krb5_lcc_store() now ignores config credentials
authorSam Hartman <hartmans@mit.edu>
Fri, 2 Dec 2011 18:52:19 +0000 (18:52 +0000)
committerSam Hartman <hartmans@mit.edu>
Fri, 2 Dec 2011 18:52:19 +0000 (18:52 +0000)
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7035
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25497 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/ccache/cc_mslsa.c

index 600478a158824ad6dd097fb7d995d1bc884be309..9e9d27134e0d6654b6778e7d6903c74b75290fec 100644 (file)
@@ -2648,6 +2648,15 @@ krb5_lcc_store(krb5_context context, krb5_ccache id, krb5_creds *creds)
     if (!is_windows_2000())
         return KRB5_FCC_NOFILE;
 
+    if (krb5_is_config_principal(context, creds->server)) {
+        /* mslsa cannot store config creds, so we have to bail.
+         * The 'right' thing to do would be to return an appropriate error,
+         * but that would require modifying the calling code to check
+         * for that error and ignore it.
+         */
+        return KRB5_OK;
+    }
+
 #ifdef KERB_SUBMIT_TICKET
     /* we can use the new KerbSubmitTicketMessage to store the ticket */
     if (KerbSubmitTicket( data->LogonHandle, data->PackageId, context, creds ))