void internal_release_buffer(
gss_buffer_desc * buffer)
{
char * error_str = NULL;
OM_uint32 maj_stat, min_stat;
maj_stat = gss_release_buffer(&min_stat, (gss_buffer_t) buffer);
if(maj_stat != GSS_S_COMPLETE)
{
globus_gsi_gssapi_test_print_error(stderr, maj_stat, min_stat);
globus_print_error((globus_result_t) min_stat);
exit(1);
}
}
int main()
{
OM_uint32 init_maj_stat;
OM_uint32 accept_maj_stat;
OM_uint32 maj_stat;
OM_uint32 min_stat;
OM_uint32 ret_flags;
OM_uint32 req_flags = 0;
OM_uint32 time_rec;
gss_buffer_desc send_tok;
gss_buffer_desc recv_tok;
gss_buffer_desc * token_ptr;
gss_OID mech_type;
gss_name_t target_name;
gss_ctx_id_t init_context;
gss_ctx_id_t accept_context;
gss_ctx_id_t del_init_context;
gss_ctx_id_t del_accept_context;
gss_cred_id_t delegated_cred;
gss_cred_id_t imported_cred;
gss_cred_id_t cred_handle;
char * error_str;
globus_result_t result;
globus_gsi_cert_utils_cert_type_t cert_type;
int rc = EXIT_SUCCESS;
printf("1..1\n");
/* Activate Modules */
globus_module_activate(GLOBUS_GSI_GSSAPI_MODULE);
/* Initialize variables */
token_ptr = GSS_C_NO_BUFFER;
init_context = GSS_C_NO_CONTEXT;
accept_context = GSS_C_NO_CONTEXT;
del_init_context = GSS_C_NO_CONTEXT;
del_accept_context = GSS_C_NO_CONTEXT;
delegated_cred = GSS_C_NO_CREDENTIAL;
accept_maj_stat = GSS_S_CONTINUE_NEEDED;
ret_flags = 0;
req_flags |= GSS_C_GLOBUS_LIMITED_DELEG_PROXY_FLAG;
/* acquire the credential */
maj_stat = gss_acquire_cred(&min_stat,
NULL,
GSS_C_INDEFINITE,
GSS_C_NO_OID_SET,
GSS_C_BOTH,
&cred_handle,
NULL,
NULL);
if(maj_stat != GSS_S_COMPLETE)
{
globus_gsi_gssapi_test_print_error(stderr, maj_stat, min_stat);
rc = EXIT_FAILURE;
goto fail;
}
/* get the subject name */
maj_stat = gss_inquire_cred(&min_stat,
cred_handle,
&target_name,
NULL,
NULL,
NULL);
if(maj_stat != GSS_S_COMPLETE)
{
globus_gsi_gssapi_test_print_error(stderr, maj_stat, min_stat);
rc = EXIT_FAILURE;
goto fail;
}
/* set up the first security context */
init_maj_stat = gss_init_sec_context(&min_stat,
cred_handle,
&init_context,
target_name,
GSS_C_NULL_OID,
0,
0,
GSS_C_NO_CHANNEL_BINDINGS,
token_ptr,
NULL,
&send_tok,
NULL,
NULL);
if(init_maj_stat != GSS_S_CONTINUE_NEEDED)
{
globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat);
rc = EXIT_FAILURE;
goto fail;
}
while(1)
{
accept_maj_stat=gss_accept_sec_context(&min_stat,
&accept_context,
GSS_C_NO_CREDENTIAL,
&send_tok,
GSS_C_NO_CHANNEL_BINDINGS,
NULL,
&mech_type,
&recv_tok,
&ret_flags,
/* ignore time_rec */
NULL,
NULL);
if(accept_maj_stat != GSS_S_COMPLETE &&
accept_maj_stat != GSS_S_CONTINUE_NEEDED)
{
globus_gsi_gssapi_test_print_error(stderr, accept_maj_stat, min_stat);
rc = EXIT_FAILURE;
goto fail;
}
else if(accept_maj_stat == GSS_S_COMPLETE)
{
break;
}
init_maj_stat = gss_init_sec_context(&min_stat,
GSS_C_NO_CREDENTIAL,
&init_context,
target_name,
GSS_C_NULL_OID,
0,
0,
GSS_C_NO_CHANNEL_BINDINGS,
&recv_tok,
NULL,
&send_tok,
NULL,
NULL);
if(init_maj_stat != GSS_S_COMPLETE &&
init_maj_stat != GSS_S_CONTINUE_NEEDED)
{
globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat);
rc = EXIT_FAILURE;
goto fail;
}
}
printf("# %s:%d: Successfully established initial security context\n",
__FILE__,
__LINE__);
/* delegate our credential over the initial security context and
* insert a restriction extension into the delegated credential.
