From ef73f50a1218b3ce0143131fd71c4061a9a4a83e Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Wed, 25 Sep 2002 12:20:17 +1000
Subject:    - markus@cvs.openbsd.org 2002/09/24 08:46:04      [monitor.c]     
 only call kerberos code for authctxt->valid

---
 ChangeLog | 5 ++++-
 monitor.c | 5 +++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 18dbc784b..f6aa78cee 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,9 @@
    - markus@cvs.openbsd.org 2002/09/23 22:11:05
      [monitor.c]
      only call auth_krb5 if kerberos is enabled; ok deraadt@
+   - markus@cvs.openbsd.org 2002/09/24 08:46:04
+     [monitor.c]
+     only call kerberos code for authctxt->valid
 
 20020923
  - (tim) [configure.ac] s/return/exit/ patch by dtucker@zip.com.au
@@ -706,4 +709,4 @@
      save auth method before monitor_reset_key_state(); bugzilla bug #284;
      ok provos@
 
-$Id: ChangeLog,v 1.2478 2002/09/25 02:19:39 djm Exp $
+$Id: ChangeLog,v 1.2479 2002/09/25 02:20:17 djm Exp $
diff --git a/monitor.c b/monitor.c
index 69a51fc98..e07e97eac 100644
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.27 2002/09/23 22:11:05 markus Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.28 2002/09/24 08:46:04 markus Exp $");
 
 #include <openssl/dh.h>
 
@@ -1299,7 +1299,8 @@ mm_answer_krb5(int socket, Buffer *m)
 	tkt.data = buffer_get_string(m, &len);
 	tkt.length = len;
 
-	success = (options.kerberos_authentication == 1) &&
+	success = options.kerberos_authentication &&
+	    authctxt->valid &&
 	    auth_krb5(authctxt, &tkt, &client_user, &reply);
 
 	if (tkt.length)
-- 
cgit v1.2.3