- (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h

   configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c
   sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.

1 files changed, 37 insertions, 0 deletions

diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
index d8687225..f48e0991 100644
--- a/gss-serv-krb5.c
+++ b/gss-serv-krb5.c
@@ -38,7 +38,11 @@
 
 extern ServerOptions options;
 
+#ifdef HEIMDAL
 #include <krb5.h>
+#else
+#include <gssapi_krb5.h>
+#endif
 
 static krb5_context krb_context = NULL;
 
@@ -113,11 +117,39 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
 	if (ssh_gssapi_krb5_init() == 0)
 		return;
 
+#ifdef HEIMDAL
 	if ((problem = krb5_cc_gen_new(krb_context, &krb5_fcc_ops, &ccache))) {
 		logit("krb5_cc_gen_new(): %.100s",
 		    krb5_get_err_text(krb_context, problem));
 		return;
 	}
+#else
+	{
+		int tmpfd;
+		char ccname[40];
+    
+		snprintf(ccname, sizeof(ccname), 
+		    "FILE:/tmp/krb5cc_%d_XXXXXX", geteuid());
+    
+		if ((tmpfd = mkstemp(ccname + strlen("FILE:"))) == -1) {
+			logit("mkstemp(): %.100s", strerror(errno));
+			problem = errno;
+			return;
+		}
+		if (fchmod(tmpfd, S_IRUSR | S_IWUSR) == -1) {
+			logit("fchmod(): %.100s", strerror(errno));
+			close(tmpfd);
+			problem = errno;
+			return;
+		}
+		close(tmpfd);
+		if ((problem = krb5_cc_resolve(krb_context, ccname, &ccache))) {
+			logit("krb5_cc_resolve(): %.100s",
+			    krb5_get_err_text(krb_context, problem));
+			return;
+		}
+	}
+#endif	/* #ifdef HEIMDAL */
 
 	if ((problem = krb5_parse_name(krb_context, 
 	    client->exportedname.value, &princ))) {
@@ -148,6 +180,11 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
 	client->store.envvar = "KRB5CCNAME";
 	client->store.envval = xstrdup(client->store.filename);
 
+#ifdef USE_PAM
+	if (options.use_pam)
+		do_pam_putenv(client->store.envvar,client->store.envval);
+#endif
+
 	krb5_cc_close(krb_context, ccache);
 
 	return;