diff options
| author | Greg Hudson <ghudson@mit.edu> | 2012-06-14 14:15:05 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-06-15 00:15:37 -0400 |
| commit | cdb50c57f1852dabda4929129e1470e6b334a812 (patch) | |
| tree | e1f818416eab12a70202d6ef740271e5111ad8c2 /src/lib | |
| parent | 85afc74759792cfd3ed53daa7f42bce11ca4c536 (diff) | |
| download | krb5-cdb50c57f1852dabda4929129e1470e6b334a812.tar.gz krb5-cdb50c57f1852dabda4929129e1470e6b334a812.tar.xz krb5-cdb50c57f1852dabda4929129e1470e6b334a812.zip | |
Fail from gss_acquire_cred if we have no creds
If a caller tries to acquire krb5 initiator creds with no desired name
and we have no credentials in the cache collection, fail from
gss_acquire_cred intead of deferring until gss_init_sec_context.
ticket: 7160
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/gssapi/krb5/acquire_cred.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index 2bbee5fd8..a784dd37d 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -606,6 +606,14 @@ acquire_init_cred(krb5_context context, return GSS_S_CRED_UNAVAIL; } cred->ccache = ccache; + } else { + /* We haven't decided on a ccache or principal yet, but fail now if + * there are no krb5 credentials at all. */ + code = krb5_cccol_have_content(context); + if (code != 0) { + *minor_status = code; + return GSS_S_CRED_UNAVAIL; + } } /* |