[Bug 1073] if userok rejects a user their creds still get set

[bugzilla-daemon at mindrot.org]

http://bugzilla.mindrot.org/show_bug.cgi?id=1073

           Summary: if userok rejects a user their creds still get set
           Product: Portable OpenSSH
           Version: 3.9p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Kerberos support
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: paul.moore at centrify.com


Tested on 3.9p1 - code inspection shows the same issue in 4.x
I have gss_auth setup on both ends. Works fine. I decide that I need to ssh to 
the server as a differnet user.
So I do ssh notme@<host>
Then 
a) I get prompted for a password for notme and log in ok
b) the credential cache is set to krb5cc_<uid>_xxxx and is loaded my 
originating credentials, even though I am not logged on as that principal

This is very surprising

The reason is that kuserok is called right at the end of auth, the creds have 
been forwarded and sshd is ready to set up the logged in users' envirnment; ten 
right at the last moment we decide not to allow gss to work - but sshd still 
stores the creds it has

one line fix to this. In ssh_gssapi_krb5_userok, after failure do
krb5_free_creds(krb_context, client->creds);
this blows the forwarded creds away and so storecreds (called later ) does 
nothing



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.