Skip to content

Commit

Permalink
Split things up so that proxy code can static link
Browse files Browse the repository at this point in the history
  • Loading branch information
@nalind
nalind committed Dec 10, 2014
1 parent 7ffe40b commit 444658b
Show file tree
Hide file tree
Showing 8 changed files with 183 additions and 177 deletions.
5 changes: 5 additions & 0 deletions build.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 1,5 @@
set -x
go build proxy-client.go proxy-misc.go
go build proxy-server.go proxy-misc.go
go build gss-client.go gss-misc.go
go build gss-server.go gss-misc.go
26 changes: 13 additions & 13 deletions gss-client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 36,7 @@ func connectOnce(host string, port int, service string, mcount int, quiet bool,
}
major, minor, name := gss.ImportName(sname, gss.C_NT_HOSTBASED_SERVICE)
if major != gss.S_COMPLETE {
misc.DisplayGSSError("importing remote service name", major, minor, nil)
DisplayGSSError("importing remote service name", major, minor, nil)
return
}
defer gss.ReleaseName(name)
Expand All @@ -48,7 48,7 @@ func connectOnce(host string, port int, service string, mcount int, quiet bool,
/* Parse the user name. */
major, minor, username := gss.ImportName(*user, gss.C_NT_USER_NAME)
if major != gss.S_COMPLETE {
misc.DisplayGSSError("importing client name", major, minor, nil)
DisplayGSSError("importing client name", major, minor, nil)
return
}
defer gss.ReleaseName(username)
Expand All @@ -74,7 74,7 @@ func connectOnce(host string, port int, service string, mcount int, quiet bool,
major, minor, cred, _, _ = gss.AcquireCred(username, gss.C_INDEFINITE, mechSet, gss.C_INITIATE)
}
if major != gss.S_COMPLETE {
misc.DisplayGSSError("acquiring creds", major, minor, &mechSet[0])
DisplayGSSError("acquiring creds", major, minor, &mechSet[0])
return
}
defer gss.ReleaseCred(cred)
Expand All @@ -87,7 87,7 @@ func connectOnce(host string, port int, service string, mcount int, quiet bool,
mechSet[0] = *pmech
major, minor = gss.SetNegMechs(cred, mechSet)
if major != gss.S_COMPLETE {
misc.DisplayGSSError("setting negotiate mechs", major, minor, nil)
DisplayGSSError("setting negotiate mechs", major, minor, nil)
return
}
}
Expand All @@ -111,7 111,7 @@ func connectOnce(host string, port int, service string, mcount int, quiet bool,
/* Start/continue. */
major, minor, _, token, flags, _, _, _ = gss.InitSecContext(cred, &ctx, name, mech, flags, gss.C_INDEFINITE, nil, token)
if major != gss.S_COMPLETE && major != gss.S_CONTINUE_NEEDED {
misc.DisplayGSSError("initializing security context", major, minor, &mech)
DisplayGSSError("initializing security context", major, minor, &mech)
gss.DeleteSecContext(ctx)
return
}
Expand Down Expand Up @@ -157,23 157,23 @@ func connectOnce(host string, port int, service string, mcount int, quiet bool,
return
}
if !quiet {
misc.DisplayGSSFlags(flags, false, os.Stdout)
DisplayGSSFlags(flags, false, os.Stdout)
}

/* Describe the context. */
major, minor, sname, tname, lifetime, mech, flags2, _, _, local, open := gss.InquireContext(ctx)
if major != gss.S_COMPLETE {
misc.DisplayGSSError("inquiring context", major, minor, &mech)
DisplayGSSError("inquiring context", major, minor, &mech)
return
}
major, minor, srcname, srcnametype := gss.DisplayName(sname)
if major != gss.S_COMPLETE {
misc.DisplayGSSError("displaying source name", major, minor, &mech)
DisplayGSSError("displaying source name", major, minor, &mech)
return
}
major, minor, targname, _ := gss.DisplayName(tname)
if major != gss.S_COMPLETE {
misc.DisplayGSSError("displaying target name", major, minor, &mech)
DisplayGSSError("displaying target name", major, minor, &mech)
return
}
if local {
Expand All @@ -198,7 198,7 @@ func connectOnce(host string, port int, service string, mcount int, quiet bool,
}
major, minor, mechs := gss.InquireNamesForMech(mech)
if major != gss.S_COMPLETE {
misc.DisplayGSSError("inquiring mech names", major, minor, &mech)
DisplayGSSError("inquiring mech names", major, minor, &mech)
return
}
major, minor, oid = gss.OidToStr(mech)
Expand All @@ -211,7 211,7 @@ func connectOnce(host string, port int, service string, mcount int, quiet bool,
for i, nametype := range mechs {
major, minor, oid := gss.OidToStr(nametype)
if major != gss.S_COMPLETE {
misc.DisplayGSSError("converting OID to string", major, minor, &mech)
DisplayGSSError("converting OID to string", major, minor, &mech)
} else {
if !quiet {
fmt.Printf("=: %s\n", i, oid)
Expand All @@ -230,7 230,7 @@ func connectOnce(host string, port int, service string, mcount int, quiet bool,
} else {
major, minor, encrypted, wrapped = gss.Wrap(ctx, !noenc, gss.C_QOP_DEFAULT, plain)
if major != gss.S_COMPLETE {
misc.DisplayGSSError("wrapping data", major, minor, &mech)
DisplayGSSError("wrapping data", major, minor, &mech)
return
}
if !noenc && !encrypted && !quiet {
Expand Down Expand Up @@ -273,7 273,7 @@ func connectOnce(host string, port int, service string, mcount int, quiet bool,
} else {
major, minor, _ = gss.VerifyMIC(ctx, plain, mictoken)
if major != gss.S_COMPLETE {
misc.DisplayGSSError("verifying signature", major, minor, &mech)
DisplayGSSError("verifying signature", major, minor, &mech)
return
}
if !quiet {
Expand Down
56 changes: 56 additions & 0 deletions gss-misc.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 1,56 @@
package main

