Skip Menu |
 

From: ghudson@mit.edu
Subject: git commit

Add client_keyblock kdcpreauth callback

Add a new kdcpreauth callback which gets the selected client key.
This callback can be used by preauth mechs which need to use the
singular reply key in a challenge sent by the KDC, now that we send
only one etype-info entry in PREAUTH_REQUIRED errors.

https://github.com/krb5/krb5/commit/7b12eb4757f8dd05b79c9b49d4289f0caf1f6eec
Author: Greg Hudson <ghudson@mit.edu>
Commit: 7b12eb4757f8dd05b79c9b49d4289f0caf1f6eec
Branch: master
src/include/krb5/kdcpreauth_plugin.h | 15 ++++++++++++++-
src/kdc/kdc_preauth.c | 11 +++++++++--
2 files changed, 23 insertions(+), 3 deletions(-)
From: ghudson@mit.edu
Subject: git commit
Download (untitled) / with headers
text/plain 1.1KiB

Test client_keyblock kdcpreauth callback

Add internal clpreauth and kdcpreauth modules named "test" which can
exercise the client_keyblock callback (as well as get_string and
get_as_key on the client side). Add tests to t_etype_info.py to
verify that the callback matches the etype info sent by the KDC.

In the KDC's load_preauth_plugins(), correct a test for the end of
pa_type_list so that we can use a negative preauth type number for the
test module. (RFC 4120 reserves negative preauth type values for
unregistered use.)

https://github.com/krb5/krb5/commit/be20a5f5cee8d6c4072d1b81712520dbf9f6eefd
Author: Greg Hudson <ghudson@mit.edu>
Commit: be20a5f5cee8d6c4072d1b81712520dbf9f6eefd
Branch: master
src/Makefile.in | 1 +
src/configure.in | 1 +
src/kdc/kdc_preauth.c | 2 +-
src/plugins/preauth/test/Makefile.in | 21 +++++
src/plugins/preauth/test/cltest.c | 107 +++++++++++++++++++++++++
src/plugins/preauth/test/kdctest.c | 137 +++++++++++++++++++++++++++++++++
src/plugins/preauth/test/test.exports | 2 +
src/tests/t_etype_info.py | 21 +++++
8 files changed, 291 insertions(+), 1 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Fix kdcpreauth counting bug

In kdc_preauth.c, commit be20a5f5cee8d6c4072d1b81712520dbf9f6eefd made
load_preauth_plugins() handle negative preauth type numbers.
get_plugin_vtables() also needs to handle negative preauth type
numbers, or it can return the wrong count and load_preauth_plugins()
can overflow the table.

https://github.com/krb5/krb5/commit/2c3c44ce0555110a919aff0902d143b7f00e26ef
Author: Greg Hudson <ghudson@mit.edu>
Commit: 2c3c44ce0555110a919aff0902d143b7f00e26ef
Branch: master
src/kdc/kdc_preauth.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)