--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/kdc_util.c 2007-08-09 13:29:10.000000000 -0700 +++ Kerberos/KerberosFramework/Kerberos5/Sources/kdc/kdc_util.c 2008-06-04 10:13:20.000000000 -0700 @@ -51,7 +51,6 @@ { krb5_error_code retval; char *rcname; - char *sname; rcname = (rcache_name) ? rcache_name : kdc_current_rcname; @@ -61,23 +60,44 @@ if (!rcname) rcname = KDCRCACHE; - if (!(retval = krb5_rc_resolve_full(kcontext, &kdc_rcache, rcname))) { - /* Recover or initialize the replay cache */ - if (!(retval = krb5_rc_recover(kcontext, kdc_rcache)) || - !(retval = krb5_rc_initialize(kcontext, - kdc_rcache, - kcontext->clockskew)) - ) { - /* Expunge the replay cache */ - if (!(retval = krb5_rc_expunge(kcontext, kdc_rcache))) { - sname = kdc_current_rcname; - kdc_current_rcname = strdup(rcname); - if (sname) - free(sname); - } - } + retval = krb5_rc_resolve_full(kcontext, &kdc_rcache, rcname); + if (retval) + return retval; + + /* First try to recover */ + retval = krb5_rc_recover(kcontext, kdc_rcache); + if (retval) { + /* Either the cache is malformated or not there, lets remove + it first and then initialize it */ + retval = krb5_rc_resolve_full(kcontext, &kdc_rcache, rcname); if (retval) - krb5_rc_close(kcontext, kdc_rcache); + return retval; + retval = krb5_rc_destroy(kcontext, kdc_rcache); + if (retval) + return retval; + + /* init */ + retval = krb5_rc_resolve_full(kcontext, &kdc_rcache, rcname); + if (retval) + return retval; + retval = krb5_rc_initialize(kcontext, kdc_rcache, kcontext->clockskew); + if (retval) + goto out; + } + + /* Now that we have an open and valid rcache, expunge it */ + retval = krb5_rc_expunge(kcontext, kdc_rcache); + if (retval == 0) { + char *sname = kdc_current_rcname; + kdc_current_rcname = strdup(rcname); + if (sname) + free(sname); + } + + out: + if (retval) { + krb5_rc_close(kcontext, kdc_rcache); + kdc_rcache = NULL; } return(retval); } --- Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/krb5/rcache/rc_dfl.c 2007-08-09 13:29:17.000000000 -0700 +++ Kerberos/KerberosFramework/Kerberos5/Sources/lib/krb5/rcache/rc_dfl.c 2008-06-04 10:52:04.000000000 -0700 @@ -267,8 +267,18 @@ krb5_rc_dfl_destroy(krb5_context context, krb5_rcache id) { #ifndef NOIOSTUFF - if (krb5_rc_io_destroy(context, &((struct dfl_data *) (id->data))->d)) - return KRB5_RC_IO; + struct dfl_data *t = (struct dfl_data *)id->data; + krb5_error_code retval; + + retval = krb5_rc_io_open(context, &t->d, t->name); + if (retval) + return retval; + retval = krb5_rc_io_destroy(context, &t->d); + if (retval) + return retval; + retval = krb5_rc_io_close(context, &t->d); + if (retval) + return retval; #endif return krb5_rc_dfl_close(context, id); } --- Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/krb5/rcache/rc_io.c 2007-08-09 13:29:17.000000000 -0700 +++ Kerberos/KerberosFramework/Kerberos5/Sources/lib/krb5/rcache/rc_io.c 2008-06-04 12:56:45.000000000 -0700 @@ -425,6 +425,8 @@ strerror(errno)); return KRB5_RC_IO_UNKNOWN; } + if (count != num) + return KRB5_RC_IO_EOF; if (count == 0) return KRB5_RC_IO_EOF; return 0;