@@ -2261,6 +2261,240 @@ int test_ZERO_LMKEY(struct ntlm_ctx *ctx)
22612261 return test_keys ("results" , & MS_SessionKey , & result );
22622262}
22632263
2264+ int test_gssapi_anon (void )
2265+ {
2266+ gss_ctx_id_t cli_ctx = GSS_C_NO_CONTEXT ;
2267+ gss_ctx_id_t srv_ctx = GSS_C_NO_CONTEXT ;
2268+ gss_buffer_desc cli_token = { 0 };
2269+ gss_buffer_desc srv_token = { 0 };
2270+ gss_buffer_desc ctx_token ;
2271+ gss_cred_id_t cli_cred = GSS_C_NO_CREDENTIAL ;
2272+ gss_cred_id_t srv_cred = GSS_C_NO_CREDENTIAL ;
2273+ const char * srvname = "test@testserver" ;
2274+ gss_name_t gss_username = NULL ;
2275+ gss_name_t gss_srvname = NULL ;
2276+ gss_buffer_desc nbuf ;
2277+ uint32_t retmin , retmaj ;
2278+ const char * msg = "Sample, payload checking, message." ;
2279+ gss_buffer_desc message = { strlen (msg ), discard_const (msg ) };
2280+ int ret ;
2281+
2282+ setenv ("NTLM_ALLOW_ANONYMOUS" , "1" , 1 );
2283+
2284+ retmaj = gssntlm_import_name (& retmin , & nbuf ,
2285+ GSS_C_NT_ANONYMOUS ,
2286+ & gss_username );
2287+ if (retmaj != GSS_S_COMPLETE ) {
2288+ print_gss_error ("gssntlm_import_name(anonymous) failed!" ,
2289+ retmaj , retmin );
2290+ return EINVAL ;
2291+ }
2292+
2293+ nbuf .value = discard_const (srvname );
2294+ nbuf .length = strlen (srvname );
2295+ retmaj = gssntlm_import_name (& retmin , & nbuf ,
2296+ GSS_C_NT_HOSTBASED_SERVICE ,
2297+ & gss_srvname );
2298+ if (retmaj != GSS_S_COMPLETE ) {
2299+ print_gss_error ("gssntlm_import_name(srvname) failed!" ,
2300+ retmaj , retmin );
2301+ return EINVAL ;
2302+ }
2303+
2304+ retmaj = gssntlm_acquire_cred (& retmin , (gss_name_t )gss_srvname ,
2305+ GSS_C_INDEFINITE , GSS_C_NO_OID_SET ,
2306+ GSS_C_ACCEPT , & srv_cred , NULL , NULL );
2307+ if (retmaj != GSS_S_COMPLETE ) {
2308+ print_gss_error ("gssntlm_acquire_cred(srvname) failed!" ,
2309+ retmaj , retmin );
2310+ ret = EINVAL ;
2311+ goto done ;
2312+ }
2313+
2314+ retmaj = gssntlm_init_sec_context (& retmin , cli_cred , & cli_ctx ,
2315+ gss_srvname , GSS_C_NO_OID ,
2316+ GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG ,
2317+ 0 , GSS_C_NO_CHANNEL_BINDINGS ,
2318+ GSS_C_NO_BUFFER , NULL , & cli_token ,
2319+ NULL , NULL );
2320+ if (retmaj != GSS_S_CONTINUE_NEEDED ) {
2321+ print_gss_error ("gssntlm_init_sec_context 1 failed!" ,
2322+ retmaj , retmin );
2323+ ret = EINVAL ;
2324+ goto done ;
2325+ }
2326+
2327+ retmaj = gssntlm_accept_sec_context (& retmin , & srv_ctx , srv_cred ,
2328+ & cli_token , GSS_C_NO_CHANNEL_BINDINGS ,
2329+ NULL , NULL , & srv_token ,
2330+ NULL , NULL , NULL );
2331+ if (retmaj != GSS_S_CONTINUE_NEEDED ) {
2332+ print_gss_error ("gssntlm_accept_sec_context 1 failed!" ,
2333+ retmaj , retmin );
2334+ ret = EINVAL ;
2335+ goto done ;
2336+ }
2337+
2338+ gss_release_buffer (& retmin , & cli_token );
2339+
2340+ /* test importing and exporting context before it is fully estabished */
