/crypto/heimdal/tests/kdc/ap-req.c

https://bitbucket.org/freebsd/freebsd-head/ · C · 221 lines · 149 code · 41 blank · 31 comment · 24 complexity · 4c176cfe9478fba284eea35656b09573 MD5 · raw file

  1. /*
  2. * Copyright (c) 2006 Kungliga Tekniska Högskolan
  3. * (Royal Institute of Technology, Stockholm, Sweden).
  4. * All rights reserved.
  5. *
  6. * Redistribution and use in source and binary forms, with or without
  7. * modification, are permitted provided that the following conditions
  8. * are met:
  9. *
  10. * 1. Redistributions of source code must retain the above copyright
  11. * notice, this list of conditions and the following disclaimer.
  12. *
  13. * 2. Redistributions in binary form must reproduce the above copyright
  14. * notice, this list of conditions and the following disclaimer in the
  15. * documentation and/or other materials provided with the distribution.
  16. *
  17. * 3. Neither the name of KTH nor the names of its contributors may be
  18. * used to endorse or promote products derived from this software without
  19. * specific prior written permission.
  20. *
  21. * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
  22. * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  24. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
  25. * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  26. * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  27. * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
  28. * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
  29. * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
  30. * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
  31. * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
  32. #ifdef HAVE_CONFIG_H
  33. #include <config.h>
  34. RCSID("$Id: ap-req.c 19807 2007-01-10 19:35:45Z lha $");
  35. #endif
  36. #include <sys/types.h>
  37. #include <stdio.h>
  38. #include <krb5.h>
  39. #include <err.h>
  40. #include <getarg.h>
  41. #include <roken.h>
  42. static int verify_pac = 0;
  43. static int version_flag = 0;
  44. static int help_flag = 0;
  45. static struct getargs args[] = {
  46. {"verify-pac",0, arg_flag, &verify_pac,
  47. "verify the PAC", NULL },
  48. {"version", 0, arg_flag, &version_flag,
  49. "print version", NULL },
  50. {"help", 0, arg_flag, &help_flag,
  51. NULL, NULL }
  52. };
  53. static void
  54. usage (int ret)
  55. {
  56. arg_printusage (args, sizeof(args)/sizeof(*args), NULL, "...");
  57. exit (ret);
  58. }
  59. static void
  60. test_ap(krb5_context context,
  61. krb5_principal sprincipal,
  62. krb5_keytab keytab,
  63. krb5_ccache ccache,
  64. const krb5_flags client_flags)
  65. {
  66. krb5_error_code ret;
  67. krb5_auth_context client_ac = NULL, server_ac = NULL;
  68. krb5_data data;
  69. krb5_flags server_flags;
  70. krb5_ticket *ticket = NULL;
  71. int32_t server_seq, client_seq;
  72. ret = krb5_mk_req_exact(context,
  73. &client_ac,
  74. client_flags,
  75. sprincipal,
  76. NULL,
  77. ccache,
  78. &data);
  79. if (ret)
  80. krb5_err(context, 1, ret, "krb5_mk_req_exact");
  81. ret = krb5_rd_req(context,
  82. &server_ac,
  83. &data,
  84. sprincipal,
  85. keytab,
  86. &server_flags,
  87. &ticket);
  88. if (ret)
  89. krb5_err(context, 1, ret, "krb5_rd_req");
  90. if (server_flags & AP_OPTS_MUTUAL_REQUIRED) {
  91. krb5_ap_rep_enc_part *repl;
  92. krb5_data_free(&data);
  93. if ((client_flags & AP_OPTS_MUTUAL_REQUIRED) == 0)
  94. krb5_errx(context, 1, "client flag missing mutual req");
  95. ret = krb5_mk_rep (context, server_ac, &data);
  96. if (ret)
  97. krb5_err(context, 1, ret, "krb5_mk_rep");
  98. ret = krb5_rd_rep (context,
  99. client_ac,
  100. &data,
  101. &repl);
  102. if (ret)
  103. krb5_err(context, 1, ret, "krb5_rd_rep");
  104. krb5_free_ap_rep_enc_part (context, repl);
  105. } else {
  106. if (client_flags & AP_OPTS_MUTUAL_REQUIRED)
  107. krb5_errx(context, 1, "server flag missing mutual req");
  108. }
  109. krb5_auth_getremoteseqnumber(context, server_ac, &server_seq);
  110. krb5_auth_getremoteseqnumber(context, client_ac, &client_seq);
  111. if (server_seq != client_seq)
  112. krb5_errx(context, 1, "seq num differ");
  113. krb5_auth_con_getlocalseqnumber(context, server_ac, &server_seq);
  114. krb5_auth_con_getlocalseqnumber(context, client_ac, &client_seq);
  115. if (server_seq != client_seq)
  116. krb5_errx(context, 1, "seq num differ");
  117. krb5_data_free(&data);
  118. krb5_auth_con_free(context, client_ac);
  119. krb5_auth_con_free(context, server_ac);
  120. if (verify_pac) {
  121. krb5_pac pac;
  122. ret = krb5_ticket_get_authorization_data_type(context,
  123. ticket,
  124. KRB5_AUTHDATA_WIN2K_PAC,
  125. &data);
  126. if (ret)
  127. krb5_err(context, 1, ret, "get pac");
  128. ret = krb5_pac_parse(context, data.data, data.length, &pac);
  129. if (ret)
  130. krb5_err(context, 1, ret, "pac parse");
  131. krb5_pac_free(context, pac);
  132. }
  133. krb5_free_ticket(context, ticket);
  134. }
  135. int
  136. main(int argc, char **argv)
  137. {
  138. krb5_context context;
  139. krb5_error_code ret;
  140. int optidx = 0;
  141. const char *principal, *keytab, *ccache;
  142. krb5_ccache id;
  143. krb5_keytab kt;
  144. krb5_principal sprincipal;
  145. setprogname(argv[0]);
  146. if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
  147. usage(1);
  148. if (help_flag)
  149. usage (0);
  150. if(version_flag){
  151. print_version(NULL);
  152. exit(0);
  153. }
  154. argc -= optidx;
  155. argv += optidx;
  156. if (argc < 3)
  157. usage(1);
  158. principal = argv[0];
  159. keytab = argv[1];
  160. ccache = argv[2];
  161. ret = krb5_init_context(&context);
  162. if (ret)
  163. errx (1, "krb5_init_context failed: %d", ret);
  164. ret = krb5_cc_resolve(context, ccache, &id);
  165. if (ret)
  166. krb5_err(context, 1, ret, "krb5_cc_resolve");
  167. ret = krb5_parse_name(context, principal, &sprincipal);
  168. if (ret)
  169. krb5_err(context, 1, ret, "krb5_parse_name");
  170. ret = krb5_kt_resolve(context, keytab, &kt);
  171. if (ret)
  172. krb5_err(context, 1, ret, "krb5_kt_resolve");
  173. test_ap(context, sprincipal, kt, id, 0);
  174. test_ap(context, sprincipal, kt, id, AP_OPTS_MUTUAL_REQUIRED);
  175. krb5_cc_close(context, id);
  176. krb5_kt_close(context, kt);
  177. krb5_free_principal(context, sprincipal);
  178. krb5_free_context(context);
  179. return ret;
  180. }