static void
acquire_release_loop(gss_name_t name, int counter, gss_cred_usage_t usage)
{
OM_uint32 maj_stat, min_stat;
gss_cred_id_t cred;
int i;
for (i = 0; i < counter; i++) {
maj_stat = gss_acquire_cred(&min_stat, name,
GSS_C_INDEFINITE,
GSS_C_NO_OID_SET,
usage,
&cred,
NULL,
NULL);
if (maj_stat != GSS_S_COMPLETE)
gss_err(1, min_stat, "aquire %d %d != GSS_S_COMPLETE",
i, (int)maj_stat);
maj_stat = gss_release_cred(&min_stat, &cred);
if (maj_stat != GSS_S_COMPLETE)
gss_err(1, min_stat, "release %d %d != GSS_S_COMPLETE",
i, (int)maj_stat);
}
}
static void
acquire_add_release_add(gss_name_t name, gss_cred_usage_t usage)
{
OM_uint32 maj_stat, min_stat;
gss_cred_id_t cred, cred2, cred3;
maj_stat = gss_acquire_cred(&min_stat, name,
GSS_C_INDEFINITE,
GSS_C_NO_OID_SET,
usage,
&cred,
NULL,
NULL);
if (maj_stat != GSS_S_COMPLETE)
gss_err(1, min_stat, "aquire %d != GSS_S_COMPLETE", (int)maj_stat);
maj_stat = gss_add_cred(&min_stat,
cred,
GSS_C_NO_NAME,
GSS_KRB5_MECHANISM,
usage,
GSS_C_INDEFINITE,
GSS_C_INDEFINITE,
&cred2,
NULL,
NULL,
NULL);
if (maj_stat != GSS_S_COMPLETE)
gss_err(1, min_stat, "add_cred %d != GSS_S_COMPLETE", (int)maj_stat);
maj_stat = gss_release_cred(&min_stat, &cred);
if (maj_stat != GSS_S_COMPLETE)
gss_err(1, min_stat, "release %d != GSS_S_COMPLETE", (int)maj_stat);
maj_stat = gss_add_cred(&min_stat,
cred2,
GSS_C_NO_NAME,
GSS_KRB5_MECHANISM,
GSS_C_BOTH,
GSS_C_INDEFINITE,
GSS_C_INDEFINITE,
&cred3,
NULL,
NULL,
NULL);
maj_stat = gss_release_cred(&min_stat, &cred2);
if (maj_stat != GSS_S_COMPLETE)
gss_err(1, min_stat, "release 2 %d != GSS_S_COMPLETE", (int)maj_stat);
maj_stat = gss_release_cred(&min_stat, &cred3);
if (maj_stat != GSS_S_COMPLETE)
gss_err(1, min_stat, "release 2 %d != GSS_S_COMPLETE", (int)maj_stat);
}
static int
init_user(gss_ctx_id_t *ctx,
const char *service,
const char *hostname,
gss_buffer_desc *input_token,
gss_buffer_desc *output_token)
{
OM_uint32 maj_stat, min_stat;
gss_buffer_desc name_token;
gss_name_t server;
const gss_OID mech_oid = GSS_C_NO_OID;
memset(&name_token, 0, sizeof(name_token));
name_token.length = asprintf ((char **)&name_token.value,
"%s@%s", service, hostname);
maj_stat = gss_import_name (&min_stat,
&name_token,
GSS_C_NT_HOSTBASED_SERVICE,
&server);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat,
"Error importing name `%s@%s':\n", service, hostname);
maj_stat =
gss_init_sec_context(&min_stat,
GSS_C_NO_CREDENTIAL,
ctx,
server,
mech_oid,
GSS_C_DELEG_FLAG,
0,
GSS_C_NO_CHANNEL_BINDINGS,
input_token,
NULL,
output_token,
NULL,
NULL);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_init_sec_context");
return maj_stat;
}
void
print_gss_name(const char *prefix, gss_name_t name)
{
OM_uint32 maj_stat, min_stat;
gss_buffer_desc name_token;
maj_stat = gss_display_name (&min_stat,
name,
&name_token,
NULL);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_display_name");
fprintf (stderr, "%s `%.*s'\n", prefix,
(int)name_token.length,
(char *)name_token.value);
gss_release_buffer (&min_stat, &name_token);
}
int
main(int argc, char **argv)
{
int i, s, done, print_body, gssapi_done, gssapi_started, optidx = 0;
const char *host, *page;
struct http_req req;
char *headers[99]; /* XXX */
int num_headers;
krb5_storage *sp;
gss_cred_id_t client_cred = GSS_C_NO_CREDENTIAL;
gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
gss_name_t server = GSS_C_NO_NAME;
