38 decrypt_tkt_enc_part (krb5_context context,
48     ret = krb5_crypto_init(context, key, 0, &crypto);
51     ret = krb5_decrypt_EncryptedData (context,
56     krb5_crypto_destroy(context, crypto);
62         krb5_set_error_message(context, ret,
70 decrypt_authenticator (krb5_context context,
81     ret = krb5_crypto_init(context, key, 0, &crypto);
84     ret = krb5_decrypt_EncryptedData (context,
91 	ret = krb5_decrypt_EncryptedData (context,
96     krb5_crypto_destroy(context, crypto);
107 krb5_decode_ap_req(krb5_context context,
118 	krb5_clear_error_message (context);
123 	krb5_clear_error_message (context);
128 	krb5_clear_error_message (context);
135 check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc)
155     ret = krb5_domain_x500_decode(context, enc->transited.contents,
161     ret = krb5_check_transited(context, enc->crealm,
171 find_etypelist(krb5_context context,
216 	krb5_clear_error_message(context);
224 krb5_decrypt_ticket(krb5_context context,
232     ret = decrypt_tkt_enc_part (context, key, &ticket->enc_part, &t);
240 	krb5_timeofday (context, &now);
243 	if(start - now > context->max_skew
247 	    krb5_clear_error_message (context);
250 	if(now - t.endtime > context->max_skew) {
252 	    krb5_clear_error_message (context);
257 	    ret = check_transited(context, ticket, &t);
273 krb5_verify_authenticator_checksum(krb5_context context,
283     ret = krb5_auth_con_getauthenticator (context,
289 	krb5_free_authenticator(context, &authenticator);
292     ret = krb5_auth_con_getkey(context, ac, &key);
294 	krb5_free_authenticator(context, &authenticator);
297     ret = krb5_crypto_init(context, key, 0, &crypto);
300     ret = krb5_verify_checksum (context,
306     krb5_crypto_destroy(context, crypto);
308     krb5_free_authenticator(context, &authenticator);
309     krb5_free_keyblock(context, key);
315 krb5_verify_ap_req(krb5_context context,
324     return krb5_verify_ap_req2 (context,
336 krb5_verify_ap_req2(krb5_context context,
357 	ret = krb5_auth_con_init (context, &ac);
365 	krb5_clear_error_message (context);
370 	ret = krb5_decrypt_ticket(context, &ap_req->ticket,
374 	krb5_free_keyblock(context, ac->keyblock);
377 	ret = krb5_decrypt_ticket(context, &ap_req->ticket,
385     ret = _krb5_principalname2krb5_principal(context,
390     ret = _krb5_principalname2krb5_principal(context,
396     ret = decrypt_authenticator (context,
408 	_krb5_principalname2krb5_principal(context,
412 	_krb5_principalname2krb5_principal(context,
416 	res = krb5_principal_compare (context, p1, p2);
417 	krb5_free_principal (context, p1);
418 	krb5_free_principal (context, p2);
421 	    krb5_clear_error_message (context);
430 	&& !krb5_address_search (context,
434 	krb5_clear_error_message (context);
442 	krb5_timeofday (context, &now);
444 	if (abs(ac->authenticator->ctime - now) > context->max_skew) {
446 	    krb5_clear_error_message (context);
452 	krb5_auth_con_setremoteseqnumber(context, ac,
458 	ret = krb5_auth_con_setremotesubkey(context, ac,
464     ret = find_etypelist(context, ac, &etypes);
474 	    if (krb5_enctype_valid(context, etypes.val[i]) == 0) {
482     ret = krb5_copy_keyblock(context, &t->ticket.key, &ac->keyblock);
498 	krb5_free_ticket (context, t);
503 	krb5_auth_con_free (context, ac);
508 	krb5_free_ticket (context, t);
510 	krb5_auth_con_free (context, ac);
533  * krb5_rd_req_ctx(). The caller should free the context with
534  * krb5_rd_req_in_ctx_free() when done with the context.
536  * @param context Keberos 5 context.
545 krb5_rd_req_in_ctx_alloc(krb5_context context, krb5_rd_req_in_ctx *ctx)
549 	krb5_set_error_message(context, ENOMEM,
553     (*ctx)->check_pac = (context->flags & KRB5_CTX_F_CHECK_PAC) ? 1 : 0;
560  * @param context Keberos 5 context.
572 krb5_rd_req_in_set_keytab(krb5_context context,
583  * @param context Keberos 5 context.
