- (dtucker) [configure.ac sshd.c openbsd-compat/bsd-misc.h

   openbsd-compat/setenv.c] Unset KRB5CCNAME on AIX to prevent it from being
   inherited by the child.  ok djm@

5 files changed, 25 insertions, 7 deletions

diff --git a/ChangeLog b/ChangeLog
index 1f2bc412..b7d71567 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,9 @@
 20040308
  - (dtucker) [sshd.c] Back out rev 1.270 as it caused problems on some
-   platforms (eg SCO, HP-UX) with logging in the wrong TZ.
+   platforms (eg SCO, HP-UX) with logging in the wrong TZ.  ok djm@
+ - (dtucker) [configure.ac sshd.c openbsd-compat/bsd-misc.h
+   openbsd-compat/setenv.c] Unset KRB5CCNAME on AIX to prevent it from being
+   inherited by the child.  ok djm@
 
 20040304
  - (dtucker) [auth-pam.c] Don't try to export PAM when compiled with
@@ -1945,4 +1948,4 @@
  - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
    Report from murple@murple.net, diagnosis from dtucker@zip.com.au
 
-$Id: ChangeLog,v 1.3257.2.5 2004/03/08 11:20:16 dtucker Exp $
+$Id: ChangeLog,v 1.3257.2.6 2004/03/08 11:21:58 dtucker Exp $
diff --git a/configure.ac b/configure.ac
index 6aa78795..22329388 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.202.2.1 2004/02/29 23:54:28 tim Exp $
+# $Id: configure.ac,v 1.202.2.2 2004/03/08 11:21:59 dtucker Exp $
 
 AC_INIT
 AC_CONFIG_SRCDIR([ssh.c])
@@ -802,7 +802,7 @@ AC_CHECK_FUNCS(\
 	setproctitle setregid setreuid setrlimit \
 	setsid setvbuf sigaction sigvec snprintf socketpair strerror \
 	strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
-	truncate updwtmpx utimes vhangup vsnprintf waitpid \
+	truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
 )
 
 # IRIX has a const char return value for gai_strerror()
diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h
index c8073942..f68d2b41 100644
--- a/openbsd-compat/bsd-misc.h
+++ b/openbsd-compat/bsd-misc.h
@@ -1,4 +1,4 @@
-/* $Id: bsd-misc.h,v 1.14 2004/02/17 05:49:55 djm Exp $ */
+/* $Id: bsd-misc.h,v 1.14.2.1 2004/03/08 11:21:59 dtucker Exp $ */
 
 /*
  * Copyright (c) 1999-2004 Damien Miller <djm@mindrot.org>
@@ -89,6 +89,10 @@ pid_t tcgetpgrp(int);
 int tcsendbreak(int, int);
 #endif
 
+#ifndef HAVE_UNSETENV
+void unsetenv(const char *);
+#endif
+
 /* wrapper for signal interface */
 typedef void (*mysig_t)(int);
 mysig_t mysignal(int sig, mysig_t act);
diff --git a/openbsd-compat/setenv.c b/openbsd-compat/setenv.c
index b7ba0ce8..c3a86c65 100644
--- a/openbsd-compat/setenv.c
+++ b/openbsd-compat/setenv.c
@@ -30,7 +30,7 @@
  */
 
 #include "includes.h"
-#ifndef HAVE_SETENV
+#if !defined(HAVE_SETENV) || !defined(HAVE_UNSETENV)
 
 #if defined(LIBC_SCCS) && !defined(lint)
 static char *rcsid = "$OpenBSD: setenv.c,v 1.6 2003/06/02 20:18:38 millert Exp $";
@@ -77,6 +77,7 @@ __findenv(name, offset)
 	return (NULL);
 }
 
+#ifndef HAVE_SETENV
 /*
  * setenv --
  *	Set the value of the environmental variable "name" to be
@@ -138,7 +139,9 @@ setenv(name, value, rewrite)
 		;
 	return (0);
 }
+#endif /* HAVE_SETENV */
 
+#ifndef HAVE_UNSETENV
 /*
  * unsetenv(name) --
  *	Delete environmental variable "name".
@@ -157,5 +160,6 @@ unsetenv(name)
 			if (!(*P = *(P + 1)))
 				break;
 }
+#endif /* HAVE_UNSETENV */
 
-#endif /* HAVE_SETENV */
+#endif /* !defined(HAVE_SETENV) || !defined(HAVE_UNSETENV) */
diff --git a/sshd.c b/sshd.c
index e6f407f8..82923240 100644
--- a/sshd.c
+++ b/sshd.c
@@ -939,6 +939,13 @@ main(int ac, char **av)
 	    SYSLOG_FACILITY_AUTH : options.log_facility,
 	    log_stderr || !inetd_flag);
 
+#ifdef _AIX
+	/*
+	 * Unset KRB5CCNAME, otherwise the user's session may inherit it from
+	 * root's environment
+	 */ 
+	unsetenv("KRB5CCNAME");
+#endif /* _AIX */
 #ifdef _UNICOS
 	/* Cray can define user privs drop all prives now!
 	 * Not needed on PRIV_SU systems!