git.ipfire.org Git - thirdparty/krb5.git/commit

author	Greg Hudson <ghudson@mit.edu>
	Tue, 4 Aug 2015 00:45:17 +0000 (20:45 -0400)
committer	Greg Hudson <ghudson@mit.edu>
	Thu, 13 Aug 2015 15:53:08 +0000 (11:53 -0400)
commit	16128e80d30b4f5e03c2f4fd3d1024216eed3fa4
tree	8f86acb735286dd576a3d3d02c81716e52beedb3	tree
parent	9771826f113708c41c75d7c447d4b870c0f6a78f	commit \| diff

Make cross-realm S4U2Self work

When sending a S4U2Self query to a foreign realm, send an enterprise
server principal so that the foreign KDC can identify the home realm
of the server principal.

To make this work, adjust the memory management of
krb5_get_self_cred_from_kdc().  s4u_creds is now a shallow copy of
in_creds which owns no memory.  A new variable eprinc owns the
enterprise form of the server principal, constructed using a new
helper function convert_to_enterprise().  Since we have to set the
server realm for KDC-REQ encoding to work, a new temporary variable
sprinc holds a shallow copy of *eprinc with the realm pointing to the
realm we are currently querying.

Based on a patch by Sumit Bose.

ticket: 7790

src/lib/krb5/krb/s4u_creds.c		diff \| blob \| blame \| history
src/tests/gssapi/t_s4u.py		diff \| blob \| blame \| history