- markus@cvs.openbsd.org 2002/09/24 08:46:04

[monitor.c] only call kerberos code for authctxt->valid
2002-09-25 12:20:17 +10:00 · 2002-09-25 12:20:17 +10:00 · ef73f50a12
parent 7db40c9e2e
commit ef73f50a12
2 changed files with 7 additions and 3 deletions
--- a/5
+++ b/5
@ -7,6 +7,9 @@
   - markus@cvs.openbsd.org 2002/09/23 22:11:05
     [monitor.c]
     only call auth_krb5 if kerberos is enabled; ok deraadt@
+   - markus@cvs.openbsd.org 2002/09/24 08:46:04
+     [monitor.c]
+     only call kerberos code for authctxt->valid

 20020923
 - (tim) [configure.ac] s/return/exit/ patch by dtucker@zip.com.au
@ -706,4 +709,4 @@
     save auth method before monitor_reset_key_state(); bugzilla bug #284;
     ok provos@

-$Id: ChangeLog,v 1.2478 2002/09/25 02:19:39 djm Exp $
+$Id: ChangeLog,v 1.2479 2002/09/25 02:20:17 djm Exp $
--- a/monitor.c
+++ b/monitor.c
@ -25,7 +25,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.27 2002/09/23 22:11:05 markus Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.28 2002/09/24 08:46:04 markus Exp $");

 #include <openssl/dh.h>

@ -1299,7 +1299,8 @@ mm_answer_krb5(int socket, Buffer *m)
 	tkt.data = buffer_get_string(m, &len);
 	tkt.length = len;

-	success = (options.kerberos_authentication == 1) &&
+	success = options.kerberos_authentication &&
+	    authctxt->valid &&
 	    auth_krb5(authctxt, &tkt, &client_user, &reply);

 	if (tkt.length)