Remove some obsoleted patches.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
2017-02-28 13:36:07 -05:00 · 2017-02-28 13:36:07 -05:00 · 7a8cf3c073
commit 7a8cf3c073
parent 2208fe4fce
6 changed files with 0 additions and 824 deletions
--- a/0001-aclocal-fix-typo-in-idmap.m4.patch
+++ b/0001-aclocal-fix-typo-in-idmap.m4.patch
@ -1,28 +0,0 @@
-From bbbf7133aec555c5d27ee3163d6045ecfc4673d9 Mon Sep 17 00:00:00 2001
-From: Jeff Layton <jlayton@samba.org>
-Date: Tue, 12 Jul 2016 16:53:25 -0400
-Subject: [cifs-utils PATCH 1/6] aclocal: fix typo in idmap.m4
-
-We really don't want to do the same check twice.
-
-Signed-off-by: Jeff Layton <jlayton@samba.org>
---
- aclocal/idmap.m4 | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/aclocal/idmap.m4 b/aclocal/idmap.m4
-index 3ccdae3ab968..4e16a46568a1 100644
--- a/aclocal/idmap.m4
-+++ b/aclocal/idmap.m4
-@@ -19,7 +19,7 @@ if test $enable_cifsidmap != "no" -o $enable_cifsacl != "no"; then
- 			])
- fi
- 
-if test $enable_cifsacl != "no" -o $enable_cifsacl != "no"; then
-+if test $enable_cifsidmap != "no" -o $enable_cifsacl != "no"; then
- 	ac_wbc_save_LDFLAGS="$LDFLAGS"
- 	ac_wbc_save_LIBS="$LIBS"
- 	LDFLAGS="$LDFLAGS $WBCLIENT_LIBS"
-- 
-2.7.4
-
--- a/0002-cifs.upcall-use-krb5-routines-to-get-default-ccname.patch
+++ b/0002-cifs.upcall-use-krb5-routines-to-get-default-ccname.patch
@ -1,215 +0,0 @@
-From 9be6e885c3bd63aa6ae9e6351e1b33a4b15d9183 Mon Sep 17 00:00:00 2001
-From: Jeff Layton <jlayton@samba.org>
-Date: Sun, 21 Aug 2016 09:42:59 -0400
-Subject: [cifs-utils PATCH 2/6] cifs.upcall: use krb5 routines to get default
- ccname
-
-Currently we end up groveling around in /tmp, trying to guess what the
-credcache will be. Instead, just get the default ccname for the user,
-and then see if it has a valid tgt. If it doesn't then we try to use
-the keytab to init the credcache before proceeding.
-
-Signed-off-by: Jeff Layton <jlayton@samba.org>
---
- cifs.upcall.c | 148 +++++++++++-----------------------------------------------
- 1 file changed, 27 insertions(+), 121 deletions(-)
-
-diff --git a/cifs.upcall.c b/cifs.upcall.c
-index e8544c2b68ad..d0f6d089d8e1 100644
--- a/cifs.upcall.c
-+++ b/cifs.upcall.c
-@@ -52,12 +52,6 @@
- #include "spnego.h"
- #include "cifs_spnego.h"
- 
-#define	CIFS_DEFAULT_KRB5_DIR		"/tmp"
-#define	CIFS_DEFAULT_KRB5_USER_DIR	"/run/user/%U"
-#define	CIFS_DEFAULT_KRB5_PREFIX	"krb5cc"
-
-#define	MAX_CCNAME_LEN			PATH_MAX + 5
-
- static const char *prog = "cifs.upcall";
- typedef enum _sectype {
- 	NONE = 0,
-@@ -178,13 +172,34 @@ err_cache:
- 	return credtime;
- }
- 
-static int krb5cc_filter(const struct dirent *dirent)
-+static char *
-+get_default_cc(void)
- {
-	/* subtract 1 for the null terminator */
-	return !strncmp(dirent->d_name, CIFS_DEFAULT_KRB5_PREFIX,
-			sizeof(CIFS_DEFAULT_KRB5_PREFIX) - 1);
-+	krb5_error_code ret;
-+	const char *ccname;
-+	char *rcc = NULL;
-+	krb5_context context = NULL;
-+
-+	ret = krb5_init_context(&context);
-+	if (ret) {
-+		syslog(LOG_DEBUG, "krb5_init_context: %d", (int)ret);
-+		return NULL;
-+	}
-+
