Lines Matching refs:context
60 find_KRB5SignedPath(krb5_context context, in find_KRB5SignedPath() argument
81 krb5_set_error_message(context, ret, "Failed to decode " in find_KRB5SignedPath()
103 _kdc_add_KRB5SignedPath(krb5_context context, in _kdc_add_KRB5SignedPath() argument
137 krb5_abortx(context, "internal asn.1 encoder error"); in _kdc_add_KRB5SignedPath()
142 ret = hdb_enctype2key(context, &krbtgt->entry, enctype, &key); in _kdc_add_KRB5SignedPath()
144 ret = krb5_crypto_init(context, &key->key, 0, &crypto); in _kdc_add_KRB5SignedPath()
159 ret = krb5_create_checksum(context, crypto, KRB5_KU_KRB5SIGNEDPATH, 0, in _kdc_add_KRB5SignedPath()
161 krb5_crypto_destroy(context, crypto); in _kdc_add_KRB5SignedPath()
171 krb5_abortx(context, "internal asn.1 encoder error"); in _kdc_add_KRB5SignedPath()
179 ret = _kdc_tkt_add_if_relevant_ad(context, tkt, in _kdc_add_KRB5SignedPath()
187 check_KRB5SignedPath(krb5_context context, in check_KRB5SignedPath() argument
202 ret = find_KRB5SignedPath(context, tkt->authorization_data, &data); in check_KRB5SignedPath()
225 krb5_abortx(context, "internal asn.1 encoder error"); in check_KRB5SignedPath()
229 ret = hdb_enctype2key(context, &krbtgt->entry, sp.etype, &key); in check_KRB5SignedPath()
231 ret = krb5_crypto_init(context, &key->key, 0, &crypto); in check_KRB5SignedPath()
238 ret = krb5_verify_checksum(context, crypto, KRB5_KU_KRB5SIGNEDPATH, in check_KRB5SignedPath()
241 krb5_crypto_destroy(context, crypto); in check_KRB5SignedPath()
245 kdc_log(context, config, 5, in check_KRB5SignedPath()
279 check_PAC(krb5_context context, in check_PAC() argument
312 krb5_set_error_message(context, ret, "Failed to decode " in check_PAC()
323 ret = krb5_pac_parse(context, in check_PAC()
331 ret = krb5_pac_verify(context, pac, tkt->authtime, in check_PAC()
335 krb5_pac_free(context, pac); in check_PAC()
339 ret = _kdc_pac_verify(context, client_principal, in check_PAC()
343 krb5_pac_free(context, pac); in check_PAC()
355 ret = _krb5_pac_sign(context, pac, tkt->authtime, in check_PAC()
359 krb5_pac_free(context, pac); in check_PAC()
374 check_tgs_flags(krb5_context context, in check_tgs_flags() argument
382 kdc_log(context, config, 0, in check_tgs_flags()
387 kdc_log(context, config, 0, in check_tgs_flags()
394 kdc_log(context, config, 0, in check_tgs_flags()
401 kdc_log(context, config, 0, in check_tgs_flags()
409 kdc_log(context, config, 0, in check_tgs_flags()
421 kdc_log(context, config, 0, in check_tgs_flags()
429 kdc_log(context, config, 0, in check_tgs_flags()
441 kdc_log(context, config, 0, in check_tgs_flags()
449 kdc_log(context, config, 0, in check_tgs_flags()
457 }else if(b->from && *b->from > kdc_time + context->max_skew){ in check_tgs_flags()
458 kdc_log(context, config, 0, "Ticket cannot be postdated"); in check_tgs_flags()
464 kdc_log(context, config, 0, in check_tgs_flags()
476 kdc_log(context, config, 0, in check_tgs_flags()
493 kdc_log(context, config, 0, in check_tgs_flags()
506 check_constrained_delegation(krb5_context context, in check_constrained_delegation() argument
523 if(!krb5_realm_compare(context, client->entry.principal, server->entry.principal)) { in check_constrained_delegation()
525 kdc_log(context, config, 0, in check_constrained_delegation()
531 ret = clientdb->hdb_check_constrained_delegation(context, clientdb, client, target); in check_constrained_delegation()
536 if (krb5_principal_compare(context, client->entry.principal, server->entry.principal) == TRUE) in check_constrained_delegation()
