- markus@cvs.openbsd.org 2002/09/26 11:38:43

[auth1.c auth.h auth-krb4.c monitor.c monitor.h monitor_wrap.c] [monitor_wrap.h] krb4 + privsep; ok dugsong@, deraadt@
author: Damien Miller <djm@mindrot.org> 2002-09-27 13:25:58 +1000
committer: Damien Miller <djm@mindrot.org> 2002-09-27 13:25:58 +1000
commit: d94e549ea8c622c8a75023b649a5d4c051aacf7f (patch)
tree: 84b39347f655ba0e33b7a9b6c3d23011a5befdad /auth1.c
parent: d27a76de65d557e36420046e44a014d3190f89cb (diff)
1 files changed, 11 insertions, 4 deletions
diff --git a/auth1.c b/auth1.c
index 676c8a667..9527ba004 100644
--- a/auth1.c
+++ b/auth1.c
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.43 2002/09/09 06:48:06 itojun Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.44 2002/09/26 11:38:43 markus Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -118,17 +118,24 @@ do_authloop(Authctxt *authctxt)
 
 				if (kdata[0] == 4) { /* KRB_PROT_VERSION */
 #ifdef KRB4
-					KTEXT_ST tkt;
-
+					KTEXT_ST tkt, reply;
 					tkt.length = dlen;
 					if (tkt.length < MAX_KTXT_LEN)
 						memcpy(tkt.dat, kdata, tkt.length);
 
-					if (auth_krb4(authctxt, &tkt, &client_user)) {
+					if (PRIVSEP(auth_krb4(authctxt, &tkt,
+					    &client_user, &reply))) {
 						authenticated = 1;
 						snprintf(info, sizeof(info),
 						    " tktuser %.100s",
 						    client_user);
+
+						packet_start(
+						    SSH_SMSG_AUTH_KERBEROS_RESPONSE);
+						packet_put_string((char *)
+						    reply.dat, reply.length);
+						packet_send();
+						packet_write_wait();
 					}
 #endif /* KRB4 */
 				} else {
author	Damien Miller <djm@mindrot.org>	2002-09-27 13:25:58 +1000
committer	Damien Miller <djm@mindrot.org>	2002-09-27 13:25:58 +1000
commit	d94e549ea8c622c8a75023b649a5d4c051aacf7f (patch)
tree	84b39347f655ba0e33b7a9b6c3d23011a5befdad /auth1.c
parent	d27a76de65d557e36420046e44a014d3190f89cb (diff)