2N/A/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ 2N/A * Copyright 1990,1991 by the Massachusetts Institute of Technology. 2N/A * All Rights Reserved. 2N/A * Export of this software from the United States of America may 2N/A * require a specific license from the United States Government. 2N/A * It is the responsibility of any person or organization contemplating 2N/A * export to obtain such a license before exporting. 2N/A * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 2N/A * distribute this software and its documentation for any purpose and 2N/A * without fee is hereby granted, provided that the above copyright 2N/A * notice appear in all copies and that both that copyright notice and 2N/A * this permission notice appear in supporting documentation, and that 2N/A * the name of M.I.T. not be used in advertising or publicity pertaining 2N/A * to distribution of the software without specific, written prior 2N/A * permission. Furthermore if you modify this software you must label 2N/A * your software as modified software and not distribute it in such a 2N/A * fashion that it might be confused with the original M.I.T. software. 2N/A * M.I.T. makes no representations about the suitability of 2N/A * this software for any purpose. It is provided "as is" without express 2N/A * or implied warranty. 2N/A * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. 2N/A * krb5_mk_req_extended() 2N/A/* Solaris Kerberos */ 2N/A Formats a KRB_AP_REQ message into outbuf, with more complete options than 2N/A outbuf, ap_req_options, checksum, and ccache are used in the 2N/A same fashion as for krb5_mk_req. 2N/A creds is used to supply the credentials (ticket and session key) needed 2N/A to form the request. 2N/A if creds->ticket has no data (length == 0), then a ticket is obtained 2N/A from either the cache or the TGS, passing creds to krb5_get_credentials(). 2N/A kdc_options specifies the options requested for the ticket to be used. 2N/A If a ticket with appropriate flags is not found in the cache, then these 2N/A options are passed on in a request to an appropriate KDC. 2N/A ap_req_options specifies the KRB_AP_REQ options desired. 2N/A if ap_req_options specifies AP_OPTS_USE_SESSION_KEY, then creds->ticket 2N/A must contain the appropriate ENC-TKT-IN-SKEY ticket. 2N/A checksum specifies the checksum to be used in the authenticator. 2N/A The outbuf buffer storage is allocated, and should be freed by the 2N/A caller when finished. 2N/A On an error return, the credentials pointed to by creds might have been 2N/A augmented with additional fields from the obtained credentials; the entire 2N/A credentials should be released by calling krb5_free_creds(). 2N/A returns system errors 2N/A /* we need a native ticket */ 2N/A /* verify that the ticket is not expired */ 2N/A /* generate auth_context if needed */ 2N/A /* set auth context keyblock */ 2N/A /* generate seq number if needed */ 2N/A /* generate subkey if needed */ 2N/A /* Solaris Kerberos */ 2N/A /* XXX Special hack for GSSAPI */ 2N/A /* Generate authenticator */ 2N/A /* encode the authenticator */ 2N/A /* call the encryption routine */ 2N/A /* Solaris Kerberos */ 2N/A /* Null out these fields, to prevent pointer sharing problems; 2N/A * they were supplied by the caller 2N/A /* Only send EtypeList if we prefer another enctype to tkt_enctype */ 2N/A * If the enctype of the ticket session key is included in the enctype 2N/A * list sent by the client, it SHOULD be the last on the list; 2N/A /* Wrap in AD-IF-RELEVANT container */