Comment 2 for bug 1500945
Revision history for this message
| Sam Hartman (hartmans) wrote Re: [Bug 1500945] Re: Issuer of issuer, user of user@issuer fails | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
I doubt that the import_name call is expected to always succeed, it's
probably just that if that fails it falls back to .gss_eap_id.
That fallback could be changed; take a look at acquire_cred.c and
util_moonshot.c in the mech_eap code.
For debugging this, mech_eap has gained a trace facility that could
potentially be used by libmoonshot.
To avoid introducing a dependency, you'd probably want to add a
function pointer for a trace callback to libmoonshot, and pass in a
trace function when mech_eap initializes libmoonshot.
Note that / should be permitted in username.
Also, take a look at the name escaping rules in section 3.1 of RFC 7055.
An alternate argument one could make is that the bug is in libmoonshot
for not backslash escaping the @ in the issuer.
I think handling things that way would be correct but not improve
usability.
It is important though that escaped @ and / be possible to enter in a
name. That is, any legal name under 3.1 of RFC 7055 should be possible
to enter as an identity.