int main(int argc, char **argv) { krb5_context ctx; krb5_error_code ret, expected_err; krb5_enctype *list; krb5_boolean weak; unsigned int i; char *copy; ret = krb5_init_context(&ctx); if (ret) { com_err("krb5_init_context", ret, ""); return 2; } for (i = 0; i < sizeof(tests) / sizeof(*tests); i++) { for (weak = FALSE; weak <= TRUE; weak++) { ctx->allow_weak_crypto = weak; if (weak) expected_err = tests[i].expected_err_weak; else expected_err = tests[i].expected_err_noweak; if (tests[i].str != NULL) { copy = strdup(tests[i].str); ret = krb5int_parse_enctype_list(ctx, "", copy, tests[i].defaults, &list); if (ret != expected_err) { com_err("krb5int_parse_enctype_list", ret, ""); return 2; } } else { /* No string; test the filtering on the set_default_etype_var * instead. */ copy = NULL; list = NULL; ret = krb5_set_default_in_tkt_ktypes(ctx, tests[i].defaults); if (ret != expected_err) { com_err("krb5_set_default_in_tkt_ktypes", ret, ""); return 2; } } if (!expected_err) { compare(ctx, tests[i].str ? list : ctx->in_tkt_etypes, (weak) ? tests[i].expected : tests[i].expected_noweak, tests[i].str, weak); } free(copy); free(list); if (!tests[i].str) krb5_set_default_in_tkt_ktypes(ctx, NULL); } } krb5_free_context(ctx); return 0; }
/* * Set *etypes_ptr to a zero-terminated list of enctypes. ctx_list * (containing application-specified enctypes) is used if non-NULL; * otherwise the libdefaults profile string specified by profkey is * used. default_list is the default enctype list to be used while * parsing profile strings, and is also used if the profile string is * not set. */ static krb5_error_code get_profile_etype_list(krb5_context context, krb5_enctype **etypes_ptr, char *profkey, krb5_enctype *ctx_list, krb5_enctype *default_list) { krb5_enctype *etypes; krb5_error_code code; char *profstr; *etypes_ptr = NULL; if (ctx_list) { /* Use application defaults. */ code = k5_copy_etypes(ctx_list, &etypes); if (code) return code; } else { /* Parse profile setting, or "DEFAULT" if not specified. */ code = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS, profkey, NULL, "DEFAULT", &profstr); if (code) return code; code = krb5int_parse_enctype_list(context, profkey, profstr, default_list, &etypes); profile_release_string(profstr); if (code) return code; } if (etypes[0] == 0) { free(etypes); return KRB5_CONFIG_ETYPE_NOSUPP; } *etypes_ptr = etypes; return 0; }
int main(int argc, char *argv[]) { krb5_error_code ret; krb5_context kctx = NULL; krb5_enctype *ienc = NULL, *aenc = NULL, zero = 0; OM_uint32 minor, major, flags; gss_name_t tname; gss_cred_id_t icred = GSS_C_NO_CREDENTIAL, acred = GSS_C_NO_CREDENTIAL; gss_ctx_id_t ictx, actx; gss_krb5_lucid_context_v1_t *ilucid, *alucid; gss_krb5_rfc1964_keydata_t *i1964, *a1964; gss_krb5_cfx_keydata_t *icfx, *acfx; size_t count; void *lptr; int c; ret = krb5_init_context(&kctx); check_k5err(kctx, "krb5_init_context", ret); /* Parse arguments. */ while ((c = getopt(argc, argv, "i:a:")) != -1) { switch (c) { case 'i': ret = krb5int_parse_enctype_list(kctx, "", optarg, &zero, &ienc); check_k5err(kctx, "krb5_parse_enctype_list(initiator)", ret); break; case 'a': ret = krb5int_parse_enctype_list(kctx, "", optarg, &zero, &aenc); check_k5err(kctx, "krb5_parse_enctype_list(acceptor)", ret); break; default: usage(); } } argc -= optind; argv += optind; if (argc != 1) usage(); tname = import_name(*argv); if (ienc != NULL) { major = gss_acquire_cred(&minor, GSS_C_NO_NAME, GSS_C_INDEFINITE, &mechset_krb5, GSS_C_INITIATE, &icred, NULL, NULL); check_gsserr("gss_acquire_cred(initiator)", major, minor); for (count = 0; ienc[count]; count++); major = gss_krb5_set_allowable_enctypes(&minor, icred, count, ienc); check_gsserr("gss_krb5_set_allowable_enctypes(init)", major, minor); } if (aenc != NULL) { major = gss_acquire_cred(&minor, GSS_C_NO_NAME, GSS_C_INDEFINITE, &mechset_krb5, GSS_C_ACCEPT, &acred, NULL, NULL); check_gsserr("gss_acquire_cred(acceptor)", major, minor); for (count = 0; aenc[count]; count++); major = gss_krb5_set_allowable_enctypes(&minor, acred, count, aenc); check_gsserr("gss_krb5_set_allowable_enctypes(acc)", major, minor); } flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_MUTUAL_FLAG; establish_contexts(&mech_krb5, icred, acred, tname, flags, &ictx, &actx, NULL, NULL, NULL); /* Export to lucid contexts. */ major = gss_krb5_export_lucid_sec_context(&minor, &ictx, 1, &lptr); check_gsserr("gss_export_lucid_sec_context(initiator)", major, minor); ilucid = lptr; major = gss_krb5_export_lucid_sec_context(&minor, &actx, 1, &lptr); check_gsserr("gss_export_lucid_sec_context(acceptor)", major, minor); alucid = lptr; /* Grab the session keys and make sure they match. */ if (ilucid->protocol != alucid->protocol) errout("Initiator/acceptor protocol mismatch"); if (ilucid->protocol) { icfx = &ilucid->cfx_kd; acfx = &alucid->cfx_kd; if (icfx->have_acceptor_subkey != acfx->have_acceptor_subkey) errout("Initiator/acceptor have_acceptor_subkey mismatch"); check_key_match(&icfx->ctx_key, &acfx->ctx_key); if (icfx->have_acceptor_subkey) check_key_match(&icfx->acceptor_subkey, &acfx->acceptor_subkey); fputs("cfx ", stdout); display_enctype(icfx->ctx_key.type); if (icfx->have_acceptor_subkey) { fputs(" ", stdout); display_enctype(icfx->acceptor_subkey.type); } fputs("\n", stdout); } else { i1964 = &ilucid->rfc1964_kd; a1964 = &alucid->rfc1964_kd; if (i1964->sign_alg != a1964->sign_alg || i1964->seal_alg != a1964->seal_alg) errout("Initiator/acceptor sign or seal alg mismatch"); check_key_match(&i1964->ctx_key, &a1964->ctx_key); fputs("rfc1964 ", stdout); display_enctype(i1964->ctx_key.type); fputs("\n", stdout); } krb5_free_context(kctx); free(ienc); free(aenc); (void)gss_release_name(&minor, &tname); (void)gss_release_cred(&minor, &icred); (void)gss_release_cred(&minor, &acred); (void)gss_delete_sec_context(&minor, &ictx, NULL); (void)gss_delete_sec_context(&minor, &actx, NULL); (void)gss_krb5_free_lucid_sec_context(&minor, ilucid); (void)gss_krb5_free_lucid_sec_context(&minor, alucid); return 0; }