import "fmt"
import "gss"
import "io"
import "encoding/asn1"

/* DisplayError prints error messages associated with the passed-in major and minor error codes. */
func DisplayGSSError(when string, major, minor uint32, mech *asn1.ObjectIdentifier) {
fmt.Print(gss.DisplayStatus(major, gss.C_GSS_CODE, nil))
fmt.Printf(" ")
if len(when) > 0 {
fmt.Printf("while %s", when)
}
fmt.Printf("\n")
if mech != nil {
fmt.Print(gss.DisplayStatus(major, gss.C_MECH_CODE, *mech))
fmt.Printf("\n")
}
}

/* DisplayGSSFlags logs the contents of the passed-in flags. */
func DisplayGSSFlags(flags gss.Flags, complete bool, file io.Writer) {
if flags.Deleg {
fmt.Fprintf(file, "context flag: GSS_C_DELEG_FLAG\n")
}
if flags.DelegPolicy {
fmt.Fprintf(file, "context flag: GSS_C_DELEG_POLICY_FLAG\n")
}
if flags.Mutual {
fmt.Fprintf(file, "context flag: GSS_C_MUTUAL_FLAG\n")
}
if flags.Replay {
fmt.Fprintf(file, "context flag: GSS_C_REPLAY_FLAG\n")
}
if flags.Sequence {
fmt.Fprintf(file, "context flag: GSS_C_SEQUENCE_FLAG\n")
}
if flags.Anon {
fmt.Fprintf(file, "context flag: GSS_C_ANON_FLAG\n")
}
if flags.Conf {
fmt.Fprintf(file, "context flag: GSS_C_CONF_FLAG \n")
}
if flags.Integ {
fmt.Fprintf(file, "context flag: GSS_C_INTEG_FLAG \n")
}
if complete {
if flags.Trans {
fmt.Fprintf(file, "context flag: GSS_C_TRANS_FLAG \n")
}
if flags.ProtReady {
fmt.Fprintf(file, "context flag: GSS_C_PROT_READY_FLAG \n")
}
}
}
38 changes: 19 additions & 19 deletions gss-server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,12 60,12 @@ func serve(conn net.Conn, cred gss.CredHandle, export, verbose bool, logfile io.
major, minor, credToken = gss.ExportCred(cred)
major, minor, credToken = gss.ExportCred(cred)
if major != gss.S_COMPLETE {
misc.DisplayGSSError("exporting a credential", major, minor, nil)
DisplayGSSError("exporting a credential", major, minor, nil)
return
}
major, minor, cred = gss.ImportCred(credToken)
if major != gss.S_COMPLETE {
misc.DisplayGSSError("importing a credential", major, minor, nil)
DisplayGSSError("importing a credential", major, minor, nil)
return
}
}
Expand Down Expand Up @@ -100,7 100,7 @@ func serve(conn net.Conn, cred gss.CredHandle, export, verbose bool, logfile io.
}
if major != gss.S_COMPLETE && major != gss.S_CONTINUE_NEEDED {
/* There was some kind of error. */
misc.DisplayGSSError("accepting context", major, minor, &mech)
DisplayGSSError("accepting context", major, minor, &mech)
return
}
if major == gss.S_COMPLETE {
Expand All @@ -120,10 120,10 @@ func serve(conn net.Conn, cred gss.CredHandle, export, verbose bool, logfile io.
/* Make sure the client name gets cleaned up eventually. */
defer gss.ReleaseName(cname)
/* Dig up information about the connection. */
misc.DisplayGSSFlags(flags, false, logfile)
DisplayGSSFlags(flags, false, logfile)
major, minor, oid := gss.OidToStr(mech)
if major != gss.S_COMPLETE {
misc.DisplayGSSError("converting oid to string", major, minor, &mech)
DisplayGSSError("converting oid to string", major, minor, &mech)
} else {
if verbose && logfile != nil {
fmt.Fprintf(logfile, "Accepted connection using mechanism OID %s.\n", oid)
Expand All @@ -132,7 132,7 @@ func serve(conn net.Conn, cred gss.CredHandle, export, verbose bool, logfile io.
/* Figure out the client's attributes and displayable and local names. */
major, minor, isMN, namemech, attrs := gss.InquireName(cname)
if major != gss.S_COMPLETE {
misc.DisplayGSSError("inquiring name", major, minor, &mech)
DisplayGSSError("inquiring name", major, minor, &mech)
} else {
if verbose && logfile != nil {
if isMN {
Expand All @@ -145,7 145,7 @@ func serve(conn net.Conn, cred gss.CredHandle, export, verbose bool, logfile io.
for more != 0 {
major, minor, authenticated, complete, value, displayValue := gss.GetNameAttribute(cname, attr, &more)
