1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
/* -*- mode: c; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
* Permission to use, copy, modify, distribute, and sell this software
* and its documentation for any purpose is hereby granted without fee,
* provided that the above copyright notice appears in all copies and
* that both that copyright notice and this permission notice appear in
* supporting documentation, and that the name of OpenVision not be used
* in advertising or publicity pertaining to distribution of the software
* without specific, written prior permission. OpenVision makes no
* representations about the suitability of this software for any
* purpose. It is provided "as is" without express or implied warranty.
*
* OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
* INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
* EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
* CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
* USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
* OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
#include "gssapiP_krb5.h"
/*
* $Id$
*/
OM_uint32
krb5_gss_delete_sec_context(minor_status, context_handle, output_token)
OM_uint32 *minor_status;
gss_ctx_id_t *context_handle;
gss_buffer_t output_token;
{
krb5_context context;
krb5_gss_ctx_id_rec *ctx;
if (output_token) {
output_token->length = 0;
output_token->value = NULL;
}
/*SUPPRESS 29*/
if (*context_handle == GSS_C_NO_CONTEXT) {
*minor_status = 0;
return(GSS_S_COMPLETE);
}
/*SUPPRESS 29*/
/* validate the context handle */
if (! kg_validate_ctx_id(*context_handle)) {
*minor_status = (OM_uint32) G_VALIDATE_FAILED;
return(GSS_S_NO_CONTEXT);
}
ctx = (krb5_gss_ctx_id_t) *context_handle;
context = ctx->k5_context;
/* construct a delete context token if necessary */
if (output_token) {
OM_uint32 major;
gss_buffer_desc empty;
empty.length = 0; empty.value = NULL;
if ((major = kg_seal(minor_status, *context_handle, 0,
GSS_C_QOP_DEFAULT,
&empty, NULL, output_token, KG_TOK_DEL_CTX))) {
save_error_info(*minor_status, context);
return(major);
}
}
/* invalidate the context handle */
(void)kg_delete_ctx_id(*context_handle);
/* free all the context state */
if (ctx->seqstate)
g_order_free(&(ctx->seqstate));
if (ctx->enc)
krb5_free_keyblock(context, ctx->enc);
if (ctx->seq)
krb5_free_keyblock(context, ctx->seq);
if (ctx->here)
krb5_free_principal(context, ctx->here);
if (ctx->there)
krb5_free_principal(context, ctx->there);
if (ctx->subkey)
krb5_free_keyblock(context, ctx->subkey);
if (ctx->acceptor_subkey)
krb5_free_keyblock(context, ctx->acceptor_subkey);
if (ctx->auth_context) {
if (ctx->cred_rcache)
(void)krb5_auth_con_setrcache(context, ctx->auth_context, NULL);
krb5_auth_con_free(context, ctx->auth_context);
}
if (ctx->mech_used)
krb5_gss_release_oid(minor_status, &ctx->mech_used);
if (ctx->authdata)
krb5_free_authdata(context, ctx->authdata);
if (ctx->k5_context)
krb5_free_context(ctx->k5_context);
/* Zero out context */
memset(ctx, 0, sizeof(*ctx));
xfree(ctx);
/* zero the handle itself */
*context_handle = GSS_C_NO_CONTEXT;
*minor_status = 0;
return(GSS_S_COMPLETE);
}
|