lib/krb5: Remove KRB5_PADATA_CLIENT_CANONICALIZED from ticket.c

This will shortly be removed from krb5.asn1. This got removed between draft-ietf-krb-wg-kerberos-referrals-11.txt and the final rfc6806.txt. The number 133 was reassigned to PA-FX-COOKIE in rfc6113.txt. Andrew Bartlett based on work by metze to remove it from othert parts of the code Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2015-05-09 09:50:52 +01:00
parent 358e2b7b0a
commit 29f6290fe6
1 changed files with 0 additions and 81 deletions
--- a/lib/krb5/ticket.c
+++ b/lib/krb5/ticket.c
@@ -539,87 +539,6 @@ check_client_referral(krb5_context context,
 		      krb5_const_principal mapped,
 		      krb5_keyblock const * key)
 {
-    krb5_error_code ret;
-    PA_ClientCanonicalized canon;
-    krb5_crypto crypto;
-    krb5_data data;
-    PA_DATA *pa;
-    size_t len;
-    int i = 0;
-
-    if (rep->kdc_rep.padata == NULL)
-	goto noreferral;
-
-    pa = krb5_find_padata(rep->kdc_rep.padata->val,
-			  rep->kdc_rep.padata->len,
-			  KRB5_PADATA_CLIENT_CANONICALIZED, &i);
-    if (pa == NULL)
-	goto noreferral;
-
-    ret = decode_PA_ClientCanonicalized(pa->padata_value.data,
-					pa->padata_value.length,
-					&canon, &len);
-    if (ret) {
-	krb5_set_error_message(context, ret,
-			       N_("Failed to decode ClientCanonicalized "
-				  "from realm %s", ""), requested->realm);
-	return ret;
-    }
-
-    ASN1_MALLOC_ENCODE(PA_ClientCanonicalizedNames, data.data, data.length,
-		       &canon.names, &len, ret);
-    if (ret) {
-	free_PA_ClientCanonicalized(&canon);
-	return ret;
-    }
-    if (data.length != len)
-	krb5_abortx(context, "internal asn.1 error");
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret) {
-	free(data.data);
-	free_PA_ClientCanonicalized(&canon);
-	return ret;
-    }
-
-    ret = krb5_verify_checksum(context, crypto, KRB5_KU_CANONICALIZED_NAMES,
-			       data.data, data.length,
-			       &canon.canon_checksum);
-    krb5_crypto_destroy(context, crypto);
-    free(data.data);
-    if (ret) {
-	krb5_set_error_message(context, ret,
-			       N_("Failed to verify client canonicalized "
-				  "data from realm %s", ""),
-			       requested->realm);
-	free_PA_ClientCanonicalized(&canon);
-	return ret;
-    }
-
-    if (!_krb5_principal_compare_PrincipalName(context,
-					       requested,
-					       &canon.names.requested_name))
-    {
-	free_PA_ClientCanonicalized(&canon);
-	krb5_set_error_message(context, KRB5_PRINC_NOMATCH,
-			       N_("Requested name doesn't match"
-				  " in client referral", ""));
-	return KRB5_PRINC_NOMATCH;
-    }
-    if (!_krb5_principal_compare_PrincipalName(context,
-					       mapped,
-					       &canon.names.mapped_name))
-    {
-	free_PA_ClientCanonicalized(&canon);
-	krb5_set_error_message(context, KRB5_PRINC_NOMATCH,
-			       N_("Mapped name doesn't match"
-				  " in client referral", ""));
-	return KRB5_PRINC_NOMATCH;
-    }
-
-    return 0;
-
-noreferral:
    if (krb5_principal_compare(context, requested, mapped) == FALSE &&
 	!rep->enc_part.flags.enc_pa_rep)
    {