- (dtucker) [gss-serv-krb5.c] Fall back to krb5_cc_gen_new if the Kerberos

   implementation does not have krb5_cc_new_unique, similar to what we do
   in auth-krb5.c.

diff --git a/ChangeLog b/ChangeLog
index b870c075c1b1bba4e311d050c5956450395bce9e..6073abbb842e1cedfdc37cff7f02b617845f7caa 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,7 @@
 20140120
+ - (dtucker) [gss-serv-krb5.c] Fall back to krb5_cc_gen_new if the Kerberos
+   implementation does not have krb5_cc_new_unique, similar to what we do
+   in auth-krb5.c.
  - (djm) OpenBSD CVS Sync
    - djm@cvs.openbsd.org 2014/01/20 00:08:48
      [digest.c]

diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
index 87f26831a70d80f9d4b678be4e202c652fe72145..759fa104f78231dca4633f8503865208368516d7 100644 (file)
--- a/gss-serv-krb5.c
+++ b/gss-serv-krb5.c
@@ -132,10 +132,16 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
                return;
 
 #ifdef HEIMDAL
+# ifdef HAVE_KRB5_CC_NEW_UNIQUE
        if ((problem = krb5_cc_new_unique(krb_context, krb5_fcc_ops.prefix,
            NULL, &ccache)) != 0) {
                errmsg = krb5_get_error_message(krb_context, problem);
                logit("krb5_cc_new_unique(): %.100s", errmsg);
+# else
+       if ((problem = krb5_cc_gen_new(krb_context, &krb5_fcc_ops, &ccache))) {
+           logit("krb5_cc_gen_new(): %.100s",
+               krb5_get_err_text(krb_context, problem));
+# endif
                krb5_free_error_message(krb_context, errmsg);
                return;
        }