Fixed bugs in introduction of context variables; if the global context is

not initialized, initialize it automatically.  Initialize the connection
context's krb5_context varaible in init_security_context and
accept_security_context.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4824 dc483132-0cff-0310-8789-dd5450dbe970

10 files changed, 80 insertions, 17 deletions

diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
index f703da86d..c6e2dc47b 100644
--- a/src/lib/gssapi/krb5/accept_sec_context.c
+++ b/src/lib/gssapi/krb5/accept_sec_context.c
@@ -319,6 +319,7 @@ krb5_gss_accept_sec_context(context, minor_status, context_handle,
       return(GSS_S_FAILURE);
    }
 
+   ctx->context = context;
    ctx->initiate = 0;
    ctx->mutual = gss_flags & GSS_C_MUTUAL_FLAG;
    ctx->seed_init = 0;
@@ -377,7 +378,8 @@ krb5_gss_accept_sec_context(context, minor_status, context_handle,
    /* generate an AP_REP if necessary */
 
    if (ctx->mutual) {
-      if (code = make_ap_rep(authdat, ctx->subkey, &ctx->seq_send, &token)) {
+      if (code = make_ap_rep(context, authdat, ctx->subkey, &ctx->seq_send,
+			     &token)) {
 	 (void)krb5_gss_delete_sec_context(context, minor_status, 
 					   (gss_ctx_id_t *) &ctx, NULL);
 	 krb5_free_tkt_authent(context, authdat);
diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
index 0bcf10c6e..ae68b4f15 100644
--- a/src/lib/gssapi/krb5/acquire_cred.c
+++ b/src/lib/gssapi/krb5/acquire_cred.c
@@ -309,7 +309,7 @@ krb5_gss_acquire_cred(context, minor_status, desired_name, time_req,
 
    if ((cred_usage == GSS_C_ACCEPT) ||
        (cred_usage == GSS_C_BOTH))
-      if ((ret = acquire_accept_cred(minor_status, desired_name,
+      if ((ret = acquire_accept_cred(context, minor_status, desired_name,
 				     &(cred->princ), cred))
 	  != GSS_S_COMPLETE) {
 	 if (cred->princ)
@@ -326,7 +326,7 @@ krb5_gss_acquire_cred(context, minor_status, desired_name, time_req,
    if ((cred_usage == GSS_C_INITIATE) ||
        (cred_usage == GSS_C_BOTH))
       if ((ret =
-	   acquire_init_cred(minor_status,
+	   acquire_init_cred(context, minor_status,
 			     cred->princ?(gss_name_t)cred->princ:desired_name,
 			     &(cred->princ), cred))
 	  != GSS_S_COMPLETE) {
diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h
index 822df1898..0e3544b55 100644
--- a/src/lib/gssapi/krb5/gssapiP_krb5.h
+++ b/src/lib/gssapi/krb5/gssapiP_krb5.h
@@ -96,6 +96,8 @@ typedef struct _krb5_gss_ctx_id_rec {
 
 extern void *kg_vdb;
 
+extern krb5_context kg_context;
+
 /* helper macros */
 
 #define kg_save_name(name)		g_save_name(&kg_vdb,name)
@@ -339,4 +341,6 @@ PROTOTYPE( (krb5_context,
 	    int*              /* locally_initiated */
 	   ));
 
+OM_uint32 kg_get_context();
+	
 #endif /* _GSSAPIP_KRB5_H_ */
diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c
index 249c12562..4b23217fa 100644
--- a/src/lib/gssapi/krb5/gssapi_krb5.c
+++ b/src/lib/gssapi/krb5/gssapi_krb5.c
@@ -81,6 +81,9 @@ kg_get_defcred(minor_status, cred)
    if (defcred == GSS_C_NO_CREDENTIAL) {
       OM_uint32 major;
 
