krb5 commit: Filter CAMMAC authdata from non-KDC sources
Greg Hudson
ghudson at mit.edu
Wed Jul 22 13:29:35 EDT 2015
https://github.com/krb5/krb5/commit/a19109fffc70cabcabab00d00bf65ea85fd33e1a
commit a19109fffc70cabcabab00d00bf65ea85fd33e1a
Author: Greg Hudson <ghudson at mit.edu>
Date: Thu Jan 22 12:45:25 2015 -0500
Filter CAMMAC authdata from non-KDC sources
Also filter auth-indicator authdata values which aren't wrapped in
CAMMACs, although we don't normally expect to see those.
ticket: 8157
src/kdc/kdc_authdata.c | 2 ++
src/lib/krb5/krb/authdata_dec.c | 2 ++
2 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/src/kdc/kdc_authdata.c b/src/kdc/kdc_authdata.c
index 193b8c1..e06bbe6 100644
--- a/src/kdc/kdc_authdata.c
+++ b/src/kdc/kdc_authdata.c
@@ -132,6 +132,8 @@ is_kdc_issued_authdatum(krb5_context context, krb5_authdata *authdata,
case KRB5_AUTHDATA_SIGNTICKET:
case KRB5_AUTHDATA_KDC_ISSUED:
case KRB5_AUTHDATA_WIN2K_PAC:
+ case KRB5_AUTHDATA_CAMMAC:
+ case KRB5_AUTHDATA_AUTH_INDICATOR:
result = desired_type ? (desired_type == ad_types[i]) : TRUE;
break;
default:
diff --git a/src/lib/krb5/krb/authdata_dec.c b/src/lib/krb5/krb/authdata_dec.c
index 0a3dc14..80f5385 100644
--- a/src/lib/krb5/krb/authdata_dec.c
+++ b/src/lib/krb5/krb/authdata_dec.c
@@ -142,6 +142,8 @@ find_authdata_1(krb5_context context, krb5_authdata *const *in_authdat,
case KRB5_AUTHDATA_SIGNTICKET:
case KRB5_AUTHDATA_KDC_ISSUED:
case KRB5_AUTHDATA_WIN2K_PAC:
+ case KRB5_AUTHDATA_CAMMAC:
+ case KRB5_AUTHDATA_AUTH_INDICATOR:
if (from_ap_req)
continue;
default:
More information about the cvs-krb5
mailing list