=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/Attic/auth1.c,v retrieving revision 1.40.2.1 retrieving revision 1.40.2.2 diff -u -r1.40.2.1 -r1.40.2.2 --- src/usr.bin/ssh/Attic/auth1.c 2002/06/26 15:30:37 1.40.2.1 +++ src/usr.bin/ssh/Attic/auth1.c 2002/10/11 14:51:52 1.40.2.2 @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.40.2.1 2002/06/26 15:30:37 jason Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.40.2.2 2002/10/11 14:51:52 miod Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -116,31 +116,51 @@ if (kdata[0] == 4) { /* KRB_PROT_VERSION */ #ifdef KRB4 - KTEXT_ST tkt; - + KTEXT_ST tkt, reply; tkt.length = dlen; if (tkt.length < MAX_KTXT_LEN) memcpy(tkt.dat, kdata, tkt.length); - if (auth_krb4(authctxt, &tkt, &client_user)) { + if (PRIVSEP(auth_krb4(authctxt, &tkt, + &client_user, &reply))) { authenticated = 1; snprintf(info, sizeof(info), " tktuser %.100s", client_user); + + packet_start( + SSH_SMSG_AUTH_KERBEROS_RESPONSE); + packet_put_string((char *) + reply.dat, reply.length); + packet_send(); + packet_write_wait(); + xfree(client_user); } #endif /* KRB4 */ } else { #ifdef KRB5 - krb5_data tkt; + krb5_data tkt, reply; tkt.length = dlen; tkt.data = kdata; - if (auth_krb5(authctxt, &tkt, &client_user)) { + if (PRIVSEP(auth_krb5(authctxt, &tkt, + &client_user, &reply))) { authenticated = 1; snprintf(info, sizeof(info), " tktuser %.100s", client_user); + + /* Send response to client */ + packet_start( + SSH_SMSG_AUTH_KERBEROS_RESPONSE); + packet_put_string((char *) + reply.data, reply.length); + packet_send(); + packet_write_wait(); + + if (reply.length) + xfree(reply.data); xfree(client_user); } #endif /* KRB5 */ @@ -295,7 +315,8 @@ authctxt->user); /* Special handling for root */ - if (authenticated && authctxt->pw->pw_uid == 0 && + if (!use_privsep && + authenticated && authctxt->pw->pw_uid == 0 && !auth_root_allowed(get_authname(type))) authenticated = 0;