krb5 commit: Factor out context establishment in GSS tests

Greg Hudson ghudson at MIT.EDU
Fri Sep 6 01:14:35 EDT 2013


https://github.com/krb5/krb5/commit/95f6a640573076b8e68051ed4f2447be767cd2ec
commit 95f6a640573076b8e68051ed4f2447be767cd2ec
Author: Greg Hudson <ghudson at mit.edu>
Date:   Thu Sep 5 13:34:44 2013 -0400

    Factor out context establishment in GSS tests
    
    Add a new helper to common.c which runs gss_init_sec_context and
    gss_accept_sec_context in a loop, and use it in test programs instead
    of the open-coded one-token or two-token exchanges.

 src/tests/gssapi/common.c           |   40 ++++++++++++++++++++++++++
 src/tests/gssapi/common.h           |    7 ++++
 src/tests/gssapi/t_accname.c        |   42 ++++++++-------------------
 src/tests/gssapi/t_ccselect.c       |   47 ++++++++----------------------
 src/tests/gssapi/t_enctypes.c       |   54 ++++++----------------------------
 src/tests/gssapi/t_export_cred.c    |   17 ++---------
 src/tests/gssapi/t_gssexts.c        |   29 ++++--------------
 src/tests/gssapi/t_imp_cred.c       |   30 ++++---------------
 src/tests/gssapi/t_namingexts.c     |   31 +++++---------------
 src/tests/gssapi/t_s4u.c            |   34 ++++++----------------
 src/tests/gssapi/t_s4u2proxy_krb5.c |   49 ++++++++------------------------
 src/tests/gssapi/t_spnego.c         |   25 ++++-----------
 12 files changed, 134 insertions(+), 271 deletions(-)

diff --git a/src/tests/gssapi/common.c b/src/tests/gssapi/common.c
index 5e8ffda..19a781a 100644
--- a/src/tests/gssapi/common.c
+++ b/src/tests/gssapi/common.c
@@ -109,6 +109,46 @@ import_name(const char *str)
 }
 
 void
+establish_contexts(gss_OID imech, gss_cred_id_t icred, gss_cred_id_t acred,
+                   gss_name_t tname, OM_uint32 flags, gss_ctx_id_t *ictx,
+                   gss_ctx_id_t *actx, gss_name_t *src_name, gss_OID *amech,
+                   gss_cred_id_t *deleg_cred)
+{
+    OM_uint32 minor, imaj, amaj;
+    gss_buffer_desc itok, atok;
+
+    *ictx = *actx = GSS_C_NO_CONTEXT;
+    imaj = amaj = GSS_S_CONTINUE_NEEDED;
+    itok.value = atok.value = NULL;
+    itok.length = atok.length = 0;
+    for (;;) {
+        (void)gss_release_buffer(&minor, &itok);
+        imaj = gss_init_sec_context(&minor, icred, ictx, tname, imech, flags,
+                                    GSS_C_INDEFINITE,
+                                    GSS_C_NO_CHANNEL_BINDINGS, &atok, NULL,
+                                    &itok, NULL, NULL);
+        check_gsserr("gss_init_sec_context", imaj, minor);
+        if (amaj == GSS_S_COMPLETE)
+            break;
+
+        (void)gss_release_buffer(&minor, &atok);
+        amaj = gss_accept_sec_context(&minor, actx, acred, &itok,
+                                      GSS_C_NO_CHANNEL_BINDINGS, src_name,
+                                      amech, &atok, NULL, NULL, deleg_cred);
+        check_gsserr("gss_accept_sec_context", amaj, minor);
+        (void)gss_release_buffer(&minor, &itok);
+        if (imaj == GSS_S_COMPLETE)
+            break;
+    }
+
+    if (imaj != GSS_S_COMPLETE || amaj != GSS_S_COMPLETE)
+        errout("One side wants to continue after the other is done");
+
+    (void)gss_release_buffer(&minor, &itok);
+    (void)gss_release_buffer(&minor, &atok);
+}
+
+void
 display_canon_name(const char *tag, gss_name_t name, gss_OID mech)
 {
     gss_name_t canon;
diff --git a/src/tests/gssapi/common.h b/src/tests/gssapi/common.h
index e2ca8b9..54c0d36 100644
--- a/src/tests/gssapi/common.h
+++ b/src/tests/gssapi/common.h
@@ -55,6 +55,13 @@ void errout(const char *msg);
  * 'p:principalname', or 'h:host at service' (or just 'h:service'). */
 gss_name_t import_name(const char *str);
 
+/* Establish contexts using gss_init_sec_context and gss_accept_sec_context. */
+void establish_contexts(gss_OID imech, gss_cred_id_t icred,
+                        gss_cred_id_t acred, gss_name_t tname, OM_uint32 flags,
+                        gss_ctx_id_t *ictx, gss_ctx_id_t *actx,
+                        gss_name_t *src_name, gss_OID *amech,
+                        gss_cred_id_t *deleg_cred);
+
 /* Display name as canonicalized to mech, preceded by tag. */
 void display_canon_name(const char *tag, gss_name_t name, gss_OID mech);
 
diff --git a/src/tests/gssapi/t_accname.c b/src/tests/gssapi/t_accname.c
index c857842..9f769ad 100644
--- a/src/tests/gssapi/t_accname.c
+++ b/src/tests/gssapi/t_accname.c
@@ -30,12 +30,11 @@
 
 /*
  * Test program for acceptor names, intended to be run from a Python test
- * script.  Performs a one-token gss_init_sec_context/gss_accept_sec_context
- * exchange with the default initiator name, a specified principal name as
- * target name, and a specified host-based name as acceptor name (or
- * GSS_C_NO_NAME if no acceptor name is given).  If the exchange is successful,
- * queries the context for the acceptor name and prints it.  If any call is
- * unsuccessful, displays an error message.  Exits with status 0 if all
+ * script.  Establishes contexts with the default initiator name, a specified
+ * principal name as target name, and a specified host-based name as acceptor
+ * name (or GSS_C_NO_NAME if no acceptor name is given).  If the exchange is
+ * successful, queries the context for the acceptor name and prints it.  If any
+ * call is unsuccessful, displays an error message.  Exits with status 0 if all
  * operations are successful, or 1 if not.
  *
  * Usage: ./t_accname targetname [acceptorname]
@@ -44,12 +43,11 @@
 int
 main(int argc, char *argv[])
 {
-    OM_uint32 minor, major;
+    OM_uint32 minor, major, flags;
     gss_cred_id_t acceptor_cred;
     gss_name_t target_name, acceptor_name = GSS_C_NO_NAME, real_acceptor_name;
-    gss_buffer_desc token, tmp, namebuf;
-    gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
-    gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
+    gss_buffer_desc namebuf;
+    gss_ctx_id_t initiator_context, acceptor_context;
 
     if (argc < 2 || argc > 3) {
         fprintf(stderr, "Usage: %s targetname [acceptorname]\n", argv[0]);
@@ -67,24 +65,10 @@ main(int argc, char *argv[])
                              &acceptor_cred, NULL, NULL);
     check_gsserr("gss_acquire_cred", major, minor);
 
-    /* Create krb5 initiator context and get the first token. */
-    token.value = NULL;
-    token.length = 0;
-    major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL,
-                                 &initiator_context, target_name,
-                                 (gss_OID)gss_mech_krb5,
-                                 GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
-                                 GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
-                                 GSS_C_NO_BUFFER, NULL, &token, NULL, NULL);
-    check_gsserr("gss_init_sec_context", major, minor);
-
-    /* Pass the token to gss_accept_sec_context. */
-    tmp.value = NULL;
-    tmp.length = 0;
-    major = gss_accept_sec_context(&minor, &acceptor_context, acceptor_cred,
-                                   &token, GSS_C_NO_CHANNEL_BINDINGS,
-                                   NULL, NULL, &tmp, NULL, NULL, NULL);
-    check_gsserr("gss_accept_sec_context", major, minor);
+    flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+    establish_contexts(&mech_krb5, GSS_C_NO_CREDENTIAL, acceptor_cred,
+                       target_name, flags, &initiator_context,
+                       &acceptor_context, NULL, NULL, NULL);
 
     major = gss_inquire_context(&minor, acceptor_context, NULL,
                                 &real_acceptor_name, NULL, NULL, NULL, NULL,
@@ -103,7 +87,5 @@ main(int argc, char *argv[])
     (void)gss_release_cred(&minor, &acceptor_cred);
     (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
     (void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
-    (void)gss_release_buffer(&minor, &token);
-    (void)gss_release_buffer(&minor, &tmp);
     return 0;
 }
diff --git a/src/tests/gssapi/t_ccselect.c b/src/tests/gssapi/t_ccselect.c
index 05b0a84..cc4f73a 100644
--- a/src/tests/gssapi/t_ccselect.c
+++ b/src/tests/gssapi/t_ccselect.c
@@ -32,27 +32,24 @@
 
