH_OID);
855 856 } else {
856 857 mech_type = gss_str2oid(argv[0]);
857 858 }
858 859
859 860 if (mech_type == 0 || mech_type->length == 0) {
860 861 printf(gettext("improperly formated mechanism OID\n"));
861 862 if (input_token != GSS_C_NO_BUFFER)
862 863 gss_release_buffer(&minor_status, &init_token_buffer);
863 864 init_sec_context_phase = 0;
864 865 return;
865 866 }
866 867
867 868 /* call kgss_init_sec_context */
868 869
869 870 status = kgss_init_sec_context(&minor_status,
870 871 claimant_cred_handle,
871 872 &initiator_context_handle,
872 873 target_name,
873 874 mech_type,
874 875 req_flags,
875 876 time_req,
876 877 input_chan_bindings,
877 878 input_token,
878 879 &actual_mech_type,
879 880 &accept_token_buffer,
880 881 &ret_flags,
881 882 &time_rec,
882 883 uid);
883 884
884 885 /* store major and minor status for gss_display_status() call */
885 886 gss_major_code = status;
886 887 gss_minor_code = minor_status;
887 888
888 889 if (status != GSS_S_COMPLETE &&
889 890 status != GSS_S_CONTINUE_NEEDED) {
890 891
891 892 printf(gettext("server ret err (octal) %o (%s)\n"),
892 893 status, "gss_init_sec_context error");
893 894 init_sec_context_phase = 0;
894 895 if (status == GSS_S_NO_CRED)
895 896 printf(gettext(" : no credentials"));
896 897 if (input_token != GSS_C_NO_BUFFER)
897 898 gss_release_buffer(&minor_status, &init_token_buffer);
898 899 if (status != GSS_S_FAILURE && minor_status != 0xffffffff)
899 900 status = kgss_delete_sec_context(&minor_status,
900 901 &initiator_context_handle,
901 902 &msg_token);
902 903 return;
903 904
904 905 } else if (status == GSS_S_COMPLETE) {
905 906
906 907 /* process returned values */
907 908
908 909 printf(gettext("\ninit succeeded\n\n"));
909 910
910 911 /* print out the actual mechanism type */
911 912
912 913 if ((string = gss_oid2str(actual_mech_type)) == 0) {
913 914
914 915 printf(gettext(
915 916 "gssapi internal err : actual "
916 917 "mech type null\n"));
917 918 init_sec_context_phase = 0;
918 919 if (input_token != GSS_C_NO_BUFFER)
919 920 gss_release_buffer(&minor_status,
920 921 &init_token_buffer);
921 922 gss_release_buffer(&minor_status, &accept_token_buffer);
922 923 status = kgss_delete_sec_context(&minor_status,
923 924 &initiator_context_handle,
924 925 &msg_token);
925 926 return;
926 927 } else {
927 928 printf(gettext("actual mech type = %s\n\n"), string);
928 929 FREE(string, (actual_mech_type->length+1)*4+1);
929 930 }
930 931
931 932 /* print out value of ret_flags and time_req */
932 933
933 934 if (ret_flags & GSS_C_DELEG_FLAG)
934 935 printf(gettext("GSS_C_DELEG_FLAG = True\n"));
935 936 else
936 937 printf(gettext("GSS_C_DELEG_FLAG = False\n"));
937 938
938 939 if (ret_flags & GSS_C_MUTUAL_FLAG)
939 940 printf(gettext("GSS_C_MUTUAL_FLAG = True\n"));
940 941 else
941 942 printf(gettext("GSS_C_MUTUAL_FLAG = False\n"));
942 943
943 944 if (ret_flags & GSS_C_REPLAY_FLAG)
944 945 printf(gettext("GSS_C_REPLAY_FLAG = True\n"));
945 946 else
946 947 printf(gettext("GSS_C_REPLAY_FLAG = False\n"));
947 948
948 949 if (ret_flags & GSS_C_SEQUENCE_FLAG)
949 950 printf(gettext("GSS_C_SEQUENCE_FLAG = True\n"));
950 951 else
951 952 printf(gettext("GSS_C_SEQUENCE_FLAG = False\n"));
952 953
953 954 if (ret_flags & GSS_C_CONF_FLAG)
954 955 printf(gettext("GSS_C_CONF_FLAG = True\n"));
955 956 else
956 957 printf(gettext("GSS_C_CONF_FLAG = False\n"));
957 958
958 959 if (ret_flags & GSS_C_INTEG_FLAG)
959 960 printf(gettext("GSS_C_INTEG_FLAG = True\n\n"));
960 961 else
961 962 printf(gettext("GSS_C_INTEG_FLAG = False\n\n"));
962 963
963 964 printf(gettext("time_req = %u seconds\n\n"), time_rec);
964 965
965 966 /* free allocated memory */
966 967
967 968 FREE(mech_type->elements, mech_type->length);
968 969 FREE(mech_type, sizeof (gss_OID_desc));
969 970
970 971 /* these two were malloc'd by kgss_init_sec_context() */
971 972
972 973 FREE(actual_mech_type->elements, actual_mech_type->length);
973 974 FREE(actual_mech_type, sizeof (gss_OID_desc));
974 975
975 976 gss_release_name(&minor_status, &target_name);
976 977
977 978 if (input_token != GSS_C_NO_BUFFER)
978 979 gss_release_buffer(&minor_status, &init_token_buffer);
979 980
980 981 /*
981 982 * if status == GSS_S_COMPLETE, reset the phase to 0 and
982 983 * release token in accept_token_buffer
983 984 */
984 985
985 986 init_sec_context_phase = 0;
986 987 /* Save and restore the context */
987 988 status = kgss_export_sec_context(&minor_status,
988 989 &initiator_context_handle,
989 990 &context_token);
990 991 if (status != GSS_S_COMPLETE) {
991 992 printf(gettext("server ret err (octal) %o (%s)\n"),
992 993 status, gettext("gss_export_sec_context_error"));
993 994 return;
994 995 }
995 996 status = kgss_import_sec_context(&minor_status,
996 997 &context_token,
997 998 &initiator_context_handle);
998 999 if (status != GSS_S_COMPLETE) {
999 1000 printf(gettext("server ret err (octal) %o (%s)\n"),
1000 1001 status, gettext("gss_import_sec_context_error"));
1001 1002 return;
1002 1003 }
1003 1004 (void) gss_release_buffer(&minor_status, &context_token);
1004 1005
1005 1006 /* gss_export & gss_import secxc_context worked, return */
1006 1007 printf(gettext("\nexport and import of contexts succeeded\n"));
1007 1008 printf(gettext("\ninit completed"));
1008 1009
1009 1010 } else {
1010 1011 printf(gettext("\nfirst phase of init succeeded"));
1011 1012 printf(gettext("\ninit must be called again\n\n"));
1012 1013 }
1013 1014
1014 1015 }
1015 1016
1016 1017 /*ARGSUSED*/
1017 1018 static void
1018 1019 _gss_accept_sec_context(argc, argv)
1019 1020 int argc;
1020 1021 char **argv;
1021 1022 {
1022 1023 OM_UINT32 status;
1023 1024
1024 1025 OM_uint32 minor_status;
1025 1026 gss_channel_bindings_t input_chan_bindings;
1026 1027 gss_OID mech_type;
1027 1028 int ret_flags;
1028 1029 OM_uint32 time_rec;
1029 1030 gss_cred_id_t delegated_cred_handle;
1030 1031 uid_t uid;
1031 1032 char *string;
1032 1033 gss_buffer_desc src_name, src_name_string;
1033 1034 gss_buffer_desc output_token;
1034 1035 gss_name_t gss_name;
1035 1036 gss_buffer_desc context_token;
1036 1037
1037 1038 /*
1038 1039 * If this is the first phase of the context establishment,
1039 1040 * clear acceptor_context_handle and indicate next phase.
