[krbdev.mit.edu #7023] SVN Commit
Tom Yu via RT
rt-comment at krbdev.mit.edu
Mon Dec 5 18:11:58 EST 2011
pull up r25483 and r25484 from trunk
------------------------------------------------------------------------
r25484 | ghudson | 2011-11-22 12:48:29 -0500 (Tue, 22 Nov 2011) | 7 lines
ticket: 7023
Fix compile error in previous change
A last-minute code editing mistake crept into the previous commit; fix
it.
------------------------------------------------------------------------
r25483 | ghudson | 2011-11-21 16:14:39 -0500 (Mon, 21 Nov 2011) | 21 lines
ticket: 7023
subject: Clean up client-side preauth error data handling
target_version: 1.10
tags: pullup
Change the clpreauth tryagain method to accept a list of pa-data,
taken either from the FAST response or from decoding the e_data as
either pa-data or typed-data. Also change the in_padata argument to
contain just the type of the request padata rather than the whole
element, since modules generally shouldn't care about the contents of
their request padata (or they can remember it).
In krb5int_fast_process_error, no longer re-encode FAST pa-data as
typed-data for the inner error e_data, but decode traditional error
e_data for all error types, and try both pa-data and typed-data
encoding.
In PKINIT, try all elements of the new pa-data list, since it may
contain FAST elements as well as the actual PKINIT array. (Fixes an
outstanding bug in FAST PKINIT.)
http://src.mit.edu/fisheye/changelog/krb5/?cs=25515
Commit By: tlyu
Revision: 25515
Changed Files:
U branches/krb5-1-10/src/include/k5-int.h
U branches/krb5-1-10/src/include/krb5/preauth_plugin.h
U branches/krb5-1-10/src/lib/krb5/krb/fast.c
U branches/krb5-1-10/src/lib/krb5/krb/get_in_tkt.c
U branches/krb5-1-10/src/lib/krb5/krb/init_creds_ctx.h
U branches/krb5-1-10/src/lib/krb5/krb/preauth2.c
U branches/krb5-1-10/src/plugins/preauth/pkinit/pkinit_clnt.c
More information about the krb5-bugs
mailing list