diff --git a/src/lib/krb5/krb/int-proto.h b/src/lib/krb5/krb/int-proto.h index 24841d16e6..babfeb0a2c 100644 --- a/src/lib/krb5/krb/int-proto.h +++ b/src/lib/krb5/krb/int-proto.h @@ -137,19 +137,6 @@ krb5int_process_tgs_reply(krb5_context context, krb5_pa_data ***out_enc_padata, krb5_creds **out_cred); -krb5_error_code krb5int_send_tgs(krb5_context, krb5_flags, - const krb5_ticket_times *, - const krb5_enctype *, - krb5_const_principal, krb5_address *const *, - krb5_authdata *const *, - krb5_pa_data *const *, const krb5_data *, - krb5_creds *, - krb5_error_code (*gcvt_fct)(krb5_context, - krb5_keyblock *, - krb5_kdc_req *, - void *), - void *gcvt_data, krb5_response *, - krb5_keyblock **subkey); /* The subkey field is an output parameter; if a * tgs-rep is received then the subkey will be filled * in with the subkey needed to decrypt the TGS diff --git a/src/lib/krb5/krb/s4u_creds.c b/src/lib/krb5/krb/s4u_creds.c index d7d4c6b6ec..02485e851e 100644 --- a/src/lib/krb5/krb/s4u_creds.c +++ b/src/lib/krb5/krb/s4u_creds.c @@ -244,9 +244,9 @@ build_pa_for_user(krb5_context context, } /* - * This function is invoked by krb5int_send_tgs() just before - * the request is encoded; it gives us access to the nonce and - * subkey without requiring them to be generated by the caller. + * This function is invoked by krb5int_make_tgs_request_ext() just before the + * request is encoded; it gives us access to the nonce and subkey without + * requiring them to be generated by the caller. */ static krb5_error_code build_pa_s4u_x509_user(krb5_context context, diff --git a/src/lib/krb5/krb/send_tgs.c b/src/lib/krb5/krb/send_tgs.c index 7f9b2dc5e3..83cc2158d6 100644 --- a/src/lib/krb5/krb/send_tgs.c +++ b/src/lib/krb5/krb/send_tgs.c @@ -345,77 +345,3 @@ krb5int_make_tgs_request_ext(krb5_context context, krb5_free_keyblock(context, local_subkey); return retval; } - -krb5_error_code -krb5int_send_tgs(krb5_context context, krb5_flags kdcoptions, - const krb5_ticket_times *timestruct, - const krb5_enctype *ktypes, - krb5_const_principal sname, krb5_address *const *addrs, - krb5_authdata *const *authorization_data, - krb5_pa_data *const *padata, const krb5_data *second_ticket, - krb5_creds *in_cred, - krb5_error_code (*pacb_fct)(krb5_context, - krb5_keyblock *, - krb5_kdc_req *, - void *), - void *pacb_data, - krb5_response *rep, krb5_keyblock **subkey_out) -{ - krb5_error_code retval; - krb5_data request; - int tcp_only = 0, use_master; - krb5_timestamp now; - krb5_int32 nonce; - krb5_keyblock *subkey; - krb5_error *err_reply = NULL; - krb5_ui_4 err; - - *subkey_out = NULL; - rep->message_type = KRB5_ERROR; - - retval = krb5int_make_tgs_request_ext(context, kdcoptions, timestruct, - ktypes, sname, addrs, - authorization_data, padata, - second_ticket, in_cred, - pacb_fct, pacb_data, &request, &now, - &nonce, &subkey); - if (retval != 0) - return retval; - - rep->expected_nonce = nonce; - rep->request_time = now; - - for (tcp_only = 0; tcp_only <= 1; tcp_only++) { - use_master = 0; - retval = krb5_sendto_kdc(context, &request, - krb5_princ_realm(context, sname), - &rep->response, &use_master, tcp_only); - if (retval != 0) - break; - - if (krb5_is_tgs_rep(&rep->response)) { - /* Successful response; set the output subkey. */ - rep->message_type = KRB5_TGS_REP; - *subkey_out = subkey; - subkey = NULL; - break; - } else if (krb5_is_krb_error(&rep->response) && !tcp_only) { - /* Decode the error response to extract the code. */ - retval = decode_krb5_error(&rep->response, &err_reply); - err = (retval == 0) ? err_reply->error : 0; - krb5_free_error(context, err_reply); - if (err == KRB_ERR_RESPONSE_TOO_BIG) { - /* Try again with TCP. */ - krb5_free_data_contents(context, &rep->response); - continue; - } - } - /* Unexpected message type, or an error other than RESPONSE_TOO_BIG. */ - rep->message_type = KRB5_ERROR; - break; - } - - krb5_free_data_contents(context, &request); - krb5_free_keyblock(context, subkey); - return retval; -}