X-Git-Url: http://www.project-moonshot.org/gitweb/?p=openssh.git;a=blobdiff_plain;f=gss-serv.c;h=2a6bfbfb7bf0de491e0b584e4bdd49616ac712c6;hp=3440a891d4eb462e7e23a7a275f9549411c16e8b;hb=afca9d259be1d594e282f9a80714e4be12fea16e;hpb=7936349b9e64ae69416d60e12997aafe997c455e

diff --git a/gss-serv.c b/gss-serv.c
index 3440a89..2a6bfbf 100644
--- a/gss-serv.c
+++ b/gss-serv.c
@@ -166,7 +166,7 @@ ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok,
 
 	if (ctx->client_creds)
 		debug("Received some client credentials");
-	else
+	else if (ctx->major == GSS_S_COMPLETE)
 		debug("Got no client credentials");
 
 	status = ctx->major;
@@ -335,22 +335,42 @@ ssh_gssapi_userok(char *user, struct passwd *pw)
 		debug("No suitable client data");
 		return 0;
 	}
-	if (!gss_userok(gssapi_client.name, user)) {
+
+	userok = gss_userok(gssapi_client.name, user);
+	if (userok) {
+		gssapi_client.used = 1;
+		gssapi_client.store.owner = pw;
+	} else {
 		/* Destroy delegated credentials if userok fails */
 		gss_release_buffer(&lmin, &gssapi_client.displayname);
 		gss_release_buffer(&lmin, &gssapi_client.exportedname);
 		gss_release_name(&lmin, &gssapi_client.name);
 		gss_release_cred(&lmin, &gssapi_client.creds);
 		memset(&gssapi_client, 0, sizeof(ssh_gssapi_client));
-		return 0;
-	}
-
-	if (userok) {
-		gssapi_client.used = 1;
-		gssapi_client.store.owner = pw;
 	}
 
 	return (userok);
 }
 
-#endif
+/* Priviledged */
+OM_uint32
+ssh_gssapi_localname(char **user)
+{
+	OM_uint32 major_status, lmin;
+	uid_t uid;
+	struct passwd *pw;
+
+	major_status = gss_pname_to_uid(&lmin, gssapi_client.name,
+					GSS_C_NO_OID, &uid);
+	if (GSS_ERROR(major_status))
+		return (major_status);
+
+	pw = getpwuid(uid);
+	if (pw == NULL)
+		return (GSS_S_BAD_NAME);
+
+	*user = xstrdup(pw->pw_name);
+
+	return (GSS_S_COMPLETE);
+}
+#endif /* GSSAPI */