Skip to content

Commit

Permalink
Adds functionality to create gss context into openvas-krb5
Browse files Browse the repository at this point in the history
  • Loading branch information
nichtsfrei committed Oct 3, 2024
1 parent eed088f commit a20ba0e
Show file tree
Hide file tree
Showing 5 changed files with 468 additions and 114 deletions.
3 changes: 3 additions & 0 deletions kerberos/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
a.out
test.sh
krb5.conf
102 changes: 44 additions & 58 deletions kerberos/authenticate_test.c
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,13 @@

#include <stdio.h>
#include <stdlib.h>

#include <string.h>

#define GUARD_ENV_SET(var, env) \
do \
{ \
if ((var = getenv (env)) == NULL) \
var = okrb5_slice_from_str (getenv (env)); \
if (var.len == 0) \
{ \
fprintf (stderr, env " is not set\n"); \
return 1; \
Expand All @@ -21,69 +22,54 @@ main ()
char *kdc = NULL;
OKrb5ErrorCode result = O_KRB5_SUCCESS;
OKrb5Credential credentials;
OKrb5Element *element = NULL;
OKrb5Data *data = NULL;
OKrb5GSSContext *context = NULL;
struct OKrb5Slice from_application = {.data = NULL, .len = 0};
struct OKrb5Slice *to_application = NULL;
bool more = false;
GUARD_ENV_SET (credentials.config_path, "KRB5_CONFIG");
GUARD_ENV_SET (credentials.realm, "KRB5_REALM");
GUARD_ENV_SET (credentials.user, "KRB5_USER");
GUARD_ENV_SET (credentials.password, "KRB5_PASSWORD");
if (o_krb5_find_kdc (&credentials, &kdc))
{
GUARD_ENV_SET (kdc, "KRB5_KDC");
if (o_krb5_add_realm (&credentials, kdc))
{
fprintf (stderr, "Unable to add kdc\n");
return 1;
}
}
else
GUARD_ENV_SET (credentials.user.user, "KRB5_USER");
GUARD_ENV_SET (credentials.user.password, "KRB5_PASSWORD");
GUARD_ENV_SET (credentials.target.host_name, "KRB5_TARGET_HOST");
GUARD_ENV_SET (credentials.kdc, "KRB5_KDC");
credentials.target.service = okrb5_slice_from_str ("cifs");
memset (&credentials.target.domain, 0, sizeof (struct OKrb5Slice));
printf ("Using realm: %s\n", (char *) credentials.realm.data);
// TODO: move to overall function
// TODO: refactor signature to use slice
// if (o_krb5_find_kdc (&credentials, &kdc))
// {
// if (o_krb5_add_realm (&credentials, credentials.kdc.data))
// {
// fprintf (stderr, "Unable to add kdc\n");
// return 1;
// }
// }
// else
// {
// printf ("Using kdc: %s\n", kdc);
// free (kdc);
// }
context = okrb5_gss_init_context ();
printf ("Using realm: %s\n", (char *) credentials.realm.data);
if ((result = o_krb5_gss_prepare_context (&credentials, context)))
{
printf ("Using kdc: %s\n", kdc);
free (kdc);
}

#if OPENVAS_KRB5_CACHED != 1

if ((result = o_krb5_authenticate (credentials, &element)))
{
fprintf (stderr, "Error: %d: %s\n", result,
krb5_get_error_message (element->ctx, result - O_KRB5_ERROR));
return result;
}

printf ("Authentication Token:\n");
printf ("--------------------\n");
printf ("End time: %d\n", element->creds.times.endtime);
printf ("start time: %d\n", element->creds.times.starttime);
printf ("Renew till: %d\n", element->creds.times.renew_till);
if ((result = o_krb5_request (element, "test", 5, &data)))
{
fprintf (stderr, "unable to create request: %d", result);
}
if ((result = o_krb5_free_data (element, data)))
{
fprintf (stderr, "unable to free request: %d", result);
fprintf (stderr, "Unable to prepare context: %d\n", result);
return 1;
}

return 0;
#else

if ((result = o_krb5_cache_request (credentials, "test", 5, &data)))
printf ("Using realm: %s\n", (char *) credentials.realm.data);
// first call always empty
if ((result = o_krb5_gss_update_context (context, &from_application,
&to_application, &more)))
{
fprintf (stderr, "unable to create request: %d\n", result);
fprintf (stderr, "Unable to update context: %d\n", result);
return 1;
}
element = o_krb5_cache_find(&credentials)->element;
if (element == NULL)
printf ("success: %d: outdata_len: %zu\n", result, to_application->len);

for (size_t i = 0; i < to_application->len; i++)
{
fprintf (stderr, "element not found: %d", result);
return 1;
printf ("%02x", ((char *) to_application->data)[i]);
}
printf ("Authentication Token:\n");
printf ("--------------------\n");
printf ("End time: %d\n", element->creds.times.endtime);
printf ("start time: %d\n", element->creds.times.starttime);
printf ("Renew till: %d\n", element->creds.times.renew_till);
o_krb5_cache_clear();
#endif
printf ("\n");
}
Loading

0 comments on commit a20ba0e

Please sign in to comment.