Fix ksu crash in cases where it obtains the TGT In order to allow ksu to use any locally-present service key for verifying creds, the previous change to ksu switched from using a retrieved or obtained TGT to fetch creds for the local "host" service, and then passing those creds to krb5_verify_init_creds(), to passing the retrieved TGT directly to krb5_verify_init_creds(). It did not take care to retrieve the TGT from the temporary ccache if it had obtained them, and in those cases it would attempt to verify NULL creds. Modify the krb5_get_tkt_via_passwd() function to call krb5_get_init_creds_password(), to pass back the freshly-obtained creds, to take a "krb5_get_init_creds_opt" pointer instead of a locally-defined options structure, and rename it to ksu_get_tgt_via_passwd(). (cherry picked from commit 5fd5a67c5a93514e7d0a64425baa007ad91f57de) https://github.com/krb5/krb5/commit/5ccab825a11b1c7f3edf4287d56202d00dd5b233 Author: Nalin Dahyabhai Committer: Tom Yu Commit: 5ccab825a11b1c7f3edf4287d56202d00dd5b233 Branch: krb5-1.13 src/clients/ksu/heuristic.c | 4 +- src/clients/ksu/krb_auth_su.c | 58 ++++++++++++---------------------------- src/clients/ksu/ksu.h | 17 +++-------- src/clients/ksu/main.c | 56 ++++++++++++++++----------------------- 4 files changed, 48 insertions(+), 87 deletions(-)