Lines Matching refs:context
126 _kdc_find_etype(krb5_context context, krb5_boolean use_strongest_session_key,
138 ret = krb5_get_pw_salt(context, princ->entry.principal, &def_salt);
161 p = krb5_kerberos_enctypes(context);
163 if (krb5_enctype_valid(context, p[i]) != 0)
174 ret = hdb_enctype2key(context, &princ->entry, p[i], &key);
202 if (krb5_enctype_valid(context, etypes[i]) != 0 &&
206 while (hdb_next_enctype2key(context, &princ->entry, etypes[i], &key) == 0) {
223 krb5_free_salt (context, def_salt);
245 _kdc_log_timestamp(krb5_context context,
254 krb5_format_time(context, authtime,
257 krb5_format_time(context, *starttime,
261 krb5_format_time(context, endtime,
264 krb5_format_time(context, *renew_till,
269 kdc_log(context, config, 5,
275 log_patypes(krb5_context context,
304 kdc_log(context, config, 0, "out of memory");
312 kdc_log(context, config, 0, "Client sent patypes: %s", str);
322 _kdc_encode_reply(krb5_context context,
340 const char *msg = krb5_get_error_message(context, ret);
341 kdc_log(context, config, 0, "Failed to encode ticket: %s", msg);
342 krb5_free_error_message(context, msg);
347 kdc_log(context, config, 0, "Internal error in ASN.1 encoder");
352 ret = krb5_crypto_init(context, skey, etype, &crypto);
356 msg = krb5_get_error_message(context, ret);
357 kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg);
358 krb5_free_error_message(context, msg);
362 ret = krb5_encrypt_EncryptedData(context,
370 krb5_crypto_destroy(context, crypto);
372 const char *msg = krb5_get_error_message(context, ret);
373 kdc_log(context, config, 0, "Failed to encrypt data: %s", msg);
374 krb5_free_error_message(context, msg);
383 const char *msg = krb5_get_error_message(context, ret);
384 kdc_log(context, config, 0, "Failed to encode KDC-REP: %s", msg);
385 krb5_free_error_message(context, msg);
390 kdc_log(context, config, 0, "Internal error in ASN.1 encoder");
394 ret = krb5_crypto_init(context, reply_key, 0, &crypto);
396 const char *msg = krb5_get_error_message(context, ret);
398 kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg);
399 krb5_free_error_message(context, msg);
403 krb5_encrypt_EncryptedData(context,
413 krb5_encrypt_EncryptedData(context,
423 krb5_crypto_destroy(context, crypto);
425 const char *msg = krb5_get_error_message(context, ret);
426 kdc_log(context, config, 0, "Failed to encode KDC-REP: %s", msg);
427 krb5_free_error_message(context, msg);
432 kdc_log(context, config, 0, "Internal error in ASN.1 encoder");
474 make_etype_info_entry(krb5_context context, ETYPE_INFO_ENTRY *ent, Key *key)
486 kdc_log(context, config, 0, "unknown salt-type: %d",
507 krb5_copy_data(context, &key->salt->salt,
522 get_pa_etype_info(krb5_context context,
537 ret = make_etype_info_entry(context, &pa.val[0], ckey);
635 get_pa_etype_info2(krb5_context context,
675 log_as_req(krb5_context context,
689 ret = krb5_enctype_to_string(context, b->etype.val[i], &str);
698 kdc_log(context, config, 0, "out of memory");
709 ret = krb5_enctype_to_string(context, cetype, &cet);
711 ret = krb5_enctype_to_string(context, setype, &set);
724 kdc_log(context, config, 0, "%s", str);
732 kdc_log(context, config, 0, "Requested flags: %s", fixedstr);
743 kdc_check_flags(krb5_context context,
754 kdc_log(context, config, 0,
760 kdc_log(context, config, 0,
766 kdc_log(context, config, 0,
773 krb5_format_time(context, *client->valid_start,
775 kdc_log(context, config, 0,
783 krb5_format_time(context, *client->valid_end,
785 kdc_log(context, config, 0,
794 krb5_format_time(context, *client->pw_end,
796 kdc_log(context, config, 0,
809 kdc_log(context, config, 0,
814 kdc_log(context, config, 0,
820 kdc_log(context, config, 0,
826 kdc_log(context, config, 0,
833 krb5_format_time(context, *server->valid_start,
835 kdc_log(context, config, 0,
843 krb5_format_time(context, *server->valid_end,
845 kdc_log(context, config, 0,
853 krb5_format_time(context, *server->pw_end,
855 kdc_log(context, config, 0,
871 _kdc_check_addresses(krb5_context context,
902 ret = krb5_sockaddr2address (context, from, &addr);
906 result = krb5_address_search(context, &addr, addresses);
907 krb5_free_address (context, &addr);
916 send_pac_p(krb5_context context, KDC_REQ *req)
941 _kdc_is_anonymous(krb5_context context, krb5_principal principal)
956 _kdc_as_rep(krb5_context context,
1001 ret = _krb5_principalname2krb5_principal (context,
1006 ret = krb5_unparse_name(context, server_princ, &server_name);
1009 kdc_log(context, config, 0,
1017 ret = _krb5_principalname2krb5_principal (context,
1024 ret = krb5_unparse_name(context, client_princ, &client_name);
1027 kdc_log(context, config, 0,
1032 kdc_log(context, config, 0, "AS-REQ %s from %s for %s",
1039 if (_kdc_is_anonymous(context, client_princ)) {
1041 kdc_log(context, config, 0, "Anonymous ticket w/o anonymous flag");
1046 kdc_log(context, config, 0,
1057 ret = _kdc_db_fetch(context, config, client_princ,
1061 kdc_log(context, config, 5, "client %s does not have secrets at this KDC, need to proxy", client_name);
1064 const char *msg = krb5_get_error_message(context, ret);
1065 kdc_log(context, config, 0, "UNKNOWN -- %s: %s", client_name, msg);
1066 krb5_free_error_message(context, msg);
1070 ret = _kdc_db_fetch(context, config, server_princ,
1074 kdc_log(context, config, 5, "target %s does not have secrets at this KDC, need to proxy", server_name);
1077 const char *msg = krb5_get_error_message(context, ret);
1078 kdc_log(context, config, 0, "UNKNOWN -- %s: %s", server_name, msg);
1079 krb5_free_error_message(context, msg);
1097 ret = _kdc_find_etype(context,
1098 krb5_principal_is_krbtgt(context, server_princ) ?
