Skip Menu |
 

From: ghudson@mit.edu
Subject: git commit

Use KCM_OP_RETRIEVE in KCM client

In kcm_retrieve(), try KCM_OP_RETRIEVE. Fall back to iteration if the
server doesn't implement it, or if we can an answer incompatible with
KRB5_TC_SUPPORTED_KTYPES.

In kcmserver.py, implement partial decoding for creds and cred tags so
that we can do a basic principal name match.

https://github.com/krb5/krb5/commit/795ebba8c039be172ab93cd41105c73ffdba0fdb
Author: Greg Hudson <ghudson@mit.edu>
Commit: 795ebba8c039be172ab93cd41105c73ffdba0fdb
Branch: master
src/include/kcm.h | 2 +-
src/lib/krb5/ccache/cc_kcm.c | 52 +++++++++++++++++++++++++++++++++++++++--
src/tests/kcmserver.py | 44 +++++++++++++++++++++++++++++++++--
src/tests/t_ccache.py | 11 ++++++--
4 files changed, 99 insertions(+), 10 deletions(-)
Subject: git commit
From: ghudson@mit.edu

Fix KCM retrieval support for sssd

Commit 795ebba8c039be172ab93cd41105c73ffdba0fdb added a retrieval
handler using KCM_OP_RETRIEVE, falling back on the same error codes as
the previous KCM_OP_GET_CRED_LIST support. But sssd (as of 2.4)
returns KRB5_CC_NOSUPP instead of KRB5_CC_IO if it recognizes an
opcode but does not implement it. Add a helper function to recognize
all known unsupported-opcode error codes, and use it in kcm_retrieve()
and kcm_start_seq_get().

https://github.com/krb5/krb5/commit/da103e36e13f3c846bcddbe38dd518a21e5260a0
Author: Greg Hudson <ghudson@mit.edu>
Commit: da103e36e13f3c846bcddbe38dd518a21e5260a0
Branch: master
src/lib/krb5/ccache/cc_kcm.c | 18 ++++++++++++++++--
1 files changed, 16 insertions(+), 2 deletions(-)