From b8b0145aeab5e92536c63c3f69db4c561ee48646 Mon Sep 17 00:00:00 2001
From: Stefan Becker <chemobejk@gmail.com>
Date: Fri, 22 Feb 2013 12:23:30 +0200
Subject: [PATCH] security: remove sip_sec_init_context()

All of the internal and special case handling has been removed from that
function. Move the remaining bits of code to the only calling place
instead, i.e. sip-transport.c.
---
 src/core/sip-sec.c       | 39 +--------------------------------------
 src/core/sip-sec.h       | 26 --------------------------
 src/core/sip-transport.c | 23 +++++++++++++++--------
 3 files changed, 16 insertions(+), 72 deletions(-)

diff --git a/src/core/sip-sec.c b/src/core/sip-sec.c
index 4a6f01f7..f709bef6 100644
--- a/src/core/sip-sec.c
+++ b/src/core/sip-sec.c
@@ -126,7 +126,7 @@ sip_sec_create_context(guint type,
 
 		ret = (*context->acquire_cred_func)(context, domain, username, password);
 		if (ret != SIP_SEC_E_OK) {
-			SIPE_DEBUG_INFO_NOFORMAT("ERROR: sip_sec_init_context failed to acquire credentials.");
+			SIPE_DEBUG_INFO_NOFORMAT("ERROR: sip_sec_create_context: failed to acquire credentials.");
 			(*context->destroy_context_func)(context);
 			context = NULL;
 		}
@@ -176,43 +176,6 @@ sip_sec_init_context_step(SipSecContext context,
 	return ret;
 }
 
-char *
-sip_sec_init_context(SipSecContext *context,
-		     int *expires,
-		     guint type,
-		     const int  sso,
-		     const char *domain,
-		     const char *username,
-		     const char *password,
-		     const char *target)
-{
-	char *output_toked_base64 = NULL;
-	int exp;
-
-	*context = sip_sec_create_context(type,
-					  sso,
-					  FALSE, /* connection-less for SIP */
-					  domain,
-					  username,
-					  password);
-	if (!*context) {
-		SIPE_DEBUG_INFO_NOFORMAT("ERROR: sip_sec_init_context: failed sip_sec_create_context()");
-		return NULL;
-	}
-
-	sip_sec_init_context_step(*context,
-				  target,
-				  NULL,
-				  &output_toked_base64,
-				  &exp);
-
-	if (expires) {
-		*expires = exp;
-	}
-
-	return output_toked_base64;
-}
-
 gboolean sip_sec_context_is_ready(SipSecContext context)
 {
 	return(context && (context->is_ready != 0));
diff --git a/src/core/sip-sec.h b/src/core/sip-sec.h
index 076df2ef..fcc6d540 100644
--- a/src/core/sip-sec.h
+++ b/src/core/sip-sec.h
@@ -69,32 +69,6 @@ sip_sec_init_context_step(SipSecContext context,
 			  int *expires);
 
 /**
- * A convenience method for sipe. Combines execution on sip_sec_create_context()
- * and sip_sec_init_context_step(). Suitable for connectionless NTLM (as in SIP).
- * Unsuitable for connection-based (TCP, TLS) Web authentication.
- *
- * Initializes security context.
- * Obtains cashed initial credentials (TGT for Kerberos) or requests new ones if required. In former case domain/username/password information is unnecessary.
- * Then obtains Service ticket (for Kerberos) , base64 encodes it and provide as output.
- *
- * @param context (in,out) security context to store and pass between security method invocations
- * @param mech (in) security mechanism - NTLM or Kerberos
- * @param domain (in) NTLM Domain/Kerberos Realm.
- * @param target (in) security target. Service principal name on case of Kerberos.
- * @param expires (out) security context expiration time in seconds.
- *
- * @return base64 encoded output token to send to server.
- */
-char *sip_sec_init_context(SipSecContext *context,
-			   int *expires,
-			   guint type,
-			   const int  sso,
-			   const char *domain,
-			   const char *username,
-			   const char *password,
-			   const char *target);
-
-/**
  * Check if the authentication of a security context is completed and it is
  * ready to be used for message signing and signature verification
  *
diff --git a/src/core/sip-transport.c b/src/core/sip-transport.c
index 8697c573..b833c33e 100644
--- a/src/core/sip-transport.c
+++ b/src/core/sip-transport.c
@@ -275,14 +275,21 @@ static gchar *initialize_auth_context(struct sipe_core_private *sipe_private,
 			}
 		}
 
-		gssapi_data = sip_sec_init_context(&(auth->gssapi_context),
-						   &(auth->expires),
-						   auth->type,
-						   SIPE_CORE_PUBLIC_FLAG_IS(SSO),
-						   sipe_private->authdomain ? sipe_private->authdomain : "",
-						   authuser,
-						   password,
-						   auth->target);
+		auth->gssapi_context = sip_sec_create_context(auth->type,
+							      SIPE_CORE_PUBLIC_FLAG_IS(SSO),
+							      FALSE, /* connection-less for SIP */
+							      sipe_private->authdomain ? sipe_private->authdomain : "",
+							      authuser,
+							      password);
+
+		if (auth->gssapi_context) {
+			sip_sec_init_context_step(auth->gssapi_context,
+						  auth->target,
+						  NULL,
+						  &gssapi_data,
+						  &(auth->expires));
+		}
+
 		if (!gssapi_data || !auth->gssapi_context) {
 			g_free(gssapi_data);
 			sipe_backend_connection_error(SIPE_CORE_PUBLIC,
-- 
2.11.4.GIT