This is an automated email from the git hooks/post-receive script.
rharwood pushed a commit to branch master
in repository gssproxy.
commit 08d7a138ef9a1785fed9947402aa5e92cff862c6
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Tue Oct 10 18:00:45 2017 -0400
Only empty FILE ccaches when storing remote creds
This mitigates issues when services share a ccache between two
processes. We cannot fix this for FILE ccaches without introducing
other issues.
Signed-off-by: Robbie Harwood <rharwood(a)redhat.com>
Reviewed-by: Simo Sorce <simo(a)redhat.com>
Merges: #216
---
src/mechglue/gpp_creds.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/src/mechglue/gpp_creds.c b/src/mechglue/gpp_creds.c
index 9fe9bd1..6bdff45 100644
--- a/src/mechglue/gpp_creds.c
+++ b/src/mechglue/gpp_creds.c
@@ -147,6 +147,7 @@ uint32_t gpp_store_remote_creds(uint32_t *min, bool default_creds,
char cred_name[creds->desired_name.display_name.octet_string_len + 1];
XDR xdrctx;
bool xdrok;
+ const char *cc_type;
*min = 0;
@@ -193,13 +194,20 @@ uint32_t gpp_store_remote_creds(uint32_t *min, bool default_creds,
}
cred.ticket.length = xdr_getpos(&xdrctx);
- /* Always initialize and destroy any existing contents to avoid pileup of
- * entries */
- ret = krb5_cc_initialize(ctx, ccache, cred.client);
- if (ret == 0) {
- ret = krb5_cc_store_cred(ctx, ccache, &cred);
+ cc_type = krb5_cc_get_type(ctx, ccache);
+ if (strcmp(cc_type, "FILE") == 0) {
+ /* FILE ccaches don't handle updates properly: if they have the same
+ * principal name, they are blackholed. We either have to change the
+ * name (at which point the file grows forever) or flash the cache on
+ * every update. */
+ ret = krb5_cc_initialize(ctx, ccache, cred.client);
+ if (ret != 0) {
+ goto done;
+ }
}
+ ret = krb5_cc_store_cred(ctx, ccache, &cred);
+
done:
if (ctx) {
krb5_free_cred_contents(ctx, &cred);
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.