int main (void)
{
KLStatus err;
KLPrincipal principal;
char *principalName;
char *cacheName;
printf ("Testing KLAcquireNewTickets (nil)...\n");
err = KLAcquireNewTickets (nil, &principal, &cacheName);
if (err == klNoErr) {
err = KLGetStringFromPrincipal (principal, kerberosVersion_V5, &principalName);
if (err == klNoErr) {
printf ("Got tickets for '%s' in cache '%s'\n", principalName, cacheName);
KLDisposeString (principalName);
} else {
printf ("KLGetStringFromPrincipal() returned (err = %ld)\n", err);
}
KLDisposeString (cacheName);
printf ("Testing KLChangePassword (principal)...\n");
err = KLChangePassword (principal);
if (err != klNoErr) {
printf ("KLChangePassword() returned (err = %ld)\n", err);
}
KLDisposePrincipal (principal);
} else {
printf ("KLAcquireNewTickets() returned (err = %ld)\n", err);
}
printf ("All done testing!\n");
return 0;
}
void TestErrorHandling (void)
{
long err;
char* errorString;
err = KLGetErrorString (KRB5KRB_AP_ERR_BAD_INTEGRITY, &errorString);
printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err);
if (!err) { KLDisposeString (errorString); }
err = KLGetErrorString (klCredentialsBadAddressErr, &errorString);
printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err);
if (!err) { KLDisposeString (errorString); }
err = KLGetErrorString (klCacheDoesNotExistErr, &errorString);
printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err);
if (!err) { KLDisposeString (errorString); }
err = KLGetErrorString (klPasswordMismatchErr, &errorString);
printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err);
if (!err) { KLDisposeString (errorString); }
err = KLGetErrorString (klInsecurePasswordErr, &errorString);
printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err);
if (!err) { KLDisposeString (errorString); }
err = KLGetErrorString (klPasswordChangeFailedErr, &errorString);
printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err);
if (!err) { KLDisposeString (errorString); }
err = KLGetErrorString (klCantContactServerErr, &errorString);
printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err);
if (!err) { KLDisposeString (errorString); }
err = KLGetErrorString (klCantDisplayUIErr, &errorString);
printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err);
if (!err) { KLDisposeString (errorString); }
}
/*
* Retrieval from credentials cache
*/
int KRB5_CALLCONV
krb_get_cred (
char* service,
char* instance,
char* realm,
CREDENTIALS* creds)
{
int kerr = KSUCCESS;
cc_int32 cc_err = ccNoError;
cc_credentials_t theCreds = NULL;
cc_credentials_iterator_t iterator = NULL;
cc_context_t cc_context = NULL;
cc_int32 cc_version;
cc_ccache_t ccache = NULL;
#ifdef USE_LOGIN_LIBRARY
// If we are requesting a tgt, prompt for it
if (strncmp (service, KRB_TICKET_GRANTING_TICKET, ANAME_SZ) == 0) {
OSStatus err;
char *cacheName;
KLPrincipal outPrincipal;
err = __KLInternalAcquireInitialTicketsForCache (TKT_FILE, kerberosVersion_V4, NULL,
&outPrincipal, &cacheName);
if (err == klNoErr) {
krb_set_tkt_string (cacheName); // Tickets for the krb4 principal went here
KLDisposeString (cacheName);
KLDisposePrincipal (outPrincipal);
} else {
return GC_NOTKT;
}
}
#endif /* USE_LOGIN_LIBRARY */
cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
if (cc_err == ccNoError) {
cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache);
}
if (cc_err == ccNoError) {
cc_err = cc_ccache_new_credentials_iterator (ccache, &iterator);
}
if (cc_err == ccNoError) {
for (;;) {
/* get next creds */
cc_err = cc_credentials_iterator_next (iterator, &theCreds);
if (cc_err == ccIteratorEnd) {
kerr = GC_NOTKT;
break;
}
if (cc_err != ccNoError) {
kerr = KFAILURE;
break;
}
/* version, service, instance, realm check */
if ((theCreds -> data -> version == cc_credentials_v4) &&
(strcmp (theCreds -> data -> credentials.credentials_v4 -> service, service) == 0) &&
(strcmp (theCreds -> data -> credentials.credentials_v4 -> service_instance, instance) == 0) &&
(strcmp (theCreds -> data -> credentials.credentials_v4 -> realm, realm) == 0)) {
/* Match! */
strcpy (creds -> service, service);
strcpy (creds -> instance, instance);
strcpy (creds -> realm, realm);
memmove (creds -> session, theCreds -> data -> credentials.credentials_v4 -> session_key, sizeof (C_Block));
creds -> lifetime = theCreds -> data -> credentials.credentials_v4 -> lifetime;
creds -> kvno = theCreds -> data -> credentials.credentials_v4 -> kvno;
creds -> ticket_st.length = theCreds -> data -> credentials.credentials_v4 -> ticket_size;
memmove (creds -> ticket_st.dat, theCreds -> data -> credentials.credentials_v4 -> ticket, creds -> ticket_st.length);
creds -> issue_date = theCreds -> data -> credentials.credentials_v4 -> issue_date;
strcpy (creds -> pname, theCreds -> data -> credentials.credentials_v4 -> principal);
strcpy (creds -> pinst, theCreds -> data -> credentials.credentials_v4 -> principal_instance);
creds -> stk_type = theCreds -> data -> credentials.credentials_v4 -> string_to_key_type;
cc_credentials_release (theCreds);
kerr = KSUCCESS;
break;
} else {
cc_credentials_release (theCreds);
}
}
}
if (iterator != NULL)
cc_credentials_iterator_release (iterator);
if (ccache != NULL)
cc_ccache_release (ccache);
if (cc_context != NULL)
cc_context_release (cc_context);
if (kerr != KSUCCESS)
return kerr;
if (cc_err != ccNoError)
return GC_NOTKT;
else
return KSUCCESS;
}
void TestHighLevelAPI (void)
{
KLStatus err;
KLPrincipal inPrincipal, outPrincipal, outPrincipal2;
char *outCredCacheName, *outCredCacheName2;
KLTime expirationTime;
char* principalString;
char timeString[256];
KLBoolean valid;
err = KLCreatePrincipalFromTriplet ("grail", "", "TESTV5-KERBEROS-1.3.1", &inPrincipal);
printf ("KLCreatePrincipalFromTriplet([email protected]) (err = %d)\n", err);
if (err == klNoErr) {
err = KLAcquireNewInitialTicketsWithPassword (inPrincipal, NULL, "liarg", &outCredCacheName);
if (err != klNoErr) {
printf ("KLAcquireNewInitialTicketsWithPassword() returned err = %d\n", err);
} else {
printf ("KLAcquireNewInitialTicketsWithPassword() returned '%s'\n", outCredCacheName);
KLDisposeString (outCredCacheName);
}
KLDisposePrincipal (inPrincipal);
}
err = KLCreatePrincipalFromTriplet ("nobody", "", "TEST-KERBEROS-1.3.1", &inPrincipal);
printf ("KLCreatePrincipalFromTriplet([email protected]) (err = %d)\n", err);
if (err == klNoErr) {
err = KLAcquireNewInitialTicketsWithPassword (inPrincipal, NULL, "ydobon", &outCredCacheName);
if (err != klNoErr) {
printf ("KLAcquireNewInitialTicketsWithPassword() returned err = %d\n", err);
} else {
printf ("KLAcquireNewInitialTicketsWithPassword() returned '%s'\n", outCredCacheName);
KLDisposeString (outCredCacheName);
}
KLDisposePrincipal (inPrincipal);
}
err = KLAcquireNewInitialTickets (NULL, NULL, &inPrincipal, &outCredCacheName);
printf ("KLAcquireNewInitialTickets() (err = %d)\n", err);
if (err == klNoErr) {
KLDisposeString (outCredCacheName);
err = KLAcquireInitialTickets (inPrincipal, NULL, &outPrincipal, &outCredCacheName);
printf ("KLAcquireInitialTickets() (err = %d)\n", err);
if (err == klNoErr) {
KLDisposeString (outCredCacheName);
KLDisposePrincipal (outPrincipal);
}
KLDisposePrincipal (inPrincipal);
}
err = KLSetDefaultLoginOption (loginOption_LoginName, "testname", 3);
printf ("KLSetDefaultLoginOption(loginOption_LoginName) to testname (err = %d)\n", err);
if (err == klNoErr) {
err = KLSetDefaultLoginOption (loginOption_LoginInstance, "testinstance", 6);
printf ("KLSetDefaultLoginOption(loginOption_LoginInstance) to testinstance (err = %d)\n", err);
}
err = KLAcquireNewInitialTickets (NULL, NULL, &inPrincipal, &outCredCacheName);
printf ("KLAcquireNewInitialTickets() (err = %d)\n", err);
if (err == klNoErr) {
KLDisposeString (outCredCacheName);
KLDisposePrincipal (inPrincipal);
}
// Principal == NULL
while (KLAcquireNewInitialTickets (NULL, NULL, &outPrincipal, &outCredCacheName) == klNoErr) {
err = KLTicketExpirationTime (outPrincipal, kerberosVersion_All, &expirationTime);
err = KLCacheHasValidTickets (outPrincipal, kerberosVersion_All, &valid, &outPrincipal2, &outCredCacheName2);
if (err == klNoErr) {
err = KLGetStringFromPrincipal (outPrincipal2, kerberosVersion_V4, &principalString);
if (err == klNoErr) {
printf ("KLGetStringFromPrincipal returned string '%s'\n", principalString);
KLDisposeString (principalString);
}
KLDisposePrincipal (outPrincipal2);
KLDisposeString (outCredCacheName2);
err = KLCacheHasValidTickets (outPrincipal, kerberosVersion_All, &valid, NULL, NULL);
if (err != klNoErr) {
printf ("KLCacheHasValidTickets returned error = %d\n", err);
}
}
err = KLCacheHasValidTickets (outPrincipal, kerberosVersion_All, &valid, NULL, NULL);
KLDisposeString (outCredCacheName);
KLDisposePrincipal (outPrincipal);
}
err = KLAcquireNewInitialTickets (NULL, NULL, &outPrincipal, &outCredCacheName);
if (err == klNoErr) {
KLDisposeString (outCredCacheName);
KLDisposePrincipal (outPrincipal);
}
err = KLCreatePrincipalFromTriplet ("nobody", "", "TEST-KERBEROS-1.3.1", &inPrincipal);
printf ("KLCreatePrincipalFromTriplet([email protected]) (err = %d)\n", err);
if (err == klNoErr) {
err = KLAcquireNewInitialTickets (inPrincipal, NULL, &outPrincipal, &outCredCacheName);
printf ("KLAcquireNewInitialTickets([email protected]) (err = %d)\n", err);
if (err == klNoErr) {
KLDisposeString (outCredCacheName);
KLDisposePrincipal (outPrincipal);
}
err = KLDestroyTickets (inPrincipal);
KLDisposePrincipal (inPrincipal);
}
err = KLCreatePrincipalFromTriplet ("nobody", "", "TEST-KERBEROS-1.3.1", &inPrincipal);
printf ("KLCreatePrincipalFromTriplet([email protected]) (err = %d)\n", err);
if (err == klNoErr) {
err = KLAcquireInitialTickets (inPrincipal, NULL, &outPrincipal, &outCredCacheName);
printf ("KLAcquireInitialTickets([email protected]) (err = %d)\n", err);
if (err == klNoErr) {
KLDisposeString (outCredCacheName);
KLDisposePrincipal (outPrincipal);
}
err = KLAcquireNewInitialTickets (inPrincipal, NULL, &outPrincipal, &outCredCacheName);
if (err == klNoErr) {
err = KLGetStringFromPrincipal (outPrincipal, kerberosVersion_V5, &principalString);
if (err == klNoErr) {
err = KLTicketExpirationTime (outPrincipal, kerberosVersion_All, &expirationTime);
printf ("Tickets for principal '%s' expire on %s\n",
principalString, TimeToString(timeString, expirationTime));
KLDisposeString (principalString);
}
KLDisposeString (outCredCacheName);
KLDisposePrincipal (outPrincipal);
}
err = KLChangePassword (inPrincipal);
printf ("KLChangePassword() (err = %d)\n", err);
err = KLDestroyTickets (inPrincipal);
printf ("KLDestroyTickets() (err = %d)\n", err);
KLDisposePrincipal (inPrincipal);
}
}
void TestKLPrincipal (void)
{
KLStatus err = klNoErr;
KLPrincipal extraLongPrincipal = NULL;
KLPrincipal principal = NULL;
KLPrincipal adminPrincipal = NULL;
KLPrincipal adminPrincipalV4 = NULL;
KLPrincipal adminPrincipalV5 = NULL;
char *principalString = NULL;
char *user = NULL;
char *instance = NULL;
char *realm = NULL;
printf ("Entering TestKLPrincipal()\n");
printf ("----------------------------------------------------------------\n");
err = KLCreatePrincipalFromString ("thisprincipalnameislongerthanissupportedbyKerberos4@TEST-KERBEROS-1.3.1",
kerberosVersion_V5, &extraLongPrincipal);
printf ("KLCreatePrincipalFromString "
"('thisprincipalnameislongerthanissupportedbyKerberos4@TEST-KERBEROS-1.3.1') "
"(err = %s)\n", error_message(err));
