return name;
}
+void
+establish_contexts(gss_OID imech, gss_cred_id_t icred, gss_cred_id_t acred,
+ gss_name_t tname, OM_uint32 flags, gss_ctx_id_t *ictx,
+ gss_ctx_id_t *actx, gss_name_t *src_name, gss_OID *amech,
+ gss_cred_id_t *deleg_cred)
+{
+ OM_uint32 minor, imaj, amaj;
+ gss_buffer_desc itok, atok;
+
+ *ictx = *actx = GSS_C_NO_CONTEXT;
+ imaj = amaj = GSS_S_CONTINUE_NEEDED;
+ itok.value = atok.value = NULL;
+ itok.length = atok.length = 0;
+ for (;;) {
+ (void)gss_release_buffer(&minor, &itok);
+ imaj = gss_init_sec_context(&minor, icred, ictx, tname, imech, flags,
+ GSS_C_INDEFINITE,
+ GSS_C_NO_CHANNEL_BINDINGS, &atok, NULL,
+ &itok, NULL, NULL);
+ check_gsserr("gss_init_sec_context", imaj, minor);
+ if (amaj == GSS_S_COMPLETE)
+ break;
+
+ (void)gss_release_buffer(&minor, &atok);
+ amaj = gss_accept_sec_context(&minor, actx, acred, &itok,
+ GSS_C_NO_CHANNEL_BINDINGS, src_name,
+ amech, &atok, NULL, NULL, deleg_cred);
+ check_gsserr("gss_accept_sec_context", amaj, minor);
+ (void)gss_release_buffer(&minor, &itok);
+ if (imaj == GSS_S_COMPLETE)
+ break;
+ }
+
+ if (imaj != GSS_S_COMPLETE || amaj != GSS_S_COMPLETE)
+ errout("One side wants to continue after the other is done");
+
+ (void)gss_release_buffer(&minor, &itok);
+ (void)gss_release_buffer(&minor, &atok);
+}
+
void
display_canon_name(const char *tag, gss_name_t name, gss_OID mech)
{
* 'p:principalname', or 'h:host@service' (or just 'h:service'). */
gss_name_t import_name(const char *str);
+/* Establish contexts using gss_init_sec_context and gss_accept_sec_context. */
+void establish_contexts(gss_OID imech, gss_cred_id_t icred,
+ gss_cred_id_t acred, gss_name_t tname, OM_uint32 flags,
+ gss_ctx_id_t *ictx, gss_ctx_id_t *actx,
+ gss_name_t *src_name, gss_OID *amech,
+ gss_cred_id_t *deleg_cred);
+
/* Display name as canonicalized to mech, preceded by tag. */
void display_canon_name(const char *tag, gss_name_t name, gss_OID mech);
/*
* Test program for acceptor names, intended to be run from a Python test
- * script. Performs a one-token gss_init_sec_context/gss_accept_sec_context
- * exchange with the default initiator name, a specified principal name as
- * target name, and a specified host-based name as acceptor name (or
- * GSS_C_NO_NAME if no acceptor name is given). If the exchange is successful,
- * queries the context for the acceptor name and prints it. If any call is
- * unsuccessful, displays an error message. Exits with status 0 if all
+ * script. Establishes contexts with the default initiator name, a specified
+ * principal name as target name, and a specified host-based name as acceptor
+ * name (or GSS_C_NO_NAME if no acceptor name is given). If the exchange is
+ * successful, queries the context for the acceptor name and prints it. If any
+ * call is unsuccessful, displays an error message. Exits with status 0 if all
* operations are successful, or 1 if not.
