[krbdev.mit.edu #2210] GSSAPI accept_sec_context() sets INTEG and CONF flags producing inconsistent state with cleint
Jeffrey Altman via RT
rt-comment at krbdev.mit.edu
Fri Feb 6 02:03:23 EST 2004
2004-02-05 Jeffrey Altman <jaltman at mit.edu>
* gssapiP_krb5.h: remove KG_IMPLFLAGS macro
* init_sec_context.c (init_sec_context): Expand KG_IMPLFLAGS
macro with previous macro definition
* accept_sec_context.c (accept_sec_context): Replace KG_IMPLFLAGS
macro with new definition. As per 1964 the INTEG and CONF flags
are supposed to indicate the availability of the services in
the client. By applying the previous definition of KG_IMPLFLAGS
the INTEG and CONF flags are always on. This can be a problem
because some clients such as Microsoft's Kerberos SSPI allow
CONF and INTEG to be used independently. By forcing the flags
on, we would end up with inconsist state with the client.
cvs commit gssapiP_krb5.h accept_sec_context.c init_sec_context.c ChangeLog
Checking in gssapiP_krb5.h;
/cvs/krbdev/krb5/src/lib/gssapi/krb5/gssapiP_krb5.h,v <-- gssapiP_krb5.h
new revision: 1.56; previous revision: 1.55
done
Checking in accept_sec_context.c;
/cvs/krbdev/krb5/src/lib/gssapi/krb5/accept_sec_context.c,v <--
accept_sec_context.c
new revision: 1.85; previous revision: 1.84
done
Checking in init_sec_context.c;
/cvs/krbdev/krb5/src/lib/gssapi/krb5/init_sec_context.c,v <--
init_sec_context.c
new revision: 1.77; previous revision: 1.76
done
Checking in ChangeLog;
/cvs/krbdev/krb5/src/lib/gssapi/krb5/ChangeLog,v <-- ChangeLog
new revision: 1.236; previous revision: 1.235
More information about the krb5-bugs
mailing list