git.ipfire.org Git - thirdparty/krb5.git/commit

author	Greg Hudson <ghudson@mit.edu>
	Fri, 24 Jan 2020 15:25:18 +0000 (10:25 -0500)
committer	Greg Hudson <ghudson@mit.edu>
	Sat, 25 Jan 2020 01:56:32 +0000 (20:56 -0500)
commit	a5aa5969bc6ed404b86318b47c38dfc3d3aeb8df
tree	091e590ed73bc85377dcf4076de22f612bca7aad	tree
parent	d035dc269e80b58cb73fd2b644b06bc5fb53e9cb	commit \| diff

Honor transited-policy-checked flag in servers

For consistency with Heimdal and simplicity of server configuration,
do not check the transited field in krb5_rd_req() if the
transited-policy-checked flag is set in the ticket.

Add a cross-realm test using the gcred and rdreq harnesses to test
server transited processing.  Also fix the KDC capaths case so that
the client actually doesn't know the path to the server realm.  In
k5test.py, adjust _cfg_merge() to remove keys mapped to None in the
second dictionary (instead of mapping them to None in the result), so
that deleting whole sections works.  Remove the corresponding check
for None in _write_cfg_section() as it is no longer needed.

ticket: 8870 (new)
tags: pullup
target_version: 1.18

src/lib/krb5/krb/rd_req_dec.c		diff \| blob \| blame \| history
src/tests/gcred.c		diff \| blob \| blame \| history
src/tests/t_crossrealm.py		diff \| blob \| blame \| history
src/util/k5test.py		diff \| blob \| blame \| history