1*0Sstevel@tonic-gate /*
2*0Sstevel@tonic-gate * CDDL HEADER START
3*0Sstevel@tonic-gate *
4*0Sstevel@tonic-gate * The contents of this file are subject to the terms of the
5*0Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only
6*0Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance
7*0Sstevel@tonic-gate * with the License.
8*0Sstevel@tonic-gate *
9*0Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10*0Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
11*0Sstevel@tonic-gate * See the License for the specific language governing permissions
12*0Sstevel@tonic-gate * and limitations under the License.
13*0Sstevel@tonic-gate *
14*0Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
15*0Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16*0Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
17*0Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
18*0Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
19*0Sstevel@tonic-gate *
20*0Sstevel@tonic-gate * CDDL HEADER END
21*0Sstevel@tonic-gate */
22*0Sstevel@tonic-gate /*
23*0Sstevel@tonic-gate * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
24*0Sstevel@tonic-gate * Use is subject to license terms.
25*0Sstevel@tonic-gate */
26*0Sstevel@tonic-gate
27*0Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI"
28*0Sstevel@tonic-gate
29*0Sstevel@tonic-gate /*
30*0Sstevel@tonic-gate * Test client for gssd. This program is not shipped on the binary
31*0Sstevel@tonic-gate * release.
32*0Sstevel@tonic-gate */
33*0Sstevel@tonic-gate
34*0Sstevel@tonic-gate #include <stdio.h>
35*0Sstevel@tonic-gate #include <strings.h>
36*0Sstevel@tonic-gate #include <ctype.h>
37*0Sstevel@tonic-gate #include <stdlib.h>
38*0Sstevel@tonic-gate #include <gssapi/gssapi.h>
39*0Sstevel@tonic-gate #include <gssapi/gssapi_ext.h>
40*0Sstevel@tonic-gate #include "gssd.h"
41*0Sstevel@tonic-gate #include <rpc/rpc.h>
42*0Sstevel@tonic-gate
43*0Sstevel@tonic-gate #define _KERNEL
44*0Sstevel@tonic-gate #include <gssapi/gssapi.h>
45*0Sstevel@tonic-gate #undef _KERNEL
46*0Sstevel@tonic-gate
47*0Sstevel@tonic-gate int gss_major_code;
48*0Sstevel@tonic-gate int gss_minor_code;
49*0Sstevel@tonic-gate
50*0Sstevel@tonic-gate int init_sec_context_phase = 0;
51*0Sstevel@tonic-gate int accept_sec_context_phase = 0;
52*0Sstevel@tonic-gate
53*0Sstevel@tonic-gate gss_ctx_id_t initiator_context_handle;
54*0Sstevel@tonic-gate gss_ctx_id_t acceptor_context_handle;
55*0Sstevel@tonic-gate gss_cred_id_t acceptor_credentials;
56*0Sstevel@tonic-gate gss_buffer_desc init_token_buffer;
57*0Sstevel@tonic-gate gss_buffer_desc accept_token_buffer;
58*0Sstevel@tonic-gate gss_buffer_desc delete_token_buffer;
59*0Sstevel@tonic-gate gss_buffer_desc message_buffer;
60*0Sstevel@tonic-gate gss_buffer_desc msg_token;
61*0Sstevel@tonic-gate
62*0Sstevel@tonic-gate #define LOOP_COUNTER 100
63*0Sstevel@tonic-gate #define GSS_KRB5_MECH_OID "1.2.840.113554.1.2.2"
64*0Sstevel@tonic-gate #define GSS_DUMMY_MECH_OID "1.3.6.1.4.1.42.2.26.1.2"
65*0Sstevel@tonic-gate #ifdef _KERNEL
66*0Sstevel@tonic-gate #define OCTAL_MACRO "%03o."
67*0Sstevel@tonic-gate #define MALLOC(n) kmem_alloc((n), KM_SLEEP)
68*0Sstevel@tonic-gate #define CALLOC(n, s) kmem_zalloc((n)*(s), KM_SLEEP)
69*0Sstevel@tonic-gate #define FREE(x, n) kmem_free((x), (n))
70*0Sstevel@tonic-gate #define memcpy(dst, src, n) bcopy((src), (dst), (n))
71*0Sstevel@tonic-gate #define fprintf(s, m) printf(m)
72*0Sstevel@tonic-gate #define isspace(s) ((s) == ' ' || (s) == '\t' || (s) == '\n' || \
73*0Sstevel@tonic-gate (s) == '\r' || (s) == '\v' || (s) == '\f')
74*0Sstevel@tonic-gate
strdup(const char * s)75*0Sstevel@tonic-gate static char *strdup(const char *s)
76*0Sstevel@tonic-gate {
77*0Sstevel@tonic-gate int len = strlen(s);
78*0Sstevel@tonic-gate char *new = MALLOC(len+1);
79*0Sstevel@tonic-gate strcpy(new, s);
80*0Sstevel@tonic-gate return (new);
81*0Sstevel@tonic-gate }
82*0Sstevel@tonic-gate
83*0Sstevel@tonic-gate #else /* !_KERNEL */
84*0Sstevel@tonic-gate #define OCTAL_MACRO "%03.3o."
85*0Sstevel@tonic-gate #define MALLOC(n) malloc(n)
86*0Sstevel@tonic-gate #define CALLOC(n, s) calloc((n), (s))
87*0Sstevel@tonic-gate #define FREE(x, n) free(x)
88*0Sstevel@tonic-gate #endif /* _KERNEL */
89*0Sstevel@tonic-gate
90*0Sstevel@tonic-gate static gss_OID gss_str2oid(char *);
91*0Sstevel@tonic-gate static char * gss_oid2str(gss_OID);
92*0Sstevel@tonic-gate static void instructs();
93*0Sstevel@tonic-gate static void usage();
94*0Sstevel@tonic-gate static int parse_input_line(char *, int *, char ***);
95*0Sstevel@tonic-gate extern uid_t getuid();
96*0Sstevel@tonic-gate
97*0Sstevel@tonic-gate static void _gss_init_sec_context(int, char **);
98*0Sstevel@tonic-gate static void _gss_acquire_cred(int, char **);
99*0Sstevel@tonic-gate static void _gss_add_cred(int, char **);
100*0Sstevel@tonic-gate static void _gss_sign(int, char **);
101*0Sstevel@tonic-gate static void _gss_release_cred(int, char **);
102*0Sstevel@tonic-gate static void _gss_accept_sec_context(int, char **);
103*0Sstevel@tonic-gate static void _gss_process_context_token(int, char **);
104*0Sstevel@tonic-gate static void _gss_delete_sec_context(int, char **);
105*0Sstevel@tonic-gate static void _gss_context_time(int, char **);
106*0Sstevel@tonic-gate static void _gss_verify(int, char **);
107*0Sstevel@tonic-gate /* EXPORT DELETE START */
108*0Sstevel@tonic-gate static void _gss_seal(int, char **);
109*0Sstevel@tonic-gate static void _gss_unseal(int, char **);
110*0Sstevel@tonic-gate /* EXPORT DELETE END */
111*0Sstevel@tonic-gate static void _gss_display_status(int, char **);
112*0Sstevel@tonic-gate static void _gss_indicate_mechs(int, char **);
113*0Sstevel@tonic-gate static void _gss_inquire_cred(int, char **);
114*0Sstevel@tonic-gate static void _gssd_expname_to_unix_cred(int, char **);
115*0Sstevel@tonic-gate static void _gssd_name_to_unix_cred(int, char **);
116*0Sstevel@tonic-gate static void _gssd_get_group_info(int, char **);
117*0Sstevel@tonic-gate
118*0Sstevel@tonic-gate static int do_gssdtest(char *buf);
119*0Sstevel@tonic-gate
120*0Sstevel@tonic-gate
121*0Sstevel@tonic-gate #ifndef _KERNEL
read_line(char * buf,int size)122*0Sstevel@tonic-gate static int read_line(char *buf, int size)
123*0Sstevel@tonic-gate {
124*0Sstevel@tonic-gate int len;
125*0Sstevel@tonic-gate
126*0Sstevel@tonic-gate /* read the next line. If cntl-d, return with zero char count */
127*0Sstevel@tonic-gate printf(gettext("\n> "));
128*0Sstevel@tonic-gate
129*0Sstevel@tonic-gate if (fgets(buf, size, stdin) == NULL)
130*0Sstevel@tonic-gate return (0);
131*0Sstevel@tonic-gate
132*0Sstevel@tonic-gate len = strlen(buf);
133*0Sstevel@tonic-gate buf[--len] = '\0';
134*0Sstevel@tonic-gate return (len);
135*0Sstevel@tonic-gate }
136*0Sstevel@tonic-gate
137*0Sstevel@tonic-gate int
main()138*0Sstevel@tonic-gate main()
139*0Sstevel@tonic-gate {
140*0Sstevel@tonic-gate char buf[512];
141*0Sstevel@tonic-gate int len, ret;
142*0Sstevel@tonic-gate
143*0Sstevel@tonic-gate /* Print out usage and instructions to start off the session */
144*0Sstevel@tonic-gate
145*0Sstevel@tonic-gate instructs();
146*0Sstevel@tonic-gate usage();
147*0Sstevel@tonic-gate
148*0Sstevel@tonic-gate /*
149*0Sstevel@tonic-gate * Loop, repeatedly calling parse_input_line() to get the
150*0Sstevel@tonic-gate * next line and parse it into argc and argv. Act on the
151*0Sstevel@tonic-gate * arguements found on the line.
152*0Sstevel@tonic-gate */
153*0Sstevel@tonic-gate
154*0Sstevel@tonic-gate do {
155*0Sstevel@tonic-gate len = read_line(buf, 512);
156*0Sstevel@tonic-gate if (len)
157*0Sstevel@tonic-gate ret = do_gssdtest(buf);
158*0Sstevel@tonic-gate } while (len && !ret);
159*0Sstevel@tonic-gate
160*0Sstevel@tonic-gate return (0);
161*0Sstevel@tonic-gate }
162*0Sstevel@tonic-gate #endif /* !_KERNEL */
163*0Sstevel@tonic-gate
164*0Sstevel@tonic-gate static int
do_gssdtest(char * buf)165*0Sstevel@tonic-gate do_gssdtest(char *buf)
166*0Sstevel@tonic-gate {
167*0Sstevel@tonic-gate int argc, seal_argc;
168*0Sstevel@tonic-gate int i;
169*0Sstevel@tonic-gate char **argv, **argv_array;
170*0Sstevel@tonic-gate
171*0Sstevel@tonic-gate char *cmd;
172*0Sstevel@tonic-gate char *seal_ini_array [] = { "initiator", " Hello"};
173*0Sstevel@tonic-gate char *seal_acc_array [] = { "acceptor", " Hello"};
174*0Sstevel@tonic-gate char *unseal_acc_array [] = {"acceptor"};
175*0Sstevel@tonic-gate char *unseal_ini_array [] = {"initiator"};
176*0Sstevel@tonic-gate char *delet_acc_array [] = {"acceptor"};
177*0Sstevel@tonic-gate char *delet_ini_array [] = {"initiator"};
178*0Sstevel@tonic-gate
179*0Sstevel@tonic-gate argv = 0;
180*0Sstevel@tonic-gate
181*0Sstevel@tonic-gate if (parse_input_line(buf, &argc, &argv) == 0) {
182*0Sstevel@tonic-gate printf(gettext("\n"));
183*0Sstevel@tonic-gate return (1);
184*0Sstevel@tonic-gate }
185*0Sstevel@tonic-gate
186*0Sstevel@tonic-gate if (argc == 0) {
187*0Sstevel@tonic-gate usage();
188*0Sstevel@tonic-gate /*LINTED*/
189*0Sstevel@tonic-gate FREE(argv_array, (argc+1)*sizeof (char *));
190*0Sstevel@tonic-gate return (0);
191*0Sstevel@tonic-gate }
192*0Sstevel@tonic-gate
193*0Sstevel@tonic-gate /*
194*0Sstevel@tonic-gate * remember argv_array address, which is memory calloc'd by
195*0Sstevel@tonic-gate * parse_input_line, so it can be free'd at the end of the loop.
196*0Sstevel@tonic-gate */
197*0Sstevel@tonic-gate
198*0Sstevel@tonic-gate argv_array = argv;
199*0Sstevel@tonic-gate
200*0Sstevel@tonic-gate cmd = argv[0];
201*0Sstevel@tonic-gate
202*0Sstevel@tonic-gate argc--;
203*0Sstevel@tonic-gate argv++;
204*0Sstevel@tonic-gate
205*0Sstevel@tonic-gate if (strcmp(cmd, "gss_loop") == 0 ||
206*0Sstevel@tonic-gate strcmp(cmd, "loop") == 0) {
207*0Sstevel@tonic-gate
208*0Sstevel@tonic-gate if (argc < 1) {
209*0Sstevel@tonic-gate usage();
210*0Sstevel@tonic-gate FREE(argv_array, (argc+2) * sizeof (char *));
211*0Sstevel@tonic-gate return (0);
212*0Sstevel@tonic-gate }
213*0Sstevel@tonic-gate for (i = 0; i < LOOP_COUNTER; i++) {
214*0Sstevel@tonic-gate printf(gettext("Loop Count is %d \n"), i);
215*0Sstevel@tonic-gate /*
216*0Sstevel@tonic-gate * if (i > 53)
217*0Sstevel@tonic-gate * printf ("Loop counter is greater than 55\n");
218*0Sstevel@tonic-gate */
219*0Sstevel@tonic-gate _gss_acquire_cred(argc, argv);
220*0Sstevel@tonic-gate _gss_init_sec_context(argc, argv);
221*0Sstevel@tonic-gate _gss_accept_sec_context(0, argv);
222*0Sstevel@tonic-gate _gss_init_sec_context(argc, argv);
223*0Sstevel@tonic-gate /* EXPORT DELETE START */
224*0Sstevel@tonic-gate seal_argc = 2;
225*0Sstevel@tonic-gate _gss_seal(seal_argc, seal_ini_array);
226*0Sstevel@tonic-gate seal_argc = 1;
227*0Sstevel@tonic-gate _gss_unseal(seal_argc, unseal_acc_array);
228*0Sstevel@tonic-gate seal_argc = 2;
229*0Sstevel@tonic-gate _gss_seal(seal_argc, seal_acc_array);
230*0Sstevel@tonic-gate seal_argc = 1;
231*0Sstevel@tonic-gate _gss_unseal(seal_argc, unseal_ini_array);
232*0Sstevel@tonic-gate /* EXPORT DELETE END */
233*0Sstevel@tonic-gate seal_argc = 2;
234*0Sstevel@tonic-gate _gss_sign(seal_argc, seal_ini_array);
235*0Sstevel@tonic-gate seal_argc = 1;
236*0Sstevel@tonic-gate _gss_verify(seal_argc, unseal_acc_array);
237*0Sstevel@tonic-gate seal_argc = 2;
238*0Sstevel@tonic-gate _gss_sign(seal_argc, seal_acc_array);
239*0Sstevel@tonic-gate seal_argc = 1;
240*0Sstevel@tonic-gate _gss_verify(seal_argc, unseal_ini_array);
241*0Sstevel@tonic-gate _gss_delete_sec_context(argc, delet_acc_array);
242*0Sstevel@tonic-gate _gss_delete_sec_context(argc, delet_ini_array);
243*0Sstevel@tonic-gate }
244*0Sstevel@tonic-gate }
245*0Sstevel@tonic-gate if (strcmp(cmd, "gss_all") == 0 ||
246*0Sstevel@tonic-gate strcmp(cmd, "all") == 0) {
247*0Sstevel@tonic-gate _gss_acquire_cred(argc, argv);
248*0Sstevel@tonic-gate _gss_init_sec_context(argc, argv);
249*0Sstevel@tonic-gate _gss_accept_sec_context(0, argv);
250*0Sstevel@tonic-gate _gss_init_sec_context(argc, argv);
251*0Sstevel@tonic-gate /* EXPORT DELETE START */
252*0Sstevel@tonic-gate seal_argc = 2;
253*0Sstevel@tonic-gate _gss_seal(seal_argc, seal_acc_array);
254*0Sstevel@tonic-gate seal_argc = 1;
255*0Sstevel@tonic-gate _gss_unseal(seal_argc, unseal_ini_array);
256*0Sstevel@tonic-gate seal_argc = 2;
257*0Sstevel@tonic-gate _gss_seal(seal_argc, seal_ini_array);
258*0Sstevel@tonic-gate seal_argc = 1;
259*0Sstevel@tonic-gate _gss_unseal(seal_argc, unseal_acc_array);
260*0Sstevel@tonic-gate /* EXPORT DELETE END */
261*0Sstevel@tonic-gate seal_argc = 2;
262*0Sstevel@tonic-gate _gss_sign(seal_argc, seal_ini_array);
263*0Sstevel@tonic-gate seal_argc = 1;
264*0Sstevel@tonic-gate _gss_verify(seal_argc, unseal_acc_array);
265*0Sstevel@tonic-gate seal_argc = 2;
266*0Sstevel@tonic-gate _gss_sign(seal_argc, seal_acc_array);
267*0Sstevel@tonic-gate seal_argc = 1;
268*0Sstevel@tonic-gate _gss_verify(seal_argc, unseal_ini_array);
269*0Sstevel@tonic-gate
270*0Sstevel@tonic-gate }
271*0Sstevel@tonic-gate if (strcmp(cmd, "gss_acquire_cred") == 0 ||
272*0Sstevel@tonic-gate strcmp(cmd, "acquire") == 0) {
273*0Sstevel@tonic-gate _gss_acquire_cred(argc, argv);
