2 * Copyright (c) 2008 Isilon Inc http://www.isilon.com/
3 * Authors: Doug Rabson <dfr@rabson.org>
4 * Developed with Red Inc: Alfred Perlstein <alfred@freebsd.org>
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 #include <sys/types.h>
29 #include <sys/syscall.h>
30 #include <sys/module.h>
39 #include <gssapi/gssapi.h>
40 #include <gssapi/gssapi_krb5.h>
42 struct gsstest_2_args {
43 int step; /* test step number */
44 gss_buffer_desc input_token; /* token from userland */
45 gss_buffer_desc output_token; /* buffer to receive reply token */
47 struct gsstest_2_res {
48 OM_uint32 maj_stat; /* maj_stat from kernel */
49 OM_uint32 min_stat; /* min_stat from kernel */
50 gss_buffer_desc output_token; /* reply token (using space from gsstest_2_args.output) */
54 report_error(gss_OID mech, OM_uint32 maj, OM_uint32 min)
56 OM_uint32 maj_stat, min_stat;
57 OM_uint32 message_context;
60 printf("major_stat=%d, minor_stat=%d\n", maj, min);
63 maj_stat = gss_display_status(&min_stat, maj,
64 GSS_C_GSS_CODE, GSS_C_NO_OID, &message_context, &buf);
65 printf("%.*s\n", (int)buf.length, (char *) buf.value);
66 gss_release_buffer(&min_stat, &buf);
67 } while (message_context);
71 maj_stat = gss_display_status(&min_stat, min,
72 GSS_C_MECH_CODE, mech, &message_context, &buf);
73 printf("%.*s\n", (int)buf.length, (char *) buf.value);
74 gss_release_buffer(&min_stat, &buf);
75 } while (message_context);
80 main(int argc, char **argv)
82 struct module_stat stat;
86 stat.version = sizeof(stat);
87 mod = modfind("gsstest_syscall");
89 fprintf(stderr, "%s: kernel support not present\n", argv[0]);
93 syscall_num = stat.data.intval;
95 switch (atoi(argv[1])) {
97 syscall(syscall_num, 1, NULL, NULL);
101 struct gsstest_2_args args;
102 struct gsstest_2_res res;
104 char token_buffer[8192];
105 OM_uint32 maj_stat, min_stat;
106 gss_ctx_id_t client_context = GSS_C_NO_CONTEXT;
107 gss_cred_id_t client_cred;
108 gss_OID mech_type = GSS_C_NO_OID;
109 gss_buffer_desc name_buf, message_buf;
111 int32_t enctypes[] = {
113 ETYPE_ARCFOUR_HMAC_MD5,
114 ETYPE_ARCFOUR_HMAC_MD5_56,
115 ETYPE_AES256_CTS_HMAC_SHA1_96,
116 ETYPE_AES128_CTS_HMAC_SHA1_96,
119 int num_enctypes = sizeof(enctypes) / sizeof(enctypes[0]);
123 for (i = 0; i < num_enctypes; i++) {
124 printf("testing etype %d\n", enctypes[i]);
125 args.output_token.length = sizeof(token_buffer);
126 args.output_token.value = token_buffer;
128 gethostname(hostname, sizeof(hostname));
129 snprintf(token_buffer, sizeof(token_buffer),
131 name_buf.length = strlen(token_buffer);
132 name_buf.value = token_buffer;
133 maj_stat = gss_import_name(&min_stat, &name_buf,
134 GSS_C_NT_HOSTBASED_SERVICE, &name);
135 if (GSS_ERROR(maj_stat)) {
136 printf("gss_import_name failed\n");
137 report_error(mech_type, maj_stat, min_stat);
141 maj_stat = gss_acquire_cred(&min_stat, GSS_C_NO_NAME,
142 0, GSS_C_NO_OID_SET, GSS_C_INITIATE, &client_cred,
144 if (GSS_ERROR(maj_stat)) {
145 printf("gss_acquire_cred (client) failed\n");
146 report_error(mech_type, maj_stat, min_stat);
150 maj_stat = gss_krb5_set_allowable_enctypes(&min_stat,
151 client_cred, 1, &enctypes[i]);
152 if (GSS_ERROR(maj_stat)) {
153 printf("gss_krb5_set_allowable_enctypes failed\n");
154 report_error(mech_type, maj_stat, min_stat);
158 res.output_token.length = 0;
159 res.output_token.value = 0;
161 while (!established) {
162 maj_stat = gss_init_sec_context(&min_stat,
173 GSS_C_NO_CHANNEL_BINDINGS,
179 if (GSS_ERROR(maj_stat)) {
180 printf("gss_init_sec_context failed\n");
181 report_error(mech_type, maj_stat, min_stat);
184 if (args.input_token.length) {
186 syscall(syscall_num, 2, &args, &res);
187 gss_release_buffer(&min_stat,
189 if (res.maj_stat != GSS_S_COMPLETE
190 && res.maj_stat != GSS_S_CONTINUE_NEEDED) {
191 printf("gss_accept_sec_context (kernel) failed\n");
192 report_error(mech_type, res.maj_stat,
197 if (maj_stat == GSS_S_COMPLETE)
201 message_buf.value = "Hello world";
202 message_buf.length = strlen((char *) message_buf.value);
204 maj_stat = gss_get_mic(&min_stat, client_context,
205 GSS_C_QOP_DEFAULT, &message_buf, &args.input_token);
206 if (GSS_ERROR(maj_stat)) {
207 printf("gss_get_mic failed\n");
208 report_error(mech_type, maj_stat, min_stat);
213 syscall(syscall_num, 2, &args, &res);
214 gss_release_buffer(&min_stat, &args.input_token);
215 if (GSS_ERROR(res.maj_stat)) {
216 printf("kernel gss_verify_mic failed\n");
217 report_error(mech_type, res.maj_stat, res.min_stat);
221 maj_stat = gss_verify_mic(&min_stat, client_context,
222 &message_buf, &res.output_token, NULL);
223 if (GSS_ERROR(maj_stat)) {
224 printf("gss_verify_mic failed\n");
225 report_error(mech_type, maj_stat, min_stat);
229 maj_stat = gss_wrap(&min_stat, client_context,
230 TRUE, GSS_C_QOP_DEFAULT, &message_buf, NULL,
232 if (GSS_ERROR(maj_stat)) {
233 printf("gss_wrap failed\n");
234 report_error(mech_type, maj_stat, min_stat);
239 syscall(syscall_num, 2, &args, &res);
240 gss_release_buffer(&min_stat, &args.input_token);
241 if (GSS_ERROR(res.maj_stat)) {
242 printf("kernel gss_unwrap failed\n");
243 report_error(mech_type, res.maj_stat, res.min_stat);
247 maj_stat = gss_unwrap(&min_stat, client_context,
248 &res.output_token, &message_buf, NULL, NULL);
249 if (GSS_ERROR(maj_stat)) {
250 printf("gss_unwrap failed\n");
251 report_error(mech_type, maj_stat, min_stat);
254 gss_release_buffer(&min_stat, &message_buf);
256 maj_stat = gss_wrap(&min_stat, client_context,
257 FALSE, GSS_C_QOP_DEFAULT, &message_buf, NULL,
259 if (GSS_ERROR(maj_stat)) {
260 printf("gss_wrap failed\n");
261 report_error(mech_type, maj_stat, min_stat);
266 syscall(syscall_num, 2, &args, &res);
267 gss_release_buffer(&min_stat, &args.input_token);
268 if (GSS_ERROR(res.maj_stat)) {
269 printf("kernel gss_unwrap failed\n");
270 report_error(mech_type, res.maj_stat, res.min_stat);
274 maj_stat = gss_unwrap(&min_stat, client_context,
275 &res.output_token, &message_buf, NULL, NULL);
276 if (GSS_ERROR(maj_stat)) {
277 printf("gss_unwrap failed\n");
278 report_error(mech_type, maj_stat, min_stat);
281 gss_release_buffer(&min_stat, &message_buf);
284 syscall(syscall_num, 2, &args, &res);
286 gss_release_name(&min_stat, &name);
287 gss_release_cred(&min_stat, &client_cred);
288 gss_delete_sec_context(&min_stat, &client_context,
295 syscall(syscall_num, 3, NULL, NULL);
298 syscall(syscall_num, 4, NULL, NULL);