From: Sam Hartman Date: Tue, 6 Jan 2009 23:44:56 +0000 (+0000) Subject: Ksu should call krb5_verify_init_creds instead of using its own function. X-Git-Tag: krb5-1.7-alpha1~94 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=7686b7181e9090e4bd84fbc64ce8980673d03126;p=krb5.git Ksu should call krb5_verify_init_creds instead of using its own function. This was prompted by a desire for ksu to work without a domain_realm mapping for the local server, but the duplication of code is bad anyway. ticket: 5954 Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21714 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/clients/ksu/krb_auth_su.c b/src/clients/ksu/krb_auth_su.c index 8b9917773..8cb7af954 100644 --- a/src/clients/ksu/krb_auth_su.c +++ b/src/clients/ksu/krb_auth_su.c @@ -56,6 +56,7 @@ krb5_boolean krb5_auth_check(context, client_pname, hostname, options, int *path_passwd; { krb5_principal client, server; + krb5_verify_init_creds_opt vfy_opts; krb5_creds tgt, tgtq, in_creds, * out_creds; krb5_creds **tgts = NULL; /* list of ticket granting tickets */ @@ -213,9 +214,11 @@ krb5_boolean krb5_auth_check(context, client_pname, hostname, options, krb5_free_tgt_creds(context, tgts); } - retval = krb5_verify_tkt_def(context, client, server, - &out_creds->keyblock, &out_creds->ticket, - &target_tkt); + krb5_verify_init_creds_opt_init(&vfy_opts); + krb5_verify_init_creds_opt_set_ap_req_nofail( &vfy_opts, 1); + retval = krb5_verify_init_creds(context, out_creds, server, NULL /*keytab*/, + NULL /*output ccache*/, + &vfy_opts); if (retval) { com_err(prog_name, retval, "while verifying ticket for server"); return (FALSE); @@ -242,7 +245,7 @@ krb5_boolean krb5_fast_auth(context, client, server, target_user, cc) { krb5_creds tgt, tgtq; - krb5_ticket * target_tkt; + krb5_verify_init_creds_opt vfy_opts; krb5_error_code retval; memset((char *) &tgtq, 0, sizeof(tgtq)); @@ -266,9 +269,12 @@ krb5_boolean krb5_fast_auth(context, client, server, target_user, cc) return (FALSE) ; } - - if ((retval = krb5_verify_tkt_def(context, client, server, &tgt.keyblock, - &tgt.ticket, &target_tkt))){ + krb5_verify_init_creds_opt_init(&vfy_opts); + krb5_verify_init_creds_opt_set_ap_req_nofail( &vfy_opts, 1); + retval = krb5_verify_init_creds(context, &tgt, server, NULL /*keytab*/, + NULL /*output ccache*/, + &vfy_opts); + if (retval){ com_err(prog_name, retval, "while verifing ticket for server"); return (FALSE); }