 /*
  * Test program for client credential selection, intended to be run from a
- * Python test script.  Performs a one-token
- * gss_init_sec_context/gss_accept_sec_context exchange, optionally with a
- * specified principal as the initiator name, a specified principal name as
- * target name, the default acceptor cred.  If the exchange is successful,
- * prints the initiator name as seen by the acceptor.  If any call is
- * unsuccessful, displays an error message.  Exits with status 0 if all
- * operations are successful, or 1 if not.
+ * Python test script.  Establishes contexts with an optionally specified
+ * initiator name, a specified target name, and the default acceptor cred.  If
+ * the exchange is successful, prints the initiator name as seen by the
+ * acceptor.  If any call is unsuccessful, displays an error message.  Exits
+ * with status 0 if all operations are successful, or 1 if not.
  *
- * Usage: ./t_ccselect [targetprinc|gss:service at host] [initiatorprinc|-]
+ * Usage: ./t_ccselect targetname [initiatorname|-]
  */
 
 int
 main(int argc, char *argv[])
 {
-    OM_uint32 minor, major;
+    OM_uint32 minor, major, flags;
     gss_cred_id_t initiator_cred = GSS_C_NO_CREDENTIAL;
     gss_name_t target_name, initiator_name = GSS_C_NO_NAME;
     gss_name_t real_initiator_name;
-    gss_buffer_desc token, tmp, namebuf;
-    gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
-    gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
+    gss_buffer_desc namebuf;
+    gss_ctx_id_t initiator_context, acceptor_context;
 
     if (argc < 2 || argc > 3) {
         fprintf(stderr, "Usage: %s targetname [initiatorname|-]\n", argv[0]);
@@ -71,26 +68,10 @@ main(int argc, char *argv[])
         check_gsserr("gss_acquire_cred", major, minor);
     }
 
-
-    /* Create krb5 initiator context and get the first token. */
-    token.value = NULL;
-    token.length = 0;
-    major = gss_init_sec_context(&minor, initiator_cred, &initiator_context,
-                                 target_name, (gss_OID)gss_mech_krb5,
-                                 GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
-                                 GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
-                                 GSS_C_NO_BUFFER, NULL, &token, NULL, NULL);
-    check_gsserr("gss_init_sec_context", major, minor);
-
-    /* Pass the token to gss_accept_sec_context. */
-    tmp.value = NULL;
-    tmp.length = 0;
-    major = gss_accept_sec_context(&minor, &acceptor_context,
-                                   GSS_C_NO_CREDENTIAL, &token,
-                                   GSS_C_NO_CHANNEL_BINDINGS,
-                                   &real_initiator_name, NULL, &tmp,
-                                   NULL, NULL, NULL);
-    check_gsserr("gss_accept_sec_context", major, minor);
+    flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+    establish_contexts(&mech_krb5, initiator_cred, GSS_C_NO_CREDENTIAL,
+                       target_name, flags, &initiator_context,
+                       &acceptor_context, &real_initiator_name, NULL, NULL);
 
     namebuf.value = NULL;
     namebuf.length = 0;
@@ -104,8 +85,6 @@ main(int argc, char *argv[])
     (void)gss_release_cred(&minor, &initiator_cred);
     (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
     (void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
-    (void)gss_release_buffer(&minor, &token);
-    (void)gss_release_buffer(&minor, &tmp);
     (void)gss_release_buffer(&minor, &namebuf);
     return 0;
 }
diff --git a/src/tests/gssapi/t_enctypes.c b/src/tests/gssapi/t_enctypes.c
index c1e02fa..79a732a 100644
--- a/src/tests/gssapi/t_enctypes.c
+++ b/src/tests/gssapi/t_enctypes.c
@@ -38,14 +38,13 @@
 #include "common.h"
 
 /*
- * This test program performs a gss_init_sec_context/gss_accept_sec_context
- * exchange with the krb5 mech, the default initiator name, a specified
- * principal name as target name, and the default acceptor name.  Before the
- * exchange, gss_set_allowable_enctypes is called for the initiator and the
- * acceptor cred if requested.  If the exchange is successful, the resulting
- * contexts are exported with gss_krb5_export_lucid_sec_context, checked for
- * mismatches, and the GSS protocol and keys are displayed.  Exits with status
- * 0 if all operations are successful, or 1 if not.
+ * This test program establishes contexts with the krb5 mech, the default
+ * initiator name, a specified target name, and the default acceptor name.
+ * Before the exchange, gss_set_allowable_enctypes is called for the initiator
+ * and the acceptor cred if requested.  If the exchange is successful, the
+ * resulting contexts are exported with gss_krb5_export_lucid_sec_context,
+ * checked for mismatches, and the GSS protocol and keys are displayed.  Exits
+ * with status 0 if all operations are successful, or 1 if not.
  *
  * Usage: ./t_enctypes [-i initenctypes] [-a accenctypes] targetname
  */
@@ -87,8 +86,7 @@ main(int argc, char *argv[])
     OM_uint32 minor, major, flags;
     gss_name_t tname;
     gss_cred_id_t icred = GSS_C_NO_CREDENTIAL, acred = GSS_C_NO_CREDENTIAL;
-    gss_ctx_id_t ictx = GSS_C_NO_CONTEXT, actx = GSS_C_NO_CONTEXT;
-    gss_buffer_desc itok, atok, tmp;
+    gss_ctx_id_t ictx, actx;
     gss_krb5_lucid_context_v1_t *ilucid, *alucid;
     gss_krb5_rfc1964_keydata_t *i1964, *a1964;
     gss_krb5_cfx_keydata_t *icfx, *acfx;
@@ -141,38 +139,9 @@ main(int argc, char *argv[])
         check_gsserr("gss_krb5_set_allowable_enctypes(acc)", major, minor);
     }
 
