* accept_sec_context.c (krb5_gss_accept_sec_context): Only null
out the auth_context's rcache if it was provided by acceptor
creds; this prevents a leak.
* delete_sec_context.c (krb5_gss_delete_sec_context): Only null
out the auth_context's rcache if it was provided by acceptor
creds; this prevents a leak.
* gssapiP_krb5.h (krb5_gss_ctx_id_rec): Add cred_rcache to track
whether acceptor creds provided an rcache.
ticket: 2600
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16465
dc483132-0cff-0310-8789-
dd5450dbe970
+2004-06-15 Tom Yu <tlyu@mit.edu>
+
+ * accept_sec_context.c (krb5_gss_accept_sec_context): Only null
+ out the auth_context's rcache if it was provided by acceptor
+ creds; this prevents a leak.
+
+ * delete_sec_context.c (krb5_gss_delete_sec_context): Only null
+ out the auth_context's rcache if it was provided by acceptor
+ creds; this prevents a leak.
+
+ * gssapiP_krb5.h (krb5_gss_ctx_id_rec): Add cred_rcache to track
+ whether acceptor creds provided an rcache.
+
2004-06-14 Tom Yu <tlyu@mit.edu>
* init_sec_context.c (krb5_gss_init_sec_context): Fix pointer
gss_cred_id_t cred_handle = NULL;
krb5_gss_cred_id_t deleg_cred = NULL;
krb5int_access kaccess;
- int got_rcache = 0;
+ int cred_rcache = 0;
code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
if (code) {
goto fail;
}
if (cred->rcache) {
- got_rcache = 1;
+ cred_rcache = 1;
if ((code = krb5_auth_con_setrcache(context, auth_context, cred->rcache))) {
major_status = GSS_S_FAILURE;
goto fail;
GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG)));
ctx->seed_init = 0;
ctx->big_endian = bigend;
+ ctx->cred_rcache = cred_rcache;
/* Intern the ctx pointer so that delete_sec_context works */
if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
krb5_free_authenticator(context, authdat);
/* The ctx structure has the handle of the auth_context */
if (auth_context && !ctx) {
- if (!got_rcache)
+ if (cred_rcache)
(void)krb5_auth_con_setrcache(context, auth_context, NULL);
krb5_auth_con_free(context, auth_context);
krb5_free_keyblock(context, ctx->acceptor_subkey);
if (ctx->auth_context) {
- (void)krb5_auth_con_setrcache(context, ctx->auth_context, NULL);
+ if (ctx->cred_rcache)
+ (void)krb5_auth_con_setrcache(context, ctx->auth_context, NULL);
+
krb5_auth_con_free(context, ctx->auth_context);
}
krb5_cksumtype cksumtype; /* for "main" subkey */
krb5_keyblock *acceptor_subkey; /* CFX only */
krb5_cksumtype acceptor_subkey_cksumtype;
+ int cred_rcache; /* did we get rcache from creds? */
} krb5_gss_ctx_id_rec, *krb5_gss_ctx_id_t;
extern g_set kg_vdb;
projects / krb5.git / commitdiff