From fb1aab6486944ca770b65c70c8daeeab5b6b499a Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Jan 09 2017 17:08:40 +0000
Subject: Always initialize ccache when storing.


If we do not initialize the ccache additional entries will pile up and the
code that retrieves the encrypted credentials will end up sourcing old,
expired creds instead of the latest ones. Plues storage size may grow
indefinitely.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Merges #35

---

diff --git a/src/mechglue/gpp_creds.c b/src/mechglue/gpp_creds.c
index c1241bb..c1506e6 100644
--- a/src/mechglue/gpp_creds.c
+++ b/src/mechglue/gpp_creds.c
@@ -58,14 +58,10 @@ uint32_t gpp_store_remote_creds(uint32_t *min,
     }
     cred.ticket.length = xdr_getpos(&xdrctx);
 
-    ret = krb5_cc_store_cred(ctx, ccache, &cred);
-
-    if (ret == KRB5_FCC_NOFILE) {
-        /* If a ccache does not exit, try to create one */
-        ret = krb5_cc_initialize(ctx, ccache, cred.client);
-        if (ret) goto done;
-
-        /* and try again to store the cred */
+    /* Always initialize and destroy any existing contents to avoid pileup of
+     * entries */
+    ret = krb5_cc_initialize(ctx, ccache, cred.client);
+    if (ret == 0) {
         ret = krb5_cc_store_cred(ctx, ccache, &cred);
     }