100     krb5_error_code ret;
107     ret = krb5_data_alloc(rep->hash, HMAC_size(&ctx));
108     if (ret) {
150     int ret;
157     ret = hx509_env_add(context->hx509ctx, &env, "principal-name",
159     if (ret)
166 	ret = hx509_certs_init(context->hx509ctx, config->kx509_ca, 0,
168 	if (ret) {
173 	ret = hx509_query_alloc(context->hx509ctx, &q);
174 	if (ret) {
182 	ret = hx509_certs_find(context->hx509ctx, certs, q, &signer);
185 	if (ret) {
192     ret = hx509_ca_tbs_init(context->hx509ctx, &tbs);
193     if (ret)
205 	ret = der_copy_oid(&asn1_oid_id_pkcs1_rsaEncryption,
212 	ret = hx509_ca_tbs_set_spki(context->hx509ctx, tbs, &spki);
214 	if (ret)
222 	ret = hx509_certs_init(context->hx509ctx, config->kx509_template, 0,
224 	if (ret) {
229 	ret = hx509_get_one_cert(context->hx509ctx, certs, &template);
231 	if (ret) {
236 	ret = hx509_ca_tbs_set_template(context->hx509ctx, tbs,
242 	if (ret)
251     ret = hx509_ca_sign(context->hx509ctx, tbs, signer, &cert);
253     if (ret)
258     ret = hx509_cert_binary(context->hx509ctx, cert, certificate);
260     if (ret)
271     krb5_set_error_message(context, ret, "cert creation failed");
272     return ret;
285     krb5_error_code ret;
307     ret = krb5_kt_resolve(context, "HDB:", &id);
308     if (ret) {
313     ret = krb5_rd_req(context,
320     if (ret)
323     ret = krb5_ticket_get_client(context, ticket, &cprincipal);
324     if (ret)
327     ret = krb5_unparse_name(context, cprincipal, &cname);
328     if (ret)
333     ret = krb5_sname_to_principal(context, NULL, "kca_service",
335     if (ret)
341 	ret = krb5_ticket_get_server(context, ticket, &principal);
342 	if (ret)
345 	ret = krb5_principal_compare(context, sprincipal, principal);
347 	if (ret != TRUE) {
350 	    ret = krb5_unparse_name(context, sprincipal, &expected);
351 	    if (ret)
353 	    ret = krb5_unparse_name(context, principal, &used);
354 	    if (ret) {
359 	    ret = KRB5KDC_ERR_SERVER_NOMATCH;
360 	    krb5_set_error_message(context, ret,
370     ret = krb5_auth_con_getkey(context, ac, &key);
371     if (ret == 0 && key == NULL)
372 	ret = KRB5KDC_ERR_NULL_KEY;
373     if (ret) {
374 	krb5_set_error_message(context, ret, "Kx509 can't get session key");
378     ret = verify_req_hash(context, req, key);
379     if (ret)
387 	ret = decode_RSAPublicKey(req->pk_key.data, req->pk_key.length,
389 	if (ret)
393 	    ret = ASN1_EXTRA_DATA;
407     ret = build_certificate(context, config, &req->pk_key,
410     if (ret)
413     ret = calculate_reply_hash(context, key, &rep);
414     if (ret)
425 			   &size, ret);
426 	if (ret) {
427 	    krb5_set_error_message(context, ret, "Failed to encode kx509 reply");
433 	ret = krb5_data_alloc(reply, data.length + sizeof(version_2_0));
434 	if (ret) {
449     if (ret)
450 	krb5_warn(context, ret, "Kx509 request from %s failed", from);

Indexes created Sun Jun 30 11:05:36 MDT 2024