kinit: don't leave dangling temporary ccaches

kinit does not destroy ccaches created with krb5_cc_new_unique() if ticket
acquisition fails. This was leaving dangling keyring entries with the keyring
ccache.
This commit is contained in:
Luke Howard
2018-12-24 03:37:08 +00:00
committed by Nico Williams
parent f132d2040d
commit 2e1304b9d5

View File

@@ -383,7 +383,7 @@ renew_validate(krb5_context context,
out:
if (tempccache)
krb5_cc_close(context, tempccache);
krb5_cc_destroy(context, tempccache);
if (out)
krb5_free_creds(context, out);
krb5_free_cred_contents(context, &in);
@@ -780,7 +780,7 @@ out:
if (ctx)
krb5_init_creds_free(context, ctx);
if (tempccache)
krb5_cc_close(context, tempccache);
krb5_cc_destroy(context, tempccache);
if (enctype)
free(enctype);
@@ -1223,6 +1223,7 @@ main(int argc, char **argv)
#ifdef HAVE_SIGACTION
struct sigaction sa;
#endif
krb5_boolean unique_ccache = FALSE;
setprogname(argv[0]);
@@ -1312,6 +1313,7 @@ main(int argc, char **argv)
krb5_cc_get_type(context, ccache),
krb5_cc_get_name(context, ccache));
setenv("KRB5CCNAME", s, 1);
unique_ccache = TRUE;
} else {
ret = krb5_cc_cache_match(context, principal, &ccache);
if (ret) {
@@ -1331,6 +1333,8 @@ main(int argc, char **argv)
krb5_cc_close(context, ccache);
ret = get_switched_ccache(context, type, principal,
&ccache);
if (ret == 0)
unique_ccache = TRUE;
}
}
}
@@ -1379,12 +1383,17 @@ main(int argc, char **argv)
krb5_afslog(context, ccache, NULL, NULL);
#endif
if (unique_ccache)
krb5_cc_destroy(context, ccache);
exit(ret != 0);
}
ret = get_new_tickets(context, principal, ccache, ticket_life, 1);
if (ret)
if (ret) {
if (unique_ccache)
krb5_cc_destroy(context, ccache);
exit(1);
}
#ifndef NO_AFS
if (ret == 0 && server_str == NULL && do_afslog && k_hasafs())