274*0Sstevel@tonic-gate if (argc == 1)
275*0Sstevel@tonic-gate _gss_add_cred(argc, argv);
276*0Sstevel@tonic-gate }
277*0Sstevel@tonic-gate
278*0Sstevel@tonic-gate else if (strcmp(cmd, "gss_release_cred") == 0 ||
279*0Sstevel@tonic-gate strcmp(cmd, "release") == 0)
280*0Sstevel@tonic-gate _gss_release_cred(argc, argv);
281*0Sstevel@tonic-gate else if (strcmp(cmd, "gss_init_sec_context") == 0 ||
282*0Sstevel@tonic-gate strcmp(cmd, "init") == 0)
283*0Sstevel@tonic-gate _gss_init_sec_context(argc, argv);
284*0Sstevel@tonic-gate else if (strcmp(cmd, "gss_accept_sec_context") == 0 ||
285*0Sstevel@tonic-gate strcmp(cmd, "accept") == 0)
286*0Sstevel@tonic-gate _gss_accept_sec_context(argc, argv);
287*0Sstevel@tonic-gate else if (strcmp(cmd, "gss_process_context_token") == 0 ||
288*0Sstevel@tonic-gate strcmp(cmd, "process") == 0)
289*0Sstevel@tonic-gate _gss_process_context_token(argc, argv);
290*0Sstevel@tonic-gate else if (strcmp(cmd, "gss_delete_sec_context") == 0 ||
291*0Sstevel@tonic-gate strcmp(cmd, "delete") == 0)
292*0Sstevel@tonic-gate _gss_delete_sec_context(argc, argv);
293*0Sstevel@tonic-gate else if (strcmp(cmd, "gss_context_time") == 0 ||
294*0Sstevel@tonic-gate strcmp(cmd, "time") == 0)
295*0Sstevel@tonic-gate _gss_context_time(argc, argv);
296*0Sstevel@tonic-gate else if (strcmp(cmd, "gss_sign") == 0 ||
297*0Sstevel@tonic-gate strcmp(cmd, "sign") == 0)
298*0Sstevel@tonic-gate _gss_sign(argc, argv);
299*0Sstevel@tonic-gate else if (strcmp(cmd, "gss_verify") == 0 ||
300*0Sstevel@tonic-gate strcmp(cmd, "verify") == 0)
301*0Sstevel@tonic-gate _gss_verify(argc, argv);
302*0Sstevel@tonic-gate /* EXPORT DELETE START */
303*0Sstevel@tonic-gate else if (strcmp(cmd, "gss_seal") == 0 ||
304*0Sstevel@tonic-gate strcmp(cmd, "seal") == 0)
305*0Sstevel@tonic-gate _gss_seal(argc, argv);
306*0Sstevel@tonic-gate else if (strcmp(cmd, "gss_unseal") == 0 ||
307*0Sstevel@tonic-gate strcmp(cmd, "unseal") == 0)
308*0Sstevel@tonic-gate _gss_unseal(argc, argv);
309*0Sstevel@tonic-gate /* EXPORT DELETE END */
310*0Sstevel@tonic-gate else if (strcmp(cmd, "gss_display_status") == 0||
311*0Sstevel@tonic-gate strcmp(cmd, "status") == 0)
312*0Sstevel@tonic-gate _gss_display_status(argc, argv);
313*0Sstevel@tonic-gate else if (strcmp(cmd, "gss_indicate_mechs") == 0 ||
314*0Sstevel@tonic-gate strcmp(cmd, "indicate") == 0)
315*0Sstevel@tonic-gate _gss_indicate_mechs(argc, argv);
316*0Sstevel@tonic-gate else if (strcmp(cmd, "gss_inquire_cred") == 0 ||
317*0Sstevel@tonic-gate strcmp(cmd, "inquire") == 0)
318*0Sstevel@tonic-gate _gss_inquire_cred(argc, argv);
319*0Sstevel@tonic-gate else if (strcmp(cmd, "expname2unixcred") == 0 ||
320*0Sstevel@tonic-gate strcmp(cmd, "gsscred_expname_to_unix_cred") == 0)
321*0Sstevel@tonic-gate _gssd_expname_to_unix_cred(argc, argv);
322*0Sstevel@tonic-gate else if (strcmp(cmd, "name2unixcred") == 0 ||
323*0Sstevel@tonic-gate strcmp(cmd, "gsscred_name_to_unix_cred") == 0)
324*0Sstevel@tonic-gate _gssd_name_to_unix_cred(argc, argv);
325*0Sstevel@tonic-gate else if (strcmp(cmd, "grpinfo") == 0 ||
326*0Sstevel@tonic-gate strcmp(cmd, "gss_get_group_info") == 0)
327*0Sstevel@tonic-gate _gssd_get_group_info(argc, argv);
328*0Sstevel@tonic-gate else if (strcmp(cmd, "exit") == 0) {
329*0Sstevel@tonic-gate printf(gettext("\n"));
330*0Sstevel@tonic-gate FREE(argv_array, (argc+2) * sizeof (char *));
331*0Sstevel@tonic-gate return (1);
332*0Sstevel@tonic-gate } else
333*0Sstevel@tonic-gate usage();
334*0Sstevel@tonic-gate
335*0Sstevel@tonic-gate /* free argv array */
336*0Sstevel@tonic-gate
337*0Sstevel@tonic-gate FREE(argv_array, (argc+2) * sizeof (char *));
338*0Sstevel@tonic-gate return (0);
339*0Sstevel@tonic-gate }
340*0Sstevel@tonic-gate
341*0Sstevel@tonic-gate static void
_gss_acquire_cred(argc,argv)342*0Sstevel@tonic-gate _gss_acquire_cred(argc, argv)
343*0Sstevel@tonic-gate int argc;
344*0Sstevel@tonic-gate char **argv;
345*0Sstevel@tonic-gate {
346*0Sstevel@tonic-gate
347*0Sstevel@tonic-gate OM_UINT32 status, minor_status;
348*0Sstevel@tonic-gate gss_buffer_desc name;
349*0Sstevel@tonic-gate gss_name_t desired_name = (gss_name_t) 0;
350*0Sstevel@tonic-gate OM_uint32 time_req;
351*0Sstevel@tonic-gate gss_OID_set_desc desired_mechs_desc;
352*0Sstevel@tonic-gate gss_OID_set desired_mechs = &desired_mechs_desc;
353*0Sstevel@tonic-gate int cred_usage;
354*0Sstevel@tonic-gate gss_OID_set actual_mechs = GSS_C_NULL_OID_SET;
355*0Sstevel@tonic-gate gss_OID_set inquire_mechs = GSS_C_NULL_OID_SET;
356*0Sstevel@tonic-gate OM_UINT32 time_rec;
357*0Sstevel@tonic-gate char * string;
358*0Sstevel@tonic-gate char * inq_string;
359*0Sstevel@tonic-gate uid_t uid;
360*0Sstevel@tonic-gate gss_OID mech_type;
361*0Sstevel@tonic-gate
362*0Sstevel@tonic-gate /*
363*0Sstevel@tonic-gate * First set up the command line independent input arguments.
364*0Sstevel@tonic-gate */
365*0Sstevel@tonic-gate
366*0Sstevel@tonic-gate time_req = (OM_uint32) 0;
367*0Sstevel@tonic-gate cred_usage = GSS_C_ACCEPT;
368*0Sstevel@tonic-gate uid = getuid();
369*0Sstevel@tonic-gate
370*0Sstevel@tonic-gate /* Parse the command line for the variable input arguments */
371*0Sstevel@tonic-gate
372*0Sstevel@tonic-gate if (argc == 0) {
373*0Sstevel@tonic-gate usage();
374*0Sstevel@tonic-gate return;
375*0Sstevel@tonic-gate }
376*0Sstevel@tonic-gate
377*0Sstevel@tonic-gate /*
378*0Sstevel@tonic-gate * Get the name of the principal.
379*0Sstevel@tonic-gate */
380*0Sstevel@tonic-gate
381*0Sstevel@tonic-gate name.length = strlen(argv[0])+1;
382*0Sstevel@tonic-gate name.value = argv[0];
383*0Sstevel@tonic-gate
384*0Sstevel@tonic-gate /*
385*0Sstevel@tonic-gate * Now convert the string given by the first argument into internal
386*0Sstevel@tonic-gate * form suitable for input to gss_acquire_cred()
387*0Sstevel@tonic-gate */
388*0Sstevel@tonic-gate
389*0Sstevel@tonic-gate if ((status = gss_import_name(&minor_status, &name,
390*0Sstevel@tonic-gate (gss_OID)GSS_C_NT_HOSTBASED_SERVICE, &desired_name))
391*0Sstevel@tonic-gate != GSS_S_COMPLETE) {
392*0Sstevel@tonic-gate printf(gettext(
393*0Sstevel@tonic-gate "could not parse desired name: err (octal) %o (%s)\n"),
394*0Sstevel@tonic-gate status, gettext("gss_acquire_cred error"));
395*0Sstevel@tonic-gate return;
396*0Sstevel@tonic-gate }
397*0Sstevel@tonic-gate
398*0Sstevel@tonic-gate argc--;
399*0Sstevel@tonic-gate argv++;
400*0Sstevel@tonic-gate
401*0Sstevel@tonic-gate /*
402*0Sstevel@tonic-gate * The next argument is an OID in dotted decimal form.
403*0Sstevel@tonic-gate */
404*0Sstevel@tonic-gate
405*0Sstevel@tonic-gate if (argc == 0) {
406*0Sstevel@tonic-gate printf(gettext("Assuming Kerberos V5 as the mechanism\n"));
407*0Sstevel@tonic-gate printf(gettext(
408*0Sstevel@tonic-gate "The mech OID 1.2.840.113554.1.2.2 will be used\n"));
409*0Sstevel@tonic-gate mech_type = gss_str2oid((char *)GSS_KRB5_MECH_OID);
410*0Sstevel@tonic-gate } else
411*0Sstevel@tonic-gate mech_type = gss_str2oid(argv[0]);
412*0Sstevel@tonic-gate
413*0Sstevel@tonic-gate if (mech_type == 0 || mech_type->length == 0) {
414*0Sstevel@tonic-gate printf(gettext("improperly formated mechanism OID\n"));
415*0Sstevel@tonic-gate return;
416*0Sstevel@tonic-gate }
417*0Sstevel@tonic-gate
418*0Sstevel@tonic-gate /*
419*0Sstevel@tonic-gate * set up desired_mechs so it points to mech_type.
420*0Sstevel@tonic-gate */
421*0Sstevel@tonic-gate
422*0Sstevel@tonic-gate desired_mechs = (gss_OID_set) MALLOC(sizeof (gss_OID_desc));
423*0Sstevel@tonic-gate
424*0Sstevel@tonic-gate desired_mechs->count = 1;
425*0Sstevel@tonic-gate desired_mechs->elements = mech_type;
426*0Sstevel@tonic-gate
427*0Sstevel@tonic-gate status = kgss_acquire_cred(
428*0Sstevel@tonic-gate &minor_status,
429*0Sstevel@tonic-gate desired_name,
430*0Sstevel@tonic-gate time_req,
431*0Sstevel@tonic-gate desired_mechs,
432*0Sstevel@tonic-gate cred_usage,
433*0Sstevel@tonic-gate &acceptor_credentials,
434*0Sstevel@tonic-gate &actual_mechs,
435*0Sstevel@tonic-gate &time_rec,
436*0Sstevel@tonic-gate uid);
437*0Sstevel@tonic-gate
438*0Sstevel@tonic-gate /* store major and minor status for gss_display_status() call */
439*0Sstevel@tonic-gate
440*0Sstevel@tonic-gate gss_major_code = status;
441*0Sstevel@tonic-gate gss_minor_code = minor_status;
442*0Sstevel@tonic-gate
443*0Sstevel@tonic-gate if (status == GSS_S_COMPLETE) {
444*0Sstevel@tonic-gate /* process returned values */
445*0Sstevel@tonic-gate
446*0Sstevel@tonic-gate printf(gettext("\nacquire succeeded\n\n"));
447*0Sstevel@tonic-gate
448*0Sstevel@tonic-gate /*
449*0Sstevel@tonic-gate * print out the actual mechs returned NB: Since only one
450*0Sstevel@tonic-gate * mechanism is specified in desired_mechs, only one
451*0Sstevel@tonic-gate * can be returned in actual_mechs. Consequently,
452*0Sstevel@tonic-gate * actual_mechs->elements points to an array of only one
453*0Sstevel@tonic-gate * element.
454*0Sstevel@tonic-gate */
455*0Sstevel@tonic-gate
456*0Sstevel@tonic-gate if ((string = gss_oid2str(actual_mechs->elements)) == 0) {
457*0Sstevel@tonic-gate printf(gettext("actual mechs == NULL\n\n"));
458*0Sstevel@tonic-gate } else {
459*0Sstevel@tonic-gate printf(gettext("actual mechs = %s\n\n"), string);
460*0Sstevel@tonic-gate FREE(string, (actual_mechs->elements->length+1)*4+1);
461*0Sstevel@tonic-gate }
462*0Sstevel@tonic-gate
463*0Sstevel@tonic-gate if (cred_usage == GSS_C_BOTH)
464*0Sstevel@tonic-gate printf(gettext("GSS_C_BOTH\n\n"));
465*0Sstevel@tonic-gate
466*0Sstevel@tonic-gate if (cred_usage == GSS_C_INITIATE)
467*0Sstevel@tonic-gate printf(gettext("GSS_C_INITIATE\n\n"));
468*0Sstevel@tonic-gate
469*0Sstevel@tonic-gate if (cred_usage == GSS_C_ACCEPT)
470*0Sstevel@tonic-gate printf(gettext("GSS_C_ACCEPT\n\n"));
471*0Sstevel@tonic-gate status = kgss_inquire_cred(
472*0Sstevel@tonic-gate &minor_status,
473*0Sstevel@tonic-gate acceptor_credentials,
474*0Sstevel@tonic-gate NULL,
475*0Sstevel@tonic-gate &time_req,
476*0Sstevel@tonic-gate &cred_usage,
477*0Sstevel@tonic-gate &inquire_mechs,
478*0Sstevel@tonic-gate uid);
479*0Sstevel@tonic-gate
480*0Sstevel@tonic-gate if (status != GSS_S_COMPLETE)
481*0Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"),
482*0Sstevel@tonic-gate status, gettext("gss_inquire_cred error"));
483*0Sstevel@tonic-gate else {
484*0Sstevel@tonic-gate if ((inq_string =
485*0Sstevel@tonic-gate gss_oid2str(inquire_mechs->elements)) == 0) {
486*0Sstevel@tonic-gate printf(gettext
487*0Sstevel@tonic-gate ("mechs from inquire == NULL\n\n"));
488*0Sstevel@tonic-gate } else {
489*0Sstevel@tonic-gate printf(gettext
490*0Sstevel@tonic-gate ("mechs from inquiry = %s\n\n"),
491*0Sstevel@tonic-gate inq_string);
492*0Sstevel@tonic-gate FREE(inq_string,
493*0Sstevel@tonic-gate (inquire_mechs->elements->length+1)*4+1);
494*0Sstevel@tonic-gate }
495*0Sstevel@tonic-gate printf(gettext("inquire_cred successful \n\n"));
496*0Sstevel@tonic-gate }
497*0Sstevel@tonic-gate
498*0Sstevel@tonic-gate } else {
499*0Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"),
500*0Sstevel@tonic-gate status, gettext("gss_acquire_cred error"));
501*0Sstevel@tonic-gate }
502*0Sstevel@tonic-gate
503*0Sstevel@tonic-gate /* free allocated memory */
504*0Sstevel@tonic-gate
505*0Sstevel@tonic-gate /* actual mechs is allocated by clnt_stubs. Release it here */
506*0Sstevel@tonic-gate if (actual_mechs != GSS_C_NULL_OID_SET)
507*0Sstevel@tonic-gate gss_release_oid_set_and_oids(&minor_status, &actual_mechs);
508*0Sstevel@tonic-gate if (inquire_mechs != GSS_C_NULL_OID_SET)
509*0Sstevel@tonic-gate gss_release_oid_set_and_oids(&minor_status, &inquire_mechs);
510*0Sstevel@tonic-gate
511*0Sstevel@tonic-gate gss_release_name(&minor_status, &desired_name);
512*0Sstevel@tonic-gate
513*0Sstevel@tonic-gate /* mech_type and desired_mechs are allocated above. Release it here */
514*0Sstevel@tonic-gate
515*0Sstevel@tonic-gate FREE(mech_type->elements, mech_type->length);
516*0Sstevel@tonic-gate FREE(mech_type, sizeof (gss_OID_desc));
517*0Sstevel@tonic-gate FREE(desired_mechs, sizeof (gss_OID_desc));
518*0Sstevel@tonic-gate }
519*0Sstevel@tonic-gate
520*0Sstevel@tonic-gate static void
_gss_add_cred(argc,argv)521*0Sstevel@tonic-gate _gss_add_cred(argc, argv)
522*0Sstevel@tonic-gate int argc;
523*0Sstevel@tonic-gate char **argv;
524*0Sstevel@tonic-gate {
525*0Sstevel@tonic-gate
526*0Sstevel@tonic-gate OM_UINT32 status, minor_status;
527*0Sstevel@tonic-gate gss_buffer_desc name;
528*0Sstevel@tonic-gate gss_name_t desired_name = (gss_name_t) 0;
529*0Sstevel@tonic-gate OM_uint32 time_req;
530*0Sstevel@tonic-gate OM_uint32 initiator_time_req;
531*0Sstevel@tonic-gate OM_uint32 acceptor_time_req;
532*0Sstevel@tonic-gate int cred_usage;
533*0Sstevel@tonic-gate gss_OID_set actual_mechs = GSS_C_NULL_OID_SET;
534*0Sstevel@tonic-gate gss_OID_set inquire_mechs = GSS_C_NULL_OID_SET;
535*0Sstevel@tonic-gate char * string;
536*0Sstevel@tonic-gate uid_t uid;
537*0Sstevel@tonic-gate gss_OID mech_type;
538*0Sstevel@tonic-gate int i;
539*0Sstevel@tonic-gate
540*0Sstevel@tonic-gate /*
541*0Sstevel@tonic-gate * First set up the command line independent input arguments.
