1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
/* Copyright (C) 2014 the GSS-PROXY contributors, see COPYING for license */
#include "t_utils.h"
int main(int argc, const char *argv[])
{
char buffer[MAX_RPC_SIZE];
uint32_t buflen;
gss_cred_id_t cred_handle = GSS_C_NO_CREDENTIAL;
gss_ctx_id_t context_handle = GSS_C_NO_CONTEXT;
gss_buffer_desc in_token = GSS_C_EMPTY_BUFFER;
gss_buffer_desc out_token = GSS_C_EMPTY_BUFFER;
gss_name_t name;
gss_name_t i_name;
gss_OID_set_desc oid_set = { 1, discard_const(gss_mech_krb5) };
uint32_t ret_maj;
uint32_t ret_min;
int ret = -1;
ret = t_string_to_name(argv[1], &name, GSS_C_NT_HOSTBASED_SERVICE);
if (ret) {
DEBUG("Failed to import server name from argv[1]\n");
ret = -1;
goto done;
}
if (argc > 2) {
ret = t_string_to_name(argv[2], &i_name,
discard_const(GSS_KRB5_NT_PRINCIPAL_NAME));
if (ret) {
DEBUG("Failed to import client name from argv[2]\n");
ret = -1;
goto done;
}
ret_maj = gss_acquire_cred(&ret_min,
i_name,
GSS_C_INDEFINITE,
&oid_set,
GSS_C_INITIATE,
&cred_handle,
NULL, NULL);
if (ret_maj != GSS_S_COMPLETE) {
DEBUG("gss_acquire_cred() failed\n");
t_log_failure(GSS_C_NO_OID, ret_maj, ret_min);
ret = -1;
goto done;
}
}
ret_maj = gss_init_sec_context(&ret_min,
cred_handle,
&context_handle,
name,
GSS_C_NO_OID,
GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
0,
GSS_C_NO_CHANNEL_BINDINGS,
&in_token,
NULL,
&out_token,
NULL,
NULL);
if (ret_maj != GSS_S_CONTINUE_NEEDED) {
DEBUG("gss_init_sec_context() failed\n");
t_log_failure(GSS_C_NO_OID, ret_maj, ret_min);
ret = -1;
goto done;
}
/* We get stuff from stdin and spit it out on stderr */
if (!out_token.length) {
DEBUG("No output token ?");
ret = -1;
goto done;
}
ret = t_send_buffer(STDOUT_FD, out_token.value, out_token.length);
if (ret) {
DEBUG("Failed to send data to server!\n");
ret = -1;
goto done;
}
gss_release_buffer(&ret_min, &out_token);
ret = t_recv_buffer(STDIN_FD, buffer, &buflen);
if (ret != 0) {
DEBUG("Failed to read token from STDIN\n");
ret = -1;
goto done;
}
in_token.value = buffer;
in_token.length = buflen;
ret_maj = gss_init_sec_context(&ret_min,
cred_handle,
&context_handle,
name,
GSS_C_NO_OID,
GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
0,
GSS_C_NO_CHANNEL_BINDINGS,
&in_token,
NULL,
&out_token,
NULL,
NULL);
if (ret_maj) {
DEBUG("Error initializing context\n");
t_log_failure(GSS_C_NO_OID, ret_maj, ret_min);
ret = -1;
goto done;
}
ret = 0;
done:
gss_delete_sec_context(&ret_min, &context_handle, NULL);
gss_release_cred(&ret_min, &cred_handle);
gss_release_buffer(&ret_min, &out_token);
gss_release_name(&ret_min, &name);
return ret;
}
|
