* gc_via_tgt.c, and gc_2tgt.c : Removed.
authorChris Provenzano <proven@mit.edu>
Thu, 27 Apr 1995 02:52:57 +0000 (02:52 +0000)
committerChris Provenzano <proven@mit.edu>
Thu, 27 Apr 1995 02:52:57 +0000 (02:52 +0000)
* Makefile.in, gc_via_tkt.c, gc_frm_kdc.c, and, int-proto.h :
Replaced get_cred_via_tgt() and get_cred_via_2tgt()
with more general function get_cred_via_tkt().

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5532 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/krb/ChangeLog
src/lib/krb5/krb/Makefile.in
src/lib/krb5/krb/gc_2tgt.c [deleted file]
src/lib/krb5/krb/gc_frm_kdc.c
src/lib/krb5/krb/gc_via_tgt.c [deleted file]
src/lib/krb5/krb/gc_via_tkt.c
src/lib/krb5/krb/int-proto.h

index b963cb4e4ea4acac7b1bd69f71ae30de65bf325d..cba4278119785fe371a23febd1fb5d423ca9d057 100644 (file)
@@ -1,3 +1,11 @@
+
+Wed Apr 26 22:49:18 1995  Chris Provenzano  (proven@mit.edu)
+
+       * gc_via_tgt.c, and gc_2tgt.c : Removed.
+       * Makefile.in, gc_via_tkt.c, gc_frm_kdc.c, and, int-proto.h : 
+               Replaced get_cred_via_tgt() and get_cred_via_2tgt()
+               with more general function get_cred_via_tkt().
+
 Tue Apr 25 21:58:23 1995  Chris Provenzano  (proven@mit.edu)
 
