diff options
author | Greg Hudson <ghudson@mit.edu> | 2017-09-22 16:51:15 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2017-09-27 12:01:50 -0400 |
commit | 144f109d930d509c3809d6f7da21eae6be500b2e (patch) | |
tree | 809a9a9aa81d862f9722e42811f805a583117ecf | |
parent | 9563fab8faf281a5da61e011a7a74bd8dca2fdbb (diff) | |
download | krb5-144f109d930d509c3809d6f7da21eae6be500b2e.zip krb5-144f109d930d509c3809d6f7da21eae6be500b2e.tar.gz krb5-144f109d930d509c3809d6f7da21eae6be500b2e.tar.bz2 |
Abort client preauth on keyboard interrupt
Continuing client preauth after a keyboard interrupt is unexpected and
can manifest bugs (such as the one in ticket 8596) by invoking preauth
mechs we wouldn't ordinarily reach. Based on a patch by Marc Dionne.
ticket: 8615 (new)
-rw-r--r-- | src/lib/krb5/krb/get_in_tkt.c | 3 | ||||
-rw-r--r-- | src/lib/krb5/krb/preauth2.c | 3 |
2 files changed, 6 insertions, 0 deletions
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index 35d58e8..47a00bf 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -1358,6 +1358,9 @@ init_creds_step_request(krb5_context context, code = ctx->err_reply->error + ERROR_TABLE_BASE_krb5; } } + /* Don't continue after a keyboard interrupt. */ + if (code == KRB5_LIBOS_PWDINTR) + goto cleanup; if (code) { /* See if we can try a different preauth mech before giving up. */ k5_save_ctx_error(context, code, &save); diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c index 21aeff2..6b96fa1 100644 --- a/src/lib/krb5/krb/preauth2.c +++ b/src/lib/krb5/krb/preauth2.c @@ -688,6 +688,9 @@ process_pa_data(krb5_context context, krb5_init_creds_context ctx, } free(mod_pa); } + /* Don't continue to try mechanisms after a keyboard interrupt. */ + if (ret == KRB5_LIBOS_PWDINTR) + goto cleanup; if (ret == 0 && real) { /* Stop now and record which real padata type we answered. */ *out_type = pa->pa_type; |