Make verify_init_creds work with existing ccache

As the file ccache implementation currently stands, we don't want to
turn off TC_OPENCLOSE on a file cache we're writing to, or it will be
opened read-only and stores to it will fail.  Reported by Russ
Allbery.

(cherry picked from commit 0ae663d35b7dcbf2c469ad0688a67f4d1c0e425e)

ticket: 7612 (new)
version_fixed: 1.9.5
status: resolved

diff --git a/src/lib/krb5/krb/vfy_increds.c b/src/lib/krb5/krb/vfy_increds.c
index 5eeda426b241dd2c2a2c510957ace118f24c26d0..ad15b1a8dd1d599fe2983f9b440147502462f216 100644 (file)
--- a/src/lib/krb5/krb/vfy_increds.c
+++ b/src/lib/krb5/krb/vfy_increds.c
@@ -14,8 +14,6 @@ copy_creds_except(krb5_context context, krb5_ccache incc,
     flags = 0;                           /* turns off OPENCLOSE mode */
     if ((code = krb5_cc_set_flags(context, incc, flags)))
         return(code);
-    if ((code = krb5_cc_set_flags(context, outcc, flags)))
-        return(code);
 
     if ((code = krb5_cc_start_seq_get(context, incc, &cur)))
         goto cleanup;
@@ -43,11 +41,6 @@ cleanup:
     else
         code = krb5_cc_set_flags(context, incc, flags);
 
-    if (code)
-        krb5_cc_set_flags(context, outcc, flags);
-    else
-        code = krb5_cc_set_flags(context, outcc, flags);
-
     return(code);
 }