[28890] in CVS-changelog-for-Kerberos-V5
krb5 commit [krb5-1.12]: Fix scope of kadmind ACL wildcard
daemon@ATHENA.MIT.EDU (Tom Yu)
Tue May 12 15:46:14 2015
Date: Tue, 12 May 2015 15:46:04 -0400
From: Tom Yu <tlyu@mit.edu>
Message-Id: <201505121946.t4CJk4sH020993@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/bab11e7d597635d88bb693c39ffaddfed906b594
commit bab11e7d597635d88bb693c39ffaddfed906b594
Author: Greg Hudson <ghudson@mit.edu>
Date: Thu Mar 12 16:36:33 2015 -0400
Fix scope of kadmind ACL wildcard back-references
In kadm5int_acl_find_entry(), clear the wildcard back-references list
for each acl entry. Otherwise the wildcards we process can affect
back-references for later entries.
(cherry picked from commit d3d18b8d8d7a47766fd4e9667d045035f43d90ef)
(cherry picked from commit 8e67dce9379c0f50bdccc12619fecad423aa5384)
ticket: 8183
version_fixed: 1.12.4
status: resolved
src/lib/kadm5/srv/server_acl.c | 2 +-
src/tests/t_kadmin_acl.py | 2 ++
2 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/src/lib/kadm5/srv/server_acl.c b/src/lib/kadm5/srv/server_acl.c
index b2aeb7d..9d971a9 100644
--- a/src/lib/kadm5/srv/server_acl.c
+++ b/src/lib/kadm5/srv/server_acl.c
@@ -611,8 +611,8 @@ kadm5int_acl_find_entry(kcontext, principal, dest_princ)
wildstate_t state;
DPRINT(DEBUG_CALLS, acl_debug_level, ("* kadm5int_acl_find_entry()\n"));
- memset(&state, 0, sizeof state);
for (entry=acl_list_head; entry; entry = entry->ae_next) {
+ memset(&state, 0, sizeof(state));
if (entry->ae_name_bad)
continue;
if (!strcmp(entry->ae_name, "*")) {
diff --git a/src/tests/t_kadmin_acl.py b/src/tests/t_kadmin_acl.py
index c4b8465..8b04c1e 100644
--- a/src/tests/t_kadmin_acl.py
+++ b/src/tests/t_kadmin_acl.py
@@ -65,6 +65,8 @@ restricted_modify im * +preauth
restricted_rename ad * +preauth
*/* d *2/*1
+# The next line is a regression test for #8154; it is not used directly.
+one/*/*/five l
*/two/*/* d *3/*1/*2
*/admin a
wctarget a wild/*
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
