krb5 commit: Factor out context establishment in GSS tests
Greg Hudson
ghudson at MIT.EDU
Fri Sep 6 01:14:35 EDT 2013
https://github.com/krb5/krb5/commit/95f6a640573076b8e68051ed4f2447be767cd2ec
commit 95f6a640573076b8e68051ed4f2447be767cd2ec
Author: Greg Hudson <ghudson at mit.edu>
Date: Thu Sep 5 13:34:44 2013 -0400
Factor out context establishment in GSS tests
Add a new helper to common.c which runs gss_init_sec_context and
gss_accept_sec_context in a loop, and use it in test programs instead
of the open-coded one-token or two-token exchanges.
src/tests/gssapi/common.c | 40 ++++++++++++++++++++++++++
src/tests/gssapi/common.h | 7 ++++
src/tests/gssapi/t_accname.c | 42 ++++++++-------------------
src/tests/gssapi/t_ccselect.c | 47 ++++++++----------------------
src/tests/gssapi/t_enctypes.c | 54 ++++++----------------------------
src/tests/gssapi/t_export_cred.c | 17 ++---------
src/tests/gssapi/t_gssexts.c | 29 ++++--------------
src/tests/gssapi/t_imp_cred.c | 30 ++++---------------
src/tests/gssapi/t_namingexts.c | 31 +++++---------------
src/tests/gssapi/t_s4u.c | 34 ++++++----------------
src/tests/gssapi/t_s4u2proxy_krb5.c | 49 ++++++++------------------------
src/tests/gssapi/t_spnego.c | 25 ++++-----------
12 files changed, 134 insertions(+), 271 deletions(-)
diff --git a/src/tests/gssapi/common.c b/src/tests/gssapi/common.c
index 5e8ffda..19a781a 100644
--- a/src/tests/gssapi/common.c
+++ b/src/tests/gssapi/common.c
@@ -109,6 +109,46 @@ import_name(const char *str)
}
void
+establish_contexts(gss_OID imech, gss_cred_id_t icred, gss_cred_id_t acred,
+ gss_name_t tname, OM_uint32 flags, gss_ctx_id_t *ictx,
+ gss_ctx_id_t *actx, gss_name_t *src_name, gss_OID *amech,
+ gss_cred_id_t *deleg_cred)
+{
+ OM_uint32 minor, imaj, amaj;
+ gss_buffer_desc itok, atok;
+
+ *ictx = *actx = GSS_C_NO_CONTEXT;
+ imaj = amaj = GSS_S_CONTINUE_NEEDED;
+ itok.value = atok.value = NULL;
+ itok.length = atok.length = 0;
+ for (;;) {
+ (void)gss_release_buffer(&minor, &itok);
+ imaj = gss_init_sec_context(&minor, icred, ictx, tname, imech, flags,
+ GSS_C_INDEFINITE,
+ GSS_C_NO_CHANNEL_BINDINGS, &atok, NULL,
+ &itok, NULL, NULL);
+ check_gsserr("gss_init_sec_context", imaj, minor);
+ if (amaj == GSS_S_COMPLETE)
+ break;
+
+ (void)gss_release_buffer(&minor, &atok);
+ amaj = gss_accept_sec_context(&minor, actx, acred, &itok,
+ GSS_C_NO_CHANNEL_BINDINGS, src_name,
+ amech, &atok, NULL, NULL, deleg_cred);
+ check_gsserr("gss_accept_sec_context", amaj, minor);
+ (void)gss_release_buffer(&minor, &itok);
+ if (imaj == GSS_S_COMPLETE)
+ break;
+ }
+
+ if (imaj != GSS_S_COMPLETE || amaj != GSS_S_COMPLETE)
+ errout("One side wants to continue after the other is done");
+
+ (void)gss_release_buffer(&minor, &itok);
+ (void)gss_release_buffer(&minor, &atok);
+}
+
+void
display_canon_name(const char *tag, gss_name_t name, gss_OID mech)
{
gss_name_t canon;
diff --git a/src/tests/gssapi/common.h b/src/tests/gssapi/common.h
index e2ca8b9..54c0d36 100644
--- a/src/tests/gssapi/common.h
+++ b/src/tests/gssapi/common.h
@@ -55,6 +55,13 @@ void errout(const char *msg);
* 'p:principalname', or 'h:host at service' (or just 'h:service'). */
gss_name_t import_name(const char *str);
+/* Establish contexts using gss_init_sec_context and gss_accept_sec_context. */
+void establish_contexts(gss_OID imech, gss_cred_id_t icred,
+ gss_cred_id_t acred, gss_name_t tname, OM_uint32 flags,
+ gss_ctx_id_t *ictx, gss_ctx_id_t *actx,
+ gss_name_t *src_name, gss_OID *amech,
+ gss_cred_id_t *deleg_cred);
+
/* Display name as canonicalized to mech, preceded by tag. */
void display_canon_name(const char *tag, gss_name_t name, gss_OID mech);
diff --git a/src/tests/gssapi/t_accname.c b/src/tests/gssapi/t_accname.c
index c857842..9f769ad 100644
--- a/src/tests/gssapi/t_accname.c
+++ b/src/tests/gssapi/t_accname.c
