2024-12-27 03:21:53 +03:00 · 2006-11-01 09:57:56 +00:00 · 2006-11-01 09:57:56 +00:00 · d046e8d0cc
commit d046e8d0cc
parent 899ae849e8
1 changed files with 0 additions and 152 deletions
--- a/source4/auth/kerberos/clikrb5.c
+++ b/source4/auth/kerberos/clikrb5.c
@ -28,26 +28,6 @@

 #ifdef HAVE_KRB5

-#ifndef HAVE_KRB5_SET_REAL_TIME
-/*
- * This function is not in the Heimdal mainline.
- */
- krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds, int32_t microseconds)
-{
-	krb5_error_code ret;
-	int32_t sec, usec;
-
-	ret = krb5_us_timeofday(context, &sec, &usec);
-	if (ret)
-		return ret;
-
-	context->kdc_sec_offset = seconds - sec;
-	context->kdc_usec_offset = microseconds - usec;
-
-	return 0;
-}
-#endif
-
 #if defined(HAVE_KRB5_SET_DEFAULT_IN_TKT_ETYPES) && !defined(HAVE_KRB5_SET_DEFAULT_TGS_KTYPES)
 krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc)
 {
@ -200,138 +180,6 @@
 #endif
 }

-static BOOL ads_cleanup_expired_creds(krb5_context context, 
-				      krb5_ccache  ccache,
-				      krb5_creds  *credsp)
-{
-	krb5_error_code retval;
-	TALLOC_CTX *mem_ctx = talloc_init("ticket expied time");
-	if (!mem_ctx) {
-		return False;
-	}
-
-	DEBUG(3, ("Ticket in ccache[%s] expiration %s\n",
-		  krb5_cc_default_name(context),
-		  http_timestring(mem_ctx, credsp->times.endtime)));
-
-	talloc_free(mem_ctx);
-
-	/* we will probably need new tickets if the current ones
-	   will expire within 10 seconds.
-	*/
-	if (credsp->times.endtime >= (time(NULL) + 10))
-		return False;
-
-	/* heimdal won't remove creds from a file ccache, and 
-	   perhaps we shouldn't anyway, since internally we 
-	   use memory ccaches, and a FILE one probably means that
-	   we're using creds obtained outside of our exectuable
-	*/
-	if (strcasecmp_m(krb5_cc_get_type(context, ccache), "FILE") == 0) {
-		DEBUG(5, ("ads_cleanup_expired_creds: We do not remove creds from a FILE ccache\n"));
-		return False;
-	}
-	
-	retval = krb5_cc_remove_cred(context, ccache, 0, credsp);
-	if (retval) {
-		DEBUG(1, ("ads_cleanup_expired_creds: krb5_cc_remove_cred failed, err %s\n",
-			  error_message(retval)));
-		/* If we have an error in this, we want to display it,
-		   but continue as though we deleted it */
-	}
-	return True;
-}
-
-/*
-  we can't use krb5_mk_req because w2k wants the service to be in a particular format
-*/
-krb5_error_code ads_krb5_mk_req(krb5_context context, 
-				krb5_auth_context *auth_context, 
-				const krb5_flags ap_req_options,
-				const char *principal,
-				krb5_ccache ccache, 
-				krb5_data *outbuf)
-{
-	krb5_error_code 	  retval;
-	krb5_principal	  server;
-	krb5_creds 		* credsp;
-	krb5_creds 		  creds;
-	krb5_data in_data;
-	BOOL creds_ready = False;
-	
-	TALLOC_CTX *mem_ctx = NULL;
-
-	retval = krb5_parse_name(context, principal, &server);
-	if (retval) {
-		DEBUG(1,("ads_krb5_mk_req: Failed to parse principal %s\n", principal));
-		return retval;
-	}
-	
-	/* obtain ticket & session key */
-	ZERO_STRUCT(creds);
-	if ((retval = krb5_copy_principal(context, server, &creds.server))) {
-		DEBUG(1,("krb5_copy_principal failed (%s)\n", 
-			 error_message(retval)));
-		goto cleanup_princ;
-	}
-	
-	if ((retval = krb5_cc_get_principal(context, ccache, &creds.client))) {
-		/* This can commonly fail on smbd startup with no ticket in the cache.
-		 * Report at higher level than 1. */
-		DEBUG(3,("ads_krb5_mk_req: krb5_cc_get_principal failed (%s)\n", 
-			 error_message(retval)));
-		goto cleanup_creds;
-	}
-
-	while(!creds_ready) {
-		if ((retval = krb5_get_credentials(context, 0, ccache, 
-						   &creds, &credsp))) {
-			DEBUG(1,("ads_krb5_mk_req: krb5_get_credentials failed for %s (%s)\n",
-				 principal, error_message(retval)));
-			goto cleanup_creds;
-		}
-
-		/* cope with ticket being in the future due to clock skew */
-		if ((unsigned)credsp->times.starttime > time(NULL)) {
-			time_t t = time(NULL);
-			int time_offset =(unsigned)credsp->times.starttime-t;
-			DEBUG(4,("ads_krb5_mk_req: Advancing clock by %d seconds to cope with clock skew\n", time_offset));
-			krb5_set_real_time(context, t + time_offset + 1, 0);
-		}
-
-		if (!ads_cleanup_expired_creds(context, ccache, credsp))
-			creds_ready = True;
-	}
-
-	mem_ctx = talloc_init("ticket expied time");
-	if (!mem_ctx) {
-		retval = ENOMEM;
-		goto cleanup_creds;
-	}
-	DEBUG(10,("Ticket (%s) in ccache (%s) is valid until: (%s - %d)\n",
-		  principal, krb5_cc_default_name(context),
-		  http_timestring(mem_ctx, (unsigned)credsp->times.endtime), 
-		  (unsigned)credsp->times.endtime));
-	
-	in_data.length = 0;
-	retval = krb5_mk_req_extended(context, auth_context, ap_req_options, 
-				      &in_data, credsp, outbuf);
-	if (retval) {
-		DEBUG(1,("ads_krb5_mk_req: krb5_mk_req_extended failed (%s)\n", 
-			 error_message(retval)));
-	}
-	
-	krb5_free_creds(context, credsp);
-
-cleanup_creds:
-	krb5_free_cred_contents(context, &creds);
-
-cleanup_princ:
-	krb5_free_principal(context, server);
-
-	return retval;
-}
-
 krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry)
 {
 #if defined(HAVE_KRB5_KT_FREE_ENTRY)