1 files changed, 44 insertions, 26 deletions
diff --git a/auth-krb5.c b/auth-krb5.c
index 2f742534a..5f554a66b 100644
--- a/auth-krb5.c
+++ b/auth-krb5.c
@@ -54,9 +54,6 @@ krb5_init(void *context)
                problem = krb5_init_context(&authctxt->krb5_ctx);
                if (problem)
                        return (problem);
-#ifdef KRB5_INIT_ETS
-                krb5_init_ets(authctxt->krb5_ctx);
-#endif
        }
        return (0);
 }
@@ -67,9 +64,6 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
 #ifndef HEIMDAL
        krb5_creds creds;
        krb5_principal server;
-        char ccname[40];
-        int tmpfd;
-        mode_t old_umask;
 #endif
        krb5_error_code problem;
        krb5_ccache ccache = NULL;
@@ -146,26 +140,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
                goto out;
        }
-        snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid());
+        problem = ssh_krb5_cc_gen(authctxt->krb5_ctx, &authctxt->krb5_fwd_ccache);
-        old_umask = umask(0177);
-        tmpfd = mkstemp(ccname + strlen("FILE:"));
-        umask(old_umask);
-        if (tmpfd == -1) {
-                logit("mkstemp(): %.100s", strerror(errno));
-                problem = errno;
-                goto out;
-        }
-        if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) {
-                logit("fchmod(): %.100s", strerror(errno));
-                close(tmpfd);
-                problem = errno;
-                goto out;
-        }
-        close(tmpfd);
-        problem = krb5_cc_resolve(authctxt->krb5_ctx, ccname, &authctxt->krb5_fwd_ccache);
        if (problem)
                goto out;
@@ -184,8 +159,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
        len = strlen(authctxt->krb5_ticket_file) + 6;
        authctxt->krb5_ccname = xmalloc(len);
+#ifdef USE_CCAPI
+        snprintf(authctxt->krb5_ccname, len, "API:%s",
+            authctxt->krb5_ticket_file);
+#else
        snprintf(authctxt->krb5_ccname, len, "FILE:%s",
            authctxt->krb5_ticket_file);
+#endif
 #ifdef USE_PAM
        if (options.use_pam)
@@ -234,4 +214,42 @@ krb5_cleanup_proc(Authctxt *authctxt)
        }
 }
+#ifndef HEIMDAL
+krb5_error_code
+ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
+        int ret;
+        char ccname[40];
+        mode_t old_umask;
+#ifdef USE_CCAPI
+        char cctemplate[] = "API:krb5cc_%d";
+#else
+        char cctemplate[] = "FILE:/tmp/krb5cc_%d_XXXXXXXXXX";
+        int tmpfd;
+#endif
+        ret = snprintf(ccname, sizeof(ccname),
+            cctemplate, geteuid());
+        if (ret == -1 || ret >= (int) sizeof(ccname))
+                return ENOMEM;
+#ifndef USE_CCAPI
+        old_umask = umask(0177);
+        tmpfd = mkstemp(ccname + strlen("FILE:"));
+        umask(old_umask);
+        if (tmpfd == -1) {
+                logit("mkstemp(): %.100s", strerror(errno));
+                return errno;
+        }
+        if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) {
+                logit("fchmod(): %.100s", strerror(errno));
+                close(tmpfd);
+                return errno;
+        }
+        close(tmpfd);
+#endif
+        return (krb5_cc_resolve(ctx, ccname, ccache));
+}
+#endif /* !HEIMDAL */
 #endif /* KRB5 */