-+	ccname = krb5_cc_default_name(context);
-+	if (!ccname) {
-+		syslog(LOG_DEBUG, "krb5_cc_default returned NULL.");
-+		goto out_free_context;
-+	}
-+
-+	if (get_tgt_time(ccname))
-+		rcc = strdup(ccname);
-+out_free_context:
-+	krb5_free_context(context);
-+	return rcc;
- }
- 
-+
- static char *
- init_cc_from_keytab(const char *keytab_name, const char *user)
- {
-@@ -263,109 +278,6 @@ icfk_cleanup:
- 	return ccname;
- }
- 
-/* resolve a pattern to an actual directory path */
-static char *resolve_krb5_dir(const char *pattern, uid_t uid)
-{
-	char name[MAX_CCNAME_LEN];
-	int i;
-	size_t j;
-	for (i = 0, j = 0; (pattern[i] != '\0') && (j < sizeof(name)); i++) {
-		switch (pattern[i]) {
-		case '%':
-			switch (pattern[i + 1]) {
-			case '%':
-				name[j++] = pattern[i];
-				i++;
-				break;
-			case 'U':
-				j += snprintf(name + j, sizeof(name) - j,
-					      "%lu", (unsigned long) uid);
-				i++;
-				break;
-			}
-			break;
-		default:
-			name[j++] = pattern[i];
-			break;
-		}
-	}
-	if ((j > 0) && (j < sizeof(name)))
-		return strndup(name, MAX_CCNAME_LEN);
-	else
-		return NULL;
-}
-
-/* search for a credcache that looks like a likely candidate */
-static char *find_krb5_cc(const char *dirname, uid_t uid,
-			  char **best_cache, time_t *best_time)
-{
-	struct dirent **namelist;
-	struct stat sbuf;
-	char ccname[MAX_CCNAME_LEN], *credpath;
-	int i, n;
-	time_t cred_time;
-
-	n = scandir(dirname, &namelist, krb5cc_filter, NULL);
-	if (n < 0) {
-		syslog(LOG_DEBUG, "%s: scandir error on directory '%s': %s",
-		       __func__, dirname, strerror(errno));
-		return NULL;
-	}
-
-	for (i = 0; i < n; i++) {
-		snprintf(ccname, sizeof(ccname), "FILE:%s/%s", dirname,
-			 namelist[i]->d_name);
-		credpath = ccname + 5;
-		syslog(LOG_DEBUG, "%s: considering %s", __func__, credpath);
-
-		if (lstat(credpath, &sbuf)) {
-			syslog(LOG_DEBUG, "%s: stat error on '%s': %s",
-			       __func__, credpath, strerror(errno));
-			free(namelist[i]);
-			continue;
-		}
-		if (sbuf.st_uid != uid) {
-			syslog(LOG_DEBUG, "%s: %s is owned by %u, not %u",
-			       __func__, credpath, sbuf.st_uid, uid);
-			free(namelist[i]);
-			continue;
-		}
-		if (S_ISDIR(sbuf.st_mode)) {
-			snprintf(ccname, sizeof(ccname), "DIR:%s/%s", dirname,
-				 namelist[i]->d_name);
-			credpath = ccname + 4;
-		} else
-		if (!S_ISREG(sbuf.st_mode)) {
-			syslog(LOG_DEBUG, "%s: %s is not a regular file",
-			       __func__, credpath);
-			free(namelist[i]);
-			continue;
-		}
-		if (!(cred_time = get_tgt_time(ccname))) {
-			syslog(LOG_DEBUG, "%s: %s is not a valid credcache.",
-			       __func__, ccname);
-			free(namelist[i]);
-			continue;
-		}
-
-		if (cred_time <= *best_time) {
-			syslog(LOG_DEBUG, "%s: %s expires sooner than current "
-			       "best.", __func__, ccname);
-			free(namelist[i]);
-			continue;
-		}
-
-		syslog(LOG_DEBUG, "%s: %s is valid ccache", __func__, ccname);
-		free(*best_cache);
-		*best_cache = strndup(ccname, MAX_CCNAME_LEN);
-		*best_time = cred_time;
-		free(namelist[i]);
-	}
-	free(namelist);
-
-	return *best_cache;
-}
-
