From eac86677d66fe140f7ca54205773c95687e4abe5 Mon Sep 17 00:00:00 2001
From: Theodore Tso <tytso@mit.edu>
Date: Wed, 11 Jun 1997 20:45:39 +0000
Subject: [PATCH] gss-server.c (server_establish_context): Rearrange server
 establish 	context loop to match with the draft-ietf-gssv2-cbind-04.txt 
 suggestion --- always send the output token even in the case of an 	error,
 and call gss_delete_sec_context() if needed.

gss-client.c (client_establish_context): Check for error condition
	after sending the output token, if present.  In case of error, call
	delete_sec_context if necessary.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10096 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/appl/gss-sample/ChangeLog    | 12 ++++++++++++
 src/appl/gss-sample/gss-client.c | 20 ++++++++++++--------
 src/appl/gss-sample/gss-server.c | 19 +++++++++++--------
 3 files changed, 35 insertions(+), 16 deletions(-)

diff --git a/src/appl/gss-sample/ChangeLog b/src/appl/gss-sample/ChangeLog
index 7cc938680..68aa4ab30 100644
--- a/src/appl/gss-sample/ChangeLog
+++ b/src/appl/gss-sample/ChangeLog
@@ -1,3 +1,15 @@
+Fri Jun  6 15:05:57 1997  Theodore Y. Ts'o  <tytso@mit.edu>
+
+	* gss-server.c (server_establish_context): Rearrange server
+		establish context loop to match with the
+		draft-ietf-gssv2-cbind-04.txt suggestion --- always send
+		the output token even in the case of an error, and call
+		gss_delete_sec_context() if needed.
+
+	* gss-client.c (client_establish_context): Check for error
+		condition after sending the output token, if present.  In
+		case of error, call delete_sec_context if necessary.
+
 Wed Feb  5 20:25:57 1997  Tom Yu  <tlyu@mit.edu>
 
 	* Makefile.in:
diff --git a/src/appl/gss-sample/gss-client.c b/src/appl/gss-sample/gss-client.c
index b91ea87aa..e0bca99c4 100644
--- a/src/appl/gss-sample/gss-client.c
+++ b/src/appl/gss-sample/gss-client.c
@@ -132,7 +132,7 @@ int client_establish_context(s, service_name, deleg_flag, oid,
 {
      gss_buffer_desc send_tok, recv_tok, *token_ptr;
      gss_name_t target_name;
-     OM_uint32 maj_stat, min_stat;
+     OM_uint32 maj_stat, min_stat, init_sec_min_stat;
 
      /*
       * Import the name into target_name.  Use send_tok to save
@@ -168,7 +168,7 @@ int client_establish_context(s, service_name, deleg_flag, oid,
 
      do {
 	  maj_stat =
-	       gss_init_sec_context(&min_stat,
+	       gss_init_sec_context(&init_sec_min_stat,
 				    GSS_C_NO_CREDENTIAL,
 				    gss_context,
 				    target_name,
@@ -186,12 +186,6 @@ int client_establish_context(s, service_name, deleg_flag, oid,
 	  if (token_ptr != GSS_C_NO_BUFFER)
 	       (void) gss_release_buffer(&min_stat, &recv_tok);
 
-	  if (maj_stat!=GSS_S_COMPLETE && maj_stat!=GSS_S_CONTINUE_NEEDED) {
-	       display_status("initializing context", maj_stat, min_stat);
-	       (void) gss_release_name(&min_stat, &target_name);
-	       return -1;
-	  }
-
 	  if (send_tok.length != 0) {
 	       printf("Sending init_sec_context token (size=%d)...",
 		     send_tok.length);
@@ -202,6 +196,16 @@ int client_establish_context(s, service_name, deleg_flag, oid,
 	       }
 	  }
 	  (void) gss_release_buffer(&min_stat, &send_tok);
+
+	  if (maj_stat!=GSS_S_COMPLETE && maj_stat!=GSS_S_CONTINUE_NEEDED) {
+	       display_status("initializing context", maj_stat,
+			      init_sec_min_stat);
+	       (void) gss_release_name(&min_stat, &target_name);
+	       if (*gss_context == GSS_C_NO_CONTEXT)
+		       gss_delete_sec_context(&min_stat, gss_context,
+					      GSS_C_NO_BUFFER);
+	       return -1;
+	  }
 	  
 	  if (maj_stat == GSS_S_CONTINUE_NEEDED) {
 	       printf("continue needed...");
diff --git a/src/appl/gss-sample/gss-server.c b/src/appl/gss-sample/gss-server.c
index c2549e4b6..f195b45a0 100644
--- a/src/appl/gss-sample/gss-server.c
+++ b/src/appl/gss-sample/gss-server.c
@@ -137,7 +137,7 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags)
      gss_buffer_desc send_tok, recv_tok;
      gss_name_t client;
      gss_OID doid;
-     OM_uint32 maj_stat, min_stat;
+     OM_uint32 maj_stat, min_stat, acc_sec_min_stat;
      gss_buffer_desc	oid_name;
 
      *context = GSS_C_NO_CONTEXT;
@@ -152,7 +152,7 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags)
 	  }
 
 	  maj_stat =
-	       gss_accept_sec_context(&min_stat,
+	       gss_accept_sec_context(&acc_sec_min_stat,
 				      context,
 				      server_creds,
 				      &recv_tok,
@@ -164,12 +164,6 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags)
 				      NULL, 	/* ignore time_rec */
 				      NULL); 	/* ignore del_cred_handle */
 
-	  if (maj_stat!=GSS_S_COMPLETE && maj_stat!=GSS_S_CONTINUE_NEEDED) {
-	       display_status("accepting context", maj_stat, min_stat);
-	       (void) gss_release_buffer(&min_stat, &recv_tok);
-	       return -1;
-	  }
-
 	  (void) gss_release_buffer(&min_stat, &recv_tok);
 
 	  if (send_tok.length != 0) {
@@ -186,6 +180,15 @@ int server_establish_context(s, server_creds, context, client_name, ret_flags)
 
 	       (void) gss_release_buffer(&min_stat, &send_tok);
 	  }
+	  if (maj_stat!=GSS_S_COMPLETE && maj_stat!=GSS_S_CONTINUE_NEEDED) {
+	       display_status("accepting context", maj_stat,
+			      acc_sec_min_stat);
+	       if (*context == GSS_C_NO_CONTEXT)
+		       gss_delete_sec_context(&min_stat, context,
+					      GSS_C_NO_BUFFER);
+	       return -1;
+	  }
+
 	  if (verbose && log) {
 	      if (maj_stat == GSS_S_CONTINUE_NEEDED)
 		  fprintf(log, "continue needed...\n");
-- 
2.26.2