diff options
| author | Sam Hartman <hartmans@mit.edu> | 2009-01-06 23:44:56 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 2009-01-06 23:44:56 +0000 |
| commit | 7686b7181e9090e4bd84fbc64ce8980673d03126 (patch) | |
| tree | 92a7ef8ac59431ed039d80393260d44639164ad2 /src/clients/ksu | |
| parent | 0bea196a9b9ee82f75762ec5e4cf3f7972806c40 (diff) | |
| download | krb5-7686b7181e9090e4bd84fbc64ce8980673d03126.tar.gz krb5-7686b7181e9090e4bd84fbc64ce8980673d03126.tar.xz krb5-7686b7181e9090e4bd84fbc64ce8980673d03126.zip | |
Ksu should call krb5_verify_init_creds instead of using its own function.
This was prompted by a desire for ksu to work without a domain_realm mapping for the local server, but the duplication of code is bad anyway.
ticket: 5954
Status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21714 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/clients/ksu')
| -rw-r--r-- | src/clients/ksu/krb_auth_su.c | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/src/clients/ksu/krb_auth_su.c b/src/clients/ksu/krb_auth_su.c index 8b99177731..8cb7af9549 100644 --- a/src/clients/ksu/krb_auth_su.c +++ b/src/clients/ksu/krb_auth_su.c @@ -56,6 +56,7 @@ krb5_boolean krb5_auth_check(context, client_pname, hostname, options, int *path_passwd; { krb5_principal client, server; + krb5_verify_init_creds_opt vfy_opts; krb5_creds tgt, tgtq, in_creds, * out_creds; krb5_creds **tgts = NULL; /* list of ticket granting tickets */ @@ -213,9 +214,11 @@ krb5_boolean krb5_auth_check(context, client_pname, hostname, options, krb5_free_tgt_creds(context, tgts); } - retval = krb5_verify_tkt_def(context, client, server, - &out_creds->keyblock, &out_creds->ticket, - &target_tkt); + krb5_verify_init_creds_opt_init(&vfy_opts); + krb5_verify_init_creds_opt_set_ap_req_nofail( &vfy_opts, 1); + retval = krb5_verify_init_creds(context, out_creds, server, NULL /*keytab*/, + NULL /*output ccache*/, + &vfy_opts); if (retval) { com_err(prog_name, retval, "while verifying ticket for server"); return (FALSE); @@ -242,7 +245,7 @@ krb5_boolean krb5_fast_auth(context, client, server, target_user, cc) { krb5_creds tgt, tgtq; - krb5_ticket * target_tkt; + krb5_verify_init_creds_opt vfy_opts; krb5_error_code retval; memset((char *) &tgtq, 0, sizeof(tgtq)); @@ -266,9 +269,12 @@ krb5_boolean krb5_fast_auth(context, client, server, target_user, cc) return (FALSE) ; } - - if ((retval = krb5_verify_tkt_def(context, client, server, &tgt.keyblock, - &tgt.ticket, &target_tkt))){ + krb5_verify_init_creds_opt_init(&vfy_opts); + krb5_verify_init_creds_opt_set_ap_req_nofail( &vfy_opts, 1); + retval = krb5_verify_init_creds(context, &tgt, server, NULL /*keytab*/, + NULL /*output ccache*/, + &vfy_opts); + if (retval){ com_err(prog_name, retval, "while verifing ticket for server"); return (FALSE); } |