1*7c478bd9Sstevel@tonic-gate /* 2*7c478bd9Sstevel@tonic-gate * CDDL HEADER START 3*7c478bd9Sstevel@tonic-gate * 4*7c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*7c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 6*7c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 7*7c478bd9Sstevel@tonic-gate * with the License. 8*7c478bd9Sstevel@tonic-gate * 9*7c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*7c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 11*7c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 12*7c478bd9Sstevel@tonic-gate * and limitations under the License. 13*7c478bd9Sstevel@tonic-gate * 14*7c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 15*7c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*7c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 17*7c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 18*7c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 19*7c478bd9Sstevel@tonic-gate * 20*7c478bd9Sstevel@tonic-gate * CDDL HEADER END 21*7c478bd9Sstevel@tonic-gate */ 22*7c478bd9Sstevel@tonic-gate /* 23*7c478bd9Sstevel@tonic-gate * Copyright 2003 Sun Microsystems, Inc. All rights reserved. 24*7c478bd9Sstevel@tonic-gate * Use is subject to license terms. 25*7c478bd9Sstevel@tonic-gate */ 26*7c478bd9Sstevel@tonic-gate 27*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 28*7c478bd9Sstevel@tonic-gate 29*7c478bd9Sstevel@tonic-gate /* 30*7c478bd9Sstevel@tonic-gate * Test client for gssd. This program is not shipped on the binary 31*7c478bd9Sstevel@tonic-gate * release. 32*7c478bd9Sstevel@tonic-gate */ 33*7c478bd9Sstevel@tonic-gate 34*7c478bd9Sstevel@tonic-gate #include <stdio.h> 35*7c478bd9Sstevel@tonic-gate #include <strings.h> 36*7c478bd9Sstevel@tonic-gate #include <ctype.h> 37*7c478bd9Sstevel@tonic-gate #include <stdlib.h> 38*7c478bd9Sstevel@tonic-gate #include <gssapi/gssapi.h> 39*7c478bd9Sstevel@tonic-gate #include <gssapi/gssapi_ext.h> 40*7c478bd9Sstevel@tonic-gate #include "gssd.h" 41*7c478bd9Sstevel@tonic-gate #include <rpc/rpc.h> 42*7c478bd9Sstevel@tonic-gate 43*7c478bd9Sstevel@tonic-gate #define _KERNEL 44*7c478bd9Sstevel@tonic-gate #include <gssapi/gssapi.h> 45*7c478bd9Sstevel@tonic-gate #undef _KERNEL 46*7c478bd9Sstevel@tonic-gate 47*7c478bd9Sstevel@tonic-gate int gss_major_code; 48*7c478bd9Sstevel@tonic-gate int gss_minor_code; 49*7c478bd9Sstevel@tonic-gate 50*7c478bd9Sstevel@tonic-gate int init_sec_context_phase = 0; 51*7c478bd9Sstevel@tonic-gate int accept_sec_context_phase = 0; 52*7c478bd9Sstevel@tonic-gate 53*7c478bd9Sstevel@tonic-gate gss_ctx_id_t initiator_context_handle; 54*7c478bd9Sstevel@tonic-gate gss_ctx_id_t acceptor_context_handle; 55*7c478bd9Sstevel@tonic-gate gss_cred_id_t acceptor_credentials; 56*7c478bd9Sstevel@tonic-gate gss_buffer_desc init_token_buffer; 57*7c478bd9Sstevel@tonic-gate gss_buffer_desc accept_token_buffer; 58*7c478bd9Sstevel@tonic-gate gss_buffer_desc delete_token_buffer; 59*7c478bd9Sstevel@tonic-gate gss_buffer_desc message_buffer; 60*7c478bd9Sstevel@tonic-gate gss_buffer_desc msg_token; 61*7c478bd9Sstevel@tonic-gate 62*7c478bd9Sstevel@tonic-gate #define LOOP_COUNTER 100 63*7c478bd9Sstevel@tonic-gate #define GSS_KRB5_MECH_OID "1.2.840.113554.1.2.2" 64*7c478bd9Sstevel@tonic-gate #define GSS_DUMMY_MECH_OID "1.3.6.1.4.1.42.2.26.1.2" 65*7c478bd9Sstevel@tonic-gate #ifdef _KERNEL 66*7c478bd9Sstevel@tonic-gate #define OCTAL_MACRO "%03o." 67*7c478bd9Sstevel@tonic-gate #define MALLOC(n) kmem_alloc((n), KM_SLEEP) 68*7c478bd9Sstevel@tonic-gate #define CALLOC(n, s) kmem_zalloc((n)*(s), KM_SLEEP) 69*7c478bd9Sstevel@tonic-gate #define FREE(x, n) kmem_free((x), (n)) 70*7c478bd9Sstevel@tonic-gate #define memcpy(dst, src, n) bcopy((src), (dst), (n)) 71*7c478bd9Sstevel@tonic-gate #define fprintf(s, m) printf(m) 72*7c478bd9Sstevel@tonic-gate #define isspace(s) ((s) == ' ' || (s) == '\t' || (s) == '\n' || \ 73*7c478bd9Sstevel@tonic-gate (s) == '\r' || (s) == '\v' || (s) == '\f') 74*7c478bd9Sstevel@tonic-gate 75*7c478bd9Sstevel@tonic-gate static char *strdup(const char *s) 76*7c478bd9Sstevel@tonic-gate { 77*7c478bd9Sstevel@tonic-gate int len = strlen(s); 78*7c478bd9Sstevel@tonic-gate char *new = MALLOC(len+1); 79*7c478bd9Sstevel@tonic-gate strcpy(new, s); 80*7c478bd9Sstevel@tonic-gate return (new); 81*7c478bd9Sstevel@tonic-gate } 82*7c478bd9Sstevel@tonic-gate 83*7c478bd9Sstevel@tonic-gate #else /* !_KERNEL */ 84*7c478bd9Sstevel@tonic-gate #define OCTAL_MACRO "%03.3o." 85*7c478bd9Sstevel@tonic-gate #define MALLOC(n) malloc(n) 86*7c478bd9Sstevel@tonic-gate #define CALLOC(n, s) calloc((n), (s)) 87*7c478bd9Sstevel@tonic-gate #define FREE(x, n) free(x) 88*7c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 89*7c478bd9Sstevel@tonic-gate 90*7c478bd9Sstevel@tonic-gate static gss_OID gss_str2oid(char *); 91*7c478bd9Sstevel@tonic-gate static char * gss_oid2str(gss_OID); 92*7c478bd9Sstevel@tonic-gate static void instructs(); 93*7c478bd9Sstevel@tonic-gate static void usage(); 94*7c478bd9Sstevel@tonic-gate static int parse_input_line(char *, int *, char ***); 95*7c478bd9Sstevel@tonic-gate extern uid_t getuid(); 96*7c478bd9Sstevel@tonic-gate 97*7c478bd9Sstevel@tonic-gate static void _gss_init_sec_context(int, char **); 98*7c478bd9Sstevel@tonic-gate static void _gss_acquire_cred(int, char **); 99*7c478bd9Sstevel@tonic-gate static void _gss_add_cred(int, char **); 100*7c478bd9Sstevel@tonic-gate static void _gss_sign(int, char **); 101*7c478bd9Sstevel@tonic-gate static void _gss_release_cred(int, char **); 102*7c478bd9Sstevel@tonic-gate static void _gss_accept_sec_context(int, char **); 103*7c478bd9Sstevel@tonic-gate static void _gss_process_context_token(int, char **); 104*7c478bd9Sstevel@tonic-gate static void _gss_delete_sec_context(int, char **); 105*7c478bd9Sstevel@tonic-gate static void _gss_context_time(int, char **); 106*7c478bd9Sstevel@tonic-gate static void _gss_verify(int, char **); 107*7c478bd9Sstevel@tonic-gate /* EXPORT DELETE START */ 108*7c478bd9Sstevel@tonic-gate static void _gss_seal(int, char **); 109*7c478bd9Sstevel@tonic-gate static void _gss_unseal(int, char **); 110*7c478bd9Sstevel@tonic-gate /* EXPORT DELETE END */ 111*7c478bd9Sstevel@tonic-gate static void _gss_display_status(int, char **); 112*7c478bd9Sstevel@tonic-gate static void _gss_indicate_mechs(int, char **); 113*7c478bd9Sstevel@tonic-gate static void _gss_inquire_cred(int, char **); 114*7c478bd9Sstevel@tonic-gate static void _gssd_expname_to_unix_cred(int, char **); 115*7c478bd9Sstevel@tonic-gate static void _gssd_name_to_unix_cred(int, char **); 116*7c478bd9Sstevel@tonic-gate static void _gssd_get_group_info(int, char **); 117*7c478bd9Sstevel@tonic-gate 118*7c478bd9Sstevel@tonic-gate static int do_gssdtest(char *buf); 119*7c478bd9Sstevel@tonic-gate 120*7c478bd9Sstevel@tonic-gate 121*7c478bd9Sstevel@tonic-gate #ifndef _KERNEL 122*7c478bd9Sstevel@tonic-gate static int read_line(char *buf, int size) 123*7c478bd9Sstevel@tonic-gate { 124*7c478bd9Sstevel@tonic-gate int len; 125*7c478bd9Sstevel@tonic-gate 126*7c478bd9Sstevel@tonic-gate /* read the next line. If cntl-d, return with zero char count */ 127*7c478bd9Sstevel@tonic-gate printf(gettext("\n> ")); 128*7c478bd9Sstevel@tonic-gate 129*7c478bd9Sstevel@tonic-gate if (fgets(buf, size, stdin) == NULL) 130*7c478bd9Sstevel@tonic-gate return (0); 131*7c478bd9Sstevel@tonic-gate 132*7c478bd9Sstevel@tonic-gate len = strlen(buf); 133*7c478bd9Sstevel@tonic-gate buf[--len] = '\0'; 134*7c478bd9Sstevel@tonic-gate return (len); 135*7c478bd9Sstevel@tonic-gate } 136*7c478bd9Sstevel@tonic-gate 137*7c478bd9Sstevel@tonic-gate int 138*7c478bd9Sstevel@tonic-gate main() 139*7c478bd9Sstevel@tonic-gate { 140*7c478bd9Sstevel@tonic-gate char buf[512]; 141*7c478bd9Sstevel@tonic-gate int len, ret; 142*7c478bd9Sstevel@tonic-gate 143*7c478bd9Sstevel@tonic-gate /* Print out usage and instructions to start off the session */ 144*7c478bd9Sstevel@tonic-gate 145*7c478bd9Sstevel@tonic-gate instructs(); 146*7c478bd9Sstevel@tonic-gate usage(); 147*7c478bd9Sstevel@tonic-gate 148*7c478bd9Sstevel@tonic-gate /* 149*7c478bd9Sstevel@tonic-gate * Loop, repeatedly calling parse_input_line() to get the 150*7c478bd9Sstevel@tonic-gate * next line and parse it into argc and argv. Act on the 151*7c478bd9Sstevel@tonic-gate * arguements found on the line. 152*7c478bd9Sstevel@tonic-gate */ 153*7c478bd9Sstevel@tonic-gate 154*7c478bd9Sstevel@tonic-gate do { 155*7c478bd9Sstevel@tonic-gate len = read_line(buf, 512); 156*7c478bd9Sstevel@tonic-gate if (len) 157*7c478bd9Sstevel@tonic-gate ret = do_gssdtest(buf); 158*7c478bd9Sstevel@tonic-gate } while (len && !ret); 159*7c478bd9Sstevel@tonic-gate 160*7c478bd9Sstevel@tonic-gate return (0); 161*7c478bd9Sstevel@tonic-gate } 162*7c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */ 163*7c478bd9Sstevel@tonic-gate 164*7c478bd9Sstevel@tonic-gate static int 165*7c478bd9Sstevel@tonic-gate do_gssdtest(char *buf) 166*7c478bd9Sstevel@tonic-gate { 167*7c478bd9Sstevel@tonic-gate int argc, seal_argc; 168*7c478bd9Sstevel@tonic-gate int i; 169*7c478bd9Sstevel@tonic-gate char **argv, **argv_array; 170*7c478bd9Sstevel@tonic-gate 171*7c478bd9Sstevel@tonic-gate char *cmd; 172*7c478bd9Sstevel@tonic-gate char *seal_ini_array [] = { "initiator", " Hello"}; 173*7c478bd9Sstevel@tonic-gate char *seal_acc_array [] = { "acceptor", " Hello"}; 174*7c478bd9Sstevel@tonic-gate char *unseal_acc_array [] = {"acceptor"}; 175*7c478bd9Sstevel@tonic-gate char *unseal_ini_array [] = {"initiator"}; 176*7c478bd9Sstevel@tonic-gate char *delet_acc_array [] = {"acceptor"}; 177*7c478bd9Sstevel@tonic-gate char *delet_ini_array [] = {"initiator"}; 178*7c478bd9Sstevel@tonic-gate 179*7c478bd9Sstevel@tonic-gate argv = 0; 180*7c478bd9Sstevel@tonic-gate 181*7c478bd9Sstevel@tonic-gate if (parse_input_line(buf, &argc, &argv) == 0) { 182*7c478bd9Sstevel@tonic-gate printf(gettext("\n")); 183*7c478bd9Sstevel@tonic-gate return (1); 184*7c478bd9Sstevel@tonic-gate } 185*7c478bd9Sstevel@tonic-gate 186*7c478bd9Sstevel@tonic-gate if (argc == 0) { 187*7c478bd9Sstevel@tonic-gate usage(); 188*7c478bd9Sstevel@tonic-gate /*LINTED*/ 189*7c478bd9Sstevel@tonic-gate FREE(argv_array, (argc+1)*sizeof (char *)); 190*7c478bd9Sstevel@tonic-gate return (0); 191*7c478bd9Sstevel@tonic-gate } 192*7c478bd9Sstevel@tonic-gate 193*7c478bd9Sstevel@tonic-gate /* 194*7c478bd9Sstevel@tonic-gate * remember argv_array address, which is memory calloc'd by 195*7c478bd9Sstevel@tonic-gate * parse_input_line, so it can be free'd at the end of the loop. 196*7c478bd9Sstevel@tonic-gate */ 197*7c478bd9Sstevel@tonic-gate 198*7c478bd9Sstevel@tonic-gate argv_array = argv; 199*7c478bd9Sstevel@tonic-gate 200*7c478bd9Sstevel@tonic-gate cmd = argv[0]; 201*7c478bd9Sstevel@tonic-gate 202*7c478bd9Sstevel@tonic-gate argc--; 203*7c478bd9Sstevel@tonic-gate argv++; 204*7c478bd9Sstevel@tonic-gate 205*7c478bd9Sstevel@tonic-gate if (strcmp(cmd, "gss_loop") == 0 || 206*7c478bd9Sstevel@tonic-gate strcmp(cmd, "loop") == 0) { 207*7c478bd9Sstevel@tonic-gate 208*7c478bd9Sstevel@tonic-gate if (argc < 1) { 209*7c478bd9Sstevel@tonic-gate usage(); 210*7c478bd9Sstevel@tonic-gate FREE(argv_array, (argc+2) * sizeof (char *)); 211*7c478bd9Sstevel@tonic-gate return (0); 212*7c478bd9Sstevel@tonic-gate } 213*7c478bd9Sstevel@tonic-gate for (i = 0; i < LOOP_COUNTER; i++) { 214*7c478bd9Sstevel@tonic-gate printf(gettext("Loop Count is %d \n"), i); 215*7c478bd9Sstevel@tonic-gate /* 216*7c478bd9Sstevel@tonic-gate * if (i > 53) 217*7c478bd9Sstevel@tonic-gate * printf ("Loop counter is greater than 55\n"); 218*7c478bd9Sstevel@tonic-gate */ 219*7c478bd9Sstevel@tonic-gate _gss_acquire_cred(argc, argv); 220*7c478bd9Sstevel@tonic-gate _gss_init_sec_context(argc, argv); 221*7c478bd9Sstevel@tonic-gate _gss_accept_sec_context(0, argv); 222*7c478bd9Sstevel@tonic-gate _gss_init_sec_context(argc, argv); 223*7c478bd9Sstevel@tonic-gate /* EXPORT DELETE START */ 224*7c478bd9Sstevel@tonic-gate seal_argc = 2; 225*7c478bd9Sstevel@tonic-gate _gss_seal(seal_argc, seal_ini_array); 226*7c478bd9Sstevel@tonic-gate seal_argc = 1; 227*7c478bd9Sstevel@tonic-gate _gss_unseal(seal_argc, unseal_acc_array); 228*7c478bd9Sstevel@tonic-gate seal_argc = 2; 229*7c478bd9Sstevel@tonic-gate _gss_seal(seal_argc, seal_acc_array); 230*7c478bd9Sstevel@tonic-gate seal_argc = 1; 231*7c478bd9Sstevel@tonic-gate _gss_unseal(seal_argc, unseal_ini_array); 232*7c478bd9Sstevel@tonic-gate /* EXPORT DELETE END */ 233*7c478bd9Sstevel@tonic-gate seal_argc = 2; 234*7c478bd9Sstevel@tonic-gate _gss_sign(seal_argc, seal_ini_array); 235*7c478bd9Sstevel@tonic-gate seal_argc = 1; 236*7c478bd9Sstevel@tonic-gate _gss_verify(seal_argc, unseal_acc_array); 237*7c478bd9Sstevel@tonic-gate seal_argc = 2; 238*7c478bd9Sstevel@tonic-gate _gss_sign(seal_argc, seal_acc_array); 239*7c478bd9Sstevel@tonic-gate seal_argc = 1; 240*7c478bd9Sstevel@tonic-gate _gss_verify(seal_argc, unseal_ini_array); 241*7c478bd9Sstevel@tonic-gate _gss_delete_sec_context(argc, delet_acc_array); 242*7c478bd9Sstevel@tonic-gate _gss_delete_sec_context(argc, delet_ini_array); 243*7c478bd9Sstevel@tonic-gate } 244*7c478bd9Sstevel@tonic-gate } 245*7c478bd9Sstevel@tonic-gate if (strcmp(cmd, "gss_all") == 0 || 246*7c478bd9Sstevel@tonic-gate strcmp(cmd, "all") == 0) { 247*7c478bd9Sstevel@tonic-gate _gss_acquire_cred(argc, argv); 248*7c478bd9Sstevel@tonic-gate _gss_init_sec_context(argc, argv); 249*7c478bd9Sstevel@tonic-gate _gss_accept_sec_context(0, argv); 250*7c478bd9Sstevel@tonic-gate _gss_init_sec_context(argc, argv); 251*7c478bd9Sstevel@tonic-gate /* EXPORT DELETE START */ 252*7c478bd9Sstevel@tonic-gate seal_argc = 2; 253*7c478bd9Sstevel@tonic-gate _gss_seal(seal_argc, seal_acc_array); 254*7c478bd9Sstevel@tonic-gate seal_argc = 1; 255*7c478bd9Sstevel@tonic-gate _gss_unseal(seal_argc, unseal_ini_array); 256*7c478bd9Sstevel@tonic-gate seal_argc = 2; 257*7c478bd9Sstevel@tonic-gate _gss_seal(seal_argc, seal_ini_array); 258*7c478bd9Sstevel@tonic-gate seal_argc = 1; 259*7c478bd9Sstevel@tonic-gate _gss_unseal(seal_argc, unseal_acc_array); 260*7c478bd9Sstevel@tonic-gate /* EXPORT DELETE END */ 261*7c478bd9Sstevel@tonic-gate seal_argc = 2; 262*7c478bd9Sstevel@tonic-gate _gss_sign(seal_argc, seal_ini_array); 263*7c478bd9Sstevel@tonic-gate seal_argc = 1; 264*7c478bd9Sstevel@tonic-gate _gss_verify(seal_argc, unseal_acc_array); 265*7c478bd9Sstevel@tonic-gate seal_argc = 2; 266*7c478bd9Sstevel@tonic-gate _gss_sign(seal_argc, seal_acc_array); 267*7c478bd9Sstevel@tonic-gate seal_argc = 1; 268*7c478bd9Sstevel@tonic-gate _gss_verify(seal_argc, unseal_ini_array); 269*7c478bd9Sstevel@tonic-gate 270*7c478bd9Sstevel@tonic-gate } 271*7c478bd9Sstevel@tonic-gate if (strcmp(cmd, "gss_acquire_cred") == 0 || 272*7c478bd9Sstevel@tonic-gate strcmp(cmd, "acquire") == 0) { 273*7c478bd9Sstevel@tonic-gate _gss_acquire_cred(argc, argv); 274*7c478bd9Sstevel@tonic-gate if (argc == 1) 