krb5 commit: Abort client preauth on keyboard interrupt
Greg Hudson
ghudson at mit.edu
Wed Sep 27 12:27:43 EDT 2017
https://github.com/krb5/krb5/commit/144f109d930d509c3809d6f7da21eae6be500b2e
commit 144f109d930d509c3809d6f7da21eae6be500b2e
Author: Greg Hudson <ghudson at mit.edu>
Date: Fri Sep 22 16:51:15 2017 -0400
Abort client preauth on keyboard interrupt
Continuing client preauth after a keyboard interrupt is unexpected and
can manifest bugs (such as the one in ticket 8596) by invoking preauth
mechs we wouldn't ordinarily reach. Based on a patch by Marc Dionne.
ticket: 8615 (new)
src/lib/krb5/krb/get_in_tkt.c | 3 +++
src/lib/krb5/krb/preauth2.c | 3 +++
2 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index 35d58e8..47a00bf 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -1358,6 +1358,9 @@ init_creds_step_request(krb5_context context,
code = ctx->err_reply->error + ERROR_TABLE_BASE_krb5;
}
}
+ /* Don't continue after a keyboard interrupt. */
+ if (code == KRB5_LIBOS_PWDINTR)
+ goto cleanup;
if (code) {
/* See if we can try a different preauth mech before giving up. */
k5_save_ctx_error(context, code, &save);
diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c
index 21aeff2..6b96fa1 100644
--- a/src/lib/krb5/krb/preauth2.c
+++ b/src/lib/krb5/krb/preauth2.c
@@ -688,6 +688,9 @@ process_pa_data(krb5_context context, krb5_init_creds_context ctx,
}
free(mod_pa);
}
+ /* Don't continue to try mechanisms after a keyboard interrupt. */
+ if (ret == KRB5_LIBOS_PWDINTR)
+ goto cleanup;
if (ret == 0 && real) {
/* Stop now and record which real padata type we answered. */
*out_type = pa->pa_type;
More information about the cvs-krb5
mailing list