Lots of memory leaks and other fixes...

gssapiP_krb5.h: Remove context and cred from the gssapi security context, as they aren't needed. kg_seal and kg_unseal now take a krb5_context argument. ser_sctx.c (kg_ctx_size, kg_ctx_externalize, kg_ctx_internalize): No longer serialize the context and cred fields of the gssapi security context. krb5_gss_glue.c: Don't rely on the context field of the gssapi security context. Use kg_context instead. verify.c (krb5_gss_verify, krb5_gss_verify_mic): unseal.c (krb5_gss_unwrap, krb5_gss_unseal): sign.c (krb5_gss_sign, krb5_gss_get_mic): seal.c (krb5_gss_seal, krb5_gss_wrap): process_context_token.c (krb5_gss_process_context_token): k5unseal.c (kg_unseal): k5seal.c (kg_seal_size): Add a krb5_context argument to this function, so we don't have to depend on the context field in the gssapi security context. init_sec_context.c (krb5_gss_init_sec_context): Don't initialize the context and cred fields in the gssapi security context. Copy ctx->subkey to ctx->seq.key, so they are separately allocated. gssapi_krb5.c (kg_get_context): When initialize kg_context, call krb5_init_ets() so that the error tables are initialized. export_sec_context.c (krb5_gss_export_sec_context): Don't depend on the context field from the gssapi security context. Free ctx->seq.key. delete_sec_context.c (krb5_gss_delete_sec_context): kg_seal() now takes a krb5_context argument. Free ctx->seq.key. acquire_cred.c (krb5_gss_acquire_cred): Clear the gssapi credential before setting it, to prevent purify from complaining. accept_sec_context.c (krb5_gss_accept_sec_context): Remove context and cred from the gssapi security context. Make sure the ticket is freed after we're done with it. import_sec_context.c (krb5_gss_import_sec_context): Don't bash the input interprocess_token. Otherwise, it can't be freed. Don't depend on the context field in the gss security context. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6798 dc483132-0cff-0310-8789-dd5450dbe970
author: Theodore Tso <tytso@mit.edu> 1995-09-16 07:33:23 +0000
committer: Theodore Tso <tytso@mit.edu> 1995-09-16 07:33:23 +0000
commit: 82f87f7e1268dd377295c09e0f266a99042e6220 (patch)
tree: e754af5495fea52c0b846c2b7a368cd395e458a8 /src/lib/gssapi
parent: c2380cebcdd54289bc48f5b8c56ff3309d007496 (diff)
download: krb5-82f87f7e1268dd377295c09e0f266a99042e6220.tar.gz
krb5-82f87f7e1268dd377295c09e0f266a99042e6220.tar.xz
krb5-82f87f7e1268dd377295c09e0f266a99042e6220.zip
18 files changed, 136 insertions, 106 deletions
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index 777d37d2f1..4ce7115cea 100644
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,56 @@
+Sat Sep 16 03:18:02 1995  Theodore Y. Ts'o  <tytso@dcl>
+
+	* gssapiP_krb5.h: Remove context and cred from the gssapi security
+		context, as they aren't needed.  kg_seal and kg_unseal now
+		take a krb5_context argument.
+
+	* ser_sctx.c (kg_ctx_size, kg_ctx_externalize,
+		kg_ctx_internalize): No longer serialize the context and
+		cred fields of the gssapi security context.
+
+	* krb5_gss_glue.c: Don't rely on the context field of the gssapi
+		security context.  Use kg_context instead.
+
+	* verify.c (krb5_gss_verify, krb5_gss_verify_mic): 
+	* unseal.c (krb5_gss_unwrap, krb5_gss_unseal): 
+	* sign.c (krb5_gss_sign, krb5_gss_get_mic): 
+	* seal.c (krb5_gss_seal, krb5_gss_wrap): 
+	* process_context_token.c (krb5_gss_process_context_token): 
+	* k5unseal.c (kg_unseal):
+	* k5seal.c (kg_seal_size): Add a krb5_context argument to this
+		function, so we don't have to depend on the context field
+		in the gssapi security context.
+
+	* init_sec_context.c (krb5_gss_init_sec_context): Don't initialize
+		the context and cred fields in the gssapi security
+		context.  Copy ctx->subkey to ctx->seq.key, so they are
+		separately allocated.
+
+	* gssapi_krb5.c (kg_get_context): When initialize kg_context, call
+		krb5_init_ets() so that the error tables are initialized.
+
+	* export_sec_context.c (krb5_gss_export_sec_context): Don't depend
+		on the context field from the gssapi security context.
+		Free ctx->seq.key.
+
+	* delete_sec_context.c (krb5_gss_delete_sec_context): kg_seal()
+		now takes a krb5_context argument.  Free ctx->seq.key.
+
+	* acquire_cred.c (krb5_gss_acquire_cred): Clear the gssapi
+		credential before setting it, to prevent purify from
+		complaining.
+
+	* accept_sec_context.c (krb5_gss_accept_sec_context): Remove
+		context and cred from the gssapi security context.  Make
+		sure the ticket is freed after we're done with it.
+
+Fri Sep 15 22:12:49 1995  Theodore Y. Ts'o  <tytso@dcl>
+
+	* import_sec_context.c (krb5_gss_import_sec_context): Don't bash
+		the input interprocess_token.  Otherwise, it can't be
+		freed.  Don't depend on the context field in the gss
+		security context.
+
 Tue Sep 12 19:07:52 1995  Theodore Y. Ts'o  <tytso@dcl>
 
