[Swan-dev] xauth protocol and retransmits

Andrew Cagney andrew.cagney at gmail.com
Thu Oct 19 20:15:55 UTC 2017


Yea,

My fix is similar except I moved the code to before the switch - this bug
really isn't specific to PAM and other XAUTH algorithms need to do the same
thing.  I'll push my fix

Andrew


On 19 October 2017 at 15:41, Antony Antony <antony at phenome.org> wrote:

> On Thu, Oct 19, 2017 at 10:38:57AM -0400, Andrew Cagney wrote:
> > where it sends out the AUTH reply (an st_event), and a short while later
> > sends out an XAUTH request (an st_send_xauth_event, recent changes mean
> it
> > is generated from scratch and doesn't replace the AUTH reply?).
> >
> > With this, the problem I'm seeing is that when the initiator comes back
> > with its XAUTH reply, the responder, in xauth_launch_authent() needs to
> > cancel both the RETRANSMIT and the SEND_XAUTH but it only cancels the
> first
> > and only when PAM.  This lets SEND_XAUTH fire repeatedly and even after
> PAM
> > finishes and the final reply sent, and its code uses change_state() to
> > blungeon the state back to XAUTH_R0 resulting in much confusion.
>
> here is a fix  that comes to my mind.
> I am hopping this works for aggressive mode and main mode.
>
> -antony
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20171019/b44e26ca/attachment-0001.html>


More information about the Swan-dev mailing list