From 867eca0184079ad3f3fe9cf285e8dff41296e3ef Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Wed, 10 Jan 1996 03:53:09 +0000 Subject: [PATCH] forward.c (get_for_creds): Removed no longer used function kcmd.c (kcmd): Convert from using get_for_creds() from forward.c to using the official library routine, krb5_fwd_tgt_creds(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7284 dc483132-0cff-0310-8789-dd5450dbe970 --- src/appl/bsd/ChangeLog | 7 ++ src/appl/bsd/forward.c | 154 ----------------------------------------- src/appl/bsd/kcmd.c | 7 +- 3 files changed, 10 insertions(+), 158 deletions(-) diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog index 44363ab61..aa426ce0f 100644 --- a/src/appl/bsd/ChangeLog +++ b/src/appl/bsd/ChangeLog @@ -1,3 +1,10 @@ +Tue Jan 9 22:51:16 1996 Theodore Y. Ts'o + + * forward.c (get_for_creds): Removed no longer used function. + + * kcmd.c (kcmd): Convert from using get_for_creds() from forward.c + to using the official library routine, krb5_fwd_tgt_creds(). + Fri Dec 22 17:42:11 1995 Theodore Y. Ts'o * login.c (main): If HAVE_SHADOW is defined, and no shadow diff --git a/src/appl/bsd/forward.c b/src/appl/bsd/forward.c index 3ecd2ab63..5cdea1b78 100644 --- a/src/appl/bsd/forward.c +++ b/src/appl/bsd/forward.c @@ -19,9 +19,6 @@ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ -/* General-purpose forwarding routines. These routines may be put into */ -/* libkrb5.a to allow widespread use */ - #if defined(KERBEROS) || defined(KRB5) #include #include @@ -74,155 +71,4 @@ cleanup: return retval; } -#ifndef MAXHOSTNAMELEN -#define MAXHOSTNAMELEN 64 -#endif - -#define KRB5_DEFAULT_LIFE 60*60*8 /* 8 hours */ -/* helper function: convert flags to necessary KDC options */ -#define flags2options(flags) (flags & KDC_TKT_COMMON_MASK) - -/* Get a TGT for use at the remote host */ -krb5_error_code -get_for_creds(context, auth_context, rhost, client, forwardable, out_buf) - krb5_context context; - krb5_auth_context auth_context; - char *rhost; - krb5_principal client; - int forwardable; /* Should forwarded TGT also be forwardable? */ - krb5_data *out_buf; -{ - krb5_replay_data replaydata; - krb5_data * scratch; - struct hostent *hp; - krb5_address **addrs; - krb5_error_code retval; - krb5_creds tgt, creds, *pcreds; - krb5_ccache cc; - krb5_flags kdcoptions; - krb5_timestamp now; - char *remote_host = 0; - char **hrealms = 0; - int i; - - memset((char *)&creds, 0, sizeof(creds)); - - if (!rhost || !(hp = gethostbyname(rhost))) - return KRB5_ERR_BAD_HOSTNAME; - - remote_host = (char *) malloc(strlen(hp->h_name)+1); - if (!remote_host) { - retval = ENOMEM; - goto errout; - } - strcpy(remote_host, hp->h_name); - - if (retval = krb5_get_host_realm(context, remote_host, &hrealms)) - goto errout; - if (!hrealms[0]) { - retval = KRB5_ERR_HOST_REALM_UNKNOWN; - goto errout; - } - - /* Count elements */ - for(i = 0; hp->h_addr_list[i]; i++); - - addrs = (krb5_address **) malloc ((i + 1)*sizeof(*addrs)); - if (!addrs) { - retval = ENOMEM; - goto errout; - } - memset(addrs, 0, (i+1)*sizeof(*addrs)); - - for(i = 0; hp->h_addr_list[i]; i++) { - addrs[i] = (krb5_address *) malloc(sizeof(krb5_address)); - if (!addrs[i]) { - retval = ENOMEM; - goto errout; - } - addrs[i]->addrtype = hp->h_addrtype; - addrs[i]->length = hp->h_length; - addrs[i]->contents = (unsigned char *)malloc(addrs[i]->length); - if (!addrs[i]->contents) { - retval = ENOMEM; - goto errout; - } - memcpy ((char *)addrs[i]->contents, hp->h_addr_list[i], - addrs[i]->length); - } - addrs[i] = 0; - - if (retval = krb5_copy_principal(context, client, &creds.client)) - goto errout; - - if (retval = krb5_build_principal_ext(context, &creds.server, - strlen(hrealms[0]), - hrealms[0], - KRB5_TGS_NAME_SIZE, - KRB5_TGS_NAME, - client->realm.length, - client->realm.data, - 0)) - goto errout; - - creds.times.starttime = 0; - if (retval = krb5_timeofday(context, &now)) - goto errout; - - creds.times.endtime = now + KRB5_DEFAULT_LIFE; - creds.times.renew_till = 0; - - if (retval = krb5_cc_default(context, &cc)) - goto errout; - - /* fetch tgt directly from cache */ - retval = krb5_cc_retrieve_cred (context, cc, KRB5_TC_MATCH_SRV_NAMEONLY, - &creds, &tgt); - krb5_cc_close(context, cc); - - if (retval) - goto errout; - - /* tgt->client must be equal to creds.client */ - if (!krb5_principal_compare(context, tgt.client, creds.client)) { - retval = KRB5_PRINC_NOMATCH; - goto errout; - } - - if (!tgt.ticket.length) { - retval = KRB5_NO_TKT_SUPPLIED; - goto errout; - } - - if (!(tgt.ticket_flags & TKT_FLG_FORWARDABLE)) { - retval = KRB5_TKT_NOT_FORWARDABLE; - goto errout; - } - - kdcoptions = flags2options(tgt.ticket_flags)|KDC_OPT_FORWARDED; - - if (!forwardable) /* Reset KDC_OPT_FORWARDABLE */ - kdcoptions &= ~(KDC_OPT_FORWARDABLE); - - if (retval = krb5_get_cred_via_tkt(context, &tgt, kdcoptions, - addrs, &creds, &pcreds)) - goto errout; - - retval = krb5_mk_1cred(context, auth_context, pcreds, - &scratch, &replaydata); - krb5_free_creds(context, pcreds); - *out_buf = *scratch; - krb5_xfree(scratch); - -errout: - if (remote_host) - free(remote_host); - if (hrealms) - krb5_xfree(hrealms); - if (addrs) - krb5_free_addresses(context, addrs); - krb5_free_cred_contents(context, &creds); - return retval; -} - #endif /* KERBEROS */ diff --git a/src/appl/bsd/kcmd.c b/src/appl/bsd/kcmd.c index e6dc73cbf..4507825d3 100644 --- a/src/appl/bsd/kcmd.c +++ b/src/appl/bsd/kcmd.c @@ -331,11 +331,10 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, (void) write(s, locuser, strlen(locuser)+1); if (options & OPTS_FORWARD_CREDS) { /* Forward credentials */ - if (status = get_for_creds(bsd_context, auth_context, + if (status = krb5_fwd_tgt_creds(bsd_context, auth_context, host_save, - ret_cred->client, - /* Forwardable TGT? */ - options & OPTS_FORWARDABLE_CREDS, + ret_cred->client, ret_cred->server, + 0, options & OPTS_FORWARDABLE_CREDS, &outbuf)) { fprintf(stderr, "kcmd: Error getting forwarded creds\n"); goto bad2; -- 2.26.2