From: Theodore Tso Date: Tue, 22 Oct 1996 00:07:59 +0000 (+0000) Subject: gss-server.c: Re-added code to test import and export security X-Git-Tag: krb5-1.0-freeze1~192 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=cf99c29aaf0ee262cf70f4bf5c5d937467652aed;p=krb5.git gss-server.c: Re-added code to test import and export security context. Yes, yes, I know this isn't the best place to have this test, but DO NOT REMOVE THIS TEST UNTIL WE HAVE IT CODED ELSEWHERE. Better slightly ugly sample server code than untested (and broken) library code.... Add code to print out the mechanism OID used by accept_sec_context. gss-client.c: Add code to allow user to specify the mechanism OID that gss-client should use. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9230 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/appl/gss-sample/ChangeLog b/src/appl/gss-sample/ChangeLog index d82e360ef..dd6dadef2 100644 --- a/src/appl/gss-sample/ChangeLog +++ b/src/appl/gss-sample/ChangeLog @@ -1,3 +1,15 @@ +Mon Oct 21 20:03:53 1996 Theodore Y. Ts'o + + * gss-server.c: Re-added code to test import and export security + context. Yes, yes, I know this isn't the best place to + have this test, but DO NOT REMOVE THIS TEST UNTIL WE HAVE + IT CODED ELSEWHERE. Better slightly ugly sample server + code than untested (and broken) library code.... Add code + to print out the mechanism OID used by accept_sec_context. + + * gss-client.c: Add code to allow user to specify the mechanism + OID that gss-client should use. + Wed Jun 5 00:08:32 1996 Theodore Y. Ts'o * gss-client.c (call_server): When reading in the test value from diff --git a/src/appl/gss-sample/gss-client.c b/src/appl/gss-sample/gss-client.c index fca0ef231..170bc6340 100644 --- a/src/appl/gss-sample/gss-client.c +++ b/src/appl/gss-sample/gss-client.c @@ -27,6 +27,8 @@ static char *rcsid = "$Header$"; #include #include #include +#include +#include #include #include #include @@ -119,10 +121,11 @@ int connect_to_server(host, port) * unsuccessful, the GSS-API error messages are displayed on stderr * and -1 is returned. */ -int client_establish_context(s, service_name, deleg_flag, +int client_establish_context(s, service_name, deleg_flag, oid, gss_context, ret_flags) int s; char *service_name; + gss_OID oid; OM_uint32 deleg_flag; gss_ctx_id_t *gss_context; OM_uint32 *ret_flags; @@ -169,7 +172,7 @@ int client_establish_context(s, service_name, deleg_flag, GSS_C_NO_CREDENTIAL, gss_context, target_name, - GSS_C_NULL_OID, + oid, GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | deleg_flag, 0, @@ -276,9 +279,10 @@ void read_file(file_name, in_buf) * verifies it with gss_verify. -1 is returned if any step fails, * otherwise 0 is returned. */ -int call_server(host, port, service_name, deleg_flag, msg, use_file) +int call_server(host, port, oid, service_name, deleg_flag, msg, use_file) char *host; u_short port; + gss_OID oid; char *service_name; OM_uint32 deleg_flag; char *msg; @@ -306,7 +310,7 @@ int call_server(host, port, service_name, deleg_flag, msg, use_file) return -1; /* Establish context */ - if (client_establish_context(s, service_name, deleg_flag, &context, + if (client_establish_context(s, service_name, deleg_flag, oid, &context, &ret_flags) < 0) { (void) close(s); return -1; @@ -461,14 +465,45 @@ int call_server(host, port, service_name, deleg_flag, msg, use_file) return 0; } +static void parse_oid(char *mechanism, gss_OID *oid) +{ + char *mechstr = 0, *cp; + gss_buffer_desc tok; + OM_uint32 maj_stat, min_stat; + + if (isdigit(mechanism[0])) { + mechstr = malloc(strlen(mechanism)+5); + if (!mechstr) { + printf("Couldn't allocate mechanism scratch!\n"); + return; + } + sprintf(mechstr, "{ %s }", mechanism); + for (cp = mechstr; *cp; cp++) + if (*cp == '.') + *cp = ' '; + tok.value = mechstr; + } else + tok.value = mechanism; + tok.length = strlen(tok.value); + maj_stat = gss_str_to_oid(&min_stat, &tok, oid); + if (maj_stat != GSS_S_COMPLETE) { + display_status("str_to_oid", maj_stat, min_stat); + return; + } + if (mechstr) + free(mechstr); +} + int main(argc, argv) int argc; char **argv; { char *service_name, *server_host, *msg; + char *mechanism = 0; u_short port = 4444; int use_file = 0; - OM_uint32 deleg_flag = 0; + OM_uint32 deleg_flag = 0, min_stat; + gss_OID oid = GSS_C_NULL_OID; display_file = stdout; @@ -479,7 +514,11 @@ int main(argc, argv) argc--; argv++; if (!argc) usage(); port = atoi(*argv); - } else if (strcmp(*argv, "-d") == 0) { + } else if (strcmp(*argv, "-mech") == 0) { + argc--; argv++; + if (!argc) usage(); + mechanism = *argv; + } else if (strcmp(*argv, "-d") == 0) { deleg_flag = GSS_C_DELEG_FLAG; } else if (strcmp(*argv, "-f") == 0) { use_file = 1; @@ -494,10 +533,16 @@ int main(argc, argv) service_name = *argv++; msg = *argv++; - if (call_server(server_host, port, service_name, + if (mechanism) + parse_oid(mechanism, &oid); + + if (call_server(server_host, port, oid, service_name, deleg_flag, msg, use_file) < 0) exit(1); + if (oid != GSS_C_NULL_OID) + (void) gss_release_oid(&min_stat, &oid); + return 0; } diff --git a/src/appl/gss-sample/gss-server.c b/src/appl/gss-sample/gss-server.c index bd4e7fe90..c2549e4b6 100644 --- a/src/appl/gss-sample/gss-server.c +++ b/src/appl/gss-sample/gss-server.c @@ -27,6 +27,7 @@ static char *rcsid = "$Header$"; #include #include #include +#include #include #ifdef HAVE_UNISTD_H #include @@ -43,7 +44,7 @@ static char *rcsid = "$Header$"; #include #endif -usage() +void usage() { fprintf(stderr, "Usage: gss-server [-port port] [-verbose]\n"); fprintf(stderr, " [-inetd] [-logfile file] [service_name]\n"); @@ -137,6 +138,7 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags) gss_name_t client; gss_OID doid; OM_uint32 maj_stat, min_stat; + gss_buffer_desc oid_name; *context = GSS_C_NO_CONTEXT; @@ -145,7 +147,7 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags) return -1; if (verbose && log) { - fprintf(log, "Received token: \n"); + fprintf(log, "Received token (size=%d): \n", recv_tok.length); print_token(&recv_tok); } @@ -173,7 +175,7 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags) if (send_tok.length != 0) { if (verbose && log) { fprintf(log, - "Sending accept_sec_context token (size=%d)...", + "Sending accept_sec_context token (size=%d):\n", send_tok.length); print_token(&send_tok); } @@ -184,11 +186,11 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags) (void) gss_release_buffer(&min_stat, &send_tok); } - if (log) { + if (verbose && log) { if (maj_stat == GSS_S_CONTINUE_NEEDED) - fprintf(log, "\n"); - else fprintf(log, "continue needed...\n"); + else + fprintf(log, "\n"); fflush(log); } } while (maj_stat == GSS_S_CONTINUE_NEEDED); @@ -196,6 +198,17 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags) /* display the flags */ display_ctx_flags(*ret_flags); + if (verbose && log) { + maj_stat = gss_oid_to_str(&min_stat, doid, &oid_name); + if (maj_stat != GSS_S_COMPLETE) { + display_status("converting oid->string", maj_stat, min_stat); + return -1; + } + fprintf(log, "Accepted connection using mechanism OID %.*s.\n", + (int) oid_name.length, (char *) oid_name.value); + (void) gss_release_buffer(&min_stat, &oid_name); + } + maj_stat = gss_display_name(&min_stat, client, client_name, &doid); if (maj_stat != GSS_S_COMPLETE) { display_status("displaying name", maj_stat, min_stat); @@ -255,6 +268,58 @@ int create_socket(port) return s; } +static float timeval_subtract(tv1, tv2) + struct timeval *tv1, *tv2; +{ + return ((tv1->tv_sec - tv2->tv_sec) + + ((float) (tv1->tv_usec - tv2->tv_usec)) / 1000000); +} + +/* + * Yes, yes, this isn't the best place for doing this test. + * DO NOT REMOVE THIS UNTIL A BETTER TEST HAS BEEN WRITTEN, THOUGH. + * -TYT + */ +int test_import_export_context(context) + gss_ctx_id_t *context; +{ + OM_uint32 min_stat, maj_stat; + gss_buffer_desc context_token, copied_token; + struct timeval tm1, tm2; + + /* + * Attempt to save and then restore the context. + */ + gettimeofday(&tm1, (struct timezone *)0); + maj_stat = gss_export_sec_context(&min_stat, context, &context_token); + if (maj_stat != GSS_S_COMPLETE) { + display_status("exporting context", maj_stat, min_stat); + return 1; + } + gettimeofday(&tm2, (struct timezone *)0); + if (verbose && log) + fprintf(log, "Exported context: %d bytes, %7.4f seconds\n", + context_token.length, timeval_subtract(&tm2, &tm1)); + copied_token.length = context_token.length; + copied_token.value = malloc(context_token.length); + if (copied_token.value == 0) { + fprintf(log, "Couldn't allocate memory to copy context token.\n"); + return 1; + } + memcpy(copied_token.value, context_token.value, copied_token.length); + maj_stat = gss_import_sec_context(&min_stat, &copied_token, context); + if (maj_stat != GSS_S_COMPLETE) { + display_status("importing context", maj_stat, min_stat); + return 1; + } + gettimeofday(&tm1, (struct timezone *)0); + if (verbose && log) + fprintf(log, "Importing context: %7.4f seconds\n", + timeval_subtract(&tm1, &tm2)); + (void) gss_release_buffer(&min_stat, &context_token); + return 0; +} + /* * Function: sign_server * @@ -296,9 +361,13 @@ int sign_server(s, server_creds) return(-1); printf("Accepted connection: \"%.*s\"\n", - client_name.length, client_name.value); + (int) client_name.length, (char *) client_name.value); (void) gss_release_buffer(&min_stat, &client_name); + for (i=0; i < 3; i++) + if (test_import_export_context(&context)) + return -1; + /* Receive the sealed message token */ if (recv_token(s, &xmit_buf) < 0) return(-1); @@ -416,7 +485,7 @@ main(argc, argv) } else { int stmp; - if (stmp = create_socket(port)) { + if ((stmp = create_socket(port))) { do { /* Accept a TCP connection */ if ((s = accept(stmp, NULL, 0)) < 0) {