[krbdev.mit.edu #8592] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Mon Jul 3 00:21:16 EDT 2017
Parse all kadm5.acl fields at startup
Parse the client principal name, target principal name, and
restrictions field of kadm5.acl entries when the file is loaded, not
later on when an attempt is made to match the entry.
This change affects the error-handling behavior of kadm5.acl files.
Previously, a syntax error in the line structure (such as having only
one field) would cause the whole file to be rejected, but an error
within a principal name or restrictions string would cause only that
entry to be discarded. After this change, any parsing failure will
cause the whole file to be rejected.
https://github.com/krb5/krb5/commit/83d47cda7412c3b41a2da4da14e6162a0e9f2630
Author: Greg Hudson <ghudson at mit.edu>
Commit: 83d47cda7412c3b41a2da4da14e6162a0e9f2630
Branch: master
src/kadmin/server/auth_acl.c | 91 +++++++++++++----------------------------
1 files changed, 29 insertions(+), 62 deletions(-)
More information about the krb5-bugs
mailing list