[16787] in Kerberos-V5-bugs
[krbdev.mit.edu #8010] git commit
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Mon Sep 13 23:55:20 2021
From: "Greg Hudson via RT" <rt@krbdev.mit.edu>
In-Reply-To:
Message-ID: <rt-4.4.3-2-389384-1631591715-1535.8010-5-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #8010":;
Date: Mon, 13 Sep 2021 23:55:15 -0400
MIME-Version: 1.0
Reply-To: rt@krbdev.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8010 >
Improve gss_store_cred() behavior
Select an output credential cache using similar logic to kinit. Do
not require the target cache to be initialized.
Try to use the per-thread cache set by gss_krb5_ccache_name() if no
output cache was specified via a cred store.
When the destination is a collection, honor the default_cred flag by
switching the primary cache to the selected output cache. When the
destination is not a collection, ignore the default_cred flag.
(Previously the default_cred flag was mandatory for gss_store_cred()
even though it is an advisory flag, and ignored for
gss_store_cred_into() even if no ccache was specified in the cred
store.)
Honor the overwrite_cred flag by refusing to replace an initialized
cache if it is not set. Stop using gss_acquire_cred() for this
purpose as it could go out and fetch credentials from a client keytab.
Perform atomic replacement of the target cache when possible, using
krb5_cc_move().
Add a test harness for calling gss_store_cred() or
gss_store_cred_into() and a suite of tests. Fix a broken trace log
message for krb5_cc_move() and update the expected trace logs for an
existing t_credstore.py test.
https://github.com/krb5/krb5/commit/3f5a348287646d65700854650fe668b9c4249013
Author: Greg Hudson <ghudson@mit.edu>
Commit: 3f5a348287646d65700854650fe668b9c4249013
Branch: master
.gitignore | 1 +
doc/appdev/gssapi.rst | 15 +++-
src/include/k5-trace.h | 2 +-
src/lib/gssapi/krb5/store_cred.c | 145 +++++++++++++++++--------------------
src/tests/gssapi/Makefile.in | 14 +++--
src/tests/gssapi/t_credstore.py | 4 +-
src/tests/gssapi/t_store_cred.c | 114 ++++++++++++++++++++++++++++++
src/tests/gssapi/t_store_cred.py | 80 +++++++++++++++++++++
8 files changed, 285 insertions(+), 90 deletions(-)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
