/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/* tests/forward.c - test harness for getting forwarded creds */
/*
 * Copyright (C) 2016 by the Massachusetts Institute of Technology.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * * Redistributions of source code must retain the above copyright
 *   notice, this list of conditions and the following disclaimer.
 *
 * * Redistributions in binary form must reproduce the above copyright
 *   notice, this list of conditions and the following disclaimer in
 *   the documentation and/or other materials provided with the
 *   distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 */

/* This test program overwrites the default credential cache with a forwarded
 * TGT obtained using the TGT presently in the cache. */

#include "k5-int.h"

static krb5_context ctx;

static void
check(krb5_error_code code)
{
    const char *errmsg;

    if (code) {
        errmsg = krb5_get_error_message(ctx, code);
        fprintf(stderr, "%s\n", errmsg);
        krb5_free_error_message(ctx, errmsg);
        exit(1);
    }
}

int
main()
{
    krb5_ccache cc;
    krb5_creds mcred, tgt, *fcred;
    krb5_principal client, tgtprinc;
    krb5_flags options;

    /* Open the default ccache and get the client and TGT principal names. */
    check(krb5_init_context(&ctx));
    check(krb5_cc_default(ctx, &cc));
    check(krb5_cc_get_principal(ctx, cc, &client));
    check(krb5_build_principal_ext(ctx, &tgtprinc, client->realm.length,
                                   client->realm.data, KRB5_TGS_NAME_SIZE,
                                   KRB5_TGS_NAME, client->realm.length,
                                   client->realm.data, 0));

    /* Fetch the TGT credential. */
    memset(&mcred, 0, sizeof(mcred));
    mcred.client = client;
    mcred.server = tgtprinc;
    check(krb5_cc_retrieve_cred(ctx, cc, 0, &mcred, &tgt));

    /* Get a forwarded TGT. */
    mcred.times = tgt.times;
    mcred.times.starttime = 0;
    options = (tgt.ticket_flags & KDC_TKT_COMMON_MASK) | KDC_OPT_FORWARDED;
    check(krb5_get_cred_via_tkt(ctx, &tgt, options, NULL, &mcred, &fcred));

    /* Reinitialize the default ccache with the forwarded TGT. */
    check(krb5_cc_initialize(ctx, cc, client));
    check(krb5_cc_store_cred(ctx, cc, fcred));

    krb5_free_creds(ctx, fcred);
    krb5_free_cred_contents(ctx, &tgt);
    krb5_free_principal(ctx, tgtprinc);
    krb5_free_principal(ctx, client);
    krb5_cc_close(ctx, cc);
    krb5_free_context(ctx);
    return 0;
}