        * Makefile.in : Added gc_via_tkt.c and removed get_fcreds.c
index 30729b018841bc212bae17a02e8c14d3c86e3ca3..0761a221682d30b04a9b21c73ad8dcbd37903700 100644 (file)
@@ -31,9 +31,7 @@ OBJS= addr_comp.$(OBJEXT)     \
        free_rtree.$(OBJEXT)    \
        faddr_ordr.$(OBJEXT)    \
        gc_frm_kdc.$(OBJEXT)    \
-       gc_via_tgt.$(OBJEXT)    \
        gc_via_tkt.$(OBJEXT)    \
-       gc_2tgt.$(OBJEXT)       \
        gen_seqnum.$(OBJEXT)    \
        gen_subkey.$(OBJEXT)    \
        get_creds.$(OBJEXT)     \
@@ -97,9 +95,7 @@ SRCS= $(srcdir)/addr_comp.c   \
        $(srcdir)/free_rtree.c  \
        $(srcdir)/faddr_ordr.c  \
        $(srcdir)/gc_frm_kdc.c  \
-       $(srcdir)/gc_via_tgt.c  \
        $(srcdir)/gc_via_tkt.c  \
-       $(srcdir)/gc_2tgt.c     \
        $(srcdir)/gen_seqnum.c  \
        $(srcdir)/gen_subkey.c  \
        $(srcdir)/get_creds.c   \
diff --git a/src/lib/krb5/krb/gc_2tgt.c b/src/lib/krb5/krb/gc_2tgt.c
deleted file mode 100644 (file)
index c5ddcf7..0000000
+++ /dev/null
@@ -1,204 +0,0 @@
-/*
- * lib/krb5/krb/gc_2tgt.c
- *
- * Copyright 1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- * 
- *
- * Given two tgts, get a ticket.
- */
-
-#include "k5-int.h"
-#include "int-proto.h"
-
-krb5_error_code
-krb5_get_cred_via_2tgt (context, tgt, kdcoptions, sumtype, in_cred, out_cred)
-    krb5_context context;
-    krb5_creds *tgt;
-    const krb5_flags kdcoptions;
-    const krb5_cksumtype sumtype;
-    krb5_creds * in_cred;
-    krb5_creds ** out_cred;
-{
-    krb5_error_code retval;
-#if 0
-    krb5_principal tempprinc;
-#endif
-    krb5_data *scratch;
-    krb5_kdc_rep *dec_rep;
-    krb5_error *err_reply;
-    krb5_response tgsrep;
-    krb5_enctype etype;
-
-    /* tgt->client must be equal to in_cred->client */
-    /* tgt->server must be equal to krbtgt/realmof(cred->client) */
-    if (!krb5_principal_compare(context, tgt->client, in_cred->client))
-       return KRB5_PRINC_NOMATCH;
-
-    if (!tgt->ticket.length)
-       return(KRB5_NO_TKT_SUPPLIED);
-
-    if (!in_cred->second_ticket.length)
-       return(KRB5_NO_2ND_TKT);
-
-#if 0  /* What does this do? */
-    if (retval = krb5_tgtname(context, krb5_princ_realm(in_cred->server),
-                             krb5_princ_realm(context, in_cred->client), &tempprinc))
-       return(retval);
-
-    if (!krb5_principal_compare(context, tempprinc, tgt->server)) {
-       krb5_free_principal(context, tempprinc);
-       return KRB5_PRINC_NOMATCH;
-    }
-    krb5_free_principal(context, tempprinc);
-#endif
-
-    if (!(kdcoptions & KDC_OPT_ENC_TKT_IN_SKEY))
-       return KRB5_INVALID_FLAGS;
-
-    if (retval = krb5_send_tgs(context, kdcoptions, &in_cred->times, NULL, 
-                              sumtype, in_cred->server, tgt->addresses,
-                              in_cred->authdata,
-                              0,               /* no padata */
-                              &in_cred->second_ticket, tgt, &tgsrep))
-       return retval;
-
-    if (tgsrep.message_type != KRB5_TGS_REP)
-      {
-       if (!krb5_is_krb_error(&tgsrep.response)) {
-           free(tgsrep.response.data);
-           return KRB5KRB_AP_ERR_MSG_TYPE;
-       }
-       retval = decode_krb5_error(&tgsrep.response, &err_reply);
-       if (retval) {
-           free(tgsrep.response.data);
-           return retval;
-       }
-       retval = err_reply->error + ERROR_TABLE_BASE_krb5;
-
-       krb5_free_error(context, err_reply);
-       free(tgsrep.response.data);
-       return retval;
-      }
-    etype = tgt->keyblock.etype;
-    retval = krb5_decode_kdc_rep(context, &tgsrep.response, &tgt->keyblock,
-                                etype, &dec_rep);
-    free(tgsrep.response.data);
-    if (retval)
-       return retval;
-
-    if (dec_rep->msg_type != KRB5_TGS_REP) {
-       retval = KRB5KRB_AP_ERR_MSG_TYPE;
-       goto errout;
-    }
-    
-    /* now it's decrypted and ready for prime time */
-
-    if (!krb5_principal_compare(context, dec_rep->client, tgt->client)) {
-       retval = KRB5_KDCREP_MODIFIED;
-       goto errout;
-    }
-
-    /*
-     * get a cred structure 
-     * The caller is responsible for cleaning up 
-     */
-    if (((*out_cred) = (krb5_creds *)malloc(sizeof(krb5_creds))) == NULL) {
-       retval = ENOMEM;
-       goto errout;
-    }
-
-    /* Copy the client straig from in_cred */
-    if (retval = krb5_copy_principal(context, in_cred->client, 
-                                    &(*out_cred)->client)) {
-       goto errout;
-    }
-
-    /* put pieces into out_cred-> */
-    (*out_cred)->keyblock.magic = KV5M_KEYBLOCK;
-    (*out_cred)->keyblock.etype = dec_rep->ticket->enc_part.etype;
-    if (retval = krb5_copy_keyblock_contents(context, 
-                                            dec_rep->enc_part2->session,
-                                            &(*out_cred)->keyblock))
-       goto errout;
-
-    /* Should verify that the ticket is what we asked for. */
-#ifdef HAVE_C_STRUCTURE_ASSIGNMENT
-    (*out_cred)->times = dec_rep->enc_part2->times;
-#else
-    memcpy(&(*out_cred)->times, &dec_rep->enc_part2->times, 
-          sizeof(krb5_ticket_times));
-#endif
-
-    (*out_cred)->ticket_flags = dec_rep->enc_part2->flags;
-    (*out_cred)->is_skey = TRUE;
-    if (dec_rep->enc_part2->caddrs)
-       retval = krb5_copy_addresses(context, dec_rep->enc_part2->caddrs,
-                                    &(*out_cred)->addresses);
-    else
-       /* no addresses in the list means we got what we had */
-       retval = krb5_copy_addresses(context, tgt->addresses, &(*out_cred)->addresses);
-    if (retval)
-           goto errout;
-    
-    if (retval = krb5_copy_principal(context, dec_rep->enc_part2->server,
-                                    &(*out_cred)->server))
-       goto errout;
-
-    if (retval = encode_krb5_ticket(dec_rep->ticket, &scratch))
-       goto errout;
-
-    (*out_cred)->ticket = *scratch;
-    krb5_xfree(scratch);
-
-errout:
-    if (retval) {
-       if (*out_cred) {
-           if ((*out_cred)->keyblock.contents) {
-               memset((*out_cred)->keyblock.contents, 0, 
-                  (*out_cred)->keyblock.length);
-               krb5_xfree((*out_cred)->keyblock.contents);
-               (*out_cred)->keyblock.contents = 0;
-           }
-           if ((*out_cred)->addresses) {
-               krb5_free_addresses(context, (*out_cred)->addresses);
-               (*out_cred)->addresses = 0;
-           }
-           if ((*out_cred)->server) {
-               krb5_free_principal(context, (*out_cred)->server);
-               (*out_cred)->server = 0;
-           }
-           krb5_free_creds(context, *out_cred);
-       }
-    }
-    memset((char *)dec_rep->enc_part2->session->contents, 0,
-          dec_rep->enc_part2->session->length);
-    krb5_free_kdc_rep(context, dec_rep);
-    return retval;
-}
-
-/*
- * Local variables:
- * mode:c
- * eval: (make-local-variable (quote c-indent-level))
- * eval: (make-local-variable (quote c-continued-statement-offset))
- * eval: (setq c-indent-level 4 c-continued-statement-offset 4)
- * End:
- */
-
index 5b72ebb243757401fb4b0fd4a974d757d9b722be..a2a7f577452b35fc1081af549ba69ce112d0ba98 100644 (file)
@@ -254,10 +254,9 @@ krb5_get_cred_from_kdc(context, ccache, in_cred, out_cred, tgts)
        tgtq.is_skey      = FALSE;
        tgtq.ticket_flags = tgt.ticket_flags;
        etype             = TGT_ETYPE;
-       if(retval = krb5_get_cred_via_tgt(context, &tgt,
-                                         FLAGS2OPTS(tgtq.ticket_flags),
-                                         krb5_kdc_req_sumtype,
-                                         &tgtq, &tgtr)) {
+       if (retval = krb5_get_cred_via_tkt(context, &tgt,
+                                          FLAGS2OPTS(tgtq.ticket_flags),
+                                          tgt.addresses, &tgtq, &tgtr)) {
              
