gss-server.c: Re-added code to test import and export security

context. Yes, yes, I know this isn't the best place to have this test, but DO NOT REMOVE THIS TEST UNTIL WE HAVE IT CODED ELSEWHERE. Better slightly ugly sample server code than untested (and broken) library code.... Add code to print out the mechanism OID used by accept_sec_context. gss-client.c: Add code to allow user to specify the mechanism OID that gss-client should use. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9230 dc483132-0cff-0310-8789-dd5450dbe970
author: Theodore Tso <tytso@mit.edu> 1996-10-22 00:07:59 +0000
committer: Theodore Tso <tytso@mit.edu> 1996-10-22 00:07:59 +0000
commit: cf99c29aaf0ee262cf70f4bf5c5d937467652aed (patch)
tree: b19c8f53159caae97c24c22c15760ad4eb1a36d6 /src/appl/gss-sample
parent: 31f6033a9c59fd930c7eecd9008bbe1275299d06 (diff)
download: krb5-cf99c29aaf0ee262cf70f4bf5c5d937467652aed.zip
krb5-cf99c29aaf0ee262cf70f4bf5c5d937467652aed.tar.gz
krb5-cf99c29aaf0ee262cf70f4bf5c5d937467652aed.tar.bz2
3 files changed, 141 insertions, 15 deletions
diff --git a/src/appl/gss-sample/ChangeLog b/src/appl/gss-sample/ChangeLog
index d82e360..dd6dade 100644
--- a/src/appl/gss-sample/ChangeLog
+++ b/src/appl/gss-sample/ChangeLog
@@ -1,3 +1,15 @@
+Mon Oct 21 20:03:53 1996  Theodore Y. Ts'o  <tytso@mit.edu>
+
+	* gss-server.c: Re-added code to test import and export security
+ 		context.  Yes, yes, I know this isn't the best place to
+ 		have this test, but DO NOT REMOVE THIS TEST UNTIL WE HAVE
+ 		IT CODED ELSEWHERE.  Better slightly ugly sample server
+ 		code than untested (and broken) library code....  Add code
+ 		to print out the mechanism OID used by accept_sec_context.
+
+	* gss-client.c: Add code to allow user to specify the mechanism
+		OID that gss-client should use.
+
 Wed Jun  5 00:08:32 1996  Theodore Y. Ts'o  <tytso@mit.edu>
 
 	* gss-client.c (call_server): When reading in the test value from
diff --git a/src/appl/gss-sample/gss-client.c b/src/appl/gss-sample/gss-client.c
index fca0ef2..170bc63 100644
--- a/src/appl/gss-sample/gss-client.c
+++ b/src/appl/gss-sample/gss-client.c
@@ -27,6 +27,8 @@ static char *rcsid = "$Header$";
 #include <stdio.h>
 #include <unistd.h>
 #include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
@@ -119,10 +121,11 @@ int connect_to_server(host, port)
  * unsuccessful, the GSS-API error messages are displayed on stderr
  * and -1 is returned.
  */
-int client_establish_context(s, service_name, deleg_flag,
+int client_establish_context(s, service_name, deleg_flag, oid,
 			     gss_context, ret_flags)
      int s;
      char *service_name;
+     gss_OID oid;
      OM_uint32 deleg_flag;
      gss_ctx_id_t *gss_context;
      OM_uint32 *ret_flags;
@@ -169,7 +172,7 @@ int client_establish_context(s, service_name, deleg_flag,
 				    GSS_C_NO_CREDENTIAL,
 				    gss_context,
 				    target_name,
-				    GSS_C_NULL_OID,
+				    oid,
 				    GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG |
 							deleg_flag,
 				    0,
@@ -276,9 +279,10 @@ void read_file(file_name, in_buf)
  * verifies it with gss_verify.  -1 is returned if any step fails,
  * otherwise 0 is returned.
  */
-int call_server(host, port, service_name, deleg_flag, msg, use_file)
+int call_server(host, port, oid, service_name, deleg_flag, msg, use_file)
      char *host;
      u_short port;
+     gss_OID oid;
      char *service_name;
      OM_uint32 deleg_flag;
      char *msg;
@@ -306,7 +310,7 @@ int call_server(host, port, service_name, deleg_flag, msg, use_file)
 	  return -1;
 
      /* Establish context */
-     if (client_establish_context(s, service_name, deleg_flag, &context,
+     if (client_establish_context(s, service_name, deleg_flag, oid, &context,
 				  &ret_flags) < 0) {
 	  (void) close(s);
 	  return -1;
@@ -461,14 +465,45 @@ int call_server(host, port, service_name, deleg_flag, msg, use_file)
      return 0;
 }
 
+static void parse_oid(char *mechanism, gss_OID *oid)
+{
+    char	*mechstr = 0, *cp;
+    gss_buffer_desc tok;
+    OM_uint32 maj_stat, min_stat;
+    
+    if (isdigit(mechanism[0])) {
+	mechstr = malloc(strlen(mechanism)+5);
+	if (!mechstr) {
+	    printf("Couldn't allocate mechanism scratch!\n");
+	    return;
+	}
+	sprintf(mechstr, "{ %s }", mechanism);
+	for (cp = mechstr; *cp; cp++)
+	    if (*cp == '.')
+		*cp = ' ';
+	tok.value = mechstr;
+    } else
+	tok.value = mechanism;
+    tok.length = strlen(tok.value);
+    maj_stat = gss_str_to_oid(&min_stat, &tok, oid);
+    if (maj_stat != GSS_S_COMPLETE) {
+	display_status("str_to_oid", maj_stat, min_stat);
+	return;
+    }
+    if (mechstr)
+	free(mechstr);
+}
+
 int main(argc, argv)
      int argc;
      char **argv;
 {
      char *service_name, *server_host, *msg;
+     char *mechanism = 0;
      u_short port = 4444;
      int use_file = 0;
-     OM_uint32 deleg_flag = 0;
+     OM_uint32 deleg_flag = 0, min_stat;
+     gss_OID oid = GSS_C_NULL_OID;
      
      display_file = stdout;
 
@@ -479,7 +514,11 @@ int main(argc, argv)
 	       argc--; argv++;
 	       if (!argc) usage();
 	       port = atoi(*argv);
-	  } else if (strcmp(*argv, "-d") == 0) {
+	   } else if (strcmp(*argv, "-mech") == 0) {
+	       argc--; argv++;
+	       if (!argc) usage();
+	       mechanism = *argv;
+	   } else if (strcmp(*argv, "-d") == 0) {
 	       deleg_flag = GSS_C_DELEG_FLAG;
 	  } else if (strcmp(*argv, "-f") == 0) {
 	       use_file = 1;
@@ -494,10 +533,16 @@ int main(argc, argv)
      service_name = *argv++;
      msg = *argv++;
 
-     if (call_server(server_host, port, service_name,
+     if (mechanism)
+	 parse_oid(mechanism, &oid);
+
+     if (call_server(server_host, port, oid, service_name,
 		     deleg_flag, msg, use_file) < 0)
 	  exit(1);
 
+     if (oid != GSS_C_NULL_OID)
+	 (void) gss_release_oid(&min_stat, &oid);
+	 
      return 0;
 }
 
diff --git a/src/appl/gss-sample/gss-server.c b/src/appl/gss-sample/gss-server.c
index bd4e7fe..c2549e4 100644
--- a/src/appl/gss-sample/gss-server.c
+++ b/src/appl/gss-sample/gss-server.c
@@ -27,6 +27,7 @@ static char *rcsid = "$Header$";
 #include <stdio.h>
 #include <sys/types.h>
 #include <sys/socket.h>
+#include <sys/time.h>
 #include <netinet/in.h>
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
@@ -43,7 +44,7 @@ static char *rcsid = "$Header$";
 #include <strings.h>
 #endif
 
-usage()
+void usage()
 {
      fprintf(stderr, "Usage: gss-server [-port port] [-verbose]\n");
      fprintf(stderr, "       [-inetd] [-logfile file] [service_name]\n");
@@ -137,6 +138,7 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags)
      gss_name_t client;
      gss_OID doid;
      OM_uint32 maj_stat, min_stat;
+     gss_buffer_desc	oid_name;
 
      *context = GSS_C_NO_CONTEXT;
      
@@ -145,7 +147,7 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags)
 	       return -1;
 
 	  if (verbose && log) {
-	      fprintf(log, "Received token: \n");
+	      fprintf(log, "Received token (size=%d): \n", recv_tok.length);
 	      print_token(&recv_tok);
 	  }
 
@@ -173,7 +175,7 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags)
 	  if (send_tok.length != 0) {
 	      if (verbose && log) {
 		  fprintf(log,
-			  "Sending accept_sec_context token (size=%d)...",
+			  "Sending accept_sec_context token (size=%d):\n",
 			  send_tok.length);
 		  print_token(&send_tok);
 	      }
@@ -184,11 +186,11 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags)
 
 	       (void) gss_release_buffer(&min_stat, &send_tok);
 	  }
-	  if (log) {
+	  if (verbose && log) {
 	      if (maj_stat == GSS_S_CONTINUE_NEEDED)
-		  fprintf(log, "\n");
-	      else
 		  fprintf(log, "continue needed...\n");
+	      else
+		  fprintf(log, "\n");
 	      fflush(log);
 	  }
      } while (maj_stat == GSS_S_CONTINUE_NEEDED);
@@ -196,6 +198,17 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags)
      /* display the flags */
      display_ctx_flags(*ret_flags);
 