gss_OID mech_oid, cred_mech_oid;
OM_uint32 flags;
OM_uint32 maj_stat, min_stat;
setprogname(argv[0]);
if(getarg(http_args, num_http_args, argc, argv, &optidx))
usage(1);
if (help_flag)
usage (0);
if(version_flag) {
print_version(NULL);
exit(0);
}
argc -= optidx;
argv += optidx;
mech_oid = select_mech(mech);
if (cred_mech_str)
cred_mech_oid = select_mech(cred_mech_str);
else
cred_mech_oid = mech_oid;
if (argc != 1 && argc != 2)
errx(1, "usage: %s host [page]", getprogname());
host = argv[0];
if (argc == 2)
page = argv[1];
else
page = "/";
flags = 0;
if (delegate_flag)
flags |= GSS_C_DELEG_FLAG;
if (policy_flag)
flags |= GSS_C_DELEG_POLICY_FLAG;
if (mutual_flag)
flags |= GSS_C_MUTUAL_FLAG;
done = 0;
num_headers = 0;
gssapi_done = 0;
gssapi_started = 0;
if (client_str) {
gss_buffer_desc name_buffer;
gss_name_t name;
gss_OID_set mechset = GSS_C_NO_OID_SET;
name_buffer.value = client_str;
name_buffer.length = strlen(client_str);
maj_stat = gss_import_name(&min_stat, &name_buffer, GSS_C_NT_USER_NAME, &name);
if (maj_stat)
errx(1, "failed to import name");
if (cred_mech_oid) {
gss_create_empty_oid_set(&min_stat, &mechset);
gss_add_oid_set_member(&min_stat, cred_mech_oid, &mechset);
}
maj_stat = gss_acquire_cred(&min_stat, name, GSS_C_INDEFINITE,
mechset, GSS_C_INITIATE,
&client_cred, NULL, NULL);
gss_release_name(&min_stat, &name);
gss_release_oid_set(&min_stat, &mechset);
if (maj_stat)
errx(1, "failed to find cred of name %s", client_str);
}
{
gss_buffer_desc name_token;
char *name;
asprintf(&name, "%s@%s", gss_service, host);
name_token.length = strlen(name);
name_token.value = name;
maj_stat = gss_import_name(&min_stat,
&name_token,
GSS_C_NT_HOSTBASED_SERVICE,
&server);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_inport_name: %s", name);
free(name);
}
s = do_connect(host, port_str);
if (s < 0)
errx(1, "connection failed");
sp = krb5_storage_from_fd(s);
if (sp == NULL)
errx(1, "krb5_storage_from_fd");
do {
print_body = 0;
http_query(sp, host, page, headers, num_headers, &req);
for (i = 0 ; i < num_headers; i++)
free(headers[i]);
num_headers = 0;
if (strstr(req.response, " 200 ") != NULL) {
print_body = 1;
done = 1;
} else if (strstr(req.response, " 401 ") != NULL) {
if (http_find_header(&req, "WWW-Authenticate:") == NULL)
errx(1, "Got %s but missed `WWW-Authenticate'", req.response);
}
if (!gssapi_done) {
const char *h = http_find_header(&req, "WWW-Authenticate:");
if (h == NULL)
errx(1, "Got %s but missed `WWW-Authenticate'", req.response);
if (strncasecmp(h, "Negotiate", 9) == 0) {
gss_buffer_desc input_token, output_token;
if (verbose_flag)
printf("Negotiate found\n");
i = 9;
while(h[i] && isspace((unsigned char)h[i]))
i++;
if (h[i] != '\0') {
size_t len = strlen(&h[i]);
int slen;
if (len == 0)
errx(1, "invalid Negotiate token");
input_token.value = emalloc(len);
slen = base64_decode(&h[i], input_token.value);
if (slen < 0)
errx(1, "invalid base64 Negotiate token %s", &h[i]);
input_token.length = slen;
} else {
if (gssapi_started)
errx(1, "Negotiate already started");
gssapi_started = 1;
input_token.length = 0;
input_token.value = NULL;
}
if (strstr(req.response, " 200 ") != NULL)
sleep(1);
maj_stat =
gss_init_sec_context(&min_stat,
client_cred,
&context_hdl,
server,
mech_oid,
flags,
0,
GSS_C_NO_CHANNEL_BINDINGS,
&input_token,
NULL,
&output_token,
NULL,
NULL);
if (maj_stat == GSS_S_CONTINUE_NEEDED) {