@@ -30,12 +30,11 @@
/*
* Test program for acceptor names, intended to be run from a Python test
- * script. Performs a one-token gss_init_sec_context/gss_accept_sec_context
- * exchange with the default initiator name, a specified principal name as
- * target name, and a specified host-based name as acceptor name (or
- * GSS_C_NO_NAME if no acceptor name is given). If the exchange is successful,
- * queries the context for the acceptor name and prints it. If any call is
- * unsuccessful, displays an error message. Exits with status 0 if all
+ * script. Establishes contexts with the default initiator name, a specified
+ * principal name as target name, and a specified host-based name as acceptor
+ * name (or GSS_C_NO_NAME if no acceptor name is given). If the exchange is
+ * successful, queries the context for the acceptor name and prints it. If any
+ * call is unsuccessful, displays an error message. Exits with status 0 if all
* operations are successful, or 1 if not.
*
* Usage: ./t_accname targetname [acceptorname]
@@ -44,12 +43,11 @@
int
main(int argc, char *argv[])
{
- OM_uint32 minor, major;
+ OM_uint32 minor, major, flags;
gss_cred_id_t acceptor_cred;
gss_name_t target_name, acceptor_name = GSS_C_NO_NAME, real_acceptor_name;
- gss_buffer_desc token, tmp, namebuf;
- gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
- gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
+ gss_buffer_desc namebuf;
+ gss_ctx_id_t initiator_context, acceptor_context;
if (argc < 2 || argc > 3) {
fprintf(stderr, "Usage: %s targetname [acceptorname]\n", argv[0]);
@@ -67,24 +65,10 @@ main(int argc, char *argv[])
&acceptor_cred, NULL, NULL);
check_gsserr("gss_acquire_cred", major, minor);
- /* Create krb5 initiator context and get the first token. */
- token.value = NULL;
- token.length = 0;
- major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL,
- &initiator_context, target_name,
- (gss_OID)gss_mech_krb5,
- GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
- GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
- GSS_C_NO_BUFFER, NULL, &token, NULL, NULL);
- check_gsserr("gss_init_sec_context", major, minor);
-
- /* Pass the token to gss_accept_sec_context. */
- tmp.value = NULL;
- tmp.length = 0;
- major = gss_accept_sec_context(&minor, &acceptor_context, acceptor_cred,
- &token, GSS_C_NO_CHANNEL_BINDINGS,
- NULL, NULL, &tmp, NULL, NULL, NULL);
- check_gsserr("gss_accept_sec_context", major, minor);
+ flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+ establish_contexts(&mech_krb5, GSS_C_NO_CREDENTIAL, acceptor_cred,
+ target_name, flags, &initiator_context,
+ &acceptor_context, NULL, NULL, NULL);
major = gss_inquire_context(&minor, acceptor_context, NULL,
&real_acceptor_name, NULL, NULL, NULL, NULL,
@@ -103,7 +87,5 @@ main(int argc, char *argv[])
(void)gss_release_cred(&minor, &acceptor_cred);
(void)gss_delete_sec_context(&minor, &initiator_context, NULL);
(void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
- (void)gss_release_buffer(&minor, &token);
- (void)gss_release_buffer(&minor, &tmp);
return 0;
}
diff --git a/src/tests/gssapi/t_ccselect.c b/src/tests/gssapi/t_ccselect.c
index 05b0a84..cc4f73a 100644
--- a/src/tests/gssapi/t_ccselect.c
+++ b/src/tests/gssapi/t_ccselect.c
@@ -32,27 +32,24 @@
/*
* Test program for client credential selection, intended to be run from a
- * Python test script. Performs a one-token
- * gss_init_sec_context/gss_accept_sec_context exchange, optionally with a
- * specified principal as the initiator name, a specified principal name as
- * target name, the default acceptor cred. If the exchange is successful,
- * prints the initiator name as seen by the acceptor. If any call is
- * unsuccessful, displays an error message. Exits with status 0 if all
- * operations are successful, or 1 if not.
+ * Python test script. Establishes contexts with an optionally specified
+ * initiator name, a specified target name, and the default acceptor cred. If
+ * the exchange is successful, prints the initiator name as seen by the
+ * acceptor. If any call is unsuccessful, displays an error message. Exits
+ * with status 0 if all operations are successful, or 1 if not.
*
- * Usage: ./t_ccselect [targetprinc|gss:service at host] [initiatorprinc|-]
+ * Usage: ./t_ccselect targetname [initiatorname|-]
*/
int
main(int argc, char *argv[])
{
- OM_uint32 minor, major;
+ OM_uint32 minor, major, flags;
gss_cred_id_t initiator_cred = GSS_C_NO_CREDENTIAL;
gss_name_t target_name, initiator_name = GSS_C_NO_NAME;
gss_name_t real_initiator_name;
- gss_buffer_desc token, tmp, namebuf;
- gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
- gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
+ gss_buffer_desc namebuf;
+ gss_ctx_id_t initiator_context, acceptor_context;
if (argc < 2 || argc > 3) {
fprintf(stderr, "Usage: %s targetname [initiatorname|-]\n", argv[0]);
@@ -71,26 +68,10 @@ main(int argc, char *argv[])
check_gsserr("gss_acquire_cred", major, minor);
}
-
- /* Create krb5 initiator context and get the first token. */
- token.value = NULL;
- token.length = 0;
- major = gss_init_sec_context(&minor, initiator_cred, &initiator_context,
- target_name, (gss_OID)gss_mech_krb5,
- GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
- GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
- GSS_C_NO_BUFFER, NULL, &token, NULL, NULL);
- check_gsserr("gss_init_sec_context", major, minor);
-
- /* Pass the token to gss_accept_sec_context. */
- tmp.value = NULL;
- tmp.length = 0;
- major = gss_accept_sec_context(&minor, &acceptor_context,
- GSS_C_NO_CREDENTIAL, &token,
- GSS_C_NO_CHANNEL_BINDINGS,
- &real_initiator_name, NULL, &tmp,
- NULL, NULL, NULL);
- check_gsserr("gss_accept_sec_context", major, minor);
+ flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+ establish_contexts(&mech_krb5, initiator_cred, GSS_C_NO_CREDENTIAL,
+ target_name, flags, &initiator_context,
+ &acceptor_context, &real_initiator_name, NULL, NULL);
namebuf.value = NULL;
namebuf.length = 0;
@@ -104,8 +85,6 @@ main(int argc, char *argv[])
(void)gss_release_cred(&minor, &initiator_cred);
(void)gss_delete_sec_context(&minor, &initiator_context, NULL);
(void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
- (void)gss_release_buffer(&minor, &token);
- (void)gss_release_buffer(&minor, &tmp);
(void)gss_release_buffer(&minor, &namebuf);
return 0;
}
diff --git a/src/tests/gssapi/t_enctypes.c b/src/tests/gssapi/t_enctypes.c
index c1e02fa..79a732a 100644
--- a/src/tests/gssapi/t_enctypes.c
+++ b/src/tests/gssapi/t_enctypes.c
@@ -38,14 +38,13 @@
#include "common.h"
/*
- * This test program performs a gss_init_sec_context/gss_accept_sec_context
- * exchange with the krb5 mech, the default initiator name, a specified
- * principal name as target name, and the default acceptor name. Before the
- * exchange, gss_set_allowable_enctypes is called for the initiator and the
- * acceptor cred if requested. If the exchange is successful, the resulting
- * contexts are exported with gss_krb5_export_lucid_sec_context, checked for
- * mismatches, and the GSS protocol and keys are displayed. Exits with status
- * 0 if all operations are successful, or 1 if not.
+ * This test program establishes contexts with the krb5 mech, the default
+ * initiator name, a specified target name, and the default acceptor name.
+ * Before the exchange, gss_set_allowable_enctypes is called for the initiator
+ * and the acceptor cred if requested. If the exchange is successful, the
+ * resulting contexts are exported with gss_krb5_export_lucid_sec_context,
+ * checked for mismatches, and the GSS protocol and keys are displayed. Exits
+ * with status 0 if all operations are successful, or 1 if not.