        /*
        * couldn't get one so now loop backwards through the realms
@@ -310,10 +309,9 @@ krb5_get_cred_from_kdc(context, ccache, in_cred, out_cred, tgts)
              tgtq.is_skey      = FALSE;
              tgtq.ticket_flags = tgt.ticket_flags;
              etype             = TGT_ETYPE;
-             if (retval = krb5_get_cred_via_tgt(context, &tgt,
+             if (retval = krb5_get_cred_via_tkt(context, &tgt,
                                                  FLAGS2OPTS(tgtq.ticket_flags),
-                                                 krb5_kdc_req_sumtype,
-                                                 &tgtq, &tgtr)) {
+                                                 tgt.addresses, &tgtq, &tgtr)) {
                  continue;
              }
              
@@ -383,16 +381,10 @@ krb5_get_cred_from_kdc(context, ccache, in_cred, out_cred, tgts)
   }
 
   etype = TGT_ETYPE;
-  if (in_cred->second_ticket.length) {
-      retval = krb5_get_cred_via_2tgt(context, &tgt,
-                                     KDC_OPT_ENC_TKT_IN_SKEY |
-                                     FLAGS2OPTS(tgt.ticket_flags),
-                                     krb5_kdc_req_sumtype, in_cred, out_cred);
-  } else {
-      retval = krb5_get_cred_via_tgt(context, &tgt,
-                                     FLAGS2OPTS(tgt.ticket_flags), 
-                                     krb5_kdc_req_sumtype, in_cred, out_cred);
-  }
+  retval = krb5_get_cred_via_tkt(context, &tgt, FLAGS2OPTS(tgt.ticket_flags) |
+                                       (in_cred->second_ticket.length ? 
+                                        KDC_OPT_ENC_TKT_IN_SKEY : 0),
+                                tgt.addresses, in_cred, out_cred);
 
