diff options
| author | Greg Hudson <ghudson@mit.edu> | 2013-09-05 13:34:44 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2013-09-06 01:03:01 -0400 |
| commit | 95f6a640573076b8e68051ed4f2447be767cd2ec (patch) | |
| tree | f21e91b21d22731cb60e5dc4d7dde86db37230d5 /src | |
| parent | 60edb321af64081e3eb597da0256faf117c9c441 (diff) | |
| download | krb5-95f6a640573076b8e68051ed4f2447be767cd2ec.tar.gz krb5-95f6a640573076b8e68051ed4f2447be767cd2ec.tar.xz krb5-95f6a640573076b8e68051ed4f2447be767cd2ec.zip | |
Factor out context establishment in GSS tests
Add a new helper to common.c which runs gss_init_sec_context and
gss_accept_sec_context in a loop, and use it in test programs instead
of the open-coded one-token or two-token exchanges.
Diffstat (limited to 'src')
| -rw-r--r-- | src/tests/gssapi/common.c | 40 | ||||
| -rw-r--r-- | src/tests/gssapi/common.h | 7 | ||||
| -rw-r--r-- | src/tests/gssapi/t_accname.c | 42 | ||||
| -rw-r--r-- | src/tests/gssapi/t_ccselect.c | 47 | ||||
| -rw-r--r-- | src/tests/gssapi/t_enctypes.c | 54 | ||||
| -rw-r--r-- | src/tests/gssapi/t_export_cred.c | 17 | ||||
| -rw-r--r-- | src/tests/gssapi/t_gssexts.c | 29 | ||||
| -rw-r--r-- | src/tests/gssapi/t_imp_cred.c | 30 | ||||
| -rw-r--r-- | src/tests/gssapi/t_namingexts.c | 31 | ||||
| -rw-r--r-- | src/tests/gssapi/t_s4u.c | 34 | ||||
| -rw-r--r-- | src/tests/gssapi/t_s4u2proxy_krb5.c | 49 | ||||
| -rw-r--r-- | src/tests/gssapi/t_spnego.c | 25 |
12 files changed, 134 insertions, 271 deletions
diff --git a/src/tests/gssapi/common.c b/src/tests/gssapi/common.c index 5e8ffda8c..19a781a5e 100644 --- a/src/tests/gssapi/common.c +++ b/src/tests/gssapi/common.c @@ -109,6 +109,46 @@ import_name(const char *str) } void +establish_contexts(gss_OID imech, gss_cred_id_t icred, gss_cred_id_t acred, + gss_name_t tname, OM_uint32 flags, gss_ctx_id_t *ictx, + gss_ctx_id_t *actx, gss_name_t *src_name, gss_OID *amech, + gss_cred_id_t *deleg_cred) +{ + OM_uint32 minor, imaj, amaj; + gss_buffer_desc itok, atok; + + *ictx = *actx = GSS_C_NO_CONTEXT; + imaj = amaj = GSS_S_CONTINUE_NEEDED; + itok.value = atok.value = NULL; + itok.length = atok.length = 0; + for (;;) { + (void)gss_release_buffer(&minor, &itok); + imaj = gss_init_sec_context(&minor, icred, ictx, tname, imech, flags, + GSS_C_INDEFINITE, + GSS_C_NO_CHANNEL_BINDINGS, &atok, NULL, + &itok, NULL, NULL); + check_gsserr("gss_init_sec_context", imaj, minor); + if (amaj == GSS_S_COMPLETE) + break; + + (void)gss_release_buffer(&minor, &atok); + amaj = gss_accept_sec_context(&minor, actx, acred, &itok, + GSS_C_NO_CHANNEL_BINDINGS, src_name, + amech, &atok, NULL, NULL, deleg_cred); + check_gsserr("gss_accept_sec_context", amaj, minor); + (void)gss_release_buffer(&minor, &itok); + if (imaj == GSS_S_COMPLETE) + break; + } + + if (imaj != GSS_S_COMPLETE || amaj != GSS_S_COMPLETE) + errout("One side wants to continue after the other is done"); + + (void)gss_release_buffer(&minor, &itok); + (void)gss_release_buffer(&minor, &atok); +} + +void display_canon_name(const char *tag, gss_name_t name, gss_OID mech) { gss_name_t canon; diff --git a/src/tests/gssapi/common.h b/src/tests/gssapi/common.h index e2ca8b9e7..54c0d36b5 100644 --- a/src/tests/gssapi/common.h +++ b/src/tests/gssapi/common.h @@ -55,6 +55,13 @@ void errout(const char *msg); * 'p:principalname', or 'h:host@service' (or just 'h:service'). */ gss_name_t import_name(const char *str); +/* Establish contexts using gss_init_sec_context and gss_accept_sec_context. */ +void establish_contexts(gss_OID imech, gss_cred_id_t icred, + gss_cred_id_t acred, gss_name_t tname, OM_uint32 flags, + gss_ctx_id_t *ictx, gss_ctx_id_t *actx, + gss_name_t *src_name, gss_OID *amech, + gss_cred_id_t *deleg_cred); + /* Display name as canonicalized to mech, preceded by tag. */ void display_canon_name(const char *tag, gss_name_t name, gss_OID mech); diff --git a/src/tests/gssapi/t_accname.c