diff options
Diffstat (limited to 'session.c')
| -rw-r--r-- | session.c | 57 |
1 files changed, 4 insertions, 53 deletions
| @@ -33,7 +33,7 @@ | |||
| 33 | */ | 33 | */ |
| 34 | 34 | ||
| 35 | #include "includes.h" | 35 | #include "includes.h" |
| 36 | RCSID("$OpenBSD: session.c,v 1.158 2003/06/02 09:17:34 markus Exp $"); | 36 | RCSID("$OpenBSD: session.c,v 1.159 2003/07/22 13:35:22 markus Exp $"); |
| 37 | 37 | ||
| 38 | #include "ssh.h" | 38 | #include "ssh.h" |
| 39 | #include "ssh1.h" | 39 | #include "ssh1.h" |
| @@ -222,10 +222,6 @@ do_authenticated(Authctxt *authctxt) | |||
| 222 | /* remove agent socket */ | 222 | /* remove agent socket */ |
| 223 | if (auth_sock_name != NULL) | 223 | if (auth_sock_name != NULL) |
| 224 | auth_sock_cleanup_proc(authctxt->pw); | 224 | auth_sock_cleanup_proc(authctxt->pw); |
| 225 | #ifdef KRB4 | ||
| 226 | if (options.kerberos_ticket_cleanup) | ||
| 227 | krb4_cleanup_proc(authctxt); | ||
| 228 | #endif | ||
| 229 | #ifdef KRB5 | 225 | #ifdef KRB5 |
| 230 | if (options.kerberos_ticket_cleanup) | 226 | if (options.kerberos_ticket_cleanup) |
| 231 | krb5_cleanup_proc(authctxt); | 227 | krb5_cleanup_proc(authctxt); |
| @@ -338,7 +334,7 @@ do_authenticated1(Authctxt *authctxt) | |||
| 338 | success = 1; | 334 | success = 1; |
| 339 | break; | 335 | break; |
| 340 | 336 | ||
| 341 | #if defined(AFS) || defined(KRB5) | 337 | #ifdef KRB5 |
| 342 | case SSH_CMSG_HAVE_KERBEROS_TGT: | 338 | case SSH_CMSG_HAVE_KERBEROS_TGT: |
| 343 | if (!options.kerberos_tgt_passing) { | 339 | if (!options.kerberos_tgt_passing) { |
| 344 | verbose("Kerberos TGT passing disabled."); | 340 | verbose("Kerberos TGT passing disabled."); |
| @@ -346,9 +342,8 @@ do_authenticated1(Authctxt *authctxt) | |||
| 346 | char *kdata = packet_get_string(&dlen); | 342 | char *kdata = packet_get_string(&dlen); |
| 347 | packet_check_eom(); | 343 | packet_check_eom(); |
| 348 | 344 | ||
| 349 | /* XXX - 0x41, see creds_to_radix version */ | 345 | /* XXX - 0x41, used for AFS */ |
| 350 | if (kdata[0] != 0x41) { | 346 | if (kdata[0] != 0x41) { |
| 351 | #ifdef KRB5 | ||
| 352 | krb5_data tgt; | 347 | krb5_data tgt; |
| 353 | tgt.data = kdata; | 348 | tgt.data = kdata; |
| 354 | tgt.length = dlen; | 349 | tgt.length = dlen; |
| @@ -357,38 +352,11 @@ do_authenticated1(Authctxt *authctxt) | |||
| 357 | success = 1; | 352 | success = 1; |
| 358 | else | 353 | else |
| 359 | verbose("Kerberos v5 TGT refused for %.100s", s->authctxt->user); | 354 | verbose("Kerberos v5 TGT refused for %.100s", s->authctxt->user); |
| 360 | #endif /* KRB5 */ | ||
| 361 | } else { | ||
| 362 | #ifdef AFS | ||
| 363 | if (auth_krb4_tgt(s->authctxt, kdata)) | ||
| 364 | success = 1; | ||