1040 1041 */
1041 1042
1042 1043 if (accept_sec_context_phase == 0) {
1043 1044 acceptor_context_handle = GSS_C_NO_CONTEXT;
1044 1045 accept_sec_context_phase = 1;
1045 1046 }
1046 1047
1047 1048 /* Now set up the other command line independent input arguments */
1048 1049
1049 1050 input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS;
1050 1051
1051 1052 uid = (uid_t) getuid();
1052 1053
1053 1054 if (argc != 0) {
1054 1055 usage();
1055 1056 return;
1056 1057 }
1057 1058
1058 1059 status = kgss_accept_sec_context(&minor_status,
1059 1060 &acceptor_context_handle,
1060 1061 acceptor_credentials,
1061 1062 &accept_token_buffer,
1062 1063 input_chan_bindings,
1063 1064 &src_name,
1064 1065 &mech_type,
1065 1066 &init_token_buffer,
1066 1067 &ret_flags,
1067 1068 &time_rec,
1068 1069 &delegated_cred_handle,
1069 1070 uid);
1070 1071
1071 1072 /* store major and minor status for gss_display_status() call */
1072 1073
1073 1074 gss_major_code = status;
1074 1075 gss_minor_code = minor_status;
1075 1076
1076 1077 if (status != GSS_S_COMPLETE && status != GSS_S_CONTINUE_NEEDED) {
1077 1078 printf(gettext("server ret err (octal) %o (%s)\n"),
1078 1079 status, gettext("gss_accept_sec_context error"));
1079 1080 gss_release_buffer(&minor_status, &accept_token_buffer);
1080 1081 return;
1081 1082 } else if (status == GSS_S_COMPLETE) {
1082 1083
1083 1084 /* process returned values */
1084 1085
1085 1086 printf(gettext("\naccept succeeded\n\n"));
1086 1087
1087 1088 /*
1088 1089 * convert the exported name returned in src_name into
1089 1090 * a string and print it.
1090 1091 */
1091 1092 if ((status = gss_import_name(&minor_status, &src_name,
1092 1093 (gss_OID) GSS_C_NT_EXPORT_NAME, &gss_name))
1093 1094 != GSS_S_COMPLETE) {
1094 1095 printf(gettext(
1095 1096 "could not import src name 0x%x\n"), status);
1096 1097 accept_sec_context_phase = 0;
1097 1098 status = kgss_delete_sec_context(&minor_status,
1098 1099 &acceptor_context_handle,
1099 1100 &output_token);
1100 1101 gss_release_buffer(&minor_status, &accept_token_buffer);
1101 1102 if (status == GSS_S_CONTINUE_NEEDED)
1102 1103 gss_release_buffer(&minor_status,
1103 1104 &init_token_buffer);
1104 1105 gss_release_buffer(&minor_status, &src_name);
1105 1106 return;
1106 1107 }
1107 1108
1108 1109 memset(&src_name_string, 0, sizeof (src_name_string));
1109 1110 if ((status = gss_display_name(&minor_status, gss_name,
1110 1111 &src_name_string, NULL)) != GSS_S_COMPLETE) {
1111 1112 printf(gettext("could not display src name: "
1112 1113 "err (octal) %o (%s)\n"), status,
1113 1114 "gss_init_sec_context error");
1114 1115 accept_sec_context_phase = 0;
1115 1116 status = kgss_delete_sec_context(&minor_status,
1116 1117 &acceptor_context_handle,
1117 1118 &output_token);
1118 1119 gss_release_buffer(&minor_status, &accept_token_buffer);
1119 1120 if (status == GSS_S_CONTINUE_NEEDED)
1120 1121 gss_release_buffer(&minor_status,
1121 1122 &init_token_buffer);
1122 1123 gss_release_buffer(&minor_status, &src_name);
1123 1124 return;
1124 1125 }
1125 1126 printf(gettext("src name = %s\n"), src_name_string.value);
1126 1127 gss_release_name(&minor_status, &gss_name);
1127 1128 gss_release_buffer(&minor_status, &src_name_string);
1128 1129 gss_release_buffer(&minor_status, &src_name);
1129 1130
1130 1131 /* print out the mechanism type */
1131 1132
1132 1133 if ((string = gss_oid2str(mech_type)) == 0) {
1133 1134
1134 1135 printf(gettext(
1135 1136 "gssapi internal err :"
1136 1137 " actual mech type null\n"));
1137 1138 accept_sec_context_phase = 0;
1138 1139 status = kgss_delete_sec_context(&minor_status,
1139 1140 &acceptor_context_handle,
1140 1141 &output_token);
1141 1142 gss_release_buffer(&minor_status, &accept_token_buffer);
1142 1143 if (status == GSS_S_CONTINUE_NEEDED)
1143 1144 gss_release_buffer(&minor_status,
1144 1145 &init_token_buffer);
1145 1146 return;
1146 1147 } else {
1147 1148
1148 1149 printf(gettext("actual mech type = %s\n\n"), string);
1149 1150 FREE(string, (mech_type->length+1)*4+1);
1150 1151 }
1151 1152
1152 1153 /* Save and restore the context */
1153 1154 status = kgss_export_sec_context(&minor_status,
1154 1155 &initiator_context_handle,
1155 1156 &context_token);
1156 1157 if (status != GSS_S_COMPLETE) {
1157 1158 printf(gettext("server ret err (octal) %o (%s)\n"),
1158 1159 status, gettext("gss_export_sec_context_error"));
1159 1160 return;
1160 1161 }
1161 1162 status = kgss_import_sec_context(&minor_status,
1162 1163 &context_token,
1163 1164 &initiator_context_handle);
1164 1165 if (status != GSS_S_COMPLETE) {
1165 1166 printf(gettext("server ret err (octal) %o (%s)\n"),
1166 1167 status, gettext("gss_import_sec_context_error"));
1167 1168 return;
1168 1169 }
1169 1170 (void) gss_release_buffer(&minor_status, &context_token);
1170 1171
1171 1172 /* gss_export & gss_import secxc_context worked, return */
1172 1173
1173 1174 /* print out value of ret_flags and time_req */
1174 1175
1175 1176 if (ret_flags & GSS_C_DELEG_FLAG)
1176 1177 printf(gettext("GSS_C_DELEG_FLAG = True\n"));
1177 1178 else
1178 1179 printf(gettext("GSS_C_DELEG_FLAG = False\n"));
1179 1180
1180 1181 if (ret_flags & GSS_C_MUTUAL_FLAG)
1181 1182 printf(gettext("GSS_C_MUTUAL_FLAG = True\n"));