*
* Usage: ./t_enctypes [-i initenctypes] [-a accenctypes] targetname
*/
@@ -87,8 +86,7 @@ main(int argc, char *argv[])
OM_uint32 minor, major, flags;
gss_name_t tname;
gss_cred_id_t icred = GSS_C_NO_CREDENTIAL, acred = GSS_C_NO_CREDENTIAL;
- gss_ctx_id_t ictx = GSS_C_NO_CONTEXT, actx = GSS_C_NO_CONTEXT;
- gss_buffer_desc itok, atok, tmp;
+ gss_ctx_id_t ictx, actx;
gss_krb5_lucid_context_v1_t *ilucid, *alucid;
gss_krb5_rfc1964_keydata_t *i1964, *a1964;
gss_krb5_cfx_keydata_t *icfx, *acfx;
@@ -141,38 +139,9 @@ main(int argc, char *argv[])
check_gsserr("gss_krb5_set_allowable_enctypes(acc)", major, minor);
}
- /* Create initiator context and get the first token. */
- itok.value = NULL;
- itok.length = 0;
flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_MUTUAL_FLAG;
- major = gss_init_sec_context(&minor, icred, &ictx, tname, &mech_krb5,
- flags, GSS_C_INDEFINITE,
- GSS_C_NO_CHANNEL_BINDINGS, GSS_C_NO_BUFFER,
- NULL, &itok, NULL, NULL);
- check_gsserr("gss_init_sec_context(1)", major, minor);
- if (major != GSS_S_CONTINUE_NEEDED)
- errout("gss_init_sec_context(1) unexpected complete");
-
- /* Pass the initiator token to gss_accept_sec_context. */
- atok.value = NULL;
- atok.length = 0;
- major = gss_accept_sec_context(&minor, &actx, acred, &itok,
- GSS_C_NO_CHANNEL_BINDINGS, NULL, NULL,
- &atok, NULL, NULL, NULL);
- check_gsserr("gss_accept_sec_context", major, minor);
- if (major != GSS_S_COMPLETE)
- errout("gss_accept_sec_context unexpected continue");
-
- /* Pass the return token to gss_init_sec_context again. */
- tmp.value = NULL;
- tmp.length = 0;
- major = gss_init_sec_context(&minor, icred, &ictx, tname, &mech_krb5,
- flags, GSS_C_INDEFINITE,
- GSS_C_NO_CHANNEL_BINDINGS, &atok, NULL, &tmp,
- NULL, NULL);
- check_gsserr("gss_init_sec_context(2)", major, minor);
- if (major != GSS_S_COMPLETE)
- errout("gss_init_sec_context(2) unexpected continue");
+ establish_contexts(&mech_krb5, icred, acred, tname, flags, &ictx, &actx,
+ NULL, NULL, NULL);
/* Export to lucid contexts. */
major = gss_krb5_export_lucid_sec_context(&minor, &ictx, 1, &lptr);
@@ -220,9 +189,6 @@ main(int argc, char *argv[])
(void)gss_release_cred(&minor, &acred);
(void)gss_delete_sec_context(&minor, &ictx, NULL);
(void)gss_delete_sec_context(&minor, &actx, NULL);
- (void)gss_release_buffer(&minor, &itok);
- (void)gss_release_buffer(&minor, &atok);
- (void)gss_release_buffer(&minor, &tmp);
(void)gss_krb5_free_lucid_sec_context(&minor, ilucid);
(void)gss_krb5_free_lucid_sec_context(&minor, alucid);
return 0;
diff --git a/src/tests/gssapi/t_export_cred.c b/src/tests/gssapi/t_export_cred.c
index 6f62eed..5214cd5 100644
--- a/src/tests/gssapi/t_export_cred.c
+++ b/src/tests/gssapi/t_export_cred.c
@@ -64,7 +64,6 @@ main(int argc, char *argv[])
gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
gss_OID mech = GSS_C_NO_OID;
gss_OID_set mechs = GSS_C_NO_OID_SET;
- gss_buffer_desc token, tmp;
char optchar;
/* Parse arguments. */
@@ -110,17 +109,9 @@ main(int argc, char *argv[])
* delegating credentials. */
flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG |
GSS_C_INTEG_FLAG | GSS_C_DELEG_FLAG;
- major = gss_init_sec_context(&minor, initiator_cred, &initiator_context,
- target_name, mech, flags, GSS_C_INDEFINITE,
- GSS_C_NO_CHANNEL_BINDINGS, GSS_C_NO_BUFFER,
- NULL, &token, NULL, NULL);
- check_gsserr("gss_init_sec_context", major, minor);
-
- major = gss_accept_sec_context(&minor, &acceptor_context, acceptor_cred,
- &token, GSS_C_NO_CHANNEL_BINDINGS,
- NULL, NULL, &tmp, NULL, NULL,
- &delegated_cred);
- check_gsserr("gss_accept_sec_context", major, minor);
+ establish_contexts(mech, initiator_cred, acceptor_cred, target_name, flags,
+ &initiator_context, &acceptor_context, NULL, NULL,
+ &delegated_cred);
/* Import, release, export, and store delegated creds */
export_import_cred(&delegated_cred);
