kerberos support for privsep. confirmed to work by lha@stacken.kth.se

patch from markus

1 files changed, 15 insertions, 3 deletions

diff --git a/usr.bin/ssh/auth1.c b/usr.bin/ssh/auth1.c
index 661ed5a176c..359eeea0d36 100644
--- a/usr.bin/ssh/auth1.c
+++ b/usr.bin/ssh/auth1.c
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.42 2002/08/22 21:33:58 markus Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.43 2002/09/09 06:48:06 itojun Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -132,15 +132,27 @@ do_authloop(Authctxt *authctxt)
 #endif /* KRB4 */
 				} else {
 #ifdef KRB5
-					krb5_data tkt;
+ 					krb5_data tkt, reply;
 					tkt.length = dlen;
 					tkt.data = kdata;
 
-					if (auth_krb5(authctxt, &tkt, &client_user)) {
+					if (PRIVSEP(auth_krb5(authctxt, &tkt,
+					    &client_user, &reply))) {
 						authenticated = 1;
 						snprintf(info, sizeof(info),
 						    " tktuser %.100s",
 						    client_user);
+ 
+ 						/* Send response to client */
+ 						packet_start(
+						    SSH_SMSG_AUTH_KERBEROS_RESPONSE);
+ 						packet_put_string((char *)
+						    reply.data, reply.length);
+ 						packet_send();
+ 						packet_write_wait();
+
+ 						if (reply.length)
+ 							xfree(reply.data);
 						xfree(client_user);
 					}
 #endif /* KRB5 */