diff options
| author | Damien Miller <djm@mindrot.org> | 2002-09-12 09:47:29 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2002-09-12 09:47:29 +1000 |
| commit | 25162f2518f72035b50b254bfeb5b89d018223a6 (patch) | |
| tree | e5e50812ca90d5ce4cd3692505e9de48205f0b8a /auth-krb5.c | |
| parent | 4d53d39b071ebc2a0c6f1948b7c7630ab0021a73 (diff) | |
- itojun@cvs.openbsd.org 2002/09/09 06:48:06
[auth1.c auth.h auth-krb5.c monitor.c monitor.h]
[monitor_wrap.c monitor_wrap.h]
kerberos support for privsep. confirmed to work by lha@stacken.kth.se
patch from markus
Diffstat (limited to 'auth-krb5.c')
| -rw-r--r-- | auth-krb5.c | 20 |
1 files changed, 8 insertions, 12 deletions
diff --git a/auth-krb5.c b/auth-krb5.c index 308a6d5f9..512f70b78 100644 --- a/auth-krb5.c +++ b/auth-krb5.c | |||
| @@ -28,7 +28,7 @@ | |||
| 28 | */ | 28 | */ |
| 29 | 29 | ||
| 30 | #include "includes.h" | 30 | #include "includes.h" |
| 31 | RCSID("$OpenBSD: auth-krb5.c,v 1.8 2002/03/19 10:49:35 markus Exp $"); | 31 | RCSID("$OpenBSD: auth-krb5.c,v 1.9 2002/09/09 06:48:06 itojun Exp $"); |
| 32 | 32 | ||
| 33 | #include "ssh.h" | 33 | #include "ssh.h" |
| 34 | #include "ssh1.h" | 34 | #include "ssh1.h" |
| @@ -73,18 +73,17 @@ krb5_init(void *context) | |||
| 73 | * from the ticket | 73 | * from the ticket |
| 74 | */ | 74 | */ |
| 75 | int | 75 | int |
| 76 | auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client) | 76 | auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *reply) |
| 77 | { | 77 | { |
| 78 | krb5_error_code problem; | 78 | krb5_error_code problem; |
| 79 | krb5_principal server; | 79 | krb5_principal server; |
| 80 | krb5_data reply; | ||
| 81 | krb5_ticket *ticket; | 80 | krb5_ticket *ticket; |
| 82 | int fd, ret; | 81 | int fd, ret; |
| 83 | 82 | ||
| 84 | ret = 0; | 83 | ret = 0; |
| 85 | server = NULL; | 84 | server = NULL; |
| 86 | ticket = NULL; | 85 | ticket = NULL; |
| 87 | reply.length = 0; | 86 | reply->length = 0; |
| 88 | 87 | ||
| 89 | problem = krb5_init(authctxt); | 88 | problem = krb5_init(authctxt); |
| 90 | if (problem) | 89 | if (problem) |
| @@ -131,7 +130,7 @@ auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client) | |||
| 131 | 130 | ||
| 132 | /* if client wants mutual auth */ | 131 | /* if client wants mutual auth */ |
| 133 | problem = krb5_mk_rep(authctxt->krb5_ctx, authctxt->krb5_auth_ctx, | 132 | problem = krb5_mk_rep(authctxt->krb5_ctx, authctxt->krb5_auth_ctx, |
| 134 | &reply); | 133 | reply); |
| 135 | if (problem) | 134 | if (problem) |
| 136 | goto err; | 135 | goto err; |
| 137 | 136 | ||
| @@ -144,19 +143,16 @@ auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client) | |||
| 144 | krb5_unparse_name(authctxt->krb5_ctx, authctxt->krb5_user, | 143 | krb5_unparse_name(authctxt->krb5_ctx, authctxt->krb5_user, |
| 145 | client); | 144 | client); |
| 146 | 145 | ||
| 147 | packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE); | ||
| 148 | packet_put_string((char *) reply.data, reply.length); | ||
| 149 | packet_send(); | ||
| 150 | packet_write_wait(); | ||
| 151 | |||
| 152 | ret = 1; | 146 | ret = 1; |
| 153 | err: | 147 | err: |
| 154 | if (server) | 148 | if (server) |
| 155 | krb5_free_principal(authctxt->krb5_ctx, server); | 149 | krb5_free_principal(authctxt->krb5_ctx, server); |
| 156 | if (ticket) | 150 | if (ticket) |
| 157 | krb5_free_ticket(authctxt->krb5_ctx, ticket); | 151 | krb5_free_ticket(authctxt->krb5_ctx, ticket); |
| 158 | if (reply.length) | 152 | if (!ret && reply->length) { |
| 159 | xfree(reply.data); | 153 | xfree(reply->data); |
| 154 | memset(reply, 0, sizeof(*reply)); | ||
| 155 | } | ||
| 160 | 156 | ||
| 161 | if (problem) { | 157 | if (problem) { |
| 162 | if (authctxt->krb5_ctx != NULL) | 158 | if (authctxt->krb5_ctx != NULL) |