From a7c2a548a22af81c3b0f02441edca71bbf29fc9d Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Sat, 17 Jun 1995 22:24:11 +0000
Subject: [PATCH] need to setuid(0) to make kerb4 stuff work.

---
 check.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/check.c b/check.c
index 071cbd426..b6e7cdcee 100644
--- a/check.c
+++ b/check.c
@@ -581,7 +581,11 @@ int sudo_krb_validate_user(user, pass)
     (void) sprintf(tkfile, "%s/tkt%d", _PATH_SUDO_TIMEDIR, uid);
     (void) krb_set_tkt_string(tkfile);
 
-    /* Update the ticket if password is ok */
+    /*
+     * Update the ticket if password is ok.  Kerb4 expects
+     * the ruid and euid to be the same here so we setuid to root.
+     */
+    set_perms(PERM_ROOT);
     k_errno = krb_get_pw_in_tkt(user, "", realm, "krbtgt", realm,
 	DEFAULT_TKT_LIFE, pass);
 
@@ -595,6 +599,9 @@ int sudo_krb_validate_user(user, pass)
 	(void) fprintf(stderr, "Warning: Kerberos error: %s\n",
 		       krb_err_txt[k_errno]);
 
+    /* done with rootly stuff */
+    set_perms(PERM_USER);
+
     return(!(k_errno == INTK_OK));
 }
 #endif /* HAVE_KERB4 */