return ptr;
}
-krb5_error_code KRB5_CALLCONV
-krb5int_pac_sign(krb5_context context,
- krb5_pac pac,
- krb5_timestamp authtime,
- krb5_const_principal principal,
- const krb5_keyblock *server_key,
- const krb5_keyblock *privsvr_key,
- krb5_data *data);
-
krb5_error_code KRB5_CALLCONV
krb5_get_credentials_for_user(krb5_context context, krb5_flags options,
krb5_ccache ccache,
krb5_timestamp authtime, krb5_const_principal principal,
const krb5_keyblock *server, const krb5_keyblock *privsvr);
+/**
+ * Sign a PAC.
+ *
+ * @param [in] context Library context
+ * @param [in] pac PAC handle
+ * @param [in] authtime Expected timestamp
+ * @param [in] principal Expected principal name (or NULL)
+ * @param [in] server Key for server checksum
+ * @param [in] privsvr Key for KDC checksum
+ * @param [out] data Signed PAC encoding
+ *
+ * This function signs @a pac using the keys @a server and @a privsvr and
+ * returns the signed encoding in @a data. @a pac is modified to include the
+ * server and KDC checksum buffers. Use krb5_free_data_contents() to free @a
+ * data when it is no longer needed.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_pac_sign(krb5_context context, krb5_pac pac, krb5_timestamp authtime,
+ krb5_const_principal principal, const krb5_keyblock *server_key,
+ const krb5_keyblock *privsvr_key, krb5_data *data);
+
/**
* Allow the appplication to override the profile's allow_weak_crypto setting.
*
}
krb5_error_code KRB5_CALLCONV
-krb5int_pac_sign(krb5_context context,
- krb5_pac pac,
- krb5_timestamp authtime,
- krb5_const_principal principal,
- const krb5_keyblock *server_key,
- const krb5_keyblock *privsvr_key,
- krb5_data *data)
+krb5_pac_sign(krb5_context context, krb5_pac pac, krb5_timestamp authtime,
+ krb5_const_principal principal, const krb5_keyblock *server_key,
+ const krb5_keyblock *privsvr_key, krb5_data *data)
{
krb5_error_code ret;
krb5_data server_cksum, privsvr_cksum;
if (ret)
err(context, ret, "krb5_pac_verify");
- ret = krb5int_pac_sign(context, pac, authtime, p,
- &member_keyblock, &kdc_keyblock, &data);
+ ret = krb5_pac_sign(context, pac, authtime, p,
+ &member_keyblock, &kdc_keyblock, &data);
if (ret)
- err(context, ret, "krb5int_pac_sign");
+ err(context, ret, "krb5_pac_sign");
krb5_pac_free(context, pac);
}
free(list);
- ret = krb5int_pac_sign(context, pac2, authtime, p,
- &member_keyblock, &kdc_keyblock, &data);
+ ret = krb5_pac_sign(context, pac2, authtime, p,
+ &member_keyblock, &kdc_keyblock, &data);
if (ret)
- err(context, ret, "krb5int_pac_sign 4");
+ err(context, ret, "krb5_pac_sign 4");
krb5_pac_free(context, pac2);
krb5_free_data_contents(context, &data);
}
- ret = krb5int_pac_sign(context, pac, authtime, p,
- &member_keyblock, &kdc_keyblock, &data);
+ ret = krb5_pac_sign(context, pac, authtime, p,
+ &member_keyblock, &kdc_keyblock, &data);
if (ret)
- err(context, ret, "krb5int_pac_sign");
+ err(context, ret, "krb5_pac_sign");
krb5_pac_free(context, pac);
krb5_pac_get_types
krb5_pac_init
krb5_pac_parse
+krb5_pac_sign
krb5_pac_verify
krb5_parse_name
krb5_parse_name_flags
krb5int_init_context_kdc
krb5int_init_trace
krb5int_initialize_library
-krb5int_pac_sign
krb5int_sendtokdc_debug_handler
krb5int_trace
profile_abandon
krb5_cc_switch @392
krb5_free_string @393
krb5_cc_select @394
+ krb5_pac_sign @395
projects / krb5.git / commitdiff