diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | session.c | 22 |
2 files changed, 19 insertions, 9 deletions
@@ -8,6 +8,10 @@ | |||
8 | - (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant | 8 | - (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant |
9 | Unix; prevents problems relating to the location of -lresolv in the | 9 | Unix; prevents problems relating to the location of -lresolv in the |
10 | link order. | 10 | link order. |
11 | - (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic | ||
12 | authentication early enough to be available to PAM session modules when | ||
13 | privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam | ||
14 | Hartman and similar to Debian's ssh-krb5 package. | ||
11 | 15 | ||
12 | 20050215 | 16 | 20050215 |
13 | - (dtucker) [config.sh.in] Collect oslevel -r too. | 17 | - (dtucker) [config.sh.in] Collect oslevel -r too. |
@@ -2142,4 +2146,4 @@ | |||
2142 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 2146 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
2143 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 2147 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
2144 | 2148 | ||
2145 | $Id: ChangeLog,v 1.3657 2005/02/16 05:19:17 dtucker Exp $ | 2149 | $Id: ChangeLog,v 1.3658 2005/02/16 05:47:37 dtucker Exp $ |
@@ -677,14 +677,6 @@ do_exec(Session *s, const char *command) | |||
677 | } | 677 | } |
678 | #endif | 678 | #endif |
679 | 679 | ||
680 | #ifdef GSSAPI | ||
681 | if (options.gss_authentication) { | ||
682 | temporarily_use_uid(s->pw); | ||
683 | ssh_gssapi_storecreds(); | ||
684 | restore_uid(); | ||
685 | } | ||
686 | #endif | ||
687 | |||
688 | if (s->ttyfd != -1) | 680 | if (s->ttyfd != -1) |
689 | do_exec_pty(s, command); | 681 | do_exec_pty(s, command); |
690 | else | 682 | else |
@@ -1279,6 +1271,13 @@ do_setusercontext(struct passwd *pw) | |||
1279 | # ifdef __bsdi__ | 1271 | # ifdef __bsdi__ |
1280 | setpgid(0, 0); | 1272 | setpgid(0, 0); |
1281 | # endif | 1273 | # endif |
1274 | #ifdef GSSAPI | ||
1275 | if (options.gss_authentication) { | ||
1276 | temporarily_use_uid(pw); | ||
1277 | ssh_gssapi_storecreds(); | ||
1278 | restore_uid(); | ||
1279 | } | ||
1280 | #endif | ||
1282 | # ifdef USE_PAM | 1281 | # ifdef USE_PAM |
1283 | if (options.use_pam) { | 1282 | if (options.use_pam) { |
1284 | do_pam_session(); | 1283 | do_pam_session(); |
@@ -1309,6 +1308,13 @@ do_setusercontext(struct passwd *pw) | |||
1309 | exit(1); | 1308 | exit(1); |
1310 | } | 1309 | } |
1311 | endgrent(); | 1310 | endgrent(); |
1311 | #ifdef GSSAPI | ||
1312 | if (options.gss_authentication) { | ||
1313 | temporarily_use_uid(pw); | ||
1314 | ssh_gssapi_storecreds(); | ||
1315 | restore_uid(); | ||
1316 | } | ||
1317 | #endif | ||
1312 | # ifdef USE_PAM | 1318 | # ifdef USE_PAM |
1313 | /* | 1319 | /* |
1314 | * PAM credentials may take the form of supplementary groups. | 1320 | * PAM credentials may take the form of supplementary groups. |