* gssapiP_krb5.h (struct _krb5_gss_ctx_id_rec): Delete fields init_token and

testing_unknown_tokid.
* init_sec_context.c (new_connection): Drop support (already inside "#if 0")
for them.
(krb5_gss_init_sec_context): Drop support for testing_unknown_tokid.
(mutual_auth): Don't let major_status be used uninitialized.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16168 dc483132-0cff-0310-8789-dd5450dbe970

3 files changed, 11 insertions, 65 deletions

diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index 72e5c54ef2..ad17ecc1ea 100644
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -3,6 +3,14 @@
 	* gssapi_krb5.c (kg_vdb): Change type to g_set and initialize.
 	* gssapiP_krb5.h (kg_vdb): Declaration updated.
 
+	* gssapiP_krb5.h (struct _krb5_gss_ctx_id_rec): Delete fields
+	init_token and testing_unknown_tokid.
+	* init_sec_context.c (new_connection): Drop support (already
+	inside "#if 0") for them.
+	(krb5_gss_init_sec_context): Drop support for
+	testing_unknown_tokid.
+	(mutual_auth): Don't let major_status be used uninitialized.
+
 2004-03-08  Ezra Peisach  <epeisach@mit.edu>
 
 	* gssapiP_krb5.h: Add prototype for gss_krb5int_unseal_token_v3.
diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h
index 2fc18c03f6..e5b5c26634 100644
--- a/src/lib/gssapi/krb5/gssapiP_krb5.h
+++ b/src/lib/gssapi/krb5/gssapiP_krb5.h
@@ -162,9 +162,6 @@ typedef struct _krb5_gss_ctx_id_rec {
    unsigned int big_endian : 1;
    unsigned int have_acceptor_subkey : 1;
    unsigned int seed_init : 1;	/* XXX tested but never actually set */
-#ifdef CFX_EXERCISE
-   unsigned int testing_unknown_tokid : 1; /* for testing only */
-#endif
    OM_uint32 gss_flags;
    unsigned char seed[16];
    krb5_principal here;
@@ -193,9 +190,6 @@ typedef struct _krb5_gss_ctx_id_rec {
    krb5_cksumtype cksumtype;	/* for "main" subkey */
    krb5_keyblock *acceptor_subkey; /* CFX only */
    krb5_cksumtype acceptor_subkey_cksumtype;
-#ifdef CFX_EXERCISE
-    gss_buffer_desc init_token;
-#endif
 } krb5_gss_ctx_id_rec, *krb5_gss_ctx_id_t;
 
 extern g_set kg_vdb;
diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c
index 544316e0af..bb17dc5d5c 100644
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -478,15 +478,6 @@ new_connection(
    /* complain if the input token is non-null */
 
    if (input_token != GSS_C_NO_BUFFER && input_token->length != 0) {
-#if 0 /* def CFX_EXERCISE */
-       if (*context_handle != GSS_C_NO_CONTEXT
-	   && ((krb5_gss_ctx_id_t)*context_handle)->testing_unknown_tokid) {
-	   /* XXX Should check for a KRB_ERROR message that we can
-	      parse, and which contains the expected error code.  */
-	   ctx = (krb5_gss_ctx_id_t)*context_handle;
-	   goto resume_after_testing;
-       }
-#endif
        *minor_status = 0;
        return(GSS_S_DEFECTIVE_TOKEN);
    }
@@ -589,49 +580,6 @@ new_connection(
    *context_handle = (gss_ctx_id_t) ctx;
    ctx_free = 0;
 
-#if 0 /* Sigh.  We're changing the spec again.  */
-#ifdef CFX_EXERCISE
-   if (ctx->proto == 1
-       /* I think the RPC code may be broken.  Don't mess around
-	  if we're authenticating to "kadmin/whatever".  */
-       && ctx->there->data[0].data[0] != 'k'
-       /* I *know* the FTP server code is broken.  */
-       && ctx->there->data[0].data[0] != 'f'
-       ) {
-       /* Create a bogus token and return it, with status
-	  GSS_S_CONTINUE_NEEDED.  Save enough data that we can resume
-	  on the next call.  */
-       static const unsigned char hack_token[20] = {
-	   0x60, 0x12, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
-	   0xf7, 0x12, 0x01, 0x02, 0x02, 0x12, 0x34, 0x68,
-	   0x65, 0x6c, 0x6c, 0x6f
-       };
-       ctx->testing_unknown_tokid = 1;
-       ctx->init_token = token;
-       token.value = malloc(20);
-       token.length = 20;
-       if (token.value == NULL) {
-	   /* Skip testing.  We'll probably die soon enough, but let's
-	      not do it because we couldn't exercise this code
-	      path.  */
-	   goto resume_after_testing;
-       }
-       memcpy(token.value, hack_token, sizeof(hack_token));
-       /* Can just fall through into the normal return path, because
-	  it'll always return GSS_S_CONTINUE_NEEDED because we're
-	  doing mutual authentication.  */
-   }
-   if (0) {
-   resume_after_testing:
-       token = ctx->init_token;
-       ctx->init_token.value = 0;
-       ctx->init_token.length = 0;
-       ctx->testing_unknown_tokid = 0;
-       ctx_free = 0;
-   }
-#endif /* CFX_EXERCISE */
-#endif /* 0 */
-
    /* compute time_rec */
    if (time_rec) {
       if ((code = krb5_timeofday(context, &now)))
@@ -715,12 +663,12 @@ mutual_auth(
    krb5_error_code code;
    krb5int_access kaccess;
 
+   major_status = GSS_S_FAILURE;
+
    code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
    if (code)
        goto fail;
 
-   major_status = GSS_S_FAILURE;
-
    /* validate the context handle */
    /*SUPPRESS 29*/
    if (! kg_validate_ctx_id(*context_handle)) {
@@ -949,11 +897,7 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
    /* is this a new connection or not? */
 
    /*SUPPRESS 29*/
-   if (*context_handle == GSS_C_NO_CONTEXT
-#ifdef CFX_EXERCISE
-       || ((krb5_gss_ctx_id_t)*context_handle)->testing_unknown_tokid
-#endif
-       ) {
+   if (*context_handle == GSS_C_NO_CONTEXT) {
       major_status = new_connection(minor_status, cred, context_handle,
 				    target_name, mech_type, req_flags,
 				    time_req, input_chan_bindings,