CVE-2019-14870: Apply forwardable policy in protocol-transition
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
This commit is contained in:
Isaac Boukris
committed by
Jeffrey Altman
Jeffrey Altman
parent
51415eaaae
commit
013210d1eb
@@ -217,6 +217,8 @@ ${kadmin} add -p kaka --use-defaults kt-des3@${R} || exit 1
|
||||
${kadmin} add -p kaka --use-defaults foo/des3-only@${R} || exit 1
|
||||
${kadmin} add -p kaka --use-defaults bar/des3-only@${R} || exit 1
|
||||
${kadmin} add -p kaka --use-defaults foo/aes-only@${R} || exit 1
|
||||
|
||||
${kadmin} add -p sens --use-defaults --attributes=disallow-forwardable sensitive@${R} || exit 1
|
||||
${kadmin} add -p foo --use-defaults ${ps} || exit 1
|
||||
${kadmin} modify --attributes=+trusted-for-delegation ${ps} || exit 1
|
||||
${kadmin} modify --constrained-delegation=${server} ${ps} || exit 1
|
||||
@@ -809,6 +811,15 @@ echo "test impersonate unknown client"; > messages.log
|
||||
${kgetcred_imp} --forward --impersonate=unknown@${R} ${ps} && \
|
||||
{ ec=1 ; eval "${testfailed}"; }
|
||||
|
||||
echo "test delegate sensitive client"; > messages.log
|
||||
${kgetcred_imp} --forward --impersonate=sensitive@${R} ${ps} || \
|
||||
{ ec=1 ; eval "${testfailed}"; }
|
||||
${kgetcred} \
|
||||
--out-cache=${o2cache} \
|
||||
--delegation-credential-cache=${ocache} \
|
||||
${server}@${R} && \
|
||||
{ ec=1 ; eval "${testfailed}"; }
|
||||
|
||||
echo "test constrained delegation"; > messages.log
|
||||
${kgetcred_imp} --forward --impersonate=bar@${R} ${ps} || \
|
||||
{ ec=1 ; eval "${testfailed}"; }
|
||||
|
||||
Reference in New Issue
Block a user