diff options
author | Darren Tucker <dtucker@zip.com.au> | 2005-07-07 11:50:20 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2005-07-07 11:50:20 +1000 |
commit | a916d143a16c59a6bc82df5e1d6b046e17d31848 (patch) | |
tree | e1d10bb44cf7af70845fbb927f2b8ed92e4f1468 /auth-krb5.c | |
parent | f92c0794ec9162f4e0d5291fe58e4fcb5a00f6d3 (diff) |
- [auth-krb5.c auth.h gss-serv-krb5.c] Move KRB5CCNAME generation for the MIT
Kerberos code path into a common function and expand mkstemp template to be
consistent with the rest of OpenSSH. From sxw at inf.ed.ac.uk, ok djm@
Diffstat (limited to 'auth-krb5.c')
-rw-r--r-- | auth-krb5.c | 54 |
1 files changed, 31 insertions, 23 deletions
diff --git a/auth-krb5.c b/auth-krb5.c index 2f742534a..01b387c23 100644 --- a/auth-krb5.c +++ b/auth-krb5.c | |||
@@ -67,9 +67,6 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
67 | #ifndef HEIMDAL | 67 | #ifndef HEIMDAL |
68 | krb5_creds creds; | 68 | krb5_creds creds; |
69 | krb5_principal server; | 69 | krb5_principal server; |
70 | char ccname[40]; | ||
71 | int tmpfd; | ||
72 | mode_t old_umask; | ||
73 | #endif | 70 | #endif |
74 | krb5_error_code problem; | 71 | krb5_error_code problem; |
75 | krb5_ccache ccache = NULL; | 72 | krb5_ccache ccache = NULL; |
@@ -146,26 +143,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
146 | goto out; | 143 | goto out; |
147 | } | 144 | } |
148 | 145 | ||
149 | snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid()); | 146 | problem = ssh_krb5_cc_gen(authctxt->krb5_ctx, &authctxt->krb5_fwd_ccache); |
150 | |||
151 | old_umask = umask(0177); | ||
152 | tmpfd = mkstemp(ccname + strlen("FILE:")); | ||
153 | umask(old_umask); | ||
154 | if (tmpfd == -1) { | ||
155 | logit("mkstemp(): %.100s", strerror(errno)); | ||
156 | problem = errno; | ||
157 | goto out; | ||
158 | } | ||
159 | |||
160 | if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) { | ||
161 | logit("fchmod(): %.100s", strerror(errno)); | ||
162 | close(tmpfd); | ||
163 | problem = errno; | ||
164 | goto out; | ||
165 | } | ||
166 | close(tmpfd); | ||
167 | |||
168 | problem = krb5_cc_resolve(authctxt->krb5_ctx, ccname, &authctxt->krb5_fwd_ccache); | ||
169 | if (problem) | 147 | if (problem) |
170 | goto out; | 148 | goto out; |
171 | 149 | ||
@@ -234,4 +212,34 @@ krb5_cleanup_proc(Authctxt *authctxt) | |||
234 | } | 212 | } |
235 | } | 213 | } |
236 | 214 | ||
215 | #ifndef HEIMDAL | ||
216 | krb5_error_code | ||
217 | ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { | ||
218 | int tmpfd, ret; | ||
219 | char ccname[40]; | ||
220 | mode_t old_umask; | ||
221 | |||
222 | ret = snprintf(ccname, sizeof(ccname), | ||
223 | "FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid()); | ||
224 | if (ret == -1 || ret >= sizeof(ccname)) | ||
225 | return errno; | ||
226 | |||
227 | old_umask = umask(0177); | ||
228 | tmpfd = mkstemp(ccname + strlen("FILE:")); | ||
229 | umask(old_umask); | ||
230 | if (tmpfd == -1) { | ||
231 | logit("mkstemp(): %.100s", strerror(errno)); | ||
232 | return errno; | ||
233 | } | ||
234 | |||
235 | if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) { | ||
236 | logit("fchmod(): %.100s", strerror(errno)); | ||
237 | close(tmpfd); | ||
238 | return errno; | ||
239 | } | ||
240 | close(tmpfd); | ||
241 | |||
242 | return (krb5_cc_resolve(ctx, ccname, ccache)); | ||
243 | } | ||
244 | #endif /* !HEIMDAL */ | ||
237 | #endif /* KRB5 */ | 245 | #endif /* KRB5 */ |