dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Source Code
GIT

Blame SOURCES/0023-pam_sss-make-sure-old-certificate-data-is-removed-be.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   c8
  2.   SOURCES
  3.   0023-pam_sss-make-sure-old-certificate-data-is-removed-be.patch
Blob History Raw
1bb595 
From 31e57432537b9d248839159d83cfa9049faf192b Mon Sep 17 00:00:00 2001
1bb595 
From: Sumit Bose <sbose@redhat.com>
1bb595 
Date: Fri, 19 Jun 2020 13:32:30 +0200
1bb595 
Subject: [PATCH] pam_sss: make sure old certificate data is removed before
1bb595 
 retry
1bb595 
MIME-Version: 1.0
1bb595 
Content-Type: text/plain; charset=UTF-8
1bb595 
Content-Transfer-Encoding: 8bit
1bb595
1bb595 
To avoid that certificates will be shown in the certificate selection
1bb595 
which are not available anymore they must be remove before a new request
1bb595 
to look up the certificates is send to SSSD's PAM responder.
1bb595
1bb595 
Resolves: https://github.com/SSSD/sssd/issues/5190
1bb595
1bb595 
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
1bb595 
---
1bb595 
 src/sss_client/pam_sss.c | 2 ++
1bb595 
 1 file changed, 2 insertions(+)
1bb595
1bb595 
diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
1bb595 
index e3ad2c9b2..6a3ba2f50 100644
1bb595 
--- a/src/sss_client/pam_sss.c
1bb595 
+++ b/src/sss_client/pam_sss.c
1bb595 
@@ -2467,6 +2467,8 @@ static int check_login_token_name(pam_handle_t *pamh, struct pam_items *pi,
1bb595 
                         && strcmp(login_token_name,
1bb595 
                                   pi->cert_list->token_name) != 0)) {
1bb595
1bb595 
+        free_cert_list(pi->cert_list);
1bb595 
+        pi->cert_list = NULL;
1bb595 
         if (retries < 0) {
1bb595 
             ret = PAM_AUTHINFO_UNAVAIL;
1bb595 
             goto done;
1bb595 
--
1bb595 
2.21.3
1bb595

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation