diff options
author | des <des@FreeBSD.org> | 2004-02-26 10:38:49 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2004-02-26 10:38:49 +0000 |
commit | 7d1750f1d6c24163bf22790f8527f1783315c5e7 (patch) | |
tree | 44704f8b727acba451fd902fe3c26053cb6ce73e /crypto/openssh/auth-krb5.c | |
parent | 5c8d98dfbd6964b6be84da30b9d16df0cab3c42d (diff) | |
download | FreeBSD-src-7d1750f1d6c24163bf22790f8527f1783315c5e7.zip FreeBSD-src-7d1750f1d6c24163bf22790f8527f1783315c5e7.tar.gz |
Vendor import of OpenSSH 3.8p1.
Diffstat (limited to 'crypto/openssh/auth-krb5.c')
-rw-r--r-- | crypto/openssh/auth-krb5.c | 35 |
1 files changed, 14 insertions, 21 deletions
diff --git a/crypto/openssh/auth-krb5.c b/crypto/openssh/auth-krb5.c index 713b6da..3913c00 100644 --- a/crypto/openssh/auth-krb5.c +++ b/crypto/openssh/auth-krb5.c @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-krb5.c,v 1.12 2003/08/28 12:54:34 markus Exp $"); +RCSID("$OpenBSD: auth-krb5.c,v 1.15 2003/11/21 11:57:02 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -40,7 +40,6 @@ RCSID("$OpenBSD: auth-krb5.c,v 1.12 2003/08/28 12:54:34 markus Exp $"); #include "auth.h" #ifdef KRB5 - #include <krb5.h> extern ServerOptions options; @@ -50,7 +49,6 @@ krb5_init(void *context) { Authctxt *authctxt = (Authctxt *)context; krb5_error_code problem; - static int cleanup_registered = 0; if (authctxt->krb5_ctx == NULL) { problem = krb5_init_context(&authctxt->krb5_ctx); @@ -58,10 +56,6 @@ krb5_init(void *context) return (problem); krb5_init_ets(authctxt->krb5_ctx); } - if (!cleanup_registered) { - fatal_add_cleanup(krb5_cleanup_proc, authctxt); - cleanup_registered = 1; - } return (0); } @@ -73,11 +67,11 @@ auth_krb5_password(Authctxt *authctxt, const char *password) krb5_principal server; char ccname[40]; int tmpfd; -#endif +#endif krb5_error_code problem; krb5_ccache ccache = NULL; - if (authctxt->pw == NULL) + if (!authctxt->valid) return (0); temporarily_use_uid(authctxt->pw); @@ -102,14 +96,15 @@ auth_krb5_password(Authctxt *authctxt, const char *password) goto out; restore_uid(); - + problem = krb5_verify_user(authctxt->krb5_ctx, authctxt->krb5_user, ccache, password, 1, NULL); - + temporarily_use_uid(authctxt->pw); if (problem) goto out; + problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops, &authctxt->krb5_fwd_ccache); if (problem) @@ -140,21 +135,21 @@ auth_krb5_password(Authctxt *authctxt, const char *password) temporarily_use_uid(authctxt->pw); if (problem) goto out; - - if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, + + if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, authctxt->pw->pw_name)) { problem = -1; goto out; - } + } snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid()); - + if ((tmpfd = mkstemp(ccname+strlen("FILE:")))==-1) { logit("mkstemp(): %.100s", strerror(errno)); problem = errno; goto out; } - + if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) { logit("fchmod(): %.100s", strerror(errno)); close(tmpfd); @@ -171,12 +166,12 @@ auth_krb5_password(Authctxt *authctxt, const char *password) authctxt->krb5_user); if (problem) goto out; - + problem= krb5_cc_store_cred(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache, &creds); if (problem) goto out; -#endif +#endif authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache); @@ -205,10 +200,8 @@ auth_krb5_password(Authctxt *authctxt, const char *password) } void -krb5_cleanup_proc(void *context) +krb5_cleanup_proc(Authctxt *authctxt) { - Authctxt *authctxt = (Authctxt *)context; - debug("krb5_cleanup_proc called"); if (authctxt->krb5_fwd_ccache) { krb5_cc_destroy(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache); |