diff options
author | Sumit Bose <sbose@redhat.com> | 2024-01-10 09:18:20 +0100 |
---|---|---|
committer | Sumit Bose <sbose@redhat.com> | 2024-02-09 13:40:41 +0100 |
commit | f648ae06012d1de137f12095d1bd7aaacb382042 (patch) | |
tree | 65301517adbedfab0da4780f29864ff736646234 | |
parent | 0cdae81ef890a2719035bfa7bcd51a0f2add791f (diff) |
tools: fix ccache handling for leave operation
krb5_cc_initialize() must be called before anything can be written into
a ccache.
While checking the available credential types the order/preference was
not respected.
Resolves: https://issues.redhat.com/browse/SSSD-6420
-rw-r--r-- | tools/realm-client.c | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/tools/realm-client.c b/tools/realm-client.c index c386e64..06420ea 100644 --- a/tools/realm-client.c +++ b/tools/realm-client.c @@ -498,13 +498,16 @@ are_credentials_supported (GVariant *supported, GVariantIter iter; const gchar *type; const gchar *owner; - - g_variant_iter_init (&iter, supported); - while (g_variant_iter_loop (&iter, "(&s&s)", &type, &owner)) { - if (g_strcmp0 (credential_type_1, type) == 0 || - g_strcmp0 (credential_type_2, type) == 0) { - *ret_owner = owner; - return type; + const gchar *list[] = {credential_type_1, credential_type_2, NULL}; + size_t c; + + for (c = 0; list[c] != NULL; c++) { + g_variant_iter_init (&iter, supported); + while (g_variant_iter_loop (&iter, "(&s&s)", &type, &owner)) { + if (g_strcmp0 (list[c], type) == 0) { + *ret_owner = owner; + return type; + } } } @@ -622,8 +625,6 @@ copy_to_ccache (krb5_context krb5, memset (&mcred, 0, sizeof (mcred)); mcred.client = principal; mcred.server = server; - mcred.times.starttime = g_get_real_time () / G_TIME_SPAN_MILLISECOND; - mcred.times.endtime = mcred.times.starttime; code = krb5_cc_retrieve_cred (krb5, def_ccache, KRB5_TC_MATCH_TIMES, &mcred, &creds); @@ -639,6 +640,12 @@ copy_to_ccache (krb5_context krb5, return FALSE; } + code = krb5_cc_initialize (krb5, ccache, creds.client); + if (code != 0) { + g_debug ("krb5_cc_initialize failed: %s", krb5_get_error_message (krb5, code)); + return FALSE; + } + code = krb5_cc_store_cred (krb5, ccache, &creds); krb5_free_cred_contents (krb5, &creds); |