[31494] in CVS-changelog-for-Kerberos-V5
krb5 commit: Fix IAKERB realm discovery state machine logic
daemon@ATHENA.MIT.EDU (ghudson@mit.edu)
Tue Jan 27 16:47:38 2026
From: ghudson@mit.edu
To: cvs-krb5@mit.edu
Message-Id: <20260127214725.8CAE21042F6@krbdev.mit.edu>
Date: Tue, 27 Jan 2026 16:47:25 -0500 (EST)
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/5de16db5935c5a23f5548de1004cb4d7896c716b
commit 5de16db5935c5a23f5548de1004cb4d7896c716b
Author: Andreas Schneider <asn@cryptomilk.org>
Date: Fri Jan 23 16:32:57 2026 +0100
Fix IAKERB realm discovery state machine logic
In iakerb_initiator_step(), when realm discovery completes, set the
state to IAKERB_AS_REQ so we don't repeat the overwrite of
cred->name->princ->realm on the next token.
ticket: 9194 (new)
tags: pullup
target_version: 1.22-next
src/lib/gssapi/krb5/iakerb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c
index 90a9bce11..7cc4710e2 100644
--- a/src/lib/gssapi/krb5/iakerb.c
+++ b/src/lib/gssapi/krb5/iakerb.c
@@ -631,6 +631,7 @@ iakerb_initiator_step(iakerb_ctx_id_t ctx,
cred->name->princ->realm = server_realm;
server_realm = empty_data();
+ ctx->state = IAKERB_AS_REQ;
/* Done with realm discovery; fall through to AS request. */
case IAKERB_AS_REQ:
if (ctx->icc == NULL) {
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
