svn rev #23901: branches/iakerb/src/lib/krb5/krb/
ghudson@MIT.EDU
ghudson at MIT.EDU
Wed Apr 14 10:40:16 EDT 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=23901
Commit By: ghudson
Log Message:
Merge trunk changes from r23874 to r23900 to iakerb branch.
Changed Files:
U branches/iakerb/src/lib/krb5/krb/int-proto.h
U branches/iakerb/src/lib/krb5/krb/s4u_creds.c
U branches/iakerb/src/lib/krb5/krb/send_tgs.c
Modified: branches/iakerb/src/lib/krb5/krb/int-proto.h
===================================================================
--- branches/iakerb/src/lib/krb5/krb/int-proto.h 2010-04-14 14:36:32 UTC (rev 23900)
+++ branches/iakerb/src/lib/krb5/krb/int-proto.h 2010-04-14 14:40:16 UTC (rev 23901)
@@ -137,19 +137,6 @@
krb5_pa_data ***out_enc_padata,
krb5_creds **out_cred);
-krb5_error_code krb5int_send_tgs(krb5_context, krb5_flags,
- const krb5_ticket_times *,
- const krb5_enctype *,
- krb5_const_principal, krb5_address *const *,
- krb5_authdata *const *,
- krb5_pa_data *const *, const krb5_data *,
- krb5_creds *,
- krb5_error_code (*gcvt_fct)(krb5_context,
- krb5_keyblock *,
- krb5_kdc_req *,
- void *),
- void *gcvt_data, krb5_response *,
- krb5_keyblock **subkey);
/* The subkey field is an output parameter; if a
* tgs-rep is received then the subkey will be filled
* in with the subkey needed to decrypt the TGS
Modified: branches/iakerb/src/lib/krb5/krb/s4u_creds.c
===================================================================
--- branches/iakerb/src/lib/krb5/krb/s4u_creds.c 2010-04-14 14:36:32 UTC (rev 23900)
+++ branches/iakerb/src/lib/krb5/krb/s4u_creds.c 2010-04-14 14:40:16 UTC (rev 23901)
@@ -244,9 +244,9 @@
}
/*
- * This function is invoked by krb5int_send_tgs() just before
- * the request is encoded; it gives us access to the nonce and
- * subkey without requiring them to be generated by the caller.
+ * This function is invoked by krb5int_make_tgs_request_ext() just before the
+ * request is encoded; it gives us access to the nonce and subkey without
+ * requiring them to be generated by the caller.
*/
static krb5_error_code
build_pa_s4u_x509_user(krb5_context context,
Modified: branches/iakerb/src/lib/krb5/krb/send_tgs.c
===================================================================
--- branches/iakerb/src/lib/krb5/krb/send_tgs.c 2010-04-14 14:36:32 UTC (rev 23900)
+++ branches/iakerb/src/lib/krb5/krb/send_tgs.c 2010-04-14 14:40:16 UTC (rev 23901)
@@ -345,77 +345,3 @@
krb5_free_keyblock(context, local_subkey);
return retval;
}
-
-krb5_error_code
-krb5int_send_tgs(krb5_context context, krb5_flags kdcoptions,
- const krb5_ticket_times *timestruct,
- const krb5_enctype *ktypes,
- krb5_const_principal sname, krb5_address *const *addrs,
- krb5_authdata *const *authorization_data,
- krb5_pa_data *const *padata, const krb5_data *second_ticket,
- krb5_creds *in_cred,
- krb5_error_code (*pacb_fct)(krb5_context,
- krb5_keyblock *,
- krb5_kdc_req *,
- void *),
- void *pacb_data,
- krb5_response *rep, krb5_keyblock **subkey_out)
-{
- krb5_error_code retval;
- krb5_data request;
- int tcp_only = 0, use_master;
- krb5_timestamp now;
- krb5_int32 nonce;
- krb5_keyblock *subkey;
- krb5_error *err_reply = NULL;
- krb5_ui_4 err;
-
- *subkey_out = NULL;
- rep->message_type = KRB5_ERROR;
-
- retval = krb5int_make_tgs_request_ext(context, kdcoptions, timestruct,
- ktypes, sname, addrs,
- authorization_data, padata,
- second_ticket, in_cred,
- pacb_fct, pacb_data, &request, &now,
- &nonce, &subkey);
- if (retval != 0)
- return retval;
-
- rep->expected_nonce = nonce;
- rep->request_time = now;
-
- for (tcp_only = 0; tcp_only <= 1; tcp_only++) {
- use_master = 0;
- retval = krb5_sendto_kdc(context, &request,
- krb5_princ_realm(context, sname),
- &rep->response, &use_master, tcp_only);
- if (retval != 0)
- break;
-
- if (krb5_is_tgs_rep(&rep->response)) {
- /* Successful response; set the output subkey. */
- rep->message_type = KRB5_TGS_REP;
- *subkey_out = subkey;
- subkey = NULL;
- break;
- } else if (krb5_is_krb_error(&rep->response) && !tcp_only) {
- /* Decode the error response to extract the code. */
- retval = decode_krb5_error(&rep->response, &err_reply);
- err = (retval == 0) ? err_reply->error : 0;
- krb5_free_error(context, err_reply);
- if (err == KRB_ERR_RESPONSE_TOO_BIG) {
- /* Try again with TCP. */
- krb5_free_data_contents(context, &rep->response);
- continue;
- }
- }
- /* Unexpected message type, or an error other than RESPONSE_TOO_BIG. */
- rep->message_type = KRB5_ERROR;
- break;
- }
-
- krb5_free_data_contents(context, &request);
- krb5_free_keyblock(context, subkey);
- return retval;
-}
More information about the cvs-krb5
mailing list