We weren't guaranteeing that the cctype-specific callbacks were initialized before using them.
This bug only presented itself for users who were logging in without a ccacheFile attribute in the LDB (for example, first-time logins). I missed this in review because I was testing with users that were already in the cache.
From 374588ac74276c2ee05956c0a2604d44750a55c9 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher <sgall...@redhat.com> Date: Wed, 27 Jun 2012 11:41:19 -0400 Subject: [PATCH 2/2] KRB5: Initialize the credential cache type properly We weren't guaranteeing that the cctype-specific callbacks were initialized before using them. This bug only presented itself for users who were logging in without a ccacheFile attribute in the LDB (for example, first-time logins). --- src/providers/krb5/krb5_auth.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index 9b503f47a14acb5cab09b4855066546ca0996ac3..e931da9651068a5b7c49cc9ac7f40215409e710f 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -605,6 +605,17 @@ static void krb5_find_ccache_step(struct tevent_req *req) goto done; } + if (!kr->cc_be) { + kr->cc_be = get_cc_be_ops_ccache(kr->ccname); + if (kr->cc_be == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Cannot get operations on new ccache %s\n", + kr->ccname)); + ret = EINVAL; + goto done; + } + } + ret = kr->cc_be->create(kr->ccname, kr->krb5_ctx->illegal_path_re, kr->uid, kr->gid, private_path); -- 1.7.10.2
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel