diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2004-10-21 15:24:50 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:02:23 -0500 |
| commit | f30a08813cbb9b7c50625ad3c2d8476a82e65d42 (patch) | |
| tree | ac52276f6f1eb0d9df892629ee812a5b7ca16bf6 /source4/libcli/auth/gensec_krb5.c | |
| parent | ac989eda6d981ce47c7b345d5397450a3706f4d7 (diff) | |
| download | samba-f30a08813cbb9b7c50625ad3c2d8476a82e65d42.tar.gz samba-f30a08813cbb9b7c50625ad3c2d8476a82e65d42.tar.bz2 samba-f30a08813cbb9b7c50625ad3c2d8476a82e65d42.zip | |
r3115: Bugfixes and extra debug in our kerberos verify code.
Andrew Bartlett
(This used to be commit 9f19aae0c0812b156054385ef77785971488e21c)
Diffstat (limited to 'source4/libcli/auth/gensec_krb5.c')
| -rw-r--r-- | source4/libcli/auth/gensec_krb5.c | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/source4/libcli/auth/gensec_krb5.c b/source4/libcli/auth/gensec_krb5.c index 26bf0cf663..14e2f586c3 100644 --- a/source4/libcli/auth/gensec_krb5.c +++ b/source4/libcli/auth/gensec_krb5.c @@ -229,21 +229,19 @@ static void gensec_krb5_end(struct gensec_security *gensec_security) struct gensec_krb5_state *gensec_krb5_state = gensec_security->private_data; if (gensec_krb5_state->ticket.length) { - /* Hmm, heimdal dooesn't have this - what's the correct call? */ + /* Hmm, early heimdal dooesn't have this - correct call would be krb5_data_free */ #ifdef HAVE_KRB5_FREE_DATA_CONTENTS krb5_free_data_contents(gensec_krb5_state->krb5_context, &gensec_krb5_state->ticket); #endif } if (gensec_krb5_state->krb5_ccache) { - /* Removed by jra. They really need to fix their kerberos so we don't leak memory. - JERRY -- disabled since it causes heimdal 0.6.1rc3 to die - SuSE 9.1 Pro - */ -#if 0 /* redisabled by gd :) at least until any official heimdal version has it fixed. */ - krb5_cc_close(context, gensec_krb5_state->krb5_ccache); -#endif + /* current heimdal - 0.6.3, which we need anyway, fixes segfaults here */ + krb5_cc_close(gensec_krb5_state->krb5_context, gensec_krb5_state->krb5_ccache); } + krb5_free_keyblock_contents(gensec_krb5_state->krb5_context, + &gensec_krb5_state->krb5_keyblock); + if (gensec_krb5_state->krb5_auth_context) { krb5_auth_con_free(gensec_krb5_state->krb5_context, gensec_krb5_state->krb5_auth_context); @@ -275,6 +273,7 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security) gensec_krb5_state->krb5_auth_context = NULL; gensec_krb5_state->krb5_ccache = NULL; ZERO_STRUCT(gensec_krb5_state->ticket); + ZERO_STRUCT(gensec_krb5_state->krb5_keyblock); gensec_krb5_state->session_key = data_blob(NULL, 0); ret = krb5_init_context(&gensec_krb5_state->krb5_context); |