summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimo Sorce <simo@redhat.com>2013-09-19 16:32:23 -0400
committerJakub Hrozek <jhrozek@redhat.com>2013-09-25 14:08:53 +0200
commitb5020bc839a8260b0148b0b5ba07b82cf88d654b (patch)
treedb940543110ddda8c1b057956b629631a2b5f48e
parenta0b107df0cd7ba16713038bc3f705222f90798ca (diff)
downloadsssd-b5020bc839a8260b0148b0b5ba07b82cf88d654b.tar.gz
sssd-b5020bc839a8260b0148b0b5ba07b82cf88d654b.tar.xz
sssd-b5020bc839a8260b0148b0b5ba07b82cf88d654b.zip
krb5: Be more lenient on failures for old ccache
Fix a check for an error return code that can be returned when the ccache is not found. Even in case of other errors still do not fail authentication but allow it to proceed using a new ccache file if necessary. Related: https://fedorahosted.org/sssd/ticket/2053
Diffstat
-rw-r--r--src/providers/krb5/krb5_auth.c2
-rw-r--r--src/providers/krb5/krb5_utils.c2
2 files changed, 2 insertions, 2 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index b373cb4c3..52e230ca9 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -608,7 +608,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
} else if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
("check_if_ccache_file_is_used failed.\n"));
- goto done;
+ ccache_file = NULL;
}
} else {
kr->active_ccache = false;
diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c
index 7cf510ca9..ba587408c 100644
--- a/src/providers/krb5/krb5_utils.c
+++ b/src/providers/krb5/krb5_utils.c
@@ -1092,7 +1092,7 @@ errno_t sss_krb5_cc_verify_ccache(const char *ccname, uid_t uid, gid_t gid,
kerr = krb5_cc_retrieve_cred(cc->context, cc->ccache,
KRB5_TC_MATCH_TIMES, &mcred, &cred);
if (kerr) {
- if (kerr == KRB5_CC_NOTFOUND) {
+ if (kerr == KRB5_CC_NOTFOUND || KRB5_FCC_NOFILE) {
DEBUG(SSSDBG_TRACE_INTERNAL, ("TGT not found or expired.\n"));
ret = EINVAL;
} else {
generated by cgit (git 2.34.1) at 2024-05-04 20:54:07 +0000