[krbdev.mit.edu #7232] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Wed May 7 12:56:50 EDT 2014
Improve krb5_rd_req decryption failure errors
When krb5_rd_req cannot decrypt a ticket, try to produce the most
helpful diagnostic we can, and return an error code which corresponds
to the most applicable Kerberos protocol error. Add a trace log
containing the error message for ticket decryption failures, in case
the application server does not log it.
Add new tests to cover krb5_rd_req error messages and adjust existing
tests to match the new messages. Also adjust svc_auth_gssapi.c to
look for KRB5KRB_AP_ERR_NOT_US instead of KRB5KRB_AP_WRONG_PRINC.
https://github.com/krb5/krb5/commit/eba8c4909ec7ba0d7054d5d1b1061319e9970cc7
Author: Greg Hudson <ghudson at mit.edu>
Commit: eba8c4909ec7ba0d7054d5d1b1061319e9970cc7
Branch: master
.gitignore | 1 +
src/include/k5-trace.h | 2 +
src/lib/krb5/krb/rd_req_dec.c | 305 +++++++++++++++++++++++----
src/lib/rpc/svc_auth_gssapi.c | 9 +-
src/lib/rpc/unit-test/rpc_test.0/gsserr.exp | 4 +-
src/tests/Makefile.in | 12 +-
src/tests/gssapi/t_gssapi.py | 10 +-
src/tests/rdreq.c | 116 ++++++++++
src/tests/t_rdreq.py | 126 +++++++++++
9 files changed, 528 insertions(+), 57 deletions(-)
More information about the krb5-bugs
mailing list