diff options
| author | Sam Hartman <hartmans@mit.edu> | 2010-02-09 19:15:07 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 2010-02-09 19:15:07 +0000 |
| commit | 7a04b369aa71b0796f057cf5da57070a9c37c9c8 (patch) | |
| tree | d520235b9e9fa1bb0a16fe9fd96ded188d1d7a22 /src/kdc/kdc_util.h | |
| parent | f2dae95e426be79de906fcd2706d58333ed2e878 (diff) | |
| download | krb5-7a04b369aa71b0796f057cf5da57070a9c37c9c8.tar.gz krb5-7a04b369aa71b0796f057cf5da57070a9c37c9c8.tar.xz krb5-7a04b369aa71b0796f057cf5da57070a9c37c9c8.zip | |
enc_padata can include empty sequence
There are two issues with return_enc_padata.
1) It often will return an empty sequence of enc_padata rather than not including the field
2) FAST negotiation is double supported in the referral tgs path and not supported in the non-referral path
Rewrite the return_enc_padata logic to:
* Split out referral interactions with kdb into its own function
* Use add_pa_data_element
ticket: 6656
target_version: 1.8
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23712 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc/kdc_util.h')
| -rw-r--r-- | src/kdc/kdc_util.h | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h index 258389508..4b81376f3 100644 --- a/src/kdc/kdc_util.h +++ b/src/kdc/kdc_util.h @@ -258,7 +258,8 @@ return_enc_padata(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request, krb5_keyblock *reply_key, krb5_db_entry *server, - krb5_enc_kdc_rep_part *reply_encpart); + krb5_enc_kdc_rep_part *reply_encpart, +krb5_boolean is_referral); krb5_error_code sign_db_authdata (krb5_context context, @@ -401,7 +402,7 @@ krb5_error_code kdc_preauth_get_cookie(struct kdc_request_state *state, krb5_error_code kdc_handle_protected_negotiation( krb5_data *req_pkt, krb5_kdc_req *request, const krb5_keyblock *reply_key, - krb5_pa_data **out_enc_padata, int *idx); + krb5_pa_data ***out_enc_padata); krb5_error_code krb5int_get_domain_realm_mapping(krb5_context context, const char *host, char ***realmsp); |