* This is a post GT 2.0 feature.
*/
init_maj_stat = gss_init_delegation(&min_stat,
init_context,
cred_handle,
GSS_C_NO_OID,
GSS_C_NO_OID_SET,
GSS_C_NO_BUFFER_SET,
token_ptr,
req_flags,
0,
&send_tok);
if(init_maj_stat != GSS_S_COMPLETE &&
init_maj_stat != GSS_S_CONTINUE_NEEDED)
{
globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat);
rc = EXIT_FAILURE;
goto fail;
}
while(1)
{
accept_maj_stat=gss_accept_delegation(&min_stat,
accept_context,
GSS_C_NO_OID_SET,
GSS_C_NO_BUFFER_SET,
&send_tok,
req_flags,
0,
&time_rec,
&delegated_cred,
&mech_type,
&recv_tok);
if(accept_maj_stat != GSS_S_COMPLETE &&
accept_maj_stat != GSS_S_CONTINUE_NEEDED)
{
globus_gsi_gssapi_test_print_error(stderr, accept_maj_stat, min_stat);
rc = EXIT_FAILURE;
goto fail;
}
else if(accept_maj_stat == GSS_S_COMPLETE)
{
break;
}
init_maj_stat = gss_init_delegation(&min_stat,
init_context,
cred_handle,
GSS_C_NO_OID,
GSS_C_NO_OID_SET,
GSS_C_NO_BUFFER_SET,
&recv_tok,
req_flags,
0,
&send_tok);
if(init_maj_stat != GSS_S_COMPLETE &&
init_maj_stat != GSS_S_CONTINUE_NEEDED)
{
globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat);
rc = EXIT_FAILURE;
goto fail;
}
}
printf("# %s:%d: Successfully delegated credential\n",
__FILE__,
__LINE__);
/* export and import the delegated credential */
/* this can be done both to a buffer and to a file */
/* New in GT 2.0 */
maj_stat = gss_export_cred(&min_stat,
delegated_cred,
GSS_C_NO_OID,
0,
&send_tok);
if(maj_stat != GSS_S_COMPLETE)
{
globus_gsi_gssapi_test_print_error(stderr, maj_stat, min_stat);
rc = EXIT_FAILURE;
goto fail;
}
maj_stat = gss_import_cred(&min_stat,
&imported_cred,
GSS_C_NO_OID,
0,
&send_tok,
0,
&time_rec);
if(maj_stat != GSS_S_COMPLETE)
{
globus_gsi_gssapi_test_print_error(stderr, maj_stat, min_stat);
rc = EXIT_FAILURE;
goto fail;
}
printf("# %s:%d: Successfully exported/imported the delegated credential\n",
__FILE__,
__LINE__);
/* set up another security context using the delegated credential */
init_maj_stat = gss_init_sec_context(&min_stat,
imported_cred,
&del_init_context,
target_name,
GSS_C_NULL_OID,
0,
0,
GSS_C_NO_CHANNEL_BINDINGS,
token_ptr,
NULL,
&send_tok,
NULL,
NULL);
if(init_maj_stat != GSS_S_COMPLETE &&
init_maj_stat != GSS_S_CONTINUE_NEEDED)
{
globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat);
rc = EXIT_FAILURE;
goto fail;
}
while(1)
{
accept_maj_stat=gss_accept_sec_context(&min_stat,
&del_accept_context,
imported_cred,
&send_tok,
GSS_C_NO_CHANNEL_BINDINGS,
NULL,
&mech_type,
&recv_tok,
&ret_flags,
/* ignore time_rec */
NULL,
NULL);
if(accept_maj_stat != GSS_S_COMPLETE &&
accept_maj_stat != GSS_S_CONTINUE_NEEDED)
{
globus_gsi_gssapi_test_print_error(stderr, accept_maj_stat, min_stat);
rc = EXIT_FAILURE;
goto fail;
}
else if(accept_maj_stat == GSS_S_COMPLETE)
{
break;
}
init_maj_stat = gss_init_sec_context(&min_stat,
imported_cred,
&del_init_context,
target_name,
GSS_C_NULL_OID,
0,
0,
GSS_C_NO_CHANNEL_BINDINGS,
&recv_tok,
NULL,
&send_tok,
NULL,
NULL);
if(init_maj_stat != GSS_S_COMPLETE &&
init_maj_stat != GSS_S_CONTINUE_NEEDED)
{
globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat);
rc = EXIT_FAILURE;
goto fail;
}
}
/* got sec context based on delegated cred now */
printf("# %s:%d: Successfully established security context with delegated credential\n",
__FILE__,
__LINE__);
/* Verify that the delegated credential is a limited proxy */
result = globus_gsi_cred_get_cert_type(
((gss_cred_id_desc *)imported_cred)->cred_handle,
&cert_type);
if(result != GLOBUS_SUCCESS)
{
char * error_str;
globus_object_t * error_obj;
error_obj = globus_error_get(result);
error_str = globus_error_print_chain(error_obj);
fprintf(stderr, "%s", error_str);
globus_libc_free(error_str);
globus_object_free(error_obj);
rc = EXIT_FAILURE;
goto fail;
}
if (! GLOBUS_GSI_CERT_UTILS_IS_LIMITED_PROXY(cert_type))
{
fprintf(stderr,
"Invalid certificate type. Expected a limited proxy, got %d\n",
(int) cert_type);
rc = EXIT_FAILURE;
goto fail;
}
fail:
printf("%s gssapi_limited_delegation_test\n",
(rc==EXIT_SUCCESS) ? "ok" : "not ok");
globus_module_deactivate_all();
exit(rc);
}
static
void
import_names()
{
OM_uint32 major_status, minor_status;
globus_gsi_cred_handle_t handle;
gss_buffer_desc buffer;
X509 * cert;
gss_OID_set name_types;
globus_result_t result;
globus_list_t *i, *j;
compare_name_test_case_t * test_case;
int present;
major_status = gss_inquire_names_for_mech(
&minor_status,
(gss_OID) globus_i_gss_mech_globus_gssapi_openssl,
&name_types);
if (major_status == GSS_S_COMPLETE)
{
major_status = gss_test_oid_set_member(
&minor_status,
GLOBUS_GSS_C_NT_X509,
name_types,
&present);
if (major_status == GSS_S_COMPLETE && present)
{
gss_l_x509_support = GLOBUS_TRUE;
}
major_status = gss_test_oid_set_member(
&minor_status,
GLOBUS_GSS_C_NT_HOST_IP,
name_types,
&present);
if (major_status == GSS_S_COMPLETE && present)
{
gss_l_host_ip_support = GLOBUS_TRUE;
}
major_status = gss_release_oid_set(&minor_status, &name_types);
}
for (i = test_cases; !globus_list_empty(i); i = globus_list_rest(i))
{
test_case = globus_list_first(i);
if (test_case->name1 == GSS_C_NO_NAME)
{
switch (test_case->name_type1)
{
case GSS_L_ANONYMOUS:
major_status = gss_import_name(&minor_status, &buffer, GSS_C_NT_ANONYMOUS, &test_case->name1);
if (major_status != GSS_S_COMPLETE)
{
fprintf(stderr, "Error importing <anonymous>\n");
globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status);
exit(-1);
}
break;
case GSS_L_NO_OID:
buffer.value = test_case->name_token1;
buffer.length = strlen(buffer.value);
major_status = gss_import_name(&minor_status, &buffer, GSS_C_NO_OID, &test_case->name1);
if (major_status != GSS_S_COMPLETE)
{
fprintf(stderr, "Error importing %s\n", test_case->name_token1);
globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status);
exit(-1);
}
break;
case GSS_L_HOSTBASED_SERVICE:
buffer.value = test_case->name_token1;
buffer.length = strlen(buffer.value);
major_status = gss_import_name(&minor_status, &buffer, GSS_C_NT_HOSTBASED_SERVICE, &test_case->name1);
if (major_status != GSS_S_COMPLETE)
{
fprintf(stderr, "Error importing %s\n", test_case->name_token1);
globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status);
exit(-1);
}
break;
case GSS_L_HOST_IP:
if (gss_l_host_ip_support)
{
buffer.value = test_case->name_token1;
buffer.length = strlen(buffer.value);
major_status = gss_import_name(&minor_status, &buffer, GLOBUS_GSS_C_NT_HOST_IP, &test_case->name1);
if (major_status != GSS_S_COMPLETE)
{
fprintf(stderr, "Error importing %s\n", test_case->name_token1);
globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status);
exit(-1);
}
}
break;
case GSS_L_X509:
if (gss_l_x509_support)
{
result = globus_gsi_cred_handle_init(&handle, NULL);
if (result != GLOBUS_SUCCESS)
{
globus_gsi_gssapi_test_print_result(stderr, result);
exit(-1);
}
result = globus_gsi_cred_read_cert(handle, test_case->name_token1);
if (result != GLOBUS_SUCCESS)
{
globus_gsi_gssapi_test_print_result(stderr, result);
exit(-2);
}
result = globus_gsi_cred_get_cert(handle, &cert);
buffer.value = cert;
buffer.length = sizeof(X509);
major_status = gss_import_name(&minor_status, &buffer, GLOBUS_GSS_C_NT_X509, &test_case->name1);
if (major_status != GSS_S_COMPLETE)
{
fprintf(stderr, "Error importing %s\n", test_case->name_token1);
globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status);
exit(-1);
}
X509_free(cert);
globus_gsi_cred_handle_destroy(handle);
}
break;
}
for (j = i; !globus_list_empty(j); j = globus_list_rest(j))
{
compare_name_test_case_t *test_case2 = globus_list_first(j);
if (test_case->name_type1 == test_case2->name_type1 &&
test_case->name_token1 && test_case2->name_token1 &&
strcmp(test_case->name_token1, test_case2->name_token1) == 0 &&
test_case2->name1 == GSS_C_NO_NAME)
{
test_case2->name1 = test_case->name1;
}
if (test_case->name_type1 == test_case2->name_type2 &&
test_case->name_token1 && test_case2->name_token2 &&
strcmp(test_case->name_token1, test_case2->name_token2) == 0 &&
test_case2->name2 == GSS_C_NO_NAME)
{
test_case2->name2 = test_case->name1;
}
}
}
if (test_case->name2 == GSS_C_NO_NAME)
{
switch (test_case->name_type2)
{
case GSS_L_ANONYMOUS:
major_status = gss_import_name(&minor_status, &buffer, GSS_C_NT_ANONYMOUS, &test_case->name2);
if (major_status != GSS_S_COMPLETE)
{
fprintf(stderr, "Error importing <anonymous>\n");
globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status);
exit(-1);
}
break;
case GSS_L_NO_OID:
buffer.value = test_case->name_token2;
buffer.length = strlen(buffer.value);
major_status = gss_import_name(&minor_status, &buffer, GSS_C_NO_OID, &test_case->name2);
if (major_status != GSS_S_COMPLETE)
{
fprintf(stderr, "Error importing %s\n", test_case->name_token2);
globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status);
exit(-1);
}
break;
case GSS_L_HOSTBASED_SERVICE:
buffer.value = test_case->name_token2;
buffer.length = strlen(buffer.value);
major_status = gss_import_name(&minor_status, &buffer, GSS_C_NT_HOSTBASED_SERVICE, &test_case->name2);
if (major_status != GSS_S_COMPLETE)
{
fprintf(stderr, "Error importing %s\n", test_case->name_token2);
globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status);
exit(-1);
}
break;
case GSS_L_HOST_IP:
if (gss_l_host_ip_support)
{
buffer.value = test_case->name_token2;
buffer.length = strlen(buffer.value);
major_status = gss_import_name(&minor_status, &buffer, GLOBUS_GSS_C_NT_HOST_IP, &test_case->name2);
if (major_status != GSS_S_COMPLETE)
{
fprintf(stderr, "Error importing %s\n", test_case->name_token2);
globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status);
exit(-1);
}
}
break;
case GSS_L_X509:
if (gss_l_x509_support)
{
result = globus_gsi_cred_handle_init(&handle, NULL);
if (result != GLOBUS_SUCCESS)
{
globus_gsi_gssapi_test_print_result(stderr, result);
exit(-1);
}
result = globus_gsi_cred_read_cert(handle, test_case->name_token2);
if (result != GLOBUS_SUCCESS)
{
globus_gsi_gssapi_test_print_result(stderr, result);
exit(-2);
}
result = globus_gsi_cred_get_cert(handle, &cert);
buffer.value = cert;
buffer.length = sizeof(X509);
major_status = gss_import_name(&minor_status, &buffer, GLOBUS_GSS_C_NT_X509, &test_case->name2);
if (major_status != GSS_S_COMPLETE)
{
fprintf(stderr, "Error importing %s\n", test_case->name_token2);
globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status);
exit(-1);
}
X509_free(cert);
globus_gsi_cred_handle_destroy(handle);
}
break;
}
for (j = i; !globus_list_empty(j); j = globus_list_rest(j))
{
compare_name_test_case_t *test_case2 = globus_list_first(j);
if (test_case->name_type2 == test_case2->name_type1 &&
test_case->name_token2 && test_case2->name_token1 &&
strcmp(test_case->name_token2, test_case2->name_token1) == 0 &&
test_case2->name1 == GSS_C_NO_NAME)
{
test_case2->name1 = test_case->name2;
}
if (test_case->name_type2 == test_case2->name_type2 &&
test_case->name_token2 && test_case2->name_token2 &&
strcmp(test_case->name_token2, test_case2->name_token2) == 0 &&
test_case2->name2 == GSS_C_NO_NAME)
{
test_case2->name2 = test_case->name2;
}
}
}
}
}
int main(int argc, char * argv[])
{
int rc = 0, c = 0, failed = 0;
OM_uint32 major_status, minor_status;
int name_equal;
globus_list_t *i;
compare_name_test_case_t * test_case;
globus_module_descriptor_t *modules[] =
{
GLOBUS_COMMON_MODULE,
GLOBUS_GSI_GSSAPI_MODULE,
GLOBUS_GSI_CREDENTIAL_MODULE,
NULL
}, *failed_module = NULL;
if (argc != 2)
{
fprintf(stderr, "%s test-case-file\n", argv[0]);
exit(-1);
}
rc = globus_module_activate_array(modules, &failed_module);
if (rc != 0)
{
exit(-1);
}
globus_l_gss_read_test_cases(argv[1]);
import_names();
printf("1..%d\n", globus_list_size(test_cases));
for (i = test_cases; !globus_list_empty(i); i = globus_list_rest(i))
{
test_case = globus_list_first(i);
if ((!gss_l_host_ip_support) &&
(test_case->name_type1 == GSS_L_HOST_IP ||
test_case->name_type2 == GSS_L_HOST_IP))
{
printf("ok %d # skip !gss_l_host_ip_support\n", ++c);
fflush(stdout);
continue;
}
if ((!gss_l_x509_support) &&
(test_case->name_type1 == GSS_L_X509 ||
test_case->name_type2 == GSS_L_X509))
{
printf("ok %d # skip !gss_l_x509_support\n", ++c);
fflush(stdout);
continue;
}
rc = 0;
major_status = gss_compare_name(
&minor_status, test_case->name1, test_case->name2, &name_equal);
if (GSS_ERROR(major_status))
{
globus_gsi_gssapi_test_print_error(
stderr, major_status, minor_status);
rc = 1;
}
