128 	 * subkey, so this code works fine against a JCSI client.)  Up to the
129 	 * present, though, GSSAPI clients linked against the MIT code (which
135 	 * unencrypted.  (The MIT code doesn't actually send the KRB_CRED
296    krb5_error_code code;
327    code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
328    if (code) {
329        *minor_status = code;
333    code = krb5_gss_init_context(&context);
334    if (code) {
335        *minor_status = code;
365        /* Solaris kerberos: the original Solaris code returned GSS_S_NO_CONTEXT
368 	* GSS_S_CONTINUE_NEEDED status returns.  Note the MIT code doesn't
383    if (!(code = g_verify_token_header(gss_mech_krb5,
388    } else if ((code == G_WRONG_MECH) &&
389 		!(code = g_verify_token_header(gss_mech_krb5_wrong,
394    } else if ((code == G_WRONG_MECH) &&
395 	      !(code = g_verify_token_header(gss_mech_krb5_old,
407   } else if (code == G_WRONG_TOKID) {
409         code = KRB5KRB_AP_ERR_MSG_TYPE;
412    } else if (code == G_BAD_TOK_HEADER) {
430     *  below in the "handle default cred handle" code block.
433        code = KRB5KRB_AP_ERR_MSG_TYPE;
437    if ((code = decode_krb5_ap_req(&ap_req, &request))) {
438        if (code == KRB5_BADMSGTYPE)
439            code = KRB5KRB_AP_ERR_BADVERSION;
462        if ((code = krb5_copy_principal(context, request->ticket->server,
465 	            "krb5_copy_principal() error code %d", code);
471 	   code = G_VALIDATE_FAILED;
475        major_status = krb5_gss_acquire_cred((OM_uint32*) &code,
498    major_status = krb5_gss_validate_cred((OM_uint32*) &code,
522        code = 0;
545    if ((code = krb5_auth_con_init(context, &auth_context))) {
547        save_error_info((OM_uint32)code, context);
550 	      "krb5_auth_con_init() error code %d", code);
559        if ((code = krb5_auth_con_setrcache(context, auth_context, cred->rcache))) {
563 		    "krb5_auth_con_setrcache() error code %d", code);
567    if ((code = krb5_auth_con_setaddrs(context, auth_context, NULL, paddr))) {
571 	      "krb5_auth_con_setaddrs() error code %d", code);
575    if ((code = krb5_rd_req_decoded(context, &auth_context, request,
578 	      "krb5_rd_req() error code %d", code);
579        if (code == KRB5_KT_KVNONOTFOUND) {
590 	   code = KRB5KRB_AP_ERR_BADKEYVER;
591        } else if (code == KRB5_KT_NOTFOUND) {
601 	   code = KRB5KRB_AP_ERR_NOKEY;
603        else if (code == KRB5KRB_AP_WRONG_PRINC) {
605 	   code = KRB5KRB_AP_ERR_NOT_US;
607        else if (code == KRB5KRB_AP_ERR_REPEAT)
617    code = krb5_auth_con_getauthenticator(context, auth_context, &authdat);
618    if (code) {
620 		  "krb5_auth_con_getauthenticator() error code %d", code);
630 	   code = KG_NO_SUBKEY;
640        code = krb5_c_checksum_length(context, CKSUMTYPE_RSA_MD5, &md5len);
641        if (code) {
644 		  "krb5_c_checksum_length() error code %d", code);
652           code = KRB5KRB_AP_ERR_INAPP_CKSUM;
666 	   code = 0;
676 	 This code will let this acceptor interoperate with an initiator
692 	       code = KG_BAD_LENGTH;
703           The following section of code attempts to implement the
717        if ((code = kg_checksum_channel_bindings(context, 
722 		  "kg_checksum_channel_bindings() error code %d", code);
733 		if ((code = kg_checksum_channel_bindings(context,
740                    code = 0;
765 		   code = KG_BAD_LENGTH;
785 		   code = rd_and_store_for_creds(context, auth_context, &option,
788 		   if (code) {
830        code = ENOMEM;
855        code = G_VALIDATE_FAILED;
861    if ((code = krb5_merge_authdata(context,
869    if ((code = krb5_copy_principal(context, cred->princ, &ctx->here))) {
872 	      "krb5_copy_principal() error code %d", code);
877    if ((code = krb5_copy_principal(context, authdat->client, &ctx->there))) {
880 	      "krb5_copy_principal() 2 error code %d", code);
885    if ((code = krb5_auth_con_getrecvsubkey(context, auth_context,
889 	      "krb5_auth_con_getremotesubkey() error code %d", code);
897        if ((code = krb5_auth_con_getkey(context, auth_context,
901 		      "krb5_auth_con_getkey() error code %d", code);
912        code = KRB5KDC_ERR_NULL_KEY;
931        if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->enc))) {
951        if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->enc))) {
956        if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->seq))) {
972        code = (*kaccess.krb5int_c_mandatory_cksumtype)(context, ctx->subkey->enctype,
974        if (code)
976        code = krb5_c_checksum_length(context, ctx->cksumtype,
978        if (code)
1000    if ((code = krb5_timeofday(context, &now))) {
1006        code = 0;
1032 	   code = krb5_auth_con_getflags(context, auth_context, &acflags);
1033 	   if (code == 0) {
1035 	       code = krb5_auth_con_setflags(context, auth_context, acflags);
1037 	   if (code) {
1043        if ((code = krb5_mk_rep(context, auth_context, &ap_rep))) {
1053 	   /* Get the new acceptor subkey.  With the code above, there
1055 	   code = krb5_auth_con_getsendsubkey(context, auth_context,
1057 	   if (code != 0) {
1061 	   code = (*kaccess.krb5int_c_mandatory_cksumtype)(context,
1064 	   if (code) {
1080 	   code = ENOMEM;
1105    if ((code = krb5_copy_principal(context, ctx->there, &client_name))) {
1109    if ((code = krb5_copy_principal(context, ctx->here, &server_name))) {
1115 	code = G_VALIDATE_FAILED;
1138 	   code = (OM_uint32) G_VALIDATE_FAILED;
1198    /* from here on is the real "fail" code */
1213    *minor_status = code;
1233        if ((code == KRB5KRB_AP_ERR_BAD_INTEGRITY ||
1234 	  code == KRB5KRB_AP_ERR_NOKEY || code == KRB5KRB_AP_ERR_BADKEYVER)
1236            code = KRB5KRB_AP_ERR_MODIFIED;
1248        if (code == KRB5KRB_AP_ERR_SKEW && krb5_getenv("MS_INTEROP")) {
1260        code -= ERROR_TABLE_BASE_krb5;
1261        if (code < 0 || code > 128)
1262 	   code = 60 /* KRB_ERR_GENERIC */;
1264        krb_error_data.error = code;
1269        code = krb5_mk_error(context, &krb_error_data, &scratch);
1270        if (code)

Indexes created Thu Sep 05 20:28:34 MDT 2024