From 8c844405a785a03864b85295c604d0dc23b0e244 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 19 Sep 2013 16:32:23 -0400 Subject: krb5: Be more lenient on failures for old ccache Fix a check for an error return code that can be returned when the ccache is not found. Even in case of other errors still do not fail authentication but allow it to proceed using a new ccache file if necessary. Related: https://fedorahosted.org/sssd/ticket/2053 --- src/providers/krb5/krb5_auth.c | 2 +- src/providers/krb5/krb5_utils.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index b373cb4c..52e230ca 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -608,7 +608,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, } else if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("check_if_ccache_file_is_used failed.\n")); - goto done; + ccache_file = NULL; } } else { kr->active_ccache = false; diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c index 7cf510ca..ba587408 100644 --- a/src/providers/krb5/krb5_utils.c +++ b/src/providers/krb5/krb5_utils.c @@ -1092,7 +1092,7 @@ errno_t sss_krb5_cc_verify_ccache(const char *ccname, uid_t uid, gid_t gid, kerr = krb5_cc_retrieve_cred(cc->context, cc->ccache, KRB5_TC_MATCH_TIMES, &mcred, &cred); if (kerr) { - if (kerr == KRB5_CC_NOTFOUND) { + if (kerr == KRB5_CC_NOTFOUND || KRB5_FCC_NOFILE) { DEBUG(SSSDBG_TRACE_INTERNAL, ("TGT not found or expired.\n")); ret = EINVAL; } else { -- cgit