git.ipfire.org Git - thirdparty/krb5.git/commit

author	Greg Hudson <ghudson@mit.edu>
	Wed, 19 Feb 2020 20:36:38 +0000 (15:36 -0500)
committer	Greg Hudson <ghudson@mit.edu>
	Fri, 21 Feb 2020 18:00:00 +0000 (13:00 -0500)
commit	109e30ce22c20f18b8233119f274935bdf573886
tree	3b88e632e99cc01c2e4f3342080397d3b691abec	tree
parent	033fa6e14155e7623bec5099e486635e01d3ab03	commit \| diff

Fix AS-REQ checking of KDB-modified indicators

Commit 7196c03f18f14695abeb5ae4923004469b172f0f (ticket 8823) gave the
KDB the ability to modify auth indicators, but it happens after the
asserted indicators are checked against the server principal
requirements. In finish_process_as_req(), move the call to
check_indicators() after the call to handle_authdata() so that the
final indicator list is checked.

For the test case, add string attribute functionality to the test KDB
module, and fix a bug where test_get_principal() would return failure
if a principal has no keys. Also add a test case for AS-REQ
enforcement of normally asserted auth indicators.

ticket: 8876 (new)
tags: pullup
target_version: 1.18-next

src/kdc/do_as_req.c		diff \| blob \| blame \| history
src/plugins/kdb/test/kdb_test.c		diff \| blob \| blame \| history
src/tests/t_authdata.py		diff \| blob \| blame \| history