[17126] in Kerberos_V5_Development
=?windows-1252?Q?Request_for_error_handling_advice=85=2E=3F?=
daemon@ATHENA.MIT.EDU (Matthew M. DeLoera)
Mon Aug 29 19:16:13 2011
From: "Matthew M. DeLoera" <mdeloera@exacq.com>
Date: Mon, 29 Aug 2011 19:16:21 -0400
Message-Id: <4364BCA0-86C5-400C-AA37-BBC3FC8F41DE@exacq.com>
To: krbdev@mit.edu
Mime-Version: 1.0 (Apple Message framework v1244.3)
Content-Type: text/plain; charset="windows-1252"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Greetings…
I have a (hopefully) very simple question. This is really more a GSS issue, but I'm not sure if there's a better forum, so my apologies in advance!
Basically, using gssglue/gssapi with gssapi_krb5. In my app:
OM_uint32 major = gss_import_name();
if (major == GSS_S_COMPLETE)
{
major = gas_acquire_cred();
gss_release_name();
}
Oversimplified but probably enough. I'm testing error handling on missing gssapi_krb5.so (missing provider underneath GSS, so dynamic load fails). I find that gas_import_name() does not fail, and in Ubuntu 10.04, the gas_release_name segfaults.
Any advice on when to NOT call gas_release_name? Obviously, I'm trying to avoid a leak. Observations:
- I have noticed that gas_acquire_cred happens to return GSS_S_BAD_MECH, which kind of makes sense, but I can't find enough docs to figure out whether to use the return value to either call gas_release_name or skip it.
- Was looking at docs for gss_inquire_names_for_mech, to see whether I could call it before gss_import_name to validate the environment.
- Was also looking at docs for gas_inquire_mechs_for_name, similarly……
Unless there's some other way to validate a gss_name_t before calling gas_release_name()?
Any advice would be most welcome!
Best Regards,
- Matthew
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
