From 61b05cfdda61737f2d8999e3849dfaea1127f19e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 14 Nov 2001 00:02:10 +1100 Subject: [PATCH] - (djm) OpenBSD CVS Sync - dugsong@cvs.openbsd.org 2001/11/11 18:47:10 [auth-krb5.c] fix krb5 authorization check. found by . from art@, deraadt@ ok --- ChangeLog | 7 ++++++- auth-krb5.c | 17 +++++++++-------- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index e1b17aaea..75fc22350 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,11 @@ do_authenticated. Call loginfailed for protocol 2 failures > MAX like we do for protocol 1. Reports from Ralf Wenk , K.Wolkersdorfer@fz-juelich.de and others + - (djm) OpenBSD CVS Sync + - dugsong@cvs.openbsd.org 2001/11/11 18:47:10 + [auth-krb5.c] + fix krb5 authorization check. found by . from + art@, deraadt@ ok 20011112 - (djm) Makefile correctness fix from Mark D. Baushke @@ -6895,4 +6900,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1659 2001/11/13 12:46:18 djm Exp $ +$Id: ChangeLog,v 1.1660 2001/11/13 13:02:10 djm Exp $ diff --git a/auth-krb5.c b/auth-krb5.c index 08c917459..b56f43a92 100644 --- a/auth-krb5.c +++ b/auth-krb5.c @@ -2,7 +2,7 @@ * Kerberos v5 authentication and ticket-passing routines. * * $FreeBSD: src/crypto/openssh/auth-krb5.c,v 1.6 2001/02/13 16:58:04 assar Exp $ - * $OpenBSD: auth-krb5.c,v 1.1 2001/06/26 16:15:23 dugsong Exp $ + * $OpenBSD: auth-krb5.c,v 1.2 2001/11/12 01:47:09 dugsong Exp $ */ #include "includes.h" @@ -52,8 +52,9 @@ auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client) krb5_principal server; krb5_data reply; krb5_ticket *ticket; - int fd; - + int fd, ret; + + ret = 0; server = NULL; ticket = NULL; reply.length = 0; @@ -107,7 +108,8 @@ auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client) packet_put_string((char *) reply.data, reply.length); packet_send(); packet_write_wait(); - + + ret = 1; err: if (server) krb5_free_principal(authctxt->krb5_ctx, server); @@ -116,12 +118,11 @@ auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client) if (reply.length) xfree(reply.data); - if (problem) { + if (problem) debug("Kerberos v5 authentication failed: %s", krb5_get_err_text(authctxt->krb5_ctx, problem)); - return (0); - } - return (1); + + return (ret); } int