diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2005-02-02 08:30:33 +0100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2005-02-02 08:30:33 +0100 |
| commit | 9dc6c7dbec0716157e561036c480bca1bc3c7e47 (patch) | |
| tree | 017d1b7ecebcdf6b72fc69fdb866c0194c9dc415 /session.c | |
| parent | - (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}] (diff) | |
| download | openssh-9dc6c7dbec0716157e561036c480bca1bc3c7e47.tar.xz openssh-9dc6c7dbec0716157e561036c480bca1bc3c7e47.zip | |
- (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child
the process. Since we also unset KRB5CCNAME at startup, if it's set after
authentication it must have been set by the platform's native auth system.
This was already done for AIX; this enables it for the general case.
Diffstat (limited to 'session.c')
| -rw-r--r-- | session.c | 14 |
1 files changed, 12 insertions, 2 deletions
@@ -1090,14 +1090,24 @@ do_setup_env(Session *s, const char *shell) child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir); #endif /* _UNICOS */ + /* + * Since we clear KRB5CCNAME at startup, if it's set now then it + * must have been set by a native authentication method (eg AIX or + * SIA), so copy it to the child. + */ + { + char *cp; + + if ((cp = getenv("KRB5CCNAME")) != NULL) + child_set_env(&env, &envsize, "KRB5CCNAME", cp); + } + #ifdef _AIX { char *cp; if ((cp = getenv("AUTHSTATE")) != NULL) child_set_env(&env, &envsize, "AUTHSTATE", cp); - if ((cp = getenv("KRB5CCNAME")) != NULL) - child_set_env(&env, &envsize, "KRB5CCNAME", cp); read_environment_file(&env, &envsize, "/etc/environment"); } #endif |