forward.c (get_for_creds): Removed no longer used function

kerberos5.c (kerberos5_forward): Convert from using get_for_creds() from forward.c to using the official library routine, krb5_fwd_tgt_creds(). Misc. lint cleanups. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7285 dc483132-0cff-0310-8789-dd5450dbe970
author: Theodore Tso <tytso@mit.edu> 1996-01-10 03:56:23 +0000
committer: Theodore Tso <tytso@mit.edu> 1996-01-10 03:56:23 +0000
commit: 2a548e1f5b1050e362f2b8520d845fc4cd922530 (patch)
tree: 2dab06837252d6b2a469b0c11b0162bbed86383d /src/appl
parent: 867eca0184079ad3f3fe9cf285e8dff41296e3ef (diff)
download: krb5-2a548e1f5b1050e362f2b8520d845fc4cd922530.zip
krb5-2a548e1f5b1050e362f2b8520d845fc4cd922530.tar.gz
krb5-2a548e1f5b1050e362f2b8520d845fc4cd922530.tar.bz2
3 files changed, 55 insertions, 165 deletions
diff --git a/src/appl/telnet/libtelnet/ChangeLog b/src/appl/telnet/libtelnet/ChangeLog
index 43ee616..032f6de 100644
--- a/src/appl/telnet/libtelnet/ChangeLog
+++ b/src/appl/telnet/libtelnet/ChangeLog
@@ -1,3 +1,12 @@
+Tue Jan  9 22:53:58 1996  Theodore Y. Ts'o  <tytso@dcl>
+
+	* forward.c (get_for_creds): Removed no longer used function.
+
+	* kerberos5.c (kerberos5_forward): Convert from using
+		get_for_creds() from forward.c to using the official
+		library routine, krb5_fwd_tgt_creds().  Misc. lint
+		cleanups. 
+
 Sun Nov 12 04:48:41 1995  Mark W. Eichin  <eichin@cygnus.com>
 
 	* forward.c: set KRB5_DEFAULT_LIFE to 10 hours, not 8.
diff --git a/src/appl/telnet/libtelnet/forward.c b/src/appl/telnet/libtelnet/forward.c
index c86a28a..1647b60 100644
--- a/src/appl/telnet/libtelnet/forward.c
+++ b/src/appl/telnet/libtelnet/forward.c
@@ -79,148 +79,4 @@ cleanup:
     return retval;
 }
 
