]> git.ipfire.org Git - thirdparty/krb5.git/commit
projects / thirdparty / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e818d27) | patch
Fix transited handling for GSSAPI acceptors
authorGreg Hudson <ghudson@mit.edu>
Mon, 20 May 2013 15:03:04 +0000 (11:03 -0400)
committerGreg Hudson <ghudson@mit.edu>
Tue, 21 May 2013 15:03:13 +0000 (11:03 -0400)
commit57acee11b5c6682a7f4f036e35d8b2fc9292875e
tree6f198386b2591b8d8495f6c8260b4f905360ddfbtree | snapshot
parente818d27a372d021bc6025e7bce867ed06a8fc1adcommit | diff
Fix transited handling for GSSAPI acceptors

The Acceptor Names project (#6855) extended krb5_rd_req so that it can
accept a "matching principal" in the server parameter.  If the
matching principal has an empty realm, rd_req_decoded_opt attempted to
do transited checking with an empty server realm.

To fix this, always reset server to req->ticket->server for future
processing steps if we decrypt the ticket using a keytab.
decrypt_ticket replaces req->ticket->server with the principal name
from the keytab entry, so we know this name is correct.

Based on a bug report and patch from nalin@redhat.com.

ticket: 7639
target_version: 1.11.3
tags: pullup
src/lib/krb5/krb/rd_req_dec.c diff | blob | blame | history
src/tests/gssapi/t_gssapi.py diff | blob | blame | history
Mirror of https://github.com/krb5/krb5.git