diff options
| author | Colin Watson <cjwatson@debian.org> | 2013-09-14 15:43:03 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2013-09-14 15:43:03 +0100 |
| commit | 8faf8c84430cf3c19705b1d9f8889d256e7fd1fd (patch) | |
| tree | e6cb74192adb00fda5e4d1457547851d7e0d86af /auth2-gss.c | |
| parent | 328b60656f29db6306994d7498dede386ec2d1c3 (diff) | |
| parent | c41345ad7ee5a22689e2c009595e85fa27b4b39a (diff) | |
merge 6.3p1
Diffstat (limited to 'auth2-gss.c')
| -rw-r--r-- | auth2-gss.c | 20 |
1 files changed, 8 insertions, 12 deletions
diff --git a/auth2-gss.c b/auth2-gss.c index 17d4a3a84..3c3cbb966 100644 --- a/auth2-gss.c +++ b/auth2-gss.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth2-gss.c,v 1.18 2012/12/02 20:34:09 djm Exp $ */ | 1 | /* $OpenBSD: auth2-gss.c,v 1.20 2013/05/17 00:13:13 djm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. |
| @@ -115,8 +115,7 @@ userauth_gssapi(Authctxt *authctxt) | |||
| 115 | do { | 115 | do { |
| 116 | mechs--; | 116 | mechs--; |
| 117 | 117 | ||
| 118 | if (doid) | 118 | free(doid); |
| 119 | xfree(doid); | ||
| 120 | 119 | ||
| 121 | present = 0; | 120 | present = 0; |
| 122 | doid = packet_get_string(&len); | 121 | doid = packet_get_string(&len); |
| @@ -135,7 +134,7 @@ userauth_gssapi(Authctxt *authctxt) | |||
| 135 | gss_release_oid_set(&ms, &supported); | 134 | gss_release_oid_set(&ms, &supported); |
| 136 | 135 | ||
| 137 | if (!present) { | 136 | if (!present) { |
| 138 | xfree(doid); | 137 | free(doid); |
| 139 | authctxt->server_caused_failure = 1; | 138 | authctxt->server_caused_failure = 1; |
| 140 | return (0); | 139 | return (0); |
| 141 | } | 140 | } |
| @@ -143,7 +142,7 @@ userauth_gssapi(Authctxt *authctxt) | |||
| 143 | if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) { | 142 | if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) { |
| 144 | if (ctxt != NULL) | 143 | if (ctxt != NULL) |
| 145 | ssh_gssapi_delete_ctx(&ctxt); | 144 | ssh_gssapi_delete_ctx(&ctxt); |
| 146 | xfree(doid); | 145 | free(doid); |
| 147 | authctxt->server_caused_failure = 1; | 146 | authctxt->server_caused_failure = 1; |
| 148 | return (0); | 147 | return (0); |
| 149 | } | 148 | } |
| @@ -156,7 +155,7 @@ userauth_gssapi(Authctxt *authctxt) | |||
| 156 | packet_put_string(doid, len); | 155 | packet_put_string(doid, len); |
| 157 | 156 | ||
| 158 | packet_send(); | 157 | packet_send(); |
| 159 | xfree(doid); | 158 | free(doid); |
| 160 | 159 | ||
| 161 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token); | 160 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token); |
| 162 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok); | 161 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok); |
| @@ -187,7 +186,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt) | |||
| 187 | maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, | 186 | maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, |
| 188 | &send_tok, &flags)); | 187 | &send_tok, &flags)); |
| 189 | 188 | ||
| 190 | xfree(recv_tok.value); | 189 | free(recv_tok.value); |
| 191 | 190 | ||
| 192 | if (GSS_ERROR(maj_status)) { | 191 | if (GSS_ERROR(maj_status)) { |
| 193 | if (send_tok.length != 0) { | 192 | if (send_tok.length != 0) { |
| @@ -242,7 +241,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) | |||
| 242 | maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, | 241 | maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, |
| 243 | &send_tok, NULL)); | 242 | &send_tok, NULL)); |
| 244 | 243 | ||
| 245 | xfree(recv_tok.value); | 244 | free(recv_tok.value); |
| 246 | 245 | ||
| 247 | /* We can't return anything to the client, even if we wanted to */ | 246 | /* We can't return anything to the client, even if we wanted to */ |
| 248 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); | 247 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
| @@ -263,14 +262,11 @@ static void | |||
| 263 | input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt) | 262 | input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt) |
| 264 | { | 263 | { |
| 265 | Authctxt *authctxt = ctxt; | 264 | Authctxt *authctxt = ctxt; |
| 266 | Gssctxt *gssctxt; | ||
| 267 | int authenticated; | 265 | int authenticated; |
| 268 | 266 | ||
| 269 | if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) | 267 | if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) |
| 270 | fatal("No authentication or GSSAPI context"); | 268 | fatal("No authentication or GSSAPI context"); |
| 271 | 269 | ||
| 272 | gssctxt = authctxt->methoddata; | ||
| 273 | |||
| 274 | /* | 270 | /* |
| 275 | * We don't need to check the status, because we're only enabled in | 271 | * We don't need to check the status, because we're only enabled in |
| 276 | * the dispatcher once the exchange is complete | 272 | * the dispatcher once the exchange is complete |
| @@ -320,7 +316,7 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt) | |||
| 320 | logit("GSSAPI MIC check failed"); | 316 | logit("GSSAPI MIC check failed"); |
| 321 | 317 | ||
| 322 | buffer_free(&b); | 318 | buffer_free(&b); |
| 323 | xfree(mic.value); | 319 | free(mic.value); |
| 324 | 320 | ||
| 325 | authctxt->postponed = 0; | 321 | authctxt->postponed = 0; |
| 326 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); | 322 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |