Re: gsskrb5_accept_delegated_token leaks a ccache

[Michael B Allen <mba2000@ioplex.com>]

On Thu, 8 Feb 2007 10:39:45 +1100
Love Hörnquist Åstrand <lha@kth.se> wrote:

> > Doesn't the ccache = NULL in gsskrb5_accept_delegated_token prevent  
> > "id"
> > from being closed?
> >
> > 180         (*delegated_cred_handle)->cred_flags |=  
> > GSS_CF_DESTROY_CRED_ON_RELEASE;
> > 181         ccache = NULL;
> >             ^^^^^^^^^^^^^^
> > 182     }
> > 183
> > 184 out:
> > 185     if (ccache) {
> > 186         if (delegated_cred_handle == NULL)
> > 187             krb5_cc_close(gssapi_krb5_context, ccache);
> > 188         else
> > 189             krb5_cc_destroy(gssapi_krb5_context, ccache);
> 
> Ah, you are running a diffrent version of what I'm using. Try apply
> 1.64 delta of that file, it will probably make you more happy.

Mmm, somethings off. I just rsync'd and did a cvs co heimdal and the
latest log entry I have is:

revision 1.56
date: 2006/05/09 07:16:39;  author: lha;  state: Exp;  lines: +3 -1
(gsskrb5_is_cfx): always set is_cfx. From Andrew Abartlet.

Has the procedure changed?

Mike

-- 
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/