} else if (maj_stat == GSS_S_COMPLETE) {
gss_name_t targ_name, src_name;
gss_buffer_desc name_buffer;
gss_OID mech_type;
gssapi_done = 1;
maj_stat = gss_inquire_context(&min_stat,
context_hdl,
&src_name,
&targ_name,
NULL,
&mech_type,
NULL,
NULL,
NULL);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_inquire_context");
printf("Negotiate done: %s\n", mech);
maj_stat = gss_display_name(&min_stat,
src_name,
&name_buffer,
NULL);
if (GSS_ERROR(maj_stat))
gss_print_errors(min_stat);
else
printf("Source: %.*s\n",
(int)name_buffer.length,
(char *)name_buffer.value);
gss_release_buffer(&min_stat, &name_buffer);
maj_stat = gss_display_name(&min_stat,
targ_name,
&name_buffer,
NULL);
if (GSS_ERROR(maj_stat))
gss_print_errors(min_stat);
else
printf("Target: %.*s\n",
(int)name_buffer.length,
(char *)name_buffer.value);
gss_release_name(&min_stat, &targ_name);
gss_release_buffer(&min_stat, &name_buffer);
} else {
gss_err (1, min_stat, "gss_init_sec_context");
}
if (output_token.length) {
char *neg_token;
base64_encode(output_token.value,
(int)output_token.length,
&neg_token);
asprintf(&headers[0], "Authorization: Negotiate %s",
neg_token);
num_headers = 1;
free(neg_token);
gss_release_buffer(&min_stat, &output_token);
}
if (input_token.length)
free(input_token.value);
} else
done = 1;
} else
done = 1;
if (print_body || verbose_flag)
printf("%.*s\n", (int)req.body_size, (char *)req.body);
http_req_free(&req);
} while (!done);
if (gssapi_done == 0)
errx(1, "gssapi not done but http dance done");
krb5_storage_free(sp);
close(s);
return 0;
}
int
main(int argc, char **argv)
{
OM_uint32 major, minor;
gss_cred_id_t from_cred = GSS_C_NO_CREDENTIAL;
gss_cred_id_t to_cred = GSS_C_NO_CREDENTIAL;
gss_cred_id_t cred = GSS_C_NO_CREDENTIAL;
char *from_env;
char *to_env;
int optidx = 0;
setprogname(argv[0]);
if (getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
usage(1);
if (help_flag)
usage (0);
if (version_flag){
print_version(NULL);
exit(0);
}
argc -= optidx;
argv += optidx;
if (argc < 2)
errx(1, "required arguments missing");
if (argc > 2)
errx(1, "too many arguments");
if (asprintf(&from_env, "KRB5CCNAME=%s", argv[0]) == -1 || from_env == NULL)
err(1, "out of memory");
if (asprintf(&to_env, "KRB5CCNAME=%s", argv[1]) == -1 || to_env == NULL)
err(1, "out of memory");
putenv(from_env);
major = gss_add_cred(&minor, GSS_C_NO_CREDENTIAL, GSS_C_NO_NAME,
GSS_KRB5_MECHANISM, GSS_C_INITIATE, GSS_C_INDEFINITE,
GSS_C_INDEFINITE, &from_cred, NULL, NULL, NULL);
if (major != GSS_S_COMPLETE)
gss_err(1, major, minor, GSS_KRB5_MECHANISM,
"failed to acquire creds from %s", argv[0]);
putenv(to_env);
major = gss_store_cred(&minor, from_cred, GSS_C_INITIATE,
GSS_KRB5_MECHANISM, 1, 1, NULL, NULL);
if (major != GSS_S_COMPLETE)
gss_err(1, major, minor, GSS_KRB5_MECHANISM,
"failed to store creds into %s", argv[1]);
(void) gss_release_cred(&minor, &from_cred);
(void) gss_release_cred(&minor, &to_cred);
major = gss_add_cred(&minor, GSS_C_NO_CREDENTIAL, GSS_C_NO_NAME,
GSS_KRB5_MECHANISM, GSS_C_INITIATE, GSS_C_INDEFINITE,
GSS_C_INDEFINITE, &cred, NULL, NULL, NULL);
if (major != GSS_S_COMPLETE)
gss_err(1, major, minor, GSS_KRB5_MECHANISM,
"failed to acquire creds from %s", argv[1]);
(void) gss_release_cred(&minor, &cred);
putenv("KRB5CCNAME");
free(from_env);
free(to_env);
return 0;
}
static int
proto (int sock, const char *hostname, const char *service)
{
struct sockaddr_in remote, local;
