From 3f4a7545767a66a0c8adf61eaa97956c24d18738 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 5 Dec 2017 13:24:39 -0500
Subject: [PATCH] Properly initialize ccaches before storing into them

---
 ...ize-ccaches-before-storing-into-them.patch | 38 +++++++++++++++++++
 gssproxy.spec                                 |  6 ++-
 2 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 Properly-initialize-ccaches-before-storing-into-them.patch

diff --git a/Properly-initialize-ccaches-before-storing-into-them.patch b/Properly-initialize-ccaches-before-storing-into-them.patch
new file mode 100644
index 0000000..0817e46
--- /dev/null
+++ b/Properly-initialize-ccaches-before-storing-into-them.patch
@@ -0,0 +1,38 @@
+From 0c5e9a662010a37f013fd3e517a5aec0bb592964 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Tue, 5 Dec 2017 13:14:29 -0500
+Subject: [PATCH] Properly initialize ccaches before storing into them
+
+krb5_cc_new_unique() doesn't initialize ccaches, which results in the
+krb5 libraries being aware of their presence within the collection but
+being unable to manipulate them.
+
+This is transparent to most gssproxy consumers because we just
+re-fetch the ccache on error.
+
+Signed-off-by: Robbie Harwood <rharwood@redhat.com>
+Reviewed-by: Simo Sorce <simo@redhat.com>
+Merges: #223
+(cherry picked from commit be7df45b6a56631033de387d28a2c06b7658c36a)
+---
+ proxy/src/mechglue/gpp_creds.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/proxy/src/mechglue/gpp_creds.c b/proxy/src/mechglue/gpp_creds.c
+index 187ada7..f8ab320 100644
+--- a/proxy/src/mechglue/gpp_creds.c
++++ b/proxy/src/mechglue/gpp_creds.c
+@@ -247,6 +247,13 @@ uint32_t gpp_store_remote_creds(uint32_t *min, bool store_as_default_cred,
+ 
+         ret = krb5_cc_new_unique(ctx, cc_type, NULL, &ccache);
+         free(cc_type);
++        if (ret)
++            goto done;
++
++        /* krb5_cc_new_unique() doesn't initialize, and we need to initialize
++         * before storing into the ccache.  Note that this will only clobber
++         * the ccache handle, not the whole collection. */
++        ret = krb5_cc_initialize(ctx, ccache, cred.client);
+     }
+     if (ret)
+         goto done;
diff --git a/gssproxy.spec b/gssproxy.spec
index c068cd9..5fd5edf 100644
--- a/gssproxy.spec
+++ b/gssproxy.spec
@@ -1,6 +1,6 @@
 Name:		gssproxy
 Version:	0.7.0
-Release:	25%{?dist}
+Release:	26%{?dist}
 Summary:	GSSAPI Proxy
 
 Group:		System Environment/Libraries
@@ -41,6 +41,7 @@ Patch23: Fix-error-message-handling-in-gp_config_from_dir.patch
 Patch24: Only-empty-FILE-ccaches-when-storing-remote-creds.patch
 Patch25: Separate-cred-and-ccache-manipulation-in-gpp_store_r.patch
 Patch26: Properly-locate-credentials-in-collection-caches-in-.patch
+Patch27: Properly-initialize-ccaches-before-storing-into-them.patch
 
 ### Dependencies ###
 Requires: krb5-libs >= 1.12.0
@@ -138,6 +139,9 @@ rm -rf %{buildroot}
 %systemd_postun_with_restart gssproxy.service
 
 %changelog
+* Tue Dec 05 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-26
+- Properly initialize ccaches before storing into them
+
 * Fri Dec 01 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-25
 - Properly locate credentials in collection caches in mechglue