HP Open Source Security for OpenVMS Volume 3: Kerberos > Chapter 6 KRB5 (Kerberos V5) Application Programming Interface

krb5_mk_req_extended — Format a KRB_AP_REQ message with additional options

  Table of Contents

  Glossary

  Index

C Prototype

krb5_error_code krb5_mk_req_extended(
krb5_context context,
krb5_auth_context *auth_context,
const krb5_flags ap_req_options,
krb5_data *in_data,
krb5_creds *in_creds,
krb5_data *outbuf );

Arguments

context (input/output) 

The context structure.

auth_context (input/output) 

Authentication context. Contains the checksum method to be used. A new authentication context will be returned if NULL is specified.

ap_req_options (input) 

Specifies the KRB_AP_REQ options desired. Valid options are:

AP_OPTS_USE_SESSION_KEY

AP_OPTS_MUTUAL_REQUIRED

in_data (input) 

Application data whose checksum should be included in the authenticator. Specify NULL if no checksum is to be included.

in_creds (input) 

Specifies the credentials for the service.

outbuf (output) 

A pointer to an existing krb5_data structure to be filled. Returns the generated AP_REQ message.

Description

This routine formats a KRB_AP_REQ message into outbuf, with more complete options than krb5_mk_req.

The outbuf, ap_req_options, auth_context, and ccache arguments are used in the same fashion as for krb5_mk_req.

The in_creds argument is used to supply the credentials (ticket and session key) needed to form the request.

If in_creds->ticket has no data (length == 0), then an error is returned.

During a call to this routine, the structure elements in in_creds may be freed and reallocated. Hence all of the structure elements which are pointers should point to allocated memory, and there should be no other pointers aliased to the same memory, since it may be deallocated during this routine call.

If ap_req_options specifies AP_OPTS_USE_SUBKEY, then a subkey will be generated if need be by krb5_generate_subkey.

A copy of the authenticator will be stored in the auth_context, with the principal and checksum fields nulled out, unless an error is returned. (This is to prevent pointer-sharing problems; the caller should not need these fields anyway, since the caller supplied them.)

Return Values

This routine returns one of the following KRB5 status codes:

0Successful completion.

ENOMEM

Insufficient memory.