You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
70 lines
2.1 KiB
70 lines
2.1 KiB
From f648ae06012d1de137f12095d1bd7aaacb382042 Mon Sep 17 00:00:00 2001
|
|
From: Sumit Bose <sbose@redhat.com>
|
|
Date: Wed, 10 Jan 2024 09:18:20 +0100
|
|
Subject: [PATCH] tools: fix ccache handling for leave operation
|
|
|
|
krb5_cc_initialize() must be called before anything can be written into
|
|
a ccache.
|
|
|
|
While checking the available credential types the order/preference was
|
|
not respected.
|
|
|
|
Resolves: https://issues.redhat.com/browse/SSSD-6420
|
|
---
|
|
tools/realm-client.c | 25 ++++++++++++++++---------
|
|
1 file changed, 16 insertions(+), 9 deletions(-)
|
|
|
|
diff --git a/tools/realm-client.c b/tools/realm-client.c
|
|
index c386e64..06420ea 100644
|
|
--- a/tools/realm-client.c
|
|
+++ b/tools/realm-client.c
|
|
@@ -498,13 +498,16 @@ are_credentials_supported (GVariant *supported,
|
|
GVariantIter iter;
|
|
const gchar *type;
|
|
const gchar *owner;
|
|
-
|
|
- g_variant_iter_init (&iter, supported);
|
|
- while (g_variant_iter_loop (&iter, "(&s&s)", &type, &owner)) {
|
|
- if (g_strcmp0 (credential_type_1, type) == 0 ||
|
|
- g_strcmp0 (credential_type_2, type) == 0) {
|
|
- *ret_owner = owner;
|
|
- return type;
|
|
+ const gchar *list[] = {credential_type_1, credential_type_2, NULL};
|
|
+ size_t c;
|
|
+
|
|
+ for (c = 0; list[c] != NULL; c++) {
|
|
+ g_variant_iter_init (&iter, supported);
|
|
+ while (g_variant_iter_loop (&iter, "(&s&s)", &type, &owner)) {
|
|
+ if (g_strcmp0 (list[c], type) == 0) {
|
|
+ *ret_owner = owner;
|
|
+ return type;
|
|
+ }
|
|
}
|
|
}
|
|
|
|
@@ -622,8 +625,6 @@ copy_to_ccache (krb5_context krb5,
|
|
memset (&mcred, 0, sizeof (mcred));
|
|
mcred.client = principal;
|
|
mcred.server = server;
|
|
- mcred.times.starttime = g_get_real_time () / G_TIME_SPAN_MILLISECOND;
|
|
- mcred.times.endtime = mcred.times.starttime;
|
|
|
|
code = krb5_cc_retrieve_cred (krb5, def_ccache, KRB5_TC_MATCH_TIMES,
|
|
&mcred, &creds);
|
|
@@ -639,6 +640,12 @@ copy_to_ccache (krb5_context krb5,
|
|
return FALSE;
|
|
}
|
|
|
|
+ code = krb5_cc_initialize (krb5, ccache, creds.client);
|
|
+ if (code != 0) {
|
|
+ g_debug ("krb5_cc_initialize failed: %s", krb5_get_error_message (krb5, code));
|
|
+ return FALSE;
|
|
+ }
|
|
+
|
|
code = krb5_cc_store_cred (krb5, ccache, &creds);
|
|
krb5_free_cred_contents (krb5, &creds);
|
|
|
|
--
|
|
2.43.0
|
|
|