ser_sctx.c (kg_oid_externalize, kg_oid_internalize,

	kg_oid_size): Add a GSSAPI OID magic number to the externalized OID,
	so that if the OID is skipped, (it is optional), the serialization
	code can resyncronize if necessary.
(kg_queue_internalize, kg_queue_externalize, kg_queue_size): New functions
	to externalize the gssapi queue.
(kg_ctx_size, kg_ctx_exteranlize, kg_ctx_import): Changed to include
	the mech_used field and to include the auth context.

gssapi_krb5.c (kg_get_context): Add calls to correctly initialize the
	 serializers needed by import and export sec context.

delete_sec_context.c (krb5_gss_delete_sec_context): Remember to release the
	mech_used OID if necessary!

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9213 dc483132-0cff-0310-8789-dd5450dbe970

5 files changed, 183 insertions, 12 deletions

diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index 87a06bf5ea..fb51f0dba6 100644
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,24 @@
+Sat Oct 19 00:38:22 1996  Theodore Y. Ts'o  <tytso@mit.edu>
+
+	* ser_sctx.c (kg_oid_externalize, kg_oid_internalize,
+ 		kg_oid_size): Add a GSSAPI OID magic number to the
+ 		externalized OID, so that if the OID is skipped, (it is
+ 		optional), the serialization code can resyncronize if
+ 		necessary.
+		(kg_queue_internalize, kg_queue_externalize,
+ 		kg_queue_size): New functions to externalize the gssapi
+ 		queue.
+		(kg_ctx_size, kg_ctx_exteranlize, kg_ctx_import): Changed
+ 		to include the mech_used field and to include the auth
+ 		context.
+
+	* gssapi_krb5.c (kg_get_context): Add calls to correctly
+ 		initialize the serializers needed by import and export sec
+ 		context.
+
+	* delete_sec_context.c (krb5_gss_delete_sec_context): Remember to
+		release the mech_used OID if necessary!
+
 Wed Oct 16 17:53:17 1996  Marc Horowitz  <marc@mit.edu>
 
 	* accept_sec_context.c (krb5_gss_accept_sec_context): return an
diff --git a/src/lib/gssapi/krb5/delete_sec_context.c b/src/lib/gssapi/krb5/delete_sec_context.c
index 5b5ff74fa6..b38dfbed5b 100644
--- a/src/lib/gssapi/krb5/delete_sec_context.c
+++ b/src/lib/gssapi/krb5/delete_sec_context.c
@@ -63,9 +63,9 @@ krb5_gss_delete_sec_context(minor_status, context_handle, output_token)
       gss_buffer_desc empty;
       empty.length = 0; empty.value = NULL;
 
-      if (major = kg_seal(context, minor_status, *context_handle, 0,
-			  GSS_C_QOP_DEFAULT,
-			  &empty, NULL, output_token, KG_TOK_DEL_CTX))
+      if ((major = kg_seal(context, minor_status, *context_handle, 0,
+			   GSS_C_QOP_DEFAULT,
+			   &empty, NULL, output_token, KG_TOK_DEL_CTX)))
 	 return(major);
    }
 
@@ -94,6 +94,9 @@ krb5_gss_delete_sec_context(minor_status, context_handle, output_token)
 
    if (ctx->auth_context)
        krb5_auth_con_free(context, ctx->auth_context);
+
+   if (ctx->mech_used)
+       gss_release_oid(minor_status, &ctx->mech_used);
    
    /* Zero out context */
    memset(ctx, 0, sizeof(*ctx));
diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h
index c76d83981b..ee327baf68 100644
--- a/src/lib/gssapi/krb5/gssapiP_krb5.h
+++ b/src/lib/gssapi/krb5/gssapiP_krb5.h
@@ -120,7 +120,7 @@ typedef struct _krb5_gss_ctx_id_rec {
    int established;
    int big_endian;
    krb5_auth_context auth_context;
-   const gss_OID_desc *mech_used;
+   gss_OID_desc *mech_used;
 } krb5_gss_ctx_id_rec, *krb5_gss_ctx_id_t;
 
 extern void *kg_vdb;
diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c
index e13b4537f3..9b631a1cd3 100644
--- a/src/lib/gssapi/krb5/gssapi_krb5.c
+++ b/src/lib/gssapi/krb5/gssapi_krb5.c
@@ -130,13 +130,27 @@ kg_get_context(minor_status, context)
    static krb5_context kg_context = NULL;
    krb5_error_code code;
 
