xref: /freebsd/crypto/krb5/src/tests/icred.c (revision 7f2fe78b9dd5f51c821d771b63d2e096f6fd49e9) 
1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* tests/icred.c - test harness for getting initial creds */
3 /*
4  * Copyright (C) 2013 by the Massachusetts Institute of Technology.
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  *
11  * * Redistributions of source code must retain the above copyright
12  *   notice, this list of conditions and the following disclaimer.
13  *
14  * * Redistributions in binary form must reproduce the above copyright
15  *   notice, this list of conditions and the following disclaimer in
16  *   the documentation and/or other materials provided with the
17  *   distribution.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
22  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23  * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
24  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
25  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
26  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
28  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
30  * OF THE POSSIBILITY OF SUCH DAMAGE.
31  */
32 
33 /* This program exercises the init_creds APIs in ways kinit doesn't. */
34 
35 #include "k5-platform.h"
36 #include <krb5.h>
37 
38 static krb5_context ctx;
39 
40 static void
check(krb5_error_code code)41 check(krb5_error_code code)
42 {
43     const char *errmsg;
44 
45     if (code) {
46         errmsg = krb5_get_error_message(ctx, code);
47         fprintf(stderr, "%s\n", errmsg);
48         krb5_free_error_message(ctx, errmsg);
49         exit(1);
50     }
51 }
52 
53 int
main(int argc,char ** argv)54 main(int argc, char **argv)
55 {
56     const char *ktname = NULL, *sname = NULL, *princstr, *password;
57     krb5_principal client;
58     krb5_init_creds_context icc;
59     krb5_get_init_creds_opt *opt;
60     krb5_keytab keytab = NULL;
61     krb5_creds creds;
62     krb5_boolean stepwise = FALSE;
63     krb5_preauthtype ptypes[64];
64     int c, nptypes = 0;
65     char *val;
66 
67     check(krb5_init_context(&ctx));
68     check(krb5_get_init_creds_opt_alloc(ctx, &opt));
69 
70     while ((c = getopt(argc, argv, "k:so:S:X:")) != -1) {
71         switch (c) {
72         case 'k':
73             ktname = optarg;
74             break;
75         case 's':
76             stepwise = TRUE;
77             break;
78         case 'o':
79             assert(nptypes < 64);
80             ptypes[nptypes++] = atoi(optarg);
81             break;
82         case 'S':
83             sname = optarg;
84             break;
85         case 'X':
86             val = strchr(optarg, '=');
87             if (val != NULL)
88                 *val++ = '\0';
89             else
90                 val = "yes";
91             check(krb5_get_init_creds_opt_set_pa(ctx, opt, optarg, val));
92             break;
93         default:
94             abort();
95         }
96     }
97 
98     argc -= optind;
99     argv += optind;
100     if (argc != 1 && argc != 2)
101         abort();
102     princstr = argv[0];
103     password = argv[1];
104 
105     if (sname != NULL) {
106         check(krb5_sname_to_principal(ctx, princstr, sname, KRB5_NT_SRV_HST,
107                                       &client));
108     } else {
109         check(krb5_parse_name(ctx, princstr, &client));
110     }
111 
112     if (ktname != NULL)
113         check(krb5_kt_resolve(ctx, ktname, &keytab));
114 
115     if (nptypes > 0)
116         krb5_get_init_creds_opt_set_preauth_list(opt, ptypes, nptypes);
117 
118     if (stepwise) {
119         /* Use the stepwise interface. */
120         check(krb5_init_creds_init(ctx, client, NULL, NULL, 0, NULL, &icc));
121         if (keytab != NULL)
122             check(krb5_init_creds_set_keytab(ctx, icc, keytab));
123         if (password != NULL)
124             check(krb5_init_creds_set_password(ctx, icc, password));
125         check(krb5_init_creds_get(ctx, icc));
126         krb5_init_creds_free(ctx, icc);
127     } else if (keytab != NULL) {
128         check(krb5_get_init_creds_keytab(ctx, &creds, client, keytab, 0, NULL,
129                                          opt));
130         krb5_free_cred_contents(ctx, &creds);
131     } else {
132         /* Use the traditional one-shot interface. */
133         check(krb5_get_init_creds_password(ctx, &creds, client, password, NULL,
134                                            NULL, 0, NULL, opt));
135         krb5_free_cred_contents(ctx, &creds);
136     }
137 
138     if (keytab != NULL)
139         krb5_kt_close(ctx, keytab);
140     krb5_get_init_creds_opt_free(ctx, opt);
141     krb5_free_principal(ctx, client);
142     krb5_free_context(ctx);
143     return 0;
144 }
145