1182 1183 else
1183 1184 printf(gettext("GSS_C_MUTUAL_FLAG = False\n"));
1184 1185
1185 1186 if (ret_flags & GSS_C_REPLAY_FLAG)
1186 1187 printf(gettext("GSS_C_REPLAY_FLAG = True\n"));
1187 1188 else
1188 1189 printf(gettext("GSS_C_REPLAY_FLAG = False\n"));
1189 1190
1190 1191 if (ret_flags & GSS_C_SEQUENCE_FLAG)
1191 1192 printf(gettext("GSS_C_SEQUENCE_FLAG = True\n"));
1192 1193 else
1193 1194 printf(gettext("GSS_C_SEQUENCE_FLAG = False\n"));
1194 1195
1195 1196 if (ret_flags & GSS_C_CONF_FLAG)
1196 1197 printf(gettext("GSS_C_CONF_FLAG = True\n"));
1197 1198 else
1198 1199 printf(gettext("GSS_C_CONF_FLAG = False\n"));
1199 1200
1200 1201 if (ret_flags & GSS_C_INTEG_FLAG)
1201 1202 printf(gettext("GSS_C_INTEG_FLAG = True\n\n"));
1202 1203 else
1203 1204 printf(gettext("GSS_C_INTEG_FLAG = False\n\n"));
1204 1205
1205 1206 printf(gettext("time_rec = %d seconds\n\n"), time_rec);
1206 1207
1207 1208 /* free allocated memory */
1208 1209
1209 1210 printf(gettext("\nexport and import of contexts succeeded\n"));
1210 1211
1211 1212 FREE(mech_type->elements, mech_type->length);
1212 1213 FREE(mech_type, sizeof (gss_OID_desc));
1213 1214 } else {
1214 1215 printf(gettext("\nfirst phase of accept succeeded"));
1215 1216 printf(gettext("\naccept must be called again\n\n"));
1216 1217 }
1217 1218
1218 1219
1219 1220 /* free the input token in accept_token_buffer */
1220 1221 gss_release_buffer(&minor_status, &accept_token_buffer);
1221 1222
1222 1223 /* if status == GSS_S_COMPLETE, reset the phase to 0 */
1223 1224
1224 1225 if (status == GSS_S_COMPLETE)
1225 1226 accept_sec_context_phase = 0;
1226 1227
1227 1228 /* gss_accept_sec_context worked, return */
1228 1229 }
1229 1230
1230 1231 void
1231 1232 _gss_process_context_token(argc, argv)
1232 1233 int argc;
1233 1234 char **argv;
1234 1235 {
1235 1236 OM_UINT32 status;
1236 1237
1237 1238 gss_ctx_id_t context_handle;
1238 1239 OM_uint32 minor_status;
1239 1240 uid_t uid;
1240 1241
1241 1242 uid = (uid_t) getuid();
1242 1243
1243 1244 /* parse the command line to determine the variable input argument */
1244 1245
1245 1246 if (argc == 0) {
1246 1247 usage();
1247 1248 return;
1248 1249 }
1249 1250
1250 1251 if (strcmp(argv[0], "initiator") == 0)
1251 1252 context_handle = initiator_context_handle;
1252 1253 else if (strcmp(argv[0], "acceptor") == 0)
1253 1254 context_handle = acceptor_context_handle;
1254 1255 else {
1255 1256 printf(gettext(
1256 1257 "must specify either \"initiator\" or \"acceptor\"\n"));
1257 1258 return;
1258 1259 }
1259 1260
1260 1261 argc--;
1261 1262 argv++;
1262 1263
1263 1264 if (argc != 0) {
1264 1265 usage();
1265 1266 return;
1266 1267 }
1267 1268
1268 1269 status = kgss_process_context_token(&minor_status,
1269 1270 context_handle,
1270 1271 delete_token_buffer,
1271 1272 uid);
1272 1273
1273 1274 /* store major and minor status for gss_display_status() call */
1274 1275
1275 1276 gss_major_code = status;
1276 1277 gss_minor_code = minor_status;
1277 1278
1278 1279 if (status != GSS_S_COMPLETE) {
1279 1280 printf(gettext("server ret err (octal) %o (%s)\n"),
1280 1281 status, gettext("gss_process_context_token error"));
1281 1282 return;
1282 1283
1283 1284 } else {
1284 1285 printf(gettext("\nprocess succeeded\n\n"));
1285 1286 return;
1286 1287 }
↓ open down ↓ |
1254 lines elided |
↑ open up ↑ |
1287 1288 }
1288 1289
1289 1290 static void
1290 1291 _gss_delete_sec_context(argc, argv)
1291 1292 int argc;
1292 1293 char **argv;
1293 1294 {
1294 1295 OM_UINT32 status;
1295 1296 gss_ctx_id_t *context_handle;
1296 1297 OM_uint32 minor_status;
1297 - uid_t uid;
1298 1298
1299 - uid = (uid_t) getuid();
1300 1299
1301 1300 /* parse the command line to determine the variable input argument */
1302 1301
1303 1302 if (argc == 0) {
1304 1303 usage();
1305 1304 return;
1306 1305 }
1307 1306
1308 1307 if (strcmp(argv[0], "initiator") == 0) {
1309 1308 context_handle = &initiator_context_handle;
1310 1309 } else if (strcmp(argv[0], "acceptor") == 0) {
1311 1310 context_handle = &acceptor_context_handle;
1312 1311 } else {
1313 1312 printf(gettext(
1314 1313 "must specify either \"initiator\" or \"acceptor\"\n"));
1315 1314 return;
1316 1315 }
1317 1316
1318 1317 argc--;
1319 1318 argv++;
1320 1319
1321 1320 if (argc != 0) {
1322 1321 usage();
1323 1322 return;
1324 1323 }
1325 1324
1326 1325
1327 1326 status = kgss_delete_sec_context(&minor_status,
1328 1327 context_handle,
1329 1328 &delete_token_buffer);
1330 1329
1331 1330
1332 1331 /* store major and minor status for gss_display_status() call */
1333 1332
1334 1333 gss_major_code = status;
1335 1334 gss_minor_code = minor_status;
1336 1335
1337 1336 if (status != GSS_S_COMPLETE) {
1338 1337
1339 1338 printf(gettext("server ret err (octal) %o (%s)\n"),
1340 1339 status, gettext("gss_delete_sec_context error"));
1341 1340 return;
1342 1341
1343 1342 } else {
1344 1343 printf(gettext("\ndelete succeeded\n\n"));
1345 1344 return;
1346 1345 }
1347 1346 }
1348 1347
1349 1348 /*ARGSUSED*/
1350 1349 static void
1351 1350 _gss_context_time(argc, argv)
1352 1351 int argc;
1353 1352 char **argv;
1354 1353 {
1355 1354 /*
1356 1355 * set up input arguments here
