diff options
Diffstat (limited to 'gss-serv-krb5.c')
| -rw-r--r-- | gss-serv-krb5.c | 44 |
1 files changed, 25 insertions, 19 deletions
diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c index e7170ee41..c55446a0b 100644 --- a/gss-serv-krb5.c +++ b/gss-serv-krb5.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: gss-serv-krb5.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */ | 1 | /* $OpenBSD: gss-serv-krb5.c,v 1.8 2013/07/20 01:55:13 djm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. |
| @@ -48,12 +48,11 @@ extern ServerOptions options; | |||
| 48 | 48 | ||
| 49 | #ifdef HEIMDAL | 49 | #ifdef HEIMDAL |
| 50 | # include <krb5.h> | 50 | # include <krb5.h> |
| 51 | #else | 51 | #endif |
| 52 | # ifdef HAVE_GSSAPI_KRB5_H | 52 | #ifdef HAVE_GSSAPI_KRB5_H |
| 53 | # include <gssapi_krb5.h> | 53 | # include <gssapi_krb5.h> |
| 54 | # elif HAVE_GSSAPI_GSSAPI_KRB5_H | 54 | #elif HAVE_GSSAPI_GSSAPI_KRB5_H |
| 55 | # include <gssapi/gssapi_krb5.h> | 55 | # include <gssapi/gssapi_krb5.h> |
| 56 | # endif | ||
| 57 | #endif | 56 | #endif |
| 58 | 57 | ||
| 59 | static krb5_context krb_context = NULL; | 58 | static krb5_context krb_context = NULL; |
| @@ -87,14 +86,16 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name) | |||
| 87 | { | 86 | { |
| 88 | krb5_principal princ; | 87 | krb5_principal princ; |
| 89 | int retval; | 88 | int retval; |
| 89 | const char *errmsg; | ||
| 90 | 90 | ||
| 91 | if (ssh_gssapi_krb5_init() == 0) | 91 | if (ssh_gssapi_krb5_init() == 0) |
| 92 | return 0; | 92 | return 0; |
| 93 | 93 | ||
| 94 | if ((retval = krb5_parse_name(krb_context, client->exportedname.value, | 94 | if ((retval = krb5_parse_name(krb_context, client->exportedname.value, |
| 95 | &princ))) { | 95 | &princ))) { |
| 96 | logit("krb5_parse_name(): %.100s", | 96 | errmsg = krb5_get_error_message(krb_context, retval); |
| 97 | krb5_get_err_text(krb_context, retval)); | 97 | logit("krb5_parse_name(): %.100s", errmsg); |
| 98 | krb5_free_error_message(krb_context, errmsg); | ||
| 98 | return 0; | 99 | return 0; |
| 99 | } | 100 | } |
| 100 | if (krb5_kuserok(krb_context, princ, name)) { | 101 | if (krb5_kuserok(krb_context, princ, name)) { |
| @@ -120,6 +121,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) | |||
| 120 | krb5_principal princ; | 121 | krb5_principal princ; |
| 121 | OM_uint32 maj_status, min_status; | 122 | OM_uint32 maj_status, min_status; |
| 122 | int len; | 123 | int len; |
| 124 | const char *errmsg; | ||
| 123 | const char *new_ccname; | 125 | const char *new_ccname; |
| 124 | 126 | ||
| 125 | if (client->creds == NULL) { | 127 | if (client->creds == NULL) { |
| @@ -131,30 +133,34 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) | |||
| 131 | return; | 133 | return; |
| 132 | 134 | ||
| 133 | #ifdef HEIMDAL | 135 | #ifdef HEIMDAL |
| 134 | if ((problem = krb5_cc_gen_new(krb_context, &krb5_fcc_ops, &ccache))) { | 136 | if ((problem = krb5_cc_new_unique(krb_context, krb5_fcc_ops.prefix, |
| 135 | logit("krb5_cc_gen_new(): %.100s", | 137 | NULL, &ccache)) != 0) { |
| 136 | krb5_get_err_text(krb_context, problem)); | 138 | errmsg = krb5_get_error_message(krb_context, problem); |
| 139 | logit("krb5_cc_new_unique(): %.100s", errmsg); | ||
| 140 | krb5_free_error_message(krb_context, errmsg); | ||
| 137 | return; | 141 | return; |
| 138 | } | 142 | } |
| 139 | #else | 143 | #else |
| 140 | if ((problem = ssh_krb5_cc_gen(krb_context, &ccache))) { | 144 | if ((problem = ssh_krb5_cc_gen(krb_context, &ccache))) { |
| 141 | logit("ssh_krb5_cc_gen(): %.100s", | 145 | errmsg = krb5_get_error_message(krb_context, problem); |
| 142 | krb5_get_err_text(krb_context, problem)); | 146 | logit("ssh_krb5_cc_gen(): %.100s", errmsg); |
| 147 | krb5_free_error_message(krb_context, errmsg); | ||
| 143 | return; | 148 | return; |
| 144 | } | 149 | } |
| 145 | #endif /* #ifdef HEIMDAL */ | 150 | #endif /* #ifdef HEIMDAL */ |
| 146 | 151 | ||
| 147 | if ((problem = krb5_parse_name(krb_context, | 152 | if ((problem = krb5_parse_name(krb_context, |
| 148 | client->exportedname.value, &princ))) { | 153 | client->exportedname.value, &princ))) { |
| 149 | logit("krb5_parse_name(): %.100s", | 154 | errmsg = krb5_get_error_message(krb_context, problem); |
| 150 | krb5_get_err_text(krb_context, problem)); | 155 | logit("krb5_parse_name(): %.100s", errmsg); |
| 151 | krb5_cc_destroy(krb_context, ccache); | 156 | krb5_free_error_message(krb_context, errmsg); |
| 152 | return; | 157 | return; |
| 153 | } | 158 | } |
| 154 | 159 | ||
| 155 | if ((problem = krb5_cc_initialize(krb_context, ccache, princ))) { | 160 | if ((problem = krb5_cc_initialize(krb_context, ccache, princ))) { |
| 156 | logit("krb5_cc_initialize(): %.100s", | 161 | errmsg = krb5_get_error_message(krb_context, problem); |
| 157 | krb5_get_err_text(krb_context, problem)); | 162 | logit("krb5_cc_initialize(): %.100s", errmsg); |
| 163 | krb5_free_error_message(krb_context, errmsg); | ||
| 158 | krb5_free_principal(krb_context, princ); | 164 | krb5_free_principal(krb_context, princ); |
| 159 | krb5_cc_destroy(krb_context, ccache); | 165 | krb5_cc_destroy(krb_context, ccache); |
| 160 | return; | 166 | return; |