1 /*
2 * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
3 */
4 /*
5 * Copyright 1993 by OpenVision Technologies, Inc.
6 *
7 * Permission to use, copy, modify, distribute, and sell this software
8 * and its documentation for any purpose is hereby granted without fee,
9 * provided that the above copyright notice appears in all copies and
10 * that both that copyright notice and this permission notice appear in
11 * supporting documentation, and that the name of OpenVision not be used
12 * in advertising or publicity pertaining to distribution of the software
13 * without specific, written prior permission. OpenVision makes no
14 * representations about the suitability of this software for any
15 * purpose. It is provided "as is" without express or implied warranty.
16 *
17 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
18 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
19 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
20 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
21 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
22 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
23 * PERFORMANCE OF THIS SOFTWARE.
24 */
25
26 #include "gssapiP_krb5.h"
27
28 OM_uint32
krb5_gss_release_cred(minor_status,cred_handle)29 krb5_gss_release_cred(minor_status, cred_handle)
30 OM_uint32 *minor_status;
31 gss_cred_id_t *cred_handle;
32 {
33 krb5_context context;
34 krb5_gss_cred_id_t cred;
35 krb5_error_code code1, code2, code3;
36
37 code1 = krb5_gss_init_context(&context);
38 if (code1) {
39 *minor_status = code1;
40 return GSS_S_FAILURE;
41 }
42
43 if (*cred_handle == GSS_C_NO_CREDENTIAL) {
44 *minor_status = 0;
45 krb5_free_context(context);
46 return(GSS_S_COMPLETE);
47 }
48
49 if (! kg_delete_cred_id(*cred_handle)) {
50 *minor_status = (OM_uint32) G_VALIDATE_FAILED;
51 krb5_free_context(context);
52 return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_NO_CRED);
53 }
54
55 cred = (krb5_gss_cred_id_t)*cred_handle;
56
57 k5_mutex_destroy(&cred->lock);
58 /* ignore error destroying mutex */
59
60
61 if (cred->ccache) {
62 /*
63 * Solaris Kerberos
64 * If the ccache is a MEMORY ccache then this credential handle
65 * should be the only way to get to it, at least until the advent
66 * of a GSS_Duplicate_cred() (which is needed and may well be
67 * added some day). Until then MEMORY ccaches must be destroyed,
68 * not closed, else their contents (tickets, session keys) will
69 * leak.
70 */
71 if (strcmp("MEMORY", krb5_cc_get_type(context, cred->ccache)) == 0)
72 code1 = krb5_cc_destroy(context, cred->ccache);
73 else
74 code1 = krb5_cc_close(context, cred->ccache);
75 } else
76 code1 = 0;
77
78 if (cred->keytab)
79 code2 = krb5_kt_close(context, cred->keytab);
80 else
81 code2 = 0;
82
83 if (cred->rcache)
84 code3 = krb5_rc_close(context, cred->rcache);
85 else
86 code3 = 0;
87 if (cred->princ)
88 krb5_free_principal(context, cred->princ);
89
90 if (cred->req_enctypes)
91 free(cred->req_enctypes);
92
93 xfree(cred);
94
95 *cred_handle = NULL;
96
97 *minor_status = 0;
98 if (code1)
99 *minor_status = code1;
100 if (code2)
101 *minor_status = code2;
102 if (code3)
103 *minor_status = code3;
104
105 if (*minor_status)
106 save_error_info(*minor_status, context);
107 krb5_free_context(context);
108 return(*minor_status?GSS_S_FAILURE:GSS_S_COMPLETE);
109 }
110