- (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child

the process.  Since we also unset KRB5CCNAME at startup, if it's set after
   authentication it must have been set by the platform's native auth system.
   This was already done for AIX; this enables it for the general case.
This commit is contained in:
Darren Tucker 2005-02-02 18:30:33 +11:00
parent 42d9dc75ed
commit 9dc6c7dbec
3 changed files with 20 additions and 6 deletions

View File

@ -5,6 +5,10 @@
Make record_failed_login() call provide hostname rather than having the Make record_failed_login() call provide hostname rather than having the
implementations having to do lookups themselves. Only affects AIX and implementations having to do lookups themselves. Only affects AIX and
UNICOS (the latter only uses the "user" parameter anyway). ok djm@ UNICOS (the latter only uses the "user" parameter anyway). ok djm@
- (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child
the process. Since we also unset KRB5CCNAME at startup, if it's set after
authentication it must have been set by the platform's native auth system.
This was already done for AIX; this enables it for the general case.
20050201 20050201
- (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some
@ -2059,4 +2063,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
$Id: ChangeLog,v 1.3630 2005/02/02 06:10:11 dtucker Exp $ $Id: ChangeLog,v 1.3631 2005/02/02 07:30:33 dtucker Exp $

View File

@ -1090,14 +1090,24 @@ do_setup_env(Session *s, const char *shell)
child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir); child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir);
#endif /* _UNICOS */ #endif /* _UNICOS */
/*
* Since we clear KRB5CCNAME at startup, if it's set now then it
* must have been set by a native authentication method (eg AIX or
* SIA), so copy it to the child.
*/
{
char *cp;
if ((cp = getenv("KRB5CCNAME")) != NULL)
child_set_env(&env, &envsize, "KRB5CCNAME", cp);
}
#ifdef _AIX #ifdef _AIX
{ {
char *cp; char *cp;
if ((cp = getenv("AUTHSTATE")) != NULL) if ((cp = getenv("AUTHSTATE")) != NULL)
child_set_env(&env, &envsize, "AUTHSTATE", cp); child_set_env(&env, &envsize, "AUTHSTATE", cp);
if ((cp = getenv("KRB5CCNAME")) != NULL)
child_set_env(&env, &envsize, "KRB5CCNAME", cp);
read_environment_file(&env, &envsize, "/etc/environment"); read_environment_file(&env, &envsize, "/etc/environment");
} }
#endif #endif

4
sshd.c
View File

@ -1030,13 +1030,13 @@ main(int ac, char **av)
SYSLOG_FACILITY_AUTH : options.log_facility, SYSLOG_FACILITY_AUTH : options.log_facility,
log_stderr || !inetd_flag); log_stderr || !inetd_flag);
#ifdef _AIX
/* /*
* Unset KRB5CCNAME, otherwise the user's session may inherit it from * Unset KRB5CCNAME, otherwise the user's session may inherit it from
* root's environment * root's environment
*/ */
if (getenv("KRB5CCNAME") != NULL)
unsetenv("KRB5CCNAME"); unsetenv("KRB5CCNAME");
#endif /* _AIX */
#ifdef _UNICOS #ifdef _UNICOS
/* Cray can define user privs drop all privs now! /* Cray can define user privs drop all privs now!
* Not needed on PRIV_SU systems! * Not needed on PRIV_SU systems!