2 * Copyright (c) 2008 Isilon Inc http://www.isilon.com/
3 * Authors: Doug Rabson <dfr@rabson.org>
4 * Developed with Red Inc: Alfred Perlstein <alfred@freebsd.org>
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 #include <sys/types.h>
31 #include <sys/syscall.h>
32 #include <sys/module.h>
41 #include <gssapi/gssapi.h>
42 #include <gssapi/gssapi_krb5.h>
44 struct gsstest_2_args {
45 int step; /* test step number */
46 gss_buffer_desc input_token; /* token from userland */
47 gss_buffer_desc output_token; /* buffer to receive reply token */
49 struct gsstest_2_res {
50 OM_uint32 maj_stat; /* maj_stat from kernel */
51 OM_uint32 min_stat; /* min_stat from kernel */
52 gss_buffer_desc output_token; /* reply token (using space from gsstest_2_args.output) */
56 report_error(gss_OID mech, OM_uint32 maj, OM_uint32 min)
58 OM_uint32 maj_stat, min_stat;
59 OM_uint32 message_context;
62 printf("major_stat=%d, minor_stat=%d\n", maj, min);
65 maj_stat = gss_display_status(&min_stat, maj,
66 GSS_C_GSS_CODE, GSS_C_NO_OID, &message_context, &buf);
67 printf("%.*s\n", (int)buf.length, (char *) buf.value);
68 gss_release_buffer(&min_stat, &buf);
69 } while (message_context);
73 maj_stat = gss_display_status(&min_stat, min,
74 GSS_C_MECH_CODE, mech, &message_context, &buf);
75 printf("%.*s\n", (int)buf.length, (char *) buf.value);
76 gss_release_buffer(&min_stat, &buf);
77 } while (message_context);
82 main(int argc, char **argv)
84 struct module_stat stat;
88 stat.version = sizeof(stat);
89 mod = modfind("gsstest_syscall");
91 fprintf(stderr, "%s: kernel support not present\n", argv[0]);
95 syscall_num = stat.data.intval;
97 switch (atoi(argv[1])) {
99 syscall(syscall_num, 1, NULL, NULL);
103 struct gsstest_2_args args;
104 struct gsstest_2_res res;
106 char token_buffer[8192];
107 OM_uint32 maj_stat, min_stat;
108 gss_ctx_id_t client_context = GSS_C_NO_CONTEXT;
109 gss_cred_id_t client_cred;
110 gss_OID mech_type = GSS_C_NO_OID;
111 gss_buffer_desc name_buf, message_buf;
113 int32_t enctypes[] = {
115 ETYPE_ARCFOUR_HMAC_MD5,
116 ETYPE_ARCFOUR_HMAC_MD5_56,
117 ETYPE_AES256_CTS_HMAC_SHA1_96,
118 ETYPE_AES128_CTS_HMAC_SHA1_96,
121 int num_enctypes = sizeof(enctypes) / sizeof(enctypes[0]);
125 for (i = 0; i < num_enctypes; i++) {
126 printf("testing etype %d\n", enctypes[i]);
127 args.output_token.length = sizeof(token_buffer);
128 args.output_token.value = token_buffer;
130 gethostname(hostname, sizeof(hostname));
131 snprintf(token_buffer, sizeof(token_buffer),
133 name_buf.length = strlen(token_buffer);
134 name_buf.value = token_buffer;
135 maj_stat = gss_import_name(&min_stat, &name_buf,
136 GSS_C_NT_HOSTBASED_SERVICE, &name);
137 if (GSS_ERROR(maj_stat)) {
138 printf("gss_import_name failed\n");
139 report_error(mech_type, maj_stat, min_stat);
143 maj_stat = gss_acquire_cred(&min_stat, GSS_C_NO_NAME,
144 0, GSS_C_NO_OID_SET, GSS_C_INITIATE, &client_cred,
146 if (GSS_ERROR(maj_stat)) {
147 printf("gss_acquire_cred (client) failed\n");
148 report_error(mech_type, maj_stat, min_stat);
152 maj_stat = gss_krb5_set_allowable_enctypes(&min_stat,
153 client_cred, 1, &enctypes[i]);
154 if (GSS_ERROR(maj_stat)) {