2341+ retmaj = gssntlm_export_sec_context (& retmin , & srv_ctx , & ctx_token );
2342+ if (retmaj != GSS_S_COMPLETE ) {
2343+ print_gss_error ("gssntlm_export_sec_context 1 failed!" ,
2344+ retmaj , retmin );
2345+ ret = EINVAL ;
2346+ goto done ;
2347+ }
2348+ retmaj = gssntlm_import_sec_context (& retmin , & ctx_token , & srv_ctx );
2349+ if (retmaj != GSS_S_COMPLETE ) {
2350+ print_gss_error ("gssntlm_import_sec_context 1 failed!" ,
2351+ retmaj , retmin );
2352+ ret = EINVAL ;
2353+ goto done ;
2354+ }
2355+ gss_release_buffer (& retmin , & ctx_token );
2356+
2357+ retmaj = gssntlm_init_sec_context (& retmin , cli_cred , & cli_ctx ,
2358+ gss_srvname , GSS_C_NO_OID ,
2359+ GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG ,
2360+ 0 , GSS_C_NO_CHANNEL_BINDINGS ,
2361+ & srv_token , NULL , & cli_token ,
2362+ NULL , NULL );
2363+ if (retmaj != GSS_S_COMPLETE ) {
2364+ print_gss_error ("gssntlm_init_sec_context 2 failed!" ,
2365+ retmaj , retmin );
2366+ ret = EINVAL ;
2367+ goto done ;
2368+ }
2369+
2370+ gss_release_buffer (& retmin , & srv_token );
2371+
2372+ retmaj = gssntlm_accept_sec_context (& retmin , & srv_ctx , srv_cred ,
2373+ & cli_token , GSS_C_NO_CHANNEL_BINDINGS ,
2374+ NULL , NULL , & srv_token ,
2375+ NULL , NULL , NULL );
2376+ if (retmaj != GSS_S_COMPLETE ) {
2377+ print_gss_error ("gssntlm_accept_sec_context 2 failed!" ,
2378+ retmaj , retmin );
2379+ ret = EINVAL ;
2380+ goto done ;
2381+ }
2382+
2383+ gss_release_buffer (& retmin , & cli_token );
2384+ gss_release_buffer (& retmin , & srv_token );
2385+
2386+ /* test importing and exporting context after it is fully estabished */
2387+ retmaj = gssntlm_export_sec_context (& retmin , & cli_ctx , & ctx_token );
2388+ if (retmaj != GSS_S_COMPLETE ) {
2389+ print_gss_error ("gssntlm_export_sec_context 2 failed!" ,
2390+ retmaj , retmin );
2391+ ret = EINVAL ;
2392+ goto done ;
2393+ }
2394+ retmaj = gssntlm_import_sec_context (& retmin , & ctx_token , & cli_ctx );
2395+ if (retmaj != GSS_S_COMPLETE ) {
2396+ print_gss_error ("gssntlm_import_sec_context 2 failed!" ,
2397+ retmaj , retmin );
2398+ ret = EINVAL ;
2399+ goto done ;
2400+ }
2401+ gss_release_buffer (& retmin , & ctx_token );
2402+
2403+ retmaj = gssntlm_get_mic (& retmin , cli_ctx , 0 , & message , & cli_token );
2404+ if (retmaj != GSS_S_COMPLETE ) {
2405+ print_gss_error ("gssntlm_get_mic(cli) failed!" ,
2406+ retmaj , retmin );
2407+ ret = EINVAL ;
2408+ goto done ;
2409+ }
2410+
2411+ retmaj = gssntlm_verify_mic (& retmin , srv_ctx , & message , & cli_token , NULL );
2412+ if (retmaj != GSS_S_COMPLETE ) {
2413+ print_gss_error ("gssntlm_verify_mic(srv) failed!" ,
2414+ retmaj , retmin );
2415+ ret = EINVAL ;
2416+ goto done ;
2417+ }
2418+
2419+ gss_release_buffer (& retmin , & cli_token );
2420+
2421+ retmaj = gssntlm_get_mic (& retmin , srv_ctx , 0 , & message , & srv_token );
2422+ if (retmaj != GSS_S_COMPLETE ) {
2423+ print_gss_error ("gssntlm_get_mic(srv) failed!" ,
