Skip Menu |
 

From: ghudson@mit.edu
Subject: git commit
Download (untitled) / with headers
text/plain 1.2KiB

Fix ksu crash in cases where it obtains the TGT

In order to allow ksu to use any locally-present service key for
verifying creds, the previous change to ksu switched from using a
retrieved or obtained TGT to fetch creds for the local "host" service,
and then passing those creds to krb5_verify_init_creds(), to passing the
retrieved TGT directly to krb5_verify_init_creds().

It did not take care to retrieve the TGT from the temporary ccache if it
had obtained them, and in those cases it would attempt to verify NULL
creds.

Modify the krb5_get_tkt_via_passwd() function to call
krb5_get_init_creds_password(), to pass back the freshly-obtained creds,
to take a "krb5_get_init_creds_opt" pointer instead of a locally-defined
options structure, and rename it to ksu_get_tgt_via_passwd().

https://github.com/krb5/krb5/commit/5fd5a67c5a93514e7d0a64425baa007ad91f57de
Author: Nalin Dahyabhai <nalin@redhat.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 5fd5a67c5a93514e7d0a64425baa007ad91f57de
Branch: master
src/clients/ksu/heuristic.c | 4 +-
src/clients/ksu/krb_auth_su.c | 58 ++++++++++++----------------------------
src/clients/ksu/ksu.h | 17 +++--------
src/clients/ksu/main.c | 56 ++++++++++++++++-----------------------
4 files changed, 48 insertions(+), 87 deletions(-)
From: tlyu@mit.edu
Subject: git commit
Download (untitled) / with headers
text/plain 1.3KiB

Fix ksu crash in cases where it obtains the TGT

In order to allow ksu to use any locally-present service key for
verifying creds, the previous change to ksu switched from using a
retrieved or obtained TGT to fetch creds for the local "host" service,
and then passing those creds to krb5_verify_init_creds(), to passing the
retrieved TGT directly to krb5_verify_init_creds().

It did not take care to retrieve the TGT from the temporary ccache if it
had obtained them, and in those cases it would attempt to verify NULL
creds.

Modify the krb5_get_tkt_via_passwd() function to call
krb5_get_init_creds_password(), to pass back the freshly-obtained creds,
to take a "krb5_get_init_creds_opt" pointer instead of a locally-defined
options structure, and rename it to ksu_get_tgt_via_passwd().

(cherry picked from commit 5fd5a67c5a93514e7d0a64425baa007ad91f57de)

https://github.com/krb5/krb5/commit/5ccab825a11b1c7f3edf4287d56202d00dd5b233
Author: Nalin Dahyabhai <nalin@redhat.com>
Committer: Tom Yu <tlyu@mit.edu>
Commit: 5ccab825a11b1c7f3edf4287d56202d00dd5b233
Branch: krb5-1.13
src/clients/ksu/heuristic.c | 4 +-
src/clients/ksu/krb_auth_su.c | 58 ++++++++++++----------------------------
src/clients/ksu/ksu.h | 17 +++--------
src/clients/ksu/main.c | 56 ++++++++++++++++-----------------------
4 files changed, 48 insertions(+), 87 deletions(-)