#include #include #include #include #include /* Prototypes */ void Initialize(void); void TestErrorHandling (void); void TestHighLevelAPI (void); void TestKLPrincipal (void); void TestKerberosRealms (void); void TestLoginOptions (void); char* TimeToString (char* timeString, long time); void TestApplicationOptions (void); void MyKerberosLoginIdleCallback ( KLRefCon inAppData); void Initialize(void) { Handle menuBar; menuBar = GetNewMBar (128); SetMenuBar (menuBar); InsertMenu (GetMenu (128), 0); InsertMenu (GetMenu (129), 0); InsertMenu (GetMenu (130), 0); AppendResMenu (GetMenuHandle (128), 'DRVR'); DrawMenuBar (); } int main(void) { KLTime time; KLStatus err; Initialize(); // make sure that if we are debugging that we do not get terminal login fclose (stdin); err = KLLastChangedTime(&time); printf ("KLLastChangedTime returned %d (err = %d)\n", time, err); //TestKerberosRealms (); //TestKLPrincipal (); //TestLoginOptions (); TestApplicationOptions (); //TestErrorHandling (); TestHighLevelAPI (); err = KLLastChangedTime(&time); printf ("KLLastChangedTime returned %d (err = %d)\n", time, err); return 0; } void TestErrorHandling (void) { OSStatus err; char* errorString; err = KLGetErrorString (KDC_PR_UNKNOWN, &errorString); printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err); err = KLGetErrorString (klCredentialsBadAddressErr, &errorString); printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err); err = KLGetErrorString (klCacheDoesNotExistErr, &errorString); printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err); err = KLGetErrorString (klPasswordMismatchErr, &errorString); printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err); err = KLGetErrorString (klInsecurePasswordErr, &errorString); printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err); err = KLGetErrorString (klPasswordChangeFailedErr, &errorString); printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err); err = KLGetErrorString (klDialogDoesNotExistErr, &errorString); printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err); err = KLGetErrorString (klDialogAlreadyExistsErr, &errorString); printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err); err = KLGetErrorString (klNotInForegroundErr, &errorString); printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err); err = KLGetErrorString (klNoAppearanceErr, &errorString); printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err); err = KLGetErrorString (klFatalDialogErr, &errorString); printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err); err = KLGetErrorString (klCarbonUnavailableErr, &errorString); printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err); err = KLGetErrorString (klCantContactServerErr, &errorString); printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err); err = KLGetErrorString (klCantDisplayUIErr, &errorString); printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err); } void TestHighLevelAPI (void) { KLStatus err; KLPrincipal inPrincipal, outPrincipal, outPrincipal2; char *outCredCacheName, *outCredCacheName2; KLTime expirationTime; char* principalString; char timeString[256]; KLBoolean valid; err = KLCreatePrincipalFromTriplet ("grail", "", "TESTV5-KERBEROS-1.3.1", &inPrincipal); printf ("KLCreatePrincipalFromTriplet(grail@TESTV5-KERBEROS-1.3.1) (err = %d)\n", err); if (err == klNoErr) { err = KLAcquireNewInitialTicketsWithPassword (inPrincipal, NULL, "liarg", &outCredCacheName); if (err != klNoErr) { printf ("KLAcquireNewInitialTicketsWithPassword() returned err = %d\n", err); } else { printf ("KLAcquireNewInitialTicketsWithPassword() returned '%s'\n", outCredCacheName); KLDisposeString (outCredCacheName); } KLDisposePrincipal (inPrincipal); } exit (1); err = KLCreatePrincipalFromTriplet ("nobody", "", "TEST-KERBEROS-1.3.1", &inPrincipal); printf ("KLCreatePrincipalFromTriplet(nobody@TEST-KERBEROS-1.3.1) (err = %d)\n", err); if (err == klNoErr) { err = KLAcquireNewInitialTicketsWithPassword (inPrincipal, NULL, "ydobon", &outCredCacheName); if (err != klNoErr) { printf ("KLAcquireNewInitialTicketsWithPassword() returned err = %d\n", err); } else { printf ("KLAcquireNewInitialTicketsWithPassword() returned '%s'\n", outCredCacheName); KLDisposeString (outCredCacheName); } KLDisposePrincipal (inPrincipal); } err = KLAcquireNewInitialTickets (NULL, NULL, &inPrincipal, &outCredCacheName); printf ("KLAcquireNewInitialTickets() (err = %d)\n", err); if (err == klNoErr) { KLDisposeString (outCredCacheName); err = KLAcquireInitialTickets (inPrincipal, NULL, &outPrincipal, &outCredCacheName); printf ("KLAcquireInitialTickets() (err = %d)\n", err); if (err == klNoErr) { KLDisposeString (outCredCacheName); KLDisposePrincipal (outPrincipal); } KLDisposePrincipal (inPrincipal); } err = KLSetDefaultLoginOption (loginOption_LoginName, "testname", 3); printf ("KLSetDefaultLoginOption(loginOption_LoginName) to testname (err = %d)\n", err); if (err == klNoErr) { err = KLSetDefaultLoginOption (loginOption_LoginInstance, "testinstance", 6); printf ("KLSetDefaultLoginOption(loginOption_LoginInstance) to testinstance (err = %d)\n", err); } err = KLAcquireNewInitialTickets (NULL, NULL, &inPrincipal, &outCredCacheName); printf ("KLAcquireNewInitialTickets() (err = %d)\n", err); if (err == klNoErr) { KLDisposeString (outCredCacheName); KLDisposePrincipal (inPrincipal); } // Principal == nil while (KLAcquireNewInitialTickets (NULL, NULL, &outPrincipal, &outCredCacheName) == klNoErr) { err = KLTicketExpirationTime (outPrincipal, kerberosVersion_All, &expirationTime); err = KLCacheHasValidTickets (outPrincipal, kerberosVersion_All, &valid, &outPrincipal2, &outCredCacheName2); if (err == noErr) { err = KLGetStringFromPrincipal (outPrincipal2, kerberosVersion_V4, &principalString); if (err == klNoErr) { printf ("KLGetStringFromPrincipal returned string '%s'\n", principalString); KLDisposeString (principalString); } KLDisposePrincipal (outPrincipal2); KLDisposeString (outCredCacheName2); err = KLCacheHasValidTickets (outPrincipal, kerberosVersion_All, &valid, nil, nil); if (err != noErr) { printf ("KLCacheHasValidTickets returned error = %d\n", err); } } err = KLCacheHasValidTickets (outPrincipal, kerberosVersion_All, &valid, nil, nil); KLDisposeString (outCredCacheName); KLDisposePrincipal (outPrincipal); } err = KLAcquireNewInitialTickets (NULL, NULL, &outPrincipal, &outCredCacheName); if (err == klNoErr) { KLDisposeString (outCredCacheName); KLDisposePrincipal (outPrincipal); } err = KLCreatePrincipalFromTriplet ("nobody", "", "TEST-KERBEROS-1.3.1", &inPrincipal); printf ("KLCreatePrincipalFromTriplet(nobody@TEST-KERBEROS-1.3.1) (err = %d)\n", err); if (err == klNoErr) { err = KLAcquireNewInitialTickets (inPrincipal, NULL, &outPrincipal, &outCredCacheName); printf ("KLAcquireNewInitialTickets(nobody@TEST-KERBEROS-1.3.1) (err = %d)\n", err); if (err == klNoErr) { KLDisposeString (outCredCacheName); KLDisposePrincipal (outPrincipal); } err = KLDestroyTickets (inPrincipal); KLDisposePrincipal (inPrincipal); } err = KLCreatePrincipalFromTriplet ("nobody", "", "TEST-KERBEROS-1.3.1", &inPrincipal); printf ("KLCreatePrincipalFromTriplet(nobody@TEST-KERBEROS-1.3.1) (err = %d)\n", err); if (err == klNoErr) { err = KLAcquireInitialTickets (inPrincipal, NULL, &outPrincipal, &outCredCacheName); printf ("KLAcquireInitialTickets(nobody@TEST-KERBEROS-1.3.1) (err = %d)\n", err); if (err == klNoErr) { KLDisposeString (outCredCacheName); KLDisposePrincipal (outPrincipal); } err = KLAcquireNewInitialTickets (inPrincipal, NULL, &outPrincipal, &outCredCacheName); if (err == klNoErr) { err = KLGetStringFromPrincipal (outPrincipal, kerberosVersion_V5, &principalString); if (err == klNoErr) { err = KLTicketExpirationTime (outPrincipal, kerberosVersion_All, &expirationTime); printf ("Tickets for principal '%s' expire on %s\n", principalString, TimeToString(timeString, expirationTime)); KLDisposeString (principalString); } KLDisposeString (outCredCacheName); KLDisposePrincipal (outPrincipal); } err = KLChangePassword (inPrincipal); printf ("KLChangePassword() (err = %d)\n", err); err = KLDestroyTickets (inPrincipal); printf ("KLDestroyTickets() (err = %d)\n", err); KLDisposePrincipal (inPrincipal); } } void TestKLPrincipal (void) { KLStatus err = klNoErr; KLPrincipal extraLongPrincipal = NULL; KLPrincipal principal = NULL; KLPrincipal adminPrincipal = NULL; KLPrincipal adminPrincipalV4 = NULL; KLPrincipal adminPrincipalV5 = NULL; char *principalString = NULL; char *user = NULL; char *instance = NULL; char *realm = NULL; printf ("Entering TestKLPrincipal()\n"); printf ("----------------------------------------------------------------\n"); err = KLCreatePrincipalFromString ("thisprincipalnameislongerthanissupportedbyKerberos4@TEST-KERBEROS-1.3.1", kerberosVersion_V5, &extraLongPrincipal); printf ("KLCreatePrincipalFromString " "('thisprincipalnameislongerthanissupportedbyKerberos4@TEST-KERBEROS-1.3.1') " "(err = %s)\n", error_message(err)); printf ("----------------------------------------------------------------\n"); err = KLCreatePrincipalFromTriplet ("nobody", "", "TEST-KERBEROS-1.3.1", &principal); printf ("KLCreatePrincipalFromTriplet ('nobody' '' 'TEST-KERBEROS-1.3.1') (err = %s)\n", error_message(err)); if (err == klNoErr) { err = KLGetStringFromPrincipal (principal, kerberosVersion_V5, &principalString); if (err == klNoErr) { printf ("KLGetStringFromPrincipal (nobody@TEST-KERBEROS-1.3.1, v5) returned string '%s'\n", principalString); KLDisposeString (principalString); } else { printf ("KLGetStringFromPrincipal(nobody@TEST-KERBEROS-1.3.1, v5) returned (err = %s)\n", error_message(err)); } err = KLGetStringFromPrincipal (principal, kerberosVersion_V4, &principalString); if (err == klNoErr) { printf ("KLGetStringFromPrincipal (nobody@TEST-KERBEROS-1.3.1, v4) returned string '%s'\n", principalString); KLDisposeString (principalString); } else { printf ("KLGetStringFromPrincipal(nobody@TEST-KERBEROS-1.3.1, v4) returned (err = %s)\n", error_message(err)); } err = KLGetTripletFromPrincipal (principal, &user, &instance, &realm); if (err == klNoErr) { printf ("KLGetTripletFromPrincipal (nobody@TEST-KERBEROS-1.3.1) returned triplet %s' '%s' '%s'\n", user, instance, realm); KLDisposeString (user); KLDisposeString (instance); KLDisposeString (realm); } else { printf ("KLGetTripletFromPrincipal(nobody@TEST-KERBEROS-1.3.1) returned (err = %s)\n", error_message(err)); } } printf ("----------------------------------------------------------------\n"); err = KLCreatePrincipalFromTriplet ("nobody", "admin", "TEST-KERBEROS-1.3.1", &adminPrincipal); printf ("KLCreatePrincipalFromTriplet ('nobody' 'admin' 'TEST-KERBEROS-1.3.1') (err = %d)\n", err); if (err == klNoErr) { err = KLGetStringFromPrincipal (adminPrincipal, kerberosVersion_V5, &principalString); if (err == klNoErr) { printf ("KLGetStringFromPrincipal (nobody/admin@TEST-KERBEROS-1.3.1, v5) returned string '%s'\n", principalString); KLDisposeString (principalString); } else { printf ("KLGetStringFromPrincipal(nobody/admin@TEST-KERBEROS-1.3.1, v5) returned (err = %d)\n", err); } err = KLGetStringFromPrincipal (adminPrincipal, kerberosVersion_V4, &principalString); if (err == klNoErr) { printf ("KLGetStringFromPrincipal (nobody/admin@TEST-KERBEROS-1.3.1, v4) returned string '%s'\n", principalString); KLDisposeString (principalString); } else { printf ("KLGetStringFromPrincipal(nobody/admin@TEST-KERBEROS-1.3.1, v4) returned (err = %d)\n", err); } err = KLGetTripletFromPrincipal (adminPrincipal, &user, &instance, &realm); if (err == klNoErr) { printf ("KLGetTripletFromPrincipal (nobody/admin@TEST-KERBEROS-1.3.1) returned triplet %s' '%s' '%s'\n", user, instance, realm); KLDisposeString (user); KLDisposeString (instance); KLDisposeString (realm); } else { printf ("KLGetTripletFromPrincipal(lxs/admin@TEST-KERBEROS-1.3.1) returned (err = %d)\n", err); } } printf ("----------------------------------------------------------------\n"); err = KLCreatePrincipalFromString ("nobody/root@TEST-KERBEROS-1.3.1", kerberosVersion_V5, &adminPrincipalV5); printf ("KLCreatePrincipalFromString ('nobody/root@TEST-KERBEROS-1.3.1', v5) (err = %d)\n", err); if (err == klNoErr) { err = KLGetStringFromPrincipal (adminPrincipalV5, kerberosVersion_V5, &principalString); if (err == klNoErr) { printf ("KLGetStringFromPrincipal (nobody/root@TEST-KERBEROS-1.3.1, v5) returned string '%s'\n", principalString); KLDisposeString (principalString); } else { printf ("KLGetStringFromPrincipal(nobody/root@TEST-KERBEROS-1.3.1, v5) returned (err = %d)\n", err); } err = KLGetStringFromPrincipal (adminPrincipalV5, kerberosVersion_V4, &principalString); if (err == klNoErr) { printf ("KLGetStringFromPrincipal (nobody/admin@TEST-KERBEROS-1.3.1, v4) returned string '%s'\n", principalString); KLDisposeString (principalString); } else { printf ("KLGetStringFromPrincipal(nobody/admin@TEST-KERBEROS-1.3.1, v4) returned (err = %d)\n", err); } err = KLGetTripletFromPrincipal (adminPrincipalV5, &user, &instance, &realm); if (err == klNoErr) { printf ("KLGetTripletFromPrincipal (nobody/admin@TEST-KERBEROS-1.3.1) returned triplet %s' '%s' '%s'\n", user, instance, realm); KLDisposeString (user); KLDisposeString (instance); KLDisposeString (realm); } else { printf ("KLGetTripletFromPrincipal(nobody/admin@TEST-KERBEROS-1.3.1) returned (err = %d)\n", err); } } printf ("----------------------------------------------------------------\n"); err = KLCreatePrincipalFromString ("nobody.admin@TEST-KERBEROS-1.3.1", kerberosVersion_V4, &adminPrincipalV4); printf ("KLCreatePrincipalFromString ('nobody.admin@TEST-KERBEROS-1.3.1') (err = %d)\n", err); if (err == klNoErr) { err = KLGetStringFromPrincipal (adminPrincipalV4, kerberosVersion_V5, &principalString); if (err == klNoErr) { printf ("KLGetStringFromPrincipal (nobody.admin@TEST-KERBEROS-1.3.1, v5) returned string '%s'\n", principalString); KLDisposeString (principalString); } else { printf ("KLGetStringFromPrincipal(nobody.admin@TEST-KERBEROS-1.3.1, v5) returned (err = %d)\n", err); } err = KLGetStringFromPrincipal (adminPrincipalV4, kerberosVersion_V4, &principalString); if (err == klNoErr) { printf ("KLGetStringFromPrincipal (nobody.admin@TEST-KERBEROS-1.3.1, v4) returned string '%s'\n", principalString); KLDisposeString (principalString); } else { printf ("KLGetStringFromPrincipal(nobody.admin@TEST-KERBEROS-1.3.1, v4) returned (err = %d)\n", err); } err = KLGetTripletFromPrincipal (adminPrincipalV4, &user, &instance, &realm); if (err == klNoErr) { printf ("KLGetTripletFromPrincipal (nobody.admin@TEST-KERBEROS-1.3.1) returned triplet %s' '%s' '%s'\n", user, instance, realm); KLDisposeString (user); KLDisposeString (instance); KLDisposeString (realm); } else { printf ("KLGetTripletFromPrincipal(nobody.admin@TEST-KERBEROS-1.3.1) returned (err = %d)\n", err); } } printf ("----------------------------------------------------------------\n"); if (adminPrincipalV4 != NULL && adminPrincipalV5 != NULL) { KLBoolean equivalent; err = KLComparePrincipal (adminPrincipalV5, adminPrincipalV4, &equivalent); if (err == klNoErr) { printf ("KLComparePrincipal %s comparing nobody/admin@TEST-KERBEROS-1.3.1 and nobody.admin@TEST-KERBEROS-1.3.1\n", equivalent ? "passed" : "FAILED"); } else { printf ("KLComparePrincipal returned (err = %d)\n", err); } } if (principal != NULL && adminPrincipalV5 != NULL) { KLBoolean equivalent; err = KLComparePrincipal (principal, adminPrincipalV4, &equivalent); if (err == klNoErr) { printf ("KLComparePrincipal %s comparing nobody@TEST-KERBEROS-1.3.1 and nobody.admin@TEST-KERBEROS-1.3.1\n", equivalent ? "FAILED" : "passed"); } else { printf ("KLComparePrincipal returned (err = %d)\n", err); } } if (principal != NULL && adminPrincipalV5 != NULL) { KLBoolean equivalent; err = KLComparePrincipal (principal, adminPrincipalV5, &equivalent); if (err == klNoErr) { printf ("KLComparePrincipal %s comparing nobody@TEST-KERBEROS-1.3.1 and nobody/admin@TEST-KERBEROS-1.3.1\n", equivalent ? "FAILED" : "passed"); } else { printf ("KLComparePrincipal returned (err = %d)\n", err); } } if (adminPrincipal != NULL && adminPrincipalV5 != NULL) { KLBoolean equivalent; err = KLComparePrincipal (adminPrincipalV5, principal, &equivalent); if (err == klNoErr) { printf ("KLComparePrincipal %s comparing nobody/admin@TEST-KERBEROS-1.3.1 and nobody@TEST-KERBEROS-1.3.1\n", equivalent ? "FAILED" : "passed"); } else { printf ("KLComparePrincipal returned (err = %d)\n", err); } } printf ("----------------------------------------------------------------\n\n"); if (extraLongPrincipal != NULL) KLDisposePrincipal (extraLongPrincipal); if (adminPrincipalV5 != NULL) KLDisposePrincipal (adminPrincipalV5); if (adminPrincipalV4 != NULL) KLDisposePrincipal (adminPrincipalV4); if (adminPrincipal != NULL) KLDisposePrincipal (adminPrincipal); if (principal != NULL) KLDisposePrincipal (principal); } void TestApplicationOptions (void) { KLSetIdleCallback (MyKerberosLoginIdleCallback, 101); } void TestKerberosRealms (void) { printf ("About to test Kerberos realms\n"); KLRemoveAllKerberosRealms (); KLAcquireNewInitialTickets (NULL, NULL, NULL, NULL); KLInsertKerberosRealm (realmList_End, "FOO"); KLInsertKerberosRealm (realmList_End, "BAR"); KLInsertKerberosRealm (realmList_End, "BAZ"); KLAcquireNewInitialTickets (NULL, NULL, NULL, NULL); KLInsertKerberosRealm (realmList_End, "FOO"); KLAcquireNewInitialTickets (NULL, NULL, NULL, NULL); KLSetKerberosRealm (0, "QUUX"); KLAcquireNewInitialTickets (NULL, NULL, NULL, NULL); KLRemoveKerberosRealm (0); KLAcquireNewInitialTickets (NULL, NULL, NULL, NULL); KLSetKerberosRealm (2, "TEST-KERBEROS-1.3.1"); KLAcquireNewInitialTickets (NULL, NULL, NULL, NULL); KLRemoveAllKerberosRealms (); KLInsertKerberosRealm (realmList_End, "TEST-KERBEROS-1.3.1"); KLInsertKerberosRealm (realmList_End, "TEST-KERBEROS-1.0.6"); KLInsertKerberosRealm (realmList_End, "TESTV5-KERBEROS-1.0.6"); KLInsertKerberosRealm (realmList_End, "TEST-KERBEROS-1.1.1"); KLInsertKerberosRealm (realmList_End, "TESTV5-KERBEROS-1.1.1"); KLInsertKerberosRealm (realmList_End, "TEST-KERBEROS-1.2.0"); KLInsertKerberosRealm (realmList_End, "TESTV5-KERBEROS-1.2.0"); KLInsertKerberosRealm (realmList_End, "TEST-HEIMDAL-0.3D"); KLInsertKerberosRealm (realmList_End, "TESTV5-HEIMDAL-0.3D"); KLInsertKerberosRealm (realmList_End, "TEST-KTH-KRB-1.1"); } void TestLoginOptions (void) { KLBoolean optionSetting; KLStatus err = klNoErr; KLLifetime lifetime; lifetime = 10*60; KLSetDefaultLoginOption(loginOption_MinimalTicketLifetime, &lifetime, sizeof(UInt32)); lifetime = 8*60*60; KLSetDefaultLoginOption(loginOption_MaximalTicketLifetime, &lifetime, sizeof(UInt32)); lifetime = 8*60*60; KLSetDefaultLoginOption(loginOption_DefaultTicketLifetime, &lifetime, sizeof(UInt32)); optionSetting = false; KLSetDefaultLoginOption(loginOption_LongTicketLifetimeDisplay, &optionSetting, sizeof(optionSetting)); optionSetting = false; KLSetDefaultLoginOption(loginOption_DefaultForwardableTicket, &optionSetting, sizeof(optionSetting)); optionSetting = true; KLSetDefaultLoginOption(loginOption_RememberPrincipal, &optionSetting, sizeof(optionSetting)); optionSetting = true; err = KLSetDefaultLoginOption(loginOption_RememberExtras, &optionSetting, sizeof(optionSetting)); if (err == klNoErr) { KLAcquireNewInitialTickets (NULL, NULL, NULL, NULL); optionSetting = true; KLAcquireNewInitialTickets (NULL, NULL, NULL, NULL); } } /* Lame date formatting stolen from CCacheDump, like ctime but with no \n */ static const char *day_name[] = {"Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"}; static const char *month_name[] = {"January", "February", "March","April","May","June", "July", "August", "September", "October", "November","December"}; char* TimeToString (char* timeString, long time) { /* we come in in 1970 time */ time_t timer = (time_t) time; struct tm tm; tm = *localtime (&timer); sprintf(timeString, "%.3s %.3s%3d %.2d:%.2d:%.2d %d", day_name[tm.tm_wday], month_name[tm.tm_mon], tm.tm_mday, tm.tm_hour, tm.tm_min, tm.tm_sec, tm.tm_year + 1900); return timeString; } void MyKerberosLoginIdleCallback (KLRefCon inAppData) { syslog (LOG_ALERT, "App got callback while waiting for Mach IPC (appData == %d)\n", inAppData); // KLCancelAllDialogs (); }