-    /* Create initiator context and get the first token. */
-    itok.value = NULL;
-    itok.length = 0;
     flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_MUTUAL_FLAG;
-    major = gss_init_sec_context(&minor, icred, &ictx, tname, &mech_krb5,
-                                 flags, GSS_C_INDEFINITE,
-                                 GSS_C_NO_CHANNEL_BINDINGS, GSS_C_NO_BUFFER,
-                                 NULL, &itok, NULL, NULL);
-    check_gsserr("gss_init_sec_context(1)", major, minor);
-    if (major != GSS_S_CONTINUE_NEEDED)
-        errout("gss_init_sec_context(1) unexpected complete");
-
-    /* Pass the initiator token to gss_accept_sec_context. */
-    atok.value = NULL;
-    atok.length = 0;
-    major = gss_accept_sec_context(&minor, &actx, acred, &itok,
-                                   GSS_C_NO_CHANNEL_BINDINGS, NULL, NULL,
-                                   &atok, NULL, NULL, NULL);
-    check_gsserr("gss_accept_sec_context", major, minor);
-    if (major != GSS_S_COMPLETE)
-        errout("gss_accept_sec_context unexpected continue");
-
-    /* Pass the return token to gss_init_sec_context again. */
-    tmp.value = NULL;
-    tmp.length = 0;
-    major = gss_init_sec_context(&minor, icred, &ictx, tname, &mech_krb5,
-                                 flags, GSS_C_INDEFINITE,
-                                 GSS_C_NO_CHANNEL_BINDINGS, &atok, NULL, &tmp,
-                                 NULL, NULL);
-    check_gsserr("gss_init_sec_context(2)", major, minor);
-    if (major != GSS_S_COMPLETE)
-        errout("gss_init_sec_context(2) unexpected continue");
+    establish_contexts(&mech_krb5, icred, acred, tname, flags, &ictx, &actx,
+                       NULL, NULL, NULL);
 
     /* Export to lucid contexts. */
     major = gss_krb5_export_lucid_sec_context(&minor, &ictx, 1, &lptr);
@@ -220,9 +189,6 @@ main(int argc, char *argv[])
     (void)gss_release_cred(&minor, &acred);
     (void)gss_delete_sec_context(&minor, &ictx, NULL);
     (void)gss_delete_sec_context(&minor, &actx, NULL);
-    (void)gss_release_buffer(&minor, &itok);
-    (void)gss_release_buffer(&minor, &atok);
-    (void)gss_release_buffer(&minor, &tmp);
     (void)gss_krb5_free_lucid_sec_context(&minor, ilucid);
     (void)gss_krb5_free_lucid_sec_context(&minor, alucid);
     return 0;
diff --git a/src/tests/gssapi/t_export_cred.c b/src/tests/gssapi/t_export_cred.c
index 6f62eed..5214cd5 100644
--- a/src/tests/gssapi/t_export_cred.c
+++ b/src/tests/gssapi/t_export_cred.c
@@ -64,7 +64,6 @@ main(int argc, char *argv[])
     gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
     gss_OID mech = GSS_C_NO_OID;
     gss_OID_set mechs = GSS_C_NO_OID_SET;
-    gss_buffer_desc token, tmp;
     char optchar;
 
     /* Parse arguments. */
@@ -110,17 +109,9 @@ main(int argc, char *argv[])
      * delegating credentials. */
     flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG |
         GSS_C_INTEG_FLAG | GSS_C_DELEG_FLAG;
-    major = gss_init_sec_context(&minor, initiator_cred, &initiator_context,
-                                 target_name, mech, flags, GSS_C_INDEFINITE,
-                                 GSS_C_NO_CHANNEL_BINDINGS, GSS_C_NO_BUFFER,
-                                 NULL, &token, NULL, NULL);
-    check_gsserr("gss_init_sec_context", major, minor);
-
-    major = gss_accept_sec_context(&minor, &acceptor_context, acceptor_cred,
-                                   &token, GSS_C_NO_CHANNEL_BINDINGS,
-                                   NULL, NULL, &tmp, NULL, NULL,
-                                   &delegated_cred);
-    check_gsserr("gss_accept_sec_context", major, minor);
+    establish_contexts(mech, initiator_cred, acceptor_cred, target_name, flags,
+                       &initiator_context, &acceptor_context, NULL, NULL,
+                       &delegated_cred);
 
     /* Import, release, export, and store delegated creds */
     export_import_cred(&delegated_cred);
@@ -136,7 +127,5 @@ main(int argc, char *argv[])
     (void)gss_release_cred(&minor, &delegated_cred);
     (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
     (void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
-    (void)gss_release_buffer(&minor, &token);
-    (void)gss_release_buffer(&minor, &tmp);
     return 0;
 }
diff --git a/src/tests/gssapi/t_gssexts.c b/src/tests/gssapi/t_gssexts.c
index d008c08..41d62b9 100644
--- a/src/tests/gssapi/t_gssexts.c
+++ b/src/tests/gssapi/t_gssexts.c
@@ -110,12 +110,9 @@ init_accept_sec_context(gss_cred_id_t claimant_cred_handle,
                         gss_cred_id_t verifier_cred_handle,
                         gss_cred_id_t *deleg_cred_handle)
 {
-    OM_uint32 major, minor;
-    gss_buffer_desc token = GSS_C_EMPTY_BUFFER, tmp = GSS_C_EMPTY_BUFFER;
+    OM_uint32 major, minor, flags;
     gss_name_t source_name = GSS_C_NO_NAME, target_name = GSS_C_NO_NAME;
-    gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
-    gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
-    OM_uint32 time_rec;
+    gss_ctx_id_t initiator_context, acceptor_context;
     gss_OID mech;
 
     *deleg_cred_handle = GSS_C_NO_CREDENTIAL;
@@ -128,21 +125,11 @@ init_accept_sec_context(gss_cred_id_t claimant_cred_handle,
     mech = use_spnego ? &mech_spnego : &mech_krb5;
     display_oid("Target mech", mech);
 
-    major = gss_init_sec_context(&minor, claimant_cred_handle,
-                                 &initiator_context, target_name, mech,
-                                 GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
-                                 GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
-                                 GSS_C_NO_BUFFER, NULL, &token, NULL,
-                                 &time_rec);
-    (void)gss_release_name(&minor, &target_name);
-    check_gsserr("gss_init_sec_context", major, minor);
-
-    major = gss_accept_sec_context(&minor, &acceptor_context,
-                                   verifier_cred_handle, &token,
-                                   GSS_C_NO_CHANNEL_BINDINGS, &source_name,
-                                   NULL, &tmp, NULL, &time_rec,
-                                   deleg_cred_handle);
-    check_gsserr("gss_accept_sec_context", major, minor);
+    flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+    establish_contexts(mech, claimant_cred_handle, verifier_cred_handle,
+                       target_name, flags, &initiator_context,
+                       &acceptor_context, &source_name, NULL,
+                       deleg_cred_handle);
 
     test_prf(initiator_context, acceptor_context, GSS_C_PRF_KEY_FULL);
     test_prf(initiator_context, acceptor_context, GSS_C_PRF_KEY_PARTIAL);
@@ -150,8 +137,6 @@ init_accept_sec_context(gss_cred_id_t claimant_cred_handle,
     (void)gss_release_name(&minor, &source_name);
     (void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
     (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
-    (void)gss_release_buffer(&minor, &token);
-    (void)gss_release_buffer(&minor, &tmp);
 }
 
 static void
diff --git a/src/tests/gssapi/t_imp_cred.c b/src/tests/gssapi/t_imp_cred.c
index 8e00dae..a2aa5fb 100644
--- a/src/tests/gssapi/t_imp_cred.c
+++ b/src/tests/gssapi/t_imp_cred.c
@@ -45,11 +45,9 @@
 int
 main(int argc, char *argv[])
 {
-    OM_uint32 minor, major;
+    OM_uint32 minor, major, flags;
     gss_cred_id_t initiator_cred, acceptor_cred;
-    gss_buffer_desc token, tmp;
-    gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
-    gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
+    gss_ctx_id_t initiator_context, acceptor_context;
     gss_name_t target_name;
     krb5_context context = NULL;
     krb5_ccache cc;
@@ -85,24 +83,10 @@ main(int argc, char *argv[])
     major = gss_krb5_import_cred(&minor, NULL, princ, kt, &acceptor_cred);
     check_gsserr("gss_krb5_import_cred (acceptor)", major, minor);
 
