2N/A/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ 2N/A * Copyright 1991, 2009 by the Massachusetts Institute of Technology. 2N/A * All Rights Reserved. 2N/A * Export of this software from the United States of America may 2N/A * require a specific license from the United States Government. 2N/A * It is the responsibility of any person or organization contemplating 2N/A * export to obtain such a license before exporting. 2N/A * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 2N/A * distribute this software and its documentation for any purpose and 2N/A * without fee is hereby granted, provided that the above copyright 2N/A * notice appear in all copies and that both that copyright notice and 2N/A * this permission notice appear in supporting documentation, and that 2N/A * the name of M.I.T. not be used in advertising or publicity pertaining 2N/A * to distribution of the software without specific, written prior 2N/A * permission. Furthermore if you modify this software you must label 2N/A * your software as modified software and not distribute it in such a 2N/A * fashion that it might be confused with the original M.I.T. software. 2N/A * M.I.T. makes no representations about the suitability of 2N/A * this software for any purpose. It is provided "as is" without express 2N/A * or implied warranty. 2N/A * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. 2N/A/* Solaris Kerberos */ 2N/A * First, send over the length of the sendauth version string; 2N/A * then, we send over the sendauth version. Next, we send 2N/A * over the length of the application version strings followed 2N/A * by the string itself. 2N/A * Now, read back a byte: 0 means no error, 1 means bad sendauth 2N/A * version, 2 means bad application version 2N/A * We're finished with the initial negotiations; let's get and 2N/A * send over the authentication header. (The AP_REQ message) 2N/A * If no credentials were provided, try getting it from the 2N/A * credentials cache. 2N/A * See if we need to access the credentials cache 2N/A /* creds.times.endtime = 0; -- memset 0 takes care of this 2N/A zero means "as long as possible" */ 2N/A /* creds.keyblock.enctype = 0; -- as well as this. 2N/A zero means no session enctype 2N/A /* Provide some more fodder for random number code. 2N/A This isn't strong cryptographically; the point here is 2N/A not to guarantee randomness, but to make it less likely 2N/A that multiple sessions could pick the same subkey. */ 2N/A /* Solaris Kerberos: don't need to add entropy */ 2N/A /* Solaris Kerberos: don't need to add entropy */ 2N/A * First write the length of the AP_REQ message, then write 2N/A * the message itself. 2N/A /* Solaris Kerberos dtrace support */ 2N/A * Now, read back a message. If it was a null message (the 2N/A * length was zero) then there was no error. If not, we the 2N/A * authentication was rejected, and we need to return the 2N/A /* Solaris Kerberos */ 2N/A * If we asked for mutual authentication, we should now get a 2N/A * length field, followed by a AP_REP message 2N/A /* Solaris Kerberos */ 2N/A * If the user wants to look at the AP_REP message,