15e01956fSGlenn Barry /*
25e01956fSGlenn Barry * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
35e01956fSGlenn Barry */
47c478bd9Sstevel@tonic-gate /*
57c478bd9Sstevel@tonic-gate * Copyright 1993 by OpenVision Technologies, Inc.
6*55fea89dSDan Cross *
77c478bd9Sstevel@tonic-gate * Permission to use, copy, modify, distribute, and sell this software
87c478bd9Sstevel@tonic-gate * and its documentation for any purpose is hereby granted without fee,
97c478bd9Sstevel@tonic-gate * provided that the above copyright notice appears in all copies and
107c478bd9Sstevel@tonic-gate * that both that copyright notice and this permission notice appear in
117c478bd9Sstevel@tonic-gate * supporting documentation, and that the name of OpenVision not be used
127c478bd9Sstevel@tonic-gate * in advertising or publicity pertaining to distribution of the software
137c478bd9Sstevel@tonic-gate * without specific, written prior permission. OpenVision makes no
147c478bd9Sstevel@tonic-gate * representations about the suitability of this software for any
157c478bd9Sstevel@tonic-gate * purpose. It is provided "as is" without express or implied warranty.
16*55fea89dSDan Cross *
177c478bd9Sstevel@tonic-gate * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
187c478bd9Sstevel@tonic-gate * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
197c478bd9Sstevel@tonic-gate * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
207c478bd9Sstevel@tonic-gate * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
217c478bd9Sstevel@tonic-gate * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
227c478bd9Sstevel@tonic-gate * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
237c478bd9Sstevel@tonic-gate * PERFORMANCE OF THIS SOFTWARE.
247c478bd9Sstevel@tonic-gate */
257c478bd9Sstevel@tonic-gate
26ab9b2e15Sgtb #include "gssapiP_krb5.h"
277c478bd9Sstevel@tonic-gate
28*55fea89dSDan Cross OM_uint32
krb5_gss_release_cred(minor_status,cred_handle)29ab9b2e15Sgtb krb5_gss_release_cred(minor_status, cred_handle)
307c478bd9Sstevel@tonic-gate OM_uint32 *minor_status;
317c478bd9Sstevel@tonic-gate gss_cred_id_t *cred_handle;
327c478bd9Sstevel@tonic-gate {
33ab9b2e15Sgtb krb5_context context;
347c478bd9Sstevel@tonic-gate krb5_gss_cred_id_t cred;
357c478bd9Sstevel@tonic-gate krb5_error_code code1, code2, code3;
367c478bd9Sstevel@tonic-gate
37ab9b2e15Sgtb code1 = krb5_gss_init_context(&context);
38ab9b2e15Sgtb if (code1) {
39ab9b2e15Sgtb *minor_status = code1;
40ab9b2e15Sgtb return GSS_S_FAILURE;
41ab9b2e15Sgtb }
42ab9b2e15Sgtb
43ab9b2e15Sgtb if (*cred_handle == GSS_C_NO_CREDENTIAL) {
44ab9b2e15Sgtb *minor_status = 0;
45ab9b2e15Sgtb krb5_free_context(context);
46ab9b2e15Sgtb return(GSS_S_COMPLETE);
477c478bd9Sstevel@tonic-gate }
487c478bd9Sstevel@tonic-gate
497c478bd9Sstevel@tonic-gate if (! kg_delete_cred_id(*cred_handle)) {
507c478bd9Sstevel@tonic-gate *minor_status = (OM_uint32) G_VALIDATE_FAILED;
51ab9b2e15Sgtb krb5_free_context(context);
527c478bd9Sstevel@tonic-gate return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_NO_CRED);
537c478bd9Sstevel@tonic-gate }
547c478bd9Sstevel@tonic-gate
557c478bd9Sstevel@tonic-gate cred = (krb5_gss_cred_id_t)*cred_handle;
567c478bd9Sstevel@tonic-gate
57ab9b2e15Sgtb k5_mutex_destroy(&cred->lock);
58ab9b2e15Sgtb /* ignore error destroying mutex */
59ab9b2e15Sgtb
60ab9b2e15Sgtb
617c478bd9Sstevel@tonic-gate if (cred->ccache) {
627c478bd9Sstevel@tonic-gate /*
63ab9b2e15Sgtb * Solaris Kerberos
647c478bd9Sstevel@tonic-gate * If the ccache is a MEMORY ccache then this credential handle
657c478bd9Sstevel@tonic-gate * should be the only way to get to it, at least until the advent
667c478bd9Sstevel@tonic-gate * of a GSS_Duplicate_cred() (which is needed and may well be
677c478bd9Sstevel@tonic-gate * added some day). Until then MEMORY ccaches must be destroyed,
687c478bd9Sstevel@tonic-gate * not closed, else their contents (tickets, session keys) will
697c478bd9Sstevel@tonic-gate * leak.
707c478bd9Sstevel@tonic-gate */
717c478bd9Sstevel@tonic-gate if (strcmp("MEMORY", krb5_cc_get_type(context, cred->ccache)) == 0)
727c478bd9Sstevel@tonic-gate code1 = krb5_cc_destroy(context, cred->ccache);
737c478bd9Sstevel@tonic-gate else
747c478bd9Sstevel@tonic-gate code1 = krb5_cc_close(context, cred->ccache);
757c478bd9Sstevel@tonic-gate } else
767c478bd9Sstevel@tonic-gate code1 = 0;
777c478bd9Sstevel@tonic-gate
787c478bd9Sstevel@tonic-gate if (cred->keytab)
797c478bd9Sstevel@tonic-gate code2 = krb5_kt_close(context, cred->keytab);
807c478bd9Sstevel@tonic-gate else
817c478bd9Sstevel@tonic-gate code2 = 0;
827c478bd9Sstevel@tonic-gate
837c478bd9Sstevel@tonic-gate if (cred->rcache)
847c478bd9Sstevel@tonic-gate code3 = krb5_rc_close(context, cred->rcache);
857c478bd9Sstevel@tonic-gate else
867c478bd9Sstevel@tonic-gate code3 = 0;
877c478bd9Sstevel@tonic-gate if (cred->princ)
887c478bd9Sstevel@tonic-gate krb5_free_principal(context, cred->princ);
89ab9b2e15Sgtb
90ab9b2e15Sgtb if (cred->req_enctypes)
91ab9b2e15Sgtb free(cred->req_enctypes);
92ab9b2e15Sgtb
937c478bd9Sstevel@tonic-gate xfree(cred);
947c478bd9Sstevel@tonic-gate
957c478bd9Sstevel@tonic-gate *cred_handle = NULL;
967c478bd9Sstevel@tonic-gate
977c478bd9Sstevel@tonic-gate *minor_status = 0;
987c478bd9Sstevel@tonic-gate if (code1)
997c478bd9Sstevel@tonic-gate *minor_status = code1;
1007c478bd9Sstevel@tonic-gate if (code2)
1017c478bd9Sstevel@tonic-gate *minor_status = code2;
1027c478bd9Sstevel@tonic-gate if (code3)
1037c478bd9Sstevel@tonic-gate *minor_status = code3;
1047c478bd9Sstevel@tonic-gate
1055e01956fSGlenn Barry if (*minor_status)
1065e01956fSGlenn Barry save_error_info(*minor_status, context);
1075e01956fSGlenn Barry krb5_free_context(context);
1087c478bd9Sstevel@tonic-gate return(*minor_status?GSS_S_FAILURE:GSS_S_COMPLETE);
1097c478bd9Sstevel@tonic-gate }
110