-    /* Create krb5 initiator context and get the first token. */
-    token.value = NULL;
-    token.length = 0;
-    major = gss_init_sec_context(&minor, initiator_cred,
-                                 &initiator_context, target_name,
-                                 (gss_OID)gss_mech_krb5,
-                                 GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
-                                 GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
-                                 GSS_C_NO_BUFFER, NULL, &token, NULL, NULL);
-    check_gsserr("gss_init_sec_context", major, minor);
-
-    /* Pass the token to gss_accept_sec_context. */
-    tmp.value = NULL;
-    tmp.length = 0;
-    major = gss_accept_sec_context(&minor, &acceptor_context, acceptor_cred,
-                                   &token, GSS_C_NO_CHANNEL_BINDINGS,
-                                   NULL, NULL, &tmp, NULL, NULL, NULL);
-    check_gsserr("gss_accept_sec_context", major, minor);
+    flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+    establish_contexts(&mech_krb5, initiator_cred, acceptor_cred, target_name,
+                       flags, &initiator_context, &acceptor_context, NULL,
+                       NULL, NULL);
 
     krb5_cc_close(context, cc);
     krb5_kt_close(context, kt);
@@ -113,7 +97,5 @@ main(int argc, char *argv[])
     (void)gss_release_cred(&minor, &acceptor_cred);
     (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
     (void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
-    (void)gss_release_buffer(&minor, &token);
-    (void)gss_release_buffer(&minor, &tmp);
     return 0;
 }
diff --git a/src/tests/gssapi/t_namingexts.c b/src/tests/gssapi/t_namingexts.c
index 7d06f33..c7bfe3e 100644
--- a/src/tests/gssapi/t_namingexts.c
+++ b/src/tests/gssapi/t_namingexts.c
@@ -125,13 +125,10 @@ test_map_name_to_any(gss_name_t name)
 static void
 init_accept_sec_context(gss_cred_id_t verifier_cred_handle)
 {
-    OM_uint32 major, minor;
-    gss_buffer_desc token = GSS_C_EMPTY_BUFFER, tmp = GSS_C_EMPTY_BUFFER;
+    OM_uint32 major, minor, flags;
     gss_name_t source_name = GSS_C_NO_NAME, target_name = GSS_C_NO_NAME;
-    gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
-    gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
+    gss_ctx_id_t initiator_context, acceptor_context;
     gss_OID mech = use_spnego ? &mech_spnego : &mech_krb5;
-    OM_uint32 time_rec;
 
     major = gss_inquire_cred(&minor, verifier_cred_handle, &target_name, NULL,
                              NULL, NULL);
@@ -139,22 +136,10 @@ init_accept_sec_context(gss_cred_id_t verifier_cred_handle)
 
     display_canon_name("Target name", target_name, &mech_krb5);
 
-    major = gss_init_sec_context(&minor, verifier_cred_handle,
-                                 &initiator_context, target_name, mech,
-                                 GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
-                                 GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
-                                 GSS_C_NO_BUFFER, NULL, &token, NULL,
-                                 &time_rec);
-    check_gsserr("gss_init_sec_context", major, minor);
-
-    (void)gss_release_name(&minor, &target_name);
-    (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
-
-    major = gss_accept_sec_context(&minor, &acceptor_context,
-                                   verifier_cred_handle, &token,
-                                   GSS_C_NO_CHANNEL_BINDINGS, &source_name,
-                                   NULL, &tmp, NULL, &time_rec, NULL);
-    check_gsserr("gss_accept_sec_context", major, minor);
+    flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+    establish_contexts(mech, verifier_cred_handle, verifier_cred_handle,
+                       target_name, flags, &initiator_context,
+                       &acceptor_context, &source_name, NULL, NULL);
 
     display_canon_name("Source name", source_name, &mech_krb5);
     enumerate_attributes(source_name, 1);
@@ -162,9 +147,9 @@ init_accept_sec_context(gss_cred_id_t verifier_cred_handle)
     test_map_name_to_any(source_name);
 
     (void)gss_release_name(&minor, &source_name);
+    (void)gss_release_name(&minor, &target_name);
+    (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
     (void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
-    (void)gss_release_buffer(&minor, &token);
-    (void)gss_release_buffer(&minor, &tmp);
 }
 
 int
diff --git a/src/tests/gssapi/t_s4u.c b/src/tests/gssapi/t_s4u.c
index 62b9735..c33560f 100644
--- a/src/tests/gssapi/t_s4u.c
+++ b/src/tests/gssapi/t_s4u.c
@@ -90,12 +90,9 @@ init_accept_sec_context(gss_cred_id_t claimant_cred_handle,
                         gss_cred_id_t verifier_cred_handle,
                         gss_cred_id_t *deleg_cred_handle)
 {
-    OM_uint32 major, minor;
-    gss_buffer_desc token = GSS_C_EMPTY_BUFFER, tmp = GSS_C_EMPTY_BUFFER;
+    OM_uint32 major, minor, flags;
     gss_name_t source_name = GSS_C_NO_NAME, target_name = GSS_C_NO_NAME;
-    gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
-    gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
-    OM_uint32 time_rec;
+    gss_ctx_id_t initiator_context, acceptor_context;
     gss_OID mech = GSS_C_NO_OID;
 
