1 #pragma ident "%Z%%M% %I% %E% SMI" 2 3 /* 4 * Copyright 1993 by OpenVision Technologies, Inc. 5 * 6 * Permission to use, copy, modify, distribute, and sell this software 7 * and its documentation for any purpose is hereby granted without fee, 8 * provided that the above copyright notice appears in all copies and 9 * that both that copyright notice and this permission notice appear in 10 * supporting documentation, and that the name of OpenVision not be used 11 * in advertising or publicity pertaining to distribution of the software 12 * without specific, written prior permission. OpenVision makes no 13 * representations about the suitability of this software for any 14 * purpose. It is provided "as is" without express or implied warranty. 15 * 16 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, 17 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO 18 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR 19 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF 20 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR 21 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 22 * PERFORMANCE OF THIS SOFTWARE. 23 */ 24 25 #include "gssapiP_krb5.h" 26 27 OM_uint32 28 krb5_gss_release_cred(minor_status, cred_handle) 29 OM_uint32 *minor_status; 30 gss_cred_id_t *cred_handle; 31 { 32 krb5_context context; 33 krb5_gss_cred_id_t cred; 34 krb5_error_code code1, code2, code3; 35 36 code1 = krb5_gss_init_context(&context); 37 if (code1) { 38 *minor_status = code1; 39 return GSS_S_FAILURE; 40 } 41 42 if (*cred_handle == GSS_C_NO_CREDENTIAL) { 43 *minor_status = 0; 44 krb5_free_context(context); 45 return(GSS_S_COMPLETE); 46 } 47 48 if (! kg_delete_cred_id(*cred_handle)) { 49 *minor_status = (OM_uint32) G_VALIDATE_FAILED; 50 krb5_free_context(context); 51 return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_NO_CRED); 52 } 53 54 cred = (krb5_gss_cred_id_t)*cred_handle; 55 56 k5_mutex_destroy(&cred->lock); 57 /* ignore error destroying mutex */ 58 59 60 if (cred->ccache) { 61 /* 62 * Solaris Kerberos 63 * If the ccache is a MEMORY ccache then this credential handle 64 * should be the only way to get to it, at least until the advent 65 * of a GSS_Duplicate_cred() (which is needed and may well be 66 * added some day). Until then MEMORY ccaches must be destroyed, 67 * not closed, else their contents (tickets, session keys) will 68 * leak. 69 */ 70 if (strcmp("MEMORY", krb5_cc_get_type(context, cred->ccache)) == 0) 71 code1 = krb5_cc_destroy(context, cred->ccache); 72 else 73 code1 = krb5_cc_close(context, cred->ccache); 74 } else 75 code1 = 0; 76 77 if (cred->keytab) 78 code2 = krb5_kt_close(context, cred->keytab); 79 else 80 code2 = 0; 81 82 if (cred->rcache) 83 code3 = krb5_rc_close(context, cred->rcache); 84 else 85 code3 = 0; 86 if (cred->princ) 87 krb5_free_principal(context, cred->princ); 88 89 if (cred->req_enctypes) 90 free(cred->req_enctypes); 91 92 xfree(cred); 93 krb5_free_context(context); 94 95 *cred_handle = NULL; 96 97 *minor_status = 0; 98 if (code1) 99 *minor_status = code1; 100 if (code2) 101 *minor_status = code2; 102 if (code3) 103 *minor_status = code3; 104 105 return(*minor_status?GSS_S_FAILURE:GSS_S_COMPLETE); 106 } 107