Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Bugs
[Bug 1218] GSSAPI client code permits SPNEGO usage
bugzilla-daemon at mindrot
Aug 17, 2006, 7:51 AM
Post #1 of 6 (1261 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=1218

Summary: GSSAPI client code permits SPNEGO usage
Product: Portable OpenSSH
Version: 4.3p2
Platform: Other
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Kerberos support
AssignedTo: bitbucket@mindrot.org
ReportedBy: simon@sxw.org.uk


RFC4462 states that "mechanisms conforming to this document MUST NOT
use SPNEGO as the underlying GSS-API mechanism".

Unfortunately, the check in the GSSAPI client code has disappeared
somewhere in the midsts
of time. The attached patch reinstates this check, as well as tidying
up the mechanism checking
code.

I hope its in suitable KNF.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1218] GSSAPI client code permits SPNEGO usage [ In reply to ]
bugzilla-daemon at mindrot
Aug 17, 2006, 11:33 AM
Post #2 of 6 (1247 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=1218





------- Comment #1 from simon@sxw.org.uk 2006-08-18 04:33 -------
Created an attachment (id=1174)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1174&action=view)
Fix to prevent OpenSSH offering SPENGO to a server

Patch against latest portable CVS.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1218] GSSAPI client code permits SPNEGO usage [ In reply to ]
bugzilla-daemon at mindrot
Aug 18, 2006, 6:55 AM
Post #3 of 6 (1251 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=1218


djm@mindrot.org changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
OtherBugsDependingO| |1155
nThis| |




------- Comment #2 from djm@mindrot.org 2006-08-18 23:55 -------
fix applied - thanks




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1218] GSSAPI client code permits SPNEGO usage [ In reply to ]
bugzilla-daemon at mindrot
Aug 18, 2006, 10:24 AM
Post #4 of 6 (1229 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=1218


simon@sxw.org.uk changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|FIXED |




------- Comment #3 from simon@sxw.org.uk 2006-08-19 03:24 -------
Sorry for the trouble. I've just realised I've got the return code in
the SPNEGO case. Instead
of returning (-1) - TRUE, we should return 0 - FALSE. The -1 was left
from a previous version
that returned error codes, rather than a true/false value.

Trivial patch is about to be attached.

Sorry once again!

Simon.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1218] GSSAPI client code permits SPNEGO usage [ In reply to ]
bugzilla-daemon at mindrot
Aug 18, 2006, 10:27 AM
Post #5 of 6 (1251 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=1218





------- Comment #4 from simon@sxw.org.uk 2006-08-19 03:27 -------
Created an attachment (id=1175)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1175&action=view)
Fix to incorrect return code in patch




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1218] GSSAPI client code permits SPNEGO usage [ In reply to ]
bugzilla-daemon at mindrot
Aug 18, 2006, 3:45 PM
Post #6 of 6 (1231 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=1218


djm@mindrot.org changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |RESOLVED
Resolution| |FIXED




------- Comment #5 from djm@mindrot.org 2006-08-19 08:45 -------
applied - thanks




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-bugs

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal