openssh/openssh-5.1p1-gssapi-role.patch

36 lines
1.2 KiB
Diff
Raw Permalink Normal View History

Written-by: Nalin Dahyabhai <nalin@redhat.com>
Reviewed-by: Tomas Mraz <tmraz@redhat.com>
diff -up openssh-5.1p1/auth2-gss.c.gssapi-role openssh-5.1p1/auth2-gss.c
--- openssh-5.1p1/auth2-gss.c.gssapi-role 2007-12-02 12:59:45.000000000 +0100
+++ openssh-5.1p1/auth2-gss.c 2008-07-23 19:18:15.000000000 +0200
@@ -258,6 +258,7 @@ input_gssapi_mic(int type, u_int32_t ple
Authctxt *authctxt = ctxt;
Gssctxt *gssctxt;
int authenticated = 0;
+ char *micuser;
Buffer b;
gss_buffer_desc mic, gssbuf;
u_int len;
@@ -270,7 +271,11 @@ input_gssapi_mic(int type, u_int32_t ple
mic.value = packet_get_string(&len);
mic.length = len;
- ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service,
+ if (authctxt->role && (strlen(authctxt->role) > 0))
+ xasprintf(&micuser, "%s/%s", authctxt->user, authctxt->role);
+ else
+ micuser = authctxt->user;
+ ssh_gssapi_buildmic(&b, micuser, authctxt->service,
"gssapi-with-mic");
gssbuf.value = buffer_ptr(&b);
@@ -282,6 +287,8 @@ input_gssapi_mic(int type, u_int32_t ple
logit("GSSAPI MIC check failed");
buffer_free(&b);
+ if (micuser != authctxt->user)
+ xfree(micuser);
xfree(mic.value);
authctxt->postponed = 0;