Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
From: ghudson@mit.edu
Subject: git commit
Content-Length: 1227


Fix some principal realm canonicalization cases

The no_hostrealm and subst_defrealm flags in struct canonprinc were
only applied when dns_canonicalize_hostname=fallback; in the other
cases, the initial krb5_sname_to_principal() result is treated as
canonical.  For no_hostrealm this limitation doesn't currently matter,
because all uses pass a principal with no realm as input.  However,
subst_defrealm is used to convert the referral realm to the default
realm in krb5_get_init_creds_keytab(), krb5_cc_cache_match(), and
gss_acquire_cred() when it needs to check the desired name against a
specified ccache.

In k5_canonprinc(), if the input principal is a
krb5_sname_to_principal() result and fallback isn't in effect, apply
subst_defrealm.  Document in os-proto.h that no_hostrealm doesn't
remove an existing realm and that krb5_sname_to_principal() may
already have looked one up.

https://github.com/krb5/krb5/commit/c077d0c6430c4ac163443aacc03d14d206a4cbb8
Author: Greg Hudson <ghudson@mit.edu>
Commit: c077d0c6430c4ac163443aacc03d14d206a4cbb8
Branch: master
 src/lib/krb5/os/os-proto.h |   13 +++++++++----
 src/lib/krb5/os/sn2princ.c |   24 +++++++++++++++++++++---
 2 files changed, 30 insertions(+), 7 deletions(-)