[auth-krb5.c]
Perform Kerberos calls even for invalid users to prevent leaking
information about account validity. bz #975, patch originally from
Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@,
ok markus@
will pull it in. At the moment it gets pulled in by sys/select.h
(which ssh has no business including) via event.h. OK markus@
(ID sync only in -portable)
+ - dtucker@cvs.openbsd.org 2005/11/21 09:42:10
+ [auth-krb5.c]
+ Perform Kerberos calls even for invalid users to prevent leaking
+ information about account validity. bz #975, patch originally from
+ Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@,
+ ok markus@
20051120
- (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining what
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-krb5.c,v 1.15 2003/11/21 11:57:02 djm Exp $");
+RCSID("$OpenBSD: auth-krb5.c,v 1.16 2005/11/21 09:42:10 dtucker Exp $");
#include "ssh.h"
#include "ssh1.h"
krb5_ccache ccache = NULL;
int len;
- if (!authctxt->valid)
- return (0);
-
temporarily_use_uid(authctxt->pw);
problem = krb5_init(authctxt);
else
return (0);
}
- return (1);
+ return (authctxt->valid ? 1 : 0);
}
void