|
 |
c530df |
From 7a343088a7b716532b1b5c32965fa9ef02c1987a Mon Sep 17 00:00:00 2001
|
|
|
c530df |
From: Robbie Harwood <rharwood@redhat.com>
|
|
|
c530df |
Date: Tue, 5 Dec 2017 13:14:29 -0500
|
|
|
c530df |
Subject: [PATCH] Properly initialize ccaches before storing into them
|
|
|
c530df |
|
|
|
c530df |
krb5_cc_new_unique() doesn't initialize ccaches, which results in the
|
|
|
c530df |
krb5 libraries being aware of their presence within the collection but
|
|
|
c530df |
being unable to manipulate them.
|
|
|
c530df |
|
|
|
c530df |
This is transparent to most gssproxy consumers because we just
|
|
|
c530df |
re-fetch the ccache on error.
|
|
|
c530df |
|
|
|
c530df |
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
|
|
c530df |
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
c530df |
Merges: #223
|
|
|
c530df |
(cherry picked from commit be7df45b6a56631033de387d28a2c06b7658c36a)
|
|
|
c530df |
---
|
|
|
c530df |
proxy/src/mechglue/gpp_creds.c | 7 +++++++
|
|
|
c530df |
1 file changed, 7 insertions(+)
|
|
|
c530df |
|
|
|
c530df |
diff --git a/proxy/src/mechglue/gpp_creds.c b/proxy/src/mechglue/gpp_creds.c
|
|
|
c530df |
index 187ada7..f8ab320 100644
|
|
|
c530df |
--- a/proxy/src/mechglue/gpp_creds.c
|
|
|
c530df |
+++ b/proxy/src/mechglue/gpp_creds.c
|
|
|
c530df |
@@ -247,6 +247,13 @@ uint32_t gpp_store_remote_creds(uint32_t *min, bool store_as_default_cred,
|
|
|
c530df |
|
|
|
c530df |
ret = krb5_cc_new_unique(ctx, cc_type, NULL, &ccache);
|
|
|
c530df |
free(cc_type);
|
|
|
c530df |
+ if (ret)
|
|
|
c530df |
+ goto done;
|
|
|
c530df |
+
|
|
|
c530df |
+ /* krb5_cc_new_unique() doesn't initialize, and we need to initialize
|
|
|
c530df |
+ * before storing into the ccache. Note that this will only clobber
|
|
|
c530df |
+ * the ccache handle, not the whole collection. */
|
|
|
c530df |
+ ret = krb5_cc_initialize(ctx, ccache, cred.client);
|
|
|
c530df |
}
|
|
|
c530df |
if (ret)
|
|
|
c530df |
goto done;
|