Skip Menu |
 

From: ghudson@mit.edu
Subject: git commit

Allow cross-realm RBCD with PAC and other authdata

For cross-realm S4U2Proxy requests, require a PAC to be present to
bypass signedpath verification, but do not require it to be the only
authdata element. For within-realm requests, add and verify
signedpath authdata regardless of the presence of a PAC.

Simplify the test KDB authdata module and the existing RBCD tests as
we no longer need a way to suppress the test module's KDB authdata.

[ghudson@mit.edu: rewrote commit message; reordered a condition for
efficiency]

https://github.com/krb5/krb5/commit/94f7c9705879500b1dc8dda8592490efce05688f
Author: Isaac Boukris <iboukris@gmail.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 94f7c9705879500b1dc8dda8592490efce05688f
Branch: master
src/include/kdb.h | 6 +++---
src/kdc/kdc_authdata.c | 21 ++++++++-------------
src/plugins/kdb/test/kdb_test.c | 23 ++++++-----------------
src/tests/gssapi/t_s4u.py | 3 ---
4 files changed, 17 insertions(+), 36 deletions(-)
Subject: git commit
From: ghudson@mit.edu

Further simplify test KDB module authdata code

Commit 94f7c9705879500b1dc8dda8592490efce05688f simplified the
generation of authdata elements, but left behind some unnecessary
conditionalization when assembling the elements into a list, causing a
Coverity defect. Further simplify the code.

https://github.com/krb5/krb5/commit/d035dc269e80b58cb73fd2b644b06bc5fb53e9cb
Author: Greg Hudson <ghudson@mit.edu>
Commit: d035dc269e80b58cb73fd2b644b06bc5fb53e9cb
Branch: master
src/plugins/kdb/test/kdb_test.c | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Allow cross-realm RBCD with PAC and other authdata

For cross-realm S4U2Proxy requests, require a PAC to be present to
bypass signedpath verification, but do not require it to be the only
authdata element. For within-realm requests, add and verify
signedpath authdata regardless of the presence of a PAC.

Simplify the test KDB authdata module and the existing RBCD tests as
we no longer need a way to suppress the test module's KDB authdata.

[ghudson@mit.edu: rewrote commit message; reordered a condition for
efficiency]

(cherry picked from commit 94f7c9705879500b1dc8dda8592490efce05688f)

https://github.com/krb5/krb5/commit/17570dd94056df70c19108c14d46cd6132509e6a
Author: Isaac Boukris <iboukris@gmail.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 17570dd94056df70c19108c14d46cd6132509e6a
Branch: krb5-1.18
src/include/kdb.h | 6 +++---
src/kdc/kdc_authdata.c | 21 ++++++++-------------
src/plugins/kdb/test/kdb_test.c | 23 ++++++-----------------
src/tests/gssapi/t_s4u.py | 3 ---
4 files changed, 17 insertions(+), 36 deletions(-)
Subject: git commit
From: ghudson@mit.edu

Further simplify test KDB module authdata code

Commit 94f7c9705879500b1dc8dda8592490efce05688f simplified the
generation of authdata elements, but left behind some unnecessary
conditionalization when assembling the elements into a list, causing a
Coverity defect. Further simplify the code.

(cherry picked from commit d035dc269e80b58cb73fd2b644b06bc5fb53e9cb)

https://github.com/krb5/krb5/commit/f3c4932ef88f227374bee49094097174429db123
Author: Greg Hudson <ghudson@mit.edu>
Commit: f3c4932ef88f227374bee49094097174429db123
Branch: krb5-1.18
src/plugins/kdb/test/kdb_test.c | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)