/** * shishi_init: * @handle: Pointer to a Shishi handle created by this call. * * Creates a Shishi library handle, using shishi(), and reads the system * configuration file, user configuration file and user tickets from * their default locations. The paths to the system configuration * file is decided at compile time, and is $sysconfdir/shishi.conf. * The user configuration file is $HOME/.shishi/config, and the user * ticket file is $HOME/.shishi/ticket. * * The handle is allocated regardless of return value. The single * exception being %SHISHI_HANDLE_ERROR, which indicates a problem * in allocating the handle. Other error conditions could arise * while reading files. * * Return value: Returns %SHISHI_OK iff successful. **/ int shishi_init (Shishi ** handle) { if (!handle || !(*handle = shishi ())) return SHISHI_HANDLE_ERROR; return init_read (*handle, shishi_tkts_default_file (*handle), shishi_cfg_default_systemfile (*handle), shishi_cfg_default_userfile (*handle)); }
/** * shishi_init_with_paths: * @handle: Pointer to a Shishi handle created by this call. * @tktsfile: Filename of ticket file, or %NULL. * @systemcfgfile: Filename of system configuration, or %NULL. * @usercfgfile: Filename of user configuration, or %NULL. * * Creates a Shishi library handle, using shishi(), and reads the system * configuration file, user configuration file, and user tickets at * the specified locations. If any of @usercfgfile or @systemcfgfile * is %NULL, the file is read from its default location, which for * the system configuration is decided at compile time, and is * $sysconfdir/shishi.conf, and for the user configuration it is * $HOME/.shishi/config. If the ticket file name is %NULL, a ticket * file is not read at all. * * The handle is allocated regardless of return value. The single * exception being %SHISHI_HANDLE_ERROR, which indicates a problem * in allocating the handle. Other error conditions could arise * while reading files. * * Return value: Returns %SHISHI_OK iff successful. **/ int shishi_init_with_paths (Shishi ** handle, const char *tktsfile, const char *systemcfgfile, const char *usercfgfile) { if (!handle || !(*handle = shishi ())) return SHISHI_HANDLE_ERROR; shishi_tkts_default_file_set (*handle, tktsfile); return init_read (*handle, tktsfile, systemcfgfile, usercfgfile); }
int main (int argc, char *argv[]) { gss_uint32 maj_stat, min_stat, ret_flags, time_rec; gss_buffer_desc bufdesc, bufdesc2; gss_name_t servername = GSS_C_NO_NAME, name; gss_ctx_id_t cctx = GSS_C_NO_CONTEXT; gss_ctx_id_t sctx = GSS_C_NO_CONTEXT; gss_cred_id_t server_creds; Shishi *handle; size_t i; struct gss_channel_bindings_struct cb; memset (&cb, 0, sizeof (cb)); cb.application_data.length = 3; cb.application_data.value = (char *) "hej"; do if (strcmp (argv[argc - 1], "-v") == 0 || strcmp (argv[argc - 1], "--verbose") == 0) debug = 1; else if (strcmp (argv[argc - 1], "-b") == 0 || strcmp (argv[argc - 1], "--break-on-error") == 0) break_on_error = 1; else if (strcmp (argv[argc - 1], "-h") == 0 || strcmp (argv[argc - 1], "-?") == 0 || strcmp (argv[argc - 1], "--help") == 0) { printf ("Usage: %s [-vbh?] [--verbose] [--break-on-error] [--help]\n", argv[0]); return 1; } while (argc-- > 1); handle = shishi (); /* Name of service. */ bufdesc.value = (char *) "*****@*****.**"; bufdesc.length = strlen (bufdesc.value); maj_stat = gss_import_name (&min_stat, &bufdesc, GSS_C_NT_HOSTBASED_SERVICE, &servername); if (GSS_ERROR (maj_stat)) fail ("gss_import_name (host/server)\n"); /* Get credential, for server. */ maj_stat = gss_acquire_cred (&min_stat, servername, 0, GSS_C_NULL_OID_SET, GSS_C_ACCEPT, &server_creds, NULL, NULL); if (GSS_ERROR (maj_stat)) { fail ("gss_acquire_cred"); display_status ("acquire credentials", maj_stat, min_stat); } for (i = 0; i < 3; i++) { /* Start client. */ switch (i) { case 0: maj_stat = gss_init_sec_context (&min_stat, GSS_C_NO_CREDENTIAL, &cctx, servername, GSS_KRB5, GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG, 0, GSS_C_NO_CHANNEL_BINDINGS, GSS_C_NO_BUFFER, NULL, &bufdesc2, NULL, NULL); if (maj_stat != GSS_S_CONTINUE_NEEDED) fail ("loop 0 init failure\n"); break; case 1: /* Default OID, channel bindings. */ maj_stat = gss_init_sec_context (&min_stat, GSS_C_NO_CREDENTIAL, &cctx, servername, GSS_C_NO_OID, GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG, 0, &cb, GSS_C_NO_BUFFER, NULL, &bufdesc2, NULL, NULL); if (maj_stat != GSS_S_CONTINUE_NEEDED) fail ("loop 0 init failure\n"); break; case 2: /* No mutual authentication. */ maj_stat = gss_init_sec_context (&min_stat, GSS_C_NO_CREDENTIAL, &cctx, servername, GSS_KRB5, GSS_C_REPLAY_FLAG | GSS_C_CONF_FLAG | GSS_C_SEQUENCE_FLAG, 0, GSS_C_NO_CHANNEL_BINDINGS, GSS_C_NO_BUFFER, NULL, &bufdesc2, &ret_flags, NULL); if (ret_flags != (GSS_C_REPLAY_FLAG | GSS_C_CONF_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_PROT_READY_FLAG)) fail ("loop 2 ret_flags failure (%d)\n", ret_flags); if (maj_stat != GSS_S_COMPLETE) fail ("loop 1 init failure\n"); break; default: fail ("default?!\n"); break; } if (GSS_ERROR (maj_stat)) { fail ("gss_accept_sec_context failure\n"); display_status ("accept_sec_context", maj_stat, min_stat); } if (debug) { char *p = bufdesc2.value; Shishi_asn1 apreq = shishi_der2asn1_apreq (handle, p + 17, bufdesc2.length - 17); printf ("\nClient AP-REQ:\n\n"); shishi_apreq_print (handle, stdout, apreq); } /* Start server. */ switch (i) { case 0: maj_stat = gss_accept_sec_context (&min_stat, &sctx, server_creds, &bufdesc2, GSS_C_NO_CHANNEL_BINDINGS, &name, NULL, &bufdesc, &ret_flags, &time_rec, NULL); if (ret_flags != (GSS_C_MUTUAL_FLAG | /* XXX GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | */ GSS_C_PROT_READY_FLAG)) fail ("loop 0 accept flag failure (%d)\n", ret_flags); break; case 1: maj_stat = gss_accept_sec_context (&min_stat, &sctx, server_creds, &bufdesc2, &cb, &name, NULL, &bufdesc, &ret_flags, &time_rec, NULL); break; case 2: maj_stat = gss_accept_sec_context (&min_stat, &sctx, server_creds, &bufdesc2, GSS_C_NO_CHANNEL_BINDINGS, &name, NULL, &bufdesc, &ret_flags, &time_rec, NULL); break; default: fail ("default?!\n"); break; } if (GSS_ERROR (maj_stat)) { fail ("gss_accept_sec_context failure\n"); display_status ("accept_sec_context", maj_stat, min_stat); } if (debug) { char *p = bufdesc2.value; Shishi_asn1 aprep = shishi_der2asn1_aprep (handle, p + 15, bufdesc.length - 15); printf ("\nServer AP-REP:\n\n"); shishi_aprep_print (handle, stdout, aprep); } switch (i) { case 0: maj_stat = gss_init_sec_context (&min_stat, GSS_C_NO_CREDENTIAL, &cctx, servername, GSS_KRB5, GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG, 0, GSS_C_NO_CHANNEL_BINDINGS, &bufdesc, NULL, &bufdesc2, NULL, NULL); break; case 1: /* Check ret_flags. */ maj_stat = gss_init_sec_context (&min_stat, GSS_C_NO_CREDENTIAL, &cctx, servername, GSS_KRB5, GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG, 0, GSS_C_NO_CHANNEL_BINDINGS, &bufdesc, NULL, &bufdesc2, &ret_flags, &time_rec); if (ret_flags != (GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_PROT_READY_FLAG)) fail ("loop 1 ret_flags failure (%d)\n", ret_flags); break; /* No case 2. */ default: break; } if (GSS_ERROR (maj_stat)) { fail ("gss_init_sec_context failure (2)\n"); display_status ("init_sec_context", maj_stat, min_stat); } { gss_buffer_desc pt, pt2, ct; int conf_state; gss_qop_t qop_state; pt.value = (char *) "foo"; pt.length = strlen (pt.value) + 1; maj_stat = gss_wrap (&min_stat, cctx, 0, 0, &pt, &conf_state, &ct); if (GSS_ERROR (maj_stat)) { fail ("client gss_wrap failure\n"); display_status ("client wrap", maj_stat, min_stat); } maj_stat = gss_unwrap (&min_stat, sctx, &ct, &pt2, &conf_state, &qop_state); if (GSS_ERROR (maj_stat)) { fail ("server gss_unwrap failure\n"); display_status ("client wrap", maj_stat, min_stat); } if (pt.length != pt2.length || memcmp (pt2.value, pt.value, pt.length) != 0) fail ("wrap+unwrap failed (%d, %d, %.*s)\n", (int) pt.length, (int) pt2.length, (int) pt2.length, (char *) pt2.value); gss_release_buffer (&min_stat, &ct); gss_release_buffer (&min_stat, &pt2); } maj_stat = gss_delete_sec_context (&min_stat, &cctx, GSS_C_NO_BUFFER); if (GSS_ERROR (maj_stat)) { fail ("client gss_delete_sec_context failure\n"); display_status ("client delete_sec_context", maj_stat, min_stat); } maj_stat = gss_delete_sec_context (&min_stat, &sctx, GSS_C_NO_BUFFER); if (GSS_ERROR (maj_stat)) { fail ("server gss_delete_sec_context failure\n"); display_status ("server delete_sec_context", maj_stat, min_stat); } success ("loop %d ok\n", (int) i); } /* Clean up. */ maj_stat = gss_release_cred (&min_stat, &server_creds); if (GSS_ERROR (maj_stat)) { fail ("gss_release_cred"); display_status ("release credentials", maj_stat, min_stat); } maj_stat = gss_release_name (&min_stat, &servername); if (GSS_ERROR (maj_stat)) { fail ("gss_release_name failure\n"); display_status ("gss_release_name", maj_stat, min_stat); } shishi_done (handle); /* We're done. */ if (debug) printf ("Kerberos 5 security context self tests done with %d errors\n", error_count); return error_count ? 1 : 0; }