diff options
author | Sam Hartman <hartmans@mit.edu> | 2003-03-04 20:45:32 +0000 |
---|---|---|
committer | Sam Hartman <hartmans@mit.edu> | 2003-03-04 20:45:32 +0000 |
commit | f956ffa323ab8a88295f0b6b0ee772b62165534b (patch) | |
tree | 57cc931dca664c59708dd9fd8c230bb4c8f8c417 /src/lib/krb5/krb | |
parent | 59c236f3e91fc0eab00f7b2dfb10ad5da715c228 (diff) | |
download | krb5-f956ffa323ab8a88295f0b6b0ee772b62165534b.zip krb5-f956ffa323ab8a88295f0b6b0ee772b62165534b.tar.gz krb5-f956ffa323ab8a88295f0b6b0ee772b62165534b.tar.bz2 |
GSS_C_NO_CREDENTIAL should accept any principal
If a context is accepted with GSS_C_NO_CREDENTIAL or if a credential
is acquired with GSS_C_NO_NAME as the acceptor name then allow any
principal in the keytab to be used as the acceptor name.
This means that gss_inquire_cred can return GSS_C_NO_NAME from a
credential.
ticket: new
Tags: enhancement
cc: nicolas.williams@sun.com
cc: krbdev@mit.edu
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15218 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5/krb')
-rw-r--r-- | src/lib/krb5/krb/ChangeLog | 6 | ||||
-rw-r--r-- | src/lib/krb5/krb/rd_req.c | 3 | ||||
-rw-r--r-- | src/lib/krb5/krb/srv_rcache.c | 6 |
3 files changed, 13 insertions, 2 deletions
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 036e8ed..55cf03d 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,9 @@ +2003-03-02 Sam Hartman <hartmans@mit.edu> + + * srv_rcache.c (krb5_get_server_rcache): If punctuation or graphic characters in replay ccache name then use escaping + + * rd_req.c (krb5_rd_req): Allow initializing the replay cache from the ticket + 2003-02-25 Tom Yu <tlyu@mit.edu> * gic_pwd.c (krb5_get_init_creds_password): Don't pass a NULL diff --git a/src/lib/krb5/krb/rd_req.c b/src/lib/krb5/krb/rd_req.c index bc4586e..f844e3c 100644 --- a/src/lib/krb5/krb/rd_req.c +++ b/src/lib/krb5/krb/rd_req.c @@ -79,6 +79,9 @@ krb5_rd_req(krb5_context context, krb5_auth_context *auth_context, const krb5_da *auth_context = new_auth_context; } + if (!server) { + server = request->ticket->server; + } /* Get an rcache if necessary. */ if (((*auth_context)->rcache == NULL) && server) { if ((retval = krb5_get_server_rcache(context, diff --git a/src/lib/krb5/krb/srv_rcache.c b/src/lib/krb5/krb/srv_rcache.c index e6abcfb..290f869 100644 --- a/src/lib/krb5/krb/srv_rcache.c +++ b/src/lib/krb5/krb/srv_rcache.c @@ -31,6 +31,8 @@ #include <ctype.h> #include <stdio.h> +/* Macro for valid RC name characters*/ +#define isinvalidrcname(x) (isgraph(x)||ispunct(x)) krb5_error_code KRB5_CALLCONV krb5_get_server_rcache(krb5_context context, const krb5_data *piece, krb5_rcache *rcptr) { @@ -58,7 +60,7 @@ krb5_get_server_rcache(krb5_context context, const krb5_data *piece, krb5_rcache for (i = 0; i < piece->length; i++) { if (piece->data[i] == '\\') len++; - else if (!isgraph((int) piece->data[i])) + else if (!isinvalidrcname((int) piece->data[i])) len += 3; } @@ -81,7 +83,7 @@ krb5_get_server_rcache(krb5_context context, const krb5_data *piece, krb5_rcache cachename[p++] = '\\'; continue; } - if (!isgraph((int) piece->data[i])) { + if (!isinvalidrcname((int) piece->data[i])) { sprintf(tmp, "%03o", piece->data[i]); cachename[p++] = '\\'; cachename[p++] = tmp[0]; |