diff -r -u Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/krb5_gss_glue.c Kerberos/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/krb5_gss_glue.c --- Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/krb5_gss_glue.c 2007-03-01 13:31:55.000000000 -0800 +++ Kerberos/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/krb5_gss_glue.c 2007-03-01 13:34:48.000000000 -0800 @@ -24,8 +24,10 @@ * $Id: krb5_gss_glue.c 18262 2006-06-29 04:38:48Z tlyu $ */ +#include #include "gssapiP_krb5.h" #include "mglueP.h" +#include "../spnego/gssapiP_spnego.h" /** mechglue wrappers **/ @@ -1061,7 +1063,6 @@ return GSS_S_DEFECTIVE_CREDENTIAL; } -/* XXX need to delete mechglue ctx too */ OM_uint32 KRB5_CALLCONV gss_krb5_export_lucid_sec_context( OM_uint32 *minor_status, @@ -1069,17 +1070,39 @@ OM_uint32 version, void **kctx) { - gss_union_ctx_id_t uctx; + gss_union_ctx_id_t uctx = (gss_union_ctx_id_t)*context_handle; + gss_union_ctx_id_t kerb_ctx; + OM_uint32 major = GSS_S_COMPLETE, minor = 0; + int is_spnego = 0; + + if (minor_status != NULL) + *minor_status = 0; + if (minor_status == NULL || context_handle == NULL || kctx == NULL) + return (GSS_S_CALL_INACCESSIBLE_WRITE); + *kctx = GSS_C_NO_CONTEXT; + + if (uctx == GSS_C_NO_CONTEXT) + return (GSS_S_CALL_INACCESSIBLE_READ); + + if (g_OID_equal(uctx->mech_type, &spnego_oids[0])) { + kerb_ctx = uctx->internal_ctx_id; + is_spnego = 1; + } + else + kerb_ctx = uctx; - uctx = (gss_union_ctx_id_t)*context_handle; - /* - if (!g_OID_equal(uctx->mech_type, &krb5_mechanism.mech_type) && - !g_OID_equal(uctx->mech_type, &krb5_mechanism_old.mech_type)) - return GSS_S_BAD_MECH; - */ - return gss_krb5int_export_lucid_sec_context(minor_status, - &uctx->internal_ctx_id, - version, kctx); + major = gss_krb5int_export_lucid_sec_context(minor_status, + &kerb_ctx->internal_ctx_id, version, kctx); + + if (major == GSS_S_COMPLETE) { + if (is_spnego) { + uctx->internal_ctx_id = GSS_C_NO_CONTEXT; + (void) gss_delete_sec_context(&minor, (gss_ctx_id_t *)&kerb_ctx, NULL); + } + (void) gss_delete_sec_context(&minor, context_handle, NULL); + } + + return (major); } OM_uint32 KRB5_CALLCONV diff -r -u Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/gssapi/spnego/gssapiP_spnego.h Kerberos/KerberosFramework/Kerberos5/Sources/lib/gssapi/spnego/gssapiP_spnego.h --- Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/gssapi/spnego/gssapiP_spnego.h 2007-02-07 12:40:20.000000000 -0800 +++ Kerberos/KerberosFramework/Kerberos5/Sources/lib/gssapi/spnego/gssapiP_spnego.h 2007-03-01 13:32:22.000000000 -0800 @@ -111,11 +111,11 @@ {SPNEGO_OID_LENGTH, SPNEGO_OID}, }; -const gss_OID_desc * const gss_mech_spnego = spnego_oids+0; +static const gss_OID_desc * const gss_mech_spnego = spnego_oids+0; static const gss_OID_set_desc spnego_oidsets[] = { {1, (gss_OID) spnego_oids+0}, }; -const gss_OID_set_desc * const gss_mech_set_spnego = spnego_oidsets+0; +static const gss_OID_set_desc * const gss_mech_set_spnego = spnego_oidsets+0; #ifdef DEBUG #define dsyslog(a) syslog(LOG_DEBUG, a)