|
Packit |
fd8b60 |
/* tests/hammer/kdc5_hammer.c */
|
|
Packit |
fd8b60 |
/*
|
|
Packit |
fd8b60 |
* Copyright 1990,1991 by the Massachusetts Institute of Technology.
|
|
Packit |
fd8b60 |
* All Rights Reserved.
|
|
Packit |
fd8b60 |
*
|
|
Packit |
fd8b60 |
* Export of this software from the United States of America may
|
|
Packit |
fd8b60 |
* require a specific license from the United States Government.
|
|
Packit |
fd8b60 |
* It is the responsibility of any person or organization contemplating
|
|
Packit |
fd8b60 |
* export to obtain such a license before exporting.
|
|
Packit |
fd8b60 |
*
|
|
Packit |
fd8b60 |
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
|
|
Packit |
fd8b60 |
* distribute this software and its documentation for any purpose and
|
|
Packit |
fd8b60 |
* without fee is hereby granted, provided that the above copyright
|
|
Packit |
fd8b60 |
* notice appear in all copies and that both that copyright notice and
|
|
Packit |
fd8b60 |
* this permission notice appear in supporting documentation, and that
|
|
Packit |
fd8b60 |
* the name of M.I.T. not be used in advertising or publicity pertaining
|
|
Packit |
fd8b60 |
* to distribution of the software without specific, written prior
|
|
Packit |
fd8b60 |
* permission. Furthermore if you modify this software you must label
|
|
Packit |
fd8b60 |
* your software as modified software and not distribute it in such a
|
|
Packit |
fd8b60 |
* fashion that it might be confused with the original M.I.T. software.
|
|
Packit |
fd8b60 |
* M.I.T. makes no representations about the suitability of
|
|
Packit |
fd8b60 |
* this software for any purpose. It is provided "as is" without express
|
|
Packit |
fd8b60 |
* or implied warranty.
|
|
Packit |
fd8b60 |
*/
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#include "k5-int.h"
|
|
Packit |
fd8b60 |
#include "com_err.h"
|
|
Packit |
fd8b60 |
#include <sys/time.h>
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#define KRB5_DEFAULT_OPTIONS 0
|
|
Packit |
fd8b60 |
#define KRB5_DEFAULT_LIFE 60*60*8 /* 8 hours */
|
|
Packit |
fd8b60 |
#define KRB5_RENEWABLE_LIFE 60*60*2 /* 2 hours */
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
struct h_timer {
|
|
Packit |
fd8b60 |
float ht_cumulative;
|
|
Packit |
fd8b60 |
float ht_min;
|
|
Packit |
fd8b60 |
float ht_max;
|
|
Packit |
fd8b60 |
krb5_int32 ht_observations;
|
|
Packit |
fd8b60 |
};
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
extern int optind;
|
|
Packit |
fd8b60 |
extern char *optarg;
|
|
Packit |
fd8b60 |
char *prog;
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
static int brief;
|
|
Packit |
fd8b60 |
static char *cur_realm = 0;
|
|
Packit |
fd8b60 |
static int do_timer = 0;
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
krb5_data tgtname = {
|
|
Packit |
fd8b60 |
0,
|
|
Packit |
fd8b60 |
KRB5_TGS_NAME_SIZE,
|
|
Packit |
fd8b60 |
KRB5_TGS_NAME
|
|
Packit |
fd8b60 |
};
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
int verify_cs_pair
|
|
Packit |
fd8b60 |
(krb5_context,
|
|
Packit |
fd8b60 |
char *,
|
|
Packit |
fd8b60 |
krb5_principal,
|
|
Packit |
fd8b60 |
char *,
|
|
Packit |
fd8b60 |
char *,
|
|
Packit |
fd8b60 |
int, int, int,
|
|
Packit |
fd8b60 |
krb5_ccache);
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
int get_tgt
|
|
Packit |
fd8b60 |
(krb5_context,
|
|
Packit |
fd8b60 |
char *,
|
|
Packit |
fd8b60 |
krb5_principal *,
|
|
Packit |
fd8b60 |
krb5_ccache);
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
static void
|
|
Packit |
fd8b60 |
usage(who, status)
|
|
Packit |
fd8b60 |
char *who;
|
|
Packit |
fd8b60 |
int status;
|
|
Packit |
fd8b60 |
{
|
|
Packit |
fd8b60 |
fprintf(stderr,
|
|
Packit |
fd8b60 |
"usage: %s -p prefix -n num_to_check [-c cachename] [-r realmname]\n",
|
|
Packit |
fd8b60 |
who);
|
|
Packit |
fd8b60 |
fprintf(stderr, "\t [-D depth]\n");
|
|
Packit |
fd8b60 |
fprintf(stderr, "\t [-P preauth type] [-R repeat_count] [-t] [-b] [-v] \n");
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
exit(status);
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
static krb5_preauthtype * patype = NULL, patypedata[2] = { 0, -1 };
|
|
Packit |
fd8b60 |
static krb5_context test_context;
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
struct timeval tstart_time, tend_time;
|
|
Packit |
fd8b60 |
struct timezone dontcare;
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
struct h_timer in_tkt_times = { 0.0, 1000000.0, -1.0, 0 };
|
|
Packit |
fd8b60 |
struct h_timer tgs_req_times = { 0.0, 1000000.0, -1.0, 0 };
|
|
Packit |
fd8b60 |
/*
|
|
Packit |
fd8b60 |
* Timer macros.
|
|
Packit |
fd8b60 |
*/
|
|
Packit |
fd8b60 |
#define swatch_on() ((void) gettimeofday(&tstart_time, &dontcare))
|
|
Packit |
fd8b60 |
#define swatch_eltime() ((gettimeofday(&tend_time, &dontcare)) ? -1.0 : \
|
|
Packit |
fd8b60 |
(((float) (tend_time.tv_sec - \
|
|
Packit |
fd8b60 |
tstart_time.tv_sec)) + \
|
|
Packit |
fd8b60 |
(((float) (tend_time.tv_usec - \
|
|
Packit |
fd8b60 |
tstart_time.tv_usec))/1000000.0)))
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
int
|
|
Packit |
fd8b60 |
main(argc, argv)
|
|
Packit |
fd8b60 |
int argc;
|
|
Packit |
fd8b60 |
char **argv;
|
|
Packit |
fd8b60 |
{
|
|
Packit |
fd8b60 |
krb5_ccache ccache = NULL;
|
|
Packit |
fd8b60 |
char *cache_name = NULL; /* -f option */
|
|
Packit |
fd8b60 |
int option;
|
|
Packit |
fd8b60 |
int errflg = 0;
|
|
Packit |
fd8b60 |
krb5_error_code code;
|
|
Packit |
fd8b60 |
int num_to_check, n, i, j, repeat_count, counter;
|
|
Packit |
fd8b60 |
int n_tried, errors;
|
|
Packit |
fd8b60 |
char prefix[BUFSIZ], client[4096], server[4096];
|
|
Packit |
fd8b60 |
int depth;
|
|
Packit |
fd8b60 |
char ctmp[4096], ctmp2[BUFSIZ], stmp[4096], stmp2[BUFSIZ];
|
|
Packit |
fd8b60 |
krb5_principal client_princ;
|
|
Packit |
fd8b60 |
krb5_error_code retval;
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
krb5_init_context(&test_context);
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
if (strrchr(argv[0], '/'))
|
|
Packit |
fd8b60 |
prog = strrchr(argv[0], '/')+1;
|
|
Packit |
fd8b60 |
else
|
|
Packit |
fd8b60 |
prog = argv[0];
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
num_to_check = 0;
|
|
Packit |
fd8b60 |
depth = 1;
|
|
Packit |
fd8b60 |
repeat_count = 1;
|
|
Packit |
fd8b60 |
brief = 0;
|
|
Packit |
fd8b60 |
n_tried = 0;
|
|
Packit |
fd8b60 |
errors = 0;
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
while ((option = getopt(argc, argv, "D:p:n:c:R:P:e:bvr:t")) != -1) {
|
|
Packit |
fd8b60 |
switch (option) {
|
|
Packit |
fd8b60 |
case 't':
|
|
Packit |
fd8b60 |
do_timer = 1;
|
|
Packit |
fd8b60 |
break;
|
|
Packit |
fd8b60 |
case 'b':
|
|
Packit |
fd8b60 |
