[krbdev.mit.edu #8876] git commit
Greg Hudson via RT
rt at KRBDEV-PROD-APP-1.mit.edu
Wed Mar 18 12:52:42 EDT 2020
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8876 >
Fix AS-REQ checking of KDB-modified indicators
Commit 7196c03f18f14695abeb5ae4923004469b172f0f (ticket 8823) gave the
KDB the ability to modify auth indicators, but it happens after the
asserted indicators are checked against the server principal
requirements. In finish_process_as_req(), move the call to
check_indicators() after the call to handle_authdata() so that the
final indicator list is checked.
For the test case, add string attribute functionality to the test KDB
module, and fix a bug where test_get_principal() would return failure
if a principal has no keys. Also add a test case for AS-REQ
enforcement of normally asserted auth indicators.
(cherry picked from commit 109e30ce22c20f18b8233119f274935bdf573886)
https://github.com/krb5/krb5/commit/dc840f670d5b756a773d72fa345aa5e6da298b22
Author: Greg Hudson <ghudson at mit.edu>
Commit: dc840f670d5b756a773d72fa345aa5e6da298b22
Branch: krb5-1.18
src/kdc/do_as_req.c | 14 ++++++------
src/plugins/kdb/test/kdb_test.c | 42 +++++++++++++++++++++++++++++++++++++-
src/tests/t_authdata.py | 11 ++++++++++
3 files changed, 58 insertions(+), 9 deletions(-)
More information about the krb5-bugs
mailing list