Comment cleanup

No, we shouldn't assert, and those error codes should be okay (haven't
heard any better ideas). Get rid of these comments, so there's no
confusion.

Merge into "Clean up akimpersonate and use for server-to-server".

diff --git a/src/auth/akimpersonate.c b/src/auth/akimpersonate.c
index 44c6e6f4474b75c237b85a8b483c55d5ab0924f9..644db0164c348b8d5660332c4e75d1cb4cabd921 100644 (file)
--- a/src/auth/akimpersonate.c
+++ b/src/auth/akimpersonate.c
@@ -239,7 +239,8 @@ encode_krb5_enc_tkt_part(krb5_enc_tkt_part *encpart, krb5_data **a_out)
     return code;
 
  invalid:
-    /* XXX or assert, or ...? */
+    /* We don't handle all possible ticket options, features, etc. If we are
+     * given a ticket we can't handle, bail out with EINVAL. */
     code = EINVAL;
     goto cleanup;
 }

diff --git a/src/auth/akimpersonate_v5gen.c b/src/auth/akimpersonate_v5gen.c
index 623b551170fb778a22999f05271815b12a00e9e3..4ace8df69a503b2692d103bb7daa626b530c5bc2 100644 (file)
--- a/src/auth/akimpersonate_v5gen.c
+++ b/src/auth/akimpersonate_v5gen.c
@@ -89,7 +89,7 @@ akv5gen_encode_krb5_ticket(int kvno,
     ASN1_MALLOC_ENCODE(Ticket, outdata, outlen,
                        &v5gen_tkt, &dummy, code);
     if (code == 0 && dummy != outlen)
-       code = EINVAL; /* XXX what error should this be? */
+       code = EINVAL;
     if (code)
        goto cleanup;
 
@@ -160,7 +160,7 @@ akv5gen_encode_krb5_enc_tkt_part(int enctype,
     ASN1_MALLOC_ENCODE(EncTicketPart, outdata, outlen,
                        &v5gen_enc, &dummy, code);
     if (code == 0 && dummy != outlen)
-       code = EINVAL; /* XXX what error should this be? */
+       code = EINVAL;
     if (code)
        goto cleanup;