svn rev #22288: trunk/src/lib/krb5/krb/
ghudson@MIT.EDU
ghudson at MIT.EDU
Tue Apr 28 14:00:13 EDT 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=22288
Commit By: ghudson
Log Message:
ticket: 6478
subject: Fix handling of RET_SEQUENCE flag in mk_priv/mk_ncred
Regularize the handling of KRB5_AUTH_CONTEXT_RET_SEQUENCE in
krb5_mk_safe, krb5_mk_priv, and krb5_mk_ncred, using krb5_mk_safe as
a baseline. RET_SEQUENCE now implies DO_SEQUENCE for all three
functions, the sequence number is always incremented if it is used,
and outdata->seq is always set if RET_SEQUENCE is passed.
Note that in the corresponding rd_ functions, RET_SEQUENCE and
DO_SEQUENCE are independent flags, which is not consistent with the
above. This compromise is intended to preserve compatibility with
any working code which might exist using the RET_SEQUENCE flag.
Changed Files:
U trunk/src/lib/krb5/krb/mk_cred.c
U trunk/src/lib/krb5/krb/mk_priv.c
U trunk/src/lib/krb5/krb/mk_safe.c
Modified: trunk/src/lib/krb5/krb/mk_cred.c
===================================================================
--- trunk/src/lib/krb5/krb/mk_cred.c 2009-04-28 17:54:13 UTC (rev 22287)
+++ trunk/src/lib/krb5/krb/mk_cred.c 2009-04-28 18:00:13 UTC (rev 22288)
@@ -215,13 +215,10 @@
}
if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) ||
(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
- replaydata.seq = auth_context->local_seq_number;
- if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
- auth_context->local_seq_number++;
- increased_sequence = TRUE;
- } else {
+ replaydata.seq = auth_context->local_seq_number++;
+ increased_sequence = TRUE;
+ if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)
outdata->seq = replaydata.seq;
- }
}
if (auth_context->local_addr) {
Modified: trunk/src/lib/krb5/krb/mk_priv.c
===================================================================
--- trunk/src/lib/krb5/krb/mk_priv.c 2009-04-28 17:54:13 UTC (rev 22287)
+++ trunk/src/lib/krb5/krb/mk_priv.c 2009-04-28 18:00:13 UTC (rev 22288)
@@ -151,12 +151,9 @@
}
if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) ||
(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
- replaydata.seq = auth_context->local_seq_number;
- if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
- auth_context->local_seq_number++;
- } else {
+ replaydata.seq = auth_context->local_seq_number++;
+ if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)
outdata->seq = replaydata.seq;
- }
}
{
Modified: trunk/src/lib/krb5/krb/mk_safe.c
===================================================================
--- trunk/src/lib/krb5/krb/mk_safe.c 2009-04-28 17:54:13 UTC (rev 22287)
+++ trunk/src/lib/krb5/krb/mk_safe.c 2009-04-28 18:00:13 UTC (rev 22288)
@@ -152,9 +152,8 @@
if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) ||
(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
replaydata.seq = auth_context->local_seq_number++;
- if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE) {
+ if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)
outdata->seq = replaydata.seq;
- }
}
{
More information about the cvs-krb5
mailing list