2 files changed, 15 insertions, 9 deletions
diff --git a/ChangeLog b/ChangeLog
index e1b17aaea..75fc22350 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,11 @@
   do_authenticated. Call loginfailed for protocol 2 failures > MAX like 
   we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
   K.Wolkersdorfer@fz-juelich.de and others
+ - (djm) OpenBSD CVS Sync
+   - dugsong@cvs.openbsd.org 2001/11/11 18:47:10
+     [auth-krb5.c]
+     fix krb5 authorization check. found by <jhawk@MIT.EDU>. from 
+     art@, deraadt@ ok
 20011112
 - (djm) Makefile correctness fix from Mark D. Baushke <mdb@juniper.net>
@@ -6895,4 +6900,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
-$Id: ChangeLog,v 1.1659 2001/11/13 12:46:18 djm Exp $
+$Id: ChangeLog,v 1.1660 2001/11/13 13:02:10 djm Exp $
diff --git a/auth-krb5.c b/auth-krb5.c
index 08c917459..b56f43a92 100644
--- a/auth-krb5.c
+++ b/auth-krb5.c
@@ -2,7 +2,7 @@
 *    Kerberos v5 authentication and ticket-passing routines.
 * 
 * $FreeBSD: src/crypto/openssh/auth-krb5.c,v 1.6 2001/02/13 16:58:04 assar Exp $
- * $OpenBSD: auth-krb5.c,v 1.1 2001/06/26 16:15:23 dugsong Exp $
+ * $OpenBSD: auth-krb5.c,v 1.2 2001/11/12 01:47:09 dugsong Exp $
 */
 #include "includes.h"
@@ -52,8 +52,9 @@ auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client)
        krb5_principal server;
        krb5_data reply;
        krb5_ticket *ticket;
-        int fd;
+        int fd, ret;
-        
+        ret = 0;
        server = NULL;
        ticket = NULL;
        reply.length = 0;
@@ -107,7 +108,8 @@ auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client)
        packet_put_string((char *) reply.data, reply.length);
        packet_send();
        packet_write_wait();
-        
+        ret = 1;
 err:
        if (server)
                krb5_free_principal(authctxt->krb5_ctx, server);
@@ -116,12 +118,11 @@ auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client)
        if (reply.length)
                xfree(reply.data);
        
-        if (problem) {
+        if (problem)
                debug("Kerberos v5 authentication failed: %s",
                    krb5_get_err_text(authctxt->krb5_ctx, problem));
-                return (0);
-        }
+        return (ret);
-        return (1);
 }
 int

diff --git a/ChangeLog b/ChangeLog index e1b17aaea..75fc22350 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -5,6 +5,11 @@
5	do_authenticated. Call loginfailed for protocol 2 failures > MAX like	5	do_authenticated. Call loginfailed for protocol 2 failures > MAX like
6	we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,	6	we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
7	K.Wolkersdorfer@fz-juelich.de and others	7	K.Wolkersdorfer@fz-juelich.de and others
		8	- (djm) OpenBSD CVS Sync
		9	- dugsong@cvs.openbsd.org 2001/11/11 18:47:10
		10	[auth-krb5.c]
		11	fix krb5 authorization check. found by <jhawk@MIT.EDU>. from
		12	art@, deraadt@ ok
8		13
9	20011112	14	20011112
10	- (djm) Makefile correctness fix from Mark D. Baushke <mdb@juniper.net>	15	- (djm) Makefile correctness fix from Mark D. Baushke <mdb@juniper.net>
@@ -6895,4 +6900,4 @@
6895	- Wrote replacements for strlcpy and mkdtemp	6900	- Wrote replacements for strlcpy and mkdtemp
6896	- Released 1.0pre1	6901	- Released 1.0pre1
6897		6902
6898	$Id: ChangeLog,v 1.1659 2001/11/13 12:46:18 djm Exp $	6903	$Id: ChangeLog,v 1.1660 2001/11/13 13:02:10 djm Exp $


diff --git a/auth-krb5.c b/auth-krb5.c index 08c917459..b56f43a92 100644 --- a/auth-krb5.c +++ b/auth-krb5.c
@@ -2,7 +2,7 @@
2	* Kerberos v5 authentication and ticket-passing routines.	2	* Kerberos v5 authentication and ticket-passing routines.
3	*	3	*
4	* $FreeBSD: src/crypto/openssh/auth-krb5.c,v 1.6 2001/02/13 16:58:04 assar Exp $	4	* $FreeBSD: src/crypto/openssh/auth-krb5.c,v 1.6 2001/02/13 16:58:04 assar Exp $
5	* $OpenBSD: auth-krb5.c,v 1.1 2001/06/26 16:15:23 dugsong Exp $	5	* $OpenBSD: auth-krb5.c,v 1.2 2001/11/12 01:47:09 dugsong Exp $
6	*/	6	*/
7		7
8	#include "includes.h"	8	#include "includes.h"
@@ -52,8 +52,9 @@ auth_krb5(Authctxt authctxt, krb5_data auth, char **client)
52	krb5_principal server;	52	krb5_principal server;
53	krb5_data reply;	53	krb5_data reply;
54	krb5_ticket *ticket;	54	krb5_ticket *ticket;
55	int fd;	55	int fd, ret;
56		56
		57	ret = 0;
57	server = NULL;	58	server = NULL;
58	ticket = NULL;	59	ticket = NULL;
59	reply.length = 0;	60	reply.length = 0;
@@ -107,7 +108,8 @@ auth_krb5(Authctxt authctxt, krb5_data auth, char **client)
107	packet_put_string((char *) reply.data, reply.length);	108	packet_put_string((char *) reply.data, reply.length);
108	packet_send();	109	packet_send();
109	packet_write_wait();	110	packet_write_wait();
110		111
		112	ret = 1;
111	err:	113	err:
112	if (server)	114	if (server)
113	krb5_free_principal(authctxt->krb5_ctx, server);	115	krb5_free_principal(authctxt->krb5_ctx, server);
@@ -116,12 +118,11 @@ auth_krb5(Authctxt authctxt, krb5_data auth, char **client)
116	if (reply.length)	118	if (reply.length)
117	xfree(reply.data);	119	xfree(reply.data);
118		120
119	if (problem) {	121	if (problem)
120	debug("Kerberos v5 authentication failed: %s",	122	debug("Kerberos v5 authentication failed: %s",
121	krb5_get_err_text(authctxt->krb5_ctx, problem));	123	krb5_get_err_text(authctxt->krb5_ctx, problem));
122	return (0);	124
123	}	125	return (ret);
124	return (1);
125	}	126	}
126		127
127	int	128	int