b/src/tests/gssapi/t_accname.c index c85784232..9f769adc0 100644 --- a/src/tests/gssapi/t_accname.c +++ b/src/tests/gssapi/t_accname.c @@ -30,12 +30,11 @@ /* * Test program for acceptor names, intended to be run from a Python test - * script. Performs a one-token gss_init_sec_context/gss_accept_sec_context - * exchange with the default initiator name, a specified principal name as - * target name, and a specified host-based name as acceptor name (or - * GSS_C_NO_NAME if no acceptor name is given). If the exchange is successful, - * queries the context for the acceptor name and prints it. If any call is - * unsuccessful, displays an error message. Exits with status 0 if all + * script. Establishes contexts with the default initiator name, a specified + * principal name as target name, and a specified host-based name as acceptor + * name (or GSS_C_NO_NAME if no acceptor name is given). If the exchange is + * successful, queries the context for the acceptor name and prints it. If any + * call is unsuccessful, displays an error message. Exits with status 0 if all * operations are successful, or 1 if not. * * Usage: ./t_accname targetname [acceptorname] @@ -44,12 +43,11 @@ int main(int argc, char *argv[]) { - OM_uint32 minor, major; + OM_uint32 minor, major, flags; gss_cred_id_t acceptor_cred; gss_name_t target_name, acceptor_name = GSS_C_NO_NAME, real_acceptor_name; - gss_buffer_desc token, tmp, namebuf; - gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT; - gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT; + gss_buffer_desc namebuf; + gss_ctx_id_t initiator_context, acceptor_context; if (argc < 2 || argc > 3) { fprintf(stderr, "Usage: %s targetname [acceptorname]\n", argv[0]); @@ -67,24 +65,10 @@ main(int argc, char *argv[]) &acceptor_cred, NULL, NULL); check_gsserr("gss_acquire_cred", major, minor); - /* Create krb5 initiator context and get the first token. */ - token.value = NULL; - token.length = 0; - major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL, - &initiator_context, target_name, - (gss_OID)gss_mech_krb5, - GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG, - GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS, - GSS_C_NO_BUFFER, NULL, &token, NULL, NULL); - check_gsserr("gss_init_sec_context", major, minor); - - /* Pass the token to gss_accept_sec_context. */ - tmp.value = NULL; - tmp.length = 0; - major = gss_accept_sec_context(&minor, &acceptor_context, acceptor_cred, - &token, GSS_C_NO_CHANNEL_BINDINGS, - NULL, NULL, &tmp, NULL, NULL, NULL); - check_gsserr("gss_accept_sec_context", major, minor); + flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG; + establish_contexts(&mech_krb5, GSS_C_NO_CREDENTIAL, acceptor_cred, + target_name, flags, &initiator_context, + &acceptor_context, NULL, NULL, NULL); major = gss_inquire_context(&minor, acceptor_context, NULL, &real_acceptor_name, NULL, NULL, NULL, NULL, @@ -103,7 +87,5 @@ main(int argc, char *argv[]) (void)gss_release_cred(&minor, &acceptor_cred); (void)gss_delete_sec_context(&minor, &initiator_context, NULL); (void)gss_delete_sec_context(&minor, &acceptor_context, NULL); - (void)gss_release_buffer(&minor, &token); - (void)gss_release_buffer(&minor, &tmp); return 0; } diff --git a/src/tests/gssapi/t_ccselect.c b/src/tests/gssapi/t_ccselect.c index 05b0a844a..cc4f73a1f 100644 --- a/src/tests/gssapi/t_ccselect.c +++ b/src/tests/gssapi/t_ccselect.c @@ -32,27 +32,24 @@ /* * Test program for client credential selection, intended to be run from a - * Python test script. Performs a one-token - * gss_init_sec_context/gss_accept_sec_context exchange, optionally with a - * specified principal as the initiator name, a specified principal name as - * target name, the default acceptor cred. If the exchange is successful, - * prints the initiator name as seen by the acceptor. If any call is - * unsuccessful, displays an error