From d1cee9a14b8f97eb72647bdf1aad78bbd0a2df55 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@h5l.org>
Date: Sat, 23 Aug 2014 18:48:34 -0700
Subject: [PATCH] now that use used up more then 16 flags and we have been
 using the right bit order for many years, lets stop dealing with broken bit
 fields from ticket flags

---
 lib/krb5/fcache.c | 15 ---------------
 lib/krb5/store.c  | 43 +++----------------------------------------
 2 files changed, 3 insertions(+), 55 deletions(-)

diff --git a/lib/krb5/fcache.c b/lib/krb5/fcache.c
index 4a16ff9f5..9eb25ab38 100644
--- a/lib/krb5/fcache.c
+++ b/lib/krb5/fcache.c
@@ -616,11 +616,6 @@ fcc_store_cred(krb5_context context,
 	sp = krb5_storage_emem();
 	krb5_storage_set_eof_code(sp, KRB5_CC_END);
 	storage_set_flags(context, sp, FCACHE(id)->version);
-	if (!krb5_config_get_bool_default(context, NULL, TRUE,
-					  "libdefaults",
-					  "fcc-mit-ticketflags",
-					  NULL))
-	    krb5_storage_set_flags(sp, KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER);
 	ret = krb5_store_creds(sp, creds);
 	if (ret == 0)
 	    ret = write_storage(context, sp, fd);
@@ -915,7 +910,6 @@ cred_delete(krb5_context context,
     struct stat sb1, sb2;
     int fd = -1;
     ssize_t bytes;
-    krb5_flags flags = 0;
     krb5_const_realm srealm = krb5_principal_get_realm(context, cred->server);
 
     /* This is best-effort code; if we lose track of errors here it's OK */
@@ -924,19 +918,12 @@ cred_delete(krb5_context context,
 		"fcache internal error");
 
     krb5_data_zero(&orig_cred_data);
-    if (!krb5_config_get_bool_default(context, NULL, TRUE,
-				      "libdefaults",
-				      "fcc-mit-ticketflags",
-				      NULL))
-	flags = KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER;
 
     sp = krb5_storage_emem();
     if (sp == NULL)
 	return;
     krb5_storage_set_eof_code(sp, KRB5_CC_END);
     storage_set_flags(context, sp, FCACHE(id)->version);
-    if (flags)
-	krb5_storage_set_flags(sp, KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER);
 
     /* Get a copy of what the cred should look like in the file; see below */
     ret = krb5_store_creds(sp, cred);
@@ -970,8 +957,6 @@ cred_delete(krb5_context context,
 	return;
     krb5_storage_set_eof_code(sp, KRB5_CC_END);
     storage_set_flags(context, sp, FCACHE(id)->version);
-    if (flags)
-	krb5_storage_set_flags(sp, KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER);
 
     ret = krb5_store_creds(sp, cred);
 
diff --git a/lib/krb5/store.c b/lib/krb5/store.c
index 21536f7b4..da1e517e9 100644
--- a/lib/krb5/store.c
+++ b/lib/krb5/store.c
@@ -1347,14 +1347,9 @@ krb5_store_creds(krb5_storage *sp, krb5_creds *creds)
     ret = krb5_store_int8(sp, creds->second_ticket.length != 0); /* is_skey */
     if(ret)
 	return ret;
-
-    if(krb5_storage_is_flags(sp, KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER))
-	ret = krb5_store_int32(sp, creds->flags.i);
-    else
-	ret = krb5_store_int32(sp, bitswap32(TicketFlags2int(creds->flags.b)));
+    ret = krb5_store_int32(sp, bitswap32(TicketFlags2int(creds->flags.b)));
     if(ret)
 	return ret;
-
     ret = krb5_store_addrs(sp, creds->addresses);
     if(ret)
 	return ret;
@@ -1399,23 +1394,7 @@ krb5_ret_creds(krb5_storage *sp, krb5_creds *creds)
     if(ret) goto cleanup;
     ret = krb5_ret_int32 (sp,  &dummy32);
     if(ret) goto cleanup;
-    /*
-     * Runtime detect the what is the higher bits of the bitfield. If
-     * any of the higher bits are set in the input data, it's either a
-     * new ticket flag (and this code need to be removed), or it's a
-     * MIT cache (or new Heimdal cache), lets change it to our current
-     * format.
-     */
-    {
-	uint32_t mask = 0xffff0000;
-	creds->flags.i = 0;
-	creds->flags.b.anonymous = 1;
-	if (creds->flags.i & mask)
-	    mask = ~mask;
-	if (dummy32 & mask)
-	    dummy32 = bitswap32(dummy32);
-    }
-    creds->flags.i = dummy32;
+    creds->flags.b = int2TicketFlags(bitswap32(dummy32));
     ret = krb5_ret_addrs (sp,  &creds->addresses);
     if(ret) goto cleanup;
     ret = krb5_ret_authdata (sp,  &creds->authdata);
@@ -1574,23 +1553,7 @@ krb5_ret_creds_tag(krb5_storage *sp,
     if(ret) goto cleanup;
     ret = krb5_ret_int32 (sp,  &dummy32);
     if(ret) goto cleanup;
-    /*
-     * Runtime detect the what is the higher bits of the bitfield. If
-     * any of the higher bits are set in the input data, it's either a
-     * new ticket flag (and this code need to be removed), or it's a
-     * MIT cache (or new Heimdal cache), lets change it to our current
-     * format.
-     */
-    {
-	uint32_t mask = 0xffff0000;
-	creds->flags.i = 0;
-	creds->flags.b.anonymous = 1;
-	if (creds->flags.i & mask)
-	    mask = ~mask;
-	if (dummy32 & mask)
-	    dummy32 = bitswap32(dummy32);
-    }
-    creds->flags.i = dummy32;
+    creds->flags.b = int2TicketFlags(bitswap32(dummy32));
     if (header & SC_ADDRESSES) {
 	ret = krb5_ret_addrs (sp,  &creds->addresses);
 	if(ret) goto cleanup;