diff --git a/ChangeLog b/ChangeLog index 79db1a5ba..262c8e3c1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,10 @@ - markus@cvs.openbsd.org 2003/08/31 12:14:22 [progressmeter.c] do write to buf[-1] + - markus@cvs.openbsd.org 2003/08/31 13:29:05 + [session.c] + call ssh_gssapi_storecreds conditionally from do_exec(); + with sxw@inf.ed.ac.uk 20030829 - (bal) openbsd-compat/ clean up. Considate headers, add in Id on our @@ -937,4 +941,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.2925 2003/09/02 12:53:32 djm Exp $ +$Id: ChangeLog,v 1.2926 2003/09/02 12:55:45 djm Exp $ diff --git a/session.c b/session.c index 351b40c13..5463eebec 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.162 2003/08/28 12:54:34 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.163 2003/08/31 13:29:05 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -394,12 +394,6 @@ do_exec_no_pty(Session *s, const char *command) session_proctitle(s); -#ifdef GSSAPI - temporarily_use_uid(s->pw); - ssh_gssapi_storecreds(); - restore_uid(); -#endif - #if defined(USE_PAM) if (options.use_pam) { do_pam_session(s->pw->pw_name, NULL); @@ -529,12 +523,6 @@ do_exec_pty(Session *s, const char *command) ptyfd = s->ptyfd; ttyfd = s->ttyfd; -#ifdef GSSAPI - temporarily_use_uid(s->pw); - ssh_gssapi_storecreds(); - restore_uid(); -#endif - #if defined(USE_PAM) if (options.use_pam) { do_pam_session(s->pw->pw_name, s->tty); @@ -663,6 +651,14 @@ do_exec(Session *s, const char *command) debug("Forced command '%.900s'", command); } +#ifdef GSSAPI + if (options.gss_authentication) { + temporarily_use_uid(s->pw); + ssh_gssapi_storecreds(); + restore_uid(); + } +#endif + if (s->ttyfd != -1) do_exec_pty(s, command); else