From 77fa2ab46721bcc01b898b7df0aa85c170931c06 Mon Sep 17 00:00:00 2001 From: basney Date: Mon, 19 Oct 2009 16:29:54 +0000 Subject: [PATCH] updated patch from Matthieu Hautreux for cascading credentials (https://bugzilla.mcs.anl.gov/globus/show_bug.cgi?id=6785) --- openssh/gss-serv-gsi.c | 5 +++-- openssh/gss-serv.c | 13 +++++++++++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/openssh/gss-serv-gsi.c b/openssh/gss-serv-gsi.c index 1a0c3f9..bd72536 100644 --- a/openssh/gss-serv-gsi.c +++ b/openssh/gss-serv-gsi.c @@ -225,12 +225,13 @@ ssh_gssapi_gsi_storecreds(ssh_gssapi_client *client) } /* - * Export updated GSI credential to disk. + * Export updated GSI credentials to disk. */ -static void +static int ssh_gssapi_gsi_updatecreds(ssh_gssapi_ccache *store,ssh_gssapi_client *client) { ssh_gssapi_gsi_storecreds(client); + return 1; } #endif /* GSI */ diff --git a/openssh/gss-serv.c b/openssh/gss-serv.c index 749ed0f..7cbf8e2 100644 --- a/openssh/gss-serv.c +++ b/openssh/gss-serv.c @@ -535,6 +535,7 @@ ssh_gssapi_rekey_creds() { pam_handle_t *pamh = NULL; struct pam_conv pamconv = {ssh_gssapi_simple_conv, NULL}; char *envstr; + char **p;char **pw; #endif if (gssapi_client.store.filename == NULL && @@ -564,6 +565,18 @@ ssh_gssapi_rekey_creds() { if (ret) return; + /* Put ssh pam stack env variables in this new pam stack env + * Using pam-pkinit, KRB5CCNAME is set during do_pam_session + * this addition enables pam-pkinit to access KRB5CCNAME if used + * in sshd-rekey stack too + */ + pw = p = fetch_pam_environment(); + while ( *pw != NULL ) { + pam_putenv(pamh,*pw); + pw++; + } + free_pam_environment(p); + xasprintf(&envstr, "%s=%s", gssapi_client.store.envvar, gssapi_client.store.envval); -- 2.45.1