Commit 63ddc899 authored by Damien Miller's avatar Damien Miller

- djm@cvs.openbsd.org 2013/07/20 01:55:13

     [auth-krb5.c gss-serv-krb5.c gss-serv.c]
     fix kerberos/GSSAPI deprecation warnings and linking; "looks okay" millert@
parent 1f0e86f2
......@@ -16,6 +16,9 @@
[ssh-agent.c]
call cleanup_handler on SIGINT when in debug mode to ensure sockets
are cleaned up on manual exit; bz#2120
- djm@cvs.openbsd.org 2013/07/20 01:55:13
[auth-krb5.c gss-serv-krb5.c gss-serv.c]
fix kerberos/GSSAPI deprecation warnings and linking; "looks okay" millert@
20130718
- (djm) OpenBSD CVS Sync
......
/* $OpenBSD: auth-krb5.c,v 1.19 2006/08/03 03:34:41 deraadt Exp $ */
/* $OpenBSD: auth-krb5.c,v 1.20 2013/07/20 01:55:13 djm Exp $ */
/*
* Kerberos v5 authentication and ticket-passing routines.
*
......@@ -79,6 +79,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
krb5_ccache ccache = NULL;
int len;
char *client, *platform_client;
const char *errmsg;
/* get platform-specific kerberos client principal name (if it exists) */
platform_client = platform_krb5_get_principal_name(authctxt->pw->pw_name);
......@@ -96,7 +97,8 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
goto out;
#ifdef HEIMDAL
problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, &ccache);
problem = krb5_cc_new_unique(authctxt->krb5_ctx,
krb5_mcc_ops.prefix, NULL, &ccache);
if (problem)
goto out;
......@@ -115,8 +117,8 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
if (problem)
goto out;
problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops,
&authctxt->krb5_fwd_ccache);
problem = krb5_cc_new_unique(authctxt->krb5_ctx,
krb5_fcc_ops.prefix, NULL, &authctxt->krb5_fwd_ccache);
if (problem)
goto out;
......@@ -187,10 +189,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
if (ccache)
krb5_cc_destroy(authctxt->krb5_ctx, ccache);
if (authctxt->krb5_ctx != NULL && problem!=-1)
debug("Kerberos password authentication failed: %s",
krb5_get_err_text(authctxt->krb5_ctx, problem));
else
if (authctxt->krb5_ctx != NULL && problem!=-1) {
errmsg = krb5_get_error_message(authctxt->krb5_ctx,
problem);
debug("Kerberos password authentication failed: %s",
errmsg);
krb5_free_error_message(authctxt->krb5_ctx, errmsg);
} else
debug("Kerberos password authentication failed: %d",
problem);
......
/* $OpenBSD: gss-serv-krb5.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
/* $OpenBSD: gss-serv-krb5.c,v 1.8 2013/07/20 01:55:13 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
......@@ -48,12 +48,11 @@ extern ServerOptions options;
#ifdef HEIMDAL
# include <krb5.h>
#else
# ifdef HAVE_GSSAPI_KRB5_H
# include <gssapi_krb5.h>
# elif HAVE_GSSAPI_GSSAPI_KRB5_H
# include <gssapi/gssapi_krb5.h>
# endif
#endif
#ifdef HAVE_GSSAPI_KRB5_H
# include <gssapi_krb5.h>
#elif HAVE_GSSAPI_GSSAPI_KRB5_H
# include <gssapi/gssapi_krb5.h>
#endif
static krb5_context krb_context = NULL;
......@@ -87,14 +86,16 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name)
{
krb5_principal princ;
int retval;
const char *errmsg;
if (ssh_gssapi_krb5_init() == 0)
return 0;
if ((retval = krb5_parse_name(krb_context, client->exportedname.value,
&princ))) {
logit("krb5_parse_name(): %.100s",
krb5_get_err_text(krb_context, retval));
errmsg = krb5_get_error_message(krb_context, retval);
logit("krb5_parse_name(): %.100s", errmsg);
krb5_free_error_message(krb_context, errmsg);
return 0;
}
if (krb5_kuserok(krb_context, princ, name)) {
......@@ -120,6 +121,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
krb5_principal princ;
OM_uint32 maj_status, min_status;
int len;
const char *errmsg;
if (client->creds == NULL) {
debug("No credentials stored");
......@@ -130,30 +132,34 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
return;
#ifdef HEIMDAL
if ((problem = krb5_cc_gen_new(krb_context, &krb5_fcc_ops, &ccache))) {
logit("krb5_cc_gen_new(): %.100s",
krb5_get_err_text(krb_context, problem));
if ((problem = krb5_cc_new_unique(krb_context, krb5_fcc_ops.prefix,
NULL, &ccache)) != 0) {
errmsg = krb5_get_error_message(krb_context, problem);
logit("krb5_cc_new_unique(): %.100s", errmsg);
krb5_free_error_message(krb_context, errmsg);
return;
}
#else
if ((problem = ssh_krb5_cc_gen(krb_context, &ccache))) {
logit("ssh_krb5_cc_gen(): %.100s",
krb5_get_err_text(krb_context, problem));
errmsg = krb5_get_error_message(krb_context, problem);
logit("ssh_krb5_cc_gen(): %.100s", errmsg);
krb5_free_error_message(krb_context, errmsg);
return;
}
#endif /* #ifdef HEIMDAL */
if ((problem = krb5_parse_name(krb_context,
client->exportedname.value, &princ))) {
logit("krb5_parse_name(): %.100s",
krb5_get_err_text(krb_context, problem));
krb5_cc_destroy(krb_context, ccache);
errmsg = krb5_get_error_message(krb_context, problem);
logit("krb5_parse_name(): %.100s", errmsg);
krb5_free_error_message(krb_context, errmsg);
return;
}
if ((problem = krb5_cc_initialize(krb_context, ccache, princ))) {
logit("krb5_cc_initialize(): %.100s",
krb5_get_err_text(krb_context, problem));
errmsg = krb5_get_error_message(krb_context, problem);
logit("krb5_cc_initialize(): %.100s", errmsg);
krb5_free_error_message(krb_context, errmsg);
krb5_free_principal(krb_context, princ);
krb5_cc_destroy(krb_context, ccache);
return;
......
/* $OpenBSD: gss-serv.c,v 1.23 2011/08/01 19:18:15 markus Exp $ */
/* $OpenBSD: gss-serv.c,v 1.24 2013/07/20 01:55:13 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
......@@ -50,7 +50,7 @@
static ssh_gssapi_client gssapi_client =
{ GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}};
GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL, NULL}};
ssh_gssapi_mech gssapi_null_mech =
{ NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL};
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment