diff options
author | djm <djm> | 2002-09-11 23:47:29 +0000 |
---|---|---|
committer | djm <djm> | 2002-09-11 23:47:29 +0000 |
commit | 0e9c47e8f6e2fe7fe447c9ad1e9e54020bde369a (patch) | |
tree | d25366dd4d7d7f052779df1747069a329ac90bce /auth1.c | |
parent | 2a4d1672dda3960113397ca1dc2c6ca93f332b4c (diff) | |
download | openssh-0e9c47e8f6e2fe7fe447c9ad1e9e54020bde369a.tar.gz |
- itojun@cvs.openbsd.org 2002/09/09 06:48:06
[auth1.c auth.h auth-krb5.c monitor.c monitor.h]
[monitor_wrap.c monitor_wrap.h]
kerberos support for privsep. confirmed to work by lha@stacken.kth.se
patch from markus
Diffstat (limited to 'auth1.c')
-rw-r--r-- | auth1.c | 18 |
1 files changed, 15 insertions, 3 deletions
@@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.42 2002/08/22 21:33:58 markus Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.43 2002/09/09 06:48:06 itojun Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -133,15 +133,27 @@ do_authloop(Authctxt *authctxt) #endif /* KRB4 */ } else { #ifdef KRB5 - krb5_data tkt; + krb5_data tkt, reply; tkt.length = dlen; tkt.data = kdata; - if (auth_krb5(authctxt, &tkt, &client_user)) { + if (PRIVSEP(auth_krb5(authctxt, &tkt, + &client_user, &reply))) { authenticated = 1; snprintf(info, sizeof(info), " tktuser %.100s", client_user); + + /* Send response to client */ + packet_start( + SSH_SMSG_AUTH_KERBEROS_RESPONSE); + packet_put_string((char *) + reply.data, reply.length); + packet_send(); + packet_write_wait(); + + if (reply.length) + xfree(reply.data); } #endif /* KRB5 */ } |