From a916d143a16c59a6bc82df5e1d6b046e17d31848 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 7 Jul 2005 11:50:20 +1000 Subject: - [auth-krb5.c auth.h gss-serv-krb5.c] Move KRB5CCNAME generation for the MIT Kerberos code path into a common function and expand mkstemp template to be consistent with the rest of OpenSSH. From sxw at inf.ed.ac.uk, ok djm@ --- auth-krb5.c | 54 +++++++++++++++++++++++++++++++----------------------- 1 file changed, 31 insertions(+), 23 deletions(-) (limited to 'auth-krb5.c') diff --git a/auth-krb5.c b/auth-krb5.c index 2f742534..01b387c2 100644 --- a/auth-krb5.c +++ b/auth-krb5.c @@ -67,9 +67,6 @@ auth_krb5_password(Authctxt *authctxt, const char *password) #ifndef HEIMDAL krb5_creds creds; krb5_principal server; - char ccname[40]; - int tmpfd; - mode_t old_umask; #endif krb5_error_code problem; krb5_ccache ccache = NULL; @@ -146,26 +143,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password) goto out; } - snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid()); - - old_umask = umask(0177); - tmpfd = mkstemp(ccname + strlen("FILE:")); - umask(old_umask); - if (tmpfd == -1) { - logit("mkstemp(): %.100s", strerror(errno)); - problem = errno; - goto out; - } - - if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) { - logit("fchmod(): %.100s", strerror(errno)); - close(tmpfd); - problem = errno; - goto out; - } - close(tmpfd); - - problem = krb5_cc_resolve(authctxt->krb5_ctx, ccname, &authctxt->krb5_fwd_ccache); + problem = ssh_krb5_cc_gen(authctxt->krb5_ctx, &authctxt->krb5_fwd_ccache); if (problem) goto out; @@ -234,4 +212,34 @@ krb5_cleanup_proc(Authctxt *authctxt) } } +#ifndef HEIMDAL +krb5_error_code +ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { + int tmpfd, ret; + char ccname[40]; + mode_t old_umask; + + ret = snprintf(ccname, sizeof(ccname), + "FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid()); + if (ret == -1 || ret >= sizeof(ccname)) + return errno; + + old_umask = umask(0177); + tmpfd = mkstemp(ccname + strlen("FILE:")); + umask(old_umask); + if (tmpfd == -1) { + logit("mkstemp(): %.100s", strerror(errno)); + return errno; + } + + if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) { + logit("fchmod(): %.100s", strerror(errno)); + close(tmpfd); + return errno; + } + close(tmpfd); + + return (krb5_cc_resolve(ctx, ccname, ccache)); +} +#endif /* !HEIMDAL */ #endif /* KRB5 */ -- cgit v1.2.3