From dab6e078b224ac90e6ac06f3a8d9e9a32245e17e Mon Sep 17 00:00:00 2001
From: Love Hornquist Astrand <lha@h5l.org>
Date: Sun, 22 Nov 2009 12:24:58 -0800
Subject: [PATCH] more logging, track kdc offset better

---
 lib/krb5/get_cred.c | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/lib/krb5/get_cred.c b/lib/krb5/get_cred.c
index e921cf059..23bd06f80 100644
--- a/lib/krb5/get_cred.c
+++ b/lib/krb5/get_cred.c
@@ -3,6 +3,8 @@
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  *
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -1037,6 +1039,13 @@ _krb5_get_cred_kdc_any(krb5_context context,
 		       krb5_creds ***ret_tgts)
 {
     krb5_error_code ret;
+    krb5_deltat offset;
+
+    ret = krb5_cc_get_kdc_offset(context, ccache, &offset);
+    if (ret) {
+	context->kdc_sec_offset = offset;
+	context->kdc_usec_offset = 0;
+    }
 
     ret = get_cred_kdc_referral(context,
 				flags,
@@ -1325,14 +1334,14 @@ krb5_get_creds(krb5_context context,
         if(options & KRB5_GC_EXPIRED_OK) {
             *out_creds = res_creds;
 	    krb5_free_principal(context, in_creds.client);
-            return 0;
+            goto out;
         }
 	
 	krb5_timeofday(context, &timeret);
 	if(res_creds->times.endtime > timeret) {
 	    *out_creds = res_creds;
 	    krb5_free_principal(context, in_creds.client);
-	    return 0;
+            goto out;
 	}
 	if(options & KRB5_GC_CACHED)
 	    krb5_cc_remove_cred(context, ccache, 0, res_creds);
@@ -1340,12 +1349,13 @@ krb5_get_creds(krb5_context context,
     } else if(ret != KRB5_CC_END) {
         free(res_creds);
 	krb5_free_principal(context, in_creds.client);
-        return ret;
+	goto out;
     }
     free(res_creds);
     if(options & KRB5_GC_CACHED) {
 	krb5_free_principal(context, in_creds.client);
-	return not_found(context, in_creds.server, KRB5_CC_NOTFOUND);
+	ret = not_found(context, in_creds.server, KRB5_CC_NOTFOUND);
+	goto out;
     }
     if(options & KRB5_GC_USER_USER) {
 	flags.b.enc_tkt_in_skey = 1;
@@ -1374,6 +1384,10 @@ krb5_get_creds(krb5_context context,
     free(tgts);
     if(ret == 0 && (options & KRB5_GC_NO_STORE) == 0)
 	krb5_cc_store_cred(context, ccache, *out_creds);
+
+ out:
+    _krb5_debug(context, 5, "krb5_get_creds: ret = %d", ret);
+
     return ret;
 }