git.ipfire.org Git - thirdparty/krb5.git/commit

author	Alexander Bokovoy <abokovoy@redhat.com>
	Mon, 10 Mar 2025 07:40:37 +0000 (09:40 +0200)
committer	Greg Hudson <ghudson@mit.edu>
	Tue, 25 Mar 2025 14:43:04 +0000 (10:43 -0400)
commit	cc3511f66de78a955d0bd50d3f5bf2662bd3eda8
tree	f7d08d03f4033788eb4f3d7d4d6f073726a84de0	tree
parent	310793ba63782af5ffa3a95d20e41f8f03ca7e00	commit \| diff

Add initiator-side IAKERB realm discovery

When importing a name to IAKERB, don't add the default realm when we
parse strings. Host-based name imports will continue to use
krb5_sname_to_principal(), which may add a realm from [domain_realm]
but won't add the default realm.

In the IAKERB state machine, query for the service's realm if the
client name doesn't have a realm. To reduce code duplication, make
iakerb_make_token() responsible for saving the token and incrementing
the message count.

[ghudson@mit.edu: added tests; added a discovery state to the machine;
expanded import; adjusted iakerb_make_token() contract; rewrote commit
message]

ticket: 9167 (new)

src/appl/gss-sample/t_gss_sample.py		diff \| blob \| blame \| history
src/lib/gssapi/krb5/gssapiP_krb5.h		diff \| blob \| blame \| history
src/lib/gssapi/krb5/gssapi_krb5.c		diff \| blob \| blame \| history
src/lib/gssapi/krb5/iakerb.c		diff \| blob \| blame \| history
src/lib/gssapi/krb5/import_name.c		diff \| blob \| blame \| history
src/tests/gssapi/t_gssapi.py		diff \| blob \| blame \| history
src/tests/gssapi/t_iakerb.c		diff \| blob \| blame \| history