-   if ((! kg_context) &&
-       (code = krb5_init_context(&kg_context))) {
-      *minor_status = (OM_uint32) code;
-      return GSS_S_FAILURE;
+   if (!kg_context) {
+	   if ((code = krb5_init_context(&kg_context)))
+		   goto fail;
+	   if ((code = krb5_ser_context_init(kg_context)))
+		   goto fail;
+	   if ((code = krb5_ser_auth_context_init(kg_context)))
+		   goto fail;
+	   if ((code = krb5_ser_ccache_init(kg_context)))
+		   goto fail;
+	   if ((code = krb5_ser_rcache_init(kg_context)))
+		   goto fail;
+	   if ((code = krb5_ser_keytab_init(kg_context)))
+		   goto fail;
+	   if ((code = krb5_ser_auth_context_init(kg_context)))
+	       goto fail;
    }
-
    *context = kg_context;
    *minor_status = 0;
    return GSS_S_COMPLETE;
+   
+fail:
+   *minor_status = (OM_uint32) code;
+   return GSS_S_FAILURE;
 }
diff --git a/src/lib/gssapi/krb5/ser_sctx.c b/src/lib/gssapi/krb5/ser_sctx.c
index 428e52c14f..259cce5b85 100644
--- a/src/lib/gssapi/krb5/ser_sctx.c
+++ b/src/lib/gssapi/krb5/ser_sctx.c
@@ -234,10 +234,12 @@ kg_oid_externalize(kcontext, arg, buffer, lenremain)
 {
      gss_OID oid = (gss_OID) arg;
      
+     (void) krb5_ser_pack_int32(KV5M_GSS_OID, buffer, lenremain);
      (void) krb5_ser_pack_int32((krb5_int32) oid->length,
 				buffer, lenremain);
      (void) krb5_ser_pack_bytes((krb5_octet *) oid->elements,
 				oid->length, buffer, lenremain);
+     (void) krb5_ser_pack_int32(KV5M_GSS_OID, buffer, lenremain);
      return 0;
 }
 
@@ -248,16 +250,45 @@ kg_oid_internalize(kcontext, argp, buffer, lenremain)
     krb5_octet		**buffer;
     size_t		*lenremain;
 {
+     krb5_error_code	kret;
      gss_OID oid;
      krb5_int32 ibuf;
+     krb5_octet		*bp;
+     size_t		remain;
+
+     bp = *buffer;
+     remain = *lenremain;
+
+     /* Read in and check our magic number */
+     if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
+	return (EINVAL);
+
+     if (ibuf != KV5M_GSS_OID)
+	 return (EINVAL);
 
      oid = (gss_OID) malloc(sizeof(gss_OID_desc));
      if (oid == NULL)
 	  return ENOMEM;
-     (void) krb5_ser_unpack_int32(&ibuf, buffer, lenremain);
+     (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
      oid->length = ibuf;
+     oid->elements = malloc(ibuf);
+     if (oid->elements == 0) {
+	     free(oid);
+	     return ENOMEM;
+     }
      (void) krb5_ser_unpack_bytes((krb5_octet *) oid->elements,
-				  oid->length, buffer, lenremain);
+				  oid->length, &bp, &remain);
+     
+     /* Read in and check our trailing magic number */
+     if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
+	return (EINVAL);
+
+     if (ibuf != KV5M_GSS_OID)
+	 return (EINVAL);
+
+     *buffer = bp;
+     *lenremain = remain;
+     *argp = (krb5_pointer) oid;
      return 0;
 }
 
@@ -273,7 +304,8 @@ kg_oid_size(kcontext, arg, sizep)
 
    kret = EINVAL;
    if ((oid = (gss_OID) arg)) {
-      required = sizeof(krb5_int32);
+      required = 2*sizeof(krb5_int32); /* For the header and trailer */
+      required += sizeof(krb5_int32);
       required += oid->length;
 
       kret = 0;
@@ -284,6 +316,76 @@ kg_oid_size(kcontext, arg, sizep)
    return(kret);
 }
 
