[krbdev.mit.edu #2210] GSSAPI accept_sec_context() sets INTEG and CONF flags producing inconsistent state with cleint
Jeffrey Altman via RT
rt-comment at krbdev.mit.edu
Fri Feb 6 02:04:54 EST 2004
Module Name: krb5
Committed By: jaltman
Date: Fri Feb 6 07:00:53 UTC 2004
Modified Files:
krb5/src/lib/gssapi/krb5/ChangeLog
krb5/src/lib/gssapi/krb5/accept_sec_context.c
krb5/src/lib/gssapi/krb5/gssapiP_krb5.h
krb5/src/lib/gssapi/krb5/init_sec_context.c
Added Files:
Removed Files:
Log Message
2004-02-05 Jeffrey Altman <jaltman at mit.edu>
* gssapiP_krb5.h: remove KG_IMPLFLAGS macro
* init_sec_context.c (init_sec_context): Expand KG_IMPLFLAGS
macro with previous macro definition
* accept_sec_context.c (accept_sec_context): Replace KG_IMPLFLAGS
macro with new definition. As per 1964 the INTEG and CONF flags
are supposed to indicate the availability of the services in
the client. By applying the previous definition of KG_IMPLFLAGS
the INTEG and CONF flags are always on. This can be a problem
because some clients such as Microsoft's Kerberos SSPI allow
CONF and INTEG to be used independently. By forcing the flags
on, we would end up with inconsist state with the client.
To generate a diff of this commit:
cvs diff -r1.235 -r1.236 krb5/src/lib/gssapi/krb5/ChangeLog
cvs diff -r1.84 -r1.85
krb5/src/lib/gssapi/krb5/accept_sec_context.c
cvs diff -r1.55 -r1.56 krb5/src/lib/gssapi/krb5/gssapiP_krb5.h
cvs diff -r1.76 -r1.77 krb5/src/lib/gssapi/krb5/init_sec_context.c
More information about the krb5-bugs
mailing list