     *deleg_cred_handle = GSS_C_NO_CREDENTIAL;
@@ -109,33 +106,20 @@ init_accept_sec_context(gss_cred_id_t claimant_cred_handle,
     mech = use_spnego ? &mech_spnego : &mech_krb5;
     display_oid("Target mech", mech);
 
-    major = gss_init_sec_context(&minor, claimant_cred_handle,
-                                 &initiator_context, target_name, mech,
-                                 GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
-                                 GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
-                                 GSS_C_NO_BUFFER, NULL, &token, NULL,
-                                 &time_rec);
-    check_gsserr("gss_init_sec_context", major, minor);
-
-    (void)gss_release_name(&minor, &target_name);
-    (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
-
-    mech = GSS_C_NO_OID;
-    major = gss_accept_sec_context(&minor, &acceptor_context,
-                                   verifier_cred_handle, &token,
-                                   GSS_C_NO_CHANNEL_BINDINGS, &source_name,
-                                   &mech, &tmp, NULL, &time_rec,
-                                   deleg_cred_handle);
-    check_gsserr("gss_accept_sec_context", major, minor);
+    flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+    establish_contexts(mech, claimant_cred_handle, verifier_cred_handle,
+                       target_name, flags, &initiator_context,
+                       &acceptor_context, &source_name, &mech,
+                       deleg_cred_handle);
 
     display_canon_name("Source name", source_name, &mech_krb5);
     display_oid("Source mech", mech);
     enumerate_attributes(source_name, 1);
 
     (void)gss_release_name(&minor, &source_name);
+    (void)gss_release_name(&minor, &target_name);
+    (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
     (void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
-    (void)gss_release_buffer(&minor, &token);
-    (void)gss_release_buffer(&minor, &tmp);
 }
 
 static void
diff --git a/src/tests/gssapi/t_s4u2proxy_krb5.c b/src/tests/gssapi/t_s4u2proxy_krb5.c
index 6108715..3ad1086 100644
--- a/src/tests/gssapi/t_s4u2proxy_krb5.c
+++ b/src/tests/gssapi/t_s4u2proxy_krb5.c
@@ -54,16 +54,15 @@ main(int argc, char *argv[])
     krb5_boolean use_spnego = FALSE;
     krb5_ccache storage_ccache = NULL;
     krb5_principal client_princ = NULL;
-    OM_uint32 minor, major;
-    gss_buffer_desc buf = GSS_C_EMPTY_BUFFER, token = GSS_C_EMPTY_BUFFER;
+    OM_uint32 minor, major, flags;
+    gss_buffer_desc buf = GSS_C_EMPTY_BUFFER;
     gss_OID mech;
     gss_OID_set mechs;
     gss_name_t acceptor_name = GSS_C_NO_NAME, client_name = GSS_C_NO_NAME;
     gss_name_t service1_name = GSS_C_NO_NAME, service2_name = GSS_C_NO_NAME;
     gss_cred_id_t service1_cred = GSS_C_NO_CREDENTIAL;
     gss_cred_id_t deleg_cred = GSS_C_NO_CREDENTIAL;
-    gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
-    gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
+    gss_ctx_id_t initiator_context, acceptor_context;
 
     /* Parse arguments. */
     if (argc >= 2 && strcmp(argv[1], "--spnego") == 0) {
@@ -95,26 +94,14 @@ main(int argc, char *argv[])
                              mechs, GSS_C_BOTH, &service1_cred, NULL, NULL);
     check_gsserr("gss_acquire_cred(service1)", major, minor);
 
-    /* Create initiator context and get the first token, using the client
-     * ccache. */
+    /* Establish contexts using the client ccache. */
     service1_name = import_name(service1);
     major = gss_krb5_ccache_name(&minor, client_ccname, NULL);
     check_gsserr("gss_krb5_ccache_name(1)", major, minor);
-    major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL,
-                                 &initiator_context, service1_name, mech,
-                                 GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
-                                 GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
-                                 GSS_C_NO_BUFFER, NULL, &token, NULL, NULL);
-    if (GSS_ERROR(major))
-        check_gsserr("gss_init_sec_context(1)", major, minor);
-
-    /* Pass the token to gss_accept_sec_context. */
-    major = gss_accept_sec_context(&minor, &acceptor_context,
-                                   service1_cred, &token,
-                                   GSS_C_NO_CHANNEL_BINDINGS, &client_name,
-                                   NULL, &buf, NULL, NULL, &deleg_cred);
-    check_gsserr("gss_accept_sec_context(1)", major, minor);
-    (void)gss_release_buffer(&minor, &token);
+    flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+    establish_contexts(mech, GSS_C_NO_CREDENTIAL, service1_cred, service1_name,
+                       flags, &initiator_context, &acceptor_context,
+                       &client_name, NULL, &deleg_cred);
 
