A couple bug reports/patches from Ed Phillips (flaregun@udel.edu)

	* in_tkt_ktb.c (keytab_keyproc()): Fix memory leak.
	* recvauth.c (krb5_recvauth()): Don't open a new rcache if
		the auth_context already has one.
	* auth_con.c (krb5_auth_con_free()): Close rcache is the
		auth_context has one set.
	* auth_con.c (krb5_auth_con_getrcache()): Return pointer
		to the rcache set in the auth_context.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6043 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index 141f8f44752d4870259c8f45888174374671352b..f805e20ebe8c0bcfb06730bd38eeaa3c79ab6298 100644 (file)
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,15 @@
+
+Mon Jun 12 16:49:42 1995  Chris Provenzano (proven@mit.edu)
+
+       A couple bug reports/patches from Ed Phillips (flaregun@udel.edu)
+       * in_tkt_ktb.c (keytab_keyproc()): Fix memory leak. 
+       * recvauth.c (krb5_recvauth()): Don't open a new rcache if
+               the auth_context already has one.
+       * auth_con.c (krb5_auth_con_free()): Close rcache is the
+               auth_context has one set.
+       * auth_con.c (krb5_auth_con_getrcache()): Return pointer
+               to the rcache set in the auth_context.
+
 Sun Jun 11 12:31:39 1995  Ezra Peisach  (epeisach@kangaroo.mit.edu)
 
        * auth_con.c (krb5_auth_con_init): Zero newly allocated

diff --git a/src/lib/krb5/krb/auth_con.c b/src/lib/krb5/krb/auth_con.c
index 86af54bfffb03c70faa17ad5159d957fca57b8de..840cfe82f7d492fe9ccffe1a6b5fcc709fbba388 100644 (file)
--- a/src/lib/krb5/krb/auth_con.c
+++ b/src/lib/krb5/krb/auth_con.c
@@ -44,6 +44,8 @@ krb5_auth_con_free(context, auth_context)
        krb5_free_keyblock(context, auth_context->local_subkey);
     if (auth_context->remote_subkey) 
        krb5_free_keyblock(context, auth_context->remote_subkey);
+    if (auth_context->rcache)
+       krb5_rc_close(context, auth_context->rcache);
     free(auth_context);
     return 0;
 }
@@ -351,3 +353,14 @@ krb5_auth_con_setrcache(context, auth_context, rcache)
     auth_context->rcache = rcache;
     return 0;
 }
+    
+krb5_error_code
+krb5_auth_con_getrcache(context, auth_context, rcache)
+    krb5_context         context;
+    krb5_auth_context    auth_context;
+    krb5_rcache                * rcache;
+{
+    *rcache = auth_context->rcache;
+    return 0;
+}
+    

diff --git a/src/lib/krb5/krb/in_tkt_ktb.c b/src/lib/krb5/krb/in_tkt_ktb.c
index d5cbf1195c13e8f465c903d68ab434d3c2b0cb96..9cf295e833e5cfaac4734fb3c6e4f08aeeb88a26 100644 (file)
--- a/src/lib/krb5/krb/in_tkt_ktb.c
+++ b/src/lib/krb5/krb/in_tkt_ktb.c
@@ -86,6 +86,8 @@ keytab_keyproc(context, type, salt, keyseed, key)
     }  
 
     (void) krb5_kt_free_entry(context, &kt_ent);
+    if (arg->keytab) 
+       krb5_kt_close(context, kt_id);
     *key = realkey;
     return 0;
 }

diff --git a/src/lib/krb5/krb/recvauth.c b/src/lib/krb5/krb/recvauth.c
index 27052fc4190b364ea548caed68558523ff984045..77ea1cfc33c9e00eb9555af5c4f9ce078837cc55 100644 (file)
--- a/src/lib/krb5/krb/recvauth.c
+++ b/src/lib/krb5/krb/recvauth.c
@@ -130,23 +130,33 @@ krb5_recvauth(context, auth_context,
                return(problem); /* We'll return the top-level problem */
        }
        if (problem)
-               return(problem);
+           return(problem);
+
+    /* We are clear of errors here */
 
-/* Were clear here */
     /*
-     * Setup the replay cache.
+     * Now, let's read the AP_REQ message and decode it
      */
-    if (server) {
-        problem = krb5_get_server_rcache(context, 
-                       krb5_princ_component(context, server, 0), &rcache);
-    } else {
-       null_server.length = 7;
-       null_server.data = "default";
-       problem = krb5_get_server_rcache(context, &null_server, &rcache);
-    }
+    if (retval = krb5_read_message(context, fd, &inbuf))
+        return retval;
 
-    if (!problem) {
-       if (krb5_rc_recover(context, rcache)) {
+    if (*auth_context == NULL) {
+       problem = krb5_auth_con_init(context, &new_auth_context);
+       *auth_context = new_auth_context;
+    }
+    if ((!problem) && ((*auth_context)->rcache == NULL)) {
+        /*
+         * Setup the replay cache.
+         */
+        if (server) {
+            problem = krb5_get_server_rcache(context, 
+                       krb5_princ_component(context, server, 0), &rcache);
+        } else {
+           null_server.length = 7;
+           null_server.data = "default";
+           problem = krb5_get_server_rcache(context, &null_server, &rcache);
+        }
+       if ((!problem) && krb5_rc_recover(context, rcache)) {
            /*
             * If the rc_recover() didn't work, then try
             * initializing the replay cache.
@@ -157,29 +167,12 @@ krb5_recvauth(context, auth_context,
                rcache = NULL;
            }
        }
-    }
-
-    /*
-     * Now, let's read the AP_REQ message and decode it
-     */
-    if ((retval = krb5_read_message(context, fd, &inbuf))) {
-       if (problem) /* Return top level problem */
-           retval = problem; 
-       goto cleanup;
-    }
-
-    if (!problem) {
-       if (*auth_context == NULL) {
-           problem = krb5_auth_con_init(context, &new_auth_context);
-           *auth_context = new_auth_context;
-       }
-    }
-    if (!problem) {
-       problem = krb5_auth_con_setrcache(context, *auth_context, rcache);
+        if (!problem) 
+           problem = krb5_auth_con_setrcache(context, *auth_context, rcache);
     }
     if (!problem) {
        problem = krb5_rd_req(context, auth_context, &inbuf, server,
-                                     keytab, &ap_option, ticket);
+                             keytab, &ap_option, ticket);
        krb5_xfree(inbuf.data);
     }
        
@@ -240,6 +233,7 @@ cleanup:;
     if (retval) {
        if (rcache)
            krb5_rc_close(context, rcache);
+       krb5_auth_con_free(context, *auth_context);
     }
     return retval;
 }