diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | session.c | 14 | ||||
| -rw-r--r-- | sshd.c | 6 |
3 files changed, 20 insertions, 6 deletions
| @@ -5,6 +5,10 @@ | |||
| 5 | Make record_failed_login() call provide hostname rather than having the | 5 | Make record_failed_login() call provide hostname rather than having the |
| 6 | implementations having to do lookups themselves. Only affects AIX and | 6 | implementations having to do lookups themselves. Only affects AIX and |
| 7 | UNICOS (the latter only uses the "user" parameter anyway). ok djm@ | 7 | UNICOS (the latter only uses the "user" parameter anyway). ok djm@ |
| 8 | - (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child | ||
| 9 | the process. Since we also unset KRB5CCNAME at startup, if it's set after | ||
| 10 | authentication it must have been set by the platform's native auth system. | ||
| 11 | This was already done for AIX; this enables it for the general case. | ||
| 8 | 12 | ||
| 9 | 20050201 | 13 | 20050201 |
| 10 | - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some | 14 | - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some |
| @@ -2059,4 +2063,4 @@ | |||
| 2059 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 2063 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
| 2060 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 2064 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
| 2061 | 2065 | ||
| 2062 | $Id: ChangeLog,v 1.3630 2005/02/02 06:10:11 dtucker Exp $ | 2066 | $Id: ChangeLog,v 1.3631 2005/02/02 07:30:33 dtucker Exp $ |
| @@ -1090,14 +1090,24 @@ do_setup_env(Session *s, const char *shell) | |||
| 1090 | child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir); | 1090 | child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir); |
| 1091 | #endif /* _UNICOS */ | 1091 | #endif /* _UNICOS */ |
| 1092 | 1092 | ||
| 1093 | /* | ||
| 1094 | * Since we clear KRB5CCNAME at startup, if it's set now then it | ||
| 1095 | * must have been set by a native authentication method (eg AIX or | ||
| 1096 | * SIA), so copy it to the child. | ||
| 1097 | */ | ||
| 1098 | { | ||
| 1099 | char *cp; | ||
| 1100 | |||
| 1101 | if ((cp = getenv("KRB5CCNAME")) != NULL) | ||
| 1102 | child_set_env(&env, &envsize, "KRB5CCNAME", cp); | ||
| 1103 | } | ||
| 1104 | |||
| 1093 | #ifdef _AIX | 1105 | #ifdef _AIX |
| 1094 | { | 1106 | { |
| 1095 | char *cp; | 1107 | char *cp; |
| 1096 | 1108 | ||
| 1097 | if ((cp = getenv("AUTHSTATE")) != NULL) | 1109 | if ((cp = getenv("AUTHSTATE")) != NULL) |
| 1098 | child_set_env(&env, &envsize, "AUTHSTATE", cp); | 1110 | child_set_env(&env, &envsize, "AUTHSTATE", cp); |
| 1099 | if ((cp = getenv("KRB5CCNAME")) != NULL) | ||
| 1100 | child_set_env(&env, &envsize, "KRB5CCNAME", cp); | ||
| 1101 | read_environment_file(&env, &envsize, "/etc/environment"); | 1111 | read_environment_file(&env, &envsize, "/etc/environment"); |
| 1102 | } | 1112 | } |
| 1103 | #endif | 1113 | #endif |
| @@ -1030,13 +1030,13 @@ main(int ac, char **av) | |||
| 1030 | SYSLOG_FACILITY_AUTH : options.log_facility, | 1030 | SYSLOG_FACILITY_AUTH : options.log_facility, |
| 1031 | log_stderr || !inetd_flag); | 1031 | log_stderr || !inetd_flag); |
| 1032 | 1032 | ||
| 1033 | #ifdef _AIX | ||
| 1034 | /* | 1033 | /* |
| 1035 | * Unset KRB5CCNAME, otherwise the user's session may inherit it from | 1034 | * Unset KRB5CCNAME, otherwise the user's session may inherit it from |
| 1036 | * root's environment | 1035 | * root's environment |
| 1037 | */ | 1036 | */ |
| 1038 | unsetenv("KRB5CCNAME"); | 1037 | if (getenv("KRB5CCNAME") != NULL) |
| 1039 | #endif /* _AIX */ | 1038 | unsetenv("KRB5CCNAME"); |
| 1039 | |||
| 1040 | #ifdef _UNICOS | 1040 | #ifdef _UNICOS |
| 1041 | /* Cray can define user privs drop all privs now! | 1041 | /* Cray can define user privs drop all privs now! |
| 1042 | * Not needed on PRIV_SU systems! | 1042 | * Not needed on PRIV_SU systems! |