1357 1356 * this function is unimplemented. Call usage() and return
1358 1357 */
1359 1358
1360 1359 printf(gettext("\nunimplemented function"));
1361 1360 }
1362 1361
1363 1362 static void
1364 1363 _gss_sign(argc, argv)
1365 1364 int argc;
1366 1365 char **argv;
1367 1366 {
1368 1367 OM_UINT32 status;
1369 1368 OM_uint32 minor_status;
1370 1369 gss_ctx_id_t context_handle;
1371 1370 int qop_req;
1372 1371 uid_t uid;
1373 1372
1374 1373 uid = (uid_t) getuid();
1375 1374
1376 1375 /* specify the default quality of protection */
1377 1376
1378 1377 qop_req = GSS_C_QOP_DEFAULT;
1379 1378
1380 1379 /* set up the arguments specified in the input parameters */
1381 1380
1382 1381 if (argc == 0) {
1383 1382 usage();
1384 1383 return;
1385 1384 }
1386 1385
1387 1386
1388 1387 if (strcmp(argv[0], "initiator") == 0)
1389 1388 context_handle = initiator_context_handle;
1390 1389 else if (strcmp(argv[0], "acceptor") == 0)
1391 1390 context_handle = acceptor_context_handle;
1392 1391 else {
1393 1392 printf(gettext(
1394 1393 "must specify either \"initiator\" or \"acceptor\"\n"));
1395 1394 return;
1396 1395 }
1397 1396
1398 1397 argc--;
1399 1398 argv++;
1400 1399
1401 1400 if (argc == 0) {
1402 1401 usage();
1403 1402 return;
1404 1403 }
1405 1404
1406 1405 message_buffer.length = strlen(argv[0])+1;
1407 1406 message_buffer.value = (void *) MALLOC(message_buffer.length);
1408 1407 strcpy(message_buffer.value, argv[0]);
1409 1408
1410 1409 argc--;
1411 1410 argv++;
1412 1411
1413 1412 if (argc != 0) {
1414 1413 usage();
1415 1414 return;
1416 1415 }
1417 1416
1418 1417 status = kgss_sign(&minor_status,
1419 1418 context_handle,
1420 1419 qop_req,
1421 1420 &message_buffer,
1422 1421 &msg_token,
1423 1422 uid);
1424 1423
1425 1424 /* store major and minor status for gss_display_status() call */
1426 1425
1427 1426 gss_major_code = status;
1428 1427 gss_minor_code = minor_status;
1429 1428
1430 1429 if (status != GSS_S_COMPLETE) {
1431 1430 printf(gettext("server ret err (octal) %o (%s)\n"),
1432 1431 status, gettext("gss_sign error"));
1433 1432 return;
1434 1433
1435 1434 } else {
1436 1435 printf(gettext("\nsign succeeded\n\n"));
1437 1436 return;
1438 1437 }
1439 1438 }
1440 1439
1441 1440 static void
1442 1441 _gss_verify(argc, argv)
1443 1442 int argc;
1444 1443 char **argv;
1445 1444 {
1446 1445 OM_UINT32 status, minor_status;
1447 1446 gss_ctx_id_t context_handle;
1448 1447 int qop_state;
1449 1448 uid_t uid;
1450 1449
1451 1450 uid = (uid_t) getuid();
1452 1451
1453 1452 /* set up the arguments specified in the input parameters */
1454 1453
1455 1454 if (argc == 0) {
1456 1455 usage();
1457 1456 return;
1458 1457 }
1459 1458
1460 1459
1461 1460 if (strcmp(argv[0], "initiator") == 0)
1462 1461 context_handle = initiator_context_handle;
1463 1462 else if (strcmp(argv[0], "acceptor") == 0)
1464 1463 context_handle = acceptor_context_handle;
1465 1464 else {
1466 1465 printf(gettext(
1467 1466 "must specify either \"initiator\" or \"acceptor\"\n"));
1468 1467 return;
1469 1468 }
1470 1469
1471 1470 argc--;
1472 1471 argv++;
1473 1472
1474 1473 if (argc != 0) {
1475 1474 usage();
1476 1475 return;
1477 1476 }
1478 1477
1479 1478 status = kgss_verify(&minor_status,
1480 1479 context_handle,
1481 1480 &message_buffer,
1482 1481 &msg_token,
1483 1482 &qop_state,
1484 1483 uid);
1485 1484
1486 1485 /* store major and minor status for gss_display_status() call */
1487 1486
1488 1487 gss_major_code = status;
1489 1488 gss_minor_code = minor_status;
1490 1489
1491 1490 if (status != GSS_S_COMPLETE) {
1492 1491 printf(gettext("server ret err (octal) %o (%s)\n"),
1493 1492 status, gettext("gss_verify error"));
1494 1493 return;
1495 1494 } else {
1496 1495
1497 1496 /* print out the verified message */
1498 1497
1499 1498 printf(gettext(
1500 1499 "verified message = \"%s\"\n\n"), message_buffer.value);
1501 1500
1502 1501 /* print out the quality of protection returned */
1503 1502
1504 1503 printf(gettext("quality of protection = %d \n\n"), qop_state);
1505 1504
1506 1505 /* free the message buffer and message token and return */
1507 1506
1508 1507 gss_release_buffer(&minor_status, &message_buffer);
1509 1508 gss_release_buffer(&minor_status, &msg_token);
1510 1509
1511 1510 return;
1512 1511 }
1513 1512 }
1514 1513
1515 1514 static void
1516 1515 _gss_seal(argc, argv)
1517 1516 int argc;
1518 1517 char **argv;
1519 1518 {
1520 1519 OM_UINT32 status;
1521 1520
1522 1521 OM_uint32 minor_status;
1523 1522 gss_ctx_id_t context_handle;
1524 1523 int conf_req_flag;
1525 1524 int qop_req;
1526 1525 gss_buffer_desc input_message_buffer;
1527 1526 int conf_state;
1528 1527 uid_t uid;
1529 1528
1530 1529 uid = (uid_t) getuid();
1531 1530
1532 1531 /*
1533 1532 * specify the default confidentiality requested (both integrity
1534 1533 * and confidentiality) and quality of protection
1535 1534 */
1536 1535
1537 1536 conf_req_flag = 1;
1538 1537 qop_req = GSS_C_QOP_DEFAULT;
1539 1538
1540 1539 /* set up the arguments specified in the input parameters */
1541 1540
1542 1541 if (argc == 0) {
1543 1542 usage();
1544 1543 return;
1545 1544 }
1546 1545
1547 1546
1548 1547 if (strcmp(argv[0], "initiator") == 0)
1549 1548 context_handle = initiator_context_handle;
