svn rev #24482: trunk/src/lib/gssapi/krb5/

ghudson@MIT.EDU ghudson at MIT.EDU
Mon Oct 25 17:55:55 EDT 2010 

http://src.mit.edu/fisheye/changelog/krb5/?cs=24482
Commit By: ghudson
Log Message:
ticket: 6787
target_version: 1.9
tags: pullup

When we create a temporary memory ccache for use within a
krb5_gss_cred_id_rec, set a flag to indicate that the ccache should be
destroyed rather than closed.  Patch from aberry at likewise.com.



Changed Files:
U   trunk/src/lib/gssapi/krb5/accept_sec_context.c
U   trunk/src/lib/gssapi/krb5/acquire_cred.c
U   trunk/src/lib/gssapi/krb5/gssapiP_krb5.h
U   trunk/src/lib/gssapi/krb5/rel_cred.c
U   trunk/src/lib/gssapi/krb5/s4u_gss_glue.c
Modified: trunk/src/lib/gssapi/krb5/accept_sec_context.c
===================================================================
--- trunk/src/lib/gssapi/krb5/accept_sec_context.c	2010-10-25 20:17:54 UTC (rev 24481)
+++ trunk/src/lib/gssapi/krb5/accept_sec_context.c	2010-10-25 21:55:54 UTC (rev 24482)
@@ -253,6 +253,7 @@
         cred->keytab = NULL; /* no keytab associated with this... */
         cred->tgt_expire = creds[0]->times.endtime; /* store the end time */
         cred->ccache = ccache; /* the ccache containing the credential */
+        cred->destroy_ccache = 1;
         ccache = NULL; /* cred takes ownership so don't destroy */
     }
 

Modified: trunk/src/lib/gssapi/krb5/acquire_cred.c
===================================================================
--- trunk/src/lib/gssapi/krb5/acquire_cred.c	2010-10-25 20:17:54 UTC (rev 24481)
+++ trunk/src/lib/gssapi/krb5/acquire_cred.c	2010-10-25 21:55:54 UTC (rev 24482)
@@ -546,6 +546,7 @@
 #ifndef LEAN_CLIENT
     cred->keytab = NULL;
 #endif /* LEAN_CLIENT */
+    cred->destroy_ccache = 0;
     cred->ccache = NULL;
 
     code = k5_mutex_init(&cred->lock);

Modified: trunk/src/lib/gssapi/krb5/gssapiP_krb5.h
===================================================================
--- trunk/src/lib/gssapi/krb5/gssapiP_krb5.h	2010-10-25 20:17:54 UTC (rev 24481)
+++ trunk/src/lib/gssapi/krb5/gssapiP_krb5.h	2010-10-25 21:55:54 UTC (rev 24482)
@@ -173,6 +173,7 @@
     unsigned int proxy_cred : 1;
     unsigned int default_identity : 1;
     unsigned int iakerb_mech : 1;
+    unsigned int destroy_ccache : 1;
 
     /* keytab (accept) data */
     krb5_keytab keytab;

Modified: trunk/src/lib/gssapi/krb5/rel_cred.c
===================================================================
--- trunk/src/lib/gssapi/krb5/rel_cred.c	2010-10-25 20:17:54 UTC (rev 24481)
+++ trunk/src/lib/gssapi/krb5/rel_cred.c	2010-10-25 21:55:54 UTC (rev 24482)
@@ -55,9 +55,12 @@
     k5_mutex_destroy(&cred->lock);
     /* ignore error destroying mutex */
 
-    if (cred->ccache)
-        code1 = krb5_cc_close(context, cred->ccache);
-    else
+    if (cred->ccache) {
+        if (cred->destroy_ccache)
+            code1 = krb5_cc_destroy(context, cred->ccache);
+        else
+            code1 = krb5_cc_close(context, cred->ccache);
+    } else
         code1 = 0;
 
 #ifndef LEAN_CLIENT

Modified: trunk/src/lib/gssapi/krb5/s4u_gss_glue.c
===================================================================
--- trunk/src/lib/gssapi/krb5/s4u_gss_glue.c	2010-10-25 20:17:54 UTC (rev 24481)
+++ trunk/src/lib/gssapi/krb5/s4u_gss_glue.c	2010-10-25 21:55:54 UTC (rev 24482)
@@ -228,6 +228,7 @@
     code = krb5_cc_new_unique(context, "MEMORY", NULL, &cred->ccache);
     if (code != 0)
         goto cleanup;
+    cred->destroy_ccache = 1;
 
     code = krb5_cc_initialize(context, cred->ccache,
                               cred->proxy_cred ? impersonator_cred->name->princ :

More information about the cvs-krb5 mailing list