From 07d50571247facc95204f2b2b8967dc09a18215b Mon Sep 17 00:00:00 2001
From: Sam Hartman <hartmans@mit.edu>
Date: Thu, 26 Mar 2009 05:36:31 +0000
Subject: [PATCH] Add kdc_state field to krb5_kdc_req

Add a kdc_state field to track internal state in handling a request.
The current usage is to pass FAST information to pre-authentication
plugins.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/fast@22122 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/include/krb5/krb5.hin        | 7 +++++++
 src/lib/krb5/asn.1/krb5_decode.c | 2 ++
 src/lib/krb5/krb/kfree.c         | 2 ++
 3 files changed, 11 insertions(+)

diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
index 69fb038ce1..05eb82a788 100644
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -1142,6 +1142,13 @@ typedef struct _krb5_kdc_req {
     krb5_authdata **unenc_authdata; /* unencrypted auth data,
 					   if available */
     krb5_ticket **second_ticket;/* second ticket array; OPTIONAL */
+    /* the following field is added in March 2009; it is a hack so
+     * that FAST state can be carried to pre-authentication plugins.
+     * A new plugin interface may be a better long-term approach.  It
+     * is believed to be safe to extend this structure because it is
+     * not found in any public APIs.
+     */
+    void * kdc_state;
 } krb5_kdc_req;
 
 typedef struct _krb5_enc_kdc_rep_part {
diff --git a/src/lib/krb5/asn.1/krb5_decode.c b/src/lib/krb5/asn.1/krb5_decode.c
index 4a6977c002..b69e40a9ea 100644
--- a/src/lib/krb5/asn.1/krb5_decode.c
+++ b/src/lib/krb5/asn.1/krb5_decode.c
@@ -520,6 +520,7 @@ decode_krb5_as_req(const krb5_data *code, krb5_kdc_req **repptr)
     clear_field(rep,authorization_data.ciphertext.data);
     clear_field(rep,unenc_authdata);
     clear_field(rep,second_ticket);
+    clear_field(rep, kdc_state);
 
     check_apptag(10);
     retval = asn1_decode_kdc_req(&buf,rep);
@@ -547,6 +548,7 @@ decode_krb5_tgs_req(const krb5_data *code, krb5_kdc_req **repptr)
     clear_field(rep,authorization_data.ciphertext.data);
     clear_field(rep,unenc_authdata);
     clear_field(rep,second_ticket);
+    clear_field(rep, kdc_state);
 
     check_apptag(12);
     retval = asn1_decode_kdc_req(&buf,rep);
diff --git a/src/lib/krb5/krb/kfree.c b/src/lib/krb5/krb/kfree.c
index e0e71746d6..c15e8bdab8 100644
--- a/src/lib/krb5/krb/kfree.c
+++ b/src/lib/krb5/krb/kfree.c
@@ -54,6 +54,7 @@
  */
 
 #include "k5-int.h"
+#include <assert.h>
 
 void KRB5_CALLCONV
 krb5_free_address(krb5_context context, krb5_address *val)
@@ -344,6 +345,7 @@ krb5_free_kdc_req(krb5_context context, krb5_kdc_req *val)
 {
     if (val == NULL)
 	return;
+    assert( val->kdc_state == NULL);
     krb5_free_pa_data(context, val->padata);
     krb5_free_principal(context, val->client);
     krb5_free_principal(context, val->server);
-- 
2.47.2