printf ("----------------------------------------------------------------\n");
err = KLCreatePrincipalFromTriplet ("nobody", "", "TEST-KERBEROS-1.3.1", &principal);
printf ("KLCreatePrincipalFromTriplet ('nobody' '' 'TEST-KERBEROS-1.3.1') (err = %s)\n",
error_message(err));
if (err == klNoErr) {
err = KLGetStringFromPrincipal (principal, kerberosVersion_V5, &principalString);
if (err == klNoErr) {
printf ("KLGetStringFromPrincipal ([email protected], v5) returned string '%s'\n", principalString);
KLDisposeString (principalString);
} else {
printf ("KLGetStringFromPrincipal([email protected], v5) returned (err = %s)\n", error_message(err));
}
err = KLGetStringFromPrincipal (principal, kerberosVersion_V4, &principalString);
if (err == klNoErr) {
printf ("KLGetStringFromPrincipal ([email protected], v4) returned string '%s'\n", principalString);
KLDisposeString (principalString);
} else {
printf ("KLGetStringFromPrincipal([email protected], v4) returned (err = %s)\n", error_message(err));
}
err = KLGetTripletFromPrincipal (principal, &user, &instance, &realm);
if (err == klNoErr) {
printf ("KLGetTripletFromPrincipal ([email protected]) returned triplet %s' '%s' '%s'\n",
user, instance, realm);
KLDisposeString (user);
KLDisposeString (instance);
KLDisposeString (realm);
} else {
printf ("KLGetTripletFromPrincipal([email protected]) returned (err = %s)\n", error_message(err));
}
}
printf ("----------------------------------------------------------------\n");
err = KLCreatePrincipalFromTriplet ("nobody", "admin", "TEST-KERBEROS-1.3.1", &adminPrincipal);
printf ("KLCreatePrincipalFromTriplet ('nobody' 'admin' 'TEST-KERBEROS-1.3.1') (err = %d)\n", err);
if (err == klNoErr) {
err = KLGetStringFromPrincipal (adminPrincipal, kerberosVersion_V5, &principalString);
if (err == klNoErr) {
printf ("KLGetStringFromPrincipal (nobody/[email protected], v5) returned string '%s'\n", principalString);
KLDisposeString (principalString);
} else {
printf ("KLGetStringFromPrincipal(nobody/[email protected], v5) returned (err = %d)\n", err);
}
err = KLGetStringFromPrincipal (adminPrincipal, kerberosVersion_V4, &principalString);
if (err == klNoErr) {
printf ("KLGetStringFromPrincipal (nobody/[email protected], v4) returned string '%s'\n", principalString);
KLDisposeString (principalString);
} else {
printf ("KLGetStringFromPrincipal(nobody/[email protected], v4) returned (err = %d)\n", err);
}
err = KLGetTripletFromPrincipal (adminPrincipal, &user, &instance, &realm);
if (err == klNoErr) {
printf ("KLGetTripletFromPrincipal (nobody/[email protected]) returned triplet %s' '%s' '%s'\n",
user, instance, realm);
KLDisposeString (user);
KLDisposeString (instance);
KLDisposeString (realm);
} else {
printf ("KLGetTripletFromPrincipal(lxs/[email protected]) returned (err = %d)\n", err);
}
}
printf ("----------------------------------------------------------------\n");
err = KLCreatePrincipalFromString ("nobody/[email protected]", kerberosVersion_V5, &adminPrincipalV5);
printf ("KLCreatePrincipalFromString ('nobody/[email protected]', v5) (err = %d)\n", err);
if (err == klNoErr) {
err = KLGetStringFromPrincipal (adminPrincipalV5, kerberosVersion_V5, &principalString);
if (err == klNoErr) {
printf ("KLGetStringFromPrincipal (nobody/[email protected], v5) returned string '%s'\n", principalString);
KLDisposeString (principalString);
} else {
printf ("KLGetStringFromPrincipal(nobody/[email protected], v5) returned (err = %d)\n", err);
}
err = KLGetStringFromPrincipal (adminPrincipalV5, kerberosVersion_V4, &principalString);
if (err == klNoErr) {
printf ("KLGetStringFromPrincipal (nobody/[email protected], v4) returned string '%s'\n", principalString);
KLDisposeString (principalString);
} else {
