131     krb5_error_code ret;
138     ret = krb5_get_pw_salt(context, princ->entry.principal, &def_salt);
139     if (ret)
140 	return ret;
142     ret = KRB5KDC_ERR_ETYPE_NOSUPP;
174 		ret = hdb_enctype2key(context, &princ->entry, p[i], &key);
175 		if (ret)
185 	    ret = KRB5KDC_ERR_ETYPE_NOSUPP;
186 	if (ret == 0 && ret_enctype != NULL)
188 	if (ret == 0 && ret_key != NULL)
200 	for(key = NULL, i = 0; ret != 0 && i < len; i++, key = NULL) {
208 		    ret = KRB5KDC_ERR_NULL_KEY;
215 		ret = 0;
224     return ret;
335     krb5_error_code ret;
338     ASN1_MALLOC_ENCODE(EncTicketPart, buf, buf_size, et, &len, ret);
339     if(ret) {
340 	const char *msg = krb5_get_error_message(context, ret);
343 	return ret;
352     ret = krb5_crypto_init(context, skey, etype, &crypto);
353     if (ret) {
356 	msg = krb5_get_error_message(context, ret);
359 	return ret;
362     ret = krb5_encrypt_EncryptedData(context,
371     if(ret) {
372 	const char *msg = krb5_get_error_message(context, ret);
375 	return ret;
379 	ASN1_MALLOC_ENCODE(EncASRepPart, buf, buf_size, ek, &len, ret);
381 	ASN1_MALLOC_ENCODE(EncTGSRepPart, buf, buf_size, ek, &len, ret);
382     if(ret) {
383 	const char *msg = krb5_get_error_message(context, ret);
386 	return ret;
394     ret = krb5_crypto_init(context, reply_key, 0, &crypto);
395     if (ret) {
396 	const char *msg = krb5_get_error_message(context, ret);
400 	return ret;
411 	ASN1_MALLOC_ENCODE(AS_REP, buf, buf_size, rep, &len, ret);
421 	ASN1_MALLOC_ENCODE(TGS_REP, buf, buf_size, rep, &len, ret);
424     if(ret) {
425 	const char *msg = krb5_get_error_message(context, ret);
428 	return ret;
526     krb5_error_code ret = 0;
537     ret = make_etype_info_entry(context, &pa.val[0], ckey);
538     if (ret) {
540 	return ret;
543     ASN1_MALLOC_ENCODE(ETYPE_INFO, buf, len, &pa, &len, ret);
545     if(ret)
546 	return ret;
547     ret = realloc_method_data(md);
548     if(ret) {
550 	return ret;
639     krb5_error_code ret = 0;
649     ret = make_etype_info2_entry(&pa.val[0], ckey);
650     if (ret) {
652 	return ret;
655     ASN1_MALLOC_ENCODE(ETYPE_INFO2, buf, len, &pa, &len, ret);
657     if(ret)
658 	return ret;
659     ret = realloc_method_data(md);
660     if(ret) {
662 	return ret;
681     krb5_error_code ret;
689 	ret = krb5_enctype_to_string(context, b->etype.val[i], &str);
690 	if (ret == 0) {
709 	ret = krb5_enctype_to_string(context, cetype, &cet);
710 	if(ret == 0) {
711 	    ret = krb5_enctype_to_string(context, setype, &set);
712 	    if (ret == 0) {
718 	if (ret != 0)
875     krb5_error_code ret;
902     ret = krb5_sockaddr2address (context, from, &addr);
903     if(ret)
918     krb5_error_code ret;
927     ret = decode_PA_PAC_REQUEST(pa->padata_value.data,
931     if (ret)
976     krb5_error_code ret = 0;
998 	ret = KRB5KRB_ERR_GENERIC;
1001 	ret = _krb5_principalname2krb5_principal (context,
1005 	if (ret == 0)
1006 	    ret = krb5_unparse_name(context, server_princ, &server_name);
1008     if (ret) {
1014 	ret = KRB5KRB_ERR_GENERIC;
1017 	ret = _krb5_principalname2krb5_principal (context,
1021 	if (ret)
1024 	ret = krb5_unparse_name(context, client_princ, &client_name);
1026     if (ret) {
1042 	    ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
1049 	ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
1057     ret = _kdc_db_fetch(context, config, client_princ,
1060     if(ret == HDB_ERR_NOT_FOUND_HERE) {
1063     } else if(ret){
1064 	const char *msg = krb5_get_error_message(context, ret);
1067 	ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
1070     ret = _kdc_db_fetch(context, config, server_princ,
1073     if(ret == HDB_ERR_NOT_FOUND_HERE) {
1076     } else if(ret){
1077 	const char *msg = krb5_get_error_message(context, ret);
1080 	ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
1097     ret = _kdc_find_etype(context,
1103     if (ret) {
1143 	    ret = _kdc_pk_rd_padata(context, config, req, pa, client, &pkp);
1144 	    if (ret) {
