Skip Menu |
 

Subject: MSLSA ccache uses ticket TicketFlags as KdcOptions in the TGS request without mapping between types
GetMSCacheTicketFromCacheInfo() uses the tktinfo->TicketFlags as the
value to assign to TicketRequest->TicketFlags. This field is blindly
inserted into the kdc-options[0] field of the TGS_REQ. If there are
bits such as TRANSIT_POLICY_CHECKED in the TicketFlags, this will result
in an unknown TGS_OPTION being processed by the KDC.
From: jaltman@mit.edu
Subject: CVS Commit
2004-02-02 Jeffrey Altman <jaltman@mit.edu>

* cc_msla.c:
GetMSCacheTicketFromCacheInfo() uses the tktinfo->TicketFlags as the
value to assign to TicketRequest->TicketFlags. This field is blindly
inserted into the kdc-options[0] field of the TGS_REQ. If there are
bits such as TRANSIT_POLICY_CHECKED in the TicketFlags, this will result
in an unknown TGS_OPTION being processed by the KDC.

This has been fixed by mapping the Ticket Flags to KDC options.
We only map Forwardable, Forwarded, Proxiable, and Renewable. The others
should not be used.


To generate a diff of this commit:



cvs diff -r5.98 -r5.99 krb5/src/lib/krb5/ccache/ChangeLog
cvs diff -r5.11 -r5.12 krb5/src/lib/krb5/ccache/cc_mslsa.c
From: tlyu@mit.edu
Subject: CVS Commit
pullup from trunk


To generate a diff of this commit:



cvs diff -r5.82.2.9 -r5.82.2.10 krb5/src/lib/krb5/ccache/ChangeLog
cvs diff -r5.3.2.8 -r5.3.2.9 krb5/src/lib/krb5/ccache/cc_mslsa.c