- static int
- cifs_krb5_get_req(const char *host, const char *ccname,
- 		  DATA_BLOB * mechtoken, DATA_BLOB * sess_key)
-@@ -841,13 +753,12 @@ int main(const int argc, char *const argv[])
- 	unsigned int have;
- 	long rc = 1;
- 	int c, try_dns = 0, legacy_uid = 0;
-	char *buf, *ccdir = NULL, *ccname = NULL, *best_cache = NULL;
-+	char *buf, *ccname = NULL;
- 	char hostbuf[NI_MAXHOST], *host;
- 	struct decoded_args arg;
- 	const char *oid;
- 	uid_t uid;
- 	char *keytab_name = NULL;
-	time_t best_time = 0;
- 
- 	hostbuf[0] = '\0';
- 	memset(&arg, 0, sizeof(arg));
-@@ -954,13 +865,8 @@ int main(const int argc, char *const argv[])
- 		syslog(LOG_ERR, "setuid: %s", strerror(errno));
- 		goto out;
- 	}
-	ccdir = resolve_krb5_dir(CIFS_DEFAULT_KRB5_USER_DIR, uid);
-	if (ccdir != NULL)
-		find_krb5_cc(ccdir, uid, &best_cache, &best_time);
-	ccname = find_krb5_cc(CIFS_DEFAULT_KRB5_DIR, uid, &best_cache,
-			      &best_time);
-	SAFE_FREE(ccdir);
- 
-+	ccname = get_default_cc();
- 	/* Couldn't find credcache? Try to use keytab */
- 	if (ccname == NULL && arg.username != NULL)
- 		ccname = init_cc_from_keytab(keytab_name, arg.username);
-- 
-2.7.4
-
--- a/0003-cifs.upcall-make-the-krb5_context-a-static-global-va.patch
+++ b/0003-cifs.upcall-make-the-krb5_context-a-static-global-va.patch
@ -1,214 +0,0 @@
-From a3743af0c579cee61b816080de978ae7a7663b05 Mon Sep 17 00:00:00 2001
-From: Jeff Layton <jlayton@samba.org>
-Date: Mon, 22 Aug 2016 07:34:21 -0400
-Subject: [cifs-utils PATCH 3/6] cifs.upcall: make the krb5_context a static
- global variable
-
-There's no need to keep initing a new context for every function. Just
-do it once and reuse as needed.
-
-Signed-off-by: Jeff Layton <jlayton@samba.org>
---
- cifs.upcall.c | 61 ++++++++++++++++-------------------------------------------
- 1 file changed, 16 insertions(+), 45 deletions(-)
-
-diff --git a/cifs.upcall.c b/cifs.upcall.c
-index d0f6d089d8e1..8448d00f6061 100644
--- a/cifs.upcall.c
-+++ b/cifs.upcall.c
-@@ -52,7 +52,9 @@
- #include "spnego.h"
- #include "cifs_spnego.h"
- 
-static const char *prog = "cifs.upcall";
-+static krb5_context	context;
-+static const char	*prog = "cifs.upcall";
-+
- typedef enum _sectype {
- 	NONE = 0,
- 	KRB5,
-@@ -69,9 +71,7 @@ typedef enum _sectype {
-  * @return pointer to the realm
-  *
-  */
-
-static char *cifs_krb5_principal_get_realm(krb5_context context __attribute__ ((unused)),
-					   krb5_principal principal)
-+static char *cifs_krb5_principal_get_realm(krb5_principal principal)
- {
- #ifdef HAVE_KRB5_PRINCIPAL_GET_REALM	/* Heimdal */
- 	return krb5_principal_get_realm(context, principal);
-@@ -104,7 +104,6 @@ krb5_auth_con_getsendsubkey(krb5_context context,
- /* does the ccache have a valid TGT? */
- static time_t get_tgt_time(const char *ccname)
- {
-	krb5_context context;
- 	krb5_ccache ccache;
- 	krb5_cc_cursor cur;
- 	krb5_creds creds;
-@@ -112,11 +111,6 @@ static time_t get_tgt_time(const char *ccname)
- 	time_t credtime = 0;
- 	char *realm = NULL;
- 
-	if (krb5_init_context(&context)) {
-		syslog(LOG_DEBUG, "%s: unable to init krb5 context", __func__);