brief = 1;
|
|
Packit |
fd8b60 |
break;
|
|
Packit |
fd8b60 |
case 'v':
|
|
Packit |
fd8b60 |
brief = 0;
|
|
Packit |
fd8b60 |
break;
|
|
Packit |
fd8b60 |
case 'R':
|
|
Packit |
fd8b60 |
repeat_count = atoi(optarg); /* how many times? */
|
|
Packit |
fd8b60 |
break;
|
|
Packit |
fd8b60 |
case 'r':
|
|
Packit |
fd8b60 |
cur_realm = optarg;
|
|
Packit |
fd8b60 |
break;
|
|
Packit |
fd8b60 |
case 'D':
|
|
Packit |
fd8b60 |
depth = atoi(optarg); /* how deep to go */
|
|
Packit |
fd8b60 |
break;
|
|
Packit |
fd8b60 |
case 'p': /* prefix name to check */
|
|
Packit |
fd8b60 |
strncpy(prefix, optarg, sizeof(prefix) - 1);
|
|
Packit |
fd8b60 |
prefix[sizeof(prefix) - 1] = '\0';
|
|
Packit |
fd8b60 |
break;
|
|
Packit |
fd8b60 |
case 'n': /* how many to check */
|
|
Packit |
fd8b60 |
num_to_check = atoi(optarg);
|
|
Packit |
fd8b60 |
break;
|
|
Packit |
fd8b60 |
case 'P':
|
|
Packit |
fd8b60 |
patypedata[0] = atoi(optarg);
|
|
Packit |
fd8b60 |
patype = patypedata;
|
|
Packit |
fd8b60 |
break;
|
|
Packit |
fd8b60 |
case 'c':
|
|
Packit |
fd8b60 |
if (ccache == NULL) {
|
|
Packit |
fd8b60 |
cache_name = optarg;
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
code = krb5_cc_resolve (test_context, cache_name, &ccache);
|
|
Packit |
fd8b60 |
if (code != 0) {
|
|
Packit |
fd8b60 |
com_err (prog, code, "resolving %s", cache_name);
|
|
Packit |
fd8b60 |
errflg++;
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
} else {
|
|
Packit |
fd8b60 |
fprintf(stderr, "Only one -c option allowed\n");
|
|
Packit |
fd8b60 |
errflg++;
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
break;
|
|
Packit |
fd8b60 |
case '?':
|
|
Packit |
fd8b60 |
default:
|
|
Packit |
fd8b60 |
errflg++;
|
|
Packit |
fd8b60 |
break;
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
if (!(num_to_check && prefix[0])) usage(prog, 1);
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
if (!cur_realm) {
|
|
Packit |
fd8b60 |
if ((retval = krb5_get_default_realm(test_context, &cur_realm))) {
|
|
Packit |
fd8b60 |
com_err(prog, retval, "while retrieving default realm name");
|
|
Packit |
fd8b60 |
exit(1);
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
if (ccache == NULL) {
|
|
Packit |
fd8b60 |
if ((code = krb5_cc_default(test_context, &ccache))) {
|
|
Packit |
fd8b60 |
com_err(prog, code, "while getting default ccache");
|
|
Packit |
fd8b60 |
exit(1);
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
memset(ctmp, 0, sizeof(ctmp));
|
|
Packit |
fd8b60 |
memset(stmp, 0, sizeof(stmp));
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
for (counter = 0; counter < repeat_count; counter++) {
|
|
Packit |
fd8b60 |
fprintf(stderr, "\nRound %d\n", counter);
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
for (n = 1; n <= num_to_check; n++) {
|
|
Packit |
fd8b60 |
/* build the new principal name */
|
|
Packit |
fd8b60 |
/* we can't pick random names because we need to generate all the names
|
|
Packit |
fd8b60 |
again given a prefix and count to test the db lib and kdb */
|
|
Packit |
fd8b60 |
ctmp[0] = '\0';
|
|
Packit |
fd8b60 |
for (i = 1; i <= depth; i++) {
|
|
Packit |
fd8b60 |
(void) snprintf(ctmp2, sizeof(ctmp2), "%s%s%d-DEPTH-%d",
|
|
Packit |
fd8b60 |
(i != 1) ? "/" : "", prefix, n, i);
|
|
Packit |
fd8b60 |
ctmp2[sizeof(ctmp2) - 1] = '\0';
|
|
Packit |
fd8b60 |
strncat(ctmp, ctmp2, sizeof(ctmp) - 1 - strlen(ctmp));
|
|
Packit |
fd8b60 |
ctmp[sizeof(ctmp) - 1] = '\0';
|
|
Packit |
fd8b60 |
snprintf(client, sizeof(client), "%s@%s", ctmp, cur_realm);
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
if (get_tgt (test_context, client, &client_princ, ccache)) {
|
|
Packit |
fd8b60 |
errors++;
|
|
Packit |
fd8b60 |
n_tried++;
|
|
Packit |
fd8b60 |
continue;
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
n_tried++;
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
stmp[0] = '\0';
|
|
Packit |
fd8b60 |
for (j = 1; j <= depth; j++) {
|
|
Packit |
fd8b60 |
(void) snprintf(stmp2, sizeof(stmp2), "%s%s%d-DEPTH-%d",
|
|
Packit |
fd8b60 |
(j != 1) ? "/" : "", prefix, n, j);
|
|
Packit |
fd8b60 |
stmp2[sizeof (stmp2) - 1] = '\0';
|
|
Packit |
fd8b60 |
strncat(stmp, stmp2, sizeof(stmp) - 1 - strlen(stmp));
|
|
Packit |
fd8b60 |
stmp[sizeof(stmp) - 1] = '\0';
|
|
Packit |
fd8b60 |
snprintf(server, sizeof(server), "%s@%s", stmp, cur_realm);
|
|
Packit |
fd8b60 |
if (verify_cs_pair(test_context, client, client_princ,
|
|
Packit |
fd8b60 |
stmp, cur_realm, n, i, j, ccache))
|
|
Packit |
fd8b60 |
errors++;
|
|
Packit |
fd8b60 |
n_tried++;
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
krb5_free_principal(test_context, client_princ);
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
fprintf (stderr, "\nTried %d. Got %d errors.\n", n_tried, errors);
|
|
Packit |
fd8b60 |
if (do_timer) {
|
|
Packit |
fd8b60 |
if (in_tkt_times.ht_observations)
|
|
Packit |
fd8b60 |
fprintf(stderr,
|
|
Packit |
fd8b60 |
"%8d AS_REQ requests: %9.6f average (min: %9.6f, max:%9.6f)\n",
|
|
Packit |
fd8b60 |
in_tkt_times.ht_observations,
|
|
Packit |
fd8b60 |
in_tkt_times.ht_cumulative /
|
|
Packit |
fd8b60 |
(float) in_tkt_times.ht_observations,
|
|
Packit |
fd8b60 |
in_tkt_times.ht_min,
|
|
Packit |
fd8b60 |
in_tkt_times.ht_max);
|
|
Packit |
fd8b60 |
if (tgs_req_times.ht_observations)
|
|
Packit |
fd8b60 |
fprintf(stderr,
|
|
Packit |
fd8b60 |
"%8d TGS_REQ requests: %9.6f average (min: %9.6f, max:%9.6f)\n",
|
|
Packit |
fd8b60 |
tgs_req_times.ht_observations,
|
|
Packit |
fd8b60 |
tgs_req_times.ht_cumulative /
|
|
Packit |
fd8b60 |
(float) tgs_req_times.ht_observations,
|
|
Packit |
fd8b60 |
tgs_req_times.ht_min,
|
|
Packit |
fd8b60 |
tgs_req_times.ht_max);
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
(void) krb5_cc_close(test_context, ccache);
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
krb5_free_context(test_context);
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
exit(errors);
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
static krb5_error_code
|
|
Packit |
fd8b60 |
get_server_key(context, server, enctype, key)
|
|
Packit |
fd8b60 |
krb5_context context;
|
|
Packit |
fd8b60 |
krb5_principal server;
|
|
Packit |
fd8b60 |
krb5_enctype enctype;
|
|
Packit |
fd8b60 |
krb5_keyblock ** key;
|
|
Packit |
fd8b60 |
{
|
|
Packit |
fd8b60 |
krb5_error_code retval;
|
|
Packit |
fd8b60 |
krb5_encrypt_block eblock;
|
|
Packit |
fd8b60 |
char * string;
|
|
Packit |
fd8b60 |
krb5_data salt;
|
|
Packit |
fd8b60 |
krb5_data pwd;
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
*key = NULL;
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
if ((retval = krb5_principal2salt(context, server, &salt)))
|
|
Packit |
fd8b60 |
return retval;
