From a1b5cf2429cf33d77a4fd0aa2849b3d3661f6e05 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Sat, 21 Nov 2020 01:41:41 -0500
Subject: Continue on KRB5_FCC_NOFILE in KCM cache iteration

Although Heimdal's KCM client only continues after KRB5_CC_END,
Heimdal's and macOS's KCM server returns KRB5_FCC_NOFILE if a cache
uuid no longer exists.  Check for both errors during iteration.  Also
set ret to 0 when continuing, in case the skipped uuid is the last one
in the list.

(cherry picked from commit f7b3cb8bbe90817f7bfbc545f1e427c16f52a79c)

ticket: 8967
version_fixed: 1.19
---
 src/lib/krb5/ccache/cc_kcm.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/lib/krb5/ccache/cc_kcm.c b/src/lib/krb5/ccache/cc_kcm.c
index a76a285..9093f89 100644
--- a/src/lib/krb5/ccache/cc_kcm.c
+++ b/src/lib/krb5/ccache/cc_kcm.c
@@ -981,8 +981,10 @@ kcm_ptcursor_next(krb5_context context, krb5_cc_ptcursor cursor,
         k5_buf_add_len(&req.reqbuf, id, KCM_UUID_LEN);
         ret = kcmio_call(context, data->io, &req);
         /* Continue if the cache has been deleted. */
-        if (ret == KRB5_CC_END)
+        if (ret == KRB5_CC_END || ret == KRB5_FCC_NOFILE) {
+            ret = 0;
             continue;
+        }
         if (ret)
             goto cleanup;
         ret = kcmreq_get_name(&req, &name);
-- 
cgit v1.1