int
main(int argc, char **argv)
{
krb5_context ctx;
krb5_error_code ret, expected_err;
krb5_enctype *list;
krb5_boolean weak;
unsigned int i;
char *copy;
ret = krb5_init_context(&ctx);
if (ret) {
com_err("krb5_init_context", ret, "");
return 2;
}
for (i = 0; i < sizeof(tests) / sizeof(*tests); i++) {
for (weak = FALSE; weak <= TRUE; weak++) {
ctx->allow_weak_crypto = weak;
if (weak)
expected_err = tests[i].expected_err_weak;
else
expected_err = tests[i].expected_err_noweak;
if (tests[i].str != NULL) {
copy = strdup(tests[i].str);
ret = krb5int_parse_enctype_list(ctx, "", copy,
tests[i].defaults, &list);
if (ret != expected_err) {
com_err("krb5int_parse_enctype_list", ret, "");
return 2;
}
} else {
/* No string; test the filtering on the set_default_etype_var
* instead. */
copy = NULL;
list = NULL;
ret = krb5_set_default_in_tkt_ktypes(ctx, tests[i].defaults);
if (ret != expected_err) {
com_err("krb5_set_default_in_tkt_ktypes", ret, "");
return 2;
}
}
if (!expected_err) {
compare(ctx, tests[i].str ? list : ctx->in_tkt_etypes,
(weak) ? tests[i].expected : tests[i].expected_noweak,
tests[i].str, weak);
}
free(copy);
free(list);
if (!tests[i].str)
krb5_set_default_in_tkt_ktypes(ctx, NULL);
}
}
krb5_free_context(ctx);
return 0;
}
/*
* Set *etypes_ptr to a zero-terminated list of enctypes. ctx_list
* (containing application-specified enctypes) is used if non-NULL;
* otherwise the libdefaults profile string specified by profkey is
* used. default_list is the default enctype list to be used while
* parsing profile strings, and is also used if the profile string is
* not set.
*/
static krb5_error_code
get_profile_etype_list(krb5_context context, krb5_enctype **etypes_ptr,
char *profkey, krb5_enctype *ctx_list,
krb5_enctype *default_list)
{
krb5_enctype *etypes;
krb5_error_code code;
char *profstr;
*etypes_ptr = NULL;
if (ctx_list) {
/* Use application defaults. */
code = k5_copy_etypes(ctx_list, &etypes);
if (code)
return code;
} else {
/* Parse profile setting, or "DEFAULT" if not specified. */
code = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
profkey, NULL, "DEFAULT", &profstr);
if (code)
return code;
code = krb5int_parse_enctype_list(context, profkey, profstr,
default_list, &etypes);
profile_release_string(profstr);
if (code)
return code;
}
if (etypes[0] == 0) {
free(etypes);
return KRB5_CONFIG_ETYPE_NOSUPP;
}
*etypes_ptr = etypes;
return 0;
}
int
main(int argc, char *argv[])
{
krb5_error_code ret;
krb5_context kctx = NULL;
krb5_enctype *ienc = NULL, *aenc = NULL, zero = 0;
OM_uint32 minor, major, flags;
gss_name_t tname;
gss_cred_id_t icred = GSS_C_NO_CREDENTIAL, acred = GSS_C_NO_CREDENTIAL;
gss_ctx_id_t ictx, actx;
gss_krb5_lucid_context_v1_t *ilucid, *alucid;
gss_krb5_rfc1964_keydata_t *i1964, *a1964;
gss_krb5_cfx_keydata_t *icfx, *acfx;
size_t count;
void *lptr;
int c;
ret = krb5_init_context(&kctx);
check_k5err(kctx, "krb5_init_context", ret);
/* Parse arguments. */
while ((c = getopt(argc, argv, "i:a:")) != -1) {
switch (c) {
case 'i':
