static void free_secsession(struct io_gfsl *io) { OM_uint32 e_major, e_minor; gfarmSecSessionTerminate(io->session); if (io->cred_to_be_freed != GSS_C_NO_CREDENTIAL && gfarmGssDeleteCredential(&io->cred_to_be_freed, &e_major, &e_minor) < 0 && gflog_auth_get_verbose()) { gflog_error("Can't free my credential because of:"); gfarmGssPrintMajorStatus(e_major); gfarmGssPrintMinorStatus(e_minor); } if (io->buffer != NULL) free(io->buffer); free(io); }
int gfarmGssAcquireCredential(gss_cred_id_t *credPtr, const gss_name_t desiredName, gss_cred_usage_t credUsage, OM_uint32 *majStatPtr, OM_uint32 *minStatPtr, gss_name_t *credNamePtr) { OM_uint32 majStat = 0; OM_uint32 minStat = 0; int ret = -1; gss_cred_id_t cred; *credPtr = GSS_C_NO_CREDENTIAL; majStat = gss_acquire_cred(&minStat, desiredName, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, credUsage, &cred, NULL, NULL); #if GFARM_FAKE_GSS_C_NT_USER_NAME_FOR_GLOBUS if (majStat != GSS_S_COMPLETE) { OM_uint32 majStat2, majStat3; OM_uint32 minStat2, minStat3; /* * to workaround a problem that any proxy credential cannot be * acquired by using "/C=.../O=.../CN=John Smith" as its name. * Globus requires "/C=.../O=.../CN=John Smith/CN=proxy". */ majStat2 = gss_acquire_cred(&minStat2, GSS_C_NO_NAME, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, credUsage, &cred, NULL, NULL); if (majStat2 == GSS_S_COMPLETE) { gss_name_t credName; if (gfarmGssNewCredentialName(&credName, cred, NULL, NULL) > 0) { int equal; majStat3 = gss_compare_name(&minStat3, desiredName, credName, &equal); if (majStat3 == GSS_S_COMPLETE && equal) { majStat = majStat2; minStat = minStat2; } gfarmGssDeleteName(&credName, NULL, NULL); } if (majStat != GSS_S_COMPLETE) { gfarmGssDeleteCredential(&cred, NULL, NULL); } } } #endif /* GFARM_FAKE_GSS_C_NT_USER_NAME_FOR_GLOBUS */ /* * Check validness. */ if (majStat == GSS_S_COMPLETE) { if (credNamePtr == NULL) { ret = 1; } else if (gfarmGssNewCredentialName(credNamePtr, cred, &majStat, &minStat) > 0) { /* Only valid when the name is got. */ ret = 1; } if (ret > 0 && credPtr != NULL) { *credPtr = cred; } else { gfarmGssDeleteCredential(&cred, NULL, NULL); } } if (majStatPtr != NULL) { *majStatPtr = majStat; } if (minStatPtr != NULL) { *minStatPtr = minStat; } if (ret == -1) { gflog_debug(GFARM_MSG_1000790, "failed to acquire credential (%u)(%u)", majStat, minStat); } return ret; }