[Heimdal-source-changes] [heimdal/heimdal] 2709f2: Make gss_store_cred*() work
Nico Williams
noreply at github.com
Tors Sep 5 16:53:00 CEST 2019
Branch: refs/heads/master
Home: https://github.com/heimdal/heimdal
Commit: 2709f28a1bd8fba02070b8a47f8a049881582cf6
https://github.com/heimdal/heimdal/commit/2709f28a1bd8fba02070b8a47f8a049881582cf6
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-09-05 (Thu, 05 Sep 2019)
Changed paths:
M lib/gssapi/krb5/store_cred.c
M lib/gssapi/mech/gss_store_cred.c
M lib/gssapi/mech/gss_store_cred_into.c
Log Message:
-----------
Make gss_store_cred*() work
krb5_cc_cache_match() searches all ccache collections for a ccache that
has credentials for a given principal name. This includes MEMORY
ccaches, which means it can find the same ccache as is referenced by a
GSS cred handle given to gss_store_cred(), which means that
gss_store_cred() can fail.
For now we work around this by including a private variant of
krb5_cc_cache_match() that only searches the default ccache, not all
collections. Eventually we should ensure that krb5_cc_default() also
searches all collection-type (other than MEMORY) ccaches for a default
credential, then we can go back to using krb5_cc_cache_match() (though
we'll need to make sure that MEMORY is searched last or not at all).
More information about the Heimdal-source-changes
mailing list