diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2003-08-22 10:56:10 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2003-08-22 10:56:10 +0000 |
| commit | b3e8a9a0da9a4fbe3a84d9d3113851474129d460 (patch) | |
| tree | e9178b4b7b0d42fddee0adfb2912da00660f13bb /usr.bin/ssh/session.c | |
| parent | 49f5a4b688e110da4d5e2d9a08bff2979053472e (diff) | |
support GSS API user authentication; patches from Simon Wilkinson,
stripped down and tested by Jakob and myself.
Diffstat (limited to 'usr.bin/ssh/session.c')
| -rw-r--r-- | usr.bin/ssh/session.c | 31 |
1 files changed, 29 insertions, 2 deletions
diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c index 3a866532a47..4823c5f07e1 100644 --- a/usr.bin/ssh/session.c +++ b/usr.bin/ssh/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.160 2003/08/13 08:33:02 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.161 2003/08/22 10:56:09 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -58,6 +58,10 @@ RCSID("$OpenBSD: session.c,v 1.160 2003/08/13 08:33:02 markus Exp $"); #include "session.h" #include "monitor_wrap.h" +#ifdef GSSAPI +#include "ssh-gss.h" +#endif + /* func */ Session *session_new(void); @@ -409,6 +413,12 @@ do_exec_no_pty(Session *s, const char *command) session_proctitle(s); +#ifdef GSSAPI + temporarily_use_uid(s->pw); + ssh_gssapi_storecreds(); + restore_uid(); +#endif + /* Fork the child. */ if ((pid = fork()) == 0) { fatal_remove_all_cleanups(); @@ -517,6 +527,12 @@ do_exec_pty(Session *s, const char *command) ptyfd = s->ptyfd; ttyfd = s->ttyfd; +#ifdef GSSAPI + temporarily_use_uid(s->pw); + ssh_gssapi_storecreds(); + restore_uid(); +#endif + /* Fork the child. */ if ((pid = fork()) == 0) { fatal_remove_all_cleanups(); @@ -703,7 +719,7 @@ check_quietlogin(Session *s, const char *command) * Sets the value of the given variable in the environment. If the variable * already exists, its value is overriden. */ -static void +void child_set_env(char ***envp, u_int *envsizep, const char *name, const char *value) { @@ -799,6 +815,13 @@ do_setup_env(Session *s, const char *shell) env = xmalloc(envsize * sizeof(char *)); env[0] = NULL; +#ifdef GSSAPI + /* Allow any GSSAPI methods that we've used to alter + * the childs environment as they see fit + */ + ssh_gssapi_do_child(&env, &envsize); +#endif + if (!options.use_login) { /* Set basic environment. */ child_set_env(&env, &envsize, "USER", pw->pw_name); @@ -1826,4 +1849,8 @@ static void do_authenticated2(Authctxt *authctxt) { server_loop2(authctxt); +#if defined(GSSAPI) + if (options.gss_cleanup_creds) + ssh_gssapi_cleanup_creds(NULL); +#endif } |