542*0Sstevel@tonic-gate */
543*0Sstevel@tonic-gate
544*0Sstevel@tonic-gate initiator_time_req = (OM_uint32) 0;
545*0Sstevel@tonic-gate acceptor_time_req = (OM_uint32) 0;
546*0Sstevel@tonic-gate cred_usage = GSS_C_ACCEPT;
547*0Sstevel@tonic-gate uid = getuid();
548*0Sstevel@tonic-gate
549*0Sstevel@tonic-gate /* Parse the command line for the variable input arguments */
550*0Sstevel@tonic-gate
551*0Sstevel@tonic-gate if (argc == 0) {
552*0Sstevel@tonic-gate usage();
553*0Sstevel@tonic-gate return;
554*0Sstevel@tonic-gate }
555*0Sstevel@tonic-gate
556*0Sstevel@tonic-gate /*
557*0Sstevel@tonic-gate * Get the name of the principal.
558*0Sstevel@tonic-gate */
559*0Sstevel@tonic-gate
560*0Sstevel@tonic-gate name.length = strlen(argv[0])+1;
561*0Sstevel@tonic-gate name.value = argv[0];
562*0Sstevel@tonic-gate
563*0Sstevel@tonic-gate /*
564*0Sstevel@tonic-gate * Now convert the string given by the first argument into internal
565*0Sstevel@tonic-gate * form suitable for input to gss_acquire_cred()
566*0Sstevel@tonic-gate */
567*0Sstevel@tonic-gate
568*0Sstevel@tonic-gate if ((status = gss_import_name(&minor_status, &name,
569*0Sstevel@tonic-gate (gss_OID)GSS_C_NT_HOSTBASED_SERVICE, &desired_name))
570*0Sstevel@tonic-gate != GSS_S_COMPLETE) {
571*0Sstevel@tonic-gate printf(gettext(
572*0Sstevel@tonic-gate "could not parse desired name: err (octal) %o (%s)\n"),
573*0Sstevel@tonic-gate status, gettext("gss_acquire_cred error"));
574*0Sstevel@tonic-gate return;
575*0Sstevel@tonic-gate }
576*0Sstevel@tonic-gate
577*0Sstevel@tonic-gate argc--;
578*0Sstevel@tonic-gate argv++;
579*0Sstevel@tonic-gate
580*0Sstevel@tonic-gate /*
581*0Sstevel@tonic-gate * The next argument is an OID in dotted decimal form.
582*0Sstevel@tonic-gate */
583*0Sstevel@tonic-gate
584*0Sstevel@tonic-gate if (argc == 0) {
585*0Sstevel@tonic-gate printf(gettext("Assuming dummy as the mechanism\n"));
586*0Sstevel@tonic-gate printf(gettext(
587*0Sstevel@tonic-gate "The mech OID 1.3.6.1.4.1.42.2.26.1.2 will be used\n"));
588*0Sstevel@tonic-gate mech_type = gss_str2oid((char *)GSS_DUMMY_MECH_OID);
589*0Sstevel@tonic-gate } else
590*0Sstevel@tonic-gate mech_type = gss_str2oid(argv[0]);
591*0Sstevel@tonic-gate
592*0Sstevel@tonic-gate if (mech_type == 0 || mech_type->length == 0) {
593*0Sstevel@tonic-gate printf(gettext("improperly formated mechanism OID\n"));
594*0Sstevel@tonic-gate return;
595*0Sstevel@tonic-gate }
596*0Sstevel@tonic-gate
597*0Sstevel@tonic-gate /*
598*0Sstevel@tonic-gate * set up desired_mechs so it points to mech_type.
599*0Sstevel@tonic-gate */
600*0Sstevel@tonic-gate
601*0Sstevel@tonic-gate status = kgss_add_cred(
602*0Sstevel@tonic-gate &minor_status,
603*0Sstevel@tonic-gate acceptor_credentials,
604*0Sstevel@tonic-gate desired_name,
605*0Sstevel@tonic-gate mech_type,
606*0Sstevel@tonic-gate cred_usage,
607*0Sstevel@tonic-gate initiator_time_req,
608*0Sstevel@tonic-gate acceptor_time_req,
609*0Sstevel@tonic-gate &actual_mechs,
610*0Sstevel@tonic-gate NULL,
611*0Sstevel@tonic-gate NULL,
612*0Sstevel@tonic-gate uid);
613*0Sstevel@tonic-gate
614*0Sstevel@tonic-gate /* store major and minor status for gss_display_status() call */
615*0Sstevel@tonic-gate
616*0Sstevel@tonic-gate gss_major_code = status;
617*0Sstevel@tonic-gate gss_minor_code = minor_status;
618*0Sstevel@tonic-gate if (status == GSS_S_COMPLETE) {
619*0Sstevel@tonic-gate /* process returned values */
620*0Sstevel@tonic-gate
621*0Sstevel@tonic-gate printf(gettext("\nadd succeeded\n\n"));
622*0Sstevel@tonic-gate if (actual_mechs) {
623*0Sstevel@tonic-gate for (i = 0; i < actual_mechs->count; i++) {
624*0Sstevel@tonic-gate if ((string =
625*0Sstevel@tonic-gate gss_oid2str
626*0Sstevel@tonic-gate (&actual_mechs->elements[i])) == 0) {
627*0Sstevel@tonic-gate printf(gettext
628*0Sstevel@tonic-gate ("actual mechs == NULL\n\n"));
629*0Sstevel@tonic-gate } else {
630*0Sstevel@tonic-gate printf(gettext
631*0Sstevel@tonic-gate ("actual mechs = %s\n\n"), string);
632*0Sstevel@tonic-gate FREE(string,
633*0Sstevel@tonic-gate (actual_mechs->elements->length+1)*4+1);
634*0Sstevel@tonic-gate }
635*0Sstevel@tonic-gate }
636*0Sstevel@tonic-gate }
637*0Sstevel@tonic-gate /*
638*0Sstevel@tonic-gate * Try adding the cred again for the same mech
639*0Sstevel@tonic-gate * We should get GSS_S_DUPLICATE_ELEMENT
640*0Sstevel@tonic-gate * if not return an error
641*0Sstevel@tonic-gate */
642*0Sstevel@tonic-gate status = kgss_add_cred(
643*0Sstevel@tonic-gate &minor_status,
644*0Sstevel@tonic-gate acceptor_credentials,
645*0Sstevel@tonic-gate desired_name,
646*0Sstevel@tonic-gate mech_type,
647*0Sstevel@tonic-gate cred_usage,
648*0Sstevel@tonic-gate initiator_time_req,
649*0Sstevel@tonic-gate acceptor_time_req,
650*0Sstevel@tonic-gate NULL, /* &actual_mechs, */
651*0Sstevel@tonic-gate NULL,
652*0Sstevel@tonic-gate NULL,
653*0Sstevel@tonic-gate uid);
654*0Sstevel@tonic-gate if (status != GSS_S_DUPLICATE_ELEMENT) {
655*0Sstevel@tonic-gate printf(gettext("Expected duplicate element, Got "
656*0Sstevel@tonic-gate " (octal) %o (%s)\n"),
657*0Sstevel@tonic-gate status, gettext("gss_add_cred error"));
658*0Sstevel@tonic-gate }
659*0Sstevel@tonic-gate status = kgss_inquire_cred(
660*0Sstevel@tonic-gate &minor_status,
661*0Sstevel@tonic-gate acceptor_credentials,
662*0Sstevel@tonic-gate NULL,
663*0Sstevel@tonic-gate &time_req,
664*0Sstevel@tonic-gate &cred_usage,
665*0Sstevel@tonic-gate &inquire_mechs,
666*0Sstevel@tonic-gate uid);
667*0Sstevel@tonic-gate
668*0Sstevel@tonic-gate if (status != GSS_S_COMPLETE)
669*0Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"),
670*0Sstevel@tonic-gate status, gettext("gss_inquire_cred error"));
671*0Sstevel@tonic-gate else {
672*0Sstevel@tonic-gate for (i = 0; i < inquire_mechs->count; i++) {
673*0Sstevel@tonic-gate if ((string =
674*0Sstevel@tonic-gate gss_oid2str
675*0Sstevel@tonic-gate (&inquire_mechs->elements[i])) == 0) {
676*0Sstevel@tonic-gate printf(gettext
677*0Sstevel@tonic-gate ("inquire_mechs mechs == NULL\n\n"));
678*0Sstevel@tonic-gate } else {
679*0Sstevel@tonic-gate printf(gettext
680*0Sstevel@tonic-gate ("inquire_cred mechs = %s\n\n"),
681*0Sstevel@tonic-gate string);
682*0Sstevel@tonic-gate FREE(string,
683*0Sstevel@tonic-gate (inquire_mechs->elements->length+1)*4
684*0Sstevel@tonic-gate +1);
685*0Sstevel@tonic-gate }
686*0Sstevel@tonic-gate }
687*0Sstevel@tonic-gate printf(gettext("inquire_cred successful \n\n"));
688*0Sstevel@tonic-gate }
689*0Sstevel@tonic-gate
690*0Sstevel@tonic-gate } else {
691*0Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"),
692*0Sstevel@tonic-gate status, gettext("gss_acquire_cred error"));
693*0Sstevel@tonic-gate }
694*0Sstevel@tonic-gate
695*0Sstevel@tonic-gate /* Let us do inquire_cred_by_mech for both mechanisms */
696*0Sstevel@tonic-gate status = kgss_inquire_cred_by_mech(
697*0Sstevel@tonic-gate &minor_status,
698*0Sstevel@tonic-gate acceptor_credentials,
699*0Sstevel@tonic-gate mech_type,
700*0Sstevel@tonic-gate uid);
701*0Sstevel@tonic-gate if (status != GSS_S_COMPLETE)
702*0Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"),
703*0Sstevel@tonic-gate status, gettext("gss_inquire_cred_by_mech"));
704*0Sstevel@tonic-gate else
705*0Sstevel@tonic-gate printf(gettext("gss_inquire_cred_by_mech successful"));
706*0Sstevel@tonic-gate
707*0Sstevel@tonic-gate
708*0Sstevel@tonic-gate FREE(mech_type->elements, mech_type->length);
709*0Sstevel@tonic-gate FREE(mech_type, sizeof (gss_OID_desc));
710*0Sstevel@tonic-gate mech_type = gss_str2oid((char *)GSS_KRB5_MECH_OID);
711*0Sstevel@tonic-gate status = kgss_inquire_cred_by_mech(
712*0Sstevel@tonic-gate &minor_status,
713*0Sstevel@tonic-gate acceptor_credentials,
714*0Sstevel@tonic-gate mech_type,
715*0Sstevel@tonic-gate uid);
716*0Sstevel@tonic-gate if (status != GSS_S_COMPLETE)
717*0Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"),
718*0Sstevel@tonic-gate status, gettext
719*0Sstevel@tonic-gate ("gss_inquire_cred_by_mech for dummy mech error"));
720*0Sstevel@tonic-gate
721*0Sstevel@tonic-gate /* free allocated memory */
722*0Sstevel@tonic-gate
723*0Sstevel@tonic-gate /* actual mechs is allocated by clnt_stubs. Release it here */
724*0Sstevel@tonic-gate if (actual_mechs != GSS_C_NULL_OID_SET)
725*0Sstevel@tonic-gate gss_release_oid_set_and_oids(&minor_status, &actual_mechs);
726*0Sstevel@tonic-gate if (inquire_mechs != GSS_C_NULL_OID_SET)
727*0Sstevel@tonic-gate gss_release_oid_set_and_oids(&minor_status, &inquire_mechs);
728*0Sstevel@tonic-gate
729*0Sstevel@tonic-gate gss_release_name(&minor_status, &desired_name);
730*0Sstevel@tonic-gate
731*0Sstevel@tonic-gate /* mech_type and desired_mechs are allocated above. Release it here */
732*0Sstevel@tonic-gate
733*0Sstevel@tonic-gate FREE(mech_type->elements, mech_type->length);
734*0Sstevel@tonic-gate FREE(mech_type, sizeof (gss_OID_desc));
735*0Sstevel@tonic-gate }
736*0Sstevel@tonic-gate
737*0Sstevel@tonic-gate /*ARGSUSED*/
738*0Sstevel@tonic-gate static void
_gss_release_cred(argc,argv)739*0Sstevel@tonic-gate _gss_release_cred(argc, argv)
740*0Sstevel@tonic-gate int argc;
741*0Sstevel@tonic-gate char **argv;
742*0Sstevel@tonic-gate {
743*0Sstevel@tonic-gate OM_UINT32 status;
744*0Sstevel@tonic-gate OM_UINT32 minor_status;
745*0Sstevel@tonic-gate uid_t uid;
746*0Sstevel@tonic-gate
747*0Sstevel@tonic-gate /* set up input arguments here */
748*0Sstevel@tonic-gate
749*0Sstevel@tonic-gate if (argc != 0) {
750*0Sstevel@tonic-gate usage();
751*0Sstevel@tonic-gate return;
752*0Sstevel@tonic-gate }
753*0Sstevel@tonic-gate
754*0Sstevel@tonic-gate uid = getuid();
755*0Sstevel@tonic-gate
756*0Sstevel@tonic-gate status = kgss_release_cred(
757*0Sstevel@tonic-gate &minor_status,
758*0Sstevel@tonic-gate &acceptor_credentials,
759*0Sstevel@tonic-gate uid);
760*0Sstevel@tonic-gate
761*0Sstevel@tonic-gate /* store major and minor status for gss_display_status() call */
762*0Sstevel@tonic-gate
763*0Sstevel@tonic-gate gss_major_code = status;
764*0Sstevel@tonic-gate gss_minor_code = minor_status;
765*0Sstevel@tonic-gate
766*0Sstevel@tonic-gate if (status == GSS_S_COMPLETE) {
767*0Sstevel@tonic-gate printf(gettext("\nrelease succeeded\n\n"));
768*0Sstevel@tonic-gate } else {
769*0Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"),
770*0Sstevel@tonic-gate status, gettext("gss_release_cred error"));
771*0Sstevel@tonic-gate }
772*0Sstevel@tonic-gate }
773*0Sstevel@tonic-gate
774*0Sstevel@tonic-gate static void
_gss_init_sec_context(argc,argv)775*0Sstevel@tonic-gate _gss_init_sec_context(argc, argv)
776*0Sstevel@tonic-gate int argc;
777*0Sstevel@tonic-gate char **argv;
778*0Sstevel@tonic-gate {
779*0Sstevel@tonic-gate
780*0Sstevel@tonic-gate OM_uint32 status;
781*0Sstevel@tonic-gate
782*0Sstevel@tonic-gate OM_uint32 minor_status;
783*0Sstevel@tonic-gate gss_cred_id_t claimant_cred_handle;
784*0Sstevel@tonic-gate gss_name_t target_name = (gss_name_t) 0;
785*0Sstevel@tonic-gate gss_OID mech_type = (gss_OID) 0;
786*0Sstevel@tonic-gate int req_flags;
787*0Sstevel@tonic-gate OM_uint32 time_req;
788*0Sstevel@tonic-gate gss_channel_bindings_t input_chan_bindings;
789*0Sstevel@tonic-gate gss_buffer_t input_token;
790*0Sstevel@tonic-gate gss_buffer_desc context_token;
791*0Sstevel@tonic-gate gss_OID actual_mech_type;
792*0Sstevel@tonic-gate int ret_flags;
793*0Sstevel@tonic-gate OM_uint32 time_rec;
794*0Sstevel@tonic-gate uid_t uid;
795*0Sstevel@tonic-gate char * string;
796*0Sstevel@tonic-gate gss_buffer_desc name;
797*0Sstevel@tonic-gate
798*0Sstevel@tonic-gate /*
799*0Sstevel@tonic-gate * If this is the first phase of the context establishment,
800*0Sstevel@tonic-gate * clear initiator_context_handle and indicate next phase.
801*0Sstevel@tonic-gate */
802*0Sstevel@tonic-gate
803*0Sstevel@tonic-gate if (init_sec_context_phase == 0) {
804*0Sstevel@tonic-gate initiator_context_handle = GSS_C_NO_CONTEXT;
805*0Sstevel@tonic-gate input_token = GSS_C_NO_BUFFER;
806*0Sstevel@tonic-gate init_sec_context_phase = 1;
807*0Sstevel@tonic-gate } else
808*0Sstevel@tonic-gate input_token = &init_token_buffer;
809*0Sstevel@tonic-gate
810*0Sstevel@tonic-gate /*
811*0Sstevel@tonic-gate * First set up the non-variable command line independent input
812*0Sstevel@tonic-gate * arguments
813*0Sstevel@tonic-gate */
814*0Sstevel@tonic-gate
815*0Sstevel@tonic-gate claimant_cred_handle = GSS_C_NO_CREDENTIAL;
816*0Sstevel@tonic-gate
817*0Sstevel@tonic-gate req_flags = GSS_C_MUTUAL_FLAG;
818*0Sstevel@tonic-gate time_req = (OM_uint32) 0;
819*0Sstevel@tonic-gate input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS;
820*0Sstevel@tonic-gate uid = getuid();
821*0Sstevel@tonic-gate
822*0Sstevel@tonic-gate /* Now parse the command line for the remaining input arguments */
823*0Sstevel@tonic-gate
824*0Sstevel@tonic-gate if (argc == 0) {
825*0Sstevel@tonic-gate usage();
826*0Sstevel@tonic-gate return;
827*0Sstevel@tonic-gate }
828*0Sstevel@tonic-gate
829*0Sstevel@tonic-gate /*
830*0Sstevel@tonic-gate * Get the name of the target.
