fwd_tgt.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
* Copyright 2004 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
*
* Copyright 1995 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*/
#define NEED_SOCKETS
#include <k5-int.h>
#include <memory.h>
/* helper function: convert flags to necessary KDC options */
/* Get a TGT for use at the remote host */
char *rhost,
int forwardable, /* Should forwarded TGT also be forwardable? */
{
krb5_address **addrs = 0;
krb5_creds *pcreds = 0;
int close_cc = 0;
int free_rhost = 0;
krb5_enctype enctype = 0;
if (cc == 0) {
goto errout;
close_cc = 1;
}
if (retval)
goto errout;
if (session_key) {
session_key = NULL;
} else if (server) { /* must server be non-NULL when rhost is given? */
/* Try getting credentials to see what the remote side supports.
Not bulletproof, just a heuristic. */
if (retval)
goto punt;
if (retval)
goto punt;
if (retval)
goto punt;
/* Got the credentials. Okay, now record the enctype and
throw them away. */
punt:
}
goto errout;
0)))
goto errout;
/* fetch tgt directly from cache */
if (retval)
goto errout;
/* tgt->client must be equal to creds.client */
goto errout;
}
goto errout;
}
goto errout;
}
goto errout;
}
if (!rhost) {
goto errout;
}
free_rhost = 1;
}
if (retval)
goto errout;
}
if (!forwardable) /* Reset KDC_OPT_FORWARDABLE */
kdcoptions &= ~(KDC_OPT_FORWARDABLE);
if (enctype) {
goto errout;
} else goto errout;
}
&scratch, &replaydata);
/* Solaris Kerberos: changed this logic from the MIT 1.2.1 version to be
* more robust.
*/
if (scratch) {
if (retval)
else {
}
}
if (addrs)
if (close_cc)
if (free_rhost)
return retval;
}