Attachment #185 for bug #456

View | Details | Raw Unified | Return to bug 456
Collapse All | Expand All

Lines 161-166 Link Here

(-)auth-krb5.c.orig (-1 / +3 lines)
161	else	161	else
162	debug("Kerberos v5 authentication failed: %d",	162	debug("Kerberos v5 authentication failed: %d",
163	problem);	163	problem);
		164	krb5_cleanup_proc(authctxt);
164	}	165	}
165		166
166	return (ret);	167	return (ret);
Lines 174-180 Link Here
174	char *pname;	175	char *pname;
175	krb5_creds **creds;	176	krb5_creds **creds;
176		177
177	if (authctxt->pw == NULL \|\| authctxt->krb5_user == NULL)	178	if (authctxt->pw == NULL \|\| authctxt->krb5_user == NULL \|\|
		179	authctxt->krb5_auth_ctx == NULL)
178	return (0);	180	return (0);
179		181
180	temporarily_use_uid(authctxt->pw);	182	temporarily_use_uid(authctxt->pw);




	int type;
	krb5_ap_rep_enc_part *reply = NULL;
	int ret;
	krb5_context ctx = NULL;
	krb5_auth_context auth_ctx = NULL;


	memset(&ap, 0, sizeof(ap));

	problem = krb5_init_context(&ctx);
	if (problem) {
		debug("Kerberos v5: krb5_init_context failed");
		ret = 0;
		goto out;
	}
	
	problem = krb5_auth_con_init(ctx, &auth_ctx);
	if (problem) {
		debug("Kerberos v5: krb5_auth_con_init failed");
		ret = 0;

	}

#ifndef HEIMDAL
	problem = krb5_auth_con_setflags(ctx, auth_ctx,
					 KRB5_AUTH_CONTEXT_RET_TIME);
	if (problem) {
		debug("Keberos v5: krb5_auth_con_setflags failed");

	}
#endif

	tkfile = krb5_cc_default_name(ctx);
	if (strncmp(tkfile, "FILE:", 5) == 0)
		tkfile += 5;


		goto out;
	}

	problem = krb5_cc_default(ctx, &ccache);
	if (problem) {
		debug("Kerberos v5: krb5_cc_default failed: %s",
		    krb5_get_err_text(ctx, problem));
		ret = 0;
		goto out;
	}

	remotehost = get_canonical_hostname(1);

	problem = krb5_mk_req(ctx, &auth_ctx, AP_OPTS_MUTUAL_REQUIRED,
	    "host", remotehost, NULL, ccache, &ap);
	if (problem) {
		debug("Kerberos v5: krb5_mk_req failed: %s",
		    krb5_get_err_text(ctx, problem));
		ret = 0;
		goto out;
	}

		packet_check_eom();
		/* XXX je to dobre? */

		problem = krb5_rd_rep(ctx, auth_ctx, &ap, &reply);
		if (problem) {
			ret = 0;
		}


	}

	*context = ctx;
	ctx = NULL;
	*auth_context = auth_ctx;
	auth_ctx = NULL;

 out:
	if (ccache != NULL)
		krb5_cc_close(ctx, ccache);
	if (reply != NULL)
		krb5_free_ap_rep_enc_part(ctx, reply);
	if (ap.length > 0)
#ifdef HEIMDAL
		krb5_data_free(&ap);
#else
		krb5_free_data_contents(ctx, &ap);
#endif
	if (auth_ctx != NULL)
		krb5_auth_con_free(ctx, auth_ctx);

	if (ctx != NULL)
		krb5_free_context(ctx);

	return (ret);
}

Return to bug 456

Lines 515-531 Link Here

(-)sshconnect1.c.orig (-12 / +25 lines)
515	int type;	515	int type;
516	krb5_ap_rep_enc_part *reply = NULL;	516	krb5_ap_rep_enc_part *reply = NULL;
517	int ret;	517	int ret;
		518	krb5_context ctx = NULL;
		519	krb5_auth_context auth_ctx = NULL;
		520
518		521
519	memset(&ap, 0, sizeof(ap));	522	memset(&ap, 0, sizeof(ap));
520		523
521	problem = krb5_init_context(context);	524	problem = krb5_init_context(&ctx);
522	if (problem) {	525	if (problem) {
523	debug("Kerberos v5: krb5_init_context failed");	526	debug("Kerberos v5: krb5_init_context failed");
524	ret = 0;	527	ret = 0;
525	goto out;	528	goto out;
526	}	529	}
527		530
528	problem = krb5_auth_con_init(*context, auth_context);	531	problem = krb5_auth_con_init(ctx, &auth_ctx);
529	if (problem) {	532	if (problem) {
530	debug("Kerberos v5: krb5_auth_con_init failed");	533	debug("Kerberos v5: krb5_auth_con_init failed");
531	ret = 0;	534	ret = 0;
Lines 533-539 Link Here
533	}	536	}
534		537
535	#ifndef HEIMDAL	538	#ifndef HEIMDAL
536	problem = krb5_auth_con_setflags(context, auth_context,	539	problem = krb5_auth_con_setflags(ctx, auth_ctx,
537	KRB5_AUTH_CONTEXT_RET_TIME);	540	KRB5_AUTH_CONTEXT_RET_TIME);
538	if (problem) {	541	if (problem) {
539	debug("Keberos v5: krb5_auth_con_setflags failed");	542	debug("Keberos v5: krb5_auth_con_setflags failed");
Lines 542-548 Link Here
542	}	545	}
543	#endif	546	#endif
544		547
545	tkfile = krb5_cc_default_name(*context);	548	tkfile = krb5_cc_default_name(ctx);
546	if (strncmp(tkfile, "FILE:", 5) == 0)	549	if (strncmp(tkfile, "FILE:", 5) == 0)
547	tkfile += 5;	550	tkfile += 5;
548		551
Lines 552-572 Link Here
552	goto out;	555	goto out;
553	}	556	}
554		557
555	problem = krb5_cc_default(*context, &ccache);	558	problem = krb5_cc_default(ctx, &ccache);
556	if (problem) {	559	if (problem) {
557	debug("Kerberos v5: krb5_cc_default failed: %s",	560	debug("Kerberos v5: krb5_cc_default failed: %s",
558	krb5_get_err_text(*context, problem));	561	krb5_get_err_text(ctx, problem));
559	ret = 0;	562	ret = 0;
560	goto out;	563	goto out;
561	}	564	}
562		565
563	remotehost = get_canonical_hostname(1);	566	remotehost = get_canonical_hostname(1);
564		567
565	problem = krb5_mk_req(*context, auth_context, AP_OPTS_MUTUAL_REQUIRED,	568	problem = krb5_mk_req(ctx, &auth_ctx, AP_OPTS_MUTUAL_REQUIRED,
566	"host", remotehost, NULL, ccache, &ap);	569	"host", remotehost, NULL, ccache, &ap);
567	if (problem) {	570	if (problem) {
568	debug("Kerberos v5: krb5_mk_req failed: %s",	571	debug("Kerberos v5: krb5_mk_req failed: %s",
569	krb5_get_err_text(*context, problem));	572	krb5_get_err_text(ctx, problem));
570	ret = 0;	573	ret = 0;
571	goto out;	574	goto out;
572	}	575	}
Lines 596-602 Link Here
596	packet_check_eom();	599	packet_check_eom();
597	/* XXX je to dobre? */	600	/* XXX je to dobre? */
598		601
599	problem = krb5_rd_rep(context, auth_context, &ap, &reply);	602	problem = krb5_rd_rep(ctx, auth_ctx, &ap, &reply);
600	if (problem) {	603	if (problem) {
601	ret = 0;	604	ret = 0;
602	}	605	}
Lines 611-627 Link Here
611		614
612	}	615	}
613		616
		617	*context = ctx;
		618	ctx = NULL;
		619	*auth_context = auth_ctx;
		620	auth_ctx = NULL;
		621
614	out:	622	out:
615	if (ccache != NULL)	623	if (ccache != NULL)
616	krb5_cc_close(*context, ccache);	624	krb5_cc_close(ctx, ccache);
617	if (reply != NULL)	625	if (reply != NULL)
618	krb5_free_ap_rep_enc_part(*context, reply);	626	krb5_free_ap_rep_enc_part(ctx, reply);
619	if (ap.length > 0)	627	if (ap.length > 0)
620	#ifdef HEIMDAL	628	#ifdef HEIMDAL
621	krb5_data_free(&ap);	629	krb5_data_free(&ap);
622	#else	630	#else
623	krb5_free_data_contents(*context, &ap);	631	krb5_free_data_contents(ctx, &ap);
624	#endif	632	#endif
		633	if (auth_ctx != NULL)
		634	krb5_auth_con_free(ctx, auth_ctx);
		635
		636	if (ctx != NULL)
		637	krb5_free_context(ctx);
625		638
626	return (ret);	639	return (ret);
627	}	640	}