diff options
Diffstat (limited to 'crypto/openssh/gss-serv.c')
| -rw-r--r-- | crypto/openssh/gss-serv.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/crypto/openssh/gss-serv.c b/crypto/openssh/gss-serv.c index de32a3f..1171304 100644 --- a/crypto/openssh/gss-serv.c +++ b/crypto/openssh/gss-serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.5 2003/11/17 11:06:07 markus Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.8 2005/08/30 22:08:05 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -134,7 +134,7 @@ ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok, static OM_uint32 ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) { - char *tok; + u_char *tok; OM_uint32 offset; OM_uint32 oidl; @@ -164,7 +164,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) */ if (tok[4] != 0x06 || tok[5] != oidl || ename->length < oidl+6 || - !ssh_gssapi_check_oid(ctx,tok+6,oidl)) + !ssh_gssapi_check_oid(ctx,tok+6,oidl)) return GSS_S_FAILURE; offset = oidl+6; @@ -267,7 +267,7 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep) debug("Setting %s to %s", gssapi_client.store.envvar, gssapi_client.store.envval); child_set_env(envp, envsizep, gssapi_client.store.envvar, - gssapi_client.store.envval); + gssapi_client.store.envval); } } @@ -275,13 +275,24 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep) int ssh_gssapi_userok(char *user) { + OM_uint32 lmin; + if (gssapi_client.exportedname.length == 0 || gssapi_client.exportedname.value == NULL) { debug("No suitable client data"); return 0; } if (gssapi_client.mech && gssapi_client.mech->userok) - return ((*gssapi_client.mech->userok)(&gssapi_client, user)); + if ((*gssapi_client.mech->userok)(&gssapi_client, user)) + return 1; + else { + /* Destroy delegated credentials if userok fails */ + gss_release_buffer(&lmin, &gssapi_client.displayname); + gss_release_buffer(&lmin, &gssapi_client.exportedname); + gss_release_cred(&lmin, &gssapi_client.creds); + memset(&gssapi_client, 0, sizeof(ssh_gssapi_client)); + return 0; + } else debug("ssh_gssapi_userok: Unknown GSSAPI mechanism"); return (0); |
