search for: storecreds

...ocation problem not related to OpenSSH, I found a memory leak in OpenSSH when storing forwarded GSSAPI credentials resulting in a growing process segment for each connection that uses GSSAPI credentials forwarding. What happens is the following: In the privileged parent, we are calling ssh_gssapi_storecreds() which itself calls ssh_gssapi_krb5_storecreds(). ssh_gssapi_krb5_storecreds() makes some memory allocations in order to save the credentials store for the gssapi client. +167 client->store.filename = xstrdup(krb5_cc_get_name(krb_context, ccache)); +168 client->store....

...e logged in users' envirnment; ten right at the last moment we decide not to allow gss to work - but sshd still stores the creds it has one line fix to this. In ssh_gssapi_krb5_userok, after failure do krb5_free_creds(krb_context, client->creds); this blows the forwarded creds away and so storecreds (called later ) does nothing ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...llocation problem not related to OpenSSH, I found a memory leak in OpenSSH when storing forwarded GSSAPI credentials resulting in a growing process segment for each connection that uses GSSAPI credentials forwarding. What happens is the following: In the privileged parent, we are calling ssh_gssapi_storecreds() which itself calls ssh_gssapi_krb5_storecreds(). ssh_gssapi_krb5_storecreds() makes some memory allocations in order to save the credentials store for the gssapi client. +167 client->store.filename = xstrdup(krb5_cc_get_name(krb_context, ccache)); +168 client->store.e...

...ar *)client->displayname.value); + } else + retval = 0; + + krb5_free_principal(krb_context, princ); + return retval; +} + + +/* This writes out any forwarded credentials from the structure populated + * during userauth. Called after we have setuid to the user */ + +static void +ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) +{ + krb5_ccache ccache; + krb5_error_code problem; + krb5_principal princ; + OM_uint32 maj_status, min_status; + + if (client->creds == NULL) { + debug("No credentials stored"); + return; + } + + if (ssh_gssapi_krb5_init() == 0) + return; + + if ((problem...

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |