X-Mailer: MIME-tools 5.507 (Entity 5.507) Subject: git commit MIME-Version: 1.0 From: ghudson@mit.edu Content-Type: text/plain; charset="utf-8" X-RT-Interface: API Content-Disposition: inline Content-Transfer-Encoding: binary X-RT-Original-Encoding: ascii RT-Message-ID: Content-Length: 1218 Honor transited-policy-checked flag in servers For consistency with Heimdal and simplicity of server configuration, do not check the transited field in krb5_rd_req() if the transited-policy-checked flag is set in the ticket. Add a cross-realm test using the gcred and rdreq harnesses to test server transited processing. Also fix the KDC capaths case so that the client actually doesn't know the path to the server realm. In k5test.py, adjust _cfg_merge() to remove keys mapped to None in the second dictionary (instead of mapping them to None in the result), so that deleting whole sections works. Remove the corresponding check for None in _write_cfg_section() as it is no longer needed. (cherry picked from commit a5aa5969bc6ed404b86318b47c38dfc3d3aeb8df) https://github.com/krb5/krb5/commit/4c091ce4b14a418ec027bd1b61cafe25f259cc85 Author: Greg Hudson Commit: 4c091ce4b14a418ec027bd1b61cafe25f259cc85 Branch: krb5-1.18 src/lib/krb5/krb/rd_req_dec.c | 11 ++++++--- src/tests/gcred.c | 10 +++++++- src/tests/t_crossrealm.py | 43 +++++++++++++++++++++++++++++++++++----- src/util/k5test.py | 6 +++- 4 files changed, 56 insertions(+), 14 deletions(-)