X-Git-Url: http://www.project-moonshot.org/gitweb/?p=openssh.git;a=blobdiff_plain;f=gss-serv.c;h=af2538a74aaf7b8716931efd2d7487eb58c99036;hp=f1c694dc6b2e3eae57cb47838c0e6cf371844010;hb=ac0ba1f390586dd0300f0a036ce30952b1dd5def;hpb=c4431b13b468d93eabfdb2a7e9c4a245678067a5

diff --git a/gss-serv.c b/gss-serv.c
index f1c694d..af2538a 100644
--- a/gss-serv.c
+++ b/gss-serv.c
@@ -335,23 +335,42 @@ ssh_gssapi_userok(char *user, struct passwd *pw)
 		debug("No suitable client data");
 		return 0;
 	}
-	if (GSS_ERROR(gss_userok(&lmin, gssapi_client.name, user, &userok)) ||
-	    userok == 0) {
+
+	userok = gss_userok(gssapi_client.name, user);
+	if (userok) {
+		gssapi_client.used = 1;
+		gssapi_client.store.owner = pw;
+	} else {
 		/* Destroy delegated credentials if userok fails */
 		gss_release_buffer(&lmin, &gssapi_client.displayname);
 		gss_release_buffer(&lmin, &gssapi_client.exportedname);
 		gss_release_name(&lmin, &gssapi_client.name);
 		gss_release_cred(&lmin, &gssapi_client.creds);
 		memset(&gssapi_client, 0, sizeof(ssh_gssapi_client));
-		return 0;
-	}
-
-	if (userok) {
-		gssapi_client.used = 1;
-		gssapi_client.store.owner = pw;
 	}
 
 	return (userok);
 }
 
-#endif
+/* Priviledged */
+OM_uint32
+ssh_gssapi_localname(char **user)
+{
+	OM_uint32 major_status, lmin;
+	uid_t uid;
+	struct passwd *pw;
+
+	major_status = gss_pname_to_uid(&lmin, gssapi_client.name,
+					GSS_C_NO_OID, &uid);
+	if (GSS_ERROR(major_status))
+		return (major_status);
+
+	pw = getpwuid(uid);
+	if (pw == NULL)
+		return (GSS_S_BAD_NAME);
+
+	*user = xstrdup(pw->pw_name);
+
+	return (GSS_S_COMPLETE);
+}
+#endif /* GSSAPI */