diff options
Diffstat (limited to 'auth-krb5.c')
| -rw-r--r-- | auth-krb5.c | 27 |
1 files changed, 20 insertions, 7 deletions
diff --git a/auth-krb5.c b/auth-krb5.c index 4c2375462..5613b5772 100644 --- a/auth-krb5.c +++ b/auth-krb5.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth-krb5.c,v 1.19 2006/08/03 03:34:41 deraadt Exp $ */ | 1 | /* $OpenBSD: auth-krb5.c,v 1.20 2013/07/20 01:55:13 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Kerberos v5 authentication and ticket-passing routines. | 3 | * Kerberos v5 authentication and ticket-passing routines. |
| 4 | * | 4 | * |
| @@ -79,6 +79,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
| 79 | krb5_ccache ccache = NULL; | 79 | krb5_ccache ccache = NULL; |
| 80 | int len; | 80 | int len; |
| 81 | char *client, *platform_client; | 81 | char *client, *platform_client; |
| 82 | const char *errmsg; | ||
| 82 | 83 | ||
| 83 | /* get platform-specific kerberos client principal name (if it exists) */ | 84 | /* get platform-specific kerberos client principal name (if it exists) */ |
| 84 | platform_client = platform_krb5_get_principal_name(authctxt->pw->pw_name); | 85 | platform_client = platform_krb5_get_principal_name(authctxt->pw->pw_name); |
| @@ -96,7 +97,12 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
| 96 | goto out; | 97 | goto out; |
| 97 | 98 | ||
| 98 | #ifdef HEIMDAL | 99 | #ifdef HEIMDAL |
| 100 | # ifdef HAVE_KRB5_CC_NEW_UNIQUE | ||
| 101 | problem = krb5_cc_new_unique(authctxt->krb5_ctx, | ||
| 102 | krb5_mcc_ops.prefix, NULL, &ccache); | ||
| 103 | # else | ||
| 99 | problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, &ccache); | 104 | problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, &ccache); |
| 105 | # endif | ||
| 100 | if (problem) | 106 | if (problem) |
| 101 | goto out; | 107 | goto out; |
| 102 | 108 | ||
| @@ -115,8 +121,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
| 115 | if (problem) | 121 | if (problem) |
| 116 | goto out; | 122 | goto out; |
| 117 | 123 | ||
| 124 | # ifdef HAVE_KRB5_CC_NEW_UNIQUE | ||
| 125 | problem = krb5_cc_new_unique(authctxt->krb5_ctx, | ||
| 126 | krb5_fcc_ops.prefix, NULL, &authctxt->krb5_fwd_ccache); | ||
| 127 | # else | ||
| 118 | problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops, | 128 | problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops, |
| 119 | &authctxt->krb5_fwd_ccache); | 129 | &authctxt->krb5_fwd_ccache); |
| 130 | # endif | ||
| 120 | if (problem) | 131 | if (problem) |
| 121 | goto out; | 132 | goto out; |
| 122 | 133 | ||
| @@ -186,17 +197,19 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
| 186 | out: | 197 | out: |
| 187 | restore_uid(); | 198 | restore_uid(); |
| 188 | 199 | ||
| 189 | if (platform_client != NULL) | 200 | free(platform_client); |
| 190 | xfree(platform_client); | ||
| 191 | 201 | ||
| 192 | if (problem) { | 202 | if (problem) { |
| 193 | if (ccache) | 203 | if (ccache) |
| 194 | krb5_cc_destroy(authctxt->krb5_ctx, ccache); | 204 | krb5_cc_destroy(authctxt->krb5_ctx, ccache); |
| 195 | 205 | ||
| 196 | if (authctxt->krb5_ctx != NULL && problem!=-1) | 206 | if (authctxt->krb5_ctx != NULL && problem!=-1) { |
| 197 | debug("Kerberos password authentication failed: %s", | 207 | errmsg = krb5_get_error_message(authctxt->krb5_ctx, |
| 198 | krb5_get_err_text(authctxt->krb5_ctx, problem)); | 208 | problem); |
| 199 | else | 209 | debug("Kerberos password authentication failed: %s", |
| 210 | errmsg); | ||
| 211 | krb5_free_error_message(authctxt->krb5_ctx, errmsg); | ||
| 212 | } else | ||
| 200 | debug("Kerberos password authentication failed: %d", | 213 | debug("Kerberos password authentication failed: %d", |
| 201 | problem); | 214 | problem); |
| 202 | 215 | ||