Bugzilla – Attachment 628 Details for
Bug 445
User DCE Credentials do not get forwarded to child session
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Always unset KRB5CCNAME too.
openssh-krb5ccname.patch (text/plain), 1.75 KB, created by
Darren Tucker
on 2004-05-07 09:45:44 AEST
(
hide
)
Description:
Always unset KRB5CCNAME too.
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2004-05-07 09:45:44 AEST
Size:
1.75 KB
patch
obsolete
>Index: session.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/session.c,v >retrieving revision 1.279 >diff -u -p -r1.279 session.c >--- session.c 2 May 2004 12:11:30 -0000 1.279 >+++ session.c 4 May 2004 12:26:16 -0000 >@@ -1086,14 +1086,24 @@ do_setup_env(Session *s, const char *she > child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir); > #endif /* _UNICOS */ > >+ /* >+ * Since we clear KRB5CCNAME at startup, if it's set now then it >+ * must have been set by a native authentication method (eg AIX or >+ * SIA), so copy it to the child. >+ */ >+ { >+ char *cp; >+ >+ if ((cp = getenv("KRB5CCNAME")) != NULL) >+ child_set_env(&env, &envsize, "KRB5CCNAME", cp); >+ } >+ > #ifdef _AIX > { > char *cp; > > if ((cp = getenv("AUTHSTATE")) != NULL) > child_set_env(&env, &envsize, "AUTHSTATE", cp); >- if ((cp = getenv("KRB5CCNAME")) != NULL) >- child_set_env(&env, &envsize, "KRB5CCNAME", cp); > read_environment_file(&env, &envsize, "/etc/environment"); > } > #endif >Index: sshd.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/sshd.c,v >retrieving revision 1.279 >diff -u -p -r1.279 sshd.c >--- sshd.c 21 Mar 2004 22:36:01 -0000 1.279 >+++ sshd.c 6 May 2004 23:40:31 -0000 >@@ -928,13 +928,13 @@ main(int ac, char **av) > SYSLOG_FACILITY_AUTH : options.log_facility, > log_stderr || !inetd_flag); > >-#ifdef _AIX > /* > * Unset KRB5CCNAME, otherwise the user's session may inherit it from > * root's environment > */ >- unsetenv("KRB5CCNAME"); >-#endif /* _AIX */ >+ if (getenv("KRB5CCNAME") != NULL) >+ unsetenv("KRB5CCNAME"); >+ > #ifdef _UNICOS > /* Cray can define user privs drop all prives now! > * Not needed on PRIV_SU systems!
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=628">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 445
:
197
|
603
|
626
| 628