diff options
Diffstat (limited to 'gss-serv.c')
| -rw-r--r-- | gss-serv.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/gss-serv.c b/gss-serv.c index fad79a1b4..05ae54e97 100644 --- a/gss-serv.c +++ b/gss-serv.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: gss-serv.c,v 1.5 2003/11/17 11:06:07 markus Exp $ */ | 1 | /* $OpenBSD: gss-serv.c,v 1.8 2005/08/30 22:08:05 djm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. |
| @@ -156,7 +156,7 @@ ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok, | |||
| 156 | static OM_uint32 | 156 | static OM_uint32 |
| 157 | ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) | 157 | ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) |
| 158 | { | 158 | { |
| 159 | char *tok; | 159 | u_char *tok; |
| 160 | OM_uint32 offset; | 160 | OM_uint32 offset; |
| 161 | OM_uint32 oidl; | 161 | OM_uint32 oidl; |
| 162 | 162 | ||
| @@ -186,7 +186,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) | |||
| 186 | */ | 186 | */ |
| 187 | if (tok[4] != 0x06 || tok[5] != oidl || | 187 | if (tok[4] != 0x06 || tok[5] != oidl || |
| 188 | ename->length < oidl+6 || | 188 | ename->length < oidl+6 || |
| 189 | !ssh_gssapi_check_oid(ctx,tok+6,oidl)) | 189 | !ssh_gssapi_check_oid(ctx,tok+6,oidl)) |
| 190 | return GSS_S_FAILURE; | 190 | return GSS_S_FAILURE; |
| 191 | 191 | ||
| 192 | offset = oidl+6; | 192 | offset = oidl+6; |
| @@ -289,7 +289,7 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep) | |||
| 289 | debug("Setting %s to %s", gssapi_client.store.envvar, | 289 | debug("Setting %s to %s", gssapi_client.store.envvar, |
| 290 | gssapi_client.store.envval); | 290 | gssapi_client.store.envval); |
| 291 | child_set_env(envp, envsizep, gssapi_client.store.envvar, | 291 | child_set_env(envp, envsizep, gssapi_client.store.envvar, |
| 292 | gssapi_client.store.envval); | 292 | gssapi_client.store.envval); |
| 293 | } | 293 | } |
| 294 | } | 294 | } |
| 295 | 295 | ||
| @@ -297,13 +297,24 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep) | |||
| 297 | int | 297 | int |
| 298 | ssh_gssapi_userok(char *user) | 298 | ssh_gssapi_userok(char *user) |
| 299 | { | 299 | { |
| 300 | OM_uint32 lmin; | ||
| 301 | |||
| 300 | if (gssapi_client.exportedname.length == 0 || | 302 | if (gssapi_client.exportedname.length == 0 || |
| 301 | gssapi_client.exportedname.value == NULL) { | 303 | gssapi_client.exportedname.value == NULL) { |
| 302 | debug("No suitable client data"); | 304 | debug("No suitable client data"); |
| 303 | return 0; | 305 | return 0; |
| 304 | } | 306 | } |
| 305 | if (gssapi_client.mech && gssapi_client.mech->userok) | 307 | if (gssapi_client.mech && gssapi_client.mech->userok) |
| 306 | return ((*gssapi_client.mech->userok)(&gssapi_client, user)); | 308 | if ((*gssapi_client.mech->userok)(&gssapi_client, user)) |
| 309 | return 1; | ||
| 310 | else { | ||
| 311 | /* Destroy delegated credentials if userok fails */ | ||
| 312 | gss_release_buffer(&lmin, &gssapi_client.displayname); | ||
| 313 | gss_release_buffer(&lmin, &gssapi_client.exportedname); | ||
| 314 | gss_release_cred(&lmin, &gssapi_client.creds); | ||
| 315 | memset(&gssapi_client, 0, sizeof(ssh_gssapi_client)); | ||
| 316 | return 0; | ||
| 317 | } | ||
| 307 | else | 318 | else |
| 308 | debug("ssh_gssapi_userok: Unknown GSSAPI mechanism"); | 319 | debug("ssh_gssapi_userok: Unknown GSSAPI mechanism"); |
| 309 | return (0); | 320 | return (0); |