forward.c (get_for_creds): Removed no longer used function

kcmd.c (kcmd): Convert from using get_for_creds() from forward.c to
	using the official library routine, krb5_fwd_tgt_creds().

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7284 dc483132-0cff-0310-8789-dd5450dbe970

3 files changed, 10 insertions, 158 deletions

diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog
index 44363ab61..aa426ce0f 100644
--- a/src/appl/bsd/ChangeLog
+++ b/src/appl/bsd/ChangeLog
@@ -1,3 +1,10 @@
+Tue Jan  9 22:51:16 1996  Theodore Y. Ts'o  <tytso@dcl>
+
+	* forward.c (get_for_creds): Removed no longer used function.
+
+	* kcmd.c (kcmd): Convert from using get_for_creds() from forward.c
+		to using the official library routine, krb5_fwd_tgt_creds().
+
 Fri Dec 22 17:42:11 1995  Theodore Y. Ts'o  <tytso@dcl>
 
 	* login.c (main): If HAVE_SHADOW is defined, and no shadow
diff --git a/src/appl/bsd/forward.c b/src/appl/bsd/forward.c
index 3ecd2ab63..5cdea1b78 100644
--- a/src/appl/bsd/forward.c
+++ b/src/appl/bsd/forward.c
@@ -19,9 +19,6 @@
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  */
 
-/* General-purpose forwarding routines. These routines may be put into */
-/* libkrb5.a to allow widespread use */ 
-
 #if defined(KERBEROS) || defined(KRB5)
 #include <stdio.h>
 #include <pwd.h>
@@ -74,155 +71,4 @@ cleanup:
     return retval;
 }
 
