The man2html from jbasney on pkilab2 works whereas the standard one doesn't.

[gssapi-openssh.git] / openssh / gss-serv.c

diff --git a/openssh/gss-serv.c b/openssh/gss-serv.c
index e1b2b433150f1476909c56221ac04c681dd7afa7..ca1370f7f24207a2e4765a64d0781540bedad3f7 100644 (file)
--- a/openssh/gss-serv.c
+++ b/openssh/gss-serv.c
@@ -455,7 +455,7 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep)
 
 /* Privileged */
 int
-ssh_gssapi_userok(char *user, struct passwd *pw)
+ssh_gssapi_userok(char *user, struct passwd *pw, int gssapi_keyex)
 {
        OM_uint32 lmin;
 
@@ -530,11 +530,12 @@ static int ssh_gssapi_simple_conv(int n, const struct pam_message **msg,
 void
 ssh_gssapi_rekey_creds() {
        int ok;
-       int ret;
 #ifdef USE_PAM
+       int ret;
        pam_handle_t *pamh = NULL;
        struct pam_conv pamconv = {ssh_gssapi_simple_conv, NULL};
        char *envstr;
+       char **p;char **pw;
 #endif
 
        if (gssapi_client.store.filename == NULL && 
@@ -564,6 +565,18 @@ ssh_gssapi_rekey_creds() {
        if (ret)
                return;
 
+       /* Put ssh pam stack env variables in this new pam stack env 
+        * Using pam-pkinit, KRB5CCNAME is set during do_pam_session
+        * this addition enables pam-pkinit to access KRB5CCNAME if used 
+        * in sshd-rekey stack too
+        */
+       pw = p = fetch_pam_environment();
+       while ( *pw != NULL ) {
+               pam_putenv(pamh,*pw);
+               pw++;
+       }
+       free_pam_environment(p);
+
        xasprintf(&envstr, "%s=%s", gssapi_client.store.envvar, 
            gssapi_client.store.envval);
 
@@ -595,4 +608,12 @@ ssh_gssapi_update_creds(ssh_gssapi_ccache *store) {
        return ok;
 }
 
+void
+ssh_gssapi_get_client_info(char **userdn, char **mech) {
+       *userdn = gssapi_client.displayname.value;
+
+       if (gssapi_client.mech)
+               *mech = gssapi_client.mech->name;
+}
+
 #endif