summaryrefslogtreecommitdiff
path: root/auth-krb5.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2004-03-01 02:25:32 +0000
committerColin Watson <cjwatson@debian.org>2004-03-01 02:25:32 +0000
commitea8116a11e3de70036dbc665ccb0d486cf89cac9 (patch)
treed73ccdff78d8608e156465af42e6a1b3527fb2d6 /auth-krb5.c
parente39b311381a5609cc05acf298c42fba196dc524b (diff)
parentf5bda272678ec6dccaa5f29379cf60cb855018e8 (diff)
Merge 3.8p1 to the trunk. This builds and runs, but I haven't tested it
extensively yet. ProtocolKeepAlives is now just a compatibility alias for ServerAliveInterval.
Diffstat (limited to 'auth-krb5.c')
-rw-r--r--auth-krb5.c35
1 files changed, 14 insertions, 21 deletions
diff --git a/auth-krb5.c b/auth-krb5.c
index 0aa5195b8..859492478 100644
--- a/auth-krb5.c
+++ b/auth-krb5.c
@@ -28,7 +28,7 @@
28 */ 28 */
29 29
30#include "includes.h" 30#include "includes.h"
31RCSID("$OpenBSD: auth-krb5.c,v 1.12 2003/08/28 12:54:34 markus Exp $"); 31RCSID("$OpenBSD: auth-krb5.c,v 1.15 2003/11/21 11:57:02 djm Exp $");
32 32
33#include "ssh.h" 33#include "ssh.h"
34#include "ssh1.h" 34#include "ssh1.h"
@@ -40,7 +40,6 @@ RCSID("$OpenBSD: auth-krb5.c,v 1.12 2003/08/28 12:54:34 markus Exp $");
40#include "auth.h" 40#include "auth.h"
41 41
42#ifdef KRB5 42#ifdef KRB5
43
44#include <krb5.h> 43#include <krb5.h>
45 44
46extern ServerOptions options; 45extern ServerOptions options;
@@ -50,7 +49,6 @@ krb5_init(void *context)
50{ 49{
51 Authctxt *authctxt = (Authctxt *)context; 50 Authctxt *authctxt = (Authctxt *)context;
52 krb5_error_code problem; 51 krb5_error_code problem;
53 static int cleanup_registered = 0;
54 52
55 if (authctxt->krb5_ctx == NULL) { 53 if (authctxt->krb5_ctx == NULL) {
56 problem = krb5_init_context(&authctxt->krb5_ctx); 54 problem = krb5_init_context(&authctxt->krb5_ctx);
@@ -58,10 +56,6 @@ krb5_init(void *context)
58 return (problem); 56 return (problem);
59 krb5_init_ets(authctxt->krb5_ctx); 57 krb5_init_ets(authctxt->krb5_ctx);
60 } 58 }
61 if (!cleanup_registered) {
62 fatal_add_cleanup(krb5_cleanup_proc, authctxt);
63 cleanup_registered = 1;
64 }
65 return (0); 59 return (0);
66} 60}
67 61
@@ -73,11 +67,11 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
73 krb5_principal server; 67 krb5_principal server;
74 char ccname[40]; 68 char ccname[40];
75 int tmpfd; 69 int tmpfd;
76#endif 70#endif
77 krb5_error_code problem; 71 krb5_error_code problem;
78 krb5_ccache ccache = NULL; 72 krb5_ccache ccache = NULL;
79 73
80 if (authctxt->pw == NULL) 74 if (!authctxt->valid)
81 return (0); 75 return (0);
82 76
83 temporarily_use_uid(authctxt->pw); 77 temporarily_use_uid(authctxt->pw);
@@ -102,14 +96,15 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
102 goto out; 96 goto out;
103 97
104 restore_uid(); 98 restore_uid();
105 99
106 problem = krb5_verify_user(authctxt->krb5_ctx, authctxt->krb5_user, 100 problem = krb5_verify_user(authctxt->krb5_ctx, authctxt->krb5_user,
107 ccache, password, 1, NULL); 101 ccache, password, 1, NULL);
108 102
109 temporarily_use_uid(authctxt->pw); 103 temporarily_use_uid(authctxt->pw);
110 104
111 if (problem) 105 if (problem)
112 goto out; 106 goto out;
107
113 problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops, 108 problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops,
114 &authctxt->krb5_fwd_ccache); 109 &authctxt->krb5_fwd_ccache);
115 if (problem) 110 if (problem)
@@ -140,21 +135,21 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
140 temporarily_use_uid(authctxt->pw); 135 temporarily_use_uid(authctxt->pw);
141 if (problem) 136 if (problem)
142 goto out; 137 goto out;
143 138
144 if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, 139 if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user,
145 authctxt->pw->pw_name)) { 140 authctxt->pw->pw_name)) {
146 problem = -1; 141 problem = -1;
147 goto out; 142 goto out;
148 } 143 }
149 144
150 snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid()); 145 snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid());
151 146
152 if ((tmpfd = mkstemp(ccname+strlen("FILE:")))==-1) { 147 if ((tmpfd = mkstemp(ccname+strlen("FILE:")))==-1) {
153 logit("mkstemp(): %.100s", strerror(errno)); 148 logit("mkstemp(): %.100s", strerror(errno));
154 problem = errno; 149 problem = errno;
155 goto out; 150 goto out;
156 } 151 }
157 152
158 if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) { 153 if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) {
159 logit("fchmod(): %.100s", strerror(errno)); 154 logit("fchmod(): %.100s", strerror(errno));
160 close(tmpfd); 155 close(tmpfd);
@@ -171,12 +166,12 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
171 authctxt->krb5_user); 166 authctxt->krb5_user);
172 if (problem) 167 if (problem)
173 goto out; 168 goto out;
174 169
175 problem= krb5_cc_store_cred(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache, 170 problem= krb5_cc_store_cred(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache,
176 &creds); 171 &creds);
177 if (problem) 172 if (problem)
178 goto out; 173 goto out;
179#endif 174#endif
180 175
181 authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache); 176 authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache);
182 177
@@ -205,10 +200,8 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
205} 200}
206 201
207void 202void
208krb5_cleanup_proc(void *context) 203krb5_cleanup_proc(Authctxt *authctxt)
209{ 204{
210 Authctxt *authctxt = (Authctxt *)context;
211
212 debug("krb5_cleanup_proc called"); 205 debug("krb5_cleanup_proc called");
213 if (authctxt->krb5_fwd_ccache) { 206 if (authctxt->krb5_fwd_ccache) {
214 krb5_cc_destroy(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache); 207 krb5_cc_destroy(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache);
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-18 11:50:40 +0000