git: 140f65a20533 - releng/13.1 - pam_krb5: Add missing patch

From: Mark Johnston <markj_at_FreeBSD.org>
Date: Tue, 01 Aug 2023 20:04:34 UTC
The branch releng/13.1 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=140f65a205334682c4868708fcabfaaf237b5b3f

commit 140f65a205334682c4868708fcabfaaf237b5b3f
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2023-07-08 03:09:18 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-08-01 19:48:09 +0000

    pam_krb5: Add missing patch
    
    Include a portion of the patch that was missed in 813847e49e35.
    
    Reported by:    markj
    Fixes:          813847e49e35
    
    (cherry picked from commit bfa51318dee8afd9307f15e49a6a521938dccd06)
    (cherry picked from commit d295e418ae7e60d87af6576ecdfad41a98d7442c)
    
    Approved by:    so
    Security:       FreeBSD-SA-23:09.pam_krb5
    Security:       CVE-2023-3326
---
 lib/libpam/modules/pam_krb5/pam_krb5.c | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/lib/libpam/modules/pam_krb5/pam_krb5.c b/lib/libpam/modules/pam_krb5/pam_krb5.c
index 3972479a581f..3c7976297ed2 100644
--- a/lib/libpam/modules/pam_krb5/pam_krb5.c
+++ b/lib/libpam/modules/pam_krb5/pam_krb5.c
@@ -938,18 +938,6 @@ verify_krb_v5_tgt_begin(krb5_context context, char *pam_service, int debug,
 			continue;
 		break;
 	}
-	if (retval != 0) {	/* failed to find key */
-		/* Keytab or service key does not exist */
-		if (debug) {
-			const char *msg = krb5_get_error_message(context,
-			    retval);
-			syslog(LOG_DEBUG,
-			    "pam_krb5: verify_krb_v5_tgt(): %s: %s",
-			    "krb5_kt_read_service_key()", msg);
-			krb5_free_error_message(context, msg);
-		}
-		retval = 0;
-	}
 	if (keyblock)
 		krb5_free_keyblock(context, keyblock);