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
if ((retval = krb5_unparse_name(context, server, &string)))
|
|
Packit |
fd8b60 |
goto cleanup_salt;
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
pwd.data = string;
|
|
Packit |
fd8b60 |
pwd.length = strlen(string);
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
if ((*key = (krb5_keyblock *)malloc(sizeof(krb5_keyblock)))) {
|
|
Packit |
fd8b60 |
krb5_use_enctype(context, &eblock, enctype);
|
|
Packit |
fd8b60 |
retval = krb5_string_to_key(context, &eblock, *key, &pwd, &salt);
|
|
Packit |
fd8b60 |
if (retval) {
|
|
Packit |
fd8b60 |
free(*key);
|
|
Packit |
fd8b60 |
*key = NULL;
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
} else
|
|
Packit |
fd8b60 |
retval = ENOMEM;
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
free(string);
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
cleanup_salt:
|
|
Packit |
fd8b60 |
free(salt.data);
|
|
Packit |
fd8b60 |
return retval;
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
int verify_cs_pair(context, p_client_str, p_client, service, hostname,
|
|
Packit |
fd8b60 |
p_num, c_depth, s_depth, ccache)
|
|
Packit |
fd8b60 |
krb5_context context;
|
|
Packit |
fd8b60 |
char *p_client_str;
|
|
Packit |
fd8b60 |
krb5_principal p_client;
|
|
Packit |
fd8b60 |
char * service;
|
|
Packit |
fd8b60 |
char * hostname;
|
|
Packit |
fd8b60 |
int p_num, c_depth, s_depth;
|
|
Packit |
fd8b60 |
krb5_ccache ccache;
|
|
Packit |
fd8b60 |
{
|
|
Packit |
fd8b60 |
krb5_error_code retval;
|
|
Packit |
fd8b60 |
krb5_creds creds;
|
|
Packit |
fd8b60 |
krb5_creds * credsp = NULL;
|
|
Packit |
fd8b60 |
krb5_ticket * ticket = NULL;
|
|
Packit |
fd8b60 |
krb5_keyblock * keyblock = NULL;
|
|
Packit |
fd8b60 |
krb5_auth_context auth_context = NULL;
|
|
Packit |
fd8b60 |
krb5_data request_data = empty_data();
|
|
Packit |
fd8b60 |
char * sname;
|
|
Packit |
fd8b60 |
float dt;
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
if (brief)
|
|
Packit |
fd8b60 |
fprintf(stderr, "\tprinc (%d) client (%d) for server (%d)\n",
|
|
Packit |
fd8b60 |
p_num, c_depth, s_depth);
|
|
Packit |
fd8b60 |
else
|
|
Packit |
fd8b60 |
fprintf(stderr, "\tclient %s for server %s\n", p_client_str,
|
|
Packit |
fd8b60 |
service);
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
/* Initialize variables */
|
|
Packit |
fd8b60 |
memset(&creds, 0, sizeof(creds));
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
/* Do client side */
|
|
Packit |
fd8b60 |
if (asprintf(&sname, "%s@%s", service, hostname) >= 0) {
|
|
Packit |
fd8b60 |
retval = krb5_parse_name(context, sname, &creds.server);
|
|
Packit |
fd8b60 |
free(sname);
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
else
|
|
Packit |
fd8b60 |
retval = ENOMEM;
|
|
Packit |
fd8b60 |
if (retval)
|
|
Packit |
fd8b60 |
return(retval);
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
/* obtain ticket & session key */
|
|
Packit |
fd8b60 |
if ((retval = krb5_cc_get_principal(context, ccache, &creds.client))) {
|
|
Packit |
fd8b60 |
com_err(prog, retval, "while getting client princ for %s", hostname);
|
|
Packit |
fd8b60 |
return retval;
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
if ((retval = krb5_get_credentials(context, 0,
|
|
Packit |
fd8b60 |
ccache, &creds, &credsp))) {
|
|
Packit |
fd8b60 |
com_err(prog, retval, "while getting creds for %s", hostname);
