- (djm) Big OpenBSD sync:

[openssh.git] / auth-krb4.c

diff --git a/auth-krb4.c b/auth-krb4.c
index 799cf261a70eba780d14fb06c6e678a6cc5f1e9a..21a9625e3569e4fa3bf1057dbea60dea15f0dc85 100644 (file)
--- a/auth-krb4.c
+++ b/auth-krb4.c
@@ -28,7 +28,7 @@
 #include "ssh.h"
 #include "servconf.h"
 
-RCSID("$OpenBSD: auth-krb4.c,v 1.18 2000/09/07 20:27:49 deraadt Exp $");
+RCSID("$OpenBSD: auth-krb4.c,v 1.19 2000/10/03 18:03:02 markus Exp $");
 
 #ifdef KRB4
 char *ticket = NULL;
@@ -280,6 +280,8 @@ auth_kerberos_tgt(struct passwd *pw, const char *string)
 {
        CREDENTIALS creds;
 
+       if (pw == NULL)
+               goto auth_kerberos_tgt_failure;
        if (!radix_to_creds(string, &creds)) {
                log("Protocol error decoding Kerberos V4 tgt");
                packet_send_debug("Protocol error decoding Kerberos V4 tgt");
@@ -334,8 +336,16 @@ int
 auth_afs_token(struct passwd *pw, const char *token_string)
 {
        CREDENTIALS creds;
-       uid_t uid = pw->pw_uid;
+       uid_t uid;
 
+       if (pw == NULL) {
+               /* XXX fake protocol error */
+               packet_send_debug("Protocol error decoding AFS token");
+               packet_start(SSH_SMSG_FAILURE);
+               packet_send();
+               packet_write_wait();
+               return 0;
+       }
        if (!radix_to_creds(token_string, &creds)) {
                log("Protocol error decoding AFS token");
                packet_send_debug("Protocol error decoding AFS token");
@@ -349,6 +359,8 @@ auth_afs_token(struct passwd *pw, const char *token_string)
 
        if (strncmp(creds.pname, "AFS ID ", 7) == 0)
                uid = atoi(creds.pname + 7);
+       else
+               uid = pw->pw_uid;
 
        if (kafs_settoken(creds.realm, uid, &creds)) {
                log("AFS token (%s@%s) rejected for %s", creds.pname, creds.realm,