275*7c478bd9Sstevel@tonic-gate _gss_add_cred(argc, argv); 276*7c478bd9Sstevel@tonic-gate } 277*7c478bd9Sstevel@tonic-gate 278*7c478bd9Sstevel@tonic-gate else if (strcmp(cmd, "gss_release_cred") == 0 || 279*7c478bd9Sstevel@tonic-gate strcmp(cmd, "release") == 0) 280*7c478bd9Sstevel@tonic-gate _gss_release_cred(argc, argv); 281*7c478bd9Sstevel@tonic-gate else if (strcmp(cmd, "gss_init_sec_context") == 0 || 282*7c478bd9Sstevel@tonic-gate strcmp(cmd, "init") == 0) 283*7c478bd9Sstevel@tonic-gate _gss_init_sec_context(argc, argv); 284*7c478bd9Sstevel@tonic-gate else if (strcmp(cmd, "gss_accept_sec_context") == 0 || 285*7c478bd9Sstevel@tonic-gate strcmp(cmd, "accept") == 0) 286*7c478bd9Sstevel@tonic-gate _gss_accept_sec_context(argc, argv); 287*7c478bd9Sstevel@tonic-gate else if (strcmp(cmd, "gss_process_context_token") == 0 || 288*7c478bd9Sstevel@tonic-gate strcmp(cmd, "process") == 0) 289*7c478bd9Sstevel@tonic-gate _gss_process_context_token(argc, argv); 290*7c478bd9Sstevel@tonic-gate else if (strcmp(cmd, "gss_delete_sec_context") == 0 || 291*7c478bd9Sstevel@tonic-gate strcmp(cmd, "delete") == 0) 292*7c478bd9Sstevel@tonic-gate _gss_delete_sec_context(argc, argv); 293*7c478bd9Sstevel@tonic-gate else if (strcmp(cmd, "gss_context_time") == 0 || 294*7c478bd9Sstevel@tonic-gate strcmp(cmd, "time") == 0) 295*7c478bd9Sstevel@tonic-gate _gss_context_time(argc, argv); 296*7c478bd9Sstevel@tonic-gate else if (strcmp(cmd, "gss_sign") == 0 || 297*7c478bd9Sstevel@tonic-gate strcmp(cmd, "sign") == 0) 298*7c478bd9Sstevel@tonic-gate _gss_sign(argc, argv); 299*7c478bd9Sstevel@tonic-gate else if (strcmp(cmd, "gss_verify") == 0 || 300*7c478bd9Sstevel@tonic-gate strcmp(cmd, "verify") == 0) 301*7c478bd9Sstevel@tonic-gate _gss_verify(argc, argv); 302*7c478bd9Sstevel@tonic-gate /* EXPORT DELETE START */ 303*7c478bd9Sstevel@tonic-gate else if (strcmp(cmd, "gss_seal") == 0 || 304*7c478bd9Sstevel@tonic-gate strcmp(cmd, "seal") == 0) 305*7c478bd9Sstevel@tonic-gate _gss_seal(argc, argv); 306*7c478bd9Sstevel@tonic-gate else if (strcmp(cmd, "gss_unseal") == 0 || 307*7c478bd9Sstevel@tonic-gate strcmp(cmd, "unseal") == 0) 308*7c478bd9Sstevel@tonic-gate _gss_unseal(argc, argv); 309*7c478bd9Sstevel@tonic-gate /* EXPORT DELETE END */ 310*7c478bd9Sstevel@tonic-gate else if (strcmp(cmd, "gss_display_status") == 0|| 311*7c478bd9Sstevel@tonic-gate strcmp(cmd, "status") == 0) 312*7c478bd9Sstevel@tonic-gate _gss_display_status(argc, argv); 313*7c478bd9Sstevel@tonic-gate else if (strcmp(cmd, "gss_indicate_mechs") == 0 || 314*7c478bd9Sstevel@tonic-gate strcmp(cmd, "indicate") == 0) 315*7c478bd9Sstevel@tonic-gate _gss_indicate_mechs(argc, argv); 316*7c478bd9Sstevel@tonic-gate else if (strcmp(cmd, "gss_inquire_cred") == 0 || 317*7c478bd9Sstevel@tonic-gate strcmp(cmd, "inquire") == 0) 318*7c478bd9Sstevel@tonic-gate _gss_inquire_cred(argc, argv); 319*7c478bd9Sstevel@tonic-gate else if (strcmp(cmd, "expname2unixcred") == 0 || 320*7c478bd9Sstevel@tonic-gate strcmp(cmd, "gsscred_expname_to_unix_cred") == 0) 321*7c478bd9Sstevel@tonic-gate _gssd_expname_to_unix_cred(argc, argv); 322*7c478bd9Sstevel@tonic-gate else if (strcmp(cmd, "name2unixcred") == 0 || 323*7c478bd9Sstevel@tonic-gate strcmp(cmd, "gsscred_name_to_unix_cred") == 0) 324*7c478bd9Sstevel@tonic-gate _gssd_name_to_unix_cred(argc, argv); 325*7c478bd9Sstevel@tonic-gate else if (strcmp(cmd, "grpinfo") == 0 || 326*7c478bd9Sstevel@tonic-gate strcmp(cmd, "gss_get_group_info") == 0) 327*7c478bd9Sstevel@tonic-gate _gssd_get_group_info(argc, argv); 328*7c478bd9Sstevel@tonic-gate else if (strcmp(cmd, "exit") == 0) { 329*7c478bd9Sstevel@tonic-gate printf(gettext("\n")); 330*7c478bd9Sstevel@tonic-gate FREE(argv_array, (argc+2) * sizeof (char *)); 331*7c478bd9Sstevel@tonic-gate return (1); 332*7c478bd9Sstevel@tonic-gate } else 333*7c478bd9Sstevel@tonic-gate usage(); 334*7c478bd9Sstevel@tonic-gate 335*7c478bd9Sstevel@tonic-gate /* free argv array */ 336*7c478bd9Sstevel@tonic-gate 337*7c478bd9Sstevel@tonic-gate FREE(argv_array, (argc+2) * sizeof (char *)); 338*7c478bd9Sstevel@tonic-gate return (0); 339*7c478bd9Sstevel@tonic-gate } 340*7c478bd9Sstevel@tonic-gate 341*7c478bd9Sstevel@tonic-gate static void 342*7c478bd9Sstevel@tonic-gate _gss_acquire_cred(argc, argv) 343*7c478bd9Sstevel@tonic-gate int argc; 344*7c478bd9Sstevel@tonic-gate char **argv; 345*7c478bd9Sstevel@tonic-gate { 346*7c478bd9Sstevel@tonic-gate 347*7c478bd9Sstevel@tonic-gate OM_UINT32 status, minor_status; 348*7c478bd9Sstevel@tonic-gate gss_buffer_desc name; 349*7c478bd9Sstevel@tonic-gate gss_name_t desired_name = (gss_name_t) 0; 350*7c478bd9Sstevel@tonic-gate OM_uint32 time_req; 351*7c478bd9Sstevel@tonic-gate gss_OID_set_desc desired_mechs_desc; 352*7c478bd9Sstevel@tonic-gate gss_OID_set desired_mechs = &desired_mechs_desc; 353*7c478bd9Sstevel@tonic-gate int cred_usage; 354*7c478bd9Sstevel@tonic-gate gss_OID_set actual_mechs = GSS_C_NULL_OID_SET; 355*7c478bd9Sstevel@tonic-gate gss_OID_set inquire_mechs = GSS_C_NULL_OID_SET; 356*7c478bd9Sstevel@tonic-gate OM_UINT32 time_rec; 357*7c478bd9Sstevel@tonic-gate char * string; 358*7c478bd9Sstevel@tonic-gate char * inq_string; 359*7c478bd9Sstevel@tonic-gate uid_t uid; 360*7c478bd9Sstevel@tonic-gate gss_OID mech_type; 361*7c478bd9Sstevel@tonic-gate 362*7c478bd9Sstevel@tonic-gate /* 363*7c478bd9Sstevel@tonic-gate * First set up the command line independent input arguments. 364*7c478bd9Sstevel@tonic-gate */ 365*7c478bd9Sstevel@tonic-gate 366*7c478bd9Sstevel@tonic-gate time_req = (OM_uint32) 0; 367*7c478bd9Sstevel@tonic-gate cred_usage = GSS_C_ACCEPT; 368*7c478bd9Sstevel@tonic-gate uid = getuid(); 369*7c478bd9Sstevel@tonic-gate 370*7c478bd9Sstevel@tonic-gate /* Parse the command line for the variable input arguments */ 371*7c478bd9Sstevel@tonic-gate 372*7c478bd9Sstevel@tonic-gate if (argc == 0) { 373*7c478bd9Sstevel@tonic-gate usage(); 374*7c478bd9Sstevel@tonic-gate return; 375*7c478bd9Sstevel@tonic-gate } 376*7c478bd9Sstevel@tonic-gate 377*7c478bd9Sstevel@tonic-gate /* 378*7c478bd9Sstevel@tonic-gate * Get the name of the principal. 379*7c478bd9Sstevel@tonic-gate */ 380*7c478bd9Sstevel@tonic-gate 381*7c478bd9Sstevel@tonic-gate name.length = strlen(argv[0])+1; 382*7c478bd9Sstevel@tonic-gate name.value = argv[0]; 383*7c478bd9Sstevel@tonic-gate 384*7c478bd9Sstevel@tonic-gate /* 385*7c478bd9Sstevel@tonic-gate * Now convert the string given by the first argument into internal 386*7c478bd9Sstevel@tonic-gate * form suitable for input to gss_acquire_cred() 387*7c478bd9Sstevel@tonic-gate */ 388*7c478bd9Sstevel@tonic-gate 389*7c478bd9Sstevel@tonic-gate if ((status = gss_import_name(&minor_status, &name, 390*7c478bd9Sstevel@tonic-gate (gss_OID)GSS_C_NT_HOSTBASED_SERVICE, &desired_name)) 391*7c478bd9Sstevel@tonic-gate != GSS_S_COMPLETE) { 392*7c478bd9Sstevel@tonic-gate printf(gettext( 393*7c478bd9Sstevel@tonic-gate "could not parse desired name: err (octal) %o (%s)\n"), 394*7c478bd9Sstevel@tonic-gate status, gettext("gss_acquire_cred error")); 395*7c478bd9Sstevel@tonic-gate return; 396*7c478bd9Sstevel@tonic-gate } 397*7c478bd9Sstevel@tonic-gate 398*7c478bd9Sstevel@tonic-gate argc--; 399*7c478bd9Sstevel@tonic-gate argv++; 400*7c478bd9Sstevel@tonic-gate 401*7c478bd9Sstevel@tonic-gate /* 402*7c478bd9Sstevel@tonic-gate * The next argument is an OID in dotted decimal form. 403*7c478bd9Sstevel@tonic-gate */ 404*7c478bd9Sstevel@tonic-gate 405*7c478bd9Sstevel@tonic-gate if (argc == 0) { 406*7c478bd9Sstevel@tonic-gate printf(gettext("Assuming Kerberos V5 as the mechanism\n")); 407*7c478bd9Sstevel@tonic-gate printf(gettext( 408*7c478bd9Sstevel@tonic-gate "The mech OID 1.2.840.113554.1.2.2 will be used\n")); 409*7c478bd9Sstevel@tonic-gate mech_type = gss_str2oid((char *)GSS_KRB5_MECH_OID); 410*7c478bd9Sstevel@tonic-gate } else 411*7c478bd9Sstevel@tonic-gate mech_type = gss_str2oid(argv[0]); 412*7c478bd9Sstevel@tonic-gate 413*7c478bd9Sstevel@tonic-gate if (mech_type == 0 || mech_type->length == 0) { 414*7c478bd9Sstevel@tonic-gate printf(gettext("improperly formated mechanism OID\n")); 415*7c478bd9Sstevel@tonic-gate return; 416*7c478bd9Sstevel@tonic-gate } 417*7c478bd9Sstevel@tonic-gate 418*7c478bd9Sstevel@tonic-gate /* 419*7c478bd9Sstevel@tonic-gate * set up desired_mechs so it points to mech_type. 420*7c478bd9Sstevel@tonic-gate */ 421*7c478bd9Sstevel@tonic-gate 422*7c478bd9Sstevel@tonic-gate desired_mechs = (gss_OID_set) MALLOC(sizeof (gss_OID_desc)); 423*7c478bd9Sstevel@tonic-gate 424*7c478bd9Sstevel@tonic-gate desired_mechs->count = 1; 425*7c478bd9Sstevel@tonic-gate desired_mechs->elements = mech_type; 426*7c478bd9Sstevel@tonic-gate 427*7c478bd9Sstevel@tonic-gate status = kgss_acquire_cred( 428*7c478bd9Sstevel@tonic-gate &minor_status, 429*7c478bd9Sstevel@tonic-gate desired_name, 430*7c478bd9Sstevel@tonic-gate time_req, 431*7c478bd9Sstevel@tonic-gate desired_mechs, 432*7c478bd9Sstevel@tonic-gate cred_usage, 433*7c478bd9Sstevel@tonic-gate &acceptor_credentials, 434*7c478bd9Sstevel@tonic-gate &actual_mechs, 435*7c478bd9Sstevel@tonic-gate &time_rec, 436*7c478bd9Sstevel@tonic-gate uid); 437*7c478bd9Sstevel@tonic-gate 438*7c478bd9Sstevel@tonic-gate /* store major and minor status for gss_display_status() call */ 439*7c478bd9Sstevel@tonic-gate 440*7c478bd9Sstevel@tonic-gate gss_major_code = status; 441*7c478bd9Sstevel@tonic-gate gss_minor_code = minor_status; 442*7c478bd9Sstevel@tonic-gate 443*7c478bd9Sstevel@tonic-gate if (status == GSS_S_COMPLETE) { 444*7c478bd9Sstevel@tonic-gate /* process returned values */ 445*7c478bd9Sstevel@tonic-gate 446*7c478bd9Sstevel@tonic-gate printf(gettext("\nacquire succeeded\n\n")); 447*7c478bd9Sstevel@tonic-gate 448*7c478bd9Sstevel@tonic-gate /* 449*7c478bd9Sstevel@tonic-gate * print out the actual mechs returned NB: Since only one 450*7c478bd9Sstevel@tonic-gate * mechanism is specified in desired_mechs, only one 451*7c478bd9Sstevel@tonic-gate * can be returned in actual_mechs. Consequently, 452*7c478bd9Sstevel@tonic-gate * actual_mechs->elements points to an array of only one 453*7c478bd9Sstevel@tonic-gate * element. 454*7c478bd9Sstevel@tonic-gate */ 455*7c478bd9Sstevel@tonic-gate 456*7c478bd9Sstevel@tonic-gate if ((string = gss_oid2str(actual_mechs->elements)) == 0) { 457*7c478bd9Sstevel@tonic-gate printf(gettext("actual mechs == NULL\n\n")); 458*7c478bd9Sstevel@tonic-gate } else { 459*7c478bd9Sstevel@tonic-gate printf(gettext("actual mechs = %s\n\n"), string); 460*7c478bd9Sstevel@tonic-gate FREE(string, (actual_mechs->elements->length+1)*4+1); 461*7c478bd9Sstevel@tonic-gate } 462*7c478bd9Sstevel@tonic-gate 463*7c478bd9Sstevel@tonic-gate if (cred_usage == GSS_C_BOTH) 464*7c478bd9Sstevel@tonic-gate printf(gettext("GSS_C_BOTH\n\n")); 465*7c478bd9Sstevel@tonic-gate 466*7c478bd9Sstevel@tonic-gate if (cred_usage == GSS_C_INITIATE) 467*7c478bd9Sstevel@tonic-gate printf(gettext("GSS_C_INITIATE\n\n")); 468*7c478bd9Sstevel@tonic-gate 469*7c478bd9Sstevel@tonic-gate if (cred_usage == GSS_C_ACCEPT) 470*7c478bd9Sstevel@tonic-gate printf(gettext("GSS_C_ACCEPT\n\n")); 471*7c478bd9Sstevel@tonic-gate status = kgss_inquire_cred( 472*7c478bd9Sstevel@tonic-gate &minor_status, 473*7c478bd9Sstevel@tonic-gate acceptor_credentials, 474*7c478bd9Sstevel@tonic-gate NULL, 475*7c478bd9Sstevel@tonic-gate &time_req, 476*7c478bd9Sstevel@tonic-gate &cred_usage, 477*7c478bd9Sstevel@tonic-gate &inquire_mechs, 478*7c478bd9Sstevel@tonic-gate uid); 479*7c478bd9Sstevel@tonic-gate 480*7c478bd9Sstevel@tonic-gate if (status != GSS_S_COMPLETE) 481*7c478bd9Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"), 482*7c478bd9Sstevel@tonic-gate status, gettext("gss_inquire_cred error")); 483*7c478bd9Sstevel@tonic-gate else { 484*7c478bd9Sstevel@tonic-gate if ((inq_string = 485*7c478bd9Sstevel@tonic-gate gss_oid2str(inquire_mechs->elements)) == 0) { 486*7c478bd9Sstevel@tonic-gate printf(gettext 487*7c478bd9Sstevel@tonic-gate ("mechs from inquire == NULL\n\n")); 488*7c478bd9Sstevel@tonic-gate } else { 489*7c478bd9Sstevel@tonic-gate printf(gettext 490*7c478bd9Sstevel@tonic-gate ("mechs from inquiry = %s\n\n"), 491*7c478bd9Sstevel@tonic-gate inq_string); 492*7c478bd9Sstevel@tonic-gate FREE(inq_string, 493*7c478bd9Sstevel@tonic-gate (inquire_mechs->elements->length+1)*4+1); 494*7c478bd9Sstevel@tonic-gate } 495*7c478bd9Sstevel@tonic-gate printf(gettext("inquire_cred successful \n\n")); 496*7c478bd9Sstevel@tonic-gate } 497*7c478bd9Sstevel@tonic-gate 498*7c478bd9Sstevel@tonic-gate } else { 499*7c478bd9Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"), 500*7c478bd9Sstevel@tonic-gate status, gettext("gss_acquire_cred error")); 501*7c478bd9Sstevel@tonic-gate } 502*7c478bd9Sstevel@tonic-gate 503*7c478bd9Sstevel@tonic-gate /* free allocated memory */ 504*7c478bd9Sstevel@tonic-gate 505*7c478bd9Sstevel@tonic-gate /* actual mechs is allocated by clnt_stubs. Release it here */ 506*7c478bd9Sstevel@tonic-gate if (actual_mechs != GSS_C_NULL_OID_SET) 507*7c478bd9Sstevel@tonic-gate gss_release_oid_set_and_oids(&minor_status, &actual_mechs); 508*7c478bd9Sstevel@tonic-gate if (inquire_mechs != GSS_C_NULL_OID_SET) 509*7c478bd9Sstevel@tonic-gate gss_release_oid_set_and_oids(&minor_status, &inquire_mechs); 510*7c478bd9Sstevel@tonic-gate 511*7c478bd9Sstevel@tonic-gate gss_release_name(&minor_status, &desired_name); 512*7c478bd9Sstevel@tonic-gate 513*7c478bd9Sstevel@tonic-gate /* mech_type and desired_mechs are allocated above. Release it here */ 514*7c478bd9Sstevel@tonic-gate 515*7c478bd9Sstevel@tonic-gate FREE(mech_type->elements, mech_type->length); 516*7c478bd9Sstevel@tonic-gate FREE(mech_type, sizeof (gss_OID_desc)); 517*7c478bd9Sstevel@tonic-gate FREE(desired_mechs, sizeof (gss_OID_desc)); 518*7c478bd9Sstevel@tonic-gate } 519*7c478bd9Sstevel@tonic-gate 520*7c478bd9Sstevel@tonic-gate static void 521*7c478bd9Sstevel@tonic-gate _gss_add_cred(argc, argv) 522*7c478bd9Sstevel@tonic-gate int argc; 523*7c478bd9Sstevel@tonic-gate char **argv; 524*7c478bd9Sstevel@tonic-gate { 525*7c478bd9Sstevel@tonic-gate 526*7c478bd9Sstevel@tonic-gate OM_UINT32 status, minor_status; 527*7c478bd9Sstevel@tonic-gate gss_buffer_desc name; 528*7c478bd9Sstevel@tonic-gate gss_name_t desired_name = (gss_name_t) 0; 529*7c478bd9Sstevel@tonic-gate OM_uint32 time_req; 530*7c478bd9Sstevel@tonic-gate OM_uint32 initiator_time_req; 531*7c478bd9Sstevel@tonic-gate OM_uint32 acceptor_time_req; 532*7c478bd9Sstevel@tonic-gate int cred_usage; 533*7c478bd9Sstevel@tonic-gate gss_OID_set actual_mechs = GSS_C_NULL_OID_SET; 534*7c478bd9Sstevel@tonic-gate gss_OID_set inquire_mechs = GSS_C_NULL_OID_SET; 535*7c478bd9Sstevel@tonic-gate char * string; 536*7c478bd9Sstevel@tonic-gate uid_t uid; 537*7c478bd9Sstevel@tonic-gate gss_OID mech_type; 538*7c478bd9Sstevel@tonic-gate int i; 539*7c478bd9Sstevel@tonic-gate 540*7c478bd9Sstevel@tonic-gate /* 541*7c478bd9Sstevel@tonic-gate * First set up the command line independent input arguments. 542*7c478bd9Sstevel@tonic-gate */ 543*7c478bd9Sstevel@tonic-gate 544*7c478bd9Sstevel@tonic-gate initiator_time_req = (OM_uint32) 0; 545*7c478bd9Sstevel@tonic-gate acceptor_time_req = (OM_uint32) 0; 546*7c478bd9Sstevel@tonic-gate cred_usage = GSS_C_ACCEPT; 547*7c478bd9Sstevel@tonic-gate uid = getuid(); 548*7c478bd9Sstevel@tonic-gate 549*7c478bd9Sstevel@tonic-gate /* Parse the command line for the variable input arguments */ 550*7c478bd9Sstevel@tonic-gate 551*7c478bd9Sstevel@tonic-gate if (argc == 0) { 552*7c478bd9Sstevel@tonic-gate usage(); 553*7c478bd9Sstevel@tonic-gate return; 554*7c478bd9Sstevel@tonic-gate } 555*7c478bd9Sstevel@tonic-gate 556*7c478bd9Sstevel@tonic-gate /* 557*7c478bd9Sstevel@tonic-gate * Get the name of the principal. 558*7c478bd9Sstevel@tonic-gate */ 559*7c478bd9Sstevel@tonic-gate 560*7c478bd9Sstevel@tonic-gate name.length = strlen(argv[0])+1; 561*7c478bd9Sstevel@tonic-gate name.value = argv[0]; 562*7c478bd9Sstevel@tonic-gate 563*7c478bd9Sstevel@tonic-gate /* 564*7c478bd9Sstevel@tonic-gate * Now convert the string given by the first argument into internal 565*7c478bd9Sstevel@tonic-gate * form suitable for input to gss_acquire_cred() 566*7c478bd9Sstevel@tonic-gate */ 567*7c478bd9Sstevel@tonic-gate 568*7c478bd9Sstevel@tonic-gate if ((status = gss_import_name(&minor_status, &name, 569*7c478bd9Sstevel@tonic-gate (gss_OID)GSS_C_NT_HOSTBASED_SERVICE, &desired_name)) 570*7c478bd9Sstevel@tonic-gate != GSS_S_COMPLETE) { 571*7c478bd9Sstevel@tonic-gate printf(gettext( 572*7c478bd9Sstevel@tonic-gate "could not parse desired name: err (octal) %o (%s)\n"), 573*7c478bd9Sstevel@tonic-gate status, gettext("gss_acquire_cred error")); 574*7c478bd9Sstevel@tonic-gate return; 575*7c478bd9Sstevel@tonic-gate } 576*7c478bd9Sstevel@tonic-gate 577*7c478bd9Sstevel@tonic-gate argc--; 578*7c478bd9Sstevel@tonic-gate argv++; 579*7c478bd9Sstevel@tonic-gate 580*7c478bd9Sstevel@tonic-gate /* 581*7c478bd9Sstevel@tonic-gate * The next argument is an OID in dotted decimal form. 582*7c478bd9Sstevel@tonic-gate */ 583*7c478bd9Sstevel@tonic-gate 584*7c478bd9Sstevel@tonic-gate if (argc == 0) { 585*7c478bd9Sstevel@tonic-gate printf(gettext("Assuming dummy as the mechanism\n")); 586*7c478bd9Sstevel@tonic-gate printf(gettext( 587*7c478bd9Sstevel@tonic-gate "The mech OID 1.3.6.1.4.1.42.2.26.1.2 will be used\n")); 588*7c478bd9Sstevel@tonic-gate mech_type = gss_str2oid((char *)GSS_DUMMY_MECH_OID); 589*7c478bd9Sstevel@tonic-gate } else 590*7c478bd9Sstevel@tonic-gate mech_type = gss_str2oid(argv[0]); 591*7c478bd9Sstevel@tonic-gate 592*7c478bd9Sstevel@tonic-gate if (mech_type == 0 || mech_type->length == 0) { 593*7c478bd9Sstevel@tonic-gate printf(gettext("improperly formated mechanism OID\n")); 594*7c478bd9Sstevel@tonic-gate return; 595*7c478bd9Sstevel@tonic-gate } 596*7c478bd9Sstevel@tonic-gate 597*7c478bd9Sstevel@tonic-gate /* 598*7c478bd9Sstevel@tonic-gate * set up desired_mechs so it points to mech_type. 599*7c478bd9Sstevel@tonic-gate */ 600*7c478bd9Sstevel@tonic-gate 601*7c478bd9Sstevel@tonic-gate status = kgss_add_cred( 602*7c478bd9Sstevel@tonic-gate &minor_status, 603*7c478bd9Sstevel@tonic-gate acceptor_credentials, 604*7c478bd9Sstevel@tonic-gate desired_name, 605*7c478bd9Sstevel@tonic-gate mech_type, 606*7c478bd9Sstevel@tonic-gate cred_usage, 607*7c478bd9Sstevel@tonic-gate initiator_time_req, 608*7c478bd9Sstevel@tonic-gate acceptor_time_req, 609*7c478bd9Sstevel@tonic-gate &actual_mechs, 610*7c478bd9Sstevel@tonic-gate NULL, 611*7c478bd9Sstevel@tonic-gate NULL, 612*7c478bd9Sstevel@tonic-gate uid); 613*7c478bd9Sstevel@tonic-gate 614*7c478bd9Sstevel@tonic-gate /* store major and minor status for gss_display_status() call */ 615*7c478bd9Sstevel@tonic-gate 616*7c478bd9Sstevel@tonic-gate gss_major_code = status; 617*7c478bd9Sstevel@tonic-gate gss_minor_code = minor_status; 618*7c478bd9Sstevel@tonic-gate if (status == GSS_S_COMPLETE) { 619*7c478bd9Sstevel@tonic-gate /* process returned values */ 620*7c478bd9Sstevel@tonic-gate 621*7c478bd9Sstevel@tonic-gate printf(gettext("\nadd succeeded\n\n")); 622*7c478bd9Sstevel@tonic-gate if (actual_mechs) { 623*7c478bd9Sstevel@tonic-gate for (i = 0; i < actual_mechs->count; i++) { 624*7c478bd9Sstevel@tonic-gate if ((string = 625*7c478bd9Sstevel@tonic-gate gss_oid2str 626*7c478bd9Sstevel@tonic-gate (&actual_mechs->elements[i])) == 0) { 627*7c478bd9Sstevel@tonic-gate printf(gettext 628*7c478bd9Sstevel@tonic-gate ("actual mechs == NULL\n\n")); 629*7c478bd9Sstevel@tonic-gate } else { 630*7c478bd9Sstevel@tonic-gate printf(gettext 631*7c478bd9Sstevel@tonic-gate ("actual mechs = %s\n\n"), string); 632*7c478bd9Sstevel@tonic-gate FREE(string, 633*7c478bd9Sstevel@tonic-gate (actual_mechs->elements->length+1)*4+1); 634*7c478bd9Sstevel@tonic-gate } 635*7c478bd9Sstevel@tonic-gate } 636*7c478bd9Sstevel@tonic-gate } 637*7c478bd9Sstevel@tonic-gate /* 638*7c478bd9Sstevel@tonic-gate * Try adding the cred again for the same mech 639*7c478bd9Sstevel@tonic-gate * We should get GSS_S_DUPLICATE_ELEMENT 640*7c478bd9Sstevel@tonic-gate * if not return an error 641*7c478bd9Sstevel@tonic-gate */ 642*7c478bd9Sstevel@tonic-gate status = kgss_add_cred( 643*7c478bd9Sstevel@tonic-gate &minor_status, 644*7c478bd9Sstevel@tonic-gate acceptor_credentials, 645*7c478bd9Sstevel@tonic-gate desired_name, 646*7c478bd9Sstevel@tonic-gate mech_type, 647*7c478bd9Sstevel@tonic-gate cred_usage, 648*7c478bd9Sstevel@tonic-gate initiator_time_req, 649*7c478bd9Sstevel@tonic-gate acceptor_time_req, 650*7c478bd9Sstevel@tonic-gate NULL, /* &actual_mechs, */ 651*7c478bd9Sstevel@tonic-gate NULL, 652*7c478bd9Sstevel@tonic-gate NULL, 653*7c478bd9Sstevel@tonic-gate uid); 654*7c478bd9Sstevel@tonic-gate if (status != GSS_S_DUPLICATE_ELEMENT) { 655*7c478bd9Sstevel@tonic-gate printf(gettext("Expected duplicate element, Got " 656*7c478bd9Sstevel@tonic-gate " (octal) %o (%s)\n"), 657*7c478bd9Sstevel@tonic-gate status, gettext("gss_add_cred error")); 658*7c478bd9Sstevel@tonic-gate } 659*7c478bd9Sstevel@tonic-gate status = kgss_inquire_cred( 660*7c478bd9Sstevel@tonic-gate &minor_status, 661*7c478bd9Sstevel@tonic-gate acceptor_credentials, 662*7c478bd9Sstevel@tonic-gate NULL, 663*7c478bd9Sstevel@tonic-gate &time_req, 664*7c478bd9Sstevel@tonic-gate &cred_usage, 665*7c478bd9Sstevel@tonic-gate &inquire_mechs, 666*7c478bd9Sstevel@tonic-gate uid); 667*7c478bd9Sstevel@tonic-gate 668*7c478bd9Sstevel@tonic-gate if (status != GSS_S_COMPLETE) 669*7c478bd9Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"), 670*7c478bd9Sstevel@tonic-gate status, gettext("gss_inquire_cred error")); 671*7c478bd9Sstevel@tonic-gate else { 672*7c478bd9Sstevel@tonic-gate for (i = 0; i < inquire_mechs->count; i++) { 673*7c478bd9Sstevel@tonic-gate if ((string = 674*7c478bd9Sstevel@tonic-gate gss_oid2str 675*7c478bd9Sstevel@tonic-gate (&inquire_mechs->elements[i])) == 0) { 676*7c478bd9Sstevel@tonic-gate printf(gettext 677*7c478bd9Sstevel@tonic-gate ("inquire_mechs mechs == NULL\n\n")); 678*7c478bd9Sstevel@tonic-gate } else { 679*7c478bd9Sstevel@tonic-gate printf(gettext 680*7c478bd9Sstevel@tonic-gate ("inquire_cred mechs = %s\n\n"), 681*7c478bd9Sstevel@tonic-gate string); 682*7c478bd9Sstevel@tonic-gate FREE(string, 683*7c478bd9Sstevel@tonic-gate (inquire_mechs->elements->length+1)*4 684*7c478bd9Sstevel@tonic-gate +1); 685*7c478bd9Sstevel@tonic-gate } 686*7c478bd9Sstevel@tonic-gate } 687*7c478bd9Sstevel@tonic-gate printf(gettext("inquire_cred successful \n\n")); 688*7c478bd9Sstevel@tonic-gate } 689*7c478bd9Sstevel@tonic-gate 690*7c478bd9Sstevel@tonic-gate } else { 691*7c478bd9Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"), 692*7c478bd9Sstevel@tonic-gate status, gettext("gss_acquire_cred error")); 693*7c478bd9Sstevel@tonic-gate } 694*7c478bd9Sstevel@tonic-gate 695*7c478bd9Sstevel@tonic-gate /* Let us do inquire_cred_by_mech for both mechanisms */ 696*7c478bd9Sstevel@tonic-gate status = kgss_inquire_cred_by_mech( 697*7c478bd9Sstevel@tonic-gate &minor_status, 698*7c478bd9Sstevel@tonic-gate acceptor_credentials, 699*7c478bd9Sstevel@tonic-gate mech_type, 700*7c478bd9Sstevel@tonic-gate uid); 701*7c478bd9Sstevel@tonic-gate if (status != GSS_S_COMPLETE) 702*7c478bd9Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"), 703*7c478bd9Sstevel@tonic-gate status, gettext("gss_inquire_cred_by_mech")); 704*7c478bd9Sstevel@tonic-gate else 705*7c478bd9Sstevel@tonic-gate printf(gettext("gss_inquire_cred_by_mech successful")); 706*7c478bd9Sstevel@tonic-gate 707*7c478bd9Sstevel@tonic-gate 708*7c478bd9Sstevel@tonic-gate FREE(mech_type->elements, mech_type->length); 709*7c478bd9Sstevel@tonic-gate FREE(mech_type, sizeof (gss_OID_desc)); 710*7c478bd9Sstevel@tonic-gate mech_type = gss_str2oid((char *)GSS_KRB5_MECH_OID); 711*7c478bd9Sstevel@tonic-gate status = kgss_inquire_cred_by_mech( 712*7c478bd9Sstevel@tonic-gate &minor_status, 713*7c478bd9Sstevel@tonic-gate acceptor_credentials, 714*7c478bd9Sstevel@tonic-gate mech_type, 715*7c478bd9Sstevel@tonic-gate uid); 716*7c478bd9Sstevel@tonic-gate if (status != GSS_S_COMPLETE) 717*7c478bd9Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"), 718*7c478bd9Sstevel@tonic-gate status, gettext 719*7c478bd9Sstevel@tonic-gate ("gss_inquire_cred_by_mech for dummy mech error")); 720*7c478bd9Sstevel@tonic-gate 721*7c478bd9Sstevel@tonic-gate /* free allocated memory */ 722*7c478bd9Sstevel@tonic-gate 723*7c478bd9Sstevel@tonic-gate /* actual mechs is allocated by clnt_stubs. Release it here */ 724*7c478bd9Sstevel@tonic-gate if (actual_mechs != GSS_C_NULL_OID_SET) 725*7c478bd9Sstevel@tonic-gate gss_release_oid_set_and_oids(&minor_status, &actual_mechs); 726*7c478bd9Sstevel@tonic-gate if (inquire_mechs != GSS_C_NULL_OID_SET) 727*7c478bd9Sstevel@tonic-gate gss_release_oid_set_and_oids(&minor_status, &inquire_mechs); 728*7c478bd9Sstevel@tonic-gate 729*7c478bd9Sstevel@tonic-gate gss_release_name(&minor_status, &desired_name); 730*7c478bd9Sstevel@tonic-gate 731*7c478bd9Sstevel@tonic-gate /* mech_type and desired_mechs are allocated above. Release it here */ 732*7c478bd9Sstevel@tonic-gate 733*7c478bd9Sstevel@tonic-gate FREE(mech_type->elements, mech_type->length); 734*7c478bd9Sstevel@tonic-gate FREE(mech_type, sizeof (gss_OID_desc)); 735*7c478bd9Sstevel@tonic-gate } 736*7c478bd9Sstevel@tonic-gate 737*7c478bd9Sstevel@tonic-gate /*ARGSUSED*/ 738*7c478bd9Sstevel@tonic-gate static void 739*7c478bd9Sstevel@tonic-gate _gss_release_cred(argc, argv) 740*7c478bd9Sstevel@tonic-gate int argc; 741*7c478bd9Sstevel@tonic-gate char **argv; 742*7c478bd9Sstevel@tonic-gate { 743*7c478bd9Sstevel@tonic-gate OM_UINT32 status; 744*7c478bd9Sstevel@tonic-gate OM_UINT32 minor_status; 745*7c478bd9Sstevel@tonic-gate uid_t uid; 746*7c478bd9Sstevel@tonic-gate 747*7c478bd9Sstevel@tonic-gate /* set up input arguments here */ 748*7c478bd9Sstevel@tonic-gate 749*7c478bd9Sstevel@tonic-gate if (argc != 0) { 750*7c478bd9Sstevel@tonic-gate usage(); 751*7c478bd9Sstevel@tonic-gate return; 752*7c478bd9Sstevel@tonic-gate } 753*7c478bd9Sstevel@tonic-gate 754*7c478bd9Sstevel@tonic-gate uid = getuid(); 755*7c478bd9Sstevel@tonic-gate 756*7c478bd9Sstevel@tonic-gate status = kgss_release_cred( 757*7c478bd9Sstevel@tonic-gate &minor_status, 758*7c478bd9Sstevel@tonic-gate &acceptor_credentials, 759*7c478bd9Sstevel@tonic-gate uid); 760*7c478bd9Sstevel@tonic-gate 761*7c478bd9Sstevel@tonic-gate /* store major and minor status for gss_display_status() call */ 762*7c478bd9Sstevel@tonic-gate 763*7c478bd9Sstevel@tonic-gate gss_major_code = status; 764*7c478bd9Sstevel@tonic-gate gss_minor_code = minor_status; 765*7c478bd9Sstevel@tonic-gate 766*7c478bd9Sstevel@tonic-gate if (status == GSS_S_COMPLETE) { 767*7c478bd9Sstevel@tonic-gate printf(gettext("\nrelease succeeded\n\n")); 768*7c478bd9Sstevel@tonic-gate } else { 769*7c478bd9Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"), 770*7c478bd9Sstevel@tonic-gate status, gettext("gss_release_cred error")); 771*7c478bd9Sstevel@tonic-gate } 772*7c478bd9Sstevel@tonic-gate } 773*7c478bd9Sstevel@tonic-gate 774*7c478bd9Sstevel@tonic-gate static void 775*7c478bd9Sstevel@tonic-gate _gss_init_sec_context(argc, argv) 776*7c478bd9Sstevel@tonic-gate int argc; 777*7c478bd9Sstevel@tonic-gate char **argv; 778*7c478bd9Sstevel@tonic-gate { 779*7c478bd9Sstevel@tonic-gate 780*7c478bd9Sstevel@tonic-gate OM_uint32 status; 781*7c478bd9Sstevel@tonic-gate 782*7c478bd9Sstevel@tonic-gate OM_uint32 minor_status; 783*7c478bd9Sstevel@tonic-gate gss_cred_id_t claimant_cred_handle; 784*7c478bd9Sstevel@tonic-gate gss_name_t target_name = (gss_name_t) 0; 785*7c478bd9Sstevel@tonic-gate gss_OID mech_type = (gss_OID) 0; 786*7c478bd9Sstevel@tonic-gate int req_flags; 787*7c478bd9Sstevel@tonic-gate OM_uint32 time_req; 788*7c478bd9Sstevel@tonic-gate gss_channel_bindings_t input_chan_bindings; 789*7c478bd9Sstevel@tonic-gate gss_buffer_t input_token; 790*7c478bd9Sstevel@tonic-gate gss_buffer_desc context_token; 791*7c478bd9Sstevel@tonic-gate gss_OID actual_mech_type; 792*7c478bd9Sstevel@tonic-gate int ret_flags; 793*7c478bd9Sstevel@tonic-gate OM_uint32 time_rec; 794*7c478bd9Sstevel@tonic-gate uid_t uid; 795*7c478bd9Sstevel@tonic-gate char * string; 796*7c478bd9Sstevel@tonic-gate gss_buffer_desc name; 797*7c478bd9Sstevel@tonic-gate 798*7c478bd9Sstevel@tonic-gate /* 799*7c478bd9Sstevel@tonic-gate * If this is the first phase of the context establishment, 800*7c478bd9Sstevel@tonic-gate * clear initiator_context_handle and indicate next phase. 801*7c478bd9Sstevel@tonic-gate */ 802*7c478bd9Sstevel@tonic-gate 803*7c478bd9Sstevel@tonic-gate if (init_sec_context_phase == 0) { 804*7c478bd9Sstevel@tonic-gate initiator_context_handle = GSS_C_NO_CONTEXT; 805*7c478bd9Sstevel@tonic-gate input_token = GSS_C_NO_BUFFER; 806*7c478bd9Sstevel@tonic-gate init_sec_context_phase = 1; 807*7c478bd9Sstevel@tonic-gate } else 808*7c478bd9Sstevel@tonic-gate input_token = &init_token_buffer; 809*7c478bd9Sstevel@tonic-gate 810*7c478bd9Sstevel@tonic-gate /* 811*7c478bd9Sstevel@tonic-gate * First set up the non-variable command line independent input 812*7c478bd9Sstevel@tonic-gate * arguments 813*7c478bd9Sstevel@tonic-gate */ 814*7c478bd9Sstevel@tonic-gate 815*7c478bd9Sstevel@tonic-gate claimant_cred_handle = GSS_C_NO_CREDENTIAL; 816*7c478bd9Sstevel@tonic-gate 817*7c478bd9Sstevel@tonic-gate req_flags = GSS_C_MUTUAL_FLAG; 818*7c478bd9Sstevel@tonic-gate time_req = (OM_uint32) 0; 819*7c478bd9Sstevel@tonic-gate input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS; 820*7c478bd9Sstevel@tonic-gate uid = getuid(); 821*7c478bd9Sstevel@tonic-gate 822*7c478bd9Sstevel@tonic-gate /* Now parse the command line for the remaining input arguments */ 823*7c478bd9Sstevel@tonic-gate 824*7c478bd9Sstevel@tonic-gate if (argc == 0) { 825*7c478bd9Sstevel@tonic-gate usage(); 826*7c478bd9Sstevel@tonic-gate return; 827*7c478bd9Sstevel@tonic-gate } 828*7c478bd9Sstevel@tonic-gate 829*7c478bd9Sstevel@tonic-gate /* 830*7c478bd9Sstevel@tonic-gate * Get the name of the target. 