From f648ae06012d1de137f12095d1bd7aaacb382042 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 10 Jan 2024 09:18:20 +0100 Subject: [PATCH] tools: fix ccache handling for leave operation krb5_cc_initialize() must be called before anything can be written into a ccache. While checking the available credential types the order/preference was not respected. Resolves: https://issues.redhat.com/browse/SSSD-6420 --- tools/realm-client.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/tools/realm-client.c b/tools/realm-client.c index c386e64..06420ea 100644 --- a/tools/realm-client.c +++ b/tools/realm-client.c @@ -498,13 +498,16 @@ are_credentials_supported (GVariant *supported, GVariantIter iter; const gchar *type; const gchar *owner; - - g_variant_iter_init (&iter, supported); - while (g_variant_iter_loop (&iter, "(&s&s)", &type, &owner)) { - if (g_strcmp0 (credential_type_1, type) == 0 || - g_strcmp0 (credential_type_2, type) == 0) { - *ret_owner = owner; - return type; + const gchar *list[] = {credential_type_1, credential_type_2, NULL}; + size_t c; + + for (c = 0; list[c] != NULL; c++) { + g_variant_iter_init (&iter, supported); + while (g_variant_iter_loop (&iter, "(&s&s)", &type, &owner)) { + if (g_strcmp0 (list[c], type) == 0) { + *ret_owner = owner; + return type; + } } } @@ -622,8 +625,6 @@ copy_to_ccache (krb5_context krb5, memset (&mcred, 0, sizeof (mcred)); mcred.client = principal; mcred.server = server; - mcred.times.starttime = g_get_real_time () / G_TIME_SPAN_MILLISECOND; - mcred.times.endtime = mcred.times.starttime; code = krb5_cc_retrieve_cred (krb5, def_ccache, KRB5_TC_MATCH_TIMES, &mcred, &creds); @@ -639,6 +640,12 @@ copy_to_ccache (krb5_context krb5, return FALSE; } + code = krb5_cc_initialize (krb5, ccache, creds.client); + if (code != 0) { + g_debug ("krb5_cc_initialize failed: %s", krb5_get_error_message (krb5, code)); + return FALSE; + } + code = krb5_cc_store_cred (krb5, ccache, &creds); krb5_free_cred_contents (krb5, &creds); -- 2.43.0