oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Make context global.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2701 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
1997-08-04 18:20:36 +00:00
parent 5cd6b4ba84
commit a0464f4b20
7 changed files with 141 additions and 146 deletions
Download Patch File Download Diff File Expand all files Collapse all files

162
kdc/kerberos5.c
View File

@@ -43,8 +43,7 @@ RCSID("$Id$");
#define MAX_TIME ((time_t)((1U << 31) - 1))
krb5_error_code
as_rep(krb5_context context,
KDC_REQ *req,
as_rep(KDC_REQ *req,
krb5_data *reply,
const char *from)
{
@@ -80,60 +79,60 @@ as_rep(krb5_context context,
principalname2krb5_principal (&client_princ, *(b->cname), b->realm);
krb5_unparse_name(context, client_princ, &client_name);
}
kdc_log(context, 0, "AS-REQ %s from %s for %s",
kdc_log(0, "AS-REQ %s from %s for %s",
client_name, from, server_name);
if(ret)
goto out;
client = db_fetch(context, client_princ);
client = db_fetch(client_princ);
if(client == NULL){
kdc_log(context, 0, "UNKNOWN -- %s", client_name);
kdc_log(0, "UNKNOWN -- %s", client_name);
ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
goto out;
}
if (client->valid_start && *client->valid_start > kdc_time) {
kdc_log(context, 0, "Client not yet valid -- %s", client_name);
kdc_log(0, "Client not yet valid -- %s", client_name);
ret = KRB5KDC_ERR_CLIENT_NOTYET;
goto out;
}
if (client->valid_end && *client->valid_end < kdc_time) {
kdc_log(context, 0, "Client expired -- %s", client_name);
kdc_log(0, "Client expired -- %s", client_name);
ret = KRB5KDC_ERR_NAME_EXP;
goto out;
}
server = db_fetch(context, server_princ);
server = db_fetch(server_princ);
if(server == NULL){
kdc_log(context, 0, "UNKNOWN -- %s", server_name);
kdc_log(0, "UNKNOWN -- %s", server_name);
ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
goto out;
}
if (server->valid_start && *server->valid_start > kdc_time) {
kdc_log(context, 0, "Server not yet valid -- %s", server_name);
kdc_log(0, "Server not yet valid -- %s", server_name);
ret = KRB5KDC_ERR_SERVICE_NOTYET;
goto out;
}
if (server->valid_end && *server->valid_end < kdc_time) {
kdc_log(context, 0, "Server expired -- %s", server_name);
kdc_log(0, "Server expired -- %s", server_name);
ret = KRB5KDC_ERR_SERVICE_EXP;
goto out;
}
if(!client->flags.client){
ret = KRB5KDC_ERR_POLICY;
kdc_log(context, 0, "Principal may not act as client -- %s",
kdc_log(0, "Principal may not act as client -- %s",
client_name);
goto out;
}
if(!server->flags.server){
ret = KRB5KDC_ERR_POLICY;
kdc_log(context, 0, "Principal (%s) may not act as server -- %s",
kdc_log(0, "Principal (%s) may not act as server -- %s",
server_name, client_name);
goto out;
}
@@ -141,7 +140,7 @@ as_rep(krb5_context context,
if (client->pw_end && *client->pw_end < kdc_time
&& !server->flags.change_pw) {
ret = KRB5KDC_ERR_KEY_EXPIRED;
kdc_log(context, 0, "Client (%s)'s key has expired", client_name);
kdc_log(0, "Client (%s)'s key has expired", client_name);
goto out;
}
@@ -158,7 +157,7 @@ as_rep(krb5_context context,
if(ret){
ret = KRB5KDC_ERR_ETYPE_NOSUPP;
kdc_log(context, 0, "No support for etypes -- %s", client_name);
kdc_log(0, "No support for etypes -- %s", client_name);
goto out;
}
@@ -171,7 +170,7 @@ as_rep(krb5_context context,
int i;
PA_DATA *pa;
int found_pa = 0;
kdc_log(context, 5, "Looking for pa-data -- %s", client_name);
kdc_log(5, "Looking for pa-data -- %s", client_name);
for(i = 0; i < req->padata->len; i++){
PA_DATA *pa = &req->padata->val[i];
if(pa->padata_type == pa_enc_timestamp){
@@ -181,7 +180,7 @@ as_rep(krb5_context context,
size_t len;
EncryptedData enc_data;
kdc_log(context, 5, "Found pa-enc-timestamp -- %s",
kdc_log(5, "Found pa-enc-timestamp -- %s",
client_name);
found_pa = 1;
@@ -191,7 +190,7 @@ as_rep(krb5_context context,
&len);
if (ret) {
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
kdc_log(context, 5, "Failed to decode PA-DATA -- %s",
kdc_log(5, "Failed to decode PA-DATA -- %s",
client_name);
goto out;
}
@@ -208,7 +207,7 @@ as_rep(krb5_context context,
free_EncryptedData(&enc_data);
if(ret){
e_text = "Failed to decrypt PA-DATA";
kdc_log (context, 5, "Failed to decrypt PA-DATA -- %s",
kdc_log (5, "Failed to decrypt PA-DATA -- %s",
client_name);
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
continue;
@@ -221,7 +220,7 @@ as_rep(krb5_context context,
if(ret){
e_text = "Failed to decode PA-ENC-TS-ENC";
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
kdc_log (context, 5, "Failed to decode PA-ENC-TS_ENC -- %s",
kdc_log (5, "Failed to decode PA-ENC-TS_ENC -- %s",
client_name);
continue;
}
@@ -237,16 +236,16 @@ as_rep(krb5_context context,
server_princ,
0,
reply);
kdc_log(context, 0, "Too large time skew -- %s",
kdc_log(0, "Too large time skew -- %s",
client_name);
goto out2;
}
et.flags.pre_authent = 1;
kdc_log(context, 2, "Pre-authentication succeded -- %s",
kdc_log(2, "Pre-authentication succeded -- %s",
client_name);
break;
} else {
kdc_log(context, 5, "Found pa-data of type %d -- %s",
kdc_log(5, "Found pa-data of type %d -- %s",
pa->padata_type, client_name);
}
}
@@ -256,7 +255,7 @@ as_rep(krb5_context context,
/* We come here if we found a pa-enc-timestamp, but if there
was some problem with it, other than too large skew */
if(et.flags.pre_authent == 0){
kdc_log(context, 0, "%s -- %s", e_text, client_name);
kdc_log(0, "%s -- %s", e_text, client_name);
e_text = NULL;
goto out;
}
@@ -293,11 +292,11 @@ as_rep(krb5_context context,
0,
reply);
kdc_log(context, 0, "No PA-ENC-TIMESTAMP -- %s", client_name);
kdc_log(0, "No PA-ENC-TIMESTAMP -- %s", client_name);
goto out2;
}
kdc_log(context, 2, "Using etype %d -- %s", etype, client_name);
kdc_log(2, "Using etype %d -- %s", etype, client_name);
memset(&rep, 0, sizeof(rep));
rep.pvno = 5;
@@ -310,7 +309,7 @@ as_rep(krb5_context context,
if(f.renew || f.validate || f.proxy || f.forwarded || f.enc_tkt_in_skey){
ret = KRB5KDC_ERR_BADOPTION;
kdc_log(context, 0, "Bad KDC options -- %s", client_name);
kdc_log(0, "Bad KDC options -- %s", client_name);
goto out;
}
@@ -319,21 +318,21 @@ as_rep(krb5_context context,
et.flags.forwardable = f.forwardable;
else{
ret = KRB5KDC_ERR_POLICY;
kdc_log(context, 0, "Ticket may not be forwardable -- %s", client_name);
kdc_log(0, "Ticket may not be forwardable -- %s", client_name);
goto out;
}
if(client->flags.proxiable && server->flags.proxiable)
