From 8a5d50a328f294e95b1bd73775820448ae0d301d Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@cryptonector.com>
Date: Wed, 11 Mar 2015 16:43:00 -0500
Subject: [PATCH] krb5: do not store TGTs if GC_NO_STORE

krb5_get_credentials_with_flags() and krb5_get_creds() do not store
obtained TGTs if the KRB5_GC_NO_STORE flag is set.

Change-Id: Ie999ec4e985463ff60e9d499c3e870880033dfa7
---
 lib/krb5/get_cred.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/lib/krb5/get_cred.c b/lib/krb5/get_cred.c
index cf40172bb..bdc9a499d 100644
--- a/lib/krb5/get_cred.c
+++ b/lib/krb5/get_cred.c
@@ -1271,8 +1271,9 @@ next_rule:
     tgts = NULL;
     ret = _krb5_get_cred_kdc_any(context, flags, ccache,
 				 try_creds, NULL, NULL, out_creds, &tgts);
-    for(i = 0; tgts && tgts[i]; i++) {
-	krb5_cc_store_cred(context, ccache, tgts[i]);
+    for (i = 0; tgts && tgts[i]; i++) {
+	if ((options & KRB5_GC_NO_STORE) == 0)
+	    krb5_cc_store_cred(context, ccache, tgts[i]);
 	krb5_free_creds(context, tgts[i]);
     }
     free(tgts);
@@ -1507,8 +1508,9 @@ next_rule:
 				 try_creds, opt ? opt->self : 0,
 				 opt ? opt->ticket : 0, out_creds,
 				 &tgts);
-    for(i = 0; tgts && tgts[i]; i++) {
-	krb5_cc_store_cred(context, ccache, tgts[i]);
+    for (i = 0; tgts && tgts[i]; i++) {
+	if ((options & KRB5_GC_NO_STORE) == 0)
+	    krb5_cc_store_cred(context, ccache, tgts[i]);
 	krb5_free_creds(context, tgts[i]);
     }
     free(tgts);