auth/credentials: Fix cli_credentials_shallow_ccache error case

Avoid dangling values if something fails...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
index b4db5fc8fbdeaf20427e88992d2f33d880606010..e69e1a83b3cc27d1478e4feb62988b08ede17df7 100644 (file)
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -1060,15 +1060,22 @@ static int cli_credentials_shallow_ccache(struct cli_credentials *cred)
 {
        krb5_error_code ret;
        const struct ccache_container *old_ccc = NULL;
+       enum credentials_obtained old_obtained;
        struct ccache_container *ccc = NULL;
        char *ccache_name = NULL;
        krb5_principal princ;
 
+       old_obtained = cred->ccache_obtained;
        old_ccc = cred->ccache;
        if (old_ccc == NULL) {
                return 0;
        }
 
+       cred->ccache = NULL;
+       cred->ccache_obtained = CRED_UNINITIALISED;
+       cred->client_gss_creds = NULL;
+       cred->client_gss_creds_obtained = CRED_UNINITIALISED;
+
        ret = krb5_cc_get_principal(
                old_ccc->smb_krb5_context->krb5_context,
                old_ccc->ccache,
@@ -1077,7 +1084,6 @@ static int cli_credentials_shallow_ccache(struct cli_credentials *cred)
                /*
                 * This is an empty ccache. No point in copying anything.
                 */
-               cred->ccache = NULL;
                return 0;
        }
        krb5_free_principal(old_ccc->smb_krb5_context->krb5_context, princ);
@@ -1110,8 +1116,7 @@ static int cli_credentials_shallow_ccache(struct cli_credentials *cred)
        }
 
        cred->ccache = ccc;
-       cred->client_gss_creds = NULL;
-       cred->client_gss_creds_obtained = CRED_UNINITIALISED;
+       cred->ccache_obtained = old_obtained;
        return ret;
 }