Restore providing password TGTs for the ksu target

The use of "stored" was originally for marking whether or not creds
had been found in the source cache and copied to the target. If it was
false, the obtain-a-TGT-using-a-password path would be triggered and
it would populate the target ccache directly.

When the intermediate cache was introduced (in commit dccc80a), the
variable started marking whether or not creds had been copied to the
intermediate cache, and this was then used to decide whether or not to
copy creds to the target cache.

The obtain-a-TGT-using-a-password path began storing its creds in the
temporary cache as well, but neglected to set the flag so that the
creds would be copied to the target cache later, so the target ccache
would never be created and populated with the newly-obtained TGT.

ticket: 8016 (new)
target_version: 1.13
tags: pullup

diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
index 0492e38af8fe84366e8b1689084d698ab009f647..e1a9352200abb59fe9f87b4fa577cfbd5471949d 100644 (file)
--- a/src/clients/ksu/main.c
+++ b/src/clients/ksu/main.c
@@ -485,6 +485,7 @@ main (argc, argv)
                 fprintf(stderr, "\n");
 
             }
+            stored = TRUE;
         }
 #endif /* GET_TGT_VIA_PASSWD */
     }
@@ -506,6 +507,7 @@ main (argc, argv)
                    prog_name,target_user,source_user,ontty());
             exit(1);
         }
+        stored = TRUE;
 
         if ((retval = krb5_unparse_name(ksu_context, client, &client_name))) {
             com_err(prog_name, retval, _("When unparsing name"));