[krbdev.mit.edu #2062] gssapi ftpd bugs with CONTINUE_NEEDED
Ken Raeburn via RT
rt-comment at krbdev.mit.edu
Fri Dec 12 01:28:03 EST 2003
Our ftpd code doesn't cope with a CONTINUE_NEEDED status from
gss_accept_sec_context. The wrong variable is checked in at least one
case. One message gets sent to the client with the token to be
returned, and then another message with a different status code is also
sent. Probably other things are going wrong too. I don't think we've
tested this path before.
The CONTINUE_NEEDED status can be returned under the new CFX support if
a context establishment token is received with an unrecognized TOK_ID
value. The test code I've set up for CFX can exercise this path when
compiled in.
Ken
More information about the krb5-bugs
mailing list