int authenticate_gss_server_clean(gss_server_state *state) { OM_uint32 min_stat; int ret = AUTH_GSS_COMPLETE; if (state->context != GSS_C_NO_CONTEXT) gss_delete_sec_context(&min_stat, &state->context, GSS_C_NO_BUFFER); if (state->server_name != GSS_C_NO_NAME) gss_release_name(&min_stat, &state->server_name); if (state->client_name != GSS_C_NO_NAME) gss_release_name(&min_stat, &state->client_name); if (state->server_creds != GSS_C_NO_CREDENTIAL) gss_release_cred(&min_stat, &state->server_creds); if (state->client_creds != GSS_C_NO_CREDENTIAL) gss_release_cred(&min_stat, &state->client_creds); if (state->username != NULL) { free(state->username); state->username = NULL; } if (state->targetname != NULL) { free(state->targetname); state->targetname = NULL; } if (state->response != NULL) { free(state->response); state->response = NULL; } return ret; }
/* Delete our context, providing it has been built correctly */ void ssh_gssapi_delete_ctx(Gssctxt **ctx) { OM_uint32 ms; if ((*ctx) == NULL) return; if ((*ctx)->context != GSS_C_NO_CONTEXT) gss_delete_sec_context(&ms, &(*ctx)->context, GSS_C_NO_BUFFER); if ((*ctx)->name != GSS_C_NO_NAME) gss_release_name(&ms, &(*ctx)->name); if ((*ctx)->oid != GSS_C_NO_OID) { free((*ctx)->oid->elements); free((*ctx)->oid); (*ctx)->oid = GSS_C_NO_OID; } if ((*ctx)->creds != GSS_C_NO_CREDENTIAL) gss_release_cred(&ms, &(*ctx)->creds); if ((*ctx)->client != GSS_C_NO_NAME) gss_release_name(&ms, &(*ctx)->client); if ((*ctx)->client_creds != GSS_C_NO_CREDENTIAL) gss_release_cred(&ms, &(*ctx)->client_creds); free(*ctx); *ctx = NULL; }
/* Delete our context, providing it has been built correctly */ void ssh_gssapi_delete_ctx(Gssctxt **ctx) { #if !defined(MECHGLUE) OM_uint32 ms; #endif if ((*ctx) == NULL) return; #if !defined(MECHGLUE) /* mechglue has some memory management issues */ if ((*ctx)->context != GSS_C_NO_CONTEXT) gss_delete_sec_context(&ms, &(*ctx)->context, GSS_C_NO_BUFFER); if ((*ctx)->name != GSS_C_NO_NAME) gss_release_name(&ms, &(*ctx)->name); if ((*ctx)->oid != GSS_C_NO_OID) { free((*ctx)->oid->elements); free((*ctx)->oid); (*ctx)->oid = GSS_C_NO_OID; } if ((*ctx)->creds != GSS_C_NO_CREDENTIAL) gss_release_cred(&ms, &(*ctx)->creds); if ((*ctx)->client != GSS_C_NO_NAME) gss_release_name(&ms, &(*ctx)->client); if ((*ctx)->client_creds != GSS_C_NO_CREDENTIAL) gss_release_cred(&ms, &(*ctx)->client_creds); #endif free(*ctx); *ctx = NULL; }
static void acquire_add_release_add(gss_name_t name, gss_cred_usage_t usage) { OM_uint32 maj_stat, min_stat; gss_cred_id_t cred, cred2, cred3; maj_stat = gss_acquire_cred(&min_stat, name, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, usage, &cred, NULL, NULL); if (maj_stat != GSS_S_COMPLETE) gss_err(1, min_stat, "aquire %d != GSS_S_COMPLETE", (int)maj_stat); maj_stat = gss_add_cred(&min_stat, cred, GSS_C_NO_NAME, GSS_KRB5_MECHANISM, usage, GSS_C_INDEFINITE, GSS_C_INDEFINITE, &cred2, NULL, NULL, NULL); if (maj_stat != GSS_S_COMPLETE) gss_err(1, min_stat, "add_cred %d != GSS_S_COMPLETE", (int)maj_stat); maj_stat = gss_release_cred(&min_stat, &cred); if (maj_stat != GSS_S_COMPLETE) gss_err(1, min_stat, "release %d != GSS_S_COMPLETE", (int)maj_stat); maj_stat = gss_add_cred(&min_stat, cred2, GSS_C_NO_NAME, GSS_KRB5_MECHANISM, GSS_C_BOTH, GSS_C_INDEFINITE, GSS_C_INDEFINITE, &cred3, NULL, NULL, NULL); if (maj_stat != GSS_S_COMPLETE) gss_err(1, min_stat, "add_cred 2 %d != GSS_S_COMPLETE", (int)maj_stat); maj_stat = gss_release_cred(&min_stat, &cred2); if (maj_stat != GSS_S_COMPLETE) gss_err(1, min_stat, "release 2 %d != GSS_S_COMPLETE", (int)maj_stat); maj_stat = gss_release_cred(&min_stat, &cred3); if (maj_stat != GSS_S_COMPLETE) gss_err(1, min_stat, "release 3 %d != GSS_S_COMPLETE", (int)maj_stat); }
/** @internal * @frees a gssapi context */ static void ssh_gssapi_free(ssh_session session){ OM_uint32 min; if (session->gssapi == NULL) return; SAFE_FREE(session->gssapi->user); SAFE_FREE(session->gssapi->mech.elements); gss_release_cred(&min,&session->gssapi->server_creds); if (session->gssapi->client.creds != session->gssapi->client.client_deleg_creds) { gss_release_cred(&min, &session->gssapi->client.creds); } SAFE_FREE(session->gssapi); }
/* Privileged */ int ssh_gssapi_userok(char *user, struct passwd *pw) { OM_uint32 lmin; if (gssapi_client.exportedname.length == 0 || gssapi_client.exportedname.value == NULL) { debug("No suitable client data"); return 0; } if (gssapi_client.mech && gssapi_client.mech->userok) if ((*gssapi_client.mech->userok)(&gssapi_client, user)) { gssapi_client.used = 1; gssapi_client.store.owner = pw; return 1; } else { /* Destroy delegated credentials if userok fails */ gss_release_buffer(&lmin, &gssapi_client.displayname); gss_release_buffer(&lmin, &gssapi_client.exportedname); gss_release_cred(&lmin, &gssapi_client.creds); memset(&gssapi_client, 0, sizeof(ssh_gssapi_client)); return 0; } else debug("ssh_gssapi_userok: Unknown GSSAPI mechanism"); return (0); }
VOID SMBGSSContextFree( HANDLE hSMBGSSContext ) { DWORD dwMinorStatus = 0; PSMB_GSS_SEC_CONTEXT pContext = (PSMB_GSS_SEC_CONTEXT)hSMBGSSContext; if (pContext) { if (pContext->target_name != NULL) { gss_release_name(&dwMinorStatus, &pContext->target_name); } if (pContext->pGSSContext && (*pContext->pGSSContext != GSS_C_NO_CONTEXT)) { gss_delete_sec_context( &dwMinorStatus, pContext->pGSSContext, GSS_C_NO_BUFFER); LwIoFreeMemory(pContext->pGSSContext); } if (pContext->credHandle) { gss_release_cred(&dwMinorStatus, &pContext->credHandle); } LwIoFreeMemory(pContext); } }
int gfarmGssDeleteCredential(gss_cred_id_t *credPtr, OM_uint32 *majStatPtr, OM_uint32 *minStatPtr) { OM_uint32 majStat = 0; OM_uint32 minStat = 0; int ret = -1; majStat = gss_release_cred(&minStat, credPtr); if (majStat == GSS_S_COMPLETE) ret = 1; /* valid */ if (majStatPtr != NULL) *majStatPtr = majStat; if (minStatPtr != NULL) *minStatPtr = minStat; if (ret == -1) { gflog_debug(GFARM_MSG_1000791, "failed to delete credential (%u)(%u)", majStat, minStat); } return ret; }
zmq::gssapi_client_t::~gssapi_client_t () { if(service_name) free (service_name); if(cred) gss_release_cred(&min_stat, &cred); }
static void acquire_release_loop(gss_name_t name, int counter, gss_cred_usage_t usage) { OM_uint32 maj_stat, min_stat; gss_cred_id_t cred; int i; for (i = 0; i < counter; i++) { maj_stat = gss_acquire_cred(&min_stat, name, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, usage, &cred, NULL, NULL); if (maj_stat != GSS_S_COMPLETE) gss_err(1, min_stat, "aquire %d %d != GSS_S_COMPLETE", i, (int)maj_stat); maj_stat = gss_release_cred(&min_stat, &cred); if (maj_stat != GSS_S_COMPLETE) gss_err(1, min_stat, "release %d %d != GSS_S_COMPLETE", i, (int)maj_stat); } }
int main() { OM_uint32 minor_status; OM_uint32 major_status; gss_cred_id_t cred; char * error_str; int rc = EXIT_SUCCESS; printf("1..1\n"); globus_module_activate(GLOBUS_GSI_GSS_ASSIST_MODULE); globus_module_activate(GLOBUS_GSI_GSSAPI_MODULE); major_status = gss_acquire_cred( &minor_status, NULL, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, GSS_C_BOTH, &cred, NULL, NULL); if(GSS_ERROR(major_status)) { globus_gss_assist_display_status_str(&error_str, NULL, major_status, minor_status, 0); fprintf(stderr, "\nLINE %d ERROR: %s\n", __LINE__, error_str); free(error_str); rc = EXIT_FAILURE; goto fail; } major_status = gss_release_cred( &minor_status, &cred); if(GSS_ERROR(major_status)) { globus_gss_assist_display_status_str(&error_str, NULL, major_status, minor_status, 0); fprintf(stderr, "\nLINE %d ERROR: %s\n", __LINE__, error_str); free(error_str); rc = EXIT_FAILURE; goto fail; } fail: printf("%s gssapi_acquire_test\n", (rc == EXIT_SUCCESS) ? "ok" : "not ok"); globus_module_deactivate_all(); return rc; }
static int gensec_gssapi_destructor(struct gensec_gssapi_state *gensec_gssapi_state) { OM_uint32 min_stat; if (gensec_gssapi_state->delegated_cred_handle != GSS_C_NO_CREDENTIAL) { gss_release_cred(&min_stat, &gensec_gssapi_state->delegated_cred_handle); } if (gensec_gssapi_state->gssapi_context != GSS_C_NO_CONTEXT) { gss_delete_sec_context(&min_stat, &gensec_gssapi_state->gssapi_context, GSS_C_NO_BUFFER); } if (gensec_gssapi_state->server_name != GSS_C_NO_NAME) { gss_release_name(&min_stat, &gensec_gssapi_state->server_name); } if (gensec_gssapi_state->client_name != GSS_C_NO_NAME) { gss_release_name(&min_stat, &gensec_gssapi_state->client_name); } return 0; }
static void test_add(gss_cred_id_t cred_handle) { OM_uint32 major_status, minor_status; gss_cred_id_t copy_cred; OM_uint32 time_rec; major_status = gss_add_cred (&minor_status, cred_handle, GSS_C_NO_NAME, GSS_KRB5_MECHANISM, GSS_C_INITIATE, 0, 0, ©_cred, NULL, &time_rec, NULL); if (GSS_ERROR(major_status)) errx(1, "add_cred failed"); print_time(time_rec); major_status = gss_release_cred(&minor_status, ©_cred); if (GSS_ERROR(major_status)) errx(1, "release_cred failed"); }
static void copy_cred(void) { OM_uint32 major_status, minor_status; gss_cred_id_t cred_handle; OM_uint32 time_rec; major_status = gss_acquire_cred(&minor_status, GSS_C_NO_NAME, 0, NULL, GSS_C_INITIATE, &cred_handle, NULL, &time_rec); if (GSS_ERROR(major_status)) errx(1, "acquire_cred failed"); print_time(time_rec); test_add(cred_handle); test_add(cred_handle); test_add(cred_handle); major_status = gss_release_cred(&minor_status, &cred_handle); if (GSS_ERROR(major_status)) errx(1, "release_cred failed"); }
