1 files changed, 24 insertions, 16 deletions
diff --git a/gss-serv.c b/gss-serv.c
index e157ec515..9227b797c 100644
--- a/gss-serv.c
+++ b/gss-serv.c
@@ -1,7 +1,7 @@
-/* $OpenBSD: gss-serv.c,v 1.21 2007/06/12 08:20:00 djm Exp $ */
+/* $OpenBSD: gss-serv.c,v 1.22 2008/05/08 12:02:23 djm Exp $ */
 /*
- * Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved.
+ * Copyright (c) 2001-2008 Simon Wilkinson. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -35,6 +35,7 @@
 #include <string.h>
 #include <unistd.h>
+#include "openbsd-compat/sys-queue.h"
 #include "xmalloc.h"
 #include "buffer.h"
 #include "key.h"
@@ -84,25 +85,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
        char lname[MAXHOSTNAMELEN];
        gss_OID_set oidset;
-        gss_create_empty_oid_set(&status, &oidset);
+        if (options.gss_strict_acceptor) {
-        gss_add_oid_set_member(&status, ctx->oid, &oidset);
+                gss_create_empty_oid_set(&status, &oidset);
+                gss_add_oid_set_member(&status, ctx->oid, &oidset);
-        if (gethostname(lname, MAXHOSTNAMELEN)) {
+                if (gethostname(lname, MAXHOSTNAMELEN)) {
-                gss_release_oid_set(&status, &oidset);
+                        gss_release_oid_set(&status, &oidset);
-                return (-1);
+                        return (-1);
-        }
+                }
+                if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
+                        gss_release_oid_set(&status, &oidset);
+                        return (ctx->major);
+                }
+                if ((ctx->major = gss_acquire_cred(&ctx->minor,
+                    ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, 
+                    NULL, NULL)))
+                        ssh_gssapi_error(ctx);
-        if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
                gss_release_oid_set(&status, &oidset);
                return (ctx->major);
+        } else {
+                ctx->name = GSS_C_NO_NAME;
+                ctx->creds = GSS_C_NO_CREDENTIAL;
        }
+        return GSS_S_COMPLETE;
-        if ((ctx->major = gss_acquire_cred(&ctx->minor,
-            ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
-                ssh_gssapi_error(ctx);
-        gss_release_oid_set(&status, &oidset);
-        return (ctx->major);
 }
 /* Privileged */

diff --git a/gss-serv.c b/gss-serv.c index e157ec515..9227b797c 100644 --- a/gss-serv.c +++ b/gss-serv.c
@@ -1,7 +1,7 @@
1	/* $OpenBSD: gss-serv.c,v 1.21 2007/06/12 08:20:00 djm Exp $ */	1	/* $OpenBSD: gss-serv.c,v 1.22 2008/05/08 12:02:23 djm Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved.	4	* Copyright (c) 2001-2008 Simon Wilkinson. All rights reserved.
5	*	5	*
6	* Redistribution and use in source and binary forms, with or without	6	* Redistribution and use in source and binary forms, with or without
7	* modification, are permitted provided that the following conditions	7	* modification, are permitted provided that the following conditions
@@ -35,6 +35,7 @@
35	#include <string.h>	35	#include <string.h>
36	#include <unistd.h>	36	#include <unistd.h>
37		37
		38	#include "openbsd-compat/sys-queue.h"
38	#include "xmalloc.h"	39	#include "xmalloc.h"
39	#include "buffer.h"	40	#include "buffer.h"
40	#include "key.h"	41	#include "key.h"
@@ -84,25 +85,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
84	char lname[MAXHOSTNAMELEN];	85	char lname[MAXHOSTNAMELEN];
85	gss_OID_set oidset;	86	gss_OID_set oidset;
86		87
87	gss_create_empty_oid_set(&status, &oidset);	88	if (options.gss_strict_acceptor) {
88	gss_add_oid_set_member(&status, ctx->oid, &oidset);	89	gss_create_empty_oid_set(&status, &oidset);
		90	gss_add_oid_set_member(&status, ctx->oid, &oidset);
89		91
90	if (gethostname(lname, MAXHOSTNAMELEN)) {	92	if (gethostname(lname, MAXHOSTNAMELEN)) {
91	gss_release_oid_set(&status, &oidset);	93	gss_release_oid_set(&status, &oidset);
92	return (-1);	94	return (-1);
93	}	95	}
		96
		97	if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
		98	gss_release_oid_set(&status, &oidset);
		99	return (ctx->major);
		100	}
		101
		102	if ((ctx->major = gss_acquire_cred(&ctx->minor,
		103	ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds,
		104	NULL, NULL)))
		105	ssh_gssapi_error(ctx);
94		106
95	if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
96	gss_release_oid_set(&status, &oidset);	107	gss_release_oid_set(&status, &oidset);
97	return (ctx->major);	108	return (ctx->major);
		109	} else {
		110	ctx->name = GSS_C_NO_NAME;
		111	ctx->creds = GSS_C_NO_CREDENTIAL;
98	}	112	}
99		113	return GSS_S_COMPLETE;
100	if ((ctx->major = gss_acquire_cred(&ctx->minor,
101	ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
102	ssh_gssapi_error(ctx);
103
104	gss_release_oid_set(&status, &oidset);
105	return (ctx->major);
106	}	114	}
107		115
108	/* Privileged */	116	/* Privileged */