need more testing support for MS

This should allow use of the CFX_EXERCISE code to better check interoperability
of MS and MIT code with regard to future extensibility.

* init_sec_context.c (make_gss_checksum) [CFX_EXERCISE]: Don't crash on null
pointer in debugging code.
(new_connection): Disable CFX_EXERCISE unknown-token-id case detection.

* accept_sec_context.c (krb5_gss_accept_sec_context) [CFX_EXERCISE]: Log to
/tmp/gsslog whether delegation or extra option bytes were present.

ticket: new
target_version: 1.3.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15983 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 3 insertions, 2 deletions

diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c
index 20d416f..2dd320c 100644
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -194,7 +194,8 @@ make_gss_checksum (krb5_context context, krb5_auth_context auth_context,
 	data->checksum_data.length = 24;
     }
 #ifdef CFX_EXERCISE
-    if (data->ctx->auth_context->keyblock->enctype == 18) {
+    if (data->ctx->auth_context->keyblock != NULL
+	&& data->ctx->auth_context->keyblock->enctype == 18) {
 	srand(time(0) ^ getpid());
 	/* Our ftp client code stupidly assumes a base64-encoded
 	   version of the token will fit in 10K, so don't make this
@@ -477,7 +478,7 @@ new_connection(
    /* complain if the input token is non-null */
 
    if (input_token != GSS_C_NO_BUFFER && input_token->length != 0) {
-#ifdef CFX_EXERCISE
+#if 0 /* def CFX_EXERCISE */
        if (*context_handle != GSS_C_NO_CONTEXT
 	   && ((krb5_gss_ctx_id_t)*context_handle)->testing_unknown_tokid) {
 	   /* XXX Should check for a KRB_ERROR message that we can