+      if (!kg_context && kg_get_context())
+	      return GSS_S_FAILURE;
+
       if ((major = krb5_gss_acquire_cred(kg_context, minor_status, 
 					 GSS_C_NO_NAME, GSS_C_INDEFINITE, 
 					 GSS_C_NULL_OID_SET, GSS_C_INITIATE, 
@@ -105,5 +108,18 @@ kg_release_defcred(minor_status)
       return(GSS_S_COMPLETE);
    }
 
+   if (!kg_context && kg_get_context())
+	   return GSS_S_FAILURE;
+   
    return(krb5_gss_release_cred(kg_context, minor_status, &defcred));
 }
+
+OM_uint32
+kg_get_context()
+{
+	if (kg_context)
+		return GSS_S_COMPLETE;
+	if (krb5_init_context(&kg_context))
+		return GSS_S_FAILURE;
+	return GSS_S_COMPLETE;
+}
diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c
index 63f277716..37fa6b218 100644
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -226,6 +226,7 @@ krb5_gss_init_sec_context(context, minor_status, claimant_cred_handle,
 
       /* fill in the ctx */
 
+      ctx->context = context;
       ctx->initiate = 1;
       ctx->mutual = req_flags & GSS_C_MUTUAL_FLAG;
       ctx->seed_init = 0;
@@ -257,7 +258,7 @@ krb5_gss_init_sec_context(context, minor_status, claimant_cred_handle,
 	 return(GSS_S_FAILURE);
       }
 
-      if (code = make_ap_req(ctx->cred, ctx->there, &ctx->endtime,
+      if (code = make_ap_req(context, ctx->cred, ctx->there, &ctx->endtime,
 			     input_chan_bindings, ctx->mutual,
 			     &ctx->subkey, &ctx->flags,
 			     &ctx->seq_send, &token)) {
diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c
index 5cc622dad..da431f1e2 100644
--- a/src/lib/gssapi/krb5/k5seal.c
+++ b/src/lib/gssapi/krb5/k5seal.c
@@ -223,8 +223,8 @@ kg_seal(minor_status, context_handle, conf_req_flag, qop_req,
       return(GSS_S_FAILURE);
    }
 
-   if (code = make_seal_token(&ctx->enc, &ctx->seq, &ctx->seq_send,
-			      ctx->initiate,
+   if (code = make_seal_token(ctx->context, &ctx->enc, &ctx->seq,
+			      &ctx->seq_send, ctx->initiate,
 			      input_message_buffer, output_message_buffer,
 			      conf_req_flag, toktype, ctx->big_endian)) {
       *minor_status = code;
diff --git a/src/lib/gssapi/krb5/krb5_gss_glue.c b/src/lib/gssapi/krb5/krb5_gss_glue.c
index a1c0f7f6a..c8907e1bc 100644
--- a/src/lib/gssapi/krb5/krb5_gss_glue.c
+++ b/src/lib/gssapi/krb5/krb5_gss_glue.c
@@ -22,8 +22,6 @@
 
 #include "gssapiP_krb5.h"
 
-extern krb5_context kg_context;
-
 OM_uint32
 gss_accept_sec_context(minor_status, context_handle, verifier_cred_handle,
 		       input_token, input_chan_bindings, src_name, mech_type, 
@@ -50,7 +48,10 @@ gss_accept_sec_context(minor_status, context_handle, verifier_cred_handle,
 
    ctx = (krb5_gss_ctx_id_rec *) context_handle;
 
