git.ipfire.org Git - thirdparty/krb5.git/commit

author	Greg Hudson <ghudson@mit.edu>
	Mon, 27 Jul 2015 14:30:30 +0000 (10:30 -0400)
committer	Greg Hudson <ghudson@mit.edu>
	Wed, 12 Aug 2015 02:31:46 +0000 (22:31 -0400)
commit	9914d38658e5612db5b2847892b5ddce2b73c344
tree	8d0208a8857a2d06a2cee7bca68cd1690c9505d8	tree
parent	608a65570aa868d6e03423b5de3b8f82c0bff60b	commit \| diff

Simplify get_in_tkt.c restart handling

To simplify callers, make restart_init_creds_loop() reset the
err_reply and err_padata fields and free per-request preauth moddata.
Change its padata argument to a boolean argument for FAST upgrades,
instead of sometimes passing in ctx->err_padata (which would become
invalid partway through the function now that we're freeing it).
Split up the upgrade-to-FAST and downgrade-to-no-padata cases in
init_creds_step_reply(), and eliminate negotiation_requests_restart().

For brevity, rename the krb5_init_creds_context have_restarted field
to restarted.  Rename krb5int_upgrade_to_fast_p() to
k5_upgrade_to_fast_p() and make it a true predicate.  Change some flag
field assignments to use TRUE/FALSE instead of 1/0.  Reset
enc_pa_rep_permitted after a client realm referral, since we don't
know that the new realm's KDCs will fail on informational padata.

src/lib/krb5/krb/fast.c		diff \| blob \| blame \| history
src/lib/krb5/krb/fast.h		diff \| blob \| blame \| history
src/lib/krb5/krb/get_in_tkt.c		diff \| blob \| blame \| history
src/lib/krb5/krb/init_creds_ctx.h		diff \| blob \| blame \| history