| commit | ca052eadd5590e9d7feafc2b7b805a2e1c577c92 | |
| author | Viktor Dukhovni <viktor@twosigma.com> | |
| Wed, 4 Mar 2015 02:24:54 +0000 (4 02:24 +0000) | ||
| committer | Viktor Dukhovni <viktor@dukhovni.org> | |
| Tue, 10 Mar 2015 03:07:29 +0000 (10 03:07 +0000) | ||
| tree | dc1da27533b20e6506aebeb392ce71e254c5ef24 | treesnapshot (tar.gz zip) |
| parent | 84852509896abba2a98a35d1dff6deaf514a2d95 | commitdiff |
Fix gss_inquire_cred_by_mech.
Delegated or other explicit credentials were mishandled, the code only
worked correctly when processing default credentials. In particular
this caused root's default credential cache to be accessed when accepting
delegated credentials in SSH:
ssh_gssapi_accept_ctx() ->
ssh_gssapi_getclient() ->
gss_inquire_cred_by_mech()
When /tmp/krb5cc_0 contained expired tickets, cascaded credentials
stopped working for non-root users!
Delegated or other explicit credentials were mishandled, the code only
worked correctly when processing default credentials. In particular
this caused root's default credential cache to be accessed when accepting
delegated credentials in SSH:
ssh_gssapi_accept_ctx() ->
ssh_gssapi_getclient() ->
gss_inquire_cred_by_mech()
When /tmp/krb5cc_0 contained expired tickets, cascaded credentials
stopped working for non-root users!
| lib/gssapi/krb5/inquire_cred.c | diffblobblamehistory | |
| lib/gssapi/krb5/inquire_cred_by_mech.c | diffblobblamehistory |