@@ -136,7 +127,5 @@ main(int argc, char *argv[])
(void)gss_release_cred(&minor, &delegated_cred);
(void)gss_delete_sec_context(&minor, &initiator_context, NULL);
(void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
- (void)gss_release_buffer(&minor, &token);
- (void)gss_release_buffer(&minor, &tmp);
return 0;
}
diff --git a/src/tests/gssapi/t_gssexts.c b/src/tests/gssapi/t_gssexts.c
index d008c08..41d62b9 100644
--- a/src/tests/gssapi/t_gssexts.c
+++ b/src/tests/gssapi/t_gssexts.c
@@ -110,12 +110,9 @@ init_accept_sec_context(gss_cred_id_t claimant_cred_handle,
gss_cred_id_t verifier_cred_handle,
gss_cred_id_t *deleg_cred_handle)
{
- OM_uint32 major, minor;
- gss_buffer_desc token = GSS_C_EMPTY_BUFFER, tmp = GSS_C_EMPTY_BUFFER;
+ OM_uint32 major, minor, flags;
gss_name_t source_name = GSS_C_NO_NAME, target_name = GSS_C_NO_NAME;
- gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
- gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
- OM_uint32 time_rec;
+ gss_ctx_id_t initiator_context, acceptor_context;
gss_OID mech;
*deleg_cred_handle = GSS_C_NO_CREDENTIAL;
@@ -128,21 +125,11 @@ init_accept_sec_context(gss_cred_id_t claimant_cred_handle,
mech = use_spnego ? &mech_spnego : &mech_krb5;
display_oid("Target mech", mech);
- major = gss_init_sec_context(&minor, claimant_cred_handle,
- &initiator_context, target_name, mech,
- GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
- GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
- GSS_C_NO_BUFFER, NULL, &token, NULL,
- &time_rec);
- (void)gss_release_name(&minor, &target_name);
- check_gsserr("gss_init_sec_context", major, minor);
-
- major = gss_accept_sec_context(&minor, &acceptor_context,
- verifier_cred_handle, &token,
- GSS_C_NO_CHANNEL_BINDINGS, &source_name,
- NULL, &tmp, NULL, &time_rec,
- deleg_cred_handle);
- check_gsserr("gss_accept_sec_context", major, minor);
+ flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+ establish_contexts(mech, claimant_cred_handle, verifier_cred_handle,
+ target_name, flags, &initiator_context,
+ &acceptor_context, &source_name, NULL,
+ deleg_cred_handle);
test_prf(initiator_context, acceptor_context, GSS_C_PRF_KEY_FULL);
test_prf(initiator_context, acceptor_context, GSS_C_PRF_KEY_PARTIAL);
@@ -150,8 +137,6 @@ init_accept_sec_context(gss_cred_id_t claimant_cred_handle,
(void)gss_release_name(&minor, &source_name);
(void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
(void)gss_delete_sec_context(&minor, &initiator_context, NULL);
- (void)gss_release_buffer(&minor, &token);
- (void)gss_release_buffer(&minor, &tmp);
}
static void
diff --git a/src/tests/gssapi/t_imp_cred.c b/src/tests/gssapi/t_imp_cred.c
index 8e00dae..a2aa5fb 100644
--- a/src/tests/gssapi/t_imp_cred.c
+++ b/src/tests/gssapi/t_imp_cred.c
@@ -45,11 +45,9 @@
int
main(int argc, char *argv[])
{
- OM_uint32 minor, major;
+ OM_uint32 minor, major, flags;
gss_cred_id_t initiator_cred, acceptor_cred;
- gss_buffer_desc token, tmp;
- gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
- gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
+ gss_ctx_id_t initiator_context, acceptor_context;
gss_name_t target_name;
krb5_context context = NULL;
krb5_ccache cc;
@@ -85,24 +83,10 @@ main(int argc, char *argv[])
major = gss_krb5_import_cred(&minor, NULL, princ, kt, &acceptor_cred);
check_gsserr("gss_krb5_import_cred (acceptor)", major, minor);
- /* Create krb5 initiator context and get the first token. */
- token.value = NULL;
- token.length = 0;
- major = gss_init_sec_context(&minor, initiator_cred,
- &initiator_context, target_name,
- (gss_OID)gss_mech_krb5,
- GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
- GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
- GSS_C_NO_BUFFER, NULL, &token, NULL, NULL);
- check_gsserr("gss_init_sec_context", major, minor);
-
- /* Pass the token to gss_accept_sec_context. */
