From: Theodore Tso <tytso@mit.edu>
Date: Fri, 12 Apr 1996 00:12:23 +0000 (+0000)
Subject: Fixed code to correctly handle errors reported from the mechanism
X-Git-Tag: krb5-1.0-beta6~222
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=a6f91df7fc1abc111feacd9db6eba3756dce2abd;p=krb5.git

Fixed code to correctly handle errors reported from the mechanism
layer.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7793 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/gssapi/mechglue/ChangeLog b/src/lib/gssapi/mechglue/ChangeLog
index d50e7695f..93351081d 100644
--- a/src/lib/gssapi/mechglue/ChangeLog
+++ b/src/lib/gssapi/mechglue/ChangeLog
@@ -1,3 +1,8 @@
+Thu Apr 11 20:11:00 1996  Theodore Y. Ts'o  <tytso@dcl>
+
+	* g_acquire_cred.c (gss_add_cred): Fixed code to correctly handle
+		errors reported from the mechanism layer.
+
 Wed Mar 27 00:05:37 1996  Theodore Y. Ts'o  <tytso@dcl>
 
 	* mglueP.h: Don't include <sys/types.h> mechglue.h will take care
diff --git a/src/lib/gssapi/mechglue/g_acquire_cred.c b/src/lib/gssapi/mechglue/g_acquire_cred.c
index 64a57db6e..dfa875c71 100644
--- a/src/lib/gssapi/mechglue/g_acquire_cred.c
+++ b/src/lib/gssapi/mechglue/g_acquire_cred.c
@@ -164,8 +164,7 @@ OM_uint32 *		time_rec;
      */
     
     creds_returned = (struct creds_returned *)
-	malloc(sizeof(struct creds_returned)
-	       * desired_mechs->count);
+	malloc(sizeof(struct creds_returned) * desired_mechs->count);
     
     /*
      * For each requested mechanism in desired_mechs, determine if it
@@ -209,42 +208,54 @@ OM_uint32 *		time_rec;
 					desired_mechs, cred_usage,
 					&creds_returned[j].cred,
 					NULL, &temp_time_rec);
+
+	/* Release the internal name, if allocated above */
+	if (union_name && !union_name->mech_type) {
+	    (void) __gss_release_internal_name(&temp_minor_status,
+					       &mech->mech_type,
+					       &internal_name);
+	}
+
+	if (status != GSS_S_COMPLETE)
+	    continue;
+
 	/* 
 	 * Add this into the creds_returned structure, if we got
 	 * a good credential for this mechanism.
 	 */
-	if (status == GSS_S_COMPLETE) {
-	    if (time_rec) {
-		*time_rec = *time_rec > temp_time_rec ?
-		    temp_time_rec : *time_rec;
-		temp_time_rec = *time_rec;
-	    }
-
-	    creds_returned[j].available = 1;
-	    creds_acquired++;
+	if (time_rec) {
+	    *time_rec = *time_rec > temp_time_rec ? temp_time_rec : *time_rec;
+	    temp_time_rec = *time_rec;
 	}
 
-	if (union_name == 0) {
-	    /*
-	     * If desired_name was NULL, then do an inquire
-	     * credentials from the first mechanism that suceeds and
-	     * use that as the union name.
-	     *
-	     * XXX status returns?
-	     */
-	    status = mech->gss_inquire_cred(mech->context, &temp_minor_status,
-					    creds_returned[j].cred,
-					    &internal_name, 0, 0, 0);
-	    status = __gss_convert_name_to_union_name(&temp_minor_status,
-						      mech, internal_name,
-					     (gss_name_t *) &union_name);
-	} else {
-	    if (!union_name->mech_type) {
-		(void) __gss_release_internal_name(&temp_minor_status,
-						   &mech->mech_type,
-						   &internal_name);
-	    }
+	creds_returned[j].available = 1;
+	creds_acquired++;
+
+	/*
+	 * If union_name is set, then we're done.  Continue, and
+	 * declare success.  Otherwise, if do an inquire credentials
+	 * from the first mechanism that succeeds and use that as the
+	 * union name.
+	 */
+	if (union_name)
+	    continue;
+
+	status = mech->gss_inquire_cred(mech->context, &temp_minor_status,
+					creds_returned[j].cred,
+					&internal_name, 0, 0, 0);
+	if (status) {
+	    /* Should never happen */
+	    creds_returned[j].available = 0;
+	    creds_acquired--;
+	    if (mech->gss_release_cred)
+		mech->gss_release_cred(mech->context, minor_status,
+				       &creds_returned[j].cred);
+	    continue;
 	}
+
+	status = __gss_convert_name_to_union_name(&temp_minor_status, mech,
+						  internal_name,
+						  (gss_name_t *) &union_name);
     }
     
     /*