From 27f33f36b4349650e066401028fd68f8403092d8 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Mon, 5 Dec 2016 18:33:02 -0500
Subject: Always initialize ccache when storing.

If we do not initialize the ccache additional entries will pile up and the
code that retrieves the encrypted credentials will end up sourcing old,
expired creds instead of the latest ones. Plues storage size may grow
indefinitely.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Merges #35
---
 proxy/src/mechglue/gpp_creds.c | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

(limited to 'proxy/src')

diff --git a/proxy/src/mechglue/gpp_creds.c b/proxy/src/mechglue/gpp_creds.c
index c1241bb..c1506e6 100644
--- a/proxy/src/mechglue/gpp_creds.c
+++ b/proxy/src/mechglue/gpp_creds.c
@@ -58,14 +58,10 @@ uint32_t gpp_store_remote_creds(uint32_t *min,
     }
     cred.ticket.length = xdr_getpos(&xdrctx);
 
-    ret = krb5_cc_store_cred(ctx, ccache, &cred);
-
-    if (ret == KRB5_FCC_NOFILE) {
-        /* If a ccache does not exit, try to create one */
-        ret = krb5_cc_initialize(ctx, ccache, cred.client);
-        if (ret) goto done;
-
-        /* and try again to store the cred */
+    /* Always initialize and destroy any existing contents to avoid pileup of
+     * entries */
+    ret = krb5_cc_initialize(ctx, ccache, cred.client);
+    if (ret == 0) {
         ret = krb5_cc_store_cred(ctx, ccache, &cred);
     }
 
-- 
cgit