541 krb5_clear_error_message(context); in check_constrained_delegation()
547 if (krb5_principal_compare(context, target, &acl->val[i]) == TRUE) in check_constrained_delegation()
553 kdc_log(context, config, 0, in check_constrained_delegation()
566 check_s4u2self(krb5_context context, in check_s4u2self() argument
575 if (krb5_principal_compare(context, client->entry.principal, server) == TRUE) in check_s4u2self()
579 ret = clientdb->hdb_check_s4u2self(context, clientdb, client, server); in check_s4u2self()
593 verify_flags (krb5_context context, in verify_flags() argument
599 kdc_log(context, config, 0, "Ticket expired (%s)", pstr); in verify_flags()
603 kdc_log(context, config, 0, "Ticket not valid (%s)", pstr); in verify_flags()
614 fix_transited_encoding(krb5_context context, in fix_transited_encoding() argument
638 kdc_log(context, config, 0, in fix_transited_encoding()
642 kdc_log(context, config, 0, in fix_transited_encoding()
647 ret = krb5_domain_x500_decode(context, in fix_transited_encoding()
654 krb5_warn(context, ret, in fix_transited_encoding()
683 kdc_log(context, config, 0, in fix_transited_encoding()
698 kdc_log(context, config, 0, in fix_transited_encoding()
705 ret = krb5_check_transited(context, client_realm, in fix_transited_encoding()
709 krb5_warn(context, ret, "cross-realm %s -> %s", in fix_transited_encoding()
718 krb5_warn(context, ret, "Encoding transited encoding"); in fix_transited_encoding()
728 tgs_make_reply(krb5_context context, in tgs_make_reply() argument
773 ret = check_tgs_flags(context, config, b, tgt, &et); in tgs_make_reply()
796 ret = fix_transited_encoding(context, config, in tgs_make_reply()
804 krb5_principal_get_realm(context, client_principal), in tgs_make_reply()
805 krb5_principal_get_realm(context, server->entry.principal), in tgs_make_reply()
880 ret = _kdc_tkt_add_if_relevant_ad(context, &et, in tgs_make_reply()
895 krb5_set_error_message(context, ret, "malloc: out of memory"); in tgs_make_reply()
902 krb5_set_error_message(context, ret, "malloc: out of memory"); in tgs_make_reply()
908 ret = find_KRB5SignedPath(context, et.authorization_data, NULL); in tgs_make_reply()
922 ret = krb5_copy_keyblock_contents(context, sessionkey, &et.key); in tgs_make_reply()
945 _kdc_log_timestamp(context, config, "TGS-REQ", et.authtime, et.starttime, in tgs_make_reply()
953 ret = _kdc_add_KRB5SignedPath(context, in tgs_make_reply()
977 if (krb5_enctype_valid(context, et.key.keytype) != 0 in tgs_make_reply()
980 krb5_enctype_enable(context, et.key.keytype); in tgs_make_reply()
995 ret = _kdc_encode_reply(context, config, in tgs_make_reply()
1001 krb5_enctype_disable(context, et.key.keytype); in tgs_make_reply()
1021 tgs_check_authenticator(krb5_context context, in tgs_check_authenticator() argument
1035 krb5_auth_con_getauthenticator(context, ac, &auth); in tgs_check_authenticator()
1037 kdc_log(context, config, 0, "No authenticator in request"); in tgs_check_authenticator()
1047 !krb5_checksum_is_keyed(context, auth->cksum->cksumtype) in tgs_check_authenticator()
1050 !krb5_checksum_is_collision_proof(context, auth->cksum->cksumtype)) { in tgs_check_authenticator()
1051 kdc_log(context, config, 0, "Bad checksum type in authenticator: %d", in tgs_check_authenticator()
1060 const char *msg = krb5_get_error_message(context, ret); in tgs_check_authenticator()
1061 kdc_log(context, config, 0, "Failed to encode KDC-REQ-BODY: %s", msg); in tgs_check_authenticator()
1062 krb5_free_error_message(context, msg); in tgs_check_authenticator()
1067 kdc_log(context, config, 0, "Internal error in ASN.1 encoder"); in tgs_check_authenticator()
1072 ret = krb5_crypto_init(context, key, 0, &crypto); in tgs_check_authenticator()
1074 const char *msg = krb5_get_error_message(context, ret); in tgs_check_authenticator()
1076 kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg); in tgs_check_authenticator()
1077 krb5_free_error_message(context, msg); in tgs_check_authenticator()
1080 ret = krb5_verify_checksum(context, in tgs_check_authenticator()
1087 krb5_crypto_destroy(context, crypto); in tgs_check_authenticator()
1089 const char *msg = krb5_get_error_message(context, ret); in tgs_check_authenticator()
1090 kdc_log(context, config, 0, in tgs_check_authenticator()
1092 krb5_free_error_message(context, msg); in tgs_check_authenticator()
1105 find_rpath(krb5_context context, Realm crealm, Realm srealm) in find_rpath() argument
1107 const char *new_realm = krb5_config_get_string(context, in find_rpath()
1118 need_referral(krb5_context context, krb5_kdc_configuration *config, in need_referral() argument
1134 kdc_log(context, config, 0, "Searching referral for %s", name); in need_referral()
1136 return _krb5_get_host_realm_int(context, name, FALSE, realms) == 0; in need_referral()
1140 tgs_parse_request(krb5_context context, in tgs_parse_request() argument
1174 ret = krb5_decode_ap_req(context, &tgs_req->padata_value, &ap_req); in tgs_parse_request()
1176 const char *msg = krb5_get_error_message(context, ret); in tgs_parse_request()
1177 kdc_log(context, config, 0, "Failed to decode AP-REQ: %s", msg); in tgs_parse_request()
1178 krb5_free_error_message(context, msg); in tgs_parse_request()
1184 kdc_log(context, config, 0, "PA-DATA is not a ticket-granting ticket"); in tgs_parse_request()
1189 _krb5_principalname2krb5_principal(context, in tgs_parse_request()
1194 …ret = _kdc_db_fetch(context, config, princ, HDB_F_GET_KRBTGT, ap_req.ticket.enc_part.kvno, NULL, k… in tgs_parse_request()
1198 ret = krb5_unparse_name(context, princ, &p); in tgs_parse_request()
1201 krb5_free_principal(context, princ); in tgs_parse_request()
1202 …kdc_log(context, config, 5, "Ticket-granting ticket account %s does not have secrets at this KDC, … in tgs_parse_request()
1208 const char *msg = krb5_get_error_message(context, ret); in tgs_parse_request()
1210 ret = krb5_unparse_name(context, princ, &p); in tgs_parse_request()
1213 krb5_free_principal(context, princ); in tgs_parse_request()
1214 kdc_log(context, config, 0, in tgs_parse_request()
1216 krb5_free_error_message(context, msg); in tgs_parse_request()
1227 ret = krb5_unparse_name (context, princ, &p); in tgs_parse_request()
1228 krb5_free_principal(context, princ); in tgs_parse_request()
1231 kdc_log(context, config, 0, in tgs_parse_request()
1244 ret = hdb_enctype2key(context, &(*krbtgt)->entry, in tgs_parse_request()
1249 krb5_enctype_to_string(context, ap_req.ticket.enc_part.etype, &str); in tgs_parse_request()
1250 krb5_unparse_name(context, princ, &p); in tgs_parse_request()
1251 kdc_log(context, config, 0, in tgs_parse_request()
1266 ret = krb5_verify_ap_req2(context, in tgs_parse_request()
1276 krb5_free_principal(context, princ); in tgs_parse_request()
1278 const char *msg = krb5_get_error_message(context, ret); in tgs_parse_request()
1279 kdc_log(context, config, 0, "Failed to verify AP-REQ: %s", msg); in tgs_parse_request()
1280 krb5_free_error_message(context, msg); in tgs_parse_request()
1287 ret = krb5_auth_con_getauthenticator(context, ac, &auth); in tgs_parse_request()
1291 krb5_free_authenticator(context, &auth); in tgs_parse_request()
1292 kdc_log(context, config, 0, "malloc failed"); in tgs_parse_request()
1298 krb5_free_authenticator(context, &auth); in tgs_parse_request()
1299 kdc_log(context, config, 0, "malloc failed"); in tgs_parse_request()
1303 krb5_free_authenticator(context, &auth); in tgs_parse_request()
1307 ret = tgs_check_authenticator(context, config, in tgs_parse_request()
1310 krb5_auth_con_free(context, ac); in tgs_parse_request()
1317 ret = krb5_auth_con_getremotesubkey(context, ac, &subkey); in tgs_parse_request()
1319 const char *msg = krb5_get_error_message(context, ret); in tgs_parse_request()
1320 krb5_auth_con_free(context, ac); in tgs_parse_request()
1321 kdc_log(context, config, 0, "Failed to get remote subkey: %s", msg); in tgs_parse_request()
1322 krb5_free_error_message(context, msg); in tgs_parse_request()
1329 ret = krb5_auth_con_getkey(context, ac, &subkey); in tgs_parse_request()
1331 const char *msg = krb5_get_error_message(context, ret); in tgs_parse_request()
1332 krb5_auth_con_free(context, ac); in tgs_parse_request()
1333 kdc_log(context, config, 0, "Failed to get session key: %s", msg); in tgs_parse_request()
1334 krb5_free_error_message(context, msg); in tgs_parse_request()
1339 krb5_auth_con_free(context, ac); in tgs_parse_request()
1340 kdc_log(context, config, 0, in tgs_parse_request()
1351 ret = krb5_crypto_init(context, subkey, 0, &crypto); in tgs_parse_request()
1353 const char *msg = krb5_get_error_message(context, ret); in tgs_parse_request()
1354 krb5_auth_con_free(context, ac); in tgs_parse_request()
1355 kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg); in tgs_parse_request()
1356 krb5_free_error_message(context, msg); in tgs_parse_request()
1359 ret = krb5_decrypt_EncryptedData (context, in tgs_parse_request()
1364 krb5_crypto_destroy(context, crypto); in tgs_parse_request()
1366 krb5_auth_con_free(context, ac); in tgs_parse_request()
1367 kdc_log(context, config, 0, in tgs_parse_request()
1374 krb5_auth_con_free(context, ac); in tgs_parse_request()
1380 krb5_auth_con_free(context, ac); in tgs_parse_request()
1383 kdc_log(context, config, 0, "Failed to decode authorization data"); in tgs_parse_request()
1389 krb5_auth_con_free(context, ac); in tgs_parse_request()
1398 build_server_referral(krb5_context context, in build_server_referral() argument
1447 krb5_abortx(context, "internal asn.1 encoder error"); in build_server_referral()
1449 ret = krb5_encrypt_EncryptedData(context, session, in build_server_referral()
1464 krb5_abortx(context, "internal asn.1 encoder error"); in build_server_referral()
1469 krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); in build_server_referral()
1474 tgs_build_reply(krb5_context context, in tgs_build_reply() argument
1503 krb5_principal_get_realm(context, krbtgt->entry.principal); in tgs_build_reply()
1542 kdc_log(context, config, 0, in tgs_build_reply()
1548 kdc_log(context, config, 0, in tgs_build_reply()
1553 _krb5_principalname2krb5_principal(context, &p, t->sname, t->realm); in tgs_build_reply()
1554 ret = _kdc_db_fetch(context, config, p, in tgs_build_reply()
1557 krb5_free_principal(context, p); in tgs_build_reply()
1563 ret = hdb_enctype2key(context, &uu->entry, in tgs_build_reply()
1566 _kdc_free_ent(context, uu); in tgs_build_reply()