message. Exits with status 0 if all - * operations are successful, or 1 if not. + * Python test script. Establishes contexts with an optionally specified + * initiator name, a specified target name, and the default acceptor cred. If + * the exchange is successful, prints the initiator name as seen by the + * acceptor. If any call is unsuccessful, displays an error message. Exits + * with status 0 if all operations are successful, or 1 if not. * - * Usage: ./t_ccselect [targetprinc|gss:service@host] [initiatorprinc|-] + * Usage: ./t_ccselect targetname [initiatorname|-] */ int main(int argc, char *argv[]) { - OM_uint32 minor, major; + OM_uint32 minor, major, flags; gss_cred_id_t initiator_cred = GSS_C_NO_CREDENTIAL; gss_name_t target_name, initiator_name = GSS_C_NO_NAME; gss_name_t real_initiator_name; - gss_buffer_desc token, tmp, namebuf; - gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT; - gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT; + gss_buffer_desc namebuf; + gss_ctx_id_t initiator_context, acceptor_context; if (argc < 2 || argc > 3) { fprintf(stderr, "Usage: %s targetname [initiatorname|-]\n", argv[0]); @@ -71,26 +68,10 @@ main(int argc, char *argv[]) check_gsserr("gss_acquire_cred", major, minor); } - - /* Create krb5 initiator context and get the first token. */ - token.value = NULL; - token.length = 0; - major = gss_init_sec_context(&minor, initiator_cred, &initiator_context, - target_name, (gss_OID)gss_mech_krb5, - GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG, - GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS, - GSS_C_NO_BUFFER, NULL, &token, NULL, NULL); - check_gsserr("gss_init_sec_context", major, minor); - - /* Pass the token to gss_accept_sec_context. */ - tmp.value = NULL; - tmp.length = 0; - major = gss_accept_sec_context(&minor, &acceptor_context, - GSS_C_NO_CREDENTIAL, &token, - GSS_C_NO_CHANNEL_BINDINGS, - &real_initiator_name, NULL, &tmp, - NULL, NULL, NULL); - check_gsserr("gss_accept_sec_context", major, minor); + flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG; + establish_contexts(&mech_krb5, initiator_cred, GSS_C_NO_CREDENTIAL, + target_name, flags, &initiator_context, + &acceptor_context, &real_initiator_name, NULL, NULL); namebuf.value = NULL; namebuf.length = 0; @@ -104,8 +85,6 @@ main(int argc, char *argv[]) (void)gss_release_cred(&minor, &initiator_cred); (void)gss_delete_sec_context(&minor, &initiator_context, NULL); (void)gss_delete_sec_context(&minor, &acceptor_context, NULL); - (void)gss_release_buffer(&minor, &token); - (void)gss_release_buffer(&minor, &tmp); (void)gss_release_buffer(&minor, &namebuf); return 0; } diff --git a/src/tests/gssapi/t_enctypes.c b/src/tests/gssapi/t_enctypes.c index c1e02faf4..79a732a2b 100644 --- a/src/tests/gssapi/t_enctypes.c +++ b/src/tests/gssapi/t_enctypes.c @@ -38,14 +38,13 @@ #include "common.h" /* - * This test program performs a gss_init_sec_context/gss_accept_sec_context - * exchange with the krb5 mech, the default initiator name, a specified - * principal name as target name, and the default acceptor name. Before the - * exchange, gss_set_allowable_enctypes is called for the initiator and the - * acceptor cred if requested. If the exchange is successful, the resulting - * contexts are exported with gss_krb5_export_lucid_sec_context, checked for - * mismatches, and the GSS protocol and keys are displayed. Exits with status - * 0 if all operations are successful, or 1 if not. + * This test program establishes contexts with the krb5 mech, the default + * initiator name, a specified target name, and the default acceptor name. + * Before the exchange, gss_set_allowable_enctypes is called for the initiator + * and the acceptor cred if requested. If the exchange is successful, the + * resulting contexts are exported with gss_krb5_export_lucid_sec_context, + * checked for mismatches, and the GSS protocol and keys