- (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok check

rather than full client name which may be of form user@REALM; patch from Miguel Sanders; ok dtucker@
2013-10-24 10:53:02 +11:00 · 2013-10-24 10:53:02 +11:00 · 8f18731914
parent 5b01b0dcb4
commit 8f18731914
2 changed files with 7 additions and 1 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+20131024
+ - (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok check
+   rather than full client name which may be of form user@REALM;
+   patch from Miguel Sanders; ok dtucker@
+
 20131023
 - (djm) OpenBSD CVS Sync
   - djm@cvs.openbsd.org 2013/10/20 04:39:28
--- a/auth-krb5.c
+++ b/auth-krb5.c
@ -157,7 +157,8 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
 	if (problem)
 		goto out;

-	if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, client)) {
+	if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user,
+	    authctxt->pw->pw_name)) {
 		problem = -1;
 		goto out;
 	}