diff options
author | Darren Tucker <dtucker@zip.com.au> | 2003-12-31 11:37:34 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2003-12-31 11:37:34 +1100 |
commit | 22ef5087543839dd14e1591923e669518b5c13e8 (patch) | |
tree | 04fbe364bff27e55963a17f5cdce7c7c08da070c /session.c | |
parent | a32e19c637cec7b6c4ce779c6b6586c3880de6b2 (diff) |
- jakob@cvs.openbsd.org 2003/12/23 16:12:10
[servconf.c servconf.h session.c sshd_config]
implement KerberosGetAFSToken server option. ok markus@, beck@
Diffstat (limited to 'session.c')
-rw-r--r-- | session.c | 28 |
1 files changed, 27 insertions, 1 deletions
@@ -33,7 +33,7 @@ | |||
33 | */ | 33 | */ |
34 | 34 | ||
35 | #include "includes.h" | 35 | #include "includes.h" |
36 | RCSID("$OpenBSD: session.c,v 1.169 2003/12/02 17:01:15 markus Exp $"); | 36 | RCSID("$OpenBSD: session.c,v 1.170 2003/12/23 16:12:10 jakob Exp $"); |
37 | 37 | ||
38 | #include "ssh.h" | 38 | #include "ssh.h" |
39 | #include "ssh1.h" | 39 | #include "ssh1.h" |
@@ -1415,6 +1415,32 @@ do_child(Session *s, const char *command) | |||
1415 | */ | 1415 | */ |
1416 | environ = env; | 1416 | environ = env; |
1417 | 1417 | ||
1418 | #ifdef KRB5 | ||
1419 | /* | ||
1420 | * At this point, we check to see if AFS is active and if we have | ||
1421 | * a valid Kerberos 5 TGT. If so, it seems like a good idea to see | ||
1422 | * if we can (and need to) extend the ticket into an AFS token. If | ||
1423 | * we don't do this, we run into potential problems if the user's | ||
1424 | * home directory is in AFS and it's not world-readable. | ||
1425 | */ | ||
1426 | |||
1427 | if (options.kerberos_get_afs_token && k_hasafs() && | ||
1428 | (s->authctxt->krb5_ctx != NULL)) { | ||
1429 | char cell[64]; | ||
1430 | |||
1431 | debug("Getting AFS token"); | ||
1432 | |||
1433 | k_setpag(); | ||
1434 | |||
1435 | if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0) | ||
1436 | krb5_afslog(s->authctxt->krb5_ctx, | ||
1437 | s->authctxt->krb5_fwd_ccache, cell, NULL); | ||
1438 | |||
1439 | krb5_afslog_home(s->authctxt->krb5_ctx, | ||
1440 | s->authctxt->krb5_fwd_ccache, NULL, NULL, pw->pw_dir); | ||
1441 | } | ||
1442 | #endif | ||
1443 | |||
1418 | /* Change current directory to the user\'s home directory. */ | 1444 | /* Change current directory to the user\'s home directory. */ |
1419 | if (chdir(pw->pw_dir) < 0) { | 1445 | if (chdir(pw->pw_dir) < 0) { |
1420 | fprintf(stderr, "Could not chdir to home directory %s: %s\n", | 1446 | fprintf(stderr, "Could not chdir to home directory %s: %s\n", |