From da7e5ac4cfb7fba11c849197a5bf1fa6e0cda37d Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Fri, 11 Nov 2011 17:01:12 +0000
Subject: Avoid looping when preauth can't be generated

If we receive a PREAUTH_REQUIRED error and fail to generate any real
preauthentication, error out immediately instead of continuing to
generate non-preauthenticated requests until we hit the loop count.

There is a lot of room to generate a more meaningful error about why
we failed to generate preauth (although in many cases the answer may
be too complicated to explain in an error message), but that requires
more radical restructuring of the preauth framework.

ticket: 6430
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25469 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/include/k5-int.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/include')

diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index fec4a7f80..b82fe5b6f 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -1098,7 +1098,7 @@ krb5_do_preauth(krb5_context context, krb5_kdc_req *request,
                 krb5_data *encoded_previous_request, krb5_pa_data **in_padata,
                 krb5_pa_data ***out_padata, krb5_prompter_fct prompter,
                 void *prompter_data, krb5_clpreauth_rock preauth_rock,
-                krb5_gic_opt_ext *opte);
+                krb5_gic_opt_ext *opte, krb5_boolean *got_real_out);
 
 krb5_error_code KRB5_CALLCONV
 krb5_do_preauth_tryagain(krb5_context context, krb5_kdc_req *request,
-- 
cgit