[krbdev.mit.edu #8659] git commit

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[krbdev.mit.edu #8659] git commit

Jeffrey Arbuckle via RT

Be more careful asking for AS key in SPAKE client

Asking for the AS key too early can result in password prompts in
situations where SPAKE won't proceed, such as when the KDC offers only
second factor types not supported by the client.

In spake_prep_questions(), decode the received message and make sure
it's a challenge with a supported group and second factor type
(SF-NONE at the moment).  Save the decoded message and use it in
spake_process().  Do not retrieve the AS key at the beginning of
spake_process(); instead do so in process_challenge() after checking
the challenge group and factor types.

Move contains_sf_none() earlier in the file so that it can be used by
spake_prep_questions() without a prototype.

Author: Greg Hudson <[hidden email]>
Commit: f240f1b0d324312be8aa59ead7cfbe0c329ed064
Branch: master
 src/plugins/preauth/spake/spake_client.c |  109 ++++++++++++++++++------------
 1 files changed, 65 insertions(+), 44 deletions(-)

krb5-bugs mailing list
[hidden email]