printf ("KLGetStringFromPrincipal(nobody/[email protected], v4) returned (err = %d)\n", err);
}
err = KLGetTripletFromPrincipal (adminPrincipalV5, &user, &instance, &realm);
if (err == klNoErr) {
printf ("KLGetTripletFromPrincipal (nobody/[email protected]) returned triplet %s' '%s' '%s'\n",
user, instance, realm);
KLDisposeString (user);
KLDisposeString (instance);
KLDisposeString (realm);
} else {
printf ("KLGetTripletFromPrincipal(nobody/[email protected]) returned (err = %d)\n", err);
}
}
printf ("----------------------------------------------------------------\n");
err = KLCreatePrincipalFromString ("[email protected]", kerberosVersion_V4, &adminPrincipalV4);
printf ("KLCreatePrincipalFromString ('[email protected]') (err = %d)\n", err);
if (err == klNoErr) {
err = KLGetStringFromPrincipal (adminPrincipalV4, kerberosVersion_V5, &principalString);
if (err == klNoErr) {
printf ("KLGetStringFromPrincipal ([email protected], v5) returned string '%s'\n", principalString);
KLDisposeString (principalString);
} else {
printf ("KLGetStringFromPrincipal([email protected], v5) returned (err = %d)\n", err);
}
err = KLGetStringFromPrincipal (adminPrincipalV4, kerberosVersion_V4, &principalString);
if (err == klNoErr) {
printf ("KLGetStringFromPrincipal ([email protected], v4) returned string '%s'\n", principalString);
KLDisposeString (principalString);
} else {
printf ("KLGetStringFromPrincipal([email protected], v4) returned (err = %d)\n", err);
}
err = KLGetTripletFromPrincipal (adminPrincipalV4, &user, &instance, &realm);
if (err == klNoErr) {
printf ("KLGetTripletFromPrincipal ([email protected]) returned triplet %s' '%s' '%s'\n",
user, instance, realm);
KLDisposeString (user);
KLDisposeString (instance);
KLDisposeString (realm);
} else {
printf ("KLGetTripletFromPrincipal([email protected]) returned (err = %d)\n", err);
}
}
printf ("----------------------------------------------------------------\n");
if (adminPrincipalV4 != NULL && adminPrincipalV5 != NULL) {
KLBoolean equivalent;
err = KLComparePrincipal (adminPrincipalV5, adminPrincipalV4, &equivalent);
if (err == klNoErr) {
printf ("KLComparePrincipal %s comparing nobody/[email protected] and [email protected]\n",
equivalent ? "passed" : "FAILED");
} else {
printf ("KLComparePrincipal returned (err = %d)\n", err);
}
}
if (principal != NULL && adminPrincipalV5 != NULL) {
KLBoolean equivalent;
err = KLComparePrincipal (principal, adminPrincipalV4, &equivalent);
if (err == klNoErr) {
printf ("KLComparePrincipal %s comparing [email protected] and [email protected]\n",
equivalent ? "FAILED" : "passed");
} else {
printf ("KLComparePrincipal returned (err = %d)\n", err);
}
}
if (principal != NULL && adminPrincipalV5 != NULL) {
KLBoolean equivalent;
err = KLComparePrincipal (principal, adminPrincipalV5, &equivalent);
if (err == klNoErr) {
printf ("KLComparePrincipal %s comparing [email protected] and nobody/[email protected]\n",
equivalent ? "FAILED" : "passed");
} else {
printf ("KLComparePrincipal returned (err = %d)\n", err);
}
}
if (adminPrincipal != NULL && adminPrincipalV5 != NULL) {
KLBoolean equivalent;
err = KLComparePrincipal (adminPrincipalV5, principal, &equivalent);
if (err == klNoErr) {
printf ("KLComparePrincipal %s comparing nobody/[email protected] and [email protected]\n",
equivalent ? "FAILED" : "passed");
} else {
printf ("KLComparePrincipal returned (err = %d)\n", err);
}
}
printf ("----------------------------------------------------------------\n\n");
if (extraLongPrincipal != NULL) KLDisposePrincipal (extraLongPrincipal);
if (adminPrincipalV5 != NULL) KLDisposePrincipal (adminPrincipalV5);
if (adminPrincipalV4 != NULL) KLDisposePrincipal (adminPrincipalV4);
if (adminPrincipal != NULL) KLDisposePrincipal (adminPrincipal);
if (principal != NULL) KLDisposePrincipal (principal);
}