diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2005-02-16 16:47:37 +1100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2005-02-16 16:47:37 +1100 |
| commit | c97b01af62fa73b31a5b0c86c21c3347cdd0874d (patch) | |
| tree | 493951e8c22275b3c504ff4e5f63e8b204304703 | |
| parent | ca6e7a7e8b6cc828f5df96b180d03e7ca1179fca (diff) | |
- (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic
authentication early enough to be available to PAM session modules when
privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam
Hartman and similar to Debian's ssh-krb5 package.
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | session.c | 22 |
2 files changed, 19 insertions, 9 deletions
@@ -8,6 +8,10 @@ - (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant Unix; prevents problems relating to the location of -lresolv in the link order. + - (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic + authentication early enough to be available to PAM session modules when + privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam + Hartman and similar to Debian's ssh-krb5 package. 20050215 - (dtucker) [config.sh.in] Collect oslevel -r too. @@ -2142,4 +2146,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3657 2005/02/16 05:19:17 dtucker Exp $ +$Id: ChangeLog,v 1.3658 2005/02/16 05:47:37 dtucker Exp $ @@ -677,14 +677,6 @@ do_exec(Session *s, const char *command) } #endif -#ifdef GSSAPI - if (options.gss_authentication) { - temporarily_use_uid(s->pw); - ssh_gssapi_storecreds(); - restore_uid(); - } -#endif - if (s->ttyfd != -1) do_exec_pty(s, command); else @@ -1279,6 +1271,13 @@ do_setusercontext(struct passwd *pw) # ifdef __bsdi__ setpgid(0, 0); # endif +#ifdef GSSAPI + if (options.gss_authentication) { + temporarily_use_uid(pw); + ssh_gssapi_storecreds(); + restore_uid(); + } +#endif # ifdef USE_PAM if (options.use_pam) { do_pam_session(); @@ -1309,6 +1308,13 @@ do_setusercontext(struct passwd *pw) exit(1); } endgrent(); +#ifdef GSSAPI + if (options.gss_authentication) { + temporarily_use_uid(pw); + ssh_gssapi_storecreds(); + restore_uid(); + } +#endif # ifdef USE_PAM /* * PAM credentials may take the form of supplementary groups. |