[krbdev.mit.edu #9011] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Wed Jun 9 00:27:37 EDT 2021
Wed Jun 09 00:27:37 2021: Request 9011 was acted upon.
Transaction: Ticket created by ghudson at mit.edu
Queue: krb5
Subject: git commit
Owner: ghudson at mit.edu
Requestors:
Status: new
Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9011 >
Fix some principal realm canonicalization cases
The no_hostrealm and subst_defrealm flags in struct canonprinc were
only applied when dns_canonicalize_hostname=fallback; in the other
cases, the initial krb5_sname_to_principal() result is treated as
canonical. For no_hostrealm this limitation doesn't currently matter,
because all uses pass a principal with no realm as input. However,
subst_defrealm is used to convert the referral realm to the default
realm in krb5_get_init_creds_keytab(), krb5_cc_cache_match(), and
gss_acquire_cred() when it needs to check the desired name against a
specified ccache.
In k5_canonprinc(), if the input principal is a
krb5_sname_to_principal() result and fallback isn't in effect, apply
subst_defrealm. Document in os-proto.h that no_hostrealm doesn't
remove an existing realm and that krb5_sname_to_principal() may
already have looked one up.
https://github.com/krb5/krb5/commit/c077d0c6430c4ac163443aacc03d14d206a4cbb8
Author: Greg Hudson <ghudson at mit.edu>
Commit: c077d0c6430c4ac163443aacc03d14d206a4cbb8
Branch: master
src/lib/krb5/os/os-proto.h | 13 +++++++++----
src/lib/krb5/os/sn2princ.c | 24 +++++++++++++++++++++---
2 files changed, 30 insertions(+), 7 deletions(-)
More information about the krb5-bugs
mailing list