From 378fc043da1419fead4b79ecbcca72b6f37c36fb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Tue, 21 Oct 2003 08:03:36 +0000
Subject: [PATCH] add --no-transit-check

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13031 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kuser/kgetcred.1 |  7 ++++++-
 kuser/kgetcred.c | 10 +++++++++-
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/kuser/kgetcred.1 b/kuser/kgetcred.1
index b137c08e2..190be1e6c 100644
--- a/kuser/kgetcred.1
+++ b/kuser/kgetcred.1
@@ -31,7 +31,7 @@
 .\" 
 .\" $Id$
 .\"
-.Dd May 14, 1999
+.Dd October 21, 2003
 .Dt KGETCRED 1
 .Os HEIMDAL
 .Sh NAME
@@ -43,6 +43,7 @@
 .Fl -enctype= Ns Ar enctype
 .Xc
 .Oc
+.Op Fl -no-transit-check
 .Op Fl -version
 .Op Fl -help
 .Ar service
@@ -61,6 +62,10 @@ Supported options:
 .Xc
 encryption type to use
 .It Xo
+.Fl -no-transit-check
+.Xc
+requests that the KDC doesn't do trasnit checking.
+.It Xo
 .Fl -version
 .Xc
 .It Xo
diff --git a/kuser/kgetcred.c b/kuser/kgetcred.c
index 01e71521b..b4ec97126 100644
--- a/kuser/kgetcred.c
+++ b/kuser/kgetcred.c
@@ -38,10 +38,12 @@ RCSID("$Id$");
 static char *etype_str;
 static int version_flag;
 static int help_flag;
+static int transit_check = 1;
 
 struct getargs args[] = {
     { "enctype",	'e', arg_string, &etype_str,
       "encryption type to use", "enctype"},
+    { "transit-check",	0,   arg_negative_flag, &transit_check },
     { "version", 	0,   arg_flag, &version_flag },
     { "help",		0,   arg_flag, &help_flag }
 };
@@ -63,10 +65,13 @@ main(int argc, char **argv)
     krb5_context context;
     krb5_ccache cache;
     krb5_creds in, *out;
+    krb5_kdc_flags flags;
     int optind = 0;
 
     setprogname (argv[0]);
 
+    flags.i = 0;
+
     ret = krb5_init_context (&context);
     if (ret)
 	errx(1, "krb5_init_context failed: %d", ret);
@@ -111,8 +116,11 @@ main(int argc, char **argv)
     if (ret)
 	krb5_err (context, 1, ret, "krb5_parse_name %s", argv[0]);
 
+    if (!transit_check)
+	flags.b.disable_transited_check = 1;
+
     in.times.endtime = 0;
-    ret = krb5_get_credentials(context, 0, cache, &in, &out);
+    ret = krb5_get_credentials_with_flags(context, 0, flags, cache, &in, &out);
     if (ret)
 	krb5_err (context, 1, ret, "krb5_get_credentials");