831*7c478bd9Sstevel@tonic-gate */ 832*7c478bd9Sstevel@tonic-gate 833*7c478bd9Sstevel@tonic-gate name.length = strlen(argv[0])+1; 834*7c478bd9Sstevel@tonic-gate name.value = argv[0]; 835*7c478bd9Sstevel@tonic-gate 836*7c478bd9Sstevel@tonic-gate /* 837*7c478bd9Sstevel@tonic-gate * Now convert the string given by the first argument into a target 838*7c478bd9Sstevel@tonic-gate * name suitable for input to gss_init_sec_context() 839*7c478bd9Sstevel@tonic-gate */ 840*7c478bd9Sstevel@tonic-gate 841*7c478bd9Sstevel@tonic-gate if ((status = gss_import_name(&minor_status, &name, 842*7c478bd9Sstevel@tonic-gate /* GSS_C_NULL_OID, &target_name)) */ 843*7c478bd9Sstevel@tonic-gate (gss_OID)GSS_C_NT_HOSTBASED_SERVICE, &target_name)) 844*7c478bd9Sstevel@tonic-gate != GSS_S_COMPLETE) { 845*7c478bd9Sstevel@tonic-gate printf(gettext( 846*7c478bd9Sstevel@tonic-gate "could not parse target name: err (octal) %o (%s)\n"), 847*7c478bd9Sstevel@tonic-gate status, 848*7c478bd9Sstevel@tonic-gate gettext("gss_init_sec_context error")); 849*7c478bd9Sstevel@tonic-gate if (input_token != GSS_C_NO_BUFFER) 850*7c478bd9Sstevel@tonic-gate gss_release_buffer(&minor_status, &init_token_buffer); 851*7c478bd9Sstevel@tonic-gate init_sec_context_phase = 0; 852*7c478bd9Sstevel@tonic-gate return; 853*7c478bd9Sstevel@tonic-gate } 854*7c478bd9Sstevel@tonic-gate 855*7c478bd9Sstevel@tonic-gate argc--; 856*7c478bd9Sstevel@tonic-gate argv++; 857*7c478bd9Sstevel@tonic-gate 858*7c478bd9Sstevel@tonic-gate if (argc == 0) { 859*7c478bd9Sstevel@tonic-gate printf(gettext("Assuming Kerberos V5 as the mechanism\n")); 860*7c478bd9Sstevel@tonic-gate printf(gettext( 861*7c478bd9Sstevel@tonic-gate "The mech OID 1.2.840.113554.1.2.2 will be used\n")); 862*7c478bd9Sstevel@tonic-gate mech_type = gss_str2oid((char *)GSS_KRB5_MECH_OID); 863*7c478bd9Sstevel@tonic-gate } else { 864*7c478bd9Sstevel@tonic-gate mech_type = gss_str2oid(argv[0]); 865*7c478bd9Sstevel@tonic-gate } 866*7c478bd9Sstevel@tonic-gate 867*7c478bd9Sstevel@tonic-gate if (mech_type == 0 || mech_type->length == 0) { 868*7c478bd9Sstevel@tonic-gate printf(gettext("improperly formated mechanism OID\n")); 869*7c478bd9Sstevel@tonic-gate if (input_token != GSS_C_NO_BUFFER) 870*7c478bd9Sstevel@tonic-gate gss_release_buffer(&minor_status, &init_token_buffer); 871*7c478bd9Sstevel@tonic-gate init_sec_context_phase = 0; 872*7c478bd9Sstevel@tonic-gate return; 873*7c478bd9Sstevel@tonic-gate } 874*7c478bd9Sstevel@tonic-gate 875*7c478bd9Sstevel@tonic-gate /* call kgss_init_sec_context */ 876*7c478bd9Sstevel@tonic-gate 877*7c478bd9Sstevel@tonic-gate status = kgss_init_sec_context(&minor_status, 878*7c478bd9Sstevel@tonic-gate claimant_cred_handle, 879*7c478bd9Sstevel@tonic-gate &initiator_context_handle, 880*7c478bd9Sstevel@tonic-gate target_name, 881*7c478bd9Sstevel@tonic-gate mech_type, 882*7c478bd9Sstevel@tonic-gate req_flags, 883*7c478bd9Sstevel@tonic-gate time_req, 884*7c478bd9Sstevel@tonic-gate input_chan_bindings, 885*7c478bd9Sstevel@tonic-gate input_token, 886*7c478bd9Sstevel@tonic-gate &actual_mech_type, 887*7c478bd9Sstevel@tonic-gate &accept_token_buffer, 888*7c478bd9Sstevel@tonic-gate &ret_flags, 889*7c478bd9Sstevel@tonic-gate &time_rec, 890*7c478bd9Sstevel@tonic-gate uid); 891*7c478bd9Sstevel@tonic-gate 892*7c478bd9Sstevel@tonic-gate /* store major and minor status for gss_display_status() call */ 893*7c478bd9Sstevel@tonic-gate gss_major_code = status; 894*7c478bd9Sstevel@tonic-gate gss_minor_code = minor_status; 895*7c478bd9Sstevel@tonic-gate 896*7c478bd9Sstevel@tonic-gate if (status != GSS_S_COMPLETE && 897*7c478bd9Sstevel@tonic-gate status != GSS_S_CONTINUE_NEEDED) { 898*7c478bd9Sstevel@tonic-gate 899*7c478bd9Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"), 900*7c478bd9Sstevel@tonic-gate status, "gss_init_sec_context error"); 901*7c478bd9Sstevel@tonic-gate init_sec_context_phase = 0; 902*7c478bd9Sstevel@tonic-gate if (status == GSS_S_NO_CRED) 903*7c478bd9Sstevel@tonic-gate printf(gettext(" : no credentials")); 904*7c478bd9Sstevel@tonic-gate if (input_token != GSS_C_NO_BUFFER) 905*7c478bd9Sstevel@tonic-gate gss_release_buffer(&minor_status, &init_token_buffer); 906*7c478bd9Sstevel@tonic-gate if (status != GSS_S_FAILURE && minor_status != 0xffffffff) 907*7c478bd9Sstevel@tonic-gate status = kgss_delete_sec_context(&minor_status, 908*7c478bd9Sstevel@tonic-gate &initiator_context_handle, 909*7c478bd9Sstevel@tonic-gate &msg_token); 910*7c478bd9Sstevel@tonic-gate return; 911*7c478bd9Sstevel@tonic-gate 912*7c478bd9Sstevel@tonic-gate } else if (status == GSS_S_COMPLETE) { 913*7c478bd9Sstevel@tonic-gate 914*7c478bd9Sstevel@tonic-gate /* process returned values */ 915*7c478bd9Sstevel@tonic-gate 916*7c478bd9Sstevel@tonic-gate printf(gettext("\ninit succeeded\n\n")); 917*7c478bd9Sstevel@tonic-gate 918*7c478bd9Sstevel@tonic-gate /* print out the actual mechanism type */ 919*7c478bd9Sstevel@tonic-gate 920*7c478bd9Sstevel@tonic-gate if ((string = gss_oid2str(actual_mech_type)) == 0) { 921*7c478bd9Sstevel@tonic-gate 922*7c478bd9Sstevel@tonic-gate printf(gettext( 923*7c478bd9Sstevel@tonic-gate "gssapi internal err : actual " 924*7c478bd9Sstevel@tonic-gate "mech type null\n")); 925*7c478bd9Sstevel@tonic-gate init_sec_context_phase = 0; 926*7c478bd9Sstevel@tonic-gate if (input_token != GSS_C_NO_BUFFER) 927*7c478bd9Sstevel@tonic-gate gss_release_buffer(&minor_status, 928*7c478bd9Sstevel@tonic-gate &init_token_buffer); 929*7c478bd9Sstevel@tonic-gate gss_release_buffer(&minor_status, &accept_token_buffer); 930*7c478bd9Sstevel@tonic-gate status = kgss_delete_sec_context(&minor_status, 931*7c478bd9Sstevel@tonic-gate &initiator_context_handle, 932*7c478bd9Sstevel@tonic-gate &msg_token); 933*7c478bd9Sstevel@tonic-gate return; 934*7c478bd9Sstevel@tonic-gate } else { 935*7c478bd9Sstevel@tonic-gate printf(gettext("actual mech type = %s\n\n"), string); 936*7c478bd9Sstevel@tonic-gate FREE(string, (actual_mech_type->length+1)*4+1); 937*7c478bd9Sstevel@tonic-gate } 938*7c478bd9Sstevel@tonic-gate 939*7c478bd9Sstevel@tonic-gate /* print out value of ret_flags and time_req */ 940*7c478bd9Sstevel@tonic-gate 941*7c478bd9Sstevel@tonic-gate if (ret_flags & GSS_C_DELEG_FLAG) 942*7c478bd9Sstevel@tonic-gate printf(gettext("GSS_C_DELEG_FLAG = True\n")); 943*7c478bd9Sstevel@tonic-gate else 944*7c478bd9Sstevel@tonic-gate printf(gettext("GSS_C_DELEG_FLAG = False\n")); 945*7c478bd9Sstevel@tonic-gate 946*7c478bd9Sstevel@tonic-gate if (ret_flags & GSS_C_MUTUAL_FLAG) 947*7c478bd9Sstevel@tonic-gate printf(gettext("GSS_C_MUTUAL_FLAG = True\n")); 948*7c478bd9Sstevel@tonic-gate else 949*7c478bd9Sstevel@tonic-gate printf(gettext("GSS_C_MUTUAL_FLAG = False\n")); 950*7c478bd9Sstevel@tonic-gate 951*7c478bd9Sstevel@tonic-gate if (ret_flags & GSS_C_REPLAY_FLAG) 952*7c478bd9Sstevel@tonic-gate printf(gettext("GSS_C_REPLAY_FLAG = True\n")); 953*7c478bd9Sstevel@tonic-gate else 954*7c478bd9Sstevel@tonic-gate printf(gettext("GSS_C_REPLAY_FLAG = False\n")); 955*7c478bd9Sstevel@tonic-gate 956*7c478bd9Sstevel@tonic-gate if (ret_flags & GSS_C_SEQUENCE_FLAG) 957*7c478bd9Sstevel@tonic-gate printf(gettext("GSS_C_SEQUENCE_FLAG = True\n")); 958*7c478bd9Sstevel@tonic-gate else 959*7c478bd9Sstevel@tonic-gate printf(gettext("GSS_C_SEQUENCE_FLAG = False\n")); 960*7c478bd9Sstevel@tonic-gate 961*7c478bd9Sstevel@tonic-gate if (ret_flags & GSS_C_CONF_FLAG) 962*7c478bd9Sstevel@tonic-gate printf(gettext("GSS_C_CONF_FLAG = True\n")); 963*7c478bd9Sstevel@tonic-gate else 964*7c478bd9Sstevel@tonic-gate printf(gettext("GSS_C_CONF_FLAG = False\n")); 965*7c478bd9Sstevel@tonic-gate 966*7c478bd9Sstevel@tonic-gate if (ret_flags & GSS_C_INTEG_FLAG) 967*7c478bd9Sstevel@tonic-gate printf(gettext("GSS_C_INTEG_FLAG = True\n\n")); 968*7c478bd9Sstevel@tonic-gate else 969*7c478bd9Sstevel@tonic-gate printf(gettext("GSS_C_INTEG_FLAG = False\n\n")); 970*7c478bd9Sstevel@tonic-gate 971*7c478bd9Sstevel@tonic-gate printf(gettext("time_req = %u seconds\n\n"), time_rec); 972*7c478bd9Sstevel@tonic-gate 973*7c478bd9Sstevel@tonic-gate /* free allocated memory */ 974*7c478bd9Sstevel@tonic-gate 975*7c478bd9Sstevel@tonic-gate FREE(mech_type->elements, mech_type->length); 976*7c478bd9Sstevel@tonic-gate FREE(mech_type, sizeof (gss_OID_desc)); 977*7c478bd9Sstevel@tonic-gate 978*7c478bd9Sstevel@tonic-gate /* these two were malloc'd by kgss_init_sec_context() */ 979*7c478bd9Sstevel@tonic-gate 980*7c478bd9Sstevel@tonic-gate FREE(actual_mech_type->elements, actual_mech_type->length); 981*7c478bd9Sstevel@tonic-gate FREE(actual_mech_type, sizeof (gss_OID_desc)); 982*7c478bd9Sstevel@tonic-gate 983*7c478bd9Sstevel@tonic-gate gss_release_name(&minor_status, &target_name); 984*7c478bd9Sstevel@tonic-gate 985*7c478bd9Sstevel@tonic-gate if (input_token != GSS_C_NO_BUFFER) 986*7c478bd9Sstevel@tonic-gate gss_release_buffer(&minor_status, &init_token_buffer); 987*7c478bd9Sstevel@tonic-gate 988*7c478bd9Sstevel@tonic-gate /* 989*7c478bd9Sstevel@tonic-gate * if status == GSS_S_COMPLETE, reset the phase to 0 and 990*7c478bd9Sstevel@tonic-gate * release token in accept_token_buffer 991*7c478bd9Sstevel@tonic-gate */ 992*7c478bd9Sstevel@tonic-gate 993*7c478bd9Sstevel@tonic-gate init_sec_context_phase = 0; 994*7c478bd9Sstevel@tonic-gate /* Save and restore the context */ 995*7c478bd9Sstevel@tonic-gate status = kgss_export_sec_context(&minor_status, 996*7c478bd9Sstevel@tonic-gate &initiator_context_handle, 997*7c478bd9Sstevel@tonic-gate &context_token); 998*7c478bd9Sstevel@tonic-gate if (status != GSS_S_COMPLETE) { 999*7c478bd9Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"), 1000*7c478bd9Sstevel@tonic-gate status, gettext("gss_export_sec_context_error")); 1001*7c478bd9Sstevel@tonic-gate return; 1002*7c478bd9Sstevel@tonic-gate } 1003*7c478bd9Sstevel@tonic-gate status = kgss_import_sec_context(&minor_status, 1004*7c478bd9Sstevel@tonic-gate &context_token, 1005*7c478bd9Sstevel@tonic-gate &initiator_context_handle); 1006*7c478bd9Sstevel@tonic-gate if (status != GSS_S_COMPLETE) { 1007*7c478bd9Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"), 1008*7c478bd9Sstevel@tonic-gate status, gettext("gss_import_sec_context_error")); 1009*7c478bd9Sstevel@tonic-gate return; 1010*7c478bd9Sstevel@tonic-gate } 1011*7c478bd9Sstevel@tonic-gate (void) gss_release_buffer(&minor_status, &context_token); 1012*7c478bd9Sstevel@tonic-gate 1013*7c478bd9Sstevel@tonic-gate /* gss_export & gss_import secxc_context worked, return */ 1014*7c478bd9Sstevel@tonic-gate printf(gettext("\nexport and import of contexts succeeded\n")); 1015*7c478bd9Sstevel@tonic-gate printf(gettext("\ninit completed")); 1016*7c478bd9Sstevel@tonic-gate 1017*7c478bd9Sstevel@tonic-gate } else { 1018*7c478bd9Sstevel@tonic-gate printf(gettext("\nfirst phase of init succeeded")); 1019*7c478bd9Sstevel@tonic-gate printf(gettext("\ninit must be called again\n\n")); 1020*7c478bd9Sstevel@tonic-gate } 1021*7c478bd9Sstevel@tonic-gate 1022*7c478bd9Sstevel@tonic-gate } 1023*7c478bd9Sstevel@tonic-gate 1024*7c478bd9Sstevel@tonic-gate /*ARGSUSED*/ 1025*7c478bd9Sstevel@tonic-gate static void 1026*7c478bd9Sstevel@tonic-gate _gss_accept_sec_context(argc, argv) 1027*7c478bd9Sstevel@tonic-gate int argc; 1028*7c478bd9Sstevel@tonic-gate char **argv; 1029*7c478bd9Sstevel@tonic-gate { 1030*7c478bd9Sstevel@tonic-gate OM_UINT32 status; 1031*7c478bd9Sstevel@tonic-gate 1032*7c478bd9Sstevel@tonic-gate OM_uint32 minor_status; 1033*7c478bd9Sstevel@tonic-gate gss_channel_bindings_t input_chan_bindings; 1034*7c478bd9Sstevel@tonic-gate gss_OID mech_type; 1035*7c478bd9Sstevel@tonic-gate int ret_flags; 1036*7c478bd9Sstevel@tonic-gate OM_uint32 time_rec; 1037*7c478bd9Sstevel@tonic-gate gss_cred_id_t delegated_cred_handle; 1038*7c478bd9Sstevel@tonic-gate uid_t uid; 1039*7c478bd9Sstevel@tonic-gate char *string; 1040*7c478bd9Sstevel@tonic-gate gss_buffer_desc src_name, src_name_string; 1041*7c478bd9Sstevel@tonic-gate gss_buffer_desc output_token; 1042*7c478bd9Sstevel@tonic-gate gss_name_t gss_name; 1043*7c478bd9Sstevel@tonic-gate gss_buffer_desc context_token; 1044*7c478bd9Sstevel@tonic-gate 1045*7c478bd9Sstevel@tonic-gate /* 1046*7c478bd9Sstevel@tonic-gate * If this is the first phase of the context establishment, 1047*7c478bd9Sstevel@tonic-gate * clear acceptor_context_handle and indicate next phase. 1048*7c478bd9Sstevel@tonic-gate */ 1049*7c478bd9Sstevel@tonic-gate 1050*7c478bd9Sstevel@tonic-gate if (accept_sec_context_phase == 0) { 1051*7c478bd9Sstevel@tonic-gate acceptor_context_handle = GSS_C_NO_CONTEXT; 1052*7c478bd9Sstevel@tonic-gate accept_sec_context_phase = 1; 1053*7c478bd9Sstevel@tonic-gate } 1054*7c478bd9Sstevel@tonic-gate 1055*7c478bd9Sstevel@tonic-gate /* Now set up the other command line independent input arguments */ 1056*7c478bd9Sstevel@tonic-gate 1057*7c478bd9Sstevel@tonic-gate input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS; 1058*7c478bd9Sstevel@tonic-gate 1059*7c478bd9Sstevel@tonic-gate uid = (uid_t) getuid(); 1060*7c478bd9Sstevel@tonic-gate 1061*7c478bd9Sstevel@tonic-gate if (argc != 0) { 1062*7c478bd9Sstevel@tonic-gate usage(); 1063*7c478bd9Sstevel@tonic-gate return; 1064*7c478bd9Sstevel@tonic-gate } 1065*7c478bd9Sstevel@tonic-gate 1066*7c478bd9Sstevel@tonic-gate status = kgss_accept_sec_context(&minor_status, 1067*7c478bd9Sstevel@tonic-gate &acceptor_context_handle, 1068*7c478bd9Sstevel@tonic-gate acceptor_credentials, 1069*7c478bd9Sstevel@tonic-gate &accept_token_buffer, 1070*7c478bd9Sstevel@tonic-gate input_chan_bindings, 1071*7c478bd9Sstevel@tonic-gate &src_name, 1072*7c478bd9Sstevel@tonic-gate &mech_type, 1073*7c478bd9Sstevel@tonic-gate &init_token_buffer, 1074*7c478bd9Sstevel@tonic-gate &ret_flags, 1075*7c478bd9Sstevel@tonic-gate &time_rec, 1076*7c478bd9Sstevel@tonic-gate &delegated_cred_handle, 1077*7c478bd9Sstevel@tonic-gate uid); 1078*7c478bd9Sstevel@tonic-gate 1079*7c478bd9Sstevel@tonic-gate /* store major and minor status for gss_display_status() call */ 1080*7c478bd9Sstevel@tonic-gate 1081*7c478bd9Sstevel@tonic-gate gss_major_code = status; 1082*7c478bd9Sstevel@tonic-gate gss_minor_code = minor_status; 1083*7c478bd9Sstevel@tonic-gate 1084*7c478bd9Sstevel@tonic-gate if (status != GSS_S_COMPLETE && status != GSS_S_CONTINUE_NEEDED) { 1085*7c478bd9Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"), 1086*7c478bd9Sstevel@tonic-gate status, gettext("gss_accept_sec_context error")); 1087*7c478bd9Sstevel@tonic-gate gss_release_buffer(&minor_status, &accept_token_buffer); 1088*7c478bd9Sstevel@tonic-gate return; 1089*7c478bd9Sstevel@tonic-gate } else if (status == GSS_S_COMPLETE) { 1090*7c478bd9Sstevel@tonic-gate 1091*7c478bd9Sstevel@tonic-gate /* process returned values */ 1092*7c478bd9Sstevel@tonic-gate 1093*7c478bd9Sstevel@tonic-gate printf(gettext("\naccept succeeded\n\n")); 1094*7c478bd9Sstevel@tonic-gate 