1550 1549 else if (strcmp(argv[0], "acceptor") == 0)
1551 1550 context_handle = acceptor_context_handle;
1552 1551 else {
1553 1552 printf(gettext(
1554 1553 "must specify either \"initiator\" or \"acceptor\"\n"));
1555 1554 return;
1556 1555 }
1557 1556
1558 1557 argc--;
1559 1558 argv++;
1560 1559
1561 1560 if (argc == 0) {
1562 1561 usage();
1563 1562 return;
1564 1563 }
1565 1564
1566 1565
1567 1566 input_message_buffer.length = strlen(argv[0])+1;
1568 1567 input_message_buffer.value =
1569 1568 (void *) MALLOC(input_message_buffer.length);
1570 1569 strcpy(input_message_buffer.value, argv[0]);
1571 1570
1572 1571 argc--;
1573 1572 argv++;
1574 1573
1575 1574 if (argc != 0) {
1576 1575 usage();
1577 1576 return;
1578 1577 }
1579 1578
1580 1579 status = kgss_seal(&minor_status,
1581 1580 context_handle,
1582 1581 conf_req_flag,
1583 1582 qop_req,
1584 1583 &input_message_buffer,
1585 1584 &conf_state,
1586 1585 &message_buffer,
1587 1586 uid);
1588 1587
1589 1588 /* store major and minor status for gss_display_status() call */
1590 1589
1591 1590 gss_major_code = status;
1592 1591 gss_minor_code = minor_status;
1593 1592
1594 1593 /* free the inputmessage buffer */
1595 1594
1596 1595 gss_release_buffer(&minor_status, &input_message_buffer);
1597 1596
1598 1597 if (status != GSS_S_COMPLETE) {
1599 1598 printf(gettext("server ret err (octal) %o (%s)\n"),
1600 1599 status, gettext("gss_seal error"));
1601 1600 return;
1602 1601 } else {
1603 1602 printf(gettext("\nseal succeeded\n\n"));
1604 1603 return;
1605 1604 }
1606 1605 }
1607 1606
1608 1607 static void
1609 1608 _gss_unseal(argc, argv)
1610 1609 int argc;
1611 1610 char **argv;
1612 1611 {
1613 1612 OM_UINT32 status;
1614 1613
1615 1614 OM_uint32 minor_status;
1616 1615 gss_ctx_id_t context_handle;
1617 1616 gss_buffer_desc output_message_buffer;
1618 1617 int conf_state;
1619 1618 int qop_state;
1620 1619 uid_t uid;
1621 1620
1622 1621 uid = (uid_t) getuid();
1623 1622
1624 1623 /* set up the arguments specified in the input parameters */
1625 1624
1626 1625 if (argc == 0) {
1627 1626 usage();
1628 1627 return;
1629 1628 }
1630 1629
1631 1630
1632 1631 if (strcmp(argv[0], "initiator") == 0)
1633 1632 context_handle = initiator_context_handle;
1634 1633 else if (strcmp(argv[0], "acceptor") == 0)
1635 1634 context_handle = acceptor_context_handle;
1636 1635 else {
1637 1636 printf(gettext(
1638 1637 "must specify either \"initiator\" or \"acceptor\"\n"));
1639 1638 return;
1640 1639 }
1641 1640
1642 1641 argc--;
1643 1642 argv++;
1644 1643
1645 1644 if (argc != 0) {
1646 1645 usage();
1647 1646 return;
1648 1647 }
1649 1648
1650 1649 status = kgss_unseal(&minor_status,
1651 1650 context_handle,
1652 1651 &message_buffer,
1653 1652 &output_message_buffer,
1654 1653 &conf_state,
1655 1654 &qop_state,
1656 1655 uid);
1657 1656
1658 1657 /* store major and minor status for gss_display_status() call */
1659 1658
1660 1659 gss_major_code = status;
1661 1660 gss_minor_code = minor_status;
1662 1661
1663 1662 if (status == GSS_S_COMPLETE) {
1664 1663 printf(gettext("\nunseal succeeded\n\n"));
1665 1664 printf(gettext("unsealed message = \"%s\"\n\n"),
1666 1665 output_message_buffer.value);
1667 1666 if (conf_state)
1668 1667 printf(gettext("confidentiality and integrity used\n"));
1669 1668 else
1670 1669 printf(gettext("only integrity used\n"));
1671 1670 printf(gettext("quality of protection = %d\n\n"), qop_state);
1672 1671 gss_release_buffer(&minor_status, &output_message_buffer);
1673 1672 } else {
1674 1673 printf(gettext("server ret err (octal) %o (%s)\n"),
1675 1674 status, gettext("gss_unseal error"));
1676 1675 }
1677 1676
1678 1677 /* free the message buffer and return */
1679 1678
1680 1679 gss_release_buffer(&minor_status, &message_buffer);
1681 1680 }
1682 1681
1683 1682 static void
1684 1683 _gss_display_status(argc, argv)
1685 1684 int argc;
1686 1685 char **argv;
1687 1686 {
1688 1687 OM_UINT32 status;
1689 1688 OM_uint32 minor_status;
1690 1689 int status_type;
1691 1690 int status_value;
1692 1691 gss_OID mech_type = (gss_OID) 0;
1693 1692 int message_context;
1694 1693 gss_buffer_desc status_string;
1695 1694 uid_t uid;
1696 1695
1697 1696 uid = (uid_t) getuid();
1698 1697
1699 1698 /* initialize message context to zero */
1700 1699
1701 1700 message_context = 0;
1702 1701
1703 1702 if (argc == 0) {
1704 1703 printf(gettext("Assuming Kerberos V5 as the mechanism\n"));
1705 1704 printf(gettext(
1706 1705 "The mech OID 1.2.840.113554.1.2.2 will be used\n"));
1707 1706 mech_type = gss_str2oid((char *)GSS_KRB5_MECH_OID);
1708 1707 } else
1709 1708 mech_type = gss_str2oid(argv[0]);
1710 1709
1711 1710 if (mech_type == 0 || mech_type->length == 0) {
1712 1711 printf(gettext("improperly formated mechanism OID\n"));
1713 1712 return;
1714 1713 }
1715 1714
1716 1715 /* Is this call for the major or minor status? */
1717 1716
1718 1717 if (strcmp(argv[0], "major") == 0) {
1719 1718 status_type = GSS_C_GSS_CODE;
1720 1719 status_value = gss_major_code;
1721 1720 } else if (strcmp(argv[0], "minor") == 0) {
1722 1721 status_type = GSS_C_MECH_CODE;
1723 1722 status_value = gss_minor_code;
1724 1723 } else {
1725 1724 printf(gettext("must specify either \"major\" or \"minor\"\n"));
