Request for error handling advice….?
Matthew M. DeLoera
mdeloera at exacq.com
Mon Aug 29 19:16:21 EDT 2011
I have a (hopefully) very simple question. This is really more a GSS issue, but I'm not sure if there's a better forum, so my apologies in advance!
Basically, using gssglue/gssapi with gssapi_krb5. In my app:
OM_uint32 major = gss_import_name();
if (major == GSS_S_COMPLETE)
major = gas_acquire_cred();
Oversimplified but probably enough. I'm testing error handling on missing gssapi_krb5.so (missing provider underneath GSS, so dynamic load fails). I find that gas_import_name() does not fail, and in Ubuntu 10.04, the gas_release_name segfaults.
Any advice on when to NOT call gas_release_name? Obviously, I'm trying to avoid a leak. Observations:
- I have noticed that gas_acquire_cred happens to return GSS_S_BAD_MECH, which kind of makes sense, but I can't find enough docs to figure out whether to use the return value to either call gas_release_name or skip it.
- Was looking at docs for gss_inquire_names_for_mech, to see whether I could call it before gss_import_name to validate the environment.
- Was also looking at docs for gas_inquire_mechs_for_name, similarly……
Unless there's some other way to validate a gss_name_t before calling gas_release_name()?
Any advice would be most welcome!
More information about the krbdev