diff options
author | Stefan Metzmacher <metze@samba.org> | 2021-12-24 01:52:32 +0100 |
---|---|---|
committer | Joseph Sutton <jsutton@samba.org> | 2022-01-19 20:50:35 +0000 |
commit | 40b65c840e03bd5eb7f3b02fe80144650c63c005 (patch) | |
tree | d11b9bf5bcf1c71c0696d2153489447d47d03a0e /source4/heimdal/kdc/test_csr_authorizer.c | |
parent | d2a3016a9c59f93f89cf4bb86d40938d56400453 (diff) | |
download | samba-40b65c840e03bd5eb7f3b02fe80144650c63c005.tar.gz |
s4:heimdal: import lorikeet-heimdal-202201172009 (commit 5a0b45cd723628b3690ea848548b05771c40f14e)
See
https://git.samba.org/?p=lorikeet-heimdal.git;a=shortlog;h=refs/heads/lorikeet-heimdal-202201172009
or
https://gitlab.com/samba-team/devel/lorikeet-heimdal/-/tree/lorikeet-heimdal-202201172009
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Diffstat (limited to 'source4/heimdal/kdc/test_csr_authorizer.c')
-rw-r--r-- | source4/heimdal/kdc/test_csr_authorizer.c | 106 |
1 files changed, 106 insertions, 0 deletions
diff --git a/source4/heimdal/kdc/test_csr_authorizer.c b/source4/heimdal/kdc/test_csr_authorizer.c new file mode 100644 index 00000000000..1d526f77bb6 --- /dev/null +++ b/source4/heimdal/kdc/test_csr_authorizer.c @@ -0,0 +1,106 @@ +#include "kdc_locl.h" + +static int help_flag; +static int version_flag; +static const char *app_string = "kdc"; + +struct getargs args[] = { + { "help", 'h', arg_flag, &help_flag, + "Print usage message", NULL }, + { "version", 'v', arg_flag, &version_flag, + "Print version", NULL }, + { "app", 'a', arg_string, &app_string, + "App to test (kdc or bx509); default: kdc", "APPNAME" }, +}; +size_t num_args = sizeof(args) / sizeof(args[0]); + +static int +usage(int e) +{ + arg_printusage(args, num_args, NULL, "PATH-TO-DER-CSR PRINCIPAL"); + fprintf(stderr, + "\n\tExercise CSR authorization plugins for a given CSR for a\n" + "\tgiven principal.\n" + "\n\tExample: %s PKCS10:/tmp/csr.der foo@TEST.H5L.SE\n", + getprogname()); + exit(e); + return e; +} + +static const char *sysplugin_dirs[] = { +#ifdef _WIN32 + "$ORIGIN", +#else + "$ORIGIN/../lib/plugin/kdc", +#endif +#ifdef __APPLE__ + LIBDIR "/plugin/kdc", +#endif + NULL +}; + +static void +load_plugins(krb5_context context) +{ + const char * const *dirs = sysplugin_dirs; +#ifndef _WIN32 + char **cfdirs; + + cfdirs = krb5_config_get_strings(context, NULL, "kdc", "plugin_dir", NULL); + if (cfdirs) + dirs = (const char * const *)cfdirs; +#endif + + _krb5_load_plugins(context, "kdc", (const char **)dirs); + +#ifndef _WIN32 + krb5_config_free_strings(cfdirs); +#endif +} + +int +main(int argc, char **argv) +{ + krb5_log_facility *logf; + krb5_error_code ret; + krb5_context context; + hx509_request csr; + krb5_principal princ = NULL; + const char *argv0 = argv[0]; + int optidx = 0; + + setprogname(argv[0]); + if (getarg(args, num_args, argc, argv, &optidx)) + return usage(1); + if (help_flag) + return usage(0); + if (version_flag) { + print_version(argv[0]); + return 0; + } + + argc -= optidx; + argv += optidx; + + if (argc != 2) + usage(1); + + if ((errno = krb5_init_context(&context))) + err(1, "Could not initialize krb5_context"); + if ((ret = krb5_initlog(context, argv0, &logf)) || + (ret = krb5_addlog_dest(context, logf, "0-5/STDERR"))) + krb5_err(context, 1, ret, "Could not set up logging to stderr"); + load_plugins(context); + if ((ret = hx509_request_parse(context->hx509ctx, argv[0], &csr))) + krb5_err(context, 1, ret, "Could not parse PKCS#10 CSR from %s", argv[0]); + if ((ret = krb5_parse_name(context, argv[1], &princ))) + krb5_err(context, 1, ret, "Could not parse principal %s", argv[1]); + if ((ret = kdc_authorize_csr(context, app_string, csr, princ))) + krb5_err(context, 1, ret, "Authorization failed"); + printf("Authorized!\n"); + krb5_free_principal(context, princ); + _krb5_unload_plugins(context, "kdc"); + krb5_free_context(context); + hx509_request_free(&csr); + return 0; +} |