7f06579f48
- backport patch to disable replay detection in krb5_verify_init_creds() while reading the AP-REQ that's generated in the same function (RT#7229)
18 lines
634 B
Diff
18 lines
634 B
Diff
Backport from ticket 7229.
|
|
--- krb5-1.10.2/src/lib/krb5/krb/vfy_increds.c
|
|
+++ krb5-1.10.2/src/lib/krb5/krb/vfy_increds.c
|
|
@@ -194,6 +194,13 @@ krb5_verify_init_creds(krb5_context cont
|
|
authcon = NULL;
|
|
}
|
|
|
|
+ /* Build an auth context that won't bother with replay checks -- it's
|
|
+ * not as if we're going to mount a replay attack on ourselves here. */
|
|
+ if (ret = krb5_auth_con_init(context, &authcon))
|
|
+ goto cleanup;
|
|
+ if (ret = krb5_auth_con_setflags(context, authcon, 0))
|
|
+ goto cleanup;
|
|
+
|
|
/* verify the ap_req */
|
|
|
|
if ((ret = krb5_rd_req(context, &authcon, &ap_req, server, keytab,
|