4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore * Use is subject to license terms.
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore * Copyright 1990,1991 by the Massachusetts Institute of Technology.
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore * All Rights Reserved.
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore * Export of this software from the United States of America may
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore * require a specific license from the United States Government.
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore * It is the responsibility of any person or organization contemplating
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore * export to obtain such a license before exporting.
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore * distribute this software and its documentation for any purpose and
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore * without fee is hereby granted, provided that the above copyright
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore * notice appear in all copies and that both that copyright notice and
3f7d54a6b84904c8f4d8daa4c7b577bede7df8b9Garrett D'Amore * this permission notice appear in supporting documentation, and that
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore * the name of M.I.T. not be used in advertising or publicity pertaining
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore * to distribution of the software without specific, written prior
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore * permission. Furthermore if you modify this software you must label
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore * your software as modified software and not distribute it in such a
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore * fashion that it might be confused with the original M.I.T. software.
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore * M.I.T. makes no representations about the suitability of
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore * this software for any purpose. It is provided "as is" without express
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore * or implied warranty.
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore * krb5_mk_req_extended()
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore Formats a KRB_AP_REQ message into outbuf, with more complete options than
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore outbuf, ap_req_options, checksum, and ccache are used in the
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore same fashion as for krb5_mk_req.
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore creds is used to supply the credentials (ticket and session key) needed
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore to form the request.
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore if creds->ticket has no data (length == 0), then a ticket is obtained
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore from either the cache or the TGS, passing creds to krb5_get_credentials().
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore kdc_options specifies the options requested for the ticket to be used.
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore If a ticket with appropriate flags is not found in the cache, then these
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore options are passed on in a request to an appropriate KDC.
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore ap_req_options specifies the KRB_AP_REQ options desired.
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore if ap_req_options specifies AP_OPTS_USE_SESSION_KEY, then creds->ticket
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore must contain the appropriate ENC-TKT-IN-SKEY ticket.
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore checksum specifies the checksum to be used in the authenticator.
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore The outbuf buffer storage is allocated, and should be freed by the
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore caller when finished.
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore On an error return, the credentials pointed to by creds might have been
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore augmented with additional fields from the obtained credentials; the entire
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore credentials should be released by calling krb5_free_creds().
4bb7efa72ed531c10f097919636e67724ec4c25aGarrett D'Amore returns system errors
} rnd_data;
krb5_data d;
return retval;
if (retval) {
return retval;
return(KRB5_NO_TKT_SUPPLIED);
return(retval);
goto cleanup;
goto cleanup;
goto cleanup;
goto cleanup;
&in_data);
if (retval)
goto cleanup;
if (retval)
goto cleanup;
if (in_data) {
goto cleanup_cksum;
goto cleanup_cksum;
goto cleanup_cksum;
&scratch)))
goto cleanup_cksum;
goto cleanup_cksum;
goto cleanup_cksum;
if (scratch) {
return retval;
static krb5_error_code
krb5_generate_authenticator(krb5_context context, krb5_authenticator *authent, krb5_principal client, krb5_checksum *cksum, krb5_keyblock *key, krb5_ui_4 seq_number, krb5_authdata **authorization)
if (key) {
if (retval)
return retval;