Attachment #190054 for bug #225451




	return -1;
}

/*
 * Reads  k5login_directory  option from the  krb5.conf
 */
krb5_error_code
ssh_krb5_get_k5login_directory(krb5_context ctx, char **k5login_directory) {
	profile_t p;
	int ret = 0;

	ret = krb5_get_profile(ctx, &p);
	if (ret)
		return ret;

	return profile_get_string(p, "libdefaults", "k5login_directory", NULL, NULL,
		k5login_directory);
}

krb5_error_code
ssh_krb5_get_cctemplate(krb5_context ctx, char **ccname) {
	profile_t p;

Lines 222-226 int sys_auth_passwd(Authctxt , const char ); Link Here

(-)b/auth.h (+2 lines)
222	#if defined(KRB5) && !defined(HEIMDAL)	222	#if defined(KRB5) && !defined(HEIMDAL)
223	#include <krb5.h>	223	#include <krb5.h>
224	krb5_error_code ssh_krb5_cc_gen(krb5_context, krb5_ccache *);	224	krb5_error_code ssh_krb5_cc_gen(krb5_context, krb5_ccache *);
		225	krb5_error_code ssh_krb5_get_k5login_directory(krb5_context ctx,
		226	char **k5login_directory);
225	#endif	227	#endif
226	#endif	228	#endif




{
	char file[MAXPATHLEN];
	struct passwd *pw = the_authctxt->pw;
	char *k5login_directory = NULL;
	int ret = 0;

	ret = ssh_krb5_get_k5login_directory(krb_context, &k5login_directory);
	debug3("%s: k5login_directory = %s (rv=%d)", __func__, k5login_directory, ret);
	if (k5login_directory == NULL || ret != 0) {
		/* If not set, the library will look for  k5login
		 * files in the user's home directory, with the filename  .k5login.
		 */
		snprintf(file, sizeof(file), "%s/.k5login", pw->pw_dir);
	} else {
		/* If set, the library will look for a local user's k5login file
		 * within the named directory, with a filename corresponding to the
		 * local username.
		 */
		snprintf(file, sizeof(file), "%s%s%s", k5login_directory, 
			k5login_directory[strlen(k5login_directory)-1] != '/' ? "/" : "",
			pw->pw_name);
	}
	debug("%s: Checking existence of file %s", __func__, file);

	snprintf(file, sizeof(file), "%s/.k5login", pw->pw_dir);
	return access(file, F_OK) == 0;
}


Lines 806-811 rlogin/rsh. Link Here

(-)b/sshd.8 (+4 lines)
806	These files enforce GSSAPI/Kerberos authentication access control.	806	These files enforce GSSAPI/Kerberos authentication access control.
807	Further details are described in	807	Further details are described in
808	.Xr ksu 1 .	808	.Xr ksu 1 .
		809	The location of the k5login file depends on the configuration option
		810	.Cm k5login_directory
		811	in the
		812	.Xr krb5.conf 5 .
809	.Pp	813	.Pp
810	.It Pa ~/.ssh/	814	.It Pa ~/.ssh/
811	This directory is the default location for all user-specific configuration	815	This directory is the default location for all user-specific configuration

Return to bug 225451

Lines 375-380 cleanup: Link Here

(-)b/auth-krb5.c (+16 lines)
375	return -1;	375	return -1;
376	}	376	}
377		377
		378	/*
		379	* Reads k5login_directory option from the krb5.conf
		380	*/
		381	krb5_error_code
		382	ssh_krb5_get_k5login_directory(krb5_context ctx, char **k5login_directory) {
		383	profile_t p;
		384	int ret = 0;
		385
		386	ret = krb5_get_profile(ctx, &p);
		387	if (ret)
		388	return ret;
		389
		390	return profile_get_string(p, "libdefaults", "k5login_directory", NULL, NULL,
		391	k5login_directory);
		392	}
		393
378	krb5_error_code	394	krb5_error_code
379	ssh_krb5_get_cctemplate(krb5_context ctx, char **ccname) {	395	ssh_krb5_get_cctemplate(krb5_context ctx, char **ccname) {
380	profile_t p;	396	profile_t p;

Lines 244-251 ssh_gssapi_k5login_exists() Link Here

(-)b/gss-serv-krb5.c (-1 / +20 lines)
244	{	244	{
245	char file[MAXPATHLEN];	245	char file[MAXPATHLEN];
246	struct passwd *pw = the_authctxt->pw;	246	struct passwd *pw = the_authctxt->pw;
		247	char *k5login_directory = NULL;
		248	int ret = 0;
		249
		250	ret = ssh_krb5_get_k5login_directory(krb_context, &k5login_directory);
		251	debug3("%s: k5login_directory = %s (rv=%d)", __func__, k5login_directory, ret);
		252	if (k5login_directory == NULL \|\| ret != 0) {
		253	/* If not set, the library will look for k5login
		254	* files in the user's home directory, with the filename .k5login.
		255	*/
		256	snprintf(file, sizeof(file), "%s/.k5login", pw->pw_dir);
		257	} else {
		258	/* If set, the library will look for a local user's k5login file
		259	* within the named directory, with a filename corresponding to the
		260	* local username.
		261	*/
		262	snprintf(file, sizeof(file), "%s%s%s", k5login_directory,
		263	k5login_directory[strlen(k5login_directory)-1] != '/' ? "/" : "",
		264	pw->pw_name);
		265	}
		266	debug("%s: Checking existence of file %s", __func__, file);
247		267
248	snprintf(file, sizeof(file), "%s/.k5login", pw->pw_dir);
249	return access(file, F_OK) == 0;	268	return access(file, F_OK) == 0;
250	}	269	}
251		270