-		return 0;
-	}
-
- 	if (krb5_cc_resolve(context, ccname, &ccache)) {
- 		syslog(LOG_DEBUG, "%s: unable to resolve krb5 cache", __func__);
- 		goto err_cache;
-@@ -137,7 +131,7 @@ static time_t get_tgt_time(const char *ccname)
- 		goto err_ccstart;
- 	}
- 
-	if ((realm = cifs_krb5_principal_get_realm(context, principal)) == NULL) {
-+	if ((realm = cifs_krb5_principal_get_realm(principal)) == NULL) {
- 		syslog(LOG_DEBUG, "%s: unable to get realm", __func__);
- 		goto err_ccstart;
- 	}
-@@ -168,34 +162,23 @@ err_princ:
- #endif
- 	krb5_cc_close(context, ccache);
- err_cache:
-	krb5_free_context(context);
- 	return credtime;
- }
- 
- static char *
- get_default_cc(void)
- {
-	krb5_error_code ret;
- 	const char *ccname;
- 	char *rcc = NULL;
-	krb5_context context = NULL;
-
-	ret = krb5_init_context(&context);
-	if (ret) {
-		syslog(LOG_DEBUG, "krb5_init_context: %d", (int)ret);
-		return NULL;
-	}
- 
- 	ccname = krb5_cc_default_name(context);
- 	if (!ccname) {
- 		syslog(LOG_DEBUG, "krb5_cc_default returned NULL.");
-		goto out_free_context;
-+		return NULL;
- 	}
- 
- 	if (get_tgt_time(ccname))
- 		rcc = strdup(ccname);
-out_free_context:
-	krb5_free_context(context);
- 	return rcc;
- }
- 
-@@ -203,7 +186,6 @@ out_free_context:
- static char *
- init_cc_from_keytab(const char *keytab_name, const char *user)
- {
-	krb5_context context = NULL;
- 	krb5_error_code ret;
- 	krb5_creds my_creds;
- 	krb5_keytab keytab = NULL;
-@@ -213,12 +195,6 @@ init_cc_from_keytab(const char *keytab_name, const char *user)
- 
- 	memset((char *) &my_creds, 0, sizeof(my_creds));
- 
-	ret = krb5_init_context(&context);
-	if (ret) {
-		syslog(LOG_DEBUG, "krb5_init_context: %d", (int)ret);
-		goto icfk_cleanup;
-	}
-
- 	if (keytab_name)
- 		ret = krb5_kt_resolve(context, keytab_name, &keytab);
- 	else
-@@ -273,8 +249,6 @@ icfk_cleanup:
- 		krb5_cc_close(context, cc);
- 	if (keytab)
- 		krb5_kt_close(context, keytab);
-	if (context)
-		krb5_free_context(context);
- 	return ccname;
- }
- 
-@@ -284,7 +258,6 @@ cifs_krb5_get_req(const char *host, const char *ccname,
- {
- 	krb5_error_code ret;
- 	krb5_keyblock *tokb;
-	krb5_context context;
- 	krb5_ccache ccache;
- 	krb5_creds in_creds, *out_creds;
- 	krb5_data apreq_pkt, in_data;
-@@ -292,26 +265,19 @@ cifs_krb5_get_req(const char *host, const char *ccname,
- #if defined(HAVE_KRB5_AUTH_CON_SETADDRS) && defined(HAVE_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE)
- 	static const uint8_t gss_cksum[24] = { 0x10, 0x00, /* ... */};
- #endif
-
-	ret = krb5_init_context(&context);
-	if (ret) {
-		syslog(LOG_DEBUG, "%s: unable to init krb5 context", __func__);
-		return ret;
-	}
-
- 	if (ccname) {
- 		ret = krb5_cc_resolve(context, ccname, &ccache);
- 		if (ret) {
- 			syslog(LOG_DEBUG, "%s: unable to resolve %s to ccache\n",
- 			       __func__, ccname);
-			goto out_free_context;
-+			return ret;
- 		}
- 	} else {
- 		ret = krb5_cc_default(context, &ccache);
- 		if (ret) {
- 			syslog(LOG_DEBUG, "%s: krb5_cc_default: %d",
- 				__func__, (int)ret);
-			goto out_free_context;
-+			return ret;
- 		}
- 	}
- 
-@@ -383,7 +349,6 @@ cifs_krb5_get_req(const char *host, const char *ccname,
- 	/* MIT krb5 < 1.7 is missing the prototype, but still has the symbol */
- #if !HAVE_DECL_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE
- 	krb5_error_code krb5_auth_con_set_req_cksumtype(
-		krb5_context      context,
- 		krb5_auth_context auth_context,
- 		krb5_cksumtype    cksumtype);
- #endif
-@@ -427,8 +392,6 @@ out_free_ccache:
- 	krb5_cc_set_flags(context, ccache, KRB5_TC_OPENCLOSE);
- #endif
- 	krb5_cc_close(context, ccache);
-out_free_context:
-	krb5_free_context(context);
- 	return ret;
- }
- 
-@@ -866,6 +829,12 @@ int main(const int argc, char *const argv[])
- 		goto out;
- 	}
- 
-+	rc = krb5_init_context(&context);
-+	if (rc) {
-+		syslog(LOG_ERR, "unable to init krb5 context: %ld", rc);
-+		goto out;
-+	}
-+
- 	ccname = get_default_cc();
- 	/* Couldn't find credcache? Try to use keytab */
- 	if (ccname == NULL && arg.username != NULL)
-@@ -1006,6 +975,8 @@ out:
- 	}
- 	data_blob_free(&secblob);
- 	data_blob_free(&sess_key);
-+	if (context)
-+		krb5_free_context(context);
- 	SAFE_FREE(ccname);
- 	SAFE_FREE(arg.hostname);
- 	SAFE_FREE(arg.ip);
-- 
-2.7.4
-
--- a/0004-cifs.upcall-remove-KRB5_TC_OPENCLOSE.patch
+++ b/0004-cifs.upcall-remove-KRB5_TC_OPENCLOSE.patch
@ -1,42 +0,0 @@
-From 3db6b3a814a2908b230fcfbdb82846775e56dd93 Mon Sep 17 00:00:00 2001
-From: Jeff Layton <jlayton@samba.org>
-Date: Wed, 24 Aug 2016 11:39:06 -0400
-Subject: [cifs-utils PATCH 4/6] cifs.upcall: remove KRB5_TC_OPENCLOSE
-
-The header file says that this is deprecated, and all of the info I've
-seen about it mentioned that it was for performance more than
-correctness. It dates back to the original code dump from Igor, so I
-think we're safe to just drop it at this point.
-
-Signed-off-by: Jeff Layton <jlayton@samba.org>
---
- cifs.upcall.c | 6 ------
- 1 file changed, 6 deletions(-)
-
-diff --git a/cifs.upcall.c b/cifs.upcall.c
-index 8448d00f6061..a25833592440 100644
--- a/cifs.upcall.c
-+++ b/cifs.upcall.c
-@@ -157,9 +157,6 @@ err_endseq:
- err_ccstart:
- 	krb5_free_principal(context, principal);
- err_princ:
-#if defined(KRB5_TC_OPENCLOSE)
-	krb5_cc_set_flags(context, ccache, KRB5_TC_OPENCLOSE);
-#endif
- 	krb5_cc_close(context, ccache);
- err_cache:
- 	return credtime;
-@@ -388,9 +385,6 @@ out_free_creds:
- out_free_principal:
- 	krb5_free_principal(context, in_creds.client);
- out_free_ccache:
-#if defined(KRB5_TC_OPENCLOSE)
-	krb5_cc_set_flags(context, ccache, KRB5_TC_OPENCLOSE);
-#endif
- 	krb5_cc_close(context, ccache);
- 	return ret;
- }
-- 
-2.7.4
-
--- a/0005-cifs.upcall-make-get_tgt_time-take-a-ccache-arg.patch
+++ b/0005-cifs.upcall-make-get_tgt_time-take-a-ccache-arg.patch
@ -1,77 +0,0 @@
-From 39dbb7b47bea9d6d7cf93ddd53cda501c3898bd6 Mon Sep 17 00:00:00 2001
-From: Jeff Layton <jlayton@samba.org>
-Date: Wed, 24 Aug 2016 11:41:53 -0400
-Subject: [cifs-utils PATCH 5/6] cifs.upcall: make get_tgt_time take a ccache
- arg
-
-...instead of dealing with the ccname. Push resolution of the cache
-into the caller.