if major != gss.S_COMPLETE {
misc.DisplayGSSError("getting name attribute", major, minor, &mech)
DisplayGSSError("getting name attribute", major, minor, &mech)
break
} else {
fmt.Fprintf(logfile, "Attribute %s \"%s\"", attr, displayValue)
Expand All @@ -168,12 168,12 @@ func serve(conn net.Conn, cred gss.CredHandle, export, verbose bool, logfile io.
/* Exercise DuplicateName/ExportName. */
major, minor, tmpname := gss.DuplicateName(cname)
if major != gss.S_COMPLETE {
misc.DisplayGSSError("duplicating name", major, minor, &mech)
DisplayGSSError("duplicating name", major, minor, &mech)
} else {
defer gss.ReleaseName(tmpname)
major, minor, expname := gss.ExportName(tmpname)
if major != gss.S_COMPLETE {
misc.DisplayGSSError("exporting name", major, minor, &mech)
DisplayGSSError("exporting name", major, minor, &mech)
} else {
fmt.Printf("exported name:\n")
dump(logfile, expname)
Expand All @@ -182,19 182,19 @@ func serve(conn net.Conn, cred gss.CredHandle, export, verbose bool, logfile io.
/* Exercise DisplayName. */
major, minor, client, _ = gss.DisplayName(cname)
if major != gss.S_COMPLETE {
misc.DisplayGSSError("displaying name", major, minor, &mech)
DisplayGSSError("displaying name", major, minor, &mech)
}
/* Exercise Localname. */
major, minor, localname = gss.Localname(cname, nil)
if major != gss.S_COMPLETE {
misc.DisplayGSSError("gss.Localname", major, minor, &mech)
DisplayGSSError("gss.Localname", major, minor, &mech)
} else {
fmt.Printf("localname: %s\n", localname)
}
/* Exercise PNameToUid. */
major, minor, localuid := gss.PNameToUid(cname, nil)
if major != gss.S_COMPLETE {
misc.DisplayGSSError("gss.PNameToUid", major, minor, &mech)
DisplayGSSError("gss.PNameToUid", major, minor, &mech)
} else {
fmt.Printf("UID: \"%s\"\n", localuid)
}
Expand All @@ -208,11 208,11 @@ func serve(conn net.Conn, cred gss.CredHandle, export, verbose bool, logfile io.
for i := 0; i < 3; i {
major, minor, contextToken := gss.ExportSecContext(ctx)
if major != gss.S_COMPLETE {
misc.DisplayGSSError("exporting a context", major, minor, &mech)
DisplayGSSError("exporting a context", major, minor, &mech)
}
major, minor, ctx = gss.ImportSecContext(contextToken)
if major != gss.S_COMPLETE {
misc.DisplayGSSError("importing a context", major, minor, &mech)
DisplayGSSError("importing a context", major, minor, &mech)
}
}
}
Expand Down Expand Up @@ -262,7 262,7 @@ func serve(conn net.Conn, cred gss.CredHandle, export, verbose bool, logfile io.
if tag&misc.TOKEN_WRAPPED != 0 {
major, minor, conf, _, token = gss.Unwrap(ctx, token)
if major != gss.S_COMPLETE {
misc.DisplayGSSError("unwrapping message", major, minor, &mech)
DisplayGSSError("unwrapping message", major, minor, &mech)
break
}
/* If we were told it was encrypted, and it wasn't, warn. */
Expand All @@ -286,7 286,7 @@ func serve(conn net.Conn, cred gss.CredHandle, export, verbose bool, logfile io.
/* Send back a signature over the payload data. */
major, minor, token := gss.GetMIC(ctx, gss.C_QOP_DEFAULT, token)
if major != gss.S_COMPLETE {
misc.DisplayGSSError("signing message", major, minor, &mech)
DisplayGSSError("signing message", major, minor, &mech)
break
}
misc.SendToken(conn, misc.TOKEN_MIC, token)
Expand Down Expand Up @@ -335,7 335,7 @@ func main() {
/* Set up the server's name. */
major, minor, name := gss.ImportName(service, gss.C_NT_HOSTBASED_SERVICE)
if major != gss.S_COMPLETE {
misc.DisplayGSSError("importing name", major, minor, nil)
DisplayGSSError("importing name", major, minor, nil)
return
}
defer gss.ReleaseName(name)
Expand All @@ -344,14 344,14 @@ func main() {
if len(*keytab) > 0 {
minor := gss.Krb5RegisterAcceptorIdentity(*keytab)
if minor != 0 {
misc.DisplayGSSError("registering acceptor identity", 0, minor, nil)
DisplayGSSError("registering acceptor identity", 0, minor, nil)
}
}