1726 1725 return;
1727 1726 }
1728 1727
1729 1728 argc--;
1730 1729 argv++;
1731 1730
1732 1731 if (argc != 0) {
1733 1732 usage();
1734 1733 return;
1735 1734 }
1736 1735
1737 1736 status = kgss_display_status(&minor_status,
1738 1737 status_value,
1739 1738 status_type,
1740 1739 mech_type,
1741 1740 &message_context,
1742 1741 &status_string,
1743 1742 uid);
1744 1743
1745 1744 if (status == GSS_S_COMPLETE) {
1746 1745 printf(gettext("status =\n %s\n\n"), status_string.value);
1747 1746 } else if (status == GSS_S_BAD_MECH) {
1748 1747 printf(gettext("invalide mechanism OID\n\n"));
1749 1748 } else {
1750 1749 printf(gettext("server ret err (octal) %o (%s)\n"),
1751 1750 status, gettext("gss_display_status error"));
1752 1751 }
1753 1752 }
1754 1753
1755 1754 /*ARGSUSED*/
1756 1755 static void
1757 1756 _gss_indicate_mechs(argc, argv)
1758 1757 int argc;
1759 1758 char **argv;
1760 1759 {
1761 1760 OM_UINT32 status;
1762 1761 OM_UINT32 minor_status;
1763 1762 gss_OID_set oid_set = GSS_C_NULL_OID_SET;
1764 1763 uid_t uid;
1765 1764
1766 1765 uid = (uid_t) getuid();
1767 1766
1768 1767 /* set up input arguments here */
1769 1768
1770 1769 if (argc != 0) {
1771 1770 usage();
1772 1771 return;
1773 1772 }
1774 1773
1775 1774 status = kgss_indicate_mechs(&minor_status, &oid_set, uid);
1776 1775
1777 1776 if (status == GSS_S_COMPLETE) {
1778 1777 int i;
1779 1778 char *string;
1780 1779
1781 1780 printf(gettext("%d supported mechanism%s%s\n"), oid_set->count,
1782 1781 (oid_set->count == 1) ? "" : "s",
1783 1782 (oid_set->count > 0) ? ":" : "");
1784 1783
1785 1784 for (i = 0; i < oid_set->count; i++) {
1786 1785 string = gss_oid2str(&oid_set->elements[i]);
1787 1786 printf(gettext("\t%s\n"), string);
1788 1787 FREE(string, ((oid_set->elements[i].length+1)*4)+1);
1789 1788 }
1790 1789 printf("\n");
1791 1790
1792 1791 } else {
1793 1792 printf(gettext("server ret err (octal) %o (%s)\n"),
1794 1793 status, gettext("gss_indicate_mechs error"));
1795 1794 }
1796 1795
1797 1796 if (oid_set)
1798 1797 gss_release_oid_set_and_oids(&minor_status, &oid_set);
1799 1798 }
1800 1799
1801 1800 /*ARGSUSED*/
1802 1801 static void
1803 1802 _gss_inquire_cred(argc, argv)
1804 1803 int argc;
1805 1804 char **argv;
1806 1805 {
1807 1806 /* set up input arguments here */
1808 1807
1809 1808 if (argc != 0) {
1810 1809 usage();
1811 1810 return;
1812 1811 }
1813 1812
1814 1813
1815 1814 /* this function is unimplemented. Call usage() and return */
1816 1815
1817 1816 printf(gettext("\nUnsupported function"));
1818 1817 }
1819 1818
1820 1819 static char hexChars[] = "0123456789ABCDEF";
1821 1820
1822 1821 static void
1823 1822 _gssd_expname_to_unix_cred(argc, argv)
1824 1823 int argc;
1825 1824 char **argv;
1826 1825 {
1827 1826 OM_uint32 major;
1828 1827 gss_buffer_desc expName;
1829 1828 char krb5_root_name[] = "040100092A864886F712010202000000"
1830 1829 "25000A2A864886F71201020101726F6F744053554E534F46"
1831 1830 "542E454E472E53554E2E434F4D00";
1832 1831 unsigned char *byteStr, *hexStr;
1833 1832 uid_t uidOut, uidIn;
1834 1833 gid_t *gids, gidOut;
1835 1834 int gidsLen, i, newLen;
1836 1835
1837 1836 /* set up the arguments */
1838 1837 uidIn = (uid_t) getuid();
1839 1838
1840 1839 if (argc < 1) {
1841 1840 printf(gettext(
1842 1841 "Using principal name of root for krberos_v5\n"));
1843 1842 expName.value = (void*)krb5_root_name;
1844 1843 expName.length = strlen(krb5_root_name);
1845 1844 } else {
1846 1845 expName.value = (void*)argv[0];
1847 1846 expName.length = strlen(argv[0]);
1848 1847 }
1849 1848
1850 1849 /* convert the name from hex to byte... */
1851 1850 hexStr = (unsigned char *)expName.value;
1852 1851 newLen = expName.length/2;
1853 1852 byteStr = (unsigned char *)MALLOC(newLen+1);
1854 1853 expName.value = (char *)byteStr;
1855 1854 for (i = 0; i < expName.length; i += 2) {
1856 1855 *byteStr = (strchr(hexChars, *hexStr++) - hexChars) << 4;
1857 1856 *byteStr += (strchr(hexChars, *hexStr++) - hexChars);
1858 1857 byteStr++;
1859 1858 }
1860 1859 expName.length = newLen;
1861 1860
1862 1861 major = kgsscred_expname_to_unix_cred(&expName, &uidOut, &gidOut,
1863 1862 &gids, &gidsLen, uidIn);
1864 1863
1865 1864 FREE(expName.value, newLen);
1866 1865
1867 1866 if (major == GSS_S_COMPLETE) {
1868 1867 printf(gettext("uid = <%d>\tgid = <%d>\t"), uidOut, gidOut);
1869 1868 if (gidsLen > 0)
1870 1869 printf(gettext(" %d gids <"), gidsLen);
1871 1870 else
1872 1871 printf(gettext(
1873 1872 " no supplementary group information\n"));
1874 1873 for (i = 0; i < gidsLen; i++)
1875 1874 printf(" %d ", gids[i]);
1876 1875 if (gidsLen > 0) {
1877 1876 printf(">\n");
1878 1877 FREE(gids, gidsLen * sizeof (gid_t));
1879 1878 }
1880 1879 } else {
1881 1880 printf(gettext("server ret err (octal) %o (%s)\n"),
1882 1881 major, gettext("gsscred_expname_to_unix_cred"));
1883 1882 }
1884 1883 }
1885 1884
1886 1885 static void
1887 1886 _gssd_name_to_unix_cred(argc, argv)
1888 1887 int argc;
1889 1888 char **argv;
1890 1889 {
1891 1890 OM_uint32 major, minor;
1892 1891 gss_name_t gssName;
1893 1892 gss_buffer_desc gssBuf = GSS_C_EMPTY_BUFFER;
1894 1893 int gidsLen, i;
1895 1894 gid_t *gids, gidOut;
1896 1895 uid_t uidOut, uid;