socklen_t addrlen;
int context_established = 0;
gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
gss_buffer_t input_token, output_token;
gss_buffer_desc real_input_token, real_output_token;
OM_uint32 maj_stat, min_stat;
gss_name_t server;
gss_buffer_desc name_token;
char *str;
name_token.length = asprintf (&str,
"%s@%s", service, hostname);
if (str == NULL)
errx(1, "out of memory");
name_token.value = str;
maj_stat = gss_import_name (&min_stat,
&name_token,
GSS_C_NT_HOSTBASED_SERVICE,
&server);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat,
"Error importing name `%s@%s':\n", service, hostname);
addrlen = sizeof(local);
if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
|| addrlen != sizeof(local))
err (1, "getsockname(%s)", hostname);
addrlen = sizeof(remote);
if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
|| addrlen != sizeof(remote))
err (1, "getpeername(%s)", hostname);
input_token = &real_input_token;
output_token = &real_output_token;
input_token->length = 0;
output_token->length = 0;
while(!context_established) {
maj_stat =
gss_init_sec_context(&min_stat,
GSS_C_NO_CREDENTIAL,
&context_hdl,
server,
GSS_C_NO_OID,
GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG,
0,
GSS_C_NO_CHANNEL_BINDINGS,
input_token,
NULL,
output_token,
NULL,
NULL);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_init_sec_context");
if (output_token->length != 0)
nt_write_token (sock, output_token);
if (GSS_ERROR(maj_stat)) {
if (context_hdl != GSS_C_NO_CONTEXT)
gss_delete_sec_context (&min_stat,
&context_hdl,
GSS_C_NO_BUFFER);
break;
}
if (maj_stat & GSS_S_CONTINUE_NEEDED) {
nt_read_token (sock, input_token);
} else {
context_established = 1;
}
}
/* get_mic */
input_token->length = 3;
input_token->value = strdup("hej");
maj_stat = gss_get_mic(&min_stat,
context_hdl,
GSS_C_QOP_DEFAULT,
input_token,
output_token);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_get_mic");
nt_write_token (sock, input_token);
nt_write_token (sock, output_token);
/* wrap */
input_token->length = 7;
input_token->value = "hemligt";
maj_stat = gss_wrap (&min_stat,
context_hdl,
1,
GSS_C_QOP_DEFAULT,
input_token,
NULL,
output_token);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_wrap");
nt_write_token (sock, output_token);
return 0;
}
int
main(int argc, char **argv)
{
struct http_req req;
const char *host, *page;
int i, done, print_body, gssapi_done, gssapi_started;
char *headers[10]; /* XXX */
int num_headers;
gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
gss_name_t server = GSS_C_NO_NAME;
int optind = 0;
gss_OID mech_oid;
OM_uint32 flags;
setprogname(argv[0]);
if(getarg(http_args, num_http_args, argc, argv, &optind))
usage(1);
if (help_flag)
usage (0);
if(version_flag) {
print_version(NULL);
exit(0);
}
argc -= optind;
argv += optind;
mech_oid = select_mech(mech);
if (argc != 1 && argc != 2)
errx(1, "usage: %s host [page]", getprogname());
host = argv[0];
if (argc == 2)
page = argv[1];
else
page = "/";
flags = 0;
if (delegate_flag)
flags |= GSS_C_DELEG_FLAG;
if (mutual_flag)
flags |= GSS_C_MUTUAL_FLAG;
done = 0;
num_headers = 0;
gssapi_done = 1;
gssapi_started = 0;
do {
print_body = 0;
http_query(host, page, headers, num_headers, &req);
for (i = 0 ; i < num_headers; i++)
free(headers[i]);
num_headers = 0;
if (strstr(req.response, " 200 ") != NULL) {
print_body = 1;
done = 1;