*
* Usage: ./t_accname targetname [acceptorname]
int
main(int argc, char *argv[])
{
- OM_uint32 minor, major;
+ OM_uint32 minor, major, flags;
gss_cred_id_t acceptor_cred;
gss_name_t target_name, acceptor_name = GSS_C_NO_NAME, real_acceptor_name;
- gss_buffer_desc token, tmp, namebuf;
- gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
- gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
+ gss_buffer_desc namebuf;
+ gss_ctx_id_t initiator_context, acceptor_context;
if (argc < 2 || argc > 3) {
fprintf(stderr, "Usage: %s targetname [acceptorname]\n", argv[0]);
&acceptor_cred, NULL, NULL);
check_gsserr("gss_acquire_cred", major, minor);
- /* Create krb5 initiator context and get the first token. */
- token.value = NULL;
- token.length = 0;
- major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL,
- &initiator_context, target_name,
- (gss_OID)gss_mech_krb5,
- GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
- GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
- GSS_C_NO_BUFFER, NULL, &token, NULL, NULL);
- check_gsserr("gss_init_sec_context", major, minor);
-
- /* Pass the token to gss_accept_sec_context. */
- tmp.value = NULL;
- tmp.length = 0;
- major = gss_accept_sec_context(&minor, &acceptor_context, acceptor_cred,
- &token, GSS_C_NO_CHANNEL_BINDINGS,
- NULL, NULL, &tmp, NULL, NULL, NULL);
- check_gsserr("gss_accept_sec_context", major, minor);
+ flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+ establish_contexts(&mech_krb5, GSS_C_NO_CREDENTIAL, acceptor_cred,
+ target_name, flags, &initiator_context,
+ &acceptor_context, NULL, NULL, NULL);
major = gss_inquire_context(&minor, acceptor_context, NULL,
&real_acceptor_name, NULL, NULL, NULL, NULL,
(void)gss_release_cred(&minor, &acceptor_cred);
(void)gss_delete_sec_context(&minor, &initiator_context, NULL);
(void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
- (void)gss_release_buffer(&minor, &token);
- (void)gss_release_buffer(&minor, &tmp);
return 0;
}
/*
* Test program for client credential selection, intended to be run from a
- * Python test script. Performs a one-token
- * gss_init_sec_context/gss_accept_sec_context exchange, optionally with a
- * specified principal as the initiator name, a specified principal name as
- * target name, the default acceptor cred. If the exchange is successful,
- * prints the initiator name as seen by the acceptor. If any call is
- * unsuccessful, displays an error message. Exits with status 0 if all
- * operations are successful, or 1 if not.
+ * Python test script. Establishes contexts with an optionally specified
+ * initiator name, a specified target name, and the default acceptor cred. If
+ * the exchange is successful, prints the initiator name as seen by the
+ * acceptor. If any call is unsuccessful, displays an error message. Exits
+ * with status 0 if all operations are successful, or 1 if not.
*
- * Usage: ./t_ccselect [targetprinc|gss:service@host] [initiatorprinc|-]
+ * Usage: ./t_ccselect targetname [initiatorname|-]
*/
int
main(int argc, char *argv[])
{
- OM_uint32 minor, major;
+ OM_uint32 minor, major, flags;
gss_cred_id_t initiator_cred = GSS_C_NO_CREDENTIAL;
gss_name_t target_name, initiator_name = GSS_C_NO_NAME;
gss_name_t real_initiator_name;
- gss_buffer_desc token, tmp, namebuf;
- gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
- gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
+ gss_buffer_desc namebuf;
+ gss_ctx_id_t initiator_context, acceptor_context;
if (argc < 2 || argc > 3) {
fprintf(stderr, "Usage: %s targetname [initiatorname|-]\n", argv[0]);
check_gsserr("gss_acquire_cred", major, minor);
}
-
- /* Create krb5 initiator context and get the first token. */
- token.value = NULL;
- token.length = 0;
- major = gss_init_sec_context(&minor, initiator_cred, &initiator_context,
- target_name, (gss_OID)gss_mech_krb5,
- GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
- GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
- GSS_C_NO_BUFFER, NULL, &token, NULL, NULL);
- check_gsserr("gss_init_sec_context", major, minor);
-
- /* Pass the token to gss_accept_sec_context. */
- tmp.value = NULL;
- tmp.length = 0;
- major = gss_accept_sec_context(&minor, &acceptor_context,
- GSS_C_NO_CREDENTIAL, &token,
- GSS_C_NO_CHANNEL_BINDINGS,
- &real_initiator_name, NULL, &tmp,
- NULL, NULL, NULL);
- check_gsserr("gss_accept_sec_context", major, minor);
+ flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+ establish_contexts(&mech_krb5, initiator_cred, GSS_C_NO_CREDENTIAL,
+ target_name, flags, &initiator_context,
+ &acceptor_context, &real_initiator_name, NULL, NULL);
namebuf.value = NULL;
namebuf.length = 0;
(void)gss_release_cred(&minor, &initiator_cred);
(void)gss_delete_sec_context(&minor, &initiator_context, NULL);
(void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
- (void)gss_release_buffer(&minor, &token);
- (void)gss_release_buffer(&minor, &tmp);
(void)gss_release_buffer(&minor, &namebuf);
return 0;
}
#include "common.h"
/*
- * This test program performs a gss_init_sec_context/gss_accept_sec_context
- * exchange with the krb5 mech, the default initiator name, a specified
- * principal name as target name, and the default acceptor name. Before the
- * exchange, gss_set_allowable_enctypes is called for the initiator and the
- * acceptor cred if requested. If the exchange is successful, the resulting
- * contexts are exported with gss_krb5_export_lucid_sec_context, checked for
- * mismatches, and the GSS protocol and keys are displayed. Exits with status
- * 0 if all operations are successful, or 1 if not.
