xref: /freebsd/tools/regression/kgssapi/gsstest.c (revision 884a2a699669ec61e2366e3e358342dbc94be24a)
1 /*-
2  * Copyright (c) 2008 Isilon Inc http://www.isilon.com/
3  * Authors: Doug Rabson <dfr@rabson.org>
4  * Developed with Red Inc: Alfred Perlstein <alfred@freebsd.org>
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25  * SUCH DAMAGE.
26  *
27  * $FreeBSD$
28  */
29 
30 #include <sys/types.h>
31 #include <sys/syscall.h>
32 #include <sys/module.h>
33 
34 #include <stdio.h>
35 #include <string.h>
36 #include <err.h>
37 #include <unistd.h>
38 #include <stdlib.h>
39 
40 #include <krb5.h>
41 #include <gssapi/gssapi.h>
42 #include <gssapi/gssapi_krb5.h>
43 
44 struct gsstest_2_args {
45 	int step;		/* test step number */
46 	gss_buffer_desc input_token; /* token from userland */
47 	gss_buffer_desc output_token; /* buffer to receive reply token */
48 };
49 struct gsstest_2_res {
50 	OM_uint32 maj_stat;	/* maj_stat from kernel */
51 	OM_uint32 min_stat;	/* min_stat from kernel */
52 	gss_buffer_desc output_token; /* reply token (using space from gsstest_2_args.output) */
53 };
54 
55 static void
56 report_error(gss_OID mech, OM_uint32 maj, OM_uint32 min)
57 {
58 	OM_uint32 maj_stat, min_stat;
59 	OM_uint32 message_context;
60 	gss_buffer_desc buf;
61 
62 	printf("major_stat=%d, minor_stat=%d\n", maj, min);
63 	message_context = 0;
64 	do {
65 		maj_stat = gss_display_status(&min_stat, maj,
66 		    GSS_C_GSS_CODE, GSS_C_NO_OID, &message_context, &buf);
67 		printf("%.*s\n", (int)buf.length, (char *) buf.value);
68 		gss_release_buffer(&min_stat, &buf);
69 	} while (message_context);
70 	if (mech) {
71 		message_context = 0;
72 		do {
73 			maj_stat = gss_display_status(&min_stat, min,
74 			    GSS_C_MECH_CODE, mech, &message_context, &buf);
75 			printf("%.*s\n", (int)buf.length, (char *) buf.value);
76 			gss_release_buffer(&min_stat, &buf);
77 		} while (message_context);
78 	}
79 }
80 
81 int
82 main(int argc, char **argv)
83 {
84 	struct module_stat stat;
85 	int mod;
86 	int syscall_num;
87 
88 	stat.version = sizeof(stat);
89 	mod = modfind("gsstest_syscall");
90 	if (mod < 0) {
91 		fprintf(stderr, "%s: kernel support not present\n", argv[0]);
92 		exit(1);
93 	}
94 	modstat(mod, &stat);
95 	syscall_num = stat.data.intval;
96 
97 	switch (atoi(argv[1])) {
98 	case 1:
99 		syscall(syscall_num, 1, NULL, NULL);
100 		break;
101 
102 	case 2: {
103 		struct gsstest_2_args args;
104 		struct gsstest_2_res res;
105 		char hostname[512];
106 		char token_buffer[8192];
107 		OM_uint32 maj_stat, min_stat;
108 		gss_ctx_id_t client_context = GSS_C_NO_CONTEXT;
109 		gss_cred_id_t client_cred;
110 		gss_OID mech_type = GSS_C_NO_OID;
111 		gss_buffer_desc name_buf, message_buf;
112 		gss_name_t name;
113 		int32_t enctypes[] = {
114 			ETYPE_DES_CBC_CRC,
115 			ETYPE_ARCFOUR_HMAC_MD5,
116 			ETYPE_ARCFOUR_HMAC_MD5_56,
117 			ETYPE_AES256_CTS_HMAC_SHA1_96,
118 			ETYPE_AES128_CTS_HMAC_SHA1_96,
119 			ETYPE_DES3_CBC_SHA1,
120 		};
