xref: /illumos-gate/usr/src/lib/gss_mechs/mech_krb5/mech/rel_cred.c (revision 581cede61ac9c14d8d4ea452562a567189eead78) 
1 #pragma ident	"%Z%%M%	%I%	%E% SMI"
2 
3 /*
4  * Copyright 1993 by OpenVision Technologies, Inc.
5  *
6  * Permission to use, copy, modify, distribute, and sell this software
7  * and its documentation for any purpose is hereby granted without fee,
8  * provided that the above copyright notice appears in all copies and
9  * that both that copyright notice and this permission notice appear in
10  * supporting documentation, and that the name of OpenVision not be used
11  * in advertising or publicity pertaining to distribution of the software
12  * without specific, written prior permission. OpenVision makes no
13  * representations about the suitability of this software for any
14  * purpose.  It is provided "as is" without express or implied warranty.
15  *
16  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
17  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
18  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
19  * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
20  * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
21  * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
22  * PERFORMANCE OF THIS SOFTWARE.
23  */
24 
25 #include "gssapiP_krb5.h"
26 
27 OM_uint32
28 krb5_gss_release_cred(minor_status, cred_handle)
29      OM_uint32 *minor_status;
30      gss_cred_id_t *cred_handle;
31 {
32    krb5_context context;
33    krb5_gss_cred_id_t cred;
34    krb5_error_code code1, code2, code3;
35 
36    code1 = krb5_gss_init_context(&context);
37    if (code1) {
38        *minor_status = code1;
39        return GSS_S_FAILURE;
40    }
41 
42    if (*cred_handle == GSS_C_NO_CREDENTIAL) {
43       *minor_status = 0;
44       krb5_free_context(context);
45       return(GSS_S_COMPLETE);
46    }
47 
48    if (! kg_delete_cred_id(*cred_handle)) {
49       *minor_status = (OM_uint32) G_VALIDATE_FAILED;
50       krb5_free_context(context);
51       return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_NO_CRED);
52    }
53 
54    cred = (krb5_gss_cred_id_t)*cred_handle;
55 
56    k5_mutex_destroy(&cred->lock);
57    /* ignore error destroying mutex */
58 
59 
60    if (cred->ccache) {
61       /*
62        * Solaris Kerberos
63        * If the ccache is a MEMORY ccache then this credential handle
64        * should be the only way to get to it, at least until the advent
65        * of a GSS_Duplicate_cred() (which is needed and may well be
66        * added some day).  Until then MEMORY ccaches must be destroyed,
67        * not closed, else their contents (tickets, session keys) will
68        * leak.
69        */
70       if (strcmp("MEMORY", krb5_cc_get_type(context, cred->ccache)) == 0)
71          code1 = krb5_cc_destroy(context, cred->ccache);
72       else
73          code1 = krb5_cc_close(context, cred->ccache);
74    } else
75       code1 = 0;
76 
77    if (cred->keytab)
78       code2 = krb5_kt_close(context, cred->keytab);
79    else
80       code2 = 0;
81 
82    if (cred->rcache)
83       code3 = krb5_rc_close(context, cred->rcache);
84    else
85       code3 = 0;
86    if (cred->princ)
87       krb5_free_principal(context, cred->princ);
88 
89    if (cred->req_enctypes)
90        free(cred->req_enctypes);
91 
92    xfree(cred);
93    krb5_free_context(context);
94 
95    *cred_handle = NULL;
96 
97    *minor_status = 0;
98    if (code1)
99       *minor_status = code1;
100    if (code2)
101       *minor_status = code2;
102    if (code3)
103       *minor_status = code3;
104 
105    return(*minor_status?GSS_S_FAILURE:GSS_S_COMPLETE);
106 }
107