krb5 commit: Try to scan_ccache() after leash picks a cache

Benjamin Kaduk kaduk at mit.edu
Tue Sep 9 17:37:04 EDT 2014


https://github.com/krb5/krb5/commit/674f7d7abe2d4f8bc3fe791e4347a332e3ccfd41
commit 674f7d7abe2d4f8bc3fe791e4347a332e3ccfd41
Author: Ben Kaduk <kaduk at mit.edu>
Date:   Thu Aug 21 12:48:39 2014 -0400

    Try to scan_ccache() after leash picks a cache
    
    We need to call scan_ccache() in order to notice that there
    are credentials and read their expire time.
    
    The call to scan_ccache() in the Leash case was inadvertently
    removed as part of commit 8651f3339ccc5a623172a8edfb9cf522883acacd.
    
    ticket: 7998 (new)
    tags: pullup
    target_version: 1.12.3
    subject: gssapi.dll tries to get initial creds even when some are present

 src/lib/gssapi/krb5/acquire_cred.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
index f952f64..eec6f2a 100644
--- a/src/lib/gssapi/krb5/acquire_cred.c
+++ b/src/lib/gssapi/krb5/acquire_cred.c
@@ -464,7 +464,8 @@ get_cache_for_name(krb5_context context, krb5_gss_cred_id_rec *cred)
 
     assert(cred->name != NULL && cred->ccache == NULL);
 #ifdef USE_LEASH
-    return get_ccache_leash(context, cred->name->princ, &cred->ccache);
+    code = get_ccache_leash(context, cred->name->princ, &cred->ccache);
+    return code ? code : scan_ccache(context, cred);
 #else
     /* Check first whether we can acquire tickets, to avoid overwriting the
      * extended error message from krb5_cc_cache_match. */


More information about the cvs-krb5 mailing list