From be7df45b6a56631033de387d28a2c06b7658c36a Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Dec 05 2017 20:14:43 +0000
Subject: Properly initialize ccaches before storing into them


krb5_cc_new_unique() doesn't initialize ccaches, which results in the
krb5 libraries being aware of their presence within the collection but
being unable to manipulate them.

This is transparent to most gssproxy consumers because we just
re-fetch the ccache on error.

Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Merges: #223

---

diff --git a/src/mechglue/gpp_creds.c b/src/mechglue/gpp_creds.c
index 1ac9691..e87da82 100644
--- a/src/mechglue/gpp_creds.c
+++ b/src/mechglue/gpp_creds.c
@@ -247,6 +247,13 @@ uint32_t gpp_store_remote_creds(uint32_t *min, bool store_as_default_cred,
 
         ret = krb5_cc_new_unique(ctx, cc_type, NULL, &ccache);
         free(cc_type);
+        if (ret)
+            goto done;
+
+        /* krb5_cc_new_unique() doesn't initialize, and we need to initialize
+         * before storing into the ccache.  Note that this will only clobber
+         * the ccache handle, not the whole collection. */
+        ret = krb5_cc_initialize(ctx, ccache, cred.client);
     }
     if (ret)
         goto done;