osx: deal with more kerberos damage
authorDerrick Brashear <shadow@dementix.org>
Thu, 15 Mar 2012 15:51:39 +0000 (11:51 -0400)
committerDerrick Brashear <shadow@dementix.org>
Thu, 15 Mar 2012 19:33:41 +0000 (12:33 -0700)
the number of things which can return success without succeeding is
truly sad.

Change-Id: Iab3a6ef72afc8075462dfd98548ad7aa3051d40f
Reviewed-on: http://gerrit.openafs.org/6911
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: Derrick Brashear <shadow@dementix.org>

src/platform/DARWIN/AFSPreference/Krb5Util.m

index fff03ca..b6050d0 100644 (file)
                                in.client = me;
                        }
                        if ((ret == 0) && (in.client)) {
-                         ret = krb5_build_principal_ext(kcontext, &server,
-                                                      krb5_princ_realm(kcontext,
-                                                                       in.client)->length,
-                                                      krb5_princ_realm(kcontext,
-                                                                       in.client)->data,
-                                                      6, "krbtgt",
-                                                      krb5_princ_realm(kcontext,
-                                                                       in.client)->length,
-                                                      krb5_princ_realm(kcontext,
-                                                                       in.client)->data,
-                                                      0);
-                       }
-                       if (ret == 0) {
-                         in.server = server;
-                         ret = krb5_get_renewed_creds(kcontext, &in, me, id, server);
-                       }
-                       if (ret == 0) {
-                         ret = krb5_cc_initialize (kcontext, id, me);
-                         ret = krb5_cc_store_cred(kcontext, id, &in);
-                         krb5_cc_close(kcontext,id);
+                           ret = krb5_build_principal_ext(kcontext, &server,
+                                                          krb5_princ_realm(kcontext,
+                                                                           in.client)->length,
+                                                          krb5_princ_realm(kcontext,
+                                                                           in.client)->data,
+                                                          6, "krbtgt",
+                                                          krb5_princ_realm(kcontext,
+                                                                           in.client)->length,
+                                                          krb5_princ_realm(kcontext,
+                                                                           in.client)->data,
+                                                          0);
+                           if (ret == 0 && server) {
+                               in.server = server;
+                               ret = krb5_get_renewed_creds(kcontext, &in, me, id, server);
+                               if (ret == 0) {
+                                   ret = krb5_cc_initialize (kcontext, id, me);
+                                   ret = krb5_cc_store_cred(kcontext, id, &in);
+                                   krb5_cc_close(kcontext,id);
+                               }
+                           }
                        }
                        krb5_free_principal(kcontext, server);
 #else