diff options
| author | Damien Miller <djm@mindrot.org> | 2013-10-24 10:53:02 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2013-10-24 10:53:02 +1100 |
| commit | 8f1873191478847773906af961c8984d02a49dd6 (patch) | |
| tree | 74370f87a558e881112d853f27421fe98a5a3cba | |
| parent | 5b01b0dcb417eb615df77e7ce1b59319bf04342c (diff) | |
- (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok check
rather than full client name which may be of form user@REALM;
patch from Miguel Sanders; ok dtucker@
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | auth-krb5.c | 3 |
2 files changed, 7 insertions, 1 deletions
| @@ -1,3 +1,8 @@ | |||
| 1 | 20131024 | ||
| 2 | - (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok check | ||
| 3 | rather than full client name which may be of form user@REALM; | ||
| 4 | patch from Miguel Sanders; ok dtucker@ | ||
| 5 | |||
| 1 | 20131023 | 6 | 20131023 |
| 2 | - (djm) OpenBSD CVS Sync | 7 | - (djm) OpenBSD CVS Sync |
| 3 | - djm@cvs.openbsd.org 2013/10/20 04:39:28 | 8 | - djm@cvs.openbsd.org 2013/10/20 04:39:28 |
diff --git a/auth-krb5.c b/auth-krb5.c index 7c83f597f..6c62bdf54 100644 --- a/auth-krb5.c +++ b/auth-krb5.c | |||
| @@ -157,7 +157,8 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
| 157 | if (problem) | 157 | if (problem) |
| 158 | goto out; | 158 | goto out; |
| 159 | 159 | ||
| 160 | if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, client)) { | 160 | if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, |
| 161 | authctxt->pw->pw_name)) { | ||
| 161 | problem = -1; | 162 | problem = -1; |
| 162 | goto out; | 163 | goto out; |
| 163 | } | 164 | } |