/* This is a generated file */ #ifndef __krb5_protos_h__ #define __krb5_protos_h__ #ifndef DOXY #include #if !defined(__GNUC__) && !defined(__attribute__) #define __attribute__(x) #endif #ifndef KRB5_DEPRECATED_FUNCTION #ifndef __has_extension #define __has_extension(x) 0 #define KRB5_DEPRECATED_FUNCTIONhas_extension 1 #endif #if __has_extension(attribute_deprecated_with_message) #define KRB5_DEPRECATED_FUNCTION(x) __attribute__((__deprecated__(x))) #elif defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 ))) #define KRB5_DEPRECATED_FUNCTION(X) __attribute__((__deprecated__)) #else #define KRB5_DEPRECATED_FUNCTION(X) #endif #ifdef KRB5_DEPRECATED_FUNCTIONhas_extension #undef __has_extension #undef KRB5_DEPRECATED_FUNCTIONhas_extension #endif #endif /* KRB5_DEPRECATED_FUNCTION */ #ifdef __cplusplus extern "C" { #endif #ifndef KRB5_LIB #ifndef KRB5_LIB_FUNCTION #if defined(_WIN32) #define KRB5_LIB_FUNCTION __declspec(dllimport) #define KRB5_LIB_CALL __stdcall #define KRB5_LIB_VARIABLE __declspec(dllimport) #else #define KRB5_LIB_FUNCTION #define KRB5_LIB_CALL #define KRB5_LIB_VARIABLE #endif #endif #endif /** * Convert the v5 credentials in in_cred to v4-dito in v4creds. This * is done by sending them to the 524 function in the KDC. If * `in_cred' doesn't contain a DES session key, then a new one is * gotten from the KDC and stored in the cred cache `ccache'. * * @param context Kerberos 5 context. * @param in_cred the credential to convert * @param v4creds the converted credential * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5_v4compat */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb524_convert_creds_kdc ( krb5_context /*context*/, krb5_creds */*in_cred*/, struct credentials */*v4creds*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); /** * Convert the v5 credentials in in_cred to v4-dito in v4creds, * check the credential cache ccache before checking with the KDC. * * @param context Kerberos 5 context. * @param ccache credential cache used to check for des-ticket. * @param in_cred the credential to convert * @param v4creds the converted credential * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5_v4compat */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb524_convert_creds_kdc_ccache ( krb5_context /*context*/, krb5_ccache /*ccache*/, krb5_creds */*in_cred*/, struct credentials */*v4creds*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); /** * Log a warning to the log, default stderr, include the error from * the last failure and then abort. * * @param context A Kerberos 5 context * @param code error code of the last error * @param fmt message to print * @param ... arguments for format string * * @ingroup krb5_error */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_abort ( krb5_context /*context*/, krb5_error_code /*code*/, const char */*fmt*/, ...) __attribute__ ((__noreturn__, __format__ (__printf__, 3, 4))); /** * Log a warning to the log, default stderr, and then abort. * * @param context A Kerberos 5 context * @param fmt printf format string of message to print * @param ... arguments for format string * * @ingroup krb5_error */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_abortx ( krb5_context /*context*/, const char */*fmt*/, ...) __attribute__ ((__noreturn__, __format__ (__printf__, 2, 3))); /** * krb5_acl_match_file matches ACL format against each line in a file * using krb5_acl_match_string(). Lines starting with # are treated * like comments and ignored. * * @param context Kerberos 5 context. * @param file file with acl listed in the file. * @param format format to match. * @param ... parameter to format string. * * @return Return an error code or 0. * * @sa krb5_acl_match_string * @ingroup krb5_support */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_acl_match_file ( krb5_context /*context*/, const char */*file*/, const char */*format*/, ...); /** * krb5_acl_match_string matches ACL format against a string. * * The ACL format has three format specifiers: s, f, and r. Each * specifier will retrieve one argument from the variable arguments * for either matching or storing data. The input string is split up * using " " (space) and "\t" (tab) as a delimiter; multiple and "\t" * in a row are considered to be the same. * * List of format specifiers: * - s Matches a string using strcmp(3) (case sensitive). * - f Matches the string with fnmatch(3). Theflags * argument (the last argument) passed to the fnmatch function is 0. * - r Returns a copy of the string in the char ** passed in; the copy * must be freed with free(3). There is no need to free(3) the * string on error: the function will clean up and set the pointer * to NULL. * * @param context Kerberos 5 context * @param string string to match with * @param format format to match * @param ... parameter to format string * * @return Return an error code or 0. * * * @code * char *s; * * ret = krb5_acl_match_string(context, "foo", "s", "foo"); * if (ret) * krb5_errx(context, 1, "acl didn't match"); * ret = krb5_acl_match_string(context, "foo foo baz/kaka", * "ss", "foo", &s, "foo/\\*"); * if (ret) { * // no need to free(s) on error * assert(s == NULL); * krb5_errx(context, 1, "acl didn't match"); * } * free(s); * @endcode * * @sa krb5_acl_match_file * @ingroup krb5_support */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_acl_match_string ( krb5_context /*context*/, const char */*string*/, const char */*format*/, ...); /** * Add a specified list of error messages to the et list in context. * Call func (probably a comerr-generated function) with a pointer to * the current et_list. * * @param context A kerberos context. * @param func The generated com_err et function. * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_add_et_list ( krb5_context /*context*/, void (*/*func*/)(struct et_list **)); /** * Add extra address to the address list that the library will add to * the client's address list when communicating with the KDC. * * @param context Kerberos 5 context. * @param addresses addreses to add * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_add_extra_addresses ( krb5_context /*context*/, krb5_addresses */*addresses*/); /** * Add extra addresses to ignore when fetching addresses from the * underlaying operating system. * * @param context Kerberos 5 context. * @param addresses addreses to ignore * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_add_ignore_addresses ( krb5_context /*context*/, krb5_addresses */*addresses*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_addlog_dest ( krb5_context /*context*/, krb5_log_facility */*f*/, const char */*orig*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_addlog_func ( krb5_context /*context*/, krb5_log_facility */*fac*/, int /*min*/, int /*max*/, krb5_log_log_func_t /*log_func*/, krb5_log_close_func_t /*close_func*/, void */*data*/); /** * krb5_addr2sockaddr sets the "struct sockaddr sockaddr" from addr * and port. The argument sa_size should initially contain the size of * the sa and after the call, it will contain the actual length of the * address. In case of the sa is too small to fit the whole address, * the up to *sa_size will be stored, and then *sa_size will be set to * the required length. * * @param context a Keberos context * @param addr the address to copy the from * @param sa the struct sockaddr that will be filled in * @param sa_size pointer to length of sa, and after the call, it will * contain the actual length of the address. * @param port set port in sa. * * @return Return an error code or 0. Will return * KRB5_PROG_ATYPE_NOSUPP in case address type is not supported. * * @ingroup krb5_address */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_addr2sockaddr ( krb5_context /*context*/, const krb5_address */*addr*/, struct sockaddr */*sa*/, krb5_socklen_t */*sa_size*/, int /*port*/); /** * krb5_address_compare compares the addresses addr1 and addr2. * Returns TRUE if the two addresses are the same. * * @param context a Keberos context * @param addr1 address to compare * @param addr2 address to compare * * @return Return an TRUE is the address are the same FALSE if not * * @ingroup krb5_address */ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_address_compare ( krb5_context /*context*/, const krb5_address */*addr1*/, const krb5_address */*addr2*/); /** * krb5_address_order compares the addresses addr1 and addr2 so that * it can be used for sorting addresses. If the addresses are the same * address krb5_address_order will return 0. Behavies like memcmp(2). * * @param context a Keberos context * @param addr1 krb5_address to compare * @param addr2 krb5_address to compare * * @return < 0 if address addr1 in "less" then addr2. 0 if addr1 and * addr2 is the same address, > 0 if addr2 is "less" then addr1. * * @ingroup krb5_address */ KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_address_order ( krb5_context /*context*/, const krb5_address */*addr1*/, const krb5_address */*addr2*/); /** * Calculate the boundary addresses of `inaddr'/`prefixlen' and store * them in `low' and `high'. * * @param context a Keberos context * @param inaddr address in prefixlen that the bondery searched * @param prefixlen width of boundery * @param low lowest address * @param high highest address * * @return Return an error code or 0. * * @ingroup krb5_address */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_address_prefixlen_boundary ( krb5_context /*context*/, const krb5_address */*inaddr*/, unsigned long /*prefixlen*/, krb5_address */*low*/, krb5_address */*high*/); /** * krb5_address_search checks if the address addr is a member of the * address set list addrlist . * * @param context a Keberos context. * @param addr address to search for. * @param addrlist list of addresses to look in for addr. * * @return Return an error code or 0. * * @ingroup krb5_address */ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_address_search ( krb5_context /*context*/, const krb5_address */*addr*/, const krb5_addresses */*addrlist*/); /** * Enable or disable all weak encryption types * * @param context Kerberos 5 context * @param enable true to enable, false to disable * * @return Return an error code or 0. * * @ingroup krb5_crypto */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_allow_weak_crypto ( krb5_context /*context*/, krb5_boolean /*enable*/); /** * Map a principal name to a local username. * * Returns 0 on success, KRB5_NO_LOCALNAME if no mapping was found, or * some Kerberos or system error. * * Inputs: * * @param context A krb5_context * @param aname A principal name * @param lnsize The size of the buffer into which the username will be written * @param lname The buffer into which the username will be written * * @ingroup krb5_support */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_aname_to_localname ( krb5_context /*context*/, krb5_const_principal /*aname*/, size_t /*lnsize*/, char */*lname*/); /** * krb5_anyaddr fills in a "struct sockaddr sa" that can be used to * bind(2) to. The argument sa_size should initially contain the size * of the sa, and after the call, it will contain the actual length * of the address. * * @param context a Keberos context * @param af address family * @param sa sockaddr * @param sa_size lenght of sa. * @param port for to fill into sa. * * @return Return an error code or 0. * * @ingroup krb5_address */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_anyaddr ( krb5_context /*context*/, int /*af*/, struct sockaddr */*sa*/, krb5_socklen_t */*sa_size*/, int /*port*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_appdefault_boolean ( krb5_context /*context*/, const char */*appname*/, krb5_const_realm /*realm*/, const char */*option*/, krb5_boolean /*def_val*/, krb5_boolean */*ret_val*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_appdefault_string ( krb5_context /*context*/, const char */*appname*/, krb5_const_realm /*realm*/, const char */*option*/, const char */*def_val*/, char **/*ret_val*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_appdefault_time ( krb5_context /*context*/, const char */*appname*/, krb5_const_realm /*realm*/, const char */*option*/, time_t /*def_val*/, time_t */*ret_val*/); /** * krb5_append_addresses adds the set of addresses in source to * dest. While copying the addresses, duplicates are also sorted out. * * @param context a Keberos context * @param dest destination of copy operation * @param source adresses that are going to be added to dest * * @return Return an error code or 0. * * @ingroup krb5_address */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_append_addresses ( krb5_context /*context*/, krb5_addresses */*dest*/, const krb5_addresses */*source*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_add_AuthorizationData ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, int /*type*/, krb5_data */*data*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_addflags ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, int32_t /*addflags*/, int32_t */*flags*/); /** * Deallocate an authentication context previously initialized with * krb5_auth_con_init(). * * @param context A kerberos context. * @param auth_context The authentication context to be deallocated. * * @return An krb5 error code, see krb5_get_error_message(). */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_free ( krb5_context /*context*/, krb5_auth_context /*auth_context*/); /** * Update the authentication context \a auth_context with the local * and remote addresses from socket \a fd, according to \a flags. * * @return An krb5 error code, see krb5_get_error_message(). */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_genaddrs ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_socket_t /*fd*/, int /*flags*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_generatelocalsubkey ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_keyblock */*key*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getaddrs ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_address **/*local_addr*/, krb5_address **/*remote_addr*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getauthenticator ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_authenticator */*authenticator*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getcksumtype ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_cksumtype */*cksumtype*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getflags ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, int32_t */*flags*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getkey ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_keyblock **/*keyblock*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getkeytype ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_keytype */*keytype*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getlocalseqnumber ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, int32_t */*seqnumber*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getlocalsubkey ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_keyblock **/*keyblock*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getrcache ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_rcache */*rcache*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getrecvsubkey ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_keyblock **/*keyblock*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getremoteseqnumber ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, int32_t */*seqnumber*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getremotesubkey ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_keyblock **/*keyblock*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getsendsubkey ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_keyblock **/*keyblock*/); /** * Allocate and initialize an autentication context. * * @param context A kerberos context. * @param auth_context The authentication context to be initialized. * * Use krb5_auth_con_free() to release the memory when done using the context. * * @return An krb5 error code, see krb5_get_error_message(). */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_init ( krb5_context /*context*/, krb5_auth_context */*auth_context*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_removeflags ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, int32_t /*removeflags*/, int32_t */*flags*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setaddrs ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_address */*local_addr*/, krb5_address */*remote_addr*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setaddrs_from_fd ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, void */*p_fd*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setcksumtype ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_cksumtype /*cksumtype*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setflags ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, int32_t /*flags*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setkey ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_keyblock */*keyblock*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setkeytype ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_keytype /*keytype*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setlocalseqnumber ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, int32_t /*seqnumber*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setlocalsubkey ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_keyblock */*keyblock*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setrcache ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_rcache /*rcache*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setrecvsubkey ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_keyblock */*keyblock*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setremoteseqnumber ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, int32_t /*seqnumber*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setremotesubkey ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_keyblock */*keyblock*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setsendsubkey ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_keyblock */*keyblock*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setuserkey ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_keyblock */*keyblock*/); /** * Deprecated: use krb5_auth_con_getremoteseqnumber() * * @ingroup krb5_deprecated */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_getremoteseqnumber ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, int32_t */*seqnumber*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_ap_req ( krb5_context /*context*/, krb5_enctype /*enctype*/, krb5_creds */*cred*/, krb5_flags /*ap_options*/, krb5_data /*authenticator*/, krb5_data */*retdata*/); /** * Build a principal using vararg style building * * @param context A Kerberos context. * @param principal returned principal * @param rlen length of realm * @param realm realm name * @param ... a list of components ended with NULL. * * @return An krb5 error code, see krb5_get_error_message(). * * @ingroup krb5_principal */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_principal ( krb5_context /*context*/, krb5_principal */*principal*/, int /*rlen*/, krb5_const_realm /*realm*/, ...); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_principal_ext ( krb5_context /*context*/, krb5_principal */*principal*/, int /*rlen*/, krb5_const_realm /*realm*/, ...); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_principal_va ( krb5_context /*context*/, krb5_principal */*principal*/, int /*rlen*/, krb5_const_realm /*realm*/, va_list /*ap*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_principal_va_ext ( krb5_context /*context*/, krb5_principal */*principal*/, int /*rlen*/, krb5_const_realm /*realm*/, va_list /*ap*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_block_size ( krb5_context /*context*/, krb5_enctype /*enctype*/, size_t */*blocksize*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_checksum_length ( krb5_context /*context*/, krb5_cksumtype /*cksumtype*/, size_t */*length*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_decrypt ( krb5_context /*context*/, const krb5_keyblock /*key*/, krb5_keyusage /*usage*/, const krb5_data */*ivec*/, krb5_enc_data */*input*/, krb5_data */*output*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_encrypt ( krb5_context /*context*/, const krb5_keyblock */*key*/, krb5_keyusage /*usage*/, const krb5_data */*ivec*/, const krb5_data */*input*/, krb5_enc_data */*output*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_encrypt_length ( krb5_context /*context*/, krb5_enctype /*enctype*/, size_t /*inputlen*/, size_t */*length*/); /** * Deprecated: keytypes doesn't exists, they are really enctypes. * * @ingroup krb5_deprecated */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_enctype_compare ( krb5_context /*context*/, krb5_enctype /*e1*/, krb5_enctype /*e2*/, krb5_boolean */*similar*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_get_checksum ( krb5_context /*context*/, const krb5_checksum */*cksum*/, krb5_cksumtype */*type*/, krb5_data **/*data*/); KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_c_is_coll_proof_cksum (krb5_cksumtype /*ctype*/); KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_c_is_keyed_cksum (krb5_cksumtype /*ctype*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_keylengths ( krb5_context /*context*/, krb5_enctype /*enctype*/, size_t */*ilen*/, size_t */*keylen*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_make_checksum ( krb5_context /*context*/, krb5_cksumtype /*cksumtype*/, const krb5_keyblock */*key*/, krb5_keyusage /*usage*/, const krb5_data */*input*/, krb5_checksum */*cksum*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_make_random_key ( krb5_context /*context*/, krb5_enctype /*enctype*/, krb5_keyblock */*random_key*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_prf ( krb5_context /*context*/, const krb5_keyblock */*key*/, const krb5_data */*input*/, krb5_data */*output*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_prf_length ( krb5_context /*context*/, krb5_enctype /*type*/, size_t */*length*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_random_make_octets ( krb5_context /*context*/, krb5_data * /*data*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_set_checksum ( krb5_context /*context*/, krb5_checksum */*cksum*/, krb5_cksumtype /*type*/, const krb5_data */*data*/); KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_c_valid_cksumtype (krb5_cksumtype /*ctype*/); KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_c_valid_enctype (krb5_enctype /*etype*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_verify_checksum ( krb5_context /*context*/, const krb5_keyblock */*key*/, krb5_keyusage /*usage*/, const krb5_data */*data*/, const krb5_checksum */*cksum*/, krb5_boolean */*valid*/); /** * Destroy the cursor `cursor'. * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_end_seq_get ( krb5_context /*context*/, krb5_cc_cache_cursor /*cursor*/); /** * Start iterating over all caches of specified type. See also * krb5_cccol_cursor_new(). * @param context A Kerberos 5 context * @param type optional type to iterate over, if NULL, the default cache is used. * @param cursor cursor should be freed with krb5_cc_cache_end_seq_get(). * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_get_first ( krb5_context /*context*/, const char */*type*/, krb5_cc_cache_cursor */*cursor*/); /** * Search for a matching credential cache that have the * `principal' as the default principal. On success, `id' needs to be * freed with krb5_cc_close() or krb5_cc_destroy(). * * @param context A Kerberos 5 context * @param client The principal to search for * @param id the returned credential cache * * @return On failure, error code is returned and `id' is set to NULL. * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_match ( krb5_context /*context*/, krb5_principal /*client*/, krb5_ccache */*id*/); /** * Retrieve the next cache pointed to by (`cursor') in `id' * and advance `cursor'. * * @param context A Kerberos 5 context * @param cursor the iterator cursor, returned by krb5_cc_cache_get_first() * @param id next ccache * * @return Return 0 or an error code. Returns KRB5_CC_END when the end * of caches is reached, see krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_next ( krb5_context /*context*/, krb5_cc_cache_cursor /*cursor*/, krb5_ccache */*id*/); /** * Clear `mcreds' so it can be used with krb5_cc_retrieve_cred * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_cc_clear_mcred (krb5_creds */*mcred*/); /** * Stop using the ccache `id' and free the related resources. * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_close ( krb5_context /*context*/, krb5_ccache /*id*/); /** * Just like krb5_cc_copy_match_f(), but copy everything. * * @ingroup @krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_cache ( krb5_context /*context*/, const krb5_ccache /*from*/, krb5_ccache /*to*/); /** * MIT compat glue * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_creds ( krb5_context /*context*/, const krb5_ccache /*from*/, krb5_ccache /*to*/); /** * Copy the contents of `from' to `to' if the given match function * return true. * * @param context A Kerberos 5 context. * @param from the cache to copy data from. * @param to the cache to copy data to. * @param match a match function that should return TRUE if cred argument should be copied, if NULL, all credentials are copied. * @param matchctx context passed to match function. * @param matched set to true if there was a credential that matched, may be NULL. * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_match_f ( krb5_context /*context*/, const krb5_ccache /*from*/, krb5_ccache /*to*/, krb5_boolean (*/*match*/)(krb5_context, void *, const krb5_creds *), void */*matchctx*/, unsigned int */*matched*/); /** * Open the default ccache in `id'. * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_default ( krb5_context /*context*/, krb5_ccache */*id*/); /** * Return a pointer to a context static string containing the default * ccache name. * * @return String to the default credential cache name. * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_default_name (krb5_context /*context*/); /** * Remove the ccache `id'. * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_destroy ( krb5_context /*context*/, krb5_ccache /*id*/); /** * Destroy the cursor `cursor'. * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_end_seq_get ( krb5_context /*context*/, const krb5_ccache /*id*/, krb5_cc_cursor */*cursor*/); /** * Generate a new ccache of type `ops' in `id'. * * Deprecated: use krb5_cc_new_unique() instead. * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_gen_new ( krb5_context /*context*/, const krb5_cc_ops */*ops*/, krb5_ccache */*id*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); /** * Get some configuration for the credential cache in the cache. * * @param context a Keberos context * @param id the credential cache to store the data for * @param principal configuration for a specific principal, if * NULL, global for the whole cache. * @param name name under which the configuraion is stored. * @param data data to fetched, free with krb5_data_free() * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_config ( krb5_context /*context*/, krb5_ccache /*id*/, krb5_const_principal /*principal*/, const char */*name*/, krb5_data */*data*/); /** * Get the flags of `id', store them in `flags'. * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_flags ( krb5_context /*context*/, krb5_ccache /*id*/, krb5_flags */*flags*/); /** * Return a friendly name on credential cache. Free the result with krb5_xfree(). * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_friendly_name ( krb5_context /*context*/, krb5_ccache /*id*/, char **/*name*/); /** * Return the complete resolvable name the cache * @param context a Keberos context * @param id return pointer to a found credential cache * @param str the returned name of a credential cache, free with krb5_xfree() * * @return Returns 0 or an error (and then *str is set to NULL). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_full_name ( krb5_context /*context*/, krb5_ccache /*id*/, char **/*str*/); /** * Get the time offset betwen the client and the KDC * * If the backend doesn't support KDC offset, use the context global setting. * * @param context A Kerberos 5 context. * @param id a credential cache * @param offset the offset in seconds * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_kdc_offset ( krb5_context /*context*/, krb5_ccache /*id*/, krb5_deltat */*offset*/); /** * Get the lifetime of the initial ticket in the cache * * Get the lifetime of the initial ticket in the cache, if the initial * ticket was not found, the error code KRB5_CC_END is returned. * * @param context A Kerberos 5 context. * @param id a credential cache * @param t the relative lifetime of the initial ticket * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_lifetime ( krb5_context /*context*/, krb5_ccache /*id*/, time_t */*t*/); /** * Return the name of the ccache `id' * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_get_name ( krb5_context /*context*/, krb5_ccache /*id*/); /** * Return krb5_cc_ops of a the ccache `id'. * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION const krb5_cc_ops * KRB5_LIB_CALL krb5_cc_get_ops ( krb5_context /*context*/, krb5_ccache /*id*/); /** * Get the cc ops that is registered in `context' to handle the * prefix. prefix can be a complete credential cache name or a * prefix, the function will only use part up to the first colon (:) * if there is one. If prefix the argument is NULL, the default ccache * implemtation is returned. * * @return Returns NULL if ops not found. * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION const krb5_cc_ops * KRB5_LIB_CALL krb5_cc_get_prefix_ops ( krb5_context /*context*/, const char */*prefix*/); /** * Return the principal of `id' in `principal'. * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_principal ( krb5_context /*context*/, krb5_ccache /*id*/, krb5_principal */*principal*/); /** * Return the type of the ccache `id'. * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_get_type ( krb5_context /*context*/, krb5_ccache /*id*/); /** * Return the version of `id'. * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_version ( krb5_context /*context*/, const krb5_ccache /*id*/); /** * Create a new ccache in `id' for `primary_principal'. * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_initialize ( krb5_context /*context*/, krb5_ccache /*id*/, krb5_principal /*primary_principal*/); /** * Return the last time the credential cache was modified. * * @param context A Kerberos 5 context * @param id The credential cache to probe * @param mtime the last modification time, set to 0 on error. * @return Return 0 or and error. See krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_last_change_time ( krb5_context /*context*/, krb5_ccache /*id*/, krb5_timestamp */*mtime*/); /** * Move the content from one credential cache to another. The * operation is an atomic switch. * * @param context a Keberos context * @param from the credential cache to move the content from * @param to the credential cache to move the content to * @return On sucess, from is freed. On failure, error code is * returned and from and to are both still allocated, see krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_move ( krb5_context /*context*/, krb5_ccache /*from*/, krb5_ccache /*to*/); /** * Generates a new unique ccache of `type` in `id'. If `type' is NULL, * the library chooses the default credential cache type. The supplied * `hint' (that can be NULL) is a string that the credential cache * type can use to base the name of the credential on, this is to make * it easier for the user to differentiate the credentials. * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_new_unique ( krb5_context /*context*/, const char */*type*/, const char */*hint*/, krb5_ccache */*id*/); /** * Retrieve the next cred pointed to by (`id', `cursor') in `creds' * and advance `cursor'. * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_next_cred ( krb5_context /*context*/, const krb5_ccache /*id*/, krb5_cc_cursor */*cursor*/, krb5_creds */*creds*/); /** * Add a new ccache type with operations `ops', overwriting any * existing one if `override'. * * @param context a Keberos context * @param ops type of plugin symbol * @param override flag to select if the registration is to overide * an existing ops with the same name. * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_register ( krb5_context /*context*/, const krb5_cc_ops */*ops*/, krb5_boolean /*override*/); /** * Remove the credential identified by `cred', `which' from `id'. * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_remove_cred ( krb5_context /*context*/, krb5_ccache /*id*/, krb5_flags /*which*/, krb5_creds */*cred*/); /** * Find and allocate a ccache in `id' from the specification in `residual'. * If the ccache name doesn't contain any colon, interpret it as a file name. * * @param context a Keberos context. * @param name string name of a credential cache. * @param id return pointer to a found credential cache. * * @return Return 0 or an error code. In case of an error, id is set * to NULL, see krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_resolve ( krb5_context /*context*/, const char */*name*/, krb5_ccache */*id*/); /** * Retrieve the credential identified by `mcreds' (and `whichfields') * from `id' in `creds'. 'creds' must be free by the caller using * krb5_free_cred_contents. * * @param context A Kerberos 5 context * @param id a Kerberos 5 credential cache * @param whichfields what fields to use for matching credentials, same * flags as whichfields in krb5_compare_creds() * @param mcreds template credential to use for comparing * @param creds returned credential, free with krb5_free_cred_contents() * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_retrieve_cred ( krb5_context /*context*/, krb5_ccache /*id*/, krb5_flags /*whichfields*/, const krb5_creds */*mcreds*/, krb5_creds */*creds*/); /** * Store some configuration for the credential cache in the cache. * Existing configuration under the same name is over-written. * * @param context a Keberos context * @param id the credential cache to store the data for * @param principal configuration for a specific principal, if * NULL, global for the whole cache. * @param name name under which the configuraion is stored. * @param data data to store, if NULL, configure is removed. * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_config ( krb5_context /*context*/, krb5_ccache /*id*/, krb5_const_principal /*principal*/, const char */*name*/, krb5_data */*data*/); /** * Set the default cc name for `context' to `name'. * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_default_name ( krb5_context /*context*/, const char */*name*/); /** * Set the flags of `id' to `flags'. * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_flags ( krb5_context /*context*/, krb5_ccache /*id*/, krb5_flags /*flags*/); /** * Set the friendly name on credential cache. * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_friendly_name ( krb5_context /*context*/, krb5_ccache /*id*/, const char */*name*/); /** * Set the time offset betwen the client and the KDC * * If the backend doesn't support KDC offset, use the context global setting. * * @param context A Kerberos 5 context. * @param id a credential cache * @param offset the offset in seconds * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_kdc_offset ( krb5_context /*context*/, krb5_ccache /*id*/, krb5_deltat /*offset*/); /** * Start iterating over `id', `cursor' is initialized to the * beginning. Caller must free the cursor with krb5_cc_end_seq_get(). * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_start_seq_get ( krb5_context /*context*/, const krb5_ccache /*id*/, krb5_cc_cursor */*cursor*/); /** * Store `creds' in the ccache `id'. * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_store_cred ( krb5_context /*context*/, krb5_ccache /*id*/, krb5_creds */*creds*/); /** * Return true if the default credential cache support switch * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_cc_support_switch ( krb5_context /*context*/, const char */*type*/); /** * Switch the default default credential cache for a specific * credcache type (and name for some implementations). * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_switch ( krb5_context /*context*/, krb5_ccache /*id*/); /** * End an iteration and free all resources, can be done before end is reached. * * @param context A Kerberos 5 context * @param cursor the iteration cursor to be freed. * * @return Return 0 or and error, KRB5_CC_END is returned at the end * of iteration. See krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_cursor_free ( krb5_context /*context*/, krb5_cccol_cursor */*cursor*/); /** * Get a new cache interation cursor that will interate over all * credentials caches independent of type. * * @param context a Keberos context * @param cursor passed into krb5_cccol_cursor_next() and free with krb5_cccol_cursor_free(). * * @return Returns 0 or and error code, see krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_cursor_new ( krb5_context /*context*/, krb5_cccol_cursor */*cursor*/); /** * Get next credential cache from the iteration. * * @param context A Kerberos 5 context * @param cursor the iteration cursor * @param cache the returned cursor, pointer is set to NULL on failure * and a cache on success. The returned cache needs to be freed * with krb5_cc_close() or destroyed with krb5_cc_destroy(). * MIT Kerberos behavies slightly diffrent and sets cache to NULL * when all caches are iterated over and return 0. * * @return Return 0 or and error, KRB5_CC_END is returned at the end * of iteration. See krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_cursor_next ( krb5_context /*context*/, krb5_cccol_cursor /*cursor*/, krb5_ccache */*cache*/); /** * Return the last modfication time for a cache collection. The query * can be limited to a specific cache type. If the function return 0 * and mtime is 0, there was no credentials in the caches. * * @param context A Kerberos 5 context * @param type The credential cache to probe, if NULL, all type are traversed. * @param mtime the last modification time, set to 0 on error. * @return Return 0 or and error. See krb5_get_error_message(). * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_last_change_time ( krb5_context /*context*/, const char */*type*/, krb5_timestamp */*mtime*/); /** * Deprecated: krb5_change_password() is deprecated, use krb5_set_password(). * * @param context a Keberos context * @param creds * @param newpw * @param result_code * @param result_code_string * @param result_string * * @return On sucess password is changed. * @ingroup @krb5_deprecated */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_change_password ( krb5_context /*context*/, krb5_creds */*creds*/, const char */*newpw*/, int */*result_code*/, krb5_data */*result_code_string*/, krb5_data */*result_string*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_check_transited ( krb5_context /*context*/, krb5_const_realm /*client_realm*/, krb5_const_realm /*server_realm*/, krb5_realm */*realms*/, unsigned int /*num_realms*/, int */*bad_realm*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_check_transited_realms ( krb5_context /*context*/, const char *const */*realms*/, unsigned int /*num_realms*/, int */*bad_realm*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_checksum_disable ( krb5_context /*context*/, krb5_cksumtype /*type*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_checksum_free ( krb5_context /*context*/, krb5_checksum */*cksum*/); KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_checksum_is_collision_proof ( krb5_context /*context*/, krb5_cksumtype /*type*/); KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_checksum_is_keyed ( krb5_context /*context*/, krb5_cksumtype /*type*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_checksumsize ( krb5_context /*context*/, krb5_cksumtype /*type*/, size_t */*size*/); /** * Return the coresponding encryption type for a checksum type. * * @param context Kerberos context * @param ctype The checksum type to get the result enctype for * @param etype The returned encryption, when the matching etype is * not found, etype is set to ETYPE_NULL. * * @return Return an error code for an failure or 0 on success. * @ingroup krb5_crypto */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cksumtype_to_enctype ( krb5_context /*context*/, krb5_cksumtype /*ctype*/, krb5_enctype */*etype*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cksumtype_valid ( krb5_context /*context*/, krb5_cksumtype /*ctype*/); /** * Clears the error message from the Kerberos 5 context. * * @param context The Kerberos 5 context to clear * * @ingroup krb5_error */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_clear_error_message (krb5_context /*context*/); /** * Clear the error message returned by krb5_get_error_string(). * * Deprecated: use krb5_clear_error_message() * * @param context Kerberos context * * @ingroup krb5_deprecated */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_clear_error_string (krb5_context /*context*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_closelog ( krb5_context /*context*/, krb5_log_facility */*fac*/); /** * Return TRUE if `mcreds' and `creds' are equal (`whichfields' * determines what equal means). * * * The following flags, set in whichfields affects the comparison: * - KRB5_TC_MATCH_SRV_NAMEONLY Consider all realms equal when comparing the service principal. * - KRB5_TC_MATCH_KEYTYPE Compare enctypes. * - KRB5_TC_MATCH_FLAGS_EXACT Make sure that the ticket flags are identical. * - KRB5_TC_MATCH_FLAGS Make sure that all ticket flags set in mcreds are also present in creds . * - KRB5_TC_MATCH_TIMES_EXACT Compares the ticket times exactly. * - KRB5_TC_MATCH_TIMES Compares only the expiration times of the creds. * - KRB5_TC_MATCH_AUTHDATA Compares the authdata fields. * - KRB5_TC_MATCH_2ND_TKT Compares the second tickets (used by user-to-user authentication). * - KRB5_TC_MATCH_IS_SKEY Compares the existance of the second ticket. * * @param context Kerberos 5 context. * @param whichfields which fields to compare. * @param mcreds cred to compare with. * @param creds cred to compare with. * * @return return TRUE if mcred and creds are equal, FALSE if not. * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_compare_creds ( krb5_context /*context*/, krb5_flags /*whichfields*/, const krb5_creds * /*mcreds*/, const krb5_creds * /*creds*/); /** * Free configuration file section, the result of * krb5_config_parse_file() and krb5_config_parse_file_multi(). * * @param context A Kerberos 5 context * @param s the configuration section to free * * @return returns 0 on successes, otherwise an error code, see * krb5_get_error_message() * * @ingroup krb5_support */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_file_free ( krb5_context /*context*/, krb5_config_section */*s*/); /** * Free the resulting strings from krb5_config-get_strings() and * krb5_config_vget_strings(). * * @param strings strings to free * * @ingroup krb5_support */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_config_free_strings (char **/*strings*/); /** * Like krb5_config_get_bool() but with a va_list list of * configuration selection. * * Configuration value to a boolean value, where yes/true and any * non-zero number means TRUE and other value is FALSE. * * @param context A Kerberos 5 context. * @param c a configuration section, or NULL to use the section from context * @param ... a list of names, terminated with NULL. * * @return TRUE or FALSE * * @ingroup krb5_support */ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_get_bool ( krb5_context /*context*/, const krb5_config_section */*c*/, ...); /** * krb5_config_get_bool_default() will convert the configuration * option value to a boolean value, where yes/true and any non-zero * number means TRUE and other value is FALSE. * * @param context A Kerberos 5 context. * @param c a configuration section, or NULL to use the section from context * @param def_value the default value to return if no configuration * found in the database. * @param ... a list of names, terminated with NULL. * * @return TRUE or FALSE * * @ingroup krb5_support */ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_get_bool_default ( krb5_context /*context*/, const krb5_config_section */*c*/, krb5_boolean /*def_value*/, ...); KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_int ( krb5_context /*context*/, const krb5_config_section */*c*/, ...); KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_int_default ( krb5_context /*context*/, const krb5_config_section */*c*/, int /*def_value*/, ...); /** * Get a list of configuration binding list for more processing * * @param context A Kerberos 5 context. * @param c a configuration section, or NULL to use the section from context * @param ... a list of names, terminated with NULL. * * @return NULL if configuration list is not found, a list otherwise * * @ingroup krb5_support */ KRB5_LIB_FUNCTION const krb5_config_binding * KRB5_LIB_CALL krb5_config_get_list ( krb5_context /*context*/, const krb5_config_section */*c*/, ...); /** * Returns a "const char *" to a string in the configuration database. * The string may not be valid after a reload of the configuration * database so a caller should make a local copy if it needs to keep * the string. * * @param context A Kerberos 5 context. * @param c a configuration section, or NULL to use the section from context * @param ... a list of names, terminated with NULL. * * @return NULL if configuration string not found, a string otherwise * * @ingroup krb5_support */ KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_get_string ( krb5_context /*context*/, const krb5_config_section */*c*/, ...); /** * Like krb5_config_get_string(), but instead of returning NULL, * instead return a default value. * * @param context A Kerberos 5 context. * @param c a configuration section, or NULL to use the section from context * @param def_value the default value to return if no configuration * found in the database. * @param ... a list of names, terminated with NULL. * * @return a configuration string * * @ingroup krb5_support */ KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_get_string_default ( krb5_context /*context*/, const krb5_config_section */*c*/, const char */*def_value*/, ...); /** * Get a list of configuration strings, free the result with * krb5_config_free_strings(). * * @param context A Kerberos 5 context. * @param c a configuration section, or NULL to use the section from context * @param ... a list of names, terminated with NULL. * * @return TRUE or FALSE * * @ingroup krb5_support */ KRB5_LIB_FUNCTION char** KRB5_LIB_CALL krb5_config_get_strings ( krb5_context /*context*/, const krb5_config_section */*c*/, ...); /** * Get the time from the configuration file using a relative time, for example: 1h30s * * @param context A Kerberos 5 context. * @param c a configuration section, or NULL to use the section from context * @param ... a list of names, terminated with NULL. * * @return parsed the time or -1 on error * * @ingroup krb5_support */ KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_time ( krb5_context /*context*/, const krb5_config_section */*c*/, ...); /** * Get the time from the configuration file using a relative time, for example: 1h30s * * @param context A Kerberos 5 context. * @param c a configuration section, or NULL to use the section from context * @param def_value the default value to return if no configuration * found in the database. * @param ... a list of names, terminated with NULL. * * @return parsed the time (or def_value on parse error) * * @ingroup krb5_support */ KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_time_default ( krb5_context /*context*/, const krb5_config_section */*c*/, int /*def_value*/, ...); /** * If the fname starts with "~/" parse configuration file in the * current users home directory. The behavior can be disabled and * enabled by calling krb5_set_home_dir_access(). */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_parse_file ( krb5_context /*context*/, const char */*fname*/, krb5_config_section **/*res*/); /** * Parse a configuration file and add the result into res. This * interface can be used to parse several configuration files into one * resulting krb5_config_section by calling it repeatably. * * @param context a Kerberos 5 context. * @param fname a file name to a Kerberos configuration file * @param res the returned result, must be free with krb5_free_config_files(). * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_support */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_parse_file_multi ( krb5_context /*context*/, const char */*fname*/, krb5_config_section **/*res*/); /** * Deprecated: configuration files are not strings * * @ingroup krb5_deprecated */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_parse_string_multi ( krb5_context /*context*/, const char */*string*/, krb5_config_section **/*res*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); /** * krb5_config_get_bool() will convert the configuration * option value to a boolean value, where yes/true and any non-zero * number means TRUE and other value is FALSE. * * @param context A Kerberos 5 context. * @param c a configuration section, or NULL to use the section from context * @param args a va_list of arguments * * @return TRUE or FALSE * * @ingroup krb5_support */ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_vget_bool ( krb5_context /*context*/, const krb5_config_section */*c*/, va_list /*args*/); /** * Like krb5_config_get_bool_default() but with a va_list list of * configuration selection. * * Configuration value to a boolean value, where yes/true and any * non-zero number means TRUE and other value is FALSE. * * @param context A Kerberos 5 context. * @param c a configuration section, or NULL to use the section from context * @param def_value the default value to return if no configuration * found in the database. * @param args a va_list of arguments * * @return TRUE or FALSE * * @ingroup krb5_support */ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_vget_bool_default ( krb5_context /*context*/, const krb5_config_section */*c*/, krb5_boolean /*def_value*/, va_list /*args*/); KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_int ( krb5_context /*context*/, const krb5_config_section */*c*/, va_list /*args*/); KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_int_default ( krb5_context /*context*/, const krb5_config_section */*c*/, int /*def_value*/, va_list /*args*/); /** * Get a list of configuration binding list for more processing * * @param context A Kerberos 5 context. * @param c a configuration section, or NULL to use the section from context * @param args a va_list of arguments * * @return NULL if configuration list is not found, a list otherwise * * @ingroup krb5_support */ KRB5_LIB_FUNCTION const krb5_config_binding * KRB5_LIB_CALL krb5_config_vget_list ( krb5_context /*context*/, const krb5_config_section */*c*/, va_list /*args*/); /** * Like krb5_config_get_string(), but uses a va_list instead of ... * * @param context A Kerberos 5 context. * @param c a configuration section, or NULL to use the section from context * @param args a va_list of arguments * * @return NULL if configuration string not found, a string otherwise * * @ingroup krb5_support */ KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_vget_string ( krb5_context /*context*/, const krb5_config_section */*c*/, va_list /*args*/); /** * Like krb5_config_vget_string(), but instead of returning NULL, * instead return a default value. * * @param context A Kerberos 5 context. * @param c a configuration section, or NULL to use the section from context * @param def_value the default value to return if no configuration * found in the database. * @param args a va_list of arguments * * @return a configuration string * * @ingroup krb5_support */ KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_vget_string_default ( krb5_context /*context*/, const krb5_config_section */*c*/, const char */*def_value*/, va_list /*args*/); /** * Get a list of configuration strings, free the result with * krb5_config_free_strings(). * * @param context A Kerberos 5 context. * @param c a configuration section, or NULL to use the section from context * @param args a va_list of arguments * * @return TRUE or FALSE * * @ingroup krb5_support */ KRB5_LIB_FUNCTION char ** KRB5_LIB_CALL krb5_config_vget_strings ( krb5_context /*context*/, const krb5_config_section */*c*/, va_list /*args*/); /** * Get the time from the configuration file using a relative time, for example: 1h30s * * @param context A Kerberos 5 context. * @param c a configuration section, or NULL to use the section from context * @param args a va_list of arguments * * @return parsed the time or -1 on error * * @ingroup krb5_support */ KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_time ( krb5_context /*context*/, const krb5_config_section */*c*/, va_list /*args*/); /** * Get the time from the configuration file using a relative time. * * Like krb5_config_get_time_default() but with a va_list list of * configuration selection. * * @param context A Kerberos 5 context. * @param c a configuration section, or NULL to use the section from context * @param def_value the default value to return if no configuration * found in the database. * @param args a va_list of arguments * * @return parsed the time (or def_value on parse error) * * @ingroup krb5_support */ KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_time_default ( krb5_context /*context*/, const krb5_config_section */*c*/, int /*def_value*/, va_list /*args*/); /** * krb5_copy_address copies the content of address * inaddr to outaddr. * * @param context a Keberos context * @param inaddr pointer to source address * @param outaddr pointer to destination address * * @return Return an error code or 0. * * @ingroup krb5_address */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_address ( krb5_context /*context*/, const krb5_address */*inaddr*/, krb5_address */*outaddr*/); /** * krb5_copy_addresses copies the content of addresses * inaddr to outaddr. * * @param context a Keberos context * @param inaddr pointer to source addresses * @param outaddr pointer to destination addresses * * @return Return an error code or 0. * * @ingroup krb5_address */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_addresses ( krb5_context /*context*/, const krb5_addresses */*inaddr*/, krb5_addresses */*outaddr*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_checksum ( krb5_context /*context*/, const krb5_checksum */*old*/, krb5_checksum **/*new*/); /** * Make a copy for the Kerberos 5 context, the new krb5_context shoud * be freed with krb5_free_context(). * * @param context the Kerberos context to copy * @param out the copy of the Kerberos, set to NULL error. * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_context ( krb5_context /*context*/, krb5_context */*out*/); /** * Copy krb5_creds. * * @param context Kerberos 5 context. * @param incred source credential * @param outcred destination credential, free with krb5_free_creds(). * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_creds ( krb5_context /*context*/, const krb5_creds */*incred*/, krb5_creds **/*outcred*/); /** * Copy content of krb5_creds. * * @param context Kerberos 5 context. * @param incred source credential * @param c destination credential, free with krb5_free_cred_contents(). * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_creds_contents ( krb5_context /*context*/, const krb5_creds */*incred*/, krb5_creds */*c*/); /** * Copy the data into a newly allocated krb5_data. * * @param context Kerberos 5 context. * @param indata the krb5_data data to copy * @param outdata new krb5_date to copy too. Free with krb5_free_data(). * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned. * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_data ( krb5_context /*context*/, const krb5_data */*indata*/, krb5_data **/*outdata*/); /** * Copy the list of realms from `from' to `to'. * * @param context Kerberos 5 context. * @param from list of realms to copy from. * @param to list of realms to copy to, free list of krb5_free_host_realm(). * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_host_realm ( krb5_context /*context*/, const krb5_realm */*from*/, krb5_realm **/*to*/); /** * Copy a keyblock, free the output keyblock with * krb5_free_keyblock(). * * @param context a Kerberos 5 context * @param inblock the key to copy * @param to the output key. * * @return 0 on success or a Kerberos 5 error code * * @ingroup krb5_crypto */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_keyblock ( krb5_context /*context*/, const krb5_keyblock */*inblock*/, krb5_keyblock **/*to*/); /** * Copy a keyblock, free the output keyblock with * krb5_free_keyblock_contents(). * * @param context a Kerberos 5 context * @param inblock the key to copy * @param to the output key. * * @return 0 on success or a Kerberos 5 error code * * @ingroup krb5_crypto */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_keyblock_contents ( krb5_context /*context*/, const krb5_keyblock */*inblock*/, krb5_keyblock */*to*/); /** * Copy a principal * * @param context A Kerberos context. * @param inprinc principal to copy * @param outprinc copied principal, free with krb5_free_principal() * * @return An krb5 error code, see krb5_get_error_message(). * * @ingroup krb5_principal */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_principal ( krb5_context /*context*/, krb5_const_principal /*inprinc*/, krb5_principal */*outprinc*/); /** * Copy ticket and content * * @param context a Kerberos 5 context * @param from ticket to copy * @param to new copy of ticket, free with krb5_free_ticket() * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_ticket ( krb5_context /*context*/, const krb5_ticket */*from*/, krb5_ticket **/*to*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_create_checksum ( krb5_context /*context*/, krb5_crypto /*crypto*/, krb5_key_usage /*usage*/, int /*type*/, void */*data*/, size_t /*len*/, Checksum */*result*/); /** * Create a Kerberos message checksum. * * @param context Kerberos context * @param crypto Kerberos crypto context * @param usage Key usage for this buffer * @param data array of buffers to process * @param num_data length of array * @param type output data * * @return Return an error code or 0. * @ingroup krb5_crypto */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_create_checksum_iov ( krb5_context /*context*/, krb5_crypto /*crypto*/, unsigned /*usage*/, krb5_crypto_iov */*data*/, unsigned int /*num_data*/, krb5_cksumtype */*type*/); /** * Returns the ticket flags for the credentials in creds. * See also krb5_ticket_get_flags(). * * @param creds credential to get ticket flags from * * @return ticket flags * * @ingroup krb5 */ KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL krb5_creds_get_ticket_flags (krb5_creds */*creds*/); /** * Free a crypto context created by krb5_crypto_init(). * * @param context Kerberos context * @param crypto crypto context to free * * @return Return an error code or 0. * * @ingroup krb5_crypto */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_destroy ( krb5_context /*context*/, krb5_crypto /*crypto*/); /** * The FX-CF2 key derivation function, used in FAST and preauth framework. * * @param context Kerberos 5 context * @param crypto1 first key to combine * @param crypto2 second key to combine * @param pepper1 factor to combine with first key to garante uniqueness * @param pepper2 factor to combine with second key to garante uniqueness * @param enctype the encryption type of the resulting key * @param res allocated key, free with krb5_free_keyblock_contents() * * @return Return an error code or 0. * * @ingroup krb5_crypto */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_fx_cf2 ( krb5_context /*context*/, const krb5_crypto /*crypto1*/, const krb5_crypto /*crypto2*/, krb5_data */*pepper1*/, krb5_data */*pepper2*/, krb5_enctype /*enctype*/, krb5_keyblock */*res*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_get_checksum_type ( krb5_context /*context*/, krb5_crypto /*crypto*/, krb5_cksumtype */*type*/); /** * Return the blocksize used algorithm referenced by the crypto context * * @param context Kerberos context * @param crypto crypto context to query * @param blocksize the resulting blocksize * * @return Return an error code or 0. * * @ingroup krb5_crypto */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getblocksize ( krb5_context /*context*/, krb5_crypto /*crypto*/, size_t */*blocksize*/); /** * Return the confounder size used by the crypto context * * @param context Kerberos context * @param crypto crypto context to query * @param confoundersize the returned confounder size * * @return Return an error code or 0. * * @ingroup krb5_crypto */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getconfoundersize ( krb5_context /*context*/, krb5_crypto /*crypto*/, size_t */*confoundersize*/); /** * Return the encryption type used by the crypto context * * @param context Kerberos context * @param crypto crypto context to query * @param enctype the resulting encryption type * * @return Return an error code or 0. * * @ingroup krb5_crypto */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getenctype ( krb5_context /*context*/, krb5_crypto /*crypto*/, krb5_enctype */*enctype*/); /** * Return the padding size used by the crypto context * * @param context Kerberos context * @param crypto crypto context to query * @param padsize the return padding size * * @return Return an error code or 0. * * @ingroup krb5_crypto */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getpadsize ( krb5_context /*context*/, krb5_crypto /*crypto*/, size_t */*padsize*/); /** * Create a crypto context used for all encryption and signature * operation. The encryption type to use is taken from the key, but * can be overridden with the enctype parameter. This can be useful * for encryptions types which is compatiable (DES for example). * * To free the crypto context, use krb5_crypto_destroy(). * * @param context Kerberos context * @param key the key block information with all key data * @param etype the encryption type * @param crypto the resulting crypto context * * @return Return an error code or 0. * * @ingroup krb5_crypto */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_init ( krb5_context /*context*/, const krb5_keyblock */*key*/, krb5_enctype /*etype*/, krb5_crypto */*crypto*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_length ( krb5_context /*context*/, krb5_crypto /*crypto*/, int /*type*/, size_t */*len*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_length_iov ( krb5_context /*context*/, krb5_crypto /*crypto*/, krb5_crypto_iov */*data*/, unsigned int /*num_data*/); KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL krb5_crypto_overhead ( krb5_context /*context*/, krb5_crypto /*crypto*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_prf ( krb5_context /*context*/, const krb5_crypto /*crypto*/, const krb5_data */*input*/, krb5_data */*output*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_prf_length ( krb5_context /*context*/, krb5_enctype /*type*/, size_t */*length*/); /** * Allocate data of and krb5_data. * * @param p krb5_data to allocate. * @param len size to allocate. * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned. * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_data_alloc ( krb5_data */*p*/, int /*len*/); /** * Compare to data. * * @param data1 krb5_data to compare * @param data2 krb5_data to compare * * @return return the same way as memcmp(), useful when sorting. * * @ingroup krb5 */ KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_data_cmp ( const krb5_data */*data1*/, const krb5_data */*data2*/); /** * Copy the data of len into the krb5_data. * * @param p krb5_data to copy into. * @param data data to copy.. * @param len new size. * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned. * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_data_copy ( krb5_data */*p*/, const void */*data*/, size_t /*len*/); /** * Compare to data not exposing timing information from the checksum data * * @param data1 krb5_data to compare * @param data2 krb5_data to compare * * @return returns zero for same data, otherwise non zero. * * @ingroup krb5 */ KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_data_ct_cmp ( const krb5_data */*data1*/, const krb5_data */*data2*/); /** * Free the content of krb5_data structure, its ok to free a zeroed * structure (with memset() or krb5_data_zero()). When done, the * structure will be zeroed. The same function is called * krb5_free_data_contents() in MIT Kerberos. * * @param p krb5_data to free. * * @ingroup krb5 */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_data_free (krb5_data */*p*/); /** * Grow (or shrink) the content of krb5_data to a new size. * * @param p krb5_data to free. * @param len new size. * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned. * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_data_realloc ( krb5_data */*p*/, int /*len*/); /** * Reset the (potentially uninitalized) krb5_data structure. * * @param p krb5_data to reset. * * @ingroup krb5 */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_data_zero (krb5_data */*p*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_Authenticator ( krb5_context /*context*/, const void */*data*/, size_t /*length*/, Authenticator */*t*/, size_t */*len*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_ETYPE_INFO ( krb5_context /*context*/, const void */*data*/, size_t /*length*/, ETYPE_INFO */*t*/, size_t */*len*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_ETYPE_INFO2 ( krb5_context /*context*/, const void */*data*/, size_t /*length*/, ETYPE_INFO2 */*t*/, size_t */*len*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_EncAPRepPart ( krb5_context /*context*/, const void */*data*/, size_t /*length*/, EncAPRepPart */*t*/, size_t */*len*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_EncASRepPart ( krb5_context /*context*/, const void */*data*/, size_t /*length*/, EncASRepPart */*t*/, size_t */*len*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_EncKrbCredPart ( krb5_context /*context*/, const void */*data*/, size_t /*length*/, EncKrbCredPart */*t*/, size_t */*len*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_EncTGSRepPart ( krb5_context /*context*/, const void */*data*/, size_t /*length*/, EncTGSRepPart */*t*/, size_t */*len*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_EncTicketPart ( krb5_context /*context*/, const void */*data*/, size_t /*length*/, EncTicketPart */*t*/, size_t */*len*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_ap_req ( krb5_context /*context*/, const krb5_data */*inbuf*/, krb5_ap_req */*ap_req*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt ( krb5_context /*context*/, krb5_crypto /*crypto*/, unsigned /*usage*/, void */*data*/, size_t /*len*/, krb5_data */*result*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt_EncryptedData ( krb5_context /*context*/, krb5_crypto /*crypto*/, unsigned /*usage*/, const EncryptedData */*e*/, krb5_data */*result*/); /** * Inline decrypt a Kerberos message. * * @param context Kerberos context * @param crypto Kerberos crypto context * @param usage Key usage for this buffer * @param data array of buffers to process * @param num_data length of array * @param ivec initial cbc/cts vector * * @return Return an error code or 0. * @ingroup krb5_crypto * * 1. KRB5_CRYPTO_TYPE_HEADER * 2. one KRB5_CRYPTO_TYPE_DATA and array [0,...] of KRB5_CRYPTO_TYPE_SIGN_ONLY in * any order, however the receiver have to aware of the * order. KRB5_CRYPTO_TYPE_SIGN_ONLY is commonly used unencrypoted * protocol headers and trailers. The output data will be of same * size as the input data or shorter. */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt_iov_ivec ( krb5_context /*context*/, krb5_crypto /*crypto*/, unsigned /*usage*/, krb5_crypto_iov */*data*/, unsigned int /*num_data*/, void */*ivec*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt_ivec ( krb5_context /*context*/, krb5_crypto /*crypto*/, unsigned /*usage*/, void */*data*/, size_t /*len*/, krb5_data */*result*/, void */*ivec*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt_ticket ( krb5_context /*context*/, Ticket */*ticket*/, krb5_keyblock */*key*/, EncTicketPart */*out*/, krb5_flags /*flags*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_derive_key ( krb5_context /*context*/, const krb5_keyblock */*key*/, krb5_enctype /*etype*/, const void */*constant*/, size_t /*constant_len*/, krb5_keyblock **/*derived_key*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_alloc ( krb5_context /*context*/, krb5_digest */*digest*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_digest_free (krb5_digest /*digest*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_get_client_binding ( krb5_context /*context*/, krb5_digest /*digest*/, char **/*type*/, char **/*binding*/); KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL krb5_digest_get_identifier ( krb5_context /*context*/, krb5_digest /*digest*/); KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL krb5_digest_get_opaque ( krb5_context /*context*/, krb5_digest /*digest*/); KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL krb5_digest_get_rsp ( krb5_context /*context*/, krb5_digest /*digest*/); KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL krb5_digest_get_server_nonce ( krb5_context /*context*/, krb5_digest /*digest*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_get_session_key ( krb5_context /*context*/, krb5_digest /*digest*/, krb5_data */*data*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_get_tickets ( krb5_context /*context*/, krb5_digest /*digest*/, Ticket **/*tickets*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_init_request ( krb5_context /*context*/, krb5_digest /*digest*/, krb5_realm /*realm*/, krb5_ccache /*ccache*/); /** * Get the supported/allowed mechanism for this principal. * * @param context A Keberos context. * @param realm The realm of the KDC. * @param ccache The credential cache to use when talking to the KDC. * @param flags The supported mechanism. * * @return Return an error code or 0. * * @ingroup krb5_digest */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_probe ( krb5_context /*context*/, krb5_realm /*realm*/, krb5_ccache /*ccache*/, unsigned */*flags*/); KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_digest_rep_get_status ( krb5_context /*context*/, krb5_digest /*digest*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_request ( krb5_context /*context*/, krb5_digest /*digest*/, krb5_realm /*realm*/, krb5_ccache /*ccache*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_authentication_user ( krb5_context /*context*/, krb5_digest /*digest*/, krb5_principal /*authentication_user*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_authid ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*authid*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_client_nonce ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*nonce*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_digest ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*dgst*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_hostname ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*hostname*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_identifier ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*id*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_method ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*method*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_nonceCount ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*nonce_count*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_opaque ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*opaque*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_qop ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*qop*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_realm ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*realm*/); KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_digest_set_responseData ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*response*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_server_cb ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*type*/, const char */*binding*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_server_nonce ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*nonce*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_type ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*type*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_uri ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*uri*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_username ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*username*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_domain_x500_decode ( krb5_context /*context*/, krb5_data /*tr*/, char ***/*realms*/, unsigned int */*num_realms*/, const char */*client_realm*/, const char */*server_realm*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_domain_x500_encode ( char **/*realms*/, unsigned int /*num_realms*/, krb5_data */*encoding*/); /** * Convert the getaddrinfo() error code to a Kerberos et error code. * * @param eai_errno contains the error code from getaddrinfo(). * @param system_error should have the value of errno after the failed getaddrinfo(). * * @return Kerberos error code representing the EAI errors. * * @ingroup krb5_error */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_eai_to_heim_errno ( int /*eai_errno*/, int /*system_error*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_Authenticator ( krb5_context /*context*/, void */*data*/, size_t /*length*/, Authenticator */*t*/, size_t */*len*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_ETYPE_INFO ( krb5_context /*context*/, void */*data*/, size_t /*length*/, ETYPE_INFO */*t*/, size_t */*len*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_ETYPE_INFO2 ( krb5_context /*context*/, void */*data*/, size_t /*length*/, ETYPE_INFO2 */*t*/, size_t */*len*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_EncAPRepPart ( krb5_context /*context*/, void */*data*/, size_t /*length*/, EncAPRepPart */*t*/, size_t */*len*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_EncASRepPart ( krb5_context /*context*/, void */*data*/, size_t /*length*/, EncASRepPart */*t*/, size_t */*len*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_EncKrbCredPart ( krb5_context /*context*/, void */*data*/, size_t /*length*/, EncKrbCredPart */*t*/, size_t */*len*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_EncTGSRepPart ( krb5_context /*context*/, void */*data*/, size_t /*length*/, EncTGSRepPart */*t*/, size_t */*len*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_EncTicketPart ( krb5_context /*context*/, void */*data*/, size_t /*length*/, EncTicketPart */*t*/, size_t */*len*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encrypt ( krb5_context /*context*/, krb5_crypto /*crypto*/, unsigned /*usage*/, const void */*data*/, size_t /*len*/, krb5_data */*result*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encrypt_EncryptedData ( krb5_context /*context*/, krb5_crypto /*crypto*/, unsigned /*usage*/, void */*data*/, size_t /*len*/, int /*kvno*/, EncryptedData */*result*/); /** * Inline encrypt a kerberos message * * @param context Kerberos context * @param crypto Kerberos crypto context * @param usage Key usage for this buffer * @param data array of buffers to process * @param num_data length of array * @param ivec initial cbc/cts vector * * @return Return an error code or 0. * @ingroup krb5_crypto * * Kerberos encrypted data look like this: * * 1. KRB5_CRYPTO_TYPE_HEADER * 2. array [1,...] KRB5_CRYPTO_TYPE_DATA and array [0,...] * KRB5_CRYPTO_TYPE_SIGN_ONLY in any order, however the receiver * have to aware of the order. KRB5_CRYPTO_TYPE_SIGN_ONLY is * commonly used headers and trailers. * 3. KRB5_CRYPTO_TYPE_PADDING, at least on padsize long if padsize > 1 * 4. KRB5_CRYPTO_TYPE_TRAILER */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encrypt_iov_ivec ( krb5_context /*context*/, krb5_crypto /*crypto*/, unsigned /*usage*/, krb5_crypto_iov */*data*/, int /*num_data*/, void */*ivec*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encrypt_ivec ( krb5_context /*context*/, krb5_crypto /*crypto*/, unsigned /*usage*/, const void */*data*/, size_t /*len*/, krb5_data */*result*/, void */*ivec*/); /** * Disable encryption type * * @param context Kerberos 5 context * @param enctype encryption type to disable * * @return Return an error code or 0. * * @ingroup krb5_crypto */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_disable ( krb5_context /*context*/, krb5_enctype /*enctype*/); /** * Enable encryption type * * @param context Kerberos 5 context * @param enctype encryption type to enable * * @return Return an error code or 0. * * @ingroup krb5_crypto */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_enable ( krb5_context /*context*/, krb5_enctype /*enctype*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_keybits ( krb5_context /*context*/, krb5_enctype /*type*/, size_t */*keybits*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_keysize ( krb5_context /*context*/, krb5_enctype /*type*/, size_t */*keysize*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_to_keytype ( krb5_context /*context*/, krb5_enctype /*etype*/, krb5_keytype */*keytype*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_to_string ( krb5_context /*context*/, krb5_enctype /*etype*/, char **/*string*/); /** * Check if a enctype is valid, return 0 if it is. * * @param context Kerberos context * @param etype enctype to check if its valid or not * * @return Return an error code for an failure or 0 on success (enctype valid). * @ingroup krb5_crypto */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_valid ( krb5_context /*context*/, krb5_enctype /*etype*/); /** * Deprecated: keytypes doesn't exists, they are really enctypes. * * @ingroup krb5_deprecated */ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_enctypes_compatible_keys ( krb5_context /*context*/, krb5_enctype /*etype1*/, krb5_enctype /*etype2*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); krb5_error_code krb5_enomem (krb5_context /*context*/); /** * Log a warning to the log, default stderr, include bthe error from * the last failure and then exit. * * @param context A Kerberos 5 context * @param eval the exit code to exit with * @param code error code of the last error * @param fmt message to print * * @ingroup krb5_error */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_err ( krb5_context /*context*/, int /*eval*/, krb5_error_code /*code*/, const char */*fmt*/, ...) __attribute__ ((__noreturn__, __format__ (__printf__, 4, 5))); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_error_from_rd_error ( krb5_context /*context*/, const krb5_error */*error*/, const krb5_creds */*creds*/); /** * Log a warning to the log, default stderr, and then exit. * * @param context A Kerberos 5 context * @param eval the exit code to exit with * @param fmt message to print * * @ingroup krb5_error */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_errx ( krb5_context /*context*/, int /*eval*/, const char */*fmt*/, ...) __attribute__ ((__noreturn__, __format__ (__printf__, 3, 4))); /** * krb5_expand_hostname() tries to make orig_hostname into a more * canonical one in the newly allocated space returned in * new_hostname. * @param context a Keberos context * @param orig_hostname hostname to canonicalise. * @param new_hostname output hostname, caller must free hostname with * krb5_xfree(). * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_support */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_expand_hostname ( krb5_context /*context*/, const char */*orig_hostname*/, char **/*new_hostname*/); /** * krb5_expand_hostname_realms() expands orig_hostname to a name we * believe to be a hostname in newly allocated space in new_hostname * and return the realms new_hostname is believed to belong to in * realms. * * @param context a Keberos context * @param orig_hostname hostname to canonicalise. * @param new_hostname output hostname, caller must free hostname with * krb5_xfree(). * @param realms output possible realms, is an array that is terminated * with NULL. Caller must free with krb5_free_host_realm(). * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_support */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_expand_hostname_realms ( krb5_context /*context*/, const char */*orig_hostname*/, char **/*new_hostname*/, char ***/*realms*/); KRB5_LIB_FUNCTION PA_DATA * KRB5_LIB_CALL krb5_find_padata ( PA_DATA */*val*/, unsigned /*len*/, int /*type*/, int */*idx*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_format_time ( krb5_context /*context*/, time_t /*t*/, char */*s*/, size_t /*len*/, krb5_boolean /*include_time*/); /** * krb5_free_address frees the data stored in the address that is * alloced with any of the krb5_address functions. * * @param context a Keberos context * @param address addresss to be freed. * * @return Return an error code or 0. * * @ingroup krb5_address */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_address ( krb5_context /*context*/, krb5_address */*address*/); /** * krb5_free_addresses frees the data stored in the address that is * alloced with any of the krb5_address functions. * * @param context a Keberos context * @param addresses addressses to be freed. * * @return Return an error code or 0. * * @ingroup krb5_address */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_addresses ( krb5_context /*context*/, krb5_addresses */*addresses*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_ap_rep_enc_part ( krb5_context /*context*/, krb5_ap_rep_enc_part */*val*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_authenticator ( krb5_context /*context*/, krb5_authenticator */*authenticator*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_checksum ( krb5_context /*context*/, krb5_checksum */*cksum*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_checksum_contents ( krb5_context /*context*/, krb5_checksum */*cksum*/); /** * Free a list of configuration files. * * @param filenames list, terminated with a NULL pointer, to be * freed. NULL is an valid argument. * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5 */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_config_files (char **/*filenames*/); /** * Frees the krb5_context allocated by krb5_init_context(). * * @param context context to be freed. * * @ingroup krb5 */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_context (krb5_context /*context*/); /** * Free content of krb5_creds. * * @param context Kerberos 5 context. * @param c krb5_creds to free. * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_cred_contents ( krb5_context /*context*/, krb5_creds */*c*/); /** * Free krb5_creds. * * @param context Kerberos 5 context. * @param c krb5_creds to free. * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_creds ( krb5_context /*context*/, krb5_creds */*c*/); /** * Deprecated: use krb5_free_cred_contents() * * @ingroup krb5_deprecated */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_creds_contents ( krb5_context /*context*/, krb5_creds */*c*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); /** * Free krb5_data (and its content). * * @param context Kerberos 5 context. * @param p krb5_data to free. * * @ingroup krb5 */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_data ( krb5_context /*context*/, krb5_data */*p*/); /** * Same as krb5_data_free(). MIT compat. * * Deprecated: use krb5_data_free(). * * @param context Kerberos 5 context. * @param data krb5_data to free. * * @ingroup krb5_deprecated */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_data_contents ( krb5_context /*context*/, krb5_data */*data*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_default_realm ( krb5_context /*context*/, krb5_realm /*realm*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_error ( krb5_context /*context*/, krb5_error */*error*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_error_contents ( krb5_context /*context*/, krb5_error */*error*/); /** * Free the error message returned by krb5_get_error_message(). * * @param context Kerberos context * @param msg error message to free, returned byg * krb5_get_error_message(). * * @ingroup krb5_error */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_error_message ( krb5_context /*context*/, const char */*msg*/); /** * Free the error message returned by krb5_get_error_string(). * * Deprecated: use krb5_free_error_message() * * @param context Kerberos context * @param str error message to free * * @ingroup krb5_deprecated */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_error_string ( krb5_context /*context*/, char */*str*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); /** * Free all memory allocated by `realmlist' * * @param context A Kerberos 5 context. * @param realmlist realmlist to free, NULL is ok * * @return a Kerberos error code, always 0. * * @ingroup krb5_support */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_host_realm ( krb5_context /*context*/, krb5_realm */*realmlist*/); /** * Variable containing the FILE based credential cache implemention. * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_kdc_rep ( krb5_context /*context*/, krb5_kdc_rep */*rep*/); /** * Free a keyblock, also zero out the content of the keyblock, uses * krb5_free_keyblock_contents() to free the content. * * @param context a Kerberos 5 context * @param keyblock keyblock to free, NULL is valid argument * * @ingroup krb5_crypto */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_keyblock ( krb5_context /*context*/, krb5_keyblock */*keyblock*/); /** * Free a keyblock's content, also zero out the content of the keyblock. * * @param context a Kerberos 5 context * @param keyblock keyblock content to free, NULL is valid argument * * @ingroup krb5_crypto */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_keyblock_contents ( krb5_context /*context*/, krb5_keyblock */*keyblock*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_krbhst ( krb5_context /*context*/, char **/*hostlist*/); /** * Free a name canonicalization rule iterator. */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_name_canon_iterator ( krb5_context /*context*/, krb5_name_canon_iterator /*iter*/); /** * Frees a Kerberos principal allocated by the library with * krb5_parse_name(), krb5_make_principal() or any other related * principal functions. * * @param context A Kerberos context. * @param p a principal to free. * * @return An krb5 error code, see krb5_get_error_message(). * * @ingroup krb5_principal */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_principal ( krb5_context /*context*/, krb5_principal /*p*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_salt ( krb5_context /*context*/, krb5_salt /*salt*/); /** * Free ticket and content * * @param context a Kerberos 5 context * @param ticket ticket to free * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_ticket ( krb5_context /*context*/, krb5_ticket */*ticket*/); /** * Deprecated: use krb5_xfree(). * * @ingroup krb5_deprecated */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_unparsed_name ( krb5_context /*context*/, char */*str*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); /** * Forward credentials for client to host hostname , making them * forwardable if forwardable, and returning the blob of data to sent * in out_data. If hostname == NULL, pick it from server. * * @param context A kerberos 5 context. * @param auth_context the auth context with the key to encrypt the out_data. * @param hostname the host to forward the tickets too. * @param client the client to delegate from. * @param server the server to delegate the credential too. * @param ccache credential cache to use. * @param forwardable make the forwarded ticket forwabledable. * @param out_data the resulting credential. * * @return Return an error code or 0. * * @ingroup krb5_credential */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_fwd_tgt_creds ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, const char */*hostname*/, krb5_principal /*client*/, krb5_principal /*server*/, krb5_ccache /*ccache*/, int /*forwardable*/, krb5_data */*out_data*/); /** * Fill buffer buf with len bytes of PRNG randomness that is ok to use * for key generation, padding and public diclosing the randomness w/o * disclosing the randomness source. * * This function can fail, and callers must check the return value. * * @param buf a buffer to fill with randomness * @param len length of memory that buf points to. * * @return return 0 on success or HEIM_ERR_RANDOM_OFFLINE if the * funcation failed to initialize the randomness source. * * @ingroup krb5_crypto */ HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_random ( void */*buf*/, size_t /*len*/); /** * Fill buffer buf with len bytes of PRNG randomness that is ok to use * for key generation, padding and public diclosing the randomness w/o * disclosing the randomness source. * * This function can NOT fail, instead it will abort() and program will crash. * * If this function is called after a successful krb5_init_context(), * the chance of it failing is low due to that krb5_init_context() * pulls out some random, and quite commonly the randomness sources * will not fail once it have started to produce good output, * /dev/urandom behavies that way. * * @param buf a buffer to fill with randomness * @param len length of memory that buf points to. * * @ingroup krb5_crypto */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_generate_random_block ( void */*buf*/, size_t /*len*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_random_keyblock ( krb5_context /*context*/, krb5_enctype /*type*/, krb5_keyblock */*key*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_seq_number ( krb5_context /*context*/, const krb5_keyblock */*key*/, uint32_t */*seqno*/); /** * Deprecated: use krb5_generate_subkey_extended() * * @ingroup krb5_deprecated */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_subkey ( krb5_context /*context*/, const krb5_keyblock */*key*/, krb5_keyblock **/*subkey*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); /** * Generate subkey, from keyblock * * @param context kerberos context * @param key session key * @param etype encryption type of subkey, if ETYPE_NULL, use key's enctype * @param subkey returned new, free with krb5_free_keyblock(). * * @return 0 on success or a Kerberos 5 error code * * @ingroup krb5_crypto */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_subkey_extended ( krb5_context /*context*/, const krb5_keyblock */*key*/, krb5_enctype /*etype*/, krb5_keyblock **/*subkey*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_all_client_addrs ( krb5_context /*context*/, krb5_addresses */*res*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_all_server_addrs ( krb5_context /*context*/, krb5_addresses */*res*/); /** * Deprecated: use krb5_get_credentials_with_flags(). * * @ingroup krb5_deprecated */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_cred_from_kdc ( krb5_context /*context*/, krb5_ccache /*ccache*/, krb5_creds */*in_creds*/, krb5_creds **/*out_creds*/, krb5_creds ***/*ret_tgts*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); /** * Deprecated: use krb5_get_credentials_with_flags(). * * @ingroup krb5_deprecated */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_cred_from_kdc_opt ( krb5_context /*context*/, krb5_ccache /*ccache*/, krb5_creds */*in_creds*/, krb5_creds **/*out_creds*/, krb5_creds ***/*ret_tgts*/, krb5_flags /*flags*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_credentials ( krb5_context /*context*/, krb5_flags /*options*/, krb5_ccache /*ccache*/, krb5_creds */*in_creds*/, krb5_creds **/*out_creds*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_credentials_with_flags ( krb5_context /*context*/, krb5_flags /*options*/, krb5_kdc_flags /*flags*/, krb5_ccache /*ccache*/, krb5_creds */*in_creds*/, krb5_creds **/*out_creds*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_creds ( krb5_context /*context*/, krb5_get_creds_opt /*opt*/, krb5_ccache /*ccache*/, krb5_const_principal /*inprinc*/, krb5_creds **/*out_creds*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_creds_opt_add_options ( krb5_context /*context*/, krb5_get_creds_opt /*opt*/, krb5_flags /*options*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_creds_opt_alloc ( krb5_context /*context*/, krb5_get_creds_opt */*opt*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_creds_opt_free ( krb5_context /*context*/, krb5_get_creds_opt /*opt*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_creds_opt_set_enctype ( krb5_context /*context*/, krb5_get_creds_opt /*opt*/, krb5_enctype /*enctype*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_creds_opt_set_impersonate ( krb5_context /*context*/, krb5_get_creds_opt /*opt*/, krb5_const_principal /*self*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_creds_opt_set_options ( krb5_context /*context*/, krb5_get_creds_opt /*opt*/, krb5_flags /*options*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_creds_opt_set_ticket ( krb5_context /*context*/, krb5_get_creds_opt /*opt*/, const Ticket */*ticket*/); /** * Get the global configuration list. * * @param pfilenames return array of filenames, should be freed with krb5_free_config_files(). * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_config_files (char ***/*pfilenames*/); /** * Get the default encryption types that will be use in communcation * with the KDC, clients and servers. * * @param context Kerberos 5 context. * @param pdu_type request type (AS, TGS or none) * @param etypes Encryption types, array terminated with * ETYPE_NULL(0), caller should free array with krb5_xfree(): * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_in_tkt_etypes ( krb5_context /*context*/, krb5_pdu /*pdu_type*/, krb5_enctype **/*etypes*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_principal ( krb5_context /*context*/, krb5_principal */*princ*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_realm ( krb5_context /*context*/, krb5_realm */*realm*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_realms ( krb5_context /*context*/, krb5_realm **/*realms*/); /** * Get if the library uses DNS to canonicalize hostnames. * * @param context Kerberos 5 context. * * @return return non zero if the library uses DNS to canonicalize hostnames. * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_get_dns_canonicalize_hostname (krb5_context /*context*/); /** * Return the error string for the error code. The caller must not * free the string. * * This function is deprecated since its not threadsafe. * * @param context Kerberos 5 context. * @param code Kerberos error code. * * @return the error message matching code * * @ingroup krb5 */ KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_get_err_text ( krb5_context /*context*/, krb5_error_code /*code*/) KRB5_DEPRECATED_FUNCTION("Use krb5_get_error_message instead"); /** * Return the error message for `code' in context. On memory * allocation error the function returns NULL. * * @param context Kerberos 5 context * @param code Error code related to the error * * @return an error string, needs to be freed with * krb5_free_error_message(). The functions return NULL on error. * * @ingroup krb5_error */ KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL krb5_get_error_message ( krb5_context /*context*/, krb5_error_code /*code*/); /** * Return the error message in context. On error or no error string, * the function returns NULL. * * @param context Kerberos 5 context * * @return an error string, needs to be freed with * krb5_free_error_message(). The functions return NULL on error. * * @ingroup krb5_error */ KRB5_LIB_FUNCTION char * KRB5_LIB_CALL krb5_get_error_string (krb5_context /*context*/) KRB5_DEPRECATED_FUNCTION("Use krb5_get_error_message instead"); /** * Get extra address to the address list that the library will add to * the client's address list when communicating with the KDC. * * @param context Kerberos 5 context. * @param addresses addreses to set * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_extra_addresses ( krb5_context /*context*/, krb5_addresses */*addresses*/); /** * Get version of fcache that the library should use. * * @param context Kerberos 5 context. * @param version version number. * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_fcache_version ( krb5_context /*context*/, int */*version*/); /** * Gets tickets forwarded to hostname. If the tickets that are * forwarded are address-less, the forwarded tickets will also be * address-less. * * If the ticket have any address, hostname will be used for figure * out the address to forward the ticket too. This since this might * use DNS, its insecure and also doesn't represent configured all * addresses of the host. For example, the host might have two * adresses, one IPv4 and one IPv6 address where the later is not * published in DNS. This IPv6 address might be used communications * and thus the resulting ticket useless. * * @param context A kerberos 5 context. * @param auth_context the auth context with the key to encrypt the out_data. * @param ccache credential cache to use * @param flags the flags to control the resulting ticket flags * @param hostname the host to forward the tickets too. * @param in_creds the in client and server ticket names. The client * and server components forwarded to the remote host. * @param out_data the resulting credential. * * @return Return an error code or 0. * * @ingroup krb5_credential */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_forwarded_creds ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_ccache /*ccache*/, krb5_flags /*flags*/, const char */*hostname*/, krb5_creds */*in_creds*/, krb5_data */*out_data*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_host_realm ( krb5_context /*context*/, const char */*targethost*/, krb5_realm **/*realms*/); /** * Get extra addresses to ignore when fetching addresses from the * underlaying operating system. * * @param context Kerberos 5 context. * @param addresses list addreses ignored * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_ignore_addresses ( krb5_context /*context*/, krb5_addresses */*addresses*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_cred ( krb5_context /*context*/, krb5_flags /*options*/, const krb5_addresses */*addrs*/, const krb5_enctype */*etypes*/, const krb5_preauthtype */*ptypes*/, const krb5_preauthdata */*preauth*/, krb5_key_proc /*key_proc*/, krb5_const_pointer /*keyseed*/, krb5_decrypt_proc /*decrypt_proc*/, krb5_const_pointer /*decryptarg*/, krb5_creds */*creds*/, krb5_kdc_rep */*ret_as_reply*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_tkt ( krb5_context /*context*/, krb5_flags /*options*/, const krb5_addresses */*addrs*/, const krb5_enctype */*etypes*/, const krb5_preauthtype */*ptypes*/, krb5_key_proc /*key_proc*/, krb5_const_pointer /*keyseed*/, krb5_decrypt_proc /*decrypt_proc*/, krb5_const_pointer /*decryptarg*/, krb5_creds */*creds*/, krb5_ccache /*ccache*/, krb5_kdc_rep */*ret_as_reply*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); /** * Deprecated: use krb5_get_init_creds() and friends. * * @ingroup krb5_deprecated */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_tkt_with_keytab ( krb5_context /*context*/, krb5_flags /*options*/, krb5_addresses */*addrs*/, const krb5_enctype */*etypes*/, const krb5_preauthtype */*pre_auth_types*/, krb5_keytab /*keytab*/, krb5_ccache /*ccache*/, krb5_creds */*creds*/, krb5_kdc_rep */*ret_as_reply*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); /** * Deprecated: use krb5_get_init_creds() and friends. * * @ingroup krb5_deprecated */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_tkt_with_password ( krb5_context /*context*/, krb5_flags /*options*/, krb5_addresses */*addrs*/, const krb5_enctype */*etypes*/, const krb5_preauthtype */*pre_auth_types*/, const char */*password*/, krb5_ccache /*ccache*/, krb5_creds */*creds*/, krb5_kdc_rep */*ret_as_reply*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); /** * Deprecated: use krb5_get_init_creds() and friends. * * @ingroup krb5_deprecated */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_tkt_with_skey ( krb5_context /*context*/, krb5_flags /*options*/, krb5_addresses */*addrs*/, const krb5_enctype */*etypes*/, const krb5_preauthtype */*pre_auth_types*/, const krb5_keyblock */*key*/, krb5_ccache /*ccache*/, krb5_creds */*creds*/, krb5_kdc_rep */*ret_as_reply*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); /** * Get new credentials using keyblock. * * @ingroup krb5_credential */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_keyblock ( krb5_context /*context*/, krb5_creds */*creds*/, krb5_principal /*client*/, krb5_keyblock */*keyblock*/, krb5_deltat /*start_time*/, const char */*in_tkt_service*/, krb5_get_init_creds_opt */*options*/); /** * Get new credentials using keytab. * * @ingroup krb5_credential */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_keytab ( krb5_context /*context*/, krb5_creds */*creds*/, krb5_principal /*client*/, krb5_keytab /*keytab*/, krb5_deltat /*start_time*/, const char */*in_tkt_service*/, krb5_get_init_creds_opt */*options*/); /** * Allocate a new krb5_get_init_creds_opt structure, free with * krb5_get_init_creds_opt_free(). * * @ingroup krb5_credential */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_alloc ( krb5_context /*context*/, krb5_get_init_creds_opt **/*opt*/); /** * Free krb5_get_init_creds_opt structure. * * @ingroup krb5_credential */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_free ( krb5_context /*context*/, krb5_get_init_creds_opt */*opt*/); /** * Deprecated: use the new krb5_init_creds_init() and * krb5_init_creds_get_error(). * * @ingroup krb5_deprecated */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_get_error ( krb5_context /*context*/, krb5_get_init_creds_opt */*opt*/, KRB_ERROR **/*error*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); /** * Deprecated: use krb5_get_init_creds_opt_alloc(). * * The reason krb5_get_init_creds_opt_init() is deprecated is that * krb5_get_init_creds_opt is a static structure and for ABI reason it * can't grow, ie can't add new functionality. * * @ingroup krb5_deprecated */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_init (krb5_get_init_creds_opt */*opt*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_address_list ( krb5_get_init_creds_opt */*opt*/, krb5_addresses */*addresses*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_addressless ( krb5_context /*context*/, krb5_get_init_creds_opt */*opt*/, krb5_boolean /*addressless*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_anonymous ( krb5_get_init_creds_opt */*opt*/, int /*anonymous*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_canonicalize ( krb5_context /*context*/, krb5_get_init_creds_opt */*opt*/, krb5_boolean /*req*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_change_password_prompt ( krb5_get_init_creds_opt */*opt*/, int /*change_password_prompt*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_default_flags ( krb5_context /*context*/, const char */*appname*/, krb5_const_realm /*realm*/, krb5_get_init_creds_opt */*opt*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_etype_list ( krb5_get_init_creds_opt */*opt*/, krb5_enctype */*etype_list*/, int /*etype_list_length*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_forwardable ( krb5_get_init_creds_opt */*opt*/, int /*forwardable*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_pa_password ( krb5_context /*context*/, krb5_get_init_creds_opt */*opt*/, const char */*password*/, krb5_s2k_proc /*key_proc*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_pac_request ( krb5_context /*context*/, krb5_get_init_creds_opt */*opt*/, krb5_boolean /*req_pac*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_pkinit ( krb5_context /*context*/, krb5_get_init_creds_opt */*opt*/, krb5_principal /*principal*/, const char */*user_id*/, const char */*x509_anchors*/, char * const * /*pool*/, char * const * /*pki_revoke*/, int /*flags*/, krb5_prompter_fct /*prompter*/, void */*prompter_data*/, char */*password*/); krb5_error_code KRB5_LIB_FUNCTION krb5_get_init_creds_opt_set_pkinit_user_certs ( krb5_context /*context*/, krb5_get_init_creds_opt */*opt*/, struct hx509_certs_data */*certs*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_preauth_list ( krb5_get_init_creds_opt */*opt*/, krb5_preauthtype */*preauth_list*/, int /*preauth_list_length*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_process_last_req ( krb5_context /*context*/, krb5_get_init_creds_opt */*opt*/, krb5_gic_process_last_req /*func*/, void */*ctx*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_proxiable ( krb5_get_init_creds_opt */*opt*/, int /*proxiable*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_renew_life ( krb5_get_init_creds_opt */*opt*/, krb5_deltat /*renew_life*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_salt ( krb5_get_init_creds_opt */*opt*/, krb5_data */*salt*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_tkt_life ( krb5_get_init_creds_opt */*opt*/, krb5_deltat /*tkt_life*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_win2k ( krb5_context /*context*/, krb5_get_init_creds_opt */*opt*/, krb5_boolean /*req*/); /** * Get new credentials using password. * * @ingroup krb5_credential */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_password ( krb5_context /*context*/, krb5_creds */*creds*/, krb5_principal /*client*/, const char */*password*/, krb5_prompter_fct /*prompter*/, void */*data*/, krb5_deltat /*start_time*/, const char */*in_tkt_service*/, krb5_get_init_creds_opt */*options*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_kdc_cred ( krb5_context /*context*/, krb5_ccache /*id*/, krb5_kdc_flags /*flags*/, krb5_addresses */*addresses*/, Ticket */*second_ticket*/, krb5_creds */*in_creds*/, krb5_creds **out_creds ); /** * Get current offset in time to the KDC. * * @param context Kerberos 5 context. * @param sec seconds part of offset. * @param usec micro seconds part of offset. * * @return returns zero * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_kdc_sec_offset ( krb5_context /*context*/, int32_t */*sec*/, int32_t */*usec*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_krb524hst ( krb5_context /*context*/, const krb5_realm */*realm*/, char ***/*hostlist*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_krb_admin_hst ( krb5_context /*context*/, const krb5_realm */*realm*/, char ***/*hostlist*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_krb_changepw_hst ( krb5_context /*context*/, const krb5_realm */*realm*/, char ***/*hostlist*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_krbhst ( krb5_context /*context*/, const krb5_realm */*realm*/, char ***/*hostlist*/); /** * Get max time skew allowed. * * @param context Kerberos 5 context. * * @return timeskew in seconds. * * @ingroup krb5 */ KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL krb5_get_max_time_skew (krb5_context /*context*/); /** * krb5_init_context() will get one random byte to make sure our * random is alive. Assumption is that once the non blocking * source allows us to pull bytes, its all seeded and allows us to * pull more bytes. * * Most Kerberos users calls krb5_init_context(), so this is * useful point where we can do the checking. */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_permitted_enctypes ( krb5_context /*context*/, krb5_enctype **/*etypes*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_pw_salt ( krb5_context /*context*/, krb5_const_principal /*principal*/, krb5_salt */*salt*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_renewed_creds ( krb5_context /*context*/, krb5_creds */*creds*/, krb5_const_principal /*client*/, krb5_ccache /*ccache*/, const char */*in_tkt_service*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_server_rcache ( krb5_context /*context*/, const krb5_data */*piece*/, krb5_rcache */*id*/); /** * Make the kerberos library default to the admin KDC. * * @param context Kerberos 5 context. * * @return boolean flag to telling the context will use admin KDC as the default KDC. * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_get_use_admin_kdc (krb5_context /*context*/); /** * Validate the newly fetch credential, see also krb5_verify_init_creds(). * * @param context a Kerberos 5 context * @param creds the credentials to verify * @param client the client name to match up * @param ccache the credential cache to use * @param service a service name to use, used with * krb5_sname_to_principal() to build a hostname to use to * verify. * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_validated_creds ( krb5_context /*context*/, krb5_creds */*creds*/, krb5_principal /*client*/, krb5_ccache /*ccache*/, char */*service*/); /** * Get the default logging facility. * * @param context A Kerberos 5 context * * @ingroup krb5_error */ KRB5_LIB_FUNCTION krb5_log_facility * KRB5_LIB_CALL krb5_get_warn_dest (krb5_context /*context*/); KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL krb5_get_wrapped_length ( krb5_context /*context*/, krb5_crypto /*crypto*/, size_t /*data_len*/); KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_getportbyname ( krb5_context /*context*/, const char */*service*/, const char */*proto*/, int /*default_port*/); /** * krb5_h_addr2addr works like krb5_h_addr2sockaddr with the exception * that it operates on a krb5_address instead of a struct sockaddr. * * @param context a Keberos context * @param af address family * @param haddr host address from struct hostent. * @param addr returned krb5_address. * * @return Return an error code or 0. * * @ingroup krb5_address */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_addr2addr ( krb5_context /*context*/, int /*af*/, const char */*haddr*/, krb5_address */*addr*/); /** * krb5_h_addr2sockaddr initializes a "struct sockaddr sa" from af and * the "struct hostent" (see gethostbyname(3) ) h_addr_list * component. The argument sa_size should initially contain the size * of the sa, and after the call, it will contain the actual length of * the address. * * @param context a Keberos context * @param af addresses * @param addr address * @param sa returned struct sockaddr * @param sa_size size of sa * @param port port to set in sa. * * @return Return an error code or 0. * * @ingroup krb5_address */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_addr2sockaddr ( krb5_context /*context*/, int /*af*/, const char */*addr*/, struct sockaddr */*sa*/, krb5_socklen_t */*sa_size*/, int /*port*/); /** * Convert the gethostname() error code (h_error) to a Kerberos et * error code. * * @param eai_errno contains the error code from gethostname(). * * @return Kerberos error code representing the gethostname errors. * * @ingroup krb5_error */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_errno_to_heim_errno (int /*eai_errno*/); KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_have_error_string (krb5_context /*context*/) KRB5_DEPRECATED_FUNCTION("Use krb5_get_error_message instead"); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_hmac ( krb5_context /*context*/, krb5_cksumtype /*cktype*/, const void */*data*/, size_t /*len*/, unsigned /*usage*/, krb5_keyblock */*key*/, Checksum */*result*/); /** * Initializes the context structure and reads the configuration file * /etc/krb5.conf. The structure should be freed by calling * krb5_free_context() when it is no longer being used. * * @param context pointer to returned context * * @return Returns 0 to indicate success. Otherwise an errno code is * returned. Failure means either that something bad happened during * initialization (typically ENOMEM) or that Kerberos should not be * used ENXIO. If the function returns HEIM_ERR_RANDOM_OFFLINE, the * random source is not available and later Kerberos calls might fail. * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_context (krb5_context */*context*/); /** * Free the krb5_init_creds_context allocated by krb5_init_creds_init(). * * @param context A Kerberos 5 context. * @param ctx The krb5_init_creds_context to free. * * @ingroup krb5_credential */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_init_creds_free ( krb5_context /*context*/, krb5_init_creds_context /*ctx*/); /** * Get new credentials as setup by the krb5_init_creds_context. * * @param context A Kerberos 5 context. * @param ctx The krb5_init_creds_context to process. * * @ingroup krb5_credential */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_get ( krb5_context /*context*/, krb5_init_creds_context /*ctx*/); /** * Extract the newly acquired credentials from krb5_init_creds_context * context. * * @param context A Kerberos 5 context. * @param ctx * @param cred credentials, free with krb5_free_cred_contents(). * * @return 0 for sucess or An Kerberos error code, see krb5_get_error_message(). */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_get_creds ( krb5_context /*context*/, krb5_init_creds_context /*ctx*/, krb5_creds */*cred*/); /** * Get the last error from the transaction. * * @return Returns 0 or an error code * * @ingroup krb5_credential */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_get_error ( krb5_context /*context*/, krb5_init_creds_context /*ctx*/, KRB_ERROR */*error*/); /** * Start a new context to get a new initial credential. * * @param context A Kerberos 5 context. * @param client The Kerberos principal to get the credential for, if * NULL is given, the default principal is used as determined by * krb5_get_default_principal(). * @param prompter * @param prompter_data * @param start_time the time the ticket should start to be valid or 0 for now. * @param options a options structure, can be NULL for default options. * @param rctx A new allocated free with krb5_init_creds_free(). * * @return 0 for success or an Kerberos 5 error code, see krb5_get_error_message(). * * @ingroup krb5_credential */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_init ( krb5_context /*context*/, krb5_principal /*client*/, krb5_prompter_fct /*prompter*/, void */*prompter_data*/, krb5_deltat /*start_time*/, krb5_get_init_creds_opt */*options*/, krb5_init_creds_context */*rctx*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_fast_ap_armor_service ( krb5_context /*context*/, krb5_init_creds_context /*ctx*/, krb5_const_principal /*armor_service*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_fast_ccache ( krb5_context /*context*/, krb5_init_creds_context /*ctx*/, krb5_ccache /*fast_ccache*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_keyblock ( krb5_context /*context*/, krb5_init_creds_context /*ctx*/, krb5_keyblock */*keyblock*/); /** * Set the keytab to use for authentication. * * @param context a Kerberos 5 context. * @param ctx ctx krb5_init_creds_context context. * @param keytab the keytab to read the key from. * * @return 0 for success, or an Kerberos 5 error code, see krb5_get_error_message(). * @ingroup krb5_credential */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_keytab ( krb5_context /*context*/, krb5_init_creds_context /*ctx*/, krb5_keytab /*keytab*/); /** * Sets the password that will use for the request. * * @param context a Kerberos 5 context. * @param ctx ctx krb5_init_creds_context context. * @param password the password to use. * * @return 0 for success, or an Kerberos 5 error code, see krb5_get_error_message(). * @ingroup krb5_credential */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_password ( krb5_context /*context*/, krb5_init_creds_context /*ctx*/, const char */*password*/); /** * Sets the service that the is requested. This call is only neede for * special initial tickets, by default the a krbtgt is fetched in the default realm. * * @param context a Kerberos 5 context. * @param ctx a krb5_init_creds_context context. * @param service the service given as a string, for example * "kadmind/admin". If NULL, the default krbtgt in the clients * realm is set. * * @return 0 for success, or an Kerberos 5 error code, see krb5_get_error_message(). * @ingroup krb5_credential */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_service ( krb5_context /*context*/, krb5_init_creds_context /*ctx*/, const char */*service*/); /** * The core loop if krb5_get_init_creds() function family. Create the * packets and have the caller send them off to the KDC. * * If the caller want all work been done for them, use * krb5_init_creds_get() instead. * * @param context a Kerberos 5 context. * @param ctx ctx krb5_init_creds_context context. * @param in input data from KDC, first round it should be reset by krb5_data_zer(). * @param out reply to KDC. * @param hostinfo KDC address info, first round it can be NULL. * @param flags status of the round, if * KRB5_INIT_CREDS_STEP_FLAG_CONTINUE is set, continue one more round. * * @return 0 for success, or an Kerberos 5 error code, see * krb5_get_error_message(). * * @ingroup krb5_credential */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_step ( krb5_context /*context*/, krb5_init_creds_context /*ctx*/, krb5_data */*in*/, krb5_data */*out*/, krb5_krbhst_info */*hostinfo*/, unsigned int */*flags*/); /** * * @ingroup krb5_credential */ krb5_error_code krb5_init_creds_store ( krb5_context /*context*/, krb5_init_creds_context /*ctx*/, krb5_ccache /*id*/); /** * Init the built-in ets in the Kerberos library. * * @param context kerberos context to add the ets too * * @ingroup krb5 */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_init_ets (krb5_context /*context*/); /** @struct krb5plugin_kuserok_ftable_desc * * @brief Description of the krb5_kuserok(3) plugin facility. * * The krb5_kuserok(3) function is pluggable. The plugin is named * KRB5_PLUGIN_KUSEROK ("krb5_plugin_kuserok"), with a single minor * version, KRB5_PLUGIN_KUSEROK_VERSION_0 (0). * * The plugin for krb5_kuserok(3) consists of a data symbol referencing * a structure of type krb5plugin_kuserok_ftable, with four fields: * * @param init Plugin initialization function (see krb5-plugin(7)) * * @param minor_version The plugin minor version number (0) * * @param fini Plugin finalization function * * @param kuserok Plugin kuserok function * * The kuserok field is the plugin entry point that performs the * traditional kuserok operation however the plugin desires. It is * invoked in no particular order relative to other kuserok plugins, but * it has a 'rule' argument that indicates which plugin is intended to * act on the rule. The plugin kuserok function must return * KRB5_PLUGIN_NO_HANDLE if the rule is not applicable to it. * * The plugin kuserok function has the following arguments, in this * order: * * -# plug_ctx, the context value output by the plugin's init function * -# context, a krb5_context * -# rule, the kuserok rule being evaluated (from krb5.conf(5)) * -# flags * -# k5login_dir, configured location of k5login per-user files if any * -# luser, name of the local user account to which principal is attempting to access. * -# principal, the krb5_principal trying to access the luser account * -# result, a krb5_boolean pointer where the plugin will output its result * * @ingroup krb5_support */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_initlog ( krb5_context /*context*/, const char */*program*/, krb5_log_facility **/*fac*/); /** * Return TRUE (non zero) if the principal is a configuration * principal (generated part of krb5_cc_set_config()). Returns FALSE * (zero) if not a configuration principal. * * @param context a Keberos context * @param principal principal to check if it a configuration principal * * @ingroup krb5_ccache */ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_is_config_principal ( krb5_context /*context*/, krb5_const_principal /*principal*/); /** * Returns is the encryption is strong or weak * * @param context Kerberos 5 context * @param enctype encryption type to probe * * @return Returns true if encryption type is weak or is not supported. * * @ingroup krb5_crypto */ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_is_enctype_weak ( krb5_context /*context*/, krb5_enctype /*enctype*/); /** * Runtime check if the Kerberos library was complied with thread support. * * @return TRUE if the library was compiled with thread support, FALSE if not. * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_is_thread_safe (void); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kcm_call ( krb5_context /*context*/, krb5_storage */*request*/, krb5_storage **/*response_p*/, krb5_data */*response_data_p*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kcm_storage_request ( krb5_context /*context*/, uint16_t /*opcode*/, krb5_storage **/*storage_p*/); /** * Returns the list of Kerberos encryption types sorted in order of * most preferred to least preferred encryption type. Note that some * encryption types might be disabled, so you need to check with * krb5_enctype_valid() before using the encryption type. * * @return list of enctypes, terminated with ETYPE_NULL. Its a static * array completed into the Kerberos library so the content doesn't * need to be freed. * * @ingroup krb5 */ KRB5_LIB_FUNCTION const krb5_enctype * KRB5_LIB_CALL krb5_kerberos_enctypes (krb5_context /*context*/); /** * Get encryption type of a keyblock. * * @ingroup krb5_crypto */ KRB5_LIB_FUNCTION krb5_enctype KRB5_LIB_CALL krb5_keyblock_get_enctype (const krb5_keyblock */*block*/); /** * Fill in `key' with key data of type `enctype' from `data' of length * `size'. Key should be freed using krb5_free_keyblock_contents(). * * @return 0 on success or a Kerberos 5 error code * * @ingroup krb5_crypto */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keyblock_init ( krb5_context /*context*/, krb5_enctype /*type*/, const void */*data*/, size_t /*size*/, krb5_keyblock */*key*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keyblock_key_proc ( krb5_context /*context*/, krb5_keytype /*type*/, krb5_data */*salt*/, krb5_const_pointer /*keyseed*/, krb5_keyblock **/*key*/); /** * Zero out a keyblock * * @param keyblock keyblock to zero out * * @ingroup krb5_crypto */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_keyblock_zero (krb5_keyblock */*keyblock*/); /** * Deprecated: use krb5_get_init_creds() and friends. * * @ingroup krb5_deprecated */ KRB5_LIB_FUNCTION krb5_error_code KRB5_CALLCONV krb5_keytab_key_proc ( krb5_context /*context*/, krb5_enctype /*enctype*/, krb5_salt /*salt*/, krb5_const_pointer /*keyseed*/, krb5_keyblock **/*key*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); /** * Deprecated: keytypes doesn't exists, they are really enctypes. * * @ingroup krb5_deprecated */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keytype_to_enctypes ( krb5_context /*context*/, krb5_keytype /*keytype*/, unsigned */*len*/, krb5_enctype **/*val*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); /** * Deprecated: keytypes doesn't exists, they are really enctypes. * * @ingroup krb5_deprecated */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keytype_to_enctypes_default ( krb5_context /*context*/, krb5_keytype /*keytype*/, unsigned */*len*/, krb5_enctype **/*val*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); /** * Deprecated: keytypes doesn't exists, they are really enctypes in * most cases, use krb5_enctype_to_string(). * * @ingroup krb5_deprecated */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keytype_to_string ( krb5_context /*context*/, krb5_keytype /*keytype*/, char **/*string*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_format_string ( krb5_context /*context*/, const krb5_krbhst_info */*host*/, char */*hostname*/, size_t /*hostlen*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_krbhst_free ( krb5_context /*context*/, krb5_krbhst_handle /*handle*/); /** * Return an `struct addrinfo *' for a KDC host. * * Returns an the struct addrinfo in in that corresponds to the * information in `host'. free:ing is handled by krb5_krbhst_free, so * the returned ai must not be released. * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_get_addrinfo ( krb5_context /*context*/, krb5_krbhst_info */*host*/, struct addrinfo **/*ai*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_init ( krb5_context /*context*/, const char */*realm*/, unsigned int /*type*/, krb5_krbhst_handle */*handle*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_init_flags ( krb5_context /*context*/, const char */*realm*/, unsigned int /*type*/, int /*flags*/, krb5_krbhst_handle */*handle*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_next ( krb5_context /*context*/, krb5_krbhst_handle /*handle*/, krb5_krbhst_info **/*host*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_next_as_string ( krb5_context /*context*/, krb5_krbhst_handle /*handle*/, char */*hostname*/, size_t /*hostlen*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_krbhst_reset ( krb5_context /*context*/, krb5_krbhst_handle /*handle*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_set_hostname ( krb5_context /*context*/, krb5_krbhst_handle /*handle*/, const char */*hostname*/); /** * Add the entry in `entry' to the keytab `id'. * * @param context a Keberos context. * @param id a keytab. * @param entry the entry to add * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_keytab */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_add_entry ( krb5_context /*context*/, krb5_keytab /*id*/, krb5_keytab_entry */*entry*/); /** * Finish using the keytab in `id'. All resources will be released, * even on errors. * * @param context a Keberos context. * @param id keytab to close. * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_keytab */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_close ( krb5_context /*context*/, krb5_keytab /*id*/); /** * Compare `entry' against `principal, vno, enctype'. * Any of `principal, vno, enctype' might be 0 which acts as a wildcard. * Return TRUE if they compare the same, FALSE otherwise. * * @param context a Keberos context. * @param entry an entry to match with. * @param principal principal to match, NULL matches all principals. * @param vno key version to match, 0 matches all key version numbers. * @param enctype encryption type to match, 0 matches all encryption types. * * @return Return TRUE or match, FALSE if not matched. * * @ingroup krb5_keytab */ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_kt_compare ( krb5_context /*context*/, krb5_keytab_entry */*entry*/, krb5_const_principal /*principal*/, krb5_kvno /*vno*/, krb5_enctype /*enctype*/); /** * Copy the contents of `in' into `out'. * * @param context a Keberos context. * @param in the keytab entry to copy. * @param out the copy of the keytab entry, free with krb5_kt_free_entry(). * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_keytab */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_copy_entry_contents ( krb5_context /*context*/, const krb5_keytab_entry */*in*/, krb5_keytab_entry */*out*/); /** * Set `id' to the default keytab. * * @param context a Keberos context. * @param id the new default keytab. * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_keytab */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_default ( krb5_context /*context*/, krb5_keytab */*id*/); /** * Copy the name of the default modify keytab into `name'. * * @param context a Keberos context. * @param name buffer where the name will be written * @param namesize length of name * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_keytab */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_default_modify_name ( krb5_context /*context*/, char */*name*/, size_t /*namesize*/); /** * copy the name of the default keytab into `name'. * * @param context a Keberos context. * @param name buffer where the name will be written * @param namesize length of name * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_keytab */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_default_name ( krb5_context /*context*/, char */*name*/, size_t /*namesize*/); /** * Destroy (remove) the keytab in `id'. All resources will be released, * even on errors, does the equvalment of krb5_kt_close() on the resources. * * @param context a Keberos context. * @param id keytab to destroy. * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_keytab */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_destroy ( krb5_context /*context*/, krb5_keytab /*id*/); /** * Release all resources associated with `cursor'. * * @param context a Keberos context. * @param id a keytab. * @param cursor the cursor to free. * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_keytab */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_end_seq_get ( krb5_context /*context*/, krb5_keytab /*id*/, krb5_kt_cursor */*cursor*/); /** * Free the contents of `entry'. * * @param context a Keberos context. * @param entry the entry to free * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_keytab */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_free_entry ( krb5_context /*context*/, krb5_keytab_entry */*entry*/); /** * Retrieve the keytab entry for `principal, kvno, enctype' into `entry' * from the keytab `id'. Matching is done like krb5_kt_compare(). * * @param context a Keberos context. * @param id a keytab. * @param principal principal to match, NULL matches all principals. * @param kvno key version to match, 0 matches all key version numbers. * @param enctype encryption type to match, 0 matches all encryption types. * @param entry the returned entry, free with krb5_kt_free_entry(). * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_keytab */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_entry ( krb5_context /*context*/, krb5_keytab /*id*/, krb5_const_principal /*principal*/, krb5_kvno /*kvno*/, krb5_enctype /*enctype*/, krb5_keytab_entry */*entry*/); /** * Retrieve the full name of the keytab `keytab' and store the name in * `str'. * * @param context a Keberos context. * @param keytab keytab to get name for. * @param str the name of the keytab name, usee krb5_xfree() to free * the string. On error, *str is set to NULL. * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_keytab */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_full_name ( krb5_context /*context*/, krb5_keytab /*keytab*/, char **/*str*/); /** * Retrieve the name of the keytab `keytab' into `name', `namesize' * * @param context a Keberos context. * @param keytab the keytab to get the name for. * @param name name buffer. * @param namesize size of name buffer. * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_keytab */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_name ( krb5_context /*context*/, krb5_keytab /*keytab*/, char */*name*/, size_t /*namesize*/); /** * Return the type of the `keytab' in the string `prefix of length * `prefixsize'. * * @param context a Keberos context. * @param keytab the keytab to get the prefix for * @param prefix prefix buffer * @param prefixsize length of prefix buffer * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_keytab */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_type ( krb5_context /*context*/, krb5_keytab /*keytab*/, char */*prefix*/, size_t /*prefixsize*/); /** * Return true if the keytab exists and have entries * * @param context a Keberos context. * @param id a keytab. * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_keytab */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_have_content ( krb5_context /*context*/, krb5_keytab /*id*/); /** * Get the next entry from keytab, advance the cursor. On last entry * the function will return KRB5_KT_END. * * @param context a Keberos context. * @param id a keytab. * @param entry the returned entry, free with krb5_kt_free_entry(). * @param cursor the cursor of the iteration. * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_keytab */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_next_entry ( krb5_context /*context*/, krb5_keytab /*id*/, krb5_keytab_entry */*entry*/, krb5_kt_cursor */*cursor*/); /** * Read the key identified by `(principal, vno, enctype)' from the * keytab in `keyprocarg' (the default if == NULL) into `*key'. * * @param context a Keberos context. * @param keyprocarg * @param principal * @param vno * @param enctype * @param key * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_keytab */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_read_service_key ( krb5_context /*context*/, krb5_pointer /*keyprocarg*/, krb5_principal /*principal*/, krb5_kvno /*vno*/, krb5_enctype /*enctype*/, krb5_keyblock **/*key*/); /** * Register a new keytab backend. * * @param context a Keberos context. * @param ops a backend to register. * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_keytab */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_register ( krb5_context /*context*/, const krb5_kt_ops */*ops*/); /** * Remove an entry from the keytab, matching is done using * krb5_kt_compare(). * @param context a Keberos context. * @param id a keytab. * @param entry the entry to remove * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_keytab */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_remove_entry ( krb5_context /*context*/, krb5_keytab /*id*/, krb5_keytab_entry */*entry*/); /** * Resolve the keytab name (of the form `type:residual') in `name' * into a keytab in `id'. * * @param context a Keberos context. * @param name name to resolve * @param id resulting keytab, free with krb5_kt_close(). * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_keytab */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_resolve ( krb5_context /*context*/, const char */*name*/, krb5_keytab */*id*/); /** * Set `cursor' to point at the beginning of `id'. * * @param context a Keberos context. * @param id a keytab. * @param cursor a newly allocated cursor, free with krb5_kt_end_seq_get(). * * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_keytab */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_start_seq_get ( krb5_context /*context*/, krb5_keytab /*id*/, krb5_kt_cursor */*cursor*/); /** * This function takes the name of a local user and checks if * principal is allowed to log in as that user. * * The user may have a ~/.k5login file listing principals that are * allowed to login as that user. If that file does not exist, all * principals with a only one component that is identical to the * username, and a realm considered local, are allowed access. * * The .k5login file must contain one principal per line, be owned by * user and not be writable by group or other (but must be readable by * anyone). * * Note that if the file exists, no implicit access