Skip to content

Commit

Permalink
Merge trunk changes from r23874 to r23900 to iakerb branch.
Browse files Browse the repository at this point in the history 
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23901 dc483132-0cff-0310-8789-dd5450dbe970
  • Loading branch information
ghudson committed Apr 14, 2010
1 parent ee5926e commit bf45785
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 90 deletions.
13 changes: 0 additions & 13 deletions src/lib/krb5/krb/int-proto.h
View file
Expand Up @@ -137,19 +137,6 @@ krb5int_process_tgs_reply(krb5_context context,
krb5_pa_data ***out_enc_padata,
krb5_creds **out_cred);

krb5_error_code krb5int_send_tgs(krb5_context, krb5_flags,
const krb5_ticket_times *,
const krb5_enctype *,
krb5_const_principal, krb5_address *const *,
krb5_authdata *const *,
krb5_pa_data *const *, const krb5_data *,
krb5_creds *,
krb5_error_code (*gcvt_fct)(krb5_context,
krb5_keyblock *,
krb5_kdc_req *,
void *),
void *gcvt_data, krb5_response *,
krb5_keyblock **subkey);
/* The subkey field is an output parameter; if a
* tgs-rep is received then the subkey will be filled
* in with the subkey needed to decrypt the TGS
Expand Down
6 changes: 3 additions & 3 deletions src/lib/krb5/krb/s4u_creds.c
View file
Expand Up @@ -244,9 +244,9 @@ build_pa_for_user(krb5_context context,
}

/*
* This function is invoked by krb5int_send_tgs() just before
* the request is encoded; it gives us access to the nonce and
* subkey without requiring them to be generated by the caller.
* This function is invoked by krb5int_make_tgs_request_ext() just before the
* request is encoded; it gives us access to the nonce and subkey without
* requiring them to be generated by the caller.
*/
static krb5_error_code
build_pa_s4u_x509_user(krb5_context context,
Expand Down
74 changes: 0 additions & 74 deletions src/lib/krb5/krb/send_tgs.c
View file
Expand Up @@ -345,77 +345,3 @@ krb5int_make_tgs_request_ext(krb5_context context,
krb5_free_keyblock(context, local_subkey);
return retval;
}

krb5_error_code
krb5int_send_tgs(krb5_context context, krb5_flags kdcoptions,
const krb5_ticket_times *timestruct,
const krb5_enctype *ktypes,
krb5_const_principal sname, krb5_address *const *addrs,
krb5_authdata *const *authorization_data,
krb5_pa_data *const *padata, const krb5_data *second_ticket,
krb5_creds *in_cred,
krb5_error_code (*pacb_fct)(krb5_context,
krb5_keyblock *,
krb5_kdc_req *,
void *),
void *pacb_data,
krb5_response *rep, krb5_keyblock **subkey_out)
{
krb5_error_code retval;
krb5_data request;
int tcp_only = 0, use_master;
krb5_timestamp now;
krb5_int32 nonce;
krb5_keyblock *subkey;
krb5_error *err_reply = NULL;
krb5_ui_4 err;

*subkey_out = NULL;
rep->message_type = KRB5_ERROR;

retval = krb5int_make_tgs_request_ext(context, kdcoptions, timestruct,
ktypes, sname, addrs,
authorization_data, padata,
second_ticket, in_cred,
pacb_fct, pacb_data, &request, &now,
&nonce, &subkey);
if (retval != 0)
return retval;

rep->expected_nonce = nonce;
rep->request_time = now;

for (tcp_only = 0; tcp_only <= 1; tcp_only++) {
use_master = 0;
retval = krb5_sendto_kdc(context, &request,
krb5_princ_realm(context, sname),
&rep->response, &use_master, tcp_only);
if (retval != 0)
break;

if (krb5_is_tgs_rep(&rep->response)) {
/* Successful response; set the output subkey. */
rep->message_type = KRB5_TGS_REP;
*subkey_out = subkey;
subkey = NULL;
break;
} else if (krb5_is_krb_error(&rep->response) && !tcp_only) {
/* Decode the error response to extract the code. */
retval = decode_krb5_error(&rep->response, &err_reply);
err = (retval == 0) ? err_reply->error : 0;
krb5_free_error(context, err_reply);
if (err == KRB_ERR_RESPONSE_TOO_BIG) {
/* Try again with TCP. */
krb5_free_data_contents(context, &rep->response);
continue;
}
}
/* Unexpected message type, or an error other than RESPONSE_TOO_BIG. */
rep->message_type = KRB5_ERROR;
break;
}

krb5_free_data_contents(context, &request);
krb5_free_keyblock(context, subkey);
return retval;
}

0 comments on commit bf45785

Please sign in to comment.