Add a mutex to the GSSAPI krb5 mechanism credential structure. Lock it while
frobbing the contents.
Also added krb5_gss_validate_cred_1, which is like krb5_gss_validate_cred but
for internal use. It lets the caller supply the krb5_context instead of
creating yet another one locally, and leaves the new credential mutex locked on
a successful return so that the caller doesn't have to reacquire it. More
functions should be changed to use this internally, but it's a performance
issue; I don't think it's a correctness or thread-safety issue.
* gssapiP_krb5.h (struct _krb5_gss_cred_id_rec): Add a mutex.
(krb5_gss_validate_cred_1): Declare.
* accept_sec_context.c (rd_and_store_for_creds): Initialize mutex.
* acquire_cred.c (krb5_gss_acquire_cred): Initialize mutex.
* add_cred.c (krb5_gss_add_cred): Create the krb5 context earlier. Call
krb5_gss_validate_cred_1. Make sure the mutex is locked.
* copy_ccache.c (gss_krb5_copy_ccache): Lock the mutex in the source
credential.
* init_sec_context.c (get_credentials, new_connection): Check that the mutex is
locked.
(mutual_auth): Delete unused credential argument.
(krb5_gss_init_sec_context): Lock the mutex.
* inq_cred.c (krb5_gss_inquire_cred): Lock the mutex.
* rel_cred.c (krb5_gss_release_cred): Destroy the mutex.
* set_allowable_enctypes.c (gss_krb5_set_allowable_enctypes): Lock the mutex.
* val_cred.c (krb5_gss_validate_cred_1): New function.
(krb5_gss_validate_cred): Use it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16630
dc483132-0cff-0310-8789-
dd5450dbe970