- do some basic locking (no reference counting so contexts can be

removed while still used) - don't export gss_ctx_id_t_desc_struct and gss_cred_id_t_desc_struct - make sure all lifetime are returned in seconds left until expired, not in unix epoch git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12317 ec53bebd-3082-4978-b11e-865c3cabbd6b
2003-05-21 14:52:14 +00:00
parent a626def4cd
commit 42f3fc029a
42 changed files with 448 additions and 104 deletions
--- a/lib/gssapi/init_sec_context.c
+++ b/lib/gssapi/init_sec_context.c
@@ -212,6 +212,7 @@ init_auth
    (*context_handle)->more_flags   = 0;
    (*context_handle)->ticket       = NULL;
    (*context_handle)->lifetime     = GSS_C_INDEFINITE;
+    HEIMDAL_MUTEX_init(&(*context_handle)->ctx_id_mutex);

    kret = krb5_auth_con_init (gssapi_krb5_context,
 			       &(*context_handle)->auth_context);
@@ -428,6 +429,7 @@ init_auth
    if((*context_handle)->target)
 	krb5_free_principal (gssapi_krb5_context,
 			     (*context_handle)->target);
+    HEIMDAL_MUTEX_destroy(&(*context_handle)->ctx_id_mutex);
    free (*context_handle);
    krb5_data_free (&outbuf);
    *context_handle = GSS_C_NO_CONTEXT;
@@ -459,20 +461,25 @@ repl_mutual
    output_token->length = 0;
    output_token->value = NULL;

+    HEIMDAL_MUTEX_lock(&(*context_handle)->ctx_id_mutex);
+
    if (actual_mech_type)
 	*actual_mech_type = GSS_KRB5_MECHANISM;

    ret = gssapi_krb5_decapsulate (minor_status, input_token, &indata,
 				   "\x02\x00");
-    if (ret)
-				/* XXX - Handle AP_ERROR */
+    if (ret) {
+	HEIMDAL_MUTEX_unlock(&(*context_handle)->ctx_id_mutex);
+	/* XXX - Handle AP_ERROR */
 	return ret;
+    }

    kret = krb5_rd_rep (gssapi_krb5_context,
 			(*context_handle)->auth_context,
 			&indata,
 			&repl);
    if (kret) {
+	HEIMDAL_MUTEX_unlock(&(*context_handle)->ctx_id_mutex);
 	gssapi_krb5_set_error_string ();
 	*minor_status = kret;
 	return GSS_S_FAILURE;