Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.507 (Entity 5.507) From: ghudson@mit.edu Subject: git commit Content-Length: 1850 Move more KDC checks to validate_tgs_request() Move the following validity checks: * the INVALID ticket flag check from kdc_process_tgs_req() * the lineage check from process_tgs_req() * the user-to-user second ticket client check from process_tgs_req() * all S4U2Self validity checks from kdc_process_s4u2self_req() * S4U2Proxy validity checks (but not KDB authorization checks) from kdc_process_s4u2proxy_req() In process_tgs_req(), call validate_tgs_request() after kdc_process_s4u2self_req() and decrypt_2ndtkt() so that their outputs can be used as validation inputs. Add stkt and is_crossrealm locals for convenience, and remove st_idx. There are some minor behavior changes: * For invalid S4U2Self request options, the status string is changed from "INVALID AS OPTIONS" to "INVALID S4U2SELF OPTIONS". * For a header ticket with the INVALID flag, the reply code is changed to KRB_AP_ERR_TKT_NYV (as specified in RFC 4120) and the status string to "TICKET NOT VALID". * For a lineage check failure, the explicit KDC log is removed, and the status string is changed to "INVALID LINEAGE". * For a user-to-user second ticket client mismatch, the explicit audit call is removed, and the log message does not include the second ticket client. * e_data returned from the KDB check_policy_as() method will be included in the error for S4U2Self requests. https://github.com/krb5/krb5/commit/3b163eed1cf1f55dd4a7bc6d6fffc34f55695b00 Author: Greg Hudson Commit: 3b163eed1cf1f55dd4a7bc6d6fffc34f55695b00 Branch: master src/kdc/do_tgs_req.c | 137 +++++++++++++------------------ src/kdc/kdc_util.c | 141 +++----------------------------- src/kdc/kdc_util.h | 17 +++-- src/kdc/tgs_policy.c | 225 +++++++++++++++++++++++++++++++++++++++++++------ 4 files changed, 275 insertions(+), 245 deletions(-)