git.ipfire.org Git - thirdparty/krb5.git/commit

author	Nalin Dahyabhai <nalin@redhat.com>
	Tue, 16 Sep 2014 17:50:05 +0000 (13:50 -0400)
committer	Greg Hudson <ghudson@mit.edu>
	Thu, 18 Sep 2014 19:26:21 +0000 (15:26 -0400)
commit	5fd5a67c5a93514e7d0a64425baa007ad91f57de
tree	8c0cad2e1fb2ac421d1b39abcebfdf47b8d76dfb	tree
parent	59cbb7662282f6f882b5d108cf45bdd042857c6a	commit \| diff

Fix ksu crash in cases where it obtains the TGT

In order to allow ksu to use any locally-present service key for
verifying creds, the previous change to ksu switched from using a
retrieved or obtained TGT to fetch creds for the local "host" service,
and then passing those creds to krb5_verify_init_creds(), to passing the
retrieved TGT directly to krb5_verify_init_creds().

It did not take care to retrieve the TGT from the temporary ccache if it
had obtained them, and in those cases it would attempt to verify NULL
creds.

Modify the krb5_get_tkt_via_passwd() function to call
krb5_get_init_creds_password(), to pass back the freshly-obtained creds,
to take a "krb5_get_init_creds_opt" pointer instead of a locally-defined
options structure, and rename it to ksu_get_tgt_via_passwd().

ticket: 8015 (new)
target_version: 1.13
tags: pullup

src/clients/ksu/heuristic.c		diff \| blob \| blame \| history
src/clients/ksu/krb_auth_su.c		diff \| blob \| blame \| history
src/clients/ksu/ksu.h		diff \| blob \| blame \| history
src/clients/ksu/main.c		diff \| blob \| blame \| history