oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Only send KRB_ERROR token when there is clock skew, limits when we

Browse Source 
send KRB-ERROR for non-MUTUAL tokens.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23541 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2008-08-16 22:59:26 +00:00
parent f28083f6b3
commit 70a00b7fab
1 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/gssapi/krb5/accept_sec_context.c
View File

@@ -371,9 +371,8 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
if (kret) { if (kret) {
if (in) if (in)
krb5_rd_req_in_ctx_free(context, in); krb5_rd_req_in_ctx_free(context, in);
ret = GSS_S_FAILURE;
*minor_status = kret; *minor_status = kret;
return ret; return GSS_S_FAILURE;
} }
kret = krb5_rd_req_ctx(context, kret = krb5_rd_req_ctx(context,
@@ -382,13 +381,18 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
server, server,
in, &out); in, &out);
krb5_rd_req_in_ctx_free(context, in); krb5_rd_req_in_ctx_free(context, in);
if (kret) { if (kret == KRB5KRB_AP_ERR_SKEW) {
/* /*
* No reply in non-MUTUAL mode, but we don't know that its * No reply in non-MUTUAL mode, but we don't know that its
* non-MUTUAL mode yet, thats inside the 8003 checksum. * non-MUTUAL mode yet, thats inside the 8003 checksum, so
* lets only send the error token on clock skew, that
* limit when send error token for non-MUTUAL.
*/ */
return send_error_token(minor_status, context, kret, return send_error_token(minor_status, context, kret,
server, &indata, output_token); server, &indata, output_token);
} else if (kret) {
*minor_status = kret;
return GSS_S_FAILURE;
} }
/* /*