meta-starlingx/meta-stx-distro/recipes-security/gssproxy/files/Properly-initialize-ccaches-before-storing-into-them.patch

   1 From 2d91093925c8546d68f9314546353226b4f41569 Mon Sep 17 00:00:00 2001
   2 From: Robbie Harwood <rharwood@redhat.com>
   3 Date: Tue, 5 Dec 2017 13:14:29 -0500
   4 Subject: [PATCH] Properly initialize ccaches before storing into them
   5
   6 krb5_cc_new_unique() doesn't initialize ccaches, which results in the
   7 krb5 libraries being aware of their presence within the collection but
   8 being unable to manipulate them.
   9
  10 This is transparent to most gssproxy consumers because we just
  11 re-fetch the ccache on error.
  12
  13 Signed-off-by: Robbie Harwood <rharwood@redhat.com>
  14 Reviewed-by: Simo Sorce <simo@redhat.com>
  15 Merges: #223
  16 (cherry picked from commit be7df45b6a56631033de387d28a2c06b7658c36a)
  17 ---
  18  proxy/src/mechglue/gpp_creds.c | 7 +++++++
  19  1 file changed, 7 insertions(+)
  20
  21 diff --git a/proxy/src/mechglue/gpp_creds.c b/proxy/src/mechglue/gpp_creds.c
  22 index 187ada7..f8ab320 100644
  23 --- a/proxy/src/mechglue/gpp_creds.c
  24 +++ b/proxy/src/mechglue/gpp_creds.c
  25 @@ -247,6 +247,13 @@ uint32_t gpp_store_remote_creds(uint32_t *min, bool store_as_default_cred,
  26
  27          ret = krb5_cc_new_unique(ctx, cc_type, NULL, &ccache);
  28          free(cc_type);
  29 +        if (ret)
  30 +            goto done;
  31 +
  32 +        /* krb5_cc_new_unique() doesn't initialize, and we need to initialize
  33 +         * before storing into the ccache.  Note that this will only clobber
  34 +         * the ccache handle, not the whole collection. */
  35 +        ret = krb5_cc_initialize(ctx, ccache, cred.client);
  36      }
  37      if (ret)
  38          goto done;