Don't free cred handle used in kadm5 server handle

At the end of setup_gss(), gss_client_creds is released, but an alias
to the credential handle is saved in kadm5_server_handle_t in
handle->clnt->cl_auth->(struct rpc_gss_data *)ah_private->sec.cred.
Accessing these credentials (by authgss_refresh) can result in use
after free.

This fix stores credential reference in server handle and releases
the credentials in kadm5_destroy.

[ghudson@mit.edu: initialize handle->cred to correct constant; get rid
of gss_client_creds variable; clarify commit message slightly]

ticket: 7891 (new)

0 files changed, 0 insertions, 0 deletions