rel_cred.c revision 13132:9615cdbf7b70 
1/*
2 * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
3 */
4/*
5 * Copyright 1993 by OpenVision Technologies, Inc.
6 *
7 * Permission to use, copy, modify, distribute, and sell this software
8 * and its documentation for any purpose is hereby granted without fee,
9 * provided that the above copyright notice appears in all copies and
10 * that both that copyright notice and this permission notice appear in
11 * supporting documentation, and that the name of OpenVision not be used
12 * in advertising or publicity pertaining to distribution of the software
13 * without specific, written prior permission. OpenVision makes no
14 * representations about the suitability of this software for any
15 * purpose.  It is provided "as is" without express or implied warranty.
16 *
17 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
18 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
19 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
20 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
21 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
22 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
23 * PERFORMANCE OF THIS SOFTWARE.
24 */
25
26#include "gssapiP_krb5.h"
27
28OM_uint32
29krb5_gss_release_cred(minor_status, cred_handle)
30     OM_uint32 *minor_status;
31     gss_cred_id_t *cred_handle;
32{
33   krb5_context context;
34   krb5_gss_cred_id_t cred;
35   krb5_error_code code1, code2, code3;
36
37   code1 = krb5_gss_init_context(&context);
38   if (code1) {
39       *minor_status = code1;
40       return GSS_S_FAILURE;
41   }
42
43   if (*cred_handle == GSS_C_NO_CREDENTIAL) {
44      *minor_status = 0;
45      krb5_free_context(context);
46      return(GSS_S_COMPLETE);
47   }
48
49   if (! kg_delete_cred_id(*cred_handle)) {
50      *minor_status = (OM_uint32) G_VALIDATE_FAILED;
51      krb5_free_context(context);
52      return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_NO_CRED);
53   }
54
55   cred = (krb5_gss_cred_id_t)*cred_handle;
56
57   k5_mutex_destroy(&cred->lock);
58   /* ignore error destroying mutex */
59
60
61   if (cred->ccache) {
62      /*
63       * Solaris Kerberos
64       * If the ccache is a MEMORY ccache then this credential handle
65       * should be the only way to get to it, at least until the advent
66       * of a GSS_Duplicate_cred() (which is needed and may well be
67       * added some day).  Until then MEMORY ccaches must be destroyed,
68       * not closed, else their contents (tickets, session keys) will
69       * leak.
70       */
71      if (strcmp("MEMORY", krb5_cc_get_type(context, cred->ccache)) == 0)
72         code1 = krb5_cc_destroy(context, cred->ccache);
73      else
74         code1 = krb5_cc_close(context, cred->ccache);
75   } else
76      code1 = 0;
77
78   if (cred->keytab)
79      code2 = krb5_kt_close(context, cred->keytab);
80   else
81      code2 = 0;
82
83   if (cred->rcache)
84      code3 = krb5_rc_close(context, cred->rcache);
85   else
86      code3 = 0;
87   if (cred->princ)
88      krb5_free_principal(context, cred->princ);
89
90   if (cred->req_enctypes)
91       free(cred->req_enctypes);
92
93   xfree(cred);
94
95   *cred_handle = NULL;
96
97   *minor_status = 0;
98   if (code1)
99      *minor_status = code1;
100   if (code2)
101      *minor_status = code2;
102   if (code3)
103      *minor_status = code3;
104
105   if (*minor_status)
106     save_error_info(*minor_status, context);
107   krb5_free_context(context);
108   return(*minor_status?GSS_S_FAILURE:GSS_S_COMPLETE);
109}
110