Move get_for_creds to krb5_get_for_creds in the Kerberos library

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4718 dc483132-0cff-0310-8789-dd5450dbe970
author: Theodore Tso <tytso@mit.edu> 1994-11-30 04:12:05 +0000
committer: Theodore Tso <tytso@mit.edu> 1994-11-30 04:12:05 +0000
commit: 62ee6ced9d648e4d67713d5262dfe29b91647296 (patch)
tree: 4cd6bfee11d9634ca438785b7a244e4f7e753d32 /src
parent: efff614bf0b875de1e56ba1beaa26a529bc7c6de (diff)
download: krb5-62ee6ced9d648e4d67713d5262dfe29b91647296.tar.gz
krb5-62ee6ced9d648e4d67713d5262dfe29b91647296.tar.xz
krb5-62ee6ced9d648e4d67713d5262dfe29b91647296.zip
2 files changed, 8 insertions, 202 deletions
diff --git a/src/appl/telnet/libtelnet/forward.c b/src/appl/telnet/libtelnet/forward.c
index 1a72671a7..782e9f5e3 100644
--- a/src/appl/telnet/libtelnet/forward.c
+++ b/src/appl/telnet/libtelnet/forward.c
@@ -34,200 +34,6 @@
 #include <krb5/los-proto.h>
 #include <krb5/ext-proto.h>
 
-#define KRB5_DEFAULT_LIFE 60*60*8   /* 8 hours */
-/* helper function: convert flags to necessary KDC options */
-#define flags2options(flags) (flags & KDC_TKT_COMMON_MASK)
-
-
-
-/* Get a TGT for use at the remote host */
-krb5_error_code
-get_for_creds(etype, sumtype, rhost, client, enc_key, forwardable, outbuf)
-     const krb5_enctype etype;
-     const krb5_cksumtype sumtype;
-     char *rhost;
-     krb5_principal client;
-     krb5_keyblock *enc_key;
-     int forwardable;      /* Should forwarded TGT also be forwardable? */
-     krb5_data *outbuf;
-{
-    struct hostent *hp;
-    krb5_address **addrs;
-    krb5_error_code retval;
-    krb5_kdc_rep *dec_rep;
-    krb5_error *err_reply;
-    krb5_response tgsrep;
-    krb5_creds creds, tgt;
-    krb5_ccache cc;
-    krb5_flags kdcoptions;
-    krb5_timestamp now;
-    char *remote_host;
-    char **hrealms;
-    int i;
-
-    if (!rhost || !(hp = gethostbyname(rhost)))
-      return KRB5_ERR_BAD_HOSTNAME;
-
-    remote_host = (char *) malloc(strlen(hp->h_name)+1);
-    if (!remote_host)
-      return ENOMEM;
-    strcpy(remote_host, hp->h_name);
-
-    if (retval = krb5_get_host_realm(remote_host, &hrealms)) {
-	free(remote_host);
-	return retval;
-    }
-    if (!hrealms[0]) {
-	free(remote_host);
-	krb5_xfree(hrealms);
-	return KRB5_ERR_HOST_REALM_UNKNOWN;
-    }
-
-    /* Count elements */
-    for(i=0; hp->h_addr_list[i]; i++);
-
-    addrs = (krb5_address **) malloc ((i+1)*sizeof(*addrs));
-    if (!addrs)
-      return ENOMEM;
-    
-    for(i=0; hp->h_addr_list[i]; i++) {
-	addrs[i] = (krb5_address *) malloc(sizeof(krb5_address));
-	if (addrs[i]) {
-	    addrs[i]->addrtype = hp->h_addrtype;
-	    addrs[i]->length   = hp->h_length;
-	    addrs[i]->contents = (unsigned char *)malloc(addrs[i]->length);
-	    if (!addrs[i]->contents) {
-		krb5_free_addresses(addrs);
-		return ENOMEM;
-	    }
-	    else
-	      memcpy ((char *)addrs[i]->contents, hp->h_addr_list[i],
-		      addrs[i]->length);
-	}
-	else {
-	    return ENOMEM;
-	}
-    }
-    addrs[i] = 0;
-
-    memset((char *)&creds, 0, sizeof(creds));
-    if (retval = krb5_copy_principal(client, &creds.client))
-      return retval;
-    
-    if (retval = krb5_build_principal_ext(&creds.server,
-					  strlen(hrealms[0]),
-					  hrealms[0],
-					  KRB5_TGS_NAME_SIZE,
-					  KRB5_TGS_NAME,
-					  client->realm.length,
-					  client->realm.data,
-					  0))
-      return retval;
-	
-    creds.times.starttime = 0;
-    if (retval = krb5_timeofday(&now)) {
-	return retval;
-    }
-    creds.times.endtime = now + KRB5_DEFAULT_LIFE;
-    creds.times.renew_till = 0;
-    
-    if (retval = krb5_cc_default(&cc)) {
-	return retval;
-    }
-
-    /* fetch tgt directly from cache */
-    if (retval = krb5_cc_retrieve_cred (cc,
-					KRB5_TC_MATCH_SRV_NAMEONLY,
-					&creds,
-					&tgt)) {
-	return retval;
-    }
-
-    /* tgt->client must be equal to creds.client */
-    if (!krb5_principal_compare(tgt.client, creds.client))
-	return KRB5_PRINC_NOMATCH;
-
-    if (!tgt.ticket.length)
-	return(KRB5_NO_TKT_SUPPLIED);
-
-    kdcoptions = flags2options(tgt.ticket_flags)|KDC_OPT_FORWARDED;
-
-    if (!forwardable) /* Reset KDC_OPT_FORWARDABLE */
-      kdcoptions &= ~(KDC_OPT_FORWARDABLE);
-
-    if (retval = krb5_send_tgs(kdcoptions, &creds.times, etype, sumtype,
-			       creds.server,
-			       addrs,
-			       creds.authdata,
-			       0,		/* no padata */
-			       0,		/* no second ticket */
-			       &tgt, &tgsrep))
-	return retval;
-
-#undef cleanup
-#define cleanup() free(tgsrep.response.data)
-
-    switch (tgsrep.message_type) {
-    case KRB5_TGS_REP:
-	break;
-    case KRB5_ERROR:
-    default:
-	if (!krb5_is_krb_error(&tgsrep.response)) {
-	    retval = KRB5KRB_AP_ERR_MSG_TYPE;
-	} else
-	    retval = decode_krb5_error(&tgsrep.response, &err_reply);
-	if (retval) {
-	    cleanup();
-	    return retval;		/* neither proper reply nor error! */
-	}
-
-	retval = err_reply->error + ERROR_TABLE_BASE_krb5;
-
-	krb5_free_error(err_reply);
-	cleanup();
-	return retval;
-    }
-    retval = krb5_decode_kdc_rep(&tgsrep.response,
-				 &tgt.keyblock,
-				 etype, /* enctype */
-				 &dec_rep);
-    
-    cleanup();
-    if (retval)
-	return retval;
-#undef cleanup
-#define cleanup() {\
-	memset((char *)dec_rep->enc_part2->session->contents, 0,\
-	      dec_rep->enc_part2->session->length);\
-		  krb5_free_kdc_rep(dec_rep); }
-
-    if (dec_rep->msg_type != KRB5_TGS_REP) {
-	retval = KRB5KRB_AP_ERR_MSG_TYPE;
-	cleanup();
-	return retval;
-    }
-    
-    /* now it's decrypted and ready for prime time */
-
-    if (!krb5_principal_compare(dec_rep->client, tgt.client)) {
-	cleanup();
-	return KRB5_KDCREP_MODIFIED;
-    }
-
-    if (retval = mk_cred(dec_rep, 
-			 etype, 
-			 enc_key,
-			 0,
-			 0, 
-			 outbuf))
-      return retval;
-
-    krb5_free_kdc_rep(dec_rep);
-
-    return retval;
-#undef cleanup
-}
-
 /* Decode, decrypt and store the forwarded creds in the local ccache. */
 krb5_error_code
 rd_and_store_for_creds(inbuf, ticket, lusername)
@@ -241,7 +47,7 @@ rd_and_store_for_creds(inbuf, ticket, lusername)
     krb5_ccache ccache = NULL;
     struct passwd *pwd;
 
