git.ipfire.org Git - thirdparty/krb5.git/commit

author	Greg Hudson <ghudson@mit.edu>
	Tue, 9 Aug 2022 16:22:43 +0000 (12:22 -0400)
committer	Greg Hudson <ghudson@mit.edu>
	Mon, 3 Oct 2022 23:33:18 +0000 (19:33 -0400)
commit	a9705a1e0b2cf0cde3e6f8dee14c25ffc074c00a
tree	214890b43482c76732af282064484264612cfc86	tree
parent	29600cf1db888d91c42cbd6cf72652afe8c1ee66	commit \| diff

Refactor KDC TGS processing code

Split the TGS processing code into information gathering, constraint
and policy checking, and ticket-issuing steps, using a structure to
hold the gathered information. Split validate_tgs_request() into
validate_tgs_constraints() and check_tgs_policy() for better auditing.
Fold kdc_process_s4u2proxy_req() into check_tgs_policy(), except for
the get_pac_princ_with_realm() step which is now performed in
gather_tgs_req_info(). Modify some other utility functions to fit the
new design.

src/kdc/do_as_req.c		diff \| blob \| blame \| history
src/kdc/do_tgs_req.c		diff \| blob \| blame \| history
src/kdc/fast_util.c		diff \| blob \| blame \| history
src/kdc/kdc_audit.c		diff \| blob \| blame \| history
src/kdc/kdc_log.c		diff \| blob \| blame \| history
src/kdc/kdc_util.c		diff \| blob \| blame \| history
src/kdc/kdc_util.h		diff \| blob \| blame \| history
src/kdc/tgs_policy.c		diff \| blob \| blame \| history