Don't produce context deletion token in krb5 mech

RFCs 2743 and 4121 recommend that implementations produce empty tokens
from gss_delete_sec_context, and trying to produce one can cause
gss_delete_sec_context to fail on a partially established context.
Patch from Tomas Kuthan.

ticket: 7816 (new)

diff --git a/src/lib/gssapi/krb5/delete_sec_context.c b/src/lib/gssapi/krb5/delete_sec_context.c
index 85db484dcd6fcf2f28f1dd12640ec3edde57e25d..2bc818a642541b66c8c7b69e4780387b7afc9b79 100644 (file)
--- a/src/lib/gssapi/krb5/delete_sec_context.c
+++ b/src/lib/gssapi/krb5/delete_sec_context.c
@@ -50,21 +50,6 @@ krb5_gss_delete_sec_context(minor_status, context_handle, output_token)
     ctx = (krb5_gss_ctx_id_t) *context_handle;
     context = ctx->k5_context;
 
-    /* construct a delete context token if necessary */
-
-    if (output_token) {
-        OM_uint32 major;
-        gss_buffer_desc empty;
-        empty.length = 0; empty.value = NULL;
-
-        if ((major = kg_seal(minor_status, *context_handle, 0,
-                             GSS_C_QOP_DEFAULT,
-                             &empty, NULL, output_token, KG_TOK_DEL_CTX))) {
-            save_error_info(*minor_status, context);
-            return(major);
-        }
-    }
-
     /* free all the context state */
 
     if (ctx->seqstate)