appl/test/gssapi_client.c

55682Smarkm/*
57419Smarkm * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
55682Smarkm * (Royal Institute of Technology, Stockholm, Sweden).
55682Smarkm * All rights reserved.
55682Smarkm *
55682Smarkm * Redistribution and use in source and binary forms, with or without
55682Smarkm * modification, are permitted provided that the following conditions
55682Smarkm * are met:
55682Smarkm *
55682Smarkm * 1. Redistributions of source code must retain the above copyright
55682Smarkm *    notice, this list of conditions and the following disclaimer.
55682Smarkm *
55682Smarkm * 2. Redistributions in binary form must reproduce the above copyright
55682Smarkm *    notice, this list of conditions and the following disclaimer in the
55682Smarkm *    documentation and/or other materials provided with the distribution.
55682Smarkm *
55682Smarkm * 3. Neither the name of the Institute nor the names of its contributors
55682Smarkm *    may be used to endorse or promote products derived from this software
55682Smarkm *    without specific prior written permission.
55682Smarkm *
55682Smarkm * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
55682Smarkm * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55682Smarkm * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
55682Smarkm * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
55682Smarkm * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
55682Smarkm * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
55682Smarkm * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55682Smarkm * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
55682Smarkm * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
55682Smarkm * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
55682Smarkm * SUCH DAMAGE.
55682Smarkm */
55682Smarkm
55682Smarkm#include "test_locl.h"
55682Smarkm#include <gssapi.h>
55682Smarkm#include "gss_common.h"
178825SdfrRCSID("$Id: gssapi_client.c 21521 2007-07-12 13:13:40Z lha $");
55682Smarkm
55682Smarkmstatic int
57419Smarkmdo_trans (int sock, gss_ctx_id_t context_hdl)
57419Smarkm{
57419Smarkm    OM_uint32 maj_stat, min_stat;
57419Smarkm    gss_buffer_desc real_input_token, real_output_token;
57419Smarkm    gss_buffer_t input_token = &real_input_token,
57419Smarkm	output_token = &real_output_token;
57419Smarkm
57419Smarkm    /* get_mic */
57419Smarkm
57419Smarkm    input_token->length = 3;
57419Smarkm    input_token->value  = strdup("hej");
57419Smarkm
57419Smarkm    maj_stat = gss_get_mic(&min_stat,
57419Smarkm			   context_hdl,
57419Smarkm			   GSS_C_QOP_DEFAULT,
57419Smarkm			   input_token,
57419Smarkm			   output_token);
57419Smarkm    if (GSS_ERROR(maj_stat))
57419Smarkm	gss_err (1, min_stat, "gss_get_mic");
57419Smarkm
57419Smarkm    write_token (sock, input_token);
57419Smarkm    write_token (sock, output_token);
57419Smarkm
57419Smarkm    /* wrap */
57419Smarkm
57419Smarkm    input_token->length = 7;
57419Smarkm    input_token->value  = "hemligt";
57419Smarkm
178825Sdfr    maj_stat = gss_wrap (&min_stat,
178825Sdfr			 context_hdl,
178825Sdfr			 0,
178825Sdfr			 GSS_C_QOP_DEFAULT,
178825Sdfr			 input_token,
178825Sdfr			 NULL,
178825Sdfr			 output_token);
178825Sdfr    if (GSS_ERROR(maj_stat))
178825Sdfr	gss_err (1, min_stat, "gss_wrap");
57419Smarkm
