- (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok check

rather than full client name which may be of form user@REALM; patch from Miguel Sanders; ok dtucker@
author: Damien Miller <djm@mindrot.org> 2013-10-24 10:53:02 +1100
committer: Damien Miller <djm@mindrot.org> 2013-10-24 10:53:02 +1100
commit: 8f1873191478847773906af961c8984d02a49dd6 (patch)
tree: 74370f87a558e881112d853f27421fe98a5a3cba
parent: 5b01b0dcb417eb615df77e7ce1b59319bf04342c (diff)
download: openssh-git-8f1873191478847773906af961c8984d02a49dd6.tar.gz
2 files changed, 7 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index a4af4e89..26b5c5d7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+20131024
+ - (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok check
+   rather than full client name which may be of form user@REALM;
+   patch from Miguel Sanders; ok dtucker@
+
 20131023
  - (djm) OpenBSD CVS Sync
    - djm@cvs.openbsd.org 2013/10/20 04:39:28
diff --git a/auth-krb5.c b/auth-krb5.c
index 7c83f597..6c62bdf5 100644
--- a/auth-krb5.c
+++ b/auth-krb5.c
@@ -157,7 +157,8 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
 	if (problem)
 		goto out;
 
-	if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, client)) {
+	if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user,
+	    authctxt->pw->pw_name)) {
 		problem = -1;
 		goto out;
 	}
author	Damien Miller <djm@mindrot.org>	2013-10-24 10:53:02 +1100
committer	Damien Miller <djm@mindrot.org>	2013-10-24 10:53:02 +1100
commit	8f1873191478847773906af961c8984d02a49dd6 (patch)
tree	74370f87a558e881112d853f27421fe98a5a3cba
parent	5b01b0dcb417eb615df77e7ce1b59319bf04342c (diff)
download	openssh-git-8f1873191478847773906af961c8984d02a49dd6.tar.gz