diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2005-11-22 09:42:42 +0100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2005-11-22 09:42:42 +0100 |
| commit | f4732f647572f40d93f4fbd1e65d744ed10b2620 (patch) | |
| tree | e26808c082fcbca769626081462a9e8f764f4d22 /auth-krb5.c | |
| parent | - millert@cvs.openbsd.org 2005/11/15 11:59:54 (diff) | |
| download | openssh-f4732f647572f40d93f4fbd1e65d744ed10b2620.tar.xz openssh-f4732f647572f40d93f4fbd1e65d744ed10b2620.zip | |
- dtucker@cvs.openbsd.org 2005/11/21 09:42:10
[auth-krb5.c]
Perform Kerberos calls even for invalid users to prevent leaking
information about account validity. bz #975, patch originally from
Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@,
ok markus@
Diffstat (limited to 'auth-krb5.c')
| -rw-r--r-- | auth-krb5.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/auth-krb5.c b/auth-krb5.c index a84e5401c..64d613543 100644 --- a/auth-krb5.c +++ b/auth-krb5.c @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-krb5.c,v 1.15 2003/11/21 11:57:02 djm Exp $"); +RCSID("$OpenBSD: auth-krb5.c,v 1.16 2005/11/21 09:42:10 dtucker Exp $"); #include "ssh.h" #include "ssh1.h" @@ -69,9 +69,6 @@ auth_krb5_password(Authctxt *authctxt, const char *password) krb5_ccache ccache = NULL; int len; - if (!authctxt->valid) - return (0); - temporarily_use_uid(authctxt->pw); problem = krb5_init(authctxt); @@ -188,7 +185,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password) else return (0); } - return (1); + return (authctxt->valid ? 1 : 0); } void |