178825Sdfr    write_token (sock, output_token);
178825Sdfr
57419Smarkm    maj_stat = gss_wrap (&min_stat,
57419Smarkm			 context_hdl,
57419Smarkm			 1,
57419Smarkm			 GSS_C_QOP_DEFAULT,
57419Smarkm			 input_token,
57419Smarkm			 NULL,
57419Smarkm			 output_token);
57419Smarkm    if (GSS_ERROR(maj_stat))
57419Smarkm	gss_err (1, min_stat, "gss_wrap");
57419Smarkm
57419Smarkm    write_token (sock, output_token);
57419Smarkm
57419Smarkm    return 0;
57419Smarkm}
57419Smarkm
57419Smarkmstatic int
55682Smarkmproto (int sock, const char *hostname, const char *service)
55682Smarkm{
55682Smarkm    struct sockaddr_in remote, local;
72445Sassar    socklen_t addrlen;
55682Smarkm
55682Smarkm    int context_established = 0;
55682Smarkm    gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
55682Smarkm    gss_buffer_desc real_input_token, real_output_token;
57419Smarkm    gss_buffer_t input_token = &real_input_token,
57419Smarkm	output_token = &real_output_token;
55682Smarkm    OM_uint32 maj_stat, min_stat;
55682Smarkm    gss_name_t server;
55682Smarkm    gss_buffer_desc name_token;
72445Sassar    struct gss_channel_bindings_struct input_chan_bindings;
72445Sassar    u_char init_buf[4];
72445Sassar    u_char acct_buf[4];
178825Sdfr    gss_OID mech_oid;
178825Sdfr    char *str;
55682Smarkm
178825Sdfr    mech_oid = select_mech(mech);
178825Sdfr
178825Sdfr    name_token.length = asprintf (&str,
55682Smarkm				  "%s@%s", service, hostname);
178825Sdfr    if (str == NULL)
178825Sdfr	errx(1, "malloc - out of memory");
178825Sdfr    name_token.value = str;
178825Sdfr
55682Smarkm    maj_stat = gss_import_name (&min_stat,
55682Smarkm				&name_token,
55682Smarkm				GSS_C_NT_HOSTBASED_SERVICE,
55682Smarkm				&server);
55682Smarkm    if (GSS_ERROR(maj_stat))
55682Smarkm	gss_err (1, min_stat,
55682Smarkm		 "Error importing name `%s@%s':\n", service, hostname);
55682Smarkm
55682Smarkm    addrlen = sizeof(local);
55682Smarkm    if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
55682Smarkm	|| addrlen != sizeof(local))
55682Smarkm	err (1, "getsockname(%s)", hostname);
55682Smarkm
55682Smarkm    addrlen = sizeof(remote);
55682Smarkm    if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
55682Smarkm	|| addrlen != sizeof(remote))
55682Smarkm	err (1, "getpeername(%s)", hostname);
55682Smarkm
55682Smarkm    input_token->length = 0;
55682Smarkm    output_token->length = 0;
55682Smarkm
72445Sassar    input_chan_bindings.initiator_addrtype = GSS_C_AF_INET;
72445Sassar    input_chan_bindings.initiator_address.length = 4;
72445Sassar    init_buf[0] = (local.sin_addr.s_addr >> 24) & 0xFF;
72445Sassar    init_buf[1] = (local.sin_addr.s_addr >> 16) & 0xFF;
72445Sassar    init_buf[2] = (local.sin_addr.s_addr >>  8) & 0xFF;
72445Sassar    init_buf[3] = (local.sin_addr.s_addr >>  0) & 0xFF;
72445Sassar    input_chan_bindings.initiator_address.value = init_buf;
72445Sassar
72445Sassar    input_chan_bindings.acceptor_addrtype = GSS_C_AF_INET;
72445Sassar    input_chan_bindings.acceptor_address.length = 4;
72445Sassar    acct_buf[0] = (remote.sin_addr.s_addr >> 24) & 0xFF;
72445Sassar    acct_buf[1] = (remote.sin_addr.s_addr >> 16) & 0xFF;
72445Sassar    acct_buf[2] = (remote.sin_addr.s_addr >>  8) & 0xFF;
72445Sassar    acct_buf[3] = (remote.sin_addr.s_addr >>  0) & 0xFF;
