usr/src/lib/gss_mechs/mech_krb5/mech/rel_cred.c

   1 /*
   2  * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
   3  */
   4 /*
   5  * Copyright 1993 by OpenVision Technologies, Inc.
   6  *
   7  * Permission to use, copy, modify, distribute, and sell this software
   8  * and its documentation for any purpose is hereby granted without fee,
   9  * provided that the above copyright notice appears in all copies and
  10  * that both that copyright notice and this permission notice appear in
  11  * supporting documentation, and that the name of OpenVision not be used
  12  * in advertising or publicity pertaining to distribution of the software
  13  * without specific, written prior permission. OpenVision makes no
  14  * representations about the suitability of this software for any
  15  * purpose.  It is provided "as is" without express or implied warranty.
  16  *
  17  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  18  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  19  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
  20  * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
  21  * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
  22  * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  23  * PERFORMANCE OF THIS SOFTWARE.
  24  */
  25
  26 #include "gssapiP_krb5.h"
  27
  28 OM_uint32
  29 krb5_gss_release_cred(minor_status, cred_handle)
  30      OM_uint32 *minor_status;
  31      gss_cred_id_t *cred_handle;
  32 {
  33    krb5_context context;
  34    krb5_gss_cred_id_t cred;
  35    krb5_error_code code1, code2, code3;
  36
  37    code1 = krb5_gss_init_context(&context);
  38    if (code1) {
  39        *minor_status = code1;
  40        return GSS_S_FAILURE;
  41    }
  42
  43    if (*cred_handle == GSS_C_NO_CREDENTIAL) {
  44       *minor_status = 0;
  45       krb5_free_context(context);
  46       return(GSS_S_COMPLETE);
  47    }
  48
  49    if (! kg_delete_cred_id(*cred_handle)) {
  50       *minor_status = (OM_uint32) G_VALIDATE_FAILED;
  51       krb5_free_context(context);
  52       return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_NO_CRED);
  53    }
  54
  55    cred = (krb5_gss_cred_id_t)*cred_handle;
  56
  57    k5_mutex_destroy(&cred->lock);
  58    /* ignore error destroying mutex */
  59
  60
  61    if (cred->ccache) {
  62       /*
  63        * Solaris Kerberos
  64        * If the ccache is a MEMORY ccache then this credential handle
  65        * should be the only way to get to it, at least until the advent
  66        * of a GSS_Duplicate_cred() (which is needed and may well be
  67        * added some day).  Until then MEMORY ccaches must be destroyed,
  68        * not closed, else their contents (tickets, session keys) will
  69        * leak.
  70        */
  71       if (strcmp("MEMORY", krb5_cc_get_type(context, cred->ccache)) == 0)
  72          code1 = krb5_cc_destroy(context, cred->ccache);
  73       else
  74          code1 = krb5_cc_close(context, cred->ccache);
  75    } else
  76       code1 = 0;
  77
  78    if (cred->keytab)
  79       code2 = krb5_kt_close(context, cred->keytab);
  80    else
  81       code2 = 0;
  82
  83    if (cred->rcache)
  84       code3 = krb5_rc_close(context, cred->rcache);
  85    else
  86       code3 = 0;
  87    if (cred->princ)
  88       krb5_free_principal(context, cred->princ);
  89
  90    free(cred->req_enctypes);
  91
  92    xfree(cred);
  93
  94    *cred_handle = NULL;
  95
  96    *minor_status = 0;
  97    if (code1)
  98       *minor_status = code1;
  99    if (code2)
 100       *minor_status = code2;
 101    if (code3)
 102       *minor_status = code3;
 103
 104    if (*minor_status)
 105      save_error_info(*minor_status, context);
 106    krb5_free_context(context);
 107    return(*minor_status?GSS_S_FAILURE:GSS_S_COMPLETE);
 108 }