delete_sec_context.c [plain text]
#include "gssapiP_krb5.h"
OM_uint32
krb5_gss_delete_sec_context(minor_status, context_handle, output_token)
OM_uint32 *minor_status;
gss_ctx_id_t *context_handle;
gss_buffer_t output_token;
{
krb5_context context;
krb5_gss_ctx_id_rec *ctx;
if (GSS_ERROR(kg_get_context(minor_status, &context)))
return(GSS_S_FAILURE);
if (output_token) {
output_token->length = 0;
output_token->value = NULL;
}
if (*context_handle == GSS_C_NO_CONTEXT) {
*minor_status = 0;
return(GSS_S_COMPLETE);
}
if (! kg_validate_ctx_id(*context_handle)) {
*minor_status = (OM_uint32) G_VALIDATE_FAILED;
return(GSS_S_NO_CONTEXT);
}
if (output_token) {
OM_uint32 major;
gss_buffer_desc empty;
empty.length = 0; empty.value = NULL;
if ((major = kg_seal(context, minor_status, *context_handle, 0,
GSS_C_QOP_DEFAULT,
&empty, NULL, output_token, KG_TOK_DEL_CTX)))
return(major);
}
(void)kg_delete_ctx_id(*context_handle);
ctx = (gss_ctx_id_t) *context_handle;
if (ctx->seqstate)
g_order_free(&(ctx->seqstate));
if (ctx->enc)
krb5_free_keyblock(context, ctx->enc);
if (ctx->seq)
krb5_free_keyblock(context, ctx->seq);
if (ctx->here)
krb5_free_principal(context, ctx->here);
if (ctx->there)
krb5_free_principal(context, ctx->there);
if (ctx->subkey)
krb5_free_keyblock(context, ctx->subkey);
if (ctx->auth_context) {
(void)krb5_auth_con_setrcache(context, ctx->auth_context, NULL);
krb5_auth_con_free(context, ctx->auth_context);
}
if (ctx->mech_used)
gss_release_oid(minor_status, &ctx->mech_used);
if (ctx->ctypes)
xfree(ctx->ctypes);
memset(ctx, 0, sizeof(*ctx));
xfree(ctx);
*context_handle = GSS_C_NO_CONTEXT;
*minor_status = 0;
return(GSS_S_COMPLETE);
}