} else if (strstr(req.response, " 401 ") != NULL) {
if (http_find_header(&req, "WWW-Authenticate:") == NULL)
errx(1, "Got %s but missed `WWW-Authenticate'", req.response);
gssapi_done = 0;
}
if (!gssapi_done) {
const char *h = http_find_header(&req, "WWW-Authenticate:");
if (h == NULL)
errx(1, "Got %s but missed `WWW-Authenticate'", req.response);
if (strncasecmp(h, "Negotiate", 9) == 0) {
OM_uint32 maj_stat, min_stat;
gss_buffer_desc input_token, output_token;
if (verbose_flag)
printf("Negotiate found\n");
if (server == GSS_C_NO_NAME) {
char *name;
asprintf(&name, "%s@%s", gss_service, host);
input_token.length = strlen(name);
input_token.value = name;
maj_stat = gss_import_name(&min_stat,
&input_token,
GSS_C_NT_HOSTBASED_SERVICE,
&server);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_inport_name");
free(name);
input_token.length = 0;
input_token.value = NULL;
}
i = 9;
while(h[i] && isspace((unsigned char)h[i]))
i++;
if (h[i] != '\0') {
int len = strlen(&h[i]);
if (len == 0)
errx(1, "invalid Negotiate token");
input_token.value = emalloc(len);
len = base64_decode(&h[i], input_token.value);
if (len < 0)
errx(1, "invalid base64 Negotiate token %s", &h[i]);
input_token.length = len;
} else {
if (gssapi_started)
errx(1, "Negotiate already started");
gssapi_started = 1;
input_token.length = 0;
input_token.value = NULL;
}
maj_stat =
gss_init_sec_context(&min_stat,
GSS_C_NO_CREDENTIAL,
&context_hdl,
server,
mech_oid,
flags,
0,
GSS_C_NO_CHANNEL_BINDINGS,
&input_token,
NULL,
&output_token,
NULL,
NULL);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_init_sec_context");
else if (maj_stat & GSS_S_CONTINUE_NEEDED)
gssapi_done = 0;
else {
gss_name_t targ_name, src_name;
gss_buffer_desc name_buffer;
gss_OID mech_type;
gssapi_done = 1;
printf("Negotiate done: %s\n", mech);
maj_stat = gss_inquire_context(&min_stat,
context_hdl,
&src_name,
&targ_name,
NULL,
&mech_type,
NULL,
NULL,
NULL);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_inquire_context");
maj_stat = gss_display_name(&min_stat,
src_name,
&name_buffer,
NULL);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_display_name");
printf("Source: %.*s\n",
(int)name_buffer.length,
(char *)name_buffer.value);
gss_release_buffer(&min_stat, &name_buffer);
maj_stat = gss_display_name(&min_stat,
targ_name,
&name_buffer,
NULL);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_display_name");
printf("Target: %.*s\n",
(int)name_buffer.length,
(char *)name_buffer.value);
gss_release_name(&min_stat, &targ_name);
gss_release_buffer(&min_stat, &name_buffer);
}
if (output_token.length) {
char *neg_token;
base64_encode(output_token.value,
output_token.length,
&neg_token);
asprintf(&headers[0], "Authorization: Negotiate %s",
neg_token);
num_headers = 1;
free(neg_token);
gss_release_buffer(&min_stat, &output_token);
}
if (input_token.length)
free(input_token.value);
} else
done = 1;
} else
done = 1;
if (verbose_flag) {
printf("%s\n\n", req.response);
for (i = 0; i < req.num_headers; i++)
printf("%s\n", req.headers[i]);
printf("\n");
}
if (print_body || verbose_flag)
printf("%.*s\n", (int)req.body_size, (char *)req.body);
http_req_free(&req);
} while (!done);
if (gssapi_done == 0)
errx(1, "gssapi not done but http dance done");
return 0;
}
/**
* List all replicas of a given InputDataType. A replica needs to contain
* a valid SEId that is registered with the Information Service.
