From: Tom Yu <tlyu@mit.edu>
Date: Mon, 1 Nov 2010 20:36:28 +0000 (+0000)
Subject: pull up r24482 from trunk
X-Git-Tag: krb5-1.9-beta1~6
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=69e4bc941d1a652d46f7bec03e7ea0106496f44a;p=krb5.git

pull up r24482 from trunk

 ------------------------------------------------------------------------
 r24482 | ghudson | 2010-10-25 17:55:54 -0400 (Mon, 25 Oct 2010) | 8 lines

 ticket: 6787
 target_version: 1.9
 tags: pullup

 When we create a temporary memory ccache for use within a
 krb5_gss_cred_id_rec, set a flag to indicate that the ccache should be
 destroyed rather than closed.  Patch from aberry@likewise.com.

ticket: 6787
version_fixed: 1.9
status: resolved

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24497 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
index 47eff359d..0c0b3a547 100644
--- a/src/lib/gssapi/krb5/accept_sec_context.c
+++ b/src/lib/gssapi/krb5/accept_sec_context.c
@@ -253,6 +253,7 @@ rd_and_store_for_creds(context, auth_context, inbuf, out_cred)
         cred->keytab = NULL; /* no keytab associated with this... */
         cred->tgt_expire = creds[0]->times.endtime; /* store the end time */
         cred->ccache = ccache; /* the ccache containing the credential */
+        cred->destroy_ccache = 1;
         ccache = NULL; /* cred takes ownership so don't destroy */
     }
 
diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
index 8e222ff01..a328a3db8 100644
--- a/src/lib/gssapi/krb5/acquire_cred.c
+++ b/src/lib/gssapi/krb5/acquire_cred.c
@@ -546,6 +546,7 @@ acquire_cred(OM_uint32 *minor_status,
 #ifndef LEAN_CLIENT
     cred->keytab = NULL;
 #endif /* LEAN_CLIENT */
+    cred->destroy_ccache = 0;
     cred->ccache = NULL;
 
     code = k5_mutex_init(&cred->lock);
diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h
index fc74ff1a1..ce0265234 100644
--- a/src/lib/gssapi/krb5/gssapiP_krb5.h
+++ b/src/lib/gssapi/krb5/gssapiP_krb5.h
@@ -173,6 +173,7 @@ typedef struct _krb5_gss_cred_id_rec {
     unsigned int proxy_cred : 1;
     unsigned int default_identity : 1;
     unsigned int iakerb_mech : 1;
+    unsigned int destroy_ccache : 1;
 
     /* keytab (accept) data */
     krb5_keytab keytab;
diff --git a/src/lib/gssapi/krb5/rel_cred.c b/src/lib/gssapi/krb5/rel_cred.c
index d1c571a2f..7f9a16fc4 100644
--- a/src/lib/gssapi/krb5/rel_cred.c
+++ b/src/lib/gssapi/krb5/rel_cred.c
@@ -55,9 +55,12 @@ krb5_gss_release_cred(minor_status, cred_handle)
     k5_mutex_destroy(&cred->lock);
     /* ignore error destroying mutex */
 
-    if (cred->ccache)
-        code1 = krb5_cc_close(context, cred->ccache);
-    else
+    if (cred->ccache) {
+        if (cred->destroy_ccache)
+            code1 = krb5_cc_destroy(context, cred->ccache);
+        else
+            code1 = krb5_cc_close(context, cred->ccache);
+    } else
         code1 = 0;
 
 #ifndef LEAN_CLIENT
diff --git a/src/lib/gssapi/krb5/s4u_gss_glue.c b/src/lib/gssapi/krb5/s4u_gss_glue.c
index cecbbb0c0..90725184a 100644
--- a/src/lib/gssapi/krb5/s4u_gss_glue.c
+++ b/src/lib/gssapi/krb5/s4u_gss_glue.c
@@ -226,6 +226,7 @@ kg_compose_deleg_cred(OM_uint32 *minor_status,
     code = krb5_cc_new_unique(context, "MEMORY", NULL, &cred->ccache);
     if (code != 0)
         goto cleanup;
+    cred->destroy_ccache = 1;
 
     code = krb5_cc_initialize(context, cred->ccache,
                               cred->proxy_cred ? impersonator_cred->name->princ :