diff options
author | Darren Tucker <dtucker@zip.com.au> | 2005-11-22 19:42:42 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2005-11-22 19:42:42 +1100 |
commit | f4732f647572f40d93f4fbd1e65d744ed10b2620 (patch) | |
tree | e26808c082fcbca769626081462a9e8f764f4d22 | |
parent | e8400da9d53700872c9dea6b9d52af98c59022b9 (diff) |
- dtucker@cvs.openbsd.org 2005/11/21 09:42:10
[auth-krb5.c]
Perform Kerberos calls even for invalid users to prevent leaking
information about account validity. bz #975, patch originally from
Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@,
ok markus@
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | auth-krb5.c | 7 |
2 files changed, 9 insertions, 6 deletions
@@ -12,6 +12,12 @@ | |||
12 | will pull it in. At the moment it gets pulled in by sys/select.h | 12 | will pull it in. At the moment it gets pulled in by sys/select.h |
13 | (which ssh has no business including) via event.h. OK markus@ | 13 | (which ssh has no business including) via event.h. OK markus@ |
14 | (ID sync only in -portable) | 14 | (ID sync only in -portable) |
15 | - dtucker@cvs.openbsd.org 2005/11/21 09:42:10 | ||
16 | [auth-krb5.c] | ||
17 | Perform Kerberos calls even for invalid users to prevent leaking | ||
18 | information about account validity. bz #975, patch originally from | ||
19 | Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@, | ||
20 | ok markus@ | ||
15 | 21 | ||
16 | 20051120 | 22 | 20051120 |
17 | - (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining what | 23 | - (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining what |
@@ -3321,4 +3327,4 @@ | |||
3321 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 3327 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
3322 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 3328 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
3323 | 3329 | ||
3324 | $Id: ChangeLog,v 1.3999 2005/11/22 08:41:33 dtucker Exp $ | 3330 | $Id: ChangeLog,v 1.4000 2005/11/22 08:42:42 dtucker Exp $ |
diff --git a/auth-krb5.c b/auth-krb5.c index a84e5401c..64d613543 100644 --- a/auth-krb5.c +++ b/auth-krb5.c | |||
@@ -28,7 +28,7 @@ | |||
28 | */ | 28 | */ |
29 | 29 | ||
30 | #include "includes.h" | 30 | #include "includes.h" |
31 | RCSID("$OpenBSD: auth-krb5.c,v 1.15 2003/11/21 11:57:02 djm Exp $"); | 31 | RCSID("$OpenBSD: auth-krb5.c,v 1.16 2005/11/21 09:42:10 dtucker Exp $"); |
32 | 32 | ||
33 | #include "ssh.h" | 33 | #include "ssh.h" |
34 | #include "ssh1.h" | 34 | #include "ssh1.h" |
@@ -69,9 +69,6 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
69 | krb5_ccache ccache = NULL; | 69 | krb5_ccache ccache = NULL; |
70 | int len; | 70 | int len; |
71 | 71 | ||
72 | if (!authctxt->valid) | ||
73 | return (0); | ||
74 | |||
75 | temporarily_use_uid(authctxt->pw); | 72 | temporarily_use_uid(authctxt->pw); |
76 | 73 | ||
77 | problem = krb5_init(authctxt); | 74 | problem = krb5_init(authctxt); |
@@ -188,7 +185,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
188 | else | 185 | else |
189 | return (0); | 186 | return (0); |
190 | } | 187 | } |
191 | return (1); | 188 | return (authctxt->valid ? 1 : 0); |
192 | } | 189 | } |
193 | 190 | ||
194 | void | 191 | void |