krb5_mk_req_extended — Format a KRB_AP_REQ message with additional options
» Table of Contents |  | | » Glossary | | | » Index | | |
| | |
| ||
| ||
|
|
|
| context (input/output) | The context structure. | |
| auth_context (input/output) | Authentication context. Contains the checksum method to be used. A new authentication context will be returned if NULL is specified. | |
| ap_req_options (input) | Specifies the KRB_AP_REQ options desired. Valid options are: AP_OPTS_USE_SESSION_KEY AP_OPTS_MUTUAL_REQUIRED | |
| in_data (input) | Application data whose checksum should be included in the authenticator. Specify NULL if no checksum is to be included. | |
| in_creds (input) | Specifies the credentials for the service. | |
| outbuf (output) | A pointer to an existing krb5_data structure to be filled. Returns the generated AP_REQ message. |
This routine formats a KRB_AP_REQ message into outbuf, with more complete options than krb5_mk_req.
The outbuf, ap_req_options, auth_context, and ccache arguments are used in the same fashion as for krb5_mk_req.
The in_creds argument is used to supply the credentials (ticket and session key) needed to form the request.
If in_creds->ticket has no data (length == 0), then an error is returned.
During a call to this routine, the structure elements in in_creds may be freed and reallocated. Hence all of the structure elements which are pointers should point to allocated memory, and there should be no other pointers aliased to the same memory, since it may be deallocated during this routine call.
If ap_req_options specifies AP_OPTS_USE_SUBKEY, then a subkey will be generated if need be by krb5_generate_subkey.
A copy of the authenticator will be stored in the auth_context, with the principal and checksum fields nulled out, unless an error is returned. (This is to prevent pointer-sharing problems; the caller should not need these fields anyway, since the caller supplied them.)