krb5 commit: Remove sent_nontrivial_preauth field

Greg Hudson ghudson at mit.edu
Thu Feb 2 15:38:42 EST 2017 

https://github.com/krb5/krb5/commit/5fef7aa7e43e45d227f2d53c661a23c932caafca
commit 5fef7aa7e43e45d227f2d53c661a23c932caafca
Author: Greg Hudson <ghudson at mit.edu>
Date:   Mon Jan 16 13:42:18 2017 -0500

    Remove sent_nontrivial_preauth field
    
    In krb5_init_creds_context, the selected_preauth_type field subsumes
    the need for sent_nontrivial_preauth.  Use it instead.

 src/lib/krb5/krb/get_in_tkt.c     |    5 +----
 src/lib/krb5/krb/init_creds_ctx.h |    1 -
 2 files changed, 1 insertions(+), 5 deletions(-)

diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index b3cea6b..e48ade1 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -1377,8 +1377,6 @@ init_creds_step_request(krb5_context context,
         krb5_free_data(context, ctx->encoded_previous_request);
         ctx->encoded_previous_request = NULL;
     }
-    if (ctx->request->padata)
-        ctx->sent_nontrivial_preauth = TRUE;
     if (ctx->enc_pa_rep_permitted) {
         code = add_padata(&ctx->request->padata, KRB5_ENCPADATA_REQ_ENC_PA_REP,
                           NULL, 0);
@@ -1503,7 +1501,7 @@ init_creds_step_reply(krb5_context context,
             ctx->restarted = TRUE;
             code = restart_init_creds_loop(context, ctx, TRUE);
         } else if (!ctx->restarted && reply_code == KDC_ERR_PREAUTH_FAILED &&
-                   !ctx->sent_nontrivial_preauth) {
+                   ctx->selected_preauth_type == KRB5_PADATA_NONE) {
             /* The KDC didn't like our informational padata (probably a pre-1.7
              * MIT krb5 KDC).  Retry without it. */
             ctx->enc_pa_rep_permitted = FALSE;
@@ -1543,7 +1541,6 @@ init_creds_step_reply(krb5_context context,
                 goto cleanup;
             /* Reset per-realm negotiation state. */
             ctx->restarted = FALSE;
-            ctx->sent_nontrivial_preauth = FALSE;
             ctx->enc_pa_rep_permitted = TRUE;
             code = restart_init_creds_loop(context, ctx, FALSE);
         } else {
diff --git a/src/lib/krb5/krb/init_creds_ctx.h b/src/lib/krb5/krb/init_creds_ctx.h
index a7cded9..8c8b749 100644
--- a/src/lib/krb5/krb/init_creds_ctx.h
+++ b/src/lib/krb5/krb/init_creds_ctx.h
@@ -58,7 +58,6 @@ struct _krb5_init_creds_context {
     krb5_enctype etype;
     krb5_boolean enc_pa_rep_permitted;
     krb5_boolean restarted;
-    krb5_boolean sent_nontrivial_preauth;
     krb5_boolean preauth_required;
     struct krb5_responder_context_st rctx;
     krb5_preauthtype selected_preauth_type;

More information about the cvs-krb5 mailing list