et.flags.proxiable = f.proxiable;
else{
ret = KRB5KDC_ERR_POLICY;
kdc_log(context, 0, "Ticket may not be proxiable -- %s", client_name);
kdc_log(0, "Ticket may not be proxiable -- %s", client_name);
goto out;
}
if(client->flags.postdate && server->flags.postdate)
et.flags.may_postdate = f.allow_postdate;
else{
ret = KRB5KDC_ERR_POLICY;
kdc_log(context, 0, "Ticket may not be postdatable -- %s", client_name);
kdc_log(0, "Ticket may not be postdatable -- %s", client_name);
goto out;
}
@@ -352,7 +351,7 @@ as_rep(krb5_context context,
start = *et.starttime = *req->req_body.from;
et.flags.invalid = 1;
et.flags.postdated = 1; /* XXX ??? */
kdc_log(context, 2, "Postdated ticket requested -- %s",
kdc_log(2, "Postdated ticket requested -- %s",
client_name);
}
if(b->till == 0)
@@ -456,7 +455,7 @@ as_rep(krb5_context context,
&et, &len);
free_EncTicketPart(&et);
if(ret) {
kdc_log(context, 0, "Failed to encode ticket -- %s", client);
kdc_log(0, "Failed to encode ticket -- %s", client);
goto out;
}
@@ -473,7 +472,7 @@ as_rep(krb5_context context,
&ek, &len);
free_EncKDCRepPart(&ek);
if(ret) {
kdc_log(context, 0, "Failed to encode KDC-REP -- %s", client_name);
kdc_log(0, "Failed to encode KDC-REP -- %s", client_name);
goto out;
}
ekey = unseal_key(ckey);
@@ -495,7 +494,7 @@ as_rep(krb5_context context,
ret = encode_AS_REP(buf + sizeof(buf) - 1, sizeof(buf), &rep, &len);
free_AS_REP(&rep);
if(ret) {
kdc_log(context, 0, "Failed to encode AS-REP -- %s", client_name);
kdc_log(0, "Failed to encode AS-REP -- %s", client_name);
goto out;
}
@@ -531,37 +530,36 @@ out2:
static krb5_error_code
check_tgs_flags(krb5_context context, KDC_REQ_BODY *b,
EncTicketPart *tgt, EncTicketPart *et)
check_tgs_flags(KDC_REQ_BODY *b, EncTicketPart *tgt, EncTicketPart *et)
{
KDCOptions f = b->kdc_options;
if(f.validate){
if(!tgt->flags.invalid || tgt->starttime == NULL){
kdc_log(context, 0, "Bad request to validate ticket");
kdc_log(0, "Bad request to validate ticket");
return KRB5KDC_ERR_BADOPTION;
}
if(*tgt->starttime < kdc_time){
kdc_log(context, 0, "Early request to validate ticket");
kdc_log(0, "Early request to validate ticket");
return KRB5KRB_AP_ERR_TKT_NYV;
}
/* XXX tkt = tgt */
et->flags.invalid = 0;
}else if(tgt->flags.invalid){
kdc_log(context, 0, "Ticket-granting ticket has INVALID flag set");
kdc_log(0, "Ticket-granting ticket has INVALID flag set");
return KRB5KRB_AP_ERR_TKT_INVALID;
}
if(f.forwardable){
if(!tgt->flags.forwardable){
kdc_log(context, 0, "Bad request for forwardable ticket");
kdc_log(0, "Bad request for forwardable ticket");
return KRB5KDC_ERR_BADOPTION;
}
et->flags.forwardable = 1;
}
if(f.forwarded){
if(!tgt->flags.forwardable){
kdc_log(context, 0, "Request to forward non-forwardable ticket");
kdc_log(0, "Request to forward non-forwardable ticket");
return KRB5KDC_ERR_BADOPTION;
}
et->flags.forwarded = 1;
@@ -572,14 +570,14 @@ check_tgs_flags(krb5_context context, KDC_REQ_BODY *b,
if(f.proxiable){
if(!tgt->flags.proxiable){
kdc_log(context, 0, "Bad request for proxiable ticket");
kdc_log(0, "Bad request for proxiable ticket");
return KRB5KDC_ERR_BADOPTION;
}
et->flags.proxiable = 1;
}
if(f.proxy){
