#ifdef __FreeBSD__
#include <sys/cdefs.h>
#else
#define __unused
#endif
#include <ctype.h>
#include <err.h>
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <rpc/rpc.h>
#include <rpc/rpcsec_gss.h>
static rpc_gss_principal_t server_acl = NULL;
static void
usage(void)
{
printf("rpctest client | server\n");
exit(1);
}
static void
print_principal(rpc_gss_principal_t principal)
{
int i, len, n;
uint8_t *p;
len = principal->len;
p = (uint8_t *) principal->name;
while (len > 0) {
n = len;
if (n > 16)
n = 16;
for (i = 0; i < n; i++)
printf("%02x ", p[i]);
for (; i < 16; i++)
printf(" ");
printf("|");
for (i = 0; i < n; i++)
printf("%c", isprint(p[i]) ? p[i] : '.');
printf("|\n");
len -= n;
p += n;
}
}
static void
test_client(int argc, const char **argv)
{
rpcproc_t prog = 123456;
rpcvers_t vers = 1;
const char *netid = "tcp";
char hostname[128], service[128+5];
CLIENT *client;
AUTH *auth;
const char **mechs;
rpc_gss_options_req_t options_req;
rpc_gss_options_ret_t options_ret;
rpc_gss_service_t svc;
struct timeval tv;
enum clnt_stat stat;
if (argc == 2)
strlcpy(hostname, argv[1], sizeof(hostname));
else
gethostname(hostname, sizeof(hostname));
client = clnt_create(hostname, prog, vers, netid);
if (!client) {
printf("rpc_createerr.cf_stat = %d\n",
rpc_createerr.cf_stat);
printf("rpc_createerr.cf_error.re_errno = %d\n",
rpc_createerr.cf_error.re_errno);
return;
}
strcpy(service, "host");
strcat(service, "@");
strcat(service, hostname);
mechs = rpc_gss_get_mechanisms();
auth = NULL;
while (*mechs) {
options_req.req_flags = GSS_C_MUTUAL_FLAG;
options_req.time_req = 600;
options_req.my_cred = GSS_C_NO_CREDENTIAL;
options_req.input_channel_bindings = NULL;
auth = rpc_gss_seccreate(client, service,
*mechs,
rpc_gss_svc_none,
NULL,
&options_req,
&options_ret);
if (auth)
break;
mechs++;
}
if (!auth) {
clnt_pcreateerror("rpc_gss_seccreate");
printf("Can't authenticate with server %s.\n",
hostname);
exit(1);
}
client->cl_auth = auth;
for (svc = rpc_gss_svc_none; svc <= rpc_gss_svc_privacy; svc++) {
const char *svc_names[] = {
"rpc_gss_svc_default",
"rpc_gss_svc_none",
"rpc_gss_svc_integrity",
"rpc_gss_svc_privacy"
};
int num;
rpc_gss_set_defaults(auth, svc, NULL);
tv.tv_sec = 5;
tv.tv_usec = 0;
num = 42;
stat = CLNT_CALL(client, 1,
(xdrproc_t) xdr_int, (char *) &num,
(xdrproc_t) xdr_int, (char *) &num, tv);
if (stat == RPC_SUCCESS) {
printf("succeeded with %s\n", svc_names[svc]);
if (num != 142)
printf("unexpected reply %d\n", num);
} else {
clnt_perror(client, "call failed");
}
}
AUTH_DESTROY(auth);
CLNT_DESTROY(client);
}
static void
server_program_1(struct svc_req *rqstp, register SVCXPRT *transp)
{
rpc_gss_rawcred_t *rcred;
rpc_gss_ucred_t *ucred;
int i, num;
if (rqstp->rq_cred.oa_flavor != RPCSEC_GSS) {
svcerr_weakauth(transp);
return;
}
if (!rpc_gss_getcred(rqstp, &rcred, &ucred, NULL)) {
svcerr_systemerr(transp);
return;
}
printf("svc=%d, mech=%s, uid=%d, gid=%d, gids={",
rcred->service, rcred->mechanism, ucred->uid, ucred->gid);
for (i = 0; i < ucred->gidlen; i++) {
if (i > 0) printf(",");
printf("%d", ucred->gidlist[i]);
}
printf("}\n");
switch (rqstp->rq_proc) {
case 0:
if (!svc_getargs(transp, (xdrproc_t) xdr_void, 0)) {
svcerr_decode(transp);
goto out;
}
if (!svc_sendreply(transp, (xdrproc_t) xdr_void, 0)) {
svcerr_systemerr(transp);
}
goto out;
case 1:
if (!svc_getargs(transp, (xdrproc_t) xdr_int,
(char *) &num)) {
svcerr_decode(transp);
goto out;
}
num += 100;
if (!svc_sendreply(transp, (xdrproc_t) xdr_int,
(char *) &num)) {
svcerr_systemerr(transp);
}
goto out;
default:
svcerr_noproc(transp);
goto out;
}
out:
return;
}
#if 0
static void
report_error(gss_OID mech, OM_uint32 maj, OM_uint32 min)
