/crypto/heimdal/tests/kdc/ap-req.c
C | 221 lines | 149 code | 41 blank | 31 comment | 24 complexity | 4c176cfe9478fba284eea35656b09573 MD5 | raw file
1/* 2 * Copyright (c) 2006 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of KTH nor the names of its contributors may be 18 * used to endorse or promote products derived from this software without 19 * specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY 22 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE 25 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 28 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 29 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 30 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 31 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 32 33#ifdef HAVE_CONFIG_H 34#include <config.h> 35RCSID("$Id: ap-req.c 19807 2007-01-10 19:35:45Z lha $"); 36#endif 37 38#include <sys/types.h> 39#include <stdio.h> 40#include <krb5.h> 41#include <err.h> 42#include <getarg.h> 43#include <roken.h> 44 45static int verify_pac = 0; 46static int version_flag = 0; 47static int help_flag = 0; 48 49static struct getargs args[] = { 50 {"verify-pac",0, arg_flag, &verify_pac, 51 "verify the PAC", NULL }, 52 {"version", 0, arg_flag, &version_flag, 53 "print version", NULL }, 54 {"help", 0, arg_flag, &help_flag, 55 NULL, NULL } 56}; 57 58static void 59usage (int ret) 60{ 61 arg_printusage (args, sizeof(args)/sizeof(*args), NULL, "..."); 62 exit (ret); 63} 64 65 66static void 67test_ap(krb5_context context, 68 krb5_principal sprincipal, 69 krb5_keytab keytab, 70 krb5_ccache ccache, 71 const krb5_flags client_flags) 72{ 73 krb5_error_code ret; 74 krb5_auth_context client_ac = NULL, server_ac = NULL; 75 krb5_data data; 76 krb5_flags server_flags; 77 krb5_ticket *ticket = NULL; 78 int32_t server_seq, client_seq; 79 80 ret = krb5_mk_req_exact(context, 81 &client_ac, 82 client_flags, 83 sprincipal, 84 NULL, 85 ccache, 86 &data); 87 if (ret) 88 krb5_err(context, 1, ret, "krb5_mk_req_exact"); 89 90 ret = krb5_rd_req(context, 91 &server_ac, 92 &data, 93 sprincipal, 94 keytab, 95 &server_flags, 96 &ticket); 97 if (ret) 98 krb5_err(context, 1, ret, "krb5_rd_req"); 99 100 101 if (server_flags & AP_OPTS_MUTUAL_REQUIRED) { 102 krb5_ap_rep_enc_part *repl; 103 104 krb5_data_free(&data); 105 106 if ((client_flags & AP_OPTS_MUTUAL_REQUIRED) == 0) 107 krb5_errx(context, 1, "client flag missing mutual req"); 108 109 ret = krb5_mk_rep (context, server_ac, &data); 110 if (ret) 111 krb5_err(context, 1, ret, "krb5_mk_rep"); 112 113 ret = krb5_rd_rep (context, 114 client_ac, 115 &data, 116 &repl); 117 if (ret) 118 krb5_err(context, 1, ret, "krb5_rd_rep"); 119 120 krb5_free_ap_rep_enc_part (context, repl); 121 } else { 122 if (client_flags & AP_OPTS_MUTUAL_REQUIRED) 123 krb5_errx(context, 1, "server flag missing mutual req"); 124 } 125 126 krb5_auth_getremoteseqnumber(context, server_ac, &server_seq); 127 krb5_auth_getremoteseqnumber(context, client_ac, &client_seq); 128 if (server_seq != client_seq) 129 krb5_errx(context, 1, "seq num differ"); 130 131 krb5_auth_con_getlocalseqnumber(context, server_ac, &server_seq); 132 krb5_auth_con_getlocalseqnumber(context, client_ac, &client_seq); 133 if (server_seq != client_seq) 134 krb5_errx(context, 1, "seq num differ"); 135 136 krb5_data_free(&data); 137 krb5_auth_con_free(context, client_ac); 138 krb5_auth_con_free(context, server_ac); 139 140 if (verify_pac) { 141 krb5_pac pac; 142 143 ret = krb5_ticket_get_authorization_data_type(context, 144 ticket, 145 KRB5_AUTHDATA_WIN2K_PAC, 146 &data); 147 if (ret) 148 krb5_err(context, 1, ret, "get pac"); 149 150 ret = krb5_pac_parse(context, data.data, data.length, &pac); 151 if (ret) 152 krb5_err(context, 1, ret, "pac parse"); 153 154 krb5_pac_free(context, pac); 155 } 156 157 krb5_free_ticket(context, ticket); 158} 159 160 161int 162main(int argc, char **argv) 163{ 164 krb5_context context; 165 krb5_error_code ret; 166 int optidx = 0; 167 const char *principal, *keytab, *ccache; 168 krb5_ccache id; 169 krb5_keytab kt; 170 krb5_principal sprincipal; 171 172 setprogname(argv[0]); 173 174 if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) 175 usage(1); 176 177 if (help_flag) 178 usage (0); 179 180 if(version_flag){ 181 print_version(NULL); 182 exit(0); 183 } 184 185 argc -= optidx; 186 argv += optidx; 187 188 if (argc < 3) 189 usage(1); 190 191 principal = argv[0]; 192 keytab = argv[1]; 193 ccache = argv[2]; 194 195 ret = krb5_init_context(&context); 196 if (ret) 197 errx (1, "krb5_init_context failed: %d", ret); 198 199 ret = krb5_cc_resolve(context, ccache, &id); 200 if (ret) 201 krb5_err(context, 1, ret, "krb5_cc_resolve"); 202 203 ret = krb5_parse_name(context, principal, &sprincipal); 204 if (ret) 205 krb5_err(context, 1, ret, "krb5_parse_name"); 206 207 ret = krb5_kt_resolve(context, keytab, &kt); 208 if (ret) 209 krb5_err(context, 1, ret, "krb5_kt_resolve"); 210 211 test_ap(context, sprincipal, kt, id, 0); 212 test_ap(context, sprincipal, kt, id, AP_OPTS_MUTUAL_REQUIRED); 213 214 krb5_cc_close(context, id); 215 krb5_kt_close(context, kt); 216 krb5_free_principal(context, sprincipal); 217 218 krb5_free_context(context); 219 220 return ret; 221}