 	* export_sec_context.c (krb5_gss_export_sec_context): Free the
diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
index 55b0eb6b7b..0415db4efc 100644
--- a/src/lib/gssapi/krb5/accept_sec_context.c
+++ b/src/lib/gssapi/krb5/accept_sec_context.c
@@ -214,12 +214,10 @@ krb5_gss_accept_sec_context(context, minor_status, context_handle,
    }
 
    memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec));
-   ctx->context = context;
    ctx->auth_context = auth_context;
    ctx->initiate = 0;
    ctx->mutual = gss_flags & GSS_C_MUTUAL_FLAG;
    ctx->seed_init = 0;
-   ctx->cred = cred;
    ctx->big_endian = bigend;
 
    if (code = krb5_copy_principal(context, cred->princ, &ctx->here)) {
@@ -258,12 +256,13 @@ krb5_gss_accept_sec_context(context, minor_status, context_handle,
 
    krb5_use_enctype(context, &ctx->seq.eblock, ENCTYPE_DES_CBC_RAW);
    ctx->seq.processed = 0;
-   ctx->seq.key = ctx->subkey;
-
+   if (code = krb5_copy_keyblock(context, ctx->subkey, &ctx->seq.key))
+       return(code);
    ctx->endtime = ticket->enc_part2->times.endtime;
-
    ctx->flags = ticket->enc_part2->flags;
 
+   krb5_free_ticket(context, ticket); /* Done with ticket */
+
    krb5_auth_con_getremoteseqnumber(context, auth_context, &ctx->seq_recv);
 
    /* at this point, the entire context structure is filled in, 
diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
index 6ffbe49fa2..9cbb0b68eb 100644
--- a/src/lib/gssapi/krb5/acquire_cred.c
+++ b/src/lib/gssapi/krb5/acquire_cred.c
@@ -294,6 +294,7 @@ krb5_gss_acquire_cred(context, minor_status, desired_name, time_req,
       *minor_status = ENOMEM;
       return(GSS_S_FAILURE);
    }
+   memset(cred, 0, sizeof(krb5_gss_cred_id_rec));
 
    cred->usage = cred_usage;
    cred->princ = NULL;
diff --git a/src/lib/gssapi/krb5/delete_sec_context.c b/src/lib/gssapi/krb5/delete_sec_context.c
index c23bfcca50..4e0766fa87 100644
--- a/src/lib/gssapi/krb5/delete_sec_context.c
+++ b/src/lib/gssapi/krb5/delete_sec_context.c
@@ -56,7 +56,8 @@ krb5_gss_delete_sec_context(context, minor_status, context_handle, output_token)
       gss_buffer_desc empty;
       empty.length = 0; empty.value = NULL;
 
-      if (major = kg_seal(minor_status, *context_handle, 0, GSS_C_QOP_DEFAULT,
+      if (major = kg_seal(context, minor_status, *context_handle, 0,
+			  GSS_C_QOP_DEFAULT,
 			  &empty, NULL, output_token, KG_TOK_DEL_CTX))
 	 return(major);
    }
@@ -75,6 +76,7 @@ krb5_gss_delete_sec_context(context, minor_status, context_handle, output_token)
 
    if (ctx->seq.processed)
       krb5_finish_key(context, &ctx->seq.eblock);
+   krb5_free_keyblock(context, ctx->seq.key);
 
    krb5_free_principal(context, ctx->here);
    krb5_free_principal(context, ctx->there);
diff --git a/src/lib/gssapi/krb5/export_sec_context.c b/src/lib/gssapi/krb5/export_sec_context.c
index 01dbf9773e..61856a3644 100644
--- a/src/lib/gssapi/krb5/export_sec_context.c
+++ b/src/lib/gssapi/krb5/export_sec_context.c
@@ -85,15 +85,16 @@ krb5_gss_export_sec_context(context,
 			    /* Now, clean up the context state */
 			    (void) kg_delete_ctx_id((gss_ctx_id_t) ctx);
 			    if (ctx->enc.processed)
-				krb5_finish_key(ctx->context,
+				krb5_finish_key(context,
 						&ctx->enc.eblock);
-			    krb5_free_keyblock(ctx->context, ctx->enc.key);
+			    krb5_free_keyblock(context, ctx->enc.key);
 			    if (ctx->seq.processed)
-				krb5_finish_key(ctx->context,
+				krb5_finish_key(context,
 						&ctx->seq.eblock);
-			    krb5_free_principal(ctx->context, ctx->here);
-			    krb5_free_principal(ctx->context, ctx->there);
-			    krb5_free_keyblock(ctx->context, ctx->subkey);
+			    krb5_free_keyblock(context, ctx->seq.key);
+			    krb5_free_principal(context, ctx->here);
+			    krb5_free_principal(context, ctx->there);
+			    krb5_free_keyblock(context, ctx->subkey);
 
 			    if (ctx->auth_context)
 				krb5_auth_con_free(context, ctx->auth_context);
diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h
index 6d6a1a32fa..35f78e1f81 100644
--- a/src/lib/gssapi/krb5/gssapiP_krb5.h
+++ b/src/lib/gssapi/krb5/gssapiP_krb5.h
@@ -84,7 +84,6 @@ typedef struct _krb5_gss_ctx_id_rec {
    OM_uint32 mutual;
    int seed_init;
    unsigned char seed[16];
-   krb5_gss_cred_id_t cred;
    krb5_principal here;
    krb5_principal there;
    krb5_keyblock *subkey;
@@ -96,7 +95,6 @@ typedef struct _krb5_gss_ctx_id_rec {
    krb5_int32 seq_recv;
    int established;
    int big_endian;
-   krb5_context context;
    krb5_auth_context auth_context;
 } krb5_gss_ctx_id_rec, krb5_gss_ctx_id_t;
 
@@ -151,7 +149,8 @@ krb5_error_code kg_encrypt PROTOTYPE((krb5_gss_enc_desc *ed,
 krb5_error_code kg_decrypt PROTOTYPE((krb5_gss_enc_desc *ed, 
 			   krb5_pointer iv, krb5_pointer in, krb5_pointer out, int length));
 
-OM_uint32 kg_seal PROTOTYPE((OM_uint32 *minor_status,
+OM_uint32 kg_seal PROTOTYPE((krb5_context context,
+		  OM_uint32 *minor_status,
 		  gss_ctx_id_t context_handle,
 		  int conf_req_flag,
 		  int qop_req,
@@ -160,7 +159,8 @@ OM_uint32 kg_seal PROTOTYPE((OM_uint32 *minor_status,
 		  gss_buffer_t output_message_buffer,
 		  int toktype));
 
-OM_uint32 kg_unseal PROTOTYPE((OM_uint32 *minor_status,
+OM_uint32 kg_unseal PROTOTYPE((krb5_context context,
+		    OM_uint32 *minor_status,
 		    gss_ctx_id_t context_handle,
 		    gss_buffer_t input_token_buffer,
 		    gss_buffer_t message_buffer,
diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c
index 6e86eb97a9..be08f9139e 100644
--- a/src/lib/gssapi/krb5/gssapi_krb5.c
+++ b/src/lib/gssapi/krb5/gssapi_krb5.c
@@ -121,5 +121,6 @@ kg_get_context()
 		return GSS_S_COMPLETE;
 	if (krb5_init_context(&kg_context))
 		return GSS_S_FAILURE;
+	krb5_init_ets(kg_context);
 	return GSS_S_COMPLETE;
 }
diff --git a/src/lib/gssapi/krb5/import_sec_context.c b/src/lib/gssapi/krb5/import_sec_context.c
index 1c9ffabd80..cc20ec8f68 100644
--- a/src/lib/gssapi/krb5/import_sec_context.c
+++ b/src/lib/gssapi/krb5/import_sec_context.c
@@ -69,8 +69,6 @@ krb5_gss_import_sec_context(context,
 
 		/* Make sure that everything is cool. */
 		if (kg_validate_ctx_id((gss_ctx_id_t) ctx)) {
-		    interprocess_token->value = ibp;
-		    interprocess_token->length = blen;
 		    *context_handle = (gss_ctx_id_t) ctx;
 		    retval = GSS_S_COMPLETE;
 		}
@@ -82,13 +80,13 @@ krb5_gss_import_sec_context(context,
 	if (ctx) {
 	    (void) kg_delete_ctx_id((gss_ctx_id_t) ctx);
 	    if (ctx->enc.processed)
-		krb5_finish_key(ctx->context, &ctx->enc.eblock);
-	    krb5_free_keyblock(ctx->context, ctx->enc.key);
+		krb5_finish_key(context, &ctx->enc.eblock);
+	    krb5_free_keyblock(context, ctx->enc.key);
 	    if (ctx->seq.processed)
-		krb5_finish_key(ctx->context, &ctx->seq.eblock);
-	    krb5_free_principal(ctx->context, ctx->here);
-	    krb5_free_principal(ctx->context, ctx->there);
-	    krb5_free_keyblock(ctx->context, ctx->subkey);
+		krb5_finish_key(context, &ctx->seq.eblock);
+	    krb5_free_principal(context, ctx->here);
+	    krb5_free_principal(context, ctx->there);
+	    krb5_free_keyblock(context, ctx->subkey);
 	    
 	    /* Zero out context */
 	    memset(ctx, 0, sizeof(*ctx));
diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c
index bcd999ae70..9de905e8cf 100644
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -244,12 +244,10 @@ krb5_gss_init_sec_context(context, minor_status, claimant_cred_handle,
 
       /* fill in the ctx */
       memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec));
-      ctx->context = context;
       ctx->auth_context = NULL;
       ctx->initiate = 1;
       ctx->mutual = req_flags & GSS_C_MUTUAL_FLAG;
       ctx->seed_init = 0;
-      ctx->cred = cred;
       ctx->big_endian = 0;  /* all initiators do little-endian, as per spec */
 
       if (time_req == 0 || time_req == GSS_C_INDEFINITE) {
@@ -277,7 +275,7 @@ krb5_gss_init_sec_context(context, minor_status, claimant_cred_handle,
 	 return(GSS_S_FAILURE);
       }
 
-      if (code = make_ap_req(context, &(ctx->auth_context), ctx->cred, 
+      if (code = make_ap_req(context, &(ctx->auth_context), cred, 
 			     ctx->there, &ctx->endtime, input_chan_bindings, 
 			     ctx->mutual, &ctx->flags, &token)) {
 	 krb5_free_principal(context, ctx->here);
@@ -304,7 +302,8 @@ krb5_gss_init_sec_context(context, minor_status, claimant_cred_handle,
 
       krb5_use_enctype(context, &ctx->seq.eblock, ENCTYPE_DES_CBC_RAW);
       ctx->seq.processed = 0;
-      ctx->seq.key = ctx->subkey;
+      if (code = krb5_copy_keyblock(context, ctx->subkey, &ctx->seq.key))
+	  return(code);
 
       /* at this point, the context is constructed and valid,
 	 hence, releaseable */
@@ -375,7 +374,7 @@ krb5_gss_init_sec_context(context, minor_status, claimant_cred_handle,
 	 arguments are unchanged */
 
       if ((ctx->established) ||
-	  (((gss_cred_id_t) ctx->cred) != claimant_cred_handle) ||
+	  (((gss_cred_id_t) cred) != claimant_cred_handle) ||
 	  ((req_flags & GSS_C_MUTUAL_FLAG) == 0)) {
 	 (void)krb5_gss_delete_sec_context(context, minor_status, 
 					   context_handle, NULL);
diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c
index 38770173e2..1653a45538 100644
--- a/src/lib/gssapi/krb5/k5seal.c
+++ b/src/lib/gssapi/krb5/k5seal.c
@@ -181,8 +181,9 @@ make_seal_token(context, enc_ed, seq_ed, seqnum, direction, text, token,
    and do not encode the ENC_TYPE, MSG_LENGTH, or MSG_TEXT fields */
 
 OM_uint32
-kg_seal(minor_status, context_handle, conf_req_flag, qop_req, 
+kg_seal(context, minor_status, context_handle, conf_req_flag, qop_req, 
 	input_message_buffer, conf_state, output_message_buffer, toktype)
+     krb5_context context;
      OM_uint32 *minor_status;
      gss_ctx_id_t context_handle;
      int conf_req_flag;
@@ -218,12 +219,12 @@ kg_seal(minor_status, context_handle, conf_req_flag, qop_req,
       return(GSS_S_NO_CONTEXT);
    }
 
-   if (code = krb5_timeofday(ctx->context, &now)) {
+   if (code = krb5_timeofday(context, &now)) {
       *minor_status = code;
       return(GSS_S_FAILURE);
    }
 
-   if (code = make_seal_token(ctx->context, &ctx->enc, &ctx->seq,
+   if (code = make_seal_token(context, &ctx->enc, &ctx->seq,
 			      &ctx->seq_send, ctx->initiate,
 			      input_message_buffer, output_message_buffer,
 			      conf_req_flag, toktype, ctx->big_endian)) {
@@ -241,8 +242,9 @@ kg_seal(minor_status, context_handle, conf_req_flag, qop_req,
 }
 
 OM_uint32
-kg_seal_size(minor_status, context_handle, conf_req_flag, qop_req, 
+kg_seal_size(context, minor_status, context_handle, conf_req_flag, qop_req, 
 	     output_size, input_size)
+    krb5_context        context;
     OM_uint32		*minor_status;
     gss_ctx_id_t	context_handle;
     int			conf_req_flag;
diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c
index a50c4cb21e..48bc071190 100644
--- a/src/lib/gssapi/krb5/k5unseal.c
+++ b/src/lib/gssapi/krb5/k5unseal.c
@@ -29,8 +29,9 @@
    */
 
 OM_uint32
-kg_unseal(minor_status, context_handle, input_token_buffer, message_buffer,
-	  conf_state, qop_state, toktype)
+kg_unseal(context, minor_status, context_handle, input_token_buffer,
+	  message_buffer, conf_state, qop_state, toktype)
+     krb5_context context;
      OM_uint32 *minor_status;
      gss_ctx_id_t context_handle;
      gss_buffer_t input_token_buffer;
@@ -240,7 +241,7 @@ kg_unseal(minor_status, context_handle, input_token_buffer, message_buffer,
    if (qop_state)
       *qop_state = GSS_C_QOP_DEFAULT;
 
-   if (code = krb5_timeofday(ctx->context, &now)) {
+   if (code = krb5_timeofday(context, &now)) {
       *minor_status = code;
       return(GSS_S_FAILURE);
    }
diff --git a/src/lib/gssapi/krb5/krb5_gss_glue.c b/src/lib/gssapi/krb5/krb5_gss_glue.c
index 3634cc1ea5..dd2e108fd8 100644
--- a/src/lib/gssapi/krb5/krb5_gss_glue.c
+++ b/src/lib/gssapi/krb5/krb5_gss_glue.c
@@ -146,6 +146,9 @@ gss_context_time(minor_status, context_handle, time_rec)
 {
    krb5_gss_ctx_id_t * ctx;
 
+   if (!kg_context && kg_get_context())
+	   return GSS_S_FAILURE;
+   
    /* validate the context handle */
    if (! kg_validate_ctx_id(context_handle)) {
       *minor_status = (OM_uint32) G_VALIDATE_FAILED;
@@ -154,7 +157,7 @@ gss_context_time(minor_status, context_handle, time_rec)
 
    ctx = (krb5_gss_ctx_id_rec *) context_handle;
 
-   return(krb5_gss_context_time(ctx->context, minor_status, context_handle,
+   return(krb5_gss_context_time(kg_context, minor_status, context_handle,
 				time_rec));
 }
 
@@ -175,6 +178,9 @@ gss_delete_sec_context(minor_status, context_handle, output_token)
 {
    krb5_gss_ctx_id_t * ctx;
 
+   if (!kg_context && kg_get_context())
+	   return GSS_S_FAILURE;
+   
    /* validate the context handle */
    if (! kg_validate_ctx_id(context_handle)) {
       *minor_status = (OM_uint32) G_VALIDATE_FAILED;
@@ -183,7 +189,7 @@ gss_delete_sec_context(minor_status, context_handle, output_token)
 
    ctx = (krb5_gss_ctx_id_rec *) *context_handle;
 
-   return(krb5_gss_delete_sec_context(ctx->context, minor_status,
+   return(krb5_gss_delete_sec_context(kg_context, minor_status,
 				      context_handle, output_token));
 }
 
@@ -338,6 +344,9 @@ gss_inquire_context(minor_status, context_handle, initiator_name, acceptor_name,
 {
    krb5_gss_ctx_id_t * ctx;
 
+   if (!kg_context && kg_get_context())
+	   return GSS_S_FAILURE;
+   
    /* validate the context handle */
    if (! kg_validate_ctx_id(context_handle)) {
       *minor_status = (OM_uint32) G_VALIDATE_FAILED;
@@ -346,7 +355,7 @@ gss_inquire_context(minor_status, context_handle, initiator_name, acceptor_name,
 
    ctx = (krb5_gss_ctx_id_rec *) context_handle;
 
-   return(krb5_gss_inquire_context(ctx->context, minor_status, context_handle,
+   return(krb5_gss_inquire_context(kg_context, minor_status, context_handle,
 				   initiator_name, acceptor_name, lifetime_rec,
 				   mech_type, ret_flags, locally_initiated,
 				   open));
@@ -419,6 +428,9 @@ gss_process_context_token(minor_status, context_handle, token_buffer)
 {
    krb5_gss_ctx_id_t * ctx;
 
+   if (!kg_context && kg_get_context())
+	   return GSS_S_FAILURE;
+   
    /* validate the context handle */
    if (! kg_validate_ctx_id(context_handle)) {
       *minor_status = (OM_uint32) G_VALIDATE_FAILED;
@@ -427,7 +439,7 @@ gss_process_context_token(minor_status, context_handle, token_buffer)
 
    ctx = (krb5_gss_ctx_id_rec *) context_handle;
 
-   return(krb5_gss_process_context_token(ctx->context, minor_status,
+   return(krb5_gss_process_context_token(kg_context, minor_status,
 					 context_handle, token_buffer));
 }
 
@@ -493,6 +505,9 @@ gss_seal(minor_status, context_handle, conf_req_flag, qop_req,
 {
    krb5_gss_ctx_id_t * ctx;
 
+   if (!kg_context && kg_get_context())
+	   return GSS_S_FAILURE;
+   
    /* validate the context handle */
    if (! kg_validate_ctx_id(context_handle)) {
       *minor_status = (OM_uint32) G_VALIDATE_FAILED;
@@ -501,7 +516,7 @@ gss_seal(minor_status, context_handle, conf_req_flag, qop_req,
 
    ctx = (krb5_gss_ctx_id_rec *) context_handle;
 
-   return(krb5_gss_seal(ctx->context, minor_status, context_handle,
+   return(krb5_gss_seal(kg_context, minor_status, context_handle,
 			conf_req_flag, qop_req, input_message_buffer,
 			conf_state, output_message_buffer));
 }
@@ -517,6 +532,9 @@ gss_sign(minor_status, context_handle, qop_req, message_buffer, message_token)
 {
    krb5_gss_ctx_id_t * ctx;
 
+   if (!kg_context && kg_get_context())
+	   return GSS_S_FAILURE;
+   
    /* validate the context handle */
    if (! kg_validate_ctx_id(context_handle)) {
       *minor_status = (OM_uint32) G_VALIDATE_FAILED;
@@ -525,7 +543,7 @@ gss_sign(minor_status, context_handle, qop_req, message_buffer, message_token)
 
    ctx = (krb5_gss_ctx_id_rec *) context_handle;
 
-   return(krb5_gss_sign(ctx->context, minor_status, context_handle,
+   return(krb5_gss_sign(kg_context, minor_status, context_handle,
 			qop_req, message_buffer, message_token));
 }
 
@@ -564,6 +582,9 @@ gss_unseal(minor_status, context_handle, input_message_buffer,
 {
    krb5_gss_ctx_id_t * ctx;
 
+   if (!kg_context && kg_get_context())
+	   return GSS_S_FAILURE;
+   
    /* validate the context handle */
    if (! kg_validate_ctx_id(context_handle)) {
       *minor_status = (OM_uint32) G_VALIDATE_FAILED;
@@ -572,7 +593,7 @@ gss_unseal(minor_status, context_handle, input_message_buffer,
 
    ctx = (krb5_gss_ctx_id_rec *) context_handle;
 
-   return(krb5_gss_unseal(ctx->context, minor_status, context_handle,
+   return(krb5_gss_unseal(kg_context, minor_status, context_handle,
 			  input_message_buffer, output_message_buffer,
 			  conf_state, qop_state));
 }
@@ -607,6 +628,9 @@ gss_verify(minor_status, context_handle, message_buffer,
 {
    krb5_gss_ctx_id_t * ctx;
 
+   if (!kg_context && kg_get_context())
+	   return GSS_S_FAILURE;
+   
    /* validate the context handle */
    if (! kg_validate_ctx_id(context_handle)) {
       *minor_status = (OM_uint32) G_VALIDATE_FAILED;
@@ -615,7 +639,7 @@ gss_verify(minor_status, context_handle, message_buffer,
 
    ctx = (krb5_gss_ctx_id_rec *) context_handle;
 
-   return(krb5_gss_verify(ctx->context, minor_status, context_handle,
+   return(krb5_gss_verify(kg_context, minor_status, context_handle,
 			  message_buffer, token_buffer, qop_state));
 }
 
diff --git a/src/lib/gssapi/krb5/process_context_token.c b/src/lib/gssapi/krb5/process_context_token.c
index 0de7e090ff..819f226192 100644
--- a/src/lib/gssapi/krb5/process_context_token.c
+++ b/src/lib/gssapi/krb5/process_context_token.c
@@ -48,7 +48,7 @@ krb5_gss_process_context_token(context, minor_status, context_handle,
 
