Fix handling of RET_SEQUENCE flag in mk_priv/mk_ncred
authorGreg Hudson <ghudson@mit.edu>
Tue, 28 Apr 2009 18:00:13 +0000 (18:00 +0000)
committerGreg Hudson <ghudson@mit.edu>
Tue, 28 Apr 2009 18:00:13 +0000 (18:00 +0000)
Regularize the handling of KRB5_AUTH_CONTEXT_RET_SEQUENCE in
krb5_mk_safe, krb5_mk_priv, and krb5_mk_ncred, using krb5_mk_safe as
a baseline.  RET_SEQUENCE now implies DO_SEQUENCE for all three
functions, the sequence number is always incremented if it is used,
and outdata->seq is always set if RET_SEQUENCE is passed.

Note that in the corresponding rd_ functions, RET_SEQUENCE and
DO_SEQUENCE are independent flags, which is not consistent with the
above.  This compromise is intended to preserve compatibility with
any working code which might exist using the RET_SEQUENCE flag.

ticket: 6478

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22288 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/krb/mk_cred.c
src/lib/krb5/krb/mk_priv.c
src/lib/krb5/krb/mk_safe.c

index 396334e9e937808f4016c25114294217d58c8623..f17a1485830a1bf8ec2d9347554661d9d9e87553 100644 (file)
@@ -215,13 +215,10 @@ krb5_mk_ncred(krb5_context context, krb5_auth_context auth_context,
     }
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) ||
         (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
-        replaydata.seq = auth_context->local_seq_number;
-        if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
-            auth_context->local_seq_number++;
-           increased_sequence = TRUE;
-        } else {
+        replaydata.seq = auth_context->local_seq_number++;
+       increased_sequence = TRUE;
+        if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)
             outdata->seq = replaydata.seq;
-        }
     }
 
     if (auth_context->local_addr) {
index 5c8774b1253fa8fda44ca954327bb2e0f76dfdde..30ffec3e191f9ee9b3557fd6896ccbbbd72dd0bc 100644 (file)
@@ -151,12 +151,9 @@ krb5_mk_priv(krb5_context context, krb5_auth_context auth_context,
     }
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) ||
        (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
-       replaydata.seq = auth_context->local_seq_number;
-       if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
-           auth_context->local_seq_number++;
-       } else {
+       replaydata.seq = auth_context->local_seq_number++;
+       if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)
            outdata->seq = replaydata.seq;
-       }
     }
 
 {
index 689eef2037713715d7c8500304b547eb292b596d..23358b957f821304169a27ee7dcf0a2dfb3b437a 100644 (file)
@@ -152,9 +152,8 @@ krb5_mk_safe(krb5_context context, krb5_auth_context auth_context,
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) ||
        (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
        replaydata.seq = auth_context->local_seq_number++;
-       if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE) {
+       if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)
            outdata->seq = replaydata.seq;
-       }
     } 
 
 {