1 /*
2  * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
3  */
4 /*
5  * Copyright 1993 by OpenVision Technologies, Inc.
6  *
7  * Permission to use, copy, modify, distribute, and sell this software
8  * and its documentation for any purpose is hereby granted without fee,
9  * provided that the above copyright notice appears in all copies and
10  * that both that copyright notice and this permission notice appear in
11  * supporting documentation, and that the name of OpenVision not be used
12  * in advertising or publicity pertaining to distribution of the software
13  * without specific, written prior permission. OpenVision makes no
14  * representations about the suitability of this software for any
15  * purpose.  It is provided "as is" without express or implied warranty.
16  *
17  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
18  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
19  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
20  * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
21  * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
22  * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
23  * PERFORMANCE OF THIS SOFTWARE.
24  */
25 
26 #include "gssapiP_krb5.h"
27 
28 OM_uint32
29 krb5_gss_release_cred(minor_status, cred_handle)
30      OM_uint32 *minor_status;
31      gss_cred_id_t *cred_handle;
32 {
33    krb5_context context;
34    krb5_gss_cred_id_t cred;
35    krb5_error_code code1, code2, code3;
36 
37    code1 = krb5_gss_init_context(&context);
38    if (code1) {
39        *minor_status = code1;
40        return GSS_S_FAILURE;
41    }
42 
43    if (*cred_handle == GSS_C_NO_CREDENTIAL) {
44       *minor_status = 0;
45       krb5_free_context(context);
46       return(GSS_S_COMPLETE);
47    }
48 
49    if (! kg_delete_cred_id(*cred_handle)) {
50       *minor_status = (OM_uint32) G_VALIDATE_FAILED;
51       krb5_free_context(context);
52       return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_NO_CRED);
53    }
54 
55    cred = (krb5_gss_cred_id_t)*cred_handle;
56 
57    k5_mutex_destroy(&cred->lock);
58    /* ignore error destroying mutex */
59 
60 
61    if (cred->ccache) {
62       /*
63        * Solaris Kerberos
64        * If the ccache is a MEMORY ccache then this credential handle
65        * should be the only way to get to it, at least until the advent
66        * of a GSS_Duplicate_cred() (which is needed and may well be
67        * added some day).  Until then MEMORY ccaches must be destroyed,
68        * not closed, else their contents (tickets, session keys) will
69        * leak.
70        */
71       if (strcmp("MEMORY", krb5_cc_get_type(context, cred->ccache)) == 0)
72          code1 = krb5_cc_destroy(context, cred->ccache);
73       else
74          code1 = krb5_cc_close(context, cred->ccache);
75    } else
76       code1 = 0;
77 
78    if (cred->keytab)
79       code2 = krb5_kt_close(context, cred->keytab);
80    else
81       code2 = 0;
82 
83    if (cred->rcache)
84       code3 = krb5_rc_close(context, cred->rcache);
85    else
86       code3 = 0;
87    if (cred->princ)
88       krb5_free_principal(context, cred->princ);
89 
90    if (cred->req_enctypes)
91        free(cred->req_enctypes);
92 
93    xfree(cred);
94 
95    *cred_handle = NULL;
96 
97    *minor_status = 0;
98    if (code1)
99       *minor_status = code1;
100    if (code2)
101       *minor_status = code2;
102    if (code3)
103       *minor_status = code3;
104 
105    if (*minor_status)
106      save_error_info(*minor_status, context);
107    krb5_free_context(context);
108    return(*minor_status?GSS_S_FAILURE:GSS_S_COMPLETE);
109 }
110