diff options
Diffstat (limited to '0005-Copy-config-entries-to-the-ksu-target-ccache.patch')
-rw-r--r-- | 0005-Copy-config-entries-to-the-ksu-target-ccache.patch | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/0005-Copy-config-entries-to-the-ksu-target-ccache.patch b/0005-Copy-config-entries-to-the-ksu-target-ccache.patch new file mode 100644 index 0000000..e004136 --- /dev/null +++ b/0005-Copy-config-entries-to-the-ksu-target-ccache.patch @@ -0,0 +1,30 @@ +From 297496f0938955ba4aaf0ebecf4e393e527b8cbf Mon Sep 17 00:00:00 2001 +From: Nalin Dahyabhai <nalin@dahyabhai.net> +Date: Tue, 29 Oct 2013 16:27:20 -0400 +Subject: [PATCH 5/7] Copy config entries to the ksu target ccache + +When we try to screen out expired creds while reading them from one +ccache to eventually store in another, also keep configuration entries. + +ticket: 7986 (new) +--- + src/clients/ksu/ccache.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/clients/ksu/ccache.c b/src/clients/ksu/ccache.c +index 4693bd4..0f9e042 100644 +--- a/src/clients/ksu/ccache.c ++++ b/src/clients/ksu/ccache.c +@@ -219,7 +219,8 @@ krb5_error_code krb5_get_nonexp_tkts(context, cc, creds_array) + + while (!(retval = krb5_cc_next_cred(context, cc, &cur, &creds))){ + +- if ((retval = krb5_check_exp(context, creds.times))){ ++ if (!krb5_is_config_principal(context, creds.server) && ++ (retval = krb5_check_exp(context, creds.times))){ + if (retval != KRB5KRB_AP_ERR_TKT_EXPIRED){ + return retval; + } +-- +2.0.4 + |