diff options
| author | Greg Hudson <ghudson@mit.edu> | 2010-10-25 21:55:54 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2010-10-25 21:55:54 +0000 |
| commit | d97562fd4e735509c86cfd94588bebf3240f8dde (patch) | |
| tree | a28814eb8e093bf013dda180e3416cd8329563f5 /src/lib/gssapi | |
| parent | de8d9634dbe6b86f60d4e2adbdad5cda5fc8c9aa (diff) | |
| download | krb5-d97562fd4e735509c86cfd94588bebf3240f8dde.tar.gz krb5-d97562fd4e735509c86cfd94588bebf3240f8dde.tar.xz krb5-d97562fd4e735509c86cfd94588bebf3240f8dde.zip | |
When we create a temporary memory ccache for use within a
krb5_gss_cred_id_rec, set a flag to indicate that the ccache should be
destroyed rather than closed. Patch from aberry@likewise.com.
ticket: 6787
target_version: 1.9
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24482 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/gssapi')
| -rw-r--r-- | src/lib/gssapi/krb5/accept_sec_context.c | 1 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/acquire_cred.c | 1 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/gssapiP_krb5.h | 1 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/rel_cred.c | 9 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/s4u_gss_glue.c | 1 |
5 files changed, 10 insertions, 3 deletions
diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index 47eff359d..0c0b3a547 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -253,6 +253,7 @@ rd_and_store_for_creds(context, auth_context, inbuf, out_cred) cred->keytab = NULL; /* no keytab associated with this... */ cred->tgt_expire = creds[0]->times.endtime; /* store the end time */ cred->ccache = ccache; /* the ccache containing the credential */ + cred->destroy_ccache = 1; ccache = NULL; /* cred takes ownership so don't destroy */ } diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index 8e222ff01..a328a3db8 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -546,6 +546,7 @@ acquire_cred(OM_uint32 *minor_status, #ifndef LEAN_CLIENT cred->keytab = NULL; #endif /* LEAN_CLIENT */ + cred->destroy_ccache = 0; cred->ccache = NULL; code = k5_mutex_init(&cred->lock); diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index fc74ff1a1..ce0265234 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -173,6 +173,7 @@ typedef struct _krb5_gss_cred_id_rec { unsigned int proxy_cred : 1; unsigned int default_identity : 1; unsigned int iakerb_mech : 1; + unsigned int destroy_ccache : 1; /* keytab (accept) data */ krb5_keytab keytab; diff --git a/src/lib/gssapi/krb5/rel_cred.c b/src/lib/gssapi/krb5/rel_cred.c index d1c571a2f..7f9a16fc4 100644 --- a/src/lib/gssapi/krb5/rel_cred.c +++ b/src/lib/gssapi/krb5/rel_cred.c @@ -55,9 +55,12 @@ krb5_gss_release_cred(minor_status, cred_handle) k5_mutex_destroy(&cred->lock); /* ignore error destroying mutex */ - if (cred->ccache) - code1 = krb5_cc_close(context, cred->ccache); - else + if (cred->ccache) { + if (cred->destroy_ccache) + code1 = krb5_cc_destroy(context, cred->ccache); + else + code1 = krb5_cc_close(context, cred->ccache); + } else code1 = 0; #ifndef LEAN_CLIENT diff --git a/src/lib/gssapi/krb5/s4u_gss_glue.c b/src/lib/gssapi/krb5/s4u_gss_glue.c index 5e75aede9..ac07dad5d 100644 --- a/src/lib/gssapi/krb5/s4u_gss_glue.c +++ b/src/lib/gssapi/krb5/s4u_gss_glue.c @@ -228,6 +228,7 @@ kg_compose_deleg_cred(OM_uint32 *minor_status, code = krb5_cc_new_unique(context, "MEMORY", NULL, &cred->ccache); if (code != 0) goto cleanup; + cred->destroy_ccache = 1; code = krb5_cc_initialize(context, cred->ccache, cred->proxy_cred ? impersonator_cred->name->princ : |