121 		int num_enctypes = sizeof(enctypes) / sizeof(enctypes[0]);
122 		int established;
123 		int i;
124 
125 		for (i = 0; i < num_enctypes; i++) {
126 			printf("testing etype %d\n", enctypes[i]);
127 			args.output_token.length = sizeof(token_buffer);
128 			args.output_token.value = token_buffer;
129 
130 			gethostname(hostname, sizeof(hostname));
131 			snprintf(token_buffer, sizeof(token_buffer),
132 			    "nfs@%s", hostname);
133 			name_buf.length = strlen(token_buffer);
134 			name_buf.value = token_buffer;
135 			maj_stat = gss_import_name(&min_stat, &name_buf,
136 			    GSS_C_NT_HOSTBASED_SERVICE, &name);
137 			if (GSS_ERROR(maj_stat)) {
138 				printf("gss_import_name failed\n");
139 				report_error(mech_type, maj_stat, min_stat);
140 				goto out;
141 			}
142 
143 			maj_stat = gss_acquire_cred(&min_stat, GSS_C_NO_NAME,
144 			    0, GSS_C_NO_OID_SET, GSS_C_INITIATE, &client_cred,
145 			    NULL, NULL);
146 			if (GSS_ERROR(maj_stat)) {
147 				printf("gss_acquire_cred (client) failed\n");
148 				report_error(mech_type, maj_stat, min_stat);
149 				goto out;
150 			}
151 
152 			maj_stat = gss_krb5_set_allowable_enctypes(&min_stat,
153 			    client_cred, 1, &enctypes[i]);
154 			if (GSS_ERROR(maj_stat)) {
155 				printf("gss_krb5_set_allowable_enctypes failed\n");
156 				report_error(mech_type, maj_stat, min_stat);
157 				goto out;
158 			}
159 
160 			res.output_token.length = 0;
161 			res.output_token.value = 0;
162 			established = 0;
163 			while (!established) {
164 				maj_stat = gss_init_sec_context(&min_stat,
165 				    client_cred,
166 				    &client_context,
167 				    name,
168 				    GSS_C_NO_OID,
169 				    (GSS_C_MUTUAL_FLAG
170 					|GSS_C_CONF_FLAG
171 					|GSS_C_INTEG_FLAG
172 					|GSS_C_SEQUENCE_FLAG
173 					|GSS_C_REPLAY_FLAG),
174 				    0,
175 				    GSS_C_NO_CHANNEL_BINDINGS,
176 				    &res.output_token,
177 				    &mech_type,
178 				    &args.input_token,
179 				    NULL,
180 				    NULL);
181 				if (GSS_ERROR(maj_stat)) {
182 					printf("gss_init_sec_context failed\n");
183 					report_error(mech_type, maj_stat, min_stat);
184 					goto out;
185 				}
186 				if (args.input_token.length) {
187 					args.step = 1;
188 					syscall(syscall_num, 2, &args, &res);
189 					gss_release_buffer(&min_stat,
190 					    &args.input_token);
191 					if (res.maj_stat != GSS_S_COMPLETE
192 					    && res.maj_stat != GSS_S_CONTINUE_NEEDED) {
193 						printf("gss_accept_sec_context (kernel) failed\n");
194 						report_error(mech_type, res.maj_stat,
195 						    res.min_stat);
196 						goto out;
197 					}
198 				}
199 				if (maj_stat == GSS_S_COMPLETE)
200 					established = 1;
201 			}
202 
203 			message_buf.value = "Hello world";
204 			message_buf.length = strlen((char *) message_buf.value);
205 
206 			maj_stat = gss_get_mic(&min_stat, client_context,
207 			    GSS_C_QOP_DEFAULT, &message_buf, &args.input_token);
208 			if (GSS_ERROR(maj_stat)) {
209 				printf("gss_get_mic failed\n");
