diff options
author | Luke Howard <lukeh@padl.com> | 2009-10-21 16:03:40 +0000 |
---|---|---|
committer | Luke Howard <lukeh@padl.com> | 2009-10-21 16:03:40 +0000 |
commit | 8155745026e1f35bf905581575f18380ae4dc451 (patch) | |
tree | 0c304ad54ff4353cddcd301d9b633b0056d76098 /src/kdc/kdc_authdata.c | |
parent | c14b87cbad5b225c5028fc6e2b73af0247cdca65 (diff) | |
download | krb5-8155745026e1f35bf905581575f18380ae4dc451.zip krb5-8155745026e1f35bf905581575f18380ae4dc451.tar.gz krb5-8155745026e1f35bf905581575f18380ae4dc451.tar.bz2 |
remove some unneeded extensions from the Novell backend authdata SPI
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22961 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc/kdc_authdata.c')
-rw-r--r-- | src/kdc/kdc_authdata.c | 30 |
1 files changed, 1 insertions, 29 deletions
diff --git a/src/kdc/kdc_authdata.c b/src/kdc/kdc_authdata.c index 1b70d7c..d598894 100644 --- a/src/kdc/kdc_authdata.c +++ b/src/kdc/kdc_authdata.c @@ -463,8 +463,6 @@ handle_tgt_authdata (krb5_context context, { krb5_error_code code; krb5_authdata **db_authdata = NULL; - krb5_db_entry ad_entry; - int ad_nprincs = 0; krb5_boolean tgs_req = (request->msg_type == KRB5_TGS_REQ); krb5_const_principal actual_client; @@ -531,11 +529,8 @@ handle_tgt_authdata (krb5_context context, enc_tkt_reply->times.authtime, tgs_req ? enc_tkt_request->authorization_data : NULL, enc_tkt_reply->session, - &db_authdata, - &ad_entry, - &ad_nprincs); + &db_authdata); if (code == KRB5_KDB_DBTYPE_NOSUP) { - assert(ad_nprincs == 0); assert(db_authdata == NULL); if (isflagset(flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION)) @@ -548,29 +543,6 @@ handle_tgt_authdata (krb5_context context, return 0; } - if (ad_nprincs != 0) { - /* - * This code was submitted by Novell; however there is no - * mention in [MS-SFU] of needing to examine the authorization - * data to clear the forwardable flag. My understanding is that - * the state of the forwardable flag is propagated through the - * cross-realm TGTs. - */ -#if 0 - if (isflagset(flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION) && - isflagset(ad_entry.attributes, KRB5_KDB_DISALLOW_FORWARDABLE)) - clear(enc_tkt_reply->flags, TKT_FLG_FORWARDABLE); -#endif - - krb5_db_free_principal(context, &ad_entry, ad_nprincs); - - if (ad_nprincs != 1) { - if (db_authdata != NULL) - krb5_free_authdata(context, db_authdata); - return KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE; - } - } - if (db_authdata != NULL) { code = merge_authdata(context, db_authdata, &enc_tkt_reply->authorization_data, |