831*0Sstevel@tonic-gate */
832*0Sstevel@tonic-gate
833*0Sstevel@tonic-gate name.length = strlen(argv[0])+1;
834*0Sstevel@tonic-gate name.value = argv[0];
835*0Sstevel@tonic-gate
836*0Sstevel@tonic-gate /*
837*0Sstevel@tonic-gate * Now convert the string given by the first argument into a target
838*0Sstevel@tonic-gate * name suitable for input to gss_init_sec_context()
839*0Sstevel@tonic-gate */
840*0Sstevel@tonic-gate
841*0Sstevel@tonic-gate if ((status = gss_import_name(&minor_status, &name,
842*0Sstevel@tonic-gate /* GSS_C_NULL_OID, &target_name)) */
843*0Sstevel@tonic-gate (gss_OID)GSS_C_NT_HOSTBASED_SERVICE, &target_name))
844*0Sstevel@tonic-gate != GSS_S_COMPLETE) {
845*0Sstevel@tonic-gate printf(gettext(
846*0Sstevel@tonic-gate "could not parse target name: err (octal) %o (%s)\n"),
847*0Sstevel@tonic-gate status,
848*0Sstevel@tonic-gate gettext("gss_init_sec_context error"));
849*0Sstevel@tonic-gate if (input_token != GSS_C_NO_BUFFER)
850*0Sstevel@tonic-gate gss_release_buffer(&minor_status, &init_token_buffer);
851*0Sstevel@tonic-gate init_sec_context_phase = 0;
852*0Sstevel@tonic-gate return;
853*0Sstevel@tonic-gate }
854*0Sstevel@tonic-gate
855*0Sstevel@tonic-gate argc--;
856*0Sstevel@tonic-gate argv++;
857*0Sstevel@tonic-gate
858*0Sstevel@tonic-gate if (argc == 0) {
859*0Sstevel@tonic-gate printf(gettext("Assuming Kerberos V5 as the mechanism\n"));
860*0Sstevel@tonic-gate printf(gettext(
861*0Sstevel@tonic-gate "The mech OID 1.2.840.113554.1.2.2 will be used\n"));
862*0Sstevel@tonic-gate mech_type = gss_str2oid((char *)GSS_KRB5_MECH_OID);
863*0Sstevel@tonic-gate } else {
864*0Sstevel@tonic-gate mech_type = gss_str2oid(argv[0]);
865*0Sstevel@tonic-gate }
866*0Sstevel@tonic-gate
867*0Sstevel@tonic-gate if (mech_type == 0 || mech_type->length == 0) {
868*0Sstevel@tonic-gate printf(gettext("improperly formated mechanism OID\n"));
869*0Sstevel@tonic-gate if (input_token != GSS_C_NO_BUFFER)
870*0Sstevel@tonic-gate gss_release_buffer(&minor_status, &init_token_buffer);
871*0Sstevel@tonic-gate init_sec_context_phase = 0;
872*0Sstevel@tonic-gate return;
873*0Sstevel@tonic-gate }
874*0Sstevel@tonic-gate
875*0Sstevel@tonic-gate /* call kgss_init_sec_context */
876*0Sstevel@tonic-gate
877*0Sstevel@tonic-gate status = kgss_init_sec_context(&minor_status,
878*0Sstevel@tonic-gate claimant_cred_handle,
879*0Sstevel@tonic-gate &initiator_context_handle,
880*0Sstevel@tonic-gate target_name,
881*0Sstevel@tonic-gate mech_type,
882*0Sstevel@tonic-gate req_flags,
883*0Sstevel@tonic-gate time_req,
884*0Sstevel@tonic-gate input_chan_bindings,
885*0Sstevel@tonic-gate input_token,
886*0Sstevel@tonic-gate &actual_mech_type,
887*0Sstevel@tonic-gate &accept_token_buffer,
888*0Sstevel@tonic-gate &ret_flags,
889*0Sstevel@tonic-gate &time_rec,
890*0Sstevel@tonic-gate uid);
891*0Sstevel@tonic-gate
892*0Sstevel@tonic-gate /* store major and minor status for gss_display_status() call */
893*0Sstevel@tonic-gate gss_major_code = status;
894*0Sstevel@tonic-gate gss_minor_code = minor_status;
895*0Sstevel@tonic-gate
896*0Sstevel@tonic-gate if (status != GSS_S_COMPLETE &&
897*0Sstevel@tonic-gate status != GSS_S_CONTINUE_NEEDED) {
898*0Sstevel@tonic-gate
899*0Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"),
900*0Sstevel@tonic-gate status, "gss_init_sec_context error");
901*0Sstevel@tonic-gate init_sec_context_phase = 0;
902*0Sstevel@tonic-gate if (status == GSS_S_NO_CRED)
903*0Sstevel@tonic-gate printf(gettext(" : no credentials"));
904*0Sstevel@tonic-gate if (input_token != GSS_C_NO_BUFFER)
905*0Sstevel@tonic-gate gss_release_buffer(&minor_status, &init_token_buffer);
906*0Sstevel@tonic-gate if (status != GSS_S_FAILURE && minor_status != 0xffffffff)
907*0Sstevel@tonic-gate status = kgss_delete_sec_context(&minor_status,
908*0Sstevel@tonic-gate &initiator_context_handle,
909*0Sstevel@tonic-gate &msg_token);
910*0Sstevel@tonic-gate return;
911*0Sstevel@tonic-gate
912*0Sstevel@tonic-gate } else if (status == GSS_S_COMPLETE) {
913*0Sstevel@tonic-gate
914*0Sstevel@tonic-gate /* process returned values */
915*0Sstevel@tonic-gate
916*0Sstevel@tonic-gate printf(gettext("\ninit succeeded\n\n"));
917*0Sstevel@tonic-gate
918*0Sstevel@tonic-gate /* print out the actual mechanism type */
919*0Sstevel@tonic-gate
920*0Sstevel@tonic-gate if ((string = gss_oid2str(actual_mech_type)) == 0) {
921*0Sstevel@tonic-gate
922*0Sstevel@tonic-gate printf(gettext(
923*0Sstevel@tonic-gate "gssapi internal err : actual "
924*0Sstevel@tonic-gate "mech type null\n"));
925*0Sstevel@tonic-gate init_sec_context_phase = 0;
926*0Sstevel@tonic-gate if (input_token != GSS_C_NO_BUFFER)
927*0Sstevel@tonic-gate gss_release_buffer(&minor_status,
928*0Sstevel@tonic-gate &init_token_buffer);
929*0Sstevel@tonic-gate gss_release_buffer(&minor_status, &accept_token_buffer);
930*0Sstevel@tonic-gate status = kgss_delete_sec_context(&minor_status,
931*0Sstevel@tonic-gate &initiator_context_handle,
932*0Sstevel@tonic-gate &msg_token);
933*0Sstevel@tonic-gate return;
934*0Sstevel@tonic-gate } else {
935*0Sstevel@tonic-gate printf(gettext("actual mech type = %s\n\n"), string);
936*0Sstevel@tonic-gate FREE(string, (actual_mech_type->length+1)*4+1);
937*0Sstevel@tonic-gate }
938*0Sstevel@tonic-gate
939*0Sstevel@tonic-gate /* print out value of ret_flags and time_req */
940*0Sstevel@tonic-gate
941*0Sstevel@tonic-gate if (ret_flags & GSS_C_DELEG_FLAG)
942*0Sstevel@tonic-gate printf(gettext("GSS_C_DELEG_FLAG = True\n"));
943*0Sstevel@tonic-gate else
944*0Sstevel@tonic-gate printf(gettext("GSS_C_DELEG_FLAG = False\n"));
945*0Sstevel@tonic-gate
946*0Sstevel@tonic-gate if (ret_flags & GSS_C_MUTUAL_FLAG)
947*0Sstevel@tonic-gate printf(gettext("GSS_C_MUTUAL_FLAG = True\n"));
948*0Sstevel@tonic-gate else
949*0Sstevel@tonic-gate printf(gettext("GSS_C_MUTUAL_FLAG = False\n"));
950*0Sstevel@tonic-gate
951*0Sstevel@tonic-gate if (ret_flags & GSS_C_REPLAY_FLAG)
952*0Sstevel@tonic-gate printf(gettext("GSS_C_REPLAY_FLAG = True\n"));
953*0Sstevel@tonic-gate else
954*0Sstevel@tonic-gate printf(gettext("GSS_C_REPLAY_FLAG = False\n"));
955*0Sstevel@tonic-gate
956*0Sstevel@tonic-gate if (ret_flags & GSS_C_SEQUENCE_FLAG)
957*0Sstevel@tonic-gate printf(gettext("GSS_C_SEQUENCE_FLAG = True\n"));
958*0Sstevel@tonic-gate else
959*0Sstevel@tonic-gate printf(gettext("GSS_C_SEQUENCE_FLAG = False\n"));
960*0Sstevel@tonic-gate
961*0Sstevel@tonic-gate if (ret_flags & GSS_C_CONF_FLAG)
962*0Sstevel@tonic-gate printf(gettext("GSS_C_CONF_FLAG = True\n"));
963*0Sstevel@tonic-gate else
964*0Sstevel@tonic-gate printf(gettext("GSS_C_CONF_FLAG = False\n"));
965*0Sstevel@tonic-gate
966*0Sstevel@tonic-gate if (ret_flags & GSS_C_INTEG_FLAG)
967*0Sstevel@tonic-gate printf(gettext("GSS_C_INTEG_FLAG = True\n\n"));
968*0Sstevel@tonic-gate else
969*0Sstevel@tonic-gate printf(gettext("GSS_C_INTEG_FLAG = False\n\n"));
970*0Sstevel@tonic-gate
971*0Sstevel@tonic-gate printf(gettext("time_req = %u seconds\n\n"), time_rec);
972*0Sstevel@tonic-gate
973*0Sstevel@tonic-gate /* free allocated memory */
974*0Sstevel@tonic-gate
975*0Sstevel@tonic-gate FREE(mech_type->elements, mech_type->length);
976*0Sstevel@tonic-gate FREE(mech_type, sizeof (gss_OID_desc));
977*0Sstevel@tonic-gate
978*0Sstevel@tonic-gate /* these two were malloc'd by kgss_init_sec_context() */
979*0Sstevel@tonic-gate
980*0Sstevel@tonic-gate FREE(actual_mech_type->elements, actual_mech_type->length);
981*0Sstevel@tonic-gate FREE(actual_mech_type, sizeof (gss_OID_desc));
982*0Sstevel@tonic-gate
983*0Sstevel@tonic-gate gss_release_name(&minor_status, &target_name);
984*0Sstevel@tonic-gate
985*0Sstevel@tonic-gate if (input_token != GSS_C_NO_BUFFER)
986*0Sstevel@tonic-gate gss_release_buffer(&minor_status, &init_token_buffer);
987*0Sstevel@tonic-gate
988*0Sstevel@tonic-gate /*
989*0Sstevel@tonic-gate * if status == GSS_S_COMPLETE, reset the phase to 0 and
990*0Sstevel@tonic-gate * release token in accept_token_buffer
991*0Sstevel@tonic-gate */
992*0Sstevel@tonic-gate
993*0Sstevel@tonic-gate init_sec_context_phase = 0;
994*0Sstevel@tonic-gate /* Save and restore the context */
995*0Sstevel@tonic-gate status = kgss_export_sec_context(&minor_status,
996*0Sstevel@tonic-gate &initiator_context_handle,
997*0Sstevel@tonic-gate &context_token);
998*0Sstevel@tonic-gate if (status != GSS_S_COMPLETE) {
999*0Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"),
1000*0Sstevel@tonic-gate status, gettext("gss_export_sec_context_error"));
1001*0Sstevel@tonic-gate return;
1002*0Sstevel@tonic-gate }
1003*0Sstevel@tonic-gate status = kgss_import_sec_context(&minor_status,
1004*0Sstevel@tonic-gate &context_token,
1005*0Sstevel@tonic-gate &initiator_context_handle);
1006*0Sstevel@tonic-gate if (status != GSS_S_COMPLETE) {
1007*0Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"),
1008*0Sstevel@tonic-gate status, gettext("gss_import_sec_context_error"));
1009*0Sstevel@tonic-gate return;
1010*0Sstevel@tonic-gate }
1011*0Sstevel@tonic-gate (void) gss_release_buffer(&minor_status, &context_token);
1012*0Sstevel@tonic-gate
1013*0Sstevel@tonic-gate /* gss_export & gss_import secxc_context worked, return */
1014*0Sstevel@tonic-gate printf(gettext("\nexport and import of contexts succeeded\n"));
1015*0Sstevel@tonic-gate printf(gettext("\ninit completed"));
1016*0Sstevel@tonic-gate
1017*0Sstevel@tonic-gate } else {
1018*0Sstevel@tonic-gate printf(gettext("\nfirst phase of init succeeded"));
1019*0Sstevel@tonic-gate printf(gettext("\ninit must be called again\n\n"));
1020*0Sstevel@tonic-gate }
1021*0Sstevel@tonic-gate
1022*0Sstevel@tonic-gate }
1023*0Sstevel@tonic-gate
1024*0Sstevel@tonic-gate /*ARGSUSED*/
1025*0Sstevel@tonic-gate static void
_gss_accept_sec_context(argc,argv)1026*0Sstevel@tonic-gate _gss_accept_sec_context(argc, argv)
1027*0Sstevel@tonic-gate int argc;
1028*0Sstevel@tonic-gate char **argv;
1029*0Sstevel@tonic-gate {
1030*0Sstevel@tonic-gate OM_UINT32 status;
1031*0Sstevel@tonic-gate
1032*0Sstevel@tonic-gate OM_uint32 minor_status;
1033*0Sstevel@tonic-gate gss_channel_bindings_t input_chan_bindings;
1034*0Sstevel@tonic-gate gss_OID mech_type;
1035*0Sstevel@tonic-gate int ret_flags;
1036*0Sstevel@tonic-gate OM_uint32 time_rec;
1037*0Sstevel@tonic-gate gss_cred_id_t delegated_cred_handle;
1038*0Sstevel@tonic-gate uid_t uid;
1039*0Sstevel@tonic-gate char *string;
1040*0Sstevel@tonic-gate gss_buffer_desc src_name, src_name_string;
1041*0Sstevel@tonic-gate gss_buffer_desc output_token;
1042*0Sstevel@tonic-gate gss_name_t gss_name;
1043*0Sstevel@tonic-gate gss_buffer_desc context_token;
1044*0Sstevel@tonic-gate
1045*0Sstevel@tonic-gate /*
1046*0Sstevel@tonic-gate * If this is the first phase of the context establishment,
1047*0Sstevel@tonic-gate * clear acceptor_context_handle and indicate next phase.
1048*0Sstevel@tonic-gate */
1049*0Sstevel@tonic-gate
1050*0Sstevel@tonic-gate if (accept_sec_context_phase == 0) {
1051*0Sstevel@tonic-gate acceptor_context_handle = GSS_C_NO_CONTEXT;
1052*0Sstevel@tonic-gate accept_sec_context_phase = 1;
1053*0Sstevel@tonic-gate }
1054*0Sstevel@tonic-gate
1055*0Sstevel@tonic-gate /* Now set up the other command line independent input arguments */
1056*0Sstevel@tonic-gate
1057*0Sstevel@tonic-gate input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS;
1058*0Sstevel@tonic-gate
1059*0Sstevel@tonic-gate uid = (uid_t) getuid();
1060*0Sstevel@tonic-gate
1061*0Sstevel@tonic-gate if (argc != 0) {
1062*0Sstevel@tonic-gate usage();
1063*0Sstevel@tonic-gate return;
1064*0Sstevel@tonic-gate }
1065*0Sstevel@tonic-gate
1066*0Sstevel@tonic-gate status = kgss_accept_sec_context(&minor_status,
1067*0Sstevel@tonic-gate &acceptor_context_handle,
1068*0Sstevel@tonic-gate acceptor_credentials,
1069*0Sstevel@tonic-gate &accept_token_buffer,
1070*0Sstevel@tonic-gate input_chan_bindings,
1071*0Sstevel@tonic-gate &src_name,
1072*0Sstevel@tonic-gate &mech_type,
1073*0Sstevel@tonic-gate &init_token_buffer,
1074*0Sstevel@tonic-gate &ret_flags,
1075*0Sstevel@tonic-gate &time_rec,
1076*0Sstevel@tonic-gate &delegated_cred_handle,
1077*0Sstevel@tonic-gate uid);
1078*0Sstevel@tonic-gate
1079*0Sstevel@tonic-gate /* store major and minor status for gss_display_status() call */
1080*0Sstevel@tonic-gate
1081*0Sstevel@tonic-gate gss_major_code = status;
1082*0Sstevel@tonic-gate gss_minor_code = minor_status;
1083*0Sstevel@tonic-gate
1084*0Sstevel@tonic-gate if (status != GSS_S_COMPLETE && status != GSS_S_CONTINUE_NEEDED) {
1085*0Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"),
1086*0Sstevel@tonic-gate status, gettext("gss_accept_sec_context error"));
1087*0Sstevel@tonic-gate gss_release_buffer(&minor_status, &accept_token_buffer);
1088*0Sstevel@tonic-gate return;
1089*0Sstevel@tonic-gate } else if (status == GSS_S_COMPLETE) {
1090*0Sstevel@tonic-gate
1091*0Sstevel@tonic-gate /* process returned values */
1092*0Sstevel@tonic-gate
1093*0Sstevel@tonic-gate printf(gettext("\naccept succeeded\n\n"));
1094*0Sstevel@tonic-gate
1095*0Sstevel@tonic-gate /*
1096*0Sstevel@tonic-gate * convert the exported name returned in src_name into
1097*0Sstevel@tonic-gate * a string and print it.
1098*0Sstevel@tonic-gate */
1099*0Sstevel@tonic-gate if ((status = gss_import_name(&minor_status, &src_name,
1100*0Sstevel@tonic-gate (gss_OID) GSS_C_NT_EXPORT_NAME, &gss_name))
1101*0Sstevel@tonic-gate != GSS_S_COMPLETE) {
1102*0Sstevel@tonic-gate printf(gettext(
1103*0Sstevel@tonic-gate "could not import src name 0x%x\n"), status);
1104*0Sstevel@tonic-gate accept_sec_context_phase = 0;
1105*0Sstevel@tonic-gate status = kgss_delete_sec_context(&minor_status,
1106*0Sstevel@tonic-gate &acceptor_context_handle,
1107*0Sstevel@tonic-gate &output_token);
1108*0Sstevel@tonic-gate gss_release_buffer(&minor_status, &accept_token_buffer);
1109*0Sstevel@tonic-gate if (status == GSS_S_CONTINUE_NEEDED)
1110*0Sstevel@tonic-gate gss_release_buffer(&minor_status,
1111*0Sstevel@tonic-gate &init_token_buffer);
1112*0Sstevel@tonic-gate gss_release_buffer(&minor_status, &src_name);
1113*0Sstevel@tonic-gate return;
1114*0Sstevel@tonic-gate }
1115*0Sstevel@tonic-gate
1116*0Sstevel@tonic-gate memset(&src_name_string, 0, sizeof (src_name_string));
1117*0Sstevel@tonic-gate if ((status = gss_display_name(&minor_status, gss_name,
1118*0Sstevel@tonic-gate &src_name_string, NULL)) != GSS_S_COMPLETE) {
1119*0Sstevel@tonic-gate printf(gettext("could not display src name: "
1120*0Sstevel@tonic-gate "err (octal) %o (%s)\n"), status,
1121*0Sstevel@tonic-gate "gss_init_sec_context error");
1122*0Sstevel@tonic-gate accept_sec_context_phase = 0;
1123*0Sstevel@tonic-gate status = kgss_delete_sec_context(&minor_status,
1124*0Sstevel@tonic-gate &acceptor_context_handle,
1125*0Sstevel@tonic-gate &output_token);
1126*0Sstevel@tonic-gate gss_release_buffer(&minor_status, &accept_token_buffer);
1127*0Sstevel@tonic-gate if (status == GSS_S_CONTINUE_NEEDED)
1128*0Sstevel@tonic-gate gss_release_buffer(&minor_status,
1129*0Sstevel@tonic-gate &init_token_buffer);
1130*0Sstevel@tonic-gate gss_release_buffer(&minor_status, &src_name);
1131*0Sstevel@tonic-gate return;
1132*0Sstevel@tonic-gate }
1133*0Sstevel@tonic-gate printf(gettext("src name = %s\n"), src_name_string.value);
1134*0Sstevel@tonic-gate gss_release_name(&minor_status, &gss_name);
1135*0Sstevel@tonic-gate gss_release_buffer(&minor_status, &src_name_string);
1136*0Sstevel@tonic-gate gss_release_buffer(&minor_status, &src_name);
1137*0Sstevel@tonic-gate
1138*0Sstevel@tonic-gate /* print out the mechanism type */
1139*0Sstevel@tonic-gate
1140*0Sstevel@tonic-gate if ((string = gss_oid2str(mech_type)) == 0) {
1141*0Sstevel@tonic-gate
1142*0Sstevel@tonic-gate printf(gettext(
1143*0Sstevel@tonic-gate "gssapi internal err :"
1144*0Sstevel@tonic-gate " actual mech type null\n"));
1145*0Sstevel@tonic-gate accept_sec_context_phase = 0;
1146*0Sstevel@tonic-gate status = kgss_delete_sec_context(&minor_status,
1147*0Sstevel@tonic-gate &acceptor_context_handle,
1148*0Sstevel@tonic-gate &output_token);
1149*0Sstevel@tonic-gate gss_release_buffer(&minor_status, &accept_token_buffer);
1150*0Sstevel@tonic-gate if (status == GSS_S_CONTINUE_NEEDED)
1151*0Sstevel@tonic-gate gss_release_buffer(&minor_status,
1152*0Sstevel@tonic-gate &init_token_buffer);
1153*0Sstevel@tonic-gate return;
1154*0Sstevel@tonic-gate } else {
1155*0Sstevel@tonic-gate
1156*0Sstevel@tonic-gate printf(gettext("actual mech type = %s\n\n"), string);
1157*0Sstevel@tonic-gate FREE(string, (mech_type->length+1)*4+1);
1158*0Sstevel@tonic-gate }
1159*0Sstevel@tonic-gate
1160*0Sstevel@tonic-gate /* Save and restore the context */
1161*0Sstevel@tonic-gate status = kgss_export_sec_context(&minor_status,
1162*0Sstevel@tonic-gate &initiator_context_handle,
1163*0Sstevel@tonic-gate &context_token);
1164*0Sstevel@tonic-gate if (status != GSS_S_COMPLETE) {
1165*0Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"),
1166*0Sstevel@tonic-gate status, gettext("gss_export_sec_context_error"));
1167*0Sstevel@tonic-gate return;
1168*0Sstevel@tonic-gate }
1169*0Sstevel@tonic-gate status = kgss_import_sec_context(&minor_status,
1170*0Sstevel@tonic-gate &context_token,
1171*0Sstevel@tonic-gate &initiator_context_handle);
1172*0Sstevel@tonic-gate if (status != GSS_S_COMPLETE) {
1173*0Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"),
1174*0Sstevel@tonic-gate status, gettext("gss_import_sec_context_error"));
1175*0Sstevel@tonic-gate return;
1176*0Sstevel@tonic-gate }
1177*0Sstevel@tonic-gate (void) gss_release_buffer(&minor_status, &context_token);
1178*0Sstevel@tonic-gate
1179*0Sstevel@tonic-gate /* gss_export & gss_import secxc_context worked, return */
1180*0Sstevel@tonic-gate
1181*0Sstevel@tonic-gate /* print out value of ret_flags and time_req */
1182*0Sstevel@tonic-gate
1183*0Sstevel@tonic-gate if (ret_flags & GSS_C_DELEG_FLAG)
1184*0Sstevel@tonic-gate printf(gettext("GSS_C_DELEG_FLAG = True\n"));
1185*0Sstevel@tonic-gate else
1186*0Sstevel@tonic-gate printf(gettext("GSS_C_DELEG_FLAG = False\n"));
1187*0Sstevel@tonic-gate
1188*0Sstevel@tonic-gate if (ret_flags & GSS_C_MUTUAL_FLAG)
1189*0Sstevel@tonic-gate printf(gettext("GSS_C_MUTUAL_FLAG = True\n"));
1190*0Sstevel@tonic-gate else
1191*0Sstevel@tonic-gate printf(gettext("GSS_C_MUTUAL_FLAG = False\n"));
1192*0Sstevel@tonic-gate
1193*0Sstevel@tonic-gate if (ret_flags & GSS_C_REPLAY_FLAG)
1194*0Sstevel@tonic-gate printf(gettext("GSS_C_REPLAY_FLAG = True\n"));
1195*0Sstevel@tonic-gate else
1196*0Sstevel@tonic-gate printf(gettext("GSS_C_REPLAY_FLAG = False\n"));
1197*0Sstevel@tonic-gate
1198*0Sstevel@tonic-gate if (ret_flags & GSS_C_SEQUENCE_FLAG)
1199*0Sstevel@tonic-gate printf(gettext("GSS_C_SEQUENCE_FLAG = True\n"));
1200*0Sstevel@tonic-gate else
1201*0Sstevel@tonic-gate printf(gettext("GSS_C_SEQUENCE_FLAG = False\n"));
1202*0Sstevel@tonic-gate
1203*0Sstevel@tonic-gate if (ret_flags & GSS_C_CONF_FLAG)
1204*0Sstevel@tonic-gate printf(gettext("GSS_C_CONF_FLAG = True\n"));
1205*0Sstevel@tonic-gate else
1206*0Sstevel@tonic-gate printf(gettext("GSS_C_CONF_FLAG = False\n"));
1207*0Sstevel@tonic-gate
1208*0Sstevel@tonic-gate if (ret_flags & GSS_C_INTEG_FLAG)
1209*0Sstevel@tonic-gate printf(gettext("GSS_C_INTEG_FLAG = True\n\n"));
1210*0Sstevel@tonic-gate else
1211*0Sstevel@tonic-gate printf(gettext("GSS_C_INTEG_FLAG = False\n\n"));
1212*0Sstevel@tonic-gate
1213*0Sstevel@tonic-gate printf(gettext("time_rec = %d seconds\n\n"), time_rec);
1214*0Sstevel@tonic-gate
1215*0Sstevel@tonic-gate /* free allocated memory */
1216*0Sstevel@tonic-gate
1217*0Sstevel@tonic-gate printf(gettext("\nexport and import of contexts succeeded\n"));
1218*0Sstevel@tonic-gate
1219*0Sstevel@tonic-gate FREE(mech_type->elements, mech_type->length);
1220*0Sstevel@tonic-gate FREE(mech_type, sizeof (gss_OID_desc));
1221*0Sstevel@tonic-gate } else {
1222*0Sstevel@tonic-gate printf(gettext("\nfirst phase of accept succeeded"));
1223*0Sstevel@tonic-gate printf(gettext("\naccept must be called again\n\n"));
1224*0Sstevel@tonic-gate }
1225*0Sstevel@tonic-gate
1226*0Sstevel@tonic-gate
1227*0Sstevel@tonic-gate /* free the input token in accept_token_buffer */
1228*0Sstevel@tonic-gate gss_release_buffer(&minor_status, &accept_token_buffer);
1229*0Sstevel@tonic-gate
1230*0Sstevel@tonic-gate /* if status == GSS_S_COMPLETE, reset the phase to 0 */
1231*0Sstevel@tonic-gate
1232*0Sstevel@tonic-gate if (status == GSS_S_COMPLETE)
1233*0Sstevel@tonic-gate accept_sec_context_phase = 0;
1234*0Sstevel@tonic-gate
1235*0Sstevel@tonic-gate /* gss_accept_sec_context worked, return */
1236*0Sstevel@tonic-gate }
1237*0Sstevel@tonic-gate
1238*0Sstevel@tonic-gate void
_gss_process_context_token(argc,argv)1239*0Sstevel@tonic-gate _gss_process_context_token(argc, argv)
1240*0Sstevel@tonic-gate int argc;
1241*0Sstevel@tonic-gate char **argv;
1242*0Sstevel@tonic-gate {
1243*0Sstevel@tonic-gate OM_UINT32 status;
1244*0Sstevel@tonic-gate
1245*0Sstevel@tonic-gate gss_ctx_id_t context_handle;
1246*0Sstevel@tonic-gate OM_uint32 minor_status;
1247*0Sstevel@tonic-gate uid_t uid;
1248*0Sstevel@tonic-gate
1249*0Sstevel@tonic-gate uid = (uid_t) getuid();
1250*0Sstevel@tonic-gate
1251*0Sstevel@tonic-gate /* parse the command line to determine the variable input argument */
1252*0Sstevel@tonic-gate
1253*0Sstevel@tonic-gate if (argc == 0) {
1254*0Sstevel@tonic-gate usage();
1255*0Sstevel@tonic-gate return;
1256*0Sstevel@tonic-gate }
1257*0Sstevel@tonic-gate
1258*0Sstevel@tonic-gate if (strcmp(argv[0], "initiator") == 0)
1259*0Sstevel@tonic-gate context_handle = initiator_context_handle;
1260*0Sstevel@tonic-gate else if (strcmp(argv[0], "acceptor") == 0)
1261*0Sstevel@tonic-gate context_handle = acceptor_context_handle;
1262*0Sstevel@tonic-gate else {
1263*0Sstevel@tonic-gate printf(gettext(
1264*0Sstevel@tonic-gate "must specify either \"initiator\" or \"acceptor\"\n"));
1265*0Sstevel@tonic-gate return;
1266*0Sstevel@tonic-gate }
1267*0Sstevel@tonic-gate
1268*0Sstevel@tonic-gate argc--;
1269*0Sstevel@tonic-gate argv++;
1270*0Sstevel@tonic-gate
1271*0Sstevel@tonic-gate if (argc != 0) {
1272*0Sstevel@tonic-gate usage();
1273*0Sstevel@tonic-gate return;
1274*0Sstevel@tonic-gate }
1275*0Sstevel@tonic-gate
1276*0Sstevel@tonic-gate status = kgss_process_context_token(&minor_status,
1277*0Sstevel@tonic-gate context_handle,
1278*0Sstevel@tonic-gate delete_token_buffer,
1279*0Sstevel@tonic-gate uid);
1280*0Sstevel@tonic-gate
1281*0Sstevel@tonic-gate /* store major and minor status for gss_display_status() call */
1282*0Sstevel@tonic-gate
1283*0Sstevel@tonic-gate gss_major_code = status;
1284*0Sstevel@tonic-gate gss_minor_code = minor_status;
1285*0Sstevel@tonic-gate
1286*0Sstevel@tonic-gate if (status != GSS_S_COMPLETE) {
1287*0Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"),
1288*0Sstevel@tonic-gate status, gettext("gss_process_context_token error"));
1289*0Sstevel@tonic-gate return;
1290*0Sstevel@tonic-gate
1291*0Sstevel@tonic-gate } else {
1292*0Sstevel@tonic-gate printf(gettext("\nprocess succeeded\n\n"));
1293*0Sstevel@tonic-gate return;
1294*0Sstevel@tonic-gate }
1295*0Sstevel@tonic-gate }
1296*0Sstevel@tonic-gate
1297*0Sstevel@tonic-gate static void
_gss_delete_sec_context(argc,argv)1298*0Sstevel@tonic-gate _gss_delete_sec_context(argc, argv)
1299*0Sstevel@tonic-gate int argc;
1300*0Sstevel@tonic-gate char **argv;
1301*0Sstevel@tonic-gate {
1302*0Sstevel@tonic-gate OM_UINT32 status;
1303*0Sstevel@tonic-gate gss_ctx_id_t *context_handle;
1304*0Sstevel@tonic-gate OM_uint32 minor_status;
1305*0Sstevel@tonic-gate uid_t uid;
1306*0Sstevel@tonic-gate
1307*0Sstevel@tonic-gate uid = (uid_t) getuid();
1308*0Sstevel@tonic-gate
1309*0Sstevel@tonic-gate /* parse the command line to determine the variable input argument */
1310*0Sstevel@tonic-gate
1311*0Sstevel@tonic-gate if (argc == 0) {
1312*0Sstevel@tonic-gate usage();
1313*0Sstevel@tonic-gate return;
1314*0Sstevel@tonic-gate }
1315*0Sstevel@tonic-gate
1316*0Sstevel@tonic-gate if (strcmp(argv[0], "initiator") == 0) {
1317*0Sstevel@tonic-gate context_handle = &initiator_context_handle;
1318*0Sstevel@tonic-gate } else if (strcmp(argv[0], "acceptor") == 0) {
1319*0Sstevel@tonic-gate context_handle = &acceptor_context_handle;
1320*0Sstevel@tonic-gate } else {
1321*0Sstevel@tonic-gate printf(gettext(
1322*0Sstevel@tonic-gate "must specify either \"initiator\" or \"acceptor\"\n"));
1323*0Sstevel@tonic-gate return;
1324*0Sstevel@tonic-gate }
1325*0Sstevel@tonic-gate
1326*0Sstevel@tonic-gate argc--;
1327*0Sstevel@tonic-gate argv++;
1328*0Sstevel@tonic-gate
1329*0Sstevel@tonic-gate if (argc != 0) {
1330*0Sstevel@tonic-gate usage();
1331*0Sstevel@tonic-gate return;
1332*0Sstevel@tonic-gate }
1333*0Sstevel@tonic-gate
1334*0Sstevel@tonic-gate
1335*0Sstevel@tonic-gate status = kgss_delete_sec_context(&minor_status,
1336*0Sstevel@tonic-gate context_handle,
1337*0Sstevel@tonic-gate &delete_token_buffer);
1338*0Sstevel@tonic-gate
1339*0Sstevel@tonic-gate
1340*0Sstevel@tonic-gate /* store major and minor status for gss_display_status() call */
1341*0Sstevel@tonic-gate
1342*0Sstevel@tonic-gate gss_major_code = status;
1343*0Sstevel@tonic-gate gss_minor_code = minor_status;
1344*0Sstevel@tonic-gate
1345*0Sstevel@tonic-gate if (status != GSS_S_COMPLETE) {
1346*0Sstevel@tonic-gate
1347*0Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"),
1348*0Sstevel@tonic-gate status, gettext("gss_delete_sec_context error"));
1349*0Sstevel@tonic-gate return;
1350*0Sstevel@tonic-gate
1351*0Sstevel@tonic-gate } else {
1352*0Sstevel@tonic-gate printf(gettext("\ndelete succeeded\n\n"));
1353*0Sstevel@tonic-gate return;
1354*0Sstevel@tonic-gate }
1355*0Sstevel@tonic-gate }
1356*0Sstevel@tonic-gate
1357*0Sstevel@tonic-gate /*ARGSUSED*/
1358*0Sstevel@tonic-gate static void
_gss_context_time(argc,argv)1359*0Sstevel@tonic-gate _gss_context_time(argc, argv)
1360*0Sstevel@tonic-gate int argc;
1361*0Sstevel@tonic-gate char **argv;
1362*0Sstevel@tonic-gate {
1363*0Sstevel@tonic-gate /*
1364*0Sstevel@tonic-gate * set up input arguments here
1365*0Sstevel@tonic-gate * this function is unimplemented. Call usage() and return
1366*0Sstevel@tonic-gate */
1367*0Sstevel@tonic-gate
