krb5 commit: Tidy up GSSAPI test programs
Greg Hudson
ghudson at MIT.EDU
Thu Sep 13 12:27:33 EDT 2012
https://github.com/krb5/krb5/commit/d81d68ebd8ade84e240f7d95edf0a562f6931ea2
commit d81d68ebd8ade84e240f7d95edf0a562f6931ea2
Author: Greg Hudson <ghudson at mit.edu>
Date: Thu Sep 13 12:27:04 2012 -0400
Tidy up GSSAPI test programs
Factor out some common functions used by multiple test programs. Use
a common argument format for importing names (p:princname,
h:hostbasedname, or u:username) and adjust the Python tests to match
it. Use more consistent conventions in test programs and fix some
coding style issues. Normalize how the test programs are built.
.gitignore | 3 +
src/tests/gssapi/Makefile.in | 95 ++++---
src/tests/gssapi/common.c | 211 +++++++++++++++
src/tests/gssapi/common.h | 70 +++++
src/tests/gssapi/t_accname.c | 82 +-----
src/tests/gssapi/t_ccselect.c | 79 +-----
src/tests/gssapi/t_ccselect.py | 26 +-
src/tests/gssapi/t_client_keytab.py | 32 ++-
src/tests/gssapi/t_credstore.c | 75 +-----
src/tests/gssapi/t_export_cred.c | 74 +-----
src/tests/gssapi/t_export_name.c | 92 +------
src/tests/gssapi/t_gssapi.py | 54 ++--
src/tests/gssapi/t_gssexts.c | 414 +++++++----------------------
src/tests/gssapi/t_imp_cred.c | 81 +-----
src/tests/gssapi/t_imp_name.c | 132 ++--------
src/tests/gssapi/t_inq_cred.c | 91 ++------
src/tests/gssapi/t_namingexts.c | 458 +++++++-------------------------
src/tests/gssapi/t_s4u.c | 497 ++++++++---------------------------
src/tests/gssapi/t_s4u.py | 26 +-
src/tests/gssapi/t_s4u2proxy_krb5.c | 149 +++--------
src/tests/gssapi/t_saslname.c | 138 ++++-------
src/tests/gssapi/t_spnego.c | 247 +++--------------
22 files changed, 940 insertions(+), 2186 deletions(-)
diff --git a/.gitignore b/.gitignore
index 47af087..9737d26 100644
--- a/.gitignore
+++ b/.gitignore
@@ -262,10 +262,13 @@ testlog
/src/tests/gssapi/ccrefresh
/src/tests/gssapi/t_accname
/src/tests/gssapi/t_ccselect
+/src/tests/gssapi/t_credstore
/src/tests/gssapi/t_export_cred
+/src/tests/gssapi/t_export_name
/src/tests/gssapi/t_gssexts
/src/tests/gssapi/t_imp_cred
/src/tests/gssapi/t_imp_name
+/src/tests/gssapi/t_inq_cred
/src/tests/gssapi/t_namingexts
/src/tests/gssapi/t_s4u
/src/tests/gssapi/t_s4u2proxy_krb5
diff --git a/src/tests/gssapi/Makefile.in b/src/tests/gssapi/Makefile.in
index 35ff010..a34c28e 100644
--- a/src/tests/gssapi/Makefile.in
+++ b/src/tests/gssapi/Makefile.in
@@ -4,61 +4,68 @@ DEFINES = -DUSE_AUTOCONF_H
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
-SRCS= $(srcdir)/t_accname.c $(srcdir)/t_ccselect.c $(srcdir)/t_imp_cred.c \
- $(srcdir)/t_imp_name.c $(srcdir)/t_s4u.c $(srcdir)/t_s4u2proxy_krb5.c \
- $(srcdir)/t_namingexts.c $(srcdir)/t_gssexts.c $(srcdir)/t_saslname.c \
- $(srcdir)/t_credstore.c $(srcdir)/t_export_name.c
+SRCS= $(srcdir)/t_accname.c $(srcdir)/t_ccselect.c $(srcdir)/t_credstore.c \
+ $(srcdir)/t_export_cred.c $(srcdir)/t_export_name.c \
+ $(srcdir)/t_gssexts.c $(srcdir)/t_imp_cred.c $(srcdir)/t_imp_name.c \
+ $(srcdir)/t_inq_cred.c $(srcdir)/t_namingexts.c $(srcdir)/t_s4u.c \
+ $(srcdir)/t_s4u2proxy_krb5.c $(srcdir)/t_saslname.c \
+ $(srcdir)/t_spnego.c
-OBJS= t_accname.o t_ccselect.o t_imp_cred.o t_imp_name.o t_s4u.o \
- t_s4u2proxy_krb5.o t_namingexts.o t_gssexts.o t_spnego.o t_saslname.o \
- t_credstore.o t_export_name.o t_export_cred.o
+OBJS= ccinit.o ccrefresh.o common.o t_accname.o t_ccselect.o t_credstore.o \
+ t_export_cred.o t_export_name.o t_gssexts.o t_imp_cred.o t_imp_name.o \
+ t_inq_cred.o t_namingexts.o t_s4u.o t_s4u2proxy_krb5.o t_saslname.o \
+ t_spnego.o
-all:: t_accname t_ccselect t_imp_cred t_imp_name t_s4u t_s4u2proxy_krb5 \
- t_namingexts t_gssexts t_spnego t_saslname t_credstore t_export_name \
- t_export_cred
+COMMON_DEPS= common.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+COMMON_LIBS= common.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
-check-pytests:: t_accname t_ccselect t_imp_cred t_inq_cred t_spnego \
- t_s4u2proxy_krb5 t_s4u t_export_name t_export_cred ccinit ccrefresh
+all:: ccinit ccrefresh t_accname t_ccselect t_credstore t_export_cred \
+ t_export_name t_gssexts t_imp_cred t_imp_name t_inq_cred t_namingexts \
+ t_s4u t_s4u2proxy_krb5 t_saslname t_spnego
+
+check-pytests:: ccinit ccrefresh t_accname t_ccselect t_credstore \
+ t_export_cred t_export_name t_imp_cred t_inq_cred t_s4u \
+ t_s4u2proxy_krb5 t_spnego
$(RUNPYTEST) $(srcdir)/t_gssapi.py $(PYTESTFLAGS)
$(RUNPYTEST) $(srcdir)/t_ccselect.py $(PYTESTFLAGS)
- $(RUNPYTEST) $(srcdir)/t_s4u.py $(PYTESTFLAGS)
$(RUNPYTEST) $(srcdir)/t_client_keytab.py $(PYTESTFLAGS)
$(RUNPYTEST) $(srcdir)/t_export_cred.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_s4u.py $(PYTESTFLAGS)
ccinit: ccinit.o $(KRB5_BASE_DEPLIBS)
$(CC_LINK) -o ccinit ccinit.o $(KRB5_BASE_LIBS)
ccrefresh: ccrefresh.o $(KRB5_BASE_DEPLIBS)
$(CC_LINK) -o ccrefresh ccrefresh.o $(KRB5_BASE_LIBS)
-t_accname: t_accname.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o t_accname t_accname.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
-t_ccselect: t_ccselect.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o t_ccselect t_ccselect.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
-t_imp_cred: t_imp_cred.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o t_imp_cred t_imp_cred.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
-t_imp_name: t_imp_name.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o t_imp_name t_imp_name.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
-t_inq_cred: t_inq_cred.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o t_inq_cred t_inq_cred.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
-t_s4u: t_s4u.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o t_s4u t_s4u.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
-t_s4u2proxy_krb5: t_s4u2proxy_krb5.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o $@ t_s4u2proxy_krb5.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
-t_namingexts: t_namingexts.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o t_namingexts t_namingexts.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
-t_gssexts: t_gssexts.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o t_gssexts t_gssexts.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
-t_spnego: t_spnego.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o t_spnego t_spnego.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
-t_saslname: t_saslname.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o t_saslname t_saslname.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
-t_credstore: t_credstore.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o t_credstore t_credstore.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
-t_export_name: t_export_name.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o $@ t_export_name.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
-t_export_cred: t_export_cred.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o $@ t_export_cred.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
+t_accname: t_accname.o $(COMMON_DEPS)
+ $(CC_LINK) -o $@ t_accname.o $(COMMON_LIBS)
+t_ccselect: t_ccselect.o $(COMMON_DEPS)
+ $(CC_LINK) -o $@ t_ccselect.o $(COMMON_LIBS)
+t_credstore: t_credstore.o $(COMMON_DEPLIBS)
+ $(CC_LINK) -o $@ t_credstore.o $(COMMON_LIBS)
+t_export_cred: t_export_cred.o $(COMMON_DEPS)
+ $(CC_LINK) -o $@ t_export_cred.o $(COMMON_LIBS)
+t_export_name: t_export_name.o $(COMMON_DEPLIBS)
+ $(CC_LINK) -o $@ t_export_name.o $(COMMON_LIBS)
+t_gssexts: t_gssexts.o $(COMMON_DEPS)
+ $(CC_LINK) -o $@ t_gssexts.o $(COMMON_LIBS)
+t_imp_cred: t_imp_cred.o $(COMMON_DEPS)
+ $(CC_LINK) -o $@ t_imp_cred.o $(COMMON_LIBS)
+t_imp_name: t_imp_name.o $(COMMON_DEPS)
+ $(CC_LINK) -o $@ t_imp_name.o $(COMMON_LIBS)
+t_inq_cred: t_inq_cred.o $(COMMON_DEPS)
+ $(CC_LINK) -o $@ t_inq_cred.o $(COMMON_LIBS)
+t_namingexts: t_namingexts.o $(COMMON_DEPS)
+ $(CC_LINK) -o $@ t_namingexts.o $(COMMON_LIBS)
+t_s4u: t_s4u.o $(COMMON_DEPS)
+ $(CC_LINK) -o $@ t_s4u.o $(COMMON_LIBS)
+t_s4u2proxy_krb5: t_s4u2proxy_krb5.o $(COMMON_DEPS)
+ $(CC_LINK) -o $@ t_s4u2proxy_krb5.o $(COMMON_LIBS)
+t_saslname: t_saslname.o $(COMMON_DEPLIBS)
+ $(CC_LINK) -o $@ t_saslname.o $(COMMON_LIBS)
+t_spnego: t_spnego.o $(COMMON_DEPS)
+ $(CC_LINK) -o $@ t_spnego.o $(COMMON_LIBS)
clean::
- $(RM) t_accname t_ccselect t_imp_cred t_imp_name t_inq_cred t_s4u \
- t_s4u2proxy_krb5 t_namingexts t_gssexts t_spnego \
- t_saslname t_credstore t_export_name t_export_cred
+ $(RM) ccinit ccrefresh t_accname t_ccselect t_credstore t_export_cred \
+ $(RM) t_export_name t_gssexts t_imp_cred t_imp_name t_inq_cred
+ $(RM) t_namingexts t_s4u t_s4u2proxy_krb5 t_saslname t_spnego
diff --git a/src/tests/gssapi/common.c b/src/tests/gssapi/common.c
new file mode 100644
index 0000000..ab968cc
--- /dev/null
+++ b/src/tests/gssapi/common.c
@@ -0,0 +1,211 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/gssapi/common.c - Common utility functions for GSSAPI test programs */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "common.h"
+
+gss_OID_desc mech_krb5 = { 9, "\052\206\110\206\367\022\001\002\002" };
+gss_OID_desc mech_spnego = { 6, "\053\006\001\005\005\002" };
+gss_OID_desc mech_iakerb = { 6, "\053\006\001\005\002\005" };
+gss_OID_set_desc mechset_krb5 = { 1, &mech_krb5 };
+gss_OID_set_desc mechset_spnego = { 1, &mech_spnego };
+gss_OID_set_desc mechset_iakerb = { 1, &mech_iakerb };
+
+static void
+display_status(const char *msg, OM_uint32 code, int type)
+{
+ OM_uint32 maj_stat, min_stat, msg_ctx = 0;
+ gss_buffer_desc buf;
+
+ do {
+ maj_stat = gss_display_status(&min_stat, code, type, GSS_C_NULL_OID,
+ &msg_ctx, &buf);
+ fprintf(stderr, "%s: %.*s\n", msg, (int)buf.length, (char *)buf.value);
+ (void)gss_release_buffer(&min_stat, &buf);
+ } while (msg_ctx != 0);
+}
+
+void
+check_gsserr(const char *msg, OM_uint32 major, OM_uint32 minor)
+{
+ if (GSS_ERROR(major)) {
+ display_status(msg, major, GSS_C_GSS_CODE);
+ display_status(msg, minor, GSS_C_MECH_CODE);
+ exit(1);
+ }
+}
+
+void
+check_k5err(krb5_context context, const char *msg, krb5_error_code code)
+{
+ const char *errmsg;
+
+ if (code) {
+ errmsg = krb5_get_error_message(context, code);
+ printf("%s: %s\n", msg, errmsg);
+ krb5_free_error_message(context, errmsg);
+ exit(1);
+ }
+}
+
+void
+errout(const char *msg)
+{
+ fprintf(stderr, "%s\n", msg);
+ exit(1);
+}
+
+gss_name_t
+import_name(const char *str)
+{
+ OM_uint32 major, minor;
+ gss_name_t name;
+ gss_buffer_desc buf;
+ gss_OID nametype = NULL;
+
+ if (*str == 'u')
+ nametype = GSS_C_NT_USER_NAME;
+ else if (*str == 'p')
+ nametype = (gss_OID)GSS_KRB5_NT_PRINCIPAL_NAME;
+ else if (*str == 'h')
+ nametype = GSS_C_NT_HOSTBASED_SERVICE;
+ if (nametype == NULL || str[1] != ':')
+ errout("names must begin with u: or p: or h:");
+ buf.value = (char *)str + 2;
+ buf.length = strlen(str) - 2;
+ major = gss_import_name(&minor, &buf, nametype, &name);
+ check_gsserr("gss_import_name", major, minor);
+ return name;
+}
+
+void
+display_canon_name(const char *tag, gss_name_t name, gss_OID mech)
+{
+ gss_name_t canon;
+ OM_uint32 major, minor;
+ gss_buffer_desc buf;
+
+ major = gss_canonicalize_name(&minor, name, mech, &canon);
+ check_gsserr("gss_canonicalize_name", major, minor);
+
+ major = gss_display_name(&minor, canon, &buf, NULL);
+ check_gsserr("gss_display_name", major, minor);
+
+ printf("%s:\t%.*s\n", tag, (int)buf.length, (char *)buf.value);
+
+ (void)gss_release_name(&minor, &canon);
+ (void)gss_release_buffer(&minor, &buf);
+}
+
+void
+display_oid(const char *tag, gss_OID oid)
+{
+ OM_uint32 major, minor;
+ gss_buffer_desc buf;
+
+ major = gss_oid_to_str(&minor, oid, &buf);
+ check_gsserr("gss_oid_to_str", major, minor);
+ printf("%s:\t%.*s\n", tag, (int)buf.length, (char *)buf.value);
+ (void)gss_release_buffer(&minor, &buf);
+}
+
+static void
+dump_attribute(gss_name_t name, gss_buffer_t attribute, int noisy)
+{
+ OM_uint32 major, minor;
+ gss_buffer_desc value;
+ gss_buffer_desc display_value;
+ int authenticated = 0;
+ int complete = 0;
+ int more = -1;
+ unsigned int i;
+
+ while (more != 0) {
+ value.value = NULL;
+ display_value.value = NULL;
+
+ major = gss_get_name_attribute(&minor, name, attribute, &authenticated,
+ &complete, &value, &display_value,
+ &more);
+ check_gsserr("gss_get_name_attribute", major, minor);
+
+ printf("Attribute %.*s %s %s\n\n%.*s\n",
+ (int)attribute->length, (char *)attribute->value,
+ authenticated ? "Authenticated" : "",
+ complete ? "Complete" : "",
+ (int)display_value.length, (char *)display_value.value);
+
+ if (noisy) {
+ for (i = 0; i < value.length; i++) {
+ if ((i % 32) == 0)
+ printf("\n");
+ printf("%02x", ((char *)value.value)[i] & 0xFF);
+ }
+ printf("\n\n");
+ }
+
+ (void)gss_release_buffer(&minor, &value);
+ (void)gss_release_buffer(&minor, &display_value);
+ }
+}
+
+void
+enumerate_attributes(gss_name_t name, int noisy)
+{
+ OM_uint32 major, minor;
+ int is_mechname;
+ gss_OID mech = GSS_C_NO_OID;
+ gss_buffer_set_t attrs = GSS_C_NO_BUFFER_SET;
+ size_t i;
+
+ major = gss_inquire_name(&minor, name, &is_mechname, &mech, &attrs);
+ check_gsserr("gss_inquire_name", major, minor);
+
+ if (attrs != GSS_C_NO_BUFFER_SET) {
+ for (i = 0; i < attrs->count; i++)
+ dump_attribute(name, &attrs->elements[i], noisy);
+ }
+
+ (void)gss_release_buffer_set(&minor, &attrs);
+}
+
+void
+print_hex(FILE *fp, gss_buffer_t buf)
+{
+ size_t i;
+ const unsigned char *bytes = buf->value;
+
+ for (i = 0; i < buf->length; i++)
+ printf("%02X", bytes[i]);
+ printf("\n");
+}
diff --git a/src/tests/gssapi/common.h b/src/tests/gssapi/common.h
new file mode 100644
index 0000000..be3bdb9
--- /dev/null
+++ b/src/tests/gssapi/common.h
@@ -0,0 +1,70 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/gssapi/common.h - Declarations for GSSAPI test utility functions */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef COMMON_H
+#define COMMON_H
+
+#include <gssapi/gssapi_krb5.h>
+
+gss_OID_desc mech_krb5;
+gss_OID_desc mech_spnego;
+gss_OID_desc mech_iakerb;
+gss_OID_set_desc mechset_krb5;
+gss_OID_set_desc mechset_spnego;
+gss_OID_set_desc mechset_iakerb;
+
+/* Display an error message (containing msg) and exit if major is an error. */
+void check_gsserr(const char *msg, OM_uint32 major, OM_uint32 minor);
+
+/* Display an error message (containing msg) and exit if code is an error. */
+void check_k5err(krb5_context context, const char *msg, krb5_error_code code);
+
+/* Display an error message containing msg and exit. */
+void errout(const char *msg);
+
+/* Import a GSSAPI name based on a string of the form 'u:username',
+ * 'p:principalname', or 'h:host at service' (or just 'h:service'). */
+gss_name_t import_name(const char *str);
+
+/* Display name as canonicalized to mech, preceded by tag. */
+void display_canon_name(const char *tag, gss_name_t name, gss_OID mech);
+
+/* Display oid in printable form, preceded by tag. */
+void display_oid(const char *tag, gss_OID oid);
+
+/* Display attributes of name, including hex value if noisy is true. */
+void enumerate_attributes(gss_name_t name, int noisy);
+
+/* Display the contents of buf to fp in hex, followed by a newline. */
+void print_hex(FILE *fp, gss_buffer_t buf);
+
+#endif /* COMMON_H */
diff --git a/src/tests/gssapi/t_accname.c b/src/tests/gssapi/t_accname.c
index 0326ced..c857842 100644
--- a/src/tests/gssapi/t_accname.c
+++ b/src/tests/gssapi/t_accname.c
@@ -25,9 +25,8 @@
#include <stdio.h>
#include <stdlib.h>
-#include <string.h>
-#include <gssapi/gssapi_krb5.h>
+#include "common.h"
/*
* Test program for acceptor names, intended to be run from a Python test
@@ -42,39 +41,11 @@
* Usage: ./t_accname targetname [acceptorname]
*/
-static void
-display_status_1(const char *m, OM_uint32 code, int type)
-{
- OM_uint32 maj_stat, min_stat;
- gss_buffer_desc msg;
- OM_uint32 msg_ctx;
-
- msg_ctx = 0;
- while (1) {
- maj_stat = gss_display_status(&min_stat, code,
- type, GSS_C_NULL_OID,
- &msg_ctx, &msg);
- fprintf(stderr, "%s: %s\n", m, (char *)msg.value);
- (void) gss_release_buffer(&min_stat, &msg);
-
- if (!msg_ctx)
- break;
- }
-}
-
-static void
-display_status(const char *msg, OM_uint32 maj_stat, OM_uint32 min_stat)
-{
- display_status_1(msg, maj_stat, GSS_C_GSS_CODE);
- display_status_1(msg, min_stat, GSS_C_MECH_CODE);
-}
-
int
main(int argc, char *argv[])
{
OM_uint32 minor, major;
gss_cred_id_t acceptor_cred;
- gss_buffer_desc buf;
gss_name_t target_name, acceptor_name = GSS_C_NO_NAME, real_acceptor_name;
gss_buffer_desc token, tmp, namebuf;
gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
@@ -85,37 +56,16 @@ main(int argc, char *argv[])
return 1;
}
- /* Import the target name as a krb5 principal name. */
- buf.value = argv[1];
- buf.length = strlen((char *)buf.value);
- major = gss_import_name(&minor, &buf, (gss_OID)GSS_KRB5_NT_PRINCIPAL_NAME,
- &target_name);
- if (GSS_ERROR(major)) {
- display_status("gss_import_name(target_name)", major, minor);
- return 1;
- }
-
- /* Import the acceptor name as a host-based name. */
- if (argc >= 3) {
- buf.value = argv[2];
- buf.length = strlen((char *)buf.value);
- major = gss_import_name(&minor, &buf,
- (gss_OID)GSS_C_NT_HOSTBASED_SERVICE,
- &acceptor_name);
- if (GSS_ERROR(major)) {
- display_status("gss_import_name(acceptor_name)", major, minor);
- return 1;
- }
- }
+ /* Import target and acceptor names. */
+ target_name = import_name(argv[1]);
+ if (argc >= 3)
+ acceptor_name = import_name(argv[2]);
/* Get acceptor cred. */
major = gss_acquire_cred(&minor, acceptor_name, GSS_C_INDEFINITE,
GSS_C_NO_OID_SET, GSS_C_ACCEPT,
&acceptor_cred, NULL, NULL);
- if (GSS_ERROR(major)) {
- display_status("gss_acquire_cred", major, minor);
- return 1;
- }
+ check_gsserr("gss_acquire_cred", major, minor);
/* Create krb5 initiator context and get the first token. */
token.value = NULL;
@@ -126,10 +76,7 @@ main(int argc, char *argv[])
GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
GSS_C_NO_BUFFER, NULL, &token, NULL, NULL);
- if (GSS_ERROR(major)) {
- display_status("gss_init_sec_context", major, minor);
- return 1;
- }
+ check_gsserr("gss_init_sec_context", major, minor);
/* Pass the token to gss_accept_sec_context. */
tmp.value = NULL;
@@ -137,26 +84,17 @@ main(int argc, char *argv[])
major = gss_accept_sec_context(&minor, &acceptor_context, acceptor_cred,
&token, GSS_C_NO_CHANNEL_BINDINGS,
NULL, NULL, &tmp, NULL, NULL, NULL);
- if (major != GSS_S_COMPLETE) {
- display_status("gss_accept_sec_context", major, minor);
- return 1;
- }
+ check_gsserr("gss_accept_sec_context", major, minor);
major = gss_inquire_context(&minor, acceptor_context, NULL,
&real_acceptor_name, NULL, NULL, NULL, NULL,
NULL);
- if (GSS_ERROR(major)) {
- display_status("gss_inquire_context", major, minor);
- return 1;
- }
+ check_gsserr("gss_inquire_context", major, minor);
namebuf.value = NULL;
namebuf.length = 0;
major = gss_display_name(&minor, real_acceptor_name, &namebuf, NULL);
- if (GSS_ERROR(major)) {
- display_status("gss_display_name", major, minor);
- return 1;
- }
+ check_gsserr("gss_display_name", major, minor);
printf("%.*s\n", (int)namebuf.length, (char *)namebuf.value);
diff --git a/src/tests/gssapi/t_ccselect.c b/src/tests/gssapi/t_ccselect.c
index 620ce1c..05b0a84 100644
--- a/src/tests/gssapi/t_ccselect.c
+++ b/src/tests/gssapi/t_ccselect.c
@@ -28,7 +28,7 @@
#include <stdlib.h>
#include <string.h>
-#include <gssapi/gssapi_krb5.h>
+#include "common.h"
/*
* Test program for client credential selection, intended to be run from a
@@ -43,40 +43,11 @@
* Usage: ./t_ccselect [targetprinc|gss:service at host] [initiatorprinc|-]
*/
-static void
-display_status_1(const char *m, OM_uint32 code, int type)
-{
- OM_uint32 maj_stat, min_stat;
- gss_buffer_desc msg;
- OM_uint32 msg_ctx;
-
- msg_ctx = 0;
- while (1) {
- maj_stat = gss_display_status(&min_stat, code,
- type, GSS_C_NULL_OID,
- &msg_ctx, &msg);
- fprintf(stderr, "%s: %s\n", m, (char *)msg.value);
- (void) gss_release_buffer(&min_stat, &msg);
-
- if (!msg_ctx)
- break;
- }
-}
-
-static void
-gsserr(const char *msg, OM_uint32 maj_stat, OM_uint32 min_stat)
-{
- display_status_1(msg, maj_stat, GSS_C_GSS_CODE);
- display_status_1(msg, min_stat, GSS_C_MECH_CODE);
- exit(1);
-}
-
int
main(int argc, char *argv[])
{
OM_uint32 minor, major;
gss_cred_id_t initiator_cred = GSS_C_NO_CREDENTIAL;
- gss_buffer_desc buf;
gss_name_t target_name, initiator_name = GSS_C_NO_NAME;
gss_name_t real_initiator_name;
gss_buffer_desc token, tmp, namebuf;
@@ -84,47 +55,20 @@ main(int argc, char *argv[])
gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
if (argc < 2 || argc > 3) {
- fprintf(stderr, "Usage: %s targetprinc [initiatorprinc|-]\n", argv[0]);
+ fprintf(stderr, "Usage: %s targetname [initiatorname|-]\n", argv[0]);
return 1;
}
- /* Import the target name. */
- if (strncmp(argv[1], "gss:", 4) == 0) {
- /* Import as host-based service. */
- buf.value = argv[1] + 4;
- buf.length = strlen((char *)buf.value);
- major = gss_import_name(&minor, &buf,
- (gss_OID)GSS_C_NT_HOSTBASED_SERVICE,
- &target_name);
- } else {
- /* Import as krb5 principal name. */
- buf.value = argv[1];
- buf.length = strlen((char *)buf.value);
- major = gss_import_name(&minor, &buf,
- (gss_OID)GSS_KRB5_NT_PRINCIPAL_NAME,
- &target_name);
- }
- if (GSS_ERROR(major))
- gsserr("gss_import_name(target_name)", major, minor);
+ target_name = import_name(argv[1]);
- /* Import the initiator name as a krb5 principal and get creds, maybe. */
if (argc >= 3) {
- if (strcmp(argv[2], "-") != 0) {
- buf.value = argv[2];
- buf.length = strlen((char *)buf.value);
- major = gss_import_name(&minor, &buf,
- (gss_OID)GSS_KRB5_NT_PRINCIPAL_NAME,
- &initiator_name);
- if (GSS_ERROR(major))
- gsserr("gss_import_name(initiator_name)", major, minor);
- }
-
- /* Get acceptor cred. */
+ /* Get initiator cred. */
+ if (strcmp(argv[2], "-") != 0)
+ initiator_name = import_name(argv[2]);
major = gss_acquire_cred(&minor, initiator_name, GSS_C_INDEFINITE,
GSS_C_NO_OID_SET, GSS_C_INITIATE,
&initiator_cred, NULL, NULL);
- if (GSS_ERROR(major))
- gsserr("gss_acquire_cred", major, minor);
+ check_gsserr("gss_acquire_cred", major, minor);
}
@@ -136,8 +80,7 @@ main(int argc, char *argv[])
GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
GSS_C_NO_BUFFER, NULL, &token, NULL, NULL);
- if (GSS_ERROR(major))
- gsserr("gss_init_sec_context", major, minor);
+ check_gsserr("gss_init_sec_context", major, minor);
/* Pass the token to gss_accept_sec_context. */
tmp.value = NULL;
@@ -147,14 +90,12 @@ main(int argc, char *argv[])
GSS_C_NO_CHANNEL_BINDINGS,
&real_initiator_name, NULL, &tmp,
NULL, NULL, NULL);
- if (major != GSS_S_COMPLETE)
- gsserr("gss_accept_sec_context", major, minor);
+ check_gsserr("gss_accept_sec_context", major, minor);
namebuf.value = NULL;
namebuf.length = 0;
major = gss_display_name(&minor, real_initiator_name, &namebuf, NULL);
- if (GSS_ERROR(major))
- gsserr("gss_display_name(initiator)", major, minor);
+ check_gsserr("gss_display_name(initiator)", major, minor);
printf("%.*s\n", (int)namebuf.length, (char *)namebuf.value);
(void)gss_release_name(&minor, &target_name);
diff --git a/src/tests/gssapi/t_ccselect.py b/src/tests/gssapi/t_ccselect.py
index 78f307f..6b7bce6 100644
--- a/src/tests/gssapi/t_ccselect.py
+++ b/src/tests/gssapi/t_ccselect.py
@@ -28,16 +28,19 @@ r1 = K5Realm(create_user=False)
r2 = K5Realm(create_user=False, realm='KRBTEST2.COM', portbase=62000,
testdir=os.path.join(r1.testdir, 'r2'))
+host1 = 'p:' + r1.host_princ
+host2 = 'p:' + r2.host_princ
+
# gsserver specifies the target as a GSS name. The resulting
# principal will have the host-based type, but the realm won't be
# known before the client cache is selected (since k5test realms have
# no domain-realm mapping by default).
-gssserver = 'gss:host@' + hostname
+gssserver = 'h:host@' + hostname
# refserver specifies the target as a principal in the referral realm.
# The principal won't be treated as a host principal by the
# .k5identity rules since it has unknown type.
-refserver = 'host/' + hostname + '@'
+refserver = 'p:host/' + hostname + '@'
# Make each realm's keytab contain entries for both realm's servers.
#r1.run_as_client(['/bin/sh', '-c', '(echo rkt %s; echo wkt %s) | %s' %
@@ -47,8 +50,7 @@ refserver = 'host/' + hostname + '@'
# Verify that we can't get initiator creds with no credentials in the
# collection.
-output = r1.run_as_client(['./t_ccselect', r1.host_princ, '-'],
- expected_code=1)
+output = r1.run_as_client(['./t_ccselect', host1, '-'], expected_code=1)
if 'No Kerberos credentials available' not in output:
fail('Expected error not seen in output when no credentials available')
@@ -75,24 +77,24 @@ r1.kinit(alice, password('alice'))
r2.kinit(zaphod, password('zaphod'))
# Check that we can find a cache for a specified client principal.
-output = r1.run_as_client(['./t_ccselect', r1.host_princ, alice])
+output = r1.run_as_client(['./t_ccselect', host1, 'p:' + alice])
if output != (alice + '\n'):
fail('alice not chosen when specified')
-output = r2.run_as_client(['./t_ccselect', r2.host_princ, zaphod])
+output = r2.run_as_client(['./t_ccselect', host2, 'p:' + zaphod])
if output != (zaphod + '\n'):
fail('zaphod not chosen when specified')
# Check that we can guess a cache based on the service realm.
-output = r1.run_as_client(['./t_ccselect', r1.host_princ])
+output = r1.run_as_client(['./t_ccselect', host1])
if output != (alice + '\n'):
fail('alice not chosen as default initiator cred for server in r1')
-output = r1.run_as_client(['./t_ccselect', r1.host_princ, '-'])
+output = r1.run_as_client(['./t_ccselect', host1, '-'])
if output != (alice + '\n'):
fail('alice not chosen as default initiator name for server in r1')
-output = r2.run_as_client(['./t_ccselect', r2.host_princ])
+output = r2.run_as_client(['./t_ccselect', host2])
if output != (zaphod + '\n'):
fail('zaphod not chosen as default initiator cred for server in r1')
-output = r2.run_as_client(['./t_ccselect', r2.host_princ, '-'])
+output = r2.run_as_client(['./t_ccselect', host2, '-'])
if output != (zaphod + '\n'):
fail('zaphod not chosen as default initiator name for server in r1')
@@ -111,7 +113,7 @@ k5id.write('%s realm=%s\n' % (alice, r1.realm))
k5id.write('%s service=ho*t host=%s\n' % (zaphod, hostname))
k5id.write('noprinc service=bogus')
k5id.close()
-output = r1.run_as_client(['./t_ccselect', r1.host_princ])
+output = r1.run_as_client(['./t_ccselect', host1])
if output != (alice + '\n'):
fail('alice not chosen via .k5identity realm line.')
output = r2.run_as_client(['./t_ccselect', gssserver])
@@ -120,7 +122,7 @@ if output != (zaphod + '\n'):
output = r1.run_as_client(['./t_ccselect', refserver])
if output != (bob + '\n'):
fail('bob not chosen via primary cache when no .k5identity line matches.')
-output = r1.run_as_client(['./t_ccselect', 'gss:bogus@' + hostname],
+output = r1.run_as_client(['./t_ccselect', 'h:bogus@' + hostname],
expected_code=1)
if 'Can\'t find client principal noprinc' not in output:
fail('Expected error not seen when k5identity selects bad principal.')
diff --git a/src/tests/gssapi/t_client_keytab.py b/src/tests/gssapi/t_client_keytab.py
index 71cb89e..71566a5 100644
--- a/src/tests/gssapi/t_client_keytab.py
+++ b/src/tests/gssapi/t_client_keytab.py
@@ -5,14 +5,17 @@ from k5test import *
# Point HOME at realm.testdir for tests using .k5identity.
realm = K5Realm(get_creds=False)
bob = 'bob@' + realm.realm
-gssserver = 'gss:host@' + hostname
+phost = 'p:' + realm.host_princ
+puser = 'p:' + realm.user_princ
+pbob = 'p:' + bob
+gssserver = 'h:host@' + hostname
realm.env_client['HOME'] = realm.testdir
realm.addprinc(bob, password('bob'))
realm.extract_keytab(realm.user_princ, realm.client_keytab)
realm.extract_keytab(bob, realm.client_keytab)
# Test 1: no name/cache specified, pick first principal from client keytab
-out = realm.run_as_client(['./t_ccselect', realm.host_princ])
+out = realm.run_as_client(['./t_ccselect', phost])
if realm.user_princ not in out:
fail('Authenticated as wrong principal')
realm.run_as_client([kdestroy])
@@ -30,27 +33,26 @@ realm.run_as_client([kdestroy])
# Test 3: no name/cache specified, default ccache has name but no creds
realm.run_as_client(['./ccinit', realm.ccache, bob])
-out = realm.run_as_client(['./t_ccselect', realm.host_princ])
+out = realm.run_as_client(['./t_ccselect', phost])
if bob not in out:
fail('Authenticated as wrong principal')
# Leave tickets for next test.
# Test 4: name specified, non-collectable default cache doesn't match
-out = realm.run_as_client(['./t_ccselect', realm.host_princ, realm.user_princ],
- expected_code=1)
+out = realm.run_as_client(['./t_ccselect', phost, puser], expected_code=1)
if 'Principal in credential cache does not match desired name' not in out:
fail('Expected error not seen')
realm.run_as_client([kdestroy])
# Test 5: name specified, nonexistent default cache
-out = realm.run_as_client(['./t_ccselect', realm.host_princ, bob])
+out = realm.run_as_client(['./t_ccselect', phost, pbob])
if bob not in out:
fail('Authenticated as wrong principal')
# Leave tickets for next test.
# Test 6: name specified, matches default cache, time to refresh
realm.run_as_client(['./ccrefresh', realm.ccache, '1'])
-out = realm.run_as_client(['./t_ccselect', realm.host_princ, bob])
+out = realm.run_as_client(['./t_ccselect', phost, pbob])
if bob not in out:
fail('Authenticated as wrong principal')
out = realm.run_as_client(['./ccrefresh', realm.ccache])
@@ -59,26 +61,26 @@ if int(out) < 1000:
realm.run_as_client([kdestroy])
# Test 7: empty ccache specified, pick first principal from client keytab
-realm.run_as_client(['./t_imp_cred', realm.host_princ])
+realm.run_as_client(['./t_imp_cred', phost])
realm.klist(realm.user_princ)
realm.run_as_client([kdestroy])
# Test 8: ccache specified with name but no creds; name not in client keytab
realm.run_as_client(['./ccinit', realm.ccache, realm.host_princ])
-out = realm.run_as_client(['./t_imp_cred', realm.host_princ], expected_code=1)
+out = realm.run_as_client(['./t_imp_cred', phost], expected_code=1)
if 'Credential cache is empty' not in out:
fail('Expected error not seen')
realm.run_as_client([kdestroy])
# Test 9: ccache specified with name but no creds; name in client keytab
realm.run_as_client(['./ccinit', realm.ccache, bob])
-realm.run_as_client(['./t_imp_cred', realm.host_princ])
+realm.run_as_client(['./t_imp_cred', phost])
realm.klist(bob)
# Leave tickets for next test.
# Test 10: ccache specified with creds, time to refresh
realm.run_as_client(['./ccrefresh', realm.ccache, '1'])
-realm.run_as_client(['./t_imp_cred', realm.host_princ])
+realm.run_as_client(['./t_imp_cred', phost])
realm.klist(bob)
out = realm.run_as_client(['./ccrefresh', realm.ccache])
if int(out) < 1000:
@@ -94,14 +96,14 @@ realm.env_client['KRB5CCNAME'] = ccname
# Test 11: name specified, matching cache in collection with no creds
bobcache = os.path.join(ccdir, 'tktbob')
realm.run_as_client(['./ccinit', bobcache, bob])
-out = realm.run_as_client(['./t_ccselect', realm.host_princ, bob])
+out = realm.run_as_client(['./t_ccselect', phost, pbob])
if bob not in out:
fail('Authenticated as wrong principal')
# Leave tickets for next test.
# Test 12: name specified, matching cache in collection, time to refresh
realm.run_as_client(['./ccrefresh', bobcache, '1'])
-out = realm.run_as_client(['./t_ccselect', realm.host_princ, bob])
+out = realm.run_as_client(['./t_ccselect', phost, pbob])
if bob not in out:
fail('Authenticated as wrong principal')
out = realm.run_as_client(['./ccrefresh', bobcache])
@@ -111,7 +113,7 @@ realm.run_as_client([kdestroy, '-A'])
# Test 13: name specified, collection has default for different principal
realm.kinit(realm.user_princ, password('user'))
-out = realm.run_as_client(['./t_ccselect', realm.host_princ, bob])
+out = realm.run_as_client(['./t_ccselect', phost, pbob])
if bob not in out:
fail('Authenticated as wrong principal')
out = realm.run_as_client([klist])
@@ -120,7 +122,7 @@ if 'Default principal: %s\n' % realm.user_princ not in out:
realm.run_as_client([kdestroy, '-A'])
# Test 14: name specified, collection has no default cache
-out = realm.run_as_client(['./t_ccselect', realm.host_princ, bob])
+out = realm.run_as_client(['./t_ccselect', phost, pbob])
if bob not in out:
fail('Authenticated as wrong principal')
# Make sure the tickets we acquired didn't become the default
diff --git a/src/tests/gssapi/t_credstore.c b/src/tests/gssapi/t_credstore.c
index 73c11f8..085bc79 100644
--- a/src/tests/gssapi/t_credstore.c
+++ b/src/tests/gssapi/t_credstore.c
@@ -27,41 +27,14 @@
#include <stdlib.h>
#include <string.h>
-#include <gssapi/gssapi_ext.h>
-#include <gssapi/gssapi_krb5.h>
+#include "common.h"
static void
-print_gss_status(int type, OM_uint32 code)
-{
- OM_uint32 major, minor;
- gss_buffer_desc msg;
- OM_uint32 msg_ctx = 0;
-
- do {
- major = gss_display_status(&minor, code, type,
- GSS_C_NULL_OID, &msg_ctx, &msg);
- if (major == 0) {
- fprintf(stdout, "%s. ", (char *)msg.value);
- major = gss_release_buffer(&minor, &msg);
- }
- } while (msg_ctx);
-}
-
-static void
-print_status(char *msg, OM_uint32 major, OM_uint32 minor)
-{
- fprintf(stdout, "%s: ", msg);
- print_gss_status(GSS_C_GSS_CODE, major);
- print_gss_status(GSS_C_MECH_CODE, minor);
- fprintf(stdout, "\n");
-}
-
-static void
-usage(const char *name)
+usage(void)
{
fprintf(stderr,
- "Usage: %s <principal> [--cred_store {<key> <value>} ...]\n",
- name);
+ "Usage: t_credstore principal [--cred_store {key value} ...]\n");
+ exit(1);
}
int
@@ -74,10 +47,8 @@ main(int argc, char *argv[])
gss_cred_id_t cred = GSS_C_NO_CREDENTIAL;
int i, e;
- if (argc < 2 || ((argc - 3) % 2)) {
- usage(argv[0]);
- exit(1);
- }
+ if (argc < 2 || ((argc - 3) % 2))
+ usage();
store.count = (argc - 3) / 2;
store.elements = calloc(store.count,
@@ -88,10 +59,8 @@ main(int argc, char *argv[])
}
if (argc > 2) {
- if (strcmp(argv[2], "--cred_store") != 0) {
- usage(argv[0]);
- exit(1);
- }
+ if (strcmp(argv[2], "--cred_store") != 0)
+ usage();
for (i = 3, e = 0; i < argc; i += 2, e++) {
store.elements[e].key = argv[i];
@@ -104,19 +73,11 @@ main(int argc, char *argv[])
major = gss_acquire_cred(&minor, GSS_C_NO_NAME, 0, GSS_C_NO_OID_SET,
GSS_C_INITIATE, &cred, NULL, NULL);
- if (major) {
- print_status("gss_acquire_cred(default user creds) failed",
- major, minor);
- goto out;
- }
+ check_gsserr("gss_acquire_cred", major, minor);
major = gss_store_cred_into(&minor, cred, GSS_C_INITIATE,
GSS_C_NO_OID, 1, 0, &store, NULL, NULL);
- if (major) {
- print_status("gss_store_cred_in_store(default user creds) failed",
- major, minor);
- goto out;
- }
+ check_gsserr("gss_store_cred_into", major, minor);
gss_release_cred(&minor, &cred);
@@ -128,27 +89,17 @@ main(int argc, char *argv[])
major = gss_import_name(&minor, &buf,
(gss_OID)GSS_KRB5_NT_PRINCIPAL_NAME,
&service);
- if (major) {
- print_status("gss_import_name(principal) failed", major, minor);
- goto out;
- }
+ check_gsserr("gss_import_name", major, minor);
major = gss_acquire_cred_from(&minor, service,
0, GSS_C_NO_OID_SET, GSS_C_BOTH,
&store, &cred, NULL, NULL);
- if (major) {
- print_status("gss_acquire_cred_from_store(principal) failed",
- major, minor);
- goto out;
- }
+ check_gsserr("gss_acquire_cred_from", major, minor);
fprintf(stdout, "Cred Store Success\n");
- major = 0;
-
-out:
gss_release_name(&minor, &service);
gss_release_cred(&minor, &cred);
free(store.elements);
- return major;
+ return 0;
}
diff --git a/src/tests/gssapi/t_export_cred.c b/src/tests/gssapi/t_export_cred.c
index f7ddbc7..6f62eed 100644
--- a/src/tests/gssapi/t_export_cred.c
+++ b/src/tests/gssapi/t_export_cred.c
@@ -25,80 +25,8 @@
#include <stdio.h>
#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <gssapi/gssapi_krb5.h>
-
-static gss_OID_desc mech_krb5 = { 9, "\052\206\110\206\367\022\001\002\002" };
-static gss_OID_desc mech_spnego = { 6, "\053\006\001\005\005\002" };
-static gss_OID_set_desc mechset_krb5 = { 1, &mech_krb5 };
-static gss_OID_set_desc mechset_spnego = { 1, &mech_spnego };
-
-static void
-display_status_1(const char *m, OM_uint32 code, int type)
-{
- OM_uint32 maj_stat, min_stat;
- gss_buffer_desc msg;
- OM_uint32 msg_ctx;
-
- msg_ctx = 0;
- while (1) {
- maj_stat = gss_display_status(&min_stat, code,
- type, GSS_C_NULL_OID,
- &msg_ctx, &msg);
- fprintf(stderr, "%s: %s\n", m, (char *)msg.value);
- (void) gss_release_buffer(&min_stat, &msg);
-
- if (!msg_ctx)
- break;
- }
-}
-
-/* If maj_stat indicates an error, display an error message (containing msg)
- * and exit. */
-static void
-check_gsserr(const char *msg, OM_uint32 maj_stat, OM_uint32 min_stat)
-{
- if (GSS_ERROR(maj_stat)) {
- display_status_1(msg, maj_stat, GSS_C_GSS_CODE);
- display_status_1(msg, min_stat, GSS_C_MECH_CODE);
- exit(1);
- }
-}
-
-/* Display an error message and exit. */
-static void
-errout(const char *msg)
-{
- fprintf(stderr, "%s\n", msg);
- exit(1);
-}
-
-/* Import a GSSAPI name based on a string of the form 'u:username',
- * 'p:principalname', or 'h:host at service' (or just 'h:service'). */
-static gss_name_t
-import_name(const char *str)
-{
- OM_uint32 major, minor;
- gss_name_t name;
- gss_buffer_desc buf;
- gss_OID nametype = NULL;
-
- if (*str == 'u')
- nametype = GSS_C_NT_USER_NAME;
- else if (*str == 'p')
- nametype = (gss_OID)GSS_KRB5_NT_PRINCIPAL_NAME;
- else if (*str == 'h')
- nametype = GSS_C_NT_HOSTBASED_SERVICE;
- if (nametype == NULL || str[1] != ':')
- errout("names must begin with u: or p: or h:");
- buf.value = (char *)str + 2;
- buf.length = strlen(str) - 2;
- major = gss_import_name(&minor, &buf, nametype, &name);
- check_gsserr("gss_import_name", major, minor);
- return name;
-}
+#include "common.h"
/* Display a usage error message and exit. */
static void
diff --git a/src/tests/gssapi/t_export_name.c b/src/tests/gssapi/t_export_name.c
index d765e28..676ac54 100644
--- a/src/tests/gssapi/t_export_name.c
+++ b/src/tests/gssapi/t_export_name.c
@@ -41,55 +41,12 @@
#include <stdlib.h>
#include <string.h>
-#include <gssapi/gssapi_krb5.h>
-
-static gss_OID_desc spnego_mech = { 6, "\053\006\001\005\005\002" };
-
-static void
-display_status_1(const char *m, OM_uint32 code, int type)
-{
- OM_uint32 maj_stat, min_stat;
- gss_buffer_desc msg;
- OM_uint32 msg_ctx;
-
- msg_ctx = 0;
- while (1) {
- maj_stat = gss_display_status(&min_stat, code,
- type, GSS_C_NULL_OID,
- &msg_ctx, &msg);
- fprintf(stderr, "%s: %s\n", m, (char *)msg.value);
- (void) gss_release_buffer(&min_stat, &msg);
-
- if (!msg_ctx)
- break;
- }
-}
+#include "common.h"
static void
-gsserr(const char *msg, OM_uint32 maj_stat, OM_uint32 min_stat)
+usage(void)
{
- display_status_1(msg, maj_stat, GSS_C_GSS_CODE);
- display_status_1(msg, min_stat, GSS_C_MECH_CODE);
- exit(1);
-}
-
-static void
-print_hex(FILE *fp, gss_buffer_t buf)
-{
- size_t i;
- const unsigned char *bytes = buf->value;
-
- for (i = 0; i < buf->length; i++)
- printf("%02X", bytes[i]);
- printf("\n");
-}
-
-static void
-usage(const char *progname)
-{
- fprintf(stderr,
- "Usage: %s [-k|-s] user:username|krb5:princ|gss:service at host\n",
- progname);
+ fprintf(stderr, "Usage: t_export_name [-k|-s] name\n");
exit(1);
}
@@ -97,60 +54,41 @@ int
main(int argc, char *argv[])
{
OM_uint32 minor, major;
- gss_OID mech = (gss_OID)gss_mech_krb5, nametype = NULL;
+ gss_OID mech = (gss_OID)gss_mech_krb5;
gss_name_t name, mechname, impname;
gss_buffer_desc buf, buf2;
- const char *name_arg, *progname = argv[0];
+ const char *name_arg;
char opt;
+ /* Parse arguments. */
while (argc > 1 && argv[1][0] == '-') {
opt = argv[1][1];
argc--, argv++;
if (opt == 'k')
- mech = (gss_OID)gss_mech_krb5;
+ mech = &mech_krb5;
else if (opt == 's')
- mech = &spnego_mech;
+ mech = &mech_spnego;
else
- usage(progname);
+ usage();
}
if (argc != 2)
- usage(progname);
+ usage();
name_arg = argv[1];
/* Import the name. */
- if (strncmp(name_arg, "user:", 5) == 0) {
- nametype = GSS_C_NT_USER_NAME;
- name_arg += 5;
- } else if (strncmp(name_arg, "krb5:", 5) == 0) {
- nametype = (gss_OID)GSS_KRB5_NT_PRINCIPAL_NAME;
- name_arg += 5;
- } else if (strncmp(name_arg, "host:", 5) == 0) {
- nametype = GSS_C_NT_HOSTBASED_SERVICE;
- name_arg += 5;
- } else {
- usage(progname);
- }
- buf.value = (char *)name_arg;
- buf.length = strlen(name_arg);
- major = gss_import_name(&minor, &buf, nametype, &name);
- if (GSS_ERROR(major))
- gsserr("gss_import_name", major, minor);
+ name = import_name(name_arg);
/* Canonicalize and export the name. */
major = gss_canonicalize_name(&minor, name, mech, &mechname);
- if (GSS_ERROR(major))
- gsserr("gss_canonicalize_name", major, minor);
+ check_gsserr("gss_canonicalize_name", major, minor);
major = gss_export_name(&minor, mechname, &buf);
- if (GSS_ERROR(major))
- gsserr("gss_export_name", major, minor);
+ check_gsserr("gss_export_name", major, minor);
/* Import and re-export the name, and compare the results. */
major = gss_import_name(&minor, &buf, GSS_C_NT_EXPORT_NAME, &impname);
- if (GSS_ERROR(major))
- gsserr("gss_export_name", major, minor);
+ check_gsserr("gss_export_name", major, minor);
major = gss_export_name(&minor, impname, &buf2);
- if (GSS_ERROR(major))
- gsserr("gss_export_name", major, minor);
+ check_gsserr("gss_export_name", major, minor);
if (buf.length != buf2.length ||
memcmp(buf.value, buf2.value, buf.length) != 0) {
fprintf(stderr, "Mismatched results:\n");
diff --git a/src/tests/gssapi/t_gssapi.py b/src/tests/gssapi/t_gssapi.py
index d3dd881..b21380f 100755
--- a/src/tests/gssapi/t_gssapi.py
+++ b/src/tests/gssapi/t_gssapi.py
@@ -3,7 +3,7 @@ from k5test import *
# Test krb5 negotiation under SPNEGO for all enctype configurations.
for realm in multipass_realms():
- realm.run_as_client(['./t_spnego', realm.host_princ, realm.keytab])
+ realm.run_as_client(['./t_spnego','p:' + realm.host_princ, realm.keytab])
### Test acceptor name behavior.
@@ -24,16 +24,16 @@ realm.run_kadminl('renprinc -force service1/abraham service1/andrew')
# Test with no acceptor name, including client/keytab principal
# mismatch (non-fatal) and missing keytab entry (fatal).
-output = realm.run_as_client(['./t_accname', 'service1/andrew'])
+output = realm.run_as_client(['./t_accname', 'p:service1/andrew'])
if 'service1/abraham' not in output:
fail('Expected service1/abraham in t_accname output')
-output = realm.run_as_client(['./t_accname', 'service1/barack'])
+output = realm.run_as_client(['./t_accname', 'p:service1/barack'])
if 'service1/barack' not in output:
fail('Expected service1/barack in t_accname output')
-output = realm.run_as_client(['./t_accname', 'service2/calvin'])
+output = realm.run_as_client(['./t_accname', 'p:service2/calvin'])
if 'service2/calvin' not in output:
fail('Expected service1/barack in t_accname output')
-output = realm.run_as_client(['./t_accname', 'service2/dwight'],
+output = realm.run_as_client(['./t_accname', 'p:service2/dwight'],
expected_code=1)
if 'Wrong principal in request' not in output:
fail('Expected error message not seen in t_accname output')
@@ -41,39 +41,41 @@ if 'Wrong principal in request' not in output:
# Test with acceptor name containing service only, including
# client/keytab hostname mismatch (non-fatal) and service name
# mismatch (fatal).
-output = realm.run_as_client(['./t_accname', 'service1/andrew', 'service1'])
+output = realm.run_as_client(['./t_accname', 'p:service1/andrew',
+ 'h:service1'])
if 'service1/abraham' not in output:
fail('Expected service1/abraham in t_accname output')
-output = realm.run_as_client(['./t_accname', 'service1/andrew', 'service2'],
- expected_code=1)
+output = realm.run_as_client(['./t_accname', 'p:service1/andrew',
+ 'h:service2'], expected_code=1)
if 'Wrong principal in request' not in output:
fail('Expected error message not seen in t_accname output')
-output = realm.run_as_client(['./t_accname', 'service2/calvin', 'service2'])
+output = realm.run_as_client(['./t_accname', 'p:service2/calvin',
+ 'h:service2'])
if 'service2/calvin' not in output:
fail('Expected service2/calvin in t_accname output')
-output = realm.run_as_client(['./t_accname', 'service2/calvin', 'service1'],
- expected_code=1)
+output = realm.run_as_client(['./t_accname', 'p:service2/calvin',
+ 'h:service1'], expected_code=1)
if 'Wrong principal in request' not in output:
fail('Expected error message not seen in t_accname output')
# Test with acceptor name containing service and host. Use the
# client's un-canonicalized hostname as acceptor input to mirror what
# many servers do.
-output = realm.run_as_client(['./t_accname', realm.host_princ,
- 'host@%s' % socket.gethostname()])
+output = realm.run_as_client(['./t_accname', 'p:' + realm.host_princ,
+ 'h:host@%s' % socket.gethostname()])
if realm.host_princ not in output:
fail('Expected %s in t_accname output' % realm.host_princ)
-output = realm.run_as_client(['./t_accname', 'host/-nomatch-',
- 'host@%s' % socket.gethostname()],
+output = realm.run_as_client(['./t_accname', 'p:host/-nomatch-',
+ 'h:host@%s' % socket.gethostname()],
expected_code=1)
if 'Wrong principal in request' not in output:
fail('Expected error message not seen in t_accname output')
# Test krb5_gss_import_cred.
-realm.run_as_client(['./t_imp_cred', 'service1/barack'])
-realm.run_as_client(['./t_imp_cred', 'service1/barack', 'service1/barack'])
-realm.run_as_client(['./t_imp_cred', 'service1/andrew', 'service1/abraham'])
-output = realm.run_as_client(['./t_imp_cred', 'service2/dwight'],
+realm.run_as_client(['./t_imp_cred', 'p:service1/barack'])
+realm.run_as_client(['./t_imp_cred', 'p:service1/barack', 'service1/barack'])
+realm.run_as_client(['./t_imp_cred', 'p:service1/andrew', 'service1/abraham'])
+output = realm.run_as_client(['./t_imp_cred', 'p:service2/dwight'],
expected_code=1)
if 'Wrong principal in request' not in output:
fail('Expected error message not seen in t_imp_cred output')
@@ -94,7 +96,7 @@ if 'Cred Store Success' not in output:
# Verify that we can't acquire acceptor creds without a keytab.
os.remove(realm.keytab)
-output = realm.run_as_client(['./t_accname', 'abc'], expected_code=1)
+output = realm.run_as_client(['./t_accname', 'p:abc'], expected_code=1)
if ('gss_acquire_cred: Keytab' not in output or
'nonexistent or empty' not in output):
fail('Expected error message not seen for nonexistent keytab')
@@ -108,8 +110,8 @@ ignore_conf = { 'all' : { 'libdefaults' : {
realm = K5Realm(krb5_conf=ignore_conf)
realm.run_kadminl('addprinc -randkey host/-nomatch-')
realm.run_kadminl('xst host/-nomatch-')
-output = realm.run_as_client(['./t_accname', 'host/-nomatch-',
- 'host@%s' % socket.gethostname()])
+output = realm.run_as_client(['./t_accname', 'p:host/-nomatch-',
+ 'h:host@%s' % socket.gethostname()])
if 'host/-nomatch-' not in output:
fail('Expected host/-nomatch- in t_accname output')
@@ -157,16 +159,16 @@ if realm.host_princ not in output:
fail('Expected %s in t_inq_cred output' % realm.host_princ)
# Test gss_export_name behavior.
-out = realm.run_as_client(['./t_export_name', 'user:x'])
+out = realm.run_as_client(['./t_export_name', 'u:x'])
if out != '0401000B06092A864886F7120102020000000D78404B5242544553542E434F4D\n':
fail('Unexpected output from t_export_name (krb5 username)')
-output = realm.run_as_client(['./t_export_name', '-s', 'user:xyz'])
+output = realm.run_as_client(['./t_export_name', '-s', 'u:xyz'])
if output != '0401000806062B06010505020000000378797A\n':
fail('Unexpected output from t_export_name (SPNEGO username)')
-output = realm.run_as_client(['./t_export_name', 'krb5:a at b'])
+output = realm.run_as_client(['./t_export_name', 'p:a at b'])
if output != '0401000B06092A864886F71201020200000003614062\n':
fail('Unexpected output from t_export_name (krb5 principal)')
-output = realm.run_as_client(['./t_export_name', '-s', 'krb5:a at b'])
+output = realm.run_as_client(['./t_export_name', '-s', 'p:a at b'])
if output != '0401000806062B060105050200000003614062\n':
fail('Unexpected output from t_export_name (SPNEGO krb5 principal)')
diff --git a/src/tests/gssapi/t_gssexts.c b/src/tests/gssapi/t_gssexts.c
index 059f633..d008c08 100644
--- a/src/tests/gssapi/t_gssexts.c
+++ b/src/tests/gssapi/t_gssexts.c
@@ -27,7 +27,7 @@
#include <stdlib.h>
#include <string.h>
-#include <gssapi/gssapi_krb5.h>
+#include "common.h"
/*
* Test program for protocol transition (S4U2Self) and constrained delegation
@@ -53,94 +53,17 @@
* Usage eg:
*
* kinit -k -t test.keytab -f 'host/test.win.mit.edu at WIN.MIT.EDU'
- * ./t_s4u delegtest at WIN.MIT.EDU HOST/WIN-EQ7E4AA2WR8.win.mit.edu at WIN.MIT.EDU test.keytab
+ * ./t_s4u p:delegtest at WIN.MIT.EDU p:HOST/WIN-EQ7E4AA2WR8.win.mit.edu at WIN.MIT.EDU test.keytab
*/
-static gss_OID_desc spnego_mech = { 6, "\053\006\001\005\005\002" };
-
static int use_spnego = 0;
static void
-displayStatus_1(char *m, OM_uint32 code, int type)
-{
- OM_uint32 maj_stat, min_stat;
- gss_buffer_desc msg;
- OM_uint32 msg_ctx;
-
- msg_ctx = 0;
- while (1) {
- maj_stat = gss_display_status(&min_stat, code,
- type, GSS_C_NULL_OID,
- &msg_ctx, &msg);
- fprintf(stderr, "%s: %s\n", m, (char *)msg.value);
- (void) gss_release_buffer(&min_stat, &msg);
-
- if (!msg_ctx)
- break;
- }
-}
-
-static void
-displayStatus(char *msg, OM_uint32 maj_stat, OM_uint32 min_stat)
-{
- displayStatus_1(msg, maj_stat, GSS_C_GSS_CODE);
- displayStatus_1(msg, min_stat, GSS_C_MECH_CODE);
-}
-
-static OM_uint32
-displayCanonName(OM_uint32 *minor, gss_name_t name, char *tag)
-{
- gss_name_t canon;
- OM_uint32 major, tmp_minor;
- gss_buffer_desc buf;
-
- major = gss_canonicalize_name(minor, name,
- (gss_OID)gss_mech_krb5, &canon);
- if (GSS_ERROR(major)) {
- displayStatus("gss_canonicalize_name", major, *minor);
- return major;
- }
-
- major = gss_display_name(minor, canon, &buf, NULL);
- if (GSS_ERROR(major)) {
- displayStatus("gss_display_name", major, *minor);
- gss_release_name(&tmp_minor, &canon);
- return major;
- }
-
- printf("%s:\t%s\n", tag, (char *)buf.value);
-
- gss_release_buffer(&tmp_minor, &buf);
- gss_release_name(&tmp_minor, &canon);
-
- return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-displayOID(OM_uint32 *minor, gss_OID oid, char *tag)
-{
- OM_uint32 major, tmp_minor;
- gss_buffer_desc buf;
-
- major = gss_oid_to_str(minor, oid, &buf);
- if (GSS_ERROR(major)) {
- displayStatus("gss_oid_to_str", major, *minor);
- return major;
- }
-
- printf("%s:\t%s\n", tag, (char *)buf.value);
-
- gss_release_buffer(&tmp_minor, &buf);
-
- return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-testPrf(OM_uint32 *minor, gss_ctx_id_t initiatorContext,
- gss_ctx_id_t acceptorContext, int flags)
+test_prf(gss_ctx_id_t initiatorContext, gss_ctx_id_t acceptorContext,
+ int flags)
{
gss_buffer_desc constant;
- OM_uint32 major, tmp_minor;
+ OM_uint32 major, minor;
unsigned int i;
gss_buffer_desc initiatorPrf;
gss_buffer_desc acceptorPrf;
@@ -151,207 +74,124 @@ testPrf(OM_uint32 *minor, gss_ctx_id_t initiatorContext,
initiatorPrf.value = NULL;
acceptorPrf.value = NULL;
- major = gss_pseudo_random(minor, initiatorContext, flags,
- &constant, 19, &initiatorPrf);
- if (GSS_ERROR(major)) {
- displayStatus("gss_pseudo_random", major, *minor);
- return major;
- }
+ major = gss_pseudo_random(&minor, initiatorContext, flags, &constant, 19,
+ &initiatorPrf);
+ check_gsserr("gss_pseudo_random", major, minor);
printf("%s\n", flags == GSS_C_PRF_KEY_FULL ?
"PRF_KEY_FULL" : "PRF_KEY_PARTIAL");
printf("Initiator PRF: ");
- for (i = 0; i < initiatorPrf.length; i++) {
+ for (i = 0; i < initiatorPrf.length; i++)
printf("%02x ", ((char *)initiatorPrf.value)[i] & 0xFF);
- }
printf("\n");
- major = gss_pseudo_random(minor, acceptorContext, flags,
- &constant, 19, &acceptorPrf);
- if (GSS_ERROR(major)) {
- displayStatus("gss_pseudo_random", major, *minor);
- gss_release_buffer(&tmp_minor, &initiatorPrf);
- return major;
- }
+ major = gss_pseudo_random(&minor, acceptorContext, flags, &constant, 19,
+ &acceptorPrf);
+ check_gsserr("gss_pseudo_random", major, minor);
printf("Acceptor PRF: ");
- for (i = 0; i < acceptorPrf.length; i++) {
+ for (i = 0; i < acceptorPrf.length; i++)
printf("%02x ", ((char *)acceptorPrf.value)[i] & 0xFF);
- }
printf("\n");
if (acceptorPrf.length != initiatorPrf.length ||
memcmp(acceptorPrf.value, initiatorPrf.value, initiatorPrf.length)) {
fprintf(stderr, "Initiator and acceptor PRF output does not match\n");
- major = GSS_S_FAILURE;
+ exit(1);
}
- gss_release_buffer(&tmp_minor, &initiatorPrf);
- gss_release_buffer(&tmp_minor, &acceptorPrf);
-
- return major;
+ (void)gss_release_buffer(&minor, &initiatorPrf);
+ (void)gss_release_buffer(&minor, &acceptorPrf);
}
-static OM_uint32
-initAcceptSecContext(OM_uint32 *minor, gss_cred_id_t claimant_cred_handle,
- gss_cred_id_t verifier_cred_handle,
- gss_cred_id_t *deleg_cred_handle)
+static void
+init_accept_sec_context(gss_cred_id_t claimant_cred_handle,
+ gss_cred_id_t verifier_cred_handle,
+ gss_cred_id_t *deleg_cred_handle)
{
- OM_uint32 major, tmp_minor;
- gss_buffer_desc token, tmp;
+ OM_uint32 major, minor;
+ gss_buffer_desc token = GSS_C_EMPTY_BUFFER, tmp = GSS_C_EMPTY_BUFFER;
+ gss_name_t source_name = GSS_C_NO_NAME, target_name = GSS_C_NO_NAME;
gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
- gss_name_t source_name = GSS_C_NO_NAME;
- gss_name_t target_name = GSS_C_NO_NAME;
OM_uint32 time_rec;
- gss_OID mech = GSS_C_NO_OID;
-
- token.value = NULL;
- token.length = 0;
-
- tmp.value = NULL;
- tmp.length = 0;
+ gss_OID mech;
*deleg_cred_handle = GSS_C_NO_CREDENTIAL;
- major = gss_inquire_cred(minor, verifier_cred_handle,
- &target_name, NULL, NULL, NULL);
- if (GSS_ERROR(major)) {
- displayStatus("gss_inquire_cred", major, *minor);
- return major;
- }
-
- displayCanonName(minor, target_name, "Target name");
+ major = gss_inquire_cred(&minor, verifier_cred_handle, &target_name, NULL,
+ NULL, NULL);
+ check_gsserr("gss_inquire_cred", major, minor);
+ display_canon_name("Target name", target_name, &mech_krb5);
- mech = use_spnego ? (gss_OID)&spnego_mech : (gss_OID)gss_mech_krb5;
- displayOID(minor, mech, "Target mech");
+ mech = use_spnego ? &mech_spnego : &mech_krb5;
+ display_oid("Target mech", mech);
- major = gss_init_sec_context(minor,
- claimant_cred_handle,
- &initiator_context,
- target_name,
- mech,
+ major = gss_init_sec_context(&minor, claimant_cred_handle,
+ &initiator_context, target_name, mech,
GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
- GSS_C_INDEFINITE,
- GSS_C_NO_CHANNEL_BINDINGS,
- GSS_C_NO_BUFFER,
- NULL,
- &token,
- NULL,
+ GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
+ GSS_C_NO_BUFFER, NULL, &token, NULL,
&time_rec);
+ (void)gss_release_name(&minor, &target_name);
+ check_gsserr("gss_init_sec_context", major, minor);
- if (target_name != GSS_C_NO_NAME)
- (void) gss_release_name(&tmp_minor, &target_name);
-
- if (GSS_ERROR(major)) {
- displayStatus("gss_init_sec_context", major, *minor);
- return major;
- }
-
- mech = GSS_C_NO_OID;
-
- major = gss_accept_sec_context(minor,
- &acceptor_context,
- verifier_cred_handle,
- &token,
- GSS_C_NO_CHANNEL_BINDINGS,
- &source_name,
- &mech,
- &tmp,
- NULL,
- &time_rec,
+ major = gss_accept_sec_context(&minor, &acceptor_context,
+ verifier_cred_handle, &token,
+ GSS_C_NO_CHANNEL_BINDINGS, &source_name,
+ NULL, &tmp, NULL, &time_rec,
deleg_cred_handle);
+ check_gsserr("gss_accept_sec_context", major, minor);
- if (GSS_ERROR(major))
- displayStatus("gss_accept_sec_context", major, *minor);
- else {
- testPrf(minor, initiator_context, acceptor_context, GSS_C_PRF_KEY_FULL);
- testPrf(minor, initiator_context, acceptor_context, GSS_C_PRF_KEY_PARTIAL);
- }
-
- (void) gss_release_name(&tmp_minor, &source_name);
- (void) gss_delete_sec_context(&tmp_minor, &acceptor_context, NULL);
- (void) gss_delete_sec_context(minor, &initiator_context, NULL);
- (void) gss_release_buffer(&tmp_minor, &token);
- (void) gss_release_buffer(&tmp_minor, &tmp);
- (void) gss_release_oid(&tmp_minor, &mech);
+ test_prf(initiator_context, acceptor_context, GSS_C_PRF_KEY_FULL);
+ test_prf(initiator_context, acceptor_context, GSS_C_PRF_KEY_PARTIAL);
- return major;
+ (void)gss_release_name(&minor, &source_name);
+ (void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
+ (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
+ (void)gss_release_buffer(&minor, &token);
+ (void)gss_release_buffer(&minor, &tmp);
}
-static OM_uint32
-getDefaultCred(OM_uint32 *minor, const char *keytab_name, gss_OID_set mechs,
- gss_cred_id_t *impersonator_cred_handle)
+static void
+get_default_cred(const char *keytab_name, gss_OID_set mechs,
+ gss_cred_id_t *impersonator_cred_handle)
{
- OM_uint32 major = GSS_S_FAILURE, tmp_minor;
-
- if (keytab_name) {
- krb5_error_code code;
- krb5_context context = NULL;
- krb5_keytab keytab = NULL;
- krb5_principal keytab_principal = NULL;
- krb5_ccache ccache = NULL;
-
- code = krb5_init_context(&context);
- if (code) {
- displayStatus("krb5_init_context", major, code);
- return major;
- }
-
- code = krb5_kt_resolve(context, keytab_name, &keytab);
- if (code) {
- displayStatus("krb5_kt_resolve", major, code);
- goto out;
- }
-
- code = krb5_cc_default(context, &ccache);
- if (code) {
- displayStatus("krb5_cc_default", major, code);
- goto out;
- }
-
- code = krb5_cc_get_principal(context, ccache, &keytab_principal);
- if (code) {
- displayStatus("krb5_cc_get_principal", major, code);
- goto out;
- }
-
- major = gss_krb5_import_cred(minor,
- ccache,
- keytab_principal,
- keytab,
+ OM_uint32 major = GSS_S_FAILURE, minor;
+ krb5_error_code ret;
+ krb5_context context = NULL;
+ krb5_keytab keytab = NULL;
+ krb5_principal keytab_principal = NULL;
+ krb5_ccache ccache = NULL;
+
+ if (keytab_name != NULL) {
+ ret = krb5_init_context(&context);
+ check_k5err(context, "krb5_init_context", ret);
+
+ ret = krb5_kt_resolve(context, keytab_name, &keytab);
+ check_k5err(context, "krb5_kt_resolve", ret);
+
+ ret = krb5_cc_default(context, &ccache);
+ check_k5err(context, "krb5_cc_default", ret);
+
+ ret = krb5_cc_get_principal(context, ccache, &keytab_principal);
+ check_k5err(context, "krb5_cc_get_principal", ret);
+
+ major = gss_krb5_import_cred(&minor, ccache, keytab_principal, keytab,
impersonator_cred_handle);
- if (GSS_ERROR(major)) {
- displayStatus("gss_krb5_import_cred", major, *minor);
- goto out;
- }
-
- out:
- if (code)
- *minor = code;
+ check_gsserr("gss_krb5_import_cred", major, minor);
+
krb5_free_principal(context, keytab_principal);
krb5_cc_close(context, ccache);
krb5_kt_close(context, keytab);
krb5_free_context(context);
} else {
- gss_OID_set actual_mechs = GSS_C_NO_OID_SET;
-
- major = gss_acquire_cred(minor,
- GSS_C_NO_NAME,
- GSS_C_INDEFINITE,
- mechs,
- GSS_C_BOTH,
- impersonator_cred_handle,
- &actual_mechs,
- NULL);
- if (GSS_ERROR(major)) {
- displayStatus("gss_acquire_cred", major, *minor);
- }
- (void) gss_release_oid_set(&tmp_minor, &actual_mechs);
+ major = gss_acquire_cred(&minor, GSS_C_NO_NAME, GSS_C_INDEFINITE,
+ mechs, GSS_C_BOTH, impersonator_cred_handle,
+ NULL, NULL);
+ check_gsserr("gss_acquire_cred", major, minor);
}
-
- return major;
}
int
@@ -362,9 +202,7 @@ main(int argc, char *argv[])
gss_cred_id_t user_cred_handle = GSS_C_NO_CREDENTIAL;
gss_cred_id_t delegated_cred_handle = GSS_C_NO_CREDENTIAL;
gss_name_t user = GSS_C_NO_NAME, target = GSS_C_NO_NAME;
- gss_OID_set_desc mechs;
- gss_OID_set actual_mechs = GSS_C_NO_OID_SET;
- gss_buffer_desc buf;
+ gss_OID_set mechs, actual_mechs = GSS_C_NO_OID_SET;
uid_t uid;
if (argc < 2 || argc > 5) {
@@ -380,93 +218,45 @@ main(int argc, char *argv[])
argv++;
}
- buf.value = argv[1];
- buf.length = strlen((char *)buf.value);
-
- major = gss_import_name(&minor, &buf,
- (gss_OID)GSS_KRB5_NT_PRINCIPAL_NAME,
- &user);
+ user = import_name(argv[1]);
major = gss_pname_to_uid(&minor, user, NULL, &uid);
- if (GSS_ERROR(major)) {
- displayStatus("gss_pname_to_uid(user)", major, minor);
- goto out;
- }
+ check_gsserr("gss_pname_to_uid(user)", major, minor);
- if (argc > 2 && strcmp(argv[2], "-")) {
- buf.value = argv[2];
- buf.length = strlen((char *)buf.value);
-
- major = gss_import_name(&minor, &buf,
- (gss_OID)GSS_KRB5_NT_PRINCIPAL_NAME,
- &target);
- if (GSS_ERROR(major)) {
- displayStatus("gss_import_name(target)", major, minor);
- goto out;
- }
- } else {
- target = GSS_C_NO_NAME;
- }
+ if (argc > 2 && strcmp(argv[2], "-") != 0)
+ target = import_name(argv[2]);
- mechs.elements = use_spnego ? (gss_OID)&spnego_mech :
- (gss_OID)gss_mech_krb5;
- mechs.count = 1;
+ mechs = use_spnego ? &mechset_spnego : &mechset_krb5;
- major = getDefaultCred(&minor,
- argc > 3 ? argv[3] : NULL,
- &mechs,
- &impersonator_cred_handle);
- if (GSS_ERROR(major))
- goto out;
+ get_default_cred((argc > 3) ? argv[3] : NULL, mechs,
+ &impersonator_cred_handle);
printf("Protocol transition tests follow\n");
printf("-----------------------------------\n\n");
/* get S4U2Self cred */
- major = gss_acquire_cred_impersonate_name(&minor,
- impersonator_cred_handle,
- user,
- GSS_C_INDEFINITE,
- &mechs,
+ major = gss_acquire_cred_impersonate_name(&minor, impersonator_cred_handle,
+ user, GSS_C_INDEFINITE, mechs,
GSS_C_INITIATE,
- &user_cred_handle,
- &actual_mechs,
+ &user_cred_handle, &actual_mechs,
NULL);
- if (GSS_ERROR(major)) {
- displayStatus("gss_acquire_cred_impersonate_name", major, minor);
- goto out;
- }
+ check_gsserr("gss_acquire_cred_impersonate_name", major, minor);
/* Try to store it in default ccache */
- major = gss_store_cred(&minor,
- user_cred_handle,
- GSS_C_INITIATE,
- &mechs.elements[0],
- 1,
- 1,
- NULL,
- NULL);
- if (GSS_ERROR(major)) {
- displayStatus("gss_store_cred", major, minor);
- goto out;
- }
+ major = gss_store_cred(&minor, user_cred_handle, GSS_C_INITIATE,
+ &mechs->elements[0], 1, 1, NULL, NULL);
+ check_gsserr("gss_store_cred", major, minor);
- major = initAcceptSecContext(&minor,
- user_cred_handle,
- impersonator_cred_handle,
- &delegated_cred_handle);
- if (GSS_ERROR(major))
- goto out;
+ init_accept_sec_context(user_cred_handle, impersonator_cred_handle,
+ &delegated_cred_handle);
printf("\n");
-out:
- (void) gss_release_name(&minor, &user);
- (void) gss_release_name(&minor, &target);
- (void) gss_release_cred(&minor, &delegated_cred_handle);
- (void) gss_release_cred(&minor, &impersonator_cred_handle);
- (void) gss_release_cred(&minor, &user_cred_handle);
- (void) gss_release_oid_set(&minor, &actual_mechs);
-
- return GSS_ERROR(major) ? 1 : 0;
+ (void)gss_release_name(&minor, &user);
+ (void)gss_release_name(&minor, &target);
+ (void)gss_release_cred(&minor, &delegated_cred_handle);
+ (void)gss_release_cred(&minor, &impersonator_cred_handle);
+ (void)gss_release_cred(&minor, &user_cred_handle);
+ (void)gss_release_oid_set(&minor, &actual_mechs);
+ return 0;
}
diff --git a/src/tests/gssapi/t_imp_cred.c b/src/tests/gssapi/t_imp_cred.c
index 2818b22..8e00dae 100644
--- a/src/tests/gssapi/t_imp_cred.c
+++ b/src/tests/gssapi/t_imp_cred.c
@@ -39,102 +39,51 @@
#include "k5-platform.h"
#include <krb5.h>
-#include <gssapi/gssapi_krb5.h>
-static void
-display_status(const char *m, OM_uint32 code, int type)
-{
- OM_uint32 maj_stat, min_stat;
- gss_buffer_desc msg;
- OM_uint32 msg_ctx;
-
- msg_ctx = 0;
- while (1) {
- maj_stat = gss_display_status(&min_stat, code,
- type, GSS_C_NULL_OID,
- &msg_ctx, &msg);
- fprintf(stderr, "%s: %s\n", m, (char *)msg.value);
- (void) gss_release_buffer(&min_stat, &msg);
-
- if (!msg_ctx)
- break;
- }
-}
-
-static void
-exit_gsserr(const char *msg, OM_uint32 maj_stat, OM_uint32 min_stat)
-{
- display_status(msg, maj_stat, GSS_C_GSS_CODE);
- display_status(msg, min_stat, GSS_C_MECH_CODE);
- exit(1);
-}
-
-static void
-exit_kerr(krb5_context context, const char *msg, krb5_error_code code)
-{
- const char *errmsg;
-
- errmsg = krb5_get_error_message(context, code);
- printf("%s: %s\n", msg, errmsg);
- krb5_free_error_message(context, errmsg);
- exit(1);
-}
+#include "common.h"
int
main(int argc, char *argv[])
{
OM_uint32 minor, major;
gss_cred_id_t initiator_cred, acceptor_cred;
- gss_buffer_desc buf, token, tmp;
+ gss_buffer_desc token, tmp;
gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
gss_name_t target_name;
- krb5_context context;
+ krb5_context context = NULL;
krb5_ccache cc;
krb5_keytab kt;
krb5_principal princ = NULL;
krb5_error_code ret;
if (argc < 2 || argc > 3) {
- fprintf(stderr, "Usage: %s targetprinc [acceptorprinc]\n", argv[0]);
+ fprintf(stderr, "Usage: %s targetname [acceptorprinc]\n", argv[0]);
return 1;
}
- /* Import the target name as a krb5 principal name. */
- buf.value = argv[1];
- buf.length = strlen((char *)buf.value);
- major = gss_import_name(&minor, &buf, (gss_OID)GSS_KRB5_NT_PRINCIPAL_NAME,
- &target_name);
- if (GSS_ERROR(major)) {
- display_status("gss_import_name", major, minor);
- return 1;
- }
+ /* Import the target name. */
+ target_name = import_name(argv[1]);
/* Acquire the krb5 objects we need. */
ret = krb5_init_context(&context);
- if (ret)
- exit_kerr(NULL, "krb5_init_context", ret);
+ check_k5err(context, "krb5_init_context", ret);
ret = krb5_cc_default(context, &cc);
- if (ret)
- exit_kerr(context, "krb5_cc_default", ret);
+ check_k5err(context, "krb5_cc_default", ret);
ret = krb5_kt_default(context, &kt);
- if (ret)
- exit_kerr(context, "krb5_kt_default", ret);
+ check_k5err(context, "krb5_kt_default", ret);
if (argc >= 3) {
ret = krb5_parse_name(context, argv[2], &princ);
- if (ret)
- exit_kerr(context, "krb5_parse_name", ret);
+ check_k5err(context, "krb5_parse_name", ret);
}
/* Get initiator cred. */
major = gss_krb5_import_cred(&minor, cc, NULL, NULL, &initiator_cred);
- if (GSS_ERROR(major))
- exit_gsserr("gss_krb5_import_cred (initiator)", major, minor);
+ check_gsserr("gss_krb5_import_cred (initiator)", major, minor);
/* Get acceptor cred. */
major = gss_krb5_import_cred(&minor, NULL, princ, kt, &acceptor_cred);
- if (GSS_ERROR(major))
- exit_gsserr("gss_krb5_import_cred (acceptor)", major, minor);
+ check_gsserr("gss_krb5_import_cred (acceptor)", major, minor);
/* Create krb5 initiator context and get the first token. */
token.value = NULL;
@@ -145,8 +94,7 @@ main(int argc, char *argv[])
GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
GSS_C_NO_BUFFER, NULL, &token, NULL, NULL);
- if (GSS_ERROR(major))
- exit_gsserr("gss_init_sec_context", major, minor);
+ check_gsserr("gss_init_sec_context", major, minor);
/* Pass the token to gss_accept_sec_context. */
tmp.value = NULL;
@@ -154,8 +102,7 @@ main(int argc, char *argv[])
major = gss_accept_sec_context(&minor, &acceptor_context, acceptor_cred,
&token, GSS_C_NO_CHANNEL_BINDINGS,
NULL, NULL, &tmp, NULL, NULL, NULL);
- if (major != GSS_S_COMPLETE)
- exit_gsserr("gss_accept_sec_context", major, minor);
+ check_gsserr("gss_accept_sec_context", major, minor);
krb5_cc_close(context, cc);
krb5_kt_close(context, kt);
diff --git a/src/tests/gssapi/t_imp_name.c b/src/tests/gssapi/t_imp_name.c
index a51c980..4fcd61b 100644
--- a/src/tests/gssapi/t_imp_name.c
+++ b/src/tests/gssapi/t_imp_name.c
@@ -21,130 +21,38 @@
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
- *
+ */
+
+/*
* Simple test program for testing how GSSAPI import name works. (May
* be made into a more full-fledged test program later.)
- *
*/
-#include <unistd.h>
-#include <stdlib.h>
#include <stdio.h>
-#include <string.h>
-#include <gssapi/gssapi.h>
-#include <gssapi/gssapi_generic.h>
-
-#define GSSAPI_V2
-void display_status (char *, OM_uint32, OM_uint32);
-static void display_status_1 (char *, OM_uint32, int);
-static void display_buffer (gss_buffer_desc);
-static int test_import_name (char *);
-FILE *display_file;
+#include "common.h"
-int main(argc, argv)
- int argc;
- char **argv;
+int
+main(int argc, char **argv)
{
- int retval;
-
- display_file = stdout;
-
- retval = test_import_name("host at dcl.mit.edu");
-
- return retval;
-}
-
-static int test_import_name(name)
- char *name;
-{
- OM_uint32 maj_stat, min_stat;
+ const char *name = "host at dcl.mit.edu";
+ OM_uint32 major, minor;
gss_name_t gss_name;
- gss_buffer_desc buffer_name;
+ gss_buffer_desc buf;
gss_OID name_oid;
- buffer_name.value = name;
- buffer_name.length = strlen(name) + 1;
- maj_stat = gss_import_name(&min_stat, &buffer_name,
- (gss_OID) gss_nt_service_name,
- &gss_name);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("parsing name", maj_stat, min_stat);
- return -1;
- }
+ gss_name = import_name(name);
- maj_stat = gss_display_name(&min_stat, gss_name, &buffer_name,
- &name_oid);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("displaying context", maj_stat, min_stat);
- return -1;
- }
- printf("name is: ");
- display_buffer(buffer_name);
- printf("\n");
- (void) gss_release_buffer(&min_stat, &buffer_name);
+ major = gss_display_name(&minor, gss_name, &buf, &name_oid);
+ check_gsserr("gss_display_name", major, minor);
+ printf("name is: %.*s\n", (int)buf.length, (char *)buf.value);
+ (void)gss_release_buffer(&minor, &buf);
- gss_oid_to_str(&min_stat, name_oid, &buffer_name);
- printf("name type is: ");
- display_buffer(buffer_name);
- printf("\n");
- (void) gss_release_buffer(&min_stat, &buffer_name);
-#ifdef GSSAPI_V2
- (void) gss_release_oid(&min_stat, &name_oid);
-#endif
- (void) gss_release_name(&min_stat, &gss_name);
- return 0;
-}
-
-static void display_buffer(buffer)
- gss_buffer_desc buffer;
-{
- char *namebuf;
-
- namebuf = malloc(buffer.length+1);
- if (!namebuf) {
- fprintf(stderr, "display_buffer: couldn't allocate buffer!\n");
- exit(1);
- }
- strncpy(namebuf, buffer.value, buffer.length);
- namebuf[buffer.length] = '\0';
- printf("%s", namebuf);
- free(namebuf);
-}
-
-void display_status(msg, maj_stat, min_stat)
- char *msg;
- OM_uint32 maj_stat;
- OM_uint32 min_stat;
-{
- display_status_1(msg, maj_stat, GSS_C_GSS_CODE);
- display_status_1(msg, min_stat, GSS_C_MECH_CODE);
-}
-
-static void display_status_1(m, code, type)
- char *m;
- OM_uint32 code;
- int type;
-{
- OM_uint32 min_stat;
- gss_buffer_desc msg;
-#ifdef GSSAPI_V2
- OM_uint32 msg_ctx;
-#else /* GSSAPI_V2 */
- int msg_ctx;
-#endif /* GSSAPI_V2 */
-
- msg_ctx = 0;
- while (1) {
- (void) gss_display_status(&min_stat, code,
- type, GSS_C_NULL_OID,
- &msg_ctx, &msg);
- if (display_file)
- fprintf(display_file, "GSS-API error %s: %s\n", m,
- (char *)msg.value);
- (void) gss_release_buffer(&min_stat, &msg);
+ major = gss_oid_to_str(&minor, name_oid, &buf);
+ check_gsserr("gss_oid_to_str", major, minor);
+ printf("name type is: %.*s\n", (int)buf.length, (char *)buf.value);
+ (void)gss_release_buffer(&minor, &buf);
+ (void)gss_release_name(&minor, &gss_name);
- if (!msg_ctx)
- break;
- }
+ return 0;
}
diff --git a/src/tests/gssapi/t_inq_cred.c b/src/tests/gssapi/t_inq_cred.c
index ed93a6e..8dd331d 100644
--- a/src/tests/gssapi/t_inq_cred.c
+++ b/src/tests/gssapi/t_inq_cred.c
@@ -29,7 +29,7 @@
* script. Acquires credentials, inquires them, and prints the resulting name
* and lifetime.
*
- * Usage: ./t_inq_cred [-k|-s] [-a|-b|-i] [initiatorprinc|gss:service at host]
+ * Usage: ./t_inq_cred [-k|-s] [-a|-b|-i] [initiatorname]
*
* By default no mechanism is specified when acquiring credentials; -k
* indicates the krb5 mech and -s indicates SPNEGO. By default or with -i,
@@ -43,44 +43,13 @@
#include <stdlib.h>
#include <string.h>
-#include <gssapi/gssapi_krb5.h>
-
-static gss_OID_desc spnego_mech = { 6, "\053\006\001\005\005\002" };
-
-static void
-display_status_1(const char *m, OM_uint32 code, int type)
-{
- OM_uint32 maj_stat, min_stat;
- gss_buffer_desc msg;
- OM_uint32 msg_ctx;
-
- msg_ctx = 0;
- while (1) {
- maj_stat = gss_display_status(&min_stat, code,
- type, GSS_C_NULL_OID,
- &msg_ctx, &msg);
- fprintf(stderr, "%s: %s\n", m, (char *)msg.value);
- (void) gss_release_buffer(&min_stat, &msg);
-
- if (!msg_ctx)
- break;
- }
-}
+#include "common.h"
static void
-gsserr(const char *msg, OM_uint32 maj_stat, OM_uint32 min_stat)
-{
- display_status_1(msg, maj_stat, GSS_C_GSS_CODE);
- display_status_1(msg, min_stat, GSS_C_MECH_CODE);
- exit(1);
-}
-
-static void
-usage(const char *progname)
+usage(void)
{
fprintf(stderr,
- "Usage: %s [-k|-s] [-a|-b|-i] [princ|gss:service at host]\n",
- progname);
+ "Usage: t_inq_cred [-k|-s] [-a|-b|-i] [princ|gss:service at host]\n");
exit(1);
}
@@ -89,13 +58,11 @@ main(int argc, char *argv[])
{
OM_uint32 minor, major, lifetime;
gss_cred_usage_t cred_usage = GSS_C_INITIATE;
- gss_OID mech = GSS_C_NO_OID;
- gss_OID_set_desc mechs;
- gss_OID_set mechset = GSS_C_NO_OID_SET;
+ gss_OID_set mechs = GSS_C_NO_OID_SET;
gss_cred_id_t cred = GSS_C_NO_CREDENTIAL;
gss_name_t name = GSS_C_NO_NAME;
gss_buffer_desc buf;
- const char *name_arg = NULL, *progname = argv[0];
+ const char *name_arg = NULL;
char opt;
while (argc > 1 && argv[1][0] == '-') {
@@ -108,60 +75,36 @@ main(int argc, char *argv[])
else if (opt == 'i')
cred_usage = GSS_C_INITIATE;
else if (opt == 'k')
- mech = (gss_OID)gss_mech_krb5;
+ mechs = &mechset_krb5;
else if (opt == 's')
- mech = &spnego_mech;
+ mechs = &mechset_spnego;
else
- usage(progname);
+ usage();
}
if (argc > 2)
- usage(progname);
+ usage();
if (argc > 1)
name_arg = argv[1];
/* Import the name, if given. */
- if (name_arg != NULL && strncmp(name_arg, "gss:", 4) == 0) {
- /* Import as host-based service. */
- buf.value = (char *)name_arg + 4;
- buf.length = strlen((char *)buf.value);
- major = gss_import_name(&minor, &buf, GSS_C_NT_HOSTBASED_SERVICE,
- &name);
- if (GSS_ERROR(major))
- gsserr("gss_import_name", major, minor);
- } else if (name_arg != NULL) {
- /* Import as krb5 principal name. */
- buf.value = (char *)name_arg;
- buf.length = strlen((char *)buf.value);
- major = gss_import_name(&minor, &buf,
- (gss_OID)GSS_KRB5_NT_PRINCIPAL_NAME, &name);
- if (GSS_ERROR(major))
- gsserr("gss_import_name", major, minor);
- }
-
- if (mech != GSS_C_NO_OID) {
- mechs.elements = mech;
- mechs.count = 1;
- mechset = &mechs;
- }
+ if (name_arg != NULL)
+ name = import_name(name_arg);
/* Acquire a credential. */
- major = gss_acquire_cred(&minor, name, GSS_C_INDEFINITE, mechset,
- cred_usage, &cred, NULL, NULL);
- if (GSS_ERROR(major))
- gsserr("gss_acquire_cred", major, minor);
+ major = gss_acquire_cred(&minor, name, GSS_C_INDEFINITE, mechs, cred_usage,
+ &cred, NULL, NULL);
+ check_gsserr("gss_acquire_cred", major, minor);
/* Inquire about the credential. */
(void)gss_release_name(&minor, &name);
major = gss_inquire_cred(&minor, cred, &name, &lifetime, NULL, NULL);
- if (GSS_ERROR(major))
- gsserr("gss_inquire_cred", major, minor);
+ check_gsserr("gss_inquire_cred", major, minor);
/* Get a display form of the name. */
buf.value = NULL;
buf.length = 0;
major = gss_display_name(&minor, name, &buf, NULL);
- if (GSS_ERROR(major))
- gsserr("gss_display_name", major, minor);
+ check_gsserr("gss_display_name", major, minor);
printf("name: %.*s\n", (int)buf.length, (char *)buf.value);
printf("lifetime: %d\n", (int)lifetime);
diff --git a/src/tests/gssapi/t_namingexts.c b/src/tests/gssapi/t_namingexts.c
index 86d276e..7d06f33 100644
--- a/src/tests/gssapi/t_namingexts.c
+++ b/src/tests/gssapi/t_namingexts.c
@@ -27,280 +27,90 @@
#include <stdlib.h>
#include <string.h>
-#include <gssapi/gssapi_krb5.h>
-#include <gssapi/gssapi_generic.h>
-
-static gss_OID_desc spnego_mech = { 6, "\053\006\001\005\005\002" };
+#include "common.h"
static int use_spnego = 0;
-static void displayStatus_1(m, code, type)
- char *m;
- OM_uint32 code;
- int type;
-{
- OM_uint32 maj_stat, min_stat;
- gss_buffer_desc msg;
- OM_uint32 msg_ctx;
-
- msg_ctx = 0;
- while (1) {
- maj_stat = gss_display_status(&min_stat, code,
- type, GSS_C_NULL_OID,
- &msg_ctx, &msg);
- fprintf(stderr, "%s: %s\n", m, (char *)msg.value);
- (void) gss_release_buffer(&min_stat, &msg);
-
- if (!msg_ctx)
- break;
- }
-}
-
-static void displayStatus(msg, maj_stat, min_stat)
- char *msg;
- OM_uint32 maj_stat;
- OM_uint32 min_stat;
-{
- displayStatus_1(msg, maj_stat, GSS_C_GSS_CODE);
- displayStatus_1(msg, min_stat, GSS_C_MECH_CODE);
-}
-
-static OM_uint32
-displayCanonName(OM_uint32 *minor, gss_name_t name, char *tag)
-{
- gss_name_t canon;
- OM_uint32 major, tmp;
- gss_buffer_desc buf;
-
- major = gss_canonicalize_name(minor, name, (gss_OID)gss_mech_krb5, &canon);
- if (GSS_ERROR(major)) {
- displayStatus("gss_canonicalize_name", major, *minor);
- return major;
- }
-
- major = gss_display_name(minor, canon, &buf, NULL);
- if (GSS_ERROR(major)) {
- gss_release_name(&tmp, &canon);
- displayStatus("gss_display_name", major, *minor);
- return major;
- }
-
- printf("%s:\t%s\n", tag, (char *)buf.value);
-
- gss_release_name(&tmp, &canon);
- gss_release_buffer(&tmp, &buf);
-
- return GSS_S_COMPLETE;
-}
-
static void
-dumpAttribute(OM_uint32 *minor,
- gss_name_t name,
- gss_buffer_t attribute,
- int noisy)
-{
- OM_uint32 major, tmp;
- gss_buffer_desc value;
- gss_buffer_desc display_value;
- int authenticated = 0;
- int complete = 0;
- int more = -1;
- unsigned int i;
-
- while (more != 0) {
- value.value = NULL;
- display_value.value = NULL;
-
- major = gss_get_name_attribute(minor,
- name,
- attribute,
- &authenticated,
- &complete,
- &value,
- &display_value,
- &more);
- if (GSS_ERROR(major)) {
- displayStatus("gss_get_name_attribute", major, *minor);
- break;
- }
-
- printf("Attribute %.*s %s %s\n\n%.*s\n",
- (int)attribute->length, (char *)attribute->value,
- authenticated ? "Authenticated" : "",
- complete ? "Complete" : "",
- (int)display_value.length, (char *)display_value.value);
-
- if (noisy) {
- for (i = 0; i < value.length; i++) {
- if ((i % 32) == 0)
- printf("\n");
- printf("%02x", ((char *)value.value)[i] & 0xFF);
- }
- printf("\n\n");
- }
-
- gss_release_buffer(&tmp, &value);
- gss_release_buffer(&tmp, &display_value);
- }
-}
-
-static OM_uint32
-enumerateAttributes(OM_uint32 *minor,
- gss_name_t name,
- int noisy)
-{
- OM_uint32 major, tmp;
- int name_is_MN;
- gss_OID mech = GSS_C_NO_OID;
- gss_buffer_set_t attrs = GSS_C_NO_BUFFER_SET;
- unsigned int i;
-
- major = gss_inquire_name(minor,
- name,
- &name_is_MN,
- &mech,
- &attrs);
- if (GSS_ERROR(major)) {
- displayStatus("gss_inquire_name", major, *minor);
- return major;
- }
-
- if (attrs != GSS_C_NO_BUFFER_SET) {
- for (i = 0; i < attrs->count; i++)
- dumpAttribute(minor, name, &attrs->elements[i], noisy);
- }
-
- gss_release_oid(&tmp, &mech);
- gss_release_buffer_set(&tmp, &attrs);
-
- return major;
-}
-
-static OM_uint32
-testExportImportName(OM_uint32 *minor,
- gss_name_t name)
+test_export_import_name(gss_name_t name)
{
- OM_uint32 major, tmp;
- gss_buffer_desc exported_name;
+ OM_uint32 major, minor;
+ gss_buffer_desc exported_name = GSS_C_EMPTY_BUFFER;
gss_name_t imported_name = GSS_C_NO_NAME;
unsigned int i;
- exported_name.value = NULL;
-
- major = gss_export_name_composite(minor,
- name,
- &exported_name);
- if (GSS_ERROR(major)) {
- displayStatus("gss_export_name_composite", major, *minor);
- return major;
- }
+ major = gss_export_name_composite(&minor, name, &exported_name);
+ check_gsserr("gss_export_name_composite", major, minor);
printf("Exported name:\n");
-
for (i = 0; i < exported_name.length; i++) {
if ((i % 32) == 0)
printf("\n");
printf("%02x", ((char *)exported_name.value)[i] & 0xFF);
}
-
printf("\n");
- major = gss_import_name(minor, &exported_name, gss_nt_exported_name,
+ major = gss_import_name(&minor, &exported_name, GSS_C_NT_EXPORT_NAME,
&imported_name);
- if (GSS_ERROR(major)) {
- displayStatus("gss_import_name", major, *minor);
- gss_release_buffer(&tmp, &exported_name);
- return major;
- }
-
- gss_release_buffer(&tmp, &exported_name);
+ check_gsserr("gss_import_name", major, minor);
+ (void)gss_release_buffer(&minor, &exported_name);
printf("\n");
- displayCanonName(minor, imported_name, "Re-imported name");
+ display_canon_name("Re-imported name", imported_name, &mech_krb5);
printf("Re-imported attributes:\n\n");
- major = enumerateAttributes(minor, imported_name, 0);
+ enumerate_attributes(imported_name, 0);
- gss_release_name(&tmp, &imported_name);
-
- return major;
+ (void)gss_release_name(&minor, &imported_name);
}
-static OM_uint32
-testGreetAuthzData(OM_uint32 *minor,
- gss_name_t name)
+static void
+test_greet_authz_data(gss_name_t name)
{
- OM_uint32 major;
+ OM_uint32 major, minor;
gss_buffer_desc attr;
gss_buffer_desc value;
attr.value = "urn:greet:greeting";
attr.length = strlen((char *)attr.value);
- major = gss_delete_name_attribute(minor,
- name,
- &attr);
+ major = gss_delete_name_attribute(&minor, name, &attr);
if (major == GSS_S_UNAVAILABLE) {
fprintf(stderr, "Warning: greet_client plugin not installed\n");
- return GSS_S_COMPLETE;
- } else if (GSS_ERROR(major)) {
- displayStatus("gss_delete_name_attribute", major, *minor);
- return major;
+ exit(1);
}
+ check_gsserr("gss_delete_name_attribute", major, minor);
value.value = "Hello, acceptor world!";
value.length = strlen((char *)value.value);
-
- major = gss_set_name_attribute(minor,
- name,
- 1,
- &attr,
- &value);
+ major = gss_set_name_attribute(&minor, name, 1, &attr, &value);
if (major == GSS_S_UNAVAILABLE)
- return GSS_S_COMPLETE;
- else if (GSS_ERROR(major))
- displayStatus("gss_set_name_attribute", major, *minor);
-
- return major;
+ return;
+ check_gsserr("gss_set_name_attribute", major, minor);
}
-static OM_uint32
-testMapNameToAny(OM_uint32 *minor,
- gss_name_t name)
+static void
+test_map_name_to_any(gss_name_t name)
{
- OM_uint32 major;
- OM_uint32 tmp_minor;
+ OM_uint32 major, minor;
gss_buffer_desc type_id;
krb5_pac pac;
- krb5_context context;
- krb5_error_code code;
- size_t len;
+ krb5_context context = NULL;
+ krb5_error_code ret;
+ size_t len, i;
krb5_ui_4 *types;
type_id.value = "mspac";
type_id.length = strlen((char *)type_id.value);
- major = gss_map_name_to_any(minor,
- name,
- 1, /* authenticated */
- &type_id,
- (gss_any_t *)&pac);
+ major = gss_map_name_to_any(&minor, name, 1, &type_id, (gss_any_t *)&pac);
if (major == GSS_S_UNAVAILABLE)
- return GSS_S_COMPLETE;
- else if (GSS_ERROR(major))
- displayStatus("gss_map_name_to_any", major, *minor);
-
- code = krb5_init_context(&context);
- if (code != 0) {
- gss_release_any_name_mapping(&tmp_minor, name,
- &type_id, (gss_any_t *)&pac);
- *minor = code;
- return GSS_S_FAILURE;
- }
+ return;
+ check_gsserr("gss_map_name_to_any", major, minor);
- code = krb5_pac_get_types(context, pac, &len, &types);
- if (code == 0) {
- size_t i;
+ ret = krb5_init_context(&context);
+ check_k5err(context, "krb5_init_context", ret);
+ if (krb5_pac_get_types(context, pac, &len, &types) == 0) {
printf("PAC buffer types:");
for (i = 0; i < len; i++)
printf(" %d", types[i]);
@@ -308,101 +118,62 @@ testMapNameToAny(OM_uint32 *minor,
free(types);
}
- gss_release_any_name_mapping(&tmp_minor, name,
- &type_id, (gss_any_t *)&pac);
-
- return GSS_S_COMPLETE;
+ (void)gss_release_any_name_mapping(&minor, name, &type_id,
+ (gss_any_t *)&pac);
}
-static OM_uint32
-initAcceptSecContext(OM_uint32 *minor,
- gss_cred_id_t verifier_cred_handle)
+static void
+init_accept_sec_context(gss_cred_id_t verifier_cred_handle)
{
- OM_uint32 major;
- gss_buffer_desc token, tmp;
+ OM_uint32 major, minor;
+ gss_buffer_desc token = GSS_C_EMPTY_BUFFER, tmp = GSS_C_EMPTY_BUFFER;
+ gss_name_t source_name = GSS_C_NO_NAME, target_name = GSS_C_NO_NAME;
gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
- gss_name_t source_name = GSS_C_NO_NAME;
- gss_name_t target_name = GSS_C_NO_NAME;
+ gss_OID mech = use_spnego ? &mech_spnego : &mech_krb5;
OM_uint32 time_rec;
- token.value = NULL;
- token.length = 0;
-
- tmp.value = NULL;
- tmp.length = 0;
-
- major = gss_inquire_cred(minor, verifier_cred_handle,
- &target_name, NULL, NULL, NULL);
- if (GSS_ERROR(major)) {
- displayStatus("gss_inquire_cred", major, *minor);
- return major;
- }
+ major = gss_inquire_cred(&minor, verifier_cred_handle, &target_name, NULL,
+ NULL, NULL);
+ check_gsserr("gss_inquire_cred", major, minor);
- displayCanonName(minor, target_name, "Target name");
+ display_canon_name("Target name", target_name, &mech_krb5);
- major = gss_init_sec_context(minor,
- verifier_cred_handle,
- &initiator_context,
- target_name,
- use_spnego ?
- (gss_OID)&spnego_mech :
- (gss_OID)gss_mech_krb5,
+ major = gss_init_sec_context(&minor, verifier_cred_handle,
+ &initiator_context, target_name, mech,
GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
- GSS_C_INDEFINITE,
- GSS_C_NO_CHANNEL_BINDINGS,
- GSS_C_NO_BUFFER,
- NULL,
- &token,
- NULL,
+ GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
+ GSS_C_NO_BUFFER, NULL, &token, NULL,
&time_rec);
-
- if (target_name != GSS_C_NO_NAME)
- (void) gss_release_name(minor, &target_name);
-
- if (GSS_ERROR(major)) {
- displayStatus("gss_init_sec_context", major, *minor);
- return major;
- }
-
- (void) gss_delete_sec_context(minor, &initiator_context, NULL);
-
- major = gss_accept_sec_context(minor,
- &acceptor_context,
- verifier_cred_handle,
- &token,
- GSS_C_NO_CHANNEL_BINDINGS,
- &source_name,
- NULL,
- &tmp,
- NULL,
- &time_rec,
- NULL);
-
- if (GSS_ERROR(major))
- displayStatus("gss_accept_sec_context", major, *minor);
- else {
- displayCanonName(minor, source_name, "Source name");
- enumerateAttributes(minor, source_name, 1);
- testExportImportName(minor, source_name);
- testMapNameToAny(minor, source_name);
- }
-
- (void) gss_release_name(minor, &source_name);
- (void) gss_delete_sec_context(minor, &acceptor_context, NULL);
- (void) gss_release_buffer(minor, &token);
- (void) gss_release_buffer(minor, &tmp);
-
- return major;
+ check_gsserr("gss_init_sec_context", major, minor);
+
+ (void)gss_release_name(&minor, &target_name);
+ (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
+
+ major = gss_accept_sec_context(&minor, &acceptor_context,
+ verifier_cred_handle, &token,
+ GSS_C_NO_CHANNEL_BINDINGS, &source_name,
+ NULL, &tmp, NULL, &time_rec, NULL);
+ check_gsserr("gss_accept_sec_context", major, minor);
+
+ display_canon_name("Source name", source_name, &mech_krb5);
+ enumerate_attributes(source_name, 1);
+ test_export_import_name(source_name);
+ test_map_name_to_any(source_name);
+
+ (void)gss_release_name(&minor, &source_name);
+ (void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
+ (void)gss_release_buffer(&minor, &token);
+ (void)gss_release_buffer(&minor, &tmp);
}
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- OM_uint32 minor, major, tmp;
+ OM_uint32 minor, major;
gss_cred_id_t cred_handle = GSS_C_NO_CREDENTIAL;
- gss_OID_set_desc mechs;
- gss_OID_set actual_mechs = GSS_C_NO_OID_SET;
- gss_name_t name = GSS_C_NO_NAME;
+ gss_OID_set mechs, actual_mechs = GSS_C_NO_OID_SET;
+ gss_name_t tmp_name, name;
if (argc > 1 && strcmp(argv[1], "--spnego") == 0) {
use_spnego++;
@@ -410,77 +181,38 @@ int main(int argc, char *argv[])
argv++;
}
- if (argc > 1) {
- gss_buffer_desc name_buf;
- gss_name_t tmp_name;
-
- name_buf.value = argv[1];
- name_buf.length = strlen(argv[1]);
-
- major = gss_import_name(&minor, &name_buf,
- (gss_OID)GSS_KRB5_NT_PRINCIPAL_NAME, &tmp_name);
- if (GSS_ERROR(major)) {
- displayStatus("gss_import_name", major, minor);
- goto out;
- }
-
- major = gss_canonicalize_name(&minor, tmp_name,
- (gss_OID)gss_mech_krb5, &name);
- if (GSS_ERROR(major)) {
- gss_release_name(&tmp, &tmp_name);
- displayStatus("gss_canonicalze_name", major, minor);
- goto out;
- }
-
- gss_release_name(&tmp, &tmp_name);
-
- major = testGreetAuthzData(&minor, name);
- if (GSS_ERROR(major))
- goto out;
- } else {
- fprintf(stderr, "Usage: %s [--spnego] [principal] [keytab]\n", argv[0]);
+ if (argc < 2) {
+ fprintf(stderr, "Usage: %s [--spnego] principal [keytab]\n", argv[0]);
exit(1);
}
- if (argc > 2) {
+ tmp_name = import_name(argv[1]);
+ major = gss_canonicalize_name(&minor, tmp_name, &mech_krb5, &name);
+ check_gsserr("gss_canonicalze_name", major, minor);
+ (void)gss_release_name(&minor, &tmp_name);
+
+ test_greet_authz_data(name);
+
+ if (argc >= 3) {
major = krb5_gss_register_acceptor_identity(argv[2]);
- if (GSS_ERROR(major)) {
- displayStatus("krb5_gss_register_acceptor_identity", major, minor);
- goto out;
- }
+ check_gsserr("krb5_gss_register_acceptor_identity", major, minor);
}
-
- mechs.elements = use_spnego ? (gss_OID)&spnego_mech :
- (gss_OID)gss_mech_krb5;
- mechs.count = 1;
+ mechs = use_spnego ? &mechset_spnego : &mechset_krb5;
/* get default cred */
- major = gss_acquire_cred(&minor,
- name,
- GSS_C_INDEFINITE,
- &mechs,
- GSS_C_BOTH,
- &cred_handle,
- &actual_mechs,
- NULL);
- if (GSS_ERROR(major)) {
- displayStatus("gss_acquire_cred", major, minor);
- goto out;
- }
+ major = gss_acquire_cred(&minor, name, GSS_C_INDEFINITE, mechs, GSS_C_BOTH,
+ &cred_handle, &actual_mechs, NULL);
+ check_gsserr("gss_acquire_cred", major, minor);
- (void) gss_release_oid_set(&minor, &actual_mechs);
+ (void)gss_release_oid_set(&minor, &actual_mechs);
- major = initAcceptSecContext(&minor, cred_handle);
- if (GSS_ERROR(major))
- goto out;
+ init_accept_sec_context(cred_handle);
printf("\n");
-out:
- (void) gss_release_cred(&tmp, &cred_handle);
- (void) gss_release_oid_set(&tmp, &actual_mechs);
- (void) gss_release_name(&tmp, &name);
-
- return GSS_ERROR(major) ? 1 : 0;
+ (void)gss_release_cred(&minor, &cred_handle);
+ (void)gss_release_oid_set(&minor, &actual_mechs);
+ (void)gss_release_name(&minor, &name);
+ return 0;
}
diff --git a/src/tests/gssapi/t_s4u.c b/src/tests/gssapi/t_s4u.c
index ef90166..62b9735 100644
--- a/src/tests/gssapi/t_s4u.c
+++ b/src/tests/gssapi/t_s4u.c
@@ -23,12 +23,6 @@
* or implied warranty.
*/
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <gssapi/gssapi_krb5.h>
-
/*
* Test program for protocol transition (S4U2Self) and constrained delegation
* (S4U2Proxy)
@@ -53,192 +47,27 @@
* Usage eg:
*
* kinit -k -t test.keytab -f 'host/test.win.mit.edu at WIN.MIT.EDU'
- * ./t_s4u delegtest at WIN.MIT.EDU HOST/WIN-EQ7E4AA2WR8.win.mit.edu at WIN.MIT.EDU test.keytab
+ * ./t_s4u p:delegtest at WIN.MIT.EDU p:HOST/WIN-EQ7E4AA2WR8.win.mit.edu at WIN.MIT.EDU test.keytab
*/
-static gss_OID_desc spnego_mech = { 6, "\053\006\001\005\005\002" };
-
-static int use_spnego = 0;
-
-static void displayStatus_1(m, code, type)
- char *m;
- OM_uint32 code;
- int type;
-{
- OM_uint32 maj_stat, min_stat;
- gss_buffer_desc msg;
- OM_uint32 msg_ctx;
-
- msg_ctx = 0;
- while (1) {
- maj_stat = gss_display_status(&min_stat, code,
- type, GSS_C_NULL_OID,
- &msg_ctx, &msg);
- printf("%s: %s\n", m, (char *)msg.value);
- (void) gss_release_buffer(&min_stat, &msg);
-
- if (!msg_ctx)
- break;
- }
-}
-
-static void displayStatus(msg, maj_stat, min_stat)
- char *msg;
- OM_uint32 maj_stat;
- OM_uint32 min_stat;
-{
- displayStatus_1(msg, maj_stat, GSS_C_GSS_CODE);
- displayStatus_1(msg, min_stat, GSS_C_MECH_CODE);
-}
-
-static OM_uint32
-displayCanonName(OM_uint32 *minor, gss_name_t name, char *tag)
-{
- gss_name_t canon;
- OM_uint32 major, tmp_minor;
- gss_buffer_desc buf;
-
- major = gss_canonicalize_name(minor, name,
- (gss_OID)gss_mech_krb5, &canon);
- if (GSS_ERROR(major)) {
- displayStatus("gss_canonicalize_name", major, *minor);
- return major;
- }
-
- major = gss_display_name(minor, canon, &buf, NULL);
- if (GSS_ERROR(major)) {
- displayStatus("gss_display_name", major, *minor);
- gss_release_name(&tmp_minor, &canon);
- return major;
- }
-
- printf("%s:\t%s\n", tag, (char *)buf.value);
-
- gss_release_buffer(&tmp_minor, &buf);
- gss_release_name(&tmp_minor, &canon);
-
- return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-displayOID(OM_uint32 *minor, gss_OID oid, char *tag)
-{
- OM_uint32 major, tmp_minor;
- gss_buffer_desc buf;
-
- major = gss_oid_to_str(minor, oid, &buf);
- if (GSS_ERROR(major)) {
- displayStatus("gss_oid_to_str", major, *minor);
- return major;
- }
-
- printf("%s:\t%s\n", tag, (char *)buf.value);
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
- gss_release_buffer(&tmp_minor, &buf);
+#include "common.h"
- return GSS_S_COMPLETE;
-}
+static int use_spnego = 0;
static void
-dumpAttribute(OM_uint32 *minor,
- gss_name_t name,
- gss_buffer_t attribute,
- int noisy)
+test_greet_authz_data(gss_name_t *name)
{
- OM_uint32 major, tmp_minor;
- gss_buffer_desc value;
- gss_buffer_desc display_value;
- int authenticated = 0;
- int complete = 0;
- int more = -1;
- unsigned int i;
-
- while (more != 0) {
- value.value = NULL;
- display_value.value = NULL;
-
- major = gss_get_name_attribute(minor,
- name,
- attribute,
- &authenticated,
- &complete,
- &value,
- &display_value,
- &more);
- if (GSS_ERROR(major)) {
- displayStatus("gss_get_name_attribute", major, *minor);
- break;
- }
-
- printf("Attribute %.*s %s %s\n\n%.*s\n",
- (int)attribute->length, (char *)attribute->value,
- authenticated ? "Authenticated" : "",
- complete ? "Complete" : "",
- (int)display_value.length, (char *)display_value.value);
-
- if (noisy) {
- for (i = 0; i < value.length; i++) {
- if ((i % 32) == 0)
- printf("\n");
- printf("%02x", ((char *)value.value)[i] & 0xFF);
- }
- printf("\n\n");
- }
-
- gss_release_buffer(&tmp_minor, &value);
- gss_release_buffer(&tmp_minor, &display_value);
- }
-}
-
-static OM_uint32
-enumerateAttributes(OM_uint32 *minor,
- gss_name_t name,
- int noisy)
-{
- OM_uint32 major, tmp_minor;
- int name_is_MN;
- gss_OID mech = GSS_C_NO_OID;
- gss_buffer_set_t attrs = GSS_C_NO_BUFFER_SET;
- unsigned int i;
-
- major = gss_inquire_name(minor,
- name,
- &name_is_MN,
- &mech,
- &attrs);
- if (GSS_ERROR(major)) {
- displayStatus("gss_inquire_name", major, *minor);
- return major;
- }
-
- if (attrs != GSS_C_NO_BUFFER_SET) {
- for (i = 0; i < attrs->count; i++)
- dumpAttribute(minor, name, &attrs->elements[i], noisy);
- }
-
- gss_release_oid(&tmp_minor, &mech);
- gss_release_buffer_set(&tmp_minor, &attrs);
-
- return major;
-}
-
-static OM_uint32
-testGreetAuthzData(OM_uint32 *minor,
- gss_name_t *name)
-{
- OM_uint32 major, tmp_minor;
+ OM_uint32 major, minor;
gss_buffer_desc attr;
gss_buffer_desc value;
gss_name_t canon;
- major = gss_canonicalize_name(minor,
- *name,
- (gss_OID)gss_mech_krb5,
- &canon);
- if (GSS_ERROR(major)) {
- displayStatus("gss_canonicalize_name", major, *minor);
- return major;
- }
+ major = gss_canonicalize_name(&minor, *name, &mech_krb5, &canon);
+ check_gsserr("gss_canonicalize_name", major, minor);
attr.value = "greet:greeting";
attr.length = strlen((char *)attr.value);
@@ -246,124 +75,75 @@ testGreetAuthzData(OM_uint32 *minor,
value.value = "Hello, acceptor world!";
value.length = strlen((char *)value.value);
- major = gss_set_name_attribute(minor,
- canon,
- 1,
- &attr,
- &value);
- if (major == GSS_S_UNAVAILABLE)
- major = GSS_S_COMPLETE;
- else if (GSS_ERROR(major))
- displayStatus("gss_set_name_attribute", major, *minor);
- else {
- gss_release_name(&tmp_minor, name);
- *name = canon;
- canon = GSS_C_NO_NAME;
+ major = gss_set_name_attribute(&minor, canon, 1, &attr, &value);
+ if (major == GSS_S_UNAVAILABLE) {
+ (void)gss_release_name(&minor, &canon);
+ return;
}
-
- if (canon != GSS_C_NO_NAME)
- gss_release_name(&tmp_minor, &canon);
-
- return GSS_S_COMPLETE;
+ check_gsserr("gss_set_name_attribute", major, minor);
+ gss_release_name(&minor, name);
+ *name = canon;
}
-static OM_uint32
-initAcceptSecContext(OM_uint32 *minor,
- gss_cred_id_t claimant_cred_handle,
- gss_cred_id_t verifier_cred_handle,
- gss_cred_id_t *deleg_cred_handle)
+static void
+init_accept_sec_context(gss_cred_id_t claimant_cred_handle,
+ gss_cred_id_t verifier_cred_handle,
+ gss_cred_id_t *deleg_cred_handle)
{
- OM_uint32 major, tmp_minor;
- gss_buffer_desc token, tmp;
+ OM_uint32 major, minor;
+ gss_buffer_desc token = GSS_C_EMPTY_BUFFER, tmp = GSS_C_EMPTY_BUFFER;
+ gss_name_t source_name = GSS_C_NO_NAME, target_name = GSS_C_NO_NAME;
gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
- gss_name_t source_name = GSS_C_NO_NAME;
- gss_name_t target_name = GSS_C_NO_NAME;
OM_uint32 time_rec;
gss_OID mech = GSS_C_NO_OID;
- token.value = NULL;
- token.length = 0;
-
- tmp.value = NULL;
- tmp.length = 0;
-
*deleg_cred_handle = GSS_C_NO_CREDENTIAL;
- major = gss_inquire_cred(minor, verifier_cred_handle,
- &target_name, NULL, NULL, NULL);
- if (GSS_ERROR(major)) {
- displayStatus("gss_inquire_cred", major, *minor);
- return major;
- }
+ major = gss_inquire_cred(&minor, verifier_cred_handle, &target_name, NULL,
+ NULL, NULL);
+ check_gsserr("gss_inquire_cred", major, minor);
- displayCanonName(minor, target_name, "Target name");
+ display_canon_name("Target name", target_name, &mech_krb5);
- mech = use_spnego ? (gss_OID)&spnego_mech : (gss_OID)gss_mech_krb5;
- displayOID(minor, mech, "Target mech");
+ mech = use_spnego ? &mech_spnego : &mech_krb5;
+ display_oid("Target mech", mech);
- major = gss_init_sec_context(minor,
- claimant_cred_handle,
- &initiator_context,
- target_name,
- mech,
+ major = gss_init_sec_context(&minor, claimant_cred_handle,
+ &initiator_context, target_name, mech,
GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
- GSS_C_INDEFINITE,
- GSS_C_NO_CHANNEL_BINDINGS,
- GSS_C_NO_BUFFER,
- NULL,
- &token,
- NULL,
+ GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
+ GSS_C_NO_BUFFER, NULL, &token, NULL,
&time_rec);
+ check_gsserr("gss_init_sec_context", major, minor);
- if (target_name != GSS_C_NO_NAME)
- (void) gss_release_name(&tmp_minor, &target_name);
-
- if (GSS_ERROR(major)) {
- displayStatus("gss_init_sec_context", major, *minor);
- return major;
- }
+ (void)gss_release_name(&minor, &target_name);
+ (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
- (void) gss_delete_sec_context(minor, &initiator_context, NULL);
mech = GSS_C_NO_OID;
-
- major = gss_accept_sec_context(minor,
- &acceptor_context,
- verifier_cred_handle,
- &token,
- GSS_C_NO_CHANNEL_BINDINGS,
- &source_name,
- &mech,
- &tmp,
- NULL,
- &time_rec,
+ major = gss_accept_sec_context(&minor, &acceptor_context,
+ verifier_cred_handle, &token,
+ GSS_C_NO_CHANNEL_BINDINGS, &source_name,
+ &mech, &tmp, NULL, &time_rec,
deleg_cred_handle);
+ check_gsserr("gss_accept_sec_context", major, minor);
- if (GSS_ERROR(major))
- displayStatus("gss_accept_sec_context", major, *minor);
- else {
- displayCanonName(minor, source_name, "Source name");
- displayOID(minor, mech, "Source mech");
- enumerateAttributes(minor, source_name, 1);
- }
+ display_canon_name("Source name", source_name, &mech_krb5);
+ display_oid("Source mech", mech);
+ enumerate_attributes(source_name, 1);
- (void) gss_release_name(&tmp_minor, &source_name);
- (void) gss_delete_sec_context(&tmp_minor, &acceptor_context, NULL);
- (void) gss_release_buffer(&tmp_minor, &token);
- (void) gss_release_buffer(&tmp_minor, &tmp);
- (void) gss_release_oid(&tmp_minor, &mech);
-
- return major;
+ (void)gss_release_name(&minor, &source_name);
+ (void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
+ (void)gss_release_buffer(&minor, &token);
+ (void)gss_release_buffer(&minor, &tmp);
}
-static OM_uint32
-constrainedDelegate(OM_uint32 *minor,
- gss_OID_set desired_mechs,
- gss_name_t target,
- gss_cred_id_t delegated_cred_handle,
- gss_cred_id_t verifier_cred_handle)
+static void
+constrained_delegate(gss_OID_set desired_mechs, gss_name_t target,
+ gss_cred_id_t delegated_cred_handle,
+ gss_cred_id_t verifier_cred_handle)
{
- OM_uint32 major, tmp_minor;
+ OM_uint32 major, minor;
gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
gss_name_t cred_name = GSS_C_NO_NAME;
OM_uint32 time_rec, lifetime;
@@ -374,55 +154,44 @@ constrainedDelegate(OM_uint32 *minor,
printf("Constrained delegation tests follow\n");
printf("-----------------------------------\n\n");
- if (gss_inquire_cred(minor, verifier_cred_handle, &cred_name,
+ if (gss_inquire_cred(&minor, verifier_cred_handle, &cred_name,
&lifetime, &usage, NULL) == GSS_S_COMPLETE) {
- displayCanonName(minor, cred_name, "Proxy name");
- gss_release_name(&tmp_minor, &cred_name);
+ display_canon_name("Proxy name", cred_name, &mech_krb5);
+ (void)gss_release_name(&minor, &cred_name);
}
- displayCanonName(minor, target, "Target name");
- if (gss_inquire_cred(minor, delegated_cred_handle, &cred_name,
+ display_canon_name("Target name", target, &mech_krb5);
+ if (gss_inquire_cred(&minor, delegated_cred_handle, &cred_name,
&lifetime, &usage, &mechs) == GSS_S_COMPLETE) {
- displayCanonName(minor, cred_name, "Delegated name");
- displayOID(minor, &mechs->elements[0], "Delegated mech");
- gss_release_name(&tmp_minor, &cred_name);
+ display_canon_name("Delegated name", cred_name, &mech_krb5);
+ display_oid("Delegated mech", &mechs->elements[0]);
+ (void)gss_release_name(&minor, &cred_name);
}
printf("\n");
- major = gss_init_sec_context(minor,
- delegated_cred_handle,
- &initiator_context,
- target,
- mechs ? &mechs->elements[0] :
- (gss_OID)gss_mech_krb5,
+ major = gss_init_sec_context(&minor, delegated_cred_handle,
+ &initiator_context, target,
+ mechs ? &mechs->elements[0] : &mech_krb5,
GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
- GSS_C_INDEFINITE,
- GSS_C_NO_CHANNEL_BINDINGS,
- GSS_C_NO_BUFFER,
- NULL,
- &token,
- NULL,
+ GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
+ GSS_C_NO_BUFFER, NULL, &token, NULL,
&time_rec);
- if (GSS_ERROR(major))
- displayStatus("gss_init_sec_context", major, *minor);
+ check_gsserr("gss_init_sec_context", major, minor);
- (void) gss_release_buffer(&tmp_minor, &token);
- (void) gss_delete_sec_context(&tmp_minor, &initiator_context, NULL);
- (void) gss_release_oid_set(&tmp_minor, &mechs);
-
- return major;
+ (void)gss_release_buffer(&minor, &token);
+ (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
+ (void)gss_release_oid_set(&minor, &mechs);
}
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
OM_uint32 minor, major;
gss_cred_id_t impersonator_cred_handle = GSS_C_NO_CREDENTIAL;
gss_cred_id_t user_cred_handle = GSS_C_NO_CREDENTIAL;
gss_cred_id_t delegated_cred_handle = GSS_C_NO_CREDENTIAL;
gss_name_t user = GSS_C_NO_NAME, target = GSS_C_NO_NAME;
- gss_OID_set_desc mechs;
- gss_OID_set actual_mechs = GSS_C_NO_OID_SET;
- gss_buffer_desc buf;
+ gss_OID_set mechs;
if (argc < 2 || argc > 5) {
fprintf(stderr, "Usage: %s [--spnego] [user] "
@@ -437,113 +206,59 @@ int main(int argc, char *argv[])
argv++;
}
- buf.value = argv[1];
- buf.length = strlen((char *)buf.value);
+ user = import_name(argv[1]);
- major = gss_import_name(&minor, &buf,
- (gss_OID)GSS_KRB5_NT_PRINCIPAL_NAME,
- &user);
- if (GSS_ERROR(major)) {
- displayStatus("gss_import_name(user)", major, minor);
- goto out;
- }
-
- if (argc > 2 && strcmp(argv[2], "-")) {
- buf.value = argv[2];
- buf.length = strlen((char *)buf.value);
-
- major = gss_import_name(&minor, &buf,
- (gss_OID)GSS_KRB5_NT_PRINCIPAL_NAME,
- &target);
- if (GSS_ERROR(major)) {
- displayStatus("gss_import_name(target)", major, minor);
- goto out;
- }
- } else {
- target = GSS_C_NO_NAME;
- }
+ if (argc > 2 && strcmp(argv[2], "-"))
+ target = import_name(argv[2]);
if (argc > 3) {
major = krb5_gss_register_acceptor_identity(argv[3]);
- if (GSS_ERROR(major)) {
- displayStatus("krb5_gss_register_acceptor_identity",
- major, minor);
- goto out;
- }
+ check_gsserr("krb5_gss_register_acceptor_identity", major, 0);
}
- mechs.elements = use_spnego ? (gss_OID)&spnego_mech :
- (gss_OID)gss_mech_krb5;
- mechs.count = 1;
-
- /* get default cred */
- major = gss_acquire_cred(&minor,
- GSS_C_NO_NAME,
- GSS_C_INDEFINITE,
- &mechs,
- GSS_C_BOTH,
- &impersonator_cred_handle,
- &actual_mechs,
+ /* Get default cred. */
+ mechs = use_spnego ? &mechset_spnego : &mechset_krb5;
+ major = gss_acquire_cred(&minor, GSS_C_NO_NAME, GSS_C_INDEFINITE, mechs,
+ GSS_C_BOTH, &impersonator_cred_handle, NULL,
NULL);
- if (GSS_ERROR(major)) {
- displayStatus("gss_acquire_cred", major, minor);
- goto out;
- }
-
- (void) gss_release_oid_set(&minor, &actual_mechs);
+ check_gsserr("gss_acquire_cred", major, minor);
printf("Protocol transition tests follow\n");
printf("-----------------------------------\n\n");
- major = testGreetAuthzData(&minor, &user);
- if (GSS_ERROR(major))
- goto out;
+ test_greet_authz_data(&user);
- /* get S4U2Self cred */
- major = gss_acquire_cred_impersonate_name(&minor,
- impersonator_cred_handle,
- user,
- GSS_C_INDEFINITE,
- &mechs,
+ /* Get S4U2Self cred. */
+ major = gss_acquire_cred_impersonate_name(&minor, impersonator_cred_handle,
+ user, GSS_C_INDEFINITE, mechs,
GSS_C_INITIATE,
- &user_cred_handle,
- &actual_mechs,
- NULL);
- if (GSS_ERROR(major)) {
- displayStatus("gss_acquire_cred_impersonate_name", major, minor);
- goto out;
- }
-
- major = initAcceptSecContext(&minor,
- user_cred_handle,
- impersonator_cred_handle,
- &delegated_cred_handle);
- if (GSS_ERROR(major))
- goto out;
+ &user_cred_handle, NULL, NULL);
+ check_gsserr("gss_acquire_cred_impersonate_name", major, minor);
+ init_accept_sec_context(user_cred_handle, impersonator_cred_handle,
+ &delegated_cred_handle);
printf("\n");
if (target != GSS_C_NO_NAME &&
delegated_cred_handle != GSS_C_NO_CREDENTIAL) {
- major = constrainedDelegate(&minor, &mechs, target,
- delegated_cred_handle,
- impersonator_cred_handle);
+ constrained_delegate(mechs, target, delegated_cred_handle,
+ impersonator_cred_handle);
} else if (target != GSS_C_NO_NAME) {
- fprintf(stderr, "Warning: no delegated credentials handle returned\n\n");
+ fprintf(stderr, "Warning: no delegated cred handle returned\n\n");
fprintf(stderr, "Verify:\n\n");
- fprintf(stderr, " - The TGT for the impersonating service is forwardable\n");
- fprintf(stderr, " - The T2A4D flag set on the impersonating service's UAC\n");
- fprintf(stderr, " - The user is not marked sensitive and cannot be delegated\n");
+ fprintf(stderr, " - The TGT for the impersonating service is "
+ "forwardable\n");
+ fprintf(stderr, " - The T2A4D flag set on the impersonating service's "
+ "UAC\n");
+ fprintf(stderr, " - The user is not marked sensitive and cannot be "
+ "delegated\n");
fprintf(stderr, "\n");
}
-out:
- (void) gss_release_name(&minor, &user);
- (void) gss_release_name(&minor, &target);
- (void) gss_release_cred(&minor, &delegated_cred_handle);
- (void) gss_release_cred(&minor, &impersonator_cred_handle);
- (void) gss_release_cred(&minor, &user_cred_handle);
- (void) gss_release_oid_set(&minor, &actual_mechs);
-
- return GSS_ERROR(major) ? 1 : 0;
+ (void)gss_release_name(&minor, &user);
+ (void)gss_release_name(&minor, &target);
+ (void)gss_release_cred(&minor, &delegated_cred_handle);
+ (void)gss_release_cred(&minor, &impersonator_cred_handle);
+ (void)gss_release_cred(&minor, &user_cred_handle);
+ return 0;
}
diff --git a/src/tests/gssapi/t_s4u.py b/src/tests/gssapi/t_s4u.py
index 4c68c96..d6a0f2b 100644
--- a/src/tests/gssapi/t_s4u.py
+++ b/src/tests/gssapi/t_s4u.py
@@ -13,6 +13,10 @@ service2 = 'service/2@%s' % realm.realm
realm.addprinc(service2)
realm.extract_keytab(service2, realm.keytab)
+puser = 'p:' + realm.user_princ
+pservice1 = 'p:' + service1
+pservice2 = 'p:' + service2
+
# Get forwardable creds for service1 in the default cache.
realm.kinit(service1, None, ['-f', '-k'])
@@ -21,7 +25,7 @@ realm.kinit(service1, None, ['-f', '-k'])
# support for allowing it.
realm.kinit(realm.user_princ, password('user'), ['-f', '-c', usercache])
output = realm.run_as_server(['./t_s4u2proxy_krb5', usercache, storagecache,
- service1, service2], expected_code=1)
+ pservice1, pservice2], expected_code=1)
if ('auth1: ' + realm.user_princ not in output or
'NOT_ALLOWED_TO_DELEGATE' not in output):
fail('krb5 -> s4u2proxy')
@@ -29,7 +33,7 @@ if ('auth1: ' + realm.user_princ not in output or
# Again with SPNEGO. Bug #7045 prevents us from checking the error
# message, but we can at least exercise the code.
output = realm.run_as_server(['./t_s4u2proxy_krb5', '--spnego', usercache,
- storagecache, service1, service2],
+ storagecache, pservice1, pservice2],
expected_code=1)
if ('auth1: ' + realm.user_princ not in output):
fail('krb5 -> s4u2proxy (SPNEGO)')
@@ -39,27 +43,25 @@ if ('auth1: ' + realm.user_princ not in output):
# accept_sec_context.
realm.kinit(realm.user_princ, password('user'), ['-c', usercache])
output = realm.run_as_server(['./t_s4u2proxy_krb5', usercache, storagecache,
- service1, service2])
+ pservice1, pservice2])
if 'no credential delegated' not in output:
fail('krb5 -> no delegated cred')
# Try S4U2Self. Ask for an S4U2Proxy step; this won't happen because
# service/1 isn't allowed to get a forwardable S4U2Self ticket.
-output = realm.run_as_server(['./t_s4u', realm.user_princ, service2])
-if ('Warning: no delegated credentials handle' not in output or
+output = realm.run_as_server(['./t_s4u', puser, pservice2])
+if ('Warning: no delegated cred handle' not in output or
'Source name:\t' + realm.user_princ not in output):
fail('s4u2self')
-output = realm.run_as_server(['./t_s4u', '--spnego', realm.user_princ,
- service2])
-if ('Warning: no delegated credentials handle' not in output or
+output = realm.run_as_server(['./t_s4u', '--spnego', puser, pservice2])
+if ('Warning: no delegated cred handle' not in output or
'Source name:\t' + realm.user_princ not in output):
fail('s4u2self (SPNEGO)')
# Correct that problem and try again. As above, the S4U2Proxy step
# won't actually succeed since we don't support that in DB2.
realm.run_kadminl('modprinc +ok_to_auth_as_delegate ' + service1)
-output = realm.run_as_server(['./t_s4u', realm.user_princ, service2],
- expected_code=1)
+output = realm.run_as_server(['./t_s4u', puser, pservice2], expected_code=1)
if 'NOT_ALLOWED_TO_DELEGATE' not in output:
fail('s4u2self')
@@ -68,8 +70,8 @@ if 'NOT_ALLOWED_TO_DELEGATE' not in output:
# a krb5 cred, not a SPNEGO cred, and t_s4u uses the delegated cred
# directly rather than saving and reacquiring it) so bug #7045 does
# not apply and we can verify the error message.
-output = realm.run_as_server(['./t_s4u', '--spnego', realm.user_princ,
- service2], expected_code=1)
+output = realm.run_as_server(['./t_s4u', '--spnego', puser, pservice2],
+ expected_code=1)
if 'NOT_ALLOWED_TO_DELEGATE' not in output:
fail('s4u2self')
diff --git a/src/tests/gssapi/t_s4u2proxy_krb5.c b/src/tests/gssapi/t_s4u2proxy_krb5.c
index 7e7ba39..3626730 100644
--- a/src/tests/gssapi/t_s4u2proxy_krb5.c
+++ b/src/tests/gssapi/t_s4u2proxy_krb5.c
@@ -28,7 +28,7 @@
#include <stdlib.h>
#include <string.h>
-#include <gssapi/gssapi_krb5.h>
+#include "common.h"
/*
* Usage: ./t_s4u2proxy_krb5 [--spnego] client_cache storage_cache
@@ -41,49 +41,10 @@
* service2 using S4U2Proxy.
*
* The default keytab must contain keys for service1 and service2. The default
- * ccache must contain a TGT for service1. service1 and service2 must be given
- * as krb5 principal names. This program assumes that krb5 or SPNEGO
- * authentication requires only one token exchange.
+ * ccache must contain a TGT for service1. This program assumes that krb5 or
+ * SPNEGO authentication requires only one token exchange.
*/
-static void
-display_status_1(const char *m, OM_uint32 code, int type)
-{
- OM_uint32 maj_stat, min_stat;
- gss_buffer_desc msg;
- OM_uint32 msg_ctx;
-
- msg_ctx = 0;
- while (1) {
- maj_stat = gss_display_status(&min_stat, code,
- type, GSS_C_NULL_OID,
- &msg_ctx, &msg);
- printf("%s: %s\n", m, (char *)msg.value);
- (void) gss_release_buffer(&min_stat, &msg);
-
- if (!msg_ctx)
- break;
- }
-}
-
-static void
-gsserr(OM_uint32 maj_stat, OM_uint32 min_stat, const char *msg)
-{
- display_status_1(msg, maj_stat, GSS_C_GSS_CODE);
- display_status_1(msg, min_stat, GSS_C_MECH_CODE);
- exit(1);
-}
-
-static void
-krb5err(krb5_context context, krb5_error_code code, const char *msg)
-{
- const char *emsg = krb5_get_error_message(context, code);
-
- printf("%s: %s\n", msg, emsg);
- krb5_free_error_message(context, emsg);
- exit(1);
-}
-
int
main(int argc, char *argv[])
{
@@ -94,9 +55,9 @@ main(int argc, char *argv[])
krb5_ccache storage_ccache = NULL;
krb5_principal client_princ = NULL;
OM_uint32 minor, major;
- gss_buffer_desc buf, token;
+ gss_buffer_desc buf = GSS_C_EMPTY_BUFFER, token = GSS_C_EMPTY_BUFFER;
gss_OID mech;
- gss_OID_set_desc mechs;
+ gss_OID_set mechs;
gss_name_t service1_name = GSS_C_NO_NAME;
gss_name_t service2_name = GSS_C_NO_NAME;
gss_name_t client_name = GSS_C_NO_NAME;
@@ -104,7 +65,6 @@ main(int argc, char *argv[])
gss_cred_id_t deleg_cred = GSS_C_NO_CREDENTIAL;
gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
- gss_OID_desc spnego_mech = { 6, "\053\006\001\005\005\002" };
/* Parse arguments. */
if (argc >= 2 && strcmp(argv[1], "--spnego") == 0) {
@@ -122,70 +82,49 @@ main(int argc, char *argv[])
service1 = argv[3];
service2 = argv[4];
- mech = use_spnego ? (gss_OID)&spnego_mech : (gss_OID)gss_mech_krb5;
- mechs.elements = mech;
- mechs.count = 1;
+ mech = use_spnego ? &mech_spnego : &mech_krb5;
+ mechs = use_spnego ? &mechset_spnego : &mechset_krb5;
ret = krb5_init_context(&context);
- if (ret)
- krb5err(context, ret, "krb5_init_context");
+ check_k5err(context, "krb5_init_context", ret);
/* Get GSS name and GSS_C_BOTH cred for service1, using the default
* ccache. */
- buf.value = (char *)service1;
- buf.length = strlen(service1);
- major = gss_import_name(&minor, &buf, (gss_OID)GSS_KRB5_NT_PRINCIPAL_NAME,
- &service1_name);
- if (GSS_ERROR(major))
- gsserr(major, minor, "gss_import_name(service1)");
+ service1_name = import_name(service1);
major = gss_acquire_cred(&minor, service1_name, GSS_C_INDEFINITE,
- &mechs, GSS_C_BOTH, &service1_cred, NULL, NULL);
- if (GSS_ERROR(major))
- gsserr(major, minor, "gss_acquire_cred(service1)");
+ mechs, GSS_C_BOTH, &service1_cred, NULL, NULL);
+ check_gsserr("gss_acquire_cred(service1)", major, minor);
/* Get GSS name for service2. */
- buf.value = (char *)service2;
- buf.length = strlen(service2);
- major = gss_import_name(&minor, &buf, (gss_OID)GSS_KRB5_NT_PRINCIPAL_NAME,
- &service2_name);
- if (GSS_ERROR(major))
- gsserr(major, minor, "gss_import_name(service2)");
+ service2_name = import_name(service2);
/* Create initiator context and get the first token, using the client
* ccache. */
major = gss_krb5_ccache_name(&minor, client_ccname, NULL);
- if (GSS_ERROR(major))
- gsserr(major, minor, "gss_krb5_ccache_name(1)");
- token.value = NULL;
- token.length = 0;
+ check_gsserr("gss_krb5_ccache_name(1)", major, minor);
major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL,
&initiator_context, service1_name, mech,
GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
GSS_C_NO_BUFFER, NULL, &token, NULL, NULL);
if (GSS_ERROR(major))
- gsserr(major, minor, "gss_init_sec_context(1)");
+ check_gsserr("gss_init_sec_context(1)", major, minor);
/* Pass the token to gss_accept_sec_context. */
- buf.value = NULL;
- buf.length = 0;
major = gss_accept_sec_context(&minor, &acceptor_context,
service1_cred, &token,
GSS_C_NO_CHANNEL_BINDINGS, &client_name,
NULL, &buf, NULL, NULL, &deleg_cred);
- if (major != GSS_S_COMPLETE)
- gsserr(major, minor, "gss_accept_sec_context(1)");
- gss_release_buffer(&minor, &token);
+ check_gsserr("gss_accept_sec_context(1)", major, minor);
+ (void)gss_release_buffer(&minor, &token);
/* Display and remember the client principal. */
major = gss_display_name(&minor, client_name, &buf, NULL);
- if (major != GSS_S_COMPLETE)
- gsserr(major, minor, "gss_display_name(1)");
+ check_gsserr("gss_display_name(1)", major, minor);
printf("auth1: %.*s\n", (int)buf.length, (char *)buf.value);
/* Assumes buffer is null-terminated, which in our implementation it is. */
ret = krb5_parse_name(context, buf.value, &client_princ);
- if (ret)
- krb5err(context, ret, "krb5_parse_name");
- gss_release_buffer(&minor, &buf);
+ check_k5err(context, "krb5_parse_name", ret);
+ (void)gss_release_buffer(&minor, &buf);
if (deleg_cred == GSS_C_NO_CREDENTIAL) {
printf("no credential delegated.\n");
@@ -194,61 +133,49 @@ main(int argc, char *argv[])
/* Store the delegated credentials. */
ret = krb5_cc_resolve(context, storage_ccname, &storage_ccache);
- if (ret)
- krb5err(context, ret, "krb5_cc_resolve");
+ check_k5err(context, "krb5_cc_resolve", ret);
ret = krb5_cc_initialize(context, storage_ccache, client_princ);
- if (ret)
- krb5err(context, ret, "krb5_cc_initialize");
+ check_k5err(context, "krb5_cc_initialize", ret);
major = gss_krb5_copy_ccache(&minor, deleg_cred, storage_ccache);
- if (GSS_ERROR(major))
- gsserr(major, minor, "gss_krb5_copy_ccache");
+ check_gsserr("gss_krb5_copy_ccache", major, minor);
ret = krb5_cc_close(context, storage_ccache);
- if (ret)
- krb5err(context, ret, "krb5_cc_close");
+ check_k5err(context, "krb5_cc_close", ret);
- gss_delete_sec_context(&minor, &initiator_context, GSS_C_NO_BUFFER);
- gss_delete_sec_context(&minor, &acceptor_context, GSS_C_NO_BUFFER);
+ (void)gss_delete_sec_context(&minor, &initiator_context, GSS_C_NO_BUFFER);
+ (void)gss_delete_sec_context(&minor, &acceptor_context, GSS_C_NO_BUFFER);
/* Create initiator context and get the first token, using the storage
* ccache. */
major = gss_krb5_ccache_name(&minor, storage_ccname, NULL);
- if (GSS_ERROR(major))
- gsserr(major, minor, "gss_krb5_ccache_name(2)");
- token.value = NULL;
- token.length = 0;
+ check_gsserr("gss_krb5_ccache_name(2)", major, minor);
major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL,
&initiator_context, service2_name, mech,
GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
GSS_C_NO_BUFFER, NULL, &token, NULL, NULL);
- if (GSS_ERROR(major))
- gsserr(major, minor, "gss_init_sec_context(2)");
+ check_gsserr("gss_init_sec_context(2)", major, minor);
/* Pass the token to gss_accept_sec_context. */
- buf.value = NULL;
- buf.length = 0;
major = gss_accept_sec_context(&minor, &acceptor_context,
GSS_C_NO_CREDENTIAL, &token,
GSS_C_NO_CHANNEL_BINDINGS, &client_name,
NULL, &buf, NULL, NULL, &deleg_cred);
- if (major != GSS_S_COMPLETE)
- gsserr(major, minor, "gss_accept_sec_context(2)");
- gss_release_buffer(&minor, &token);
+ check_gsserr("gss_accept_sec_context(2)", major, minor);
+ (void)gss_release_buffer(&minor, &token);
major = gss_display_name(&minor, client_name, &buf, NULL);
- if (major != GSS_S_COMPLETE)
- gsserr(major, minor, "gss_display_name(2)");
+ check_gsserr("gss_display_name(2)", major, minor);
printf("auth2: %.*s\n", (int)buf.length, (char *)buf.value);
- gss_release_buffer(&minor, &buf);
+ (void)gss_release_buffer(&minor, &buf);
cleanup:
- gss_release_name(&minor, &client_name);
- gss_release_name(&minor, &service1_name);
- gss_release_name(&minor, &service2_name);
- gss_release_cred(&minor, &service1_cred);
- gss_release_cred(&minor, &deleg_cred);
- gss_delete_sec_context(&minor, &initiator_context, GSS_C_NO_BUFFER);
- gss_delete_sec_context(&minor, &acceptor_context, GSS_C_NO_BUFFER);
+ (void)gss_release_name(&minor, &client_name);
+ (void)gss_release_name(&minor, &service1_name);
+ (void)gss_release_name(&minor, &service2_name);
+ (void)gss_release_cred(&minor, &service1_cred);
+ (void)gss_release_cred(&minor, &deleg_cred);
+ (void)gss_delete_sec_context(&minor, &initiator_context, GSS_C_NO_BUFFER);
+ (void)gss_delete_sec_context(&minor, &acceptor_context, GSS_C_NO_BUFFER);
krb5_free_principal(context, client_princ);
krb5_free_context(context);
return 0;
diff --git a/src/tests/gssapi/t_saslname.c b/src/tests/gssapi/t_saslname.c
index 27cc22d..b874caf 100644
--- a/src/tests/gssapi/t_saslname.c
+++ b/src/tests/gssapi/t_saslname.c
@@ -27,49 +27,19 @@
#include <stdlib.h>
#include <string.h>
-#include <gssapi/gssapi.h>
-#include <gssapi/gssapi_ext.h>
+#include "common.h"
static void
-displayStatus_1(char *m, OM_uint32 code, int type)
+dump_known_mech_attrs(gss_OID mech)
{
- OM_uint32 maj_stat, min_stat;
- gss_buffer_desc msg;
- OM_uint32 msg_ctx;
-
- msg_ctx = 0;
- while (1) {
- maj_stat = gss_display_status(&min_stat, code,
- type, GSS_C_NULL_OID,
- &msg_ctx, &msg);
- fprintf(stderr, "%s: %s\n", m, (char *)msg.value);
- (void) gss_release_buffer(&min_stat, &msg);
-
- if (!msg_ctx)
- break;
- }
-}
-
-static void
-displayStatus(char *msg, OM_uint32 maj_stat, OM_uint32 min_stat)
-{
- displayStatus_1(msg, maj_stat, GSS_C_GSS_CODE);
- displayStatus_1(msg, min_stat, GSS_C_MECH_CODE);
-}
-
-static OM_uint32
-dumpKnownMechAttrs(OM_uint32 *minor, gss_OID mech)
-{
- OM_uint32 major, tmpMinor;
+ OM_uint32 major, minor;
gss_OID_set mech_attrs = GSS_C_NO_OID_SET;
gss_OID_set known_attrs = GSS_C_NO_OID_SET;
size_t i;
- major = gss_inquire_attrs_for_mech(minor, mech, &mech_attrs, &known_attrs);
- if (GSS_ERROR(major)) {
- displayStatus("gss_inquire_attrs_for_mech", major, *minor);
- return major;
- }
+ major = gss_inquire_attrs_for_mech(&minor, mech, &mech_attrs,
+ &known_attrs);
+ check_gsserr("gss_inquire_attrs_for_mech", major, minor);
printf("Known attributes\n");
printf("----------------\n");
@@ -78,38 +48,32 @@ dumpKnownMechAttrs(OM_uint32 *minor, gss_OID mech)
gss_buffer_desc short_desc = GSS_C_EMPTY_BUFFER;
gss_buffer_desc long_desc = GSS_C_EMPTY_BUFFER;
- major = gss_display_mech_attr(minor, &known_attrs->elements[i],
+ major = gss_display_mech_attr(&minor, &known_attrs->elements[i],
&name, &short_desc, &long_desc);
- if (GSS_ERROR(major)) {
- displayStatus("gss_display_mech_attr", major, *minor);
- continue;
- }
+ check_gsserr("gss_display_mech_attr", major, minor);
printf("%.*s (%.*s): %.*s\n", (int)short_desc.length,
(char *)short_desc.value, (int)name.length, (char *)name.value,
(int)long_desc.length, (char *)long_desc.value);
- gss_release_buffer(minor, &name);
- gss_release_buffer(minor, &short_desc);
- gss_release_buffer(minor, &long_desc);
+ (void)gss_release_buffer(&minor, &name);
+ (void)gss_release_buffer(&minor, &short_desc);
+ (void)gss_release_buffer(&minor, &long_desc);
}
printf("\n");
- gss_release_oid_set(&tmpMinor, &mech_attrs);
- gss_release_oid_set(&tmpMinor, &known_attrs);
- return GSS_S_COMPLETE;
+ (void)gss_release_oid_set(&minor, &mech_attrs);
+ (void)gss_release_oid_set(&minor, &known_attrs);
}
-static
-OM_uint32 dumpMechAttrs(OM_uint32 *minor, gss_OID mech)
+static void
+dump_mech_attrs(gss_OID mech)
{
- OM_uint32 major, tmpMinor;
+ OM_uint32 major, minor;
gss_OID_set mech_attrs = GSS_C_NO_OID_SET;
gss_OID_set known_attrs = GSS_C_NO_OID_SET;
size_t i;
- major = gss_inquire_attrs_for_mech(minor, mech, &mech_attrs, &known_attrs);
- if (GSS_ERROR(major)) {
- displayStatus("gss_inquire_attrs_for_mech", major, *minor);
- return major;
- }
+ major = gss_inquire_attrs_for_mech(&minor, mech, &mech_attrs,
+ &known_attrs);
+ check_gsserr("gss_inquire_attrs_for_mech", major, minor);
printf("Mech attrs: ");
@@ -118,39 +82,32 @@ OM_uint32 dumpMechAttrs(OM_uint32 *minor, gss_OID mech)
gss_buffer_desc short_desc = GSS_C_EMPTY_BUFFER;
gss_buffer_desc long_desc = GSS_C_EMPTY_BUFFER;
- major = gss_display_mech_attr(minor, &mech_attrs->elements[i],
+ major = gss_display_mech_attr(&minor, &mech_attrs->elements[i],
&name, &short_desc, &long_desc);
- if (GSS_ERROR(major)) {
- displayStatus("gss_display_mech_attr", major, *minor);
- continue;
- }
+ check_gsserr("gss_display_mech_attr", major, minor);
printf("%.*s ", (int)name.length, (char *)name.value);
- gss_release_buffer(minor, &name);
- gss_release_buffer(minor, &short_desc);
- gss_release_buffer(minor, &long_desc);
+ (void)gss_release_buffer(&minor, &name);
+ (void)gss_release_buffer(&minor, &short_desc);
+ (void)gss_release_buffer(&minor, &long_desc);
}
printf("\n");
- gss_release_oid_set(&tmpMinor, &mech_attrs);
- gss_release_oid_set(&tmpMinor, &known_attrs);
-
- return GSS_S_COMPLETE;
+ (void)gss_release_oid_set(&minor, &mech_attrs);
+ (void)gss_release_oid_set(&minor, &known_attrs);
}
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
gss_OID_set mechs;
OM_uint32 major, minor;
size_t i;
major = gss_indicate_mechs(&minor, &mechs);
- if (GSS_ERROR(major)) {
- displayStatus("gss_indicate_mechs", major, minor);
- return major;
- }
-
+ check_gsserr("gss_indicate_mechs", major, minor);
if (mechs->count > 0)
- dumpKnownMechAttrs(&minor, mechs->elements);
+ dump_known_mech_attrs(mechs->elements);
+
for (i = 0; i < mechs->count; i++) {
gss_buffer_desc oidstr = GSS_C_EMPTY_BUFFER;
gss_buffer_desc sasl_mech_name = GSS_C_EMPTY_BUFFER;
@@ -180,30 +137,29 @@ int main(int argc, char *argv[])
(char *)mech_name.value);
printf("Mech desc : %.*s\n", (int)mech_description.length,
(char *)mech_description.value);
- dumpMechAttrs(&minor, &mechs->elements[i]);
+ dump_mech_attrs(&mechs->elements[i]);
printf("-------------------------------------------------------------"
"-----------------\n");
- if (GSS_ERROR(gss_inquire_mech_for_saslname(&minor, &sasl_mech_name,
- &oid))) {
- displayStatus("gss_inquire_mech_for_saslname", major, minor);
- } else if (oid == GSS_C_NO_OID ||
- (oid->length != mechs->elements[i].length &&
- memcmp(oid->elements, mechs->elements[i].elements,
- oid->length) != 0)) {
- gss_release_buffer(&minor, &oidstr);
- (void) gss_oid_to_str(&minor, oid, &oidstr);
+ major = gss_inquire_mech_for_saslname(&minor, &sasl_mech_name, &oid);
+ check_gsserr("gss_inquire_mech_for_saslname", major, minor);
+
+ if (oid == GSS_C_NO_OID ||
+ (oid->length != mechs->elements[i].length &&
+ memcmp(oid->elements, mechs->elements[i].elements,
+ oid->length) != 0)) {
+ (void)gss_release_buffer(&minor, &oidstr);
+ (void)gss_oid_to_str(&minor, oid, &oidstr);
fprintf(stderr, "Got different OID %.*s for mechanism %.*s\n",
(int)oidstr.length, (char *)oidstr.value,
(int)sasl_mech_name.length, (char *)sasl_mech_name.value);
}
- gss_release_buffer(&minor, &oidstr);
- gss_release_buffer(&minor, &sasl_mech_name);
- gss_release_buffer(&minor, &mech_name);
- gss_release_buffer(&minor, &mech_description);
+ (void)gss_release_buffer(&minor, &oidstr);
+ (void)gss_release_buffer(&minor, &sasl_mech_name);
+ (void)gss_release_buffer(&minor, &mech_name);
+ (void)gss_release_buffer(&minor, &mech_description);
}
- gss_release_oid_set(&minor, &mechs);
-
- return GSS_ERROR(major) ? 1 : 0;
+ (void)gss_release_oid_set(&minor, &mechs);
+ return 0;
}
diff --git a/src/tests/gssapi/t_spnego.c b/src/tests/gssapi/t_spnego.c
index adb5737..aee80d4 100644
--- a/src/tests/gssapi/t_spnego.c
+++ b/src/tests/gssapi/t_spnego.c
@@ -28,7 +28,7 @@
#include <stdlib.h>
#include <string.h>
-#include <gssapi/gssapi_krb5.h>
+#include "common.h"
/*
* Test program for SPNEGO and gss_set_neg_mechs
@@ -39,224 +39,65 @@
* ./t_spnego host/test.host at REALM testhost.keytab
*/
-static gss_OID_desc spnego_mech = { 6, "\053\006\001\005\005\002" };
-
-static void displayStatus_1(m, code, type)
- char *m;
- OM_uint32 code;
- int type;
-{
- OM_uint32 maj_stat, min_stat;
- gss_buffer_desc msg;
- OM_uint32 msg_ctx;
-
- msg_ctx = 0;
- while (1) {
- maj_stat = gss_display_status(&min_stat, code,
- type, GSS_C_NULL_OID,
- &msg_ctx, &msg);
- fprintf(stderr, "%s: %s\n", m, (char *)msg.value);
- (void) gss_release_buffer(&min_stat, &msg);
-
- if (!msg_ctx)
- break;
- }
-}
-
-static void displayStatus(msg, maj_stat, min_stat)
- char *msg;
- OM_uint32 maj_stat;
- OM_uint32 min_stat;
-{
- displayStatus_1(msg, maj_stat, GSS_C_GSS_CODE);
- displayStatus_1(msg, min_stat, GSS_C_MECH_CODE);
-}
-
-static OM_uint32
-displayCanonName(OM_uint32 *minor, gss_name_t name, char *tag)
-{
- gss_name_t canon;
- OM_uint32 major, tmp_minor;
- gss_buffer_desc buf;
-
- major = gss_canonicalize_name(minor, name,
- (gss_OID)gss_mech_krb5, &canon);
- if (GSS_ERROR(major)) {
- displayStatus("gss_canonicalize_name", major, *minor);
- return major;
- }
-
- major = gss_display_name(minor, canon, &buf, NULL);
- if (GSS_ERROR(major)) {
- displayStatus("gss_display_name", major, *minor);
- gss_release_name(&tmp_minor, &canon);
- return major;
- }
-
- printf("%s:\t%s\n", tag, (char *)buf.value);
-
- gss_release_buffer(&tmp_minor, &buf);
- gss_release_name(&tmp_minor, &canon);
-
- return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-displayOID(OM_uint32 *minor, gss_OID oid, char *tag)
+int
+main(int argc, char *argv[])
{
- OM_uint32 major, tmp_minor;
- gss_buffer_desc buf;
-
- major = gss_oid_to_str(minor, oid, &buf);
- if (GSS_ERROR(major)) {
- displayStatus("gss_oid_to_str", major, *minor);
- return major;
- }
-
- printf("%s:\t%s\n", tag, (char *)buf.value);
-
- gss_release_buffer(&tmp_minor, &buf);
-
- return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-initAcceptSecContext(OM_uint32 *minor,
- gss_name_t target_name,
- gss_cred_id_t verifier_cred_handle)
-{
- OM_uint32 major;
- gss_buffer_desc token, tmp;
+ OM_uint32 minor, major;
+ gss_cred_id_t verifier_cred_handle = GSS_C_NO_CREDENTIAL;
+ gss_OID_set actual_mechs = GSS_C_NO_OID_SET;
+ gss_buffer_desc token = GSS_C_EMPTY_BUFFER, tmp = GSS_C_EMPTY_BUFFER;
gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
- gss_name_t source_name = GSS_C_NO_NAME;
+ gss_name_t target_name, source_name = GSS_C_NO_NAME;
OM_uint32 time_rec;
gss_OID mech = GSS_C_NO_OID;
- token.value = NULL;
- token.length = 0;
-
- tmp.value = NULL;
- tmp.length = 0;
-
- major = gss_init_sec_context(minor,
- GSS_C_NO_CREDENTIAL,
- &initiator_context,
- target_name,
- &spnego_mech,
- GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
- GSS_C_INDEFINITE,
- GSS_C_NO_CHANNEL_BINDINGS,
- GSS_C_NO_BUFFER,
- NULL,
- &token,
- NULL,
- &time_rec);
-
- if (GSS_ERROR(major)) {
- displayStatus("gss_init_sec_context", major, *minor);
- return major;
- }
-
- (void) gss_delete_sec_context(minor, &initiator_context, NULL);
-
- major = gss_accept_sec_context(minor,
- &acceptor_context,
- verifier_cred_handle,
- &token,
- GSS_C_NO_CHANNEL_BINDINGS,
- &source_name,
- &mech,
- &tmp,
- NULL,
- &time_rec,
- NULL);
-
- if (GSS_ERROR(major))
- displayStatus("gss_accept_sec_context", major, *minor);
- else {
- displayCanonName(minor, source_name, "Source name");
- displayOID(minor, mech, "Source mech");
- }
-
- (void) gss_release_name(minor, &source_name);
- (void) gss_delete_sec_context(minor, &acceptor_context, NULL);
- (void) gss_release_buffer(minor, &token);
- (void) gss_release_buffer(minor, &tmp);
- (void) gss_release_oid(minor, &mech);
-
- return major;
-}
-
-int main(int argc, char *argv[])
-{
- OM_uint32 minor, major;
- gss_cred_id_t verifier_cred_handle = GSS_C_NO_CREDENTIAL;
- gss_OID_set_desc mechs;
- gss_OID_set actual_mechs = GSS_C_NO_OID_SET;
- gss_buffer_desc buf;
- gss_name_t target_name;
-
if (argc < 2 || argc > 3) {
fprintf(stderr, "Usage: %s target_name [keytab]\n", argv[0]);
exit(1);
}
- buf.value = argv[1];
- buf.length = strlen((char *)buf.value);
- major = gss_import_name(&minor, &buf,
- (gss_OID)GSS_KRB5_NT_PRINCIPAL_NAME,
- &target_name);
- if (GSS_ERROR(major)) {
- displayStatus("gss_import_name(target_name)", major, minor);
- goto out;
- }
+ target_name = import_name(argv[1]);
- if (argc > 2) {
+ if (argc >= 3) {
major = krb5_gss_register_acceptor_identity(argv[2]);
- if (GSS_ERROR(major)) {
- displayStatus("krb5_gss_register_acceptor_identity",
- major, minor);
- goto out;
- }
+ check_gsserr("krb5_gss_register_acceptor_identity", major, 0);
}
- mechs.elements = &spnego_mech;
- mechs.count = 1;
-
- /* get default acceptor cred */
- major = gss_acquire_cred(&minor,
- GSS_C_NO_NAME,
- GSS_C_INDEFINITE,
- &mechs,
- GSS_C_ACCEPT,
- &verifier_cred_handle,
- &actual_mechs,
- NULL);
- if (GSS_ERROR(major)) {
- displayStatus("gss_acquire_cred", major, minor);
- goto out;
- }
+ /* Get default acceptor cred. */
+ major = gss_acquire_cred(&minor, GSS_C_NO_NAME, GSS_C_INDEFINITE,
+ &mechset_spnego, GSS_C_ACCEPT,
+ &verifier_cred_handle, &actual_mechs, NULL);
+ check_gsserr("gss_acquire_cred", major, minor);
/* Restrict the acceptor to krb5, to exercise the neg_mechs logic. */
- mechs.elements = (gss_OID)gss_mech_krb5;
- mechs.count = 1;
- major = gss_set_neg_mechs(&minor, verifier_cred_handle, &mechs);
- if (GSS_ERROR(major)) {
- displayStatus("gss_set_neg_mechs", major, minor);
- goto out;
- }
-
- major = initAcceptSecContext(&minor, target_name, verifier_cred_handle);
- if (GSS_ERROR(major))
- goto out;
-
- printf("\n");
+ major = gss_set_neg_mechs(&minor, verifier_cred_handle, &mechset_krb5);
+ check_gsserr("gss_set_neg_mechs", major, minor);
-out:
- (void) gss_release_cred(&minor, &verifier_cred_handle);
- (void) gss_release_oid_set(&minor, &actual_mechs);
- (void) gss_release_name(&minor, &target_name);
-
- return GSS_ERROR(major) ? 1 : 0;
+ major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL,
+ &initiator_context, target_name, &mech_spnego,
+ GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
+ GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
+ GSS_C_NO_BUFFER, NULL, &token, NULL,
+ &time_rec);
+ check_gsserr("gss_init_sec_context", major, minor);
+ (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
+
+ major = gss_accept_sec_context(&minor, &acceptor_context,
+ verifier_cred_handle, &token,
+ GSS_C_NO_CHANNEL_BINDINGS, &source_name,
+ &mech, &tmp, NULL, &time_rec, NULL);
+ check_gsserr("gss_accept_sec_context", major, minor);
+
+ display_canon_name("Source name", source_name, &mech_krb5);
+ display_oid("Source mech", mech);
+
+ (void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
+ (void)gss_release_name(&minor, &source_name);
+ (void)gss_release_name(&minor, &target_name);
+ (void)gss_release_buffer(&minor, &token);
+ (void)gss_release_buffer(&minor, &tmp);
+ (void)gss_release_cred(&minor, &verifier_cred_handle);
+ (void)gss_release_oid_set(&minor, &actual_mechs);
+ return 0;
}
More information about the cvs-krb5
mailing list