1/*
2 * Copyright (c) 2003-2004 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of KTH nor the names of its contributors may be
18 *    used to endorse or promote products derived from this software without
19 *    specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
22 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
25 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
28 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
30 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
31 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
33
34#ifdef HAVE_CONFIG_H
35#include <config.h>
36#endif
37
38#include <roken.h>
39#include <stdio.h>
40#include <stdlib.h>
41#include <string.h>
42#include <stdarg.h>
43#include <gssapi.h>
44#include <gssapi_krb5.h>
45#include <gssapi_spi.h>
46#include <gssapi_spnego.h>
47#include <krb5.h>
48#include <err.h>
49#include <getarg.h>
50
51static int version_flag = 0;
52static int help_flag	= 0;
53
54static void
55copy_import(void)
56{
57    gss_cred_id_t cred1, cred2;
58    OM_uint32 maj_stat, min_stat;
59    gss_name_t name1, name2;
60    OM_uint32 lifetime1, lifetime2;
61    gss_cred_usage_t usage1, usage2;
62    gss_OID_set mechs1, mechs2;
63    krb5_ccache id;
64    krb5_error_code ret;
65    krb5_context context;
66    int equal;
67
68    maj_stat = gss_acquire_cred(&min_stat, GSS_C_NO_NAME, GSS_C_INDEFINITE,
69				GSS_C_NO_OID_SET, GSS_C_INITIATE,
70				&cred1, NULL, NULL);
71    if (maj_stat != GSS_S_COMPLETE)
72	errx(1, "gss_acquire_cred");
73
74    maj_stat = gss_inquire_cred(&min_stat, cred1, &name1, &lifetime1,
75				&usage1, &mechs1);
76    if (maj_stat != GSS_S_COMPLETE)
77	errx(1, "gss_inquire_cred");
78
79    ret = krb5_init_context(&context);
80    if (ret)
81	errx(1, "krb5_init_context");
82
83    ret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, &id);
84    if (ret)
85	krb5_err(context, 1, ret, "krb5_cc_new_unique");
86
87    maj_stat = gss_krb5_copy_ccache(&min_stat, cred1, id);
88    if (maj_stat != GSS_S_COMPLETE)
89	errx(1, "gss_krb5_copy_ccache");
90
91    maj_stat = gss_krb5_import_cred(&min_stat, id, NULL, NULL, &cred2);
92    if (maj_stat != GSS_S_COMPLETE)
93	errx(1, "gss_krb5_import_cred");
94
95    maj_stat = gss_inquire_cred(&min_stat, cred2, &name2, &lifetime2,
96				&usage2, &mechs2);
97    if (maj_stat != GSS_S_COMPLETE)
98	errx(1, "gss_inquire_cred 2");
99
100    maj_stat = gss_compare_name(&min_stat, name1, name2, &equal);
101    if (maj_stat != GSS_S_COMPLETE)
102	errx(1, "gss_compare_name");
103    if (!equal)
104	errx(1, "names not equal");
105
106    if (lifetime1 != lifetime2)
107	errx(1, "lifetime not equal %lu != %lu",
108	     (unsigned long)lifetime1, (unsigned long)lifetime2);
109
110    if (usage1 != usage2) {
111	/* as long any of them is both are everything it ok */
112	if (usage1 != GSS_C_BOTH && usage2 != GSS_C_BOTH)
113	    errx(1, "usages disjoined");
114    }
115
116    gss_release_name(&min_stat, &name2);
117    gss_release_oid_set(&min_stat, &mechs2);
118
119    maj_stat = gss_inquire_cred(&min_stat, cred2, &name2, &lifetime2,
120				&usage2, &mechs2);
121    if (maj_stat != GSS_S_COMPLETE)
122	errx(1, "gss_inquire_cred");
123
124    maj_stat = gss_compare_name(&min_stat, name1, name2, &equal);
125    if (maj_stat != GSS_S_COMPLETE)
126	errx(1, "gss_compare_name");
127    if (!equal)
128	errx(1, "names not equal");
129
130    if (lifetime1 != lifetime2)
131	errx(1, "lifetime not equal %lu != %lu",
132	     (unsigned long)lifetime1, (unsigned long)lifetime2);
133
134    gss_release_cred(&min_stat, &cred1);
135    gss_release_cred(&min_stat, &cred2);
136
137    gss_release_name(&min_stat, &name1);
138    gss_release_name(&min_stat, &name2);
139
140#if 0
141    compare(mechs1, mechs2);
142#endif
143
144    gss_release_oid_set(&min_stat, &mechs1);
145    gss_release_oid_set(&min_stat, &mechs2);
146
147    krb5_cc_destroy(context, id);
148    krb5_free_context(context);
149}
150
151static struct getargs args[] = {
152    {"version",	0,	arg_flag,	&version_flag, "print version", NULL },
153    {"help",	0,	arg_flag,	&help_flag,  NULL, NULL }
154};
155
156static void
157usage (int ret)
158{
159    arg_printusage (args, sizeof(args)/sizeof(*args),
160		    NULL, "");
161    exit (ret);
162}
163
164int
165main(int argc, char **argv)
166{
167    int optidx = 0;
168
169    setprogname(argv[0]);
170    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
171	usage(1);
172
173    if (help_flag)
174	usage (0);
175
176    if(version_flag){
177	print_version(NULL);
178	exit(0);
179    }
180
181    copy_import();
182
183    return 0;
184}
185