   /* cleanup and return */
 
diff --git a/src/lib/krb5/krb/gc_via_tgt.c b/src/lib/krb5/krb/gc_via_tgt.c
deleted file mode 100644 (file)
index 5c15a01..0000000
+++ /dev/null
@@ -1,223 +0,0 @@
-/*
- * lib/krb5/krb/gc_via_tgt.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- * 
- *
- * Given a tgt, and a target cred, get it.
- */
-
-#include "k5-int.h"
-#include "int-proto.h"
-
-krb5_error_code
-krb5_get_cred_via_tgt (context, tgt, kdcoptions, sumtype, in_cred, out_cred)
-    krb5_context context;
-    krb5_creds * tgt;
-    const krb5_flags kdcoptions;
-    const krb5_cksumtype sumtype;
-    krb5_creds * in_cred;
-    krb5_creds ** out_cred;
-{
-    krb5_error_code retval;
-    krb5_principal tempprinc;
-    krb5_data *scratch;
-    krb5_kdc_rep *dec_rep;
-    krb5_error *err_reply;
-    krb5_response tgsrep;
-
-    /* tgt->client must be equal to in_cred->client */
-    if (!krb5_principal_compare(context, tgt->client, in_cred->client))
-       return KRB5_PRINC_NOMATCH;
-
-    if (!tgt->ticket.length)
-       return(KRB5_NO_TKT_SUPPLIED);
-
-    /* check if we have the right TGT                    */
-    /* tgt->server must be equal to                      */
-    /* krbtgt/realmof(cred->server)@realmof(tgt->server) */
-
-    if (retval = krb5_tgtname(context, 
-                    krb5_princ_realm(context, in_cred->server),
-                    krb5_princ_realm(context, tgt->server), &tempprinc))
-       return(retval);
-
-    if (!krb5_principal_compare(context, tempprinc, tgt->server)) {
-       retval = KRB5_PRINC_NOMATCH;
-       goto error_5;
-    }
-
-    if (retval = krb5_send_tgs(context, kdcoptions, &in_cred->times, NULL, 
-                              sumtype, in_cred->server, tgt->addresses,
-                              in_cred->authdata,
-                              0,               /* no padata */
-                              0,               /* no second ticket */
-                              tgt, &tgsrep))
-       goto error_5;
-
-    switch (tgsrep.message_type) {
-    case KRB5_TGS_REP:
-       break;
-    case KRB5_ERROR:
-    default:
-       if (krb5_is_krb_error(&tgsrep.response))
-           retval = decode_krb5_error(&tgsrep.response, &err_reply);
-       else
-           retval = KRB5KRB_AP_ERR_MSG_TYPE;
-
-       if (retval)                     /* neither proper reply nor error! */
-           goto error_4;
-
-#if 0
-       /* XXX need access to the actual assembled request...
-          need a change to send_tgs */
-       if ((err_reply->ctime != request.ctime) ||
-           !krb5_principal_compare(context, err_reply->server, request.server) ||
-           !krb5_principal_compare(context, err_reply->client, request.client))
-           retval = KRB5_KDCREP_MODIFIED;
-       else
-#endif
-           retval = err_reply->error + ERROR_TABLE_BASE_krb5;
-
-       krb5_free_error(context, err_reply);
-       goto error_4;
-    }
-
-    if (retval = krb5_decode_kdc_rep(context, &tgsrep.response, &tgt->keyblock,
-                                    tgt->keyblock.etype, &dec_rep))
-       goto error_4;
-
-    if (dec_rep->msg_type != KRB5_TGS_REP) {
-       retval = KRB5KRB_AP_ERR_MSG_TYPE;
-       goto error_3;
-    }
-    
-    /* now it's decrypted and ready for prime time */
-    if (!krb5_principal_compare(context, dec_rep->client, tgt->client)) {
-       retval = KRB5_KDCREP_MODIFIED;
-       goto error_3;
-    }
-
-    /* get a cred structure */
-    /* The caller is responsible for cleaning up */
-    if (((*out_cred) = (krb5_creds *)malloc(sizeof(krb5_creds))) == NULL) {
-       retval = ENOMEM;
-       goto error_2;
-    }
-    memset((*out_cred), 0, sizeof(krb5_creds));
-
-    /* Copy the client straigt from in_cred */
-    if (retval = krb5_copy_principal(context, in_cred->client, 
-                                    &(*out_cred)->client)) {
-       goto error_2;
-    }
-
-    /* put pieces into out_cred-> */
-    if (retval = krb5_copy_keyblock_contents(context, 
-                                            dec_rep->enc_part2->session,
-                                            &(*out_cred)->keyblock)) {
-       goto error_2;
-    }
-
-    (*out_cred)->keyblock.etype = dec_rep->ticket->enc_part.etype;
-#ifdef HAVE_C_STRUCTURE_ASSIGNMENT
-    (*out_cred)->times = dec_rep->enc_part2->times;
-#else
-    memcpy(&(*out_cred)->times, &dec_rep->enc_part2->times, 
-          sizeof(krb5_ticket_times));
-#endif
-
-#if 0
-    /* XXX probably need access to the request */
-    /* check the contents for sanity: */
-    if (!krb5_principal_compare(context, dec_rep->client, request.client)
-       || !krb5_principal_compare(context, dec_rep->enc_part2->server, request.server)
-       || !krb5_principal_compare(context, dec_rep->ticket->server, request.server)
-       || (request.nonce != dec_rep->enc_part2->nonce)
-       /* XXX check for extraneous flags */
-       /* XXX || (!krb5_addresses_compare(context, addrs, dec_rep->enc_part2->caddrs)) */
-       || ((request.from != 0) &&
-           (request.from != dec_rep->enc_part2->times.starttime))
-       || ((request.till != 0) &&
-           (dec_rep->enc_part2->times.endtime > request.till))
-       || ((request.kdc_options & KDC_OPT_RENEWABLE) &&
-           (request.rtime != 0) &&
-           (dec_rep->enc_part2->times.renew_till > request.rtime))
-       || ((request.kdc_options & KDC_OPT_RENEWABLE_OK) &&
-           (dec_rep->enc_part2->flags & KDC_OPT_RENEWABLE) &&
-           (request.till != 0) &&
-           (dec_rep->enc_part2->times.renew_till > request.till))
-       )
-       retval = KRB5_KDCREP_MODIFIED;
-
-    if (!request.from && !in_clock_skew(dec_rep->enc_part2->times.starttime)) {
-       retval = KRB5_KDCREP_SKEW;
-       goto error_1;
-    }
-    
-#endif
-
-    (*out_cred)->ticket_flags = dec_rep->enc_part2->flags;
-    (*out_cred)->is_skey = FALSE;
-    if (dec_rep->enc_part2->caddrs) {
-       if (retval = krb5_copy_addresses(context, dec_rep->enc_part2->caddrs,
-                                        &(*out_cred)->addresses)) {
-           goto error_1;
-       }
-    } else {
-       /* no addresses in the list means we got what we had */
-       if (retval = krb5_copy_addresses(context, tgt->addresses,
-                                        &(*out_cred)->addresses)) {
-           goto error_1;
-       }
-    }
-    if (retval = krb5_copy_principal(context, dec_rep->enc_part2->server,
-                                    &(*out_cred)->server)) {
-       goto error_1;
-    }
-
-    if (retval = encode_krb5_ticket(dec_rep->ticket, &scratch)) {
-       krb5_free_addresses(context, (*out_cred)->addresses);
-       goto error_1;
-    }
-
-    (*out_cred)->ticket = *scratch;
-    krb5_xfree(scratch);
-
-error_1:;
-    if (retval)
-       memset((*out_cred)->keyblock.contents, 0, (*out_cred)->keyblock.length);
-
-error_2:;
-    if (retval)
-       krb5_free_creds(context, *out_cred);
-
-error_3:;
-    memset(dec_rep->enc_part2->session->contents, 0,
-          dec_rep->enc_part2->session->length);
-    krb5_free_kdc_rep(context, dec_rep);
-
-error_4:;
-    free(tgsrep.response.data);
-
-error_5:;
-    krb5_free_principal(context, tempprinc);
-    return retval;
-}
index c548b3d370fd40624728f42d4f31b9bd7946966f..87a4de255bab6c130af143ebfcc06565dce447c3 100644 (file)
 #include "int-proto.h"
 