+ * This test program establishes contexts with the krb5 mech, the default
+ * initiator name, a specified target name, and the default acceptor name.
+ * Before the exchange, gss_set_allowable_enctypes is called for the initiator
+ * and the acceptor cred if requested. If the exchange is successful, the
+ * resulting contexts are exported with gss_krb5_export_lucid_sec_context,
+ * checked for mismatches, and the GSS protocol and keys are displayed. Exits
+ * with status 0 if all operations are successful, or 1 if not.
*
* Usage: ./t_enctypes [-i initenctypes] [-a accenctypes] targetname
*/
OM_uint32 minor, major, flags;
gss_name_t tname;
gss_cred_id_t icred = GSS_C_NO_CREDENTIAL, acred = GSS_C_NO_CREDENTIAL;
- gss_ctx_id_t ictx = GSS_C_NO_CONTEXT, actx = GSS_C_NO_CONTEXT;
- gss_buffer_desc itok, atok, tmp;
+ gss_ctx_id_t ictx, actx;
gss_krb5_lucid_context_v1_t *ilucid, *alucid;
gss_krb5_rfc1964_keydata_t *i1964, *a1964;
gss_krb5_cfx_keydata_t *icfx, *acfx;
check_gsserr("gss_krb5_set_allowable_enctypes(acc)", major, minor);
}
- /* Create initiator context and get the first token. */
- itok.value = NULL;
- itok.length = 0;
flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_MUTUAL_FLAG;
- major = gss_init_sec_context(&minor, icred, &ictx, tname, &mech_krb5,
- flags, GSS_C_INDEFINITE,
- GSS_C_NO_CHANNEL_BINDINGS, GSS_C_NO_BUFFER,
- NULL, &itok, NULL, NULL);
- check_gsserr("gss_init_sec_context(1)", major, minor);
- if (major != GSS_S_CONTINUE_NEEDED)
- errout("gss_init_sec_context(1) unexpected complete");
-
- /* Pass the initiator token to gss_accept_sec_context. */
- atok.value = NULL;
- atok.length = 0;
- major = gss_accept_sec_context(&minor, &actx, acred, &itok,
- GSS_C_NO_CHANNEL_BINDINGS, NULL, NULL,
- &atok, NULL, NULL, NULL);
- check_gsserr("gss_accept_sec_context", major, minor);
- if (major != GSS_S_COMPLETE)
- errout("gss_accept_sec_context unexpected continue");
-
- /* Pass the return token to gss_init_sec_context again. */
- tmp.value = NULL;
- tmp.length = 0;
- major = gss_init_sec_context(&minor, icred, &ictx, tname, &mech_krb5,
- flags, GSS_C_INDEFINITE,
- GSS_C_NO_CHANNEL_BINDINGS, &atok, NULL, &tmp,
- NULL, NULL);
- check_gsserr("gss_init_sec_context(2)", major, minor);
- if (major != GSS_S_COMPLETE)
- errout("gss_init_sec_context(2) unexpected continue");
+ establish_contexts(&mech_krb5, icred, acred, tname, flags, &ictx, &actx,
+ NULL, NULL, NULL);
/* Export to lucid contexts. */
major = gss_krb5_export_lucid_sec_context(&minor, &ictx, 1, &lptr);
(void)gss_release_cred(&minor, &acred);
(void)gss_delete_sec_context(&minor, &ictx, NULL);
(void)gss_delete_sec_context(&minor, &actx, NULL);
- (void)gss_release_buffer(&minor, &itok);
- (void)gss_release_buffer(&minor, &atok);
- (void)gss_release_buffer(&minor, &tmp);
(void)gss_krb5_free_lucid_sec_context(&minor, ilucid);
(void)gss_krb5_free_lucid_sec_context(&minor, alucid);
return 0;
gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
gss_OID mech = GSS_C_NO_OID;
gss_OID_set mechs = GSS_C_NO_OID_SET;
- gss_buffer_desc token, tmp;
char optchar;
/* Parse arguments. */
* delegating credentials. */
flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG |
GSS_C_INTEG_FLAG | GSS_C_DELEG_FLAG;
- major = gss_init_sec_context(&minor, initiator_cred, &initiator_context,
- target_name, mech, flags, GSS_C_INDEFINITE,
- GSS_C_NO_CHANNEL_BINDINGS, GSS_C_NO_BUFFER,
- NULL, &token, NULL, NULL);
- check_gsserr("gss_init_sec_context", major, minor);