|
|
Packit |
fd8b60 |
return retval;
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
if (do_timer)
|
|
Packit |
fd8b60 |
swatch_on();
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
if ((retval = krb5_mk_req_extended(context, &auth_context, 0, NULL,
|
|
Packit |
fd8b60 |
credsp, &request_data))) {
|
|
Packit |
fd8b60 |
com_err(prog, retval, "while preparing AP_REQ for %s", hostname);
|
|
Packit |
fd8b60 |
goto cleanup;
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
krb5_auth_con_free(context, auth_context);
|
|
Packit |
fd8b60 |
auth_context = NULL;
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
/* Do server side now */
|
|
Packit |
fd8b60 |
if ((retval = get_server_key(context, credsp->server,
|
|
Packit |
fd8b60 |
credsp->keyblock.enctype, &keyblock))) {
|
|
Packit |
fd8b60 |
com_err(prog, retval, "while getting server key for %s", hostname);
|
|
Packit |
fd8b60 |
goto cleanup;
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
if (krb5_auth_con_init(context, &auth_context)) {
|
|
Packit |
fd8b60 |
com_err(prog, retval, "while creating auth_context for %s", hostname);
|
|
Packit |
fd8b60 |
goto cleanup;
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
if (krb5_auth_con_setuseruserkey(context, auth_context, keyblock)) {
|
|
Packit |
fd8b60 |
com_err(prog, retval, "while setting auth_context key %s", hostname);
|
|
Packit |
fd8b60 |
goto cleanup;
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
if ((retval = krb5_rd_req(context, &auth_context, &request_data,
|
|
Packit |
fd8b60 |
NULL /* server */, 0, NULL, &ticket))) {
|
|
Packit |
fd8b60 |
com_err(prog, retval, "while decoding AP_REQ for %s", hostname);
|
|
Packit |
fd8b60 |
goto cleanup;
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
if (do_timer) {
|
|
Packit |
fd8b60 |
dt = swatch_eltime();
|
|
Packit |
fd8b60 |
tgs_req_times.ht_cumulative += dt;
|
|
Packit |
fd8b60 |
tgs_req_times.ht_observations++;
|
|
Packit |
fd8b60 |
if (dt > tgs_req_times.ht_max)
|
|
Packit |
fd8b60 |
tgs_req_times.ht_max = dt;
|
|
Packit |
fd8b60 |
if (dt < tgs_req_times.ht_min)
|
|
Packit |
fd8b60 |
tgs_req_times.ht_min = dt;
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
if (!(krb5_principal_compare(context,ticket->enc_part2->client,p_client))){
|
|
Packit |
fd8b60 |
char *returned_client;
|
|
Packit |
fd8b60 |
if ((retval = krb5_unparse_name(context, ticket->enc_part2->client,
|
|
Packit |
fd8b60 |
&returned_client)))
|
|
Packit |
fd8b60 |
com_err (prog, retval,
|
|
Packit |
fd8b60 |
"Client not as expected, but cannot unparse client name");
|
|
Packit |
fd8b60 |
else
|
|
Packit |
fd8b60 |
com_err (prog, 0, "Client not as expected (%s).", returned_client);
|
|
Packit |
fd8b60 |
retval = KRB5_PRINC_NOMATCH;
|
|
Packit |
fd8b60 |
free(returned_client);
|
|
Packit |
fd8b60 |
} else {
|
|
Packit |
fd8b60 |
retval = 0;
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
cleanup:
|
|
Packit |
fd8b60 |
krb5_free_cred_contents(context, &creds);
|
|
Packit |
fd8b60 |
krb5_free_ticket(context, ticket);
|
|
Packit |
fd8b60 |
krb5_auth_con_free(context, auth_context);
|
|
Packit |
fd8b60 |
krb5_free_keyblock(context, keyblock);
|
|
Packit |
fd8b60 |
krb5_free_data_contents(context, &request_data);
|
|
Packit |
fd8b60 |
krb5_free_creds(context, credsp);
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
return retval;
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
int get_tgt (context, p_client_str, p_client, ccache)
|
|
Packit |
fd8b60 |
krb5_context context;
|
|
Packit |
fd8b60 |
char *p_client_str;
|
|
Packit |
fd8b60 |
krb5_principal *p_client;
|
|
Packit |
fd8b60 |
krb5_ccache ccache;
|
|
Packit |
fd8b60 |
{
|
|
Packit |
fd8b60 |
long lifetime = KRB5_DEFAULT_LIFE; /* -l option */
|
|
Packit |
fd8b60 |
krb5_error_code code;
|
|
Packit |
fd8b60 |
krb5_creds my_creds;
|
|
Packit |
fd8b60 |
krb5_timestamp start;
|
|
Packit |
fd8b60 |
float dt;
|
|
Packit |
fd8b60 |
krb5_get_init_creds_opt *options;
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
if (!brief)
|
|
Packit |
fd8b60 |
fprintf(stderr, "\tgetting TGT for %s\n", p_client_str);
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
if ((code = krb5_timeofday(context, &start))) {
|
|
Packit |
fd8b60 |
com_err(prog, code, "while getting time of day");
|
|
Packit |
fd8b60 |
return(-1);
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
memset(&my_creds, 0, sizeof(my_creds));
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
if ((code = krb5_parse_name (context, p_client_str, p_client))) {
|
|
Packit |
fd8b60 |
com_err (prog, code, "when parsing name %s", p_client_str);
|
|
Packit |
fd8b60 |
return(-1);
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
code = krb5_cc_initialize (context, ccache, *p_client);
|
|
Packit |
fd8b60 |
if (code != 0) {
|
|
Packit |
fd8b60 |
com_err (prog, code, "when initializing cache");
|
|
Packit |
fd8b60 |
return(-1);
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
if (do_timer)
|
|
Packit |
fd8b60 |
swatch_on();
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
code = krb5_get_init_creds_opt_alloc(context, &options);
|
|
Packit |
fd8b60 |
if (code != 0) {
|
|
Packit |
fd8b60 |
com_err(prog, code, "when allocating init cred options");
|
|
Packit |
fd8b60 |
return(-1);
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
krb5_get_init_creds_opt_set_tkt_life(options, lifetime);
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
code = krb5_get_init_creds_opt_set_out_ccache(context, options, ccache);
|
|
Packit |
fd8b60 |
if (code != 0) {
|
|
Packit |
fd8b60 |
com_err(prog, code, "when setting init cred output ccache");
|
|
Packit |
fd8b60 |
return(-1);
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
code = krb5_get_init_creds_password(context, &my_creds, *p_client,
|
|
Packit |
fd8b60 |
p_client_str, NULL, NULL, 0, NULL,
|
|
Packit |
fd8b60 |
options);
|
|
Packit |
fd8b60 |
if (do_timer) {
|
|
Packit |
fd8b60 |
dt = swatch_eltime();
|
|
Packit |
fd8b60 |
in_tkt_times.ht_cumulative += dt;
|
|
Packit |
fd8b60 |
in_tkt_times.ht_observations++;
|
|
Packit |
fd8b60 |
if (dt > in_tkt_times.ht_max)
|
|
Packit |
fd8b60 |
in_tkt_times.ht_max = dt;
|
|
Packit |
fd8b60 |
if (dt < in_tkt_times.ht_min)
|
|
Packit |
fd8b60 |
in_tkt_times.ht_min = dt;
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
krb5_get_init_creds_opt_free(context, options);
|
|
Packit |
fd8b60 |
krb5_free_cred_contents(context, &my_creds);
|
|
Packit |
fd8b60 |
if (code != 0) {
|
|
Packit |
fd8b60 |
com_err (prog, code, "while getting initial credentials");
|
|
Packit |
fd8b60 |
return(-1);
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
return(0);
|
|
Packit |
fd8b60 |
}
|