/* Make sure we have acceptor creds. */
major, minor, cred, _, _ := gss.AcquireCred(name, gss.C_INDEFINITE, nil, gss.C_ACCEPT)
if major != gss.S_COMPLETE {
misc.DisplayGSSError("acquiring credentials", major, minor, nil)
DisplayGSSError("acquiring credentials", major, minor, nil)
return
}
defer gss.ReleaseCred(cred)
Expand Down
15 changes: 8 additions & 7 deletions proxy-client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 43,7 @@ func connectOnce(pconn *net.Conn, pcc proxy.CallCtx, host string, port int, serv
return
}
if icnr.Status.MajorStatus != 0 {
misc.DisplayProxyStatus("importing remote service name", icnr.Status)
DisplayProxyStatus("importing remote service name", icnr.Status)
return
}
sname = *icnr.Name
Expand All @@ -66,7 66,7 @@ func connectOnce(pconn *net.Conn, pcc proxy.CallCtx, host string, port int, serv
status = iscr.Status
major = status.MajorStatus
if major != proxy.S_COMPLETE && major != proxy.S_CONTINUE_NEEDED {
misc.DisplayProxyStatus("initializing security context", iscr.Status)
DisplayProxyStatus("initializing security context", iscr.Status)
return
}
if iscr.SecCtx != nil {
Expand Down Expand Up @@ -115,7 115,7 @@ func connectOnce(pconn *net.Conn, pcc proxy.CallCtx, host string, port int, serv
return
}
if !quiet {
misc.DisplayProxyFlags(flags, false, os.Stdout)
DisplayProxyFlags(flags, false, os.Stdout)
}

/* Describe the context. */
Expand Down Expand Up @@ -144,7 144,7 @@ func connectOnce(pconn *net.Conn, pcc proxy.CallCtx, host string, port int, serv
status = imr.Status
major = status.MajorStatus
if major != proxy.S_COMPLETE && major != proxy.S_CONTINUE_NEEDED {
misc.DisplayProxyStatus("indicating mechanisms", imr.Status)
DisplayProxyStatus("indicating mechanisms", imr.Status)
return
}

Expand Down Expand Up @@ -180,7 180,7 @@ func connectOnce(pconn *net.Conn, pcc proxy.CallCtx, host string, port int, serv
status = wr.Status
major = status.MajorStatus
if major != proxy.S_COMPLETE {
misc.DisplayProxyStatus("wrapping data", status)
DisplayProxyStatus("wrapping data", status)
return
}
if !noenc && !wr.ConfState && !quiet {
Expand Down Expand Up @@ -234,7 234,7 @@ func connectOnce(pconn *net.Conn, pcc proxy.CallCtx, host string, port int, serv
status = vr.Status
major = status.MajorStatus
if major != proxy.S_COMPLETE {
misc.DisplayProxyStatus("verifying signature", status)
DisplayProxyStatus("verifying signature", status)
return
}
if vr.SecCtx != nil {
Expand Down Expand Up @@ -314,6 314,7 @@ func main() {
nmech = &tmpmech
mech = tmpmech
} else if *krb5 {
/* This is the OID from the RFC. The native tests would use the pre-RFC OID. */
tmpmech := misc.ParseOid("1.2.840.113554.1.2.2")
nmech = &tmpmech
mech = tmpmech
Expand Down Expand Up @@ -344,7 345,7 @@ func main() {
return
}
if gccr.Status.MajorStatus != proxy.S_COMPLETE {
misc.DisplayProxyStatus("getting calling context", gccr.Status)
DisplayProxyStatus("getting calling context", gccr.Status)
return
}

Expand Down
Loading

0 comments on commit 444658b

Please sign in to comment.