1095*7c478bd9Sstevel@tonic-gate /* 1096*7c478bd9Sstevel@tonic-gate * convert the exported name returned in src_name into 1097*7c478bd9Sstevel@tonic-gate * a string and print it. 1098*7c478bd9Sstevel@tonic-gate */ 1099*7c478bd9Sstevel@tonic-gate if ((status = gss_import_name(&minor_status, &src_name, 1100*7c478bd9Sstevel@tonic-gate (gss_OID) GSS_C_NT_EXPORT_NAME, &gss_name)) 1101*7c478bd9Sstevel@tonic-gate != GSS_S_COMPLETE) { 1102*7c478bd9Sstevel@tonic-gate printf(gettext( 1103*7c478bd9Sstevel@tonic-gate "could not import src name 0x%x\n"), status); 1104*7c478bd9Sstevel@tonic-gate accept_sec_context_phase = 0; 1105*7c478bd9Sstevel@tonic-gate status = kgss_delete_sec_context(&minor_status, 1106*7c478bd9Sstevel@tonic-gate &acceptor_context_handle, 1107*7c478bd9Sstevel@tonic-gate &output_token); 1108*7c478bd9Sstevel@tonic-gate gss_release_buffer(&minor_status, &accept_token_buffer); 1109*7c478bd9Sstevel@tonic-gate if (status == GSS_S_CONTINUE_NEEDED) 1110*7c478bd9Sstevel@tonic-gate gss_release_buffer(&minor_status, 1111*7c478bd9Sstevel@tonic-gate &init_token_buffer); 1112*7c478bd9Sstevel@tonic-gate gss_release_buffer(&minor_status, &src_name); 1113*7c478bd9Sstevel@tonic-gate return; 1114*7c478bd9Sstevel@tonic-gate } 1115*7c478bd9Sstevel@tonic-gate 1116*7c478bd9Sstevel@tonic-gate memset(&src_name_string, 0, sizeof (src_name_string)); 1117*7c478bd9Sstevel@tonic-gate if ((status = gss_display_name(&minor_status, gss_name, 1118*7c478bd9Sstevel@tonic-gate &src_name_string, NULL)) != GSS_S_COMPLETE) { 1119*7c478bd9Sstevel@tonic-gate printf(gettext("could not display src name: " 1120*7c478bd9Sstevel@tonic-gate "err (octal) %o (%s)\n"), status, 1121*7c478bd9Sstevel@tonic-gate "gss_init_sec_context error"); 1122*7c478bd9Sstevel@tonic-gate accept_sec_context_phase = 0; 1123*7c478bd9Sstevel@tonic-gate status = kgss_delete_sec_context(&minor_status, 1124*7c478bd9Sstevel@tonic-gate &acceptor_context_handle, 1125*7c478bd9Sstevel@tonic-gate &output_token); 1126*7c478bd9Sstevel@tonic-gate gss_release_buffer(&minor_status, &accept_token_buffer); 1127*7c478bd9Sstevel@tonic-gate if (status == GSS_S_CONTINUE_NEEDED) 1128*7c478bd9Sstevel@tonic-gate gss_release_buffer(&minor_status, 1129*7c478bd9Sstevel@tonic-gate &init_token_buffer); 1130*7c478bd9Sstevel@tonic-gate gss_release_buffer(&minor_status, &src_name); 1131*7c478bd9Sstevel@tonic-gate return; 1132*7c478bd9Sstevel@tonic-gate } 1133*7c478bd9Sstevel@tonic-gate printf(gettext("src name = %s\n"), src_name_string.value); 1134*7c478bd9Sstevel@tonic-gate gss_release_name(&minor_status, &gss_name); 1135*7c478bd9Sstevel@tonic-gate gss_release_buffer(&minor_status, &src_name_string); 1136*7c478bd9Sstevel@tonic-gate gss_release_buffer(&minor_status, &src_name); 1137*7c478bd9Sstevel@tonic-gate 1138*7c478bd9Sstevel@tonic-gate /* print out the mechanism type */ 1139*7c478bd9Sstevel@tonic-gate 1140*7c478bd9Sstevel@tonic-gate if ((string = gss_oid2str(mech_type)) == 0) { 1141*7c478bd9Sstevel@tonic-gate 1142*7c478bd9Sstevel@tonic-gate printf(gettext( 1143*7c478bd9Sstevel@tonic-gate "gssapi internal err :" 1144*7c478bd9Sstevel@tonic-gate " actual mech type null\n")); 1145*7c478bd9Sstevel@tonic-gate accept_sec_context_phase = 0; 1146*7c478bd9Sstevel@tonic-gate status = kgss_delete_sec_context(&minor_status, 1147*7c478bd9Sstevel@tonic-gate &acceptor_context_handle, 1148*7c478bd9Sstevel@tonic-gate &output_token); 1149*7c478bd9Sstevel@tonic-gate gss_release_buffer(&minor_status, &accept_token_buffer); 1150*7c478bd9Sstevel@tonic-gate if (status == GSS_S_CONTINUE_NEEDED) 1151*7c478bd9Sstevel@tonic-gate gss_release_buffer(&minor_status, 1152*7c478bd9Sstevel@tonic-gate &init_token_buffer); 1153*7c478bd9Sstevel@tonic-gate return; 1154*7c478bd9Sstevel@tonic-gate } else { 1155*7c478bd9Sstevel@tonic-gate 1156*7c478bd9Sstevel@tonic-gate printf(gettext("actual mech type = %s\n\n"), string); 1157*7c478bd9Sstevel@tonic-gate FREE(string, (mech_type->length+1)*4+1); 1158*7c478bd9Sstevel@tonic-gate } 1159*7c478bd9Sstevel@tonic-gate 1160*7c478bd9Sstevel@tonic-gate /* Save and restore the context */ 1161*7c478bd9Sstevel@tonic-gate status = kgss_export_sec_context(&minor_status, 1162*7c478bd9Sstevel@tonic-gate &initiator_context_handle, 1163*7c478bd9Sstevel@tonic-gate &context_token); 1164*7c478bd9Sstevel@tonic-gate if (status != GSS_S_COMPLETE) { 1165*7c478bd9Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"), 1166*7c478bd9Sstevel@tonic-gate status, gettext("gss_export_sec_context_error")); 1167*7c478bd9Sstevel@tonic-gate return; 1168*7c478bd9Sstevel@tonic-gate } 1169*7c478bd9Sstevel@tonic-gate status = kgss_import_sec_context(&minor_status, 1170*7c478bd9Sstevel@tonic-gate &context_token, 1171*7c478bd9Sstevel@tonic-gate &initiator_context_handle); 1172*7c478bd9Sstevel@tonic-gate if (status != GSS_S_COMPLETE) { 1173*7c478bd9Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"), 1174*7c478bd9Sstevel@tonic-gate status, gettext("gss_import_sec_context_error")); 1175*7c478bd9Sstevel@tonic-gate return; 1176*7c478bd9Sstevel@tonic-gate } 1177*7c478bd9Sstevel@tonic-gate (void) gss_release_buffer(&minor_status, &context_token); 1178*7c478bd9Sstevel@tonic-gate 1179*7c478bd9Sstevel@tonic-gate /* gss_export & gss_import secxc_context worked, return */ 1180*7c478bd9Sstevel@tonic-gate 1181*7c478bd9Sstevel@tonic-gate /* print out value of ret_flags and time_req */ 1182*7c478bd9Sstevel@tonic-gate 1183*7c478bd9Sstevel@tonic-gate if (ret_flags & GSS_C_DELEG_FLAG) 1184*7c478bd9Sstevel@tonic-gate printf(gettext("GSS_C_DELEG_FLAG = True\n")); 1185*7c478bd9Sstevel@tonic-gate else 1186*7c478bd9Sstevel@tonic-gate printf(gettext("GSS_C_DELEG_FLAG = False\n")); 1187*7c478bd9Sstevel@tonic-gate 1188*7c478bd9Sstevel@tonic-gate if (ret_flags & GSS_C_MUTUAL_FLAG) 1189*7c478bd9Sstevel@tonic-gate printf(gettext("GSS_C_MUTUAL_FLAG = True\n")); 1190*7c478bd9Sstevel@tonic-gate else 1191*7c478bd9Sstevel@tonic-gate printf(gettext("GSS_C_MUTUAL_FLAG = False\n")); 1192*7c478bd9Sstevel@tonic-gate 1193*7c478bd9Sstevel@tonic-gate if (ret_flags & GSS_C_REPLAY_FLAG) 1194*7c478bd9Sstevel@tonic-gate printf(gettext("GSS_C_REPLAY_FLAG = True\n")); 1195*7c478bd9Sstevel@tonic-gate else 1196*7c478bd9Sstevel@tonic-gate printf(gettext("GSS_C_REPLAY_FLAG = False\n")); 1197*7c478bd9Sstevel@tonic-gate 1198*7c478bd9Sstevel@tonic-gate if (ret_flags & GSS_C_SEQUENCE_FLAG) 1199*7c478bd9Sstevel@tonic-gate printf(gettext("GSS_C_SEQUENCE_FLAG = True\n")); 1200*7c478bd9Sstevel@tonic-gate else 1201*7c478bd9Sstevel@tonic-gate printf(gettext("GSS_C_SEQUENCE_FLAG = False\n")); 1202*7c478bd9Sstevel@tonic-gate 1203*7c478bd9Sstevel@tonic-gate if (ret_flags & GSS_C_CONF_FLAG) 1204*7c478bd9Sstevel@tonic-gate printf(gettext("GSS_C_CONF_FLAG = True\n")); 1205*7c478bd9Sstevel@tonic-gate else 1206*7c478bd9Sstevel@tonic-gate printf(gettext("GSS_C_CONF_FLAG = False\n")); 1207*7c478bd9Sstevel@tonic-gate 1208*7c478bd9Sstevel@tonic-gate if (ret_flags & GSS_C_INTEG_FLAG) 1209*7c478bd9Sstevel@tonic-gate printf(gettext("GSS_C_INTEG_FLAG = True\n\n")); 1210*7c478bd9Sstevel@tonic-gate else 1211*7c478bd9Sstevel@tonic-gate printf(gettext("GSS_C_INTEG_FLAG = False\n\n")); 1212*7c478bd9Sstevel@tonic-gate 1213*7c478bd9Sstevel@tonic-gate printf(gettext("time_rec = %d seconds\n\n"), time_rec); 1214*7c478bd9Sstevel@tonic-gate 1215*7c478bd9Sstevel@tonic-gate /* free allocated memory */ 1216*7c478bd9Sstevel@tonic-gate 1217*7c478bd9Sstevel@tonic-gate printf(gettext("\nexport and import of contexts succeeded\n")); 1218*7c478bd9Sstevel@tonic-gate 1219*7c478bd9Sstevel@tonic-gate FREE(mech_type->elements, mech_type->length); 1220*7c478bd9Sstevel@tonic-gate FREE(mech_type, sizeof (gss_OID_desc)); 1221*7c478bd9Sstevel@tonic-gate } else { 1222*7c478bd9Sstevel@tonic-gate printf(gettext("\nfirst phase of accept succeeded")); 1223*7c478bd9Sstevel@tonic-gate printf(gettext("\naccept must be called again\n\n")); 1224*7c478bd9Sstevel@tonic-gate } 1225*7c478bd9Sstevel@tonic-gate 1226*7c478bd9Sstevel@tonic-gate 1227*7c478bd9Sstevel@tonic-gate /* free the input token in accept_token_buffer */ 1228*7c478bd9Sstevel@tonic-gate gss_release_buffer(&minor_status, &accept_token_buffer); 1229*7c478bd9Sstevel@tonic-gate 1230*7c478bd9Sstevel@tonic-gate /* if status == GSS_S_COMPLETE, reset the phase to 0 */ 1231*7c478bd9Sstevel@tonic-gate 1232*7c478bd9Sstevel@tonic-gate if (status == GSS_S_COMPLETE) 1233*7c478bd9Sstevel@tonic-gate accept_sec_context_phase = 0; 1234*7c478bd9Sstevel@tonic-gate 1235*7c478bd9Sstevel@tonic-gate /* gss_accept_sec_context worked, return */ 1236*7c478bd9Sstevel@tonic-gate } 1237*7c478bd9Sstevel@tonic-gate 1238*7c478bd9Sstevel@tonic-gate void 1239*7c478bd9Sstevel@tonic-gate _gss_process_context_token(argc, argv) 1240*7c478bd9Sstevel@tonic-gate int argc; 1241*7c478bd9Sstevel@tonic-gate char **argv; 1242*7c478bd9Sstevel@tonic-gate { 1243*7c478bd9Sstevel@tonic-gate OM_UINT32 status; 1244*7c478bd9Sstevel@tonic-gate 1245*7c478bd9Sstevel@tonic-gate gss_ctx_id_t context_handle; 1246*7c478bd9Sstevel@tonic-gate OM_uint32 minor_status; 1247*7c478bd9Sstevel@tonic-gate uid_t uid; 1248*7c478bd9Sstevel@tonic-gate 1249*7c478bd9Sstevel@tonic-gate uid = (uid_t) getuid(); 1250*7c478bd9Sstevel@tonic-gate 1251*7c478bd9Sstevel@tonic-gate /* parse the command line to determine the variable input argument */ 1252*7c478bd9Sstevel@tonic-gate 1253*7c478bd9Sstevel@tonic-gate if (argc == 0) { 1254*7c478bd9Sstevel@tonic-gate usage(); 1255*7c478bd9Sstevel@tonic-gate return; 1256*7c478bd9Sstevel@tonic-gate } 1257*7c478bd9Sstevel@tonic-gate 1258*7c478bd9Sstevel@tonic-gate if (strcmp(argv[0], "initiator") == 0) 1259*7c478bd9Sstevel@tonic-gate context_handle = initiator_context_handle; 1260*7c478bd9Sstevel@tonic-gate else if (strcmp(argv[0], "acceptor") == 0) 1261*7c478bd9Sstevel@tonic-gate context_handle = acceptor_context_handle; 1262*7c478bd9Sstevel@tonic-gate else { 1263*7c478bd9Sstevel@tonic-gate printf(gettext( 1264*7c478bd9Sstevel@tonic-gate "must specify either \"initiator\" or \"acceptor\"\n")); 1265*7c478bd9Sstevel@tonic-gate return; 1266*7c478bd9Sstevel@tonic-gate } 1267*7c478bd9Sstevel@tonic-gate 1268*7c478bd9Sstevel@tonic-gate argc--; 1269*7c478bd9Sstevel@tonic-gate argv++; 1270*7c478bd9Sstevel@tonic-gate 1271*7c478bd9Sstevel@tonic-gate if (argc != 0) { 1272*7c478bd9Sstevel@tonic-gate usage(); 1273*7c478bd9Sstevel@tonic-gate return; 1274*7c478bd9Sstevel@tonic-gate } 1275*7c478bd9Sstevel@tonic-gate 1276*7c478bd9Sstevel@tonic-gate status = kgss_process_context_token(&minor_status, 1277*7c478bd9Sstevel@tonic-gate context_handle, 1278*7c478bd9Sstevel@tonic-gate delete_token_buffer, 1279*7c478bd9Sstevel@tonic-gate uid); 1280*7c478bd9Sstevel@tonic-gate 1281*7c478bd9Sstevel@tonic-gate /* store major and minor status for gss_display_status() call */ 1282*7c478bd9Sstevel@tonic-gate 1283*7c478bd9Sstevel@tonic-gate gss_major_code = status; 1284*7c478bd9Sstevel@tonic-gate gss_minor_code = minor_status; 1285*7c478bd9Sstevel@tonic-gate 1286*7c478bd9Sstevel@tonic-gate if (status != GSS_S_COMPLETE) { 1287*7c478bd9Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"), 1288*7c478bd9Sstevel@tonic-gate status, gettext("gss_process_context_token error")); 1289*7c478bd9Sstevel@tonic-gate return; 1290*7c478bd9Sstevel@tonic-gate 1291*7c478bd9Sstevel@tonic-gate } else { 1292*7c478bd9Sstevel@tonic-gate printf(gettext("\nprocess succeeded\n\n")); 1293*7c478bd9Sstevel@tonic-gate return; 1294*7c478bd9Sstevel@tonic-gate } 1295*7c478bd9Sstevel@tonic-gate } 1296*7c478bd9Sstevel@tonic-gate 1297*7c478bd9Sstevel@tonic-gate static void 1298*7c478bd9Sstevel@tonic-gate _gss_delete_sec_context(argc, argv) 1299*7c478bd9Sstevel@tonic-gate int argc; 1300*7c478bd9Sstevel@tonic-gate char **argv; 1301*7c478bd9Sstevel@tonic-gate { 1302*7c478bd9Sstevel@tonic-gate OM_UINT32 status; 1303*7c478bd9Sstevel@tonic-gate gss_ctx_id_t *context_handle; 1304*7c478bd9Sstevel@tonic-gate OM_uint32 minor_status; 1305*7c478bd9Sstevel@tonic-gate uid_t uid; 1306*7c478bd9Sstevel@tonic-gate 1307*7c478bd9Sstevel@tonic-gate uid = (uid_t) getuid(); 1308*7c478bd9Sstevel@tonic-gate 1309*7c478bd9Sstevel@tonic-gate /* parse the command line to determine the variable input argument */ 1310*7c478bd9Sstevel@tonic-gate 1311*7c478bd9Sstevel@tonic-gate if (argc == 0) { 1312*7c478bd9Sstevel@tonic-gate usage(); 1313*7c478bd9Sstevel@tonic-gate return; 1314*7c478bd9Sstevel@tonic-gate } 1315*7c478bd9Sstevel@tonic-gate 1316*7c478bd9Sstevel@tonic-gate if (strcmp(argv[0], "initiator") == 0) { 1317*7c478bd9Sstevel@tonic-gate context_handle = &initiator_context_handle; 1318*7c478bd9Sstevel@tonic-gate } else if (strcmp(argv[0], "acceptor") == 0) { 1319*7c478bd9Sstevel@tonic-gate context_handle = &acceptor_context_handle; 1320*7c478bd9Sstevel@tonic-gate } else { 1321*7c478bd9Sstevel@tonic-gate printf(gettext( 1322*7c478bd9Sstevel@tonic-gate "must specify either \"initiator\" or \"acceptor\"\n")); 1323*7c478bd9Sstevel@tonic-gate return; 1324*7c478bd9Sstevel@tonic-gate } 1325*7c478bd9Sstevel@tonic-gate 1326*7c478bd9Sstevel@tonic-gate argc--; 1327*7c478bd9Sstevel@tonic-gate argv++; 1328*7c478bd9Sstevel@tonic-gate 1329*7c478bd9Sstevel@tonic-gate if (argc != 0) { 1330*7c478bd9Sstevel@tonic-gate usage(); 1331*7c478bd9Sstevel@tonic-gate return; 1332*7c478bd9Sstevel@tonic-gate } 1333*7c478bd9Sstevel@tonic-gate 1334*7c478bd9Sstevel@tonic-gate 1335*7c478bd9Sstevel@tonic-gate status = kgss_delete_sec_context(&minor_status, 1336*7c478bd9Sstevel@tonic-gate context_handle, 1337*7c478bd9Sstevel@tonic-gate &delete_token_buffer); 1338*7c478bd9Sstevel@tonic-gate 1339*7c478bd9Sstevel@tonic-gate 1340*7c478bd9Sstevel@tonic-gate /* store major and minor status for gss_display_status() call */ 1341*7c478bd9Sstevel@tonic-gate 1342*7c478bd9Sstevel@tonic-gate gss_major_code = status; 1343*7c478bd9Sstevel@tonic-gate gss_minor_code = minor_status; 1344*7c478bd9Sstevel@tonic-gate 1345*7c478bd9Sstevel@tonic-gate if (status != GSS_S_COMPLETE) { 1346*7c478bd9Sstevel@tonic-gate 1347*7c478bd9Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"), 1348*7c478bd9Sstevel@tonic-gate status, gettext("gss_delete_sec_context error")); 1349*7c478bd9Sstevel@tonic-gate return; 1350*7c478bd9Sstevel@tonic-gate 1351*7c478bd9Sstevel@tonic-gate } else { 1352*7c478bd9Sstevel@tonic-gate printf(gettext("\ndelete succeeded\n\n")); 1353*7c478bd9Sstevel@tonic-gate return; 1354*7c478bd9Sstevel@tonic-gate } 1355*7c478bd9Sstevel@tonic-gate } 1356*7c478bd9Sstevel@tonic-gate 1357*7c478bd9Sstevel@tonic-gate /*ARGSUSED*/ 1358*7c478bd9Sstevel@tonic-gate static void 1359*7c478bd9Sstevel@tonic-gate _gss_context_time(argc, argv) 1360*7c478bd9Sstevel@tonic-gate int argc; 1361*7c478bd9Sstevel@tonic-gate char **argv; 1362*7c478bd9Sstevel@tonic-gate { 1363*7c478bd9Sstevel@tonic-gate /* 1364*7c478bd9Sstevel@tonic-gate * set up input arguments here 1365*7c478bd9Sstevel@tonic-gate * this