diff options
| author | Damien Miller <djm@mindrot.org> | 2002-09-12 09:47:29 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2002-09-12 09:47:29 +1000 |
| commit | 25162f2518f72035b50b254bfeb5b89d018223a6 (patch) | |
| tree | e5e50812ca90d5ce4cd3692505e9de48205f0b8a /auth1.c | |
| parent | 4d53d39b071ebc2a0c6f1948b7c7630ab0021a73 (diff) | |
- itojun@cvs.openbsd.org 2002/09/09 06:48:06
[auth1.c auth.h auth-krb5.c monitor.c monitor.h]
[monitor_wrap.c monitor_wrap.h]
kerberos support for privsep. confirmed to work by lha@stacken.kth.se
patch from markus
Diffstat (limited to 'auth1.c')
| -rw-r--r-- | auth1.c | 18 |
1 files changed, 15 insertions, 3 deletions
@@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.42 2002/08/22 21:33:58 markus Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.43 2002/09/09 06:48:06 itojun Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -133,15 +133,27 @@ do_authloop(Authctxt *authctxt) #endif /* KRB4 */ } else { #ifdef KRB5 - krb5_data tkt; + krb5_data tkt, reply; tkt.length = dlen; tkt.data = kdata; - if (auth_krb5(authctxt, &tkt, &client_user)) { + if (PRIVSEP(auth_krb5(authctxt, &tkt, + &client_user, &reply))) { authenticated = 1; snprintf(info, sizeof(info), " tktuser %.100s", client_user); + + /* Send response to client */ + packet_start( + SSH_SMSG_AUTH_KERBEROS_RESPONSE); + packet_put_string((char *) + reply.data, reply.length); + packet_send(); + packet_write_wait(); + + if (reply.length) + xfree(reply.data); } #endif /* KRB5 */ } |