2008-01-03 17:45:59 +00:00
|
|
|
Written-by: Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
Reviewed-by: Tomas Mraz <tmraz@redhat.com>
|
2008-07-23 18:34:08 +00:00
|
|
|
diff -up openssh-5.1p1/auth2-gss.c.gssapi-role openssh-5.1p1/auth2-gss.c
|
|
|
|
--- openssh-5.1p1/auth2-gss.c.gssapi-role 2007-12-02 12:59:45.000000000 +0100
|
|
|
|
+++ openssh-5.1p1/auth2-gss.c 2008-07-23 19:18:15.000000000 +0200
|
|
|
|
@@ -258,6 +258,7 @@ input_gssapi_mic(int type, u_int32_t ple
|
2008-01-03 17:45:59 +00:00
|
|
|
Authctxt *authctxt = ctxt;
|
|
|
|
Gssctxt *gssctxt;
|
|
|
|
int authenticated = 0;
|
|
|
|
+ char *micuser;
|
|
|
|
Buffer b;
|
|
|
|
gss_buffer_desc mic, gssbuf;
|
|
|
|
u_int len;
|
2008-07-23 18:34:08 +00:00
|
|
|
@@ -270,7 +271,11 @@ input_gssapi_mic(int type, u_int32_t ple
|
2008-01-03 17:45:59 +00:00
|
|
|
mic.value = packet_get_string(&len);
|
|
|
|
mic.length = len;
|
|
|
|
|
|
|
|
- ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service,
|
|
|
|
+ if (authctxt->role && (strlen(authctxt->role) > 0))
|
|
|
|
+ xasprintf(&micuser, "%s/%s", authctxt->user, authctxt->role);
|
|
|
|
+ else
|
|
|
|
+ micuser = authctxt->user;
|
|
|
|
+ ssh_gssapi_buildmic(&b, micuser, authctxt->service,
|
|
|
|
"gssapi-with-mic");
|
|
|
|
|
|
|
|
gssbuf.value = buffer_ptr(&b);
|
2008-07-23 18:34:08 +00:00
|
|
|
@@ -282,6 +287,8 @@ input_gssapi_mic(int type, u_int32_t ple
|
|
|
|
logit("GSSAPI MIC check failed");
|
2008-01-03 17:45:59 +00:00
|
|
|
|
|
|
|
buffer_free(&b);
|
|
|
|
+ if (micuser != authctxt->user)
|
|
|
|
+ xfree(micuser);
|
|
|
|
xfree(mic.value);
|
|
|
|
|
|
|
|
authctxt->postponed = 0;
|