1 files changed, 9 insertions, 10 deletions

diff --git a/krb5-1.11-pam.patch b/krb5-1.11-pam.patch
index 9e1d516..55c3ddf 100644
--- a/krb5-1.11-pam.patch
+++ b/krb5-1.11-pam.patch
@@ -9,8 +9,7 @@ section of /etc/krb5.conf.
 When enabled, ksu gains a dependency on libpam.
 
 Originally RT#5939, though it's changed since then to perform the account
-and session management before dropping privileges, and to apply on top of
-changes we're proposing for how it handles cache collections.
+and session management before dropping privileges.
 
 diff -up krb5-1.8/src/aclocal.m4.pam krb5-1.8/src/aclocal.m4
 --- krb5-1.8/src/aclocal.m4.pam	2009-11-22 12:00:45.000000000 -0500
@@ -96,7 +95,7 @@ diff -up krb5-1.8/src/clients/ksu/main.c.pam krb5-1.8/src/clients/ksu/main.c
 +#include "autoconf.h"
  #include "ksu.h"
  #include "adm_proto.h"
- #include "../../lib/krb5/os/os-proto.h"
+ #include <sys/types.h>
 @@ -33,6 +34,10 @@
  #include <signal.h>
  #include <grp.h>
@@ -126,13 +125,13 @@ diff -up krb5-1.8/src/clients/ksu/main.c.pam krb5-1.8/src/clients/ksu/main.c
 +                                   NULL, source_user,
 +                                   ttyname(STDERR_FILENO)) != 0) {
 +                fprintf(stderr, "Access denied for %s.\n", target_user);
-+                sweep_up(ksu_context, cc_tmp);
++                sweep_up(ksu_context, cc_target);
 +                exit(1);
 +            }
 +            if (appl_pam_requires_chauthtok()) {
 +                fprintf(stderr, "Password change required for %s.\n",
 +                        target_user);
-+                sweep_up(ksu_context, cc_tmp);
++                sweep_up(ksu_context, cc_target);
 +                exit(1);
 +            }
 +            force_fork++;
@@ -143,7 +142,7 @@ diff -up krb5-1.8/src/clients/ksu/main.c.pam krb5-1.8/src/clients/ksu/main.c
          if (krb5_seteuid(target_uid)) {
              com_err(prog_name, errno, _("while switching to target for "
 @@ -651,6 +676,26 @@
-             sweep_up(ksu_context, cc_tmp);
+             sweep_up(ksu_context, cc_target);
              exit(1);
          }
 +#ifdef USE_PAM
@@ -154,13 +153,13 @@ diff -up krb5-1.8/src/clients/ksu/main.c.pam krb5-1.8/src/clients/ksu/main.c
 +                                   NULL, source_user,
 +                                   ttyname(STDERR_FILENO)) != 0) {
 +                fprintf(stderr, "Access denied for %s.\n", target_user);
-+                sweep_up(ksu_context, cc_tmp);
++                sweep_up(ksu_context, cc_target);
 +                exit(1);
 +            }
 +            if (appl_pam_requires_chauthtok()) {
 +                fprintf(stderr, "Password change required for %s.\n",
 +                        target_user);
-+                sweep_up(ksu_context, cc_tmp);
++                sweep_up(ksu_context, cc_target);
 +                exit(1);
 +            }
 +            force_fork++;
@@ -177,7 +176,7 @@ diff -up krb5-1.8/src/clients/ksu/main.c.pam krb5-1.8/src/clients/ksu/main.c
 +    if (appl_pam_enabled(ksu_context, "ksu")) {
 +        if (appl_pam_session_open() != 0) {
 +            fprintf(stderr, "Error opening session for %s.\n", target_user);
-+            sweep_up(ksu_context, cc_tmp);
++            sweep_up(ksu_context, cc_target);
 +            exit(1);
 +        }
 +#ifdef DEBUG
@@ -188,7 +187,7 @@ diff -up krb5-1.8/src/clients/ksu/main.c.pam krb5-1.8/src/clients/ksu/main.c
 +        if (appl_pam_cred_init()) {
 +            fprintf(stderr, "Error initializing credentials for %s.\n",
 +                    target_user);
-+            sweep_up(ksu_context, cc_tmp);
++            sweep_up(ksu_context, cc_target);
 +            exit(1);
 +        }
 +#ifdef DEBUG