From: Ben Kaduk <kaduk@mit.edu>
Date: Thu, 21 Aug 2014 16:48:39 +0000 (-0400)
Subject: Try to scan_ccache() after leash picks a cache
X-Git-Tag: krb5-1.13-beta1~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c3d4bfab8d44ba62ed972c491e26a46bdc70ca32;p=thirdparty%2Fkrb5.git

Try to scan_ccache() after leash picks a cache

We need to call scan_ccache() in order to notice that there
are credentials and read their expire time.

The call to scan_ccache() in the Leash case was inadvertently
removed as part of commit 8651f3339ccc5a623172a8edfb9cf522883acacd.

(cherry picked from commit 674f7d7abe2d4f8bc3fe791e4347a332e3ccfd41)

ticket: 7998
version_fixed: 1.13
status: resolved
---

diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
index f952f64cc2..eec6f2a4b1 100644
--- a/src/lib/gssapi/krb5/acquire_cred.c
+++ b/src/lib/gssapi/krb5/acquire_cred.c
@@ -464,7 +464,8 @@ get_cache_for_name(krb5_context context, krb5_gss_cred_id_rec *cred)
 
     assert(cred->name != NULL && cred->ccache == NULL);
 #ifdef USE_LEASH
-    return get_ccache_leash(context, cred->name->princ, &cred->ccache);
+    code = get_ccache_leash(context, cred->name->princ, &cred->ccache);
+    return code ? code : scan_ccache(context, cred);
 #else
     /* Check first whether we can acquire tickets, to avoid overwriting the
      * extended error message from krb5_cc_cache_match. */