Bugzilla – Attachment 951 Details for
Bug 1073
if userok rejects a user their creds still get set
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Delete delegated credentials if userok call fails
openssh-badccache.patch (text/plain), 1.62 KB, created by
Simon Wilkinson
on 2005-08-27 04:29:42 AEST
(
hide
)
Description:
Delete delegated credentials if userok call fails
Filename:
MIME Type:
Creator:
Simon Wilkinson
Created:
2005-08-27 04:29:42 AEST
Size:
1.62 KB
patch
obsolete
>Index: gss-serv.c >=================================================================== >RCS file: /cvs/openssh/gss-serv.c,v >retrieving revision 1.7 >diff -u -r1.7 gss-serv.c >--- gss-serv.c 17 Jul 2005 07:22:45 -0000 1.7 >+++ gss-serv.c 26 Aug 2005 10:00:49 -0000 >@@ -275,13 +275,25 @@ > int > ssh_gssapi_userok(char *user) > { >+ OM_uint32 lmin; >+ > if (gssapi_client.exportedname.length == 0 || > gssapi_client.exportedname.value == NULL) { > debug("No suitable client data"); > return 0; > } > if (gssapi_client.mech && gssapi_client.mech->userok) >- return ((*gssapi_client.mech->userok)(&gssapi_client, user)); >+ if ((*gssapi_client.mech->userok)(&gssapi_client, user)) >+ return 1; >+ else { >+ /* Destroy delegated credentials if userok fails */ >+ gss_release_buffer(&lmin, &gssapi_client.displayname); >+ gss_release_buffer(&lmin, &gssapi_client.exportedname); >+ gss_release_cred(&lmin, gssapi_client.creds); >+ memset((void *)&gssapi_client, 0, >+ sizeof(ssh_gssapi_client)); >+ return 0; >+ } > else > debug("ssh_gssapi_userok: Unknown GSSAPI mechanism"); > return (0); >Index: sshconnect2.c >=================================================================== >RCS file: /cvs/openssh/sshconnect2.c,v >retrieving revision 1.130 >diff -u -r1.130 sshconnect2.c >--- sshconnect2.c 26 Jul 2005 11:54:56 -0000 1.130 >+++ sshconnect2.c 26 Aug 2005 10:00:49 -0000 >@@ -545,7 +545,8 @@ > Authctxt *authctxt = ctxt; > Gssctxt *gssctxt = authctxt->methoddata; > gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; >- gss_buffer_desc gssbuf, mic; >+ gss_buffer_desc mic = GSS_C_EMPTY_BUFFER; >+ gss_buffer_desc gssbuf; > OM_uint32 status, ms, flags; > Buffer b; >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=951">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1073
:
951
|
952