1570 ret = krb5_decrypt_ticket(context, t, &uukey->key, &adtkt, 0); in tgs_build_reply()
1571 _kdc_free_ent(context, uu); in tgs_build_reply()
1575 ret = verify_flags(context, config, &adtkt, spn); in tgs_build_reply()
1583 _krb5_principalname2krb5_principal(context, &sp, *s, r); in tgs_build_reply()
1584 ret = krb5_unparse_name(context, sp, &spn); in tgs_build_reply()
1587 _krb5_principalname2krb5_principal(context, &cp, tgt->cname, tgt->crealm); in tgs_build_reply()
1588 ret = krb5_unparse_name(context, cp, &cpn); in tgs_build_reply()
1595 kdc_log(context, config, 0, in tgs_build_reply()
1599 kdc_log(context, config, 0, in tgs_build_reply()
1607 ret = _kdc_db_fetch(context, config, sp, HDB_F_GET_SERVER | flags, in tgs_build_reply()
1611 kdc_log(context, config, 5, "target %s does not have secrets at this KDC, need to proxy", sp); in tgs_build_reply()
1620 new_rlm = find_rpath(context, tgt->crealm, req_rlm); in tgs_build_reply()
1622 kdc_log(context, config, 5, "krbtgt for realm %s " in tgs_build_reply()
1625 krb5_free_principal(context, sp); in tgs_build_reply()
1627 krb5_make_principal(context, &sp, r, in tgs_build_reply()
1629 ret = krb5_unparse_name(context, sp, &spn); in tgs_build_reply()
1639 } else if(need_referral(context, config, &b->kdc_options, sp, &realms)) { in tgs_build_reply()
1641 kdc_log(context, config, 5, in tgs_build_reply()
1645 krb5_free_principal(context, sp); in tgs_build_reply()
1647 krb5_make_principal(context, &sp, r, KRB5_TGS_NAME, in tgs_build_reply()
1649 ret = krb5_unparse_name(context, sp, &spn); in tgs_build_reply()
1657 krb5_free_host_realm(context, realms); in tgs_build_reply()
1660 krb5_free_host_realm(context, realms); in tgs_build_reply()
1662 msg = krb5_get_error_message(context, ret); in tgs_build_reply()
1663 kdc_log(context, config, 0, in tgs_build_reply()
1665 krb5_free_error_message(context, msg); in tgs_build_reply()
1697 kdc_log(context, config, 0, in tgs_build_reply()
1699 krb5_clear_error_message(context); in tgs_build_reply()
1708 ret = _kdc_find_etype(context, in tgs_build_reply()
1709 krb5_principal_is_krbtgt(context, sp) ? in tgs_build_reply()
1715 kdc_log(context, config, 0, in tgs_build_reply()
1724 ret = krb5_generate_random_keyblock(context, etype, &sessionkey); in tgs_build_reply()
1739 ret = hdb_enctype2key(context, &krbtgt->entry, in tgs_build_reply()
1742 kdc_log(context, config, 0, in tgs_build_reply()
1750 ret = krb5_make_principal(context, &krbtgt_principal, in tgs_build_reply()
1751 krb5_principal_get_comp_string(context, in tgs_build_reply()
1755 krb5_principal_get_comp_string(context, in tgs_build_reply()
1759 kdc_log(context, config, 0, in tgs_build_reply()
1764 … ret = _kdc_db_fetch(context, config, krbtgt_principal, HDB_F_GET_KRBTGT, NULL, NULL, &krbtgt_out); in tgs_build_reply()
1765 krb5_free_principal(context, krbtgt_principal); in tgs_build_reply()
1769 ret = krb5_unparse_name(context, krbtgt->entry.principal, &ktpn); in tgs_build_reply()
1770 ret2 = krb5_unparse_name(context, krbtgt_principal, &ktpn2); in tgs_build_reply()
1771 kdc_log(context, config, 0, in tgs_build_reply()
1787 if (strcmp(krb5_principal_get_realm(context, server->entry.principal), in tgs_build_reply()
1788 krb5_principal_get_realm(context, krbtgt_out->entry.principal)) != 0) { in tgs_build_reply()
1790 ret = krb5_unparse_name(context, krbtgt_out->entry.principal, &ktpn); in tgs_build_reply()
1791 kdc_log(context, config, 0, in tgs_build_reply()
1799 ret = hdb_enctype2key(context, &krbtgt_out->entry, in tgs_build_reply()
