2N/A/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ 2N/A * Copyright 1990,1991,2009 by the Massachusetts Institute of Technology. 2N/A * All Rights Reserved. 2N/A * Export of this software from the United States of America may 2N/A * require a specific license from the United States Government. 2N/A * It is the responsibility of any person or organization contemplating 2N/A * export to obtain such a license before exporting. 2N/A * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 2N/A * distribute this software and its documentation for any purpose and 2N/A * without fee is hereby granted, provided that the above copyright 2N/A * notice appear in all copies and that both that copyright notice and 2N/A * this permission notice appear in supporting documentation, and that 2N/A * the name of M.I.T. not be used in advertising or publicity pertaining 2N/A * to distribution of the software without specific, written prior 2N/A * permission. Furthermore if you modify this software you must label 2N/A * your software as modified software and not distribute it in such a 2N/A * fashion that it might be confused with the original M.I.T. software. 2N/A * M.I.T. makes no representations about the suitability of 2N/A * this software for any purpose. It is provided "as is" without express 2N/A * or implied warranty. 2N/A * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. 2N/A Constructs a TGS request 2N/A options is used for the options in the KRB_TGS_REQ. 2N/A timestruct values are used for from, till, rtime " " " 2N/A enctype is used for enctype " " ", and to encrypt the authorization data, 2N/A sname is used for sname " " " 2N/A addrs, if non-NULL, is used for addresses " " " 2N/A authorization_dat, if non-NULL, is used for authorization_dat " " " 2N/A second_ticket, if required by options, is used for the 2nd ticket in the req. 2N/A in_cred is used for the ticket & session key in the KRB_AP_REQ header " " " 2N/A (the KDC realm is extracted from in_cred->server's realm) 2N/A The response is placed into *rep. 2N/A rep->response.data is set to point at allocated storage which should be 2N/A freed by the caller when finished. 2N/A returns system errors 2N/A /* Generate checksum */ 2N/A /* gen authenticator */ 2N/A /* encode the authenticator */ 2N/A /* Cleanup scratch and scratch data */ 2N/A /* call the encryption routine */ 2N/A * Note that this function fills in part of rep even on failure. 2N/A * The pacb_fct callback allows the caller access to the nonce 2N/A * and request subkey, for binding preauthentication data 2N/A * Modified to return the krb5_kdc_req associated with request_data 2N/A * for use by the DTrace probes. 2N/A * Must be freed by caller. 2N/A * in_creds MUST be a valid credential NOT just a partially filled in 2N/A * place holder for us to get credentials for the caller. 2N/A /* XXX we know they are the same size... */ 2N/A /* Generate subkey*/ 2N/A /* need to encrypt it in the request */ 2N/A /* Get the encryption types list */ 2N/A /* Check passed ktypes and make sure they're valid. */ 2N/A /* Get the default ktypes */ 2N/A /* encode the body; then checksum it */ 2N/A /* combine in any other supplied padata, unfortunately now it is 2N/A * necessary to copy it as the callback function might modify the 2N/A * padata, and having a separate path for the non-callback case, 2N/A * or attempting to determine which elements were changed by the 2N/A * callback, would have complicated the code significantly. 2N/A /* the TGS_REQ is assembled in tgsreq, so encode it */ 2N/A * Copy the tgsreq structure so that it is available to the DTrace 2N/A * probes. Clear the kdc_state member as it is not used by the probes 2N/A * and will only cause assertion failures with non-debug bits. 2N/A /* now send request & get response from KDC */ 2N/A/* Solaris Kerberos: dead code begin */ 2N/A#
if 0
/************** Begin IFDEF'ed OUT *******************************/ 2N/A /* Successful response; set the output subkey. */ 2N/A /* Decode the error response to extract the code. */ 2N/A /* Try again with TCP. */ 2N/A /* Unexpected message type, or an error other than RESPONSE_TOO_BIG. */ 2N/A#
endif /**************** END IFDEF'ed OUT *******************************/ 2N/A/* Solaris Kerberos: dead code end */