This is a necessary partner to authgss_get_private_data, so that
the caller can free the data when needed (and not before).
The previous practice of leaving the private data where it was resulted
in authgss_destroy_context() attempting to destroy the context on the
server which was incorrect, and fortunately fails for other reasons.
An application which uses authgss_get_private_data() but does not call
authgss_free_private_data() will be as correct as, or slightly more
correct than, it was, but will suffer a slight memory leak.
This patch is based on commit
07fce317cac267509b944a8191cafa8e49b5e328
from librpcsecgss that was committed by Kevin Coffman.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
pd->pd_ctx = gd->ctx;
pd->pd_ctx_hndl = gd->gc.gc_ctx;
pd->pd_seq_win = gd->win;
+ /*
+ * We've given this away -- don't try to use it ourself any more
+ * Caller should call authgss_free_private_data to free data.
+ * This also ensures that authgss_destroy_context() won't try to
+ * send an RPCSEC_GSS_DESTROY request which might inappropriately
+ * destroy the context.
+ */
+ gd->gc.gc_ctx.length = 0;
+ gd->gc.gc_ctx.value = NULL;
+
+ return (TRUE);
+}
+
+bool_t
+authgss_free_private_data(struct authgss_private_data *pd)
+{
+ OM_uint32 min_stat;
+ gss_log_debug("in authgss_free_private_data()");
+
+ if (!pd)
+ return (FALSE);
+
+ pd->pd_ctx = NULL;
+ gss_release_buffer(&min_stat, &pd->pd_ctx_hndl);
+ memset(&pd->pd_ctx_hndl, 0, sizeof(pd->pd_ctx_hndl));
+ pd->pd_seq_win = 0;
return (TRUE);
}
bool_t authgss_service __P((AUTH *auth, int svc));
bool_t authgss_get_private_data __P((AUTH *auth,
struct authgss_private_data *));
+bool_t authgss_free_private_data __P((struct authgss_private_data *));
void gss_log_debug __P((const char *fmt, ...));
void gss_log_status __P((char *m, OM_uint32 major,
projects / libtirpc / commitdiff