svn rev #22961: trunk/src/ include/ kdc/

lhoward@MIT.EDU lhoward at MIT.EDU
Wed Oct 21 12:03:40 EDT 2009 

http://src.mit.edu/fisheye/changelog/krb5/?cs=22961
Commit By: lhoward
Log Message:
remove some unneeded extensions from the Novell backend authdata SPI


Changed Files:
U   trunk/src/include/kdb_ext.h
U   trunk/src/kdc/kdc_authdata.c
U   trunk/src/kdc/kdc_util.c
U   trunk/src/kdc/kdc_util.h
Modified: trunk/src/include/kdb_ext.h
===================================================================
--- trunk/src/include/kdb_ext.h	2009-10-21 16:00:08 UTC (rev 22960)
+++ trunk/src/include/kdb_ext.h	2009-10-21 16:03:40 UTC (rev 22961)
@@ -103,8 +103,6 @@
 typedef struct _kdb_sign_auth_data_rep {
     krb5_magic magic;
     krb5_authdata **auth_data;		/* Signed authorization data */
-    krb5_db_entry *entry;		/* Optional client principal extracted from auth data */
-    int nprincs;			/* Non-zero if above contains principal data */
 } kdb_sign_auth_data_rep;
 
 typedef struct _kdb_check_transited_realms_req {

Modified: trunk/src/kdc/kdc_authdata.c
===================================================================
--- trunk/src/kdc/kdc_authdata.c	2009-10-21 16:00:08 UTC (rev 22960)
+++ trunk/src/kdc/kdc_authdata.c	2009-10-21 16:03:40 UTC (rev 22961)
@@ -463,8 +463,6 @@
 {
     krb5_error_code code;
     krb5_authdata **db_authdata = NULL;
-    krb5_db_entry ad_entry;
-    int ad_nprincs = 0;
     krb5_boolean tgs_req = (request->msg_type == KRB5_TGS_REQ);
     krb5_const_principal actual_client;
 
@@ -531,11 +529,8 @@
 			    enc_tkt_reply->times.authtime,
 			    tgs_req ? enc_tkt_request->authorization_data : NULL,
 			    enc_tkt_reply->session,
-			    &db_authdata,
-			    &ad_entry,
-			    &ad_nprincs);
+			    &db_authdata);
     if (code == KRB5_KDB_DBTYPE_NOSUP) {
-	assert(ad_nprincs == 0);
 	assert(db_authdata == NULL);
 
 	if (isflagset(flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION))
@@ -548,29 +543,6 @@
 	    return 0;
     }
 
-    if (ad_nprincs != 0) {
-	/*
-	 * This code was submitted by Novell; however there is no
-	 * mention in [MS-SFU] of needing to examine the authorization
-	 * data to clear the forwardable flag. My understanding is that
-	 * the state of the forwardable flag is propagated through the
-	 * cross-realm TGTs.
-	 */
-#if 0
-	if (isflagset(flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION) &&
-	    isflagset(ad_entry.attributes, KRB5_KDB_DISALLOW_FORWARDABLE))
-	    clear(enc_tkt_reply->flags, TKT_FLG_FORWARDABLE);
-#endif
-
-	krb5_db_free_principal(context, &ad_entry, ad_nprincs);
-
-	if (ad_nprincs != 1) {
-	    if (db_authdata != NULL)
-		krb5_free_authdata(context, db_authdata);
-	    return KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE;
-	}
-    }
-
     if (db_authdata != NULL) {
 	code = merge_authdata(context, db_authdata,
 			      &enc_tkt_reply->authorization_data,

Modified: trunk/src/kdc/kdc_util.c
===================================================================
--- trunk/src/kdc/kdc_util.c	2009-10-21 16:00:08 UTC (rev 22960)
+++ trunk/src/kdc/kdc_util.c	2009-10-21 16:03:40 UTC (rev 22961)
@@ -1740,9 +1740,7 @@
 		  krb5_timestamp authtime,
 		  krb5_authdata **tgs_authdata,
 		  krb5_keyblock *session_key,
-		  krb5_authdata ***ret_authdata,
-		  krb5_db_entry *ad_entry,
-		  int *ad_nprincs)
+		  krb5_authdata ***ret_authdata)
 {
     krb5_error_code code;
     kdb_sign_auth_data_req req;
@@ -1751,8 +1749,6 @@
     krb5_data rep_data;
 
     *ret_authdata = NULL;
-    memset(ad_entry, 0, sizeof(*ad_entry));
-    *ad_nprincs = 0;
 
     memset(&req, 0, sizeof(req));
     memset(&rep, 0, sizeof(rep));
@@ -1768,9 +1764,6 @@
     req.auth_data		= tgs_authdata;
     req.session_key		= session_key;
 
-    rep.entry			= ad_entry;
-    rep.nprincs			= 0;
-
     req_data.data = (void *)&req;
     req_data.length = sizeof(req);
 
@@ -1783,7 +1776,6 @@
 			  &rep_data);
 
     *ret_authdata = rep.auth_data;
-    *ad_nprincs = rep.nprincs;
  
     return code;
 }

Modified: trunk/src/kdc/kdc_util.h
===================================================================
--- trunk/src/kdc/kdc_util.h	2009-10-21 16:00:08 UTC (rev 22960)
+++ trunk/src/kdc/kdc_util.h	2009-10-21 16:03:40 UTC (rev 22961)
@@ -239,9 +239,7 @@
 		krb5_timestamp authtime,
 		krb5_authdata **tgs_authdata,
 		krb5_keyblock *session_key,
-		krb5_authdata ***ret_authdata,
-		krb5_db_entry *ad_entry,
-		int *ad_nprincs);
+		krb5_authdata ***ret_authdata);
 
 krb5_error_code kdc_process_s4u2self_req
 	(krb5_context context,

More information about the cvs-krb5 mailing list