Skip Menu |
 

From: ghudson@mit.edu
Subject: SVN Commit
Download (untitled) / with headers
text/plain 1.1KiB

Change the clpreauth tryagain method to accept a list of pa-data,
taken either from the FAST response or from decoding the e_data as
either pa-data or typed-data. Also change the in_padata argument to
contain just the type of the request padata rather than the whole
element, since modules generally shouldn't care about the contents of
their request padata (or they can remember it).

In krb5int_fast_process_error, no longer re-encode FAST pa-data as
typed-data for the inner error e_data, but decode traditional error
e_data for all error types, and try both pa-data and typed-data
encoding.

In PKINIT, try all elements of the new pa-data list, since it may
contain FAST elements as well as the actual PKINIT array. (Fixes an
outstanding bug in FAST PKINIT.)

https://github.com/krb5/krb5/commit/3fe47057c7535f4603825a01fb84262b7bfa4c55
Commit By: ghudson
Revision: 25483
Changed Files:
U trunk/src/include/k5-int.h
U trunk/src/include/krb5/preauth_plugin.h
U trunk/src/lib/krb5/krb/fast.c
U trunk/src/lib/krb5/krb/get_in_tkt.c
U trunk/src/lib/krb5/krb/init_creds_ctx.h
U trunk/src/lib/krb5/krb/preauth2.c
U trunk/src/plugins/preauth/pkinit/pkinit_clnt.c
From: ghudson@mit.edu
Subject: SVN Commit

Fix compile error in previous change

A last-minute code editing mistake crept into the previous commit; fix
it.

https://github.com/krb5/krb5/commit/ccefb9a6fdd6cdba33fa63ee7284b3b0e0e618cb
Commit By: ghudson
Revision: 25484
Changed Files:
U trunk/src/lib/krb5/krb/fast.c
From: tlyu@mit.edu
Subject: SVN Commit
Download (untitled) / with headers
text/plain 1.8KiB

pull up r25483 and r25484 from trunk

------------------------------------------------------------------------
r25484 | ghudson | 2011-11-22 12:48:29 -0500 (Tue, 22 Nov 2011) | 7 lines

ticket: 7023

Fix compile error in previous change

A last-minute code editing mistake crept into the previous commit; fix
it.

------------------------------------------------------------------------
r25483 | ghudson | 2011-11-21 16:14:39 -0500 (Mon, 21 Nov 2011) | 21 lines

ticket: 7023
subject: Clean up client-side preauth error data handling
target_version: 1.10
tags: pullup

Change the clpreauth tryagain method to accept a list of pa-data,
taken either from the FAST response or from decoding the e_data as
either pa-data or typed-data. Also change the in_padata argument to
contain just the type of the request padata rather than the whole
element, since modules generally shouldn't care about the contents of
their request padata (or they can remember it).

In krb5int_fast_process_error, no longer re-encode FAST pa-data as
typed-data for the inner error e_data, but decode traditional error
e_data for all error types, and try both pa-data and typed-data
encoding.

In PKINIT, try all elements of the new pa-data list, since it may
contain FAST elements as well as the actual PKINIT array. (Fixes an
outstanding bug in FAST PKINIT.)

https://github.com/krb5/krb5/commit/e147113d1c72cb3c989e43eb40696414cf2e3582
Commit By: tlyu
Revision: 25515
Changed Files:
U branches/krb5-1-10/src/include/k5-int.h
U branches/krb5-1-10/src/include/krb5/preauth_plugin.h
U branches/krb5-1-10/src/lib/krb5/krb/fast.c
U branches/krb5-1-10/src/lib/krb5/krb/get_in_tkt.c
U branches/krb5-1-10/src/lib/krb5/krb/init_creds_ctx.h
U branches/krb5-1-10/src/lib/krb5/krb/preauth2.c
U branches/krb5-1-10/src/plugins/preauth/pkinit/pkinit_clnt.c