Bugzilla – Attachment 952 Details for
Bug 1073
if userok rejects a user their creds still get set
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Fix arg to gss_release_cred
gss.diff (text/plain), 1.71 KB, created by
Damien Miller
on 2005-08-29 21:18:59 AEST
(
hide
)
Description:
Fix arg to gss_release_cred
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2005-08-29 21:18:59 AEST
Size:
1.71 KB
patch
obsolete
>Index: gss-serv.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/gss-serv.c,v >retrieving revision 1.7 >diff -u -p -r1.7 gss-serv.c >--- gss-serv.c 17 Jul 2005 07:17:55 -0000 1.7 >+++ gss-serv.c 29 Aug 2005 11:15:55 -0000 >@@ -275,13 +275,24 @@ ssh_gssapi_do_child(char ***envp, u_int > int > ssh_gssapi_userok(char *user) > { >+ OM_uint32 lmin; >+ > if (gssapi_client.exportedname.length == 0 || > gssapi_client.exportedname.value == NULL) { > debug("No suitable client data"); > return 0; > } > if (gssapi_client.mech && gssapi_client.mech->userok) >- return ((*gssapi_client.mech->userok)(&gssapi_client, user)); >+ if ((*gssapi_client.mech->userok)(&gssapi_client, user)) >+ return 1; >+ else { >+ /* Destroy delegated credentials if userok fails */ >+ gss_release_buffer(&lmin, &gssapi_client.displayname); >+ gss_release_buffer(&lmin, &gssapi_client.exportedname); >+ gss_release_cred(&lmin, &gssapi_client.creds); >+ memset(&gssapi_client, 0, sizeof(ssh_gssapi_client)); >+ return 0; >+ } > else > debug("ssh_gssapi_userok: Unknown GSSAPI mechanism"); > return (0); >Index: sshconnect2.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/sshconnect2.c,v >retrieving revision 1.141 >diff -u -p -r1.141 sshconnect2.c >--- sshconnect2.c 25 Jul 2005 11:59:40 -0000 1.141 >+++ sshconnect2.c 29 Aug 2005 11:15:57 -0000 >@@ -543,7 +544,8 @@ process_gssapi_token(void *ctxt, gss_buf > Authctxt *authctxt = ctxt; > Gssctxt *gssctxt = authctxt->methoddata; > gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; >- gss_buffer_desc gssbuf, mic; >+ gss_buffer_desc mic = GSS_C_EMPTY_BUFFER; >+ gss_buffer_desc gssbuf; > OM_uint32 status, ms, flags; > Buffer b; >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=952">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1073
:
951
| 952