[prev in list] [next in list] [prev in thread] [next in thread]
List: krb5-bugs
Subject: [krbdev.mit.edu #7649] git commit
From: "Tom Yu via RT" <rt-comment () krbdev ! mit ! edu>
Date: 2013-05-30 19:56:07
Message-ID: rt-7649-38684.8.37292233558649 () krbdev ! mit ! edu
[Download RAW message or body]
Fix transited handling for GSSAPI acceptors
The Acceptor Names project (#6855) extended krb5_rd_req so that it can
accept a "matching principal" in the server parameter. If the
matching principal has an empty realm, rd_req_decoded_opt attempted to
do transited checking with an empty server realm.
To fix this, always reset server to req->ticket->server for future
processing steps if we decrypt the ticket using a keytab.
decrypt_ticket replaces req->ticket->server with the principal name
from the keytab entry, so we know this name is correct.
Based on a bug report and patch from nalin@redhat.com.
(cherry picked from commit 57acee11b5c6682a7f4f036e35d8b2fc9292875e)
[tlyu@mit.edu: removed test due to k5test.py incompatibility]
https://github.com/krb5/krb5/commit/ea26f5230c4adaaf48b2d5d3175c2ef05f3b041d
Author: Tom Yu <tlyu@mit.edu>
Commit: ea26f5230c4adaaf48b2d5d3175c2ef05f3b041d
Branch: krb5-1.10
src/lib/krb5/krb/rd_req_dec.c | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic