[krbdev.mit.edu #6015] gss_export_lucid_sec_context support for SPNEGO

[Alexandra Ellwood via RT]

diff -r -u Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/krb5_gss_glue.c Kerberos/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/krb5_gss_glue.c
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/krb5_gss_glue.c	2007-03-01 13:31:55.000000000 -0800
+++ Kerberos/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/krb5_gss_glue.c	2007-03-01 13:34:48.000000000 -0800
@@ -24,8 +24,10 @@
  * $Id: krb5_gss_glue.c 18262 2006-06-29 04:38:48Z tlyu $
  */
 
+#include <syslog.h>
 #include "gssapiP_krb5.h"
 #include "mglueP.h"
+#include "../spnego/gssapiP_spnego.h"
 
 /** mechglue wrappers **/
 
@@ -1061,7 +1063,6 @@
     return GSS_S_DEFECTIVE_CREDENTIAL;
 }
 
-/* XXX need to delete mechglue ctx too */
 OM_uint32 KRB5_CALLCONV
 gss_krb5_export_lucid_sec_context(
     OM_uint32 *minor_status,
@@ -1069,17 +1070,39 @@
     OM_uint32 version,
     void **kctx)
 {
-    gss_union_ctx_id_t uctx;
+    gss_union_ctx_id_t uctx = (gss_union_ctx_id_t)*context_handle;
+    gss_union_ctx_id_t kerb_ctx;
+    OM_uint32 major = GSS_S_COMPLETE, minor = 0;
+    int is_spnego = 0;
+    
+    if (minor_status != NULL)
+	*minor_status = 0;
+    if (minor_status == NULL || context_handle == NULL || kctx == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+    *kctx = GSS_C_NO_CONTEXT;
+
+    if (uctx == GSS_C_NO_CONTEXT)
+	return (GSS_S_CALL_INACCESSIBLE_READ);
+
+    if (g_OID_equal(uctx->mech_type, &spnego_oids[0])) {
+        kerb_ctx = uctx->internal_ctx_id;
+        is_spnego = 1;
+    }
+    else
+        kerb_ctx = uctx;
 
-    uctx = (gss_union_ctx_id_t)*context_handle;
-    /*
-    if (!g_OID_equal(uctx->mech_type, &krb5_mechanism.mech_type) &&
-	!g_OID_equal(uctx->mech_type, &krb5_mechanism_old.mech_type))
-	return GSS_S_BAD_MECH;
-    */
-    return gss_krb5int_export_lucid_sec_context(minor_status,
-						&uctx->internal_ctx_id,
-						version, kctx);
+    major =  gss_krb5int_export_lucid_sec_context(minor_status,
+	&kerb_ctx->internal_ctx_id, version, kctx);
+
+    if (major == GSS_S_COMPLETE) {
+	if (is_spnego) {
+	    uctx->internal_ctx_id = GSS_C_NO_CONTEXT;
+	    (void) gss_delete_sec_context(&minor, (gss_ctx_id_t *)&kerb_ctx, NULL);
+	}
+	(void) gss_delete_sec_context(&minor, context_handle, NULL);
+    }
+    
+    return (major);
 }
 
 OM_uint32 KRB5_CALLCONV
diff -r -u Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/gssapi/spnego/gssapiP_spnego.h Kerberos/KerberosFramework/Kerberos5/Sources/lib/gssapi/spnego/gssapiP_spnego.h
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/gssapi/spnego/gssapiP_spnego.h	2007-02-07 12:40:20.000000000 -0800
+++ Kerberos/KerberosFramework/Kerberos5/Sources/lib/gssapi/spnego/gssapiP_spnego.h	2007-03-01 13:32:22.000000000 -0800
@@ -111,11 +111,11 @@
 	{SPNEGO_OID_LENGTH, SPNEGO_OID},
 };
 
-const gss_OID_desc * const gss_mech_spnego = spnego_oids+0;
+static const gss_OID_desc * const gss_mech_spnego = spnego_oids+0;
 static const gss_OID_set_desc spnego_oidsets[] = {
 	{1, (gss_OID) spnego_oids+0},
 };
-const gss_OID_set_desc * const gss_mech_set_spnego = spnego_oidsets+0;
+static const gss_OID_set_desc * const gss_mech_set_spnego = spnego_oidsets+0;
 
 #ifdef DEBUG
 #define	dsyslog(a) syslog(LOG_DEBUG, a)