uint32_t sapgss_release_cred( uint32_t *minor_status, gss_cred_id_t *cred_handle) { return gss_release_cred(minor_status, cred_handle); }
static void del_handle(struct handle **h, int32_t idx) { OM_uint32 min_stat; if (idx == 0) return; while (*h) { if ((*h)->idx == idx) { struct handle *p = *h; *h = (*h)->next; switch(p->type) { case handle_context: { gss_ctx_id_t c = p->ptr; gss_delete_sec_context(&min_stat, &c, NULL); break; } case handle_cred: { gss_cred_id_t c = p->ptr; gss_release_cred(&min_stat, &c); break; } } free(p); return; } h = &((*h)->next); } errx(1, "tried to delete an unexisting handle"); }
int GSI_SOCKET_check_creds(GSI_SOCKET *self) { gss_cred_id_t creds = GSS_C_NO_CREDENTIAL; int return_value = GSI_SOCKET_ERROR; if (self == NULL) { return GSI_SOCKET_ERROR; } self->major_status = globus_gss_assist_acquire_cred(&self->minor_status, GSS_C_BOTH, &creds); if (self->major_status != GSS_S_COMPLETE) { goto error; } /* Success */ return_value = GSI_SOCKET_SUCCESS; error: if (creds != GSS_C_NO_CREDENTIAL) { OM_uint32 minor_status; gss_release_cred(&minor_status, &creds); } return return_value; }
static void pamGssCleanupCred(pam_handle_t *pamh, void *data, int error_status) { OM_uint32 minor; gss_release_cred(&minor, (gss_cred_id_t *)&data); }
/* Privileged */ int ssh_gssapi_userok(char *user) { OM_uint32 lmin; if (gssapi_client.exportedname.length == 0 || gssapi_client.exportedname.value == NULL) { debug("No suitable client data"); return 0; } if (gssapi_client.mech && gssapi_client.mech->userok) if ((*gssapi_client.mech->userok)(&gssapi_client, user)) return 1; else { /* Destroy delegated credentials if userok fails */ gss_release_buffer(&lmin, &gssapi_client.displayname); gss_release_buffer(&lmin, &gssapi_client.exportedname); gss_release_cred(&lmin, &gssapi_client.creds); explicit_bzero(&gssapi_client, sizeof(ssh_gssapi_client)); return 0; } else debug("ssh_gssapi_userok: Unknown GSSAPI mechanism"); return (0); }
gss_client_response *authenticate_gss_server_clean(gss_server_state *state) { OM_uint32 min_stat; int ret = AUTH_GSS_COMPLETE; gss_client_response *response = NULL; if (state->context != GSS_C_NO_CONTEXT) gss_delete_sec_context(&min_stat, &state->context, GSS_C_NO_BUFFER); if (state->server_name != GSS_C_NO_NAME) gss_release_name(&min_stat, &state->server_name); if (state->client_name != GSS_C_NO_NAME) gss_release_name(&min_stat, &state->client_name); if (state->server_creds != GSS_C_NO_CREDENTIAL) gss_release_cred(&min_stat, &state->server_creds); if (state->client_creds != GSS_C_NO_CREDENTIAL) gss_release_cred(&min_stat, &state->client_creds); if (state->username != NULL) { free(state->username); state->username = NULL; } if (state->targetname != NULL) { free(state->targetname); state->targetname = NULL; } if (state->response != NULL) { free(state->response); state->response = NULL; } if (state->delegated_credentials_cache) { // TODO: what about actually destroying the cache? It can't be done now as // the whole point is having it around for the lifetime of the "session" free(state->delegated_credentials_cache); } if(response == NULL) { response = calloc(1, sizeof(gss_client_response)); if(response == NULL) die1("Memory allocation failed"); response->return_code = ret; } // Return the response return response; }
