diff options
| author | Cy Schubert <cy@FreeBSD.org> | 2017-07-07 17:03:42 +0000 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2017-07-07 17:03:42 +0000 |
| commit | 33a9b234e7087f573ef08cd7318c6497ba08b439 (patch) | |
| tree | d0ea40ad3bf5463a3c55795977c71bcb7d781b4b /doc/html/_sources/appdev/refs/api | |
| download | src-33a9b234e7087f573ef08cd7318c6497ba08b439.tar.gz src-33a9b234e7087f573ef08cd7318c6497ba08b439.zip | |
Import MIT KRB5 1.15.1, which will gracefully replace KTH Heimdal.vendor/krb5/1.15.1
The tarball used in this import is the same tarball used in
ports/krb5-115 r435378.
Obtained from: http://web.mit.edu/kerberos/dist/
Thanks to: pfg (for all your tireless behind-the-scenes effort)
Notes
Notes:
svn path=/vendor-crypto/krb5/dist/; revision=320790
svn path=/vendor-crypto/krb5/1.15.1/; revision=320791; tag=vendor/krb5/1.15.1
Diffstat (limited to 'doc/html/_sources/appdev/refs/api')
371 files changed, 20290 insertions, 0 deletions
diff --git a/doc/html/_sources/appdev/refs/api/index.txt b/doc/html/_sources/appdev/refs/api/index.txt new file mode 100644 index 000000000000..f2f27fe72ea2 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/index.txt @@ -0,0 +1,411 @@ +krb5 API +======== + + +Frequently used public interfaces +---------------------------------- + +.. toctree:: + :maxdepth: 1 + + krb5_build_principal.rst + krb5_build_principal_alloc_va.rst + krb5_build_principal_ext.rst + krb5_cc_close.rst + krb5_cc_default.rst + krb5_cc_default_name.rst + krb5_cc_destroy.rst + krb5_cc_dup.rst + krb5_cc_get_name.rst + krb5_cc_get_principal.rst + krb5_cc_get_type.rst + krb5_cc_initialize.rst + krb5_cc_new_unique.rst + krb5_cc_resolve.rst + krb5_change_password.rst + krb5_chpw_message.rst + krb5_expand_hostname.rst + krb5_free_context.rst + krb5_free_error_message.rst + krb5_free_principal.rst + krb5_fwd_tgt_creds.rst + krb5_get_default_realm.rst + krb5_get_error_message.rst + krb5_get_host_realm.rst + krb5_get_credentials.rst + krb5_get_fallback_host_realm.rst + krb5_get_init_creds_keytab.rst + krb5_get_init_creds_opt_alloc.rst + krb5_get_init_creds_opt_free.rst + krb5_get_init_creds_opt_get_fast_flags.rst + krb5_get_init_creds_opt_set_address_list.rst + krb5_get_init_creds_opt_set_anonymous.rst + krb5_get_init_creds_opt_set_canonicalize.rst + krb5_get_init_creds_opt_set_change_password_prompt.rst + krb5_get_init_creds_opt_set_etype_list.rst + krb5_get_init_creds_opt_set_expire_callback.rst + krb5_get_init_creds_opt_set_fast_ccache.rst + krb5_get_init_creds_opt_set_fast_ccache_name.rst + krb5_get_init_creds_opt_set_fast_flags.rst + krb5_get_init_creds_opt_set_forwardable.rst + krb5_get_init_creds_opt_set_in_ccache.rst + krb5_get_init_creds_opt_set_out_ccache.rst + krb5_get_init_creds_opt_set_pa.rst + krb5_get_init_creds_opt_set_pac_request.rst + krb5_get_init_creds_opt_set_preauth_list.rst + krb5_get_init_creds_opt_set_proxiable.rst + krb5_get_init_creds_opt_set_renew_life.rst + krb5_get_init_creds_opt_set_responder.rst + krb5_get_init_creds_opt_set_salt.rst + krb5_get_init_creds_opt_set_tkt_life.rst + krb5_get_init_creds_password.rst + krb5_get_profile.rst + krb5_get_prompt_types.rst + krb5_get_renewed_creds.rst + krb5_get_validated_creds.rst + krb5_init_context.rst + krb5_init_secure_context.rst + krb5_is_config_principal.rst + krb5_is_thread_safe.rst + krb5_kt_close.rst + krb5_kt_client_default.rst + krb5_kt_default.rst + krb5_kt_default_name.rst + krb5_kt_dup.rst + krb5_kt_get_name.rst + krb5_kt_get_type.rst + krb5_kt_resolve.rst + krb5_kuserok.rst + krb5_parse_name.rst + krb5_parse_name_flags.rst + krb5_principal_compare.rst + krb5_principal_compare_any_realm.rst + krb5_principal_compare_flags.rst + krb5_prompter_posix.rst + krb5_realm_compare.rst + krb5_responder_get_challenge.rst + krb5_responder_list_questions.rst + krb5_responder_set_answer.rst + krb5_responder_otp_get_challenge.rst + krb5_responder_otp_set_answer.rst + krb5_responder_otp_challenge_free.rst + krb5_responder_pkinit_get_challenge.rst + krb5_responder_pkinit_set_answer.rst + krb5_responder_pkinit_challenge_free.rst + krb5_set_default_realm.rst + krb5_set_password.rst + krb5_set_password_using_ccache.rst + krb5_set_principal_realm.rst + krb5_set_trace_callback.rst + krb5_set_trace_filename.rst + krb5_sname_match.rst + krb5_sname_to_principal.rst + krb5_unparse_name.rst + krb5_unparse_name_ext.rst + krb5_unparse_name_flags.rst + krb5_unparse_name_flags_ext.rst + krb5_us_timeofday.rst + krb5_verify_authdata_kdc_issued.rst + +Rarely used public interfaces +-------------------------------- + +.. toctree:: + :maxdepth: 1 + + krb5_425_conv_principal.rst + krb5_524_conv_principal.rst + krb5_address_compare.rst + krb5_address_order.rst + krb5_address_search.rst + krb5_allow_weak_crypto.rst + krb5_aname_to_localname.rst + krb5_anonymous_principal.rst + krb5_anonymous_realm.rst + krb5_appdefault_boolean.rst + krb5_appdefault_string.rst + krb5_auth_con_free.rst + krb5_auth_con_genaddrs.rst + krb5_auth_con_get_checksum_func.rst + krb5_auth_con_getaddrs.rst + krb5_auth_con_getauthenticator.rst + krb5_auth_con_getflags.rst + krb5_auth_con_getkey.rst + krb5_auth_con_getkey_k.rst + krb5_auth_con_getlocalseqnumber.rst + krb5_auth_con_getrcache.rst + krb5_auth_con_getrecvsubkey.rst + krb5_auth_con_getrecvsubkey_k.rst + krb5_auth_con_getremoteseqnumber.rst + krb5_auth_con_getsendsubkey.rst + krb5_auth_con_getsendsubkey_k.rst + krb5_auth_con_init.rst + krb5_auth_con_set_checksum_func.rst + krb5_auth_con_set_req_cksumtype.rst + krb5_auth_con_setaddrs.rst + krb5_auth_con_setflags.rst + krb5_auth_con_setports.rst + krb5_auth_con_setrcache.rst + krb5_auth_con_setrecvsubkey.rst + krb5_auth_con_setrecvsubkey_k.rst + krb5_auth_con_setsendsubkey.rst + krb5_auth_con_setsendsubkey_k.rst + krb5_auth_con_setuseruserkey.rst + krb5_cc_cache_match.rst + krb5_cc_copy_creds.rst + krb5_cc_end_seq_get.rst + krb5_cc_get_config.rst + krb5_cc_get_flags.rst + krb5_cc_get_full_name.rst + krb5_cc_last_change_time.rst + krb5_cc_lock.rst + krb5_cc_move.rst + krb5_cc_next_cred.rst + krb5_cc_remove_cred.rst + krb5_cc_retrieve_cred.rst + krb5_cc_select.rst + krb5_cc_set_config.rst + krb5_cc_set_default_name.rst + krb5_cc_set_flags.rst + krb5_cc_start_seq_get.rst + krb5_cc_store_cred.rst + krb5_cc_support_switch.rst + krb5_cc_switch.rst + krb5_cc_unlock.rst + krb5_cccol_cursor_free.rst + krb5_cccol_cursor_new.rst + krb5_cccol_cursor_next.rst + krb5_cccol_have_content.rst + krb5_cccol_last_change_time.rst + krb5_cccol_lock.rst + krb5_cccol_unlock.rst + krb5_clear_error_message.rst + krb5_check_clockskew.rst + krb5_copy_addresses.rst + krb5_copy_authdata.rst + krb5_copy_authenticator.rst + krb5_copy_checksum.rst + krb5_copy_context.rst + krb5_copy_creds.rst + krb5_copy_data.rst + krb5_copy_error_message.rst + krb5_copy_keyblock.rst + krb5_copy_keyblock_contents.rst + krb5_copy_principal.rst + krb5_copy_ticket.rst + krb5_find_authdata.rst + krb5_free_addresses.rst + krb5_free_ap_rep_enc_part.rst + krb5_free_authdata.rst + krb5_free_authenticator.rst + krb5_free_cred_contents.rst + krb5_free_creds.rst + krb5_free_data.rst + krb5_free_data_contents.rst + krb5_free_default_realm.rst + krb5_free_enctypes.rst + krb5_free_error.rst + krb5_free_host_realm.rst + krb5_free_keyblock.rst + krb5_free_keyblock_contents.rst + krb5_free_keytab_entry_contents.rst + krb5_free_string.rst + krb5_free_ticket.rst + krb5_free_unparsed_name.rst + krb5_get_permitted_enctypes.rst + krb5_get_server_rcache.rst + krb5_get_time_offsets.rst + krb5_init_context_profile.rst + krb5_init_creds_free.rst + krb5_init_creds_get.rst + krb5_init_creds_get_creds.rst + krb5_init_creds_get_error.rst + krb5_init_creds_get_times.rst + krb5_init_creds_init.rst + krb5_init_creds_set_keytab.rst + krb5_init_creds_set_password.rst + krb5_init_creds_set_service.rst + krb5_init_creds_step.rst + krb5_init_keyblock.rst + krb5_is_referral_realm.rst + krb5_kt_add_entry.rst + krb5_kt_end_seq_get.rst + krb5_kt_get_entry.rst + krb5_kt_have_content.rst + krb5_kt_next_entry.rst + krb5_kt_read_service_key.rst + krb5_kt_remove_entry.rst + krb5_kt_start_seq_get.rst + krb5_make_authdata_kdc_issued.rst + krb5_merge_authdata.rst + krb5_mk_1cred.rst + krb5_mk_error.rst + krb5_mk_ncred.rst + krb5_mk_priv.rst + krb5_mk_rep.rst + krb5_mk_rep_dce.rst + krb5_mk_req.rst + krb5_mk_req_extended.rst + krb5_mk_safe.rst + krb5_os_localaddr.rst + krb5_pac_add_buffer.rst + krb5_pac_free.rst + krb5_pac_get_buffer.rst + krb5_pac_get_types.rst + krb5_pac_init.rst + krb5_pac_parse.rst + krb5_pac_sign.rst + krb5_pac_verify.rst + krb5_prepend_error_message.rst + krb5_principal2salt.rst + krb5_rd_cred.rst + krb5_rd_error.rst + krb5_rd_priv.rst + krb5_rd_rep.rst + krb5_rd_rep_dce.rst + krb5_rd_req.rst + krb5_rd_safe.rst + krb5_read_password.rst + krb5_salttype_to_string.rst + krb5_server_decrypt_ticket_keytab.rst + krb5_set_default_tgs_enctypes.rst + krb5_set_error_message.rst + krb5_set_kdc_recv_hook.rst + krb5_set_kdc_send_hook.rst + krb5_set_real_time.rst + krb5_string_to_cksumtype.rst + krb5_string_to_deltat.rst + krb5_string_to_enctype.rst + krb5_string_to_salttype.rst + krb5_string_to_timestamp.rst + krb5_timeofday.rst + krb5_timestamp_to_sfstring.rst + krb5_timestamp_to_string.rst + krb5_tkt_creds_free.rst + krb5_tkt_creds_get.rst + krb5_tkt_creds_get_creds.rst + krb5_tkt_creds_get_times.rst + krb5_tkt_creds_init.rst + krb5_tkt_creds_step.rst + krb5_verify_init_creds.rst + krb5_verify_init_creds_opt_init.rst + krb5_verify_init_creds_opt_set_ap_req_nofail.rst + krb5_vprepend_error_message.rst + krb5_vset_error_message.rst + krb5_vwrap_error_message.rst + krb5_wrap_error_message.rst + + +Public interfaces that should not be called directly +------------------------------------------------------- + +.. toctree:: + :maxdepth: 1 + + krb5_c_block_size.rst + krb5_c_checksum_length.rst + krb5_c_crypto_length.rst + krb5_c_crypto_length_iov.rst + krb5_c_decrypt.rst + krb5_c_decrypt_iov.rst + krb5_c_derive_prfplus.rst + krb5_c_encrypt.rst + krb5_c_encrypt_iov.rst + krb5_c_encrypt_length.rst + krb5_c_enctype_compare.rst + krb5_c_free_state.rst + krb5_c_fx_cf2_simple.rst + krb5_c_init_state.rst + krb5_c_is_coll_proof_cksum.rst + krb5_c_is_keyed_cksum.rst + krb5_c_keyed_checksum_types.rst + krb5_c_keylengths.rst + krb5_c_make_checksum.rst + krb5_c_make_checksum_iov.rst + krb5_c_make_random_key.rst + krb5_c_padding_length.rst + krb5_c_prf.rst + krb5_c_prfplus.rst + krb5_c_prf_length.rst + krb5_c_random_add_entropy.rst + krb5_c_random_make_octets.rst + krb5_c_random_os_entropy.rst + krb5_c_random_to_key.rst + krb5_c_string_to_key.rst + krb5_c_string_to_key_with_params.rst + krb5_c_valid_cksumtype.rst + krb5_c_valid_enctype.rst + krb5_c_verify_checksum.rst + krb5_c_verify_checksum_iov.rst + krb5_cksumtype_to_string.rst + krb5_decode_authdata_container.rst + krb5_decode_ticket.rst + krb5_deltat_to_string.rst + krb5_encode_authdata_container.rst + krb5_enctype_to_name.rst + krb5_enctype_to_string.rst + krb5_free_checksum.rst + krb5_free_checksum_contents.rst + krb5_free_cksumtypes.rst + krb5_free_tgt_creds.rst + krb5_k_create_key.rst + krb5_k_decrypt.rst + krb5_k_decrypt_iov.rst + krb5_k_encrypt.rst + krb5_k_encrypt_iov.rst + krb5_k_free_key.rst + krb5_k_key_enctype.rst + krb5_k_key_keyblock.rst + krb5_k_make_checksum.rst + krb5_k_make_checksum_iov.rst + krb5_k_prf.rst + krb5_k_reference_key.rst + krb5_k_verify_checksum.rst + krb5_k_verify_checksum_iov.rst + + +Legacy convenience interfaces +------------------------------ + +.. toctree:: + :maxdepth: 1 + + krb5_recvauth.rst + krb5_recvauth_version.rst + krb5_sendauth.rst + + +Deprecated public interfaces +------------------------------ + +.. toctree:: + :maxdepth: 1 + + krb5_524_convert_creds.rst + krb5_auth_con_getlocalsubkey.rst + krb5_auth_con_getremotesubkey.rst + krb5_auth_con_initivector.rst + krb5_build_principal_va.rst + krb5_c_random_seed.rst + krb5_calculate_checksum.rst + krb5_checksum_size.rst + krb5_encrypt.rst + krb5_decrypt.rst + krb5_eblock_enctype.rst + krb5_encrypt_size.rst + krb5_finish_key.rst + krb5_finish_random_key.rst + krb5_cc_gen_new.rst + krb5_get_credentials_renew.rst + krb5_get_credentials_validate.rst + krb5_get_in_tkt_with_password.rst + krb5_get_in_tkt_with_skey.rst + krb5_get_in_tkt_with_keytab.rst + krb5_get_init_creds_opt_init.rst + krb5_init_random_key.rst + krb5_kt_free_entry.rst + krb5_random_key.rst + krb5_process_key.rst + krb5_string_to_key.rst + krb5_use_enctype.rst + krb5_verify_checksum.rst diff --git a/doc/html/_sources/appdev/refs/api/krb5_425_conv_principal.txt b/doc/html/_sources/appdev/refs/api/krb5_425_conv_principal.txt new file mode 100644 index 000000000000..c6b68270e296 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_425_conv_principal.txt @@ -0,0 +1,59 @@ +krb5_425_conv_principal - Convert a Kerberos V4 principal to a Kerberos V5 principal. +======================================================================================= + +.. + +.. c:function:: krb5_error_code krb5_425_conv_principal(krb5_context context, const char * name, const char * instance, const char * realm, krb5_principal * princ) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **name** - V4 name + + **[in]** **instance** - V4 instance + + **[in]** **realm** - Realm + + **[out]** **princ** - V5 principal + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function builds a *princ* from V4 specification based on given input *name.instance@realm* . + + + +Use :c:func:`krb5_free_principal()` to free *princ* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_524_conv_principal.txt b/doc/html/_sources/appdev/refs/api/krb5_524_conv_principal.txt new file mode 100644 index 000000000000..14b2fc10137e --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_524_conv_principal.txt @@ -0,0 +1,60 @@ +krb5_524_conv_principal - Convert a Kerberos V5 principal to a Kerberos V4 principal. +======================================================================================= + +.. + +.. c:function:: krb5_error_code krb5_524_conv_principal(krb5_context context, krb5_const_principal princ, char * name, char * inst, char * realm) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **princ** - V5 Principal + + **[out]** **name** - V4 principal's name to be filled in + + **[out]** **inst** - V4 principal's instance name to be filled in + + **[out]** **realm** - Principal's realm name to be filled in + + +.. + + +:retval: + - 0 Success + - KRB5_INVALID_PRINCIPAL Invalid principal name + - KRB5_CONFIG_CANTOPEN Can't open or find Kerberos configuration file + + +:return: + - Kerberos error codes + +.. + + + + + + + +This function separates a V5 principal *princ* into *name* , *instance* , and *realm* . + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_524_convert_creds.txt b/doc/html/_sources/appdev/refs/api/krb5_524_convert_creds.txt new file mode 100644 index 000000000000..f8d96f0da7a1 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_524_convert_creds.txt @@ -0,0 +1,55 @@ +krb5_524_convert_creds - Convert a Kerberos V5 credentials to a Kerberos V4 credentials. +========================================================================================== + +.. + +.. c:function:: int krb5_524_convert_creds(krb5_context context, krb5_creds * v5creds, struct credentials * v4creds) + +.. + + +:param: + + **context** + + **v5creds** + + **v4creds** + + +.. + + +:retval: + - KRB524_KRB4_DISABLED (always) + + +.. + + + + + + + + + + + + + + +.. + + + + + + +.. note:: + + Not implemented + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_address_compare.txt b/doc/html/_sources/appdev/refs/api/krb5_address_compare.txt new file mode 100644 index 000000000000..7665fc705c2e --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_address_compare.txt @@ -0,0 +1,47 @@ +krb5_address_compare - Compare two Kerberos addresses. +======================================================== + +.. + +.. c:function:: krb5_boolean krb5_address_compare(krb5_context context, const krb5_address * addr1, const krb5_address * addr2) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **addr1** - First address to be compared + + **[in]** **addr2** - Second address to be compared + + +.. + + + +:return: + - TRUE if the addresses are the same, FALSE otherwise + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_address_order.txt b/doc/html/_sources/appdev/refs/api/krb5_address_order.txt new file mode 100644 index 000000000000..6d344ccf2e5a --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_address_order.txt @@ -0,0 +1,49 @@ +krb5_address_order - Return an ordering of the specified addresses. +===================================================================== + +.. + +.. c:function:: int krb5_address_order(krb5_context context, const krb5_address * addr1, const krb5_address * addr2) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **addr1** - First address + + **[in]** **addr2** - Second address + + +.. + + +:retval: + - 0 The two addresses are the same + - \< 0 First address is less than second + - \> 0 First address is greater than second + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_address_search.txt b/doc/html/_sources/appdev/refs/api/krb5_address_search.txt new file mode 100644 index 000000000000..2bc68c490111 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_address_search.txt @@ -0,0 +1,55 @@ +krb5_address_search - Search a list of addresses for a specified address. +=========================================================================== + +.. + +.. c:function:: krb5_boolean krb5_address_search(krb5_context context, const krb5_address * addr, krb5_address *const * addrlist) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **addr** - Address to search for + + **[in]** **addrlist** - Address list to be searched (or NULL) + + +.. + + + +:return: + - TRUE if addr is listed in addrlist , or addrlist is NULL; FALSE otherwise + +.. + + + + + + + + + + + + + + +.. + + + + + + +.. note:: + + If *addrlist* contains only a NetBIOS addresses, it will be treated as a null list. + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_allow_weak_crypto.txt b/doc/html/_sources/appdev/refs/api/krb5_allow_weak_crypto.txt new file mode 100644 index 000000000000..f81d5040fb2c --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_allow_weak_crypto.txt @@ -0,0 +1,49 @@ +krb5_allow_weak_crypto - Allow the appplication to override the profile's allow_weak_crypto setting. +====================================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_allow_weak_crypto(krb5_context context, krb5_boolean enable) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **enable** - Boolean flag + + +.. + + +:retval: + - 0 (always) + + +.. + + + + + + + +This function allows an application to override the allow_weak_crypto setting. It is primarily for use by aklog. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_aname_to_localname.txt b/doc/html/_sources/appdev/refs/api/krb5_aname_to_localname.txt new file mode 100644 index 000000000000..c6162940839d --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_aname_to_localname.txt @@ -0,0 +1,61 @@ +krb5_aname_to_localname - Convert a principal name to a local name. +===================================================================== + +.. + +.. c:function:: krb5_error_code krb5_aname_to_localname(krb5_context context, krb5_const_principal aname, int lnsize_in, char * lname) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **aname** - Principal name + + **[in]** **lnsize_in** - Space available in *lname* + + **[out]** **lname** - Local name buffer to be filled in + + +.. + + +:retval: + - 0 Success + - System errors + + +:return: + - Kerberos error codes + +.. + + + + + + + +If *aname* does not correspond to any local account, KRB5_LNAME_NOTRANS is returned. If *lnsize_in* is too small for the local name, KRB5_CONFIG_NOTENUFSPACE is returned. + + + +Local names, rather than principal names, can be used by programs that translate to an environment-specific name (for example, a user account name). + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_anonymous_principal.txt b/doc/html/_sources/appdev/refs/api/krb5_anonymous_principal.txt new file mode 100644 index 000000000000..4de5547b10dd --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_anonymous_principal.txt @@ -0,0 +1,47 @@ +krb5_anonymous_principal - Build an anonymous principal. +========================================================== + +.. + +.. c:function:: krb5_const_principal krb5_anonymous_principal(void None) + +.. + + +:param: + + **None** + + +.. + + + +.. + + + + + + + +This function returns constant storage that must not be freed. + + + + + + + + + + +.. + +.. seealso:: + :data:`KRB5_ANONYMOUS_PRINCSTR` + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_anonymous_realm.txt b/doc/html/_sources/appdev/refs/api/krb5_anonymous_realm.txt new file mode 100644 index 000000000000..b8366abb426a --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_anonymous_realm.txt @@ -0,0 +1,47 @@ +krb5_anonymous_realm - Return an anonymous realm data. +======================================================== + +.. + +.. c:function:: const krb5_data * krb5_anonymous_realm(void None) + +.. + + +:param: + + **None** + + +.. + + + +.. + + + + + + + +This function returns constant storage that must not be freed. + + + + + + + + + + +.. + +.. seealso:: + :data:`KRB5_ANONYMOUS_REALMSTR` + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_appdefault_boolean.txt b/doc/html/_sources/appdev/refs/api/krb5_appdefault_boolean.txt new file mode 100644 index 000000000000..e1643411340b --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_appdefault_boolean.txt @@ -0,0 +1,57 @@ +krb5_appdefault_boolean - Retrieve a boolean value from the appdefaults section of krb5.conf. +=============================================================================================== + +.. + +.. c:function:: void krb5_appdefault_boolean(krb5_context context, const char * appname, const krb5_data * realm, const char * option, int default_value, int * ret_value) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **appname** - Application name + + **[in]** **realm** - Realm name + + **[in]** **option** - Option to be checked + + **[in]** **default_value** - Default value to return if no match is found + + **[out]** **ret_value** - Boolean value of *option* + + +.. + + + +.. + + + + + + + +This function gets the application defaults for *option* based on the given *appname* and/or *realm* . + + + + + + + + + + +.. + +.. seealso:: + :c:func:`krb5_appdefault_string()` + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_appdefault_string.txt b/doc/html/_sources/appdev/refs/api/krb5_appdefault_string.txt new file mode 100644 index 000000000000..1c7590b75192 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_appdefault_string.txt @@ -0,0 +1,57 @@ +krb5_appdefault_string - Retrieve a string value from the appdefaults section of krb5.conf. +============================================================================================= + +.. + +.. c:function:: void krb5_appdefault_string(krb5_context context, const char * appname, const krb5_data * realm, const char * option, const char * default_value, char ** ret_value) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **appname** - Application name + + **[in]** **realm** - Realm name + + **[in]** **option** - Option to be checked + + **[in]** **default_value** - Default value to return if no match is found + + **[out]** **ret_value** - String value of *option* + + +.. + + + +.. + + + + + + + +This function gets the application defaults for *option* based on the given *appname* and/or *realm* . + + + + + + + + + + +.. + +.. seealso:: + :c:func:`krb5_appdefault_boolean()` + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_free.