On Fri, May 03, 2002 at 02:53:40PM -0400, Derek T. Yarnell wrote: > damn... > I attacked this problem a slightly different way. I took the aklog code from the krb5-afs toolkit and made it into a linkable library. Now you can link against -laklog which exports an aklog() and unlog() function.
I don't know if this is the "best" way of going about things, but it seemed like the cleanest at the time... Attached is k5afs.tar which is the library source, basically a pruned down version of Ken's aklog, and an OpenSSH diffs file which also includes basic instructions on how to get OpenSSH to compile with the aklog library. Let me know if you have any problems, I've tested this on Linux and Solaris 8 so far... enjoy -- Jason Garman / [EMAIL PROTECTED]
k5afs.tar
Description: Binary data
First part of automatic afs token grabbing support.
Relies on external "libaklog" which I'll import later in a "k5afs" module.
Also requires Makefile changes; most notably the LIBS line:
LIBS=-lresolv -lz -lsocket -lnsl -lcrypto -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err
-laklog -lkrb524 -lsys -lprot -lubik -lauth -lrxkad -lrx -llwp -ldes -lsys
/usr/local/lib/afs/util.a -lcom_err -laklog
should compile sshd correctly.
--- openssh/servconf.c 2002/03/08 15:33:46 1.2
+++ openssh/servconf.c 2002/04/20 20:09:34 1.3
@@ -100,6 +100,9 @@
#ifdef AFS
options->afs_token_passing = -1;
#endif
+#if 1 /* VIAKEN MODS */
+ options->run_aklog = -1;
+#endif
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->challenge_response_authentication = -1;
@@ -219,6 +222,10 @@
if (options->afs_token_passing == -1)
options->afs_token_passing = k_hasafs();
#endif
+#if 1 /* VIAKEN MODS */
+ if (options->run_aklog == -1)
+ options->run_aklog = 0;
+#endif
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1)
@@ -277,6 +284,9 @@
#ifdef AFS
sAFSTokenPassing,
#endif
+#if 1 /* VIAKEN MODS */
+ sRunAklog,
+#endif
sChallengeResponseAuthentication,
sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
sPrintMotd, sPrintLastLog, sIgnoreRhosts,
@@ -335,6 +345,9 @@
#ifdef AFS
{ "afstokenpassing", sAFSTokenPassing },
#endif
+#if 1 /* VIAKEN MODS */
+ { "runaklog", sRunAklog },
+#endif
{ "passwordauthentication", sPasswordAuthentication },
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
{ "challengeresponseauthentication", sChallengeResponseAuthentication },
@@ -686,7 +699,11 @@
intptr = &options->afs_token_passing;
goto parse_flag;
#endif
-
+#if 1 /* VIAKEN MODS */
+ case sRunAklog:
+ intptr = &options->run_aklog;
+ goto parse_flag;
+#endif
case sPasswordAuthentication:
intptr = &options->password_authentication;
goto parse_flag;
--- openssh/servconf.h 2002/03/08 15:33:46 1.2
+++ openssh/servconf.h 2002/04/20 20:09:34 1.3
@@ -97,6 +97,9 @@
#ifdef AFS
int afs_token_passing; /* If true, permit AFS token passing. */
#endif
+#if 1 /* VIAKEN MODS */
+ int run_aklog;
+#endif
int password_authentication; /* If true, permit password
* authentication. */
int kbd_interactive_authentication; /* If true, permit */
--- openssh/session.c 2002/03/08 15:37:51 1.3
+++ openssh/session.c 2002/04/20 20:09:35 1.4
@@ -96,6 +96,10 @@
# include <uinfo.h>
#endif
+#if 1 /* VIAKEN MODS */
+#include <aklog.h>
+#endif
+
/* types */
#define TTYSZ 64
@@ -1398,6 +1402,15 @@
#endif /* AFS */
debug ("Changing to users' directory");
+
+#if 1 /* VIAKEN MODS */
+ if (options.run_aklog) {
+ debug ("Starting aklog");
+ aklog ();
+ debug ("Finished aklog");
+ }
+#endif
+
/* Change current directory to the user\'s home directory. */
if (chdir(pw->pw_dir) < 0) {
fprintf(stderr, "Could not chdir to home directory %s: %s\n",
