summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog6
-rw-r--r--session.c22
2 files changed, 19 insertions, 9 deletions
diff --git a/ChangeLog b/ChangeLog
index bbead8299..9d132f981 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,10 @@
8 - (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant 8 - (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant
9 Unix; prevents problems relating to the location of -lresolv in the 9 Unix; prevents problems relating to the location of -lresolv in the
10 link order. 10 link order.
11 - (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic
12 authentication early enough to be available to PAM session modules when
13 privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam
14 Hartman and similar to Debian's ssh-krb5 package.
11 15
1220050215 1620050215
13 - (dtucker) [config.sh.in] Collect oslevel -r too. 17 - (dtucker) [config.sh.in] Collect oslevel -r too.
@@ -2142,4 +2146,4 @@
2142 - (djm) Trim deprecated options from INSTALL. Mention UsePAM 2146 - (djm) Trim deprecated options from INSTALL. Mention UsePAM
2143 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu 2147 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
2144 2148
2145$Id: ChangeLog,v 1.3657 2005/02/16 05:19:17 dtucker Exp $ 2149$Id: ChangeLog,v 1.3658 2005/02/16 05:47:37 dtucker Exp $
diff --git a/session.c b/session.c
index 1896e141f..df7552334 100644
--- a/session.c
+++ b/session.c
@@ -677,14 +677,6 @@ do_exec(Session *s, const char *command)
677 } 677 }
678#endif 678#endif
679 679
680#ifdef GSSAPI
681 if (options.gss_authentication) {
682 temporarily_use_uid(s->pw);
683 ssh_gssapi_storecreds();
684 restore_uid();
685 }
686#endif
687
688 if (s->ttyfd != -1) 680 if (s->ttyfd != -1)
689 do_exec_pty(s, command); 681 do_exec_pty(s, command);
690 else 682 else
@@ -1279,6 +1271,13 @@ do_setusercontext(struct passwd *pw)
1279# ifdef __bsdi__ 1271# ifdef __bsdi__
1280 setpgid(0, 0); 1272 setpgid(0, 0);
1281# endif 1273# endif
1274#ifdef GSSAPI
1275 if (options.gss_authentication) {
1276 temporarily_use_uid(pw);
1277 ssh_gssapi_storecreds();
1278 restore_uid();
1279 }
1280#endif
1282# ifdef USE_PAM 1281# ifdef USE_PAM
1283 if (options.use_pam) { 1282 if (options.use_pam) {
1284 do_pam_session(); 1283 do_pam_session();
@@ -1309,6 +1308,13 @@ do_setusercontext(struct passwd *pw)
1309 exit(1); 1308 exit(1);
1310 } 1309 }
1311 endgrent(); 1310 endgrent();
1311#ifdef GSSAPI
1312 if (options.gss_authentication) {
1313 temporarily_use_uid(pw);
1314 ssh_gssapi_storecreds();
1315 restore_uid();
1316 }
1317#endif
1312# ifdef USE_PAM 1318# ifdef USE_PAM
1313 /* 1319 /*
1314 * PAM credentials may take the form of supplementary groups. 1320 * PAM credentials may take the form of supplementary groups.