else if (name_equal != test_case->expectation)
{
globus_l_gss_test_print_name_error(
stderr,
test_case->name1, test_case->name_type1,
test_case->name2, test_case->name_type2,
test_case->expectation);
rc = 2;
}
major_status = gss_compare_name(
&minor_status, test_case->name2, test_case->name1, &name_equal);
if (GSS_ERROR(major_status))
{
globus_gsi_gssapi_test_print_error(
stderr, major_status, minor_status);
rc = 3;
}
else if (name_equal != test_case->expectation)
{
globus_l_gss_test_print_name_error(
stderr,
test_case->name2, test_case->name_type2,
test_case->name1, test_case->name_type1,
test_case->expectation);
rc = 4;
}
c++;
if (rc == 0)
{
printf("ok %s\n", test_case->test_name);
}
else
{
failed++;
printf("not ok %d %s\n", c, test_case->test_name);
}
fflush(stdout);
}
globus_l_gss_free_test_cases();
return failed;
}
int main()
{
OM_uint32 init_maj_stat;
OM_uint32 accept_maj_stat;
OM_uint32 maj_stat;
OM_uint32 min_stat;
OM_uint32 ret_flags;
OM_uint32 req_flags = 0;
OM_uint32 time_rec;
gss_buffer_desc send_tok;
gss_buffer_desc recv_tok;
gss_buffer_desc * token_ptr;
gss_OID mech_type;
gss_name_t target_name;
gss_ctx_id_t init_context;
gss_ctx_id_t accept_context;
gss_ctx_id_t del_init_context;
gss_ctx_id_t del_accept_context;
gss_cred_id_t delegated_cred;
gss_cred_id_t imported_cred;
gss_cred_id_t cred_handle;
char * error_str;
int rc = EXIT_SUCCESS;
printf("1..1\n");
/* Initialize variables */
token_ptr = GSS_C_NO_BUFFER;
init_context = GSS_C_NO_CONTEXT;
accept_context = GSS_C_NO_CONTEXT;
del_init_context = GSS_C_NO_CONTEXT;
del_accept_context = GSS_C_NO_CONTEXT;
delegated_cred = GSS_C_NO_CREDENTIAL;
accept_maj_stat = GSS_S_CONTINUE_NEEDED;
ret_flags = 0;
req_flags |= GSS_C_GLOBUS_SSL_COMPATIBLE;
/* Activate Modules */
globus_module_activate(GLOBUS_GSI_GSSAPI_MODULE);
maj_stat = gss_acquire_cred(&min_stat,
NULL,
GSS_C_INDEFINITE,
GSS_C_NO_OID_SET,
GSS_C_BOTH,
&cred_handle,
NULL,
NULL);
if(maj_stat != GSS_S_COMPLETE)
{
globus_gsi_gssapi_test_print_error(stderr, maj_stat, min_stat);
globus_print_error((globus_result_t) min_stat);
rc = EXIT_FAILURE;
goto fail;
}
/* get the subject name */
maj_stat = gss_inquire_cred(&min_stat,
cred_handle,
&target_name,
NULL,
NULL,
NULL);
if(maj_stat != GSS_S_COMPLETE)
{
globus_gsi_gssapi_test_print_error(stderr, maj_stat, min_stat);
globus_print_error((globus_result_t) min_stat);
rc = EXIT_FAILURE;
goto fail;
}
/* set up the first security context */
init_maj_stat = gss_init_sec_context(&min_stat,
cred_handle,
&init_context,
target_name,
GSS_C_NULL_OID,
0,
0,
GSS_C_NO_CHANNEL_BINDINGS,
token_ptr,
NULL,
&send_tok,
NULL,
NULL);
if(init_maj_stat != GSS_S_CONTINUE_NEEDED)
{
globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat);
globus_print_error((globus_result_t) min_stat);
rc = EXIT_FAILURE;
goto fail;
}
while(1)
{
accept_maj_stat=gss_accept_sec_context(&min_stat,
&accept_context,
GSS_C_NO_CREDENTIAL,
&send_tok,
GSS_C_NO_CHANNEL_BINDINGS,
NULL,
&mech_type,
&recv_tok,
&ret_flags,
/* ignore time_rec */
NULL,
NULL);
if(accept_maj_stat != GSS_S_COMPLETE &&
accept_maj_stat != GSS_S_CONTINUE_NEEDED)
{
