From: Bill Sommerfeld <wesommer@mit.edu>
Date: Mon, 5 Feb 1990 15:37:34 +0000 (+0000)
Subject: Initial revision
X-Git-Tag: krb5-1.0-alpha2~1099
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=9491666f67657385a543d4c85146b1619cc5dec7;p=krb5.git

Initial revision

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@285 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/krb5/krb/gc_frm_kdc.c b/src/lib/krb5/krb/gc_frm_kdc.c
new file mode 100644
index 000000000..942b671dc
--- /dev/null
+++ b/src/lib/krb5/krb/gc_frm_kdc.c
@@ -0,0 +1,89 @@
+/*
+ * $Source$
+ * $Author$
+ *
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <krb5/mit-copyright.h>.
+ *
+ * Get credentials from some KDC somewhere, possibly accumulating tgts
+ * along the way.
+ */
+
+#if !defined(lint) && !defined(SABER)
+static char rcsid_gcfkdc_c[] =
+"$Id$";
+#endif	/* !lint & !SABER */
+
+#include <krb5/copyright.h>
+
+#include <krb5/krb5.h>
+
+/*
+ * Retrieve credentials for principal creds->client,
+ * server creds->server, ticket flags creds->ticket_flags, possibly
+ * second_ticket if needed by ticket_flags.
+ * 
+ * Credentials are requested from the KDC for the server's realm.  Any
+ * TGT credentials obtained in the process of contacting the KDC are
+ * returned in an array of credentials; tgts is filled in to point to an
+ * array of pointers to credential structures (if no TGT's were used, the
+ * pointer is zeroed).
+ * 
+ * The returned credentials are NOT cached.
+ *
+ * This routine should not be called if the credentials are already in
+ * the cache.
+ * 
+ * If credentials are obtained, creds is filled in with the results;
+ * creds->ticket and creds->keyblock->key are set to allocated storage,
+ * which should be freed by the caller when finished.
+ * 
+ * returns errors, system errors.
+ */
+
+krb5_error_code
+krb5_get_cred_from_kdc (ccache, cred, tgts)
+    krb5_ccache ccache;
+    krb5_creds *cred;
+    krb5_creds ***tgts;
+{
+    krb5_creds tgt, tgtq;
+    
+    /*
+     * we know that the desired credentials aren't in the cache yet.
+     *
+     * To get them, we first need a tgt for the realm of the server.
+     */
+
+    /* first, we see if we have a shortcut path to the server's realm. */
+    
+    /*
+     * look for ticket with:
+     * client == cred->client,
+     * server == "krbtgt/realmof(cred->server)@realmof(cred->client)"
+     */
+
+    /*
+     * XXX we're sharing some substructure here, which is
+     * probably not safe...
+     */
+    tgtq.client = cred->client;
+    /* XXX who frees this memory? */
+    tgtq.server = krb5_tgtname(cred->server, cred->client); 
+    /* go find it.. */
+    code = krb5_cc_retrieve_cred (ccache,
+				  KRB5_CF_CLIENT|KRB5_CF_SERVER,
+				  &tgtq,
+				  &tgt);
+    if (code != 0) {
+	if (code != KRB5_CC_NOTFOUND)
+	    goto out;
+	/* nope; attempt to get tgt */
+    }
+    /* got tgt! */
+    code = krb5_get_cred_via_tgt(&tgt, cred);
+out:
+    return code;
+}