135 static krb5_error_code get_credentials(context, cred, server, now,
138     krb5_gss_cred_id_t cred;
149     k5_mutex_assert_locked(&cred->lock);
154     assert(cred->name != NULL);
156     if ((code = krb5_cc_get_principal(context, cred->ccache, &cc_princ)))
164     if (cred->proxy_cred &&
175         mcreds.times.endtime = cred->tgt_expire;
177         mcreds.client = cred->name->princ;
179         code = krb5_cc_retrieve_cred(context, cred->ccache,
191         in_creds.client = cred->name->princ;
200      * cred->name is immutable, so there is no need to acquire
201      * cred->name->lock.
203     if (cred->name->ad_context != NULL) {
205                                              cred->name->ad_context,
212     code = krb5_get_credentials(context, flags, cred->ccache,
218         if (!krb5_principal_compare(context, cred->name->princ,
246     krb5_gss_cred_id_t cred;
277         assert(data->cred->name != NULL);
280                                   data->cred->name->princ, data->ctx->there->princ,
281                                   data->cred->ccache, 1,
355 make_ap_req_v1(context, ctx, cred, k_cred, ad_context,
359     krb5_gss_cred_id_t cred;
376     k5_mutex_assert_locked(&cred->lock);
388     cksum_struct.cred = cred;
478     krb5_gss_cred_id_t cred,
501     k5_mutex_assert_locked(&cred->lock);
506     /* make sure the cred is usable for init */
508     if ((cred->usage != GSS_C_INITIATE) &&
509         (cred->usage != GSS_C_BOTH)) {
538     if (cred->req_enctypes) {
540                                                   cred->req_enctypes))) {
568     if ((code = kg_duplicate_name(context, cred->name, 0, &ctx->here)))
574     code = get_credentials(context, cred, ctx->there, now,
607                                    cred, k_cred, ctx->here->ad_context,
934     krb5_gss_cred_id_t cred;
995                                         (gss_cred_id_t *)&cred);
1011         cred = (krb5_gss_cred_id_t) claimant_cred_handle;
1013     kerr = k5_mutex_lock(&cred->lock);
1016             krb5_gss_release_cred(minor_status, (gss_cred_id_t *)&cred);
1027         if (cred->rfc_mech) {
1029         } else if (cred->prerfc_mech) {
1036         if (!cred->rfc_mech)
1040         if (!cred->prerfc_mech)
1044         if (!cred->rfc_mech)
1051         k5_mutex_unlock(&cred->lock);
1053             krb5_gss_release_cred(minor_status, (gss_cred_id_t *)&cred);
1064         major_status = kg_new_connection(minor_status, cred, context_handle,
1070         k5_mutex_unlock(&cred->lock);
1078         k5_mutex_unlock(&cred->lock);
1091         krb5_gss_release_cred(&tmp_min_stat, (gss_cred_id_t *)&cred);
1457  * We enforce a minimum refresh time on the root cred. This avoids problems for
1471     krb5_gss_cred_id_t cred;
1481     /* Get the default cred for user */
1490          * Try and get root's cred in the cache using keytab.
1525     /* We've got a gss cred handle that is a kerberos cred handle. */
1526     cred = (krb5_gss_cred_id_t)*cred_handle;
1535      * Try and get root's cred in the cache using keytab.
1540     /* If root's cred has expired re-get it */
1541     if (cred->tgt_expire < now + MIN_REFRESH_TIME && uid == ROOT_UID) {
1573     } else if ((cred->tgt_expire < now + MIN_RENEW_TIME) &&
1574                (cred->tgt_expire > now)) {

Indexes created Tue Jul 24 14:28:13 CEST 2018