We weren't guaranteeing that the cctype-specific callbacks were initialized before using them.
This bug only presented itself for users who were logging in without a ccacheFile attribute in the LDB (for example, first-time logins). I missed this in review because I was testing with users that were already in the cache.
From 374588ac74276c2ee05956c0a2604d44750a55c9 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgall...@redhat.com>
Date: Wed, 27 Jun 2012 11:41:19 -0400
Subject: [PATCH 2/2] KRB5: Initialize the credential cache type properly
We weren't guaranteeing that the cctype-specific callbacks were
initialized before using them.
This bug only presented itself for users who were logging in
without a ccacheFile attribute in the LDB (for example, first-time
logins).
---
src/providers/krb5/krb5_auth.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index 9b503f47a14acb5cab09b4855066546ca0996ac3..e931da9651068a5b7c49cc9ac7f40215409e710f 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -605,6 +605,17 @@ static void krb5_find_ccache_step(struct tevent_req *req)
goto done;
}
+ if (!kr->cc_be) {
+ kr->cc_be = get_cc_be_ops_ccache(kr->ccname);
+ if (kr->cc_be == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Cannot get operations on new ccache %s\n",
+ kr->ccname));
+ ret = EINVAL;
+ goto done;
+ }
+ }
+
ret = kr->cc_be->create(kr->ccname,
kr->krb5_ctx->illegal_path_re,
kr->uid, kr->gid, private_path);
--
1.7.10.2
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
