diff options
author | Colin Watson <cjwatson@debian.org> | 2004-03-01 02:25:32 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2004-03-01 02:25:32 +0000 |
commit | ea8116a11e3de70036dbc665ccb0d486cf89cac9 (patch) | |
tree | d73ccdff78d8608e156465af42e6a1b3527fb2d6 /gss-serv-krb5.c | |
parent | e39b311381a5609cc05acf298c42fba196dc524b (diff) | |
parent | f5bda272678ec6dccaa5f29379cf60cb855018e8 (diff) |
Merge 3.8p1 to the trunk. This builds and runs, but I haven't tested it
extensively yet.
ProtocolKeepAlives is now just a compatibility alias for
ServerAliveInterval.
Diffstat (limited to 'gss-serv-krb5.c')
-rw-r--r-- | gss-serv-krb5.c | 29 |
1 files changed, 18 insertions, 11 deletions
diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c index f48e09911..8ba3e7182 100644 --- a/gss-serv-krb5.c +++ b/gss-serv-krb5.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: gss-serv-krb5.c,v 1.1 2003/08/22 10:56:09 markus Exp $ */ | 1 | /* $OpenBSD: gss-serv-krb5.c,v 1.2 2003/11/21 11:57:03 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. |
@@ -39,16 +39,20 @@ | |||
39 | extern ServerOptions options; | 39 | extern ServerOptions options; |
40 | 40 | ||
41 | #ifdef HEIMDAL | 41 | #ifdef HEIMDAL |
42 | #include <krb5.h> | 42 | # include <krb5.h> |
43 | #else | 43 | #else |
44 | #include <gssapi_krb5.h> | 44 | # ifdef HAVE_GSSAPI_KRB5 |
45 | # include <gssapi_krb5.h> | ||
46 | # elif HAVE_GSSAPI_GSSAPI_KRB5 | ||
47 | # include <gssapi/gssapi_krb5.h> | ||
48 | # endif | ||
45 | #endif | 49 | #endif |
46 | 50 | ||
47 | static krb5_context krb_context = NULL; | 51 | static krb5_context krb_context = NULL; |
48 | 52 | ||
49 | /* Initialise the krb5 library, for the stuff that GSSAPI won't do */ | 53 | /* Initialise the krb5 library, for the stuff that GSSAPI won't do */ |
50 | 54 | ||
51 | static int | 55 | static int |
52 | ssh_gssapi_krb5_init() | 56 | ssh_gssapi_krb5_init() |
53 | { | 57 | { |
54 | krb5_error_code problem; | 58 | krb5_error_code problem; |
@@ -108,6 +112,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) | |||
108 | krb5_error_code problem; | 112 | krb5_error_code problem; |
109 | krb5_principal princ; | 113 | krb5_principal princ; |
110 | OM_uint32 maj_status, min_status; | 114 | OM_uint32 maj_status, min_status; |
115 | int len; | ||
111 | 116 | ||
112 | if (client->creds == NULL) { | 117 | if (client->creds == NULL) { |
113 | debug("No credentials stored"); | 118 | debug("No credentials stored"); |
@@ -127,10 +132,10 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) | |||
127 | { | 132 | { |
128 | int tmpfd; | 133 | int tmpfd; |
129 | char ccname[40]; | 134 | char ccname[40]; |
130 | 135 | ||
131 | snprintf(ccname, sizeof(ccname), | 136 | snprintf(ccname, sizeof(ccname), |
132 | "FILE:/tmp/krb5cc_%d_XXXXXX", geteuid()); | 137 | "FILE:/tmp/krb5cc_%d_XXXXXX", geteuid()); |
133 | 138 | ||
134 | if ((tmpfd = mkstemp(ccname + strlen("FILE:"))) == -1) { | 139 | if ((tmpfd = mkstemp(ccname + strlen("FILE:"))) == -1) { |
135 | logit("mkstemp(): %.100s", strerror(errno)); | 140 | logit("mkstemp(): %.100s", strerror(errno)); |
136 | problem = errno; | 141 | problem = errno; |
@@ -151,7 +156,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) | |||
151 | } | 156 | } |
152 | #endif /* #ifdef HEIMDAL */ | 157 | #endif /* #ifdef HEIMDAL */ |
153 | 158 | ||
154 | if ((problem = krb5_parse_name(krb_context, | 159 | if ((problem = krb5_parse_name(krb_context, |
155 | client->exportedname.value, &princ))) { | 160 | client->exportedname.value, &princ))) { |
156 | logit("krb5_parse_name(): %.100s", | 161 | logit("krb5_parse_name(): %.100s", |
157 | krb5_get_err_text(krb_context, problem)); | 162 | krb5_get_err_text(krb_context, problem)); |
@@ -169,7 +174,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) | |||
169 | 174 | ||
170 | krb5_free_principal(krb_context, princ); | 175 | krb5_free_principal(krb_context, princ); |
171 | 176 | ||
172 | if ((maj_status = gss_krb5_copy_ccache(&min_status, | 177 | if ((maj_status = gss_krb5_copy_ccache(&min_status, |
173 | client->creds, ccache))) { | 178 | client->creds, ccache))) { |
174 | logit("gss_krb5_copy_ccache() failed"); | 179 | logit("gss_krb5_copy_ccache() failed"); |
175 | krb5_cc_destroy(krb_context, ccache); | 180 | krb5_cc_destroy(krb_context, ccache); |
@@ -178,11 +183,13 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) | |||
178 | 183 | ||
179 | client->store.filename = xstrdup(krb5_cc_get_name(krb_context, ccache)); | 184 | client->store.filename = xstrdup(krb5_cc_get_name(krb_context, ccache)); |
180 | client->store.envvar = "KRB5CCNAME"; | 185 | client->store.envvar = "KRB5CCNAME"; |
181 | client->store.envval = xstrdup(client->store.filename); | 186 | len = strlen(client->store.filename) + 6; |
187 | client->store.envval = xmalloc(len); | ||
188 | snprintf(client->store.envval, len, "FILE:%s", client->store.filename); | ||
182 | 189 | ||
183 | #ifdef USE_PAM | 190 | #ifdef USE_PAM |
184 | if (options.use_pam) | 191 | if (options.use_pam) |
185 | do_pam_putenv(client->store.envvar,client->store.envval); | 192 | do_pam_putenv(client->store.envvar, client->store.envval); |
186 | #endif | 193 | #endif |
187 | 194 | ||
188 | krb5_cc_close(krb_context, ccache); | 195 | krb5_cc_close(krb_context, ccache); |