are displayed. Exits + * with status 0 if all operations are successful, or 1 if not. * * Usage: ./t_enctypes [-i initenctypes] [-a accenctypes] targetname */ @@ -87,8 +86,7 @@ main(int argc, char *argv[]) OM_uint32 minor, major, flags; gss_name_t tname; gss_cred_id_t icred = GSS_C_NO_CREDENTIAL, acred = GSS_C_NO_CREDENTIAL; - gss_ctx_id_t ictx = GSS_C_NO_CONTEXT, actx = GSS_C_NO_CONTEXT; - gss_buffer_desc itok, atok, tmp; + gss_ctx_id_t ictx, actx; gss_krb5_lucid_context_v1_t *ilucid, *alucid; gss_krb5_rfc1964_keydata_t *i1964, *a1964; gss_krb5_cfx_keydata_t *icfx, *acfx; @@ -141,38 +139,9 @@ main(int argc, char *argv[]) check_gsserr("gss_krb5_set_allowable_enctypes(acc)", major, minor); } - /* Create initiator context and get the first token. */ - itok.value = NULL; - itok.length = 0; flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_MUTUAL_FLAG; - major = gss_init_sec_context(&minor, icred, &ictx, tname, &mech_krb5, - flags, GSS_C_INDEFINITE, - GSS_C_NO_CHANNEL_BINDINGS, GSS_C_NO_BUFFER, - NULL, &itok, NULL, NULL); - check_gsserr("gss_init_sec_context(1)", major, minor); - if (major != GSS_S_CONTINUE_NEEDED) - errout("gss_init_sec_context(1) unexpected complete"); - - /* Pass the initiator token to gss_accept_sec_context. */ - atok.value = NULL; - atok.length = 0; - major = gss_accept_sec_context(&minor, &actx, acred, &itok, - GSS_C_NO_CHANNEL_BINDINGS, NULL, NULL, - &atok, NULL, NULL, NULL); - check_gsserr("gss_accept_sec_context", major, minor); - if (major != GSS_S_COMPLETE) - errout("gss_accept_sec_context unexpected continue"); - - /* Pass the return token to gss_init_sec_context again. */ - tmp.value = NULL; - tmp.length = 0; - major = gss_init_sec_context(&minor, icred, &ictx, tname, &mech_krb5, - flags, GSS_C_INDEFINITE, - GSS_C_NO_CHANNEL_BINDINGS, &atok, NULL, &tmp, - NULL, NULL); - check_gsserr("gss_init_sec_context(2)", major, minor); - if (major != GSS_S_COMPLETE) - errout("gss_init_sec_context(2) unexpected continue"); + establish_contexts(&mech_krb5, icred, acred, tname, flags, &ictx, &actx, + NULL, NULL, NULL); /* Export to lucid contexts. */ major = gss_krb5_export_lucid_sec_context(&minor, &ictx, 1, &lptr); @@ -220,9 +189,6 @@ main(int argc, char *argv[]) (void)gss_release_cred(&minor, &acred); (void)gss_delete_sec_context(&minor, &ictx, NULL); (void)gss_delete_sec_context(&minor, &actx, NULL); - (void)gss_release_buffer(&minor, &itok); - (void)gss_release_buffer(&minor, &atok); - (void)gss_release_buffer(&minor, &tmp); (void)gss_krb5_free_lucid_sec_context(&minor, ilucid); (void)gss_krb5_free_lucid_sec_context(&minor, alucid); return 0; diff --git a/src/tests/gssapi/t_export_cred.c b/src/tests/gssapi/t_export_cred.c index 6f62eed81..5214cd510 100644 --- a/src/tests/gssapi/t_export_cred.c +++ b/src/tests/gssapi/t_export_cred.c @@ -64,7 +64,6 @@ main(int argc, char *argv[]) gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT; gss_OID mech = GSS_C_NO_OID; gss_OID_set mechs = GSS_C_NO_OID_SET; - gss_buffer_desc token, tmp; char optchar; /* Parse arguments. */ @@ -110,17 +109,9 @@ main(int argc, char *argv[]) * delegating credentials. */ flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG | GSS_C_DELEG_FLAG; - major = gss_init_sec_context(&minor, initiator_cred, &initiator_context, - target_name, mech, flags, GSS_C_INDEFINITE, - GSS_C_NO_CHANNEL_BINDINGS, GSS_C_NO_BUFFER, - NULL, &token, NULL, NULL); - check_gsserr("gss_init_sec_context", major, minor); - - major = gss_accept_sec_context(&minor, &acceptor_context, acceptor_cred, - &token, GSS_C_NO_CHANNEL_BINDINGS, - NULL, NULL, &tmp, NULL, NULL, - &delegated_cred); - check_gsserr("gss_accept_sec_context", major, minor); + establish_contexts(mech, initiator_cred, acceptor_cred, target_name, flags, + &initiator_context, &acceptor_context, NULL, NULL, + &delegated_cred); /* Import, release, export, and store delegated creds */ export_import_cred(&delegated_cred); @@ -136,7 +127,5 @@ main(int argc, char *argv[]) (void)gss_release_cred(&minor, &delegated_cred); (void)gss_delete_sec_context(&minor, &initiator_context, NULL); (void)gss_delete_sec_context(&minor, &acceptor_context, NULL); - (void)gss_release_buffer(&minor, &token); - (void)gss_release_buffer(&minor, &tmp); return 0; } diff --git a/src/tests/gssapi/t_gssexts.c b/src/tests/gssapi/t_gssexts.c index d008c0862..41d62b926 100644 --- a/src/tests/gssapi/t_gssexts.c +++ b/src/tests/gssapi/t_gssexts.c @@ -110,12 +110,9 @@ init_accept_sec_context(gss_cred_id_t claimant_cred_handle, gss_cred_id_t verifier_cred_handle, gss_cred_id_t *deleg_cred_handle) { - OM_uint32 major, minor; - gss_buffer_desc token = GSS_C_EMPTY_BUFFER, tmp = GSS_C_EMPTY_BUFFER; + OM_uint32 major, minor, flags; gss_name_t source_name = GSS_C_NO_NAME, target_name = GSS_C_NO_NAME; - gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT; - gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT; - OM_uint32 time_rec; + gss_ctx_id_t initiator_context, acceptor_context; gss_OID mech; *deleg_cred_handle = GSS_C_NO_CREDENTIAL; @@ -128,21 +125,11 @@ init_accept_sec_context(gss_cred_id_t claimant_cred_handle, mech = use_spnego ? &mech_spnego : &mech_krb5; display_oid("Target mech", mech); - major = gss_init_sec_context(&minor, claimant_cred_handle, - &initiator_context, target_name, mech, - GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG, - GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS, - GSS_C_NO_BUFFER, NULL, &token, NULL, - &time_rec); - (void)gss_release_name(&minor, &target_name); - check_gsserr("gss_init_sec_context", major, minor); - - major = gss_accept_sec_context(&minor, &acceptor_context, - verifier_cred_handle, &token, - GSS_C_NO_CHANNEL_BINDINGS, &source_name, - NULL, &tmp, NULL, &time_rec, - deleg_cred_handle); - check_gsserr("gss_accept_sec_context", major, minor); + flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG; + establish_contexts(mech, claimant_cred_handle, verifier_cred_handle, + target_name, flags, &initiator_context, + &acceptor_context, &source_name, NULL, + deleg_cred_handle); test_prf(initiator_context, acceptor_context, GSS_C_PRF_KEY_FULL); test_prf(initiator_context, acceptor_context, GSS_C_PRF_KEY_PARTIAL); @@ -150,8 +137,6 @@ init_accept_sec_context(gss_cred_id_t claimant_cred_handle, (void)gss_release_name(&minor, &source_name); (void)gss_delete_sec_context(&minor, &acceptor_context, NULL); (void)gss_delete_sec_context(&minor, &initiator_context, NULL); - (void)gss_release_buffer(&minor, &token); - (void)gss_release_buffer(&minor, &tmp); } static void diff --git a/src/tests/gssapi/t_imp_cred.c b/src/tests/gssapi/t_imp_cred.c index 8e00daefd..a2aa5fbae 100644 --- a/src/tests/gssapi/t_imp_cred.c +++ b/src/tests/gssapi/t_imp_cred.c @@ -45,11 +45,9 @@ int main(int argc, char *argv[]) { - OM_uint32 minor, major; + OM_uint32 minor, major, flags; gss_cred_id_t initiator_cred, acceptor_cred; - gss_buffer_desc token, tmp; - gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT; - gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT; + gss_ctx_id_t initiator_context, acceptor_context; gss_name_t target_name; krb5_context context = NULL; krb5_ccache cc; @@ -85,24 +83,10 @@ main(int argc, char *argv[]) major = gss_krb5_import_cred(&minor, NULL, princ, kt, &acceptor_cred); check_gsserr("gss_krb5_import_cred (acceptor)", major, minor); - /* Create krb5 initiator context and get the first token. */ - token.value = NULL; - token.length = 0; - major = gss_init_sec_context(&minor, initiator_cred, - &initiator_context, target_name, - (gss_OID)gss_mech_krb5, - GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG, - GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS, - GSS_C_NO_BUFFER, NULL, &token, NULL, NULL); - check_gsserr("gss_init_sec_context", major, minor); - - /* Pass the token to