void internal_release_buffer( gss_buffer_desc * buffer) { char * error_str = NULL; OM_uint32 maj_stat, min_stat; maj_stat = gss_release_buffer(&min_stat, (gss_buffer_t) buffer); if(maj_stat != GSS_S_COMPLETE) { globus_gsi_gssapi_test_print_error(stderr, maj_stat, min_stat); globus_print_error((globus_result_t) min_stat); exit(1); } }
int main() { OM_uint32 init_maj_stat; OM_uint32 accept_maj_stat; OM_uint32 maj_stat; OM_uint32 min_stat; OM_uint32 ret_flags; OM_uint32 req_flags = 0; OM_uint32 time_rec; gss_buffer_desc send_tok; gss_buffer_desc recv_tok; gss_buffer_desc * token_ptr; gss_OID mech_type; gss_name_t target_name; gss_ctx_id_t init_context; gss_ctx_id_t accept_context; gss_ctx_id_t del_init_context; gss_ctx_id_t del_accept_context; gss_cred_id_t delegated_cred; gss_cred_id_t imported_cred; gss_cred_id_t cred_handle; char * error_str; globus_result_t result; globus_gsi_cert_utils_cert_type_t cert_type; int rc = EXIT_SUCCESS; printf("1..1\n"); /* Activate Modules */ globus_module_activate(GLOBUS_GSI_GSSAPI_MODULE); /* Initialize variables */ token_ptr = GSS_C_NO_BUFFER; init_context = GSS_C_NO_CONTEXT; accept_context = GSS_C_NO_CONTEXT; del_init_context = GSS_C_NO_CONTEXT; del_accept_context = GSS_C_NO_CONTEXT; delegated_cred = GSS_C_NO_CREDENTIAL; accept_maj_stat = GSS_S_CONTINUE_NEEDED; ret_flags = 0; req_flags |= GSS_C_GLOBUS_LIMITED_DELEG_PROXY_FLAG; /* acquire the credential */ maj_stat = gss_acquire_cred(&min_stat, NULL, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, GSS_C_BOTH, &cred_handle, NULL, NULL); if(maj_stat != GSS_S_COMPLETE) { globus_gsi_gssapi_test_print_error(stderr, maj_stat, min_stat); rc = EXIT_FAILURE; goto fail; } /* get the subject name */ maj_stat = gss_inquire_cred(&min_stat, cred_handle, &target_name, NULL, NULL, NULL); if(maj_stat != GSS_S_COMPLETE) { globus_gsi_gssapi_test_print_error(stderr, maj_stat, min_stat); rc = EXIT_FAILURE; goto fail; } /* set up the first security context */ init_maj_stat = gss_init_sec_context(&min_stat, cred_handle, &init_context, target_name, GSS_C_NULL_OID, 0, 0, GSS_C_NO_CHANNEL_BINDINGS, token_ptr, NULL, &send_tok, NULL, NULL); if(init_maj_stat != GSS_S_CONTINUE_NEEDED) { globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat); rc = EXIT_FAILURE; goto fail; } while(1) { accept_maj_stat=gss_accept_sec_context(&min_stat, &accept_context, GSS_C_NO_CREDENTIAL, &send_tok, GSS_C_NO_CHANNEL_BINDINGS, NULL, &mech_type, &recv_tok, &ret_flags, /* ignore time_rec */ NULL, NULL); if(accept_maj_stat != GSS_S_COMPLETE && accept_maj_stat != GSS_S_CONTINUE_NEEDED) { globus_gsi_gssapi_test_print_error(stderr, accept_maj_stat, min_stat); rc = EXIT_FAILURE; goto fail; } else if(accept_maj_stat == GSS_S_COMPLETE) { break; } init_maj_stat = gss_init_sec_context(&min_stat, GSS_C_NO_CREDENTIAL, &init_context, target_name, GSS_C_NULL_OID, 0, 0, GSS_C_NO_CHANNEL_BINDINGS, &recv_tok, NULL, &send_tok, NULL, NULL); if(init_maj_stat != GSS_S_COMPLETE && init_maj_stat != GSS_S_CONTINUE_NEEDED) { globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat); rc = EXIT_FAILURE; goto fail; } } printf("# %s:%d: Successfully established initial security context\n", __FILE__, __LINE__); /* delegate our credential over the initial security context and * insert a restriction extension into the delegated credential. * This is a post GT 2.0 feature. */ init_maj_stat = gss_init_delegation(&min_stat, init_context, cred_handle, GSS_C_NO_OID, GSS_C_NO_OID_SET, GSS_C_NO_BUFFER_SET, token_ptr, req_flags, 0, &send_tok); if(init_maj_stat != GSS_S_COMPLETE && init_maj_stat != GSS_S_CONTINUE_NEEDED) { globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat); rc = EXIT_FAILURE; goto fail; } while(1) { accept_maj_stat=gss_accept_delegation(&min_stat, accept_context, GSS_C_NO_OID_SET, GSS_C_NO_BUFFER_SET, &send_tok, req_flags, 0, &time_rec, &delegated_cred, &mech_type, &recv_tok); if(accept_maj_stat != GSS_S_COMPLETE && accept_maj_stat != GSS_S_CONTINUE_NEEDED) { globus_gsi_gssapi_test_print_error(stderr, accept_maj_stat, min_stat); rc = EXIT_FAILURE; goto fail; } else if(accept_maj_stat == GSS_S_COMPLETE) { break; } init_maj_stat = gss_init_delegation(&min_stat, init_context, cred_handle, GSS_C_NO_OID, GSS_C_NO_OID_SET, GSS_C_NO_BUFFER_SET, &recv_tok, req_flags, 0, &send_tok); if(init_maj_stat != GSS_S_COMPLETE && init_maj_stat != GSS_S_CONTINUE_NEEDED) { globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat); rc = EXIT_FAILURE; goto fail; } } printf("# %s:%d: Successfully delegated credential\n", __FILE__, __LINE__); /* export and import the delegated credential */ /* this can be done both to a buffer and to a file */ /* New in GT 2.0 */ maj_stat = gss_export_cred(&min_stat, delegated_cred, GSS_C_NO_OID, 0, &send_tok); if(maj_stat != GSS_S_COMPLETE) { globus_gsi_gssapi_test_print_error(stderr, maj_stat, min_stat); rc = EXIT_FAILURE; goto fail; } maj_stat = gss_import_cred(&min_stat, &imported_cred, GSS_C_NO_OID, 0, &send_tok, 0, &time_rec); if(maj_stat != GSS_S_COMPLETE) { globus_gsi_gssapi_test_print_error(stderr, maj_stat, min_stat); rc = EXIT_FAILURE; goto fail; } printf("# %s:%d: Successfully exported/imported the delegated credential\n", __FILE__, __LINE__); /* set up another security context using the delegated credential */ init_maj_stat = gss_init_sec_context(&min_stat, imported_cred, &del_init_context, target_name, GSS_C_NULL_OID, 0, 0, GSS_C_NO_CHANNEL_BINDINGS, token_ptr, NULL, &send_tok, NULL, NULL); if(init_maj_stat != GSS_S_COMPLETE && init_maj_stat != GSS_S_CONTINUE_NEEDED) { globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat); rc = EXIT_FAILURE; goto fail; } while(1) { accept_maj_stat=gss_accept_sec_context(&min_stat, &del_accept_context, imported_cred, &send_tok, GSS_C_NO_CHANNEL_BINDINGS, NULL, &mech_type, &recv_tok, &ret_flags, /* ignore time_rec */ NULL, NULL); if(accept_maj_stat != GSS_S_COMPLETE && accept_maj_stat != GSS_S_CONTINUE_NEEDED) { globus_gsi_gssapi_test_print_error(stderr, accept_maj_stat, min_stat); rc = EXIT_FAILURE; goto fail; } else if(accept_maj_stat == GSS_S_COMPLETE) { break; } init_maj_stat = gss_init_sec_context(&min_stat, imported_cred, &del_init_context, target_name, GSS_C_NULL_OID, 0, 0, GSS_C_NO_CHANNEL_BINDINGS, &recv_tok, NULL, &send_tok, NULL, NULL); if(init_maj_stat != GSS_S_COMPLETE && init_maj_stat != GSS_S_CONTINUE_NEEDED) { globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat); rc = EXIT_FAILURE; goto fail; } } /* got sec context based on delegated cred now */ printf("# %s:%d: Successfully established security context with delegated credential\n", __FILE__, __LINE__); /* Verify that the delegated credential is a limited proxy */ result = globus_gsi_cred_get_cert_type( ((gss_cred_id_desc *)imported_cred)->cred_handle, &cert_type); if(result != GLOBUS_SUCCESS) { char * error_str; globus_object_t * error_obj; error_obj = globus_error_get(result); error_str = globus_error_print_chain(error_obj); fprintf(stderr, "%s", error_str); globus_libc_free(error_str); globus_object_free(error_obj); rc = EXIT_FAILURE; goto fail; } if (! GLOBUS_GSI_CERT_UTILS_IS_LIMITED_PROXY(cert_type)) { fprintf(stderr, "Invalid certificate type. Expected a limited proxy, got %d\n", (int) cert_type); rc = EXIT_FAILURE; goto fail; } fail: printf("%s gssapi_limited_delegation_test\n", (rc==EXIT_SUCCESS) ? "ok" : "not ok"); globus_module_deactivate_all(); exit(rc); }