72445Sassar    input_chan_bindings.acceptor_address.value = acct_buf;
72445Sassar
72445Sassar#if 0
72445Sassar    input_chan_bindings.application_data.value = emalloc(4);
72445Sassar    * (unsigned short*)input_chan_bindings.application_data.value = local.sin_port;
72445Sassar    * ((unsigned short *)input_chan_bindings.application_data.value + 1) = remote.sin_port;
72445Sassar    input_chan_bindings.application_data.length = 4;
72445Sassar#else
72445Sassar    input_chan_bindings.application_data.length = 0;
72445Sassar    input_chan_bindings.application_data.value = NULL;
72445Sassar#endif
72445Sassar
55682Smarkm    while(!context_established) {
55682Smarkm	maj_stat =
55682Smarkm	    gss_init_sec_context(&min_stat,
55682Smarkm				 GSS_C_NO_CREDENTIAL,
55682Smarkm				 &context_hdl,
55682Smarkm				 server,
178825Sdfr				 mech_oid,
72445Sassar				 GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG
72445Sassar				 | GSS_C_DELEG_FLAG,
55682Smarkm				 0,
72445Sassar				 &input_chan_bindings,
55682Smarkm				 input_token,
55682Smarkm				 NULL,
55682Smarkm				 output_token,
55682Smarkm				 NULL,
55682Smarkm				 NULL);
55682Smarkm	if (GSS_ERROR(maj_stat))
55682Smarkm	    gss_err (1, min_stat, "gss_init_sec_context");
55682Smarkm	if (output_token->length != 0)
55682Smarkm	    write_token (sock, output_token);
55682Smarkm	if (GSS_ERROR(maj_stat)) {
55682Smarkm	    if (context_hdl != GSS_C_NO_CONTEXT)
55682Smarkm		gss_delete_sec_context (&min_stat,
55682Smarkm					&context_hdl,
55682Smarkm					GSS_C_NO_BUFFER);
55682Smarkm	    break;
55682Smarkm	}
55682Smarkm	if (maj_stat & GSS_S_CONTINUE_NEEDED) {
55682Smarkm	    read_token (sock, input_token);
55682Smarkm	} else {
55682Smarkm	    context_established = 1;
55682Smarkm	}
55682Smarkm
55682Smarkm    }
57419Smarkm    if (fork_flag) {
57419Smarkm	pid_t pid;
57419Smarkm	int pipefd[2];
55682Smarkm
57419Smarkm	if (pipe (pipefd) < 0)
57419Smarkm	    err (1, "pipe");
55682Smarkm
57419Smarkm	pid = fork ();
57419Smarkm	if (pid < 0)
57419Smarkm	    err (1, "fork");
57419Smarkm	if (pid != 0) {
57419Smarkm	    gss_buffer_desc buf;
55682Smarkm
57419Smarkm	    maj_stat = gss_export_sec_context (&min_stat,
57419Smarkm					       &context_hdl,
57419Smarkm					       &buf);
57419Smarkm	    if (GSS_ERROR(maj_stat))
57419Smarkm		gss_err (1, min_stat, "gss_export_sec_context");
57419Smarkm	    write_token (pipefd[1], &buf);
57419Smarkm	    exit (0);
57419Smarkm	} else {
57419Smarkm	    gss_ctx_id_t context_hdl;
57419Smarkm	    gss_buffer_desc buf;
55682Smarkm
57419Smarkm	    close (pipefd[1]);
57419Smarkm	    read_token (pipefd[0], &buf);
57419Smarkm	    close (pipefd[0]);
57419Smarkm	    maj_stat = gss_import_sec_context (&min_stat, &buf, &context_hdl);
57419Smarkm	    if (GSS_ERROR(maj_stat))
57419Smarkm		gss_err (1, min_stat, "gss_import_sec_context");
57419Smarkm	    gss_release_buffer (&min_stat, &buf);
57419Smarkm	    return do_trans (sock, context_hdl);
57419Smarkm	}
57419Smarkm    } else {
57419Smarkm	return do_trans (sock, context_hdl);
57419Smarkm    }
55682Smarkm}
55682Smarkm
55682Smarkmint
55682Smarkmmain(int argc, char **argv)
55682Smarkm{
55682Smarkm    krb5_context context; /* XXX */
55682Smarkm    int port = client_setup(&context, &argc, argv);
55682Smarkm    return client_doit (argv[argc], port, service, proto);
55682Smarkm}