[29001] in CVS-changelog-for-Kerberos-V5
krb5 commit: Filter CAMMAC authdata from non-KDC sources
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Jul 22 13:31:39 2015
Date: Wed, 22 Jul 2015 13:29:35 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201507221729.t6MHTZTJ028737@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/a19109fffc70cabcabab00d00bf65ea85fd33e1a
commit a19109fffc70cabcabab00d00bf65ea85fd33e1a
Author: Greg Hudson <ghudson@mit.edu>
Date: Thu Jan 22 12:45:25 2015 -0500
Filter CAMMAC authdata from non-KDC sources
Also filter auth-indicator authdata values which aren't wrapped in
CAMMACs, although we don't normally expect to see those.
ticket: 8157
src/kdc/kdc_authdata.c | 2 ++
src/lib/krb5/krb/authdata_dec.c | 2 ++
2 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/src/kdc/kdc_authdata.c b/src/kdc/kdc_authdata.c
index 193b8c1..e06bbe6 100644
--- a/src/kdc/kdc_authdata.c
+++ b/src/kdc/kdc_authdata.c
@@ -132,6 +132,8 @@ is_kdc_issued_authdatum(krb5_context context, krb5_authdata *authdata,
case KRB5_AUTHDATA_SIGNTICKET:
case KRB5_AUTHDATA_KDC_ISSUED:
case KRB5_AUTHDATA_WIN2K_PAC:
+ case KRB5_AUTHDATA_CAMMAC:
+ case KRB5_AUTHDATA_AUTH_INDICATOR:
result = desired_type ? (desired_type == ad_types[i]) : TRUE;
break;
default:
diff --git a/src/lib/krb5/krb/authdata_dec.c b/src/lib/krb5/krb/authdata_dec.c
index 0a3dc14..80f5385 100644
--- a/src/lib/krb5/krb/authdata_dec.c
+++ b/src/lib/krb5/krb/authdata_dec.c
@@ -142,6 +142,8 @@ find_authdata_1(krb5_context context, krb5_authdata *const *in_authdat,
case KRB5_AUTHDATA_SIGNTICKET:
case KRB5_AUTHDATA_KDC_ISSUED:
case KRB5_AUTHDATA_WIN2K_PAC:
+ case KRB5_AUTHDATA_CAMMAC:
+ case KRB5_AUTHDATA_AUTH_INDICATOR:
if (from_ap_req)
continue;
default:
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