 static krb5_error_code
-krb5_kdcrep2creds(context, pkdcrep, address, ppcreds)
+krb5_kdcrep2creds(context, pkdcrep, address, psectkt, ppcreds)
     krb5_context          context;
     krb5_kdc_rep        * pkdcrep;
     krb5_address *const * address;
+    krb5_data          * psectkt;
     krb5_creds         ** ppcreds;
 {
     krb5_error_code retval;  
@@ -57,15 +58,18 @@ krb5_kdcrep2creds(context, pkdcrep, address, ppcreds)
                                              &(*ppcreds)->keyblock))
         goto cleanup;
 
-    (*ppcreds)->keyblock.etype = pkdcrep->ticket->enc_part.etype;
+    if (retval = krb5_copy_data(context, psectkt, &pdata))
+       goto cleanup;
+    (*ppcreds)->second_ticket = *pdata;
+    krb5_xfree(pdata);
 
-    (*ppcreds)->magic = KV5M_CREDS;
-    (*ppcreds)->is_skey = 0;    /* unused */
-    (*ppcreds)->times = pkdcrep->enc_part2->times;
+    (*ppcreds)->keyblock.etype = pkdcrep->ticket->enc_part.etype;
     (*ppcreds)->ticket_flags = pkdcrep->enc_part2->flags;
+    (*ppcreds)->times = pkdcrep->enc_part2->times;
+    (*ppcreds)->magic = KV5M_CREDS;
 
-    (*ppcreds)->authdata = NULL;   /* not used */
-    memset(&(*ppcreds)->second_ticket, 0, sizeof((*ppcreds)->second_ticket));
+    (*ppcreds)->authdata = NULL;                       /* not used */
+    (*ppcreds)->is_skey = 0;                           /* not used */
 
     if (pkdcrep->enc_part2->caddrs) {
        if (retval = krb5_copy_addresses(context, pkdcrep->enc_part2->caddrs,
@@ -105,7 +109,6 @@ krb5_get_cred_via_tkt (context, tkt, kdcoptions, address, in_cred, out_cred)
     krb5_creds                ** out_cred;
 {
     krb5_error_code retval;
-    krb5_principal tempprinc;
     krb5_kdc_rep *dec_rep;
     krb5_error *err_reply;
     krb5_response tgsrep;
@@ -117,19 +120,27 @@ krb5_get_cred_via_tkt (context, tkt, kdcoptions, address, in_cred, out_cred)
     if (!tkt->ticket.length)
        return KRB5_NO_TKT_SUPPLIED;
 
+    if ((kdcoptions & KDC_OPT_ENC_TKT_IN_SKEY) && 
+       (!in_cred->second_ticket.length))
+        return(KRB5_NO_2ND_TKT);
+
+
     /* check if we have the right TGT                    */
     /* tkt->server must be equal to                      */
     /* krbtgt/realmof(cred->server)@realmof(tgt->server) */
-
 /*
-    if (retval = krb5_tgtname(context, 
+    {
+    krb5_principal tempprinc;
+        if (retval = krb5_tgtname(context, 
                     krb5_princ_realm(context, in_cred->server),
                     krb5_princ_realm(context, tkt->server), &tempprinc))
-       return(retval);
+           return(retval);
 
