Set context flags after calling krb5_rd_req so that the replay cache is set up

Ticket: 2284
Status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16129 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index 61dff02ff9de6fe97d7a52f1a274c4b1ce056ff1..46c83bfd0e9e54d524c0866dbecd821156acdc69 100644 (file)
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,9 @@
+2004-02-26  Sam Hartman  <hartmans@avalanche-breakdown.mit.edu>
+
+       * accept_sec_context.c (krb5_gss_accept_sec_context): Don't clear
+       the DO_TIME flag until after rd_req is called so a replay cache is
+       set up  even in the no_credential case. 
+
 2004-02-23  Ken Raeburn  <raeburn@mit.edu>
 
        * wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix calculation

diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
index daff47ffb9c401d400d288d2d56ce073ad125489..9db7e7e55e03a10321a3ca75f5c4f8de0727dd71 100644 (file)
--- a/src/lib/gssapi/krb5/accept_sec_context.c
+++ b/src/lib/gssapi/krb5/accept_sec_context.c
@@ -377,8 +377,6 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
        major_status = GSS_S_FAILURE;
        goto fail;
    }
-   krb5_auth_con_setflags(context, auth_context,
-                         KRB5_AUTH_CONTEXT_DO_SEQUENCE);
    if (cred->rcache) {
        if ((code = krb5_auth_con_setrcache(context, auth_context, cred->rcache))) {
           major_status = GSS_S_FAILURE;
@@ -395,6 +393,8 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
        major_status = GSS_S_FAILURE;
        goto fail;
    }
+   krb5_auth_con_setflags(context, auth_context,
+                         KRB5_AUTH_CONTEXT_DO_SEQUENCE);
 
    krb5_auth_con_getauthenticator(context, auth_context, &authdat);