krb5 commit [krb5-1.11]: Properly handle use_master in k5_init_creds_get
Tom Yu
tlyu at MIT.EDU
Mon Jul 1 15:55:48 EDT 2013
https://github.com/krb5/krb5/commit/7f235b82dfc9305975c6c04f008495c2a3aa7979
commit 7f235b82dfc9305975c6c04f008495c2a3aa7979
Author: Greg Hudson <ghudson at mit.edu>
Date: Thu May 30 11:39:54 2013 -0400
Properly handle use_master in k5_init_creds_get
If we make multiple requests in an initial creds exchange, the
krb5_sendto_kdc call in k5_init_creds_get may flip the use_master
value from 0 to 1 if it detects that the response was from a master
KDC. Don't turn this into a requirement for future requests during
the same exchange, or we may have trouble following AS referrals.
Reported by Sumit Bose.
(cherry picked from commit a12a5ddb9b932061bad7b83df058c7c6e2e4b044)
ticket: 7650
version_fixed: 1.11.4
status: resolved
src/lib/krb5/krb/get_in_tkt.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index bcfc22e..6cf64bd 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -526,7 +526,7 @@ k5_init_creds_get(krb5_context context, krb5_init_creds_context ctx,
krb5_data reply;
krb5_data realm;
unsigned int flags = 0;
- int tcp_only = 0;
+ int tcp_only = 0, master = *use_master;
request.length = 0;
request.data = NULL;
@@ -550,8 +550,9 @@ k5_init_creds_get(krb5_context context, krb5_init_creds_context ctx,
krb5_free_data_contents(context, &reply);
+ master = *use_master;
code = krb5_sendto_kdc(context, &request, &realm,
- &reply, use_master, tcp_only);
+ &reply, &master, tcp_only);
if (code != 0)
break;
@@ -563,6 +564,7 @@ k5_init_creds_get(krb5_context context, krb5_init_creds_context ctx,
krb5_free_data_contents(context, &reply);
krb5_free_data_contents(context, &realm);
+ *use_master = master;
return code;
}
More information about the cvs-krb5
mailing list