pull up r24482 from trunk

 ------------------------------------------------------------------------
 r24482 | ghudson | 2010-10-25 17:55:54 -0400 (Mon, 25 Oct 2010) | 8 lines

 ticket: 6787
 target_version: 1.9
 tags: pullup

 When we create a temporary memory ccache for use within a
 krb5_gss_cred_id_rec, set a flag to indicate that the ccache should be
 destroyed rather than closed.  Patch from aberry@likewise.com.

ticket: 6787
version_fixed: 1.9
status: resolved

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24497 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
index 47eff359d45fba689c9c3a6267f4f16f802ca835..0c0b3a547d692d74cc121fb72700b3cbbc2aa15c 100644 (file)
--- a/src/lib/gssapi/krb5/accept_sec_context.c
+++ b/src/lib/gssapi/krb5/accept_sec_context.c
@@ -253,6 +253,7 @@ rd_and_store_for_creds(context, auth_context, inbuf, out_cred)
         cred->keytab = NULL; /* no keytab associated with this... */
         cred->tgt_expire = creds[0]->times.endtime; /* store the end time */
         cred->ccache = ccache; /* the ccache containing the credential */
+        cred->destroy_ccache = 1;
         ccache = NULL; /* cred takes ownership so don't destroy */
     }
 

diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
index 8e222ff016dfcb36eb80020058c46f8c0ce789c3..a328a3db87a8bc51f0d6970737dbef66a7c02693 100644 (file)
--- a/src/lib/gssapi/krb5/acquire_cred.c
+++ b/src/lib/gssapi/krb5/acquire_cred.c
@@ -546,6 +546,7 @@ acquire_cred(OM_uint32 *minor_status,
 #ifndef LEAN_CLIENT
     cred->keytab = NULL;
 #endif /* LEAN_CLIENT */
+    cred->destroy_ccache = 0;
     cred->ccache = NULL;
 
     code = k5_mutex_init(&cred->lock);

diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h
index fc74ff1a1f0ee38b32ff440bf280e5b3232a4ca3..ce0265234fbd12e59da7af7b19c0ccb0fe8b5159 100644 (file)
--- a/src/lib/gssapi/krb5/gssapiP_krb5.h
+++ b/src/lib/gssapi/krb5/gssapiP_krb5.h
@@ -173,6 +173,7 @@ typedef struct _krb5_gss_cred_id_rec {
     unsigned int proxy_cred : 1;
     unsigned int default_identity : 1;
     unsigned int iakerb_mech : 1;
+    unsigned int destroy_ccache : 1;
 
     /* keytab (accept) data */
     krb5_keytab keytab;

diff --git a/src/lib/gssapi/krb5/rel_cred.c b/src/lib/gssapi/krb5/rel_cred.c
index d1c571a2fa04c06117433f16274da407d8f4bb87..7f9a16fc4be24eeb481dab57c3660f9cf061f379 100644 (file)
--- a/src/lib/gssapi/krb5/rel_cred.c
+++ b/src/lib/gssapi/krb5/rel_cred.c
@@ -55,9 +55,12 @@ krb5_gss_release_cred(minor_status, cred_handle)
     k5_mutex_destroy(&cred->lock);
     /* ignore error destroying mutex */
 
-    if (cred->ccache)
-        code1 = krb5_cc_close(context, cred->ccache);
-    else
+    if (cred->ccache) {
+        if (cred->destroy_ccache)
+            code1 = krb5_cc_destroy(context, cred->ccache);
+        else
+            code1 = krb5_cc_close(context, cred->ccache);
+    } else
         code1 = 0;
 
 #ifndef LEAN_CLIENT

diff --git a/src/lib/gssapi/krb5/s4u_gss_glue.c b/src/lib/gssapi/krb5/s4u_gss_glue.c
index cecbbb0c073dcbe1163dc75c9ed9abdeb93f0a9a..90725184a4c4a90290e4e9e570d239bad6d68644 100644 (file)
--- a/src/lib/gssapi/krb5/s4u_gss_glue.c
+++ b/src/lib/gssapi/krb5/s4u_gss_glue.c
@@ -226,6 +226,7 @@ kg_compose_deleg_cred(OM_uint32 *minor_status,
     code = krb5_cc_new_unique(context, "MEMORY", NULL, &cred->ccache);
     if (code != 0)
         goto cleanup;
+    cred->destroy_ccache = 1;
 
     code = krb5_cc_initialize(context, cred->ccache,
                               cred->proxy_cred ? impersonator_cred->name->princ :