From 3ba00c4edc56d2e6e272364d0311ffb3b9b7fa6e Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Mon, 15 Apr 2013 11:06:55 -0400
Subject: [PATCH] keep track of the message type of FAST requests

- pull in fix for keeping track of the message type when parsing FAST requests
  in the KDC (RT#7605, #951843)
---
 krb5-fast-msg_type.patch | 28 ++++++++++++++++++++++++++++
 krb5.spec                |  4 ++++
 2 files changed, 32 insertions(+)
 create mode 100644 krb5-fast-msg_type.patch

diff --git a/krb5-fast-msg_type.patch b/krb5-fast-msg_type.patch
new file mode 100644
index 0000000..e112272
--- /dev/null
+++ b/krb5-fast-msg_type.patch
@@ -0,0 +1,28 @@
+commit 3fbdcd0965180b46c545187e7784350340ae88ee
+Author: Greg Hudson <ghudson@mit.edu>
+Date:   Fri Apr 12 16:28:14 2013 -0400
+
+    Set msg_type when decoding FAST requests
+    
+    An RFC 6113 KrbFastReq contains a padata sequence and a KDC-REQ-BODY,
+    neither of which contain the msg-type field found in a KDC-REQ.  So
+    when we decode the FAST request, the resulting krb5_kdc_req structure
+    has a msg_type of 0.  Copy msg_type from the outer body, since we make
+    use of it in further KDC processing.
+    
+    ticket: 7605 (new)
+    target_version: 1.11.3
+    tags: pullup
+
+diff --git a/src/kdc/fast_util.c b/src/kdc/fast_util.c
+index 40c5783..4fa36c6 100644
+--- a/src/kdc/fast_util.c
++++ b/src/kdc/fast_util.c
+@@ -239,6 +239,7 @@ kdc_find_fast(krb5_kdc_req **requestptr,
+                                                  KRB5_PADATA_FX_COOKIE);
+         if (retval == 0) {
+             state->fast_options = fast_req->fast_options;
++            fast_req->req_body->msg_type = request->msg_type;
+             krb5_free_kdc_req( kdc_context, request);
+             *requestptr = fast_req->req_body;
+             fast_req->req_body = NULL;
diff --git a/krb5.spec b/krb5.spec
index f514f39..f61aca6 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -76,6 +76,7 @@ Patch113: krb5-1.11-alpha1-init.patch
 Patch116: http://ausil.fedorapeople.org/aarch64/krb5/krb5-aarch64.patch
 Patch117: krb5-1.11-gss-client-keytab.patch
 Patch118: krb5-1.11.1-rpcbind.patch
+Patch119: krb5-fast-msg_type.patch
 
 # Patch for otp plugin backport
 Patch201: 0001-add-k5memdup.patch
@@ -296,6 +297,7 @@ ln -s NOTICE LICENSE
 %patch116 -p1 -b .aarch64
 %patch117 -p1 -b .gss-client-keytab
 %patch118 -p1 -b .rpcbind
+%patch119 -p1 -b .fast-msg_type
 
 %patch201 -p1 -b .add-k5memdup
 %patch202 -p1 -b .add-libkrad
@@ -827,6 +829,8 @@ exit 0
 - update to 1.11.2
   - drop pulled in patch for RT#7586, included in this release
   - drop pulled in patch for RT#7592, included in this release
+- pull in fix for keeping track of the message type when parsing FAST requests
+  in the KDC (RT#7605, #951843)
 
 * Fri Apr 12 2013 Nalin Dahyabhai <nalin@redhat.com> 1.11.1-9
 - move the compiled-in default ccache location from the previous default of