Subject: | krb5_get_credentials should not fail due to inability to store a credential in a cache |
If the credential cache is readonly or otherwise unwritable,
krb5_get_credentials() should not fail. The use of a credential cache
is simply an optimization not a requirement.
In the 1.6 series this is handled correctly for the simple case but
fails for the cross-realm case. The fix is to remove the assignment
"retval = rv2" In the krb5_get_credentials() loop:
if (tgts) {
register int i = 0;
krb5_error_code rv2;
while (tgts[i]) {
if ((rv2 = krb5_cc_store_cred(context, ccache, tgts[i]))) {
retval = rv2;
break;
}
i++;
}
krb5_free_tgt_creds(context, tgts);
}
On the trunk this bug was introduced in all cases. Whenever
krb5_cc_store_cred() is called and fails, the error code is checked and
returned. The fix is to never check and return the error code. See
src/lib/krb5/krb/get_creds.c step_referrals(), step_get_tgt(), and
complete().
krb5_get_credentials() should not fail. The use of a credential cache
is simply an optimization not a requirement.
In the 1.6 series this is handled correctly for the simple case but
fails for the cross-realm case. The fix is to remove the assignment
"retval = rv2" In the krb5_get_credentials() loop:
if (tgts) {
register int i = 0;
krb5_error_code rv2;
while (tgts[i]) {
if ((rv2 = krb5_cc_store_cred(context, ccache, tgts[i]))) {
retval = rv2;
break;
}
i++;
}
krb5_free_tgt_creds(context, tgts);
}
On the trunk this bug was introduced in all cases. Whenever
krb5_cc_store_cred() is called and fails, the error code is checked and
returned. The fix is to never check and return the error code. See
src/lib/krb5/krb/get_creds.c step_referrals(), step_get_tgt(), and
complete().