Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/krb5/src/tests/gssapi/t_err.c
34889 views
1
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */

2
/* tests/gssapi/t_err.c - Test accept_sec_context error generation */

3
/*

4
 * Copyright (C) 2013 by the Massachusetts Institute of Technology.

5
 * All rights reserved.

6
 *

7
 * Redistribution and use in source and binary forms, with or without

8
 * modification, are permitted provided that the following conditions

9
 * are met:

10
 *

11
 * * Redistributions of source code must retain the above copyright

12
 *   notice, this list of conditions and the following disclaimer.

13
 *

14
 * * Redistributions in binary form must reproduce the above copyright

15
 *   notice, this list of conditions and the following disclaimer in

16
 *   the documentation and/or other materials provided with the

17
 *   distribution.

18
 *

19
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

20
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

21
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS

22
 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE

23
 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,

24
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES

25
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR

26
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

27
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

28
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

29
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

30
 * OF THE POSSIBILITY OF SUCH DAMAGE.

31
 */

32


33
/*

34
 * This test program verifies that the krb5 gss_accept_sec_context can produce

35
 * error tokens and that gss_init_sec_context can interpret them.

36
 */

37


38
#include <stdio.h>

39
#include <stdlib.h>

40
#include <string.h>

41
#include <assert.h>

42


43
#include "common.h"

44


45
static void

46
check_replay_error(const char *msg, OM_uint32 major, OM_uint32 minor)

47
{

48
    OM_uint32 tmpmin, msg_ctx = 0;

49
    const char *replay = "Request is a replay";

50
    gss_buffer_desc m;

51


52
    if (major != GSS_S_FAILURE) {

53
        fprintf(stderr, "%s: expected major code GSS_S_FAILURE\n", msg);

54
        check_gsserr(msg, major, minor);

55
        exit(1);

56
    }

57


58
    (void)gss_display_status(&tmpmin, minor, GSS_C_MECH_CODE, GSS_C_NULL_OID,

59
                             &msg_ctx, &m);

60
    if (m.length != strlen(replay) || memcmp(m.value, replay, m.length) != 0) {

61
        fprintf(stderr, "%s: expected replay error; got %.*s\n", msg,

62
                (int)m.length, (char *)m.value);

63
        exit(1);

64
    }

65
    (void)gss_release_buffer(&tmpmin, &m);

66
}

67


68
int

69
main(int argc, char *argv[])

70
{

71
    OM_uint32 minor, major, flags;

72
    gss_OID mech = &mech_krb5;

73
    gss_name_t tname;

74
    gss_buffer_desc itok, atok;

75
    gss_ctx_id_t ictx = GSS_C_NO_CONTEXT, actx = GSS_C_NO_CONTEXT;

76


77
    argv++;

78
    if (*argv != NULL && strcmp(*argv, "--spnego") == 0) {

79
        mech = &mech_spnego;

80
        argv++;

81
    }

82
    if (*argv == NULL || argv[1] != NULL) {

83
        fprintf(stderr, "Usage: t_err targetname\n");

84
        return 1;

85
    }

86
    tname = import_name(*argv);

87


88
    /* Get the initial context token. */

89
    flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_MUTUAL_FLAG;

90
    major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL, &ictx, tname,

91
                                 mech, flags, GSS_C_INDEFINITE,

92
                                 GSS_C_NO_CHANNEL_BINDINGS, GSS_C_NO_BUFFER,

93
                                 NULL, &itok, NULL, NULL);

94
    check_gsserr("gss_init_sec_context(1)", major, minor);

95
    assert(major == GSS_S_CONTINUE_NEEDED);

96


97
    /* Process this token into an acceptor context, then discard it. */

98
    major = gss_accept_sec_context(&minor, &actx, GSS_C_NO_CREDENTIAL, &itok,

99
                                   GSS_C_NO_CHANNEL_BINDINGS, NULL,

100
                                   NULL, &atok, NULL, NULL, NULL);

101
    check_gsserr("gss_accept_sec_context(1)", major, minor);

102
    (void)gss_release_buffer(&minor, &atok);

103
    (void)gss_delete_sec_context(&minor, &actx, NULL);

104


105
    /* Process the same token again, producing a replay error. */

106
    major = gss_accept_sec_context(&minor, &actx, GSS_C_NO_CREDENTIAL, &itok,

107
                                   GSS_C_NO_CHANNEL_BINDINGS, NULL,

108
                                   NULL, &atok, NULL, NULL, NULL);

109
    check_replay_error("gss_accept_sec_context(2)", major, minor);

110
    assert(atok.length != 0);

111


112
    /* Send the error token back the initiator. */

113
    (void)gss_release_buffer(&minor, &itok);

114
    major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL, &ictx, tname,

115
                                 mech, flags, GSS_C_INDEFINITE,

116
                                 GSS_C_NO_CHANNEL_BINDINGS, &atok,

117
                                 NULL, &itok, NULL, NULL);

118
    check_replay_error("gss_init_sec_context(2)", major, minor);

119


120
    (void)gss_release_name(&minor, &tname);

121
    (void)gss_release_buffer(&minor, &itok);

122
    (void)gss_release_buffer(&minor, &atok);

123
    (void)gss_delete_sec_context(&minor, &ictx, NULL);

124
    (void)gss_delete_sec_context(&minor, &actx, NULL);

125
    return 0;

126
}

127


128