gss_accept_sec_context. */ - tmp.value = NULL; - tmp.length = 0; - major = gss_accept_sec_context(&minor, &acceptor_context, acceptor_cred, - &token, GSS_C_NO_CHANNEL_BINDINGS, - NULL, NULL, &tmp, NULL, NULL, NULL); - check_gsserr("gss_accept_sec_context", major, minor); + flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG; + establish_contexts(&mech_krb5, initiator_cred, acceptor_cred, target_name, + flags, &initiator_context, &acceptor_context, NULL, + NULL, NULL); krb5_cc_close(context, cc); krb5_kt_close(context, kt); @@ -113,7 +97,5 @@ main(int argc, char *argv[]) (void)gss_release_cred(&minor, &acceptor_cred); (void)gss_delete_sec_context(&minor, &initiator_context, NULL); (void)gss_delete_sec_context(&minor, &acceptor_context, NULL); - (void)gss_release_buffer(&minor, &token); - (void)gss_release_buffer(&minor, &tmp); return 0; } diff --git a/src/tests/gssapi/t_namingexts.c b/src/tests/gssapi/t_namingexts.c index 7d06f337f..c7bfe3e2a 100644 --- a/src/tests/gssapi/t_namingexts.c +++ b/src/tests/gssapi/t_namingexts.c @@ -125,13 +125,10 @@ test_map_name_to_any(gss_name_t name) static void init_accept_sec_context(gss_cred_id_t verifier_cred_handle) { - OM_uint32 major, minor; - gss_buffer_desc token = GSS_C_EMPTY_BUFFER, tmp = GSS_C_EMPTY_BUFFER; + OM_uint32 major, minor, flags; gss_name_t source_name = GSS_C_NO_NAME, target_name = GSS_C_NO_NAME; - gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT; - gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT; + gss_ctx_id_t initiator_context, acceptor_context; gss_OID mech = use_spnego ? &mech_spnego : &mech_krb5; - OM_uint32 time_rec; major = gss_inquire_cred(&minor, verifier_cred_handle, &target_name, NULL, NULL, NULL); @@ -139,22 +136,10 @@ init_accept_sec_context(gss_cred_id_t verifier_cred_handle) display_canon_name("Target name", target_name, &mech_krb5); - major = gss_init_sec_context(&minor, verifier_cred_handle, - &initiator_context, target_name, mech, - GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG, - GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS, - GSS_C_NO_BUFFER, NULL, &token, NULL, - &time_rec); - check_gsserr("gss_init_sec_context", major, minor); - - (void)gss_release_name(&minor, &target_name); - (void)gss_delete_sec_context(&minor, &initiator_context, NULL); - - major = gss_accept_sec_context(&minor, &acceptor_context, - verifier_cred_handle, &token, - GSS_C_NO_CHANNEL_BINDINGS, &source_name, - NULL, &tmp, NULL, &time_rec, NULL); - check_gsserr("gss_accept_sec_context", major, minor); + flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG; + establish_contexts(mech, verifier_cred_handle, verifier_cred_handle, + target_name, flags, &initiator_context, + &acceptor_context, &source_name, NULL, NULL); display_canon_name("Source name", source_name, &mech_krb5); enumerate_attributes(source_name, 1); @@ -162,9 +147,9 @@ init_accept_sec_context(gss_cred_id_t verifier_cred_handle) test_map_name_to_any(source_name); (void)gss_release_name(&minor, &source_name); + (void)gss_release_name(&minor, &target_name); + (void)gss_delete_sec_context(&minor, &initiator_context, NULL); (void)gss_delete_sec_context(&minor, &acceptor_context, NULL); - (void)gss_release_buffer(&minor, &token); - (void)gss_release_buffer(&minor, &tmp); } int diff --git a/src/tests/gssapi/t_s4u.c b/src/tests/gssapi/t_s4u.c index 62b97352b..c33560f8f 100644 --- a/src/tests/gssapi/t_s4u.c +++ b/src/tests/gssapi/t_s4u.c @@ -90,12 +90,9 @@ init_accept_sec_context(gss_cred_id_t claimant_cred_handle, gss_cred_id_t verifier_cred_handle, gss_cred_id_t *deleg_cred_handle) { - OM_uint32 major, minor; - gss_buffer_desc token = GSS_C_EMPTY_BUFFER, tmp = GSS_C_EMPTY_BUFFER; + OM_uint32 major, minor, flags; gss_name_t source_name = GSS_C_NO_NAME, target_name = GSS_C_NO_NAME; - gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT; - gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT; - OM_uint32 