static gboolean kill_pending_client(struct pending_client *pc) { #ifdef HAVE_GSSAPI guint32 major_status, minor_status; #endif pc->listener->pending = g_list_remove(pc->listener->pending, pc); g_source_remove(pc->watch_id); #ifdef HAVE_GSSAPI if (pc->authn_name != GSS_C_NO_NAME) { major_status = gss_release_name(&minor_status, &pc->authn_name); if (GSS_ERROR(major_status)) { log_gssapi(pc->listener, LOG_WARNING, "releasing name", major_status, minor_status); gssapi_fail(pc); } } if (pc->gss_ctx != GSS_C_NO_CONTEXT) { major_status = gss_delete_sec_context(&minor_status, &pc->gss_ctx, GSS_C_NO_BUFFER); if (GSS_ERROR(major_status)) { log_gssapi(pc->listener, LOG_WARNING, "deleting context name", major_status, minor_status); gssapi_fail(pc); } } if (pc->service_cred != GSS_C_NO_CREDENTIAL) { major_status = gss_release_cred(&minor_status, &pc->service_cred); if (GSS_ERROR(major_status)) { log_gssapi(pc->listener, LOG_WARNING, "releasing credentials", major_status, minor_status); return FALSE; } } if (pc->gss_service != GSS_C_NO_NAME) { guint32 major_status, minor_status; major_status = gss_release_name(&minor_status, &pc->gss_service); if (GSS_ERROR(major_status)) { log_gssapi(pc->listener, LOG_WARNING, "releasing name", major_status, minor_status); return FALSE; } } #endif g_free(pc->clientname); g_free(pc); return TRUE; }
zmq::gssapi_server_t::~gssapi_server_t () { if(cred) gss_release_cred(&min_stat, &cred); if(target_name) gss_release_name(&min_stat, &target_name); }
/* * Function: auth_gssapi_destroy * * Purpose: Destroy a GSS-API authentication structure. * * Effects: This function destroys the GSS-API authentication * context, and sends a message to the server instructing it to * invokte gss_process_token() and thereby destroy its corresponding * context. Since the client doesn't really care whether the server * gets this message, no failures are reported. */ static void auth_gssapi_destroy(AUTH *auth) { struct timeval timeout; OM_uint32 gssstat, minor_stat; gss_cred_id_t cred; int callstat; if (AUTH_PRIVATE(auth)->client_handle.length == 0) { PRINTF(("gssapi_destroy: no client_handle, not calling destroy\n")); goto skip_call; } PRINTF(("gssapi_destroy: marshalling new creds\n")); if (!marshall_new_creds(auth, TRUE, &AUTH_PRIVATE(auth)->client_handle)) { PRINTF(("gssapi_destroy: marshall_new_creds failed\n")); goto skip_call; } PRINTF(("gssapi_destroy: calling GSSAPI_DESTROY\n")); timeout.tv_sec = 1; timeout.tv_usec = 0; callstat = clnt_call(AUTH_PRIVATE(auth)->clnt, AUTH_GSSAPI_DESTROY, xdr_void, NULL, xdr_void, NULL, timeout); if (callstat != RPC_SUCCESS) clnt_sperror(AUTH_PRIVATE(auth)->clnt, "gssapi_destroy: GSSAPI_DESTROY failed"); skip_call: PRINTF(("gssapi_destroy: deleting context\n")); gssstat = gss_delete_sec_context(&minor_stat, &AUTH_PRIVATE(auth)->context, NULL); if (gssstat != GSS_S_COMPLETE) AUTH_GSSAPI_DISPLAY_STATUS(("deleting context", gssstat, minor_stat)); if (AUTH_PRIVATE(auth)->def_cred) { cred = GSS_C_NO_CREDENTIAL; gssstat = gss_release_cred(&minor_stat, &cred); if (gssstat != GSS_S_COMPLETE) AUTH_GSSAPI_DISPLAY_STATUS(("deleting default credential", gssstat, minor_stat)); } if (AUTH_PRIVATE(auth)->client_handle.length != 0) gss_release_buffer(&minor_stat, &AUTH_PRIVATE(auth)->client_handle); #if 0 PRINTF(("gssapi_destroy: calling GSSAPI_EXIT\n")); AUTH_PRIVATE(auth)->established = FALSE; callstat = clnt_call(AUTH_PRIVATE(auth)->clnt, AUTH_GSSAPI_EXIT, xdr_void, NULL, xdr_void, NULL, timeout); #endif free(auth->ah_private); free(auth); PRINTF(("gssapi_destroy: done\n")); }
GSSCredential::~GSSCredential() { if (credential != GSS_C_NO_CREDENTIAL) { OM_uint32 majstat, minstat; majstat = gss_release_cred(&minstat, &credential); if (GSS_ERROR(majstat)) { logger.msg(DEBUG, "Failed to release GSS credential " "(major: %d, minor: %d):%s", majstat, minstat, ErrorStr(majstat, minstat)); return; } } }
static int auth_globus_assert(struct link *link, time_t stoptime) { int rc; gss_cred_id_t credential = GSS_C_NO_CREDENTIAL; gss_ctx_id_t context = GSS_C_NO_CONTEXT; OM_uint32 major, minor, flags = 0; int token; char *reason = NULL; globus_module_activate(GLOBUS_GSI_GSS_ASSIST_MODULE); if(use_delegated_credential && delegated_credential != GSS_C_NO_CREDENTIAL) { debug(D_AUTH, "globus: using delegated credential"); credential = delegated_credential; major = GSS_S_COMPLETE; } else { debug(D_AUTH, "globus: loading my credentials"); major = globus_gss_assist_acquire_cred(&minor, GSS_C_INITIATE, &credential); } if(major == GSS_S_COMPLETE) { debug(D_AUTH, "globus: waiting for server to get ready"); if(auth_barrier(link, "yes\n", stoptime) == 0) { debug(D_AUTH, "globus: authenticating with server"); major = globus_gss_assist_init_sec_context(&minor, credential, &context, "GSI-NO-TARGET", 0, &flags, &token, read_token, link, write_token, link); if(major == GSS_S_COMPLETE) { debug(D_AUTH, "globus: credentials accepted!"); gss_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER); } else { globus_gss_assist_display_status_str(&reason, "", major, minor, token); debug(D_AUTH, "globus: credentials rejected: %s", reason ? reason : "unknown reason"); THROW_QUIET(EACCES); } } else { debug(D_AUTH, "globus: server couldn't load credentials"); THROW_QUIET(EACCES); } } else { debug(D_AUTH, "globus: couldn't load my credentials; did you grid-proxy-init?"); auth_barrier(link, "no\n", stoptime); THROW_QUIET(EACCES); } rc = 0; goto out; out: if(!use_delegated_credential) { gss_release_cred(&major, &credential); } globus_module_deactivate(GLOBUS_GSI_GSS_ASSIST_MODULE); free(reason); return RCUNIX(rc); }
void export_import_cred(gss_cred_id_t *cred) { OM_uint32 major, minor; gss_buffer_desc buf; major = gss_export_cred(&minor, *cred, &buf); check_gsserr("gss_export_cred", major, minor); (void)gss_release_cred(&minor, cred); major = gss_import_cred(&minor, &buf, cred); check_gsserr("gss_import_cred", major, minor); (void)gss_release_buffer(&minor, &buf); }
static void common_free_gss_state(struct smb_tran_enc_state_gss **pp_gss_state) { OM_uint32 minor = 0; struct smb_tran_enc_state_gss *gss_state = *pp_gss_state; if (gss_state->creds != GSS_C_NO_CREDENTIAL) { gss_release_cred(&minor, &gss_state->creds); } if (gss_state->gss_ctx != GSS_C_NO_CONTEXT) { gss_delete_sec_context(&minor, &gss_state->gss_ctx, NULL); } SAFE_FREE(*pp_gss_state); }