155 printf("gss_krb5_set_allowable_enctypes failed\n");
156 report_error(mech_type, maj_stat, min_stat);
160 res.output_token.length = 0;
161 res.output_token.value = 0;
163 while (!established) {
164 maj_stat = gss_init_sec_context(&min_stat,
175 GSS_C_NO_CHANNEL_BINDINGS,
181 if (GSS_ERROR(maj_stat)) {
182 printf("gss_init_sec_context failed\n");
183 report_error(mech_type, maj_stat, min_stat);
186 if (args.input_token.length) {
188 syscall(syscall_num, 2, &args, &res);
189 gss_release_buffer(&min_stat,
191 if (res.maj_stat != GSS_S_COMPLETE
192 && res.maj_stat != GSS_S_CONTINUE_NEEDED) {
193 printf("gss_accept_sec_context (kernel) failed\n");
194 report_error(mech_type, res.maj_stat,
199 if (maj_stat == GSS_S_COMPLETE)
203 message_buf.value = "Hello world";
204 message_buf.length = strlen((char *) message_buf.value);
206 maj_stat = gss_get_mic(&min_stat, client_context,
207 GSS_C_QOP_DEFAULT, &message_buf, &args.input_token);
208 if (GSS_ERROR(maj_stat)) {
209 printf("gss_get_mic failed\n");
210 report_error(mech_type, maj_stat, min_stat);
215 syscall(syscall_num, 2, &args, &res);
216 gss_release_buffer(&min_stat, &args.input_token);
217 if (GSS_ERROR(res.maj_stat)) {
218 printf("kernel gss_verify_mic failed\n");
219 report_error(mech_type, res.maj_stat, res.min_stat);
223 maj_stat = gss_verify_mic(&min_stat, client_context,
224 &message_buf, &res.output_token, NULL);
225 if (GSS_ERROR(maj_stat)) {
226 printf("gss_verify_mic failed\n");
227 report_error(mech_type, maj_stat, min_stat);
231 maj_stat = gss_wrap(&min_stat, client_context,
232 TRUE, GSS_C_QOP_DEFAULT, &message_buf, NULL,
234 if (GSS_ERROR(maj_stat)) {
235 printf("gss_wrap failed\n");
236 report_error(mech_type, maj_stat, min_stat);
241 syscall(syscall_num, 2, &args, &res);
242 gss_release_buffer(&min_stat, &args.input_token);
243 if (GSS_ERROR(res.maj_stat)) {
244 printf("kernel gss_unwrap failed\n");
245 report_error(mech_type, res.maj_stat, res.min_stat);
249 maj_stat = gss_unwrap(&min_stat, client_context,
250 &res.output_token, &message_buf, NULL, NULL);
251 if (GSS_ERROR(maj_stat)) {
252 printf("gss_unwrap failed\n");
253 report_error(mech_type, maj_stat, min_stat);
256 gss_release_buffer(&min_stat, &message_buf);
258 maj_stat = gss_wrap(&min_stat, client_context,
259 FALSE, GSS_C_QOP_DEFAULT, &message_buf, NULL,
261 if (GSS_ERROR(maj_stat)) {
262 printf("gss_wrap failed\n");
263 report_error(mech_type, maj_stat, min_stat);
268 syscall(syscall_num, 2, &args, &res);
269 gss_release_buffer(&min_stat, &args.input_token);
270 if (GSS_ERROR(res.maj_stat)) {
271 printf("kernel gss_unwrap failed\n");
272 report_error(mech_type, res.maj_stat, res.min_stat);
276 maj_stat = gss_unwrap(&min_stat, client_context,
277 &res.output_token, &message_buf, NULL, NULL);
278 if (GSS_ERROR(maj_stat)) {
279 printf("gss_unwrap failed\n");
280 report_error(mech_type, maj_stat, min_stat);
283 gss_release_buffer(&min_stat, &message_buf);
286 syscall(syscall_num, 2, &args, &res);
288 gss_release_name(&min_stat, &name);
289 gss_release_cred(&min_stat, &client_cred);
290 gss_delete_sec_context(&min_stat, &client_context,
297 syscall(syscall_num, 3, NULL, NULL);
300 syscall(syscall_num, 4, NULL, NULL);