+static krb5_error_code
+kg_queue_externalize(kcontext, arg, buffer, lenremain)
+    krb5_context	kcontext;
+    krb5_pointer	arg;
+    krb5_octet		**buffer;
+    size_t		*lenremain;
+{
+     (void) krb5_ser_pack_int32(KV5M_GSS_QUEUE, buffer, lenremain);
+     g_queue_externalize(arg, buffer, lenremain);
+     (void) krb5_ser_pack_int32(KV5M_GSS_QUEUE, buffer, lenremain);
+     return 0;
+}
+
+static krb5_error_code
+kg_queue_internalize(kcontext, argp, buffer, lenremain)
+    krb5_context	kcontext;
+    krb5_pointer	*argp;
+    krb5_octet		**buffer;
+    size_t		*lenremain;
+{
+     krb5_error_code	kret;
+     gss_OID oid;
+     krb5_int32 ibuf;
+     krb5_octet		*bp;
+     size_t		remain;
+
+     bp = *buffer;
+     remain = *lenremain;
+
+     /* Read in and check our magic number */
+     if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
+	return (EINVAL);
+
+     if (ibuf != KV5M_GSS_QUEUE)
+	 return (EINVAL);
+
+     g_queue_internalize(argp, &bp, &remain);
+
+     /* Read in and check our trailing magic number */
+     if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
+	return (EINVAL);
+
+     if (ibuf != KV5M_GSS_QUEUE)
+	 return (EINVAL);
+
+     *buffer = bp;
+     *lenremain = remain;
+     return 0;
+}
+
+krb5_error_code
+kg_queue_size(kcontext, arg, sizep)
+    krb5_context	kcontext;
+    krb5_pointer	arg;
+    size_t		*sizep;
+{
+   krb5_error_code kret;
+   size_t required;
+
+   kret = EINVAL;
+   if (arg) {
+      required = 2*sizeof(krb5_int32); /* For the header and trailer */
+      g_queue_size(arg, &required);
+
+      kret = 0;
+      *sizep += required;
+   }
+   return(kret);
+}
+
 /*
  * Determine the size required for this krb5_gss_ctx_id_rec.
  */
@@ -354,6 +456,14 @@ kg_ctx_size(kcontext, arg, sizep)
 			       (krb5_pointer) ctx->mech_used,
 			       &required);
 
+	if (!kret && ctx->seqstate)
+	    kret = kg_queue_size(kcontext, ctx->seqstate, &required);
+
+	if (!kret)
+	    kret = krb5_size_opaque(kcontext,
+				    KV5M_AUTH_CONTEXT,
+				    (krb5_pointer) ctx->auth_context,
+				    &required);
 	if (!kret)
 	    *sizep += required;
     }
@@ -451,6 +561,16 @@ kg_ctx_externalize(kcontext, arg, buffer, lenremain)
 					       (krb5_pointer) &ctx->seq,
 					       &bp, &remain);
 
+	    if (!kret && ctx->seqstate)
+		kret = kg_queue_externalize(kcontext,
+					    ctx->seqstate, &bp, &remain);
+
+	    if (!kret)
+		kret = krb5_externalize_opaque(kcontext,
+					       KV5M_AUTH_CONTEXT,
+					       (krb5_pointer) ctx->auth_context,
+					       &bp, &remain);
+	    
 	    if (!kret) {
 		(void) krb5_ser_pack_int32(KG_CONTEXT, &bp, &remain);
 		*buffer = bp;
@@ -574,6 +694,19 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain)
 		}
 	    }
 
+	    if (!kret) {
+		kret = kg_queue_internalize(kcontext, &ctx->seqstate,
+					    &bp, &remain);
+		if (kret == EINVAL)
+		    kret = 0;
+	    }
+		
+	    if (!kret)
+		kret = krb5_internalize_opaque(kcontext,
+					       KV5M_AUTH_CONTEXT,
+				       (krb5_pointer *) &ctx->auth_context,
+					       &bp, &remain);
+		
 	    /* Get trailer */
 	    if (!kret &&
 		!(kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)) &&