From 81aa6ef695838a4b2fb5a53e773ea379a492913d Mon Sep 17 00:00:00 2001
From: Julien Rische <jrische@redhat.com>
Date: Feb 12 2024 14:25:16 +0000
Subject: ipd-kdb: Fix some mistakes in ipadb_check_for_bronze_bit_attack()


Fixes: https://pagure.io/freeipa/issue/9521
Signed-off-by: Julien Rische <jrische@redhat.com>
Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>

---

diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h
index 621c235..5de5ea7 100644
--- a/daemons/ipa-kdb/ipa_kdb.h
+++ b/daemons/ipa-kdb/ipa_kdb.h
@@ -382,7 +382,8 @@ krb5_error_code ipadb_is_princ_from_trusted_realm(krb5_context kcontext,
  *   status      If the call fails and the pointer is not NULL, set it with a
  *               message describing the cause of the failure. */
 krb5_error_code
-ipadb_check_for_bronze_bit_attack(krb5_context context, krb5_kdc_req *request,
+ipadb_check_for_bronze_bit_attack(krb5_context context,
+                                  const krb5_kdc_req *request,
                                   bool *supported, bool *detected,
                                   const char **status);
 
diff --git a/daemons/ipa-kdb/ipa_kdb_kdcpolicy.c b/daemons/ipa-kdb/ipa_kdb_kdcpolicy.c
index 713e9a0..44959f3 100644
--- a/daemons/ipa-kdb/ipa_kdb_kdcpolicy.c
+++ b/daemons/ipa-kdb/ipa_kdb_kdcpolicy.c
@@ -188,7 +188,7 @@ ipa_kdcpolicy_check_tgs(krb5_context context, krb5_kdcpolicy_moddata moddata,
     krb5_error_code kerr;
     bool supported;
 
-    kerr = ipadb_check_for_bronze_bit_attack(context, request, supported, NULL,
+    kerr = ipadb_check_for_bronze_bit_attack(context, request, &supported, NULL,
                                              status);
     if (kerr)
         return KRB5KDC_ERR_POLICY;
diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c
index 8035036..886ed77 100644
--- a/daemons/ipa-kdb/ipa_kdb_mspac.c
+++ b/daemons/ipa-kdb/ipa_kdb_mspac.c
@@ -3306,13 +3306,14 @@ krb5_error_code ipadb_is_princ_from_trusted_realm(krb5_context kcontext,
 }
 
 krb5_error_code
-ipadb_check_for_bronze_bit_attack(krb5_context context, krb5_kdc_req *request,
+ipadb_check_for_bronze_bit_attack(krb5_context context,
+                                  const krb5_kdc_req *request,
                                   bool *supported, bool *detected,
                                   const char **status)
 {
     krb5_error_code kerr;
     const char *st = NULL;
-    size_t i, j;
+    size_t i, j = 0;
     bool in_supported = true, in_detected = false;
     struct ipadb_context *ipactx;
     krb5_ticket *evidence_tkt;