(renew_validate): inherit the proxiable and forwardable from the

orignal ticket, pointed out by Bernard Antoine of CERN. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17962 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-09-01 16:36:33 +00:00
parent e71f8a0263
commit 1812eef99f
1 changed files with 23 additions and 1 deletions
--- a/kuser/kinit.c
+++ b/kuser/kinit.c
@@ -364,7 +364,7 @@ renew_validate(krb5_context context,
 	       krb5_deltat life)
 {
    krb5_error_code ret;
-    krb5_creds in, *out;
+    krb5_creds in, *out = NULL;
    krb5_kdc_flags flags;

    memset(&in, 0, sizeof(in));
@@ -379,18 +379,40 @@ renew_validate(krb5_context context,
 	krb5_warn(context, ret, "get_server");
 	goto out;
    }
+
+    if (renew) {
+	/* 
+	 * no need to check the error here, its only to be 
+	 * friendly to the user
+	 */
+	krb5_get_credentials(context, KRB5_GC_CACHED, cache, &in, &out);
+    }
+
    flags.i = 0;
    flags.b.renewable         = flags.b.renew = renew;
    flags.b.validate          = validate;
+
    if (forwardable_flag != -1)
 	flags.b.forwardable       = forwardable_flag;
+    else if (out)
+	flags.b.forwardable 	  = out->flags.b.forwardable;
+
    if (proxiable_flag != -1)
 	flags.b.proxiable         = proxiable_flag;
+    else if (out)
+	flags.b.proxiable 	  = out->flags.b.proxiable;
+
    if (anonymous_flag != -1)
 	flags.b.request_anonymous = anonymous_flag;
    if(life)
 	in.times.endtime = time(NULL) + life;

+    if (out) {
+	krb5_free_creds (context, out);
+	out = NULL;
+    }
+
+
    ret = krb5_get_kdc_cred(context,
 			    cache,
 			    flags,