diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2005-02-16 16:47:37 +1100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2005-02-16 16:47:37 +1100 |
| commit | c97b01af62fa73b31a5b0c86c21c3347cdd0874d (patch) | |
| tree | 493951e8c22275b3c504ff4e5f63e8b204304703 | |
| parent | ca6e7a7e8b6cc828f5df96b180d03e7ca1179fca (diff) | |
- (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic
authentication early enough to be available to PAM session modules when
privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam
Hartman and similar to Debian's ssh-krb5 package.
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | session.c | 22 |
2 files changed, 19 insertions, 9 deletions
| @@ -8,6 +8,10 @@ | |||
| 8 | - (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant | 8 | - (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant |
| 9 | Unix; prevents problems relating to the location of -lresolv in the | 9 | Unix; prevents problems relating to the location of -lresolv in the |
| 10 | link order. | 10 | link order. |
| 11 | - (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic | ||
| 12 | authentication early enough to be available to PAM session modules when | ||
| 13 | privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam | ||
| 14 | Hartman and similar to Debian's ssh-krb5 package. | ||
| 11 | 15 | ||
| 12 | 20050215 | 16 | 20050215 |
| 13 | - (dtucker) [config.sh.in] Collect oslevel -r too. | 17 | - (dtucker) [config.sh.in] Collect oslevel -r too. |
| @@ -2142,4 +2146,4 @@ | |||
| 2142 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 2146 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
| 2143 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 2147 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
| 2144 | 2148 | ||
| 2145 | $Id: ChangeLog,v 1.3657 2005/02/16 05:19:17 dtucker Exp $ | 2149 | $Id: ChangeLog,v 1.3658 2005/02/16 05:47:37 dtucker Exp $ |
| @@ -677,14 +677,6 @@ do_exec(Session *s, const char *command) | |||
| 677 | } | 677 | } |
| 678 | #endif | 678 | #endif |
| 679 | 679 | ||
| 680 | #ifdef GSSAPI | ||
| 681 | if (options.gss_authentication) { | ||
| 682 | temporarily_use_uid(s->pw); | ||
| 683 | ssh_gssapi_storecreds(); | ||
| 684 | restore_uid(); | ||
| 685 | } | ||
| 686 | #endif | ||
| 687 | |||
| 688 | if (s->ttyfd != -1) | 680 | if (s->ttyfd != -1) |
| 689 | do_exec_pty(s, command); | 681 | do_exec_pty(s, command); |
| 690 | else | 682 | else |
| @@ -1279,6 +1271,13 @@ do_setusercontext(struct passwd *pw) | |||
| 1279 | # ifdef __bsdi__ | 1271 | # ifdef __bsdi__ |
| 1280 | setpgid(0, 0); | 1272 | setpgid(0, 0); |
| 1281 | # endif | 1273 | # endif |
| 1274 | #ifdef GSSAPI | ||
| 1275 | if (options.gss_authentication) { | ||
| 1276 | temporarily_use_uid(pw); | ||
| 1277 | ssh_gssapi_storecreds(); | ||
| 1278 | restore_uid(); | ||
| 1279 | } | ||
| 1280 | #endif | ||
| 1282 | # ifdef USE_PAM | 1281 | # ifdef USE_PAM |
| 1283 | if (options.use_pam) { | 1282 | if (options.use_pam) { |
| 1284 | do_pam_session(); | 1283 | do_pam_session(); |
| @@ -1309,6 +1308,13 @@ do_setusercontext(struct passwd *pw) | |||
| 1309 | exit(1); | 1308 | exit(1); |
| 1310 | } | 1309 | } |
| 1311 | endgrent(); | 1310 | endgrent(); |
| 1311 | #ifdef GSSAPI | ||
| 1312 | if (options.gss_authentication) { | ||
| 1313 | temporarily_use_uid(pw); | ||
| 1314 | ssh_gssapi_storecreds(); | ||
| 1315 | restore_uid(); | ||
| 1316 | } | ||
| 1317 | #endif | ||
| 1312 | # ifdef USE_PAM | 1318 | # ifdef USE_PAM |
| 1313 | /* | 1319 | /* |
| 1314 | * PAM credentials may take the form of supplementary groups. | 1320 | * PAM credentials may take the form of supplementary groups. |