rpms / sssd

Clone
Source Code
GIT

Blame SOURCES/0023-pam_sss-make-sure-old-certificate-data-is-removed-be.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   0ff28092f7788efc85ba8ace3f141d52d79d6b07
  2.   SOURCES
  3.   0023-pam_sss-make-sure-old-certificate-data-is-removed-be.patch
Blob History Raw
8aada9 
From 31e57432537b9d248839159d83cfa9049faf192b Mon Sep 17 00:00:00 2001
8aada9 
From: Sumit Bose <sbose@redhat.com>
8aada9 
Date: Fri, 19 Jun 2020 13:32:30 +0200
8aada9 
Subject: [PATCH] pam_sss: make sure old certificate data is removed before
8aada9 
 retry
8aada9 
MIME-Version: 1.0
8aada9 
Content-Type: text/plain; charset=UTF-8
8aada9 
Content-Transfer-Encoding: 8bit
8aada9
8aada9 
To avoid that certificates will be shown in the certificate selection
8aada9 
which are not available anymore they must be remove before a new request
8aada9 
to look up the certificates is send to SSSD's PAM responder.
8aada9
8aada9 
Resolves: https://github.com/SSSD/sssd/issues/5190
8aada9
8aada9 
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
8aada9 
---
8aada9 
 src/sss_client/pam_sss.c | 2 ++
8aada9 
 1 file changed, 2 insertions(+)
8aada9
8aada9 
diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
8aada9 
index e3ad2c9b2..6a3ba2f50 100644
8aada9 
--- a/src/sss_client/pam_sss.c
8aada9 
+++ b/src/sss_client/pam_sss.c
8aada9 
@@ -2467,6 +2467,8 @@ static int check_login_token_name(pam_handle_t *pamh, struct pam_items *pi,
8aada9 
                         && strcmp(login_token_name,
8aada9 
                                   pi->cert_list->token_name) != 0)) {
8aada9
8aada9 
+        free_cert_list(pi->cert_list);
8aada9 
+        pi->cert_list = NULL;
8aada9 
         if (retries < 0) {
8aada9 
             ret = PAM_AUTHINFO_UNAVAIL;
8aada9 
             goto done;
8aada9 
--
8aada9 
2.21.3
8aada9

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation