From 67f9801f84e64c7fd66184883951956285b5034f Mon Sep 17 00:00:00 2001
From: Chris Provenzano <proven@mit.edu>
Date: Thu, 23 Feb 1995 13:29:09 +0000
Subject: [PATCH]     * init_sec_context.c (make_ap_req()) Use new API for     
    krb5_mk_req_extended() and cleanup internal processing.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4992 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/gssapi/krb5/ChangeLog          |   5 ++
 src/lib/gssapi/krb5/init_sec_context.c | 108 ++++++++++++++-----------
 2 files changed, 64 insertions(+), 49 deletions(-)

diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index f6038d906..651ad5e1b 100644
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -15,6 +15,11 @@ Mon Feb 20 12:00:00 1995  keith Vetter (keithv@fusion.com)
 	* gssapiP_krb5.h changed to match
 	* Makefile.in changed to match
 
+Tue Feb 14 15:01:36 1995 Chris Provenzano (proven@mit.edu)
+
+    * init_sec_context.c (make_ap_req()) Use new API for 
+        krb5_mk_req_extended() and cleanup internal processing.
+
 Fri Feb  3 00:34:55 1995  John Gilmore  <gnu@cygnus.com>
 
 	Rename files for DOS 8.3 uniqueness:
diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c
index 5b42687d0..e65e6d0d0 100644
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -37,65 +37,75 @@ make_ap_req(context, cred, server, endtime, chan_bindings, do_mutual,
      krb5_int32 *seqnum;
      gss_buffer_t token;
 {
-   krb5_error_code code;
-   krb5_checksum md5, checksum;
-   krb5_creds creds;
-   krb5_authenticator authent;
-   krb5_data ap_req;
-   long tmp;
-   unsigned char *ptr;
-   unsigned char ckbuf[24];		/* see the token formats doc */
-   unsigned char *t;
-   int tlen;
-
-   /* build the checksum buffer */
-
-   /* compute the hash of the channel bindings */
-
-   if (code = kg_checksum_channel_bindings(chan_bindings, &md5, 0))
-      return(code);
-
-   ptr = ckbuf;
-
-   TWRITE_INT(ptr, md5.length, 0);
-   TWRITE_STR(ptr, (unsigned char *) md5.contents, md5.length);
-   TWRITE_INT(ptr, do_mutual?GSS_C_MUTUAL_FLAG:0, 0);
-
-   /* done with this, free it */
-   xfree(md5.contents);
-
-   checksum.checksum_type = CKSUMTYPE_KG_CB;
-   checksum.length = sizeof(ckbuf);
-   checksum.contents = (krb5_octet *) ckbuf;
-
-   /* fill in the necessary fields in creds */
-
-   memset((char *) &creds, 0, sizeof(creds));
-   if (code = krb5_copy_principal(context, cred->princ, &creds.client))
+    krb5_error_code code;
+    krb5_checksum md5, checksum;
+    krb5_creds in_creds, * out_creds;
+    krb5_authenticator authent;
+    krb5_data ap_req;
+    long tmp;
+    unsigned char *ptr;
+    unsigned char ckbuf[24];		/* see the token formats doc */
+    unsigned char *t;
+    int tlen;
+
+    /* build the checksum buffer */
+ 
+    /* compute the hash of the channel bindings */
+
+    if (code = kg_checksum_channel_bindings(chan_bindings, &md5, 0))
+        return(code);
+
+    ptr = ckbuf;
+
+    TWRITE_INT(ptr, md5.length, 0);
+    TWRITE_STR(ptr, (unsigned char *) md5.contents, md5.length);
+    TWRITE_INT(ptr, do_mutual?GSS_C_MUTUAL_FLAG:0, 0);
+
+    /* done with this, free it */
+    xfree(md5.contents);
+
+    checksum.checksum_type = CKSUMTYPE_KG_CB;
+    checksum.length = sizeof(ckbuf);
+    checksum.contents = (krb5_octet *) ckbuf;
+
+    /* fill in the necessary fields in creds */
+
+    memset((char *) &in_creds, 0, sizeof(krb5_creds));
+    if (code = krb5_copy_principal(context, cred->princ, &in_creds.client))
+        return code;
+    if (code = krb5_copy_principal(context, server, &in_creds.server)) {
+        krb5_free_cred_contents(context, &in_creds);
+        return code;
+    }
+    in_creds.times.endtime = *endtime;
+
+    /*
+     * Get the credential..., I don't know in 0 is a good value for the
+     * kdcoptions
+     */
+    if (code = krb5_get_credentials(context, 0, cred->ccache, 
+				    &in_creds, &out_creds)) {
+       krb5_free_cred_contents(context, &in_creds);
        return code;
-   if (code = krb5_copy_principal(context, server, &creds.server)) {
-       krb5_free_cred_contents(context, &creds);
-       return code;
-   }
-   creds.times.endtime = *endtime;
+    }
 
-   /* call mk_req.  subkey and ap_req need to be used or destroyed */
+    krb5_free_cred_contents(context, &in_creds);
+    /* call mk_req.  subkey and ap_req need to be used or destroyed */
 
-   if (code = krb5_mk_req_extended(context, do_mutual?AP_OPTS_MUTUAL_REQUIRED:0,
-				   &checksum, 0, 0, subkey, cred->ccache,
-				   &creds, &authent, &ap_req)) {
-       krb5_free_cred_contents(context, &creds);
+    if (code = krb5_mk_req_extended(context,do_mutual?AP_OPTS_MUTUAL_REQUIRED:0,
+				   &checksum, 0, subkey, out_creds, &authent, 
+				   &ap_req)) {
+       krb5_free_creds(context, out_creds);
        return(code);
    }
 
    /* store the interesting stuff from creds and authent */
-   *endtime = creds.times.endtime;
-   *flags = creds.ticket_flags;
+   *endtime = out_creds->times.endtime;
+   *flags = out_creds->ticket_flags;
    *seqnum = authent.seq_number;
 
    /* free stuff which was created */
-
-   krb5_free_cred_contents(context, &creds);
+   krb5_free_creds(context, out_creds);
 
    /* build up the token */
 
-- 
2.26.2