On Mon, 5 Feb 2007 22:59:34 -0500 Michael B Allen <[EMAIL PROTECTED]> wrote: > > If I simply remove the ccache = NULL line in > > gsskrb5_accept_delegated_token the leak is gone, delegation works fine > > and otherwise my application seems heathy. > > Correction, this breaks trying to initiate with the delegated > cred. Apparently that ccache does need to hang around. I will investigate > further ...
The following works for me but I find it hard to believe the code removed isn't important. $ diff -Naur copy_ccache.c.0 copy_ccache.c --- copy_ccache.c.0 2007-02-05 23:09:58.000000000 -0500 +++ copy_ccache.c 2007-02-05 23:12:14.000000000 -0500 @@ -99,8 +99,6 @@ handle->usage = 0; if (id) { - char *str; - handle->usage |= GSS_C_INITIATE; kret = krb5_cc_get_principal(gssapi_krb5_context, id, @@ -137,14 +135,7 @@ return ret; } - kret = krb5_cc_get_full_name(gssapi_krb5_context, id, &str); - if (kret) - goto out; - - kret = krb5_cc_resolve(gssapi_krb5_context, str, &handle->ccache); - free(str); - if (kret) - goto out; + handle->ccache = id; } -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/