git.ipfire.org Git - thirdparty/krb5.git/commit

author	Greg Hudson <ghudson@mit.edu>
	Sat, 18 Jul 2020 02:57:45 +0000 (22:57 -0400)
committer	Greg Hudson <ghudson@mit.edu>
	Fri, 7 Aug 2020 15:55:18 +0000 (11:55 -0400)
commit	3fcc365a6f049730b3f47168f7112c03997c5c0b
tree	27be575da63d6795cb0b54075a53b8539a2b7957	tree \| snapshot
parent	ac2b693d0ec464e0bcda4953acd79f201169f396	commit \| diff

Expand dns_canonicalize_host=fallback support

In krb5_sname_to_principal(), when using fallback, defer realm lookup
and any kind of hostname canonicalization until use.  Add a
lightweight iterator k5_canonprinc() to yield the one or two possible
candidates for a principal.  In the iterator, don't yield the same
hostname part twice.

Add fallback processing to the stepwise TGS state machine, and remove
it from krb5_get_credentials().  Add fallback processing to
k5_get_proxy_cred_from_kdc().

Add fallback processing to krb5_init_creds_set_keytab(), and use the
principal we find in the keytab as the request client principal.
Defer restart_init_creds_loop() to the first step call so that server
principal is built using the correct realm.

Add fallback processing to krb5_rd_req().

ticket: 8930 (new)

src/include/k5-trace.h		diff \| blob \| blame \| history
src/kprop/kprop_util.c		diff \| blob \| blame \| history
src/lib/krb5/krb/deps		diff \| blob \| blame \| history
src/lib/krb5/krb/get_creds.c		diff \| blob \| blame \| history
src/lib/krb5/krb/get_in_tkt.c		diff \| blob \| blame \| history
src/lib/krb5/krb/gic_keytab.c		diff \| blob \| blame \| history
src/lib/krb5/krb/init_creds_ctx.h		diff \| blob \| blame \| history
src/lib/krb5/krb/rd_req_dec.c		diff \| blob \| blame \| history
src/lib/krb5/krb/s4u_creds.c		diff \| blob \| blame \| history
src/lib/krb5/os/os-proto.h		diff \| blob \| blame \| history
src/lib/krb5/os/sn2princ.c		diff \| blob \| blame \| history
src/tests/icred.c		diff \| blob \| blame \| history
src/tests/t_sn2princ.py		diff \| blob \| blame \| history