if(!tgt->flags.proxiable){
kdc_log(context, 0, "Request to proxy non-proxiable ticket");
kdc_log(0, "Request to proxy non-proxiable ticket");
return KRB5KDC_ERR_BADOPTION;
}
et->flags.proxy = 1;
@@ -590,14 +588,14 @@ check_tgs_flags(krb5_context context, KDC_REQ_BODY *b,
if(f.allow_postdate){
if(!tgt->flags.may_postdate){
kdc_log(context, 0, "Bad request for post-datable ticket");
kdc_log(0, "Bad request for post-datable ticket");
return KRB5KDC_ERR_BADOPTION;
}
et->flags.may_postdate = 1;
}
if(f.postdated){
if(!tgt->flags.may_postdate){
kdc_log(context, 0, "Bad request for postdated ticket");
kdc_log(0, "Bad request for postdated ticket");
return KRB5KDC_ERR_BADOPTION;
}
if(b->from)
@@ -605,13 +603,13 @@ check_tgs_flags(krb5_context context, KDC_REQ_BODY *b,
et->flags.postdated = 1;
et->flags.invalid = 1;
}else if(b->from && *b->from > kdc_time + context->max_skew){
kdc_log(context, 0, "Ticket cannot be postdated");
kdc_log(0, "Ticket cannot be postdated");
return KRB5KDC_ERR_CANNOT_POSTDATE;
}
if(f.renewable){
if(!tgt->flags.renewable){
kdc_log(context, 0, "Bad request for renewable ticket");
kdc_log(0, "Bad request for renewable ticket");
return KRB5KDC_ERR_BADOPTION;
}
et->flags.renewable = 1;
@@ -621,7 +619,7 @@ check_tgs_flags(krb5_context context, KDC_REQ_BODY *b,
if(f.renew){
time_t old_life;
if(!tgt->flags.renewable || tgt->renew_till == NULL){
kdc_log(context, 0, "Request to renew non-renewable ticket");
kdc_log(0, "Request to renew non-renewable ticket");
return KRB5KDC_ERR_BADOPTION;
}
old_life = tgt->endtime;
@@ -637,7 +635,7 @@ check_tgs_flags(krb5_context context, KDC_REQ_BODY *b,
}
static krb5_error_code
tgs_make_reply(krb5_context context, KDC_REQ_BODY *b, EncTicketPart *tgt,
tgs_make_reply(KDC_REQ_BODY *b, EncTicketPart *tgt,
hdb_entry *server, hdb_entry *client, krb5_data *reply)
{
KDC_REP rep;
@@ -657,7 +655,7 @@ tgs_make_reply(krb5_context context, KDC_REQ_BODY *b, EncTicketPart *tgt,
}
if(ret){
kdc_log(context, 0, "Failed to find requested etype");
kdc_log(0, "Failed to find requested etype");
return KRB5KDC_ERR_ETYPE_NOSUPP;
}
@@ -675,7 +673,7 @@ tgs_make_reply(krb5_context context, KDC_REQ_BODY *b, EncTicketPart *tgt,
ALLOC(et.starttime);
*et.starttime = kdc_time;
ret = check_tgs_flags(context, b, tgt, &et);
ret = check_tgs_flags(b, tgt, &et);
if(ret)
return ret;
@@ -766,7 +764,7 @@ tgs_make_reply(krb5_context context, KDC_REQ_BODY *b, EncTicketPart *tgt,
ret = encode_EncTicketPart(buf + sizeof(buf) - 1,
sizeof(buf), &et, &len);
if(ret){
kdc_log(context, 0, "Failed to encode EncTicketPart: %s",
kdc_log(0, "Failed to encode EncTicketPart: %s",
krb5_get_err_text(context, ret));
goto out;
}
@@ -780,7 +778,7 @@ tgs_make_reply(krb5_context context, KDC_REQ_BODY *b, EncTicketPart *tgt,
ret = encode_EncTGSRepPart(buf + sizeof(buf) - 1,
sizeof(buf), &ek, &len);
if(ret){
kdc_log(context, 0, "Failed to encode EncTicketPart: %s",
kdc_log(0, "Failed to encode EncTicketPart: %s",
krb5_get_err_text(context, ret));
goto out;
}
@@ -805,7 +803,7 @@ tgs_make_reply(krb5_context context, KDC_REQ_BODY *b, EncTicketPart *tgt,
ret = encode_TGS_REP(buf + sizeof(buf) - 1, sizeof(buf), &rep, &len);
if(ret){
