- (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child
the process. Since we also unset KRB5CCNAME at startup, if it's set after
authentication it must have been set by the platform's native auth system.
This was already done for AIX; this enables it for the general case.
diff --git a/ChangeLog b/ChangeLog
index 82758ca..d9670f3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,10 @@
Make record_failed_login() call provide hostname rather than having the
implementations having to do lookups themselves. Only affects AIX and
UNICOS (the latter only uses the "user" parameter anyway). ok djm@
+ - (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child
+ the process. Since we also unset KRB5CCNAME at startup, if it's set after
+ authentication it must have been set by the platform's native auth system.
+ This was already done for AIX; this enables it for the general case.
20050201
- (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some
@@ -2059,4 +2063,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.3630 2005/02/02 06:10:11 dtucker Exp $
+$Id: ChangeLog,v 1.3631 2005/02/02 07:30:33 dtucker Exp $
diff --git a/session.c b/session.c
index 7f10abf..4d7ac9d 100644
--- a/session.c
+++ b/session.c
@@ -1090,14 +1090,24 @@
child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir);
#endif /* _UNICOS */
+ /*
+ * Since we clear KRB5CCNAME at startup, if it's set now then it
+ * must have been set by a native authentication method (eg AIX or
+ * SIA), so copy it to the child.
+ */
+ {
+ char *cp;
+
+ if ((cp = getenv("KRB5CCNAME")) != NULL)
+ child_set_env(&env, &envsize, "KRB5CCNAME", cp);
+ }
+
#ifdef _AIX
{
char *cp;
if ((cp = getenv("AUTHSTATE")) != NULL)
child_set_env(&env, &envsize, "AUTHSTATE", cp);
- if ((cp = getenv("KRB5CCNAME")) != NULL)
- child_set_env(&env, &envsize, "KRB5CCNAME", cp);
read_environment_file(&env, &envsize, "/etc/environment");
}
#endif
diff --git a/sshd.c b/sshd.c
index 7f26852..23d6962 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1030,13 +1030,13 @@
SYSLOG_FACILITY_AUTH : options.log_facility,
log_stderr || !inetd_flag);
-#ifdef _AIX
/*
* Unset KRB5CCNAME, otherwise the user's session may inherit it from
* root's environment
*/
- unsetenv("KRB5CCNAME");
-#endif /* _AIX */
+ if (getenv("KRB5CCNAME") != NULL)
+ unsetenv("KRB5CCNAME");
+
#ifdef _UNICOS
/* Cray can define user privs drop all privs now!
* Not needed on PRIV_SU systems!