- [auth-krb5.c auth.h gss-serv-krb5.c] Move KRB5CCNAME generation for the MIT

   Kerberos code path into a common function and expand mkstemp template to be
   consistent with the rest of OpenSSH.  From sxw at inf.ed.ac.uk, ok djm@

4 files changed, 46 insertions, 52 deletions

diff --git a/ChangeLog b/ChangeLog
index 314d38f0..823c34bc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+20050707
+ - [auth-krb5.c auth.h gss-serv-krb5.c] Move KRB5CCNAME generation for the MIT
+   Kerberos code path into a common function and expand mkstemp template to be
+   consistent with the rest of OpenSSH.  From sxw at inf.ed.ac.uk, ok djm@
+
 20050706
  - (djm) OpenBSD CVS Sync
    - markus@cvs.openbsd.org 2005/07/01 13:19:47
@@ -2782,4 +2787,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.3835 2005/07/05 23:45:26 djm Exp $
+$Id: ChangeLog,v 1.3836 2005/07/07 01:50:20 dtucker Exp $
diff --git a/auth-krb5.c b/auth-krb5.c
index 2f742534..01b387c2 100644
--- a/auth-krb5.c
+++ b/auth-krb5.c
@@ -67,9 +67,6 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
 #ifndef HEIMDAL
 	krb5_creds creds;
 	krb5_principal server;
-	char ccname[40];
-	int tmpfd;
-	mode_t old_umask;
 #endif
 	krb5_error_code problem;
 	krb5_ccache ccache = NULL;
@@ -146,26 +143,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
 		goto out;
 	}
 
-	snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid());
-
-	old_umask = umask(0177);
-	tmpfd = mkstemp(ccname + strlen("FILE:"));
-	umask(old_umask);
-	if (tmpfd == -1) {
-		logit("mkstemp(): %.100s", strerror(errno));
-		problem = errno;
-		goto out;
-	}
-
-	if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) {
-		logit("fchmod(): %.100s", strerror(errno));
-		close(tmpfd);
-		problem = errno;
-		goto out;
-	}
-	close(tmpfd);
-
-	problem = krb5_cc_resolve(authctxt->krb5_ctx, ccname, &authctxt->krb5_fwd_ccache);
+	problem = ssh_krb5_cc_gen(authctxt->krb5_ctx, &authctxt->krb5_fwd_ccache);
 	if (problem)
 		goto out;
 
@@ -234,4 +212,34 @@ krb5_cleanup_proc(Authctxt *authctxt)
 	}
 }
 
+#ifndef HEIMDAL
+krb5_error_code
+ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
+	int tmpfd, ret;
+	char ccname[40];
+	mode_t old_umask;
+
+	ret = snprintf(ccname, sizeof(ccname),
+	    "FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid());
+	if (ret == -1 || ret >= sizeof(ccname))
+		return errno;
+
+	old_umask = umask(0177);
+	tmpfd = mkstemp(ccname + strlen("FILE:"));
+	umask(old_umask);
+	if (tmpfd == -1) {
+		logit("mkstemp(): %.100s", strerror(errno));
+		return errno;
+	}
+
+	if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) {
+		logit("fchmod(): %.100s", strerror(errno));
+		close(tmpfd);
+		return errno;
+	}
+	close(tmpfd);
+
+	return (krb5_cc_resolve(ctx, ccname, ccache));
+}
+#endif /* !HEIMDAL */
 #endif /* KRB5 */
diff --git a/auth.h b/auth.h
index bf47b9a6..8b814ba6 100644
--- a/auth.h
+++ b/auth.h
@@ -191,4 +191,9 @@ int	 sys_auth_passwd(Authctxt *, const char *);
 #define AUTH_FAIL_MSG "Too many authentication failures for %.100s"
 
 #define SKEY_PROMPT "\nS/Key Password: "
+
+#if defined(KRB5) && !defined(HEIMDAL)
+#include <krb5.h>
+krb5_error_code ssh_krb5_cc_gen(krb5_context, krb5_ccache *);
+#endif
 #endif
diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
index 91d87f79..c642a83f 100644
--- a/gss-serv-krb5.c
+++ b/gss-serv-krb5.c
@@ -131,34 +131,10 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
 		return;
 	}
 #else
-	{
-		int tmpfd;
-		char ccname[40];
-		mode_t old_umask;
-
-		snprintf(ccname, sizeof(ccname),
-		    "FILE:/tmp/krb5cc_%d_XXXXXX", geteuid());
-
-		old_umask = umask(0177);
-		tmpfd = mkstemp(ccname + strlen("FILE:"));
-		umask(old_umask);
-		if (tmpfd == -1) {
-			logit("mkstemp(): %.100s", strerror(errno));
-			problem = errno;
-			return;
-		}
-		if (fchmod(tmpfd, S_IRUSR | S_IWUSR) == -1) {
-			logit("fchmod(): %.100s", strerror(errno));
-			close(tmpfd);
-			problem = errno;
-			return;
-		}
-		close(tmpfd);
-		if ((problem = krb5_cc_resolve(krb_context, ccname, &ccache))) {
-			logit("krb5_cc_resolve(): %.100s",
-			    krb5_get_err_text(krb_context, problem));
-			return;
-		}
+	if ((problem = ssh_krb5_cc_gen(krb_context, &ccache))) {
+		logit("ssh_krb5_cc_gen(): %.100s",
+		    krb5_get_err_text(krb_context, problem));
+		return;
 	}
 #endif	/* #ifdef HEIMDAL */