{
OM_uint32 maj_stat, min_stat;
OM_uint32 message_context;
gss_buffer_desc buf;
printf("major_stat=%d, minor_stat=%d\n", maj, min);
message_context = 0;
do {
maj_stat = gss_display_status(&min_stat, maj,
GSS_C_GSS_CODE, GSS_C_NO_OID, &message_context, &buf);
printf("%.*s\n", (int)buf.length, (char *) buf.value);
gss_release_buffer(&min_stat, &buf);
} while (message_context);
if (mech) {
message_context = 0;
do {
maj_stat = gss_display_status(&min_stat, min,
GSS_C_MECH_CODE, mech, &message_context, &buf);
printf("%.*s\n", (int)buf.length, (char *) buf.value);
gss_release_buffer(&min_stat, &buf);
} while (message_context);
}
exit(1);
}
#endif
static bool_t
server_new_context(__unused struct svc_req *req,
__unused gss_cred_id_t deleg,
__unused gss_ctx_id_t gss_context,
rpc_gss_lock_t *lock,
__unused void **cookie)
{
rpc_gss_rawcred_t *rcred = lock->raw_cred;
printf("new security context version=%d, mech=%s, qop=%s:\n",
rcred->version, rcred->mechanism, rcred->qop);
print_principal(rcred->client_principal);
if (!server_acl)
return (TRUE);
if (rcred->client_principal->len != server_acl->len
|| memcmp(rcred->client_principal->name, server_acl->name,
server_acl->len)) {
return (FALSE);
}
return (TRUE);
}
static void
test_server(__unused int argc, __unused const char **argv)
{
char hostname[128];
char principal[128 + 5];
const char **mechs;
static rpc_gss_callback_t cb;
if (argc == 3) {
if (!rpc_gss_get_principal_name(&server_acl, argv[1],
argv[2], NULL, NULL)) {
printf("Can't create %s ACL entry for %s\n",
argv[1], argv[2]);
return;
}
}
gethostname(hostname, sizeof(hostname));;
snprintf(principal, sizeof(principal), "host@%s", hostname);
mechs = rpc_gss_get_mechanisms();
while (*mechs) {
if (!rpc_gss_set_svc_name(principal, *mechs, GSS_C_INDEFINITE,
123456, 1)) {
rpc_gss_error_t e;
rpc_gss_get_error(&e);
printf("setting name for %s for %s failed: %d, %d\n",
principal, *mechs,
e.rpc_gss_error, e.system_error);
#if 0
gss_OID mech_oid;
gss_OID_set_desc oid_set;
gss_name_t name;
OM_uint32 maj_stat, min_stat;
gss_buffer_desc namebuf;
gss_cred_id_t cred;
rpc_gss_mech_to_oid(*mechs, &mech_oid);
oid_set.count = 1;
oid_set.elements = mech_oid;
namebuf.value = principal;
namebuf.length = strlen(principal);
maj_stat = gss_import_name(&min_stat, &namebuf,
GSS_C_NT_HOSTBASED_SERVICE, &name);
if (maj_stat) {
printf("gss_import_name failed\n");
report_error(mech_oid, maj_stat, min_stat);
}
maj_stat = gss_acquire_cred(&min_stat, name,
0, &oid_set, GSS_C_ACCEPT, &cred, NULL, NULL);
if (maj_stat) {
printf("gss_acquire_cred failed\n");
report_error(mech_oid, maj_stat, min_stat);
}
#endif
}
mechs++;
}
cb.program = 123456;
cb.version = 1;
cb.callback = server_new_context;
rpc_gss_set_callback(&cb);
svc_create(server_program_1, 123456, 1, 0);
svc_run();
}
static void
test_get_principal_name(int argc, const char **argv)
{
const char *mechname, *name, *node, *domain;
rpc_gss_principal_t principal;
if (argc < 3 || argc > 5) {
printf("usage: rpctest principal <mechname> <name> "
"[<node> [<domain>] ]\n");
exit(1);
}
mechname = argv[1];
name = argv[2];
node = NULL;
domain = NULL;
if (argc > 3) {
node = argv[3];
if (argc > 4)
domain = argv[4];
}
if (rpc_gss_get_principal_name(&principal, mechname, name,
node, domain)) {
printf("succeeded:\n");
print_principal(principal);
free(principal);
} else {
printf("failed\n");
}
}
int
main(int argc, const char **argv)
{
if (argc < 2)
usage();
if (!strcmp(argv[1], "client"))
test_client(argc - 1, argv + 1);
else if (!strcmp(argv[1], "server"))
test_server(argc - 1, argv + 1);
else if (!strcmp(argv[1], "principal"))
test_get_principal_name(argc - 1, argv + 1);
else
usage();
return (0);
}
