summaryrefslogtreecommitdiff
path: root/session.c
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2003-08-26 11:49:55 +1000
committerDarren Tucker <dtucker@zip.com.au>2003-08-26 11:49:55 +1000
commit0efd155c3c184f0eaa2e1eb244eaaf066e6906e0 (patch)
tree10f24586373d825d68cefd4a3746fe738cf0614a /session.c
parent30912f7259b771a1cf705c0bc47a6c3f3edffb43 (diff)
- markus@cvs.openbsd.org 2003/08/22 10:56:09
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c session.h ssh-gss.h ssh_config.5 sshconnect2.c sshd_config sshd_config.5] support GSS API user authentication; patches from Simon Wilkinson, stripped down and tested by Jakob and myself.
Diffstat (limited to 'session.c')
-rw-r--r--session.c31
1 files changed, 29 insertions, 2 deletions
diff --git a/session.c b/session.c
index 20c4b8a97..3593a3ff5 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
33 */ 33 */
34 34
35#include "includes.h" 35#include "includes.h"
36RCSID("$OpenBSD: session.c,v 1.160 2003/08/13 08:33:02 markus Exp $"); 36RCSID("$OpenBSD: session.c,v 1.161 2003/08/22 10:56:09 markus Exp $");
37 37
38#include "ssh.h" 38#include "ssh.h"
39#include "ssh1.h" 39#include "ssh1.h"
@@ -58,6 +58,10 @@ RCSID("$OpenBSD: session.c,v 1.160 2003/08/13 08:33:02 markus Exp $");
58#include "session.h" 58#include "session.h"
59#include "monitor_wrap.h" 59#include "monitor_wrap.h"
60 60
61#ifdef GSSAPI
62#include "ssh-gss.h"
63#endif
64
61/* func */ 65/* func */
62 66
63Session *session_new(void); 67Session *session_new(void);
@@ -424,6 +428,12 @@ do_exec_no_pty(Session *s, const char *command)
424 } 428 }
425#endif /* USE_PAM */ 429#endif /* USE_PAM */
426 430
431#ifdef GSSAPI
432 temporarily_use_uid(s->pw);
433 ssh_gssapi_storecreds();
434 restore_uid();
435#endif
436
427 /* Fork the child. */ 437 /* Fork the child. */
428 if ((pid = fork()) == 0) { 438 if ((pid = fork()) == 0) {
429 fatal_remove_all_cleanups(); 439 fatal_remove_all_cleanups();
@@ -550,6 +560,12 @@ do_exec_pty(Session *s, const char *command)
550 } 560 }
551#endif 561#endif
552 562
563#ifdef GSSAPI
564 temporarily_use_uid(s->pw);
565 ssh_gssapi_storecreds();
566 restore_uid();
567#endif
568
553 /* Fork the child. */ 569 /* Fork the child. */
554 if ((pid = fork()) == 0) { 570 if ((pid = fork()) == 0) {
555 fatal_remove_all_cleanups(); 571 fatal_remove_all_cleanups();
@@ -807,7 +823,7 @@ check_quietlogin(Session *s, const char *command)
807 * Sets the value of the given variable in the environment. If the variable 823 * Sets the value of the given variable in the environment. If the variable
808 * already exists, its value is overriden. 824 * already exists, its value is overriden.
809 */ 825 */
810static void 826void
811child_set_env(char ***envp, u_int *envsizep, const char *name, 827child_set_env(char ***envp, u_int *envsizep, const char *name,
812 const char *value) 828 const char *value)
813{ 829{
@@ -934,6 +950,13 @@ do_setup_env(Session *s, const char *shell)
934 copy_environment(environ, &env, &envsize); 950 copy_environment(environ, &env, &envsize);
935#endif 951#endif
936 952
953#ifdef GSSAPI
954 /* Allow any GSSAPI methods that we've used to alter
955 * the childs environment as they see fit
956 */
957 ssh_gssapi_do_child(&env, &envsize);
958#endif
959
937 if (!options.use_login) { 960 if (!options.use_login) {
938 /* Set basic environment. */ 961 /* Set basic environment. */
939 child_set_env(&env, &envsize, "USER", pw->pw_name); 962 child_set_env(&env, &envsize, "USER", pw->pw_name);
@@ -2088,4 +2111,8 @@ static void
2088do_authenticated2(Authctxt *authctxt) 2111do_authenticated2(Authctxt *authctxt)
2089{ 2112{
2090 server_loop2(authctxt); 2113 server_loop2(authctxt);
2114#if defined(GSSAPI)
2115 if (options.gss_cleanup_creds)
2116 ssh_gssapi_cleanup_creds(NULL);
2117#endif
2091} 2118}
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-21 04:27:59 +0000