krb5_error_code
krb5int_fast_tgs_armor(krb5_context context,
struct krb5int_fast_request_state *state,
krb5_keyblock *subkey, krb5_keyblock *session_key,
krb5_ccache ccache, krb5_data *target_realm)
{
krb5_principal target_principal = NULL;
krb5_keyblock *existing_armor = NULL;
krb5_error_code retval = 0;
if (ccache) {
retval = krb5int_tgtname(context, target_realm, target_realm,
&target_principal);
if (retval == 0)
retval = fast_armor_ap_request(context, state, ccache,
target_principal);
if (retval == 0) {
existing_armor = state->armor_key;
state->armor_key = NULL;
retval = krb5_c_fx_cf2_simple(context, existing_armor,
"explicitarmor", subkey,
"tgsarmor", &state->armor_key);
}
} else {
retval = krb5_c_fx_cf2_simple(context, subkey, "subkeyarmor",
session_key, "ticketarmor",
&state->armor_key);
}
if (target_principal)
krb5_free_principal(context, target_principal);
krb5_free_keyblock(context, existing_armor);
return retval;
}
krb5_error_code krb5int_fast_as_armor
(krb5_context context, struct krb5int_fast_request_state *state,
krb5_gic_opt_ext *opte,
krb5_kdc_req *request)
{
krb5_error_code retval = 0;
krb5_ccache ccache = NULL;
krb5_clear_error_message(context);
if (opte->opt_private->fast_ccache_name) {
retval = krb5_cc_resolve(context, opte->opt_private->fast_ccache_name,
&ccache);
if (retval==0)
retval = fast_armor_ap_request(context, state, ccache,
krb5_princ_realm(context, request->server));
if (retval != 0) {
const char * errmsg;
errmsg = krb5_get_error_message(context, retval);
if (errmsg) {
krb5_set_error_message(context, retval, "%s constructing AP-REQ armor", errmsg);
krb5_free_error_message(context, errmsg);
}
}
}
if (ccache)
krb5_cc_close(context, ccache);
return retval;
}
krb5_error_code
krb5int_fast_as_armor(krb5_context context,
struct krb5int_fast_request_state *state,
krb5_gic_opt_ext *opte,
krb5_kdc_req *request)
{
krb5_error_code retval = 0;
krb5_ccache ccache = NULL;
krb5_principal target_principal = NULL;
krb5_data *target_realm;
krb5_clear_error_message(context);
target_realm = krb5_princ_realm(context, request->server);
if (opte->opt_private->fast_ccache_name) {
TRACE_FAST_ARMOR_CCACHE(context, opte->opt_private->fast_ccache_name);
state->fast_state_flags |= KRB5INT_FAST_ARMOR_AVAIL;
retval = krb5_cc_resolve(context, opte->opt_private->fast_ccache_name,
&ccache);
if (retval == 0) {
retval = krb5int_tgtname(context, target_realm, target_realm,
&target_principal);
}
if (retval == 0) {
krb5_data config_data;
config_data.data = NULL;
retval = krb5_cc_get_config(context, ccache, target_principal,
KRB5_CONF_FAST_AVAIL, &config_data);
if ((retval == 0) && config_data.data) {
TRACE_FAST_CCACHE_CONFIG(context);
state->fast_state_flags |= KRB5INT_FAST_DO_FAST;
}
krb5_free_data_contents(context, &config_data);
retval = 0;
}
if (opte->opt_private->fast_flags & KRB5_FAST_REQUIRED) {
TRACE_FAST_REQUIRED(context);
state->fast_state_flags |= KRB5INT_FAST_DO_FAST;
}
if (retval == 0 && (state->fast_state_flags & KRB5INT_FAST_DO_FAST)) {
retval = fast_armor_ap_request(context, state, ccache,
target_principal);
}
if (retval != 0) {
const char * errmsg;
errmsg = krb5_get_error_message(context, retval);
if (errmsg) {
krb5_set_error_message(context, retval,
"%s constructing AP-REQ armor", errmsg);
krb5_free_error_message(context, errmsg);
}
}
}
if (ccache)
krb5_cc_close(context, ccache);
if (target_principal)
krb5_free_principal(context, target_principal);
return retval;
}
krb5_error_code
krb5int_fast_as_armor(krb5_context context,
struct krb5int_fast_request_state *state,
krb5_get_init_creds_opt *opt, krb5_kdc_req *request)
{
krb5_error_code retval = 0;
krb5_ccache ccache = NULL;
krb5_principal target_principal = NULL;
krb5_data *target_realm;
const char *ccname = k5_gic_opt_get_fast_ccache_name(opt);
krb5_flags fast_flags;
krb5_clear_error_message(context);
target_realm = &request->server->realm;
if (ccname != NULL) {
TRACE_FAST_ARMOR_CCACHE(context, ccname);
state->fast_state_flags |= KRB5INT_FAST_ARMOR_AVAIL;
retval = krb5_cc_resolve(context, ccname, &ccache);
if (retval == 0) {
retval = krb5int_tgtname(context, target_realm, target_realm,
&target_principal);
}
if (retval == 0) {
krb5_data config_data;
config_data.data = NULL;
retval = krb5_cc_get_config(context, ccache, target_principal,
KRB5_CC_CONF_FAST_AVAIL, &config_data);
if ((retval == 0) && config_data.data) {
TRACE_FAST_CCACHE_CONFIG(context);
state->fast_state_flags |= KRB5INT_FAST_DO_FAST;
}
krb5_free_data_contents(context, &config_data);
retval = 0;
}
fast_flags = k5_gic_opt_get_fast_flags(opt);
if (fast_flags & KRB5_FAST_REQUIRED) {
TRACE_FAST_REQUIRED(context);
state->fast_state_flags |= KRB5INT_FAST_DO_FAST;
}
if (retval == 0 && (state->fast_state_flags & KRB5INT_FAST_DO_FAST)) {
retval = fast_armor_ap_request(context, state, ccache,
target_principal);
}
if (retval != 0) {
k5_prependmsg(context, retval,
_("Error constructing AP-REQ armor"));
}
}
if (ccache)
krb5_cc_close(context, ccache);
if (target_principal)
krb5_free_principal(context, target_principal);
return retval;
}
