From b3a3bb283e5d5da8fb2a0ff308e2666d92c092d7 Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Thu, 13 Jan 2005 11:51:30 +0000 Subject: [PATCH] correction to previous commit. do not call krb5_gss_release_cred() if the cred was not acquired. destroy each field of the cred one piece at a time based upon what was allocated. ticket: 2875 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17025 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/krb5/acquire_cred.c | 57 ++++++++++++++++++++++++------ 1 file changed, 46 insertions(+), 11 deletions(-) diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index b0f8ecc54..56d6a473c 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -444,7 +444,8 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, if ((cred_usage != GSS_C_INITIATE) && (cred_usage != GSS_C_ACCEPT) && (cred_usage != GSS_C_BOTH)) { - krb5_gss_release_cred(minor_status, &cred); + k5_mutex_destroy(&cred->lock); + xfree(cred); *minor_status = (OM_uint32) G_BAD_USAGE; krb5_free_context(context); return(GSS_S_FAILURE); @@ -458,8 +459,11 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, if ((ret = acquire_accept_cred(context, minor_status, desired_name, &(cred->princ), cred)) != GSS_S_COMPLETE) { - krb5_gss_release_cred(minor_status, &cred); - /* minor_status set by acquire_accept_cred() */ + if (cred->princ) + krb5_free_principal(context, cred->princ); + k5_mutex_destroy(&cred->lock); + xfree(cred); + /* minor_status set by acquire_accept_cred() */ krb5_free_context(context); return(ret); } @@ -475,8 +479,13 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, cred->princ?(gss_name_t)cred->princ:desired_name, &(cred->princ), cred)) != GSS_S_COMPLETE) { - krb5_gss_release_cred(minor_status, &cred); - /* minor_status set by acquire_init_cred() */ + if (cred->keytab) + krb5_kt_close(context, cred->keytab); + if (cred->princ) + krb5_free_principal(context, cred->princ); + k5_mutex_destroy(&cred->lock); + xfree(cred); + /* minor_status set by acquire_init_cred() */ krb5_free_context(context); return(ret); } @@ -486,8 +495,13 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, if (!cred->princ && (desired_name != GSS_C_NO_CREDENTIAL)) if ((code = krb5_copy_principal(context, (krb5_principal) desired_name, &(cred->princ)))) { - krb5_gss_release_cred(minor_status, &cred); - *minor_status = code; + if (cred->ccache) + (void)krb5_cc_close(context, cred->ccache); + if (cred->keytab) + (void)krb5_kt_close(context, cred->keytab); + k5_mutex_destroy(&cred->lock); + xfree(cred); + *minor_status = code; krb5_free_context(context); return(GSS_S_FAILURE); } @@ -503,8 +517,15 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, krb5_timestamp now; if ((code = krb5_timeofday(context, &now))) { - krb5_gss_release_cred(minor_status, &cred); - *minor_status = code; + if (cred->ccache) + (void)krb5_cc_close(context, cred->ccache); + if (cred->keytab) + (void)krb5_kt_close(context, cred->keytab); + if (cred->princ) + krb5_free_principal(context, cred->princ); + k5_mutex_destroy(&cred->lock); + xfree(cred); + *minor_status = code; krb5_free_context(context); return(GSS_S_FAILURE); } @@ -526,7 +547,14 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status, (gss_OID) gss_mech_krb5, &ret_mechs)))) { - krb5_gss_release_cred(minor_status, &cred); + if (cred->ccache) + (void)krb5_cc_close(context, cred->ccache); + if (cred->keytab) + (void)krb5_kt_close(context, cred->keytab); + if (cred->princ) + krb5_free_principal(context, cred->princ); + k5_mutex_destroy(&cred->lock); + xfree(cred); /* *minor_status set above */ krb5_free_context(context); return(ret); @@ -538,7 +566,14 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, if (! kg_save_cred_id((gss_cred_id_t) cred)) { free(ret_mechs->elements); free(ret_mechs); - krb5_gss_release_cred(minor_status, &cred); + if (cred->ccache) + (void)krb5_cc_close(context, cred->ccache); + if (cred->keytab) + (void)krb5_kt_close(context, cred->keytab); + if (cred->princ) + krb5_free_principal(context, cred->princ); + k5_mutex_destroy(&cred->lock); + xfree(cred); *minor_status = (OM_uint32) G_VALIDATE_FAILED; krb5_free_context(context); return(GSS_S_FAILURE); -- 2.26.2