diff options
| author |   dtucker <dtucker@openbsd.org> | 2005-11-21 09:42:10 +0000 |
|---|---|---|
| committer | dtucker <dtucker@openbsd.org> | 2005-11-21 09:42:10 +0000 |
| commit | cc2807ad7770cc589b6e944186ef9f865cf27b53 (patch) | |
| tree | 51aae341cf05125333fd0bc7af68e9fb3a72332f | |
| parent | add EXAMPLES section; input+ok jmc, niallo ok (diff) | |
| download | wireguard-openbsd-cc2807ad7770cc589b6e944186ef9f865cf27b53.tar.xz wireguard-openbsd-cc2807ad7770cc589b6e944186ef9f865cf27b53.zip | |
Perform Kerberos calls even for invalid users to prevent leaking information
about account validity. bz #975, patch originally from Senthil Kumar,
sanity checked by Simon Wilkinson, tested by djm@, biorn@, ok markus@
| -rw-r--r-- | usr.bin/ssh/auth-krb5.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/usr.bin/ssh/auth-krb5.c b/usr.bin/ssh/auth-krb5.c index 5899c8d07c3..9ef091e01f2 100644 --- a/usr.bin/ssh/auth-krb5.c +++ b/usr.bin/ssh/auth-krb5.c @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-krb5.c,v 1.15 2003/11/21 11:57:02 djm Exp $"); +RCSID("$OpenBSD: auth-krb5.c,v 1.16 2005/11/21 09:42:10 dtucker Exp $"); #include "ssh.h" #include "ssh1.h" @@ -65,9 +65,6 @@ auth_krb5_password(Authctxt *authctxt, const char *password) krb5_error_code problem; krb5_ccache ccache = NULL; - if (!authctxt->valid) - return (0); - temporarily_use_uid(authctxt->pw); problem = krb5_init(authctxt); @@ -134,7 +131,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password) else return (0); } - return (1); + return (authctxt->valid ? 1 : 0); } void |