release the GSSAPI server credential handle immediately after the GSSAPI security context is established
This commit is contained in:
parent
8527d3716f
commit
a7fd848257
14
cyrus-sasl-2.1.23-release-server_creds.patch
Normal file
14
cyrus-sasl-2.1.23-release-server_creds.patch
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
--- cyrus-sasl/plugins/gssapi.c
|
||||||
|
+++ cyrus-sasl/plugins/gssapi.c
|
||||||
|
@@ -782,6 +782,11 @@ gssapi_server_mech_step(void *conn_conte
|
||||||
|
}
|
||||||
|
|
||||||
|
if (maj_stat == GSS_S_COMPLETE) {
|
||||||
|
+ /* Release server creds which are no longer needed */
|
||||||
|
+ if ( text->server_creds != GSS_C_NO_CREDENTIAL) {
|
||||||
|
+ maj_stat = gss_release_cred(&min_stat, &text->server_creds);
|
||||||
|
+ text->server_creds = GSS_C_NO_CREDENTIAL;
|
||||||
|
+ }
|
||||||
|
/* Switch to ssf negotiation */
|
||||||
|
text->state = SASL_GSSAPI_STATE_SSFCAP;
|
||||||
|
}
|
@ -48,6 +48,7 @@ Patch41: cyrus-sasl-2.1.23-db5.patch
|
|||||||
Patch42: cyrus-sasl-2.1.23-relro.patch
|
Patch42: cyrus-sasl-2.1.23-relro.patch
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=816250
|
# https://bugzilla.redhat.com/show_bug.cgi?id=816250
|
||||||
Patch43: cyrus-sasl-2.1.23-null-crypt.patch
|
Patch43: cyrus-sasl-2.1.23-null-crypt.patch
|
||||||
|
Patch44: cyrus-sasl-2.1.23-release-server_creds.patch
|
||||||
|
|
||||||
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
BuildRequires: autoconf, automake, libtool, gdbm-devel, groff
|
BuildRequires: autoconf, automake, libtool, gdbm-devel, groff
|
||||||
@ -185,6 +186,7 @@ chmod -x include/*.h
|
|||||||
%patch41 -p1 -b .db5
|
%patch41 -p1 -b .db5
|
||||||
%patch42 -p1 -b .relro
|
%patch42 -p1 -b .relro
|
||||||
%patch43 -p1 -b .null-crypt
|
%patch43 -p1 -b .null-crypt
|
||||||
|
%patch44 -p1 -b .release-server_creds
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# FIXME - we remove these files directly so that we can avoid using the -f
|
# FIXME - we remove these files directly so that we can avoid using the -f
|
||||||
|
Loading…
Reference in New Issue
Block a user