ctx = (krb5_gss_ctx_id_rec *) context_handle;
- if (! ctx->established) {
+ if (ctx->terminated || !ctx->established) {
*minor_status = KG_CTX_INCOMPLETE;
return(GSS_S_NO_CONTEXT);
}
*minor_status = 0;
ctx = (krb5_gss_ctx_id_t) *context_handle;
+ if (ctx->terminated) {
+ *minor_status = KG_CTX_INCOMPLETE;
+ return (GSS_S_NO_CONTEXT);
+ }
+
context = ctx->k5_context;
kret = krb5_gss_ser_init(context);
if (kret)
unsigned int established : 1;
unsigned int have_acceptor_subkey : 1;
unsigned int seed_init : 1; /* XXX tested but never actually set */
+ unsigned int terminated : 1;
OM_uint32 gss_flags;
unsigned char seed[16];
krb5_gss_name_t here;
ctx = (krb5_gss_ctx_id_rec *) context_handle;
- if (!ctx->established)
+ if (ctx->terminated || !ctx->established)
return GSS_S_NO_CONTEXT;
for (i = 0; i < sizeof(krb5_gss_inquire_sec_context_by_oid_ops)/
ctx = (krb5_gss_ctx_id_rec *) context_handle;
- if (! ctx->established) {
+ if (ctx->terminated || !ctx->established) {
*minor_status = KG_CTX_INCOMPLETE;
return(GSS_S_NO_CONTEXT);
}
ctx = (krb5_gss_ctx_id_rec *) context_handle;
- if (! ctx->established) {
+ if (ctx->terminated || !ctx->established) {
*minor_status = KG_CTX_INCOMPLETE;
return(GSS_S_NO_CONTEXT);
}
}
ctx = (krb5_gss_ctx_id_rec *)context_handle;
- if (!ctx->established) {
+ if (ctx->terminated || !ctx->established) {
*minor_status = KG_CTX_INCOMPLETE;
return GSS_S_NO_CONTEXT;
}
ctx = (krb5_gss_ctx_id_rec *) context_handle;
- if (! ctx->established) {
+ if (ctx->terminated || !ctx->established) {
*minor_status = KG_CTX_INCOMPLETE;
return(GSS_S_NO_CONTEXT);
}
OM_uint32 code;
ctx = (krb5_gss_ctx_id_rec *)context_handle;
- if (!ctx->established) {
+ if (ctx->terminated || !ctx->established) {
*minor_status = KG_CTX_INCOMPLETE;
return GSS_S_NO_CONTEXT;
}
*minor_status = 0;
*data_set = GSS_C_NO_BUFFER_SET;
+ if (ctx->terminated || !ctx->established) {
+ *minor_status = KG_CTX_INCOMPLETE;
+ return GSS_S_NO_CONTEXT;
+ }
+
retval = generic_gss_oid_decompose(minor_status,
GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID,
GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH,
ns.data = NULL;
ctx = (krb5_gss_ctx_id_t)context;
+ if (ctx->terminated || !ctx->established) {
+ *minor_status = KG_CTX_INCOMPLETE;
+ return GSS_S_NO_CONTEXT;
+ }
switch (prf_key) {
case GSS_C_PRF_KEY_FULL:
ctx = (krb5_gss_ctx_id_t) context_handle;
- if (! ctx->established) {
+ if (ctx->terminated || !ctx->established) {
*minor_status = KG_CTX_INCOMPLETE;
return(GSS_S_NO_CONTEXT);
}
+ /* We only support context deletion tokens for now, and RFC 4121 does not
+ * define a context deletion token. */
+ if (ctx->proto) {
+ *minor_status = 0;
+ return(GSS_S_DEFECTIVE_TOKEN);
+ }
+
/* "unseal" the token */
if (GSS_ERROR(majerr = kg_unseal(minor_status, context_handle,
KG_TOK_DEL_CTX)))
return(majerr);
- /* that's it. delete the context */
-
- return(krb5_gss_delete_sec_context(minor_status, &context_handle,
- GSS_C_NO_BUFFER));
+ /* Mark the context as terminated, but do not delete it (as that would
+ * leave the caller with a dangling context handle). */
+ ctx->terminated = 1;
+ return(GSS_S_COMPLETE);
}
}
ctx = (krb5_gss_ctx_id_rec *) context_handle;
- if (! ctx->established) {
+ if (ctx->terminated || !ctx->established) {
*minor_status = KG_CTX_INCOMPLETE;
return(GSS_S_NO_CONTEXT);
}
uctx.mech_type = &mech_krb5;
uctx.internal_ctx_id = (gss_ctx_id_t)&kgctx;
kgctx.k5_context = NULL;
+ kgctx.established = 1;
kgctx.have_acceptor_subkey = 1;
kb1.contents = k1buf;
kb2.contents = k2buf;
projects / thirdparty / krb5.git / commitdiff
