diff options
author | Greg Hudson <ghudson@mit.edu> | 2011-10-04 20:16:07 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2011-10-04 20:16:07 +0000 |
commit | cbb4ede6d5a939f39f3325ad040406ac05c99713 (patch) | |
tree | 70eb9e23b1ac63b45b0596ec70609d742fde45d2 /src/kdc/kdc_util.c | |
parent | a046e6135690f97adfa6bb4065d7367cf6142c40 (diff) | |
download | krb5-cbb4ede6d5a939f39f3325ad040406ac05c99713.tar.gz krb5-cbb4ede6d5a939f39f3325ad040406ac05c99713.tar.xz krb5-cbb4ede6d5a939f39f3325ad040406ac05c99713.zip |
Create e_data as pa_data in KDC interfaces
All current known uses of e_data are encoded as pa-data or typed-data.
FAST requires that e_data be expressed as pa-data. Change the DAL and
kdcpreauth interfaces so that e_data is returned as a sequence of
pa-data elements. Add a preauth module flag to indicate that the
sequence should be encoded as typed-data in non-FAST errors.
ticket: 6969
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25298 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc/kdc_util.c')
-rw-r--r-- | src/kdc/kdc_util.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index e18fb2c860..e03cb27cb0 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -865,7 +865,7 @@ check_anon(krb5_context context, krb5_principal client, krb5_principal server) int validate_as_request(register krb5_kdc_req *request, krb5_db_entry client, krb5_db_entry server, krb5_timestamp kdc_time, - const char **status, krb5_data *e_data) + const char **status, krb5_pa_data ***e_data) { int errcode; krb5_error_code ret; @@ -1168,7 +1168,7 @@ fetch_asn1_field(unsigned char *astream, unsigned int level, int validate_tgs_request(register krb5_kdc_req *request, krb5_db_entry server, krb5_ticket *ticket, krb5_timestamp kdc_time, - const char **status, krb5_data *e_data) + const char **status, krb5_pa_data ***e_data) { int errcode; int st_idx = 0; @@ -2083,9 +2083,8 @@ kdc_process_s4u2self_req(krb5_context context, */ if (is_local_principal((*s4u_x509_user)->user_id.user)) { krb5_db_entry no_server; - krb5_data e_data; + krb5_pa_data **e_data = NULL; - e_data.data = NULL; code = krb5_db_get_principal(context, (*s4u_x509_user)->user_id.user, KRB5_KDB_FLAG_INCLUDE_PAC, &princ); if (code == KRB5_KDB_NOENTRY) { @@ -2102,7 +2101,7 @@ kdc_process_s4u2self_req(krb5_context context, no_server, kdc_time, status, &e_data); if (code) { krb5_db_free_principal(context, princ); - krb5_free_data_contents(context, &e_data); + krb5_free_pa_data(context, e_data); return code; } |