From: Greg Hudson <ghudson@mit.edu>
Date: Wed, 24 Oct 2012 01:25:38 +0000 (-0400)
Subject: Only record real selected preauth type
X-Git-Tag: krb5-1.12-alpha1~505
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e9d6e7ef606cf5ea70e2cc2f35dd91861ab00092;p=thirdparty%2Fkrb5.git

Only record real selected preauth type

Move where we record the selected preauth type so that we never record
an informational preauth type, only a real one.

ticket: 7422 (new)
target_version: 1.11
tags: pullup
---

diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c
index b900ce42c0..23f00f3ad5 100644
--- a/src/lib/krb5/krb/preauth2.c
+++ b/src/lib/krb5/krb/preauth2.c
@@ -618,9 +618,6 @@ run_preauth_plugins(krb5_context kcontext,
             if (ret != 0)
                 return ret;
         }
-        /* Record which pa_type we answered a call for. */
-        if (preauth_rock->selected_preauth_type != NULL)
-            *preauth_rock->selected_preauth_type = in_padata->pa_type;
         break;
     }
     if (i >= kcontext->preauth_context->n_modules) {
@@ -1027,6 +1024,9 @@ krb5_do_preauth(krb5_context context, krb5_kdc_req *request,
                                       &out_pa_list, &out_pa_list_size,
                                       &module_ret, opte);
             if (ret == 0 && module_ret == 0 && paorder[h] == PA_REAL) {
+                /* Record which real padata type we answered. */
+                if (rock->selected_preauth_type != NULL)
+                    *rock->selected_preauth_type = in_padata[i]->pa_type;
                 *got_real_out = TRUE;
                 break;
             }