From: Greg Hudson Date: Tue, 28 Apr 2009 18:00:13 +0000 (+0000) Subject: Fix handling of RET_SEQUENCE flag in mk_priv/mk_ncred X-Git-Tag: krb5-1.8-alpha1~518 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=489d85ed9a9d9bbf4d25c41bd1983145af028dd8;p=krb5.git Fix handling of RET_SEQUENCE flag in mk_priv/mk_ncred Regularize the handling of KRB5_AUTH_CONTEXT_RET_SEQUENCE in krb5_mk_safe, krb5_mk_priv, and krb5_mk_ncred, using krb5_mk_safe as a baseline. RET_SEQUENCE now implies DO_SEQUENCE for all three functions, the sequence number is always incremented if it is used, and outdata->seq is always set if RET_SEQUENCE is passed. Note that in the corresponding rd_ functions, RET_SEQUENCE and DO_SEQUENCE are independent flags, which is not consistent with the above. This compromise is intended to preserve compatibility with any working code which might exist using the RET_SEQUENCE flag. ticket: 6478 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22288 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/krb5/krb/mk_cred.c b/src/lib/krb5/krb/mk_cred.c index 396334e9e..f17a14858 100644 --- a/src/lib/krb5/krb/mk_cred.c +++ b/src/lib/krb5/krb/mk_cred.c @@ -215,13 +215,10 @@ krb5_mk_ncred(krb5_context context, krb5_auth_context auth_context, } if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) || (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) { - replaydata.seq = auth_context->local_seq_number; - if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { - auth_context->local_seq_number++; - increased_sequence = TRUE; - } else { + replaydata.seq = auth_context->local_seq_number++; + increased_sequence = TRUE; + if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE) outdata->seq = replaydata.seq; - } } if (auth_context->local_addr) { diff --git a/src/lib/krb5/krb/mk_priv.c b/src/lib/krb5/krb/mk_priv.c index 5c8774b12..30ffec3e1 100644 --- a/src/lib/krb5/krb/mk_priv.c +++ b/src/lib/krb5/krb/mk_priv.c @@ -151,12 +151,9 @@ krb5_mk_priv(krb5_context context, krb5_auth_context auth_context, } if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) || (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) { - replaydata.seq = auth_context->local_seq_number; - if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { - auth_context->local_seq_number++; - } else { + replaydata.seq = auth_context->local_seq_number++; + if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE) outdata->seq = replaydata.seq; - } } { diff --git a/src/lib/krb5/krb/mk_safe.c b/src/lib/krb5/krb/mk_safe.c index 689eef203..23358b957 100644 --- a/src/lib/krb5/krb/mk_safe.c +++ b/src/lib/krb5/krb/mk_safe.c @@ -152,9 +152,8 @@ krb5_mk_safe(krb5_context context, krb5_auth_context auth_context, if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) || (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) { replaydata.seq = auth_context->local_seq_number++; - if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE) { + if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE) outdata->seq = replaydata.seq; - } } {