diff options
Diffstat (limited to 'auth-krb5.c')
| -rw-r--r-- | auth-krb5.c | 57 |
1 files changed, 31 insertions, 26 deletions
diff --git a/auth-krb5.c b/auth-krb5.c index 2f742534a..c7367b49a 100644 --- a/auth-krb5.c +++ b/auth-krb5.c | |||
| @@ -54,9 +54,6 @@ krb5_init(void *context) | |||
| 54 | problem = krb5_init_context(&authctxt->krb5_ctx); | 54 | problem = krb5_init_context(&authctxt->krb5_ctx); |
| 55 | if (problem) | 55 | if (problem) |
| 56 | return (problem); | 56 | return (problem); |
| 57 | #ifdef KRB5_INIT_ETS | ||
| 58 | krb5_init_ets(authctxt->krb5_ctx); | ||
| 59 | #endif | ||
| 60 | } | 57 | } |
| 61 | return (0); | 58 | return (0); |
| 62 | } | 59 | } |
| @@ -67,9 +64,6 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
| 67 | #ifndef HEIMDAL | 64 | #ifndef HEIMDAL |
| 68 | krb5_creds creds; | 65 | krb5_creds creds; |
| 69 | krb5_principal server; | 66 | krb5_principal server; |
| 70 | char ccname[40]; | ||
| 71 | int tmpfd; | ||
| 72 | mode_t old_umask; | ||
| 73 | #endif | 67 | #endif |
| 74 | krb5_error_code problem; | 68 | krb5_error_code problem; |
| 75 | krb5_ccache ccache = NULL; | 69 | krb5_ccache ccache = NULL; |
| @@ -146,26 +140,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
| 146 | goto out; | 140 | goto out; |
| 147 | } | 141 | } |
| 148 | 142 | ||
| 149 | snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid()); | 143 | problem = ssh_krb5_cc_gen(authctxt->krb5_ctx, &authctxt->krb5_fwd_ccache); |
| 150 | |||
| 151 | old_umask = umask(0177); | ||
| 152 | tmpfd = mkstemp(ccname + strlen("FILE:")); | ||
| 153 | umask(old_umask); | ||
| 154 | if (tmpfd == -1) { | ||
| 155 | logit("mkstemp(): %.100s", strerror(errno)); | ||
| 156 | problem = errno; | ||
| 157 | goto out; | ||
| 158 | } | ||
| 159 | |||
| 160 | if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) { | ||
| 161 | logit("fchmod(): %.100s", strerror(errno)); | ||
| 162 | close(tmpfd); | ||
| 163 | problem = errno; | ||
| 164 | goto out; | ||
| 165 | } | ||
| 166 | close(tmpfd); | ||
| 167 | |||
| 168 | problem = krb5_cc_resolve(authctxt->krb5_ctx, ccname, &authctxt->krb5_fwd_ccache); | ||
| 169 | if (problem) | 144 | if (problem) |
| 170 | goto out; | 145 | goto out; |
| 171 | 146 | ||
| @@ -234,4 +209,34 @@ krb5_cleanup_proc(Authctxt *authctxt) | |||
| 234 | } | 209 | } |
| 235 | } | 210 | } |
| 236 | 211 | ||
| 212 | #ifndef HEIMDAL | ||
| 213 | krb5_error_code | ||
| 214 | ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { | ||
| 215 | int tmpfd, ret; | ||
| 216 | char ccname[40]; | ||
| 217 | mode_t old_umask; | ||
| 218 | |||
| 219 | ret = snprintf(ccname, sizeof(ccname), | ||
| 220 | "FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid()); | ||
| 221 | if (ret == -1 || ret >= sizeof(ccname)) | ||
| 222 | return ENOMEM; | ||
| 223 | |||
| 224 | old_umask = umask(0177); | ||
| 225 | tmpfd = mkstemp(ccname + strlen("FILE:")); | ||
| 226 | umask(old_umask); | ||
| 227 | if (tmpfd == -1) { | ||
| 228 | logit("mkstemp(): %.100s", strerror(errno)); | ||
| 229 | return errno; | ||
| 230 | } | ||
| 231 | |||
| 232 | if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) { | ||
| 233 | logit("fchmod(): %.100s", strerror(errno)); | ||
| 234 | close(tmpfd); | ||
| 235 | return errno; | ||
| 236 | } | ||
| 237 | close(tmpfd); | ||
| 238 | |||
| 239 | return (krb5_cc_resolve(ctx, ccname, ccache)); | ||
| 240 | } | ||
| 241 | #endif /* !HEIMDAL */ | ||
| 237 | #endif /* KRB5 */ | 242 | #endif /* KRB5 */ |