kdc_log(context, 0, "Failed to encode TGS-REP: %s",
kdc_log(0, "Failed to encode TGS-REP: %s",
krb5_get_err_text(context, ret));
goto out;
}
@@ -824,7 +822,7 @@ tgs_make_reply(krb5_context context, KDC_REQ_BODY *b, EncTicketPart *tgt,
}
static krb5_error_code
tgs_check_authenticator(krb5_context context, krb5_auth_context ac,
tgs_check_authenticator(krb5_auth_context ac,
KDC_REQ_BODY *b, krb5_keyblock *key)
{
krb5_authenticator auth;
@@ -834,7 +832,7 @@ tgs_check_authenticator(krb5_context context, krb5_auth_context ac,
krb5_auth_getauthenticator(context, ac, &auth);
if(auth->cksum == NULL){
kdc_log(context, 0, "No authenticator in request");
kdc_log(0, "No authenticator in request");
ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
goto out;
}
@@ -842,7 +840,7 @@ tgs_check_authenticator(krb5_context context, krb5_auth_context ac,
if (auth->cksum->cksumtype != CKSUMTYPE_RSA_MD4 &&
auth->cksum->cksumtype != CKSUMTYPE_RSA_MD5 &&
auth->cksum->cksumtype != CKSUMTYPE_RSA_MD5_DES){
kdc_log(context, 0, "Bad checksum type in authenticator: %d",
kdc_log(0, "Bad checksum type in authenticator: %d",
auth->cksum->cksumtype);
ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
goto out;
@@ -852,7 +850,7 @@ tgs_check_authenticator(krb5_context context, krb5_auth_context ac,
ret = encode_KDC_REQ_BODY(buf + sizeof(buf) - 1, sizeof(buf),
b, &len);
if(ret){
kdc_log(context, 0, "Failed to encode KDC-REQ-BODY: %s",
kdc_log(0, "Failed to encode KDC-REQ-BODY: %s",
krb5_get_err_text(context, ret));
goto out;
}
@@ -860,7 +858,7 @@ tgs_check_authenticator(krb5_context context, krb5_auth_context ac,
key,
auth->cksum);
if(ret){
kdc_log(context, 0, "Failed to verify checksum: %s",
kdc_log(0, "Failed to verify checksum: %s",
krb5_get_err_text(context, ret));
}
out:
@@ -872,8 +870,7 @@ out:
static krb5_error_code
tgs_rep2(krb5_context context,
KDC_REQ_BODY *b,
tgs_rep2(KDC_REQ_BODY *b,
krb5_principal sp,
PA_DATA *pa_data,
krb5_data *reply,
@@ -895,14 +892,14 @@ tgs_rep2(krb5_context context,
ret = krb5_decode_ap_req(context, &pa_data->padata_value, &ap_req);
if(ret){
kdc_log(context, 0, "Failed to decode AP-REQ: %s",
kdc_log(0, "Failed to decode AP-REQ: %s",
krb5_get_err_text(context, ret));
goto out;
}
if(ap_req.ticket.sname.name_string.len != 2 ||
strcmp(ap_req.ticket.sname.name_string.val[0], "krbtgt")){
kdc_log(context, 0, "PA-DATA is not a ticket-granting ticket");
kdc_log(0, "PA-DATA is not a ticket-granting ticket");
ret = KRB5KDC_ERR_POLICY; /* ? */
goto out;
}
@@ -911,12 +908,12 @@ tgs_rep2(krb5_context context,
ap_req.ticket.sname,
ap_req.ticket.realm);
krbtgt = db_fetch(context, princ);
krbtgt = db_fetch(princ);
if(krbtgt == NULL) {
char *p;
krb5_unparse_name(context, princ, &p);
kdc_log(context, 0, "Ticket-granting ticket not found in database: %s",
kdc_log(0, "Ticket-granting ticket not found in database: %s",
p);
free(p);
ret = KRB5KRB_AP_ERR_NOT_US;
@@ -935,19 +932,19 @@ tgs_rep2(krb5_context context,
krb5_free_principal(context, princ);
if(ret) {
kdc_log(context, 0, "Failed to verify AP-REQ: %s",
kdc_log(0, "Failed to verify AP-REQ: %s",
krb5_get_err_text(context, ret));
goto out;
}
tgt = &ticket->ticket;