*
* @param inputDataType Defines one of the following InputDataTypes:
* lfn ... LogicalFileName
* guid ... GUID Global Unique Idenifier
* lds ... LogicalDataSet
* query ... generic query to the catalogue
* Further InputDataTypes can be extended in the future but need to
* be understood by the remote catalogue.
* Note that a catalogue does not need to implement all of the four
* InputDataTypes but is free to support any subset.
* @param inputData Actutual InputData variable
*
* @returns a vector of URLs that represent the locations of where
* the InputData is located. The URL can either be a full URL
* of the form protocol://hostname/pathname
* or hostname
* where hostname is a registered SEId.
*/
std::vector<std::string>
dli::DataLocationInterfaceSOAP::listReplicas(std::string inputDataType,
std::string inputData,
const classad::ClassAd & ad,
const std::string& endpoint)
{
///////////////////...for using secure endpoint
bool proxyInJdl = true;
std::string proxy;
try {
proxy = jdl::get_x509_user_proxy(ad);
} catch(...) {
proxyInJdl = false;
}
if(0 == strncasecmp(endpoint.c_str(), "https://", 8)) {
if (proxyInJdl) {
if (!m_ctx) {
if ( glite_gsplugin_init_context(&m_ctx) ) {
throw DLIerror("gsplugin_init_context FAILED");
}
}
if (glite_gsplugin_set_credential(m_ctx, proxy.c_str(), proxy.c_str())) {
std::string gss_err(m_ctx->error_msg);
glite_gsplugin_free_context(m_ctx);
m_ctx = NULL;
throw DLIerror("Cannot set credentials in the gsoap-plugin context: " + gss_err);
}
} else {
throw DLIerror("UserProxy not specified in the ClassAd");
}
if (soap_register_plugin_arg(&m_soap, glite_gsplugin, m_ctx)) {
std::stringstream ss;
ss << m_soap.error;
std::string soap_err = ss.str();
throw DLIerror("soap_register_plugin_arg FAILED: " + soap_err);
}
}
std::vector<std::string> urlVector;
struct datalocationinterface__listReplicasResponse theList;
// Call listReplicas and handle potential SOAP Faults
if (soap_call_datalocationinterface__listReplicas(
&m_soap,
endpoint.c_str(),
"",
inputDataType, inputData, theList)) {
std::string ex;
if (m_soap.error) {
soap_set_fault(&m_soap);
const char** faultdetail_ptr = soap_faultdetail(&m_soap);
std::string faultdetail;
if (*faultdetail_ptr != NULL) {
faultdetail = *faultdetail_ptr;
} else {
faultdetail = "unknown";
}
const char** faultcode_ptr = soap_faultcode(&m_soap);
std::string faultcode;
if ( *faultcode_ptr != NULL ) faultcode = *faultcode_ptr;
else faultcode = "unknown";
const char** faultstring_ptr = soap_faultstring(&m_soap);
std::string faultstring;
if (*faultstring_ptr != NULL ) faultstring = *faultstring_ptr;
else faultstring = "unknown";
std::string SOAP_FAULTCODE = "SOAP_FAULTCODE: ";
std::string SOAP_FAULTSTRING = "SOAP_FAULTSTRING: ";
std::string SOAP_FAULT_DETAIL = "SOAP_FAULT_DETAIL: ";
std::string new_line = "\n";
ex = new_line + SOAP_FAULTCODE + faultcode + new_line +
SOAP_FAULTSTRING + faultstring + new_line +
SOAP_FAULT_DETAIL + faultdetail + new_line;
} else {
ex = "Error in soap request towards StorageIndex Catalog. Unknown error.";
}
throw DLIerror(ex);
}
for (int i = 0; i < (theList.urlList)->__size; i++) {