210 				report_error(mech_type, maj_stat, min_stat);
211 				goto out;
212 			}
213 
214 			args.step = 2;
215 			syscall(syscall_num, 2, &args, &res);
216 			gss_release_buffer(&min_stat, &args.input_token);
217 			if (GSS_ERROR(res.maj_stat)) {
218 				printf("kernel gss_verify_mic failed\n");
219 				report_error(mech_type, res.maj_stat, res.min_stat);
220 				goto out;
221 			}
222 
223 			maj_stat = gss_verify_mic(&min_stat, client_context,
224 			    &message_buf, &res.output_token, NULL);
225 			if (GSS_ERROR(maj_stat)) {
226 				printf("gss_verify_mic failed\n");
227 				report_error(mech_type, maj_stat, min_stat);
228 				goto out;
229 			}
230 
231 			maj_stat = gss_wrap(&min_stat, client_context,
232 			    TRUE, GSS_C_QOP_DEFAULT, &message_buf, NULL,
233 			    &args.input_token);
234 			if (GSS_ERROR(maj_stat)) {
235 				printf("gss_wrap failed\n");
236 				report_error(mech_type, maj_stat, min_stat);
237 				goto out;
238 			}
239 
240 			args.step = 3;
241 			syscall(syscall_num, 2, &args, &res);
242 			gss_release_buffer(&min_stat, &args.input_token);
243 			if (GSS_ERROR(res.maj_stat)) {
244 				printf("kernel gss_unwrap failed\n");
245 				report_error(mech_type, res.maj_stat, res.min_stat);
246 				goto out;
247 			}
248 
249 			maj_stat = gss_unwrap(&min_stat, client_context,
250 			    &res.output_token, &message_buf, NULL, NULL);
251 			if (GSS_ERROR(maj_stat)) {
252 				printf("gss_unwrap failed\n");
253 				report_error(mech_type, maj_stat, min_stat);
254 				goto out;
255 			}
256 			gss_release_buffer(&min_stat, &message_buf);
257 
258 			maj_stat = gss_wrap(&min_stat, client_context,
259 			    FALSE, GSS_C_QOP_DEFAULT, &message_buf, NULL,
260 			    &args.input_token);
261 			if (GSS_ERROR(maj_stat)) {
262 				printf("gss_wrap failed\n");
263 				report_error(mech_type, maj_stat, min_stat);
264 				goto out;
265 			}
266 
267 			args.step = 4;
268 			syscall(syscall_num, 2, &args, &res);
269 			gss_release_buffer(&min_stat, &args.input_token);
270 			if (GSS_ERROR(res.maj_stat)) {
271 				printf("kernel gss_unwrap failed\n");
272 				report_error(mech_type, res.maj_stat, res.min_stat);
273 				goto out;
274 			}
275 
276 			maj_stat = gss_unwrap(&min_stat, client_context,
277 			    &res.output_token, &message_buf, NULL, NULL);
278 			if (GSS_ERROR(maj_stat)) {
279 				printf("gss_unwrap failed\n");
280 				report_error(mech_type, maj_stat, min_stat);
281 				goto out;
282 			}
283 			gss_release_buffer(&min_stat, &message_buf);
284 
285 			args.step = 5;
286 			syscall(syscall_num, 2, &args, &res);
287 
288 			gss_release_name(&min_stat, &name);
289 			gss_release_cred(&min_stat, &client_cred);
290 			gss_delete_sec_context(&min_stat, &client_context,
291 			    GSS_C_NO_BUFFER);
292 		}
293 
294 		break;
295 	}
296 	case 3:
297 		syscall(syscall_num, 3, NULL, NULL);
298 		break;
299 	case 4:
300 		syscall(syscall_num, 4, NULL, NULL);
301 		break;
302 	}
303 	return (0);
304 
305 out:
306 	return (1);
307 }
308