(acquire_initiator_cred): handle the credential cache better, use

destroy/close when appriate and for all cases. Thanks to Michael Allen for point out the memory-leak that I also fixed. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22596 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-02-18 18:05:55 +00:00
parent 97fafacb58
commit 088ad9f97d
1 changed files with 27 additions and 26 deletions
--- a/lib/gssapi/krb5/acquire_cred.c
+++ b/lib/gssapi/krb5/acquire_cred.c
@@ -128,9 +128,12 @@ static OM_uint32 acquire_initiator_cred
    ret = GSS_S_FAILURE;
    memset(&cred, 0, sizeof(cred));
-    /* If we have a preferred principal, lets try to find it in all
+    /* 
-     * caches, otherwise, fall back to default cache.  Ignore
+     * If we have a preferred principal, lets try to find it in all
-     * errors. */
+     * caches, otherwise, fall back to default cache, ignore all
     * errors while searching.
     */
    if (handle->principal)
 	kret = krb5_cc_cache_match (context,
 				    handle->principal,
@@ -142,32 +145,30 @@ static OM_uint32 acquire_initiator_cred
 	if (kret)
 	    goto end;
    }
-    kret = krb5_cc_get_principal(context, ccache,
+    kret = krb5_cc_get_principal(context, ccache, &def_princ);
 	&def_princ);
    if (kret != 0) {
 	/* we'll try to use a keytab below */
-	krb5_cc_destroy(context, ccache);
+	krb5_cc_close(context, ccache);
-	ccache = NULL;
+	def_princ = NULL;
 	kret = 0;
    } else if (handle->principal == NULL)  {
-	kret = krb5_copy_principal(context, def_princ,
+	kret = krb5_copy_principal(context, def_princ, &handle->principal);
 	    &handle->principal);
 	if (kret)
 	    goto end;
    } else if (handle->principal != NULL &&
-	krb5_principal_compare(context, handle->principal,
+	       krb5_principal_compare(context, handle->principal,
-	def_princ) == FALSE) {
+				      def_princ) == FALSE) {
 	/* Before failing, lets check the keytab */
 	krb5_free_principal(context, def_princ);
 	def_princ = NULL;
 	krb5_cc_close(context, ccache);
 	ccache = NULL;
    }
    if (def_princ == NULL) {
 	/* We have no existing credentials cache,
 	 * so attempt to get a TGT using a keytab.
 	 */
 	if (handle->principal == NULL) {
-	    kret = krb5_get_default_principal(context,
+	    kret = krb5_get_default_principal(context, &handle->principal);
 		&handle->principal);
 	    if (kret)
 		goto end;
 	}
@@ -182,16 +183,19 @@ static OM_uint32 acquire_initiator_cred
 	krb5_get_init_creds_opt_free(context, opt);
 	if (kret)
 	    goto end;
-	kret = krb5_cc_gen_new(context, &krb5_mcc_ops,
+	kret = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache);
 		&ccache);
 	if (kret)
 	    goto end;
 	kret = krb5_cc_initialize(context, ccache, cred.client);
-	if (kret)
+	if (kret) {
 	    krb5_cc_destroy(context, ccache);
 	    goto end;
 	}
 	kret = krb5_cc_store_cred(context, ccache, &cred);
-	if (kret)
+	if (kret) {
 	    krb5_cc_destroy(context, ccache);
 	    goto end;
 	}
 	handle->lifetime = cred.times.endtime;
 	handle->cred_flags |= GSS_CF_DESTROY_CRED_ON_RELEASE;
    } else {
@@ -201,8 +205,10 @@ static OM_uint32 acquire_initiator_cred
 					ccache,
 					handle->principal,
 					&handle->lifetime);
-	if (ret != GSS_S_COMPLETE)
+	if (ret != GSS_S_COMPLETE) {
 	    krb5_cc_close(context, ccache);
 	    goto end;
 	}
 	kret = 0;
    }
@@ -216,13 +222,8 @@ end:
 	krb5_free_principal(context, def_princ);
    if (keytab != NULL)
 	krb5_kt_close(context, keytab);
-    if (ret != GSS_S_COMPLETE) {
+    if (ret != GSS_S_COMPLETE && kret != 0)
-	if (ccache != NULL)
+	*minor_status = kret;
 	    krb5_cc_close(context, ccache);
 	if (kret != 0) {
 	    *minor_status = kret;
 	}
    }
    return (ret);
 }