Import of OpenSSH 3.8p1

[gssapi-openssh.git] / openssh / auth-krb5.c

diff --git a/openssh/auth-krb5.c b/openssh/auth-krb5.c
index 0aa5195b892f0a59cd92bd63990d3c868045272f..85949247836df32607f558f0aaa16345ebd9e66b 100644 (file)
--- a/openssh/auth-krb5.c
+++ b/openssh/auth-krb5.c
@@ -28,7 +28,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-krb5.c,v 1.12 2003/08/28 12:54:34 markus Exp $");
+RCSID("$OpenBSD: auth-krb5.c,v 1.15 2003/11/21 11:57:02 djm Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -40,7 +40,6 @@ RCSID("$OpenBSD: auth-krb5.c,v 1.12 2003/08/28 12:54:34 markus Exp $");
 #include "auth.h"
 
 #ifdef KRB5
-
 #include <krb5.h>
 
 extern ServerOptions    options;
@@ -50,7 +49,6 @@ krb5_init(void *context)
 {
        Authctxt *authctxt = (Authctxt *)context;
        krb5_error_code problem;
-       static int cleanup_registered = 0;
 
        if (authctxt->krb5_ctx == NULL) {
                problem = krb5_init_context(&authctxt->krb5_ctx);
@@ -58,10 +56,6 @@ krb5_init(void *context)
                        return (problem);
                krb5_init_ets(authctxt->krb5_ctx);
        }
-       if (!cleanup_registered) {
-               fatal_add_cleanup(krb5_cleanup_proc, authctxt);
-               cleanup_registered = 1;
-       }
        return (0);
 }
 
@@ -73,11 +67,11 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
        krb5_principal server;
        char ccname[40];
        int tmpfd;
-#endif 
+#endif
        krb5_error_code problem;
        krb5_ccache ccache = NULL;
 
-       if (authctxt->pw == NULL)
+       if (!authctxt->valid)
                return (0);
 
        temporarily_use_uid(authctxt->pw);
@@ -102,14 +96,15 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
                goto out;
 
        restore_uid();
-       
+
        problem = krb5_verify_user(authctxt->krb5_ctx, authctxt->krb5_user,
            ccache, password, 1, NULL);
-       
+
        temporarily_use_uid(authctxt->pw);
 
        if (problem)
                goto out;
+
        problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops,
            &authctxt->krb5_fwd_ccache);
        if (problem)
@@ -140,21 +135,21 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
        temporarily_use_uid(authctxt->pw);
        if (problem)
                goto out;
-       
-       if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, 
+
+       if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user,
                          authctxt->pw->pw_name)) {
                problem = -1;
                goto out;
-       } 
+       }
 
        snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid());
-       
+
        if ((tmpfd = mkstemp(ccname+strlen("FILE:")))==-1) {
                logit("mkstemp(): %.100s", strerror(errno));
                problem = errno;
                goto out;
        }
-       
+
        if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) {
                logit("fchmod(): %.100s", strerror(errno));
                close(tmpfd);
@@ -171,12 +166,12 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
                                     authctxt->krb5_user);
        if (problem)
                goto out;
-                               
+
        problem= krb5_cc_store_cred(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache,
                                 &creds);
        if (problem)
                goto out;
-#endif         
+#endif
 
        authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache);
 
@@ -205,10 +200,8 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
 }
 
 void
-krb5_cleanup_proc(void *context)
+krb5_cleanup_proc(Authctxt *authctxt)
 {
-       Authctxt *authctxt = (Authctxt *)context;
-
        debug("krb5_cleanup_proc called");
        if (authctxt->krb5_fwd_ccache) {
                krb5_cc_destroy(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache);