|
 |
d738b9 |
From fd44fa60948a58634a3757be7c5c52fc671e48c7 Mon Sep 17 00:00:00 2001
|
|
|
d738b9 |
From: Greg Hudson <ghudson@mit.edu>
|
|
|
d738b9 |
Date: Mon, 16 Jan 2017 13:42:18 -0500
|
|
|
d738b9 |
Subject: [PATCH] Remove sent_nontrivial_preauth field
|
|
|
d738b9 |
|
|
|
d738b9 |
In krb5_init_creds_context, the selected_preauth_type field subsumes
|
|
|
d738b9 |
the need for sent_nontrivial_preauth. Use it instead.
|
|
|
d738b9 |
|
|
|
d738b9 |
(cherry picked from commit 5fef7aa7e43e45d227f2d53c661a23c932caafca)
|
|
|
d738b9 |
---
|
|
|
d738b9 |
src/lib/krb5/krb/get_in_tkt.c | 5 +----
|
|
|
d738b9 |
src/lib/krb5/krb/init_creds_ctx.h | 1 -
|
|
|
d738b9 |
2 files changed, 1 insertion(+), 5 deletions(-)
|
|
|
d738b9 |
|
|
|
d738b9 |
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
|
|
|
d738b9 |
index 988fca233..48dc00ea6 100644
|
|
|
d738b9 |
--- a/src/lib/krb5/krb/get_in_tkt.c
|
|
|
d738b9 |
+++ b/src/lib/krb5/krb/get_in_tkt.c
|
|
|
d738b9 |
@@ -1359,8 +1359,6 @@ init_creds_step_request(krb5_context context,
|
|
|
d738b9 |
krb5_free_data(context, ctx->encoded_previous_request);
|
|
|
d738b9 |
ctx->encoded_previous_request = NULL;
|
|
|
d738b9 |
}
|
|
|
d738b9 |
- if (ctx->request->padata)
|
|
|
d738b9 |
- ctx->sent_nontrivial_preauth = TRUE;
|
|
|
d738b9 |
if (ctx->enc_pa_rep_permitted) {
|
|
|
d738b9 |
code = add_padata(&ctx->request->padata, KRB5_ENCPADATA_REQ_ENC_PA_REP,
|
|
|
d738b9 |
NULL, 0);
|
|
|
d738b9 |
@@ -1485,7 +1483,7 @@ init_creds_step_reply(krb5_context context,
|
|
|
d738b9 |
ctx->restarted = TRUE;
|
|
|
d738b9 |
code = restart_init_creds_loop(context, ctx, TRUE);
|
|
|
d738b9 |
} else if (!ctx->restarted && reply_code == KDC_ERR_PREAUTH_FAILED &&
|
|
|
d738b9 |
- !ctx->sent_nontrivial_preauth) {
|
|
|
d738b9 |
+ ctx->selected_preauth_type == KRB5_PADATA_NONE) {
|
|
|
d738b9 |
/* The KDC didn't like our informational padata (probably a pre-1.7
|
|
|
d738b9 |
* MIT krb5 KDC). Retry without it. */
|
|
|
d738b9 |
ctx->enc_pa_rep_permitted = FALSE;
|
|
|
d738b9 |
@@ -1525,7 +1523,6 @@ init_creds_step_reply(krb5_context context,
|
|
|
d738b9 |
goto cleanup;
|
|
|
d738b9 |
/* Reset per-realm negotiation state. */
|
|
|
d738b9 |
ctx->restarted = FALSE;
|
|
|
d738b9 |
- ctx->sent_nontrivial_preauth = FALSE;
|
|
|
d738b9 |
ctx->enc_pa_rep_permitted = TRUE;
|
|
|
d738b9 |
code = restart_init_creds_loop(context, ctx, FALSE);
|
|
|
d738b9 |
} else {
|
|
|
d738b9 |
diff --git a/src/lib/krb5/krb/init_creds_ctx.h b/src/lib/krb5/krb/init_creds_ctx.h
|
|
|
d738b9 |
index a7cded942..8c8b7494b 100644
|
|
|
d738b9 |
--- a/src/lib/krb5/krb/init_creds_ctx.h
|
|
|
d738b9 |
+++ b/src/lib/krb5/krb/init_creds_ctx.h
|
|
|
d738b9 |
@@ -58,7 +58,6 @@ struct _krb5_init_creds_context {
|
|
|
d738b9 |
krb5_enctype etype;
|
|
|
d738b9 |
krb5_boolean enc_pa_rep_permitted;
|
|
|
d738b9 |
krb5_boolean restarted;
|
|
|
d738b9 |
- krb5_boolean sent_nontrivial_preauth;
|
|
|
d738b9 |
krb5_boolean preauth_required;
|
|
|
d738b9 |
struct krb5_responder_context_st rctx;
|
|
|
d738b9 |
krb5_preauthtype selected_preauth_type;
|