1 files changed, 30 insertions, 1 deletions

diff --git a/src/tests/gssapi/t_credstore.c b/src/tests/gssapi/t_credstore.c
index 575f96d340..e28f5d0816 100644
--- a/src/tests/gssapi/t_credstore.c
+++ b/src/tests/gssapi/t_credstore.c
@@ -46,7 +46,9 @@ main(int argc, char *argv[])
     gss_cred_usage_t cred_usage = GSS_C_BOTH;
     gss_OID_set mechs = GSS_C_NO_OID_SET;
     gss_cred_id_t cred = GSS_C_NO_CREDENTIAL;
-    krb5_boolean store_creds = FALSE;
+    gss_ctx_id_t ictx = GSS_C_NO_CONTEXT, actx = GSS_C_NO_CONTEXT;
+    gss_buffer_desc itok, atok;
+    krb5_boolean store_creds = FALSE, replay = FALSE;
     char opt;
 
     /* Parse options. */
@@ -54,6 +56,8 @@ main(int argc, char *argv[])
         opt = (*argv)[1];
         if (opt == 's')
             store_creds = TRUE;
+        else if (opt == 'r')
+            replay = TRUE;
         else if (opt == 'a')
             cred_usage = GSS_C_ACCEPT;
         else if (opt == 'b')
@@ -101,6 +105,31 @@ main(int argc, char *argv[])
                                   &store, &cred, NULL, NULL);
     check_gsserr("gss_acquire_cred_from", major, minor);
 
+    if (replay) {
+        /* Induce a replay using cred as the acceptor cred, to test the replay
+         * cache indicated by the store. */
+        major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL, &ictx, name,
+                                     &mech_krb5, 0, GSS_C_INDEFINITE,
+                                     GSS_C_NO_CHANNEL_BINDINGS,
+                                     GSS_C_NO_BUFFER, NULL, &itok, NULL, NULL);
+        check_gsserr("gss_init_sec_context", major, minor);
+        (void)gss_delete_sec_context(&minor, &ictx, NULL);
+
+        major = gss_accept_sec_context(&minor, &actx, cred, &itok,
+                                       GSS_C_NO_CHANNEL_BINDINGS, NULL, NULL,
+                                       &atok, NULL, NULL, NULL);
+        check_gsserr("gss_accept_sec_context(1)", major, minor);
+        (void)gss_release_buffer(&minor, &atok);
+        (void)gss_delete_sec_context(&minor, &actx, NULL);
+
+        major = gss_accept_sec_context(&minor, &actx, cred, &itok,
+                                       GSS_C_NO_CHANNEL_BINDINGS, NULL, NULL,
+                                       &atok, NULL, NULL, NULL);
+        check_gsserr("gss_accept_sec_context(2)", major, minor);
+        (void)gss_release_buffer(&minor, &atok);
+        (void)gss_delete_sec_context(&minor, &actx, NULL);
+    }
+
     gss_release_name(&minor, &name);
     gss_release_cred(&minor, &cred);
     free(store.elements);