Blame SOURCES/Correctly-import-service-GSS-host-based-name.patch

677019
From cbdae9a9dc2a6af5551d26b32c8d473e1e0ce773 Mon Sep 17 00:00:00 2001
10fa70
From: Greg Hudson <ghudson@mit.edu>
10fa70
Date: Mon, 30 Mar 2020 15:26:02 -0400
10fa70
Subject: [PATCH] Correctly import "service@" GSS host-based name
10fa70
10fa70
The intended way to specify only a service in a GSS host-based name is
10fa70
to omit the "@" separator.  Some applications include the separator
10fa70
but no hostname, and this happened to yield wildcard hostname behavior
10fa70
prior to commit 996353767fe8afa7f67a3b5b465e4d70e18bad7c when
10fa70
shortname qualification was added.  To restore this behavior, check in
10fa70
parse_hostbased() that at least one character is present after the "@"
10fa70
separator before copying the hostname.  Add a test case to t_gssapi.py.
10fa70
10fa70
ticket: 8892
10fa70
tags: pullup
10fa70
target_version: 1.18-next
10fa70
10fa70
(cherry picked from commit a2f047af0400ba8080dc26033fae2b17534501e2)
10fa70
(cherry picked from commit dd4364d76925ce1fe21c2ab995554d6af3a2ea12)
10fa70
---
10fa70
 src/lib/gssapi/krb5/import_name.c | 4 ++--
10fa70
 src/tests/gssapi/t_gssapi.py      | 3 +++
10fa70
 2 files changed, 5 insertions(+), 2 deletions(-)
10fa70
10fa70
diff --git a/src/lib/gssapi/krb5/import_name.c b/src/lib/gssapi/krb5/import_name.c
10fa70
index da2ab1423..21023dd76 100644
10fa70
--- a/src/lib/gssapi/krb5/import_name.c
10fa70
+++ b/src/lib/gssapi/krb5/import_name.c
10fa70
@@ -102,8 +102,8 @@ parse_hostbased(const char *str, size_t len,
10fa70
     memcpy(service, str, servicelen);
10fa70
     service[servicelen] = '\0';
10fa70
 
10fa70
-    /* If present, copy the hostname. */
10fa70
-    if (at != NULL) {
10fa70
+    /* Copy the hostname if present (at least one character after '@'). */
10fa70
+    if (len - servicelen > 1) {
10fa70
         hostlen = len - servicelen - 1;
10fa70
         host = malloc(hostlen + 1);
10fa70
         if (host == NULL) {
10fa70
diff --git a/src/tests/gssapi/t_gssapi.py b/src/tests/gssapi/t_gssapi.py
10fa70
index 54d5cf549..ecf982604 100755
10fa70
--- a/src/tests/gssapi/t_gssapi.py
10fa70
+++ b/src/tests/gssapi/t_gssapi.py
10fa70
@@ -47,6 +47,9 @@ realm.run(['./t_accname', 'p:service2/calvin', 'h:service2'],
10fa70
           expected_msg='service2/calvin')
10fa70
 realm.run(['./t_accname', 'p:service2/calvin', 'h:service1'], expected_code=1,
10fa70
           expected_msg=' found in keytab but does not match server principal')
10fa70
+# Regression test for #8892 (trailing @ in name).
10fa70
+realm.run(['./t_accname', 'p:service1/andrew', 'h:service1@'],
10fa70
+          expected_msg='service1/abraham')
10fa70
 
10fa70
 # Test with acceptor name containing service and host.  Use the
10fa70
 # client's un-canonicalized hostname as acceptor input to mirror what