Date: | Fri, 12 Dec 2003 01:27:33 -0500 |
Subject: | gssapi ftpd bugs with CONTINUE_NEEDED |
Cc: | Ken Raeburn <raeburn@mit.edu> |
To: | krb5-bugs@mit.edu |
From: | Ken Raeburn <raeburn@MIT.EDU> |
Our ftpd code doesn't cope with a CONTINUE_NEEDED status from
gss_accept_sec_context. The wrong variable is checked in at least one
case. One message gets sent to the client with the token to be
returned, and then another message with a different status code is also
sent. Probably other things are going wrong too. I don't think we've
tested this path before.
The CONTINUE_NEEDED status can be returned under the new CFX support if
a context establishment token is received with an unrecognized TOK_ID
value. The test code I've set up for CFX can exercise this path when
compiled in.
Ken
gss_accept_sec_context. The wrong variable is checked in at least one
case. One message gets sent to the client with the token to be
returned, and then another message with a different status code is also
sent. Probably other things are going wrong too. I don't think we've
tested this path before.
The CONTINUE_NEEDED status can be returned under the new CFX support if
a context establishment token is received with an unrecognized TOK_ID
value. The test code I've set up for CFX can exercise this path when
compiled in.
Ken