    /* "unseal" the token */
 
-   if (GSS_ERROR(majerr = kg_unseal(minor_status, ctx, token_buffer,
+   if (GSS_ERROR(majerr = kg_unseal(context, minor_status, ctx, token_buffer,
 				    GSS_C_NO_BUFFER, NULL, NULL,
 				    KG_TOK_DEL_CTX)))
       return(majerr);
diff --git a/src/lib/gssapi/krb5/seal.c b/src/lib/gssapi/krb5/seal.c
index 15e7a8bb1c..49c726d12b 100644
--- a/src/lib/gssapi/krb5/seal.c
+++ b/src/lib/gssapi/krb5/seal.c
@@ -35,7 +35,7 @@ krb5_gss_seal(context, minor_status, context_handle, conf_req_flag,
      int *conf_state;
      gss_buffer_t output_message_buffer;
 {
-   return(kg_seal(minor_status, context_handle, conf_req_flag,
+   return(kg_seal(context, minor_status, context_handle, conf_req_flag,
 		  qop_req, input_message_buffer, conf_state,
 		  output_message_buffer, KG_TOK_SEAL_MSG));
 }
@@ -54,7 +54,7 @@ krb5_gss_wrap(context, minor_status, context_handle, conf_req_flag,
     int			*conf_state;
     gss_buffer_t	output_message_buffer;
 {
-    return(kg_seal(minor_status, context_handle, conf_req_flag,
+    return(kg_seal(context, minor_status, context_handle, conf_req_flag,
 		   qop_req, input_message_buffer, conf_state,
 		   output_message_buffer, KG_TOK_WRAP_MSG));
 }
@@ -72,6 +72,6 @@ krb5_gss_wrap_size_limit(context, minor_status, context_handle, conf_req_flag,
     OM_uint32		*max_input_size;
 {
     /* XXX - should just put this in k5seal.c */
-    return(kg_seal_size(minor_status, context_handle, conf_req_flag,
+    return(kg_seal_size(context, minor_status, context_handle, conf_req_flag,
 			qop_req, req_output_size, max_input_size));
 }
diff --git a/src/lib/gssapi/krb5/ser_sctx.c b/src/lib/gssapi/krb5/ser_sctx.c
index c1ddfd7010..4cd0e7d353 100644
--- a/src/lib/gssapi/krb5/ser_sctx.c
+++ b/src/lib/gssapi/krb5/ser_sctx.c
@@ -451,12 +451,6 @@ kg_ctx_size(kcontext, arg, sizep)
 	required += sizeof(ctx->seed);
 
 	kret = 0;
-	if (ctx->cred)
-	    kret = krb5_size_opaque(kcontext,
-				    KG_CRED,
-				    (krb5_pointer) ctx->cred,
-				    &required);
-
 	if (!kret && ctx->here)
 	    kret = krb5_size_opaque(kcontext,
 				    KV5M_PRINCIPAL,
@@ -487,12 +481,6 @@ kg_ctx_size(kcontext, arg, sizep)
 				    (krb5_pointer) &ctx->seq,
 				    &required);
 
-	if (!kret && ctx->context)
-	    kret = krb5_size_opaque(kcontext,
-				    KV5M_CONTEXT,
-				    (krb5_pointer) ctx->context,
-				    &required);
-
 	if (!kret && ctx->auth_context)
 	    kret = krb5_size_opaque(kcontext,
 				    KV5M_AUTH_CONTEXT,
@@ -556,13 +544,7 @@ kg_ctx_externalize(kcontext, arg, buffer, lenremain)
 				       &bp, &remain);
 
 	    /* Now dynamic data */
-	    if (ctx->cred)
-		kret = krb5_externalize_opaque(kcontext,
-					       KG_CRED,
-					       (krb5_pointer) ctx->cred,
-					       &bp, &remain);
-	    else
-		kret = 0;
+	    kret = 0;
 
 	    if (!kret && ctx->here)
 		kret = krb5_externalize_opaque(kcontext,
@@ -594,12 +576,6 @@ kg_ctx_externalize(kcontext, arg, buffer, lenremain)
 					       (krb5_pointer) &ctx->seq,
 					       &bp, &remain);
 
-	    if (!kret && ctx->context)
-		kret = krb5_externalize_opaque(kcontext,
-					       KV5M_CONTEXT,
-					       (krb5_pointer) ctx->context,
-					       &bp, &remain);
-
 	    if (!kret && ctx->auth_context)
 		kret = krb5_externalize_opaque(kcontext,
 					       KV5M_AUTH_CONTEXT,
@@ -671,14 +647,6 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain)
 
 	    /* Now get substructure data */
 	    if ((kret = krb5_internalize_opaque(kcontext,
-						KG_CRED,
-						(krb5_pointer *) &ctx->cred,
-						&bp, &remain))) {
-		if (kret == EINVAL)
-		    kret = 0;
-	    }
-	    if (!kret &&
-		(kret = krb5_internalize_opaque(kcontext,
 						KV5M_PRINCIPAL,
 						(krb5_pointer *) &ctx->here,
 						&bp, &remain))) {
@@ -729,14 +697,6 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain)
 	    }
 	    if (!kret &&
 		(kret = krb5_internalize_opaque(kcontext,
-						KV5M_CONTEXT,
-						(krb5_pointer *) &ctx->context,
-						&bp, &remain))) {
-		if (kret == EINVAL)
-		    kret = 0;
-	    }
-	    if (!kret &&
-		(kret = krb5_internalize_opaque(kcontext,
 						KV5M_AUTH_CONTEXT,
 						(krb5_pointer *)
 						&ctx->auth_context,
@@ -758,8 +718,6 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain)
 		    kret = EINVAL;
 		if (ctx->auth_context)
 		    krb5_auth_con_free(kcontext, ctx->auth_context);
-		if (ctx->context)
-		    krb5_free_context(ctx->context);
 		if (ctx->seq.eblock.key)
 		    krb5_free_keyblock(kcontext, ctx->seq.eblock.key);
 		if (ctx->seq.eblock.priv && ctx->seq.eblock.priv_size)
@@ -778,15 +736,6 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain)
 		    krb5_free_principal(kcontext, ctx->there);
 		if (ctx->here)
 		    krb5_free_principal(kcontext, ctx->here);
-		if (ctx->cred) {
-		    if (ctx->cred->ccache)
-			krb5_cc_close(kcontext, ctx->cred->ccache);
-		    if (ctx->cred->keytab)
-			krb5_kt_close(kcontext, ctx->cred->keytab);
-		    if (ctx->cred->princ)
-			krb5_free_principal(kcontext, ctx->cred->princ);
-		    krb5_xfree(ctx->cred);
-		}
 		xfree(ctx);
 	    }
 	}
diff --git a/src/lib/gssapi/krb5/sign.c b/src/lib/gssapi/krb5/sign.c
index 3f8b436192..74eab6bca8 100644
--- a/src/lib/gssapi/krb5/sign.c
+++ b/src/lib/gssapi/krb5/sign.c
@@ -33,7 +33,7 @@ krb5_gss_sign(context, minor_status, context_handle,
      gss_buffer_t message_buffer;
      gss_buffer_t message_token;
 {
-   return(kg_seal(minor_status, context_handle, 0,
+   return(kg_seal(context, minor_status, context_handle, 0,
 		  qop_req, message_buffer, NULL,
 		  message_token, KG_TOK_SIGN_MSG));
 }
@@ -49,7 +49,7 @@ krb5_gss_get_mic(context, minor_status, context_handle, qop_req,
     gss_buffer_t	message_buffer;
     gss_buffer_t	message_token;
 {
-    return(kg_seal(minor_status, context_handle, 0,
+    return(kg_seal(context, minor_status, context_handle, 0,
 		   qop_req, message_buffer, NULL,
 		   message_token, KG_TOK_MIC_MSG));
 }
diff --git a/src/lib/gssapi/krb5/unseal.c b/src/lib/gssapi/krb5/unseal.c
index 7871352d12..294e37cc2c 100644
--- a/src/lib/gssapi/krb5/unseal.c
+++ b/src/lib/gssapi/krb5/unseal.c
@@ -34,7 +34,7 @@ krb5_gss_unseal(context, minor_status, context_handle,
      int *conf_state;
      int *qop_state;
 {
-   return(kg_unseal(minor_status, context_handle,
+   return(kg_unseal(context, minor_status, context_handle,
 		    input_message_buffer, output_message_buffer,
 		    conf_state, qop_state, KG_TOK_SEAL_MSG));
 }
@@ -55,7 +55,7 @@ krb5_gss_unwrap(context, minor_status, context_handle,
     OM_uint32		rstat;
     int			qstate;
 
-    rstat = kg_unseal(minor_status, context_handle,
+    rstat = kg_unseal(context, minor_status, context_handle,
 		      input_message_buffer, output_message_buffer,
 		      conf_state, &qstate, KG_TOK_WRAP_MSG);
     if (!rstat && qop_state)
diff --git a/src/lib/gssapi/krb5/verify.c b/src/lib/gssapi/krb5/verify.c
index 69fa967b75..f2d5d4a0cc 100644
--- a/src/lib/gssapi/krb5/verify.c
+++ b/src/lib/gssapi/krb5/verify.c
@@ -33,7 +33,7 @@ krb5_gss_verify(context, minor_status, context_handle,
      gss_buffer_t token_buffer;
      int *qop_state;
 {
-   return(kg_unseal(minor_status, context_handle,
+   return(kg_unseal(context, minor_status, context_handle,
 		    token_buffer, message_buffer,
 		    NULL, qop_state, KG_TOK_SIGN_MSG));
 }
@@ -53,7 +53,7 @@ krb5_gss_verify_mic(context, minor_status, context_handle,
     OM_uint32		rstat;
     int			qstate;
 
-    rstat = kg_unseal(minor_status, context_handle,
+    rstat = kg_unseal(context, minor_status, context_handle,
 		      token_buffer, message_buffer,
 		      NULL, &qstate, KG_TOK_MIC_MSG);
     if (!rstat && qop_state)
author	Theodore Tso <tytso@mit.edu>	1995-09-16 07:33:23 +0000
committer	Theodore Tso <tytso@mit.edu>	1995-09-16 07:33:23 +0000
commit	82f87f7e1268dd377295c09e0f266a99042e6220 (patch)
tree	e754af5495fea52c0b846c2b7a368cd395e458a8 /src/lib/gssapi
parent	c2380cebcdd54289bc48f5b8c56ff3309d007496 (diff)
download	krb5-82f87f7e1268dd377295c09e0f266a99042e6220.tar.gz krb5-82f87f7e1268dd377295c09e0f266a99042e6220.tar.xz krb5-82f87f7e1268dd377295c09e0f266a99042e6220.zip