ret = krb5int_parse_enctype_list(kctx, "", optarg, &zero, &ienc);
check_k5err(kctx, "krb5_parse_enctype_list(initiator)", ret);
break;
case 'a':
ret = krb5int_parse_enctype_list(kctx, "", optarg, &zero, &aenc);
check_k5err(kctx, "krb5_parse_enctype_list(acceptor)", ret);
break;
default:
usage();
}
}
argc -= optind;
argv += optind;
if (argc != 1)
usage();
tname = import_name(*argv);
if (ienc != NULL) {
major = gss_acquire_cred(&minor, GSS_C_NO_NAME, GSS_C_INDEFINITE,
&mechset_krb5, GSS_C_INITIATE, &icred, NULL,
NULL);
check_gsserr("gss_acquire_cred(initiator)", major, minor);
for (count = 0; ienc[count]; count++);
major = gss_krb5_set_allowable_enctypes(&minor, icred, count, ienc);
check_gsserr("gss_krb5_set_allowable_enctypes(init)", major, minor);
}
if (aenc != NULL) {
major = gss_acquire_cred(&minor, GSS_C_NO_NAME, GSS_C_INDEFINITE,
&mechset_krb5, GSS_C_ACCEPT, &acred, NULL,
NULL);
check_gsserr("gss_acquire_cred(acceptor)", major, minor);
for (count = 0; aenc[count]; count++);
major = gss_krb5_set_allowable_enctypes(&minor, acred, count, aenc);
check_gsserr("gss_krb5_set_allowable_enctypes(acc)", major, minor);
}
flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_MUTUAL_FLAG;
establish_contexts(&mech_krb5, icred, acred, tname, flags, &ictx, &actx,
NULL, NULL, NULL);
/* Export to lucid contexts. */
major = gss_krb5_export_lucid_sec_context(&minor, &ictx, 1, &lptr);
check_gsserr("gss_export_lucid_sec_context(initiator)", major, minor);
ilucid = lptr;
major = gss_krb5_export_lucid_sec_context(&minor, &actx, 1, &lptr);
check_gsserr("gss_export_lucid_sec_context(acceptor)", major, minor);
alucid = lptr;
/* Grab the session keys and make sure they match. */
if (ilucid->protocol != alucid->protocol)
errout("Initiator/acceptor protocol mismatch");
if (ilucid->protocol) {
icfx = &ilucid->cfx_kd;
acfx = &alucid->cfx_kd;
if (icfx->have_acceptor_subkey != acfx->have_acceptor_subkey)
errout("Initiator/acceptor have_acceptor_subkey mismatch");
check_key_match(&icfx->ctx_key, &acfx->ctx_key);
if (icfx->have_acceptor_subkey)
check_key_match(&icfx->acceptor_subkey, &acfx->acceptor_subkey);
fputs("cfx ", stdout);
display_enctype(icfx->ctx_key.type);
if (icfx->have_acceptor_subkey) {
fputs(" ", stdout);
display_enctype(icfx->acceptor_subkey.type);
}
fputs("\n", stdout);
} else {
i1964 = &ilucid->rfc1964_kd;
a1964 = &alucid->rfc1964_kd;
if (i1964->sign_alg != a1964->sign_alg ||
i1964->seal_alg != a1964->seal_alg)
errout("Initiator/acceptor sign or seal alg mismatch");
check_key_match(&i1964->ctx_key, &a1964->ctx_key);
fputs("rfc1964 ", stdout);
display_enctype(i1964->ctx_key.type);
fputs("\n", stdout);
}
krb5_free_context(kctx);
free(ienc);
free(aenc);
(void)gss_release_name(&minor, &tname);
(void)gss_release_cred(&minor, &icred);
(void)gss_release_cred(&minor, &acred);
(void)gss_delete_sec_context(&minor, &ictx, NULL);
(void)gss_delete_sec_context(&minor, &actx, NULL);
(void)gss_krb5_free_lucid_sec_context(&minor, ilucid);
(void)gss_krb5_free_lucid_sec_context(&minor, alucid);
return 0;
}