time_rec; + gss_ctx_id_t initiator_context, acceptor_context; gss_OID mech = GSS_C_NO_OID; *deleg_cred_handle = GSS_C_NO_CREDENTIAL; @@ -109,33 +106,20 @@ init_accept_sec_context(gss_cred_id_t claimant_cred_handle, mech = use_spnego ? &mech_spnego : &mech_krb5; display_oid("Target mech", mech); - major = gss_init_sec_context(&minor, claimant_cred_handle, - &initiator_context, target_name, mech, - GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG, - GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS, - GSS_C_NO_BUFFER, NULL, &token, NULL, - &time_rec); - check_gsserr("gss_init_sec_context", major, minor); - - (void)gss_release_name(&minor, &target_name); - (void)gss_delete_sec_context(&minor, &initiator_context, NULL); - - mech = GSS_C_NO_OID; - major = gss_accept_sec_context(&minor, &acceptor_context, - verifier_cred_handle, &token, - GSS_C_NO_CHANNEL_BINDINGS, &source_name, - &mech, &tmp, NULL, &time_rec, - deleg_cred_handle); - check_gsserr("gss_accept_sec_context", major, minor); + flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG; + establish_contexts(mech, claimant_cred_handle, verifier_cred_handle, + target_name, flags, &initiator_context, + &acceptor_context, &source_name, &mech, + deleg_cred_handle); display_canon_name("Source name", source_name, &mech_krb5); display_oid("Source mech", mech); enumerate_attributes(source_name, 1); (void)gss_release_name(&minor, &source_name); + (void)gss_release_name(&minor, &target_name); + (void)gss_delete_sec_context(&minor, &initiator_context, NULL); (void)gss_delete_sec_context(&minor, &acceptor_context, NULL); - (void)gss_release_buffer(&minor, &token); - (void)gss_release_buffer(&minor, &tmp); } static void diff --git a/src/tests/gssapi/t_s4u2proxy_krb5.c b/src/tests/gssapi/t_s4u2proxy_krb5.c index 610871502..3ad108648 100644 --- a/src/tests/gssapi/t_s4u2proxy_krb5.c +++ b/src/tests/gssapi/t_s4u2proxy_krb5.c @@ -54,16 +54,15 @@ main(int argc, char *argv[]) krb5_boolean use_spnego = FALSE; krb5_ccache storage_ccache = NULL; krb5_principal client_princ = NULL; - OM_uint32 minor, major; - gss_buffer_desc buf = GSS_C_EMPTY_BUFFER, token = GSS_C_EMPTY_BUFFER; + OM_uint32 minor, major, flags; + gss_buffer_desc buf = GSS_C_EMPTY_BUFFER; gss_OID mech; gss_OID_set mechs; gss_name_t acceptor_name = GSS_C_NO_NAME, client_name = GSS_C_NO_NAME; gss_name_t service1_name = GSS_C_NO_NAME, service2_name = GSS_C_NO_NAME; gss_cred_id_t service1_cred = GSS_C_NO_CREDENTIAL; gss_cred_id_t deleg_cred = GSS_C_NO_CREDENTIAL; - gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT; - gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT; + gss_ctx_id_t initiator_context, acceptor_context; /* Parse arguments. */ if (argc >= 2 && strcmp(argv[1], "--spnego") == 0) { @@ -95,26 +94,14 @@ main(int argc, char *argv[]) mechs, GSS_C_BOTH, &service1_cred, NULL, NULL); check_gsserr("gss_acquire_cred(service1)", major, minor); - /* Create initiator context and get the first token, using the client - * ccache. */ + /* Establish contexts using the client ccache. */ service1_name = import_name(service1); major = gss_krb5_ccache_name(&minor, client_ccname, NULL); check_gsserr("gss_krb5_ccache_name(1)", major, minor); - major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL, - &initiator_context, service1_name, mech, - GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG, - GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS, - GSS_C_NO_BUFFER, NULL, &token, NULL, NULL); - if (GSS_ERROR(major)) - check_gsserr("gss_init_sec_context(1)", major, minor); - - /* Pass the token to gss_accept_sec_context. */ - major = gss_accept_sec_context(&minor, &acceptor_context, - service1_cred, &token, - GSS_C_NO_CHANNEL_BINDINGS, &client_name, - NULL, &buf, NULL, NULL, &deleg_cred); - check_gsserr("gss_accept_sec_context(1)", major, minor); - (void)gss_release_buffer(&minor, &token); + flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG; + establish_contexts(mech, GSS_C_NO_CREDENTIAL, service1_cred, service1_name, + flags, &initiator_context, &acceptor_context, + &client_name, NULL, &deleg_cred); /* Display