From: Greg Hudson <ghudson@mit.edu>
Date: Tue, 27 Jan 2015 03:34:49 +0000 (-0500)
Subject: Remove special case for multi-hop SAM-2
X-Git-Tag: krb5-1.14-alpha1~175
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=922f7d1230fe647821d9767fafef3774c5cfd2fc;p=thirdparty%2Fkrb5.git

Remove special case for multi-hop SAM-2

Revert f20a77e879d203cdcb1bdbf9dc8e604a5187c88f (issue #7571).  The
special case is no longer needed, as we are now resetting the tried
list for each KDC_ERR_PREAUTH_REQUIRED message.
---

diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c
index 8745cb11a3..783bb3154d 100644
--- a/src/lib/krb5/krb/preauth2.c
+++ b/src/lib/krb5/krb/preauth2.c
@@ -560,11 +560,6 @@ already_tried(krb5_context context, krb5_preauthtype pa_type)
     size_t count;
     krb5_preauthtype *newptr;
 
-    /* Allow multi-hop SAM-2 exchanges using repeated preauth-required errors
-     * for historical compatibility. */
-    if (pa_type == KRB5_PADATA_SAM_CHALLENGE_2)
-        return FALSE;
-
     for (count = 0; pctx->tried != NULL && pctx->tried[count] != 0; count++) {
         if (pctx->tried[count] == pa_type)
             return TRUE;