- tmp.value = NULL;
- tmp.length = 0;
- major = gss_accept_sec_context(&minor, &acceptor_context, acceptor_cred,
- &token, GSS_C_NO_CHANNEL_BINDINGS,
- NULL, NULL, &tmp, NULL, NULL, NULL);
- check_gsserr("gss_accept_sec_context", major, minor);
+ flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+ establish_contexts(&mech_krb5, initiator_cred, acceptor_cred, target_name,
+ flags, &initiator_context, &acceptor_context, NULL,
+ NULL, NULL);
krb5_cc_close(context, cc);
krb5_kt_close(context, kt);
@@ -113,7 +97,5 @@ main(int argc, char *argv[])
(void)gss_release_cred(&minor, &acceptor_cred);
(void)gss_delete_sec_context(&minor, &initiator_context, NULL);
(void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
- (void)gss_release_buffer(&minor, &token);
- (void)gss_release_buffer(&minor, &tmp);
return 0;
}
diff --git a/src/tests/gssapi/t_namingexts.c b/src/tests/gssapi/t_namingexts.c
index 7d06f33..c7bfe3e 100644
--- a/src/tests/gssapi/t_namingexts.c
+++ b/src/tests/gssapi/t_namingexts.c
@@ -125,13 +125,10 @@ test_map_name_to_any(gss_name_t name)
static void
init_accept_sec_context(gss_cred_id_t verifier_cred_handle)
{
- OM_uint32 major, minor;
- gss_buffer_desc token = GSS_C_EMPTY_BUFFER, tmp = GSS_C_EMPTY_BUFFER;
+ OM_uint32 major, minor, flags;
gss_name_t source_name = GSS_C_NO_NAME, target_name = GSS_C_NO_NAME;
- gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
- gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
+ gss_ctx_id_t initiator_context, acceptor_context;
gss_OID mech = use_spnego ? &mech_spnego : &mech_krb5;
- OM_uint32 time_rec;
major = gss_inquire_cred(&minor, verifier_cred_handle, &target_name, NULL,
NULL, NULL);
@@ -139,22 +136,10 @@ init_accept_sec_context(gss_cred_id_t verifier_cred_handle)
display_canon_name("Target name", target_name, &mech_krb5);
- major = gss_init_sec_context(&minor, verifier_cred_handle,
- &initiator_context, target_name, mech,
- GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
- GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
- GSS_C_NO_BUFFER, NULL, &token, NULL,
- &time_rec);
- check_gsserr("gss_init_sec_context", major, minor);
-
- (void)gss_release_name(&minor, &target_name);
- (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
-
- major = gss_accept_sec_context(&minor, &acceptor_context,
- verifier_cred_handle, &token,
- GSS_C_NO_CHANNEL_BINDINGS, &source_name,
- NULL, &tmp, NULL, &time_rec, NULL);
- check_gsserr("gss_accept_sec_context", major, minor);
+ flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+ establish_contexts(mech, verifier_cred_handle, verifier_cred_handle,
+ target_name, flags, &initiator_context,
+ &acceptor_context, &source_name, NULL, NULL);
display_canon_name("Source name", source_name, &mech_krb5);
enumerate_attributes(source_name, 1);
@@ -162,9 +147,9 @@ init_accept_sec_context(gss_cred_id_t verifier_cred_handle)
test_map_name_to_any(source_name);
(void)gss_release_name(&minor, &source_name);
+ (void)gss_release_name(&minor, &target_name);
+ (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
(void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
- (void)gss_release_buffer(&minor, &token);
- (void)gss_release_buffer(&minor, &tmp);
}
int
diff --git a/src/tests/gssapi/t_s4u.c b/src/tests/gssapi/t_s4u.c
index 62b9735..c33560f 100644
--- a/src/tests/gssapi/t_s4u.c
+++ b/src/tests/gssapi/t_s4u.c
@@ -90,12 +90,9 @@ init_accept_sec_context(gss_cred_id_t claimant_cred_handle,
gss_cred_id_t verifier_cred_handle,
gss_cred_id_t *deleg_cred_handle)
{
- OM_uint32 major, minor;
- gss_buffer_desc token = GSS_C_EMPTY_BUFFER, tmp = GSS_C_EMPTY_BUFFER;
+ OM_uint32 major, minor, flags;
gss_name_t source_name = GSS_C_NO_NAME, target_name = GSS_C_NO_NAME;
- gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
- gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
- OM_uint32 time_rec;