1104 kdc_log(context, config, 0,
1126 log_patypes(context, config, req->padata);
1129 kdc_log(context, config, 5,
1143 ret = _kdc_pk_rd_padata(context, config, req, pa, client, &pkp);
1146 kdc_log(context, config, 5,
1154 ret = _kdc_pk_check_client(context,
1163 _kdc_pk_free_client_param(context, pkp);
1165 kdc_log(context, config, 0, "%s", e_text);
1172 kdc_log(context, config, 0,
1181 kdc_log(context, config, 5, "Looking for ENC-TS pa-data -- %s",
1198 kdc_log(context, config, 0, "ENC-TS doesn't support anon");
1208 kdc_log(context, config, 5, "Failed to decode PA-DATA -- %s",
1213 ret = hdb_enctype2key(context, &client->entry,
1219 if(krb5_enctype_to_string(context, enc_data.etype, &estr))
1222 kdc_log(context, config, 5,
1226 kdc_log(context, config, 5,
1236 ret = krb5_crypto_init(context, &pa_key->key, 0, &crypto);
1238 const char *msg = krb5_get_error_message(context, ret);
1239 kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg);
1240 krb5_free_error_message(context, msg);
1245 ret = krb5_decrypt_EncryptedData (context,
1250 krb5_crypto_destroy(context, crypto);
1258 const char *msg = krb5_get_error_message(context, ret);
1260 ret2 = krb5_enctype_to_string(context,
1264 kdc_log(context, config, 5,
1268 krb5_free_error_message(context, msg);
1271 if(hdb_next_enctype2key(context, &client->entry,
1279 (clientdb->hdb_auth_status)(context, clientdb, client, HDB_AUTH_WRONG_PASSWORD);
1293 kdc_log(context, config,
1299 if (abs(kdc_time - p.patimestamp) > context->max_skew) {
1302 krb5_format_time(context, p.patimestamp,
1306 kdc_log(context, config, 0,
1311 context->max_skew,
1328 ret = krb5_enctype_to_string(context, pa_key->key.keytype, &str);
1332 kdc_log(context, config, 2,
1346 kdc_log(context, config, 0, "%s -- %s", e_text, client_name);
1398 ret = _kdc_find_etype(context,
1416 ret = get_pa_etype_info(context, config,
1423 ret = get_pa_etype_info2(context, config,
1440 kdc_log(context, config, 0,
1447 (clientdb->hdb_auth_status)(context, clientdb, client,
1455 ret = _kdc_check_access(context, config, client, client_name,
1466 ret = _kdc_get_preferred_key(context, config,
1476 kdc_log(context, config, 0, "Bad KDC options -- %s", client_name);
1507 kdc_log(context, config, 0,
1516 kdc_log(context, config, 0,
1525 kdc_log(context, config, 0,
1531 if(!_kdc_check_addresses(context, config, b->addresses, from_addr)) {
1534 kdc_log(context, config, 0,
1674 ret = _kdc_pk_mk_pa_reply(context, config, pkp, client,
1679 ret = _kdc_add_inital_verified_cas(context,
1689 ret = krb5_generate_random_keyblock(context, sessionetype, &et.key);
1722 krb5_abortx(context, "internal asn.1 error");
1725 ret = krb5_crypto_init(context, &et.key, 0, &cryptox);
1731 ret = krb5_create_checksum(context, cryptox,
1736 krb5_crypto_destroy(context, cryptox);
1746 krb5_abortx(context, "internal asn.1 error");
1762 if (send_pac_p(context, req)) {
1766 ret = _kdc_pac_generate(context, client, &p);
1768 kdc_log(context, config, 0, "PAC generation failed for -- %s",
1773 ret = _krb5_pac_sign(context, p, et.authtime,
1778 krb5_pac_free(context, p);
1780 kdc_log(context, config, 0, "PAC signing failed for -- %s",
1785 ret = _kdc_tkt_add_if_relevant_ad(context, &et,
1794 _kdc_log_timestamp(context, config, "AS-REQ", et.authtime, et.starttime,
1798 ret = _kdc_add_KRB5SignedPath(context,
1809 log_as_req(context, config, reply_key->keytype, setype, b);
1811 ret = _kdc_encode_reply(context, config,
1830 krb5_mk_error(context,
1843 _kdc_pk_free_client_param(context, pkp);
1848 krb5_free_principal(context, client_princ);
1851 krb5_free_principal(context, server_princ);
1854 _kdc_free_ent(context, client);
1856 _kdc_free_ent(context, server);
1866 _kdc_tkt_add_if_relevant_ad(krb5_context context,
1877 krb5_set_error_message(context, ENOMEM, "out of memory");
1892 krb5_set_error_message(context, ret, "add AuthorizationData failed");
1903 krb5_set_error_message(context, ret, "ASN.1 encode of "
1908 krb5_abortx(context, "internal asn.1 encoder error");
1913 krb5_set_error_message(context, ret, "add AuthorizationData failed");