X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/7e82606eb98e6071e4ad650b91a75933c1358485..c9cb09989dd57ca4d9be56ef7f7bc8a5b9a59b78:/openssh/gss-serv-krb5.c diff --git a/openssh/gss-serv-krb5.c b/openssh/gss-serv-krb5.c index 24929dc..bea0eae 100644 --- a/openssh/gss-serv-krb5.c +++ b/openssh/gss-serv-krb5.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv-krb5.c,v 1.3 2004/07/21 10:36:23 djm Exp $ */ +/* $OpenBSD: gss-serv-krb5.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -29,21 +29,29 @@ #ifdef GSSAPI #ifdef KRB5 -#include "auth.h" +#include + +#include +#include + #include "xmalloc.h" +#include "key.h" +#include "hostfile.h" +#include "auth.h" #include "log.h" #include "servconf.h" +#include "buffer.h" #include "ssh-gss.h" extern ServerOptions options; #ifdef HEIMDAL # include -#else -# ifdef HAVE_GSSAPI_KRB5 +#elif !defined(MECHGLUE) +# ifdef HAVE_GSSAPI_KRB5_H # include -# elif HAVE_GSSAPI_GSSAPI_KRB5 +# elif HAVE_GSSAPI_GSSAPI_KRB5_H # include # endif #endif @@ -64,16 +72,6 @@ ssh_gssapi_mech gssapi_kerberos_mech = { &ssh_gssapi_krb5_storecreds }; -ssh_gssapi_mech gssapi_kerberos_mech_old = { - "Se3H81ismmOC3OE+FwYCiQ==", - "Kerberos", - {9, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"}, - &ssh_gssapi_krb5_init, - &ssh_gssapi_krb5_userok, - &ssh_gssapi_krb5_localname, - &ssh_gssapi_krb5_storecreds -}; - /* Initialise the krb5 library, for the stuff that GSSAPI won't do */ static int @@ -89,9 +87,6 @@ ssh_gssapi_krb5_init(void) logit("Cannot initialize krb5 context"); return 0; } -#ifdef KRB5_INIT_ETS - krb5_init_ets(krb_context); -#endif return 1; } @@ -169,6 +164,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) OM_uint32 maj_status, min_status; gss_cred_id_t krb5_cred_handle; int len; + const char *new_ccname; if (client->creds == NULL) { debug("No credentials stored"); @@ -185,34 +181,10 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) return; } #else - { - int tmpfd; - char ccname[40]; - mode_t old_umask; - - snprintf(ccname, sizeof(ccname), - "FILE:/tmp/krb5cc_%d_XXXXXX", geteuid()); - - old_umask = umask(0177); - tmpfd = mkstemp(ccname + strlen("FILE:")); - umask(old_umask); - if (tmpfd == -1) { - logit("mkstemp(): %.100s", strerror(errno)); - problem = errno; - return; - } - if (fchmod(tmpfd, S_IRUSR | S_IWUSR) == -1) { - logit("fchmod(): %.100s", strerror(errno)); - close(tmpfd); - problem = errno; - return; - } - close(tmpfd); - if ((problem = krb5_cc_resolve(krb_context, ccname, &ccache))) { - logit("krb5_cc_resolve(): %.100s", - krb5_get_err_text(krb_context, problem)); - return; - } + if ((problem = ssh_krb5_cc_gen(krb_context, &ccache))) { + logit("ssh_krb5_cc_gen(): %.100s", + krb5_get_err_text(krb_context, problem)); + return; } #endif /* #ifdef HEIMDAL */ @@ -249,11 +221,16 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) return; } - client->store.filename = xstrdup(krb5_cc_get_name(krb_context, ccache)); + new_ccname = krb5_cc_get_name(krb_context, ccache); + client->store.envvar = "KRB5CCNAME"; - len = strlen(client->store.filename) + 6; - client->store.envval = xmalloc(len); - snprintf(client->store.envval, len, "FILE:%s", client->store.filename); +#ifdef USE_CCAPI + xasprintf(&client->store.envval, "API:%s", new_ccname); + client->store.filename = NULL; +#else + xasprintf(&client->store.envval, "FILE:%s", new_ccname); + client->store.filename = xstrdup(new_ccname); +#endif #ifdef USE_PAM if (options.use_pam)