release the GSSAPI server credential handle immediately after the GSSAPI security context is established

This commit is contained in:
Petr Lautrbach 2012-11-20 12:56:54 +01:00
parent 8527d3716f
commit a7fd848257
2 changed files with 16 additions and 0 deletions

View File

@ -0,0 +1,14 @@
--- cyrus-sasl/plugins/gssapi.c
+++ cyrus-sasl/plugins/gssapi.c
@@ -782,6 +782,11 @@ gssapi_server_mech_step(void *conn_conte
}
if (maj_stat == GSS_S_COMPLETE) {
+ /* Release server creds which are no longer needed */
+ if ( text->server_creds != GSS_C_NO_CREDENTIAL) {
+ maj_stat = gss_release_cred(&min_stat, &text->server_creds);
+ text->server_creds = GSS_C_NO_CREDENTIAL;
+ }
/* Switch to ssf negotiation */
text->state = SASL_GSSAPI_STATE_SSFCAP;
}

View File

@ -48,6 +48,7 @@ Patch41: cyrus-sasl-2.1.23-db5.patch
Patch42: cyrus-sasl-2.1.23-relro.patch Patch42: cyrus-sasl-2.1.23-relro.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=816250 # https://bugzilla.redhat.com/show_bug.cgi?id=816250
Patch43: cyrus-sasl-2.1.23-null-crypt.patch Patch43: cyrus-sasl-2.1.23-null-crypt.patch
Patch44: cyrus-sasl-2.1.23-release-server_creds.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: autoconf, automake, libtool, gdbm-devel, groff BuildRequires: autoconf, automake, libtool, gdbm-devel, groff
@ -185,6 +186,7 @@ chmod -x include/*.h
%patch41 -p1 -b .db5 %patch41 -p1 -b .db5
%patch42 -p1 -b .relro %patch42 -p1 -b .relro
%patch43 -p1 -b .null-crypt %patch43 -p1 -b .null-crypt
%patch44 -p1 -b .release-server_creds
%build %build
# FIXME - we remove these files directly so that we can avoid using the -f # FIXME - we remove these files directly so that we can avoid using the -f