1368*0Sstevel@tonic-gate printf(gettext("\nunimplemented function"));
1369*0Sstevel@tonic-gate }
1370*0Sstevel@tonic-gate
1371*0Sstevel@tonic-gate static void
_gss_sign(argc,argv)1372*0Sstevel@tonic-gate _gss_sign(argc, argv)
1373*0Sstevel@tonic-gate int argc;
1374*0Sstevel@tonic-gate char **argv;
1375*0Sstevel@tonic-gate {
1376*0Sstevel@tonic-gate OM_UINT32 status;
1377*0Sstevel@tonic-gate OM_uint32 minor_status;
1378*0Sstevel@tonic-gate gss_ctx_id_t context_handle;
1379*0Sstevel@tonic-gate int qop_req;
1380*0Sstevel@tonic-gate uid_t uid;
1381*0Sstevel@tonic-gate
1382*0Sstevel@tonic-gate uid = (uid_t) getuid();
1383*0Sstevel@tonic-gate
1384*0Sstevel@tonic-gate /* specify the default quality of protection */
1385*0Sstevel@tonic-gate
1386*0Sstevel@tonic-gate qop_req = GSS_C_QOP_DEFAULT;
1387*0Sstevel@tonic-gate
1388*0Sstevel@tonic-gate /* set up the arguments specified in the input parameters */
1389*0Sstevel@tonic-gate
1390*0Sstevel@tonic-gate if (argc == 0) {
1391*0Sstevel@tonic-gate usage();
1392*0Sstevel@tonic-gate return;
1393*0Sstevel@tonic-gate }
1394*0Sstevel@tonic-gate
1395*0Sstevel@tonic-gate
1396*0Sstevel@tonic-gate if (strcmp(argv[0], "initiator") == 0)
1397*0Sstevel@tonic-gate context_handle = initiator_context_handle;
1398*0Sstevel@tonic-gate else if (strcmp(argv[0], "acceptor") == 0)
1399*0Sstevel@tonic-gate context_handle = acceptor_context_handle;
1400*0Sstevel@tonic-gate else {
1401*0Sstevel@tonic-gate printf(gettext(
1402*0Sstevel@tonic-gate "must specify either \"initiator\" or \"acceptor\"\n"));
1403*0Sstevel@tonic-gate return;
1404*0Sstevel@tonic-gate }
1405*0Sstevel@tonic-gate
1406*0Sstevel@tonic-gate argc--;
1407*0Sstevel@tonic-gate argv++;
1408*0Sstevel@tonic-gate
1409*0Sstevel@tonic-gate if (argc == 0) {
1410*0Sstevel@tonic-gate usage();
1411*0Sstevel@tonic-gate return;
1412*0Sstevel@tonic-gate }
1413*0Sstevel@tonic-gate
1414*0Sstevel@tonic-gate message_buffer.length = strlen(argv[0])+1;
1415*0Sstevel@tonic-gate message_buffer.value = (void *) MALLOC(message_buffer.length);
1416*0Sstevel@tonic-gate strcpy(message_buffer.value, argv[0]);
1417*0Sstevel@tonic-gate
1418*0Sstevel@tonic-gate argc--;
1419*0Sstevel@tonic-gate argv++;
1420*0Sstevel@tonic-gate
1421*0Sstevel@tonic-gate if (argc != 0) {
1422*0Sstevel@tonic-gate usage();
1423*0Sstevel@tonic-gate return;
1424*0Sstevel@tonic-gate }
1425*0Sstevel@tonic-gate
1426*0Sstevel@tonic-gate status = kgss_sign(&minor_status,
1427*0Sstevel@tonic-gate context_handle,
1428*0Sstevel@tonic-gate qop_req,
1429*0Sstevel@tonic-gate &message_buffer,
1430*0Sstevel@tonic-gate &msg_token,
1431*0Sstevel@tonic-gate uid);
1432*0Sstevel@tonic-gate
1433*0Sstevel@tonic-gate /* store major and minor status for gss_display_status() call */
1434*0Sstevel@tonic-gate
1435*0Sstevel@tonic-gate gss_major_code = status;
1436*0Sstevel@tonic-gate gss_minor_code = minor_status;
1437*0Sstevel@tonic-gate
1438*0Sstevel@tonic-gate if (status != GSS_S_COMPLETE) {
1439*0Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"),
1440*0Sstevel@tonic-gate status, gettext("gss_sign error"));
1441*0Sstevel@tonic-gate return;
1442*0Sstevel@tonic-gate
1443*0Sstevel@tonic-gate } else {
1444*0Sstevel@tonic-gate printf(gettext("\nsign succeeded\n\n"));
1445*0Sstevel@tonic-gate return;
1446*0Sstevel@tonic-gate }
1447*0Sstevel@tonic-gate }
1448*0Sstevel@tonic-gate
1449*0Sstevel@tonic-gate static void
_gss_verify(argc,argv)1450*0Sstevel@tonic-gate _gss_verify(argc, argv)
1451*0Sstevel@tonic-gate int argc;
1452*0Sstevel@tonic-gate char **argv;
1453*0Sstevel@tonic-gate {
1454*0Sstevel@tonic-gate OM_UINT32 status, minor_status;
1455*0Sstevel@tonic-gate gss_ctx_id_t context_handle;
1456*0Sstevel@tonic-gate int qop_state;
1457*0Sstevel@tonic-gate uid_t uid;
1458*0Sstevel@tonic-gate
1459*0Sstevel@tonic-gate uid = (uid_t) getuid();
1460*0Sstevel@tonic-gate
1461*0Sstevel@tonic-gate /* set up the arguments specified in the input parameters */
1462*0Sstevel@tonic-gate
1463*0Sstevel@tonic-gate if (argc == 0) {
1464*0Sstevel@tonic-gate usage();
1465*0Sstevel@tonic-gate return;
1466*0Sstevel@tonic-gate }
1467*0Sstevel@tonic-gate
1468*0Sstevel@tonic-gate
1469*0Sstevel@tonic-gate if (strcmp(argv[0], "initiator") == 0)
1470*0Sstevel@tonic-gate context_handle = initiator_context_handle;
1471*0Sstevel@tonic-gate else if (strcmp(argv[0], "acceptor") == 0)
1472*0Sstevel@tonic-gate context_handle = acceptor_context_handle;
1473*0Sstevel@tonic-gate else {
1474*0Sstevel@tonic-gate printf(gettext(
1475*0Sstevel@tonic-gate "must specify either \"initiator\" or \"acceptor\"\n"));
1476*0Sstevel@tonic-gate return;
1477*0Sstevel@tonic-gate }
1478*0Sstevel@tonic-gate
1479*0Sstevel@tonic-gate argc--;
1480*0Sstevel@tonic-gate argv++;
1481*0Sstevel@tonic-gate
1482*0Sstevel@tonic-gate if (argc != 0) {
1483*0Sstevel@tonic-gate usage();
1484*0Sstevel@tonic-gate return;
1485*0Sstevel@tonic-gate }
1486*0Sstevel@tonic-gate
1487*0Sstevel@tonic-gate status = kgss_verify(&minor_status,
1488*0Sstevel@tonic-gate context_handle,
1489*0Sstevel@tonic-gate &message_buffer,
1490*0Sstevel@tonic-gate &msg_token,
1491*0Sstevel@tonic-gate &qop_state,
1492*0Sstevel@tonic-gate uid);
1493*0Sstevel@tonic-gate
1494*0Sstevel@tonic-gate /* store major and minor status for gss_display_status() call */
1495*0Sstevel@tonic-gate
1496*0Sstevel@tonic-gate gss_major_code = status;
1497*0Sstevel@tonic-gate gss_minor_code = minor_status;
1498*0Sstevel@tonic-gate
1499*0Sstevel@tonic-gate if (status != GSS_S_COMPLETE) {
1500*0Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"),
1501*0Sstevel@tonic-gate status, gettext("gss_verify error"));
1502*0Sstevel@tonic-gate return;
1503*0Sstevel@tonic-gate } else {
1504*0Sstevel@tonic-gate
1505*0Sstevel@tonic-gate /* print out the verified message */
1506*0Sstevel@tonic-gate
1507*0Sstevel@tonic-gate printf(gettext(
1508*0Sstevel@tonic-gate "verified message = \"%s\"\n\n"), message_buffer.value);
1509*0Sstevel@tonic-gate
1510*0Sstevel@tonic-gate /* print out the quality of protection returned */
1511*0Sstevel@tonic-gate
1512*0Sstevel@tonic-gate printf(gettext("quality of protection = %d \n\n"), qop_state);
1513*0Sstevel@tonic-gate
1514*0Sstevel@tonic-gate /* free the message buffer and message token and return */
1515*0Sstevel@tonic-gate
1516*0Sstevel@tonic-gate gss_release_buffer(&minor_status, &message_buffer);
1517*0Sstevel@tonic-gate gss_release_buffer(&minor_status, &msg_token);
1518*0Sstevel@tonic-gate
1519*0Sstevel@tonic-gate return;
1520*0Sstevel@tonic-gate }
1521*0Sstevel@tonic-gate }
1522*0Sstevel@tonic-gate
1523*0Sstevel@tonic-gate /* EXPORT DELETE START */
1524*0Sstevel@tonic-gate static void
_gss_seal(argc,argv)1525*0Sstevel@tonic-gate _gss_seal(argc, argv)
1526*0Sstevel@tonic-gate int argc;
1527*0Sstevel@tonic-gate char **argv;
1528*0Sstevel@tonic-gate {
1529*0Sstevel@tonic-gate OM_UINT32 status;
1530*0Sstevel@tonic-gate
1531*0Sstevel@tonic-gate OM_uint32 minor_status;
1532*0Sstevel@tonic-gate gss_ctx_id_t context_handle;
1533*0Sstevel@tonic-gate int conf_req_flag;
1534*0Sstevel@tonic-gate int qop_req;
1535*0Sstevel@tonic-gate gss_buffer_desc input_message_buffer;
1536*0Sstevel@tonic-gate int conf_state;
1537*0Sstevel@tonic-gate uid_t uid;
1538*0Sstevel@tonic-gate
1539*0Sstevel@tonic-gate uid = (uid_t) getuid();
1540*0Sstevel@tonic-gate
1541*0Sstevel@tonic-gate /*
1542*0Sstevel@tonic-gate * specify the default confidentiality requested (both integrity
1543*0Sstevel@tonic-gate * and confidentiality) and quality of protection
1544*0Sstevel@tonic-gate */
1545*0Sstevel@tonic-gate
1546*0Sstevel@tonic-gate conf_req_flag = 1;
1547*0Sstevel@tonic-gate qop_req = GSS_C_QOP_DEFAULT;
1548*0Sstevel@tonic-gate
1549*0Sstevel@tonic-gate /* set up the arguments specified in the input parameters */
1550*0Sstevel@tonic-gate
1551*0Sstevel@tonic-gate if (argc == 0) {
1552*0Sstevel@tonic-gate usage();
1553*0Sstevel@tonic-gate return;
1554*0Sstevel@tonic-gate }
1555*0Sstevel@tonic-gate
1556*0Sstevel@tonic-gate
1557*0Sstevel@tonic-gate if (strcmp(argv[0], "initiator") == 0)
1558*0Sstevel@tonic-gate context_handle = initiator_context_handle;
1559*0Sstevel@tonic-gate else if (strcmp(argv[0], "acceptor") == 0)
1560*0Sstevel@tonic-gate context_handle = acceptor_context_handle;
1561*0Sstevel@tonic-gate else {
1562*0Sstevel@tonic-gate printf(gettext(
1563*0Sstevel@tonic-gate "must specify either \"initiator\" or \"acceptor\"\n"));
1564*0Sstevel@tonic-gate return;
1565*0Sstevel@tonic-gate }
1566*0Sstevel@tonic-gate
1567*0Sstevel@tonic-gate argc--;
1568*0Sstevel@tonic-gate argv++;
1569*0Sstevel@tonic-gate
1570*0Sstevel@tonic-gate if (argc == 0) {
1571*0Sstevel@tonic-gate usage();
1572*0Sstevel@tonic-gate return;
1573*0Sstevel@tonic-gate }
1574*0Sstevel@tonic-gate
1575*0Sstevel@tonic-gate
1576*0Sstevel@tonic-gate input_message_buffer.length = strlen(argv[0])+1;
1577*0Sstevel@tonic-gate input_message_buffer.value =
1578*0Sstevel@tonic-gate (void *) MALLOC(input_message_buffer.length);
1579*0Sstevel@tonic-gate strcpy(input_message_buffer.value, argv[0]);
1580*0Sstevel@tonic-gate
1581*0Sstevel@tonic-gate argc--;
1582*0Sstevel@tonic-gate argv++;
1583*0Sstevel@tonic-gate
1584*0Sstevel@tonic-gate if (argc != 0) {
1585*0Sstevel@tonic-gate usage();
1586*0Sstevel@tonic-gate return;
1587*0Sstevel@tonic-gate }
1588*0Sstevel@tonic-gate
1589*0Sstevel@tonic-gate status = kgss_seal(&minor_status,
1590*0Sstevel@tonic-gate context_handle,
1591*0Sstevel@tonic-gate conf_req_flag,
1592*0Sstevel@tonic-gate qop_req,
1593*0Sstevel@tonic-gate &input_message_buffer,
1594*0Sstevel@tonic-gate &conf_state,
1595*0Sstevel@tonic-gate &message_buffer,
1596*0Sstevel@tonic-gate uid);
1597*0Sstevel@tonic-gate
1598*0Sstevel@tonic-gate /* store major and minor status for gss_display_status() call */
1599*0Sstevel@tonic-gate
1600*0Sstevel@tonic-gate gss_major_code = status;
1601*0Sstevel@tonic-gate gss_minor_code = minor_status;
1602*0Sstevel@tonic-gate
1603*0Sstevel@tonic-gate /* free the inputmessage buffer */
1604*0Sstevel@tonic-gate
1605*0Sstevel@tonic-gate gss_release_buffer(&minor_status, &input_message_buffer);
1606*0Sstevel@tonic-gate
1607*0Sstevel@tonic-gate if (status != GSS_S_COMPLETE) {
1608*0Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"),
1609*0Sstevel@tonic-gate status, gettext("gss_seal error"));
1610*0Sstevel@tonic-gate return;
1611*0Sstevel@tonic-gate } else {
1612*0Sstevel@tonic-gate printf(gettext("\nseal succeeded\n\n"));
1613*0Sstevel@tonic-gate return;
1614*0Sstevel@tonic-gate }
1615*0Sstevel@tonic-gate }
1616*0Sstevel@tonic-gate
1617*0Sstevel@tonic-gate static void
_gss_unseal(argc,argv)1618*0Sstevel@tonic-gate _gss_unseal(argc, argv)
1619*0Sstevel@tonic-gate int argc;
1620*0Sstevel@tonic-gate char **argv;
1621*0Sstevel@tonic-gate {
1622*0Sstevel@tonic-gate OM_UINT32 status;
1623*0Sstevel@tonic-gate
1624*0Sstevel@tonic-gate OM_uint32 minor_status;
1625*0Sstevel@tonic-gate gss_ctx_id_t context_handle;
1626*0Sstevel@tonic-gate gss_buffer_desc output_message_buffer;
1627*0Sstevel@tonic-gate int conf_state;
1628*0Sstevel@tonic-gate int qop_state;
1629*0Sstevel@tonic-gate uid_t uid;
1630*0Sstevel@tonic-gate
1631*0Sstevel@tonic-gate uid = (uid_t) getuid();
1632*0Sstevel@tonic-gate
1633*0Sstevel@tonic-gate /* set up the arguments specified in the input parameters */
1634*0Sstevel@tonic-gate
1635*0Sstevel@tonic-gate if (argc == 0) {
1636*0Sstevel@tonic-gate usage();
1637*0Sstevel@tonic-gate return;
1638*0Sstevel@tonic-gate }
1639*0Sstevel@tonic-gate
1640*0Sstevel@tonic-gate
1641*0Sstevel@tonic-gate if (strcmp(argv[0], "initiator") == 0)
1642*0Sstevel@tonic-gate context_handle = initiator_context_handle;
1643*0Sstevel@tonic-gate else if (strcmp(argv[0], "acceptor") == 0)
1644*0Sstevel@tonic-gate context_handle = acceptor_context_handle;
1645*0Sstevel@tonic-gate else {
1646*0Sstevel@tonic-gate printf(gettext(
1647*0Sstevel@tonic-gate "must specify either \"initiator\" or \"acceptor\"\n"));
1648*0Sstevel@tonic-gate return;
1649*0Sstevel@tonic-gate }
1650*0Sstevel@tonic-gate
1651*0Sstevel@tonic-gate argc--;
1652*0Sstevel@tonic-gate argv++;
1653*0Sstevel@tonic-gate
1654*0Sstevel@tonic-gate if (argc != 0) {
1655*0Sstevel@tonic-gate usage();
1656*0Sstevel@tonic-gate return;
1657*0Sstevel@tonic-gate }
1658*0Sstevel@tonic-gate
1659*0Sstevel@tonic-gate status = kgss_unseal(&minor_status,
1660*0Sstevel@tonic-gate context_handle,
1661*0Sstevel@tonic-gate &message_buffer,
1662*0Sstevel@tonic-gate &output_message_buffer,
1663*0Sstevel@tonic-gate &conf_state,
1664*0Sstevel@tonic-gate &qop_state,
1665*0Sstevel@tonic-gate uid);
1666*0Sstevel@tonic-gate
1667*0Sstevel@tonic-gate /* store major and minor status for gss_display_status() call */
1668*0Sstevel@tonic-gate
1669*0Sstevel@tonic-gate gss_major_code = status;
1670*0Sstevel@tonic-gate gss_minor_code = minor_status;
1671*0Sstevel@tonic-gate
1672*0Sstevel@tonic-gate if (status == GSS_S_COMPLETE) {
1673*0Sstevel@tonic-gate printf(gettext("\nunseal succeeded\n\n"));
1674*0Sstevel@tonic-gate printf(gettext("unsealed message = \"%s\"\n\n"),
1675*0Sstevel@tonic-gate output_message_buffer.value);
1676*0Sstevel@tonic-gate if (conf_state)
1677*0Sstevel@tonic-gate printf(gettext("confidentiality and integrity used\n"));
1678*0Sstevel@tonic-gate else
1679*0Sstevel@tonic-gate printf(gettext("only integrity used\n"));
1680*0Sstevel@tonic-gate printf(gettext("quality of protection = %d\n\n"), qop_state);
1681*0Sstevel@tonic-gate gss_release_buffer(&minor_status, &output_message_buffer);
1682*0Sstevel@tonic-gate } else {
1683*0Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"),
1684*0Sstevel@tonic-gate status, gettext("gss_unseal error"));
1685*0Sstevel@tonic-gate }
1686*0Sstevel@tonic-gate
1687*0Sstevel@tonic-gate /* free the message buffer and return */
1688*0Sstevel@tonic-gate
1689*0Sstevel@tonic-gate gss_release_buffer(&minor_status, &message_buffer);
1690*0Sstevel@tonic-gate }
1691*0Sstevel@tonic-gate /* EXPORT DELETE END */
1692*0Sstevel@tonic-gate
1693*0Sstevel@tonic-gate static void
_gss_display_status(argc,argv)1694*0Sstevel@tonic-gate _gss_display_status(argc, argv)
1695*0Sstevel@tonic-gate int argc;
1696*0Sstevel@tonic-gate char **argv;
1697*0Sstevel@tonic-gate {
1698*0Sstevel@tonic-gate OM_UINT32 status;
1699*0Sstevel@tonic-gate OM_uint32 minor_status;
1700*0Sstevel@tonic-gate int status_type;
1701*0Sstevel@tonic-gate int status_value;
1702*0Sstevel@tonic-gate gss_OID mech_type = (gss_OID) 0;
1703*0Sstevel@tonic-gate int message_context;
1704*0Sstevel@tonic-gate gss_buffer_desc status_string;
1705*0Sstevel@tonic-gate uid_t uid;
1706*0Sstevel@tonic-gate
1707*0Sstevel@tonic-gate uid = (uid_t) getuid();
1708*0Sstevel@tonic-gate
1709*0Sstevel@tonic-gate /* initialize message context to zero */
1710*0Sstevel@tonic-gate
1711*0Sstevel@tonic-gate message_context = 0;
1712*0Sstevel@tonic-gate
1713*0Sstevel@tonic-gate if (argc == 0) {
1714*0Sstevel@tonic-gate printf(gettext("Assuming Kerberos V5 as the mechanism\n"));
1715*0Sstevel@tonic-gate printf(gettext(
1716*0Sstevel@tonic-gate "The mech OID 1.2.840.113554.1.2.2 will be used\n"));
1717*0Sstevel@tonic-gate mech_type = gss_str2oid((char *)GSS_KRB5_MECH_OID);
1718*0Sstevel@tonic-gate } else
1719*0Sstevel@tonic-gate mech_type = gss_str2oid(argv[0]);
1720*0Sstevel@tonic-gate
1721*0Sstevel@tonic-gate if (mech_type == 0 || mech_type->length == 0) {
1722*0Sstevel@tonic-gate printf(gettext("improperly formated mechanism OID\n"));
1723*0Sstevel@tonic-gate return;
1724*0Sstevel@tonic-gate }
1725*0Sstevel@tonic-gate
1726*0Sstevel@tonic-gate /* Is this call for the major or minor status? */
1727*0Sstevel@tonic-gate
1728*0Sstevel@tonic-gate if (strcmp(argv[0], "major") == 0) {
1729*0Sstevel@tonic-gate status_type = GSS_C_GSS_CODE;
1730*0Sstevel@tonic-gate status_value = gss_major_code;
1731*0Sstevel@tonic-gate } else if (strcmp(argv[0], "minor") == 0) {
1732*0Sstevel@tonic-gate status_type = GSS_C_MECH_CODE;
1733*0Sstevel@tonic-gate status_value = gss_minor_code;
1734*0Sstevel@tonic-gate } else {
1735*0Sstevel@tonic-gate printf(gettext("must specify either \"major\" or \"minor\"\n"));
1736*0Sstevel@tonic-gate return;
1737*0Sstevel@tonic-gate }
1738*0Sstevel@tonic-gate
1739*0Sstevel@tonic-gate argc--;
1740*0Sstevel@tonic-gate argv++;
1741*0Sstevel@tonic-gate
1742*0Sstevel@tonic-gate if (argc != 0) {
1743*0Sstevel@tonic-gate usage();
1744*0Sstevel@tonic-gate return;
1745*0Sstevel@tonic-gate }
1746*0Sstevel@tonic-gate
1747*0Sstevel@tonic-gate status = kgss_display_status(&minor_status,
1748*0Sstevel@tonic-gate status_value,
1749*0Sstevel@tonic-gate status_type,
1750*0Sstevel@tonic-gate mech_type,
1751*0Sstevel@tonic-gate &message_context,
1752*0Sstevel@tonic-gate &status_string,
1753*0Sstevel@tonic-gate uid);
1754*0Sstevel@tonic-gate
1755*0Sstevel@tonic-gate if (status == GSS_S_COMPLETE) {
1756*0Sstevel@tonic-gate printf(gettext("status =\n %s\n\n"), status_string.value);
1757*0Sstevel@tonic-gate } else if (status == GSS_S_BAD_MECH) {
1758*0Sstevel@tonic-gate printf(gettext("invalide mechanism OID\n\n"));
1759*0Sstevel@tonic-gate } else {
1760*0Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"),
1761*0Sstevel@tonic-gate status, gettext("gss_display_status error"));
1762*0Sstevel@tonic-gate }
1763*0Sstevel@tonic-gate }
1764*0Sstevel@tonic-gate
1765*0Sstevel@tonic-gate /*ARGSUSED*/
1766*0Sstevel@tonic-gate static void
_gss_indicate_mechs(argc,argv)1767*0Sstevel@tonic-gate _gss_indicate_mechs(argc, argv)
1768*0Sstevel@tonic-gate int argc;
1769*0Sstevel@tonic-gate char **argv;
1770*0Sstevel@tonic-gate {
1771*0Sstevel@tonic-gate OM_UINT32 status;
1772*0Sstevel@tonic-gate OM_UINT32 minor_status;
1773*0Sstevel@tonic-gate gss_OID_set oid_set = GSS_C_NULL_OID_SET;
1774*0Sstevel@tonic-gate uid_t uid;
1775*0Sstevel@tonic-gate
1776*0Sstevel@tonic-gate uid = (uid_t) getuid();
1777*0Sstevel@tonic-gate
1778*0Sstevel@tonic-gate /* set up input arguments here */
1779*0Sstevel@tonic-gate
1780*0Sstevel@tonic-gate if (argc != 0) {
1781*0Sstevel@tonic-gate usage();
1782*0Sstevel@tonic-gate return;
1783*0Sstevel@tonic-gate }
1784*0Sstevel@tonic-gate
1785*0Sstevel@tonic-gate status = kgss_indicate_mechs(&minor_status, &oid_set, uid);
1786*0Sstevel@tonic-gate
1787*0Sstevel@tonic-gate if (status == GSS_S_COMPLETE) {
1788*0Sstevel@tonic-gate int i;
1789*0Sstevel@tonic-gate char *string;
1790*0Sstevel@tonic-gate
1791*0Sstevel@tonic-gate printf(gettext("%d supported mechanism%s%s\n"), oid_set->count,
1792*0Sstevel@tonic-gate (oid_set->count == 1) ? "" : "s",
1793*0Sstevel@tonic-gate (oid_set->count > 0) ? ":" : "");
1794*0Sstevel@tonic-gate
1795*0Sstevel@tonic-gate for (i = 0; i < oid_set->count; i++) {
1796*0Sstevel@tonic-gate string = gss_oid2str(&oid_set->elements[i]);
1797*0Sstevel@tonic-gate printf(gettext("\t%s\n"), string);
1798*0Sstevel@tonic-gate FREE(string, ((oid_set->elements[i].length+1)*4)+1);
1799*0Sstevel@tonic-gate }
1800*0Sstevel@tonic-gate printf("\n");
1801*0Sstevel@tonic-gate
1802*0Sstevel@tonic-gate } else {
1803*0Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"),
1804*0Sstevel@tonic-gate status, gettext("gss_indicate_mechs error"));
1805*0Sstevel@tonic-gate }
1806*0Sstevel@tonic-gate
1807*0Sstevel@tonic-gate if (oid_set)
1808*0Sstevel@tonic-gate gss_release_oid_set_and_oids(&minor_status, &oid_set);
1809*0Sstevel@tonic-gate }
1810*0Sstevel@tonic-gate
1811*0Sstevel@tonic-gate /*ARGSUSED*/
1812*0Sstevel@tonic-gate static void
_gss_inquire_cred(argc,argv)1813*0Sstevel@tonic-gate _gss_inquire_cred(argc, argv)
1814*0Sstevel@tonic-gate int argc;
1815*0Sstevel@tonic-gate char **argv;
1816*0Sstevel@tonic-gate {
1817*0Sstevel@tonic-gate /* set up input arguments here */
1818*0Sstevel@tonic-gate
1819*0Sstevel@tonic-gate if (argc != 0) {
1820*0Sstevel@tonic-gate usage();
1821*0Sstevel@tonic-gate return;
1822*0Sstevel@tonic-gate }
1823*0Sstevel@tonic-gate
1824*0Sstevel@tonic-gate
1825*0Sstevel@tonic-gate /* this function is unimplemented. Call usage() and return */
1826*0Sstevel@tonic-gate
1827*0Sstevel@tonic-gate printf(gettext("\nUnsupported function"));
1828*0Sstevel@tonic-gate }
1829*0Sstevel@tonic-gate
1830*0Sstevel@tonic-gate static char hexChars[] = "0123456789ABCDEF";
1831*0Sstevel@tonic-gate
1832*0Sstevel@tonic-gate static void
_gssd_expname_to_unix_cred(argc,argv)1833*0Sstevel@tonic-gate _gssd_expname_to_unix_cred(argc, argv)
1834*0Sstevel@tonic-gate int argc;
1835*0Sstevel@tonic-gate char **argv;
1836*0Sstevel@tonic-gate {
1837*0Sstevel@tonic-gate OM_uint32 major;
1838*0Sstevel@tonic-gate gss_buffer_desc expName;
1839*0Sstevel@tonic-gate char krb5_root_name[] = "040100092A864886F712010202000000"
1840*0Sstevel@tonic-gate "25000A2A864886F71201020101726F6F744053554E534F46"
1841*0Sstevel@tonic-gate "542E454E472E53554E2E434F4D00";
1842*0Sstevel@tonic-gate unsigned char *byteStr, *hexStr;
1843*0Sstevel@tonic-gate uid_t uidOut, uidIn;
1844*0Sstevel@tonic-gate gid_t *gids, gidOut;
1845*0Sstevel@tonic-gate int gidsLen, i, newLen;
1846*0Sstevel@tonic-gate
1847*0Sstevel@tonic-gate /* set up the arguments */
1848*0Sstevel@tonic-gate uidIn = (uid_t) getuid();
1849*0Sstevel@tonic-gate
1850*0Sstevel@tonic-gate if (argc < 1) {
1851*0Sstevel@tonic-gate printf(gettext(
1852*0Sstevel@tonic-gate "Using principal name of root for krberos_v5\n"));
1853*0Sstevel@tonic-gate expName.value = (void*)krb5_root_name;
1854*0Sstevel@tonic-gate expName.length = strlen(krb5_root_name);
1855*0Sstevel@tonic-gate } else {
1856*0Sstevel@tonic-gate expName.value = (void*)argv[0];
1857*0Sstevel@tonic-gate expName.length = strlen(argv[0]);
1858*0Sstevel@tonic-gate }
1859*0Sstevel@tonic-gate
1860*0Sstevel@tonic-gate /* convert the name from hex to byte... */
1861*0Sstevel@tonic-gate hexStr = (unsigned char *)expName.value;
1862*0Sstevel@tonic-gate newLen = expName.length/2;
1863*0Sstevel@tonic-gate byteStr = (unsigned char *)MALLOC(newLen+1);
1864*0Sstevel@tonic-gate expName.value = (char *)byteStr;
1865*0Sstevel@tonic-gate for (i = 0; i < expName.length; i += 2) {
1866*0Sstevel@tonic-gate *byteStr = (strchr(hexChars, *hexStr++) - hexChars) << 4;
1867*0Sstevel@tonic-gate *byteStr += (strchr(hexChars, *hexStr++) - hexChars);
1868*0Sstevel@tonic-gate byteStr++;
1869*0Sstevel@tonic-gate }
1870*0Sstevel@tonic-gate expName.length = newLen;
1871*0Sstevel@tonic-gate
1872*0Sstevel@tonic-gate major = kgsscred_expname_to_unix_cred(&expName, &uidOut, &gidOut,
1873*0Sstevel@tonic-gate &gids, &gidsLen, uidIn);
1874*0Sstevel@tonic-gate
1875*0Sstevel@tonic-gate FREE(expName.value, newLen);
1876*0Sstevel@tonic-gate
1877*0Sstevel@tonic-gate if (major == GSS_S_COMPLETE) {
1878*0Sstevel@tonic-gate printf(gettext("uid = <%d>\tgid = <%d>\t"), uidOut, gidOut);
1879*0Sstevel@tonic-gate if (gidsLen > 0)
1880*0Sstevel@tonic-gate printf(gettext(" %d gids <"), gidsLen);
1881*0Sstevel@tonic-gate else
1882*0Sstevel@tonic-gate printf(gettext(
1883*0Sstevel@tonic-gate " no supplementary group information\n"));
1884*0Sstevel@tonic-gate for (i = 0; i < gidsLen; i++)
1885*0Sstevel@tonic-gate printf(" %d ", gids[i]);
1886*0Sstevel@tonic-gate if (gidsLen > 0) {
1887*0Sstevel@tonic-gate printf(">\n");
1888*0Sstevel@tonic-gate FREE(gids, gidsLen * sizeof (gid_t));
1889*0Sstevel@tonic-gate }
1890*0Sstevel@tonic-gate } else {
1891*0Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"),
1892*0Sstevel@tonic-gate major, gettext("gsscred_expname_to_unix_cred"));
1893*0Sstevel@tonic-gate }
1894*0Sstevel@tonic-gate }
1895*0Sstevel@tonic-gate
1896*0Sstevel@tonic-gate static void
_gssd_name_to_unix_cred(argc,argv)1897*0Sstevel@tonic-gate _gssd_name_to_unix_cred(argc, argv)
1898*0Sstevel@tonic-gate int argc;
1899*0Sstevel@tonic-gate char **argv;
1900*0Sstevel@tonic-gate {
1901*0Sstevel@tonic-gate OM_uint32 major, minor;
1902*0Sstevel@tonic-gate gss_name_t gssName;
1903*0Sstevel@tonic-gate gss_buffer_desc gssBuf = GSS_C_EMPTY_BUFFER;
1904*0Sstevel@tonic-gate int gidsLen, i;
1905*0Sstevel@tonic-gate gid_t *gids, gidOut;
1906*0Sstevel@tonic-gate uid_t uidOut, uid;
1907*0Sstevel@tonic-gate char defaultPrincipal[] = "root";
1908*0Sstevel@tonic-gate gss_OID mechType, nameType;
1909*0Sstevel@tonic-gate
1910*0Sstevel@tonic-gate uid = getuid();
1911*0Sstevel@tonic-gate
1912*0Sstevel@tonic-gate /* optional argument 1 - contains principal name */
1913*0Sstevel@tonic-gate if (argc > 0) {
1914*0Sstevel@tonic-gate gssBuf.value = (void *)argv[0];
1915*0Sstevel@tonic-gate gssBuf.length = strlen((char *)argv[0]);
1916*0Sstevel@tonic-gate } else {
1917*0Sstevel@tonic-gate gssBuf.value = (void *)defaultPrincipal;
1918*0Sstevel@tonic-gate gssBuf.length = strlen(defaultPrincipal);
1919*0Sstevel@tonic-gate }
1920*0Sstevel@tonic-gate printf(gettext(
1921*0Sstevel@tonic-gate "Using <%s> as the principal name.\n"), (char *)gssBuf.value);
1922*0Sstevel@tonic-gate
1923*0Sstevel@tonic-gate
1924*0Sstevel@tonic-gate /* optional argument 2 - contains name oid */
1925*0Sstevel@tonic-gate if (argc > 1)
1926*0Sstevel@tonic-gate nameType = gss_str2oid((char *) argv[1]);
1927*0Sstevel@tonic-gate else
1928*0Sstevel@tonic-gate nameType = (gss_OID)GSS_C_NT_USER_NAME;
1929*0Sstevel@tonic-gate
1930*0Sstevel@tonic-gate if (nameType == NULL || nameType->length == 0) {
1931*0Sstevel@tonic-gate printf(gettext("improperly formated name OID\n"));
1932*0Sstevel@tonic-gate return;
1933*0Sstevel@tonic-gate }
1934*0Sstevel@tonic-gate printf(gettext("Principal name of type: <%s>.\n"),
1935*0Sstevel@tonic-gate (argc > 1) ? argv[1] : "GSS_C_NT_USER_NAME");
1936*0Sstevel@tonic-gate
1937*0Sstevel@tonic-gate
1938*0Sstevel@tonic-gate /* optional argument 3 - contains mech oid */
1939*0Sstevel@tonic-gate if (argc > 2)
1940*0Sstevel@tonic-gate mechType = gss_str2oid(argv[2]);
1941*0Sstevel@tonic-gate else
1942*0Sstevel@tonic-gate mechType = gss_str2oid((char *)GSS_KRB5_MECH_OID);
1943*0Sstevel@tonic-gate
1944*0Sstevel@tonic-gate if (mechType == NULL || mechType->length == NULL) {
1945*0Sstevel@tonic-gate FREE(nameType->elements, nameType->length);
1946*0Sstevel@tonic-gate FREE(nameType, sizeof (gss_OID_desc));
1947*0Sstevel@tonic-gate printf(gettext("improperly formated mech OID\n"));
1948*0Sstevel@tonic-gate return;
1949*0Sstevel@tonic-gate }
1950*0Sstevel@tonic-gate printf(gettext("Mechanism oid: <%s>.\n"),
1951*0Sstevel@tonic-gate (argc > 2) ? argv[2] :
1952*0Sstevel@tonic-gate (char *)GSS_KRB5_MECH_OID "(Kerberos v5)");
1953*0Sstevel@tonic-gate
1954*0Sstevel@tonic-gate
1955*0Sstevel@tonic-gate /* convert the name to internal format */
1956*0Sstevel@tonic-gate if ((major = gss_import_name(&minor, &gssBuf,
1957*0Sstevel@tonic-gate nameType, &gssName)) != GSS_S_COMPLETE) {
1958*0Sstevel@tonic-gate printf(gettext("could not parse name: err (octal) %o (%s)\n"),
1959*0Sstevel@tonic-gate major, "gss_import_name");
1960*0Sstevel@tonic-gate
1961*0Sstevel@tonic-gate FREE(nameType->elements, nameType->length);
1962*0Sstevel@tonic-gate FREE(nameType, sizeof (gss_OID_desc));
1963*0Sstevel@tonic-gate return;
1964*0Sstevel@tonic-gate }
1965*0Sstevel@tonic-gate
1966*0Sstevel@tonic-gate major = kgsscred_name_to_unix_cred(gssName, mechType, &uidOut,
1967*0Sstevel@tonic-gate &gidOut, &gids, &gidsLen, uid);
1968*0Sstevel@tonic-gate
1969*0Sstevel@tonic-gate gss_release_name(&minor, &gssName);
1970*0Sstevel@tonic-gate FREE(mechType->elements, mechType->length);
1971*0Sstevel@tonic-gate FREE(mechType, sizeof (gss_OID_desc));
1972*0Sstevel@tonic-gate if (argc > 1) {
1973*0Sstevel@tonic-gate FREE(nameType->elements, nameType->length);
1974*0Sstevel@tonic-gate FREE(nameType, sizeof (gss_OID_desc));
1975*0Sstevel@tonic-gate }
1976*0Sstevel@tonic-gate
1977*0Sstevel@tonic-gate if (major == GSS_S_COMPLETE) {
1978*0Sstevel@tonic-gate printf("uid = <%d>\tgid = <%d>\t", uidOut, gidOut);
1979*0Sstevel@tonic-gate if (gidsLen > 0)
1980*0Sstevel@tonic-gate printf(gettext(" %d gids <"), gidsLen);
1981*0Sstevel@tonic-gate else
1982*0Sstevel@tonic-gate printf(gettext(
1983*0Sstevel@tonic-gate " no supplementary group information\n"));
1984*0Sstevel@tonic-gate for (i = 0; i < gidsLen; i++)
1985*0Sstevel@tonic-gate printf(" %d ", gids[i]);
1986*0Sstevel@tonic-gate if (gidsLen > 0) {
1987*0Sstevel@tonic-gate printf(">\n");
1988*0Sstevel@tonic-gate FREE(gids, gidsLen * sizeof (gid_t));
1989*0Sstevel@tonic-gate }
1990*0Sstevel@tonic-gate } else {
1991*0Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"),
1992*0Sstevel@tonic-gate major, gettext("gsscred_name_to_unix_cred"));
1993*0Sstevel@tonic-gate }
1994*0Sstevel@tonic-gate }
1995*0Sstevel@tonic-gate
1996*0Sstevel@tonic-gate static void
_gssd_get_group_info(argc,argv)1997*0Sstevel@tonic-gate _gssd_get_group_info(argc, argv)
1998*0Sstevel@tonic-gate int argc;
1999*0Sstevel@tonic-gate char **argv;
2000*0Sstevel@tonic-gate {
2001*0Sstevel@tonic-gate OM_uint32 major;
2002*0Sstevel@tonic-gate uid_t puid, uidIn;
2003*0Sstevel@tonic-gate gid_t *gids, gidOut;
2004*0Sstevel@tonic-gate int gidsLen, i;
2005*0Sstevel@tonic-gate
2006*0Sstevel@tonic-gate /* set up the arguments */
2007*0Sstevel@tonic-gate uidIn = (uid_t) getuid();
2008*0Sstevel@tonic-gate
2009*0Sstevel@tonic-gate if (argc < 1)
2010*0Sstevel@tonic-gate puid = 0;
2011*0Sstevel@tonic-gate else
2012*0Sstevel@tonic-gate puid = atol(argv[0]);
2013*0Sstevel@tonic-gate
2014*0Sstevel@tonic-gate printf(gettext("Retrieving group info for uid of <%d>\n"), puid);
2015*0Sstevel@tonic-gate
2016*0Sstevel@tonic-gate major = kgss_get_group_info(puid, &gidOut, &gids, &gidsLen, uidIn);
2017*0Sstevel@tonic-gate
2018*0Sstevel@tonic-gate if (major == GSS_S_COMPLETE) {
2019*0Sstevel@tonic-gate printf(gettext("group id = <%d>\t"), gidOut);
2020*0Sstevel@tonic-gate if (gidsLen > 0)
2021*0Sstevel@tonic-gate printf(gettext(" %d gids <"), gidsLen);
2022*0Sstevel@tonic-gate else
2023*0Sstevel@tonic-gate printf(gettext(
2024*0Sstevel@tonic-gate " no supplementary group information\n"));
2025*0Sstevel@tonic-gate for (i = 0; i < gidsLen; i++)
2026*0Sstevel@tonic-gate printf(" %d ", gids[i]);
2027*0Sstevel@tonic-gate if (gidsLen > 0) {
2028*0Sstevel@tonic-gate printf(">\n");
2029*0Sstevel@tonic-gate FREE(gids, gidsLen * sizeof (gid_t));
2030*0Sstevel@tonic-gate }
2031*0Sstevel@tonic-gate } else {
2032*0Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"),
2033*0Sstevel@tonic-gate major, "gss_get_group_info");
2034*0Sstevel@tonic-gate }
2035*0Sstevel@tonic-gate }
2036*0Sstevel@tonic-gate
2037*0Sstevel@tonic-gate static gss_OID
gss_str2oid(string)2038*0Sstevel@tonic-gate gss_str2oid(string)
2039*0Sstevel@tonic-gate char * string;
2040*0Sstevel@tonic-gate {
2041*0Sstevel@tonic-gate /*
2042*0Sstevel@tonic-gate * a convenient wrapper routine for gss_str_to_oid
2043*0Sstevel@tonic-gate * this can handle all valid oid strings.
2044*0Sstevel@tonic-gate */
2045*0Sstevel@tonic-gate OM_uint32 minor;
2046*0Sstevel@tonic-gate gss_buffer_desc abuf;
2047*0Sstevel@tonic-gate gss_OID oidOut;
2048*0Sstevel@tonic-gate
2049*0Sstevel@tonic-gate abuf.value = (void*)string;
2050*0Sstevel@tonic-gate abuf.length = strlen(string);
2051*0Sstevel@tonic-gate
2052*0Sstevel@tonic-gate if (gss_str_to_oid(&minor, &abuf, &oidOut) != GSS_S_COMPLETE)
2053*0Sstevel@tonic-gate return (NULL);
2054*0Sstevel@tonic-gate
2055*0Sstevel@tonic-gate return (oidOut);
2056*0Sstevel@tonic-gate }
2057*0Sstevel@tonic-gate
2058*0Sstevel@tonic-gate static char *
gss_oid2str(oid)2059*0Sstevel@tonic-gate gss_oid2str(oid)
2060*0Sstevel@tonic-gate gss_OID oid;
2061*0Sstevel@tonic-gate {
2062*0Sstevel@tonic-gate /*
2063*0Sstevel@tonic-gate * a convenient wrapper for gss_oid_to_str
2064*0Sstevel@tonic-gate * this calls the GSS-API routine which should
2065*0Sstevel@tonic-gate * be able to handle all types of oids.
2066*0Sstevel@tonic-gate */
2067*0Sstevel@tonic-gate OM_uint32 minor;
2068*0Sstevel@tonic-gate gss_buffer_desc oidStr;
2069*0Sstevel@tonic-gate
2070*0Sstevel@tonic-gate if (gss_oid_to_str(&minor, oid, &oidStr) != GSS_S_COMPLETE)
2071*0Sstevel@tonic-gate return (NULL);
2072*0Sstevel@tonic-gate
2073*0Sstevel@tonic-gate return ((char *)oidStr.value);
2074*0Sstevel@tonic-gate } /* gss_oid2str */
2075*0Sstevel@tonic-gate
2076*0Sstevel@tonic-gate static void
instructs()2077*0Sstevel@tonic-gate instructs()
2078*0Sstevel@tonic-gate {
2079*0Sstevel@tonic-gate fprintf(stderr,
2080*0Sstevel@tonic-gate gettext(
2081*0Sstevel@tonic-gate "\nThis program must be run as root. Root must be installed on the KDC\n"
2082*0Sstevel@tonic-gate "and exist in srvtab as root/<hostname>, where <hostname> is the machine on\n"
2083*0Sstevel@tonic-gate "which the test runs. Before running gssdtest for Kerberos mechanism, the\n"
2084*0Sstevel@tonic-gate "operator running as root must kinit as some other principal, e.g., test.\n"
2085*0Sstevel@tonic-gate "There are two mechanisms avaialble: dummy and Kerberos(default).\n"
2086*0Sstevel@tonic-gate "The OID for dummy mechanism is 1.3.6.1.4.1.42.2.26.1.2.\n"
2087*0Sstevel@tonic-gate "The OID for Kerberos mechanism is 1.2.840.113554.1.2.2.\n"
2088*0Sstevel@tonic-gate "The order of context establishment calls is important. First, acquire must"
2089*0Sstevel@tonic-gate "\nbe called. This obtains the credentials used by accept. Acquire need\n"
2090*0Sstevel@tonic-gate "only be called once, since the credentials it returns are used each time\n"
2091*0Sstevel@tonic-gate "accept is called. Then init is called, followed by accept. Calling init\n"
2092*0Sstevel@tonic-gate "twice without calling accept or calling these in a different order gives\n"
2093*0Sstevel@tonic-gate "erroneous results and will cause memory leaks in the gssapi daemon. \n"
2094*0Sstevel@tonic-gate "Finally, after calling init and accept, init must be called again to\n"
2095*0Sstevel@tonic-gate "finish context establishment. So an example sequence (with data valid for\n"
2096*0Sstevel@tonic-gate "the Kerberos mechanism and running on the machine \"elrond\" in the realm\n"
2097*0Sstevel@tonic-gate "FOO.BAR.SUN.COM is :\n"));
2098*0Sstevel@tonic-gate fprintf(stderr,
2099*0Sstevel@tonic-gate gettext("\nacquire service@host 1.2.840.113554.1.2.2\n"
2100*0Sstevel@tonic-gate "init service@host 1.2.840.113554.1.2.2\n"
2101*0Sstevel@tonic-gate "accept\ninit service@host 1.2.840.113554.1.2.2\n"
2102*0Sstevel@tonic-gate "\nAfter a context is established, sign, seal,\n"
2103*0Sstevel@tonic-gate "verify and unseal may be called. Here are some examples\n"
2104*0Sstevel@tonic-gate "for these routines : \n\n"
2105*0Sstevel@tonic-gate "sign initiator ThisTestMessageIsForSigning\n"
2106*0Sstevel@tonic-gate "verify acceptor\nseal initiator ThisTestMessageIsForSealing\n"
2107*0Sstevel@tonic-gate "unseal acceptor\n\nEach input line is terminated by <cr>.\n"
2108*0Sstevel@tonic-gate "The program is terminated by cntl-d\nor the command \"exit\""
2109*0Sstevel@tonic-gate "\nfrom the prompt\n\n"));
2110*0Sstevel@tonic-gate }
2111*0Sstevel@tonic-gate
2112*0Sstevel@tonic-gate static void
usage()2113*0Sstevel@tonic-gate usage()
2114*0Sstevel@tonic-gate {
2115*0Sstevel@tonic-gate fprintf(stderr,
2116*0Sstevel@tonic-gate gettext(
2117*0Sstevel@tonic-gate "\nusage:\t[acquire | gss_acquire_cred]"
2118*0Sstevel@tonic-gate "desired_name mech_type\n"
2119*0Sstevel@tonic-gate "\t[release | gss_release_cred]\n"
2120*0Sstevel@tonic-gate "\t[init | gss_init_sec_context] target_name mech_type\n"
2121*0Sstevel@tonic-gate "\t[accept | gss_accept_sec_context]\n"
2122*0Sstevel@tonic-gate "\t[process | gss_process_context_token] initiator | acceptor\n"
2123*0Sstevel@tonic-gate "\t[delete | gss_delete_sec_context] initiator | acceptor\n"
2124*0Sstevel@tonic-gate "\t[time | gss_context_time] {not yet implemented}\n"
2125*0Sstevel@tonic-gate "\t[sign | gss_sign] initiator | acceptor message-to-sign\n"
2126*0Sstevel@tonic-gate "\t[verify | gss_verify] initiator | acceptor\n"
2127*0Sstevel@tonic-gate "\t[seal | gss_seal] initiator | acceptor message-to-seal\n"
2128*0Sstevel@tonic-gate "\t[unseal | gss_unseal] initiator | acceptor\n"
2129*0Sstevel@tonic-gate "\t[status | gss_display_status] mech_type [major | minor] \n"
2130*0Sstevel@tonic-gate "\t[indicate | gss_indicate_mechs]\n"
2131*0Sstevel@tonic-gate "\t[inquire | gss_inquire_cred] {not yet implemented}\n"
2132*0Sstevel@tonic-gate "\t[expname2unixcred | gsscred_expname_to_unix_cred]"
2133*0Sstevel@tonic-gate " export-name\n"
2134*0Sstevel@tonic-gate "\t[name2unixcred | gsscred_name_to_unix_cred] "
2135*0Sstevel@tonic-gate "pname [name_type mech_type]\n"
2136*0Sstevel@tonic-gate "\t[grpinfo | gss_get_group_info] uid\n"
2137*0Sstevel@tonic-gate "\t[gss_all | all] desired_name\n"
2138*0Sstevel@tonic-gate "\t[gss_loop | loop] desired_name\n"
2139*0Sstevel@tonic-gate "\texit\n\n"));
2140*0Sstevel@tonic-gate }
2141*0Sstevel@tonic-gate
2142*0Sstevel@tonic-gate /* Copied from parse_argv(), then modified */
2143*0Sstevel@tonic-gate
2144*0Sstevel@tonic-gate static int
parse_input_line(input_line,argc,argv)2145*0Sstevel@tonic-gate parse_input_line(input_line, argc, argv)
2146*0Sstevel@tonic-gate char *input_line;
2147*0Sstevel@tonic-gate int * argc;
2148*0Sstevel@tonic-gate char ***argv;
2149*0Sstevel@tonic-gate {
2150*0Sstevel@tonic-gate const char nil = '\0';
2151*0Sstevel@tonic-gate char * chptr;
2152*0Sstevel@tonic-gate int chr_cnt;
2153*0Sstevel@tonic-gate int arg_cnt = 0;
2154*0Sstevel@tonic-gate int ch_was_space = 1;
2155*0Sstevel@tonic-gate int ch_is_space;
2156*0Sstevel@tonic-gate
2157*0Sstevel@tonic-gate chr_cnt = strlen(input_line);
2158*0Sstevel@tonic-gate
2159*0Sstevel@tonic-gate /* Count the arguments in the input_line string */
2160*0Sstevel@tonic-gate
2161*0Sstevel@tonic-gate *argc = 1;
2162*0Sstevel@tonic-gate
2163*0Sstevel@tonic-gate for (chptr = &input_line[0]; *chptr != nil; chptr++) {
2164*0Sstevel@tonic-gate ch_is_space = isspace(*chptr);
2165*0Sstevel@tonic-gate if (ch_is_space && !ch_was_space) {
2166*0Sstevel@tonic-gate (*argc)++;
2167*0Sstevel@tonic-gate }
2168*0Sstevel@tonic-gate ch_was_space = ch_is_space;
2169*0Sstevel@tonic-gate }
2170*0Sstevel@tonic-gate
2171*0Sstevel@tonic-gate if (ch_was_space) {
2172*0Sstevel@tonic-gate (*argc)--;
2173*0Sstevel@tonic-gate } /* minus trailing spaces */
2174*0Sstevel@tonic-gate
2175*0Sstevel@tonic-gate /* Now that we know how many args calloc the argv array */
2176*0Sstevel@tonic-gate
2177*0Sstevel@tonic-gate *argv = (char **) CALLOC((*argc)+1, sizeof (char *));
2178*0Sstevel@tonic-gate chptr = (char *) (&input_line[0]);
2179*0Sstevel@tonic-gate
2180*0Sstevel@tonic-gate for (ch_was_space = 1; *chptr != nil; chptr++) {
2181*0Sstevel@tonic-gate ch_is_space = isspace(*chptr);
2182*0Sstevel@tonic-gate if (ch_is_space) {
2183*0Sstevel@tonic-gate *chptr = nil; /* replace each space with nil */
2184*0Sstevel@tonic-gate } else if (ch_was_space) { /* begining of word? */
2185*0Sstevel@tonic-gate (*argv)[arg_cnt++] = chptr; /* new argument ? */
2186*0Sstevel@tonic-gate }
2187*0Sstevel@tonic-gate
2188*0Sstevel@tonic-gate ch_was_space = ch_is_space;
2189*0Sstevel@tonic-gate }
2190*0Sstevel@tonic-gate
2191*0Sstevel@tonic-gate return (chr_cnt);
2192*0Sstevel@tonic-gate }
2193