version 1.158, 2003/06/02 09:17:34 |
version 1.159, 2003/07/22 13:35:22 |
|
|
/* remove agent socket */ |
/* remove agent socket */ |
if (auth_sock_name != NULL) |
if (auth_sock_name != NULL) |
auth_sock_cleanup_proc(authctxt->pw); |
auth_sock_cleanup_proc(authctxt->pw); |
#ifdef KRB4 |
|
if (options.kerberos_ticket_cleanup) |
|
krb4_cleanup_proc(authctxt); |
|
#endif |
|
#ifdef KRB5 |
#ifdef KRB5 |
if (options.kerberos_ticket_cleanup) |
if (options.kerberos_ticket_cleanup) |
krb5_cleanup_proc(authctxt); |
krb5_cleanup_proc(authctxt); |
|
|
success = 1; |
success = 1; |
break; |
break; |
|
|
#if defined(AFS) || defined(KRB5) |
#ifdef KRB5 |
case SSH_CMSG_HAVE_KERBEROS_TGT: |
case SSH_CMSG_HAVE_KERBEROS_TGT: |
if (!options.kerberos_tgt_passing) { |
if (!options.kerberos_tgt_passing) { |
verbose("Kerberos TGT passing disabled."); |
verbose("Kerberos TGT passing disabled."); |
|
|
char *kdata = packet_get_string(&dlen); |
char *kdata = packet_get_string(&dlen); |
packet_check_eom(); |
packet_check_eom(); |
|
|
/* XXX - 0x41, see creds_to_radix version */ |
/* XXX - 0x41, used for AFS */ |
if (kdata[0] != 0x41) { |
if (kdata[0] != 0x41) { |
#ifdef KRB5 |
|
krb5_data tgt; |
krb5_data tgt; |
tgt.data = kdata; |
tgt.data = kdata; |
tgt.length = dlen; |
tgt.length = dlen; |
|
|
success = 1; |
success = 1; |
else |
else |
verbose("Kerberos v5 TGT refused for %.100s", s->authctxt->user); |
verbose("Kerberos v5 TGT refused for %.100s", s->authctxt->user); |
#endif /* KRB5 */ |
|
} else { |
|
#ifdef AFS |
|
if (auth_krb4_tgt(s->authctxt, kdata)) |
|
success = 1; |
|
else |
|
verbose("Kerberos v4 TGT refused for %.100s", s->authctxt->user); |
|
#endif /* AFS */ |
|
} |
} |
xfree(kdata); |
xfree(kdata); |
} |
} |
break; |
break; |
#endif /* AFS || KRB5 */ |
#endif |
|
|
#ifdef AFS |
|
case SSH_CMSG_HAVE_AFS_TOKEN: |
|
if (!options.afs_token_passing || !k_hasafs()) { |
|
verbose("AFS token passing disabled."); |
|
} else { |
|
/* Accept AFS token. */ |
|
char *token = packet_get_string(&dlen); |
|
packet_check_eom(); |
|
|
|
if (auth_afs_token(s->authctxt, token)) |
|
success = 1; |
|
else |
|
verbose("AFS token refused for %.100s", |
|
s->authctxt->user); |
|
xfree(token); |
|
} |
|
break; |
|
#endif /* AFS */ |
|
|
|
case SSH_CMSG_EXEC_SHELL: |
case SSH_CMSG_EXEC_SHELL: |
case SSH_CMSG_EXEC_CMD: |
case SSH_CMSG_EXEC_CMD: |
if (type == SSH_CMSG_EXEC_CMD) { |
if (type == SSH_CMSG_EXEC_CMD) { |
|
|
if (original_command) |
if (original_command) |
child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", |
child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", |
original_command); |
original_command); |
#ifdef KRB4 |
|
if (s->authctxt->krb4_ticket_file) |
|
child_set_env(&env, &envsize, "KRBTKFILE", |
|
s->authctxt->krb4_ticket_file); |
|
#endif |
|
#ifdef KRB5 |
#ifdef KRB5 |
if (s->authctxt->krb5_ticket_file) |
if (s->authctxt->krb5_ticket_file) |
child_set_env(&env, &envsize, "KRB5CCNAME", |
child_set_env(&env, &envsize, "KRB5CCNAME", |
|
|
* /etc/ssh/sshrc and xauth are run in the proper environment. |
* /etc/ssh/sshrc and xauth are run in the proper environment. |
*/ |
*/ |
environ = env; |
environ = env; |
|
|
#ifdef AFS |
|
/* Try to get AFS tokens for the local cell. */ |
|
if (k_hasafs()) { |
|
char cell[64]; |
|
|
|
if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0) |
|
krb_afslog(cell, 0); |
|
|
|
krb_afslog(0, 0); |
|
} |
|
#endif /* AFS */ |
|
|
|
/* Change current directory to the user\'s home directory. */ |
/* Change current directory to the user\'s home directory. */ |
if (chdir(pw->pw_dir) < 0) { |
if (chdir(pw->pw_dir) < 0) { |