globus_gsi_gssapi_test_print_error(stderr, accept_maj_stat, min_stat);
globus_print_error((globus_result_t) min_stat);
rc = EXIT_FAILURE;
goto fail;
}
else if(accept_maj_stat == GSS_S_COMPLETE)
{
break;
}
init_maj_stat = gss_init_sec_context(&min_stat,
GSS_C_NO_CREDENTIAL,
&init_context,
target_name,
GSS_C_NULL_OID,
0,
0,
GSS_C_NO_CHANNEL_BINDINGS,
&recv_tok,
NULL,
&send_tok,
NULL,
NULL);
if(init_maj_stat != GSS_S_COMPLETE &&
init_maj_stat != GSS_S_CONTINUE_NEEDED)
{
globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat);
globus_print_error((globus_result_t) min_stat);
rc = EXIT_FAILURE;
goto fail;
}
}
printf("# %s:%d: Successfully established initial security context\n",
__FILE__,
__LINE__);
init_maj_stat = gss_init_delegation(&min_stat,
init_context,
cred_handle,
GSS_C_NO_OID,
GSS_C_NO_OID_SET,
GSS_C_NO_BUFFER_SET,
token_ptr,
req_flags,
0,
&send_tok);
if(init_maj_stat != GSS_S_COMPLETE &&
init_maj_stat != GSS_S_CONTINUE_NEEDED)
{
globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat);
globus_print_error((globus_result_t) min_stat);
rc = EXIT_FAILURE;
goto fail;
}
internal_release_buffer(&recv_tok);
maj_stat = gss_wrap(&min_stat,
init_context,
0,
GSS_C_QOP_DEFAULT,
&send_tok,
NULL,
&recv_tok);
if(maj_stat != GSS_S_COMPLETE)
{
globus_gsi_gssapi_test_print_error(stderr, maj_stat, min_stat);
globus_print_error((globus_result_t) min_stat);
rc = EXIT_FAILURE;
goto fail;
}
while(1)
{
internal_release_buffer(&send_tok);
maj_stat = gss_unwrap(&min_stat,
accept_context,
&recv_tok,
&send_tok,
NULL,
NULL);
if(maj_stat != GSS_S_COMPLETE)
{
globus_gsi_gssapi_test_print_error(stderr, maj_stat, min_stat);
globus_print_error((globus_result_t) min_stat);
rc = EXIT_FAILURE;
goto fail;
}
internal_release_buffer(&recv_tok);
accept_maj_stat=gss_accept_delegation(&min_stat,
accept_context,
GSS_C_NO_OID_SET,
GSS_C_NO_BUFFER_SET,
&send_tok,
req_flags,
0,
&time_rec,
&delegated_cred,
&mech_type,
&recv_tok);
if(accept_maj_stat != GSS_S_COMPLETE &&
accept_maj_stat != GSS_S_CONTINUE_NEEDED)
{
globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat);
globus_print_error((globus_result_t) min_stat);
rc = EXIT_FAILURE;
goto fail;
}
else if(accept_maj_stat == GSS_S_COMPLETE)
{
break;
}
internal_release_buffer(&send_tok);
maj_stat = gss_wrap(&min_stat,
accept_context,
0,
GSS_C_QOP_DEFAULT,
&recv_tok,
NULL,
&send_tok);
if(maj_stat != GSS_S_COMPLETE)
{
globus_gsi_gssapi_test_print_error(stderr, maj_stat, min_stat);
globus_print_error((globus_result_t) min_stat);
rc = EXIT_FAILURE;
goto fail;
}
internal_release_buffer(&recv_tok);
maj_stat = gss_unwrap(&min_stat,
init_context,
&send_tok,
&recv_tok,
NULL,
NULL);
if(maj_stat != GSS_S_COMPLETE)
{
globus_gsi_gssapi_test_print_error(stderr, maj_stat, min_stat);
globus_print_error((globus_result_t) min_stat);
rc = EXIT_FAILURE;
goto fail;
}
internal_release_buffer(&send_tok);
init_maj_stat = gss_init_delegation(&min_stat,
init_context,
cred_handle,
GSS_C_NO_OID,
GSS_C_NO_OID_SET,
GSS_C_NO_BUFFER_SET,
&recv_tok,
req_flags,
0,
&send_tok);
if(init_maj_stat != GSS_S_COMPLETE &&
init_maj_stat != GSS_S_CONTINUE_NEEDED)
{
globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat);
globus_print_error((globus_result_t) min_stat);
rc = EXIT_FAILURE;
goto fail;
}
internal_release_buffer(&recv_tok);
maj_stat = gss_wrap(&min_stat,
init_context,
0,
GSS_C_QOP_DEFAULT,
&send_tok,
NULL,
&recv_tok);
if(maj_stat != GSS_S_COMPLETE)
{
globus_gsi_gssapi_test_print_error(stderr, maj_stat, min_stat);
globus_print_error((globus_result_t) min_stat);
rc = EXIT_FAILURE;
goto fail;
}
}
printf("# %s:%d: Successfully delegated credential\n",
__FILE__,
__LINE__);
/* export and import the delegated credential */
/* this can be done both to a buffer and to a file */
/* New in GT 2.0 */
internal_release_buffer(&send_tok);
maj_stat = gss_export_cred(&min_stat,
delegated_cred,
GSS_C_NO_OID,
0,
&send_tok);
if(maj_stat != GSS_S_COMPLETE)
{
globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat);
globus_print_error((globus_result_t) min_stat);
rc = EXIT_FAILURE;
goto fail;
}
maj_stat = gss_import_cred(&min_stat,
&imported_cred,
GSS_C_NO_OID,
0,
&send_tok,
0,
&time_rec);
if(maj_stat != GSS_S_COMPLETE)
{
globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat);
globus_print_error((globus_result_t) min_stat);
rc = EXIT_FAILURE;
goto fail;
}
internal_release_buffer(&send_tok);
printf("# %s:%d: Successfully exported/imported the delegated credential\n",
__FILE__,
__LINE__);
/* set up another security context using the delegated credential */
init_maj_stat = gss_init_sec_context(&min_stat,
imported_cred,
&del_init_context,
target_name,
GSS_C_NULL_OID,
0,
0,
GSS_C_NO_CHANNEL_BINDINGS,
token_ptr,
NULL,
&send_tok,
NULL,
NULL);
if(init_maj_stat != GSS_S_COMPLETE &&
init_maj_stat != GSS_S_CONTINUE_NEEDED)
{
globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat);
globus_print_error((globus_result_t) min_stat);
rc = EXIT_FAILURE;
goto fail;
}
while(1)
{
internal_release_buffer(&recv_tok);
accept_maj_stat=gss_accept_sec_context(&min_stat,
&del_accept_context,
imported_cred,
&send_tok,
GSS_C_NO_CHANNEL_BINDINGS,
&target_name,
&mech_type,
&recv_tok,
&ret_flags,
/* ignore time_rec */
NULL,
NULL);
if(accept_maj_stat != GSS_S_COMPLETE &&
accept_maj_stat != GSS_S_CONTINUE_NEEDED)
{
globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat);
globus_print_error((globus_result_t) min_stat);
rc = EXIT_FAILURE;
goto fail;
}
else if(accept_maj_stat == GSS_S_COMPLETE)
{
break;
}
init_maj_stat = gss_init_sec_context(&min_stat,
imported_cred,
&del_init_context,
target_name,
GSS_C_NULL_OID,
0,
0,
GSS_C_NO_CHANNEL_BINDINGS,
&recv_tok,
NULL,
&send_tok,
NULL,
NULL);
if(init_maj_stat != GSS_S_COMPLETE &&
init_maj_stat != GSS_S_CONTINUE_NEEDED)
{
globus_gsi_gssapi_test_print_error(stderr, init_maj_stat, min_stat);
globus_print_error((globus_result_t) min_stat);
rc = EXIT_FAILURE;
goto fail;
}
}
/* got sec context based on delegated cred now */
printf("# %s:%d: Successfully established security context with delegated credential\n",
__FILE__,
__LINE__);
fail:
printf("%s gssapi_delegation_compat_test\n",
(rc == EXIT_SUCCESS) ? "ok" : "not ok");
globus_module_deactivate_all();
exit(rc);
}
