[prev in list] [next in list] [prev in thread] [next in thread]
List: krb5-bugs
Subject: [krbdev.mit.edu #7571] Allow multi-hop SAM-2 exchanges
From: "Greg Hudson via RT" <rt-comment () krbdev ! mit ! edu>
Date: 2013-02-19 17:27:58
Message-ID: rt-7571-38171.10.7041479406355 () krbdev ! mit ! edu
[Download RAW message or body]
commit 51c14a1f30cdfcfff8815f02e72c2ee841b16120
Author: Greg Hudson <ghudson@mit.edu>
Date: Sun Feb 17 12:23:30 2013 -0500
Allow multi-hop SAM-2 exchanges
Prior to 1.11, it was possible to do SAM-2 preauth exchanges with
multiple hops by sending repeated preauth-required errors with
different challenges (which is not the way multi-hop exchanges are
described in RFC 6113, but it can still work). This stopped working
when SAM-2 was converted to a built-in module because of the use_count
field. Disable the use count for SAM-2 specifically.
diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c
index 23f00f3..4e235bd 100644
--- a/src/lib/krb5/krb/preauth2.c
+++ b/src/lib/krb5/krb/preauth2.c
@@ -590,7 +590,8 @@ run_preauth_plugins(krb5_context kcontext,
TRACE_PREAUTH_SKIP(kcontext, module->name, module->pa_type);
continue;
}
- module->use_count++;
+ if (module->pa_type != KRB5_PADATA_SAM_CHALLENGE_2)
+ module->use_count++;
}
/* run the module's callback function */
out_pa_data = NULL;
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic