- do some basic locking (no reference counting so contexts can be

removed while still used)
- don't export gss_ctx_id_t_desc_struct and gss_cred_id_t_desc_struct
- make sure all lifetime are returned in seconds left until expired,
  not in unix epoch


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12317 ec53bebd-3082-4978-b11e-865c3cabbd6b

lib/gssapi/unwrap.c

@@ -41,6 +41,7 @@ gss_krb5_get_remotekey(const gss_ctx_id_t context_handle,
 {
     krb5_keyblock *skey;
 
+    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
     krb5_auth_con_getremotesubkey(gssapi_krb5_context,
 				  context_handle->auth_context, 
 				  &skey);
@@ -52,6 +53,7 @@ gss_krb5_get_remotekey(const gss_ctx_id_t context_handle,
 	krb5_auth_con_getkey(gssapi_krb5_context,
 			     context_handle->auth_context, 
 			     &skey);
+    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
     if(skey == NULL)
 	return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */
     *key = skey;
@@ -151,6 +153,7 @@ unwrap_des
 
   /* verify sequence number */
   
+  HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
   krb5_auth_getremoteseqnumber (gssapi_krb5_context,
 				context_handle->auth_context,
 				&seq_number);
@@ -177,6 +180,7 @@ unwrap_des
   krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
 				context_handle->auth_context,
 				++seq_number);
+  HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
 
   /* copy out data */
 
@@ -278,6 +282,7 @@ unwrap_des3
 
   /* verify sequence number */
   
+  HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
   krb5_auth_getremoteseqnumber (gssapi_krb5_context,
 				context_handle->auth_context,
 				&seq_number);
@@ -328,6 +333,7 @@ unwrap_des3
   krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
 				context_handle->auth_context,
 				++seq_number);
+  HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
 
   /* verify checksum */