Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Apply patch from lha@, via OpenBSD portable SSH's revision 1.11 of this file:

Browse Source 
mcc -> fcc; from Love Hörnquist Åstrand <lha@it.su.se>
  otherwise the kerberos credentinal is stored in a memory cache
  in the privileged sshd.

Presumably, this will also come in as part of a later OpenSSH release via
`cvs import', but this is worth having now.
This commit is contained in:
jwise 2003-07-28 15:50:17 +00:00
parent eb51573bd7
commit 3514116803
1 changed files with 24 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
crypto/dist/ssh/auth-krb5.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: auth-krb5.c,v 1.13 2003/07/10 01:09:41 lukem Exp $ */ /* $NetBSD: auth-krb5.c,v 1.14 2003/07/28 15:50:17 jwise Exp $ */
/* /*
* Kerberos v5 authentication and ticket-passing routines. * Kerberos v5 authentication and ticket-passing routines.
* *
@ -30,7 +30,7 @@
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: auth-krb5.c,v 1.10 2002/11/21 23:03:51 deraadt Exp $"); RCSID("$OpenBSD: auth-krb5.c,v 1.10 2002/11/21 23:03:51 deraadt Exp $");
__RCSID("$NetBSD: auth-krb5.c,v 1.13 2003/07/10 01:09:41 lukem Exp $"); __RCSID("$NetBSD: auth-krb5.c,v 1.14 2003/07/28 15:50:17 jwise Exp $");
#include "ssh.h" #include "ssh.h"
#include "ssh1.h" #include "ssh1.h"
@ -210,6 +210,7 @@ int
auth_krb5_password(Authctxt *authctxt, const char *password) auth_krb5_password(Authctxt *authctxt, const char *password)
{ {
krb5_error_code problem; krb5_error_code problem;
krb5_ccache ccache = NULL;
if (authctxt->pw == NULL) if (authctxt->pw == NULL)
return (0); return (0);
@ -225,21 +226,34 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
if (problem) if (problem)
goto out; goto out;
problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, &ccache);
&authctxt->krb5_fwd_ccache);
if (problem) if (problem)
goto out; goto out;
problem = krb5_cc_initialize(authctxt->krb5_ctx, problem = krb5_cc_initialize(authctxt->krb5_ctx, ccache,
authctxt->krb5_fwd_ccache, authctxt->krb5_user); authctxt->krb5_user);
if (problem) if (problem)
goto out; goto out;
restore_uid(); restore_uid();
problem = krb5_verify_user(authctxt->krb5_ctx, authctxt->krb5_user, problem = krb5_verify_user(authctxt->krb5_ctx, authctxt->krb5_user,
authctxt->krb5_fwd_ccache, password, 1, NULL); ccache, password, 1, NULL);
temporarily_use_uid(authctxt->pw); temporarily_use_uid(authctxt->pw);
if (problem)
goto out;
problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops,
&authctxt->krb5_fwd_ccache);
if (problem)
goto out;
problem = krb5_cc_copy_cache(authctxt->krb5_ctx, ccache,
authctxt->krb5_fwd_ccache);
krb5_cc_destroy(authctxt->krb5_ctx, ccache);
ccache = NULL;
if (problem) if (problem)
goto out; goto out;
@ -249,6 +263,9 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
restore_uid(); restore_uid();
if (problem) { if (problem) {
if (ccache)
krb5_cc_destroy(authctxt->krb5_ctx, ccache);
if (authctxt->krb5_ctx != NULL) if (authctxt->krb5_ctx != NULL)
debug("Kerberos password authentication failed: %s", debug("Kerberos password authentication failed: %s",
krb5_get_err_text(authctxt->krb5_ctx, problem)); krb5_get_err_text(authctxt->krb5_ctx, problem));