function is unimplemented. Call usage() and return 1366*7c478bd9Sstevel@tonic-gate */ 1367*7c478bd9Sstevel@tonic-gate 1368*7c478bd9Sstevel@tonic-gate printf(gettext("\nunimplemented function")); 1369*7c478bd9Sstevel@tonic-gate } 1370*7c478bd9Sstevel@tonic-gate 1371*7c478bd9Sstevel@tonic-gate static void 1372*7c478bd9Sstevel@tonic-gate _gss_sign(argc, argv) 1373*7c478bd9Sstevel@tonic-gate int argc; 1374*7c478bd9Sstevel@tonic-gate char **argv; 1375*7c478bd9Sstevel@tonic-gate { 1376*7c478bd9Sstevel@tonic-gate OM_UINT32 status; 1377*7c478bd9Sstevel@tonic-gate OM_uint32 minor_status; 1378*7c478bd9Sstevel@tonic-gate gss_ctx_id_t context_handle; 1379*7c478bd9Sstevel@tonic-gate int qop_req; 1380*7c478bd9Sstevel@tonic-gate uid_t uid; 1381*7c478bd9Sstevel@tonic-gate 1382*7c478bd9Sstevel@tonic-gate uid = (uid_t) getuid(); 1383*7c478bd9Sstevel@tonic-gate 1384*7c478bd9Sstevel@tonic-gate /* specify the default quality of protection */ 1385*7c478bd9Sstevel@tonic-gate 1386*7c478bd9Sstevel@tonic-gate qop_req = GSS_C_QOP_DEFAULT; 1387*7c478bd9Sstevel@tonic-gate 1388*7c478bd9Sstevel@tonic-gate /* set up the arguments specified in the input parameters */ 1389*7c478bd9Sstevel@tonic-gate 1390*7c478bd9Sstevel@tonic-gate if (argc == 0) { 1391*7c478bd9Sstevel@tonic-gate usage(); 1392*7c478bd9Sstevel@tonic-gate return; 1393*7c478bd9Sstevel@tonic-gate } 1394*7c478bd9Sstevel@tonic-gate 1395*7c478bd9Sstevel@tonic-gate 1396*7c478bd9Sstevel@tonic-gate if (strcmp(argv[0], "initiator") == 0) 1397*7c478bd9Sstevel@tonic-gate context_handle = initiator_context_handle; 1398*7c478bd9Sstevel@tonic-gate else if (strcmp(argv[0], "acceptor") == 0) 1399*7c478bd9Sstevel@tonic-gate context_handle = acceptor_context_handle; 1400*7c478bd9Sstevel@tonic-gate else { 1401*7c478bd9Sstevel@tonic-gate printf(gettext( 1402*7c478bd9Sstevel@tonic-gate "must specify either \"initiator\" or \"acceptor\"\n")); 1403*7c478bd9Sstevel@tonic-gate return; 1404*7c478bd9Sstevel@tonic-gate } 1405*7c478bd9Sstevel@tonic-gate 1406*7c478bd9Sstevel@tonic-gate argc--; 1407*7c478bd9Sstevel@tonic-gate argv++; 1408*7c478bd9Sstevel@tonic-gate 1409*7c478bd9Sstevel@tonic-gate if (argc == 0) { 1410*7c478bd9Sstevel@tonic-gate usage(); 1411*7c478bd9Sstevel@tonic-gate return; 1412*7c478bd9Sstevel@tonic-gate } 1413*7c478bd9Sstevel@tonic-gate 1414*7c478bd9Sstevel@tonic-gate message_buffer.length = strlen(argv[0])+1; 1415*7c478bd9Sstevel@tonic-gate message_buffer.value = (void *) MALLOC(message_buffer.length); 1416*7c478bd9Sstevel@tonic-gate strcpy(message_buffer.value, argv[0]); 1417*7c478bd9Sstevel@tonic-gate 1418*7c478bd9Sstevel@tonic-gate argc--; 1419*7c478bd9Sstevel@tonic-gate argv++; 1420*7c478bd9Sstevel@tonic-gate 1421*7c478bd9Sstevel@tonic-gate if (argc != 0) { 1422*7c478bd9Sstevel@tonic-gate usage(); 1423*7c478bd9Sstevel@tonic-gate return; 1424*7c478bd9Sstevel@tonic-gate } 1425*7c478bd9Sstevel@tonic-gate 1426*7c478bd9Sstevel@tonic-gate status = kgss_sign(&minor_status, 1427*7c478bd9Sstevel@tonic-gate context_handle, 1428*7c478bd9Sstevel@tonic-gate qop_req, 1429*7c478bd9Sstevel@tonic-gate &message_buffer, 1430*7c478bd9Sstevel@tonic-gate &msg_token, 1431*7c478bd9Sstevel@tonic-gate uid); 1432*7c478bd9Sstevel@tonic-gate 1433*7c478bd9Sstevel@tonic-gate /* store major and minor status for gss_display_status() call */ 1434*7c478bd9Sstevel@tonic-gate 1435*7c478bd9Sstevel@tonic-gate gss_major_code = status; 1436*7c478bd9Sstevel@tonic-gate gss_minor_code = minor_status; 1437*7c478bd9Sstevel@tonic-gate 1438*7c478bd9Sstevel@tonic-gate if (status != GSS_S_COMPLETE) { 1439*7c478bd9Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"), 1440*7c478bd9Sstevel@tonic-gate status, gettext("gss_sign error")); 1441*7c478bd9Sstevel@tonic-gate return; 1442*7c478bd9Sstevel@tonic-gate 1443*7c478bd9Sstevel@tonic-gate } else { 1444*7c478bd9Sstevel@tonic-gate printf(gettext("\nsign succeeded\n\n")); 1445*7c478bd9Sstevel@tonic-gate return; 1446*7c478bd9Sstevel@tonic-gate } 1447*7c478bd9Sstevel@tonic-gate } 1448*7c478bd9Sstevel@tonic-gate 1449*7c478bd9Sstevel@tonic-gate static void 1450*7c478bd9Sstevel@tonic-gate _gss_verify(argc, argv) 1451*7c478bd9Sstevel@tonic-gate int argc; 1452*7c478bd9Sstevel@tonic-gate char **argv; 1453*7c478bd9Sstevel@tonic-gate { 1454*7c478bd9Sstevel@tonic-gate OM_UINT32 status, minor_status; 1455*7c478bd9Sstevel@tonic-gate gss_ctx_id_t context_handle; 1456*7c478bd9Sstevel@tonic-gate int qop_state; 1457*7c478bd9Sstevel@tonic-gate uid_t uid; 1458*7c478bd9Sstevel@tonic-gate 1459*7c478bd9Sstevel@tonic-gate uid = (uid_t) getuid(); 1460*7c478bd9Sstevel@tonic-gate 1461*7c478bd9Sstevel@tonic-gate /* set up the arguments specified in the input parameters */ 1462*7c478bd9Sstevel@tonic-gate 1463*7c478bd9Sstevel@tonic-gate if (argc == 0) { 1464*7c478bd9Sstevel@tonic-gate usage(); 1465*7c478bd9Sstevel@tonic-gate return; 1466*7c478bd9Sstevel@tonic-gate } 1467*7c478bd9Sstevel@tonic-gate 1468*7c478bd9Sstevel@tonic-gate 1469*7c478bd9Sstevel@tonic-gate if (strcmp(argv[0], "initiator") == 0) 1470*7c478bd9Sstevel@tonic-gate context_handle = initiator_context_handle; 1471*7c478bd9Sstevel@tonic-gate else if (strcmp(argv[0], "acceptor") == 0) 1472*7c478bd9Sstevel@tonic-gate context_handle = acceptor_context_handle; 1473*7c478bd9Sstevel@tonic-gate else { 1474*7c478bd9Sstevel@tonic-gate printf(gettext( 1475*7c478bd9Sstevel@tonic-gate "must specify either \"initiator\" or \"acceptor\"\n")); 1476*7c478bd9Sstevel@tonic-gate return; 1477*7c478bd9Sstevel@tonic-gate } 1478*7c478bd9Sstevel@tonic-gate 1479*7c478bd9Sstevel@tonic-gate argc--; 1480*7c478bd9Sstevel@tonic-gate argv++; 1481*7c478bd9Sstevel@tonic-gate 1482*7c478bd9Sstevel@tonic-gate if (argc != 0) { 1483*7c478bd9Sstevel@tonic-gate usage(); 1484*7c478bd9Sstevel@tonic-gate return; 1485*7c478bd9Sstevel@tonic-gate } 1486*7c478bd9Sstevel@tonic-gate 1487*7c478bd9Sstevel@tonic-gate status = kgss_verify(&minor_status, 1488*7c478bd9Sstevel@tonic-gate context_handle, 1489*7c478bd9Sstevel@tonic-gate &message_buffer, 1490*7c478bd9Sstevel@tonic-gate &msg_token, 1491*7c478bd9Sstevel@tonic-gate &qop_state, 1492*7c478bd9Sstevel@tonic-gate uid); 1493*7c478bd9Sstevel@tonic-gate 1494*7c478bd9Sstevel@tonic-gate /* store major and minor status for gss_display_status() call */ 1495*7c478bd9Sstevel@tonic-gate 1496*7c478bd9Sstevel@tonic-gate gss_major_code = status; 1497*7c478bd9Sstevel@tonic-gate gss_minor_code = minor_status; 1498*7c478bd9Sstevel@tonic-gate 1499*7c478bd9Sstevel@tonic-gate if (status != GSS_S_COMPLETE) { 1500*7c478bd9Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"), 1501*7c478bd9Sstevel@tonic-gate status, gettext("gss_verify error")); 1502*7c478bd9Sstevel@tonic-gate return; 1503*7c478bd9Sstevel@tonic-gate } else { 1504*7c478bd9Sstevel@tonic-gate 1505*7c478bd9Sstevel@tonic-gate /* print out the verified message */ 1506*7c478bd9Sstevel@tonic-gate 1507*7c478bd9Sstevel@tonic-gate printf(gettext( 1508*7c478bd9Sstevel@tonic-gate "verified message = \"%s\"\n\n"), message_buffer.value); 1509*7c478bd9Sstevel@tonic-gate 1510*7c478bd9Sstevel@tonic-gate /* print out the quality of protection returned */ 1511*7c478bd9Sstevel@tonic-gate 1512*7c478bd9Sstevel@tonic-gate printf(gettext("quality of protection = %d \n\n"), qop_state); 1513*7c478bd9Sstevel@tonic-gate 1514*7c478bd9Sstevel@tonic-gate /* free the message buffer and message token and return */ 1515*7c478bd9Sstevel@tonic-gate 1516*7c478bd9Sstevel@tonic-gate gss_release_buffer(&minor_status, &message_buffer); 1517*7c478bd9Sstevel@tonic-gate gss_release_buffer(&minor_status, &msg_token); 1518*7c478bd9Sstevel@tonic-gate 1519*7c478bd9Sstevel@tonic-gate return; 1520*7c478bd9Sstevel@tonic-gate } 1521*7c478bd9Sstevel@tonic-gate } 1522*7c478bd9Sstevel@tonic-gate 1523*7c478bd9Sstevel@tonic-gate /* EXPORT DELETE START */ 1524*7c478bd9Sstevel@tonic-gate static void 1525*7c478bd9Sstevel@tonic-gate _gss_seal(argc, argv) 1526*7c478bd9Sstevel@tonic-gate int argc; 1527*7c478bd9Sstevel@tonic-gate char **argv; 1528*7c478bd9Sstevel@tonic-gate { 1529*7c478bd9Sstevel@tonic-gate OM_UINT32 status; 1530*7c478bd9Sstevel@tonic-gate 1531*7c478bd9Sstevel@tonic-gate OM_uint32 minor_status; 1532*7c478bd9Sstevel@tonic-gate gss_ctx_id_t context_handle; 1533*7c478bd9Sstevel@tonic-gate int conf_req_flag; 1534*7c478bd9Sstevel@tonic-gate int qop_req; 1535*7c478bd9Sstevel@tonic-gate gss_buffer_desc input_message_buffer; 1536*7c478bd9Sstevel@tonic-gate int conf_state; 1537*7c478bd9Sstevel@tonic-gate uid_t uid; 1538*7c478bd9Sstevel@tonic-gate 1539*7c478bd9Sstevel@tonic-gate uid = (uid_t) getuid(); 1540*7c478bd9Sstevel@tonic-gate 1541*7c478bd9Sstevel@tonic-gate /* 1542*7c478bd9Sstevel@tonic-gate * specify the default confidentiality requested (both integrity 1543*7c478bd9Sstevel@tonic-gate * and confidentiality) and quality of protection 1544*7c478bd9Sstevel@tonic-gate */ 1545*7c478bd9Sstevel@tonic-gate 1546*7c478bd9Sstevel@tonic-gate conf_req_flag = 1; 1547*7c478bd9Sstevel@tonic-gate qop_req = GSS_C_QOP_DEFAULT; 1548*7c478bd9Sstevel@tonic-gate 1549*7c478bd9Sstevel@tonic-gate /* set up the arguments specified in the input parameters */ 1550*7c478bd9Sstevel@tonic-gate 1551*7c478bd9Sstevel@tonic-gate if (argc == 0) { 1552*7c478bd9Sstevel@tonic-gate usage(); 1553*7c478bd9Sstevel@tonic-gate return; 1554*7c478bd9Sstevel@tonic-gate } 1555*7c478bd9Sstevel@tonic-gate 1556*7c478bd9Sstevel@tonic-gate 1557*7c478bd9Sstevel@tonic-gate if (strcmp(argv[0], "initiator") == 0) 1558*7c478bd9Sstevel@tonic-gate context_handle = initiator_context_handle; 1559*7c478bd9Sstevel@tonic-gate else if (strcmp(argv[0], "acceptor") == 0) 1560*7c478bd9Sstevel@tonic-gate context_handle = acceptor_context_handle; 1561*7c478bd9Sstevel@tonic-gate else { 1562*7c478bd9Sstevel@tonic-gate printf(gettext( 1563*7c478bd9Sstevel@tonic-gate "must specify either \"initiator\" or \"acceptor\"\n")); 1564*7c478bd9Sstevel@tonic-gate return; 1565*7c478bd9Sstevel@tonic-gate } 1566*7c478bd9Sstevel@tonic-gate 1567*7c478bd9Sstevel@tonic-gate argc--; 1568*7c478bd9Sstevel@tonic-gate argv++; 1569*7c478bd9Sstevel@tonic-gate 1570*7c478bd9Sstevel@tonic-gate if (argc == 0) { 1571*7c478bd9Sstevel@tonic-gate usage(); 1572*7c478bd9Sstevel@tonic-gate return; 1573*7c478bd9Sstevel@tonic-gate } 1574*7c478bd9Sstevel@tonic-gate 1575*7c478bd9Sstevel@tonic-gate 1576*7c478bd9Sstevel@tonic-gate input_message_buffer.length = strlen(argv[0])+1; 1577*7c478bd9Sstevel@tonic-gate input_message_buffer.value = 1578*7c478bd9Sstevel@tonic-gate (void *) MALLOC(input_message_buffer.length); 1579*7c478bd9Sstevel@tonic-gate strcpy(input_message_buffer.value, argv[0]); 1580*7c478bd9Sstevel@tonic-gate 1581*7c478bd9Sstevel@tonic-gate argc--; 1582*7c478bd9Sstevel@tonic-gate argv++; 1583*7c478bd9Sstevel@tonic-gate 1584*7c478bd9Sstevel@tonic-gate if (argc != 0) { 1585*7c478bd9Sstevel@tonic-gate usage(); 1586*7c478bd9Sstevel@tonic-gate return; 1587*7c478bd9Sstevel@tonic-gate } 1588*7c478bd9Sstevel@tonic-gate 1589*7c478bd9Sstevel@tonic-gate status = kgss_seal(&minor_status, 1590*7c478bd9Sstevel@tonic-gate context_handle, 1591*7c478bd9Sstevel@tonic-gate conf_req_flag, 1592*7c478bd9Sstevel@tonic-gate qop_req, 1593*7c478bd9Sstevel@tonic-gate &input_message_buffer, 1594*7c478bd9Sstevel@tonic-gate &conf_state, 1595*7c478bd9Sstevel@tonic-gate &message_buffer, 1596*7c478bd9Sstevel@tonic-gate uid); 1597*7c478bd9Sstevel@tonic-gate 1598*7c478bd9Sstevel@tonic-gate /* store major and minor status for gss_display_status() call */ 1599*7c478bd9Sstevel@tonic-gate 1600*7c478bd9Sstevel@tonic-gate gss_major_code = status; 1601*7c478bd9Sstevel@tonic-gate gss_minor_code = minor_status; 1602*7c478bd9Sstevel@tonic-gate 1603*7c478bd9Sstevel@tonic-gate /* free the inputmessage buffer */ 1604*7c478bd9Sstevel@tonic-gate 1605*7c478bd9Sstevel@tonic-gate gss_release_buffer(&minor_status, &input_message_buffer); 1606*7c478bd9Sstevel@tonic-gate 1607*7c478bd9Sstevel@tonic-gate if (status != GSS_S_COMPLETE) { 1608*7c478bd9Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"), 1609*7c478bd9Sstevel@tonic-gate status, gettext("gss_seal error")); 1610*7c478bd9Sstevel@tonic-gate return; 1611*7c478bd9Sstevel@tonic-gate } else { 1612*7c478bd9Sstevel@tonic-gate printf(gettext("\nseal succeeded\n\n")); 1613*7c478bd9Sstevel@tonic-gate return; 1614*7c478bd9Sstevel@tonic-gate } 1615*7c478bd9Sstevel@tonic-gate } 1616*7c478bd9Sstevel@tonic-gate 1617*7c478bd9Sstevel@tonic-gate static void 1618*7c478bd9Sstevel@tonic-gate _gss_unseal(argc, argv) 1619*7c478bd9Sstevel@tonic-gate int argc; 1620*7c478bd9Sstevel@tonic-gate char **argv; 1621*7c478bd9Sstevel@tonic-gate { 1622*7c478bd9Sstevel@tonic-gate OM_UINT32 status; 1623*7c478bd9Sstevel@tonic-gate 1624*7c478bd9Sstevel@tonic-gate OM_uint32 minor_status; 1625*7c478bd9Sstevel@tonic-gate gss_ctx_id_t context_handle; 1626*7c478bd9Sstevel@tonic-gate gss_buffer_desc output_message_buffer; 1627*7c478bd9Sstevel@tonic-gate int conf_state; 1628*7c478bd9Sstevel@tonic-gate int qop_state; 1629*7c478bd9Sstevel@tonic-gate uid_t uid; 1630*7c478bd9Sstevel@tonic-gate 1631*7c478bd9Sstevel@tonic-gate uid = (uid_t) getuid(); 1632*7c478bd9Sstevel@tonic-gate 1633*7c478bd9Sstevel@tonic-gate /* set up the arguments specified in the input parameters */ 1634*7c478bd9Sstevel@tonic-gate 1635*7c478bd9Sstevel@tonic-gate if (argc == 0) { 1636*7c478bd9Sstevel@tonic-gate usage(); 1637*7c478bd9Sstevel@tonic-gate return; 1638*7c478bd9Sstevel@tonic-gate } 1639*7c478bd9Sstevel@tonic-gate 1640*7c478bd9Sstevel@tonic-gate 1641*7c478bd9Sstevel@tonic-gate if (strcmp(argv[0], "initiator") == 0) 1642*7c478bd9Sstevel@tonic-gate context_handle = initiator_context_handle; 1643*7c478bd9Sstevel@tonic-gate else if (strcmp(argv[0], "acceptor") == 0) 1644*7c478bd9Sstevel@tonic-gate context_handle = acceptor_context_handle; 1645*7c478bd9Sstevel@tonic-gate else { 1646*7c478bd9Sstevel@tonic-gate printf(gettext( 1647*7c478bd9Sstevel@tonic-gate "must specify either \"initiator\" or \"acceptor\"\n")); 1648*7c478bd9Sstevel@tonic-gate return; 1649*7c478bd9Sstevel@tonic-gate } 1650*7c478bd9Sstevel@tonic-gate 1651*7c478bd9Sstevel@tonic-gate argc--; 1652*7c478bd9Sstevel@tonic-gate argv++; 1653*7c478bd9Sstevel@tonic-gate 1654*7c478bd9Sstevel@tonic-gate if (argc != 0) { 1655*7c478bd9Sstevel@tonic-gate usage(); 1656*7c478bd9Sstevel@tonic-gate return; 1657*7c478bd9Sstevel@tonic-gate } 1658*7c478bd9Sstevel@tonic-gate 1659*7c478bd9Sstevel@tonic-gate status = kgss_unseal(&minor_status, 1660*7c478bd9Sstevel@tonic-gate context_handle, 1661*7c478bd9Sstevel@tonic-gate &message_buffer, 1662*7c478bd9Sstevel@tonic-gate &output_message_buffer, 1663*7c478bd9Sstevel@tonic-gate &conf_state, 1664*7c478bd9Sstevel@tonic-gate &qop_state, 1665*7c478bd9Sstevel@tonic-gate uid); 1666*7c478bd9Sstevel@tonic-gate 1667*7c478bd9Sstevel@tonic-gate /* store major and minor status for gss_display_status() call */ 1668*7c478bd9Sstevel@tonic-gate 