From 824574606a1be446bfa013bec46adc306632103d Mon Sep 17 00:00:00 2001 From: Alexandra Ellwood Date: Mon, 10 Mar 2008 19:32:47 +0000 Subject: cc_set_principal should return error on bad cred version When the caller passes in a version different than the one the ccache was opened with, cc_set_principal should return CC_ERR_CRED_VERSION because "cred_vers is used as a double check". ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20263 dc483132-0cff-0310-8789-dd5450dbe970 --- src/ccapi/lib/ccapi_v2.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'src/ccapi/lib') diff --git a/src/ccapi/lib/ccapi_v2.c b/src/ccapi/lib/ccapi_v2.c index 3050fd1e6..ffeb1d694 100644 --- a/src/ccapi/lib/ccapi_v2.c +++ b/src/ccapi/lib/ccapi_v2.c @@ -450,6 +450,7 @@ cc_result cc_set_principal (apiCB *in_context, { cc_result err = ccNoError; cc_uint32 version; + cc_uint32 compat_version; if (!in_context ) { err = cci_check_error (ccErrBadParam); } if (!io_ccache ) { err = cci_check_error (ccErrBadParam); } @@ -459,6 +460,14 @@ cc_result cc_set_principal (apiCB *in_context, err = cci_remap_version (in_version, &version); } + if (!err) { + err = cci_ccache_get_compat_version (io_ccache, &compat_version); + } + + if (!err && version != compat_version) { + err = cci_check_error (ccErrBadCredentialsVersion); + } + if (!err) { err = ccapi_ccache_set_principal (io_ccache, version, in_principal); } -- cgit