1/* 2 * Copyright (c) 2003-2004 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of KTH nor the names of its contributors may be 18 * used to endorse or promote products derived from this software without 19 * specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY 22 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE 25 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 28 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 29 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 30 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 31 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 */ 33 34#ifdef HAVE_CONFIG_H 35#include <config.h> 36#endif 37 38#include <roken.h> 39#include <stdio.h> 40#include <stdlib.h> 41#include <string.h> 42#include <stdarg.h> 43#include <gssapi.h> 44#include <gssapi_krb5.h> 45#include <gssapi_spi.h> 46#include <gssapi_spnego.h> 47#include <krb5.h> 48#include <err.h> 49#include <getarg.h> 50 51static int version_flag = 0; 52static int help_flag = 0; 53 54static void 55copy_import(void) 56{ 57 gss_cred_id_t cred1, cred2; 58 OM_uint32 maj_stat, min_stat; 59 gss_name_t name1, name2; 60 OM_uint32 lifetime1, lifetime2; 61 gss_cred_usage_t usage1, usage2; 62 gss_OID_set mechs1, mechs2; 63 krb5_ccache id; 64 krb5_error_code ret; 65 krb5_context context; 66 int equal; 67 68 maj_stat = gss_acquire_cred(&min_stat, GSS_C_NO_NAME, GSS_C_INDEFINITE, 69 GSS_C_NO_OID_SET, GSS_C_INITIATE, 70 &cred1, NULL, NULL); 71 if (maj_stat != GSS_S_COMPLETE) 72 errx(1, "gss_acquire_cred"); 73 74 maj_stat = gss_inquire_cred(&min_stat, cred1, &name1, &lifetime1, 75 &usage1, &mechs1); 76 if (maj_stat != GSS_S_COMPLETE) 77 errx(1, "gss_inquire_cred"); 78 79 ret = krb5_init_context(&context); 80 if (ret) 81 errx(1, "krb5_init_context"); 82 83 ret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, &id); 84 if (ret) 85 krb5_err(context, 1, ret, "krb5_cc_new_unique"); 86 87 maj_stat = gss_krb5_copy_ccache(&min_stat, cred1, id); 88 if (maj_stat != GSS_S_COMPLETE) 89 errx(1, "gss_krb5_copy_ccache"); 90 91 maj_stat = gss_krb5_import_cred(&min_stat, id, NULL, NULL, &cred2); 92 if (maj_stat != GSS_S_COMPLETE) 93 errx(1, "gss_krb5_import_cred"); 94 95 maj_stat = gss_inquire_cred(&min_stat, cred2, &name2, &lifetime2, 96 &usage2, &mechs2); 97 if (maj_stat != GSS_S_COMPLETE) 98 errx(1, "gss_inquire_cred 2"); 99 100 maj_stat = gss_compare_name(&min_stat, name1, name2, &equal); 101 if (maj_stat != GSS_S_COMPLETE) 102 errx(1, "gss_compare_name"); 103 if (!equal) 104 errx(1, "names not equal"); 105 106 if (lifetime1 != lifetime2) 107 errx(1, "lifetime not equal %lu != %lu", 108 (unsigned long)lifetime1, (unsigned long)lifetime2); 109 110 if (usage1 != usage2) { 111 /* as long any of them is both are everything it ok */ 112 if (usage1 != GSS_C_BOTH && usage2 != GSS_C_BOTH) 113 errx(1, "usages disjoined"); 114 } 115 116 gss_release_name(&min_stat, &name2); 117 gss_release_oid_set(&min_stat, &mechs2); 118 119 maj_stat = gss_inquire_cred(&min_stat, cred2, &name2, &lifetime2, 120 &usage2, &mechs2); 121 if (maj_stat != GSS_S_COMPLETE) 122 errx(1, "gss_inquire_cred"); 123 124 maj_stat = gss_compare_name(&min_stat, name1, name2, &equal); 125 if (maj_stat != GSS_S_COMPLETE) 126 errx(1, "gss_compare_name"); 127 if (!equal) 128 errx(1, "names not equal"); 129 130 if (lifetime1 != lifetime2) 131 errx(1, "lifetime not equal %lu != %lu", 132 (unsigned long)lifetime1, (unsigned long)lifetime2); 133 134 gss_release_cred(&min_stat, &cred1); 135 gss_release_cred(&min_stat, &cred2); 136 137 gss_release_name(&min_stat, &name1); 138 gss_release_name(&min_stat, &name2); 139 140#if 0 141 compare(mechs1, mechs2); 142#endif 143 144 gss_release_oid_set(&min_stat, &mechs1); 145 gss_release_oid_set(&min_stat, &mechs2); 146 147 krb5_cc_destroy(context, id); 148 krb5_free_context(context); 149} 150 151static struct getargs args[] = { 152 {"version", 0, arg_flag, &version_flag, "print version", NULL }, 153 {"help", 0, arg_flag, &help_flag, NULL, NULL } 154}; 155 156static void 157usage (int ret) 158{ 159 arg_printusage (args, sizeof(args)/sizeof(*args), 160 NULL, ""); 161 exit (ret); 162} 163 164int 165main(int argc, char **argv) 166{ 167 int optidx = 0; 168 169 setprogname(argv[0]); 170 if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) 171 usage(1); 172 173 if (help_flag) 174 usage (0); 175 176 if(version_flag){ 177 print_version(NULL); 178 exit(0); 179 } 180 181 copy_import(); 182 183 return 0; 184} 185