diff options
| author | Ken Raeburn <raeburn@mit.edu> | 2000-06-27 21:00:02 +0000 |
|---|---|---|
| committer | Ken Raeburn <raeburn@mit.edu> | 2000-06-27 21:00:02 +0000 |
| commit | 9fe2a01ec0fefa8b764bb6e9d7f9a09d11fed7ff (patch) | |
| tree | 2d4fd8b1bf6272f1286ffb7af9ae1d351a347e71 /src/lib/krb5/krb/get_creds.c | |
| parent | 0d54ee19a3e5a159f0b86097ebfe193a0d9c26d8 (diff) | |
| download | krb5-9fe2a01ec0fefa8b764bb6e9d7f9a09d11fed7ff.tar.gz krb5-9fe2a01ec0fefa8b764bb6e9d7f9a09d11fed7ff.tar.xz krb5-9fe2a01ec0fefa8b764bb6e9d7f9a09d11fed7ff.zip | |
pullup from 1.2 branch
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12442 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5/krb/get_creds.c')
| -rw-r--r-- | src/lib/krb5/krb/get_creds.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c index 3bcaa0be2b..6d764d3290 100644 --- a/src/lib/krb5/krb/get_creds.c +++ b/src/lib/krb5/krb/get_creds.c @@ -102,6 +102,7 @@ krb5_get_credentials(context, options, ccache, in_creds, out_creds) krb5_creds *ncreds; krb5_creds **tgts; krb5_flags fields; + int not_ktype; retval = krb5_get_credentials_core(context, options, ccache, in_creds, out_creds, @@ -128,6 +129,11 @@ krb5_get_credentials(context, options, ccache, in_creds, out_creds) || options & KRB5_GC_CACHED) return retval; + if (retval == KRB5_CC_NOT_KTYPE) + not_ktype = 1; + else + not_ktype = 0; + retval = krb5_get_cred_from_kdc(context, ccache, ncreds, out_creds, &tgts); if (tgts) { register int i = 0; @@ -141,6 +147,21 @@ krb5_get_credentials(context, options, ccache, in_creds, out_creds) } krb5_free_tgt_creds(context, tgts); } + /* + * Translate KRB5_CC_NOTFOUND if we previously got + * KRB5_CC_NOT_KTYPE from krb5_cc_retrieve_cred(), in order to + * handle the case where there is no TGT in the ccache and the + * input enctype didn't match. This handling is necessary because + * some callers, such as GSSAPI, iterate through enctypes and + * KRB5_CC_NOTFOUND passed through from the + * krb5_get_cred_from_kdc() is semantically incorrect, since the + * actual failure was the non-existence of a ticket of the correct + * enctype rather than the missing TGT. + */ + if ((retval == KRB5_CC_NOTFOUND || retval == KRB5_CC_NOT_KTYPE) + && not_ktype) + retval = KRB5_CC_NOT_KTYPE; + if (!retval) retval = krb5_cc_store_cred(context, ccache, *out_creds); return retval; |