Lines Matching defs:ticket
150 * Returns TRUE if the kerberos principal is the name of a Kerberos ticket
169 comp_cksum(krb5_context kcontext, krb5_data *source, krb5_ticket *ticket,
183 if ((retval = krb5_c_verify_checksum(kcontext, ticket->enc_part2->session,
196 krb5_data *pkt, krb5_ticket **ticket,
232 /* If the "server" principal in the ticket is not something
242 if ((krb5_princ_realm(kdc_context, apreq->ticket->server)->length !=
244 memcmp(krb5_princ_realm(kdc_context, apreq->ticket->server)->data,
262 if ((retval = kdc_get_server_key(apreq->ticket, &key, &kvno)))
278 apreq->ticket->server,
280 NULL, ticket))) {
298 apreq, apreq->ticket->server,
300 NULL, ticket))
312 if (isflagset((*ticket)->enc_part2->flags, TKT_FLG_INVALID)
335 (*ticket)->enc_part2->client);
356 if (comp_cksum(kdc_context, &scratch1, *ticket, his_cksum)) {
358 retval = comp_cksum(kdc_context, scratch, *ticket, his_cksum);
386 kdc_get_server_key(krb5_ticket *ticket, krb5_keyblock **key, krb5_kvno *kvno)
396 if ((retval = krb5_db_get_principal(kdc_context, ticket->server,
408 if (!krb5_unparse_name(kdc_context, ticket->server, &sname)) {
417 ticket->enc_part.enctype, -1,
418 ticket->enc_part.kvno, &server_key);
453 check_hot_list(krb5_ticket *ticket)
497 * ticket granting ticket on which the new ticket to
499 * the realm of the server listed in the ticket
500 * granting ticket.
503 * the existing ticket granting ticket already appears
512 * krb5_data *new_trans The transited field for the new ticket
513 * krb5_principal tgs Name of ticket granting server
515 * that issued the ticket granting
516 * ticket. This is the realm that is
521 * ticket granting server.
524 * implicitly part of the transited field of the new ticket
1124 krb5_ticket *ticket, krb5_timestamp kdc_time,
1142 * Verify that the server principal in authdat->ticket is correct
1143 * (either the ticket granting service or the service that was
1147 if (!krb5_principal_compare(kdc_context, ticket->server, request->server)) {
1153 * OK, we need to validate the krbtgt service in the ticket.
1159 * server of the requested ticket must match this realm.
1167 if (krb5_princ_size(kdc_context, ticket->server) != 2) {
1172 if (!krb5_is_tgs_principal(ticket->server)) {
1177 if ((krb5_princ_size(kdc_context, ticket->server) <= 1) ||
1178 (krb5_princ_component(kdc_context, ticket->server, 1)->length !=
1180 memcmp(krb5_princ_component(kdc_context, ticket->server, 1)->data,
1197 /* TGS must be forwardable to get forwarded or forwardable ticket */
1200 !isflagset(ticket->enc_part2->flags, TKT_FLG_FORWARDABLE)) {
1206 /* TGS must be proxiable to get proxiable ticket */
1209 !isflagset(ticket->enc_part2->flags, TKT_FLG_PROXIABLE)) {
1214 /* TGS must allow postdating to get postdated ticket */
1217 !isflagset(ticket->enc_part2->flags, TKT_FLG_MAY_POSTDATE)) {
1224 !isflagset(ticket->enc_part2->flags, TKT_FLG_INVALID)) {
1232 !isflagset(ticket->enc_part2->flags, TKT_FLG_RENEWABLE)) {
1237 /* can not proxy ticket granting tickets */
1295 if (check_hot_list(ticket)) {
1302 if (ticket->enc_part2->times.starttime > kdc_time) {
1313 (ticket->enc_part2->times.renew_till < kdc_time)) {
1321 * (1) Make sure the second ticket exists
1322 * (2) Make sure it is a ticket granting ticket
1340 !isflagset(ticket->enc_part2->flags,TKT_FLG_HW_AUTH)) {
1347 !isflagset(ticket->enc_part2->flags, TKT_FLG_PRE_AUTH)) {
1355 errcode = against_local_policy_tgs(request, server, ticket, status);
1585 if (rep->ticket != NULL) {
1586 sprintf(stmp, " tkt=%ld", (long)rep->ticket->enc_part.enctype);
1590 if (rep->ticket != NULL
1591 && rep->ticket->enc_part2 != NULL
1592 && rep->ticket->enc_part2->session != NULL) {
1594 (long)rep->ticket->enc_part2->session->enctype);