1669*7c478bd9Sstevel@tonic-gate gss_major_code = status; 1670*7c478bd9Sstevel@tonic-gate gss_minor_code = minor_status; 1671*7c478bd9Sstevel@tonic-gate 1672*7c478bd9Sstevel@tonic-gate if (status == GSS_S_COMPLETE) { 1673*7c478bd9Sstevel@tonic-gate printf(gettext("\nunseal succeeded\n\n")); 1674*7c478bd9Sstevel@tonic-gate printf(gettext("unsealed message = \"%s\"\n\n"), 1675*7c478bd9Sstevel@tonic-gate output_message_buffer.value); 1676*7c478bd9Sstevel@tonic-gate if (conf_state) 1677*7c478bd9Sstevel@tonic-gate printf(gettext("confidentiality and integrity used\n")); 1678*7c478bd9Sstevel@tonic-gate else 1679*7c478bd9Sstevel@tonic-gate printf(gettext("only integrity used\n")); 1680*7c478bd9Sstevel@tonic-gate printf(gettext("quality of protection = %d\n\n"), qop_state); 1681*7c478bd9Sstevel@tonic-gate gss_release_buffer(&minor_status, &output_message_buffer); 1682*7c478bd9Sstevel@tonic-gate } else { 1683*7c478bd9Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"), 1684*7c478bd9Sstevel@tonic-gate status, gettext("gss_unseal error")); 1685*7c478bd9Sstevel@tonic-gate } 1686*7c478bd9Sstevel@tonic-gate 1687*7c478bd9Sstevel@tonic-gate /* free the message buffer and return */ 1688*7c478bd9Sstevel@tonic-gate 1689*7c478bd9Sstevel@tonic-gate gss_release_buffer(&minor_status, &message_buffer); 1690*7c478bd9Sstevel@tonic-gate } 1691*7c478bd9Sstevel@tonic-gate /* EXPORT DELETE END */ 1692*7c478bd9Sstevel@tonic-gate 1693*7c478bd9Sstevel@tonic-gate static void 1694*7c478bd9Sstevel@tonic-gate _gss_display_status(argc, argv) 1695*7c478bd9Sstevel@tonic-gate int argc; 1696*7c478bd9Sstevel@tonic-gate char **argv; 1697*7c478bd9Sstevel@tonic-gate { 1698*7c478bd9Sstevel@tonic-gate OM_UINT32 status; 1699*7c478bd9Sstevel@tonic-gate OM_uint32 minor_status; 1700*7c478bd9Sstevel@tonic-gate int status_type; 1701*7c478bd9Sstevel@tonic-gate int status_value; 1702*7c478bd9Sstevel@tonic-gate gss_OID mech_type = (gss_OID) 0; 1703*7c478bd9Sstevel@tonic-gate int message_context; 1704*7c478bd9Sstevel@tonic-gate gss_buffer_desc status_string; 1705*7c478bd9Sstevel@tonic-gate uid_t uid; 1706*7c478bd9Sstevel@tonic-gate 1707*7c478bd9Sstevel@tonic-gate uid = (uid_t) getuid(); 1708*7c478bd9Sstevel@tonic-gate 1709*7c478bd9Sstevel@tonic-gate /* initialize message context to zero */ 1710*7c478bd9Sstevel@tonic-gate 1711*7c478bd9Sstevel@tonic-gate message_context = 0; 1712*7c478bd9Sstevel@tonic-gate 1713*7c478bd9Sstevel@tonic-gate if (argc == 0) { 1714*7c478bd9Sstevel@tonic-gate printf(gettext("Assuming Kerberos V5 as the mechanism\n")); 1715*7c478bd9Sstevel@tonic-gate printf(gettext( 1716*7c478bd9Sstevel@tonic-gate "The mech OID 1.2.840.113554.1.2.2 will be used\n")); 1717*7c478bd9Sstevel@tonic-gate mech_type = gss_str2oid((char *)GSS_KRB5_MECH_OID); 1718*7c478bd9Sstevel@tonic-gate } else 1719*7c478bd9Sstevel@tonic-gate mech_type = gss_str2oid(argv[0]); 1720*7c478bd9Sstevel@tonic-gate 1721*7c478bd9Sstevel@tonic-gate if (mech_type == 0 || mech_type->length == 0) { 1722*7c478bd9Sstevel@tonic-gate printf(gettext("improperly formated mechanism OID\n")); 1723*7c478bd9Sstevel@tonic-gate return; 1724*7c478bd9Sstevel@tonic-gate } 1725*7c478bd9Sstevel@tonic-gate 1726*7c478bd9Sstevel@tonic-gate /* Is this call for the major or minor status? */ 1727*7c478bd9Sstevel@tonic-gate 1728*7c478bd9Sstevel@tonic-gate if (strcmp(argv[0], "major") == 0) { 1729*7c478bd9Sstevel@tonic-gate status_type = GSS_C_GSS_CODE; 1730*7c478bd9Sstevel@tonic-gate status_value = gss_major_code; 1731*7c478bd9Sstevel@tonic-gate } else if (strcmp(argv[0], "minor") == 0) { 1732*7c478bd9Sstevel@tonic-gate status_type = GSS_C_MECH_CODE; 1733*7c478bd9Sstevel@tonic-gate status_value = gss_minor_code; 1734*7c478bd9Sstevel@tonic-gate } else { 1735*7c478bd9Sstevel@tonic-gate printf(gettext("must specify either \"major\" or \"minor\"\n")); 1736*7c478bd9Sstevel@tonic-gate return; 1737*7c478bd9Sstevel@tonic-gate } 1738*7c478bd9Sstevel@tonic-gate 1739*7c478bd9Sstevel@tonic-gate argc--; 1740*7c478bd9Sstevel@tonic-gate argv++; 1741*7c478bd9Sstevel@tonic-gate 1742*7c478bd9Sstevel@tonic-gate if (argc != 0) { 1743*7c478bd9Sstevel@tonic-gate usage(); 1744*7c478bd9Sstevel@tonic-gate return; 1745*7c478bd9Sstevel@tonic-gate } 1746*7c478bd9Sstevel@tonic-gate 1747*7c478bd9Sstevel@tonic-gate status = kgss_display_status(&minor_status, 1748*7c478bd9Sstevel@tonic-gate status_value, 1749*7c478bd9Sstevel@tonic-gate status_type, 1750*7c478bd9Sstevel@tonic-gate mech_type, 1751*7c478bd9Sstevel@tonic-gate &message_context, 1752*7c478bd9Sstevel@tonic-gate &status_string, 1753*7c478bd9Sstevel@tonic-gate uid); 1754*7c478bd9Sstevel@tonic-gate 1755*7c478bd9Sstevel@tonic-gate if (status == GSS_S_COMPLETE) { 1756*7c478bd9Sstevel@tonic-gate printf(gettext("status =\n %s\n\n"), status_string.value); 1757*7c478bd9Sstevel@tonic-gate } else if (status == GSS_S_BAD_MECH) { 1758*7c478bd9Sstevel@tonic-gate printf(gettext("invalide mechanism OID\n\n")); 1759*7c478bd9Sstevel@tonic-gate } else { 1760*7c478bd9Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"), 1761*7c478bd9Sstevel@tonic-gate status, gettext("gss_display_status error")); 1762*7c478bd9Sstevel@tonic-gate } 1763*7c478bd9Sstevel@tonic-gate } 1764*7c478bd9Sstevel@tonic-gate 1765*7c478bd9Sstevel@tonic-gate /*ARGSUSED*/ 1766*7c478bd9Sstevel@tonic-gate static void 1767*7c478bd9Sstevel@tonic-gate _gss_indicate_mechs(argc, argv) 1768*7c478bd9Sstevel@tonic-gate int argc; 1769*7c478bd9Sstevel@tonic-gate char **argv; 1770*7c478bd9Sstevel@tonic-gate { 1771*7c478bd9Sstevel@tonic-gate OM_UINT32 status; 1772*7c478bd9Sstevel@tonic-gate OM_UINT32 minor_status; 1773*7c478bd9Sstevel@tonic-gate gss_OID_set oid_set = GSS_C_NULL_OID_SET; 1774*7c478bd9Sstevel@tonic-gate uid_t uid; 1775*7c478bd9Sstevel@tonic-gate 1776*7c478bd9Sstevel@tonic-gate uid = (uid_t) getuid(); 1777*7c478bd9Sstevel@tonic-gate 1778*7c478bd9Sstevel@tonic-gate /* set up input arguments here */ 1779*7c478bd9Sstevel@tonic-gate 1780*7c478bd9Sstevel@tonic-gate if (argc != 0) { 1781*7c478bd9Sstevel@tonic-gate usage(); 1782*7c478bd9Sstevel@tonic-gate return; 1783*7c478bd9Sstevel@tonic-gate } 1784*7c478bd9Sstevel@tonic-gate 1785*7c478bd9Sstevel@tonic-gate status = kgss_indicate_mechs(&minor_status, &oid_set, uid); 1786*7c478bd9Sstevel@tonic-gate 1787*7c478bd9Sstevel@tonic-gate if (status == GSS_S_COMPLETE) { 1788*7c478bd9Sstevel@tonic-gate int i; 1789*7c478bd9Sstevel@tonic-gate char *string; 1790*7c478bd9Sstevel@tonic-gate 1791*7c478bd9Sstevel@tonic-gate printf(gettext("%d supported mechanism%s%s\n"), oid_set->count, 1792*7c478bd9Sstevel@tonic-gate (oid_set->count == 1) ? "" : "s", 1793*7c478bd9Sstevel@tonic-gate (oid_set->count > 0) ? ":" : ""); 1794*7c478bd9Sstevel@tonic-gate 1795*7c478bd9Sstevel@tonic-gate for (i = 0; i < oid_set->count; i++) { 1796*7c478bd9Sstevel@tonic-gate string = gss_oid2str(&oid_set->elements[i]); 1797*7c478bd9Sstevel@tonic-gate printf(gettext("\t%s\n"), string); 1798*7c478bd9Sstevel@tonic-gate FREE(string, ((oid_set->elements[i].length+1)*4)+1); 1799*7c478bd9Sstevel@tonic-gate } 1800*7c478bd9Sstevel@tonic-gate printf("\n"); 1801*7c478bd9Sstevel@tonic-gate 1802*7c478bd9Sstevel@tonic-gate } else { 1803*7c478bd9Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"), 1804*7c478bd9Sstevel@tonic-gate status, gettext("gss_indicate_mechs error")); 1805*7c478bd9Sstevel@tonic-gate } 1806*7c478bd9Sstevel@tonic-gate 1807*7c478bd9Sstevel@tonic-gate if (oid_set) 1808*7c478bd9Sstevel@tonic-gate gss_release_oid_set_and_oids(&minor_status, &oid_set); 1809*7c478bd9Sstevel@tonic-gate } 1810*7c478bd9Sstevel@tonic-gate 1811*7c478bd9Sstevel@tonic-gate /*ARGSUSED*/ 1812*7c478bd9Sstevel@tonic-gate static void 1813*7c478bd9Sstevel@tonic-gate _gss_inquire_cred(argc, argv) 1814*7c478bd9Sstevel@tonic-gate int argc; 1815*7c478bd9Sstevel@tonic-gate char **argv; 1816*7c478bd9Sstevel@tonic-gate { 1817*7c478bd9Sstevel@tonic-gate /* set up input arguments here */ 1818*7c478bd9Sstevel@tonic-gate 1819*7c478bd9Sstevel@tonic-gate if (argc != 0) { 1820*7c478bd9Sstevel@tonic-gate usage(); 1821*7c478bd9Sstevel@tonic-gate return; 1822*7c478bd9Sstevel@tonic-gate } 1823*7c478bd9Sstevel@tonic-gate 1824*7c478bd9Sstevel@tonic-gate 1825*7c478bd9Sstevel@tonic-gate /* this function is unimplemented. Call usage() and return */ 1826*7c478bd9Sstevel@tonic-gate 1827*7c478bd9Sstevel@tonic-gate printf(gettext("\nUnsupported function")); 1828*7c478bd9Sstevel@tonic-gate } 1829*7c478bd9Sstevel@tonic-gate 1830*7c478bd9Sstevel@tonic-gate static char hexChars[] = "0123456789ABCDEF"; 1831*7c478bd9Sstevel@tonic-gate 1832*7c478bd9Sstevel@tonic-gate static void 1833*7c478bd9Sstevel@tonic-gate _gssd_expname_to_unix_cred(argc, argv) 1834*7c478bd9Sstevel@tonic-gate int argc; 1835*7c478bd9Sstevel@tonic-gate char **argv; 1836*7c478bd9Sstevel@tonic-gate { 1837*7c478bd9Sstevel@tonic-gate OM_uint32 major; 1838*7c478bd9Sstevel@tonic-gate gss_buffer_desc expName; 1839*7c478bd9Sstevel@tonic-gate char krb5_root_name[] = "040100092A864886F712010202000000" 1840*7c478bd9Sstevel@tonic-gate "25000A2A864886F71201020101726F6F744053554E534F46" 1841*7c478bd9Sstevel@tonic-gate "542E454E472E53554E2E434F4D00"; 1842*7c478bd9Sstevel@tonic-gate unsigned char *byteStr, *hexStr; 1843*7c478bd9Sstevel@tonic-gate uid_t uidOut, uidIn; 1844*7c478bd9Sstevel@tonic-gate gid_t *gids, gidOut; 1845*7c478bd9Sstevel@tonic-gate int gidsLen, i, newLen; 1846*7c478bd9Sstevel@tonic-gate 1847*7c478bd9Sstevel@tonic-gate /* set up the arguments */ 1848*7c478bd9Sstevel@tonic-gate uidIn = (uid_t) getuid(); 1849*7c478bd9Sstevel@tonic-gate 1850*7c478bd9Sstevel@tonic-gate if (argc < 1) { 1851*7c478bd9Sstevel@tonic-gate printf(gettext( 1852*7c478bd9Sstevel@tonic-gate "Using principal name of root for krberos_v5\n")); 1853*7c478bd9Sstevel@tonic-gate expName.value = (void*)krb5_root_name; 1854*7c478bd9Sstevel@tonic-gate expName.length = strlen(krb5_root_name); 1855*7c478bd9Sstevel@tonic-gate } else { 1856*7c478bd9Sstevel@tonic-gate expName.value = (void*)argv[0]; 1857*7c478bd9Sstevel@tonic-gate expName.length = strlen(argv[0]); 1858*7c478bd9Sstevel@tonic-gate } 1859*7c478bd9Sstevel@tonic-gate 1860*7c478bd9Sstevel@tonic-gate /* convert the name from hex to byte... */ 1861*7c478bd9Sstevel@tonic-gate hexStr = (unsigned char *)expName.value; 1862*7c478bd9Sstevel@tonic-gate newLen = expName.length/2; 1863*7c478bd9Sstevel@tonic-gate byteStr = (unsigned char *)MALLOC(newLen+1); 1864*7c478bd9Sstevel@tonic-gate expName.value = (char *)byteStr; 1865*7c478bd9Sstevel@tonic-gate for (i = 0; i < expName.length; i += 2) { 1866*7c478bd9Sstevel@tonic-gate *byteStr = (strchr(hexChars, *hexStr++) - hexChars) << 4; 1867*7c478bd9Sstevel@tonic-gate *byteStr += (strchr(hexChars, *hexStr++) - hexChars); 1868*7c478bd9Sstevel@tonic-gate byteStr++; 1869*7c478bd9Sstevel@tonic-gate } 1870*7c478bd9Sstevel@tonic-gate expName.length = newLen; 1871*7c478bd9Sstevel@tonic-gate 1872*7c478bd9Sstevel@tonic-gate major = kgsscred_expname_to_unix_cred(&expName, &uidOut, &gidOut, 1873*7c478bd9Sstevel@tonic-gate &gids, &gidsLen, uidIn); 1874*7c478bd9Sstevel@tonic-gate 1875*7c478bd9Sstevel@tonic-gate FREE(expName.value, newLen); 1876*7c478bd9Sstevel@tonic-gate 1877*7c478bd9Sstevel@tonic-gate if (major == GSS_S_COMPLETE) { 1878*7c478bd9Sstevel@tonic-gate printf(gettext("uid = <%d>\tgid = <%d>\t"), uidOut, gidOut); 1879*7c478bd9Sstevel@tonic-gate if (gidsLen > 0) 1880*7c478bd9Sstevel@tonic-gate printf(gettext(" %d gids <"), gidsLen); 1881*7c478bd9Sstevel@tonic-gate else 1882*7c478bd9Sstevel@tonic-gate printf(gettext( 1883*7c478bd9Sstevel@tonic-gate " no supplementary group information\n")); 1884*7c478bd9Sstevel@tonic-gate for (i = 0; i < gidsLen; i++) 1885*7c478bd9Sstevel@tonic-gate printf(" %d ", gids[i]); 1886*7c478bd9Sstevel@tonic-gate if (gidsLen > 0) { 1887*7c478bd9Sstevel@tonic-gate printf(">\n"); 1888*7c478bd9Sstevel@tonic-gate FREE(gids, gidsLen * sizeof (gid_t)); 1889*7c478bd9Sstevel@tonic-gate } 1890*7c478bd9Sstevel@tonic-gate } else { 1891*7c478bd9Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"), 1892*7c478bd9Sstevel@tonic-gate major, gettext("gsscred_expname_to_unix_cred")); 1893*7c478bd9Sstevel@tonic-gate } 1894*7c478bd9Sstevel@tonic-gate } 1895*7c478bd9Sstevel@tonic-gate 1896*7c478bd9Sstevel@tonic-gate static void 1897*7c478bd9Sstevel@tonic-gate _gssd_name_to_unix_cred(argc, argv) 1898*7c478bd9Sstevel@tonic-gate int argc; 1899*7c478bd9Sstevel@tonic-gate char **argv; 1900*7c478bd9Sstevel@tonic-gate { 1901*7c478bd9Sstevel@tonic-gate OM_uint32 major, minor; 1902*7c478bd9Sstevel@tonic-gate gss_name_t gssName; 1903*7c478bd9Sstevel@tonic-gate gss_buffer_desc gssBuf = GSS_C_EMPTY_BUFFER; 1904*7c478bd9Sstevel@tonic-gate int gidsLen, i; 1905*7c478bd9Sstevel@tonic-gate gid_t *gids, gidOut; 1906*7c478bd9Sstevel@tonic-gate uid_t uidOut, uid; 1907*7c478bd9Sstevel@tonic-gate char defaultPrincipal[] = "root"; 1908*7c478bd9Sstevel@tonic-gate gss_OID mechType, nameType; 1909*7c478bd9Sstevel@tonic-gate 1910*7c478bd9Sstevel@tonic-gate uid = getuid(); 1911*7c478bd9Sstevel@tonic-gate 1912*7c478bd9Sstevel@tonic-gate /* optional argument 1 - contains principal name */ 1913*7c478bd9Sstevel@tonic-gate if (argc > 0) { 1914*7c478bd9Sstevel@tonic-gate gssBuf.value = (void *)argv[0]; 1915*7c478bd9Sstevel@tonic-gate gssBuf.length = strlen((char *)argv[0]); 1916*7c478bd9Sstevel@tonic-gate } else { 1917*7c478bd9Sstevel@tonic-gate gssBuf.value = (void *)defaultPrincipal; 1918*7c478bd9Sstevel@tonic-gate gssBuf.length = strlen(defaultPrincipal); 1919*7c478bd9Sstevel@tonic-gate } 1920*7c478bd9Sstevel@tonic-gate printf(gettext( 1921*7c478bd9Sstevel@tonic-gate "Using <%s> as the principal name.\n"), (char *)gssBuf.value); 1922*7c478bd9Sstevel@tonic-gate 1923*7c478bd9Sstevel@tonic-gate 1924*7c478bd9Sstevel@tonic-gate /* optional argument 2 - contains name oid */ 1925*7c478bd9Sstevel@tonic-gate if (argc > 1) 1926*7c478bd9Sstevel@tonic-gate nameType = gss_str2oid((char *) argv[1]); 1927*7c478bd9Sstevel@tonic-gate else 1928*7c478bd9Sstevel@tonic-gate nameType = (gss_OID)GSS_C_NT_USER_NAME; 1929*7c478bd9Sstevel@tonic-gate 1930*7c478bd9Sstevel@tonic-gate if (nameType == NULL || nameType->length == 0) { 1931*7c478bd9Sstevel@tonic-gate printf(gettext("improperly formated name OID\n")); 1932*7c478bd9Sstevel@tonic-gate return; 1933*7c478bd9Sstevel@tonic-gate } 1934*7c478bd9Sstevel@tonic-gate printf(gettext("Principal name of type: <%s>.\n"), 1935*7c478bd9Sstevel@tonic-gate (argc > 1) ? argv[1] : "GSS_C_NT_USER_NAME"); 1936*7c478bd9Sstevel@tonic-gate 1937*7c478bd9Sstevel@tonic-gate 1938*7c478bd9Sstevel@tonic-gate /* optional argument 3 - contains mech oid */ 1939*7c478bd9Sstevel@tonic-gate if (argc > 2) 1940*7c478bd9Sstevel@tonic-gate mechType = gss_str2oid(argv[2]); 1941*7c478bd9Sstevel@tonic-gate else 1942*7c478bd9Sstevel@tonic-gate mechType = gss_str2oid((char *)GSS_KRB5_MECH_OID); 1943*7c478bd9Sstevel@tonic-gate 1944*7c478bd9Sstevel@tonic-gate if (mechType == NULL || mechType->length == NULL) { 1945*7c478bd9Sstevel@tonic-gate FREE(nameType->elements, nameType->length); 1946*7c478bd9Sstevel@tonic-gate FREE(nameType, sizeof (gss_OID_desc)); 1947*7c478bd9Sstevel@tonic-gate printf(gettext("improperly formated mech OID\n")); 1948*7c478bd9Sstevel@tonic-gate return; 1949*7c478bd9Sstevel@tonic-gate } 1950*7c478bd9Sstevel@tonic-gate printf(gettext("Mechanism oid: <%s>.\n"), 1951*7c478bd9Sstevel@tonic-gate (argc > 2) ? argv[2] : 1952*7c478bd9Sstevel@tonic-gate (char *)GSS_KRB5_MECH_OID "(Kerberos v5)"); 1953*7c478bd9Sstevel@tonic-gate 1954*7c478bd9Sstevel@tonic-gate 1955*7c478bd9Sstevel@tonic-gate /* convert the name to internal format */ 1956*7c478bd9Sstevel@tonic-gate if ((major = gss_import_name(&minor, &gssBuf, 1957*7c478bd9Sstevel@tonic-gate nameType, &gssName)) != GSS_S_COMPLETE) { 1958*7c478bd9Sstevel@tonic-gate printf(gettext("could not parse name: err (octal) %o (%s)\n"), 1959*7c478bd9Sstevel@tonic-gate major, "gss_import_name"); 1960*7c478bd9Sstevel@tonic-gate 1961*7c478bd9Sstevel@tonic-gate FREE(nameType->elements, nameType->length); 1962*7c478bd9Sstevel@tonic-gate FREE(nameType, sizeof (gss_OID_desc)); 1963*7c478bd9Sstevel@tonic-gate return; 1964*7c478bd9Sstevel@tonic-gate } 1965*7c478bd9Sstevel@tonic-gate 1966*7c478bd9Sstevel@tonic-gate major = kgsscred_name_to_unix_cred(gssName, mechType, &uidOut, 1967*7c478bd9Sstevel@tonic-gate &gidOut, &gids, &gidsLen, uid); 1968*7c478bd9Sstevel@tonic-gate 1969*7c478bd9Sstevel@tonic-gate gss_release_name(&minor, &gssName); 1970*7c478bd9Sstevel@tonic-gate FREE(mechType->elements, mechType->length); 1971*7c478bd9Sstevel@tonic-gate FREE(mechType, sizeof (gss_OID_desc)); 1972*7c478bd9Sstevel@tonic-gate if (argc > 1) { 1973*7c478bd9Sstevel@tonic-gate FREE(nameType->elements, nameType->length); 1974*7c478bd9Sstevel@tonic-gate FREE(nameType, sizeof (gss_OID_desc)); 1975*7c478bd9Sstevel@tonic-gate } 1976*7c478bd9Sstevel@tonic-gate 1977*7c478bd9Sstevel@tonic-gate if (major == GSS_S_COMPLETE) { 1978*7c478bd9Sstevel@tonic-gate printf("uid = <%d>\tgid = <%d>\t", uidOut, gidOut); 1979*7c478bd9Sstevel@tonic-gate if (gidsLen > 0) 1980*7c478bd9Sstevel@tonic-gate printf(gettext(" %d gids <"), gidsLen); 1981*7c478bd9Sstevel@tonic-gate else 1982*7c478bd9Sstevel@tonic-gate printf(gettext( 1983*7c478bd9Sstevel@tonic-gate " no supplementary group information\n")); 1984*7c478bd9Sstevel@tonic-gate for (i = 0; i < gidsLen; i++) 1985*7c478bd9Sstevel@tonic-gate printf(" %d ", gids[i]); 1986*7c478bd9Sstevel@tonic-gate if (gidsLen > 0) { 1987*7c478bd9Sstevel@tonic-gate printf(">\n"); 1988*7c478bd9Sstevel@tonic-gate FREE(gids, gidsLen * sizeof (gid_t)); 1989*7c478bd9Sstevel@tonic-gate } 1990*7c478bd9Sstevel@tonic-gate } else { 1991*7c478bd9Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"), 1992*7c478bd9Sstevel@tonic-gate major, gettext("gsscred_name_to_unix_cred")); 1993*7c478bd9Sstevel@tonic-gate } 1994*7c478bd9Sstevel@tonic-gate } 1995*7c478bd9Sstevel@tonic-gate 1996*7c478bd9Sstevel@tonic-gate static void 1997*7c478bd9Sstevel@tonic-gate _gssd_get_group_info(argc, argv) 1998*7c478bd9Sstevel@tonic-gate int argc; 1999*7c478bd9Sstevel@tonic-gate char **argv; 2000*7c478bd9Sstevel@tonic-gate { 2001*7c478bd9Sstevel@tonic-gate OM_uint32 major; 2002*7c478bd9Sstevel@tonic-gate uid_t puid, uidIn; 2003*7c478bd9Sstevel@tonic-gate gid_t *gids, gidOut; 2004*7c478bd9Sstevel@tonic-gate int gidsLen, i; 2005*7c478bd9Sstevel@tonic-gate 2006*7c478bd9Sstevel@tonic-gate /* set up the arguments */ 2007*7c478bd9Sstevel@tonic-gate uidIn = (uid_t) getuid(); 2008*7c478bd9Sstevel@tonic-gate 2009*7c478bd9Sstevel@tonic-gate if (argc < 1) 2010*7c478bd9Sstevel@tonic-gate puid = 0; 2011*7c478bd9Sstevel@tonic-gate else 2012*7c478bd9Sstevel@tonic-gate puid = atol(argv[0]); 2013*7c478bd9Sstevel@tonic-gate 2014*7c478bd9Sstevel@tonic-gate printf(gettext("Retrieving group info for uid of <%d>\n"), puid); 2015*7c478bd9Sstevel@tonic-gate 2016*7c478bd9Sstevel@tonic-gate major = kgss_get_group_info(puid, &gidOut, &gids, &gidsLen, uidIn); 2017*7c478bd9Sstevel@tonic-gate 2018*7c478bd9Sstevel@tonic-gate if (major == GSS_S_COMPLETE) { 2019*7c478bd9Sstevel@tonic-gate printf(gettext("group id = <%d>\t"), gidOut); 2020*7c478bd9Sstevel@tonic-gate if (gidsLen > 0) 2021*7c478bd9Sstevel@tonic-gate printf(gettext(" %d gids <"), gidsLen); 2022*7c478bd9Sstevel@tonic-gate else 2023*7c478bd9Sstevel@tonic-gate printf(gettext( 2024*7c478bd9Sstevel@tonic-gate " no supplementary group information\n")); 2025*7c478bd9Sstevel@tonic-gate for (i = 0; i < gidsLen; i++) 2026*7c478bd9Sstevel@tonic-gate printf(" %d ", gids[i]); 2027*7c478bd9Sstevel@tonic-gate if (gidsLen > 0) { 2028*7c478bd9Sstevel@tonic-gate printf(">\n"); 2029*7c478bd9Sstevel@tonic-gate FREE(gids, gidsLen * sizeof (gid_t)); 2030*7c478bd9Sstevel@tonic-gate } 2031*7c478bd9Sstevel@tonic-gate } else { 2032*7c478bd9Sstevel@tonic-gate printf(gettext("server ret err (octal) %o (%s)\n"), 2033*7c478bd9Sstevel@tonic-gate major, "gss_get_group_info"); 2034*7c478bd9Sstevel@tonic-gate } 2035*7c478bd9Sstevel@tonic-gate } 2036*7c478bd9Sstevel@tonic-gate 2037*7c478bd9Sstevel@tonic-gate static gss_OID 2038*7c478bd9Sstevel@tonic-gate gss_str2oid(string) 2039*7c478bd9Sstevel@tonic-gate char * string; 2040*7c478bd9Sstevel@tonic-gate { 2041*7c478bd9Sstevel@tonic-gate /* 2042*7c478bd9Sstevel@tonic-gate * a convenient wrapper routine for gss_str_to_oid 2043*7c478bd9Sstevel@tonic-gate * this can handle all valid oid strings. 2044*7c478bd9Sstevel@tonic-gate */ 2045*7c478bd9Sstevel@tonic-gate OM_uint32 minor; 2046*7c478bd9Sstevel@tonic-gate gss_buffer_desc abuf; 2047*7c478bd9Sstevel@tonic-gate gss_OID oidOut; 2048*7c478bd9Sstevel@tonic-gate 2049*7c478bd9Sstevel@tonic-gate abuf.value = (void*)string; 2050*7c478bd9Sstevel@tonic-gate abuf.length = strlen(string); 2051*7c478bd9Sstevel@tonic-gate 2052*7c478bd9Sstevel@tonic-gate if (gss_str_to_oid(&minor, &abuf, &oidOut) != GSS_S_COMPLETE) 2053*7c478bd9Sstevel@tonic-gate return (NULL); 2054*7c478bd9Sstevel@tonic-gate 2055*7c478bd9Sstevel@tonic-gate return (oidOut); 2056*7c478bd9Sstevel@tonic-gate } 2057*7c478bd9Sstevel@tonic-gate 2058*7c478bd9Sstevel@tonic-gate static char * 2059*7c478bd9Sstevel@tonic-gate gss_oid2str(oid) 2060*7c478bd9Sstevel@tonic-gate gss_OID oid; 2061*7c478bd9Sstevel@tonic-gate { 2062*7c478bd9Sstevel@tonic-gate /* 2063*7c478bd9Sstevel@tonic-gate * a convenient wrapper for gss_oid_to_str 2064*7c478bd9Sstevel@tonic-gate * this calls the GSS-API routine which should 2065*7c478bd9Sstevel@tonic-gate * be able to handle all types of oids. 2066*7c478bd9Sstevel@tonic-gate */ 2067*7c478bd9Sstevel@tonic-gate OM_uint32 minor; 2068*7c478bd9Sstevel@tonic-gate gss_buffer_desc oidStr; 2069*7c478bd9Sstevel@tonic-gate 2070*7c478bd9Sstevel@tonic-gate if (gss_oid_to_str(&minor, oid, &oidStr) != GSS_S_COMPLETE) 2071*7c478bd9Sstevel@tonic-gate return (NULL); 2072*7c478bd9Sstevel@tonic-gate 2073*7c478bd9Sstevel@tonic-gate return ((char *)oidStr.value); 2074*7c478bd9Sstevel@tonic-gate } /* gss_oid2str */ 2075*7c478bd9Sstevel@tonic-gate 2076*7c478bd9Sstevel@tonic-gate static void 2077*7c478bd9Sstevel@tonic-gate instructs() 2078*7c478bd9Sstevel@tonic-gate { 2079*7c478bd9Sstevel@tonic-gate fprintf(stderr, 2080*7c478bd9Sstevel@tonic-gate gettext( 2081*7c478bd9Sstevel@tonic-gate "\nThis program must be run as root. Root must be installed on the KDC\n" 2082*7c478bd9Sstevel@tonic-gate "and exist in srvtab as root/<hostname>, where <hostname> is the machine on\n" 2083*7c478bd9Sstevel@tonic-gate "which the test runs. Before running gssdtest for Kerberos mechanism, the\n" 2084*7c478bd9Sstevel@tonic-gate "operator running as root must kinit as some other principal, e.g., test.\n" 2085*7c478bd9Sstevel@tonic-gate "There are two mechanisms avaialble: dummy and Kerberos(default).\n" 2086*7c478bd9Sstevel@tonic-gate "The OID for dummy mechanism is 1.3.6.1.4.1.42.2.26.1.2.\n" 2087*7c478bd9Sstevel@tonic-gate "The OID for Kerberos mechanism is 1.2.840.113554.1.2.2.\n" 2088*7c478bd9Sstevel@tonic-gate "The order of context establishment calls is important. First, acquire must" 2089*7c478bd9Sstevel@tonic-gate "\nbe called. This obtains the credentials used by accept. Acquire need\n" 2090*7c478bd9Sstevel@tonic-gate "only be called once, since the credentials it returns are used each time\n" 2091*7c478bd9Sstevel@tonic-gate "accept is called. Then init is called, followed by accept. Calling init\n" 2092*7c478bd9Sstevel@tonic-gate "twice without calling accept or calling these in a different order gives\n" 2093*7c478bd9Sstevel@tonic-gate "erroneous results and will cause memory leaks in the gssapi daemon. \n" 2094*7c478bd9Sstevel@tonic-gate "Finally, after calling init and accept, init must be called again to\n" 2095*7c478bd9Sstevel@tonic-gate "finish context establishment. So an example sequence (with data valid for\n" 2096*7c478bd9Sstevel@tonic-gate "the Kerberos mechanism and running on the machine \"elrond\" in the realm\n" 2097*7c478bd9Sstevel@tonic-gate "FOO.BAR.SUN.COM is :\n")); 2098*7c478bd9Sstevel@tonic-gate fprintf(stderr, 2099*7c478bd9Sstevel@tonic-gate gettext("\nacquire service@host 1.2.840.113554.1.2.2\n" 2100*7c478bd9Sstevel@tonic-gate "init service@host 1.2.840.113554.1.2.2\n" 2101*7c478bd9Sstevel@tonic-gate "accept\ninit service@host 1.2.840.113554.1.2.2\n" 2102*7c478bd9Sstevel@tonic-gate "\nAfter a context is established, sign, seal,\n" 2103*7c478bd9Sstevel@tonic-gate "verify and unseal may be called. Here are some examples\n" 2104*7c478bd9Sstevel@tonic-gate "for these routines : \n\n" 2105*7c478bd9Sstevel@tonic-gate "sign initiator ThisTestMessageIsForSigning\n" 2106*7c478bd9Sstevel@tonic-gate "verify acceptor\nseal initiator ThisTestMessageIsForSealing\n" 2107*7c478bd9Sstevel@tonic-gate "unseal acceptor\n\nEach input line is terminated by <cr>.\n" 2108*7c478bd9Sstevel@tonic-gate "The program is terminated by cntl-d\nor the command \"exit\"" 2109*7c478bd9Sstevel@tonic-gate "\nfrom the prompt\n\n")); 2110*7c478bd9Sstevel@tonic-gate } 2111*7c478bd9Sstevel@tonic-gate 2112*7c478bd9Sstevel@tonic-gate static void 2113*7c478bd9Sstevel@tonic-gate usage() 2114*7c478bd9Sstevel@tonic-gate { 2115*7c478bd9Sstevel@tonic-gate fprintf(stderr, 2116*7c478bd9Sstevel@tonic-gate gettext( 2117*7c478bd9Sstevel@tonic-gate "\nusage:\t[acquire | gss_acquire_cred]" 2118*7c478bd9Sstevel@tonic-gate "desired_name mech_type\n" 2119*7c478bd9Sstevel@tonic-gate "\t[release | gss_release_cred]\n" 2120*7c478bd9Sstevel@tonic-gate "\t[init | gss_init_sec_context] target_name mech_type\n" 2121*7c478bd9Sstevel@tonic-gate "\t[accept | gss_accept_sec_context]\n" 2122*7c478bd9Sstevel@tonic-gate "\t[process | gss_process_context_token] initiator | acceptor\n" 2123*7c478bd9Sstevel@tonic-gate "\t[delete | gss_delete_sec_context] initiator | acceptor\n" 2124*7c478bd9Sstevel@tonic-gate "\t[time | gss_context_time] {not yet implemented}\n" 2125*7c478bd9Sstevel@tonic-gate "\t[sign | gss_sign] initiator | acceptor message-to-sign\n" 2126*7c478bd9Sstevel@tonic-gate "\t[verify | gss_verify] initiator | acceptor\n" 2127*7c478bd9Sstevel@tonic-gate "\t[seal | gss_seal] initiator | acceptor message-to-seal\n" 2128*7c478bd9Sstevel@tonic-gate "\t[unseal | gss_unseal] initiator | acceptor\n" 2129*7c478bd9Sstevel@tonic-gate "\t[status | gss_display_status] mech_type [major | minor] \n" 2130*7c478bd9Sstevel@tonic-gate "\t[indicate | gss_indicate_mechs]\n" 2131*7c478bd9Sstevel@tonic-gate "\t[inquire | gss_inquire_cred] {not yet implemented}\n" 2132*7c478bd9Sstevel@tonic-gate "\t[expname2unixcred | gsscred_expname_to_unix_cred]" 2133*7c478bd9Sstevel@tonic-gate " export-name\n" 2134*7c478bd9Sstevel@tonic-gate "\t[name2unixcred | gsscred_name_to_unix_cred] " 2135*7c478bd9Sstevel@tonic-gate "pname [name_type mech_type]\n" 2136*7c478bd9Sstevel@tonic-gate "\t[grpinfo | gss_get_group_info] uid\n" 2137*7c478bd9Sstevel@tonic-gate "\t[gss_all | all] desired_name\n" 2138*7c478bd9Sstevel@tonic-gate "\t[gss_loop | loop] desired_name\n" 2139*7c478bd9Sstevel@tonic-gate "\texit\n\n")); 2140*7c478bd9Sstevel@tonic-gate } 2141*7c478bd9Sstevel@tonic-gate 2142*7c478bd9Sstevel@tonic-gate /* Copied from parse_argv(), then modified */ 2143*7c478bd9Sstevel@tonic-gate 2144*7c478bd9Sstevel@tonic-gate static int 2145*7c478bd9Sstevel@tonic-gate parse_input_line(input_line, argc, argv) 2146*7c478bd9Sstevel@tonic-gate char *input_line; 2147*7c478bd9Sstevel@tonic-gate int * argc; 2148*7c478bd9Sstevel@tonic-gate char ***argv; 2149*7c478bd9Sstevel@tonic-gate { 2150*7c478bd9Sstevel@tonic-gate const char nil = '\0'; 2151*7c478bd9Sstevel@tonic-gate char * chptr; 2152*7c478bd9Sstevel@tonic-gate int chr_cnt; 2153*7c478bd9Sstevel@tonic-gate int arg_cnt = 0; 2154*7c478bd9Sstevel@tonic-gate int ch_was_space = 1; 2155*7c478bd9Sstevel@tonic-gate int ch_is_space; 2156*7c478bd9Sstevel@tonic-gate 2157*7c478bd9Sstevel@tonic-gate chr_cnt = strlen(input_line); 2158*7c478bd9Sstevel@tonic-gate 2159*7c478bd9Sstevel@tonic-gate /* Count the arguments in the input_line string */ 2160*7c478bd9Sstevel@tonic-gate 2161*7c478bd9Sstevel@tonic-gate *argc = 1; 2162*7c478bd9Sstevel@tonic-gate 2163*7c478bd9Sstevel@tonic-gate for (chptr = &input_line[0]; *chptr != nil; chptr++) { 2164*7c478bd9Sstevel@tonic-gate ch_is_space = isspace(*chptr); 2165*7c478bd9Sstevel@tonic-gate if (ch_is_space && !ch_was_space) { 2166*7c478bd9Sstevel@tonic-gate (*argc)++; 2167*7c478bd9Sstevel@tonic-gate } 2168*7c478bd9Sstevel@tonic-gate ch_was_space = ch_is_space; 2169*7c478bd9Sstevel@tonic-gate } 2170*7c478bd9Sstevel@tonic-gate 2171*7c478bd9Sstevel@tonic-gate if (ch_was_space) { 2172*7c478bd9Sstevel@tonic-gate (*argc)--; 2173*7c478bd9Sstevel@tonic-gate } /* minus trailing spaces */ 2174*7c478bd9Sstevel@tonic-gate 2175*7c478bd9Sstevel@tonic-gate /* Now that we know how many args calloc the argv array */ 2176*7c478bd9Sstevel@tonic-gate 2177*7c478bd9Sstevel@tonic-gate *argv = (char **) CALLOC((*argc)+1, sizeof (char *)); 2178*7c478bd9Sstevel@tonic-gate chptr = (char *) (&input_line[0]); 2179*7c478bd9Sstevel@tonic-gate 2180*7c478bd9Sstevel@tonic-gate for (ch_was_space = 1; *chptr != nil; chptr++) { 2181*7c478bd9Sstevel@tonic-gate ch_is_space = isspace(*chptr); 2182*7c478bd9Sstevel@tonic-gate if (ch_is_space) { 2183*7c478bd9Sstevel@tonic-gate *chptr = nil; /* replace each space with nil */ 2184*7c478bd9Sstevel@tonic-gate } else if (ch_was_space) { /* begining of word? */ 2185*7c478bd9Sstevel@tonic-gate (*argv)[arg_cnt++] = chptr; /* new argument ? */ 2186*7c478bd9Sstevel@tonic-gate } 2187*7c478bd9Sstevel@tonic-gate 2188*7c478bd9Sstevel@tonic-gate ch_was_space = ch_is_space; 2189*7c478bd9Sstevel@tonic-gate } 2190*7c478bd9Sstevel@tonic-gate 2191*7c478bd9Sstevel@tonic-gate return (chr_cnt); 2192*7c478bd9Sstevel@tonic-gate } 2193