When setting up to get a TGT for the service realm in the TGS code,

get the cached local TGT before setting up the realm path.

Prior to this change, calling krb5_get_credentials() with an empty
ccache would result in KRB5_CC_NOTFOUND for a foreign server
principal, but would result in KRB5_NO_TKT_IN_REALM (generated by
krb5_walk_realm_tree) for a local server principal.  With this change,
KRB5_CC_NOTFOUND is returned in both cases.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23909 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c
index e28391790636a3e37b56a7a40d3689d9286a540f..36624af1f0fb99d9ad917b5cef33ba72bf190947 100644 (file)
--- a/src/lib/krb5/krb/get_creds.c
+++ b/src/lib/krb5/krb/get_creds.c
@@ -941,11 +941,6 @@ begin_get_tgt(krb5_context context, krb5_tkt_creds_context ctx)
         return end_get_tgt(context, ctx);
     }
 
-    /* Initialize the realm path. */
-    code = init_realm_path(context, ctx);
-    if (code != 0)
-        return code;
-
     /* Start with the local tgt. */
     krb5_free_creds(context, ctx->cur_tgt);
     ctx->cur_tgt = NULL;
@@ -955,6 +950,11 @@ begin_get_tgt(krb5_context context, krb5_tkt_creds_context ctx)
     if (ctx->cur_tgt == NULL)
         return ctx->cache_code;
 
+    /* Initialize the realm path. */
+    code = init_realm_path(context, ctx);
+    if (code != 0)
+        return code;
+
     /* Empty out the realms-seen list for loop checking. */
     krb5int_free_data_list(context, ctx->realms_seen);
     ctx->realms_seen = NULL;