svn rev #21714: trunk/src/clients/ksu/

Tue Jan 6 18:45:09 EST 2009

http://src.mit.edu/fisheye/changelog/krb5/?cs=21714
Commit By: hartmans
Log Message:
ticket: 5954
Status: open

Ksu should call krb5_verify_init_creds instead of using its own function.
This was prompted by a desire for ksu to work without a domain_realm mapping for the local server, but the duplication of code is bad anyway.


Changed Files:
U   trunk/src/clients/ksu/krb_auth_su.c
Modified: trunk/src/clients/ksu/krb_auth_su.c
===================================================================

--- trunk/src/clients/ksu/krb_auth_su.c	2009-01-06 22:52:50 UTC (rev 21713)
+++ trunk/src/clients/ksu/krb_auth_su.c	2009-01-06 23:44:56 UTC (rev 21714)
@@ -56,6 +56,7 @@
     int *path_passwd;
 {
     krb5_principal client, server;
+    krb5_verify_init_creds_opt vfy_opts;
     krb5_creds tgt, tgtq, in_creds, * out_creds;
     krb5_creds **tgts = NULL; /* list of ticket granting tickets */       
     
@@ -213,9 +214,11 @@
 	krb5_free_tgt_creds(context, tgts);
     }
     
-    retval = krb5_verify_tkt_def(context, client, server, 
-				 &out_creds->keyblock, &out_creds->ticket,
-				 &target_tkt);
+    krb5_verify_init_creds_opt_init(&vfy_opts);
+    krb5_verify_init_creds_opt_set_ap_req_nofail( &vfy_opts, 1);
+	retval = krb5_verify_init_creds(context, out_creds, server, NULL /*keytab*/,
+					NULL /*output ccache*/,
+					&vfy_opts);
     if (retval) {
 	com_err(prog_name, retval, "while verifying ticket for server");
 	return (FALSE);
@@ -242,7 +245,7 @@
 {
 				 
     krb5_creds tgt, tgtq;
-    krb5_ticket * target_tkt;                 
+    krb5_verify_init_creds_opt vfy_opts;
     krb5_error_code retval;
     
     memset((char *) &tgtq, 0, sizeof(tgtq)); 
@@ -266,9 +269,12 @@
 	return (FALSE) ; 	
 	
     }
-    
-    if ((retval = krb5_verify_tkt_def(context, client, server, &tgt.keyblock, 
-				      &tgt.ticket, &target_tkt))){
+    krb5_verify_init_creds_opt_init(&vfy_opts);
+    krb5_verify_init_creds_opt_set_ap_req_nofail( &vfy_opts, 1);
+	retval = krb5_verify_init_creds(context, &tgt, server, NULL /*keytab*/,
+					NULL /*output ccache*/,
+					&vfy_opts);
+					if (retval){
 	com_err(prog_name, retval, "while verifing ticket for server"); 
 	return (FALSE);
     }


