diff --git a/lib/gssapi/inquire_cred.c b/lib/gssapi/inquire_cred.c index a098755d6..193347ab6 100644 --- a/lib/gssapi/inquire_cred.c +++ b/lib/gssapi/inquire_cred.c @@ -44,6 +44,7 @@ OM_uint32 gss_inquire_cred gss_OID_set * mechanisms ) { + gss_cred_id_t cred; OM_uint32 ret; *minor_status = 0; @@ -54,61 +55,68 @@ OM_uint32 gss_inquire_cred *mechanisms = GSS_C_NO_OID_SET; if (cred_handle == GSS_C_NO_CREDENTIAL) { - return GSS_S_FAILURE; - } + ret = gss_acquire_cred(minor_status, + GSS_C_NO_NAME, + GSS_C_INDEFINITE, + GSS_C_NO_OID_SET, + GSS_C_BOTH, + &cred, + NULL, + NULL); + if (ret) + return ret; + } else + cred = (gss_cred_id_t)cred_handle; - HEIMDAL_MUTEX_lock(&cred_handle->cred_id_mutex); + HEIMDAL_MUTEX_lock(&cred->cred_id_mutex); if (name != NULL) { - if (cred_handle->principal != NULL) { - ret = gss_duplicate_name(minor_status, cred_handle->principal, + if (cred->principal != NULL) { + ret = gss_duplicate_name(minor_status, cred->principal, name); - if (ret) { - HEIMDAL_MUTEX_unlock(&cred_handle->cred_id_mutex); - return ret; - } - } else if (cred_handle->usage == GSS_C_ACCEPT) { + if (ret) + goto out; + } else if (cred->usage == GSS_C_ACCEPT) { *minor_status = krb5_sname_to_principal(gssapi_krb5_context, NULL, NULL, KRB5_NT_SRV_HST, name); if (*minor_status) { - HEIMDAL_MUTEX_unlock(&cred_handle->cred_id_mutex); - return GSS_S_FAILURE; + ret = GSS_S_FAILURE; + goto out; } } else { *minor_status = krb5_get_default_principal(gssapi_krb5_context, name); if (*minor_status) { - HEIMDAL_MUTEX_unlock(&cred_handle->cred_id_mutex); - return GSS_S_FAILURE; + ret = GSS_S_FAILURE; + goto out; } } } if (lifetime != NULL) { ret = gssapi_lifetime_left(minor_status, - cred_handle->lifetime, + cred->lifetime, lifetime); - if (ret) { - HEIMDAL_MUTEX_unlock(&cred_handle->cred_id_mutex); - return ret; - } - } - if (cred_usage != NULL) { - *cred_usage = cred_handle->usage; + if (ret) + goto out; } + if (cred_usage != NULL) + *cred_usage = cred->usage; + if (mechanisms != NULL) { ret = gss_create_empty_oid_set(minor_status, mechanisms); - if (ret) { - HEIMDAL_MUTEX_unlock(&cred_handle->cred_id_mutex); - return ret; - } + if (ret) + goto out; ret = gss_add_oid_set_member(minor_status, - &cred_handle->mechanisms->elements[0], + &cred->mechanisms->elements[0], mechanisms); - if (ret) { - HEIMDAL_MUTEX_unlock(&cred_handle->cred_id_mutex); - return ret; - } + if (ret) + goto out; } - HEIMDAL_MUTEX_unlock(&cred_handle->cred_id_mutex); - return GSS_S_COMPLETE; + ret = GSS_S_COMPLETE; + out: + if (cred_handle == GSS_C_NO_CREDENTIAL) + ret = gss_release_cred(minor_status, &cred); + + HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); + return ret; } diff --git a/lib/gssapi/krb5/inquire_cred.c b/lib/gssapi/krb5/inquire_cred.c index a098755d6..193347ab6 100644 --- a/lib/gssapi/krb5/inquire_cred.c +++ b/lib/gssapi/krb5/inquire_cred.c @@ -44,6 +44,7 @@ OM_uint32 gss_inquire_cred gss_OID_set * mechanisms ) { + gss_cred_id_t cred; OM_uint32 ret; *minor_status = 0; @@ -54,61 +55,68 @@ OM_uint32 gss_inquire_cred *mechanisms = GSS_C_NO_OID_SET; if (cred_handle == GSS_C_NO_CREDENTIAL) { - return GSS_S_FAILURE; - } + ret = gss_acquire_cred(minor_status, + GSS_C_NO_NAME, + GSS_C_INDEFINITE, + GSS_C_NO_OID_SET, + GSS_C_BOTH, + &cred, + NULL, + NULL); + if (ret) + return ret; + } else + cred = (gss_cred_id_t)cred_handle; - HEIMDAL_MUTEX_lock(&cred_handle->cred_id_mutex); + HEIMDAL_MUTEX_lock(&cred->cred_id_mutex); if (name != NULL) { - if (cred_handle->principal != NULL) { - ret = gss_duplicate_name(minor_status, cred_handle->principal, + if (cred->principal != NULL) { + ret = gss_duplicate_name(minor_status, cred->principal, name); - if (ret) { - HEIMDAL_MUTEX_unlock(&cred_handle->cred_id_mutex); - return ret; - } - } else if (cred_handle->usage == GSS_C_ACCEPT) { + if (ret) + goto out; + } else if (cred->usage == GSS_C_ACCEPT) { *minor_status = krb5_sname_to_principal(gssapi_krb5_context, NULL, NULL, KRB5_NT_SRV_HST, name); if (*minor_status) { - HEIMDAL_MUTEX_unlock(&cred_handle->cred_id_mutex); - return GSS_S_FAILURE; + ret = GSS_S_FAILURE; + goto out; } } else { *minor_status = krb5_get_default_principal(gssapi_krb5_context, name); if (*minor_status) { - HEIMDAL_MUTEX_unlock(&cred_handle->cred_id_mutex); - return GSS_S_FAILURE; + ret = GSS_S_FAILURE; + goto out; } } } if (lifetime != NULL) { ret = gssapi_lifetime_left(minor_status, - cred_handle->lifetime, + cred->lifetime, lifetime); - if (ret) { - HEIMDAL_MUTEX_unlock(&cred_handle->cred_id_mutex); - return ret; - } - } - if (cred_usage != NULL) { - *cred_usage = cred_handle->usage; + if (ret) + goto out; } + if (cred_usage != NULL) + *cred_usage = cred->usage; + if (mechanisms != NULL) { ret = gss_create_empty_oid_set(minor_status, mechanisms); - if (ret) { - HEIMDAL_MUTEX_unlock(&cred_handle->cred_id_mutex); - return ret; - } + if (ret) + goto out; ret = gss_add_oid_set_member(minor_status, - &cred_handle->mechanisms->elements[0], + &cred->mechanisms->elements[0], mechanisms); - if (ret) { - HEIMDAL_MUTEX_unlock(&cred_handle->cred_id_mutex); - return ret; - } + if (ret) + goto out; } - HEIMDAL_MUTEX_unlock(&cred_handle->cred_id_mutex); - return GSS_S_COMPLETE; + ret = GSS_S_COMPLETE; + out: + if (cred_handle == GSS_C_NO_CREDENTIAL) + ret = gss_release_cred(minor_status, &cred); + + HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); + return ret; }