From 8155745026e1f35bf905581575f18380ae4dc451 Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Wed, 21 Oct 2009 16:03:40 +0000
Subject: remove some unneeded extensions from the Novell backend authdata SPI

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22961 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/kdc/kdc_authdata.c | 30 +-----------------------------
 1 file changed, 1 insertion(+), 29 deletions(-)

(limited to 'src/kdc/kdc_authdata.c')

diff --git a/src/kdc/kdc_authdata.c b/src/kdc/kdc_authdata.c
index 1b70d7c..d598894 100644
--- a/src/kdc/kdc_authdata.c
+++ b/src/kdc/kdc_authdata.c
@@ -463,8 +463,6 @@ handle_tgt_authdata (krb5_context context,
 {
     krb5_error_code code;
     krb5_authdata **db_authdata = NULL;
-    krb5_db_entry ad_entry;
-    int ad_nprincs = 0;
     krb5_boolean tgs_req = (request->msg_type == KRB5_TGS_REQ);
     krb5_const_principal actual_client;
 
@@ -531,11 +529,8 @@ handle_tgt_authdata (krb5_context context,
 			    enc_tkt_reply->times.authtime,
 			    tgs_req ? enc_tkt_request->authorization_data : NULL,
 			    enc_tkt_reply->session,
-			    &db_authdata,
-			    &ad_entry,
-			    &ad_nprincs);
+			    &db_authdata);
     if (code == KRB5_KDB_DBTYPE_NOSUP) {
-	assert(ad_nprincs == 0);
 	assert(db_authdata == NULL);
 
 	if (isflagset(flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION))
@@ -548,29 +543,6 @@ handle_tgt_authdata (krb5_context context,
 	    return 0;
     }
 
-    if (ad_nprincs != 0) {
-	/*
-	 * This code was submitted by Novell; however there is no
-	 * mention in [MS-SFU] of needing to examine the authorization
-	 * data to clear the forwardable flag. My understanding is that
-	 * the state of the forwardable flag is propagated through the
-	 * cross-realm TGTs.
-	 */
-#if 0
-	if (isflagset(flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION) &&
-	    isflagset(ad_entry.attributes, KRB5_KDB_DISALLOW_FORWARDABLE))
-	    clear(enc_tkt_reply->flags, TKT_FLG_FORWARDABLE);
-#endif
-
-	krb5_db_free_principal(context, &ad_entry, ad_nprincs);
-
-	if (ad_nprincs != 1) {
-	    if (db_authdata != NULL)
-		krb5_free_authdata(context, db_authdata);
-	    return KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE;
-	}
-    }
-
     if (db_authdata != NULL) {
 	code = merge_authdata(context, db_authdata,
 			      &enc_tkt_reply->authorization_data,
-- 
cgit v1.1