-    if (!krb5_principal_compare(context, tempprinc, tkt->server)) {
-       retval = KRB5_PRINC_NOMATCH;
-       goto error_5;
+        if (!krb5_principal_compare(context, tempprinc, tkt->server)) {
+            krb5_free_principal(context, tempprinc);
+           return (KRB5_PRINC_NOMATCH);
+        }
+    krb5_free_principal(context, tempprinc);
     }
 */
 
@@ -137,9 +148,10 @@ krb5_get_cred_via_tkt (context, tkt, kdcoptions, address, in_cred, out_cred)
                               krb5_kdc_req_sumtype, /* To be removed */
                               in_cred->server, address, in_cred->authdata,
                               0,               /* no padata */
-                              0,               /* no second ticket */
+                              (kdcoptions & KDC_OPT_ENC_TKT_IN_SKEY) ? 
+                                 &in_cred->second_ticket : NULL,
                               tkt, &tgsrep))
-       goto error_5;
+       return retval;
 
     switch (tgsrep.message_type) {
     case KRB5_TGS_REP:
@@ -158,7 +170,7 @@ krb5_get_cred_via_tkt (context, tkt, kdcoptions, address, in_cred, out_cred)
        /* XXX need access to the actual assembled request...
           need a change to send_tgs */
        if ((err_reply->ctime != request.ctime) ||
-           !krb5_principal_compare(context, err_reply->server, request.server) ||
+           !krb5_principal_compare(context,err_reply->server,request.server) ||
            !krb5_principal_compare(context, err_reply->client, request.client))
            retval = KRB5_KDCREP_MODIFIED;
        else
@@ -184,9 +196,6 @@ krb5_get_cred_via_tkt (context, tkt, kdcoptions, address, in_cred, out_cred)
        goto error_3;
     }
 
-    retval = krb5_kdcrep2creds(context, dec_rep, address, out_cred);
-
-
 #if 0
     /* XXX probably need access to the request */
     /* check the contents for sanity: */
@@ -212,13 +221,13 @@ krb5_get_cred_via_tkt (context, tkt, kdcoptions, address, in_cred, out_cred)
 
     if (!request.from && !in_clock_skew(dec_rep->enc_part2->times.starttime)) {
        retval = KRB5_KDCREP_SKEW;
-       goto error_1;
+       goto error_3;
     }
     
 #endif
 
-error_1:;
-    if (retval)
+    retval = krb5_kdcrep2creds(context, dec_rep, address, 
+                              &in_cred->second_ticket,  out_cred);
 
 error_3:;
     memset(dec_rep->enc_part2->session->contents, 0,
@@ -227,8 +236,5 @@ error_3:;
 
 error_4:;
     free(tgsrep.response.data);
-
-error_5:;
-    krb5_free_principal(context, tempprinc);
     return retval;
 }
index 0a08e39cdc866fe48255db31741327a881a1106f..7ad90e0e86b76a7006ae1ebd3721faa5161ee980 100644 (file)
@@ -33,20 +33,6 @@ krb5_error_code krb5_tgtname
                   const krb5_data *,
                   const krb5_data *,
                   krb5_principal *));
-krb5_error_code krb5_get_cred_via_tgt
-       PROTOTYPE((krb5_context context,
-                  krb5_creds *,
-                  const krb5_flags,
-                  const krb5_cksumtype,
-                  krb5_creds *,
-                  krb5_creds **));
-krb5_error_code krb5_get_cred_via_2tgt
-       PROTOTYPE((krb5_context context,
-                  krb5_creds *,
-                  const krb5_flags,
-                  const krb5_cksumtype,
-                  krb5_creds *,
-                  krb5_creds **));
 
 #endif /* KRB5_INT_FUNC_PROTO__ */