#include "ssh-gss.h"
#ifdef GSI
#include "globus_gss_assist.h"
+char* olduser;
+int changeuser = 0;
#endif
#endif
service = packet_get_string(NULL);
method = packet_get_string(NULL);
- if(strcmp(method,"external-keyx") == 0 && strcmp(user,"") == 0) {
+#ifdef GSSAPI
+#ifdef GSI
+ if(changeuser == 0 && (strcmp(method,"external-keyx") == 0 || strcmp(method,"gssapi") ==0) && strcmp(user,"") == 0) {
char *gridmapped_name = NULL;
struct passwd *pw = NULL;
-
+ gssapi_setup_env();
if(globus_gss_assist_gridmap(gssapi_client_name.value,
&gridmapped_name) == 0) {
user = gridmapped_name;
debug("I gridmapped and got %s", user);
pw = getpwnam(user);
if (pw && allowed_user(pw)) {
+ olduser = authctxt->user;
authctxt->user = user;
authctxt->pw = pwcopy(pw);
authctxt->valid = 1;
+ changeuser = 1;
}
+
} else {
debug("I gridmapped and got null, reverting to %s", authctxt->user);
user = authctxt->user;
}
}
+ else if(changeuser) {
+ struct passwd *pw = NULL;
+ pw = getpwnam(user);
+ if (pw && allowed_user(pw)) {
+ authctxt->user = olduser;
+ authctxt->pw = pwcopy(pw);
+ authctxt->valid = 1;
+ changeuser = 0;
+ }
+ }
+
+#endif /* GSI */
+#endif /* GSSAPI */
debug("userauth-request for user %s service %s method %s", user, service, method);
debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
Authctxt *authctxt = ctxt;
Gssctxt *gssctxt;
int authenticated;
+
+ if(strcmp(authctxt->user,"") == 0) {
+ char *user;
+ char *gridmapped_name = NULL;
+ struct passwd *pw = NULL;
+ gssapi_setup_env();
+ if(globus_gss_assist_gridmap(gssapi_client_name.value,
+ &gridmapped_name) == 0) {
+ user = gridmapped_name;
+ debug("I gridmapped and got %s", user);
+ pw = getpwnam(user);
+ if (pw && allowed_user(pw)) {
+ authctxt->user = user;
+ authctxt->pw = pwcopy(pw);
+ authctxt->valid = 1;
+ }
+ }
+ }
+
if (authctxt == NULL || authctxt->methoddata == NULL)
fatal("No authentication or GSSAPI context");
debug2("userauth_external");
packet_start(SSH2_MSG_USERAUTH_REQUEST);
- packet_put_cstring(authctxt->server_user);
+ if(options.implicit) packet_put_cstring("");
+ else packet_put_cstring(authctxt->server_user);
packet_put_cstring(authctxt->service);
packet_put_cstring(authctxt->method->name);
packet_send();