- (tim) [config.guess config.sub] Update to '2005-05-27' version.

[openssh.git] / auth-krb5.c

diff --git a/auth-krb5.c b/auth-krb5.c
index baa1a631751330bd387def494ce8e746ed7fd442..2f742534aa9af249352a1942d501f785d1859417 100644 (file)
--- a/auth-krb5.c
+++ b/auth-krb5.c
@@ -69,9 +69,11 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
        krb5_principal server;
        char ccname[40];
        int tmpfd;
+       mode_t old_umask;
 #endif
        krb5_error_code problem;
        krb5_ccache ccache = NULL;
+       int len;
 
        if (!authctxt->valid)
                return (0);
@@ -146,7 +148,10 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
 
        snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid());
 
-       if ((tmpfd = mkstemp(ccname+strlen("FILE:")))==-1) {
+       old_umask = umask(0177);
+       tmpfd = mkstemp(ccname + strlen("FILE:"));
+       umask(old_umask);
+       if (tmpfd == -1) {
                logit("mkstemp(): %.100s", strerror(errno));
                problem = errno;
                goto out;
@@ -177,6 +182,16 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
 
        authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache);
 
+       len = strlen(authctxt->krb5_ticket_file) + 6;
+       authctxt->krb5_ccname = xmalloc(len);
+       snprintf(authctxt->krb5_ccname, len, "FILE:%s",
+           authctxt->krb5_ticket_file);
+
+#ifdef USE_PAM
+       if (options.use_pam)
+               do_pam_putenv("KRB5CCNAME", authctxt->krb5_ccname);
+#endif
+
  out:
        restore_uid();