Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/krb5/src/tests/gssapi/t_add_cred.c
34914 views
1
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */

2
/* tests/gssapi/t_add_cred.c - gss_add_cred() tests */

3
/*

4
 * Copyright (C) 2018 by the Massachusetts Institute of Technology.

5
 * All rights reserved.

6
 *

7
 * Redistribution and use in source and binary forms, with or without

8
 * modification, are permitted provided that the following conditions

9
 * are met:

10
 *

11
 * * Redistributions of source code must retain the above copyright

12
 *   notice, this list of conditions and the following disclaimer.

13
 *

14
 * * Redistributions in binary form must reproduce the above copyright

15
 *   notice, this list of conditions and the following disclaimer in

16
 *   the documentation and/or other materials provided with the

17
 *   distribution.

18
 *

19
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

20
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

21
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS

22
 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE

23
 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,

24
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES

25
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR

26
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

27
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

28
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

29
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

30
 * OF THE POSSIBILITY OF SUCH DAMAGE.

31
 */

32


33
/*

34
 * This program tests the mechglue behavior of gss_add_cred().  It relies on a

35
 * krb5 keytab and credentials being present so that initiator and acceptor

36
 * credentials can be acquired, but does not use them to initiate or accept any

37
 * requests.

38
 */

39


40
#include <stdio.h>

41
#include <assert.h>

42


43
#include "common.h"

44


45
int

46
main(void)

47
{

48
    OM_uint32 minor, major;

49
    gss_cred_id_t cred1, cred2;

50
    gss_cred_usage_t usage;

51
    gss_name_t name;

52


53
    /* Check that we get the expected error if we pass neither an input nor an

54
     * output cred handle. */

55
    major = gss_add_cred(&minor, GSS_C_NO_CREDENTIAL, GSS_C_NO_NAME,

56
                         &mech_krb5, GSS_C_INITIATE, GSS_C_INDEFINITE,

57
                         GSS_C_INDEFINITE, NULL, NULL, NULL, NULL);

58
    assert(major == (GSS_S_CALL_INACCESSIBLE_WRITE | GSS_S_NO_CRED));

59


60
    /* Regression test for #8737: make sure that desired_name is honored when

61
     * creating a credential by passing in a non-matching name. */

62
    name = import_name("p:does/not/match@WRONG_REALM");

63
    major = gss_add_cred(&minor, GSS_C_NO_CREDENTIAL, name, &mech_krb5,

64
                         GSS_C_INITIATE, GSS_C_INDEFINITE, GSS_C_INDEFINITE,

65
                         &cred1, NULL, NULL, NULL);

66
    assert(major == GSS_S_NO_CRED);

67
    gss_release_name(&minor, &name);

68


69
    /* Create cred1 with a krb5 initiator cred by passing an output handle but

70
     * no input handle. */

71
    major = gss_add_cred(&minor, GSS_C_NO_CREDENTIAL, GSS_C_NO_NAME,

72
                         &mech_krb5, GSS_C_INITIATE, GSS_C_INDEFINITE,

73
                         GSS_C_INDEFINITE, &cred1, NULL, NULL, NULL);

74
    assert(major == GSS_S_COMPLETE);

75


76
    /* Verify that cred1 has the expected mechanism creds. */

77
    major = gss_inquire_cred_by_mech(&minor, cred1, &mech_krb5, NULL, NULL,

78
                                     NULL, &usage);

79
    assert(major == GSS_S_COMPLETE && usage == GSS_C_INITIATE);

80
    major = gss_inquire_cred_by_mech(&minor, cred1, &mech_iakerb, NULL, NULL,

81
                                     NULL, &usage);

82
    assert(major == GSS_S_NO_CRED);

83


84
    /* Check that we get the expected error if we try to add another krb5 mech

85
     * cred to cred1. */

86
    major = gss_add_cred(&minor, cred1, GSS_C_NO_NAME, &mech_krb5,

87
                         GSS_C_INITIATE, GSS_C_INDEFINITE, GSS_C_INDEFINITE,

88
                         NULL, NULL, NULL, NULL);

89
    assert(major == GSS_S_DUPLICATE_ELEMENT);

90


91
    /* Add an IAKERB acceptor mech cred to cred1. */

92
    major = gss_add_cred(&minor, cred1, GSS_C_NO_NAME, &mech_iakerb,

93
                         GSS_C_ACCEPT, GSS_C_INDEFINITE, GSS_C_INDEFINITE,

94
                         NULL, NULL, NULL, NULL);

95
    assert(major == GSS_S_COMPLETE);

96


97
    /* Verify cred1 mechanism creds. */

98
    major = gss_inquire_cred_by_mech(&minor, cred1, &mech_krb5, NULL, NULL,

99
                                     NULL, &usage);

100
    assert(major == GSS_S_COMPLETE && usage == GSS_C_INITIATE);

101
    major = gss_inquire_cred_by_mech(&minor, cred1, &mech_iakerb, NULL, NULL,

102
                                     NULL, &usage);

103
    assert(major == GSS_S_COMPLETE && usage == GSS_C_ACCEPT);

104


105
    /* Start over with another new cred. */

106
    gss_release_cred(&minor, &cred1);

107
    major = gss_add_cred(&minor, GSS_C_NO_CREDENTIAL, GSS_C_NO_NAME,

108
                         &mech_krb5, GSS_C_ACCEPT, GSS_C_INDEFINITE,

109
                         GSS_C_INDEFINITE, &cred1, NULL, NULL, NULL);

110
    assert(major == GSS_S_COMPLETE);

111


112
    /* Create an expanded cred by passing both an output handle and an input

113
     * handle. */

114
    major = gss_add_cred(&minor, cred1, GSS_C_NO_NAME, &mech_iakerb,

115
                         GSS_C_INITIATE, GSS_C_INDEFINITE, GSS_C_INDEFINITE,

116
                         &cred2, NULL, NULL, NULL);

117
    assert(major == GSS_S_COMPLETE);

118


119
    /* Verify mechanism creds in cred1 and cred2. */

120
    major = gss_inquire_cred_by_mech(&minor, cred1, &mech_krb5, NULL, NULL,

121
                                     NULL, &usage);

122
    assert(major == GSS_S_COMPLETE && usage == GSS_C_ACCEPT);

123
    major = gss_inquire_cred_by_mech(&minor, cred1, &mech_iakerb, NULL, NULL,

124
                                     NULL, &usage);

125
    assert(major == GSS_S_NO_CRED);

126
    major = gss_inquire_cred_by_mech(&minor, cred2, &mech_krb5, NULL, NULL,

127
                                     NULL, &usage);

128
    assert(major == GSS_S_COMPLETE && usage == GSS_C_ACCEPT);

129
    major = gss_inquire_cred_by_mech(&minor, cred2, &mech_iakerb, NULL, NULL,

130
                                     NULL, &usage);

131
    assert(major == GSS_S_COMPLETE && usage == GSS_C_INITIATE);

132


133
    gss_release_cred(&minor, &cred1);

134
    gss_release_cred(&minor, &cred2);

135


136
    return 0;

137
}

138


139