diff options
author | Colin Watson <cjwatson@debian.org> | 2004-03-01 02:25:32 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2004-03-01 02:25:32 +0000 |
commit | ea8116a11e3de70036dbc665ccb0d486cf89cac9 (patch) | |
tree | d73ccdff78d8608e156465af42e6a1b3527fb2d6 /auth-krb5.c | |
parent | e39b311381a5609cc05acf298c42fba196dc524b (diff) | |
parent | f5bda272678ec6dccaa5f29379cf60cb855018e8 (diff) |
Merge 3.8p1 to the trunk. This builds and runs, but I haven't tested it
extensively yet.
ProtocolKeepAlives is now just a compatibility alias for
ServerAliveInterval.
Diffstat (limited to 'auth-krb5.c')
-rw-r--r-- | auth-krb5.c | 35 |
1 files changed, 14 insertions, 21 deletions
diff --git a/auth-krb5.c b/auth-krb5.c index 0aa5195b8..859492478 100644 --- a/auth-krb5.c +++ b/auth-krb5.c | |||
@@ -28,7 +28,7 @@ | |||
28 | */ | 28 | */ |
29 | 29 | ||
30 | #include "includes.h" | 30 | #include "includes.h" |
31 | RCSID("$OpenBSD: auth-krb5.c,v 1.12 2003/08/28 12:54:34 markus Exp $"); | 31 | RCSID("$OpenBSD: auth-krb5.c,v 1.15 2003/11/21 11:57:02 djm Exp $"); |
32 | 32 | ||
33 | #include "ssh.h" | 33 | #include "ssh.h" |
34 | #include "ssh1.h" | 34 | #include "ssh1.h" |
@@ -40,7 +40,6 @@ RCSID("$OpenBSD: auth-krb5.c,v 1.12 2003/08/28 12:54:34 markus Exp $"); | |||
40 | #include "auth.h" | 40 | #include "auth.h" |
41 | 41 | ||
42 | #ifdef KRB5 | 42 | #ifdef KRB5 |
43 | |||
44 | #include <krb5.h> | 43 | #include <krb5.h> |
45 | 44 | ||
46 | extern ServerOptions options; | 45 | extern ServerOptions options; |
@@ -50,7 +49,6 @@ krb5_init(void *context) | |||
50 | { | 49 | { |
51 | Authctxt *authctxt = (Authctxt *)context; | 50 | Authctxt *authctxt = (Authctxt *)context; |
52 | krb5_error_code problem; | 51 | krb5_error_code problem; |
53 | static int cleanup_registered = 0; | ||
54 | 52 | ||
55 | if (authctxt->krb5_ctx == NULL) { | 53 | if (authctxt->krb5_ctx == NULL) { |
56 | problem = krb5_init_context(&authctxt->krb5_ctx); | 54 | problem = krb5_init_context(&authctxt->krb5_ctx); |
@@ -58,10 +56,6 @@ krb5_init(void *context) | |||
58 | return (problem); | 56 | return (problem); |
59 | krb5_init_ets(authctxt->krb5_ctx); | 57 | krb5_init_ets(authctxt->krb5_ctx); |
60 | } | 58 | } |
61 | if (!cleanup_registered) { | ||
62 | fatal_add_cleanup(krb5_cleanup_proc, authctxt); | ||
63 | cleanup_registered = 1; | ||
64 | } | ||
65 | return (0); | 59 | return (0); |
66 | } | 60 | } |
67 | 61 | ||
@@ -73,11 +67,11 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
73 | krb5_principal server; | 67 | krb5_principal server; |
74 | char ccname[40]; | 68 | char ccname[40]; |
75 | int tmpfd; | 69 | int tmpfd; |
76 | #endif | 70 | #endif |
77 | krb5_error_code problem; | 71 | krb5_error_code problem; |
78 | krb5_ccache ccache = NULL; | 72 | krb5_ccache ccache = NULL; |
79 | 73 | ||
80 | if (authctxt->pw == NULL) | 74 | if (!authctxt->valid) |
81 | return (0); | 75 | return (0); |
82 | 76 | ||
83 | temporarily_use_uid(authctxt->pw); | 77 | temporarily_use_uid(authctxt->pw); |
@@ -102,14 +96,15 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
102 | goto out; | 96 | goto out; |
103 | 97 | ||
104 | restore_uid(); | 98 | restore_uid(); |
105 | 99 | ||
106 | problem = krb5_verify_user(authctxt->krb5_ctx, authctxt->krb5_user, | 100 | problem = krb5_verify_user(authctxt->krb5_ctx, authctxt->krb5_user, |
107 | ccache, password, 1, NULL); | 101 | ccache, password, 1, NULL); |
108 | 102 | ||
109 | temporarily_use_uid(authctxt->pw); | 103 | temporarily_use_uid(authctxt->pw); |
110 | 104 | ||
111 | if (problem) | 105 | if (problem) |
112 | goto out; | 106 | goto out; |
107 | |||
113 | problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops, | 108 | problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops, |
114 | &authctxt->krb5_fwd_ccache); | 109 | &authctxt->krb5_fwd_ccache); |
115 | if (problem) | 110 | if (problem) |
@@ -140,21 +135,21 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
140 | temporarily_use_uid(authctxt->pw); | 135 | temporarily_use_uid(authctxt->pw); |
141 | if (problem) | 136 | if (problem) |
142 | goto out; | 137 | goto out; |
143 | 138 | ||
144 | if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, | 139 | if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, |
145 | authctxt->pw->pw_name)) { | 140 | authctxt->pw->pw_name)) { |
146 | problem = -1; | 141 | problem = -1; |
147 | goto out; | 142 | goto out; |
148 | } | 143 | } |
149 | 144 | ||
150 | snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid()); | 145 | snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid()); |
151 | 146 | ||
152 | if ((tmpfd = mkstemp(ccname+strlen("FILE:")))==-1) { | 147 | if ((tmpfd = mkstemp(ccname+strlen("FILE:")))==-1) { |
153 | logit("mkstemp(): %.100s", strerror(errno)); | 148 | logit("mkstemp(): %.100s", strerror(errno)); |
154 | problem = errno; | 149 | problem = errno; |
155 | goto out; | 150 | goto out; |
156 | } | 151 | } |
157 | 152 | ||
158 | if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) { | 153 | if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) { |
159 | logit("fchmod(): %.100s", strerror(errno)); | 154 | logit("fchmod(): %.100s", strerror(errno)); |
160 | close(tmpfd); | 155 | close(tmpfd); |
@@ -171,12 +166,12 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
171 | authctxt->krb5_user); | 166 | authctxt->krb5_user); |
172 | if (problem) | 167 | if (problem) |
173 | goto out; | 168 | goto out; |
174 | 169 | ||
175 | problem= krb5_cc_store_cred(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache, | 170 | problem= krb5_cc_store_cred(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache, |
176 | &creds); | 171 | &creds); |
177 | if (problem) | 172 | if (problem) |
178 | goto out; | 173 | goto out; |
179 | #endif | 174 | #endif |
180 | 175 | ||
181 | authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache); | 176 | authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache); |
182 | 177 | ||
@@ -205,10 +200,8 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
205 | } | 200 | } |
206 | 201 | ||
207 | void | 202 | void |
208 | krb5_cleanup_proc(void *context) | 203 | krb5_cleanup_proc(Authctxt *authctxt) |
209 | { | 204 | { |
210 | Authctxt *authctxt = (Authctxt *)context; | ||
211 | |||
212 | debug("krb5_cleanup_proc called"); | 205 | debug("krb5_cleanup_proc called"); |
213 | if (authctxt->krb5_fwd_ccache) { | 206 | if (authctxt->krb5_fwd_ccache) { |
214 | krb5_cc_destroy(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache); | 207 | krb5_cc_destroy(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache); |