[krbdev.mit.edu #8876] git commit
Greg Hudson via RT
rt-comment at KRBDEV-PROD-APP-1.mit.edu
Fri Feb 21 13:01:57 EST 2020
Fri Feb 21 13:01:57 2020: Request 8876 was acted upon.
Transaction: Ticket created by ghudson at mit.edu
Queue: krb5
Subject: git commit
Owner: ghudson at mit.edu
Requestors:
Status: new
Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8876 >
Fix AS-REQ checking of KDB-modified indicators
Commit 7196c03f18f14695abeb5ae4923004469b172f0f (ticket 8823) gave the
KDB the ability to modify auth indicators, but it happens after the
asserted indicators are checked against the server principal
requirements. In finish_process_as_req(), move the call to
check_indicators() after the call to handle_authdata() so that the
final indicator list is checked.
For the test case, add string attribute functionality to the test KDB
module, and fix a bug where test_get_principal() would return failure
if a principal has no keys. Also add a test case for AS-REQ
enforcement of normally asserted auth indicators.
https://github.com/krb5/krb5/commit/109e30ce22c20f18b8233119f274935bdf573886
Author: Greg Hudson <ghudson at mit.edu>
Commit: 109e30ce22c20f18b8233119f274935bdf573886
Branch: master
src/kdc/do_as_req.c | 14 ++++++------
src/plugins/kdb/test/kdb_test.c | 42 +++++++++++++++++++++++++++++++++++++-
src/tests/t_authdata.py | 11 ++++++++++
3 files changed, 58 insertions(+), 9 deletions(-)
More information about the krb5-bugs
mailing list