static int
HandleOP(AcquireCreds)
{
char *name, *password;
int32_t gsm_error, flags, handle = 0;
krb5_principal principal = NULL;
krb5_get_init_creds_opt *opt = NULL;
krb5_error_code ret;
retstring(c, name);
retstring(c, password);
ret32(c, flags);
logmessage(c, __FILE__, __LINE__, 0,
"username: %s password: %s", name, password);
ret = krb5_parse_name(context, name, &principal);
if (ret) {
gsm_error = convert_krb5_to_gsm(ret);
goto out;
}
ret = krb5_get_init_creds_opt_alloc (context, &opt);
if (ret)
krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc");
krb5_get_init_creds_opt_set_pa_password(context, opt, password, NULL);
gsm_error = acquire_cred(c, principal, opt, &handle);
out:
logmessage(c, __FILE__, __LINE__, 0,
"AcquireCreds handle: %d return code: %d", handle, gsm_error);
if (opt)
krb5_get_init_creds_opt_free (context, opt);
if (principal)
krb5_free_principal(context, principal);
free(name);
free(password);
put32(c, gsm_error);
put32(c, handle);
return 0;
}
static nil_cred *get_default_credentials(void)
{
static nil_cred *the_cred = NULL;
if (the_cred == NULL)
{
gss_name_t anon = ilugssns_anonymous_default_name();
OM_uint32 major, minor;
if (anon == NULL)
return NULL;
major = acquire_cred(&minor, anon, GSS_C_INDEFINITE, GSS_C_BOTH, (gss_opaque_t *) &the_cred, NULL);
(void) gss_release_name(&minor, &anon);
if (major != GSS_S_COMPLETE)
return NULL;
}
return the_cred;
}
int
main(int argc, char **argv)
{
int optidx= 0;
char *user;
char *password;
char ***list, **p;
size_t num_list, i, j, k;
int failed = 0;
setprogname (argv[0]);
if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
usage (1);
if (help_flag)
usage (0);
if (version_flag) {
print_version (NULL);
return 0;
}
if (optidx != argc)
usage (1);
if (principals.num_strings == 0)
errx(1, "no principals");
user = estrdup(principals.strings[0]);
password = strchr(user, ':');
if (password == NULL)
errx(1, "password missing from %s", user);
*password++ = 0;
if (slaves.num_strings == 0)
errx(1, "no principals");
if (logfile_str) {
printf("open logfile %s\n", logfile_str);
logfile = fopen(logfile_str, "w+");
if (logfile == NULL)
err(1, "failed to open: %s", logfile_str);
}
/*
*
*/
list = permutate_all(&slaves, &num_list);
/*
* Set up connection to all clients
*/
printf("Connecting to slaves\n");
for (i = 0; i < slaves.num_strings; i++)
connect_client(slaves.strings[i]);
/*
* Test acquire credentials
*/
printf("Test acquire credentials\n");
for (i = 0; i < slaves.num_strings; i++) {
int32_t hCred, val;
val = acquire_cred(clients[i], user, password, 1, &hCred);
if (val != GSMERR_OK) {
warnx("Failed to acquire_cred on host %s: %d",
clients[i]->moniker, (int)val);
failed = 1;
} else
toast_resource(clients[i], hCred);
}
if (failed)
goto out;
/*
* First test if all slaves can build context to them-self.
*/
printf("Self context tests\n");
for (i = 0; i < num_clients; i++) {
int32_t hCred, val, delegCred;
int32_t clientC, serverC;
struct client *c = clients[i];
if (c->target_name == NULL)
continue;
printf("%s connects to self using %s\n",
c->moniker, c->target_name);
val = acquire_cred(c, user, password, 1, &hCred);
if (val != GSMERR_OK)
errx(1, "failed to acquire_cred: %d", (int)val);
val = build_context(c, c,
GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG|
GSS_C_INTEG_FLAG|GSS_C_CONF_FLAG|
GSS_C_DELEG_FLAG|GSS_C_MUTUAL_FLAG,
hCred, &clientC, &serverC, &delegCred);
if (val == GSMERR_OK) {
test_token(c, clientC, c, serverC, wrap_ext);
toast_resource(c, clientC);
toast_resource(c, serverC);
if (delegCred)
toast_resource(c, delegCred);
} else {
warnx("build_context failed: %d", (int)val);
}
/*
*
*/
val = build_context(c, c,
GSS_C_INTEG_FLAG|GSS_C_CONF_FLAG,
hCred, &clientC, &serverC, &delegCred);
if (val == GSMERR_OK) {
test_token(c, clientC, c, serverC, wrap_ext);
toast_resource(c, clientC);
toast_resource(c, serverC);
if (delegCred)
toast_resource(c, delegCred);
} else {
warnx("build_context failed: %d", (int)val);
}
toast_resource(c, hCred);
}
/*
* Build contexts though all entries in each lists, including the
* step from the last entry to the first, ie treat the list as a
* circle.
*
* Only follow the delegated credential, but test "all"
* flags. (XXX only do deleg|mutual right now.
*/
printf("\"All\" permutation tests\n");
for (i = 0; i < num_list; i++) {
int32_t hCred, val, delegCred = 0;
int32_t clientC = 0, serverC = 0;
struct client *client, *server;
p = list[i];
client = get_client(p[0]);
val = acquire_cred(client, user, password, 1, &hCred);
if (val != GSMERR_OK)
errx(1, "failed to acquire_cred: %d", (int)val);
for (j = 1; j < num_clients + 1; j++) {
server = get_client(p[j % num_clients]);
if (server->target_name == NULL)
break;
for (k = 1; k < j; k++)
printf("\t");
printf("%s -> %s\n", client->moniker, server->moniker);
val = build_context(client, server,
GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG|
GSS_C_INTEG_FLAG|GSS_C_CONF_FLAG|
GSS_C_DELEG_FLAG|GSS_C_MUTUAL_FLAG,
hCred, &clientC, &serverC, &delegCred);
if (val != GSMERR_OK) {
warnx("build_context failed: %d", (int)val);
break;
}
val = test_token(client, clientC, server, serverC, wrap_ext);
if (val)
break;
toast_resource(client, clientC);
toast_resource(server, serverC);
if (!delegCred) {
warnx("no delegated cred on %s", server->moniker);
break;
}
toast_resource(client, hCred);
hCred = delegCred;
client = server;
}
if (hCred)
toast_resource(client, hCred);
}
/*
* Close all connections to clients
*/
out:
printf("sending goodbye and waiting for log sockets\n");
for (i = 0; i < num_clients; i++) {
goodbye(clients[i]);
if (clients[i]->logsock) {
#ifdef ENABLE_PTHREAD_SUPPORT
pthread_join(&clients[i]->thr, NULL);
#else
waitpid(clients[i]->child, NULL, 0);
#endif
}
}
printf("done\n");
return 0;
}