1802 kdc_log(context, config, 0, in tgs_build_reply()
1807 ret = _kdc_db_fetch(context, config, cp, HDB_F_GET_CLIENT | flags, in tgs_build_reply()
1822 krbtgt_realm = krb5_principal_get_realm(context, krbtgt_out->entry.principal); in tgs_build_reply()
1824 if(strcmp(krb5_principal_get_realm(context, cp), krbtgt_realm) == 0) { in tgs_build_reply()
1827 kdc_log(context, config, 1, "Client no longer in database: %s", in tgs_build_reply()
1832 msg = krb5_get_error_message(context, ret); in tgs_build_reply()
1833 kdc_log(context, config, 1, "Client not found in database: %s", msg); in tgs_build_reply()
1834 krb5_free_error_message(context, msg); in tgs_build_reply()
1837 ret = check_PAC(context, config, cp, NULL, in tgs_build_reply()
1843 const char *msg = krb5_get_error_message(context, ret); in tgs_build_reply()
1844 kdc_log(context, config, 0, in tgs_build_reply()
1847 krb5_free_error_message(context, msg); in tgs_build_reply()
1852 ret = check_KRB5SignedPath(context, in tgs_build_reply()
1860 const char *msg = krb5_get_error_message(context, ret); in tgs_build_reply()
1861 kdc_log(context, config, 0, in tgs_build_reply()
1864 krb5_free_error_message(context, msg); in tgs_build_reply()
1891 kdc_log(context, config, 0, "Failed to decode PA-S4U2Self"); in tgs_build_reply()
1895 if (!krb5_checksum_is_keyed(context, self.cksum.cksumtype)) { in tgs_build_reply()
1897 kdc_log(context, config, 0, "Reject PA-S4U2Self with unkeyed checksum"); in tgs_build_reply()
1902 ret = _krb5_s4u2self_to_checksumdata(context, &self, &datack); in tgs_build_reply()
1906 ret = krb5_crypto_init(context, &tgt->key, 0, &crypto); in tgs_build_reply()
1908 const char *msg = krb5_get_error_message(context, ret); in tgs_build_reply()
1911 kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg); in tgs_build_reply()
1912 krb5_free_error_message(context, msg); in tgs_build_reply()
1916 ret = krb5_verify_checksum(context, in tgs_build_reply()
1923 krb5_crypto_destroy(context, crypto); in tgs_build_reply()
1925 const char *msg = krb5_get_error_message(context, ret); in tgs_build_reply()
1927 kdc_log(context, config, 0, in tgs_build_reply()
1929 krb5_free_error_message(context, msg); in tgs_build_reply()
1933 ret = _krb5_principalname2krb5_principal(context, in tgs_build_reply()
1941 ret = krb5_unparse_name(context, tp, &tpn); in tgs_build_reply()
1945 ret = _kdc_db_fetch(context, config, tp, HDB_F_GET_CLIENT | flags, in tgs_build_reply()
1959 msg = krb5_get_error_message(context, ret); in tgs_build_reply()
1960 kdc_log(context, config, 2, in tgs_build_reply()
1963 krb5_free_error_message(context, msg); in tgs_build_reply()
1970 ret = kdc_check_flags(context, config, s4u2self_impersonated_client, tpn, in tgs_build_reply()
1979 ret = _kdc_pac_generate(context, s4u2self_impersonated_client, &p); in tgs_build_reply()
1981 kdc_log(context, config, 0, "PAC generation failed for -- %s", in tgs_build_reply()
1986 ret = _krb5_pac_sign(context, p, ticket->ticket.authtime, in tgs_build_reply()
1990 krb5_pac_free(context, p); in tgs_build_reply()
1992 kdc_log(context, config, 0, "PAC signing failed for -- %s", in tgs_build_reply()
2003 ret = check_s4u2self(context, config, clientdb, client, sp); in tgs_build_reply()
2005 kdc_log(context, config, 0, "S4U2Self: %s is not allowed " in tgs_build_reply()
2025 kdc_log(context, config, 0, "s4u2self %s impersonating %s to " in tgs_build_reply()
2049 kdc_log(context, config, 0, in tgs_build_reply()