-
-Signed-off-by: Jeff Layton <jlayton@samba.org>
---
- cifs.upcall.c | 21 ++++++++++-----------
- 1 file changed, 10 insertions(+), 11 deletions(-)
-
-diff --git a/cifs.upcall.c b/cifs.upcall.c
-index a25833592440..a20576654a95 100644
--- a/cifs.upcall.c
-+++ b/cifs.upcall.c
-@@ -102,20 +102,14 @@ krb5_auth_con_getsendsubkey(krb5_context context,
- #endif
- 
- /* does the ccache have a valid TGT? */
-static time_t get_tgt_time(const char *ccname)
-+static time_t get_tgt_time(krb5_ccache ccache)
- {
-	krb5_ccache ccache;
- 	krb5_cc_cursor cur;
- 	krb5_creds creds;
- 	krb5_principal principal;
- 	time_t credtime = 0;
- 	char *realm = NULL;
- 
-	if (krb5_cc_resolve(context, ccname, &ccache)) {
-		syslog(LOG_DEBUG, "%s: unable to resolve krb5 cache", __func__);
-		goto err_cache;
-	}
-
- 	if (krb5_cc_set_flags(context, ccache, 0)) {
- 		syslog(LOG_DEBUG, "%s: unable to set flags", __func__);
- 		goto err_cache;
-@@ -156,8 +150,6 @@ err_endseq:
- 	krb5_cc_end_seq_get(context, ccache, &cur);
- err_ccstart:
- 	krb5_free_principal(context, principal);
-err_princ:
-	krb5_cc_close(context, ccache);
- err_cache:
- 	return credtime;
- }
-@@ -167,15 +159,22 @@ get_default_cc(void)
- {
- 	const char *ccname;
- 	char *rcc = NULL;
-+	krb5_ccache ccache;
- 
- 	ccname = krb5_cc_default_name(context);
- 	if (!ccname) {
-		syslog(LOG_DEBUG, "krb5_cc_default returned NULL.");
-+		syslog(LOG_DEBUG, "%s: krb5_cc_default returned NULL.", __func__);
- 		return NULL;
- 	}
- 
-	if (get_tgt_time(ccname))
-+	if (krb5_cc_resolve(context, ccname, &ccache)) {
-+		syslog(LOG_DEBUG, "%s: unable to resolve krb5 cache", __func__);
-+		return NULL;
-+	}
-+
-+	if (get_tgt_time(ccache))
- 		rcc = strdup(ccname);
-+	krb5_cc_close(context, ccache);
- 	return rcc;
- }
- 
-- 
-2.7.4
-
--- a/0006-cifs.upcall-stop-passing-around-ccache-name-strings.patch
+++ b/0006-cifs.upcall-stop-passing-around-ccache-name-strings.patch
@ -1,248 +0,0 @@
-From 7852becab01989634aacc1fb8ff9581a11a7cdcf Mon Sep 17 00:00:00 2001
-From: Jeff Layton <jlayton@samba.org>
-Date: Wed, 24 Aug 2016 12:56:54 -0400
-Subject: [cifs-utils PATCH 6/6] cifs.upcall: stop passing around ccache name
- strings
-
-Instead, get a ccache handle and pass that around. That way we can keep
-the cache open until the program is complete as well.
-
-Signed-off-by: Jeff Layton <jlayton@samba.org>
---
- cifs.upcall.c | 98 +++++++++++++++++++++++++----------------------------------
- 1 file changed, 41 insertions(+), 57 deletions(-)
-
-diff --git a/cifs.upcall.c b/cifs.upcall.c
-index a20576654a95..8f146c92b4a5 100644
--- a/cifs.upcall.c
-+++ b/cifs.upcall.c
-@@ -117,7 +117,7 @@ static time_t get_tgt_time(krb5_ccache ccache)
- 
- 	if (krb5_cc_get_principal(context, ccache, &principal)) {
- 		syslog(LOG_DEBUG, "%s: unable to get principal", __func__);
-		goto err_princ;
-+		goto err_cache;
- 	}
- 
- 	if (krb5_cc_start_seq_get(context, ccache, &cur)) {
-@@ -154,32 +154,27 @@ err_cache:
- 	return credtime;
- }
- 
-static char *
-+static krb5_ccache
- get_default_cc(void)
- {
-	const char *ccname;
-	char *rcc = NULL;
-	krb5_ccache ccache;
-+	krb5_error_code ret;
-+	krb5_ccache cc;
- 
-	ccname = krb5_cc_default_name(context);
-	if (!ccname) {
-		syslog(LOG_DEBUG, "%s: krb5_cc_default returned NULL.", __func__);
-+	ret = krb5_cc_default(context, &cc);
-+	if (ret) {
-+		syslog(LOG_DEBUG, "%s: krb5_cc_default returned %d", __func__, ret);
- 		return NULL;
- 	}
- 
-	if (krb5_cc_resolve(context, ccname, &ccache)) {
-		syslog(LOG_DEBUG, "%s: unable to resolve krb5 cache", __func__);
-		return NULL;
-+	if (!get_tgt_time(cc)) {
-+		krb5_cc_close(context, cc);
-+		cc = NULL;
- 	}
-
-	if (get_tgt_time(ccache))
-		rcc = strdup(ccname);
-	krb5_cc_close(context, ccache);
-	return rcc;
-+	return cc;
- }
- 
- 
-static char *
-+static krb5_ccache
- init_cc_from_keytab(const char *keytab_name, const char *user)
- {
- 	krb5_error_code ret;
-@@ -187,7 +182,6 @@ init_cc_from_keytab(const char *keytab_name, const char *user)
- 	krb5_keytab keytab = NULL;
- 	krb5_principal me = NULL;
- 	krb5_ccache cc = NULL;
-	char *ccname = NULL;
- 
- 	memset((char *) &my_creds, 0, sizeof(my_creds));
- 
-@@ -229,61 +223,46 @@ init_cc_from_keytab(const char *keytab_name, const char *user)
- 	}
- 
- 	ret = krb5_cc_store_cred(context, cc, &my_creds);
-	if (ret)
-+	if (ret) {
- 		syslog(LOG_DEBUG, "krb5_cc_store_cred: %d", (int)ret);
-
-	ccname = strdup(krb5_cc_default_name(context));
-	if (ccname == NULL)
-		syslog(LOG_ERR, "Unable to allocate memory");
-icfk_cleanup:
-+		goto icfk_cleanup;
-+	}
-+out:
- 	my_creds.client = (krb5_principal)0;
- 	krb5_free_cred_contents(context, &my_creds);
- 
- 	if (me)
- 		krb5_free_principal(context, me);
-	if (cc)
-		krb5_cc_close(context, cc);
- 	if (keytab)
- 		krb5_kt_close(context, keytab);
-	return ccname;
-+	return cc;
-+icfk_cleanup:
-+	if (cc) {
-+		krb5_cc_close(context, cc);
-+		cc = NULL;
-+	}
-+	goto out;
- }
- 
- static int
-cifs_krb5_get_req(const char *host, const char *ccname,
-+cifs_krb5_get_req(const char *host, krb5_ccache ccache,
- 		  DATA_BLOB * mechtoken, DATA_BLOB * sess_key)
- {
- 	krb5_error_code ret;
- 	krb5_keyblock *tokb;
-	krb5_ccache ccache;
- 	krb5_creds in_creds, *out_creds;
- 	krb5_data apreq_pkt, in_data;
- 	krb5_auth_context auth_context = NULL;
- #if defined(HAVE_KRB5_AUTH_CON_SETADDRS) && defined(HAVE_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE)
- 	static const uint8_t gss_cksum[24] = { 0x10, 0x00, /* ... */};
- #endif
-	if (ccname) {
-		ret = krb5_cc_resolve(context, ccname, &ccache);
-		if (ret) {
-			syslog(LOG_DEBUG, "%s: unable to resolve %s to ccache\n",