593 krb5_rd_req_in_set_pac_check(krb5_context context,
603 krb5_rd_req_in_set_keyblock(krb5_context context,
612 krb5_rd_req_out_get_ap_req_options(krb5_context context,
621 krb5_rd_req_out_get_ticket(krb5_context context,
625     return krb5_copy_ticket(context, out->ticket, ticket);
629 krb5_rd_req_out_get_keyblock(krb5_context context,
633     return krb5_copy_keyblock(context, out->keyblock, keyblock);
641  * @param context a Kerberos 5 context.
649 krb5_rd_req_out_get_server(krb5_context context,
653     return krb5_copy_principal(context, out->server, principal);
657 krb5_rd_req_in_ctx_free(krb5_context context, krb5_rd_req_in_ctx ctx)
665  * @param context Keberos 5 context.
666  * @param ctx krb5_rd_req_out_ctx context to free.
672 krb5_rd_req_out_ctx_free(krb5_context context, krb5_rd_req_out_ctx ctx)
675 	krb5_free_ticket(context, ctx->ticket);
677 	krb5_free_keyblock(context, ctx->keyblock);
679 	krb5_free_principal(context, ctx->server);
688 krb5_rd_req(krb5_context context,
700     ret = krb5_rd_req_in_ctx_alloc(context, &in);
704     ret = krb5_rd_req_in_set_keytab(context, in, keytab);
706 	krb5_rd_req_in_ctx_free(context, in);
710     ret = krb5_rd_req_ctx(context, auth_context, inbuf, server, in, &out);
711     krb5_rd_req_in_ctx_free(context, in);
718 	ret = krb5_copy_ticket(context, out->ticket, ticket);
724     krb5_rd_req_out_ctx_free(context, out);
733 krb5_rd_req_with_keyblock(krb5_context context,
745     ret = krb5_rd_req_in_ctx_alloc(context, &in);
749     ret = krb5_rd_req_in_set_keyblock(context, in, keyblock);
751 	krb5_rd_req_in_ctx_free(context, in);
755     ret = krb5_rd_req_ctx(context, auth_context, inbuf, server, in, &out);
756     krb5_rd_req_in_ctx_free(context, in);
763 	ret = krb5_copy_ticket(context, out->ticket, ticket);
769     krb5_rd_req_out_ctx_free(context, out);
778 get_key_from_keytab(krb5_context context,
790 	krb5_kt_default(context, &real_keytab);
799     ret = krb5_kt_get_entry (context,
807     ret = krb5_copy_keyblock(context, &entry.keyblock, out_key);
808     krb5_kt_free_entry (context, &entry);
811 	krb5_kt_close(context, real_keytab);
820  * @param context Keberos 5 context.
821  * @param auth_context the authentication context, can be NULL, then
822  *        default values for the authentication context will used.
841 krb5_rd_req_ctx(krb5_context context,
858 	krb5_set_error_message(context, ENOMEM,
864 	ret = krb5_auth_con_init(context, auth_context);
869     ret = krb5_decode_ap_req(context, inbuf, &ap_req);
874     ret = _krb5_principalname2krb5_principal(context,
884 	krb5_set_error_message(context, ret,
894 	ret = krb5_copy_keyblock(context,
900 	ret = krb5_copy_keyblock(context,
908 	    krb5_kt_default(context, &keytab);
915 	    ret = _krb5_principalname2krb5_principal(context,
924 	ret = get_key_from_keytab(context,
931 	    if (service == NULL && (context->flags & KRB5_CTX_F_RD_REQ_IGNORE) == 0)
945 	ret = krb5_verify_ap_req2(context,
972 	ret = krb5_kt_start_seq_get(context, id, &cursor);
980 	    ret = krb5_kt_next_entry(context, id, &entry, &cursor);
982 		_krb5_kt_principal_not_found(context, ret, id, o->server,
989 		krb5_kt_free_entry (context, &entry);
993 	    ret = krb5_verify_ap_req2(context,
1003 		krb5_kt_free_entry (context, &entry);
1013 	    ret = krb5_copy_keyblock(context,
1017 		krb5_kt_free_entry (context, &entry);
1021 	    ret = krb5_copy_principal(context, entry.principal, &p);
1023 		krb5_kt_free_entry (context, &entry);
1026 	    krb5_free_principal(context, o->ticket->server);
1029 	    krb5_kt_free_entry (context, &entry);
1033 	krb5_kt_end_seq_get (context, id, &cursor);
1041 	ret = krb5_ticket_get_authorization_data_type(context,
1046 	    ret = krb5_pac_parse(context, data.data, data.length, &pac);
1051 	    ret = krb5_pac_verify(context,
1057 	    krb5_pac_free(context, pac);
1066 	krb5_rd_req_out_ctx_free(context, o);
1073 	krb5_free_principal(context, service);
1076 	krb5_kt_close(context, keytab);

Indexes created Sat Sep 07 21:54:46 MDT 2024