2057 ret = hdb_enctype2key(context, &client->entry, in tgs_build_reply()
2064 ret = krb5_decrypt_ticket(context, t, &clientkey->key, &adtkt, 0); in tgs_build_reply()
2066 kdc_log(context, config, 0, in tgs_build_reply()
2072 ret = _krb5_principalname2krb5_principal(context, in tgs_build_reply()
2079 ret = krb5_unparse_name(context, tp, &tpn); in tgs_build_reply()
2083 ret = _krb5_principalname2krb5_principal(context, in tgs_build_reply()
2090 ret = krb5_unparse_name(context, dp, &dpn); in tgs_build_reply()
2096 kdc_log(context, config, 0, in tgs_build_reply()
2104 ret = check_constrained_delegation(context, config, clientdb, in tgs_build_reply()
2107 kdc_log(context, config, 0, in tgs_build_reply()
2113 ret = verify_flags(context, config, &adtkt, tpn); in tgs_build_reply()
2126 ret = check_PAC(context, config, tp, dp, in tgs_build_reply()
2132 const char *msg = krb5_get_error_message(context, ret); in tgs_build_reply()
2133 kdc_log(context, config, 0, in tgs_build_reply()
2137 krb5_free_error_message(context, msg); in tgs_build_reply()
2144 ret = check_KRB5SignedPath(context, in tgs_build_reply()
2152 const char *msg = krb5_get_error_message(context, ret); in tgs_build_reply()
2153 kdc_log(context, config, 0, in tgs_build_reply()
2158 krb5_free_error_message(context, msg); in tgs_build_reply()
2164 kdc_log(context, config, 0, in tgs_build_reply()
2172 kdc_log(context, config, 0, "constrained delegation for %s " in tgs_build_reply()
2180 ret = kdc_check_flags(context, config, in tgs_build_reply()
2188 !krb5_principal_compare(context, in tgs_build_reply()
2191 kdc_log(context, config, 0, "Inconsistent request."); in tgs_build_reply()
2197 if(!_kdc_check_addresses(context, config, tgt->caddr, from_addr)) { in tgs_build_reply()
2199 kdc_log(context, config, 0, "Request from wrong address"); in tgs_build_reply()
2211 kdc_log(context, config, 0, in tgs_build_reply()
2214 ret = krb5_crypto_init(context, &sessionkey, 0, &crypto); in tgs_build_reply()
2218 ret = build_server_referral(context, config, crypto, ref_realm, in tgs_build_reply()
2220 krb5_crypto_destroy(context, crypto); in tgs_build_reply()
2222 kdc_log(context, config, 0, in tgs_build_reply()
2231 kdc_log(context, config, 0, in tgs_build_reply()
2241 ret = tgs_make_reply(context, in tgs_build_reply()
2275 krb5_free_keyblock_contents(context, &sessionkey); in tgs_build_reply()
2277 _kdc_free_ent(context, krbtgt_out); in tgs_build_reply()
2279 _kdc_free_ent(context, server); in tgs_build_reply()
2281 _kdc_free_ent(context, client); in tgs_build_reply()
2283 _kdc_free_ent(context, s4u2self_impersonated_client); in tgs_build_reply()
2286 krb5_free_principal(context, tp); in tgs_build_reply()
2288 krb5_free_principal(context, cp); in tgs_build_reply()
2290 krb5_free_principal(context, dp); in tgs_build_reply()
2292 krb5_free_principal(context, sp); in tgs_build_reply()
2307 _kdc_tgs_rep(krb5_context context, in _kdc_tgs_rep() argument
2332 kdc_log(context, config, 0, in _kdc_tgs_rep()
2342 kdc_log(context, config, 0, in _kdc_tgs_rep()
2346 ret = tgs_parse_request(context, config, in _kdc_tgs_rep()
2362 kdc_log(context, config, 0, in _kdc_tgs_rep()
2367 ret = tgs_build_reply(context, in _kdc_tgs_rep()
2382 kdc_log(context, config, 0, in _kdc_tgs_rep()
2396 krb5_free_keyblock(context, replykey); in _kdc_tgs_rep()
2398 krb5_mk_error(context, in _kdc_tgs_rep()
2412 krb5_free_ticket(context, ticket); in _kdc_tgs_rep()
2414 _kdc_free_ent(context, krbtgt); in _kdc_tgs_rep()