static void import_names() { OM_uint32 major_status, minor_status; globus_gsi_cred_handle_t handle; gss_buffer_desc buffer; X509 * cert; gss_OID_set name_types; globus_result_t result; globus_list_t *i, *j; compare_name_test_case_t * test_case; int present; major_status = gss_inquire_names_for_mech( &minor_status, (gss_OID) globus_i_gss_mech_globus_gssapi_openssl, &name_types); if (major_status == GSS_S_COMPLETE) { major_status = gss_test_oid_set_member( &minor_status, GLOBUS_GSS_C_NT_X509, name_types, &present); if (major_status == GSS_S_COMPLETE && present) { gss_l_x509_support = GLOBUS_TRUE; } major_status = gss_test_oid_set_member( &minor_status, GLOBUS_GSS_C_NT_HOST_IP, name_types, &present); if (major_status == GSS_S_COMPLETE && present) { gss_l_host_ip_support = GLOBUS_TRUE; } major_status = gss_release_oid_set(&minor_status, &name_types); } for (i = test_cases; !globus_list_empty(i); i = globus_list_rest(i)) { test_case = globus_list_first(i); if (test_case->name1 == GSS_C_NO_NAME) { switch (test_case->name_type1) { case GSS_L_ANONYMOUS: major_status = gss_import_name(&minor_status, &buffer, GSS_C_NT_ANONYMOUS, &test_case->name1); if (major_status != GSS_S_COMPLETE) { fprintf(stderr, "Error importing <anonymous>\n"); globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status); exit(-1); } break; case GSS_L_NO_OID: buffer.value = test_case->name_token1; buffer.length = strlen(buffer.value); major_status = gss_import_name(&minor_status, &buffer, GSS_C_NO_OID, &test_case->name1); if (major_status != GSS_S_COMPLETE) { fprintf(stderr, "Error importing %s\n", test_case->name_token1); globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status); exit(-1); } break; case GSS_L_HOSTBASED_SERVICE: buffer.value = test_case->name_token1; buffer.length = strlen(buffer.value); major_status = gss_import_name(&minor_status, &buffer, GSS_C_NT_HOSTBASED_SERVICE, &test_case->name1); if (major_status != GSS_S_COMPLETE) { fprintf(stderr, "Error importing %s\n", test_case->name_token1); globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status); exit(-1); } break; case GSS_L_HOST_IP: if (gss_l_host_ip_support) { buffer.value = test_case->name_token1; buffer.length = strlen(buffer.value); major_status = gss_import_name(&minor_status, &buffer, GLOBUS_GSS_C_NT_HOST_IP, &test_case->name1); if (major_status != GSS_S_COMPLETE) { fprintf(stderr, "Error importing %s\n", test_case->name_token1); globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status); exit(-1); } } break; case GSS_L_X509: if (gss_l_x509_support) { result = globus_gsi_cred_handle_init(&handle, NULL); if (result != GLOBUS_SUCCESS) { globus_gsi_gssapi_test_print_result(stderr, result); exit(-1); } result = globus_gsi_cred_read_cert(handle, test_case->name_token1); if (result != GLOBUS_SUCCESS) { globus_gsi_gssapi_test_print_result(stderr, result); exit(-2); } result = globus_gsi_cred_get_cert(handle, &cert); buffer.value = cert; buffer.length = sizeof(X509); major_status = gss_import_name(&minor_status, &buffer, GLOBUS_GSS_C_NT_X509, &test_case->name1); if (major_status != GSS_S_COMPLETE) { fprintf(stderr, "Error importing %s\n", test_case->name_token1); globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status); exit(-1); } X509_free(cert); globus_gsi_cred_handle_destroy(handle); } break; } for (j = i; !globus_list_empty(j); j = globus_list_rest(j)) { compare_name_test_case_t *test_case2 = globus_list_first(j); if (test_case->name_type1 == test_case2->name_type1 && test_case->name_token1 && test_case2->name_token1 && strcmp(test_case->name_token1, test_case2->name_token1) == 0 && test_case2->name1 == GSS_C_NO_NAME) { test_case2->name1 = test_case->name1; } if (test_case->name_type1 == test_case2->name_type2 && test_case->name_token1 && test_case2->name_token2 && strcmp(test_case->name_token1, test_case2->name_token2) == 0 && test_case2->name2 == GSS_C_NO_NAME) { test_case2->name2 = test_case->name1; } } } if (test_case->name2 == GSS_C_NO_NAME) { switch (test_case->name_type2) { case GSS_L_ANONYMOUS: major_status = gss_import_name(&minor_status, &buffer, GSS_C_NT_ANONYMOUS, &test_case->name2); if (major_status != GSS_S_COMPLETE) { fprintf(stderr, "Error importing <anonymous>\n"); globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status); exit(-1); } break; case GSS_L_NO_OID: buffer.value = test_case->name_token2; buffer.length = strlen(buffer.value); major_status = gss_import_name(&minor_status, &buffer, GSS_C_NO_OID, &test_case->name2); if (major_status != GSS_S_COMPLETE) { fprintf(stderr, "Error importing %s\n", test_case->name_token2); globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status); exit(-1); } break; case GSS_L_HOSTBASED_SERVICE: buffer.value = test_case->name_token2; buffer.length = strlen(buffer.value); major_status = gss_import_name(&minor_status, &buffer, GSS_C_NT_HOSTBASED_SERVICE, &test_case->name2); if (major_status != GSS_S_COMPLETE) { fprintf(stderr, "Error importing %s\n", test_case->name_token2); globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status); exit(-1); } break; case GSS_L_HOST_IP: if (gss_l_host_ip_support) { buffer.value = test_case->name_token2; buffer.length = strlen(buffer.value); major_status = gss_import_name(&minor_status, &buffer, GLOBUS_GSS_C_NT_HOST_IP, &test_case->name2); if (major_status != GSS_S_COMPLETE) { fprintf(stderr, "Error importing %s\n", test_case->name_token2); globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status); exit(-1); } } break; case GSS_L_X509: if (gss_l_x509_support) { result = globus_gsi_cred_handle_init(&handle, NULL); if (result != GLOBUS_SUCCESS) { globus_gsi_gssapi_test_print_result(stderr, result); exit(-1); } result = globus_gsi_cred_read_cert(handle, test_case->name_token2); if (result != GLOBUS_SUCCESS) { globus_gsi_gssapi_test_print_result(stderr, result); exit(-2); } result = globus_gsi_cred_get_cert(handle, &cert); buffer.value = cert; buffer.length = sizeof(X509); major_status = gss_import_name(&minor_status, &buffer, GLOBUS_GSS_C_NT_X509, &test_case->name2); if (major_status != GSS_S_COMPLETE) { fprintf(stderr, "Error importing %s\n", test_case->name_token2); globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status); exit(-1); } X509_free(cert); globus_gsi_cred_handle_destroy(handle); } break; } for (j = i; !globus_list_empty(j); j = globus_list_rest(j)) { compare_name_test_case_t *test_case2 = globus_list_first(j); if (test_case->name_type2 == test_case2->name_type1 && test_case->name_token2 && test_case2->name_token1 && strcmp(test_case->name_token2, test_case2->name_token1) == 0 && test_case2->name1 == GSS_C_NO_NAME) { test_case2->name1 = test_case->name2; } if (test_case->name_type2 == test_case2->name_type2 && test_case->name_token2 && test_case2->name_token2 && strcmp(test_case->name_token2, test_case2->name_token2) == 0 && test_case2->name2 == GSS_C_NO_NAME) { test_case2->name2 = test_case->name2; } } } } }
