heimdal:lib/krb5: remove KRB5_PADATA_CLIENT_CANONICALIZED handling

This got removed between draft-ietf-krb-wg-kerberos-referrals-11.txt
and the final rfc6806.txt.

The number 133 was reassigned to PA-FX-COOKIE in rfc6113.txt.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c
index 09bff30fe92209527e5a6aeefeb65cce739ebe3f..064bbfbb33cb5ac381f89031e2453c5c4aa56302 100644 (file)
--- a/source4/heimdal/lib/krb5/ticket.c
+++ b/source4/heimdal/lib/krb5/ticket.c
@@ -511,87 +511,6 @@ check_client_referral(krb5_context context,
                      krb5_const_principal mapped,
                      krb5_keyblock const * key)
 {
-    krb5_error_code ret;
-    PA_ClientCanonicalized canon;
-    krb5_crypto crypto;
-    krb5_data data;
-    PA_DATA *pa;
-    size_t len;
-    int i = 0;
-
-    if (rep->kdc_rep.padata == NULL)
-       goto noreferral;
-
-    pa = krb5_find_padata(rep->kdc_rep.padata->val,
-                         rep->kdc_rep.padata->len,
-                         KRB5_PADATA_CLIENT_CANONICALIZED, &i);
-    if (pa == NULL)
-       goto noreferral;
-
-    ret = decode_PA_ClientCanonicalized(pa->padata_value.data,
-                                       pa->padata_value.length,
-                                       &canon, &len);
-    if (ret) {
-       krb5_set_error_message(context, ret,
-                              N_("Failed to decode ClientCanonicalized "
-                                 "from realm %s", ""), requested->realm);
-       return ret;
-    }
-
-    ASN1_MALLOC_ENCODE(PA_ClientCanonicalizedNames, data.data, data.length,
-                      &canon.names, &len, ret);
-    if (ret) {
-       free_PA_ClientCanonicalized(&canon);
-       return ret;
-    }
-    if (data.length != len)
-       krb5_abortx(context, "internal asn.1 error");
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret) {
-       free(data.data);
-       free_PA_ClientCanonicalized(&canon);
-       return ret;
-    }
-
-    ret = krb5_verify_checksum(context, crypto, KRB5_KU_CANONICALIZED_NAMES,
-                              data.data, data.length,
-                              &canon.canon_checksum);
-    krb5_crypto_destroy(context, crypto);
-    free(data.data);
-    if (ret) {
-       krb5_set_error_message(context, ret,
-                              N_("Failed to verify client canonicalized "
-                                 "data from realm %s", ""),
-                              requested->realm);
-       free_PA_ClientCanonicalized(&canon);
-       return ret;
-    }
-
-    if (!_krb5_principal_compare_PrincipalName(context,
-                                              requested,
-                                              &canon.names.requested_name))
-    {
-       free_PA_ClientCanonicalized(&canon);
-       krb5_set_error_message(context, KRB5_PRINC_NOMATCH,
-                              N_("Requested name doesn't match"
-                                 " in client referral", ""));
-       return KRB5_PRINC_NOMATCH;
-    }
-    if (!_krb5_principal_compare_PrincipalName(context,
-                                              mapped,
-                                              &canon.names.mapped_name))
-    {
-       free_PA_ClientCanonicalized(&canon);
-       krb5_set_error_message(context, KRB5_PRINC_NOMATCH,
-                              N_("Mapped name doesn't match"
-                                 " in client referral", ""));
-       return KRB5_PRINC_NOMATCH;
-    }
-
-    return 0;
-
-noreferral:
     if (krb5_principal_compare(context, requested, mapped) == FALSE) {
        krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED,
                               N_("Not same client principal returned "