- (djm) OpenBSD CVS Sync

   - dugsong@cvs.openbsd.org 2001/11/11 18:47:10
     [auth-krb5.c]
     fix krb5 authorization check. found by <jhawk@MIT.EDU>. from
     art@, deraadt@ ok

diff --git a/ChangeLog b/ChangeLog
index 8c4c0c466321564be8b2b7ca2c1e2f0226383287..cfedda1d1a3e8d2c6cee93d4e26de21e4e571e92 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,11 @@
    do_authenticated. Call loginfailed for protocol 2 failures > MAX like 
    we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
    K.Wolkersdorfer@fz-juelich.de and others
+ - (djm) OpenBSD CVS Sync
+   - dugsong@cvs.openbsd.org 2001/11/11 18:47:10
+     [auth-krb5.c]
+     fix krb5 authorization check. found by <jhawk@MIT.EDU>. from 
+     art@, deraadt@ ok
 
 20011112
  - (djm) Makefile correctness fix from Mark D. Baushke <mdb@juniper.net>

diff --git a/auth-krb5.c b/auth-krb5.c
index 08c917459aff55ac01e2b6a1038808604e6f94a1..b56f43a92388f6a82e952136907866180bab3feb 100644 (file)
--- a/auth-krb5.c
+++ b/auth-krb5.c
@@ -2,7 +2,7 @@
  *    Kerberos v5 authentication and ticket-passing routines.
  * 
  * $FreeBSD: src/crypto/openssh/auth-krb5.c,v 1.6 2001/02/13 16:58:04 assar Exp $
- * $OpenBSD: auth-krb5.c,v 1.1 2001/06/26 16:15:23 dugsong Exp $
+ * $OpenBSD: auth-krb5.c,v 1.2 2001/11/12 01:47:09 dugsong Exp $
  */
 
 #include "includes.h"
@@ -52,8 +52,9 @@ auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client)
        krb5_principal server;
        krb5_data reply;
        krb5_ticket *ticket;
-       int fd;
-       
+       int fd, ret;
+
+       ret = 0;
        server = NULL;
        ticket = NULL;
        reply.length = 0;
@@ -107,7 +108,8 @@ auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client)
        packet_put_string((char *) reply.data, reply.length);
        packet_send();
        packet_write_wait();
-       
+
+       ret = 1;
  err:
        if (server)
                krb5_free_principal(authctxt->krb5_ctx, server);
@@ -116,12 +118,11 @@ auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client)
        if (reply.length)
                xfree(reply.data);
        
-       if (problem) {
+       if (problem)
                debug("Kerberos v5 authentication failed: %s",
                    krb5_get_err_text(authctxt->krb5_ctx, problem));
-               return (0);
-       }
-       return (1);
+
+       return (ret);
 }
 
 int