summaryrefslogtreecommitdiffstats
path: root/src/lib/gssapi
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/gssapi')
-rw-r--r--src/lib/gssapi/krb5/accept_sec_context.c1
-rw-r--r--src/lib/gssapi/krb5/acquire_cred.c1
-rw-r--r--src/lib/gssapi/krb5/gssapiP_krb5.h1
-rw-r--r--src/lib/gssapi/krb5/rel_cred.c9
-rw-r--r--src/lib/gssapi/krb5/s4u_gss_glue.c1
5 files changed, 10 insertions, 3 deletions
diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
index 47eff359d..0c0b3a547 100644
--- a/src/lib/gssapi/krb5/accept_sec_context.c
+++ b/src/lib/gssapi/krb5/accept_sec_context.c
@@ -253,6 +253,7 @@ rd_and_store_for_creds(context, auth_context, inbuf, out_cred)
cred->keytab = NULL; /* no keytab associated with this... */
cred->tgt_expire = creds[0]->times.endtime; /* store the end time */
cred->ccache = ccache; /* the ccache containing the credential */
+ cred->destroy_ccache = 1;
ccache = NULL; /* cred takes ownership so don't destroy */
}
diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
index 8e222ff01..a328a3db8 100644
--- a/src/lib/gssapi/krb5/acquire_cred.c
+++ b/src/lib/gssapi/krb5/acquire_cred.c
@@ -546,6 +546,7 @@ acquire_cred(OM_uint32 *minor_status,
#ifndef LEAN_CLIENT
cred->keytab = NULL;
#endif /* LEAN_CLIENT */
+ cred->destroy_ccache = 0;
cred->ccache = NULL;
code = k5_mutex_init(&cred->lock);
diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h
index fc74ff1a1..ce0265234 100644
--- a/src/lib/gssapi/krb5/gssapiP_krb5.h
+++ b/src/lib/gssapi/krb5/gssapiP_krb5.h
@@ -173,6 +173,7 @@ typedef struct _krb5_gss_cred_id_rec {
unsigned int proxy_cred : 1;
unsigned int default_identity : 1;
unsigned int iakerb_mech : 1;
+ unsigned int destroy_ccache : 1;
/* keytab (accept) data */
krb5_keytab keytab;
diff --git a/src/lib/gssapi/krb5/rel_cred.c b/src/lib/gssapi/krb5/rel_cred.c
index d1c571a2f..7f9a16fc4 100644
--- a/src/lib/gssapi/krb5/rel_cred.c
+++ b/src/lib/gssapi/krb5/rel_cred.c
@@ -55,9 +55,12 @@ krb5_gss_release_cred(minor_status, cred_handle)
k5_mutex_destroy(&cred->lock);
/* ignore error destroying mutex */
- if (cred->ccache)
- code1 = krb5_cc_close(context, cred->ccache);
- else
+ if (cred->ccache) {
+ if (cred->destroy_ccache)
+ code1 = krb5_cc_destroy(context, cred->ccache);
+ else
+ code1 = krb5_cc_close(context, cred->ccache);
+ } else
code1 = 0;
#ifndef LEAN_CLIENT
diff --git a/src/lib/gssapi/krb5/s4u_gss_glue.c b/src/lib/gssapi/krb5/s4u_gss_glue.c
index 5e75aede9..ac07dad5d 100644
--- a/src/lib/gssapi/krb5/s4u_gss_glue.c
+++ b/src/lib/gssapi/krb5/s4u_gss_glue.c
@@ -228,6 +228,7 @@ kg_compose_deleg_cred(OM_uint32 *minor_status,
code = krb5_cc_new_unique(context, "MEMORY", NULL, &cred->ccache);
if (code != 0)
goto cleanup;
+ cred->destroy_ccache = 1;
code = krb5_cc_initialize(context, cred->ccache,
cred->proxy_cred ? impersonator_cred->name->princ :
generated by cgit (git 2.34.1) at 2026-01-07 17:02:16 +0000