-
- major = gss_accept_sec_context(&minor, &acceptor_context, acceptor_cred,
- &token, GSS_C_NO_CHANNEL_BINDINGS,
- NULL, NULL, &tmp, NULL, NULL,
- &delegated_cred);
- check_gsserr("gss_accept_sec_context", major, minor);
+ establish_contexts(mech, initiator_cred, acceptor_cred, target_name, flags,
+ &initiator_context, &acceptor_context, NULL, NULL,
+ &delegated_cred);
/* Import, release, export, and store delegated creds */
export_import_cred(&delegated_cred);
(void)gss_release_cred(&minor, &delegated_cred);
(void)gss_delete_sec_context(&minor, &initiator_context, NULL);
(void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
- (void)gss_release_buffer(&minor, &token);
- (void)gss_release_buffer(&minor, &tmp);
return 0;
}
gss_cred_id_t verifier_cred_handle,
gss_cred_id_t *deleg_cred_handle)
{
- OM_uint32 major, minor;
- gss_buffer_desc token = GSS_C_EMPTY_BUFFER, tmp = GSS_C_EMPTY_BUFFER;
+ OM_uint32 major, minor, flags;
gss_name_t source_name = GSS_C_NO_NAME, target_name = GSS_C_NO_NAME;
- gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
- gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
- OM_uint32 time_rec;
+ gss_ctx_id_t initiator_context, acceptor_context;
gss_OID mech;
*deleg_cred_handle = GSS_C_NO_CREDENTIAL;
mech = use_spnego ? &mech_spnego : &mech_krb5;
display_oid("Target mech", mech);
- major = gss_init_sec_context(&minor, claimant_cred_handle,
- &initiator_context, target_name, mech,
- GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
- GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
- GSS_C_NO_BUFFER, NULL, &token, NULL,
- &time_rec);
- (void)gss_release_name(&minor, &target_name);
- check_gsserr("gss_init_sec_context", major, minor);
-
- major = gss_accept_sec_context(&minor, &acceptor_context,
- verifier_cred_handle, &token,
- GSS_C_NO_CHANNEL_BINDINGS, &source_name,
- NULL, &tmp, NULL, &time_rec,
- deleg_cred_handle);
- check_gsserr("gss_accept_sec_context", major, minor);
+ flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+ establish_contexts(mech, claimant_cred_handle, verifier_cred_handle,
+ target_name, flags, &initiator_context,
+ &acceptor_context, &source_name, NULL,
+ deleg_cred_handle);
test_prf(initiator_context, acceptor_context, GSS_C_PRF_KEY_FULL);
test_prf(initiator_context, acceptor_context, GSS_C_PRF_KEY_PARTIAL);
(void)gss_release_name(&minor, &source_name);
(void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
(void)gss_delete_sec_context(&minor, &initiator_context, NULL);
- (void)gss_release_buffer(&minor, &token);
- (void)gss_release_buffer(&minor, &tmp);
}
static void
int
main(int argc, char *argv[])
{
- OM_uint32 minor, major;
+ OM_uint32 minor, major, flags;
gss_cred_id_t initiator_cred, acceptor_cred;
- gss_buffer_desc token, tmp;
- gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
- gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
+ gss_ctx_id_t initiator_context, acceptor_context;
gss_name_t target_name;
krb5_context context = NULL;
krb5_ccache cc;
major = gss_krb5_import_cred(&minor, NULL, princ, kt, &acceptor_cred);
check_gsserr("gss_krb5_import_cred (acceptor)", major, minor);
- /* Create krb5 initiator context and get the first token. */
- token.value = NULL;
- token.length = 0;
- major = gss_init_sec_context(&minor, initiator_cred,
- &initiator_context, target_name,
- (gss_OID)gss_mech_krb5,
- GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
- GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
