diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2005-02-02 18:30:33 +1100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2005-02-02 18:30:33 +1100 |
| commit | 9dc6c7dbec0716157e561036c480bca1bc3c7e47 (patch) | |
| tree | 017d1b7ecebcdf6b72fc69fdb866c0194c9dc415 | |
| parent | 42d9dc75ed2eefa6eeffc892f02eb164c1860603 (diff) | |
- (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child
the process. Since we also unset KRB5CCNAME at startup, if it's set after
authentication it must have been set by the platform's native auth system.
This was already done for AIX; this enables it for the general case.
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | session.c | 14 | ||||
| -rw-r--r-- | sshd.c | 6 |
3 files changed, 20 insertions, 6 deletions
@@ -5,6 +5,10 @@ Make record_failed_login() call provide hostname rather than having the implementations having to do lookups themselves. Only affects AIX and UNICOS (the latter only uses the "user" parameter anyway). ok djm@ + - (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child + the process. Since we also unset KRB5CCNAME at startup, if it's set after + authentication it must have been set by the platform's native auth system. + This was already done for AIX; this enables it for the general case. 20050201 - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some @@ -2059,4 +2063,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3630 2005/02/02 06:10:11 dtucker Exp $ +$Id: ChangeLog,v 1.3631 2005/02/02 07:30:33 dtucker Exp $ @@ -1090,14 +1090,24 @@ do_setup_env(Session *s, const char *shell) child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir); #endif /* _UNICOS */ + /* + * Since we clear KRB5CCNAME at startup, if it's set now then it + * must have been set by a native authentication method (eg AIX or + * SIA), so copy it to the child. + */ + { + char *cp; + + if ((cp = getenv("KRB5CCNAME")) != NULL) + child_set_env(&env, &envsize, "KRB5CCNAME", cp); + } + #ifdef _AIX { char *cp; if ((cp = getenv("AUTHSTATE")) != NULL) child_set_env(&env, &envsize, "AUTHSTATE", cp); - if ((cp = getenv("KRB5CCNAME")) != NULL) - child_set_env(&env, &envsize, "KRB5CCNAME", cp); read_environment_file(&env, &envsize, "/etc/environment"); } #endif @@ -1030,13 +1030,13 @@ main(int ac, char **av) SYSLOG_FACILITY_AUTH : options.log_facility, log_stderr || !inetd_flag); -#ifdef _AIX /* * Unset KRB5CCNAME, otherwise the user's session may inherit it from * root's environment */ - unsetenv("KRB5CCNAME"); -#endif /* _AIX */ + if (getenv("KRB5CCNAME") != NULL) + unsetenv("KRB5CCNAME"); + #ifdef _UNICOS /* Cray can define user privs drop all privs now! * Not needed on PRIV_SU systems! |