static int auth_globus_accept(struct link *link, char **subject, time_t stoptime) { gss_cred_id_t credential = GSS_C_NO_CREDENTIAL; gss_ctx_id_t context = GSS_C_NO_CONTEXT; OM_uint32 major, minor, flags = 0; int token; int success = 0; globus_module_activate(GLOBUS_GSI_GSS_ASSIST_MODULE); *subject = 0; debug(D_AUTH, "globus: loading my credentials"); major = globus_gss_assist_acquire_cred(&minor, GSS_C_ACCEPT, &credential); if(major == GSS_S_COMPLETE) { debug(D_AUTH, "globus: waiting for client to get ready"); if(auth_barrier(link, "yes\n", stoptime) == 0) { delegated_credential = GSS_C_NO_CREDENTIAL; debug(D_AUTH, "globus: authenticating client"); major = globus_gss_assist_accept_sec_context(&minor, &context, credential, subject, &flags, 0, &token, &delegated_credential, read_token, link, write_token, link); if(major == GSS_S_COMPLETE) { debug(D_AUTH, "globus: accepted client %s", *subject); if(delegated_credential != GSS_C_NO_CREDENTIAL) { debug(D_AUTH, "globus: client delegated its credentials"); } success = 1; gss_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER); } else { char *reason; globus_gss_assist_display_status_str(&reason, "", major, minor, token); if(!reason) reason = xxstrdup("unknown reason"); debug(D_AUTH, "globus: couldn't authenticate client: %s", reason); if(reason) free(reason); } } else { debug(D_AUTH, "globus: client couldn't load credentials"); } gss_release_cred(&major, &credential); } else { debug(D_AUTH, "globus: couldn't load my credentials: did you run grid-proxy-init?"); auth_barrier(link, "no\n", stoptime); } globus_module_deactivate(GLOBUS_GSI_GSS_ASSIST_MODULE); return success; }
static gss_cred_id_t acquire_cred_service(const char *service, gss_OID nametype, gss_OID_set oidset, gss_cred_usage_t usage, gss_const_key_value_set_t cred_store) { OM_uint32 major_status, minor_status; gss_cred_id_t cred_handle; OM_uint32 time_rec; gss_buffer_desc name_buffer; gss_name_t name = GSS_C_NO_NAME; if (service) { name_buffer.value = rk_UNCONST(service); name_buffer.length = strlen(service); major_status = gss_import_name(&minor_status, &name_buffer, nametype, &name); if (GSS_ERROR(major_status)) errx(1, "import_name failed"); } major_status = gss_acquire_cred_from(&minor_status, name, 0, oidset, usage, cred_store, &cred_handle, NULL, &time_rec); if (GSS_ERROR(major_status)) { warnx("acquire_cred failed: %s", gssapi_err(major_status, minor_status, GSS_C_NO_OID)); } else { print_time(time_rec); gss_release_cred(&minor_status, &cred_handle); } if (name != GSS_C_NO_NAME) gss_release_name(&minor_status, &name); if (GSS_ERROR(major_status)) exit(1); return cred_handle; }
static void empty_release(void) { gss_ctx_id_t ctx = GSS_C_NO_CONTEXT; gss_cred_id_t cred = GSS_C_NO_CREDENTIAL; gss_name_t name = GSS_C_NO_NAME; gss_OID_set oidset = GSS_C_NO_OID_SET; OM_uint32 junk; gss_delete_sec_context(&junk, &ctx, NULL); gss_release_cred(&junk, &cred); gss_release_name(&junk, &name); gss_release_oid_set(&junk, &oidset); }