     /* Display and remember the client principal. */
     major = gss_display_name(&minor, client_name, &buf, NULL);
@@ -143,25 +130,13 @@ main(int argc, char *argv[])
     (void)gss_delete_sec_context(&minor, &initiator_context, GSS_C_NO_BUFFER);
     (void)gss_delete_sec_context(&minor, &acceptor_context, GSS_C_NO_BUFFER);
 
-    /* Create initiator context and get the first token, using the storage
-     * ccache. */
+    /* Establish contexts using the storage ccache. */
     service2_name = import_name(service2);
     major = gss_krb5_ccache_name(&minor, storage_ccname, NULL);
     check_gsserr("gss_krb5_ccache_name(2)", major, minor);
-    major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL,
-                                 &initiator_context, service2_name, mech,
-                                 GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
-                                 GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
-                                 GSS_C_NO_BUFFER, NULL, &token, NULL, NULL);
-    check_gsserr("gss_init_sec_context(2)", major, minor);
-
-    /* Pass the token to gss_accept_sec_context. */
-    major = gss_accept_sec_context(&minor, &acceptor_context,
-                                   GSS_C_NO_CREDENTIAL, &token,
-                                   GSS_C_NO_CHANNEL_BINDINGS, &client_name,
-                                   NULL, &buf, NULL, NULL, &deleg_cred);
-    check_gsserr("gss_accept_sec_context(2)", major, minor);
-    (void)gss_release_buffer(&minor, &token);
+    establish_contexts(mech, GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL,
+                       service2_name, flags, &initiator_context,
+                       &acceptor_context, &client_name, NULL, &deleg_cred);
 
     major = gss_display_name(&minor, client_name, &buf, NULL);
     check_gsserr("gss_display_name(2)", major, minor);
diff --git a/src/tests/gssapi/t_spnego.c b/src/tests/gssapi/t_spnego.c
index aee80d4..cbf720b 100644
--- a/src/tests/gssapi/t_spnego.c
+++ b/src/tests/gssapi/t_spnego.c
@@ -42,14 +42,12 @@
 int
 main(int argc, char *argv[])
 {
-    OM_uint32 minor, major;
+    OM_uint32 minor, major, flags;
     gss_cred_id_t verifier_cred_handle = GSS_C_NO_CREDENTIAL;
     gss_OID_set actual_mechs = GSS_C_NO_OID_SET;
     gss_buffer_desc token = GSS_C_EMPTY_BUFFER, tmp = GSS_C_EMPTY_BUFFER;
-    gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
-    gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
+    gss_ctx_id_t initiator_context, acceptor_context;
     gss_name_t target_name, source_name = GSS_C_NO_NAME;
-    OM_uint32 time_rec;
     gss_OID mech = GSS_C_NO_OID;
 
     if (argc < 2 || argc > 3) {
@@ -74,24 +72,15 @@ main(int argc, char *argv[])
     major = gss_set_neg_mechs(&minor, verifier_cred_handle, &mechset_krb5);
     check_gsserr("gss_set_neg_mechs", major, minor);
 
-    major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL,
-                                 &initiator_context, target_name, &mech_spnego,
-                                 GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
-                                 GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
-                                 GSS_C_NO_BUFFER, NULL, &token, NULL,
-                                 &time_rec);
-    check_gsserr("gss_init_sec_context", major, minor);
-    (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
-
-    major = gss_accept_sec_context(&minor, &acceptor_context,
-                                   verifier_cred_handle, &token,
-                                   GSS_C_NO_CHANNEL_BINDINGS, &source_name,
-                                   &mech, &tmp, NULL, &time_rec, NULL);
-    check_gsserr("gss_accept_sec_context", major, minor);
+    flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+    establish_contexts(&mech_spnego, GSS_C_NO_CREDENTIAL, verifier_cred_handle,
+                       target_name, flags, &initiator_context,
+                       &acceptor_context, &source_name, &mech, NULL);
 
     display_canon_name("Source name", source_name, &mech_krb5);
     display_oid("Source mech", mech);
 
+    (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
     (void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
     (void)gss_release_name(&minor, &source_name);
     (void)gss_release_name(&minor, &target_name);


More information about the cvs-krb5 mailing list