Re: gsskrb5_accept_delegated_token leaks a ccache

[Michael B Allen <mba2000@ioplex.com>]

On Mon, 5 Feb 2007 22:59:34 -0500
Michael B Allen <mba2000@ioplex.com> wrote:
> > If I simply remove the ccache = NULL line in
> > gsskrb5_accept_delegated_token the leak is gone, delegation works fine
> > and otherwise my application seems heathy.
> 
> Correction, this breaks trying to initiate with the delegated
> cred. Apparently that ccache does need to hang around. I will investigate
> further ...

The following works for me but I find it hard to believe the code removed
isn't important.

$ diff -Naur copy_ccache.c.0 copy_ccache.c
--- copy_ccache.c.0     2007-02-05 23:09:58.000000000 -0500
+++ copy_ccache.c       2007-02-05 23:12:14.000000000 -0500
@@ -99,8 +99,6 @@
     handle->usage = 0;
 
     if (id) {
-       char *str;
-
        handle->usage |= GSS_C_INITIATE;
 
        kret = krb5_cc_get_principal(gssapi_krb5_context, id,
@@ -137,14 +135,7 @@
            return ret;
        }
 
-       kret = krb5_cc_get_full_name(gssapi_krb5_context, id, &str);
-       if (kret)
-           goto out;
-
-       kret = krb5_cc_resolve(gssapi_krb5_context, str, &handle->ccache);
-       free(str);
-       if (kret)
-           goto out;
+       handle->ccache = id;
     }

-- 
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/