From ad83859f1a09e833e9d4fa8fa5c778a68ec32093 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Sun, 16 Mar 2003 17:41:12 +0000
Subject: [PATCH] (gss_accept_sec_context): take care to set export value to
 something sane before we start so caller will have harmless values in them if
 we failed, set lifetime from ticket expiration date

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11739 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/gssapi/accept_sec_context.c      | 16 +++++++++++-----
 lib/gssapi/krb5/accept_sec_context.c | 16 +++++++++++-----
 2 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/lib/gssapi/accept_sec_context.c b/lib/gssapi/accept_sec_context.c
index 2f5ecd639..4b55acb21 100644
--- a/lib/gssapi/accept_sec_context.c
+++ b/lib/gssapi/accept_sec_context.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -92,6 +92,11 @@ gss_accept_sec_context
     output_token->length = 0;
     output_token->value   = NULL;
 
+    if (src_name != NULL)
+	*src_name = NULL;
+    if (mech_type)
+	*mech_type = GSS_KRB5_MECHANISM;
+
     if (*context_handle == GSS_C_NO_CONTEXT) {
 	*context_handle = malloc(sizeof(**context_handle));
 	if (*context_handle == GSS_C_NO_CONTEXT) {
@@ -106,9 +111,7 @@ gss_accept_sec_context
     (*context_handle)->flags = 0;
     (*context_handle)->more_flags = 0;
     (*context_handle)->ticket = NULL;
-
-    if (src_name != NULL)
-	*src_name = NULL;
+    (*context_handle)->lifetime = GSS_C_INDEFINITE;
 
     kret = krb5_auth_con_init (gssapi_krb5_context,
 			       &(*context_handle)->auth_context);
@@ -361,6 +364,7 @@ gss_accept_sec_context
 
     if (ret_flags)
 	*ret_flags = flags;
+    (*context_handle)->lifetime = ticket->ticket.endtime;
     (*context_handle)->flags = flags;
     (*context_handle)->more_flags |= OPEN;
 
@@ -368,7 +372,7 @@ gss_accept_sec_context
 	*mech_type = GSS_KRB5_MECHANISM;
 
     if (time_rec)
-	*time_rec = GSS_C_INDEFINITE;
+	*time_rec = (*context_handle)->lifetime;
 
     if(flags & GSS_C_MUTUAL_FLAG) {
 	krb5_data outbuf;
@@ -391,6 +395,7 @@ gss_accept_sec_context
 	    goto failure;
     } else {
 	output_token->length = 0;
+	output_token->value = NULL;
     }
 
     (*context_handle)->ticket = ticket;
@@ -400,6 +405,7 @@ gss_accept_sec_context
     krb5_free_ticket (context, ticket);
 #endif
 
+    *minor_status = 0;
     return GSS_S_COMPLETE;
 
   failure:
diff --git a/lib/gssapi/krb5/accept_sec_context.c b/lib/gssapi/krb5/accept_sec_context.c
index 2f5ecd639..4b55acb21 100644
--- a/lib/gssapi/krb5/accept_sec_context.c
+++ b/lib/gssapi/krb5/accept_sec_context.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -92,6 +92,11 @@ gss_accept_sec_context
     output_token->length = 0;
     output_token->value   = NULL;
 
+    if (src_name != NULL)
+	*src_name = NULL;
+    if (mech_type)
+	*mech_type = GSS_KRB5_MECHANISM;
+
     if (*context_handle == GSS_C_NO_CONTEXT) {
 	*context_handle = malloc(sizeof(**context_handle));
 	if (*context_handle == GSS_C_NO_CONTEXT) {
@@ -106,9 +111,7 @@ gss_accept_sec_context
     (*context_handle)->flags = 0;
     (*context_handle)->more_flags = 0;
     (*context_handle)->ticket = NULL;
-
-    if (src_name != NULL)
-	*src_name = NULL;
+    (*context_handle)->lifetime = GSS_C_INDEFINITE;
 
     kret = krb5_auth_con_init (gssapi_krb5_context,
 			       &(*context_handle)->auth_context);
@@ -361,6 +364,7 @@ gss_accept_sec_context
 
     if (ret_flags)
 	*ret_flags = flags;
+    (*context_handle)->lifetime = ticket->ticket.endtime;
     (*context_handle)->flags = flags;
     (*context_handle)->more_flags |= OPEN;
 
@@ -368,7 +372,7 @@ gss_accept_sec_context
 	*mech_type = GSS_KRB5_MECHANISM;
 
     if (time_rec)
-	*time_rec = GSS_C_INDEFINITE;
+	*time_rec = (*context_handle)->lifetime;
 
     if(flags & GSS_C_MUTUAL_FLAG) {
 	krb5_data outbuf;
@@ -391,6 +395,7 @@ gss_accept_sec_context
 	    goto failure;
     } else {
 	output_token->length = 0;
+	output_token->value = NULL;
     }
 
     (*context_handle)->ticket = ticket;
@@ -400,6 +405,7 @@ gss_accept_sec_context
     krb5_free_ticket (context, ticket);
 #endif
 
+    *minor_status = 0;
     return GSS_S_COMPLETE;
 
   failure: