* gssapiP_krb5.h (struct _krb5_gss_ctx_id_rec): Delete fields init_token and

testing_unknown_tokid.
* init_sec_context.c (new_connection): Drop support (already inside "#if 0")
for them.
(krb5_gss_init_sec_context): Drop support for testing_unknown_tokid.
(mutual_auth): Don't let major_status be used uninitialized.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16168 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index 72e5c54ef2185d4c4b2437bacc3e9e84a2892ee5..ad17ecc1ea87f023e910defe6267ffd441ccdf08 100644 (file)
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -3,6 +3,14 @@
        * gssapi_krb5.c (kg_vdb): Change type to g_set and initialize.
        * gssapiP_krb5.h (kg_vdb): Declaration updated.
 
+       * gssapiP_krb5.h (struct _krb5_gss_ctx_id_rec): Delete fields
+       init_token and testing_unknown_tokid.
+       * init_sec_context.c (new_connection): Drop support (already
+       inside "#if 0") for them.
+       (krb5_gss_init_sec_context): Drop support for
+       testing_unknown_tokid.
+       (mutual_auth): Don't let major_status be used uninitialized.
+
 2004-03-08  Ezra Peisach  <epeisach@mit.edu>
 
        * gssapiP_krb5.h: Add prototype for gss_krb5int_unseal_token_v3.

diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h
index 2fc18c03f682238404f99c5247d9f3f5479a50a8..e5b5c2663473d25c57a7acdd8fe0e01eaaa3e8b6 100644 (file)
--- a/src/lib/gssapi/krb5/gssapiP_krb5.h
+++ b/src/lib/gssapi/krb5/gssapiP_krb5.h
@@ -162,9 +162,6 @@ typedef struct _krb5_gss_ctx_id_rec {
    unsigned int big_endian : 1;
    unsigned int have_acceptor_subkey : 1;
    unsigned int seed_init : 1; /* XXX tested but never actually set */
-#ifdef CFX_EXERCISE
-   unsigned int testing_unknown_tokid : 1; /* for testing only */
-#endif
    OM_uint32 gss_flags;
    unsigned char seed[16];
    krb5_principal here;
@@ -193,9 +190,6 @@ typedef struct _krb5_gss_ctx_id_rec {
    krb5_cksumtype cksumtype;   /* for "main" subkey */
    krb5_keyblock *acceptor_subkey; /* CFX only */
    krb5_cksumtype acceptor_subkey_cksumtype;
-#ifdef CFX_EXERCISE
-    gss_buffer_desc init_token;
-#endif
 } krb5_gss_ctx_id_rec, *krb5_gss_ctx_id_t;
 
 extern g_set kg_vdb;

diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c
index 544316e0afe33fc7769132a3f054b1ed40c2229f..bb17dc5d5cb980e92e65a99246f16a0f5b342af1 100644 (file)
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -478,15 +478,6 @@ new_connection(
    /* complain if the input token is non-null */
 
    if (input_token != GSS_C_NO_BUFFER && input_token->length != 0) {
-#if 0 /* def CFX_EXERCISE */
-       if (*context_handle != GSS_C_NO_CONTEXT
-          && ((krb5_gss_ctx_id_t)*context_handle)->testing_unknown_tokid) {
-          /* XXX Should check for a KRB_ERROR message that we can
-             parse, and which contains the expected error code.  */
-          ctx = (krb5_gss_ctx_id_t)*context_handle;
-          goto resume_after_testing;
-       }
-#endif
        *minor_status = 0;
        return(GSS_S_DEFECTIVE_TOKEN);
    }
@@ -589,49 +580,6 @@ new_connection(
    *context_handle = (gss_ctx_id_t) ctx;
    ctx_free = 0;
 
-#if 0 /* Sigh.  We're changing the spec again.  */
-#ifdef CFX_EXERCISE
-   if (ctx->proto == 1
-       /* I think the RPC code may be broken.  Don't mess around
-         if we're authenticating to "kadmin/whatever".  */
-       && ctx->there->data[0].data[0] != 'k'
-       /* I *know* the FTP server code is broken.  */
-       && ctx->there->data[0].data[0] != 'f'
-       ) {
-       /* Create a bogus token and return it, with status
-         GSS_S_CONTINUE_NEEDED.  Save enough data that we can resume
-         on the next call.  */
-       static const unsigned char hack_token[20] = {
-          0x60, 0x12, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
-          0xf7, 0x12, 0x01, 0x02, 0x02, 0x12, 0x34, 0x68,
-          0x65, 0x6c, 0x6c, 0x6f
-       };
-       ctx->testing_unknown_tokid = 1;
-       ctx->init_token = token;
-       token.value = malloc(20);
-       token.length = 20;
-       if (token.value == NULL) {
-          /* Skip testing.  We'll probably die soon enough, but let's
-             not do it because we couldn't exercise this code
-             path.  */
-          goto resume_after_testing;
-       }
-       memcpy(token.value, hack_token, sizeof(hack_token));
-       /* Can just fall through into the normal return path, because
-         it'll always return GSS_S_CONTINUE_NEEDED because we're
-         doing mutual authentication.  */
-   }
-   if (0) {
-   resume_after_testing:
-       token = ctx->init_token;
-       ctx->init_token.value = 0;
-       ctx->init_token.length = 0;
-       ctx->testing_unknown_tokid = 0;
-       ctx_free = 0;
-   }
-#endif /* CFX_EXERCISE */
-#endif /* 0 */
-
    /* compute time_rec */
    if (time_rec) {
       if ((code = krb5_timeofday(context, &now)))
@@ -715,12 +663,12 @@ mutual_auth(
    krb5_error_code code;
    krb5int_access kaccess;
 
+   major_status = GSS_S_FAILURE;
+
    code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
    if (code)
        goto fail;
 
-   major_status = GSS_S_FAILURE;
-
    /* validate the context handle */
    /*SUPPRESS 29*/
    if (! kg_validate_ctx_id(*context_handle)) {
@@ -949,11 +897,7 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
    /* is this a new connection or not? */
 
    /*SUPPRESS 29*/
-   if (*context_handle == GSS_C_NO_CONTEXT
-#ifdef CFX_EXERCISE
-       || ((krb5_gss_ctx_id_t)*context_handle)->testing_unknown_tokid
-#endif
-       ) {
+   if (*context_handle == GSS_C_NO_CONTEXT) {
       major_status = new_connection(minor_status, cred, context_handle,
                                    target_name, mech_type, req_flags,
                                    time_req, input_chan_bindings,