+ gss_ctx_id_t initiator_context, acceptor_context;
gss_OID mech = GSS_C_NO_OID;
*deleg_cred_handle = GSS_C_NO_CREDENTIAL;
@@ -109,33 +106,20 @@ init_accept_sec_context(gss_cred_id_t claimant_cred_handle,
mech = use_spnego ? &mech_spnego : &mech_krb5;
display_oid("Target mech", mech);
- major = gss_init_sec_context(&minor, claimant_cred_handle,
- &initiator_context, target_name, mech,
- GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
- GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
- GSS_C_NO_BUFFER, NULL, &token, NULL,
- &time_rec);
- check_gsserr("gss_init_sec_context", major, minor);
-
- (void)gss_release_name(&minor, &target_name);
- (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
-
- mech = GSS_C_NO_OID;
- major = gss_accept_sec_context(&minor, &acceptor_context,
- verifier_cred_handle, &token,
- GSS_C_NO_CHANNEL_BINDINGS, &source_name,
- &mech, &tmp, NULL, &time_rec,
- deleg_cred_handle);
- check_gsserr("gss_accept_sec_context", major, minor);
+ flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+ establish_contexts(mech, claimant_cred_handle, verifier_cred_handle,
+ target_name, flags, &initiator_context,
+ &acceptor_context, &source_name, &mech,
+ deleg_cred_handle);
display_canon_name("Source name", source_name, &mech_krb5);
display_oid("Source mech", mech);
enumerate_attributes(source_name, 1);
(void)gss_release_name(&minor, &source_name);
+ (void)gss_release_name(&minor, &target_name);
+ (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
(void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
- (void)gss_release_buffer(&minor, &token);
- (void)gss_release_buffer(&minor, &tmp);
}
static void
diff --git a/src/tests/gssapi/t_s4u2proxy_krb5.c b/src/tests/gssapi/t_s4u2proxy_krb5.c
index 6108715..3ad1086 100644
--- a/src/tests/gssapi/t_s4u2proxy_krb5.c
+++ b/src/tests/gssapi/t_s4u2proxy_krb5.c
@@ -54,16 +54,15 @@ main(int argc, char *argv[])
krb5_boolean use_spnego = FALSE;
krb5_ccache storage_ccache = NULL;
krb5_principal client_princ = NULL;
- OM_uint32 minor, major;
- gss_buffer_desc buf = GSS_C_EMPTY_BUFFER, token = GSS_C_EMPTY_BUFFER;
+ OM_uint32 minor, major, flags;
+ gss_buffer_desc buf = GSS_C_EMPTY_BUFFER;
gss_OID mech;
gss_OID_set mechs;
gss_name_t acceptor_name = GSS_C_NO_NAME, client_name = GSS_C_NO_NAME;
gss_name_t service1_name = GSS_C_NO_NAME, service2_name = GSS_C_NO_NAME;
gss_cred_id_t service1_cred = GSS_C_NO_CREDENTIAL;
gss_cred_id_t deleg_cred = GSS_C_NO_CREDENTIAL;
- gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
- gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
+ gss_ctx_id_t initiator_context, acceptor_context;
/* Parse arguments. */
if (argc >= 2 && strcmp(argv[1], "--spnego") == 0) {
@@ -95,26 +94,14 @@ main(int argc, char *argv[])
mechs, GSS_C_BOTH, &service1_cred, NULL, NULL);
check_gsserr("gss_acquire_cred(service1)", major, minor);
- /* Create initiator context and get the first token, using the client
- * ccache. */
+ /* Establish contexts using the client ccache. */
service1_name = import_name(service1);
major = gss_krb5_ccache_name(&minor, client_ccname, NULL);
check_gsserr("gss_krb5_ccache_name(1)", major, minor);
- major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL,
- &initiator_context, service1_name, mech,
- GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
- GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
- GSS_C_NO_BUFFER, NULL, &token, NULL, NULL);
- if (GSS_ERROR(major))
- check_gsserr("gss_init_sec_context(1)", major, minor);
-
- /* Pass the token to gss_accept_sec_context. */
- major = gss_accept_sec_context(&minor, &acceptor_context,
- service1_cred, &token,
- GSS_C_NO_CHANNEL_BINDINGS, &client_name,
- NULL, &buf, NULL, NULL, &deleg_cred);
- check_gsserr("gss_accept_sec_context(1)", major, minor);
- (void)gss_release_buffer(&minor, &token);
+ flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+ establish_contexts(mech, GSS_C_NO_CREDENTIAL, service1_cred, service1_name,
+ flags, &initiator_context, &acceptor_context,
+ &client_name, NULL, &deleg_cred);
/* Display and remember the client principal. */
major = gss_display_name(&minor, client_name, &buf, NULL);
@@ -143,25 +130,13 @@ main(int argc, char *argv[])
(void)gss_delete_sec_context(&minor, &initiator_context, GSS_C_NO_BUFFER);
(void)gss_delete_sec_context(&minor, &acceptor_context, GSS_C_NO_BUFFER);
- /* Create initiator context and get the first token, using the storage
- * ccache. */
+ /* Establish contexts using the storage ccache. */
service2_name = import_name(service2);
major = gss_krb5_ccache_name(&minor, storage_ccname, NULL);
check_gsserr("gss_krb5_ccache_name(2)", major, minor);
- major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL,
- &initiator_context, service2_name, mech,
- GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
- GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
- GSS_C_NO_BUFFER, NULL, &token, NULL, NULL);
- check_gsserr("gss_init_sec_context(2)", major, minor);
-
- /* Pass the token to gss_accept_sec_context. */
- major = gss_accept_sec_context(&minor, &acceptor_context,
- GSS_C_NO_CREDENTIAL, &token,
- GSS_C_NO_CHANNEL_BINDINGS, &client_name,
- NULL, &buf, NULL, NULL, &deleg_cred);
- check_gsserr("gss_accept_sec_context(2)", major, minor);
- (void)gss_release_buffer(&minor, &token);
+ establish_contexts(mech, GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL,
+ service2_name, flags, &initiator_context,
+ &acceptor_context, &client_name, NULL, &deleg_cred);
major = gss_display_name(&minor, client_name, &buf, NULL);
check_gsserr("gss_display_name(2)", major, minor);
diff --git a/src/tests/gssapi/t_spnego.c b/src/tests/gssapi/t_spnego.c
index aee80d4..cbf720b 100644
--- a/src/tests/gssapi/t_spnego.c
+++ b/src/tests/gssapi/t_spnego.c
@@ -42,14 +42,12 @@
int
main(int argc, char *argv[])
{
- OM_uint32 minor, major;
+ OM_uint32 minor, major, flags;
gss_cred_id_t verifier_cred_handle = GSS_C_NO_CREDENTIAL;
gss_OID_set actual_mechs = GSS_C_NO_OID_SET;
gss_buffer_desc token = GSS_C_EMPTY_BUFFER, tmp = GSS_C_EMPTY_BUFFER;
- gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
- gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
+ gss_ctx_id_t initiator_context, acceptor_context;
gss_name_t target_name, source_name = GSS_C_NO_NAME;
- OM_uint32 time_rec;
gss_OID mech = GSS_C_NO_OID;
if (argc < 2 || argc > 3) {
@@ -74,24 +72,15 @@ main(int argc, char *argv[])
major = gss_set_neg_mechs(&minor, verifier_cred_handle, &mechset_krb5);
check_gsserr("gss_set_neg_mechs", major, minor);
- major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL,
- &initiator_context, target_name, &mech_spnego,
- GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
- GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
- GSS_C_NO_BUFFER, NULL, &token, NULL,
- &time_rec);
- check_gsserr("gss_init_sec_context", major, minor);
- (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
-
- major = gss_accept_sec_context(&minor, &acceptor_context,
- verifier_cred_handle, &token,
- GSS_C_NO_CHANNEL_BINDINGS, &source_name,
- &mech, &tmp, NULL, &time_rec, NULL);
- check_gsserr("gss_accept_sec_context", major, minor);
+ flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+ establish_contexts(&mech_spnego, GSS_C_NO_CREDENTIAL, verifier_cred_handle,
+ target_name, flags, &initiator_context,
+ &acceptor_context, &source_name, &mech, NULL);
display_canon_name("Source name", source_name, &mech_krb5);
display_oid("Source mech", mech);
+ (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
(void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
(void)gss_release_name(&minor, &source_name);
(void)gss_release_name(&minor, &target_name);
More information about the cvs-krb5
mailing list