-#ifndef MAXHOSTNAMELEN 
-#define MAXHOSTNAMELEN 64
-#endif
-     
-#define KRB5_DEFAULT_LIFE 60*60*8   /* 8 hours */
-/* helper function: convert flags to necessary KDC options */
-#define flags2options(flags) (flags & KDC_TKT_COMMON_MASK)
-
-/* Get a TGT for use at the remote host */
-krb5_error_code 
-get_for_creds(context, auth_context, rhost, client, forwardable, out_buf)
-    krb5_context context;
-    krb5_auth_context auth_context;
-    char *rhost;
-    krb5_principal client;
-    int forwardable;      /* Should forwarded TGT also be forwardable? */
-    krb5_data *out_buf;
-{
-    krb5_replay_data replaydata;
-    krb5_data * scratch;
-    struct hostent *hp;
-    krb5_address **addrs;
-    krb5_error_code retval;
-    krb5_creds tgt, creds, *pcreds;
-    krb5_ccache cc;
-    krb5_flags kdcoptions;
-    krb5_timestamp now;
-    char *remote_host = 0;
-    char **hrealms = 0;
-    int i;
-
-    memset((char *)&creds, 0, sizeof(creds));
-
-    if (!rhost || !(hp = gethostbyname(rhost)))
-      return KRB5_ERR_BAD_HOSTNAME;
-
-    remote_host = (char *) malloc(strlen(hp->h_name)+1);
-    if (!remote_host) {
-	retval = ENOMEM;
-	goto errout;
-    }	
-    strcpy(remote_host, hp->h_name);
-
-    if (retval = krb5_get_host_realm(context, remote_host, &hrealms))
-	goto errout;
-    if (!hrealms[0]) {
-	retval = KRB5_ERR_HOST_REALM_UNKNOWN;
-	goto errout;
-    }
-
-    /* Count elements */
-    for(i = 0; hp->h_addr_list[i]; i++);
-
-    addrs = (krb5_address **) malloc ((i + 1)*sizeof(*addrs));
-    if (!addrs) {
-	retval = ENOMEM;
-	goto errout;
-    }
-    memset(addrs, 0, (i+1)*sizeof(*addrs));
-    
-    for(i = 0; hp->h_addr_list[i]; i++) {
-	addrs[i] = (krb5_address *) malloc(sizeof(krb5_address));
-	if (!addrs[i]) {
-	    retval = ENOMEM;
-	    goto errout;
-	}
-	addrs[i]->addrtype = hp->h_addrtype;
-	addrs[i]->length   = hp->h_length;
-	addrs[i]->contents = (unsigned char *)malloc(addrs[i]->length);
-	if (!addrs[i]->contents) {
-	    retval = ENOMEM;
-	    goto errout;
-	}
-	memcpy ((char *)addrs[i]->contents, hp->h_addr_list[i],
-		addrs[i]->length);
-    }
-    addrs[i] = 0;
-
-    if (retval = krb5_copy_principal(context, client, &creds.client))
-	goto errout;
-    
-    if (retval = krb5_build_principal_ext(context, &creds.server,
-					  strlen(hrealms[0]),
-					  hrealms[0],
-					  KRB5_TGS_NAME_SIZE,
-					  KRB5_TGS_NAME,
-					  client->realm.length,
-					  client->realm.data,
-					  0))
-	goto errout;
-	
-    creds.times.starttime = 0;
-    if (retval = krb5_timeofday(context, &now))
-	goto errout;
-
-    creds.times.endtime = now + KRB5_DEFAULT_LIFE;
-    creds.times.renew_till = 0;
-    
-    if (retval = krb5_cc_default(context, &cc))
-	goto errout;
-
-    /* fetch tgt directly from cache */
-    retval = krb5_cc_retrieve_cred (context, cc, KRB5_TC_MATCH_SRV_NAMEONLY,
-				    &creds, &tgt);
-    krb5_cc_close(context, cc);
-
-    if (retval)
-	goto errout;
-
-    /* tgt->client must be equal to creds.client */
-    if (!krb5_principal_compare(context, tgt.client, creds.client)) {
-	retval = KRB5_PRINC_NOMATCH;
-	goto errout;
-    }
-
-    if (!tgt.ticket.length) {
-	retval = KRB5_NO_TKT_SUPPLIED;
-	goto errout;
-    }
-
-    if (!(tgt.ticket_flags & TKT_FLG_FORWARDABLE)) {
-	retval = KRB5_TKT_NOT_FORWARDABLE;
-	goto errout;
-    }
-
-    kdcoptions = flags2options(tgt.ticket_flags)|KDC_OPT_FORWARDED;
-
-    if (!forwardable) /* Reset KDC_OPT_FORWARDABLE */
-      kdcoptions &= ~(KDC_OPT_FORWARDABLE);
-
-    if (retval = krb5_get_cred_via_tkt(context, &tgt, kdcoptions,
-				       addrs, &creds, &pcreds))
-	goto errout;
-
-    retval = krb5_mk_1cred(context, auth_context, pcreds, 
-			   &scratch, &replaydata);
-    krb5_free_creds(context, pcreds);
-    *out_buf = *scratch;
-    krb5_xfree(scratch);
-    
-errout:
-    if (remote_host)
-	free(remote_host);
-    if (hrealms)
-	krb5_xfree(hrealms);
-    if (addrs)
-	krb5_free_addresses(context, addrs);
-    krb5_free_cred_contents(context, &creds);
-    return retval;
-}
-
 #endif /* KERBEROS */
diff --git a/src/appl/bsd/kcmd.c b/src/appl/bsd/kcmd.c
index e6dc73cbf..4507825d3 100644
--- a/src/appl/bsd/kcmd.c
+++ b/src/appl/bsd/kcmd.c
@@ -331,11 +331,10 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
     (void) write(s, locuser, strlen(locuser)+1);
     
     if (options & OPTS_FORWARD_CREDS) {   /* Forward credentials */
-	if (status = get_for_creds(bsd_context, auth_context,
+	if (status = krb5_fwd_tgt_creds(bsd_context, auth_context,
 					host_save,
-					ret_cred->client,
-					/* Forwardable TGT? */
-					options & OPTS_FORWARDABLE_CREDS,
+					ret_cred->client, ret_cred->server,
+					0, options & OPTS_FORWARDABLE_CREDS,
 					&outbuf)) {
 	    fprintf(stderr, "kcmd: Error getting forwarded creds\n");
 	    goto bad2;