- GSS_C_NO_BUFFER, NULL, &token, NULL, NULL);
- check_gsserr("gss_init_sec_context", major, minor);
-
- /* Pass the token to gss_accept_sec_context. */
- tmp.value = NULL;
- tmp.length = 0;
- major = gss_accept_sec_context(&minor, &acceptor_context, acceptor_cred,
- &token, GSS_C_NO_CHANNEL_BINDINGS,
- NULL, NULL, &tmp, NULL, NULL, NULL);
- check_gsserr("gss_accept_sec_context", major, minor);
+ flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+ establish_contexts(&mech_krb5, initiator_cred, acceptor_cred, target_name,
+ flags, &initiator_context, &acceptor_context, NULL,
+ NULL, NULL);
krb5_cc_close(context, cc);
krb5_kt_close(context, kt);
(void)gss_release_cred(&minor, &acceptor_cred);
(void)gss_delete_sec_context(&minor, &initiator_context, NULL);
(void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
- (void)gss_release_buffer(&minor, &token);
- (void)gss_release_buffer(&minor, &tmp);
return 0;
}
static void
init_accept_sec_context(gss_cred_id_t verifier_cred_handle)
{
- OM_uint32 major, minor;
- gss_buffer_desc token = GSS_C_EMPTY_BUFFER, tmp = GSS_C_EMPTY_BUFFER;
+ OM_uint32 major, minor, flags;
gss_name_t source_name = GSS_C_NO_NAME, target_name = GSS_C_NO_NAME;
- gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
- gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
+ gss_ctx_id_t initiator_context, acceptor_context;
gss_OID mech = use_spnego ? &mech_spnego : &mech_krb5;
- OM_uint32 time_rec;
major = gss_inquire_cred(&minor, verifier_cred_handle, &target_name, NULL,
NULL, NULL);
display_canon_name("Target name", target_name, &mech_krb5);
- major = gss_init_sec_context(&minor, verifier_cred_handle,
- &initiator_context, target_name, mech,
- GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
- GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
- GSS_C_NO_BUFFER, NULL, &token, NULL,
- &time_rec);
- check_gsserr("gss_init_sec_context", major, minor);
-
- (void)gss_release_name(&minor, &target_name);
- (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
-
- major = gss_accept_sec_context(&minor, &acceptor_context,
- verifier_cred_handle, &token,
- GSS_C_NO_CHANNEL_BINDINGS, &source_name,
- NULL, &tmp, NULL, &time_rec, NULL);
- check_gsserr("gss_accept_sec_context", major, minor);
+ flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+ establish_contexts(mech, verifier_cred_handle, verifier_cred_handle,
+ target_name, flags, &initiator_context,
+ &acceptor_context, &source_name, NULL, NULL);
display_canon_name("Source name", source_name, &mech_krb5);
enumerate_attributes(source_name, 1);
test_map_name_to_any(source_name);
(void)gss_release_name(&minor, &source_name);
+ (void)gss_release_name(&minor, &target_name);
+ (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
(void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
- (void)gss_release_buffer(&minor, &token);
- (void)gss_release_buffer(&minor, &tmp);
}
int
gss_cred_id_t verifier_cred_handle,
gss_cred_id_t *deleg_cred_handle)
{
- OM_uint32 major, minor;
- gss_buffer_desc token = GSS_C_EMPTY_BUFFER, tmp = GSS_C_EMPTY_BUFFER;
+ OM_uint32 major, minor, flags;
gss_name_t source_name = GSS_C_NO_NAME, target_name = GSS_C_NO_NAME;
- gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
- gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
- OM_uint32 time_rec;
+ gss_ctx_id_t initiator_context, acceptor_context;
gss_OID mech = GSS_C_NO_OID;
*deleg_cred_handle = GSS_C_NO_CREDENTIAL;
mech = use_spnego ? &mech_spnego : &mech_krb5;
display_oid("Target mech", mech);
- major = gss_init_sec_context(&minor, claimant_cred_handle,
- &initiator_context, target_name, mech,
- GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
- GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
- GSS_C_NO_BUFFER, NULL, &token, NULL,
- &time_rec);
- check_gsserr("gss_init_sec_context", major, minor);
-
- (void)gss_release_name(&minor, &target_name);
- (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
-
- mech = GSS_C_NO_OID;
- major = gss_accept_sec_context(&minor, &acceptor_context,
- verifier_cred_handle, &token,
- GSS_C_NO_CHANNEL_BINDINGS, &source_name,
- &mech, &tmp, NULL, &time_rec,
- deleg_cred_handle);
- check_gsserr("gss_accept_sec_context", major, minor);
+ flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+ establish_contexts(mech, claimant_cred_handle, verifier_cred_handle,
+ target_name, flags, &initiator_context,
+ &acceptor_context, &source_name, &mech,
+ deleg_cred_handle);
display_canon_name("Source name", source_name, &mech_krb5);
display_oid("Source mech", mech);
enumerate_attributes(source_name, 1);
(void)gss_release_name(&minor, &source_name);
+ (void)gss_release_name(&minor, &target_name);
+ (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
(void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
- (void)gss_release_buffer(&minor, &token);
- (void)gss_release_buffer(&minor, &tmp);
}
static void
krb5_boolean use_spnego = FALSE;
krb5_ccache storage_ccache = NULL;
krb5_principal client_princ = NULL;
- OM_uint32 minor, major;
- gss_buffer_desc buf = GSS_C_EMPTY_BUFFER, token = GSS_C_EMPTY_BUFFER;
+ OM_uint32 minor, major, flags;
+ gss_buffer_desc buf = GSS_C_EMPTY_BUFFER;
gss_OID mech;
gss_OID_set mechs;
gss_name_t acceptor_name = GSS_C_NO_NAME, client_name = GSS_C_NO_NAME;
gss_name_t service1_name = GSS_C_NO_NAME, service2_name = GSS_C_NO_NAME;
gss_cred_id_t service1_cred = GSS_C_NO_CREDENTIAL;
gss_cred_id_t deleg_cred = GSS_C_NO_CREDENTIAL;
- gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
- gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
+ gss_ctx_id_t initiator_context, acceptor_context;
/* Parse arguments. */
if (argc >= 2 && strcmp(argv[1], "--spnego") == 0) {
mechs, GSS_C_BOTH, &service1_cred, NULL, NULL);
check_gsserr("gss_acquire_cred(service1)", major, minor);
- /* Create initiator context and get the first token, using the client
- * ccache. */
+ /* Establish contexts using the client ccache. */
service1_name = import_name(service1);
major = gss_krb5_ccache_name(&minor, client_ccname, NULL);
check_gsserr("gss_krb5_ccache_name(1)", major, minor);
- major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL,
- &initiator_context, service1_name, mech,
- GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
- GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
- GSS_C_NO_BUFFER, NULL, &token, NULL, NULL);
- if (GSS_ERROR(major))
- check_gsserr("gss_init_sec_context(1)", major, minor);
-
- /* Pass the token to gss_accept_sec_context. */
- major = gss_accept_sec_context(&minor, &acceptor_context,
- service1_cred, &token,
- GSS_C_NO_CHANNEL_BINDINGS, &client_name,
- NULL, &buf, NULL, NULL, &deleg_cred);
- check_gsserr("gss_accept_sec_context(1)", major, minor);
- (void)gss_release_buffer(&minor, &token);
+ flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+ establish_contexts(mech, GSS_C_NO_CREDENTIAL, service1_cred, service1_name,
+ flags, &initiator_context, &acceptor_context,
+ &client_name, NULL, &deleg_cred);
/* Display and remember the client principal. */
major = gss_display_name(&minor, client_name, &buf, NULL);
(void)gss_delete_sec_context(&minor, &initiator_context, GSS_C_NO_BUFFER);
(void)gss_delete_sec_context(&minor, &acceptor_context, GSS_C_NO_BUFFER);
- /* Create initiator context and get the first token, using the storage
- * ccache. */
+ /* Establish contexts using the storage ccache. */
service2_name = import_name(service2);
major = gss_krb5_ccache_name(&minor, storage_ccname, NULL);
check_gsserr("gss_krb5_ccache_name(2)", major, minor);
- major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL,
- &initiator_context, service2_name, mech,
- GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
- GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
- GSS_C_NO_BUFFER, NULL, &token, NULL, NULL);
- check_gsserr("gss_init_sec_context(2)", major, minor);
-
- /* Pass the token to gss_accept_sec_context. */
- major = gss_accept_sec_context(&minor, &acceptor_context,
- GSS_C_NO_CREDENTIAL, &token,
- GSS_C_NO_CHANNEL_BINDINGS, &client_name,
- NULL, &buf, NULL, NULL, &deleg_cred);
- check_gsserr("gss_accept_sec_context(2)", major, minor);
- (void)gss_release_buffer(&minor, &token);
+ establish_contexts(mech, GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL,
+ service2_name, flags, &initiator_context,
+ &acceptor_context, &client_name, NULL, &deleg_cred);
major = gss_display_name(&minor, client_name, &buf, NULL);
check_gsserr("gss_display_name(2)", major, minor);
int
main(int argc, char *argv[])
{
- OM_uint32 minor, major;
+ OM_uint32 minor, major, flags;
gss_cred_id_t verifier_cred_handle = GSS_C_NO_CREDENTIAL;
gss_OID_set actual_mechs = GSS_C_NO_OID_SET;
gss_buffer_desc token = GSS_C_EMPTY_BUFFER, tmp = GSS_C_EMPTY_BUFFER;
- gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
- gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
+ gss_ctx_id_t initiator_context, acceptor_context;
gss_name_t target_name, source_name = GSS_C_NO_NAME;
- OM_uint32 time_rec;
gss_OID mech = GSS_C_NO_OID;
if (argc < 2 || argc > 3) {
major = gss_set_neg_mechs(&minor, verifier_cred_handle, &mechset_krb5);
check_gsserr("gss_set_neg_mechs", major, minor);
- major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL,
- &initiator_context, target_name, &mech_spnego,
- GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
- GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
- GSS_C_NO_BUFFER, NULL, &token, NULL,
- &time_rec);
- check_gsserr("gss_init_sec_context", major, minor);
- (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
-
- major = gss_accept_sec_context(&minor, &acceptor_context,
- verifier_cred_handle, &token,
- GSS_C_NO_CHANNEL_BINDINGS, &source_name,
- &mech, &tmp, NULL, &time_rec, NULL);
- check_gsserr("gss_accept_sec_context", major, minor);
+ flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+ establish_contexts(&mech_spnego, GSS_C_NO_CREDENTIAL, verifier_cred_handle,
+ target_name, flags, &initiator_context,
+ &acceptor_context, &source_name, &mech, NULL);
display_canon_name("Source name", source_name, &mech_krb5);
display_oid("Source mech", mech);
+ (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
(void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
(void)gss_release_name(&minor, &source_name);
(void)gss_release_name(&minor, &target_name);
projects / thirdparty / krb5.git / commitdiff
