cc_set_principal should return error on bad cred version

When the caller passes in a version different than the one the ccache
was opened with, cc_set_principal should return CC_ERR_CRED_VERSION
because "cred_vers is used as a double check".

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20263 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/ccapi/lib/ccapi_v2.c b/src/ccapi/lib/ccapi_v2.c
index 3050fd1e6b8dde10ad1c4569e599debc47ca86c4..ffeb1d6943ef2b1c4d53219ae8bfa1b7bf6b02a6 100644 (file)
--- a/src/ccapi/lib/ccapi_v2.c
+++ b/src/ccapi/lib/ccapi_v2.c
@@ -450,6 +450,7 @@ cc_result cc_set_principal (apiCB    *in_context,
 {
     cc_result err = ccNoError;
     cc_uint32 version;
+    cc_uint32 compat_version;
     
     if (!in_context  ) { err = cci_check_error (ccErrBadParam); }
     if (!io_ccache   ) { err = cci_check_error (ccErrBadParam); }
@@ -459,6 +460,14 @@ cc_result cc_set_principal (apiCB    *in_context,
         err = cci_remap_version (in_version, &version);
     }
 
+    if (!err) {
+        err = cci_ccache_get_compat_version (io_ccache, &compat_version);
+    }
+    
+    if (!err && version != compat_version) {
+        err = cci_check_error (ccErrBadCredentialsVersion);
+    }
+    
     if (!err) {
         err = ccapi_ccache_set_principal (io_ccache, version, in_principal);
     }