From 85ac175a62fcd629592c049f2318fff79949884b Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@redhat.com>
Date: Thu, 31 Oct 2013 15:43:49 -0400
Subject: [PATCH 3/6] Learn to destroy the ccache we're copying from

Add a flag to krb5_ccache_copy() which will instruct it to destroy a
source ccache after reading its contents.  Using this when we copy the
creds from a MEMORY cache to somewhere else is necessary to avoid having
a subsequent call to krb5_cc_cache_match() select the MEMORY cache when
we're trying to have it search a different location by default.
---
 src/clients/ksu/ccache.c | 10 +++++++++-
 src/clients/ksu/ksu.h    |  2 +-
 src/clients/ksu/main.c   |  5 +++--
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/src/clients/ksu/ccache.c b/src/clients/ksu/ccache.c
index 7917af2..90ba2f2 100644
--- a/src/clients/ksu/ccache.c
+++ b/src/clients/ksu/ccache.c
@@ -47,12 +47,14 @@ void show_credential();
 */
 
 krb5_error_code krb5_ccache_copy (context, cc_def, cc_other_tag,
-                                  primary_principal, cc_out, stored, target_uid)
+                                  primary_principal, destroy_def,
+                                  cc_out, stored, target_uid)
 /* IN */
     krb5_context context;
     krb5_ccache cc_def;
     char *cc_other_tag;
     krb5_principal primary_principal;
+    krb5_boolean destroy_def;
     uid_t target_uid;
     /* OUT */
     krb5_ccache *cc_out;
@@ -80,6 +82,12 @@ krb5_error_code krb5_ccache_copy (context, cc_def, cc_other_tag,
         }
     }
 
+    if (destroy_def) {
+        retval = krb5_cc_destroy(context, cc_def);
+        if (retval)
+            return retval;
+    }
+
     *stored = krb5_find_princ_in_cred_list(context, cc_def_creds_arr,
                                            primary_principal);
 
diff --git a/src/clients/ksu/ksu.h b/src/clients/ksu/ksu.h
index 1d102a1..a889fb9 100644
--- a/src/clients/ksu/ksu.h
+++ b/src/clients/ksu/ksu.h
@@ -108,7 +108,7 @@ extern krb5_error_code get_best_principal
 /* ccache.c */
 extern krb5_error_code krb5_ccache_copy
 (krb5_context, krb5_ccache, char *, krb5_principal,
- krb5_ccache *, krb5_boolean *, uid_t);
+ krb5_boolean, krb5_ccache *, krb5_boolean *, uid_t);
 
 extern krb5_error_code krb5_store_all_creds
 (krb5_context, krb5_ccache, krb5_creds **, krb5_creds **);
diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
index fa86c78..7497a2b 100644
--- a/src/clients/ksu/main.c
+++ b/src/clients/ksu/main.c
@@ -28,6 +28,7 @@
 
 #include "ksu.h"
 #include "adm_proto.h"
+#include "../../lib/krb5/os/os-proto.h"
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <signal.h>
@@ -481,7 +482,7 @@ main (argc, argv)
     } else {
 
         retval = krb5_ccache_copy(ksu_context, cc_source, KRB5_TEMPORARY_CACHE,
-                                  client, &cc_tmp, &stored, 0);
+                                  client, FALSE, &cc_tmp, &stored, 0);
         if (retval) {
             com_err(prog_name, retval, _("while copying cache %s to %s"),
                     krb5_cc_get_name(ksu_context, cc_source),
@@ -758,7 +759,7 @@ main (argc, argv)
     }
 
     retval = krb5_ccache_copy(ksu_context, cc_tmp, cc_target_tag,
-                              client, &cc_target, &stored,
+                              client, TRUE, &cc_target, &stored,
                               target_pwd->pw_uid);
     if (retval) {
         com_err(prog_name, retval, _("while copying cache %s to %s"),
-- 
1.8.5.3