From 1b190c9ac0a47f4dbd8db4a2e191758fc8d030f7 Mon Sep 17 00:00:00 2001
From: Sam Hartman <hartmans@mit.edu>
Date: Fri, 14 Mar 2003 20:37:36 +0000
Subject: [PATCH] Do not claim GSS_C_PROT_READY_FLAG since we don't support it

Our code does not currently support GSS_C_PROT_READY_FLAG so only
return that flag after context establishment. A potential future
addition is to support that flag and return GAP_TOKEN if the initiator
processes a message token before the final context token.

Ticket: 1352
Tags: pullup
Status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15280 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/gssapi/krb5/ChangeLog            | 11 +++++++++++
 src/lib/gssapi/krb5/accept_sec_context.c |  1 +
 src/lib/gssapi/krb5/gssapiP_krb5.h       |  2 +-
 src/lib/gssapi/krb5/init_sec_context.c   |  1 +
 4 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index 7424a251d..47f718d16 100644
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,14 @@
+2003-03-14  Sam Hartman  <hartmans@mit.edu>
+
+	* accept_sec_context.c (krb5_gss_accept_sec_context): Set
+	prot_ready here
+
+	* init_sec_context.c (krb5_gss_init_sec_context):  Set prot_ready
+	after context established
+
+	* gssapiP_krb5.h (KG_IMPLFLAGS): Don't claim prot_ready until the
+	context is established  because we don't currently support it.  
+
 2003-03-06  Alexandra Ellwood  <lxs@mit.edu>
 
     * disp_status.c, gssapi_krb5.h, gssapiP_krb5.h: 
diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
index 5ff6146ea..a004acb22 100644
--- a/src/lib/gssapi/krb5/accept_sec_context.c
+++ b/src/lib/gssapi/krb5/accept_sec_context.c
@@ -719,6 +719,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
 				       &ctx->seq_send);
 
        /* the reply token hasn't been sent yet, but that's ok. */
+       ctx->gss_flags |= GSS_C_PROT_READY_FLAG;
        ctx->established = 1;
 
        token.length = g_token_size((gss_OID) mech_used, ap_rep.length);
diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h
index 325108612..f50653dbf 100644
--- a/src/lib/gssapi/krb5/gssapiP_krb5.h
+++ b/src/lib/gssapi/krb5/gssapiP_krb5.h
@@ -83,7 +83,7 @@
 #define KG_TOK_DEL_CTX		0x0102
 
 #define KG_IMPLFLAGS(x) (GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG | \
-			 GSS_C_TRANS_FLAG | GSS_C_PROT_READY_FLAG | \
+			 GSS_C_TRANS_FLAG | \
 			 ((x) & (GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | \
 				 GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG)))
 
diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c
index 8877052ba..ba630f1eb 100644
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -688,6 +688,7 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
 	 g_order_init(&(ctx->seqstate), ctx->seq_recv,
 		      (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0, 
 		      (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0);
+	 ctx->gss_flags |= GSS_C_PROT_READY_FLAG;
 	 ctx->established = 1;
 	 /* fall through to GSS_S_COMPLETE */
       }
-- 
2.26.2