diff options
Diffstat (limited to 'gss-serv.c')
| -rw-r--r-- | gss-serv.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/gss-serv.c b/gss-serv.c index de32a3f2e..117130459 100644 --- a/gss-serv.c +++ b/gss-serv.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: gss-serv.c,v 1.5 2003/11/17 11:06:07 markus Exp $ */ | 1 | /* $OpenBSD: gss-serv.c,v 1.8 2005/08/30 22:08:05 djm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. |
| @@ -134,7 +134,7 @@ ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok, | |||
| 134 | static OM_uint32 | 134 | static OM_uint32 |
| 135 | ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) | 135 | ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) |
| 136 | { | 136 | { |
| 137 | char *tok; | 137 | u_char *tok; |
| 138 | OM_uint32 offset; | 138 | OM_uint32 offset; |
| 139 | OM_uint32 oidl; | 139 | OM_uint32 oidl; |
| 140 | 140 | ||
| @@ -164,7 +164,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) | |||
| 164 | */ | 164 | */ |
| 165 | if (tok[4] != 0x06 || tok[5] != oidl || | 165 | if (tok[4] != 0x06 || tok[5] != oidl || |
| 166 | ename->length < oidl+6 || | 166 | ename->length < oidl+6 || |
| 167 | !ssh_gssapi_check_oid(ctx,tok+6,oidl)) | 167 | !ssh_gssapi_check_oid(ctx,tok+6,oidl)) |
| 168 | return GSS_S_FAILURE; | 168 | return GSS_S_FAILURE; |
| 169 | 169 | ||
| 170 | offset = oidl+6; | 170 | offset = oidl+6; |
| @@ -267,7 +267,7 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep) | |||
| 267 | debug("Setting %s to %s", gssapi_client.store.envvar, | 267 | debug("Setting %s to %s", gssapi_client.store.envvar, |
| 268 | gssapi_client.store.envval); | 268 | gssapi_client.store.envval); |
| 269 | child_set_env(envp, envsizep, gssapi_client.store.envvar, | 269 | child_set_env(envp, envsizep, gssapi_client.store.envvar, |
| 270 | gssapi_client.store.envval); | 270 | gssapi_client.store.envval); |
| 271 | } | 271 | } |
| 272 | } | 272 | } |
| 273 | 273 | ||
| @@ -275,13 +275,24 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep) | |||
| 275 | int | 275 | int |
| 276 | ssh_gssapi_userok(char *user) | 276 | ssh_gssapi_userok(char *user) |
| 277 | { | 277 | { |
| 278 | OM_uint32 lmin; | ||
| 279 | |||
| 278 | if (gssapi_client.exportedname.length == 0 || | 280 | if (gssapi_client.exportedname.length == 0 || |
| 279 | gssapi_client.exportedname.value == NULL) { | 281 | gssapi_client.exportedname.value == NULL) { |
| 280 | debug("No suitable client data"); | 282 | debug("No suitable client data"); |
| 281 | return 0; | 283 | return 0; |
| 282 | } | 284 | } |
| 283 | if (gssapi_client.mech && gssapi_client.mech->userok) | 285 | if (gssapi_client.mech && gssapi_client.mech->userok) |
| 284 | return ((*gssapi_client.mech->userok)(&gssapi_client, user)); | 286 | if ((*gssapi_client.mech->userok)(&gssapi_client, user)) |
| 287 | return 1; | ||
| 288 | else { | ||
| 289 | /* Destroy delegated credentials if userok fails */ | ||
| 290 | gss_release_buffer(&lmin, &gssapi_client.displayname); | ||
| 291 | gss_release_buffer(&lmin, &gssapi_client.exportedname); | ||
| 292 | gss_release_cred(&lmin, &gssapi_client.creds); | ||
| 293 | memset(&gssapi_client, 0, sizeof(ssh_gssapi_client)); | ||
| 294 | return 0; | ||
| 295 | } | ||
| 285 | else | 296 | else |
| 286 | debug("ssh_gssapi_userok: Unknown GSSAPI mechanism"); | 297 | debug("ssh_gssapi_userok: Unknown GSSAPI mechanism"); |
| 287 | return (0); | 298 | return (0); |