1897 1896 char defaultPrincipal[] = "root";
1898 1897 gss_OID mechType, nameType;
1899 1898
1900 1899 uid = getuid();
1901 1900
1902 1901 /* optional argument 1 - contains principal name */
1903 1902 if (argc > 0) {
1904 1903 gssBuf.value = (void *)argv[0];
1905 1904 gssBuf.length = strlen((char *)argv[0]);
1906 1905 } else {
1907 1906 gssBuf.value = (void *)defaultPrincipal;
1908 1907 gssBuf.length = strlen(defaultPrincipal);
1909 1908 }
1910 1909 printf(gettext(
1911 1910 "Using <%s> as the principal name.\n"), (char *)gssBuf.value);
1912 1911
1913 1912
1914 1913 /* optional argument 2 - contains name oid */
1915 1914 if (argc > 1)
1916 1915 nameType = gss_str2oid((char *) argv[1]);
1917 1916 else
1918 1917 nameType = (gss_OID)GSS_C_NT_USER_NAME;
1919 1918
1920 1919 if (nameType == NULL || nameType->length == 0) {
1921 1920 printf(gettext("improperly formated name OID\n"));
1922 1921 return;
1923 1922 }
1924 1923 printf(gettext("Principal name of type: <%s>.\n"),
1925 1924 (argc > 1) ? argv[1] : "GSS_C_NT_USER_NAME");
1926 1925
1927 1926
1928 1927 /* optional argument 3 - contains mech oid */
1929 1928 if (argc > 2)
1930 1929 mechType = gss_str2oid(argv[2]);
1931 1930 else
1932 1931 mechType = gss_str2oid((char *)GSS_KRB5_MECH_OID);
1933 1932
1934 1933 if (mechType == NULL || mechType->length == NULL) {
1935 1934 FREE(nameType->elements, nameType->length);
1936 1935 FREE(nameType, sizeof (gss_OID_desc));
1937 1936 printf(gettext("improperly formated mech OID\n"));
1938 1937 return;
1939 1938 }
1940 1939 printf(gettext("Mechanism oid: <%s>.\n"),
1941 1940 (argc > 2) ? argv[2] :
1942 1941 (char *)GSS_KRB5_MECH_OID "(Kerberos v5)");
1943 1942
1944 1943
1945 1944 /* convert the name to internal format */
1946 1945 if ((major = gss_import_name(&minor, &gssBuf,
1947 1946 nameType, &gssName)) != GSS_S_COMPLETE) {
1948 1947 printf(gettext("could not parse name: err (octal) %o (%s)\n"),
1949 1948 major, "gss_import_name");
1950 1949
1951 1950 FREE(nameType->elements, nameType->length);
1952 1951 FREE(nameType, sizeof (gss_OID_desc));
1953 1952 return;
1954 1953 }
1955 1954
1956 1955 major = kgsscred_name_to_unix_cred(gssName, mechType, &uidOut,
1957 1956 &gidOut, &gids, &gidsLen, uid);
1958 1957
1959 1958 gss_release_name(&minor, &gssName);
1960 1959 FREE(mechType->elements, mechType->length);
1961 1960 FREE(mechType, sizeof (gss_OID_desc));
1962 1961 if (argc > 1) {
1963 1962 FREE(nameType->elements, nameType->length);
1964 1963 FREE(nameType, sizeof (gss_OID_desc));
1965 1964 }
1966 1965
1967 1966 if (major == GSS_S_COMPLETE) {
1968 1967 printf("uid = <%d>\tgid = <%d>\t", uidOut, gidOut);
1969 1968 if (gidsLen > 0)
1970 1969 printf(gettext(" %d gids <"), gidsLen);
1971 1970 else
1972 1971 printf(gettext(
1973 1972 " no supplementary group information\n"));
1974 1973 for (i = 0; i < gidsLen; i++)
1975 1974 printf(" %d ", gids[i]);
1976 1975 if (gidsLen > 0) {
1977 1976 printf(">\n");
1978 1977 FREE(gids, gidsLen * sizeof (gid_t));
1979 1978 }
1980 1979 } else {
1981 1980 printf(gettext("server ret err (octal) %o (%s)\n"),
1982 1981 major, gettext("gsscred_name_to_unix_cred"));
1983 1982 }
1984 1983 }
1985 1984
1986 1985 static void
1987 1986 _gssd_get_group_info(argc, argv)
1988 1987 int argc;
1989 1988 char **argv;
1990 1989 {
1991 1990 OM_uint32 major;
1992 1991 uid_t puid, uidIn;
1993 1992 gid_t *gids, gidOut;
1994 1993 int gidsLen, i;
1995 1994
1996 1995 /* set up the arguments */
1997 1996 uidIn = (uid_t) getuid();
1998 1997
1999 1998 if (argc < 1)
2000 1999 puid = 0;
2001 2000 else
2002 2001 puid = atol(argv[0]);
2003 2002
2004 2003 printf(gettext("Retrieving group info for uid of <%d>\n"), puid);
2005 2004
2006 2005 major = kgss_get_group_info(puid, &gidOut, &gids, &gidsLen, uidIn);
2007 2006
2008 2007 if (major == GSS_S_COMPLETE) {
2009 2008 printf(gettext("group id = <%d>\t"), gidOut);
2010 2009 if (gidsLen > 0)
2011 2010 printf(gettext(" %d gids <"), gidsLen);
2012 2011 else
2013 2012 printf(gettext(
2014 2013 " no supplementary group information\n"));
2015 2014 for (i = 0; i < gidsLen; i++)
2016 2015 printf(" %d ", gids[i]);
2017 2016 if (gidsLen > 0) {
2018 2017 printf(">\n");
2019 2018 FREE(gids, gidsLen * sizeof (gid_t));
2020 2019 }
2021 2020 } else {
2022 2021 printf(gettext("server ret err (octal) %o (%s)\n"),
2023 2022 major, "gss_get_group_info");
2024 2023 }
2025 2024 }
2026 2025
2027 2026 static gss_OID
2028 2027 gss_str2oid(string)
2029 2028 char * string;
2030 2029 {
2031 2030 /*
2032 2031 * a convenient wrapper routine for gss_str_to_oid
2033 2032 * this can handle all valid oid strings.
2034 2033 */
2035 2034 OM_uint32 minor;
2036 2035 gss_buffer_desc abuf;
2037 2036 gss_OID oidOut;
2038 2037
2039 2038 abuf.value = (void*)string;
2040 2039 abuf.length = strlen(string);
2041 2040
2042 2041 if (gss_str_to_oid(&minor, &abuf, &oidOut) != GSS_S_COMPLETE)
2043 2042 return (NULL);
2044 2043
2045 2044 return (oidOut);
2046 2045 }
2047 2046
2048 2047 static char *
2049 2048 gss_oid2str(oid)
2050 2049 gss_OID oid;
2051 2050 {
2052 2051 /*
2053 2052 * a convenient wrapper for gss_oid_to_str
2054 2053 * this calls the GSS-API routine which should
2055 2054 * be able to handle all types of oids.
