Always initialize ccache when storing.

If we do not initialize the ccache additional entries will pile up and the
code that retrieves the encrypted credentials will end up sourcing old,
expired creds instead of the latest ones. Plues storage size may grow
indefinitely.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Merges #35

1 files changed, 4 insertions, 8 deletions

diff --git a/proxy/src/mechglue/gpp_creds.c b/proxy/src/mechglue/gpp_creds.c
index c1241bb..c1506e6 100644
--- a/proxy/src/mechglue/gpp_creds.c
+++ b/proxy/src/mechglue/gpp_creds.c
@@ -58,14 +58,10 @@ uint32_t gpp_store_remote_creds(uint32_t *min,
     }
     cred.ticket.length = xdr_getpos(&xdrctx);
 
-    ret = krb5_cc_store_cred(ctx, ccache, &cred);
-
-    if (ret == KRB5_FCC_NOFILE) {
-        /* If a ccache does not exit, try to create one */
-        ret = krb5_cc_initialize(ctx, ccache, cred.client);
-        if (ret) goto done;
-
-        /* and try again to store the cred */
+    /* Always initialize and destroy any existing contents to avoid pileup of
+     * entries */
+    ret = krb5_cc_initialize(ctx, ccache, cred.client);
+    if (ret == 0) {
         ret = krb5_cc_store_cred(ctx, ccache, &cred);
     }