]> git.ipfire.org Git - thirdparty/krb5.git/commit
projects / thirdparty / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5f876f7) | patch
Implement fallback for GSS acceptor names
authorGreg Hudson <ghudson@mit.edu>
Mon, 28 Dec 2020 20:41:46 +0000 (15:41 -0500)
committerGreg Hudson <ghudson@mit.edu>
Fri, 8 Jan 2021 17:16:02 +0000 (12:16 -0500)
commit196be3c474881dcaf76332375c1dffbd3a9140f6
treec5f8a69c2648b1aa5ff41ff5aa803ee5965bab34tree
parent5f876f7d75a79ec2a0efd8a71206f514c9ecb839commit | diff
Implement fallback for GSS acceptor names

Commit 3fcc365a6f049730b3f47168f7112c03997c5c0b added fallback support
to krb5_rd_req(), but acquiring acceptor creds for a host-based name
could still fail within check_keytab() in the krb5 mech.

Add an internal libkrb5 API k5_kt_have_match() to check for a matching
keytab entry with canonicalization, and use it in check_keytab().  Add
a library-internal function k5_sname_wildcard_host() to share logic
between rd_req and k5_kt_have_match().

(cherry picked from commit 7e0a2a7a3a76205ebd7192f06a99f23bad8dc5bd)

ticket: 8971
version_fixed: 1.19
src/include/k5-int.h diff | blob | blame | history
src/lib/gssapi/krb5/acquire_cred.c diff | blob | blame | history
src/lib/krb5/keytab/ktfns.c diff | blob | blame | history
src/lib/krb5/krb/int-proto.h diff | blob | blame | history
src/lib/krb5/krb/rd_req_dec.c diff | blob | blame | history
src/lib/krb5/krb/sname_match.c diff | blob | blame | history
src/lib/krb5/libkrb5.exports diff | blob | blame | history
src/lib/krb5_32.def diff | blob | blame | history
src/tests/gssapi/t_gssapi.py diff | blob | blame | history
Mirror of https://github.com/krb5/krb5.git