[31489] in CVS-changelog-for-Kerberos-V5
krb5 commit: Consolidate krb5 GSS cred cleanup
daemon@ATHENA.MIT.EDU (ghudson@mit.edu)
Fri Nov 21 18:15:02 2025
From: ghudson@mit.edu
To: cvs-krb5@mit.edu
Message-Id: <20251121231457.9D7DB104133@krbdev.mit.edu>
Date: Fri, 21 Nov 2025 18:14:57 -0500 (EST)
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/fb83387bb554258d747e8c29d4986849407c9058
commit fb83387bb554258d747e8c29d4986849407c9058
Author: Greg Hudson <ghudson@mit.edu>
Date: Thu Nov 13 00:08:01 2025 -0500
Consolidate krb5 GSS cred cleanup
Factor out duplicate cleanup code from acquire_cred_context() and
krb5_gss_release_cred() into a new helper kg_release_cred().
src/lib/gssapi/krb5/acquire_cred.c | 24 +----------
src/lib/gssapi/krb5/gssapiP_krb5.h | 3 ++
src/lib/gssapi/krb5/rel_cred.c | 83 ++++++++++++++------------------------
3 files changed, 34 insertions(+), 76 deletions(-)
diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
index 12e6b7ea8..0e12c2233 100644
--- a/src/lib/gssapi/krb5/acquire_cred.c
+++ b/src/lib/gssapi/krb5/acquire_cred.c
@@ -894,29 +894,7 @@ krb_error_out:
ret = GSS_S_FAILURE;
error_out:
- if (cred != NULL) {
- if (cred->ccache) {
- if (cred->destroy_ccache)
- krb5_cc_destroy(context, cred->ccache);
- else
- krb5_cc_close(context, cred->ccache);
- }
- if (cred->client_keytab)
- krb5_kt_close(context, cred->client_keytab);
-#ifndef LEAN_CLIENT
- if (cred->keytab)
- krb5_kt_close(context, cred->keytab);
-#endif /* LEAN_CLIENT */
- if (cred->rcache)
- k5_rc_close(context, cred->rcache);
- if (cred->name)
- kg_release_name(context, &cred->name);
- krb5_free_principal(context, cred->impersonator);
- krb5_free_principal(context, cred->acceptor_mprinc);
- zapfreestr(cred->password);
- k5_mutex_destroy(&cred->lock);
- xfree(cred);
- }
+ kg_release_cred(context, cred);
save_error_info(*minor_status, context);
return ret;
}
diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h
index 1ed71fc81..b8fc03d04 100644
--- a/src/lib/gssapi/krb5/gssapiP_krb5.h
+++ b/src/lib/gssapi/krb5/gssapiP_krb5.h
@@ -940,6 +940,9 @@ krb5_error_code gss_krb5int_make_seal_token_v3(krb5_context,
int gss_krb5int_rotate_left (void *ptr, size_t bufsiz, size_t rc);
+krb5_error_code
+kg_release_cred(krb5_context context, krb5_gss_cred_id_t cred);
+
/* naming_exts.c */
#define KG_INIT_NAME_NO_COPY 0x1
diff --git a/src/lib/gssapi/krb5/rel_cred.c b/src/lib/gssapi/krb5/rel_cred.c
index 9e04e2fa8..937b67e59 100644
--- a/src/lib/gssapi/krb5/rel_cred.c
+++ b/src/lib/gssapi/krb5/rel_cred.c
@@ -23,74 +23,51 @@
#include "gssapiP_krb5.h"
-OM_uint32 KRB5_CALLCONV
-krb5_gss_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
+krb5_error_code
+kg_release_cred(krb5_context context, krb5_gss_cred_id_t cred)
{
- krb5_context context;
- krb5_gss_cred_id_t cred;
- krb5_error_code code1, code2;
-
- code1 = krb5_gss_init_context(&context);
- if (code1) {
- *minor_status = code1;
- return GSS_S_FAILURE;
- }
-
- if (*cred_handle == GSS_C_NO_CREDENTIAL) {
- *minor_status = 0;
- krb5_free_context(context);
- return(GSS_S_COMPLETE);
- }
-
- cred = (krb5_gss_cred_id_t)*cred_handle;
+ krb5_error_code ret = 0;
+ if (cred == NULL)
+ return 0;
k5_mutex_destroy(&cred->lock);
- /* ignore error destroying mutex */
-
- if (cred->ccache) {
+ if (cred->ccache != NULL) {
if (cred->destroy_ccache)
- code1 = krb5_cc_destroy(context, cred->ccache);
+ ret = krb5_cc_destroy(context, cred->ccache);
else
- code1 = krb5_cc_close(context, cred->ccache);
- } else
- code1 = 0;
-
- if (cred->client_keytab)
+ ret = krb5_cc_close(context, cred->ccache);
+ }
+ if (cred->client_keytab != NULL)
krb5_kt_close(context, cred->client_keytab);
-
#ifndef LEAN_CLIENT
- if (cred->keytab)
- code2 = krb5_kt_close(context, cred->keytab);
- else
+ if (cred->keytab != NULL)
+ krb5_kt_close(context, cred->keytab);
#endif /* LEAN_CLIENT */
- code2 = 0;
-
- if (cred->rcache)
+ if (cred->rcache != NULL)
k5_rc_close(context, cred->rcache);
- if (cred->name)
- kg_release_name(context, &cred->name);
-
+ kg_release_name(context, &cred->name);
krb5_free_principal(context, cred->acceptor_mprinc);
krb5_free_principal(context, cred->impersonator);
+ free(cred->req_enctypes);
+ zapfreestr(cred->password);
+ free(cred);
+ return ret;
+}
- if (cred->req_enctypes)
- free(cred->req_enctypes);
-
- if (cred->password != NULL)
- zapfree(cred->password, strlen(cred->password));
-
- xfree(cred);
-
- *cred_handle = NULL;
+OM_uint32 KRB5_CALLCONV
+krb5_gss_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
+{
+ krb5_context context;
*minor_status = 0;
- if (code1)
- *minor_status = code1;
- if (code2)
- *minor_status = code2;
-
+ if (*cred_handle == GSS_C_NO_CREDENTIAL)
+ return GSS_S_COMPLETE;
+ *minor_status = krb5_gss_init_context(&context);
+ if (*minor_status)
+ return GSS_S_FAILURE;
+ *minor_status = kg_release_cred(context, (krb5_gss_cred_id_t)*cred_handle);
if (*minor_status)
save_error_info(*minor_status, context);
krb5_free_context(context);
- return(*minor_status?GSS_S_FAILURE:GSS_S_COMPLETE);
+ return *minor_status ? GSS_S_FAILURE : GSS_S_COMPLETE;
}
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