and remember the client principal. */ major = gss_display_name(&minor, client_name, &buf, NULL); @@ -143,25 +130,13 @@ main(int argc, char *argv[]) (void)gss_delete_sec_context(&minor, &initiator_context, GSS_C_NO_BUFFER); (void)gss_delete_sec_context(&minor, &acceptor_context, GSS_C_NO_BUFFER); - /* Create initiator context and get the first token, using the storage - * ccache. */ + /* Establish contexts using the storage ccache. */ service2_name = import_name(service2); major = gss_krb5_ccache_name(&minor, storage_ccname, NULL); check_gsserr("gss_krb5_ccache_name(2)", major, minor); - major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL, - &initiator_context, service2_name, mech, - GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG, - GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS, - GSS_C_NO_BUFFER, NULL, &token, NULL, NULL); - check_gsserr("gss_init_sec_context(2)", major, minor); - - /* Pass the token to gss_accept_sec_context. */ - major = gss_accept_sec_context(&minor, &acceptor_context, - GSS_C_NO_CREDENTIAL, &token, - GSS_C_NO_CHANNEL_BINDINGS, &client_name, - NULL, &buf, NULL, NULL, &deleg_cred); - check_gsserr("gss_accept_sec_context(2)", major, minor); - (void)gss_release_buffer(&minor, &token); + establish_contexts(mech, GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL, + service2_name, flags, &initiator_context, + &acceptor_context, &client_name, NULL, &deleg_cred); major = gss_display_name(&minor, client_name, &buf, NULL); check_gsserr("gss_display_name(2)", major, minor); diff --git a/src/tests/gssapi/t_spnego.c b/src/tests/gssapi/t_spnego.c index aee80d446..cbf720bf7 100644 --- a/src/tests/gssapi/t_spnego.c +++ b/src/tests/gssapi/t_spnego.c @@ -42,14 +42,12 @@ int main(int argc, char *argv[]) { - OM_uint32 minor, major; + OM_uint32 minor, major, flags; gss_cred_id_t verifier_cred_handle = GSS_C_NO_CREDENTIAL; gss_OID_set actual_mechs = GSS_C_NO_OID_SET; gss_buffer_desc token = GSS_C_EMPTY_BUFFER, tmp = GSS_C_EMPTY_BUFFER; - gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT; - gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT; + gss_ctx_id_t initiator_context, acceptor_context; gss_name_t target_name, source_name = GSS_C_NO_NAME; - OM_uint32 time_rec; gss_OID mech = GSS_C_NO_OID; if (argc < 2 || argc > 3) { @@ -74,24 +72,15 @@ main(int argc, char *argv[]) major = gss_set_neg_mechs(&minor, verifier_cred_handle, &mechset_krb5); check_gsserr("gss_set_neg_mechs", major, minor); - major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL, - &initiator_context, target_name, &mech_spnego, - GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG, - GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS, - GSS_C_NO_BUFFER, NULL, &token, NULL, - &time_rec); - check_gsserr("gss_init_sec_context", major, minor); - (void)gss_delete_sec_context(&minor, &initiator_context, NULL); - - major = gss_accept_sec_context(&minor, &acceptor_context, - verifier_cred_handle, &token, - GSS_C_NO_CHANNEL_BINDINGS, &source_name, - &mech, &tmp, NULL, &time_rec, NULL); - check_gsserr("gss_accept_sec_context", major, minor); + flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG; + establish_contexts(&mech_spnego, GSS_C_NO_CREDENTIAL, verifier_cred_handle, + target_name, flags, &initiator_context, + &acceptor_context, &source_name, &mech, NULL); display_canon_name("Source name", source_name, &mech_krb5); display_oid("Source mech", mech); + (void)gss_delete_sec_context(&minor, &initiator_context, NULL); (void)gss_delete_sec_context(&minor, &acceptor_context, NULL); (void)gss_release_name(&minor, &source_name); (void)gss_release_name(&minor, &target_name); |