[krbdev.mit.edu #9167] git commit

[Greg Hudson via RT]

Tue Mar 25 11:12:48 2025: Request 9167 was acted upon.
 Transaction: Ticket created by ghudson at mit.edu
       Queue: krb5
     Subject: git commit
       Owner: ghudson at mit.edu
  Requestors: 
      Status: new
 Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9167 >



Add initiator-side IAKERB realm discovery

When importing a name to IAKERB, don't add the default realm when we
parse strings.  Host-based name imports will continue to use
krb5_sname_to_principal(), which may add a realm from [domain_realm]
but won't add the default realm.

In the IAKERB state machine, query for the service's realm if the
client name doesn't have a realm.  To reduce code duplication, make
iakerb_make_token() responsible for saving the token and incrementing
the message count.

[ghudson at mit.edu: added tests; added a discovery state to the machine;
expanded import; adjusted iakerb_make_token() contract; rewrote commit
message]

https://github.com/krb5/krb5/commit/cc3511f66de78a955d0bd50d3f5bf2662bd3eda8
Author: Alexander Bokovoy <abokovoy at redhat.com>
Committer: Greg Hudson <ghudson at mit.edu>
Commit: cc3511f66de78a955d0bd50d3f5bf2662bd3eda8
Branch: master
 src/appl/gss-sample/t_gss_sample.py |  7 ++-
 src/lib/gssapi/krb5/gssapiP_krb5.h  |  7 +++
 src/lib/gssapi/krb5/gssapi_krb5.c   |  2 +-
 src/lib/gssapi/krb5/iakerb.c        | 67 +++++++++++++++++-----------
 src/lib/gssapi/krb5/import_name.c   | 26 +++++++++--
 src/tests/gssapi/t_gssapi.py        | 32 +++++++++++--
 src/tests/gssapi/t_iakerb.c         | 89 ++++++++++++++++++-------------------
 7 files changed, 149 insertions(+), 81 deletions(-)