mirror of git://anongit.mindrot.org/openssh.git
- (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child
the process. Since we also unset KRB5CCNAME at startup, if it's set after authentication it must have been set by the platform's native auth system. This was already done for AIX; this enables it for the general case.
This commit is contained in:
parent
42d9dc75ed
commit
9dc6c7dbec
|
@ -5,6 +5,10 @@
|
||||||
Make record_failed_login() call provide hostname rather than having the
|
Make record_failed_login() call provide hostname rather than having the
|
||||||
implementations having to do lookups themselves. Only affects AIX and
|
implementations having to do lookups themselves. Only affects AIX and
|
||||||
UNICOS (the latter only uses the "user" parameter anyway). ok djm@
|
UNICOS (the latter only uses the "user" parameter anyway). ok djm@
|
||||||
|
- (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child
|
||||||
|
the process. Since we also unset KRB5CCNAME at startup, if it's set after
|
||||||
|
authentication it must have been set by the platform's native auth system.
|
||||||
|
This was already done for AIX; this enables it for the general case.
|
||||||
|
|
||||||
20050201
|
20050201
|
||||||
- (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some
|
- (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some
|
||||||
|
@ -2059,4 +2063,4 @@
|
||||||
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
|
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
|
||||||
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
||||||
|
|
||||||
$Id: ChangeLog,v 1.3630 2005/02/02 06:10:11 dtucker Exp $
|
$Id: ChangeLog,v 1.3631 2005/02/02 07:30:33 dtucker Exp $
|
||||||
|
|
14
session.c
14
session.c
|
@ -1090,14 +1090,24 @@ do_setup_env(Session *s, const char *shell)
|
||||||
child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir);
|
child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir);
|
||||||
#endif /* _UNICOS */
|
#endif /* _UNICOS */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Since we clear KRB5CCNAME at startup, if it's set now then it
|
||||||
|
* must have been set by a native authentication method (eg AIX or
|
||||||
|
* SIA), so copy it to the child.
|
||||||
|
*/
|
||||||
|
{
|
||||||
|
char *cp;
|
||||||
|
|
||||||
|
if ((cp = getenv("KRB5CCNAME")) != NULL)
|
||||||
|
child_set_env(&env, &envsize, "KRB5CCNAME", cp);
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef _AIX
|
#ifdef _AIX
|
||||||
{
|
{
|
||||||
char *cp;
|
char *cp;
|
||||||
|
|
||||||
if ((cp = getenv("AUTHSTATE")) != NULL)
|
if ((cp = getenv("AUTHSTATE")) != NULL)
|
||||||
child_set_env(&env, &envsize, "AUTHSTATE", cp);
|
child_set_env(&env, &envsize, "AUTHSTATE", cp);
|
||||||
if ((cp = getenv("KRB5CCNAME")) != NULL)
|
|
||||||
child_set_env(&env, &envsize, "KRB5CCNAME", cp);
|
|
||||||
read_environment_file(&env, &envsize, "/etc/environment");
|
read_environment_file(&env, &envsize, "/etc/environment");
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
6
sshd.c
6
sshd.c
|
@ -1030,13 +1030,13 @@ main(int ac, char **av)
|
||||||
SYSLOG_FACILITY_AUTH : options.log_facility,
|
SYSLOG_FACILITY_AUTH : options.log_facility,
|
||||||
log_stderr || !inetd_flag);
|
log_stderr || !inetd_flag);
|
||||||
|
|
||||||
#ifdef _AIX
|
|
||||||
/*
|
/*
|
||||||
* Unset KRB5CCNAME, otherwise the user's session may inherit it from
|
* Unset KRB5CCNAME, otherwise the user's session may inherit it from
|
||||||
* root's environment
|
* root's environment
|
||||||
*/
|
*/
|
||||||
unsetenv("KRB5CCNAME");
|
if (getenv("KRB5CCNAME") != NULL)
|
||||||
#endif /* _AIX */
|
unsetenv("KRB5CCNAME");
|
||||||
|
|
||||||
#ifdef _UNICOS
|
#ifdef _UNICOS
|
||||||
/* Cray can define user privs drop all privs now!
|
/* Cray can define user privs drop all privs now!
|
||||||
* Not needed on PRIV_SU systems!
|
* Not needed on PRIV_SU systems!
|
||||||
|
|
Loading…
Reference in New Issue