From ffd48f9077b245d9d8f245f76775c508937a8f0d Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Tue, 20 Apr 2010 07:38:12 +0000 Subject: [PATCH] Add KRB5_INIT_CREDS_STEP_FLAG_CONTINUE for parity with Heimdal. Rename KRB5_TKT_CREDS_CONTINUE to KRB5_TKT_CREDS_STEP_FLAG_CONTINUE for consistency. Adjust init_creds context to be less confusing in light of the above. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23906 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/krb5/krb5.hin | 10 ++++++---- src/lib/krb5/krb/get_creds.c | 4 ++-- src/lib/krb5/krb/get_in_tkt.c | 17 ++++++++--------- src/lib/krb5/krb/init_creds_ctx.h | 4 +--- 4 files changed, 17 insertions(+), 18 deletions(-) diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index 945d424d2..98ffb70b8 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -2370,6 +2370,8 @@ krb5_get_init_creds_password(krb5_context context, krb5_creds *creds, struct _krb5_init_creds_context; typedef struct _krb5_init_creds_context *krb5_init_creds_context; +#define KRB5_INIT_CREDS_STEP_FLAG_CONTINUE 0x1 /* More responses needed */ + void KRB5_CALLCONV krb5_init_creds_free(krb5_context context, krb5_init_creds_context ctx); @@ -2474,16 +2476,16 @@ krb5_tkt_creds_get_creds(krb5_context context, krb5_tkt_creds_context ctx, void KRB5_CALLCONV krb5_tkt_creds_free(krb5_context context, krb5_tkt_creds_context ctx); -#define KRB5_TKT_CREDS_CONTINUE 1 /* Another KDC response is needed. */ +#define KRB5_TKT_CREDS_STEP_FLAG_CONTINUE 0x1 /* More responses needed. */ /** * Process a response and generate the next request to acquire credentials. * * On the first call, @a in should be empty or NULL. If more responses are * needed, the @a flags output parameter will contain @a - * KRB5_TKT_CREDS_CONTINUE. In this case, the caller must transport @a out to - * a KDC for @a realm and receive a response, which should be provided as @a - * in to the next call. + * KRB5_TKT_CREDS_STEP_FLAG_CONTINUE. In that case, the caller must transport + * @a out to a KDC for @a realm and receive a response, which should be + * provided as @a in to the next call. * * @param[in] context A krb5 library context (see krb5_init_context()) * @param[in] ctx A TGS acquisition context (see krb5_tkt_creds_init()) diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c index e9356f18b..e28391790 100644 --- a/src/lib/krb5/krb/get_creds.c +++ b/src/lib/krb5/krb/get_creds.c @@ -221,7 +221,7 @@ set_caller_request(krb5_context context, krb5_tkt_creds_context ctx) *ctx->caller_out = out_copy; *ctx->caller_realm = realm_copy; - *ctx->caller_flags = KRB5_TKT_CREDS_CONTINUE; + *ctx->caller_flags = KRB5_TKT_CREDS_STEP_FLAG_CONTINUE; return 0; cleanup: @@ -1140,7 +1140,7 @@ krb5_tkt_creds_get(krb5_context context, krb5_tkt_creds_context ctx) &flags); if (code == KRB5KRB_ERR_RESPONSE_TOO_BIG && !tcp_only) tcp_only = 1; - else if (code != 0 || !(flags & KRB5_TKT_CREDS_CONTINUE)) + else if (code != 0 || !(flags & KRB5_TKT_CREDS_STEP_FLAG_CONTINUE)) break; krb5_free_data_contents(context, &reply); diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index b1b837d06..2b98e45d0 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -1083,7 +1083,7 @@ init_creds_get(krb5_context context, &flags); if (code == KRB5KRB_ERR_RESPONSE_TOO_BIG && !tcp_only) tcp_only = 1; - else if (code != 0 || (flags & 1) == 0) + else if (code != 0 || !(flags & KRB5_INIT_CREDS_STEP_FLAG_CONTINUE)) break; krb5_free_data_contents(context, &reply); @@ -1119,7 +1119,7 @@ krb5_init_creds_get_creds(krb5_context context, krb5_init_creds_context ctx, krb5_creds *creds) { - if ((ctx->flags & KRB5_INIT_CREDS_STEP_FLAG_COMPLETE) == 0) + if (!ctx->complete) return KRB5_NO_TKT_SUPPLIED; return krb5int_copy_creds_contents(context, &ctx->cred, creds); @@ -1130,7 +1130,7 @@ krb5_init_creds_get_times(krb5_context context, krb5_init_creds_context ctx, krb5_ticket_times *times) { - if ((ctx->flags & KRB5_INIT_CREDS_STEP_FLAG_COMPLETE) == 0) + if (!ctx->complete) return KRB5_NO_TKT_SUPPLIED; *times = ctx->cred.times; @@ -1979,7 +1979,7 @@ init_creds_step_reply(krb5_context context, /* success */ code = 0; - ctx->flags |= KRB5_INIT_CREDS_STEP_FLAG_COMPLETE; + ctx->complete = TRUE; cleanup: krb5_free_pa_data(context, padata); @@ -2014,8 +2014,8 @@ krb5_init_creds_step(krb5_context context, realm->data = NULL; realm->length = 0; - if (ctx->flags & KRB5_INIT_CREDS_STEP_FLAG_COMPLETE) - goto cleanup; + if (ctx->complete) + return EINVAL; if (in->length != 0) { code = init_creds_step_reply(context, ctx, in); @@ -2029,7 +2029,7 @@ krb5_init_creds_step(krb5_context context, } goto copy_realm; } - if (code != 0 || (ctx->flags & KRB5_INIT_CREDS_STEP_FLAG_COMPLETE)) + if (code != 0 || ctx->complete) goto cleanup; } @@ -2065,8 +2065,7 @@ cleanup: } } - *flags = (ctx->flags & KRB5_INIT_CREDS_STEP_FLAG_COMPLETE) ? 0 : 1; - + *flags = ctx->complete ? 0 : KRB5_INIT_CREDS_STEP_FLAG_CONTINUE; return code; } diff --git a/src/lib/krb5/krb/init_creds_ctx.h b/src/lib/krb5/krb/init_creds_ctx.h index 1d41a44f4..6a762982c 100644 --- a/src/lib/krb5/krb/init_creds_ctx.h +++ b/src/lib/krb5/krb/init_creds_ctx.h @@ -14,7 +14,7 @@ struct _krb5_init_creds_context { krb5_deltat start_time; krb5_deltat tkt_life; krb5_deltat renew_life; - unsigned int flags; + krb5_boolean complete; unsigned int loopcount; krb5_data password; krb5_error *err_reply; @@ -35,8 +35,6 @@ struct _krb5_init_creds_context { krb5_boolean sent_nontrivial_preauth; }; -#define KRB5_INIT_CREDS_STEP_FLAG_COMPLETE 0x1 - krb5_error_code krb5_get_as_key_password(krb5_context context, krb5_principal client, -- 2.26.2