-
-#define KRB5_DEFAULT_LIFE 60*60*10   /* 10 hours */
-/* helper function: convert flags to necessary KDC options */
-#define flags2options(flags) (flags & KDC_TKT_COMMON_MASK)
-
-/* Get a TGT for use at the remote host */
-krb5_error_code INTERFACE
-get_for_creds(context, auth_context, rhost, client, forwardable, outbuf)
-    krb5_context context;
-    krb5_auth_context auth_context;
-    char *rhost;
-    krb5_principal client;
-    int forwardable;      /* Should forwarded TGT also be forwardable? */
-    krb5_data *outbuf;
-{
-    krb5_replay_data replaydata;
-    krb5_data * scratch;
-    struct hostent *hp;
-    krb5_address **addrs;
-    krb5_error_code retval;
-    krb5_error *err_reply;
-    krb5_creds creds, tgt;
-    krb5_creds *pcreds;
-    krb5_ccache cc;
-    krb5_flags kdcoptions;
-    krb5_timestamp now;
-    char *remote_host = 0;
-    char **hrealms = 0;
-    int i;
-
-    memset((char *)&creds, 0, sizeof(creds));
-
-    if (!rhost || !(hp = gethostbyname(rhost)))
-      return KRB5_ERR_BAD_HOSTNAME;
-
-    remote_host = (char *) malloc(strlen(hp->h_name)+1);
-    if (!remote_host) {
-	retval = ENOMEM;
-	goto errout;
-    }	
-    strcpy(remote_host, hp->h_name);
-
-    if (retval = krb5_get_host_realm(context, remote_host, &hrealms))
-	goto errout;
-    if (!hrealms[0]) {
-	retval = KRB5_ERR_HOST_REALM_UNKNOWN;
-	goto errout;
-    }
-
-    /* Count elements */
-    for(i=0; hp->h_addr_list[i]; i++);
-
-    addrs = (krb5_address **) malloc ((i+1)*sizeof(*addrs));
-    if (!addrs) {
-	retval = ENOMEM;
-	goto errout;
-    }
-    memset(addrs, 0, (i+1)*sizeof(*addrs));
-    
-    for(i=0; hp->h_addr_list[i]; i++) {
-	addrs[i] = (krb5_address *) malloc(sizeof(krb5_address));
-	if (!addrs[i]) {
-	    retval = ENOMEM;
-	    goto errout;
-	}
-	addrs[i]->addrtype = hp->h_addrtype;
-	addrs[i]->length   = hp->h_length;
-	addrs[i]->contents = (unsigned char *)malloc(addrs[i]->length);
-	if (!addrs[i]->contents) {
-	    retval = ENOMEM;
-	    goto errout;
-	}
-	memcpy ((char *)addrs[i]->contents, hp->h_addr_list[i],
-		addrs[i]->length);
-    }
-    addrs[i] = 0;
-
-    if (retval = krb5_copy_principal(context, client, &creds.client))
-	goto errout;
-    
-    if (retval = krb5_build_principal_ext(context, &creds.server,
-					  strlen(hrealms[0]),
-					  hrealms[0],
-					  KRB5_TGS_NAME_SIZE,
-					  KRB5_TGS_NAME,
-					  client->realm.length,
-					  client->realm.data,
-					  0))
-	goto errout;
-	
-    creds.times.starttime = 0;
-    if (retval = krb5_timeofday(context, &now))
-	goto errout;
-
-    creds.times.endtime = now + KRB5_DEFAULT_LIFE;
-    creds.times.renew_till = 0;
-    
-    if (retval = krb5_cc_default(context, &cc))
-	goto errout;
-
-    /* fetch tgt directly from cache */
-    retval = krb5_cc_retrieve_cred (context, cc, KRB5_TC_MATCH_SRV_NAMEONLY,
-				    &creds, &tgt);
-    krb5_cc_close(context, cc);
-    if (retval)
-	goto errout;
-
-    /* tgt->client must be equal to creds.client */
-    if (!krb5_principal_compare(context, tgt.client, creds.client)) {
-	retval = KRB5_PRINC_NOMATCH;
-	goto errout;
-    }
-
-    if (!tgt.ticket.length) {
-	retval = KRB5_NO_TKT_SUPPLIED;
-	goto errout;
-    }
-
-    kdcoptions = flags2options(tgt.ticket_flags)|KDC_OPT_FORWARDED;
-
-    if (!forwardable) /* Reset KDC_OPT_FORWARDABLE */
-      kdcoptions &= ~(KDC_OPT_FORWARDABLE);
-
-    if (retval = krb5_get_cred_via_tkt(context, &tgt, kdcoptions,
-                                       addrs, &creds, &pcreds))
-        goto errout;
-
-    retval = krb5_mk_1cred(context, auth_context, pcreds,
-                           &scratch, &replaydata);
-    krb5_free_creds(context, pcreds);
-    *outbuf = *scratch;
-    krb5_xfree(scratch);
-        
-errout:
-    if (remote_host)
-	free(remote_host);
-    if (hrealms)
-	krb5_xfree(hrealms);
-    if (addrs)
-	krb5_free_addresses(context, addrs);
-    krb5_free_cred_contents(context, &creds);
-    return retval;
-}
-
 #endif /* defined(KRB5) && defined(FORWARD) */
diff --git a/src/appl/telnet/libtelnet/kerberos5.c b/src/appl/telnet/libtelnet/kerberos5.c
index 6c8969f..c3b70dd 100644
--- a/src/appl/telnet/libtelnet/kerberos5.c
+++ b/src/appl/telnet/libtelnet/kerberos5.c
@@ -187,7 +187,6 @@ kerberos5_send(ap)
 	krb5_ccache ccache;
 	krb5_creds creds;		/* telnet gets session key from here */
 	krb5_creds * new_creds = 0;
-	extern krb5_flags krb5_kdc_default_options;
 	int ap_opts;
 
 #ifdef	ENCRYPTION
@@ -201,7 +200,7 @@ kerberos5_send(ap)
                 return(0);
         }
 
-	if (r = krb5_cc_default(telnet_context, &ccache)) {
+	if ((r = krb5_cc_default(telnet_context, &ccache))) {
 		if (auth_debug_mode) {
 			printf("Kerberos V5: could not get default ccache\r\n");
 		}
@@ -209,8 +208,9 @@ kerberos5_send(ap)
 	}
 
 	memset((char *)&creds, 0, sizeof(creds));
-	if (r = krb5_sname_to_principal(telnet_context, RemoteHostName, "host",
-				        KRB5_NT_SRV_HST, &creds.server)) {
+	if ((r = krb5_sname_to_principal(telnet_context, RemoteHostName,
+					 "host", KRB5_NT_SRV_HST,
+					 &creds.server))) {
 	    if (auth_debug_mode)
 		printf("Kerberos V5: error while constructing service name: %s\r\n", error_message(r));
 	    return(0);
@@ -229,7 +229,8 @@ kerberos5_send(ap)
 	    krb5_princ_set_realm(telnet_context, creds.server, &rdata);
 	}
 
-	if (r = krb5_cc_get_principal(telnet_context, ccache, &creds.client)) {
+	if ((r = krb5_cc_get_principal(telnet_context, ccache,
+				       &creds.client))) {
 		if (auth_debug_mode) {
 			printf("Kerberos V5: failure on principal (%s)\r\n",
 				error_message(r));
@@ -238,8 +239,8 @@ kerberos5_send(ap)
 		return(0);
 	}
 
-	if (r = krb5_get_credentials(telnet_context, 0,
-				     ccache, &creds, &new_creds)) {
+	if ((r = krb5_get_credentials(telnet_context, 0,
+				      ccache, &creds, &new_creds))) {
 		if (auth_debug_mode) {
 			printf("Kerberos V5: failure on credentials(%s)\r\n",
 			       error_message(r));
@@ -257,7 +258,7 @@ kerberos5_send(ap)
 	ap_opts |= AP_OPTS_USE_SUBKEY;
 #endif	/* ENCRYPTION */
 	    
-    if (r = krb5_auth_con_init(telnet_context, &auth_context)) {
+    if ((r = krb5_auth_con_init(telnet_context, &auth_context))) {
 	if (auth_debug_mode) {
 	    printf("Kerberos V5: failed to init auth_context (%s)\r\n",
 		   error_message(r));
@@ -380,7 +381,8 @@ kerberos5_is(ap, data, cnt)
 		}
 		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
 		    /* do ap_rep stuff here */
-		    if (r = krb5_mk_rep(telnet_context, auth_context, &outbuf))
+		    if ((r = krb5_mk_rep(telnet_context, auth_context,
+					 &outbuf)))
 			goto errout;
 
 		    Data(ap, KRB_RESPONSE, outbuf.data, outbuf.length);
@@ -506,8 +508,8 @@ kerberos5_reply(ap, data, cnt)
 		    inbuf.length = cnt;
 		    inbuf.data = (char *)data;
 
-		    if (r = krb5_rd_rep(telnet_context, auth_context, &inbuf,
-					&reply)) {
+		    if ((r = krb5_rd_rep(telnet_context, auth_context, &inbuf,
+					 &reply))) {
 			printf("[ Mutual authentication failed: %s ]\r\n",
 			       error_message(r));
 			auth_send_retry();
@@ -638,37 +640,51 @@ kerberos5_forward(ap)
 {
     krb5_error_code r;
     krb5_ccache ccache;
-    krb5_principal client;
+    krb5_principal client = 0;
+    krb5_principal server = 0;
     krb5_data forw_creds;
 
-    if (r = krb5_cc_default(telnet_context, &ccache)) {
+    forw_creds.data = 0;
+
+    if ((r = krb5_cc_default(telnet_context, &ccache))) {
 	if (auth_debug_mode) 
 	    printf("Kerberos V5: could not get default ccache - %s\r\n",
 		   error_message(r));
 	return;
     }
 
-    if (r = krb5_cc_get_principal(telnet_context, ccache, &client)) {
+    if ((r = krb5_cc_get_principal(telnet_context, ccache, &client))) {
 	if (auth_debug_mode) 
 	    printf("Kerberos V5: could not get default principal - %s\r\n",
 		   error_message(r));
-	return;
+	goto cleanup;
+    }
+
+    if ((r = krb5_sname_to_principal(telnet_context, RemoteHostName, "host",
+				     KRB5_NT_SRV_HST, &server))) {
+	if (auth_debug_mode) 
+	    printf("Kerberos V5: could not make server principal - %s\r\n",
+		   error_message(r));
+	goto cleanup;
     }
+    
 
-    if (r = krb5_auth_con_genaddrs(telnet_context, auth_context, net,
-			KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR)) {
+    if ((r = krb5_auth_con_genaddrs(telnet_context, auth_context, net,
+			    KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR))) {
 	if (auth_debug_mode)
 	    printf("Kerberos V5: could not gen local full address - %s\r\n",
 		    error_message(r));
-	return;
+	goto cleanup;
     }
 
-    if (r = get_for_creds(telnet_context, auth_context, RemoteHostName, client,
-			  forward_flags & OPTS_FORWARDABLE_CREDS, &forw_creds)){
+    if ((r = krb5_fwd_tgt_creds(telnet_context, auth_context, 0, client,
+				server, ccache,
+				forward_flags & OPTS_FORWARDABLE_CREDS,
+				&forw_creds))) {
 	if (auth_debug_mode) 
 	    printf("Kerberos V5: error getting forwarded creds - %s\r\n",
 	  	   error_message(r));
-	return;
+	goto cleanup;
     }
     
     /* Send forwarded credentials */
@@ -679,6 +695,15 @@ kerberos5_forward(ap)
 	if (auth_debug_mode)
 	    printf("Forwarded local Kerberos V5 credentials to server\r\n");
     }
+    
+cleanup:
+    if (client)
+	krb5_free_principal(telnet_context, client);
+    if (server)
+	krb5_free_principal(telnet_context, server);
+    if (forw_creds.data)
+	free(forw_creds.data);
+    krb5_cc_close(telnet_context, ccache);
 }
 #endif	/* FORWARD */
author	Theodore Tso <tytso@mit.edu>	1996-01-10 03:56:23 +0000
committer	Theodore Tso <tytso@mit.edu>	1996-01-10 03:56:23 +0000
commit	2a548e1f5b1050e362f2b8520d845fc4cd922530 (patch)
tree	2dab06837252d6b2a469b0c11b0162bbed86383d /src/appl
parent	867eca0184079ad3f3fe9cf285e8dff41296e3ef (diff)
download	krb5-2a548e1f5b1050e362f2b8520d845fc4cd922530.zip krb5-2a548e1f5b1050e362f2b8520d845fc4cd922530.tar.gz krb5-2a548e1f5b1050e362f2b8520d845fc4cd922530.tar.bz2