ret = tgs_check_authenticator(context, ac, b, &tgt->key);
ret = tgs_check_authenticator(ac, b, &tgt->key);
krb5_auth_con_free(context, ac);
if(ret){
kdc_log(context, 0, "Failed to verify authenticator: %s",
kdc_log(0, "Failed to verify authenticator: %s",
krb5_get_err_text(context, ret));
goto out;
}
@@ -969,7 +966,7 @@ tgs_rep2(krb5_context context,
principalname2krb5_principal(&p,
b->additional_tickets->val[0].sname,
b->additional_tickets->val[0].realm);
uu = db_fetch(context, p);
uu = db_fetch(p);
krb5_free_principal(context, p);
if(uu == NULL){
ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
@@ -985,23 +982,23 @@ tgs_rep2(krb5_context context,
principalname2krb5_principal(&sp, *s, r);
#endif
krb5_unparse_name(context, sp, &spn);
server = db_fetch(context, sp);
server = db_fetch(sp);
principalname2krb5_principal(&cp, tgt->cname, tgt->crealm);
krb5_unparse_name(context, cp, &cpn);
client = db_fetch(context, cp);
client = db_fetch(cp);
kdc_log(context, 0, "TGS-REQ %s from %s for %s", cpn, from, spn);
kdc_log(0, "TGS-REQ %s from %s for %s", cpn, from, spn);
if(server == NULL){
kdc_log(context, 0, "Server not found in database: %s", spn);
kdc_log(0, "Server not found in database: %s", spn);
/* do foreign realm stuff */
ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
goto out;
}
if(client == NULL){
kdc_log(context, 0, "Client not found in database: %s", cpn);
kdc_log(0, "Client not found in database: %s", cpn);
ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
goto out;
}
@@ -1010,12 +1007,12 @@ tgs_rep2(krb5_context context,
!krb5_principal_compare(context,
krbtgt->principal,
server->principal)){
kdc_log(context, 0, "Inconsistent request.");
kdc_log(0, "Inconsistent request.");
ret = KRB5KDC_ERR_SERVER_NOMATCH;
goto out;
}
ret = tgs_make_reply(context, b, tgt, server, client, reply);
ret = tgs_make_reply(b, tgt, server, client, reply);
out:
if(ret)
@@ -1054,7 +1051,7 @@ tgs_rep2(krb5_context context,
}
static krb5_error_code
request_server(krb5_context context, KDC_REQ *req, krb5_principal *server)
request_server(KDC_REQ *req, krb5_principal *server)
{
PrincipalName *s = NULL;
Realm r;
@@ -1075,8 +1072,7 @@ request_server(krb5_context context, KDC_REQ *req, krb5_principal *server)
krb5_error_code
tgs_rep(krb5_context context,
KDC_REQ *req,
tgs_rep(KDC_REQ *req,
krb5_data *data,
const char *from)
{
@@ -1085,11 +1081,11 @@ tgs_rep(krb5_context context,
PA_DATA *pa_data = NULL;
krb5_principal server;
request_server(context, req, &server);
request_server(req, &server);
if(req->padata == NULL){
ret = KRB5KDC_ERR_PREAUTH_REQUIRED; /* XXX ??? */
kdc_log(context, 0, "TGS-REQ from %s without PA-DATA", from);
kdc_log(0, "TGS-REQ from %s without PA-DATA", from);
goto out;
}
@@ -1101,10 +1097,10 @@ tgs_rep(krb5_context context,
if(pa_data == NULL){
ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
kdc_log(context, 0, "TGS-REQ from %s without PA-TGS-REQ", from);
kdc_log(0, "TGS-REQ from %s without PA-TGS-REQ", from);
goto out;
}
ret = tgs_rep2(context, &req->req_body, server, pa_data, data, from);
ret = tgs_rep2(&req->req_body, server, pa_data, data, from);
out:
if(ret && data->data == NULL)
krb5_mk_error(context,