int main(int argc, char * argv[]) { int rc = 0, c = 0, failed = 0; OM_uint32 major_status, minor_status; int name_equal; globus_list_t *i; compare_name_test_case_t * test_case; globus_module_descriptor_t *modules[] = { GLOBUS_COMMON_MODULE, GLOBUS_GSI_GSSAPI_MODULE, GLOBUS_GSI_CREDENTIAL_MODULE, NULL }, *failed_module = NULL; if (argc != 2) { fprintf(stderr, "%s test-case-file\n", argv[0]); exit(-1); } rc = globus_module_activate_array(modules, &failed_module); if (rc != 0) { exit(-1); } globus_l_gss_read_test_cases(argv[1]); import_names(); printf("1..%d\n", globus_list_size(test_cases)); for (i = test_cases; !globus_list_empty(i); i = globus_list_rest(i)) { test_case = globus_list_first(i); if ((!gss_l_host_ip_support) && (test_case->name_type1 == GSS_L_HOST_IP || test_case->name_type2 == GSS_L_HOST_IP)) { printf("ok %d # skip !gss_l_host_ip_support\n", ++c); fflush(stdout); continue; } if ((!gss_l_x509_support) && (test_case->name_type1 == GSS_L_X509 || test_case->name_type2 == GSS_L_X509)) { printf("ok %d # skip !gss_l_x509_support\n", ++c); fflush(stdout); continue; } rc = 0; major_status = gss_compare_name( &minor_status, test_case->name1, test_case->name2, &name_equal); if (GSS_ERROR(major_status)) { globus_gsi_gssapi_test_print_error( stderr, major_status, minor_status); rc = 1; } else if (name_equal != test_case->expectation) { globus_l_gss_test_print_name_error( stderr, test_case->name1, test_case->name_type1, test_case->name2, test_case->name_type2, test_case->expectation); rc = 2; } major_status = gss_compare_name( &minor_status, test_case->name2, test_case->name1, &name_equal); if (GSS_ERROR(major_status)) { globus_gsi_gssapi_test_print_error( stderr, major_status, minor_status); rc = 3; } else if (name_equal != test_case->expectation) { globus_l_gss_test_print_name_error( stderr, test_case->name2, test_case->name_type2, test_case->name1, test_case->name_type1, test_case->expectation); rc = 4; } c++; if (rc == 0) { printf("ok %s\n", test_case->test_name); } else { failed++; printf("not ok %d %s\n", c, test_case->test_name); } fflush(stdout); } globus_l_gss_free_test_cases(); return failed; }
int main() { OM_uint32 init_maj_stat; OM_uint32 accept_maj_stat; OM_uint32 maj_stat; OM_uint32 min_stat; OM_uint32 ret_flags; OM_uint32 req_flags = 0; OM_uint32 time_rec; gss_buffer_desc send_tok; gss_buffer_desc recv_tok; gss_buffer_desc * token_ptr; gss_OID mech_type; gss_name_t target_name; gss_ctx_id_t init_context; gss_ctx_id_t accept_context; gss_ctx_id_t del_init_context; gss_ctx_id_t del_accept_context; gss_cred_id_t delegated_cred; gss_cred_id_t imported_cred; gss_cred_id_t cred_handle; char * error_str; int rc = EXIT_SUCCESS; printf("1..1\n"); /* Initialize variables */ token_ptr = GSS_C_NO_BUFFER; init_context = GSS_C_NO_CONTEXT; accept_context = GSS_C_NO_CONTEXT; del_init_context = GSS_C_NO_CONTEXT; del_accept_context = GSS_C_NO_CONTEXT; delegated_cred = GSS_C_NO_CREDENTIAL; accept_maj_stat = GSS_S_CONTINUE_NEEDED; ret_flags = 0; req_flags |= GSS_C_GLOBUS_SSL_COMPATIBLE; /* Activate Modules */ globus_module_activate(GLOBUS_GSI_GSSAPI_MODULE); maj_stat = gss_acquire_cred(&min_stat, NULL, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, GSS_C_BOTH, &cred_handle, NULL, NULL); if(maj_stat != GSS_S_COMPLETE) { globus_gsi_gssapi_test_print_error(stderr, maj_stat, min_stat); globus_print_error((globus_result_t) min_stat); rc = EXIT_FAILURE; goto fail; } /* get the subject name */ maj_stat = gss_inquire_cred(&min_stat, cred_handle, &target_name, NULL, NULL, NULL); if(maj_stat != GSS_S_COMPLETE) { globus_gsi_gssapi_test_print_error(stderr, maj_stat, min_stat); globus_print_error((globus_result_t) min_stat); rc = EXIT_FAILURE; goto fail; } /* set up the first security context */ init_maj_stat = gss_init_sec_context(&min_stat, cred_handle, &init_context, target_name, GSS_C_NULL_OID, 0, 0, GSS_C_NO_CHANNEL_BINDINGS, token_ptr, NULL, &send_tok, NULL, NULL); if(init_maj_stat != GSS_S_CONTINUE_NEEDED) { globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat); globus_print_error((globus_result_t) min_stat); rc = EXIT_FAILURE; goto fail; } while(1) { accept_maj_stat=gss_accept_sec_context(&min_stat, &accept_context, GSS_C_NO_CREDENTIAL, &send_tok, GSS_C_NO_CHANNEL_BINDINGS, NULL, &mech_type, &recv_tok, &ret_flags, /* ignore time_rec */ NULL, NULL); if(accept_maj_stat != GSS_S_COMPLETE && accept_maj_stat != GSS_S_CONTINUE_NEEDED) { globus_gsi_gssapi_test_print_error(stderr, accept_maj_stat, min_stat); globus_print_error((globus_result_t) min_stat); rc = EXIT_FAILURE; goto fail; } else if(accept_maj_stat == GSS_S_COMPLETE) { break; } init_maj_stat = gss_init_sec_context(&min_stat, GSS_C_NO_CREDENTIAL, &init_context, target_name, GSS_C_NULL_OID, 0, 0, GSS_C_NO_CHANNEL_BINDINGS, &recv_tok, NULL, &send_tok, NULL, NULL); if(init_maj_stat != GSS_S_COMPLETE && init_maj_stat != GSS_S_CONTINUE_NEEDED) { globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat); globus_print_error((globus_result_t) min_stat); rc = EXIT_FAILURE; goto fail; } } printf("# %s:%d: Successfully established initial security context\n", __FILE__, __LINE__); init_maj_stat = gss_init_delegation(&min_stat, init_context, cred_handle, GSS_C_NO_OID, GSS_C_NO_OID_SET, GSS_C_NO_BUFFER_SET, token_ptr, req_flags, 0, &send_tok); if(init_maj_stat != GSS_S_COMPLETE && init_maj_stat != GSS_S_CONTINUE_NEEDED) { globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat); globus_print_error((globus_result_t) min_stat); rc = EXIT_FAILURE; goto fail; } internal_release_buffer(&recv_tok); maj_stat = gss_wrap(&min_stat, init_context, 0, GSS_C_QOP_DEFAULT, &send_tok, NULL, &recv_tok); if(maj_stat != GSS_S_COMPLETE) { globus_gsi_gssapi_test_print_error(stderr, maj_stat, min_stat); globus_print_error((globus_result_t) min_stat); rc = EXIT_FAILURE; goto fail; } while(1) { internal_release_buffer(&send_tok); maj_stat = gss_unwrap(&min_stat, accept_context, &recv_tok, &send_tok, NULL, NULL); if(maj_stat != GSS_S_COMPLETE) { globus_gsi_gssapi_test_print_error(stderr, maj_stat, min_stat); globus_print_error((globus_result_t) min_stat); rc = EXIT_FAILURE; goto fail; } internal_release_buffer(&recv_tok); accept_maj_stat=gss_accept_delegation(&min_stat, accept_context, GSS_C_NO_OID_SET, GSS_C_NO_BUFFER_SET, &send_tok, req_flags, 0, &time_rec, &delegated_cred, &mech_type, &recv_tok); if(accept_maj_stat != GSS_S_COMPLETE && accept_maj_stat != GSS_S_CONTINUE_NEEDED) { globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat); globus_print_error((globus_result_t) min_stat); rc = EXIT_FAILURE; goto fail; } else if(accept_maj_stat == GSS_S_COMPLETE) { break; } internal_release_buffer(&send_tok); maj_stat = gss_wrap(&min_stat, accept_context, 0, GSS_C_QOP_DEFAULT, &recv_tok, NULL, &send_tok); if(maj_stat != GSS_S_COMPLETE) { globus_gsi_gssapi_test_print_error(stderr, maj_stat, min_stat); globus_print_error((globus_result_t) min_stat); rc = EXIT_FAILURE; goto fail; } internal_release_buffer(&recv_tok); maj_stat = gss_unwrap(&min_stat, init_context, &send_tok, &recv_tok, NULL, NULL); if(maj_stat != GSS_S_COMPLETE) { globus_gsi_gssapi_test_print_error(stderr, maj_stat, min_stat); globus_print_error((globus_result_t) min_stat); rc = EXIT_FAILURE; goto fail; } internal_release_buffer(&send_tok); init_maj_stat = gss_init_delegation(&min_stat, init_context, cred_handle, GSS_C_NO_OID, GSS_C_NO_OID_SET, GSS_C_NO_BUFFER_SET, &recv_tok, req_flags, 0, &send_tok); if(init_maj_stat != GSS_S_COMPLETE && init_maj_stat != GSS_S_CONTINUE_NEEDED) { globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat); globus_print_error((globus_result_t) min_stat); rc = EXIT_FAILURE; goto fail; } internal_release_buffer(&recv_tok); maj_stat = gss_wrap(&min_stat, init_context, 0, GSS_C_QOP_DEFAULT, &send_tok, NULL, &recv_tok); if(maj_stat != GSS_S_COMPLETE) { globus_gsi_gssapi_test_print_error(stderr, maj_stat, min_stat); globus_print_error((globus_result_t) min_stat); rc = EXIT_FAILURE; goto fail; } } printf("# %s:%d: Successfully delegated credential\n", __FILE__, __LINE__); /* export and import the delegated credential */ /* this can be done both to a buffer and to a file */ /* New in GT 2.0 */ internal_release_buffer(&send_tok); maj_stat = gss_export_cred(&min_stat, delegated_cred, GSS_C_NO_OID, 0, &send_tok); if(maj_stat != GSS_S_COMPLETE) { globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat); globus_print_error((globus_result_t) min_stat); rc = EXIT_FAILURE; goto fail; } maj_stat = gss_import_cred(&min_stat, &imported_cred, GSS_C_NO_OID, 0, &send_tok, 0, &time_rec); if(maj_stat != GSS_S_COMPLETE) { globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat); globus_print_error((globus_result_t) min_stat); rc = EXIT_FAILURE; goto fail; } internal_release_buffer(&send_tok); printf("# %s:%d: Successfully exported/imported the delegated credential\n", __FILE__, __LINE__); /* set up another security context using the delegated credential */ init_maj_stat = gss_init_sec_context(&min_stat, imported_cred, &del_init_context, target_name, GSS_C_NULL_OID, 0, 0, GSS_C_NO_CHANNEL_BINDINGS, token_ptr, NULL, &send_tok, NULL, NULL); if(init_maj_stat != GSS_S_COMPLETE && init_maj_stat != GSS_S_CONTINUE_NEEDED) { globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat); globus_print_error((globus_result_t) min_stat); rc = EXIT_FAILURE; goto fail; } while(1) { internal_release_buffer(&recv_tok); accept_maj_stat=gss_accept_sec_context(&min_stat, &del_accept_context, imported_cred, &send_tok, GSS_C_NO_CHANNEL_BINDINGS, &target_name, &mech_type, &recv_tok, &ret_flags, /* ignore time_rec */ NULL, NULL); if(accept_maj_stat != GSS_S_COMPLETE && accept_maj_stat != GSS_S_CONTINUE_NEEDED) { globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat); globus_print_error((globus_result_t) min_stat); rc = EXIT_FAILURE; goto fail; } else if(accept_maj_stat == GSS_S_COMPLETE) { break; } init_maj_stat = gss_init_sec_context(&min_stat, imported_cred, &del_init_context, target_name, GSS_C_NULL_OID, 0, 0, GSS_C_NO_CHANNEL_BINDINGS, &recv_tok, NULL, &send_tok, NULL, NULL); if(init_maj_stat != GSS_S_COMPLETE && init_maj_stat != GSS_S_CONTINUE_NEEDED) { globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat); globus_print_error((globus_result_t) min_stat); rc = EXIT_FAILURE; goto fail; } } /* got sec context based on delegated cred now */ printf("# %s:%d: Successfully established security context with delegated credential\n", __FILE__, __LINE__); fail: printf("%s gssapi_delegation_compat_test\n", (rc == EXIT_SUCCESS) ? "ok" : "not ok"); globus_module_deactivate_all(); exit(rc); }