#ifdef GSSAPI
#ifdef GSI
-#include "auth.h"
-#include "auth-pam.h"
+#include <sys/types.h>
+
+#include <stdarg.h>
+#include <string.h>
+
#include "xmalloc.h"
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
#include "log.h"
#include "servconf.h"
+#include "buffer.h"
#include "ssh-gss.h"
extern ServerOptions options;
static int ssh_gssapi_gsi_userok(ssh_gssapi_client *client, char *name);
static int ssh_gssapi_gsi_localname(ssh_gssapi_client *client, char **user);
static void ssh_gssapi_gsi_storecreds(ssh_gssapi_client *client);
+static void ssh_gssapi_gsi_updatecreds(ssh_gssapi_ccache *store,
+ ssh_gssapi_client *client);
ssh_gssapi_mech gssapi_gsi_mech = {
"dZuIebMjgUqaxvbF7hDbAw==",
NULL,
&ssh_gssapi_gsi_userok,
&ssh_gssapi_gsi_localname,
- &ssh_gssapi_gsi_storecreds
+ &ssh_gssapi_gsi_storecreds,
+ &ssh_gssapi_gsi_updatecreds
};
/*
(res = globus_gss_assist_map_and_authorize(client->context, "ssh",
name, lname, 256))) {
debug("%s", globus_error_print_chain(globus_error_get(res)));
- } else if (strcmp(name, lname) != 0) {
+ } else if (lname && lname[0] && strcmp(name, lname) != 0) {
debug("GSI user maps to %s, not %s", lname, name);
} else {
authorized = 1;
} else {
client->store.envvar = strdup((char *)export_cred.value);
}
+ if (access(p, R_OK) == 0) {
+ if (client->store.filename) {
+ if (rename(p, client->store.filename) < 0) {
+ logit("Failed to rename %s to %s: %s", p,
+ client->store.filename, strerror(errno));
+ xfree(client->store.filename);
+ client->store.filename = strdup(p);
+ } else {
+ p = client->store.filename;
+ }
+ } else {
+ client->store.filename = strdup(p);
+ }
+ }
client->store.envval = strdup(p);
#ifdef USE_PAM
if (options.use_pam)
do_pam_putenv(client->store.envvar, client->store.envval);
#endif
- if (strncmp(p, "FILE:", 5) == 0) {
- p += 5;
- }
- if (access(p, R_OK) == 0) {
- client->store.filename = strdup(p);
- }
gss_release_buffer(&minor_status, &export_cred);
}
+/*
+ * Export updated GSI credentials to disk.
+ */
+static int
+ssh_gssapi_gsi_updatecreds(ssh_gssapi_ccache *store,ssh_gssapi_client *client)
+{
+ ssh_gssapi_gsi_storecreds(client);
+ return 1;
+}
+
#endif /* GSI */
#endif /* GSSAPI */