diff options
author | Colin Watson <cjwatson@debian.org> | 2012-09-07 00:20:47 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2012-09-07 00:20:47 +0100 |
commit | eab78da6a54225de06271d9c8da650f04a55ed88 (patch) | |
tree | aa258ca77515939f6d89317ff67fbcb0bca08b24 /auth-krb5.c | |
parent | a26f5de49df59322fde07f7be91b3e3969c9c238 (diff) | |
parent | c6a2c0334e45419875687d250aed9bea78480f2e (diff) |
* New upstream release (http://www.openssh.com/txt/release-6.1).
- Enable pre-auth sandboxing by default for new installs.
- Allow "PermitOpen none" to refuse all port-forwarding requests
(closes: #543683).
Diffstat (limited to 'auth-krb5.c')
-rw-r--r-- | auth-krb5.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/auth-krb5.c b/auth-krb5.c index 821913382..4c2375462 100644 --- a/auth-krb5.c +++ b/auth-krb5.c | |||
@@ -231,7 +231,7 @@ krb5_cleanup_proc(Authctxt *authctxt) | |||
231 | #ifndef HEIMDAL | 231 | #ifndef HEIMDAL |
232 | krb5_error_code | 232 | krb5_error_code |
233 | ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { | 233 | ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { |
234 | int ret; | 234 | int ret, oerrno; |
235 | char ccname[40]; | 235 | char ccname[40]; |
236 | mode_t old_umask; | 236 | mode_t old_umask; |
237 | #ifdef USE_CCAPI | 237 | #ifdef USE_CCAPI |
@@ -249,16 +249,18 @@ ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { | |||
249 | #ifndef USE_CCAPI | 249 | #ifndef USE_CCAPI |
250 | old_umask = umask(0177); | 250 | old_umask = umask(0177); |
251 | tmpfd = mkstemp(ccname + strlen("FILE:")); | 251 | tmpfd = mkstemp(ccname + strlen("FILE:")); |
252 | oerrno = errno; | ||
252 | umask(old_umask); | 253 | umask(old_umask); |
253 | if (tmpfd == -1) { | 254 | if (tmpfd == -1) { |
254 | logit("mkstemp(): %.100s", strerror(errno)); | 255 | logit("mkstemp(): %.100s", strerror(oerrno)); |
255 | return errno; | 256 | return oerrno; |
256 | } | 257 | } |
257 | 258 | ||
258 | if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) { | 259 | if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) { |
259 | logit("fchmod(): %.100s", strerror(errno)); | 260 | oerrno = errno; |
261 | logit("fchmod(): %.100s", strerror(oerrno)); | ||
260 | close(tmpfd); | 262 | close(tmpfd); |
261 | return errno; | 263 | return oerrno; |
262 | } | 264 | } |
263 | close(tmpfd); | 265 | close(tmpfd); |
264 | #endif | 266 | #endif |