1145 		ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
1151 	    if (ret == 0 && pkp == NULL)
1154 	    ret = _kdc_pk_check_client(context,
1160 	    if (ret) {
1197 		ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
1202 	    ret = decode_EncryptedData(pa->padata_value.data,
1206 	    if (ret) {
1207 		ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
1213 	    ret = hdb_enctype2key(context, &client->entry,
1215 	    if(ret){
1218 		ret = KRB5KDC_ERR_ETYPE_NOSUPP;
1236 	    ret = krb5_crypto_init(context, &pa_key->key, 0, &crypto);
1237 	    if (ret) {
1238 		const char *msg = krb5_get_error_message(context, ret);
1245 	    ret = krb5_decrypt_EncryptedData (context,
1256 	    if(ret){
1258 		const char *msg = krb5_get_error_message(context, ret);
1281 		ret = KRB5KDC_ERR_PREAUTH_FAILED;
1285 	    ret = decode_PA_ENC_TS_ENC(ts_data.data,
1290 	    if(ret){
1292 		ret = KRB5KDC_ERR_PREAUTH_FAILED;
1305  		ret = KRB5KRB_AP_ERR_SKEW;
1328 	    ret = krb5_enctype_to_string(context, pa_key->key.keytype, &str);
1329 	    if (ret)
1363 	ret = realloc_method_data(&method_data);
1364 	if (ret) {
1374 	ret = realloc_method_data(&method_data);
1375 	if (ret) {
1384 	ret = realloc_method_data(&method_data);
1385 	if (ret) {
1398 	ret = _kdc_find_etype(context,
1401 	if (ret == 0) {
1416 		ret = get_pa_etype_info(context, config,
1418 		if (ret) {
1423 	    ret = get_pa_etype_info2(context, config,
1425 	    if (ret) {
1431 	ASN1_MALLOC_ENCODE(METHOD_DATA, buf, len, &method_data, &len, ret);
1438 	ret = KRB5KDC_ERR_PREAUTH_REQUIRED;
1455     ret = _kdc_check_access(context, config, client, client_name,
1458     if(ret)
1466     ret = _kdc_get_preferred_key(context, config,
1469     if(ret)
1474 	ret = KRB5KDC_ERR_BADOPTION;
1483     ret = copy_Realm(&client->entry.principal->realm, &rep.crealm);
1484     if (ret)
1486     ret = _krb5_principal2principalname(&rep.cname, client->entry.principal);
1487     if (ret)
1506 	ret = KRB5KDC_ERR_POLICY;
1515 	ret = KRB5KDC_ERR_POLICY;
1524 	ret = KRB5KDC_ERR_POLICY;
1533 	ret = KRB5KRB_AP_ERR_BADADDR;
1539     ret = copy_PrincipalName(&rep.cname, &et.cname);
1540     if (ret)
1542     ret = copy_Realm(&rep.crealm, &et.crealm);
1543     if (ret)
1619 	ret = ENOMEM;
1674 	ret = _kdc_pk_mk_pa_reply(context, config, pkp, client,
1677 	if (ret)
1679 	ret = _kdc_add_inital_verified_cas(context,
1683 	if (ret)
1689 	ret = krb5_generate_random_keyblock(context, sessionetype, &et.key);
1690 	if (ret)
1696 	ret = KRB5KDC_ERR_CLIENT_NOTYET;
1700     ret = copy_EncryptionKey(&et.key, &ek.key);
1701     if (ret)
1718 			   &canon.names, &len, ret);
1719 	if (ret)
1725 	ret = krb5_crypto_init(context, &et.key, 0, &cryptox);
1726 	if (ret) {
1731 	ret = krb5_create_checksum(context, cryptox,
1737 	if (ret)
1741 			   &canon, &len, ret);
1743 	if (ret)
1750 	ret = add_METHOD_DATA(rep.padata, &pa);
1752 	if (ret)
1766 	ret = _kdc_pac_generate(context, client, &p);
1767 	if (ret) {
1773 	    ret = _krb5_pac_sign(context, p, et.authtime,
1779 	    if (ret) {
1785 	    ret = _kdc_tkt_add_if_relevant_ad(context, &et,
1789 	    if (ret)
1798     ret = _kdc_add_KRB5SignedPath(context,
1806     if (ret)
1811     ret = _kdc_encode_reply(context, config,
1817     if (ret)
1823 	ret = KRB5KRB_ERR_RESPONSE_TOO_BIG;
1829     if(ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE){
1831 		      ret,
1839 	ret = 0;
1857     return ret;
1871     krb5_error_code ret;
1890 	ret = add_AuthorizationData(&ad, &ade);
1891 	if (ret) {
1892 	    krb5_set_error_message(context, ret, "add AuthorizationData failed");
1893 	    return ret;
1900 			   &ad, &size, ret);
1902 	if (ret) {
1903 	    krb5_set_error_message(context, ret, "ASN.1 encode of "
1905 	    return ret;
1910 	ret = add_AuthorizationData(tkt->authorization_data, &ade);
1912 	if (ret) {
1913 	    krb5_set_error_message(context, ret, "add AuthorizationData failed");
1914 	    return ret;

Indexes created Thu Aug 29 22:33:21 MDT 2024