#ifdef GSOAP_279_TRICK
std::string *thisS = *(theList.urlList->__ptritem);
#else
std::string *thisS = (theList.urlList->__ptritem);
#endif
//std::string str( ((theList.urlList)->__ptritem)[i] );
std::string str( *(thisS + i) );
urlVector.push_back( str );
}
return urlVector;
} // listReplicas
int
main(int argc, char **argv)
{
gss_buffer_desc name_buffer;
OM_uint32 maj_stat, min_stat;
gss_name_t name, MNname, MNname2;
int optidx = 0;
char *str;
int len, equal;
setprogname(argv[0]);
if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
usage(1);
if (help_flag)
usage (0);
if(version_flag){
print_version(NULL);
exit(0);
}
argc -= optidx;
argv += optidx;
gsskrb5_set_default_realm("MIT.EDU");
/*
* test import/export
*/
str = NULL;
len = asprintf(&str, "*****@*****.**");
if (len < 0 || str == NULL)
errx(1, "asprintf");
name_buffer.value = str;
name_buffer.length = len;
maj_stat = gss_import_name(&min_stat, &name_buffer,
GSS_C_NT_HOSTBASED_SERVICE,
&name);
if (maj_stat != GSS_S_COMPLETE)
gss_err(1, min_stat, "import name error");
free(str);
maj_stat = gss_canonicalize_name (&min_stat,
name,
GSS_KRB5_MECHANISM,
&MNname);
if (maj_stat != GSS_S_COMPLETE)
gss_err(1, min_stat, "canonicalize name error");
maj_stat = gss_export_name(&min_stat,
MNname,
&name_buffer);
if (maj_stat != GSS_S_COMPLETE)
gss_err(1, min_stat, "export name error (KRB5)");
/*
* Import the exported name and compare
*/
maj_stat = gss_import_name(&min_stat, &name_buffer,
GSS_C_NT_EXPORT_NAME,
&MNname2);
if (maj_stat != GSS_S_COMPLETE)
gss_err(1, min_stat, "import name error (exported KRB5 name)");
maj_stat = gss_compare_name(&min_stat, MNname, MNname2, &equal);
if (maj_stat != GSS_S_COMPLETE)
errx(1, "gss_compare_name");
if (!equal)
errx(1, "names not equal");
gss_release_name(&min_stat, &MNname2);
gss_release_buffer(&min_stat, &name_buffer);
gss_release_name(&min_stat, &MNname);
gss_release_name(&min_stat, &name);
/*
* Import oid less name and compare to mech name.
* Dovecot SASL lib does this.
*/
str = NULL;
len = asprintf(&str, "lha");
if (len < 0 || str == NULL)
errx(1, "asprintf");
name_buffer.value = str;
name_buffer.length = len;
maj_stat = gss_import_name(&min_stat, &name_buffer,
GSS_C_NO_OID,
&name);
if (maj_stat != GSS_S_COMPLETE)
gss_err(1, min_stat, "import (no oid) name error");
maj_stat = gss_import_name(&min_stat, &name_buffer,
GSS_KRB5_NT_USER_NAME,
&MNname);
if (maj_stat != GSS_S_COMPLETE)
gss_err(1, min_stat, "import (krb5 mn) name error");
free(str);
maj_stat = gss_compare_name(&min_stat, name, MNname, &equal);
if (maj_stat != GSS_S_COMPLETE)
errx(1, "gss_compare_name");
if (!equal)
errx(1, "names not equal");
gss_release_name(&min_stat, &MNname);
gss_release_name(&min_stat, &name);
#if 0
maj_stat = gss_canonicalize_name (&min_stat,
name,
GSS_SPNEGO_MECHANISM,
&MNname);
if (maj_stat != GSS_S_COMPLETE)
gss_err(1, min_stat, "canonicalize name error");
maj_stat = gss_export_name(&maj_stat,
MNname,
&name_buffer);
if (maj_stat != GSS_S_COMPLETE)
gss_err(1, min_stat, "export name error (SPNEGO)");
gss_release_name(&min_stat, &MNname);
gss_release_buffer(&min_stat, &name_buffer);
#endif
return 0;
}