-   return(krb5_gss_accept_sec_context(ctx->context, minor_status,
+   if (!kg_context && kg_get_context())
+	   return GSS_S_FAILURE;
+
+   return(krb5_gss_accept_sec_context(kg_context, minor_status,
 				      context_handle,
 				      verifier_cred_handle,
 				      input_token,
@@ -75,6 +76,9 @@ gss_acquire_cred(minor_status, desired_name, time_req, desired_mechs,
      gss_OID_set *actual_mechs;
      OM_uint32 *time_rec;
 {
+   if (!kg_context && kg_get_context())
+	   return GSS_S_FAILURE;
+   
    return(krb5_gss_acquire_cred(kg_context, minor_status,
 				desired_name,
 				time_req,
@@ -92,6 +96,9 @@ gss_compare_name(minor_status, name1, name2, name_equal)
      gss_name_t name2;
      int *name_equal;
 {
+   if (!kg_context && kg_get_context())
+	   return GSS_S_FAILURE;
+   
    return(krb5_gss_compare_name(kg_context, minor_status, name1,
 				name2, name_equal));
 }
@@ -143,6 +150,9 @@ gss_display_name(minor_status, input_name, output_name_buffer, output_name_type)
      gss_buffer_t output_name_buffer;
      gss_OID *output_name_type;
 {
+   if (!kg_context && kg_get_context())
+	   return GSS_S_FAILURE;
+   
    return(krb5_gss_display_name(kg_context, minor_status, input_name,
 				output_name_buffer, output_name_type));
 }
@@ -157,6 +167,9 @@ gss_display_status(minor_status, status_value, status_type,
      int *message_context;
      gss_buffer_t status_string;
 {
+   if (!kg_context && kg_get_context())
+	   return GSS_S_FAILURE;
+   
    return(krb5_gss_display_status(kg_context, minor_status, status_value,
 				  status_type, mech_type, message_context,
 				  status_string));
@@ -169,6 +182,9 @@ gss_import_name(minor_status, input_name_buffer, input_name_type, output_name)
      const_gss_OID input_name_type;
      gss_name_t *output_name;
 {
+   if (!kg_context && kg_get_context())
+	   return GSS_S_FAILURE;
+   
    return(krb5_gss_import_name(kg_context, minor_status, input_name_buffer,
 			       input_name_type, output_name));
 }
@@ -178,6 +194,9 @@ gss_indicate_mechs(minor_status, mech_set)
      OM_uint32 *minor_status;
      gss_OID_set *mech_set;
 {
+   if (!kg_context && kg_get_context())
+	   return GSS_S_FAILURE;
+   
    return(krb5_gss_indicate_mechs(kg_context, minor_status, mech_set));
 }
 
@@ -200,6 +219,9 @@ gss_init_sec_context(minor_status, claimant_cred_handle, context_handle,
      int *ret_flags;
      OM_uint32 *time_rec;
 {
+   if (!kg_context && kg_get_context())
+	   return GSS_S_FAILURE;
+   
    return(krb5_gss_init_sec_context(kg_context, minor_status,
 				    claimant_cred_handle, context_handle,
 				    target_name, mech_type, req_flags,
@@ -246,6 +268,9 @@ gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret,
      int *cred_usage;
      gss_OID_set *mechanisms;
 {
+   if (!kg_context && kg_get_context())
+	   return GSS_S_FAILURE;
+   
    return(krb5_gss_inquire_cred(kg_context, minor_status, cred_handle,
 				name, lifetime_ret, cred_usage, mechanisms));
 }
@@ -275,6 +300,9 @@ gss_release_cred(minor_status, cred_handle)
      OM_uint32 *minor_status;
      gss_cred_id_t *cred_handle;
 {
+   if (!kg_context && kg_get_context())
+	   return GSS_S_FAILURE;
+   
    return(krb5_gss_release_cred(kg_context, minor_status, cred_handle));
 }
 
@@ -283,6 +311,9 @@ gss_release_name(minor_status, input_name)
      OM_uint32 *minor_status;
      gss_name_t *input_name;
 {
+   if (!kg_context && kg_get_context())
+	   return GSS_S_FAILURE;
+   
    return(krb5_gss_release_name(kg_context, minor_status, input_name));
 }
 
diff --git a/src/lib/gssapi/krb5/util_cksum.c b/src/lib/gssapi/krb5/util_cksum.c
index 691f6d754..df95d8349 100644
--- a/src/lib/gssapi/krb5/util_cksum.c
+++ b/src/lib/gssapi/krb5/util_cksum.c
@@ -34,6 +34,9 @@ kg_checksum_channel_bindings(cb, cksum, bigend)
    long tmp;
    krb5_error_code code;
 
+   if (!kg_context && (code=kg_get_context()))
+	   return code;
+   
    /* generate a buffer full of zeros if no cb specified */
 
    if (cb == GSS_C_NO_CHANNEL_BINDINGS) {
@@ -44,7 +47,7 @@ kg_checksum_channel_bindings(cb, cksum, bigend)
 
       cksum->checksum_type = CKSUMTYPE_RSA_MD5;
       memset(cksum->contents, '\0',
-	     (cksum->length = krb5_checksum_size(global_context, CKSUMTYPE_RSA_MD5)));
+	     (cksum->length = krb5_checksum_size(kg_context, CKSUMTYPE_RSA_MD5)));
       return(0);
    }
 
@@ -78,7 +81,7 @@ kg_checksum_channel_bindings(cb, cksum, bigend)
 
    /* checksum the data */
 
-   if (code = krb5_calculate_checksum(global_context, CKSUMTYPE_RSA_MD5, 
+   if (code = krb5_calculate_checksum(kg_context, CKSUMTYPE_RSA_MD5, 
 				      buf, len, NULL, 0, cksum)) {
       xfree(cksum->contents);
       xfree(buf);
diff --git a/src/lib/gssapi/krb5/util_crypt.c b/src/lib/gssapi/krb5/util_crypt.c
index bee58ceee..3b954e9e2 100644
--- a/src/lib/gssapi/krb5/util_crypt.c
+++ b/src/lib/gssapi/krb5/util_crypt.c
@@ -25,8 +25,6 @@
 
 static unsigned char zeros[8] = {0,0,0,0,0,0,0,0};
 
-extern krb5_context kg_context;
-
 int kg_confounder_size(ed)
      krb5_gss_enc_desc *ed;
 {
@@ -40,8 +38,9 @@ kg_make_confounder(ed, buf)
      krb5_gss_enc_desc *ed;
      unsigned char *buf;
 {
-   return(krb5_random_confounder(kg_context, 
-				 ed->eblock.crypto_entry->block_length, buf));
+   krb5_error_code code;
+
+   return(krb5_random_confounder( ed->eblock.crypto_entry->block_length, buf));
 }
 
 int kg_encrypt_size(ed, n)
@@ -61,6 +60,9 @@ kg_encrypt(ed, iv, in, out, length)
 {
    krb5_error_code code;
 
+   if (!kg_context && (code=kg_get_context()))
+	   return code;
+   
    if (! ed->processed) {
       if (code = krb5_process_key(kg_context, &ed->eblock, ed->key))
 	 return(code);
@@ -88,6 +90,9 @@ kg_decrypt(ed, iv, in, out, length)
    int elen;
    char *buf;
 
+   if (!kg_context && (code=kg_get_context()))
+	   return code;
+   
    if (! ed->processed) {
       if (code = krb5_process_key(kg_context, &ed->eblock, ed->key))
 	 return(code);
diff --git a/src/lib/gssapi/krb5/util_seed.c b/src/lib/gssapi/krb5/util_seed.c
index cb7430179..8792b8bd9 100644
--- a/src/lib/gssapi/krb5/util_seed.c
+++ b/src/lib/gssapi/krb5/util_seed.c
@@ -25,8 +25,6 @@
 
 static unsigned char zeros[16] = {0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0};
 
-extern krb5_context kg_context;
-
 krb5_error_code
 kg_make_seed(key, seed)
      krb5_keyblock *key;
@@ -36,6 +34,9 @@ kg_make_seed(key, seed)
    krb5_gss_enc_desc ed;
    int i;
 
+   if (!kg_context && (code=kg_get_context()))
+	   return code;
+   
    if (code = krb5_copy_keyblock(kg_context, key, &ed.key))
       return(code);