-			       __func__, ccname);
-			return ret;
-		}
-	} else {
-		ret = krb5_cc_default(context, &ccache);
-		if (ret) {
-			syslog(LOG_DEBUG, "%s: krb5_cc_default: %d",
-				__func__, (int)ret);
-			return ret;
-		}
-	}
-
- 	memset(&in_creds, 0, sizeof(in_creds));
- 
- 	ret = krb5_cc_get_principal(context, ccache, &in_creds.client);
- 	if (ret) {
- 		syslog(LOG_DEBUG, "%s: unable to get client principal name",
- 		       __func__);
-		goto out_free_ccache;
-+		return ret;
- 	}
- 
- 	ret = krb5_sname_to_principal(context, host, "cifs", KRB5_NT_UNKNOWN,
-@@ -383,8 +362,6 @@ out_free_creds:
- 	krb5_free_creds(context, out_creds);
- out_free_principal:
- 	krb5_free_principal(context, in_creds.client);
-out_free_ccache:
-	krb5_cc_close(context, ccache);
- 	return ret;
- }
- 
-@@ -410,7 +387,7 @@ out_free_ccache:
-  */
- static int
- handle_krb5_mech(const char *oid, const char *host, DATA_BLOB * secblob,
-		 DATA_BLOB * sess_key, const char *ccname)
-+		 DATA_BLOB * sess_key, krb5_ccache ccache)
- {
- 	int retval;
- 	DATA_BLOB tkt, tkt_wrapped;
-@@ -418,7 +395,7 @@ handle_krb5_mech(const char *oid, const char *host, DATA_BLOB * secblob,
- 	syslog(LOG_DEBUG, "%s: getting service ticket for %s", __func__, host);
- 
- 	/* get a kerberos ticket for the service and extract the session key */
-	retval = cifs_krb5_get_req(host, ccname, &tkt, sess_key);
-+	retval = cifs_krb5_get_req(host, ccache, &tkt, sess_key);
- 	if (retval) {
- 		syslog(LOG_DEBUG, "%s: failed to obtain service ticket (%d)",
- 		       __func__, retval);
-@@ -709,12 +686,13 @@ int main(const int argc, char *const argv[])
- 	unsigned int have;
- 	long rc = 1;
- 	int c, try_dns = 0, legacy_uid = 0;
-	char *buf, *ccname = NULL;
-+	char *buf;
- 	char hostbuf[NI_MAXHOST], *host;
- 	struct decoded_args arg;
- 	const char *oid;
- 	uid_t uid;
- 	char *keytab_name = NULL;
-+	krb5_ccache ccache = NULL;
- 
- 	hostbuf[0] = '\0';
- 	memset(&arg, 0, sizeof(arg));
-@@ -828,10 +806,15 @@ int main(const int argc, char *const argv[])
- 		goto out;
- 	}
- 
-	ccname = get_default_cc();
-+	ccache = get_default_cc();
- 	/* Couldn't find credcache? Try to use keytab */
-	if (ccname == NULL && arg.username != NULL)
-		ccname = init_cc_from_keytab(keytab_name, arg.username);
-+	if (ccache == NULL && arg.username != NULL)
-+		ccache = init_cc_from_keytab(keytab_name, arg.username);
-+
-+	if (ccache == NULL) {
-+		rc = 1;
-+		goto out;
-+	}
- 
- 	host = arg.hostname;
- 
-@@ -859,7 +842,7 @@ int main(const int argc, char *const argv[])
- 
- retry_new_hostname:
- 		lowercase_string(host);
-		rc = handle_krb5_mech(oid, host, &secblob, &sess_key, ccname);
-+		rc = handle_krb5_mech(oid, host, &secblob, &sess_key, ccache);
- 		if (!rc)
- 			break;
- 
-@@ -904,7 +887,7 @@ retry_new_hostname:
- 				break;
- 			}
- 
-			rc = handle_krb5_mech(oid, fqdn, &secblob, &sess_key, ccname);
-+			rc = handle_krb5_mech(oid, fqdn, &secblob, &sess_key, ccache);
- 			if (!rc)
- 				break;
- 		}
-@@ -968,9 +951,10 @@ out:
- 	}
- 	data_blob_free(&secblob);
- 	data_blob_free(&sess_key);
-+	if (ccache)
-+		krb5_cc_close(context, ccache);
- 	if (context)
- 		krb5_free_context(context);
-	SAFE_FREE(ccname);
- 	SAFE_FREE(arg.hostname);
- 	SAFE_FREE(arg.ip);
- 	SAFE_FREE(arg.username);
-- 
-2.7.4
-