release the GSSAPI server credential handle immediately after the GSSAPI security context is established
This commit is contained in:
parent
8527d3716f
commit
a7fd848257
14
cyrus-sasl-2.1.23-release-server_creds.patch
Normal file
14
cyrus-sasl-2.1.23-release-server_creds.patch
Normal file
@ -0,0 +1,14 @@
|
||||
--- cyrus-sasl/plugins/gssapi.c
|
||||
+++ cyrus-sasl/plugins/gssapi.c
|
||||
@@ -782,6 +782,11 @@ gssapi_server_mech_step(void *conn_conte
|
||||
}
|
||||
|
||||
if (maj_stat == GSS_S_COMPLETE) {
|
||||
+ /* Release server creds which are no longer needed */
|
||||
+ if ( text->server_creds != GSS_C_NO_CREDENTIAL) {
|
||||
+ maj_stat = gss_release_cred(&min_stat, &text->server_creds);
|
||||
+ text->server_creds = GSS_C_NO_CREDENTIAL;
|
||||
+ }
|
||||
/* Switch to ssf negotiation */
|
||||
text->state = SASL_GSSAPI_STATE_SSFCAP;
|
||||
}
|
@ -48,6 +48,7 @@ Patch41: cyrus-sasl-2.1.23-db5.patch
|
||||
Patch42: cyrus-sasl-2.1.23-relro.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=816250
|
||||
Patch43: cyrus-sasl-2.1.23-null-crypt.patch
|
||||
Patch44: cyrus-sasl-2.1.23-release-server_creds.patch
|
||||
|
||||
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
BuildRequires: autoconf, automake, libtool, gdbm-devel, groff
|
||||
@ -185,6 +186,7 @@ chmod -x include/*.h
|
||||
%patch41 -p1 -b .db5
|
||||
%patch42 -p1 -b .relro
|
||||
%patch43 -p1 -b .null-crypt
|
||||
%patch44 -p1 -b .release-server_creds
|
||||
|
||||
%build
|
||||
# FIXME - we remove these files directly so that we can avoid using the -f
|
||||
|
Loading…
Reference in New Issue
Block a user