[16467] in Kerberos-V5-bugs
[krbdev.mit.edu #8870] git commit
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Mon Jan 27 11:06:28 2020
From: "Greg Hudson via RT" <rt@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To:
Message-ID: <rt-4.4.4-24065-1580141164-786.8870-5-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #8870":;
Date: Mon, 27 Jan 2020 11:06:04 -0500
MIME-Version: 1.0
Reply-To: rt@KRBDEV-PROD-APP-1.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8870 >
Honor transited-policy-checked flag in servers
For consistency with Heimdal and simplicity of server configuration,
do not check the transited field in krb5_rd_req() if the
transited-policy-checked flag is set in the ticket.
Add a cross-realm test using the gcred and rdreq harnesses to test
server transited processing. Also fix the KDC capaths case so that
the client actually doesn't know the path to the server realm. In
k5test.py, adjust _cfg_merge() to remove keys mapped to None in the
second dictionary (instead of mapping them to None in the result), so
that deleting whole sections works. Remove the corresponding check
for None in _write_cfg_section() as it is no longer needed.
(cherry picked from commit a5aa5969bc6ed404b86318b47c38dfc3d3aeb8df)
https://github.com/krb5/krb5/commit/4c091ce4b14a418ec027bd1b61cafe25f259cc85
Author: Greg Hudson <ghudson@mit.edu>
Commit: 4c091ce4b14a418ec027bd1b61cafe25f259cc85
Branch: krb5-1.18
src/lib/krb5/krb/rd_req_dec.c | 11 ++++++---
src/tests/gcred.c | 10 +++++++-
src/tests/t_crossrealm.py | 43 +++++++++++++++++++++++++++++++++++-----
src/util/k5test.py | 6 +++-
4 files changed, 56 insertions(+), 14 deletions(-)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