2424+ retmaj , retmin );
2425+ ret = EINVAL ;
2426+ goto done ;
2427+ }
2428+
2429+ retmaj = gssntlm_verify_mic (& retmin , cli_ctx , & message , & srv_token , NULL );
2430+ if (retmaj != GSS_S_COMPLETE ) {
2431+ print_gss_error ("gssntlm_verify_mic(cli) failed!" ,
2432+ retmaj , retmin );
2433+ ret = EINVAL ;
2434+ goto done ;
2435+ }
2436+
2437+ gss_release_buffer (& retmin , & srv_token );
2438+
2439+ retmaj = gssntlm_wrap (& retmin , cli_ctx , 1 , 0 , & message , NULL , & cli_token );
2440+ if (retmaj != GSS_S_COMPLETE ) {
2441+ print_gss_error ("gssntlm_wrap(cli) failed!" ,
2442+ retmaj , retmin );
2443+ ret = EINVAL ;
2444+ goto done ;
2445+ }
2446+
2447+ retmaj = gssntlm_unwrap (& retmin , srv_ctx , & cli_token , & srv_token ,
2448+ NULL , NULL );
2449+ if (retmaj != GSS_S_COMPLETE ) {
2450+ print_gss_error ("gssntlm_unwrap(srv) failed!" ,
2451+ retmaj , retmin );
2452+ ret = EINVAL ;
2453+ goto done ;
2454+ }
2455+
2456+ gss_release_buffer (& retmin , & cli_token );
2457+ gss_release_buffer (& retmin , & srv_token );
2458+
2459+ retmaj = gssntlm_wrap (& retmin , srv_ctx , 1 , 0 , & message , NULL , & srv_token );
2460+ if (retmaj != GSS_S_COMPLETE ) {
2461+ print_gss_error ("gssntlm_wrap(srv) failed!" ,
2462+ retmaj , retmin );
2463+ ret = EINVAL ;
2464+ goto done ;
2465+ }
2466+
2467+ retmaj = gssntlm_unwrap (& retmin , cli_ctx , & srv_token , & cli_token ,
2468+ NULL , NULL );
2469+ if (retmaj != GSS_S_COMPLETE ) {
2470+ print_gss_error ("gssntlm_unwrap(cli) failed!" ,
2471+ retmaj , retmin );
2472+ ret = EINVAL ;
2473+ goto done ;
2474+ }
2475+
2476+ if (memcmp (message .value , cli_token .value , cli_token .length ) != 0 ) {
2477+ print_gss_error ("sealing and unsealing failed to return the "
2478+ "same result" ,
2479+ retmaj , retmin );
2480+ ret = EINVAL ;
2481+ goto done ;
2482+ }
2483+
2484+ ret = 0 ;
2485+
2486+ done :
2487+ gssntlm_delete_sec_context (& retmin , & cli_ctx , GSS_C_NO_BUFFER );
2488+ gssntlm_delete_sec_context (& retmin , & srv_ctx , GSS_C_NO_BUFFER );
2489+ gssntlm_release_name (& retmin , & gss_username );
2490+ gssntlm_release_name (& retmin , & gss_srvname );
2491+ gssntlm_release_cred (& retmin , & cli_cred );
2492+ gssntlm_release_cred (& retmin , & srv_cred );
2493+ gss_release_buffer (& retmin , & cli_token );
2494+ gss_release_buffer (& retmin , & srv_token );
2495+ return ret ;
2496+ }
2497+
22642498int main (int argc , const char * argv [])
22652499{
22662500 struct ntlm_ctx * ctx ;
@@ -2479,6 +2713,11 @@ int main(int argc, const char *argv[])
24792713 fprintf (stderr , "Test: %s\n" , (ret ? "FAIL" :"SUCCESS" ));
24802714 if (ret ) gret ++ ;
24812715
2716+ fprintf (stderr , "Test Anonymous Auth\n" );
2717+ ret = test_gssapi_anon ();
2718+ fprintf (stderr , "Test: %s\n" , (ret ? "FAIL" :"SUCCESS" ));
2719+ if (ret ) gret ++ ;
2720+
24822721done :
24832722 ntlm_free_ctx (& ctx );
24842723 return gret ;
0 commit comments