-    if (retval = rd_cred(inbuf, ticket->enc_part2->session, 
+    if (retval = krb5_rd_cred(inbuf, ticket->enc_part2->session, 
 			 &creds, 0, 0)) {
 	return(retval);
     }
diff --git a/src/appl/telnet/libtelnet/kerberos5.c b/src/appl/telnet/libtelnet/kerberos5.c
index 5d08300f3..4bcab5aa1 100644
--- a/src/appl/telnet/libtelnet/kerberos5.c
+++ b/src/appl/telnet/libtelnet/kerberos5.c
@@ -649,13 +649,13 @@ kerberos5_forward(ap)
 	return;
     }
 
-    if (r = get_for_creds(ETYPE_DES_CBC_CRC,
-			  krb5_kdc_req_sumtype,
-			  RemoteHostName,
-			  local_creds->client,
-			  &local_creds->keyblock,
-			  forward_flags & OPTS_FORWARDABLE_CREDS,
-			  &forw_creds)) {
+    if (r = krb5_get_for_creds(ETYPE_DES_CBC_CRC,
+			       krb5_kdc_req_sumtype,
+			       RemoteHostName,
+			       local_creds->client,
+			       &local_creds->keyblock,
+			       forward_flags & OPTS_FORWARDABLE_CREDS,
+			       &forw_creds)) {
 	if (auth_debug_mode) 
 	  printf("Kerberos V5: error getting forwarded creds - %s\r\n",
 		 error_message(r));
author	Theodore Tso <tytso@mit.edu>	1994-11-30 04:12:05 +0000
committer	Theodore Tso <tytso@mit.edu>	1994-11-30 04:12:05 +0000
commit	62ee6ced9d648e4d67713d5262dfe29b91647296 (patch)
tree	4cd6bfee11d9634ca438785b7a244e4f7e753d32 /src
parent	efff614bf0b875de1e56ba1beaa26a529bc7c6de (diff)
download	krb5-62ee6ced9d648e4d67713d5262dfe29b91647296.tar.gz krb5-62ee6ced9d648e4d67713d5262dfe29b91647296.tar.xz krb5-62ee6ced9d648e4d67713d5262dfe29b91647296.zip