rights are given * to user@@LOCALREALM. * * Optionally, a set of files may be put in ~/.k5login.d (a * directory), in which case they will all be checked in the same * manner as .k5login. The files may be called anything, but files * starting with a hash (#) , or ending with a tilde (~) are * ignored. Subdirectories are not traversed. Note that this directory * may not be checked by other Kerberos implementations. * * If no configuration file exists, match user against local domains, * ie luser@@LOCAL-REALMS-IN-CONFIGURATION-FILES. * * @param context Kerberos 5 context. * @param principal principal to check if allowed to login * @param luser local user id * * @return returns TRUE if access should be granted, FALSE otherwise. * * @ingroup krb5_support */ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_kuserok ( krb5_context /*context*/, krb5_principal /*principal*/, const char */*luser*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_log ( krb5_context /*context*/, krb5_log_facility */*fac*/, int /*level*/, const char */*fmt*/, ...) __attribute__ ((__format__ (__printf__, 4, 5))); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_log_msg ( krb5_context /*context*/, krb5_log_facility */*fac*/, int /*level*/, char **/*reply*/, const char */*fmt*/, ...) __attribute__ ((__format__ (__printf__, 5, 6))); /** * Create an address of type KRB5_ADDRESS_ADDRPORT from (addr, port) * * @param context a Keberos context * @param res built address from addr/port * @param addr address to use * @param port port to use * * @return Return an error code or 0. * * @ingroup krb5_address */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_make_addrport ( krb5_context /*context*/, krb5_address **/*res*/, const krb5_address */*addr*/, int16_t /*port*/); /** * Build a principal using vararg style building * * @param context A Kerberos context. * @param principal returned principal * @param realm realm name * @param ... a list of components ended with NULL. * * @return An krb5 error code, see krb5_get_error_message(). * * @ingroup krb5_principal */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_make_principal ( krb5_context /*context*/, krb5_principal */*principal*/, krb5_const_realm /*realm*/, ...); /** * krb5_max_sockaddr_size returns the max size of the .Li struct * sockaddr that the Kerberos library will return. * * @return Return an size_t of the maximum struct sockaddr. * * @ingroup krb5_address */ KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL krb5_max_sockaddr_size (void); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_error ( krb5_context /*context*/, krb5_error_code /*error_code*/, const char */*e_text*/, const krb5_data */*e_data*/, const krb5_principal /*client*/, const krb5_principal /*server*/, time_t */*client_time*/, int */*client_usec*/, krb5_data */*reply*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_error_ext ( krb5_context /*context*/, krb5_error_code /*error_code*/, const char */*e_text*/, const krb5_data */*e_data*/, const krb5_principal /*server*/, const PrincipalName */*client_name*/, const Realm */*client_realm*/, time_t */*client_time*/, int */*client_usec*/, krb5_data */*reply*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_priv ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, const krb5_data */*userdata*/, krb5_data */*outbuf*/, krb5_replay_data */*outdata*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_rep ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_data */*outbuf*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_req ( krb5_context /*context*/, krb5_auth_context */*auth_context*/, const krb5_flags /*ap_req_options*/, const char */*service*/, const char */*hostname*/, krb5_data */*in_data*/, krb5_ccache /*ccache*/, krb5_data */*outbuf*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_req_exact ( krb5_context /*context*/, krb5_auth_context */*auth_context*/, const krb5_flags /*ap_req_options*/, const krb5_principal /*server*/, krb5_data */*in_data*/, krb5_ccache /*ccache*/, krb5_data */*outbuf*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_req_extended ( krb5_context /*context*/, krb5_auth_context */*auth_context*/, const krb5_flags /*ap_req_options*/, krb5_data */*in_data*/, krb5_creds */*in_creds*/, krb5_data */*outbuf*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_safe ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, const krb5_data */*userdata*/, krb5_data */*outbuf*/, krb5_replay_data */*outdata*/); /** * Iteratively apply name canon rules, outputing a principal and rule * options each time. Iteration completes when the @iter is NULL on * return or when an error is returned. Callers must free the iterator * if they abandon it mid-way. * * @param context Kerberos context * @param iter name canon rule iterator (input/output) * @param try_princ output principal name * @param rule_opts output rule options */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_name_canon_iterate ( krb5_context /*context*/, krb5_name_canon_iterator */*iter*/, krb5_const_principal */*try_princ*/, krb5_name_canon_rule_options */*rule_opts*/); /** * Initialize name canonicalization iterator. * * @param context Kerberos context * @param in_princ principal name to be canonicalized OR * @param iter output iterator object */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_name_canon_iterator_start ( krb5_context /*context*/, krb5_const_principal /*in_princ*/, krb5_name_canon_iterator */*iter*/); /** * Read \a len bytes from socket \a p_fd into buffer \a buf. * Block until \a len bytes are read or until an error. * * @return If successful, the number of bytes read: \a len. * On end-of-file, 0. * On error, less than 0 (if single-threaded, the error can be found * in the errno global variable). */ KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_net_read ( krb5_context /*context*/, void */*p_fd*/, void */*buf*/, size_t /*len*/); KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_net_write ( krb5_context /*context*/, void */*p_fd*/, const void */*buf*/, size_t /*len*/); KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_net_write_block ( krb5_context /*context*/, void */*p_fd*/, const void */*buf*/, size_t /*len*/, time_t /*timeout*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_alloc ( krb5_context /*context*/, krb5_ntlm */*ntlm*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_free ( krb5_context /*context*/, krb5_ntlm /*ntlm*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_init_get_challenge ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, krb5_data */*challenge*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_init_get_flags ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, uint32_t */*flags*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_init_get_opaque ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, krb5_data */*opaque*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_init_get_targetinfo ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, krb5_data */*data*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_init_get_targetname ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, char **/*name*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_init_request ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, krb5_realm /*realm*/, krb5_ccache /*ccache*/, uint32_t /*flags*/, const char */*hostname*/, const char */*domainname*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_rep_get_sessionkey ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, krb5_data */*data*/); KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_ntlm_rep_get_status ( krb5_context /*context*/, krb5_ntlm /*ntlm*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_req_set_flags ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, uint32_t /*flags*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_req_set_lm ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, void */*hash*/, size_t /*len*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_req_set_ntlm ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, void */*hash*/, size_t /*len*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_req_set_opaque ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, krb5_data */*opaque*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_req_set_session ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, void */*sessionkey*/, size_t /*length*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_req_set_targetname ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, const char */*targetname*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_req_set_username ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, const char */*username*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_request ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, krb5_realm /*realm*/, krb5_ccache /*ccache*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_openlog ( krb5_context /*context*/, const char */*program*/, krb5_log_facility **/*fac*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_add_buffer ( krb5_context /*context*/, krb5_pac /*p*/, uint32_t /*type*/, const krb5_data */*data*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_pac_free ( krb5_context /*context*/, krb5_pac /*pac*/); /** * Get the PAC buffer of specific type from the pac. * * @param context Kerberos 5 context. * @param p the pac structure returned by krb5_pac_parse(). * @param type type of buffer to get * @param data return data, free with krb5_data_free(). * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5_pac */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_get_buffer ( krb5_context /*context*/, krb5_pac /*p*/, uint32_t /*type*/, krb5_data */*data*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_get_types ( krb5_context /*context*/, krb5_pac /*p*/, size_t */*len*/, uint32_t **/*types*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_init ( krb5_context /*context*/, krb5_pac */*pac*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_parse ( krb5_context /*context*/, const void */*ptr*/, size_t /*len*/, krb5_pac */*pac*/); /** * Verify the PAC. * * @param context Kerberos 5 context. * @param pac the pac structure returned by krb5_pac_parse(). * @param authtime The time of the ticket the PAC belongs to. * @param principal the principal to verify. * @param server The service key, most always be given. * @param privsvr The KDC key, may be given. * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5_pac */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_verify ( krb5_context /*context*/, const krb5_pac /*pac*/, time_t /*authtime*/, krb5_const_principal /*principal*/, const krb5_keyblock */*server*/, const krb5_keyblock */*privsvr*/); KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_padata_add ( krb5_context /*context*/, METHOD_DATA */*md*/, int /*type*/, void */*buf*/, size_t /*len*/); /** * krb5_parse_address returns the resolved hostname in string to the * krb5_addresses addresses . * * @param context a Keberos context * @param string * @param addresses * * @return Return an error code or 0. * * @ingroup krb5_address */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_address ( krb5_context /*context*/, const char */*string*/, krb5_addresses */*addresses*/); /** * Parse a name into a krb5_principal structure * * @param context Kerberos 5 context * @param name name to parse into a Kerberos principal * @param principal returned principal, free with krb5_free_principal(). * * @return An krb5 error code, see krb5_get_error_message(). * * @ingroup krb5_principal */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_name ( krb5_context /*context*/, const char */*name*/, krb5_principal */*principal*/); /** * Parse a name into a krb5_principal structure, flags controls the behavior. * * @param context Kerberos 5 context * @param name name to parse into a Kerberos principal * @param flags flags to control the behavior * @param principal returned principal, free with krb5_free_principal(). * * @return An krb5 error code, see krb5_get_error_message(). * * @ingroup krb5_principal */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_name_flags ( krb5_context /*context*/, const char */*name*/, int /*flags*/, krb5_principal */*principal*/); /** * Parse nametype string and return a nametype integer * * @ingroup krb5_principal */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_nametype ( krb5_context /*context*/, const char */*str*/, int32_t */*nametype*/); KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_passwd_result_to_string ( krb5_context /*context*/, int /*result*/); /** * Deprecated: use krb5_get_init_creds() and friends. * * @ingroup krb5_deprecated */ KRB5_LIB_FUNCTION krb5_error_code KRB5_CALLCONV krb5_password_key_proc ( krb5_context /*context*/, krb5_enctype /*type*/, krb5_salt /*salt*/, krb5_const_pointer /*keyseed*/, krb5_keyblock **/*key*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pk_enterprise_cert ( krb5_context /*context*/, const char */*user_id*/, krb5_const_realm /*realm*/, krb5_principal */*principal*/, struct hx509_certs_data **/*res*/); /** * Register a plugin symbol name of specific type. * @param context a Keberos context * @param type type of plugin symbol * @param name name of plugin symbol * @param symbol a pointer to the named symbol * @return In case of error a non zero error com_err error is returned * and the Kerberos error string is set. * * @ingroup krb5_support */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_plugin_register ( krb5_context /*context*/, enum krb5_plugin_type /*type*/, const char */*name*/, void */*symbol*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_prepend_config_files ( const char */*filelist*/, char **/*pq*/, char ***/*ret_pp*/); /** * Prepend the filename to the global configuration list. * * @param filelist a filename to add to the default list of filename * @param pfilenames return array of filenames, should be freed with krb5_free_config_files(). * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_prepend_config_files_default ( const char */*filelist*/, char ***/*pfilenames*/); /** * Prepend the context full error string for a specific error code. * The error that is stored should be internationalized. * * The if context is NULL, no error string is stored. * * @param context Kerberos 5 context * @param ret The error code * @param fmt Error string for the error code * @param ... printf(3) style parameters. * * @ingroup krb5_error */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_prepend_error_message ( krb5_context /*context*/, krb5_error_code /*ret*/, const char */*fmt*/, ...) __attribute__ ((__format__ (__printf__, 3, 4))); /** * Deprecated: use krb5_principal_get_realm() * * @ingroup krb5_deprecated */ KRB5_LIB_FUNCTION krb5_realm * KRB5_LIB_CALL krb5_princ_realm ( krb5_context /*context*/, krb5_principal /*principal*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); /** * Deprecated: use krb5_principal_set_realm() * * @ingroup krb5_deprecated */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_princ_set_realm ( krb5_context /*context*/, krb5_principal /*principal*/, krb5_realm */*realm*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); /** * Compares the two principals, including realm of the principals and returns * TRUE if they are the same and FALSE if not. * * @param context Kerberos 5 context * @param princ1 first principal to compare * @param princ2 second principal to compare * * @ingroup krb5_principal * @see krb5_principal_compare_any_realm() * @see krb5_realm_compare() */ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_compare ( krb5_context /*context*/, krb5_const_principal /*princ1*/, krb5_const_principal /*princ2*/); /** * Return TRUE iff princ1 == princ2 (without considering the realm) * * @param context Kerberos 5 context * @param princ1 first principal to compare * @param princ2 second principal to compare * * @return non zero if equal, 0 if not * * @ingroup krb5_principal * @see krb5_principal_compare() * @see krb5_realm_compare() */ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_compare_any_realm ( krb5_context /*context*/, krb5_const_principal /*princ1*/, krb5_const_principal /*princ2*/); KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_principal_get_comp_string ( krb5_context /*context*/, krb5_const_principal /*principal*/, unsigned int /*component*/); /** * Get number of component is principal. * * @param context Kerberos 5 context * @param principal principal to query * * @return number of components in string * * @ingroup krb5_principal */ KRB5_LIB_FUNCTION unsigned int KRB5_LIB_CALL krb5_principal_get_num_comp ( krb5_context /*context*/, krb5_const_principal /*principal*/); /** * Get the realm of the principal * * @param context A Kerberos context. * @param principal principal to get the realm for * * @return realm of the principal, don't free or use after krb5_principal is freed * * @ingroup krb5_principal */ KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_principal_get_realm ( krb5_context /*context*/, krb5_const_principal /*principal*/); /** * Get the type of the principal * * @param context A Kerberos context. * @param principal principal to get the type for * * @return the type of principal * * @ingroup krb5_principal */ KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_principal_get_type ( krb5_context /*context*/, krb5_const_principal /*principal*/); /** * Returns true iff name is an WELLKNOWN:ORG.H5L.HOSTBASED-SERVICE * * @ingroup krb5_principal */ krb5_boolean KRB5_LIB_FUNCTION krb5_principal_is_gss_hostbased_service ( krb5_context /*context*/, krb5_const_principal /*principal*/); /** * Check if the cname part of the principal is a krbtgt principal * * @ingroup krb5_principal */ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_is_krbtgt ( krb5_context /*context*/, krb5_const_principal /*p*/); /** * Returns true if name is Kerberos an LKDC realm * * @ingroup krb5_principal */ krb5_boolean KRB5_LIB_FUNCTION krb5_principal_is_lkdc ( krb5_context /*context*/, krb5_const_principal /*principal*/); /** * Returns true if name is Kerberos NULL name * * @ingroup krb5_principal */ krb5_boolean KRB5_LIB_FUNCTION krb5_principal_is_null ( krb5_context /*context*/, krb5_const_principal /*principal*/); /** * Returns true if name is Kerberos an LKDC realm * * @ingroup krb5_principal */ krb5_boolean KRB5_LIB_FUNCTION krb5_principal_is_pku2u ( krb5_context /*context*/, krb5_const_principal /*principal*/); /** * Check if the cname part of the principal is a initial or renewed krbtgt principal * * @ingroup krb5_principal */ krb5_boolean KRB5_LIB_FUNCTION krb5_principal_is_root_krbtgt ( krb5_context /*context*/, krb5_const_principal /*p*/); /** * return TRUE iff princ matches pattern * * @ingroup krb5_principal */ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_match ( krb5_context /*context*/, krb5_const_principal /*princ*/, krb5_const_principal /*pattern*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_principal_set_comp_string ( krb5_context /*context*/, krb5_principal /*principal*/, unsigned int /*k*/, const char */*component*/); /** * Set a new realm for a principal, and as a side-effect free the * previous realm. * * @param context A Kerberos context. * @param principal principal set the realm for * @param realm the new realm to set * * @return An krb5 error code, see krb5_get_error_message(). * * @ingroup krb5_principal */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_principal_set_realm ( krb5_context /*context*/, krb5_principal /*principal*/, krb5_const_realm /*realm*/); /** * Set the type of the principal * * @param context A Kerberos context. * @param principal principal to set the type for * @param type the new type * * @return An krb5 error code, see krb5_get_error_message(). * * @ingroup krb5_principal */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_principal_set_type ( krb5_context /*context*/, krb5_principal /*principal*/, int /*type*/); /** * krb5_print_address prints the address in addr to the string string * that have the length len. If ret_len is not NULL, it will be filled * with the length of the string if size were unlimited (not including * the final NUL) . * * @param addr address to be printed * @param str pointer string to print the address into * @param len length that will fit into area pointed to by "str". * @param ret_len return length the str. * * @return Return an error code or 0. * * @ingroup krb5_address */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_print_address ( const krb5_address */*addr*/, char */*str*/, size_t /*len*/, size_t */*ret_len*/); krb5_error_code krb5_process_last_request ( krb5_context /*context*/, krb5_get_init_creds_opt */*options*/, krb5_init_creds_context /*ctx*/); KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_program_setup ( krb5_context */*context*/, int /*argc*/, char **/*argv*/, struct getargs */*args*/, int /*num_args*/, void (KRB5_LIB_CALL *usage)(int, struct getargs*, int)); KRB5_LIB_FUNCTION int KRB5_CALLCONV krb5_prompter_posix ( krb5_context /*context*/, void */*data*/, const char */*name*/, const char */*banner*/, int /*num_prompts*/, krb5_prompt prompts[]); /** * Converts the random bytestring to a protocol key according to * Kerberos crypto frame work. It may be assumed that all the bits of * the input string are equally random, even though the entropy * present in the random source may be limited. * * @param context Kerberos 5 context * @param type the enctype resulting key will be of * @param data input random data to convert to a key * @param size size of input random data, at least krb5_enctype_keysize() long * @param key key, output key, free with krb5_free_keyblock_contents() * * @return Return an error code or 0. * * @ingroup krb5_crypto */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_random_to_key ( krb5_context /*context*/, krb5_enctype /*type*/, const void */*data*/, size_t /*size*/, krb5_keyblock */*key*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_close ( krb5_context /*context*/, krb5_rcache /*id*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_default ( krb5_context /*context*/, krb5_rcache */*id*/); KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_rc_default_name (krb5_context /*context*/); KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_rc_default_type (krb5_context /*context*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_destroy ( krb5_context /*context*/, krb5_rcache /*id*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_expunge ( krb5_context /*context*/, krb5_rcache /*id*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_get_lifespan ( krb5_context /*context*/, krb5_rcache /*id*/, krb5_deltat */*auth_lifespan*/); KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_rc_get_name ( krb5_context /*context*/, krb5_rcache /*id*/); KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_rc_get_type ( krb5_context /*context*/, krb5_rcache /*id*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_initialize ( krb5_context /*context*/, krb5_rcache /*id*/, krb5_deltat /*auth_lifespan*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_recover ( krb5_context /*context*/, krb5_rcache /*id*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_resolve ( krb5_context /*context*/, krb5_rcache /*id*/, const char */*name*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_resolve_full ( krb5_context /*context*/, krb5_rcache */*id*/, const char */*string_name*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_resolve_type ( krb5_context /*context*/, krb5_rcache */*id*/, const char */*type*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_store ( krb5_context /*context*/, krb5_rcache /*id*/, krb5_donot_replay */*rep*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_cred ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_data */*in_data*/, krb5_creds ***/*ret_creds*/, krb5_replay_data */*outdata*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_cred2 ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_ccache /*ccache*/, krb5_data */*in_data*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_error ( krb5_context /*context*/, const krb5_data */*msg*/, KRB_ERROR */*result*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_priv ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, const krb5_data */*inbuf*/, krb5_data */*outbuf*/, krb5_replay_data */*outdata*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_rep ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, const krb5_data */*inbuf*/, krb5_ap_rep_enc_part **/*repl*/); /** * Process an AP_REQ message. * * @param context Kerberos 5 context. * @param auth_context authentication context of the peer. * @param inbuf the AP_REQ message, obtained for example with krb5_read_message(). * @param server server principal. * @param keytab server keytab. * @param ap_req_options set to the AP_REQ options. See the AP_OPTS_* defines. * @param ticket on success, set to the authenticated client credentials. * Must be deallocated with krb5_free_ticket(). If not * interested, pass a NULL value. * * @return 0 to indicate success. Otherwise a Kerberos error code is * returned, see krb5_get_error_message(). */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req ( krb5_context /*context*/, krb5_auth_context */*auth_context*/, const krb5_data */*inbuf*/, krb5_const_principal /*server*/, krb5_keytab /*keytab*/, krb5_flags */*ap_req_options*/, krb5_ticket **/*ticket*/); /** * The core server function that verify application authentication * requests from clients. * * @param context Keberos 5 context. * @param auth_context the authentication context, can be NULL, then * default values for the authentication context will used. * @param inbuf the (AP-REQ) authentication buffer * * @param server the server to authenticate to. If NULL the function * will try to find any available credential in the keytab * that will verify the reply. The function will prefer the * server specified in the AP-REQ, but if * there is no mach, it will try all keytab entries for a * match. This has serious performance issues for large keytabs. * * @param inctx control the behavior of the function, if NULL, the * default behavior is used. * @param outctx the return outctx, free with krb5_rd_req_out_ctx_free(). * @return Kerberos 5 error code, see krb5_get_error_message(). * * @ingroup krb5_auth */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_ctx ( krb5_context /*context*/, krb5_auth_context */*auth_context*/, const krb5_data */*inbuf*/, krb5_const_principal /*server*/, krb5_rd_req_in_ctx /*inctx*/, krb5_rd_req_out_ctx */*outctx*/); /** * Allocate a krb5_rd_req_in_ctx as an input parameter to * krb5_rd_req_ctx(). The caller should free the context with * krb5_rd_req_in_ctx_free() when done with the context. * * @param context Keberos 5 context. * @param ctx in ctx to krb5_rd_req_ctx(). * * @return Kerberos 5 error code, see krb5_get_error_message(). * * @ingroup krb5_auth */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_ctx_alloc ( krb5_context /*context*/, krb5_rd_req_in_ctx */*ctx*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_rd_req_in_ctx_free ( krb5_context /*context*/, krb5_rd_req_in_ctx /*ctx*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_set_keyblock ( krb5_context /*context*/, krb5_rd_req_in_ctx /*in*/, krb5_keyblock */*keyblock*/); /** * Set the keytab that krb5_rd_req_ctx() will use. * * @param context Keberos 5 context. * @param in in ctx to krb5_rd_req_ctx(). * @param keytab keytab that krb5_rd_req_ctx() will use, only copy the * pointer, so the caller must free they keytab after * krb5_rd_req_in_ctx_free() is called. * * @return Kerberos 5 error code, see krb5_get_error_message(). * * @ingroup krb5_auth */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_set_keytab ( krb5_context /*context*/, krb5_rd_req_in_ctx /*in*/, krb5_keytab /*keytab*/); /** * Set if krb5_rq_red() is going to check the Windows PAC or not * * @param context Keberos 5 context. * @param in krb5_rd_req_in_ctx to check the option on. * @param flag flag to select if to check the pac (TRUE) or not (FALSE). * * @return Kerberos 5 error code, see krb5_get_error_message(). * * @ingroup krb5_auth */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_set_pac_check ( krb5_context /*context*/, krb5_rd_req_in_ctx /*in*/, krb5_boolean /*flag*/); /** * Free the krb5_rd_req_out_ctx. * * @param context Keberos 5 context. * @param ctx krb5_rd_req_out_ctx context to free. * * @ingroup krb5_auth */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_rd_req_out_ctx_free ( krb5_context /*context*/, krb5_rd_req_out_ctx /*ctx*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_out_get_ap_req_options ( krb5_context /*context*/, krb5_rd_req_out_ctx /*out*/, krb5_flags */*ap_req_options*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_out_get_keyblock ( krb5_context /*context*/, krb5_rd_req_out_ctx /*out*/, krb5_keyblock **/*keyblock*/); /** * Get the principal that was used in the request from the * client. Might not match whats in the ticket if krb5_rd_req_ctx() * searched in the keytab for a matching key. * * @param context a Kerberos 5 context. * @param out a krb5_rd_req_out_ctx from krb5_rd_req_ctx(). * @param principal return principal, free with krb5_free_principal(). * * @ingroup krb5_auth */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_out_get_server ( krb5_context /*context*/, krb5_rd_req_out_ctx /*out*/, krb5_principal */*principal*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_out_get_ticket ( krb5_context /*context*/, krb5_rd_req_out_ctx /*out*/, krb5_ticket **/*ticket*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_with_keyblock ( krb5_context /*context*/, krb5_auth_context */*auth_context*/, const krb5_data */*inbuf*/, krb5_const_principal /*server*/, krb5_keyblock */*keyblock*/, krb5_flags */*ap_req_options*/, krb5_ticket **/*ticket*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_safe ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, const krb5_data */*inbuf*/, krb5_data */*outbuf*/, krb5_replay_data */*outdata*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_read_message ( krb5_context /*context*/, krb5_pointer /*p_fd*/, krb5_data */*data*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_read_priv_message ( krb5_context /*context*/, krb5_auth_context /*ac*/, krb5_pointer /*p_fd*/, krb5_data */*data*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_read_safe_message ( krb5_context /*context*/, krb5_auth_context /*ac*/, krb5_pointer /*p_fd*/, krb5_data */*data*/); /** * return TRUE iff realm(princ1) == realm(princ2) * * @param context Kerberos 5 context * @param princ1 first principal to compare * @param princ2 second principal to compare * * @ingroup krb5_principal * @see krb5_principal_compare_any_realm() * @see krb5_principal_compare() */ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_realm_compare ( krb5_context /*context*/, krb5_const_principal /*princ1*/, krb5_const_principal /*princ2*/); /** * Returns true if name is Kerberos an LKDC realm * * @ingroup krb5_principal */ krb5_boolean KRB5_LIB_FUNCTION krb5_realm_is_lkdc (const char */*realm*/); /** * Perform the server side of the sendauth protocol. * * @param context Kerberos 5 context. * @param auth_context authentication context of the peer. * @param p_fd socket associated to the connection. * @param appl_version server-specific string. * @param server server principal. * @param flags if KRB5_RECVAUTH_IGNORE_VERSION is set, skip the sendauth version * part of the protocol. * @param keytab server keytab. * @param ticket on success, set to the authenticated client credentials. * Must be deallocated with krb5_free_ticket(). If not * interested, pass a NULL value. * * @return 0 to indicate success. Otherwise a Kerberos error code is * returned, see krb5_get_error_message(). */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_recvauth ( krb5_context /*context*/, krb5_auth_context */*auth_context*/, krb5_pointer /*p_fd*/, const char */*appl_version*/, krb5_principal /*server*/, int32_t /*flags*/, krb5_keytab /*keytab*/, krb5_ticket **/*ticket*/); /** * Perform the server side of the sendauth protocol like krb5_recvauth(), but support * a user-specified callback, \a match_appl_version, to perform the match of the application * version \a match_data. */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_recvauth_match_version ( krb5_context /*context*/, krb5_auth_context */*auth_context*/, krb5_pointer /*p_fd*/, krb5_boolean (*/*match_appl_version*/)(const void *, const char*), const void */*match_data*/, krb5_principal /*server*/, int32_t /*flags*/, krb5_keytab /*keytab*/, krb5_ticket **/*ticket*/); /** * Read a address block from the storage. * * @param sp the storage buffer to write to * @param adr the address block read from storage * * @return 0 on success, a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_address ( krb5_storage */*sp*/, krb5_address */*adr*/); /** * Read a addresses block from the storage. * * @param sp the storage buffer to write to * @param adr the addresses block read from storage * * @return 0 on success, a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_addrs ( krb5_storage */*sp*/, krb5_addresses */*adr*/); /** * Read a auth data from the storage. * * @param sp the storage buffer to write to * @param auth the auth data block read from storage * * @return 0 on success, a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_authdata ( krb5_storage */*sp*/, krb5_authdata */*auth*/); /** * Read a credentials block from the storage. * * @param sp the storage buffer to write to * @param creds the credentials block read from storage * * @return 0 on success, a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_creds ( krb5_storage */*sp*/, krb5_creds */*creds*/); /** * Read a tagged credentials block from the storage. * * @param sp the storage buffer to write to * @param creds the credentials block read from storage * * @return 0 on success, a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_creds_tag ( krb5_storage */*sp*/, krb5_creds */*creds*/); /** * Parse a data from the storage. * * @param sp the storage buffer to read from * @param data the parsed data * * @return 0 on success, a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_data ( krb5_storage */*sp*/, krb5_data */*data*/); /** * Read a int16 from storage, byte order is controlled by the settings * on the storage, see krb5_storage_set_byteorder(). * * @param sp the storage to write too * @param value the value read from the buffer * * @return 0 for success, or a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int16 ( krb5_storage */*sp*/, int16_t */*value*/); /** * Read a int32 from storage, byte order is controlled by the settings * on the storage, see krb5_storage_set_byteorder(). * * @param sp the storage to write too * @param value the value read from the buffer * * @return 0 for success, or a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int32 ( krb5_storage */*sp*/, int32_t */*value*/); /** * Read a int64 from storage, byte order is controlled by the settings * on the storage, see krb5_storage_set_byteorder(). * * @param sp the storage to write too * @param value the value read from the buffer * * @return 0 for success, or a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int64 ( krb5_storage */*sp*/, int64_t */*value*/); /** * Read a int8 from storage * * @param sp the storage to write too * @param value the value read from the buffer * * @return 0 for success, or a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int8 ( krb5_storage */*sp*/, int8_t */*value*/); /** * Read a keyblock from the storage. * * @param sp the storage buffer to write to * @param p the keyblock read from storage, free using krb5_free_keyblock() * * @return 0 on success, a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_keyblock ( krb5_storage */*sp*/, krb5_keyblock */*p*/); /** * Parse principal from the storage. * * @param sp the storage buffer to read from * @param princ the parsed principal * * @return 0 on success, a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_principal ( krb5_storage */*sp*/, krb5_principal */*princ*/); /** * Parse a string from the storage. * * @param sp the storage buffer to read from * @param string the parsed string * * @return 0 on success, a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_string ( krb5_storage */*sp*/, char **/*string*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_stringnl ( krb5_storage */*sp*/, char **/*string*/); /** * Parse zero terminated string from the storage. * * @param sp the storage buffer to read from * @param string the parsed string * * @return 0 on success, a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_stringz ( krb5_storage */*sp*/, char **/*string*/); /** * Read a times block from the storage. * * @param sp the storage buffer to write to * @param times the times block read from storage * * @return 0 on success, a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_times ( krb5_storage */*sp*/, krb5_times */*times*/); /** * Read a int16 from storage, byte order is controlled by the settings * on the storage, see krb5_storage_set_byteorder(). * * @param sp the storage to write too * @param value the value read from the buffer * * @return 0 for success, or a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint16 ( krb5_storage */*sp*/, uint16_t */*value*/); /** * Read a uint32 from storage, byte order is controlled by the settings * on the storage, see krb5_storage_set_byteorder(). * * @param sp the storage to write too * @param value the value read from the buffer * * @return 0 for success, or a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint32 ( krb5_storage */*sp*/, uint32_t */*value*/); /** * Read a uint64 from storage, byte order is controlled by the settings * on the storage, see krb5_storage_set_byteorder(). * * @param sp the storage to write too * @param value the value read from the buffer * * @return 0 for success, or a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint64 ( krb5_storage */*sp*/, uint64_t */*value*/); /** * Read a uint8 from storage * * @param sp the storage to write too * @param value the value read from the buffer * * @return 0 for success, or a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint8 ( krb5_storage */*sp*/, uint8_t */*value*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_salttype_to_string ( krb5_context /*context*/, krb5_enctype /*etype*/, krb5_salttype /*stype*/, char **/*string*/); /** * Perform the client side of the sendauth protocol. * * @param context Kerberos 5 context. * @param auth_context Authentication context of the peer. * @param p_fd Socket associated to the connection. * @param appl_version Server-specific string. * @param client Client principal. If NULL, use the credentials in \a ccache. * @param server Server principal. * @param ap_req_options Options for the AP_REQ message. See the AP_OPTS_* defines in krb5.h. * @param in_data FIXME * @param in_creds FIXME * @param ccache Credentials cache. If NULL, use the default credentials cache. * @param ret_error If not NULL, will be set to the error reported by server, if any. * Must be deallocated with krb5_free_error_contents(). * @param rep_result If not NULL, will be set to the EncApRepPart of the AP_REP message. * Must be deallocated with krb5_free_ap_rep_enc_part(). * @param out_creds FIXME If not NULL, will be set to FIXME. Must be deallocated with * krb5_free_creds(). * * @return 0 to indicate success. Otherwise a Kerberos error code is * returned, see krb5_get_error_message(). */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendauth ( krb5_context /*context*/, krb5_auth_context */*auth_context*/, krb5_pointer /*p_fd*/, const char */*appl_version*/, krb5_principal /*client*/, krb5_principal /*server*/, krb5_flags /*ap_req_options*/, krb5_data */*in_data*/, krb5_creds */*in_creds*/, krb5_ccache /*ccache*/, krb5_error **/*ret_error*/, krb5_ap_rep_enc_part **/*rep_result*/, krb5_creds **/*out_creds*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendto ( krb5_context /*context*/, const krb5_data */*send_data*/, krb5_krbhst_handle /*handle*/, krb5_data */*receive*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendto_context ( krb5_context /*context*/, krb5_sendto_ctx /*ctx*/, const krb5_data */*send_data*/, krb5_const_realm /*realm*/, krb5_data */*receive*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_sendto_ctx_add_flags ( krb5_sendto_ctx /*ctx*/, int /*flags*/); /** * @section send_to_kdc Locating and sending packets to the KDC * * The send to kdc code is responsible to request the list of KDC from * the locate-kdc subsystem and then send requests to each of them. * * - Each second a new hostname is tried. * - If the hostname have several addresses, the first will be tried * directly then in turn the other will be tried every 3 seconds * (host_timeout). * - UDP requests are tried 3 times, and it tried with a individual timeout of kdc_timeout / 3. * - TCP and HTTP requests are tried 1 time. * * Total wait time shorter then (number of addresses * 3) + kdc_timeout seconds. * */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendto_ctx_alloc ( krb5_context /*context*/, krb5_sendto_ctx */*ctx*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_sendto_ctx_free ( krb5_context /*context*/, krb5_sendto_ctx /*ctx*/); KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_sendto_ctx_get_flags (krb5_sendto_ctx /*ctx*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_sendto_ctx_set_func ( krb5_sendto_ctx /*ctx*/, krb5_sendto_ctx_func /*func*/, void */*data*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_sendto_ctx_set_type ( krb5_sendto_ctx /*ctx*/, int /*type*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendto_kdc ( krb5_context /*context*/, const krb5_data */*send_data*/, const krb5_realm */*realm*/, krb5_data */*receive*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendto_kdc_flags ( krb5_context /*context*/, const krb5_data */*send_data*/, const krb5_realm */*realm*/, krb5_data */*receive*/, int /*flags*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendto_set_hostname ( krb5_context /*context*/, krb5_sendto_ctx /*ctx*/, const char */*hostname*/); /** * Reinit the context from a new set of filenames. * * @param context context to add configuration too. * @param filenames array of filenames, end of list is indicated with a NULL filename. * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_config_files ( krb5_context /*context*/, char **/*filenames*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_debug_dest ( krb5_context /*context*/, const char */*program*/, const char */*log_spec*/); /** * Set the default encryption types that will be use in communcation * with the KDC, clients and servers. * * @param context Kerberos 5 context. * @param etypes Encryption types, array terminated with ETYPE_NULL (0). * A value of NULL resets the encryption types to the defaults set in the * configuration file. * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_default_in_tkt_etypes ( krb5_context /*context*/, const krb5_enctype */*etypes*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_default_realm ( krb5_context /*context*/, const char */*realm*/); /** * Set if the library should use DNS to canonicalize hostnames. * * @param context Kerberos 5 context. * @param flag if its dns canonicalizion is used or not. * * @ingroup krb5 */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_dns_canonicalize_hostname ( krb5_context /*context*/, krb5_boolean /*flag*/); /** * Set the context full error string for a specific error code. * The error that is stored should be internationalized. * * The if context is NULL, no error string is stored. * * @param context Kerberos 5 context * @param ret The error code * @param fmt Error string for the error code * @param ... printf(3) style parameters. * * @ingroup krb5_error */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_error_message ( krb5_context /*context*/, krb5_error_code /*ret*/, const char */*fmt*/, ...) __attribute__ ((__format__ (__printf__, 3, 4))); /** * Set the error message returned by krb5_get_error_string(). * * Deprecated: use krb5_get_error_message() * * @param context Kerberos context * @param fmt error message to free * * @return Return an error code or 0. * * @ingroup krb5_deprecated */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_error_string ( krb5_context /*context*/, const char */*fmt*/, ...) __attribute__ ((__format__ (__printf__, 2, 3))) KRB5_DEPRECATED_FUNCTION("Use X instead"); /** * Set extra address to the address list that the library will add to * the client's address list when communicating with the KDC. * * @param context Kerberos 5 context. * @param addresses addreses to set * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_extra_addresses ( krb5_context /*context*/, const krb5_addresses */*addresses*/); /** * Set version of fcache that the library should use. * * @param context Kerberos 5 context. * @param version version number. * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_fcache_version ( krb5_context /*context*/, int /*version*/); /** * Enable and disable home directory access on either the global state * or the krb5_context state. By calling krb5_set_home_dir_access() * with context set to NULL, the global state is configured otherwise * the state for the krb5_context is modified. * * For home directory access to be allowed, both the global state and * the krb5_context state have to be allowed. * * @param context a Kerberos 5 context or NULL * @param allow allow if TRUE home directory * @return the old value * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_set_home_dir_access ( krb5_context /*context*/, krb5_boolean /*allow*/); /** * Set extra addresses to ignore when fetching addresses from the * underlaying operating system. * * @param context Kerberos 5 context. * @param addresses addreses to ignore * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_ignore_addresses ( krb5_context /*context*/, const krb5_addresses */*addresses*/); /** * Set current offset in time to the KDC. * * @param context Kerberos 5 context. * @param sec seconds part of offset. * @param usec micro seconds part of offset. * * @return returns zero * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_kdc_sec_offset ( krb5_context /*context*/, int32_t /*sec*/, int32_t /*usec*/); /** * Set max time skew allowed. * * @param context Kerberos 5 context. * @param t timeskew in seconds. * * @ingroup krb5 */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_max_time_skew ( krb5_context /*context*/, time_t /*t*/); /** * Change password using creds. * * @param context a Keberos context * @param creds The initial kadmin/passwd for the principal or an admin principal * @param newpw The new password to set * @param targprinc if unset, the default principal is used. * @param result_code Result code, KRB5_KPASSWD_SUCCESS is when password is changed. * @param result_code_string binary message from the server, contains * at least the result_code. * @param result_string A message from the kpasswd service or the * library in human printable form. The string is NUL terminated. * * @return On sucess and *result_code is KRB5_KPASSWD_SUCCESS, the password is changed. * @ingroup @krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_password ( krb5_context /*context*/, krb5_creds */*creds*/, const char */*newpw*/, krb5_principal /*targprinc*/, int */*result_code*/, krb5_data */*result_code_string*/, krb5_data */*result_string*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_password_using_ccache ( krb5_context /*context*/, krb5_ccache /*ccache*/, const char */*newpw*/, krb5_principal /*targprinc*/, int */*result_code*/, krb5_data */*result_code_string*/, krb5_data */*result_string*/); /** * Set the absolute time that the caller knows the kdc has so the * kerberos library can calculate the relative diffrence beteen the * KDC time and local system time. * * @param context Keberos 5 context. * @param sec The applications new of "now" in seconds * @param usec The applications new of "now" in micro seconds * @return Kerberos 5 error code, see krb5_get_error_message(). * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_real_time ( krb5_context /*context*/, krb5_timestamp /*sec*/, int32_t /*usec*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_send_to_kdc_func ( krb5_context /*context*/, krb5_send_to_kdc_func /*func*/, void */*data*/); /** * Make the kerberos library default to the admin KDC. * * @param context Kerberos 5 context. * @param flag boolean flag to select if the use the admin KDC or not. * * @ingroup krb5 */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_use_admin_kdc ( krb5_context /*context*/, krb5_boolean /*flag*/); /** * Set the default logging facility. * * @param context A Kerberos 5 context * @param fac Facility to use for logging. * * @ingroup krb5_error */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_warn_dest ( krb5_context /*context*/, krb5_log_facility */*fac*/); /** * Create a principal for the given service running on the given * hostname. If KRB5_NT_SRV_HST is used, the hostname is canonicalized * according the configured name canonicalization rules, with * canonicalization delayed in some cases. One rule involves DNS, which * is insecure unless DNSSEC is used, but we don't use DNSSEC-capable * resolver APIs here, so that if DNSSEC is used we wouldn't know it. * * Canonicalization is immediate (not delayed) only when there is only * one canonicalization rule and that rule indicates that we should do a * host lookup by name (i.e., DNS). * * @param context A Kerberos context. * @param hostname hostname to use * @param sname Service name to use * @param type name type of principal, use KRB5_NT_SRV_HST or KRB5_NT_UNKNOWN. * @param ret_princ return principal, free with krb5_free_principal(). * * @return An krb5 error code, see krb5_get_error_message(). * * @ingroup krb5_principal */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sname_to_principal ( krb5_context /*context*/, const char */*hostname*/, const char */*sname*/, int32_t /*type*/, krb5_principal */*ret_princ*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sock_to_principal ( krb5_context /*context*/, int /*sock*/, const char */*sname*/, int32_t /*type*/, krb5_principal */*ret_princ*/); /** * krb5_sockaddr2address stores a address a "struct sockaddr" sa in * the krb5_address addr. * * @param context a Keberos context * @param sa a struct sockaddr to extract the address from * @param addr an Kerberos 5 address to store the address in. * * @return Return an error code or 0. * * @ingroup krb5_address */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sockaddr2address ( krb5_context /*context*/, const struct sockaddr */*sa*/, krb5_address */*addr*/); /** * krb5_sockaddr2port extracts a port (if possible) from a "struct * sockaddr. * * @param context a Keberos context * @param sa a struct sockaddr to extract the port from * @param port a pointer to an int16_t store the port in. * * @return Return an error code or 0. Will return * KRB5_PROG_ATYPE_NOSUPP in case address type is not supported. * * @ingroup krb5_address */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sockaddr2port ( krb5_context /*context*/, const struct sockaddr */*sa*/, int16_t */*port*/); KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_sockaddr_is_loopback (const struct sockaddr */*sa*/); /** * krb5_sockaddr_uninteresting returns TRUE for all .Fa sa that the * kerberos library thinks are uninteresting. One example are link * local addresses. * * @param sa pointer to struct sockaddr that might be interesting. * * @return Return a non zero for uninteresting addresses. * * @ingroup krb5_address */ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_sockaddr_uninteresting (const struct sockaddr */*sa*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_std_usage ( int /*code*/, struct getargs */*args*/, int /*num_args*/); /** * Clear the flags on a storage buffer * * @param sp the storage buffer to clear the flags on * @param flags the flags to clear * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_clear_flags ( krb5_storage */*sp*/, krb5_flags /*flags*/); /** * Create a elastic (allocating) memory storage backend. Memory is * allocated on demand. Free returned krb5_storage with * krb5_storage_free(). * * @return A krb5_storage on success, or NULL on out of memory error. * * @ingroup krb5_storage * * @sa krb5_storage_from_mem() * @sa krb5_storage_from_readonly_mem() * @sa krb5_storage_from_fd() * @sa krb5_storage_from_data() * @sa krb5_storage_from_socket() */ KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL krb5_storage_emem (void); /** * Free a krb5 storage. * * @param sp the storage to free. * * @return An Kerberos 5 error code. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_storage_free (krb5_storage */*sp*/); /** * Create a fixed size memory storage block * * @return A krb5_storage on success, or NULL on out of memory error. * * @ingroup krb5_storage * * @sa krb5_storage_mem() * @sa krb5_storage_from_mem() * @sa krb5_storage_from_readonly_mem() * @sa krb5_storage_from_fd() */ KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL krb5_storage_from_data (krb5_data */*data*/); /** * * * @return A krb5_storage on success, or NULL on out of memory error. * * @ingroup krb5_storage * * @sa krb5_storage_emem() * @sa krb5_storage_from_mem() * @sa krb5_storage_from_readonly_mem() * @sa krb5_storage_from_data() * @sa krb5_storage_from_socket() */ KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL krb5_storage_from_fd (int /*fd_in*/); /** * Create a fixed size memory storage block * * @return A krb5_storage on success, or NULL on out of memory error. * * @ingroup krb5_storage * * @sa krb5_storage_mem() * @sa krb5_storage_from_readonly_mem() * @sa krb5_storage_from_data() * @sa krb5_storage_from_fd() * @sa krb5_storage_from_socket() */ KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL krb5_storage_from_mem ( void */*buf*/, size_t /*len*/); /** * Create a fixed size memory storage block that is read only * * @return A krb5_storage on success, or NULL on out of memory error. * * @ingroup krb5_storage * * @sa krb5_storage_mem() * @sa krb5_storage_from_mem() * @sa krb5_storage_from_data() * @sa krb5_storage_from_fd() */ KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL krb5_storage_from_readonly_mem ( const void */*buf*/, size_t /*len*/); /** * * * @return A krb5_storage on success, or NULL on out of memory error. * * @ingroup krb5_storage * * @sa krb5_storage_emem() * @sa krb5_storage_from_mem() * @sa krb5_storage_from_readonly_mem() * @sa krb5_storage_from_data() * @sa krb5_storage_from_fd() */ KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL krb5_storage_from_socket (krb5_socket_t /*sock_in*/); /** * Sync the storage buffer to its backing store. If there is no * backing store this function will return success. * * @param sp the storage buffer to sync * * @return A Kerberos 5 error code * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_storage_fsync (krb5_storage */*sp*/); /** * Return the current byteorder for the buffer. See krb5_storage_set_byteorder() for the list or byte order contants. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_flags KRB5_LIB_CALL krb5_storage_get_byteorder (krb5_storage */*sp*/); /** * Get the return code that will be used when end of storage is reached. * * @param sp the storage * * @return storage error code * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_storage_get_eof_code (krb5_storage */*sp*/); /** * Return true or false depending on if the storage flags is set or * not. NB testing for the flag 0 always return true. * * @param sp the storage buffer to check flags on * @param flags The flags to test for * * @return true if all the flags are set, false if not. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_storage_is_flags ( krb5_storage */*sp*/, krb5_flags /*flags*/); /** * Read to the storage buffer. * * @param sp the storage buffer to read from * @param buf the buffer to store the data in * @param len the length to read * * @return The length of data read (can be shorter then len), or negative on error. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_storage_read ( krb5_storage */*sp*/, void */*buf*/, size_t /*len*/); /** * Seek to a new offset. * * @param sp the storage buffer to seek in. * @param offset the offset to seek * @param whence relateive searching, SEEK_CUR from the current * position, SEEK_END from the end, SEEK_SET absolute from the start. * * @return The new current offset * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION off_t KRB5_LIB_CALL krb5_storage_seek ( krb5_storage */*sp*/, off_t /*offset*/, int /*whence*/); /** * Set the new byte order of the storage buffer. * * @param sp the storage buffer to set the byte order for. * @param byteorder the new byte order. * * The byte order are: KRB5_STORAGE_BYTEORDER_BE, * KRB5_STORAGE_BYTEORDER_LE and KRB5_STORAGE_BYTEORDER_HOST. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_byteorder ( krb5_storage */*sp*/, krb5_flags /*byteorder*/); /** * Set the return code that will be used when end of storage is reached. * * @param sp the storage * @param code the error code to return on end of storage * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_eof_code ( krb5_storage */*sp*/, int /*code*/); /** * Add the flags on a storage buffer by or-ing in the flags to the buffer. * * @param sp the storage buffer to set the flags on * @param flags the flags to set * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_flags ( krb5_storage */*sp*/, krb5_flags /*flags*/); /** * Set the max alloc value * * @param sp the storage buffer set the max allow for * @param size maximum size to allocate, use 0 to remove limit * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_max_alloc ( krb5_storage */*sp*/, size_t /*size*/); /** * Copy the contnent of storage * * @param sp the storage to copy to a data * @param data the copied data, free with krb5_data_free() * * @return 0 for success, or a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_storage_to_data ( krb5_storage */*sp*/, krb5_data */*data*/); /** * Truncate the storage buffer in sp to offset. * * @param sp the storage buffer to truncate. * @param offset the offset to truncate too. * * @return An Kerberos 5 error code. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_storage_truncate ( krb5_storage */*sp*/, off_t /*offset*/); /** * Write to the storage buffer. * * @param sp the storage buffer to write to * @param buf the buffer to write to the storage buffer * @param len the length to write * * @return The length of data written (can be shorter then len), or negative on error. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_storage_write ( krb5_storage */*sp*/, const void */*buf*/, size_t /*len*/); /** * Write a address block to storage. * * @param sp the storage buffer to write to * @param p the address block to write. * * @return 0 on success, a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_address ( krb5_storage */*sp*/, krb5_address /*p*/); /** * Write a addresses block to storage. * * @param sp the storage buffer to write to * @param p the addresses block to write. * * @return 0 on success, a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_addrs ( krb5_storage */*sp*/, krb5_addresses /*p*/); /** * Write a auth data block to storage. * * @param sp the storage buffer to write to * @param auth the auth data block to write. * * @return 0 on success, a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_authdata ( krb5_storage */*sp*/, krb5_authdata /*auth*/); /** * Write a credentials block to storage. * * @param sp the storage buffer to write to * @param creds the creds block to write. * * @return 0 on success, a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_creds ( krb5_storage */*sp*/, krb5_creds */*creds*/); /** * Write a tagged credentials block to storage. * * @param sp the storage buffer to write to * @param creds the creds block to write. * * @return 0 on success, a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_creds_tag ( krb5_storage */*sp*/, krb5_creds */*creds*/); /** * Store a data to the storage. The data is stored with an int32 as * lenght plus the data (not padded). * * @param sp the storage buffer to write to * @param data the buffer to store. * * @return 0 on success, a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_data ( krb5_storage */*sp*/, krb5_data /*data*/); /** * Store a int16 to storage, byte order is controlled by the settings * on the storage, see krb5_storage_set_byteorder(). * * @param sp the storage to write too * @param value the value to store * * @return 0 for success, or a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int16 ( krb5_storage */*sp*/, int16_t /*value*/); /** * Store a int32 to storage, byte order is controlled by the settings * on the storage, see krb5_storage_set_byteorder(). * * @param sp the storage to write too * @param value the value to store * * @return 0 for success, or a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int32 ( krb5_storage */*sp*/, int32_t /*value*/); /** * Store a int64 to storage, byte order is controlled by the settings * on the storage, see krb5_storage_set_byteorder(). * * @param sp the storage to write too * @param value the value to store * * @return 0 for success, or a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int64 ( krb5_storage */*sp*/, int64_t /*value*/); /** * Store a int8 to storage. * * @param sp the storage to write too * @param value the value to store * * @return 0 for success, or a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int8 ( krb5_storage */*sp*/, int8_t /*value*/); /** * Store a keyblock to the storage. * * @param sp the storage buffer to write to * @param p the keyblock to write * * @return 0 on success, a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_keyblock ( krb5_storage */*sp*/, krb5_keyblock /*p*/); /** * Write a principal block to storage. * * @param sp the storage buffer to write to * @param p the principal block to write. * * @return 0 on success, a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_principal ( krb5_storage */*sp*/, krb5_const_principal /*p*/); /** * Store a string to the buffer. The data is formated as an len:uint32 * plus the string itself (not padded). * * @param sp the storage buffer to write to * @param s the string to store. * * @return 0 on success, a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_string ( krb5_storage */*sp*/, const char */*s*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_stringnl ( krb5_storage */*sp*/, const char */*s*/); /** * Store a zero terminated string to the buffer. The data is stored * one character at a time until a NUL is stored. * * @param sp the storage buffer to write to * @param s the string to store. * * @return 0 on success, a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_stringz ( krb5_storage */*sp*/, const char */*s*/); /** * Write a times block to storage. * * @param sp the storage buffer to write to * @param times the times block to write. * * @return 0 on success, a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_times ( krb5_storage */*sp*/, krb5_times /*times*/); /** * Store a uint16 to storage, byte order is controlled by the settings * on the storage, see krb5_storage_set_byteorder(). * * @param sp the storage to write too * @param value the value to store * * @return 0 for success, or a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint16 ( krb5_storage */*sp*/, uint16_t /*value*/); /** * Store a uint32 to storage, byte order is controlled by the settings * on the storage, see krb5_storage_set_byteorder(). * * @param sp the storage to write too * @param value the value to store * * @return 0 for success, or a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint32 ( krb5_storage */*sp*/, uint32_t /*value*/); /** * Store a uint64 to storage, byte order is controlled by the settings * on the storage, see krb5_storage_set_byteorder(). * * @param sp the storage to write too * @param value the value to store * * @return 0 for success, or a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint64 ( krb5_storage */*sp*/, uint64_t /*value*/); /** * Store a uint8 to storage. * * @param sp the storage to write too * @param value the value to store * * @return 0 for success, or a Kerberos 5 error code on failure. * * @ingroup krb5_storage */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint8 ( krb5_storage */*sp*/, uint8_t /*value*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_deltat ( const char */*string*/, krb5_deltat */*deltat*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_enctype ( krb5_context /*context*/, const char */*string*/, krb5_enctype */*etype*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_key ( krb5_context /*context*/, krb5_enctype /*enctype*/, const char */*password*/, krb5_principal /*principal*/, krb5_keyblock */*key*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_key_data ( krb5_context /*context*/, krb5_enctype /*enctype*/, krb5_data /*password*/, krb5_principal /*principal*/, krb5_keyblock */*key*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_key_data_salt ( krb5_context /*context*/, krb5_enctype /*enctype*/, krb5_data /*password*/, krb5_salt /*salt*/, krb5_keyblock */*key*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_key_data_salt_opaque ( krb5_context /*context*/, krb5_enctype /*enctype*/, krb5_data /*password*/, krb5_salt /*salt*/, krb5_data /*opaque*/, krb5_keyblock */*key*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_key_derived ( krb5_context /*context*/, const void */*str*/, size_t /*len*/, krb5_enctype /*etype*/, krb5_keyblock */*key*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_key_salt ( krb5_context /*context*/, krb5_enctype /*enctype*/, const char */*password*/, krb5_salt /*salt*/, krb5_keyblock */*key*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_key_salt_opaque ( krb5_context /*context*/, krb5_enctype /*enctype*/, const char */*password*/, krb5_salt /*salt*/, krb5_data /*opaque*/, krb5_keyblock */*key*/); /** * Deprecated: keytypes doesn't exists, they are really enctypes in * most cases, use krb5_string_to_enctype(). * * @ingroup krb5_deprecated */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_keytype ( krb5_context /*context*/, const char */*string*/, krb5_keytype */*keytype*/) KRB5_DEPRECATED_FUNCTION("Use X instead"); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_salttype ( krb5_context /*context*/, krb5_enctype /*etype*/, const char */*string*/, krb5_salttype */*salttype*/); /** * Extract the authorization data type of type from the ticket. Store * the field in data. This function is to use for kerberos * applications. * * @param context a Kerberos 5 context * @param ticket Kerberos ticket * @param type type to fetch * @param data returned data, free with krb5_data_free() * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ticket_get_authorization_data_type ( krb5_context /*context*/, krb5_ticket */*ticket*/, int /*type*/, krb5_data */*data*/); /** * Return client principal in ticket * * @param context a Kerberos 5 context * @param ticket ticket to copy * @param client client principal, free with krb5_free_principal() * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ticket_get_client ( krb5_context /*context*/, const krb5_ticket */*ticket*/, krb5_principal */*client*/); /** * Return end time of ticket * * @param context a Kerberos 5 context * @param ticket ticket to copy * * @return end time of ticket * * @ingroup krb5 */ KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL krb5_ticket_get_endtime ( krb5_context /*context*/, const krb5_ticket */*ticket*/); /** * Get the flags from the Kerberos ticket * * @param context Kerberos context * @param ticket Kerberos ticket * * @return ticket flags * * @ingroup krb5_ticket */ KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL krb5_ticket_get_flags ( krb5_context /*context*/, const krb5_ticket */*ticket*/); /** * Return server principal in ticket * * @param context a Kerberos 5 context * @param ticket ticket to copy * @param server server principal, free with krb5_free_principal() * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). * * @ingroup krb5 */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ticket_get_server ( krb5_context /*context*/, const krb5_ticket */*ticket*/, krb5_principal */*server*/); /** * If the caller passes in a negative usec, its assumed to be * unknown and the function will use the current time usec. */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_timeofday ( krb5_context /*context*/, krb5_timestamp */*timeret*/); /** * Unparse the Kerberos name into a string * * @param context Kerberos 5 context * @param principal principal to query * @param name resulting string, free with krb5_xfree() * * @return An krb5 error code, see krb5_get_error_message(). * * @ingroup krb5_principal */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name ( krb5_context /*context*/, krb5_const_principal /*principal*/, char **/*name*/); /** * Unparse the principal name to a fixed buffer * * @param context A Kerberos context. * @param principal principal to unparse * @param name buffer to write name to * @param len length of buffer * * @return An krb5 error code, see krb5_get_error_message(). * * @ingroup krb5_principal */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed ( krb5_context /*context*/, krb5_const_principal /*principal*/, char */*name*/, size_t /*len*/); /** * Unparse the principal name with unparse flags to a fixed buffer. * * @param context A Kerberos context. * @param principal principal to unparse * @param flags unparse flags * @param name buffer to write name to * @param len length of buffer * * @return An krb5 error code, see krb5_get_error_message(). * * @ingroup krb5_principal */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed_flags ( krb5_context /*context*/, krb5_const_principal /*principal*/, int /*flags*/, char */*name*/, size_t /*len*/); /** * Unparse the principal name to a fixed buffer. The realm is skipped * if its a default realm. * * @param context A Kerberos context. * @param principal principal to unparse * @param name buffer to write name to * @param len length of buffer * * @return An krb5 error code, see krb5_get_error_message(). * * @ingroup krb5_principal */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed_short ( krb5_context /*context*/, krb5_const_principal /*principal*/, char */*name*/, size_t /*len*/); /** * Unparse the Kerberos name into a string * * @param context Kerberos 5 context * @param principal principal to query * @param flags flag to determine the behavior * @param name resulting string, free with krb5_xfree() * * @return An krb5 error code, see krb5_get_error_message(). * * @ingroup krb5_principal */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_flags ( krb5_context /*context*/, krb5_const_principal /*principal*/, int /*flags*/, char **/*name*/); /** * Unparse the principal name to a allocated buffer. The realm is * skipped if its a default realm. * * @param context A Kerberos context. * @param principal principal to unparse * @param name returned buffer, free with krb5_xfree() * * @return An krb5 error code, see krb5_get_error_message(). * * @ingroup krb5_principal */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_short ( krb5_context /*context*/, krb5_const_principal /*principal*/, char **/*name*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_us_timeofday ( krb5_context /*context*/, krb5_timestamp */*sec*/, int32_t */*usec*/); /** * Log a warning to the log, default stderr, include bthe error from * the last failure and then abort. * * @param context A Kerberos 5 context * @param code error code of the last error * @param fmt message to print * @param ap arguments * * @ingroup krb5_error */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vabort ( krb5_context /*context*/, krb5_error_code /*code*/, const char */*fmt*/, va_list /*ap*/) __attribute__ ((__noreturn__, __format__ (__printf__, 3, 0))); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vabortx ( krb5_context /*context*/, const char */*fmt*/, va_list /*ap*/) __attribute__ ((__noreturn__, __format__ (__printf__, 2, 0))); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_ap_req ( krb5_context /*context*/, krb5_auth_context */*auth_context*/, krb5_ap_req */*ap_req*/, krb5_const_principal /*server*/, krb5_keyblock */*keyblock*/, krb5_flags /*flags*/, krb5_flags */*ap_req_options*/, krb5_ticket **/*ticket*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_ap_req2 ( krb5_context /*context*/, krb5_auth_context */*auth_context*/, krb5_ap_req */*ap_req*/, krb5_const_principal /*server*/, krb5_keyblock */*keyblock*/, krb5_flags /*flags*/, krb5_flags */*ap_req_options*/, krb5_ticket **/*ticket*/, krb5_key_usage /*usage*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_authenticator_checksum ( krb5_context /*context*/, krb5_auth_context /*ac*/, void */*data*/, size_t /*len*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_checksum ( krb5_context /*context*/, krb5_crypto /*crypto*/, krb5_key_usage /*usage*/, void */*data*/, size_t /*len*/, Checksum */*cksum*/); /** * Verify a Kerberos message checksum. * * @param context Kerberos context * @param crypto Kerberos crypto context * @param usage Key usage for this buffer * @param data array of buffers to process * @param num_data length of array * @param type return checksum type if not NULL * * @return Return an error code or 0. * @ingroup krb5_crypto */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_checksum_iov ( krb5_context /*context*/, krb5_crypto /*crypto*/, unsigned /*usage*/, krb5_crypto_iov */*data*/, unsigned int /*num_data*/, krb5_cksumtype */*type*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_init_creds ( krb5_context /*context*/, krb5_creds */*creds*/, krb5_principal /*ap_req_server*/, krb5_keytab /*ap_req_keytab*/, krb5_ccache */*ccache*/, krb5_verify_init_creds_opt */*options*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_init_creds_opt_init (krb5_verify_init_creds_opt */*options*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_init_creds_opt_set_ap_req_nofail ( krb5_verify_init_creds_opt */*options*/, int /*ap_req_nofail*/); KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_verify_opt_alloc ( krb5_context /*context*/, krb5_verify_opt **/*opt*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_opt_free (krb5_verify_opt */*opt*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_opt_init (krb5_verify_opt */*opt*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_opt_set_ccache ( krb5_verify_opt */*opt*/, krb5_ccache /*ccache*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_opt_set_flags ( krb5_verify_opt */*opt*/, unsigned int /*flags*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_opt_set_keytab ( krb5_verify_opt */*opt*/, krb5_keytab /*keytab*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_opt_set_secure ( krb5_verify_opt */*opt*/, krb5_boolean /*secure*/); KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_opt_set_service ( krb5_verify_opt */*opt*/, const char */*service*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_user ( krb5_context /*context*/, krb5_principal /*principal*/, krb5_ccache /*ccache*/, const char */*password*/, krb5_boolean /*secure*/, const char */*service*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_user_lrealm ( krb5_context /*context*/, krb5_principal /*principal*/, krb5_ccache /*ccache*/, const char */*password*/, krb5_boolean /*secure*/, const char */*service*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_user_opt ( krb5_context /*context*/, krb5_principal /*principal*/, const char */*password*/, krb5_verify_opt */*opt*/); /** * Log a warning to the log, default stderr, include bthe error from * the last failure and then exit. * * @param context A Kerberos 5 context * @param eval the exit code to exit with * @param code error code of the last error * @param fmt message to print * @param ap arguments * * @ingroup krb5_error */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verr ( krb5_context /*context*/, int /*eval*/, krb5_error_code /*code*/, const char */*fmt*/, va_list /*ap*/) __attribute__ ((__noreturn__, __format__ (__printf__, 4, 0))); /** * Log a warning to the log, default stderr, and then exit. * * @param context A Kerberos 5 context * @param eval the exit code to exit with * @param fmt message to print * @param ap arguments * * @ingroup krb5_error */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verrx ( krb5_context /*context*/, int /*eval*/, const char */*fmt*/, va_list /*ap*/) __attribute__ ((__noreturn__, __format__ (__printf__, 3, 0))); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vlog ( krb5_context /*context*/, krb5_log_facility */*fac*/, int /*level*/, const char */*fmt*/, va_list /*ap*/) __attribute__ ((__format__ (__printf__, 4, 0))); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vlog_msg ( krb5_context /*context*/, krb5_log_facility */*fac*/, char **/*reply*/, int /*level*/, const char */*fmt*/, va_list /*ap*/) __attribute__ ((__format__ (__printf__, 5, 0))); /** * Prepend the contexts's full error string for a specific error code. * * The if context is NULL, no error string is stored. * * @param context Kerberos 5 context * @param ret The error code * @param fmt Error string for the error code * @param args printf(3) style parameters. * * @ingroup krb5_error */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_vprepend_error_message ( krb5_context /*context*/, krb5_error_code /*ret*/, const char */*fmt*/, va_list /*args*/) __attribute__ ((__format__ (__printf__, 3, 0))); /** * Set the context full error string for a specific error code. * * The if context is NULL, no error string is stored. * * @param context Kerberos 5 context * @param ret The error code * @param fmt Error string for the error code * @param args printf(3) style parameters. * * @ingroup krb5_error */ KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_vset_error_message ( krb5_context /*context*/, krb5_error_code /*ret*/, const char */*fmt*/, va_list /*args*/) __attribute__ ((__format__ (__printf__, 3, 0))); /** * Set the error message returned by krb5_get_error_string(), * deprecated, use krb5_set_error_message(). * * Deprecated: use krb5_vset_error_message() * * @param context Kerberos context * @param fmt error message to free * @param args variable argument list vector * * @return Return an error code or 0. * * @ingroup krb5_deprecated */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vset_error_string ( krb5_context /*context*/, const char */*fmt*/, va_list /*args*/) __attribute__ ((__format__ (__printf__, 2, 0))) KRB5_DEPRECATED_FUNCTION("Use X instead"); /** * Log a warning to the log, default stderr, include the error from * the last failure. * * @param context A Kerberos 5 context. * @param code error code of the last error * @param fmt message to print * @param ap arguments * * @ingroup krb5_error */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vwarn ( krb5_context /*context*/, krb5_error_code /*code*/, const char */*fmt*/, va_list /*ap*/) __attribute__ ((__format__ (__printf__, 3, 0))); /** * Log a warning to the log, default stderr. * * @param context A Kerberos 5 context. * @param fmt message to print * @param ap arguments * * @ingroup krb5_error */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vwarnx ( krb5_context /*context*/, const char */*fmt*/, va_list /*ap*/) __attribute__ ((__format__ (__printf__, 2, 0))); /** * Log a warning to the log, default stderr, include the error from * the last failure. * * @param context A Kerberos 5 context. * @param code error code of the last error * @param fmt message to print * * @ingroup krb5_error */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_warn ( krb5_context /*context*/, krb5_error_code /*code*/, const char */*fmt*/, ...) __attribute__ ((__format__ (__printf__, 3, 4))); /** * Log a warning to the log, default stderr. * * @param context A Kerberos 5 context. * @param fmt message to print * * @ingroup krb5_error */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_warnx ( krb5_context /*context*/, const char */*fmt*/, ...) __attribute__ ((__format__ (__printf__, 2, 3))); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_write_message ( krb5_context /*context*/, krb5_pointer /*p_fd*/, krb5_data */*data*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_write_priv_message ( krb5_context /*context*/, krb5_auth_context /*ac*/, krb5_pointer /*p_fd*/, krb5_data */*data*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_write_safe_message ( krb5_context /*context*/, krb5_auth_context /*ac*/, krb5_pointer /*p_fd*/, krb5_data */*data*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_xfree (void */*ptr*/); #ifdef __cplusplus } #endif #undef KRB5_DEPRECATED_FUNCTION #endif /* DOXY */ #endif /* __krb5_protos_h__ */