1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* tests/rdreq.c - Test harness for krb5_rd_req */
3 /*
4 * Copyright (C) 2014 by the Massachusetts Institute of Technology.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * * Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 *
14 * * Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
22 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
24 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
26 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
28 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
30 * OF THE POSSIBILITY OF SUCH DAMAGE.
31 */
32
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <string.h>
36 #include <assert.h>
37 #include <krb5.h>
38
39 int
main(int argc,char ** argv)40 main(int argc, char **argv)
41 {
42 krb5_context context;
43 krb5_principal client_princ, tkt_princ, server_princ;
44 krb5_ccache ccache;
45 krb5_creds *cred, mcred;
46 krb5_auth_context auth_con;
47 krb5_data apreq;
48 krb5_error_code ret, code;
49 const char *tkt_name, *server_name, *emsg;
50
51 /* Parse arguments. */
52 if (argc < 2 || argc > 3) {
53 fprintf(stderr, "Usage: rdreq tktname [servername]\n");
54 exit(1);
55 }
56 tkt_name = argv[1];
57 server_name = argv[2];
58
59 if (krb5_init_context(&context) != 0)
60 abort();
61
62 /* Parse the requested principal names. */
63 if (krb5_parse_name(context, tkt_name, &tkt_princ) != 0)
64 abort();
65 if (server_name != NULL) {
66 if (krb5_parse_name(context, server_name, &server_princ) != 0)
67 abort();
68 server_princ->type = KRB5_NT_SRV_HST;
69 } else {
70 server_princ = NULL;
71 }
72
73 /* Produce an AP-REQ message. */
74 if (krb5_cc_default(context, &ccache) != 0)
75 abort();
76 if (krb5_cc_get_principal(context, ccache, &client_princ) != 0)
77 abort();
78 memset(&mcred, 0, sizeof(mcred));
79 mcred.client = client_princ;
80 mcred.server = tkt_princ;
81 if (krb5_get_credentials(context, 0, ccache, &mcred, &cred) != 0)
82 abort();
83 auth_con = NULL;
84 if (krb5_mk_req_extended(context, &auth_con, 0, NULL, cred, &apreq) != 0)
85 abort();
86
87 /* Consume the AP-REQ message without using a replay cache. */
88 krb5_auth_con_free(context, auth_con);
89 if (krb5_auth_con_init(context, &auth_con) != 0)
90 abort();
91 if (krb5_auth_con_setflags(context, auth_con, 0) != 0)
92 abort();
93 ret = krb5_rd_req(context, &auth_con, &apreq, server_princ, NULL, NULL,
94 NULL);
95
96 /* Display the result. */
97 if (ret) {
98 code = ret - ERROR_TABLE_BASE_krb5;
99 if (code < 0 || code > 127)
100 code = 60; /* KRB_ERR_GENERIC */
101 emsg = krb5_get_error_message(context, ret);
102 printf("%d %s\n", code, emsg);
103 krb5_free_error_message(context, emsg);
104 } else {
105 printf("0 success\n");
106 }
107
108 krb5_free_data_contents(context, &apreq);
109 assert(apreq.length == 0);
110 krb5_auth_con_free(context, auth_con);
111 krb5_free_creds(context, cred);
112 krb5_cc_close(context, ccache);
113 krb5_free_principal(context, client_princ);
114 krb5_free_principal(context, tkt_princ);
115 krb5_free_principal(context, server_princ);
116 krb5_free_context(context);
117 return 0;
118 }
119