| 365 | else | ||
| 366 | verbose("Kerberos v4 TGT refused for %.100s", s->authctxt->user); | ||
| 367 | #endif /* AFS */ | ||
| 368 | } | 355 | } |
| 369 | xfree(kdata); | 356 | xfree(kdata); |
| 370 | } | 357 | } |
| 371 | break; | 358 | break; |
| 372 | #endif /* AFS || KRB5 */ | 359 | #endif |
| 373 | |||
| 374 | #ifdef AFS | ||
| 375 | case SSH_CMSG_HAVE_AFS_TOKEN: | ||
| 376 | if (!options.afs_token_passing || !k_hasafs()) { | ||
| 377 | verbose("AFS token passing disabled."); | ||
| 378 | } else { | ||
| 379 | /* Accept AFS token. */ | ||
| 380 | char *token = packet_get_string(&dlen); | ||
| 381 | packet_check_eom(); | ||
| 382 | |||
| 383 | if (auth_afs_token(s->authctxt, token)) | ||
| 384 | success = 1; | ||
| 385 | else | ||
| 386 | verbose("AFS token refused for %.100s", | ||
| 387 | s->authctxt->user); | ||
| 388 | xfree(token); | ||
| 389 | } | ||
| 390 | break; | ||
| 391 | #endif /* AFS */ | ||
| 392 | 360 | ||
| 393 | case SSH_CMSG_EXEC_SHELL: | 361 | case SSH_CMSG_EXEC_SHELL: |
| 394 | case SSH_CMSG_EXEC_CMD: | 362 | case SSH_CMSG_EXEC_CMD: |
| @@ -1066,11 +1034,6 @@ do_setup_env(Session *s, const char *shell) | |||
| 1066 | read_environment_file(&env, &envsize, "/etc/environment"); | 1034 | read_environment_file(&env, &envsize, "/etc/environment"); |
| 1067 | } | 1035 | } |
| 1068 | #endif | 1036 | #endif |
| 1069 | #ifdef KRB4 | ||
| 1070 | if (s->authctxt->krb4_ticket_file) | ||
| 1071 | child_set_env(&env, &envsize, "KRBTKFILE", | ||
| 1072 | s->authctxt->krb4_ticket_file); | ||
| 1073 | #endif | ||
| 1074 | #ifdef KRB5 | 1037 | #ifdef KRB5 |
| 1075 | if (s->authctxt->krb5_ticket_file) | 1038 | if (s->authctxt->krb5_ticket_file) |
| 1076 | child_set_env(&env, &envsize, "KRB5CCNAME", | 1039 | child_set_env(&env, &envsize, "KRB5CCNAME", |
| @@ -1396,18 +1359,6 @@ do_child(Session *s, const char *command) | |||
| 1396 | */ | 1359 | */ |
| 1397 | environ = env; | 1360 | environ = env; |
| 1398 | 1361 | ||
| 1399 | #ifdef AFS | ||
| 1400 | /* Try to get AFS tokens for the local cell. */ | ||
| 1401 | if (k_hasafs()) { | ||
| 1402 | char cell[64]; | ||
| 1403 | |||
| 1404 | if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0) | ||
| 1405 | krb_afslog(cell, 0); | ||
| 1406 | |||
| 1407 | krb_afslog(0, 0); | ||
| 1408 | } | ||
| 1409 | #endif /* AFS */ | ||
| 1410 | |||
| 1411 | /* Change current directory to the user\'s home directory. */ | 1362 | /* Change current directory to the user\'s home directory. */ |
| 1412 | if (chdir(pw->pw_dir) < 0) { | 1363 | if (chdir(pw->pw_dir) < 0) { |
| 1413 | fprintf(stderr, "Could not chdir to home directory %s: %s\n", | 1364 | fprintf(stderr, "Could not chdir to home directory %s: %s\n", |