git.ipfire.org Git - thirdparty/krb5.git/commit

author	Greg Hudson <ghudson@mit.edu>
	Mon, 23 Mar 2020 23:10:03 +0000 (19:10 -0400)
committer	Greg Hudson <ghudson@mit.edu>
	Thu, 26 Mar 2020 18:32:40 +0000 (14:32 -0400)
commit	f1286842ce7b9e507a4ce0a47f44ab361a98be63
tree	83502081721b8cffaf1e563b4cb2f7833b07eee8	tree \| snapshot
parent	e5c911946ba98b2e90db6456e822788f678bdade	commit \| diff

Eliminate redundant PKINIT responder invocation

In pkinit_client_prep_questions(), only act if the input padata type
is KRB5_PADATA_PK_AS_REQ. Otherwise we will ask questions again when
the KDC issues a ticket.

Commit 7621d2f9a87214327ca3b2594e34dc7cea84596b (ticket 8242)
unintentionally changed the behavior of pkinit_load_fs_cert_and_key(),
causing pkinit_client_prep_questions() to do nothing on its first
call. Restore the original behavior of returning 0 when prompting is
deferred.

Modify the existing "FILE identity, password on key (responder)"
PKINIT test to check that the responder is only invoked once.

ticket: 8885

src/plugins/preauth/pkinit/pkinit_clnt.c		diff \| blob \| blame \| history
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c		diff \| blob \| blame \| history
src/tests/t_pkinit.py		diff \| blob \| blame \| history