2056 2055 */
2057 2056 OM_uint32 minor;
2058 2057 gss_buffer_desc oidStr;
2059 2058
2060 2059 if (gss_oid_to_str(&minor, oid, &oidStr) != GSS_S_COMPLETE)
2061 2060 return (NULL);
2062 2061
2063 2062 return ((char *)oidStr.value);
2064 2063 } /* gss_oid2str */
2065 2064
2066 2065 static void
2067 2066 instructs()
2068 2067 {
2069 2068 fprintf(stderr,
2070 2069 gettext(
2071 2070 "\nThis program must be run as root. Root must be installed on the KDC\n"
2072 2071 "and exist in srvtab as root/<hostname>, where <hostname> is the machine on\n"
2073 2072 "which the test runs. Before running gssdtest for Kerberos mechanism, the\n"
2074 2073 "operator running as root must kinit as some other principal, e.g., test.\n"
2075 2074 "There are two mechanisms avaialble: dummy and Kerberos(default).\n"
2076 2075 "The OID for dummy mechanism is 1.3.6.1.4.1.42.2.26.1.2.\n"
2077 2076 "The OID for Kerberos mechanism is 1.2.840.113554.1.2.2.\n"
2078 2077 "The order of context establishment calls is important. First, acquire must"
2079 2078 "\nbe called. This obtains the credentials used by accept. Acquire need\n"
2080 2079 "only be called once, since the credentials it returns are used each time\n"
2081 2080 "accept is called. Then init is called, followed by accept. Calling init\n"
2082 2081 "twice without calling accept or calling these in a different order gives\n"
2083 2082 "erroneous results and will cause memory leaks in the gssapi daemon. \n"
2084 2083 "Finally, after calling init and accept, init must be called again to\n"
2085 2084 "finish context establishment. So an example sequence (with data valid for\n"
2086 2085 "the Kerberos mechanism and running on the machine \"elrond\" in the realm\n"
2087 2086 "FOO.BAR.SUN.COM is :\n"));
2088 2087 fprintf(stderr,
2089 2088 gettext("\nacquire service@host 1.2.840.113554.1.2.2\n"
2090 2089 "init service@host 1.2.840.113554.1.2.2\n"
2091 2090 "accept\ninit service@host 1.2.840.113554.1.2.2\n"
2092 2091 "\nAfter a context is established, sign, seal,\n"
2093 2092 "verify and unseal may be called. Here are some examples\n"
2094 2093 "for these routines : \n\n"
2095 2094 "sign initiator ThisTestMessageIsForSigning\n"
2096 2095 "verify acceptor\nseal initiator ThisTestMessageIsForSealing\n"
2097 2096 "unseal acceptor\n\nEach input line is terminated by <cr>.\n"
2098 2097 "The program is terminated by cntl-d\nor the command \"exit\""
2099 2098 "\nfrom the prompt\n\n"));
2100 2099 }
2101 2100
2102 2101 static void
2103 2102 usage()
2104 2103 {
2105 2104 fprintf(stderr,
2106 2105 gettext(
2107 2106 "\nusage:\t[acquire | gss_acquire_cred]"
2108 2107 "desired_name mech_type\n"
2109 2108 "\t[release | gss_release_cred]\n"
2110 2109 "\t[init | gss_init_sec_context] target_name mech_type\n"
2111 2110 "\t[accept | gss_accept_sec_context]\n"
2112 2111 "\t[process | gss_process_context_token] initiator | acceptor\n"
2113 2112 "\t[delete | gss_delete_sec_context] initiator | acceptor\n"
2114 2113 "\t[time | gss_context_time] {not yet implemented}\n"
2115 2114 "\t[sign | gss_sign] initiator | acceptor message-to-sign\n"
2116 2115 "\t[verify | gss_verify] initiator | acceptor\n"
2117 2116 "\t[seal | gss_seal] initiator | acceptor message-to-seal\n"
2118 2117 "\t[unseal | gss_unseal] initiator | acceptor\n"
2119 2118 "\t[status | gss_display_status] mech_type [major | minor] \n"
2120 2119 "\t[indicate | gss_indicate_mechs]\n"
2121 2120 "\t[inquire | gss_inquire_cred] {not yet implemented}\n"
2122 2121 "\t[expname2unixcred | gsscred_expname_to_unix_cred]"
2123 2122 " export-name\n"
2124 2123 "\t[name2unixcred | gsscred_name_to_unix_cred] "
2125 2124 "pname [name_type mech_type]\n"
2126 2125 "\t[grpinfo | gss_get_group_info] uid\n"
2127 2126 "\t[gss_all | all] desired_name\n"
2128 2127 "\t[gss_loop | loop] desired_name\n"
2129 2128 "\texit\n\n"));
2130 2129 }
2131 2130
2132 2131 /* Copied from parse_argv(), then modified */
2133 2132
2134 2133 static int
2135 2134 parse_input_line(input_line, argc, argv)
2136 2135 char *input_line;
2137 2136 int * argc;
2138 2137 char ***argv;
2139 2138 {
2140 2139 const char nil = '\0';
2141 2140 char * chptr;
2142 2141 int chr_cnt;
2143 2142 int arg_cnt = 0;
2144 2143 int ch_was_space = 1;
2145 2144 int ch_is_space;
2146 2145
2147 2146 chr_cnt = strlen(input_line);
2148 2147
2149 2148 /* Count the arguments in the input_line string */
2150 2149
2151 2150 *argc = 1;
2152 2151
2153 2152 for (chptr = &input_line[0]; *chptr != nil; chptr++) {
2154 2153 ch_is_space = isspace(*chptr);
2155 2154 if (ch_is_space && !ch_was_space) {
2156 2155 (*argc)++;
2157 2156 }
2158 2157 ch_was_space = ch_is_space;
2159 2158 }
2160 2159
2161 2160 if (ch_was_space) {
2162 2161 (*argc)--;
2163 2162 } /* minus trailing spaces */
2164 2163
2165 2164 /* Now that we know how many args calloc the argv array */
2166 2165
2167 2166 *argv = (char **) CALLOC((*argc)+1, sizeof (char *));
2168 2167 chptr = (char *) (&input_line[0]);
2169 2168
2170 2169 for (ch_was_space = 1; *chptr != nil; chptr++) {
2171 2170 ch_is_space = isspace(*chptr);
2172 2171 if (ch_is_space) {
2173 2172 *chptr = nil; /* replace each space with nil */
2174 2173 } else if (ch_was_space) { /* begining of word? */
2175 2174 (*argv)[arg_cnt++] = chptr; /* new argument ? */
2176 2175 }
2177 2176
2178 2177 ch_was_space = ch_is_space;
2179 2178 }
2180 2179
2181 2180 return (chr_cnt);
2182 2181 }
↓ open down ↓ |
873 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX