summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/appl/test/gssapi_server.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/appl/test/gssapi_server.c')
-rw-r--r--crypto/heimdal/appl/test/gssapi_server.c101
1 files changed, 79 insertions, 22 deletions
diff --git a/crypto/heimdal/appl/test/gssapi_server.c b/crypto/heimdal/appl/test/gssapi_server.c
index 3d4affd..e63a2bc 100644
--- a/crypto/heimdal/appl/test/gssapi_server.c
+++ b/crypto/heimdal/appl/test/gssapi_server.c
@@ -34,7 +34,7 @@
#include "test_locl.h"
#include <gssapi.h>
#include "gss_common.h"
-RCSID("$Id: gssapi_server.c,v 1.15 2000/08/09 20:53:07 assar Exp $");
+RCSID("$Id: gssapi_server.c 14762 2005-04-10 14:47:41Z lha $");
static int
process_it(int sock,
@@ -43,22 +43,31 @@ process_it(int sock,
)
{
OM_uint32 maj_stat, min_stat;
- gss_buffer_desc name_token;
gss_buffer_desc real_input_token, real_output_token;
gss_buffer_t input_token = &real_input_token,
output_token = &real_output_token;
-
- maj_stat = gss_display_name (&min_stat,
- client_name,
- &name_token,
- NULL);
+ gss_name_t server_name;
+ int conf_flag;
+
+ print_gss_name("User is", client_name);
+
+ maj_stat = gss_inquire_context(&min_stat,
+ context_hdl,
+ NULL,
+ &server_name,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
if (GSS_ERROR(maj_stat))
- gss_err (1, min_stat, "gss_display_name");
+ gss_err (1, min_stat, "gss_inquire_context");
- fprintf (stderr, "User is `%.*s'\n", (int)name_token.length,
- (char *)name_token.value);
+ print_gss_name("Server is", server_name);
- gss_release_buffer (&min_stat, &name_token);
+ maj_stat = gss_release_name(&min_stat, &server_name);
+ if (GSS_ERROR(maj_stat))
+ gss_err (1, min_stat, "gss_release_name");
/* gss_verify_mic */
@@ -87,13 +96,32 @@ process_it(int sock,
context_hdl,
input_token,
output_token,
- NULL,
+ &conf_flag,
+ NULL);
+ if(GSS_ERROR(maj_stat))
+ gss_err (1, min_stat, "gss_unwrap");
+
+ fprintf (stderr, "gss_unwrap: %.*s %s\n", (int)output_token->length,
+ (char *)output_token->value,
+ conf_flag ? "CONF" : "INT");
+
+ gss_release_buffer (&min_stat, input_token);
+ gss_release_buffer (&min_stat, output_token);
+
+ read_token (sock, input_token);
+
+ maj_stat = gss_unwrap (&min_stat,
+ context_hdl,
+ input_token,
+ output_token,
+ &conf_flag,
NULL);
if(GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_unwrap");
- fprintf (stderr, "gss_unwrap: %.*s\n", (int)output_token->length,
- (char *)output_token->value);
+ fprintf (stderr, "gss_unwrap: %.*s %s\n", (int)output_token->length,
+ (char *)output_token->value,
+ conf_flag ? "CONF" : "INT");
gss_release_buffer (&min_stat, input_token);
gss_release_buffer (&min_stat, output_token);
@@ -117,6 +145,8 @@ proto (int sock, const char *service)
krb5_ccache ccache;
u_char init_buf[4];
u_char acct_buf[4];
+ gss_OID mech_oid;
+ char *mech, *p;
addrlen = sizeof(local);
if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
@@ -156,8 +186,7 @@ proto (int sock, const char *service)
input_chan_bindings.application_data.value = NULL;
#endif
- delegated_cred_handle = emalloc(sizeof(*delegated_cred_handle));
- memset((char*)delegated_cred_handle, 0, sizeof(*delegated_cred_handle));
+ delegated_cred_handle = GSS_C_NO_CREDENTIAL;
do {
read_token (sock, input_token);
@@ -168,11 +197,11 @@ proto (int sock, const char *service)
input_token,
&input_chan_bindings,
&client_name,
- NULL,
+ &mech_oid,
output_token,
NULL,
NULL,
- /*&delegated_cred_handle*/ NULL);
+ &delegated_cred_handle);
if(GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_accept_sec_context");
if (output_token->length != 0)
@@ -186,15 +215,43 @@ proto (int sock, const char *service)
}
} while(maj_stat & GSS_S_CONTINUE_NEEDED);
- if (delegated_cred_handle->ccache) {
+ p = (char *)mech_oid->elements;
+ if (mech_oid->length == GSS_KRB5_MECHANISM->length
+ && memcmp(p, GSS_KRB5_MECHANISM->elements, mech_oid->length) == 0)
+ mech = "Kerberos 5";
+ else if (mech_oid->length == GSS_SPNEGO_MECHANISM->length
+ && memcmp(p, GSS_SPNEGO_MECHANISM->elements, mech_oid->length) == 0)
+ mech = "SPNEGO"; /* XXX Silly, wont show up */
+ else
+ mech = "Unknown";
+
+ printf("Using mech: %s\n", mech);
+
+ if (delegated_cred_handle != GSS_C_NO_CREDENTIAL) {
krb5_context context;
+ printf("Delegated cred found\n");
+
maj_stat = krb5_init_context(&context);
maj_stat = krb5_cc_resolve(context, "FILE:/tmp/krb5cc_test", &ccache);
- maj_stat = krb5_cc_copy_cache(context,
- delegated_cred_handle->ccache, ccache);
+ maj_stat = gss_krb5_copy_ccache(&min_stat,
+ delegated_cred_handle,
+ ccache);
+ if (maj_stat == 0) {
+ krb5_principal p;
+ maj_stat = krb5_cc_get_principal(context, ccache, &p);
+ if (maj_stat == 0) {
+ char *name;
+ maj_stat = krb5_unparse_name(context, p, &name);
+ if (maj_stat == 0) {
+ printf("Delegated user is: `%s'\n", name);
+ free(name);
+ }
+ krb5_free_principal(context, p);
+ }
+ }
krb5_cc_close(context, ccache);
- krb5_cc_destroy(context, delegated_cred_handle->ccache);
+ gss_release_cred(&min_stat, &delegated_cred_handle);
}
if (fork_flag) {
OpenPOWER on IntegriCloud