+     if (verbose && log) {
+	 maj_stat = gss_oid_to_str(&min_stat, doid, &oid_name);
+	 if (maj_stat != GSS_S_COMPLETE) {
+	     display_status("converting oid->string", maj_stat, min_stat);
+	     return -1;
+	 }
+	 fprintf(log, "Accepted connection using mechanism OID %.*s.\n",
+		 (int) oid_name.length, (char *) oid_name.value);
+	 (void) gss_release_buffer(&min_stat, &oid_name);
+     }
+
      maj_stat = gss_display_name(&min_stat, client, client_name, &doid);
      if (maj_stat != GSS_S_COMPLETE) {
 	  display_status("displaying name", maj_stat, min_stat);
@@ -255,6 +268,58 @@ int create_socket(port)
      return s;
 }
 
+static float timeval_subtract(tv1, tv2)
+	struct timeval *tv1, *tv2;
+{
+	return ((tv1->tv_sec - tv2->tv_sec) +
+		((float) (tv1->tv_usec - tv2->tv_usec)) / 1000000);
+}
+
+/*
+ * Yes, yes, this isn't the best place for doing this test.
+ * DO NOT REMOVE THIS UNTIL A BETTER TEST HAS BEEN WRITTEN, THOUGH.
+ * 					-TYT
+ */
+int test_import_export_context(context)
+	gss_ctx_id_t *context;
+{
+	OM_uint32	min_stat, maj_stat;
+	gss_buffer_desc context_token, copied_token;
+	struct timeval tm1, tm2;
+	
+	/*
+	 * Attempt to save and then restore the context.
+	 */
+	gettimeofday(&tm1, (struct timezone *)0);
+	maj_stat = gss_export_sec_context(&min_stat, context, &context_token);
+	if (maj_stat != GSS_S_COMPLETE) {
+		display_status("exporting context", maj_stat, min_stat);
+		return 1;
+	}
+	gettimeofday(&tm2, (struct timezone *)0);
+	if (verbose && log)
+		fprintf(log, "Exported context: %d bytes, %7.4f seconds\n",
+			context_token.length, timeval_subtract(&tm2, &tm1));
+	copied_token.length = context_token.length;
+	copied_token.value = malloc(context_token.length);
+	if (copied_token.value == 0) {
+	    fprintf(log, "Couldn't allocate memory to copy context token.\n");
+	    return 1;
+	}
+	memcpy(copied_token.value, context_token.value, copied_token.length);
+	maj_stat = gss_import_sec_context(&min_stat, &copied_token, context);
+	if (maj_stat != GSS_S_COMPLETE) {
+		display_status("importing context", maj_stat, min_stat);
+		return 1;
+	}
+	gettimeofday(&tm1, (struct timezone *)0);
+	if (verbose && log)
+		fprintf(log, "Importing context: %7.4f seconds\n",
+			timeval_subtract(&tm1, &tm2));
+	(void) gss_release_buffer(&min_stat, &context_token);
+	return 0;
+}
+
 /*
  * Function: sign_server
  *
@@ -296,9 +361,13 @@ int sign_server(s, server_creds)
 	return(-1);
 	  
      printf("Accepted connection: \"%.*s\"\n",
-	    client_name.length, client_name.value);
+	    (int) client_name.length, (char *) client_name.value);
      (void) gss_release_buffer(&min_stat, &client_name);
 
+     for (i=0; i < 3; i++)
+	     if (test_import_export_context(&context))
+		     return -1;
+
      /* Receive the sealed message token */
      if (recv_token(s, &xmit_buf) < 0)
 	return(-1);
@@ -416,7 +485,7 @@ main(argc, argv)
      } else {
 	 int stmp;
 
-	 if (stmp = create_socket(port)) {
+	 if ((stmp = create_socket(port))) {
 	     do {
 		 /* Accept a TCP connection */
 		 if ((s = accept(stmp, NULL, 0)) < 0) {
author	Theodore Tso <tytso@mit.edu>	1996-10-22 00:07:59 +0000
committer	Theodore Tso <tytso@mit.edu>	1996-10-22 00:07:59 +0000
commit	cf99c29aaf0ee262cf70f4bf5c5d937467652aed (patch)
tree	b19c8f53159caae97c24c22c15760ad4eb1a36d6 /src/appl/gss-sample
parent	31f6033a9c59fd930c7eecd9008bbe1275299d06 (diff)
download	krb5-cf99c29aaf0ee262cf70f4bf5c5d937467652aed.zip krb5-cf99c29aaf0ee262cf70f4bf5c5d937467652aed.tar.gz krb5-cf99c29aaf0ee262cf70f4bf5c5d937467652aed.tar.bz2