[16814] in Kerberos-V5-bugs
[krbdev.mit.edu #9050] git commit
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Thu Jan 27 16:58:13 2022
From: "Greg Hudson via RT" <rt-comment@krbdev.mit.edu>
In-Reply-To:
Message-ID: <rt-4.4.3-2-2222615-1643320666-1825.9050-4-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #9050":;
Date: Thu, 27 Jan 2022 16:57:46 -0500
MIME-Version: 1.0
Reply-To: rt-comment@krbdev.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
Thu Jan 27 16:57:46 2022: Request 9050 was acted upon.
Transaction: Ticket created by ghudson@mit.edu
Queue: krb5
Subject: git commit
Owner: ghudson@mit.edu
Requestors:
Status: new
Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9050 >
Implement replaced_reply_key input to issue_pac()
If a kdcpreauth module fully replaces the reply key during an AS
request, pass the reply key as the replaced_reply_key input to
issue_pac(). In Windows environments this is used to provide an NTLM
hash to the LSA when the client cannot be presumed to have a password
to derive it from.
To test this, add a fake PAC_CREDENTIALS_INFO buffer to the PAC in the
test KDB module, and alter adata.c to display the set of PAC buffer
types when a PAC is present.
https://github.com/krb5/krb5/commit/78fd66926c4be5910c1e21d9e553dfb792ae822a
Author: Greg Hudson <ghudson@mit.edu>
Commit: 78fd66926c4be5910c1e21d9e553dfb792ae822a
Branch: master
src/include/kdb.h | 3 +-
src/kdc/do_as_req.c | 7 ++-
src/kdc/do_tgs_req.c | 2 +-
src/kdc/kdc_authdata.c | 26 +++++-----
src/kdc/kdc_util.h | 1 +
src/plugins/kdb/test/kdb_test.c | 8 +++
src/tests/adata.c | 100 +++++++++++++++++++++-----------------
src/tests/t_authdata.py | 22 +++++++-
8 files changed, 105 insertions(+), 64 deletions(-)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