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_free.txt new file mode 100644 index 000000000000..2062de7842e6 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_free.txt @@ -0,0 +1,49 @@ +krb5_auth_con_free - Free a krb5_auth_context structure. +========================================================== + +.. + +.. c:function:: krb5_error_code krb5_auth_con_free(krb5_context context, krb5_auth_context auth_context) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context to be freed + + +.. + + +:retval: + - 0 (always) + + +.. + + + + + + + +This function frees an auth context allocated by :c:func:`krb5_auth_con_init()` . + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_genaddrs.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_genaddrs.txt new file mode 100644 index 000000000000..b8a3f40538e3 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_genaddrs.txt @@ -0,0 +1,66 @@ +krb5_auth_con_genaddrs - Generate auth context addresses from a connected socket. +=================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_auth_con_genaddrs(krb5_context context, krb5_auth_context auth_context, int infd, int flags) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context + + **[in]** **infd** - Connected socket descriptor + + **[in]** **flags** - Flags + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function sets the local and/or remote addresses in *auth_context* based on the local and remote endpoints of the socket *infd* . The following flags determine the operations performed: + + + + + + - :data:`KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR` Generate local address. + + + - :data:`KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR` Generate remote address. + + + - :data:`KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR` Generate local address and port. + + + - :data:`KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR` Generate remote address and port. + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_get_checksum_func.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_get_checksum_func.txt new file mode 100644 index 000000000000..e3a427427ffd --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_get_checksum_func.txt @@ -0,0 +1,49 @@ +krb5_auth_con_get_checksum_func - Get the checksum callback from an auth context. +=================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_auth_con_get_checksum_func(krb5_context context, krb5_auth_context auth_context, krb5_mk_req_checksum_func * func, void ** data) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context + + **[out]** **func** - Checksum callback + + **[out]** **data** - Callback argument + + +.. + + +:retval: + - 0 (always) + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_getaddrs.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_getaddrs.txt new file mode 100644 index 000000000000..1225294092e5 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_getaddrs.txt @@ -0,0 +1,49 @@ +krb5_auth_con_getaddrs - Retrieve address fields from an auth context. +======================================================================== + +.. + +.. c:function:: krb5_error_code krb5_auth_con_getaddrs(krb5_context context, krb5_auth_context auth_context, krb5_address ** local_addr, krb5_address ** remote_addr) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context + + **[out]** **local_addr** - Local address (NULL if not needed) + + **[out]** **remote_addr** - Remote address (NULL if not needed) + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_getauthenticator.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_getauthenticator.txt new file mode 100644 index 000000000000..a2883385982d --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_getauthenticator.txt @@ -0,0 +1,51 @@ +krb5_auth_con_getauthenticator - Retrieve the authenticator from an auth context. +=================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_auth_con_getauthenticator(krb5_context context, krb5_auth_context auth_context, krb5_authenticator ** authenticator) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context + + **[out]** **authenticator** - Authenticator + + +.. + + +:retval: + - 0 Success. Otherwise - Kerberos error codes + + +.. + + + + + + + +Use :c:func:`krb5_free_authenticator()` to free *authenticator* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_getflags.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_getflags.txt new file mode 100644 index 000000000000..1884f127a555 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_getflags.txt @@ -0,0 +1,60 @@ +krb5_auth_con_getflags - Retrieve flags from a krb5_auth_context structure. +============================================================================= + +.. + +.. c:function:: krb5_error_code krb5_auth_con_getflags(krb5_context context, krb5_auth_context auth_context, krb5_int32 * flags) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context + + **[out]** **flags** - Flags bit mask + + +.. + + +:retval: + - 0 (always) + + +.. + + + + + + + +Valid values for *flags* are: + + - :data:`KRB5_AUTH_CONTEXT_DO_TIME` Use timestamps + + + - :data:`KRB5_AUTH_CONTEXT_RET_TIME` Save timestamps + + + - :data:`KRB5_AUTH_CONTEXT_DO_SEQUENCE` Use sequence numbers + + + - :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` Save sequence numbers + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_getkey.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_getkey.txt new file mode 100644 index 000000000000..cfe99ff259c4 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_getkey.txt @@ -0,0 +1,51 @@ +krb5_auth_con_getkey - Retrieve the session key from an auth context as a keyblock. +===================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_auth_con_getkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock ** keyblock) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context + + **[out]** **keyblock** - Session key + + +.. + + +:retval: + - 0 Success. Otherwise - Kerberos error codes + + +.. + + + + + + + +This function creates a keyblock containing the session key from *auth_context* . Use :c:func:`krb5_free_keyblock()` to free *keyblock* when it is no longer needed + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_getkey_k.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_getkey_k.txt new file mode 100644 index 000000000000..0a320aeb3e61 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_getkey_k.txt @@ -0,0 +1,51 @@ +krb5_auth_con_getkey_k - Retrieve the session key from an auth context. +========================================================================= + +.. + +.. c:function:: krb5_error_code krb5_auth_con_getkey_k(krb5_context context, krb5_auth_context auth_context, krb5_key * key) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context + + **[out]** **key** - Session key + + +.. + + +:retval: + - 0 (always) + + +.. + + + + + + + +This function sets *key* to the session key from *auth_context* . Use :c:func:`krb5_k_free_key()` to release *key* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_getlocalseqnumber.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_getlocalseqnumber.txt new file mode 100644 index 000000000000..977d0efbf5ee --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_getlocalseqnumber.txt @@ -0,0 +1,51 @@ +krb5_auth_con_getlocalseqnumber - Retrieve the local sequence number from an auth context. +============================================================================================ + +.. + +.. c:function:: krb5_error_code krb5_auth_con_getlocalseqnumber(krb5_context context, krb5_auth_context auth_context, krb5_int32 * seqnumber) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context + + **[out]** **seqnumber** - Local sequence number + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +Retrieve the local sequence number from *auth_context* and return it in *seqnumber* . The :data:`KRB5_AUTH_CONTEXT_DO_SEQUENCE` flag must be set in *auth_context* for this function to be useful. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_getlocalsubkey.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_getlocalsubkey.txt new file mode 100644 index 000000000000..655b9d581d34 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_getlocalsubkey.txt @@ -0,0 +1,46 @@ +krb5_auth_con_getlocalsubkey +============================ + +.. + +.. c:function:: krb5_error_code krb5_auth_con_getlocalsubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock ** keyblock) + +.. + + +:param: + + **context** + + **auth_context** + + **keyblock** + + +.. + + + +.. + + +DEPRECATED Replaced by krb5_auth_con_getsendsubkey() . + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_getrcache.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_getrcache.txt new file mode 100644 index 000000000000..c50663643508 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_getrcache.txt @@ -0,0 +1,51 @@ +krb5_auth_con_getrcache - Retrieve the replay cache from an auth context. +=========================================================================== + +.. + +.. c:function:: krb5_error_code krb5_auth_con_getrcache(krb5_context context, krb5_auth_context auth_context, krb5_rcache * rcache) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context + + **[out]** **rcache** - Replay cache handle + + +.. + + +:retval: + - 0 (always) + + +.. + + + + + + + +This function fetches the replay cache from *auth_context* . The caller should not close *rcache* . + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_getrecvsubkey.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_getrecvsubkey.txt new file mode 100644 index 000000000000..1b7ddfa63c74 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_getrecvsubkey.txt @@ -0,0 +1,51 @@ +krb5_auth_con_getrecvsubkey - Retrieve the receiving subkey from an auth context as a keyblock. +================================================================================================= + +.. + +.. c:function:: krb5_error_code krb5_auth_con_getrecvsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock ** keyblock) + +.. + + +:param: + + **[in]** **ctx** - Library context + + **[in]** **ac** - Authentication context + + **[out]** **keyblock** - Receiving subkey + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function creates a keyblock containing the receiving subkey from *auth_context* . Use :c:func:`krb5_free_keyblock()` to free *keyblock* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_getrecvsubkey_k.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_getrecvsubkey_k.txt new file mode 100644 index 000000000000..44ce57307ba5 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_getrecvsubkey_k.txt @@ -0,0 +1,51 @@ +krb5_auth_con_getrecvsubkey_k - Retrieve the receiving subkey from an auth context as a keyblock. +=================================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_auth_con_getrecvsubkey_k(krb5_context ctx, krb5_auth_context ac, krb5_key * key) + +.. + + +:param: + + **[in]** **ctx** - Library context + + **[in]** **ac** - Authentication context + + **[out]** **key** - Receiving subkey + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function sets *key* to the receiving subkey from *auth_context* . Use :c:func:`krb5_k_free_key()` to release *key* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_getremoteseqnumber.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_getremoteseqnumber.txt new file mode 100644 index 000000000000..9dee0e61fd21 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_getremoteseqnumber.txt @@ -0,0 +1,51 @@ +krb5_auth_con_getremoteseqnumber - Retrieve the remote sequence number from an auth context. +============================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_auth_con_getremoteseqnumber(krb5_context context, krb5_auth_context auth_context, krb5_int32 * seqnumber) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context + + **[out]** **seqnumber** - Remote sequence number + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +Retrieve the remote sequence number from *auth_context* and return it in *seqnumber* . The :data:`KRB5_AUTH_CONTEXT_DO_SEQUENCE` flag must be set in *auth_context* for this function to be useful. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_getremotesubkey.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_getremotesubkey.txt new file mode 100644 index 000000000000..3f1095c9fe1a --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_getremotesubkey.txt @@ -0,0 +1,46 @@ +krb5_auth_con_getremotesubkey +============================= + +.. + +.. c:function:: krb5_error_code krb5_auth_con_getremotesubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock ** keyblock) + +.. + + +:param: + + **context** + + **auth_context** + + **keyblock** + + +.. + + + +.. + + +DEPRECATED Replaced by krb5_auth_con_getrecvsubkey() . + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_getsendsubkey.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_getsendsubkey.txt new file mode 100644 index 000000000000..6a842b6a3cc8 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_getsendsubkey.txt @@ -0,0 +1,51 @@ +krb5_auth_con_getsendsubkey - Retrieve the send subkey from an auth context as a keyblock. +============================================================================================ + +.. + +.. c:function:: krb5_error_code krb5_auth_con_getsendsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock ** keyblock) + +.. + + +:param: + + **[in]** **ctx** - Library context + + **[in]** **ac** - Authentication context + + **[out]** **keyblock** - Send subkey + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function creates a keyblock containing the send subkey from *auth_context* . Use :c:func:`krb5_free_keyblock()` to free *keyblock* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_getsendsubkey_k.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_getsendsubkey_k.txt new file mode 100644 index 000000000000..c63e6c9613ac --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_getsendsubkey_k.txt @@ -0,0 +1,51 @@ +krb5_auth_con_getsendsubkey_k - Retrieve the send subkey from an auth context. +================================================================================ + +.. + +.. c:function:: krb5_error_code krb5_auth_con_getsendsubkey_k(krb5_context ctx, krb5_auth_context ac, krb5_key * key) + +.. + + +:param: + + **[in]** **ctx** - Library context + + **[in]** **ac** - Authentication context + + **[out]** **key** - Send subkey + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function sets *key* to the send subkey from *auth_context* . Use :c:func:`krb5_k_free_key()` to release *key* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_init.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_init.txt new file mode 100644 index 000000000000..9c5ee8f10458 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_init.txt @@ -0,0 +1,57 @@ +krb5_auth_con_init - Create and initialize an authentication context. +======================================================================= + +.. + +.. c:function:: krb5_error_code krb5_auth_con_init(krb5_context context, krb5_auth_context * auth_context) + +.. + + +:param: + + **[in]** **context** - Library context + + **[out]** **auth_context** - Authentication context + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function creates an authentication context to hold configuration and state relevant to krb5 functions for authenticating principals and protecting messages once authentication has occurred. + + + +By default, flags for the context are set to enable the use of the replay cache ( :data:`KRB5_AUTH_CONTEXT_DO_TIME` ), but not sequence numbers. Use :c:func:`krb5_auth_con_setflags()` to change the flags. + + + +The allocated *auth_context* must be freed with :c:func:`krb5_auth_con_free()` when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_initivector.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_initivector.txt new file mode 100644 index 000000000000..7d5bf4cf03ee --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_initivector.txt @@ -0,0 +1,48 @@ +krb5_auth_con_initivector +========================= + +.. + +.. c:function:: krb5_error_code krb5_auth_con_initivector(krb5_context context, krb5_auth_context auth_context) + +.. + + +:param: + + **context** + + **auth_context** + + +.. + + + +.. + + +DEPRECATED Not replaced. + + + + + + + + + + +RFC 4120 doesn't have anything like the initvector concept; only really old protocols may need this API. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_set_checksum_func.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_set_checksum_func.txt new file mode 100644 index 000000000000..a762d4e85c9a --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_set_checksum_func.txt @@ -0,0 +1,53 @@ +krb5_auth_con_set_checksum_func - Set a checksum callback in an auth context. +=============================================================================== + +.. + +.. c:function:: krb5_error_code krb5_auth_con_set_checksum_func(krb5_context context, krb5_auth_context auth_context, krb5_mk_req_checksum_func func, void * data) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context + + **[in]** **func** - Checksum callback + + **[in]** **data** - Callback argument + + +.. + + +:retval: + - 0 (always) + + +.. + + + + + + + +Set a callback to obtain checksum data in :c:func:`krb5_mk_req()` . The callback will be invoked after the subkey and local sequence number are stored in *auth_context* . + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_set_req_cksumtype.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_set_req_cksumtype.txt new file mode 100644 index 000000000000..76c948e67dc8 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_set_req_cksumtype.txt @@ -0,0 +1,51 @@ +krb5_auth_con_set_req_cksumtype - Set checksum type in an an auth context. +============================================================================ + +.. + +.. c:function:: krb5_error_code krb5_auth_con_set_req_cksumtype(krb5_context context, krb5_auth_context auth_context, krb5_cksumtype cksumtype) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context + + **[in]** **cksumtype** - Checksum type + + +.. + + +:retval: + - 0 Success. Otherwise - Kerberos error codes + + +.. + + + + + + + +This function sets the checksum type in *auth_context* to be used by :c:func:`krb5_mk_req()` for the authenticator checksum. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_setaddrs.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_setaddrs.txt new file mode 100644 index 000000000000..47302190492d --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_setaddrs.txt @@ -0,0 +1,56 @@ +krb5_auth_con_setaddrs - Set the local and remote addresses in an auth context. +================================================================================= + +.. + +.. c:function:: krb5_error_code krb5_auth_con_setaddrs(krb5_context context, krb5_auth_context auth_context, krb5_address * local_addr, krb5_address * remote_addr) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context + + **[in]** **local_addr** - Local address + + **[in]** **remote_addr** - Remote address + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function releases the storage assigned to the contents of the local and remote addresses of *auth_context* and then sets them to *local_addr* and *remote_addr* respectively. + + + + + + + + + + +.. + +.. seealso:: + :c:func:`krb5_auth_con_genaddrs()` + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_setflags.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_setflags.txt new file mode 100644 index 000000000000..a159e23da2c2 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_setflags.txt @@ -0,0 +1,60 @@ +krb5_auth_con_setflags - Set a flags field in a krb5_auth_context structure. +============================================================================== + +.. + +.. c:function:: krb5_error_code krb5_auth_con_setflags(krb5_context context, krb5_auth_context auth_context, krb5_int32 flags) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context + + **[in]** **flags** - Flags bit mask + + +.. + + +:retval: + - 0 (always) + + +.. + + + + + + + +Valid values for *flags* are: + + - :data:`KRB5_AUTH_CONTEXT_DO_TIME` Use timestamps + + + - :data:`KRB5_AUTH_CONTEXT_RET_TIME` Save timestamps + + + - :data:`KRB5_AUTH_CONTEXT_DO_SEQUENCE` Use sequence numbers + + + - :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` Save sequence numbers + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_setports.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_setports.txt new file mode 100644 index 000000000000..279c327e2447 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_setports.txt @@ -0,0 +1,56 @@ +krb5_auth_con_setports - Set local and remote port fields in an auth context. +=============================================================================== + +.. + +.. c:function:: krb5_error_code krb5_auth_con_setports(krb5_context context, krb5_auth_context auth_context, krb5_address * local_port, krb5_address * remote_port) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context + + **[in]** **local_port** - Local port + + **[in]** **remote_port** - Remote port + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function releases the storage assigned to the contents of the local and remote ports of *auth_context* and then sets them to *local_port* and *remote_port* respectively. + + + + + + + + + + +.. + +.. seealso:: + :c:func:`krb5_auth_con_genaddrs()` + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_setrcache.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_setrcache.txt new file mode 100644 index 000000000000..9b197a3a7a50 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_setrcache.txt @@ -0,0 +1,51 @@ +krb5_auth_con_setrcache - Set the replay cache in an auth context. +==================================================================== + +.. + +.. c:function:: krb5_error_code krb5_auth_con_setrcache(krb5_context context, krb5_auth_context auth_context, krb5_rcache rcache) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context + + **[in]** **rcache** - Replay cache haddle + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function sets the replay cache in *auth_context* to *rcache* . *rcache* will be closed when *auth_context* is freed, so the caller should relinguish that responsibility. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_setrecvsubkey.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_setrecvsubkey.txt new file mode 100644 index 000000000000..7e43d9148dcd --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_setrecvsubkey.txt @@ -0,0 +1,51 @@ +krb5_auth_con_setrecvsubkey - Set the receiving subkey in an auth context with a keyblock. +============================================================================================ + +.. + +.. c:function:: krb5_error_code krb5_auth_con_setrecvsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock * keyblock) + +.. + + +:param: + + **[in]** **ctx** - Library context + + **[in]** **ac** - Authentication context + + **[in]** **keyblock** - Receiving subkey + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function sets the receiving subkey in *ac* to a copy of *keyblock* . + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_setrecvsubkey_k.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_setrecvsubkey_k.txt new file mode 100644 index 000000000000..feafaabff0b4 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_setrecvsubkey_k.txt @@ -0,0 +1,55 @@ +krb5_auth_con_setrecvsubkey_k - Set the receiving subkey in an auth context. +============================================================================== + +.. + +.. c:function:: krb5_error_code krb5_auth_con_setrecvsubkey_k(krb5_context ctx, krb5_auth_context ac, krb5_key key) + +.. + + +:param: + + **[in]** **ctx** - Library context + + **[in]** **ac** - Authentication context + + **[in]** **key** - Receiving subkey + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function sets the receiving subkey in *ac* to *key* , incrementing its reference count. + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.9 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_setsendsubkey.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_setsendsubkey.txt new file mode 100644 index 000000000000..47f746b57035 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_setsendsubkey.txt @@ -0,0 +1,51 @@ +krb5_auth_con_setsendsubkey - Set the send subkey in an auth context with a keyblock. +======================================================================================= + +.. + +.. c:function:: krb5_error_code krb5_auth_con_setsendsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock * keyblock) + +.. + + +:param: + + **[in]** **ctx** - Library context + + **[in]** **ac** - Authentication context + + **[in]** **keyblock** - Send subkey + + +.. + + +:retval: + - 0 Success. Otherwise - Kerberos error codes + + +.. + + + + + + + +This function sets the send subkey in *ac* to a copy of *keyblock* . + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_setsendsubkey_k.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_setsendsubkey_k.txt new file mode 100644 index 000000000000..59fd7392b96a --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_setsendsubkey_k.txt @@ -0,0 +1,55 @@ +krb5_auth_con_setsendsubkey_k - Set the send subkey in an auth context. +========================================================================= + +.. + +.. c:function:: krb5_error_code krb5_auth_con_setsendsubkey_k(krb5_context ctx, krb5_auth_context ac, krb5_key key) + +.. + + +:param: + + **[in]** **ctx** - Library context + + **[in]** **ac** - Authentication context + + **[out]** **key** - Send subkey + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function sets the send subkey in *ac* to *key* , incrementing its reference count. + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.9 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_auth_con_setuseruserkey.txt b/doc/html/_sources/appdev/refs/api/krb5_auth_con_setuseruserkey.txt new file mode 100644 index 000000000000..11d9249dd9b5 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_auth_con_setuseruserkey.txt @@ -0,0 +1,47 @@ +krb5_auth_con_setuseruserkey - Set the session key in an auth context. +======================================================================== + +.. + +.. c:function:: krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock * keyblock) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context + + **[in]** **keyblock** - User key + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_build_principal.txt b/doc/html/_sources/appdev/refs/api/krb5_build_principal.txt new file mode 100644 index 000000000000..5a8cb0e89479 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_build_principal.txt @@ -0,0 +1,68 @@ +krb5_build_principal - Build a principal name using null-terminated strings. +============================================================================== + +.. + +.. c:function:: krb5_error_code krb5_build_principal(krb5_context context, krb5_principal * princ, unsigned int rlen, const char * realm, ... ) + +.. + + +:param: + + **[in]** **context** - Library context + + **[out]** **princ** - Principal name + + **[in]** **rlen** - Realm name length + + **[in]** **realm** - Realm name + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +Call :c:func:`krb5_free_principal()` to free *princ* when it is no longer needed. + + + + + + + + + + + + + + +.. + + + + + + +.. note:: + + :c:func:`krb5_build_principal()` and :c:func:`krb5_build_principal_alloc_va()` perform the same task. :c:func:`krb5_build_principal()` takes variadic arguments. :c:func:`krb5_build_principal_alloc_va()` takes a pre-computed *varargs* pointer. + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_build_principal_alloc_va.txt b/doc/html/_sources/appdev/refs/api/krb5_build_principal_alloc_va.txt new file mode 100644 index 000000000000..6f8a57e49e8a --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_build_principal_alloc_va.txt @@ -0,0 +1,66 @@ +krb5_build_principal_alloc_va - Build a principal name, using a precomputed variable argument list. +===================================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_build_principal_alloc_va(krb5_context context, krb5_principal * princ, unsigned int rlen, const char * realm, va_list ap) + +.. + + +:param: + + **[in]** **context** - Library context + + **[out]** **princ** - Principal structure + + **[in]** **rlen** - Realm name length + + **[in]** **realm** - Realm name + + **[in]** **ap** - List of char * components, ending with NULL + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +Similar to :c:func:`krb5_build_principal()` , this function builds a principal name, but its name components are specified as a va_list. + + + +Use :c:func:`krb5_free_principal()` to deallocate *princ* when it is no longer needed. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_build_principal_ext.txt b/doc/html/_sources/appdev/refs/api/krb5_build_principal_ext.txt new file mode 100644 index 000000000000..e1b6397853f5 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_build_principal_ext.txt @@ -0,0 +1,60 @@ +krb5_build_principal_ext - Build a principal name using length-counted strings. +================================================================================= + +.. + +.. c:function:: krb5_error_code krb5_build_principal_ext(krb5_context context, krb5_principal * princ, unsigned int rlen, const char * realm, ... ) + +.. + + +:param: + + **[in]** **context** - Library context + + **[out]** **princ** - Principal name + + **[in]** **rlen** - Realm name length + + **[in]** **realm** - Realm name + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +This function creates a principal from a length-counted string and a variable-length list of length-counted components. The list of components ends with the first 0 length argument (so it is not possible to specify an empty component with this function). Call :c:func:`krb5_free_principal()` to free allocated memory for principal when it is no longer needed. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_build_principal_va.txt b/doc/html/_sources/appdev/refs/api/krb5_build_principal_va.txt new file mode 100644 index 000000000000..88f530e27ba0 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_build_principal_va.txt @@ -0,0 +1,50 @@ +krb5_build_principal_va +======================= + +.. + +.. c:function:: krb5_error_code krb5_build_principal_va(krb5_context context, krb5_principal princ, unsigned int rlen, const char * realm, va_list ap) + +.. + + +:param: + + **context** + + **princ** + + **rlen** + + **realm** + + **ap** + + +.. + + + +.. + + +DEPRECATED Replaced by krb5_build_principal_alloc_va() . + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_block_size.txt b/doc/html/_sources/appdev/refs/api/krb5_c_block_size.txt new file mode 100644 index 000000000000..4c4a13eafaab --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_block_size.txt @@ -0,0 +1,47 @@ +krb5_c_block_size - Return cipher block size. +=============================================== + +.. + +.. c:function:: krb5_error_code krb5_c_block_size(krb5_context context, krb5_enctype enctype, size_t * blocksize) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **enctype** - Encryption type + + **[out]** **blocksize** - Block size for *enctype* + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_checksum_length.txt b/doc/html/_sources/appdev/refs/api/krb5_c_checksum_length.txt new file mode 100644 index 000000000000..644e34bf2b9a --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_checksum_length.txt @@ -0,0 +1,47 @@ +krb5_c_checksum_length - Return the length of checksums for a checksum type. +============================================================================== + +.. + +.. c:function:: krb5_error_code krb5_c_checksum_length(krb5_context context, krb5_cksumtype cksumtype, size_t * length) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **cksumtype** - Checksum type + + **[out]** **length** - Checksum length + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_crypto_length.txt b/doc/html/_sources/appdev/refs/api/krb5_c_crypto_length.txt new file mode 100644 index 000000000000..3879981ef814 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_crypto_length.txt @@ -0,0 +1,49 @@ +krb5_c_crypto_length - Return a length of a message field specific to the encryption type. +============================================================================================ + +.. + +.. c:function:: krb5_error_code krb5_c_crypto_length(krb5_context context, krb5_enctype enctype, krb5_cryptotype type, unsigned int * size) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **enctype** - Encryption type + + **[in]** **type** - Type field (See :data:`KRB5_CRYPTO_TYPE` types) + + **[out]** **size** - Length of the *type* specific to *enctype* + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_crypto_length_iov.txt b/doc/html/_sources/appdev/refs/api/krb5_c_crypto_length_iov.txt new file mode 100644 index 000000000000..1b4edaa50746 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_crypto_length_iov.txt @@ -0,0 +1,53 @@ +krb5_c_crypto_length_iov - Fill in lengths for header, trailer and padding in a IOV array. +============================================================================================ + +.. + +.. c:function:: krb5_error_code krb5_c_crypto_length_iov(krb5_context context, krb5_enctype enctype, krb5_crypto_iov * data, size_t num_data) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **enctype** - Encryption type + + **[inout]** **data** - IOV array + + **[in]** **num_data** - Size of *data* + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +Padding is set to the actual padding required based on the provided *data* buffers. Typically this API is used after setting up the data buffers and :data:`KRB5_CRYPTO_TYPE_SIGN_ONLY` buffers, but before actually allocating header, trailer and padding. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_decrypt.txt b/doc/html/_sources/appdev/refs/api/krb5_c_decrypt.txt new file mode 100644 index 000000000000..31f011d12e84 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_decrypt.txt @@ -0,0 +1,65 @@ +krb5_c_decrypt - Decrypt data using a key (operates on keyblock). +=================================================================== + +.. + +.. c:function:: krb5_error_code krb5_c_decrypt(krb5_context context, const krb5_keyblock * key, krb5_keyusage usage, const krb5_data * cipher_state, const krb5_enc_data * input, krb5_data * output) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **key** - Encryption key + + **[in]** **usage** - Key usage (see :data:`KRB5_KEYUSAGE` types) + + **[inout]** **cipher_state** - Cipher state; specify NULL if not needed + + **[in]** **input** - Encrypted data + + **[out]** **output** - Decrypted data + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function decrypts the data block *input* and stores the output into *output* . The actual decryption key will be derived from *key* and *usage* if key derivation is specified for the encryption type. If non-null, *cipher_state* specifies the beginning state for the decryption operation, and is updated with the state to be passed as input to the next operation. + + + + + + + + + + +.. + + + + + + +.. note:: + + The caller must initialize *output* and allocate at least enough space for the result. The usual practice is to allocate an output buffer as long as the ciphertext, and let :c:func:`krb5_c_decrypt()` trim *output->length* . For some enctypes, the resulting *output->length* may include padding bytes. + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_decrypt_iov.txt b/doc/html/_sources/appdev/refs/api/krb5_c_decrypt_iov.txt new file mode 100644 index 000000000000..2dc3f1061c2b --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_decrypt_iov.txt @@ -0,0 +1,70 @@ +krb5_c_decrypt_iov - Decrypt data in place supporting AEAD (operates on keyblock). +==================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_c_decrypt_iov(krb5_context context, const krb5_keyblock * keyblock, krb5_keyusage usage, const krb5_data * cipher_state, krb5_crypto_iov * data, size_t num_data) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **keyblock** - Encryption key + + **[in]** **usage** - Key usage (see :data:`KRB5_KEYUSAGE` types) + + **[in]** **cipher_state** - Cipher state; specify NULL if not needed + + **[inout]** **data** - IOV array. Modified in-place. + + **[in]** **num_data** - Size of *data* + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function decrypts the data block *data* and stores the output in-place. The actual decryption key will be derived from *keyblock* and *usage* if key derivation is specified for the encryption type. If non-null, *cipher_state* specifies the beginning state for the decryption operation, and is updated with the state to be passed as input to the next operation. The caller must allocate the right number of krb5_crypto_iov structures before calling into this API. + + + + + + + + + + +.. + +.. seealso:: + :c:func:`krb5_c_decrypt_iov()` + + + + + + +.. note:: + + On return from a :c:func:`krb5_c_decrypt_iov()` call, the *data->length* in the iov structure are adjusted to reflect actual lengths of the ciphertext used. For example, if the padding length is too large, the length will be reduced. Lengths are never increased. + + This function is similar to :c:func:`krb5_k_decrypt_iov()` , but operates on keyblock *keyblock* . + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_derive_prfplus.txt b/doc/html/_sources/appdev/refs/api/krb5_c_derive_prfplus.txt new file mode 100644 index 000000000000..fdb62c501b24 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_derive_prfplus.txt @@ -0,0 +1,48 @@ +krb5_c_derive_prfplus - Derive a key using some input data (via RFC 6113 PRF+). +================================================================================= + +.. + +.. c:function:: krb5_error_code krb5_c_derive_prfplus(krb5_context context, const krb5_keyblock * k, const krb5_data * input, krb5_enctype enctype, krb5_keyblock ** out) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **k** - KDC contribution key + + **[in]** **input** - Input string + + **[in]** **enctype** - Output key enctype (or **ENCTYPE_NULL** ) + + **[out]** **out** - Derived keyblock + + +.. + + + +.. + + + + + + + +This function uses PRF+ as defined in RFC 6113 to derive a key from another key and an input string. If *enctype* is **ENCTYPE_NULL** , the output key will have the same enctype as the input key. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_encrypt.txt b/doc/html/_sources/appdev/refs/api/krb5_c_encrypt.txt new file mode 100644 index 000000000000..7b6cb038b3bf --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_encrypt.txt @@ -0,0 +1,65 @@ +krb5_c_encrypt - Encrypt data using a key (operates on keyblock). +=================================================================== + +.. + +.. c:function:: krb5_error_code krb5_c_encrypt(krb5_context context, const krb5_keyblock * key, krb5_keyusage usage, const krb5_data * cipher_state, const krb5_data * input, krb5_enc_data * output) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **key** - Encryption key + + **[in]** **usage** - Key usage (see :data:`KRB5_KEYUSAGE` types) + + **[inout]** **cipher_state** - Cipher state; specify NULL if not needed + + **[in]** **input** - Data to be encrypted + + **[out]** **output** - Encrypted data + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function encrypts the data block *input* and stores the output into *output* . The actual encryption key will be derived from *key* and *usage* if key derivation is specified for the encryption type. If non-null, *cipher_state* specifies the beginning state for the encryption operation, and is updated with the state to be passed as input to the next operation. + + + + + + + + + + +.. + + + + + + +.. note:: + + The caller must initialize *output* and allocate at least enough space for the result (using :c:func:`krb5_c_encrypt_length()` to determine the amount of space needed). *output->length* will be set to the actual length of the ciphertext. + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_encrypt_iov.txt b/doc/html/_sources/appdev/refs/api/krb5_c_encrypt_iov.txt new file mode 100644 index 000000000000..dbfcb527762e --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_encrypt_iov.txt @@ -0,0 +1,70 @@ +krb5_c_encrypt_iov - Encrypt data in place supporting AEAD (operates on keyblock). +==================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_c_encrypt_iov(krb5_context context, const krb5_keyblock * keyblock, krb5_keyusage usage, const krb5_data * cipher_state, krb5_crypto_iov * data, size_t num_data) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **keyblock** - Encryption key + + **[in]** **usage** - Key usage (see :data:`KRB5_KEYUSAGE` types) + + **[in]** **cipher_state** - Cipher state; specify NULL if not needed + + **[inout]** **data** - IOV array. Modified in-place. + + **[in]** **num_data** - Size of *data* + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function encrypts the data block *data* and stores the output in-place. The actual encryption key will be derived from *keyblock* and *usage* if key derivation is specified for the encryption type. If non-null, *cipher_state* specifies the beginning state for the encryption operation, and is updated with the state to be passed as input to the next operation. The caller must allocate the right number of krb5_crypto_iov structures before calling into this API. + + + + + + + + + + +.. + +.. seealso:: + :c:func:`krb5_c_decrypt_iov()` + + + + + + +.. note:: + + On return from a :c:func:`krb5_c_encrypt_iov()` call, the *data->length* in the iov structure are adjusted to reflect actual lengths of the ciphertext used. For example, if the padding length is too large, the length will be reduced. Lengths are never increased. + + This function is similar to :c:func:`krb5_k_encrypt_iov()` , but operates on keyblock *keyblock* . + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_encrypt_length.txt b/doc/html/_sources/appdev/refs/api/krb5_c_encrypt_length.txt new file mode 100644 index 000000000000..a459c3a48698 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_encrypt_length.txt @@ -0,0 +1,53 @@ +krb5_c_encrypt_length - Compute encrypted data length. +======================================================== + +.. + +.. c:function:: krb5_error_code krb5_c_encrypt_length(krb5_context context, krb5_enctype enctype, size_t inputlen, size_t * length) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **enctype** - Encryption type + + **[in]** **inputlen** - Length of the data to be encrypted + + **[out]** **length** - Length of the encrypted data + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function computes the length of the ciphertext produced by encrypting *inputlen* bytes including padding, confounder, and checksum. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_enctype_compare.txt b/doc/html/_sources/appdev/refs/api/krb5_c_enctype_compare.txt new file mode 100644 index 000000000000..156cdd23ebf0 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_enctype_compare.txt @@ -0,0 +1,53 @@ +krb5_c_enctype_compare - Compare two encryption types. +======================================================== + +.. + +.. c:function:: krb5_error_code krb5_c_enctype_compare(krb5_context context, krb5_enctype e1, krb5_enctype e2, krb5_boolean * similar) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **e1** - First encryption type + + **[in]** **e2** - Second encryption type + + **[out]** **similar** - **TRUE** if types are similar, **FALSE** if not + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function determines whether two encryption types use the same kind of keys. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_free_state.txt b/doc/html/_sources/appdev/refs/api/krb5_c_free_state.txt new file mode 100644 index 000000000000..f934e9595546 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_free_state.txt @@ -0,0 +1,47 @@ +krb5_c_free_state - Free a cipher state previously allocated by krb5_c_init_state() . +======================================================================================= + +.. + +.. c:function:: krb5_error_code krb5_c_free_state(krb5_context context, const krb5_keyblock * key, krb5_data * state) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **key** - Key + + **[in]** **state** - Cipher state to be freed + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_fx_cf2_simple.txt b/doc/html/_sources/appdev/refs/api/krb5_c_fx_cf2_simple.txt new file mode 100644 index 000000000000..0d9cf9d5c6fd --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_fx_cf2_simple.txt @@ -0,0 +1,57 @@ +krb5_c_fx_cf2_simple - Compute the KRB-FX-CF2 combination of two keys and pepper strings. +=========================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_c_fx_cf2_simple(krb5_context context, const krb5_keyblock * k1, const char * pepper1, const krb5_keyblock * k2, const char * pepper2, krb5_keyblock ** out) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **k1** - KDC contribution key + + **[in]** **pepper1** - String"PKINIT" + + **[in]** **k2** - Reply key + + **[in]** **pepper2** - String"KeyExchange" + + **[out]** **out** - Output key + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function computes the KRB-FX-CF2 function over its inputs and places the results in a newly allocated keyblock. This function is simple in that it assumes that *pepper1* and *pepper2* are C strings with no internal nulls and that the enctype of the result will be the same as that of *k1* . *k1* and *k2* may be of different enctypes. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_init_state.txt b/doc/html/_sources/appdev/refs/api/krb5_c_init_state.txt new file mode 100644 index 000000000000..c28dca743b73 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_init_state.txt @@ -0,0 +1,49 @@ +krb5_c_init_state - Initialize a new cipher state. +==================================================== + +.. + +.. c:function:: krb5_error_code krb5_c_init_state(krb5_context context, const krb5_keyblock * key, krb5_keyusage usage, krb5_data * new_state) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **key** - Key + + **[in]** **usage** - Key usage (see :data:`KRB5_KEYUSAGE` types) + + **[out]** **new_state** - New cipher state + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_is_coll_proof_cksum.txt b/doc/html/_sources/appdev/refs/api/krb5_c_is_coll_proof_cksum.txt new file mode 100644 index 000000000000..478f24668a57 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_is_coll_proof_cksum.txt @@ -0,0 +1,43 @@ +krb5_c_is_coll_proof_cksum - Test whether a checksum type is collision-proof. +=============================================================================== + +.. + +.. c:function:: krb5_boolean krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype) + +.. + + +:param: + + **[in]** **ctype** - Checksum type + + +.. + + + +:return: + - TRUE if ctype is collision-proof, FALSE if it is not collision-proof or not a valid checksum type. + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_is_keyed_cksum.txt b/doc/html/_sources/appdev/refs/api/krb5_c_is_keyed_cksum.txt new file mode 100644 index 000000000000..ed6e6ab4079a --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_is_keyed_cksum.txt @@ -0,0 +1,43 @@ +krb5_c_is_keyed_cksum - Test whether a checksum type is keyed. +================================================================ + +.. + +.. c:function:: krb5_boolean krb5_c_is_keyed_cksum(krb5_cksumtype ctype) + +.. + + +:param: + + **[in]** **ctype** - Checksum type + + +.. + + + +:return: + - TRUE if ctype is a keyed checksum type, FALSE otherwise. + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_keyed_checksum_types.txt b/doc/html/_sources/appdev/refs/api/krb5_c_keyed_checksum_types.txt new file mode 100644 index 000000000000..22f509218852 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_keyed_checksum_types.txt @@ -0,0 +1,53 @@ +krb5_c_keyed_checksum_types - Return a list of keyed checksum types usable with an encryption type. +===================================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_c_keyed_checksum_types(krb5_context context, krb5_enctype enctype, unsigned int * count, krb5_cksumtype ** cksumtypes) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **enctype** - Encryption type + + **[out]** **count** - Count of allowable checksum types + + **[out]** **cksumtypes** - Array of allowable checksum types + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +Use :c:func:`krb5_free_cksumtypes()` to free *cksumtypes* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_keylengths.txt b/doc/html/_sources/appdev/refs/api/krb5_c_keylengths.txt new file mode 100644 index 000000000000..9b195c436db9 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_keylengths.txt @@ -0,0 +1,49 @@ +krb5_c_keylengths - Return length of the specified key in bytes. +================================================================== + +.. + +.. c:function:: krb5_error_code krb5_c_keylengths(krb5_context context, krb5_enctype enctype, size_t * keybytes, size_t * keylength) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **enctype** - Encryption type + + **[out]** **keybytes** - Number of bytes required to make a key + + **[out]** **keylength** - Length of final key + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_make_checksum.txt b/doc/html/_sources/appdev/refs/api/krb5_c_make_checksum.txt new file mode 100644 index 000000000000..f432c601396f --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_make_checksum.txt @@ -0,0 +1,68 @@ +krb5_c_make_checksum - Compute a checksum (operates on keyblock). +=================================================================== + +.. + +.. c:function:: krb5_error_code krb5_c_make_checksum(krb5_context context, krb5_cksumtype cksumtype, const krb5_keyblock * key, krb5_keyusage usage, const krb5_data * input, krb5_checksum * cksum) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **cksumtype** - Checksum type (0 for mandatory type) + + **[in]** **key** - Encryption key for a keyed checksum + + **[in]** **usage** - Key usage (see :data:`KRB5_KEYUSAGE` types) + + **[in]** **input** - Input data + + **[out]** **cksum** - Generated checksum + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function computes a checksum of type *cksumtype* over *input* , using *key* if the checksum type is a keyed checksum. If *cksumtype* is 0 and *key* is non-null, the checksum type will be the mandatory-to-implement checksum type for the key's encryption type. The actual checksum key will be derived from *key* and *usage* if key derivation is specified for the checksum type. The newly created *cksum* must be released by calling :c:func:`krb5_free_checksum_contents()` when it is no longer needed. + + + + + + + + + + +.. + +.. seealso:: + :c:func:`krb5_c_verify_checksum()` + + + + + + +.. note:: + + This function is similar to :c:func:`krb5_k_make_checksum()` , but operates on keyblock *key* . + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_make_checksum_iov.txt b/doc/html/_sources/appdev/refs/api/krb5_c_make_checksum_iov.txt new file mode 100644 index 000000000000..d313c2b04972 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_make_checksum_iov.txt @@ -0,0 +1,68 @@ +krb5_c_make_checksum_iov - Fill in a checksum element in IOV array (operates on keyblock) +=========================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_c_make_checksum_iov(krb5_context context, krb5_cksumtype cksumtype, const krb5_keyblock * key, krb5_keyusage usage, krb5_crypto_iov * data, size_t num_data) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **cksumtype** - Checksum type (0 for mandatory type) + + **[in]** **key** - Encryption key for a keyed checksum + + **[in]** **usage** - Key usage (see :data:`KRB5_KEYUSAGE` types) + + **[inout]** **data** - IOV array + + **[in]** **num_data** - Size of *data* + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +Create a checksum in the :data:`KRB5_CRYPTO_TYPE_CHECKSUM` element over :data:`KRB5_CRYPTO_TYPE_DATA` and :data:`KRB5_CRYPTO_TYPE_SIGN_ONLY` chunks in *data* . Only the :data:`KRB5_CRYPTO_TYPE_CHECKSUM` region is modified. + + + + + + + + + + +.. + +.. seealso:: + :c:func:`krb5_c_verify_checksum_iov()` + + + + + + +.. note:: + + This function is similar to :c:func:`krb5_k_make_checksum_iov()` , but operates on keyblock *key* . + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_make_random_key.txt b/doc/html/_sources/appdev/refs/api/krb5_c_make_random_key.txt new file mode 100644 index 000000000000..d485c1c50f7c --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_make_random_key.txt @@ -0,0 +1,51 @@ +krb5_c_make_random_key - Generate an enctype-specific random encryption key. +============================================================================== + +.. + +.. c:function:: krb5_error_code krb5_c_make_random_key(krb5_context context, krb5_enctype enctype, krb5_keyblock * k5_random_key) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **enctype** - Encryption type of the generated key + + **[out]** **k5_random_key** - An allocated and initialized keyblock + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +Use :c:func:`krb5_free_keyblock_contents()` to free *k5_random_key* when no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_padding_length.txt b/doc/html/_sources/appdev/refs/api/krb5_c_padding_length.txt new file mode 100644 index 000000000000..35471bf12e03 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_padding_length.txt @@ -0,0 +1,53 @@ +krb5_c_padding_length - Return a number of padding octets. +============================================================ + +.. + +.. c:function:: krb5_error_code krb5_c_padding_length(krb5_context context, krb5_enctype enctype, size_t data_length, unsigned int * size) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **enctype** - Encryption type + + **[in]** **data_length** - Length of the plaintext to pad + + **[out]** **size** - Number of padding octets + + +.. + + +:retval: + - 0 Success; otherwise - KRB5_BAD_ENCTYPE + + +.. + + + + + + + +This function returns the number of the padding octets required to pad *data_length* octets of plaintext. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_prf.txt b/doc/html/_sources/appdev/refs/api/krb5_c_prf.txt new file mode 100644 index 000000000000..b626f43b6f25 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_prf.txt @@ -0,0 +1,53 @@ +krb5_c_prf - Generate enctype-specific pseudo-random bytes. +============================================================= + +.. + +.. c:function:: krb5_error_code krb5_c_prf(krb5_context context, const krb5_keyblock * keyblock, krb5_data * input, krb5_data * output) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **keyblock** - Key + + **[in]** **input** - Input data + + **[out]** **output** - Output data + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function selects a pseudo-random function based on *keyblock* and computes its value over *input* , placing the result into *output* . The caller must preinitialize *output* and allocate space for the result, using :c:func:`krb5_c_prf_length()` to determine the required length. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_prf_length.txt b/doc/html/_sources/appdev/refs/api/krb5_c_prf_length.txt new file mode 100644 index 000000000000..ff20e291c29e --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_prf_length.txt @@ -0,0 +1,47 @@ +krb5_c_prf_length - Get the output length of pseudo-random functions for an encryption type. +============================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_c_prf_length(krb5_context context, krb5_enctype enctype, size_t * len) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **enctype** - Encryption type + + **[out]** **len** - Length of PRF output + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_prfplus.txt b/doc/html/_sources/appdev/refs/api/krb5_c_prfplus.txt new file mode 100644 index 000000000000..682a8f4614c3 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_prfplus.txt @@ -0,0 +1,61 @@ +krb5_c_prfplus - Generate pseudo-random bytes using RFC 6113 PRF+. +==================================================================== + +.. + +.. c:function:: krb5_error_code krb5_c_prfplus(krb5_context context, const krb5_keyblock * k, const krb5_data * input, krb5_data * output) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **k** - KDC contribution key + + **[in]** **input** - Input data + + **[out]** **output** - Pseudo-random output buffer + + +.. + + + +:return: + - 0 on success, E2BIG if output->length is too large for PRF+ to generate, ENOMEM on allocation failure, or an error code from krb5_c_prf() + +.. + + + + + + + +This function fills *output* with PRF+(k, input) as defined in RFC 6113 section 5.1. The caller must preinitialize *output* and allocate the desired amount of space. The length of the pseudo-random output will match the length of *output* . + + + + + + + + + + +.. + + + + + + +.. note:: + + RFC 4402 defines a different PRF+ operation. This function does not implement that operation. + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_random_add_entropy.txt b/doc/html/_sources/appdev/refs/api/krb5_c_random_add_entropy.txt new file mode 100644 index 000000000000..d64693c93c96 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_random_add_entropy.txt @@ -0,0 +1,51 @@ +krb5_c_random_add_entropy - Add entropy to the pseudo-random number generator. +================================================================================ + +.. + +.. c:function:: krb5_error_code krb5_c_random_add_entropy(krb5_context context, unsigned int randsource, const krb5_data * data) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **randsource** - Entropy source (see KRB5_RANDSOURCE types) + + **[in]** **data** - Data + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +Contribute entropy to the PRNG used by krb5 crypto operations. This may or may not affect the output of the next crypto operation requiring random data. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_random_make_octets.txt b/doc/html/_sources/appdev/refs/api/krb5_c_random_make_octets.txt new file mode 100644 index 000000000000..91a1159b65fd --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_random_make_octets.txt @@ -0,0 +1,49 @@ +krb5_c_random_make_octets - Generate pseudo-random bytes. +=========================================================== + +.. + +.. c:function:: krb5_error_code krb5_c_random_make_octets(krb5_context context, krb5_data * data) + +.. + + +:param: + + **[in]** **context** - Library context + + **[out]** **data** - Random data + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +Fills in *data* with bytes from the PRNG used by krb5 crypto operations. The caller must preinitialize *data* and allocate the desired amount of space. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_random_os_entropy.txt b/doc/html/_sources/appdev/refs/api/krb5_c_random_os_entropy.txt new file mode 100644 index 000000000000..65fc2511c17d --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_random_os_entropy.txt @@ -0,0 +1,51 @@ +krb5_c_random_os_entropy - Collect entropy from the OS if possible. +===================================================================== + +.. + +.. c:function:: krb5_error_code krb5_c_random_os_entropy(krb5_context context, int strong, int * success) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **strong** - Strongest available source of entropy + + **[out]** **success** - 1 if OS provides entropy, 0 otherwise + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +If *strong* is non-zero, this function attempts to use the strongest available source of entropy. Setting this flag may cause the function to block on some operating systems. Good uses include seeding the PRNG for kadmind and realm setup. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_random_seed.txt b/doc/html/_sources/appdev/refs/api/krb5_c_random_seed.txt new file mode 100644 index 000000000000..9e1c81638270 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_random_seed.txt @@ -0,0 +1,44 @@ +krb5_c_random_seed +================== + +.. + +.. c:function:: krb5_error_code krb5_c_random_seed(krb5_context context, krb5_data * data) + +.. + + +:param: + + **context** + + **data** + + +.. + + + +.. + + +DEPRECATED Replaced by krb5_c_* API family. + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_random_to_key.txt b/doc/html/_sources/appdev/refs/api/krb5_c_random_to_key.txt new file mode 100644 index 000000000000..927c8780f30d --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_random_to_key.txt @@ -0,0 +1,64 @@ +krb5_c_random_to_key - Generate an enctype-specific key from random data. +=========================================================================== + +.. + +.. c:function:: krb5_error_code krb5_c_random_to_key(krb5_context context, krb5_enctype enctype, krb5_data * random_data, krb5_keyblock * k5_random_key) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **enctype** - Encryption type + + **[in]** **random_data** - Random input data + + **[out]** **k5_random_key** - Resulting key + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function takes random input data *random_data* and produces a valid key *k5_random_key* for a given *enctype* . + + + + + + + + + + +.. + +.. seealso:: + :c:func:`krb5_c_keylengths()` + + + + + + +.. note:: + + It is assumed that *k5_random_key* has already been initialized and *k5_random_key->contents* has been allocated with the correct length. + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_string_to_key.txt b/doc/html/_sources/appdev/refs/api/krb5_c_string_to_key.txt new file mode 100644 index 000000000000..deacb1490965 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_string_to_key.txt @@ -0,0 +1,55 @@ +krb5_c_string_to_key - Convert a string (such a password) to a key. +===================================================================== + +.. + +.. c:function:: krb5_error_code krb5_c_string_to_key(krb5_context context, krb5_enctype enctype, const krb5_data * string, const krb5_data * salt, krb5_keyblock * key) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **enctype** - Encryption type + + **[in]** **string** - String to be converted + + **[in]** **salt** - Salt value + + **[out]** **key** - Generated key + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function converts *string* to a *key* of encryption type *enctype* , using the specified *salt* . The newly created *key* must be released by calling :c:func:`krb5_free_keyblock_contents()` when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_string_to_key_with_params.txt b/doc/html/_sources/appdev/refs/api/krb5_c_string_to_key_with_params.txt new file mode 100644 index 000000000000..8ec6e2170212 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_string_to_key_with_params.txt @@ -0,0 +1,57 @@ +krb5_c_string_to_key_with_params - Convert a string (such as a password) to a key with additional parameters. +=============================================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_c_string_to_key_with_params(krb5_context context, krb5_enctype enctype, const krb5_data * string, const krb5_data * salt, const krb5_data * params, krb5_keyblock * key) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **enctype** - Encryption type + + **[in]** **string** - String to be converted + + **[in]** **salt** - Salt value + + **[in]** **params** - Parameters + + **[out]** **key** - Generated key + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function is similar to :c:func:`krb5_c_string_to_key()` , but also takes parameters which may affect the algorithm in an enctype-dependent way. The newly created *key* must be released by calling :c:func:`krb5_free_keyblock_contents()` when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_valid_cksumtype.txt b/doc/html/_sources/appdev/refs/api/krb5_c_valid_cksumtype.txt new file mode 100644 index 000000000000..0cc7787fde3f --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_valid_cksumtype.txt @@ -0,0 +1,43 @@ +krb5_c_valid_cksumtype - Verify that specified checksum type is a valid Kerberos checksum type. +================================================================================================= + +.. + +.. c:function:: krb5_boolean krb5_c_valid_cksumtype(krb5_cksumtype ctype) + +.. + + +:param: + + **[in]** **ctype** - Checksum type + + +.. + + + +:return: + - TRUE if ctype is valid, FALSE if not + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_valid_enctype.txt b/doc/html/_sources/appdev/refs/api/krb5_c_valid_enctype.txt new file mode 100644 index 000000000000..f5adeee863de --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_valid_enctype.txt @@ -0,0 +1,43 @@ +krb5_c_valid_enctype - Verify that a specified encryption type is a valid Kerberos encryption type. +===================================================================================================== + +.. + +.. c:function:: krb5_boolean krb5_c_valid_enctype(krb5_enctype ktype) + +.. + + +:param: + + **[in]** **ktype** - Encryption type + + +.. + + + +:return: + - TRUE if ktype is valid, FALSE if not + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_verify_checksum.txt b/doc/html/_sources/appdev/refs/api/krb5_c_verify_checksum.txt new file mode 100644 index 000000000000..49eb59902a27 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_verify_checksum.txt @@ -0,0 +1,65 @@ +krb5_c_verify_checksum - Verify a checksum (operates on keyblock). +==================================================================== + +.. + +.. c:function:: krb5_error_code krb5_c_verify_checksum(krb5_context context, const krb5_keyblock * key, krb5_keyusage usage, const krb5_data * data, const krb5_checksum * cksum, krb5_boolean * valid) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **key** - Encryption key for a keyed checksum + + **[in]** **usage** - *key* usage + + **[in]** **data** - Data to be used to compute a new checksum using *key* to compare *cksum* against + + **[in]** **cksum** - Checksum to be verified + + **[out]** **valid** - Non-zero for success, zero for failure + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function verifies that *cksum* is a valid checksum for *data* . If the checksum type of *cksum* is a keyed checksum, *key* is used to verify the checksum. If the checksum type in *cksum* is 0 and *key* is not NULL, the mandatory checksum type for *key* will be used. The actual checksum key will be derived from *key* and *usage* if key derivation is specified for the checksum type. + + + + + + + + + + +.. + + + + + + +.. note:: + + This function is similar to :c:func:`krb5_k_verify_checksum()` , but operates on keyblock *key* . + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_c_verify_checksum_iov.txt b/doc/html/_sources/appdev/refs/api/krb5_c_verify_checksum_iov.txt new file mode 100644 index 000000000000..e8c37b3ce639 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_c_verify_checksum_iov.txt @@ -0,0 +1,70 @@ +krb5_c_verify_checksum_iov - Validate a checksum element in IOV array (operates on keyblock). +=============================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_c_verify_checksum_iov(krb5_context context, krb5_cksumtype cksumtype, const krb5_keyblock * key, krb5_keyusage usage, const krb5_crypto_iov * data, size_t num_data, krb5_boolean * valid) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **cksumtype** - Checksum type (0 for mandatory type) + + **[in]** **key** - Encryption key for a keyed checksum + + **[in]** **usage** - Key usage (see :data:`KRB5_KEYUSAGE` types) + + **[in]** **data** - IOV array + + **[in]** **num_data** - Size of *data* + + **[out]** **valid** - Non-zero for success, zero for failure + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +Confirm that the checksum in the :data:`KRB5_CRYPTO_TYPE_CHECKSUM` element is a valid checksum of the :data:`KRB5_CRYPTO_TYPE_DATA` and :data:`KRB5_CRYPTO_TYPE_SIGN_ONLY` regions in the iov. + + + + + + + + + + +.. + +.. seealso:: + :c:func:`krb5_c_make_checksum_iov()` + + + + + + +.. note:: + + This function is similar to :c:func:`krb5_k_verify_checksum_iov()` , but operates on keyblock *key* . + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_calculate_checksum.txt b/doc/html/_sources/appdev/refs/api/krb5_calculate_checksum.txt new file mode 100644 index 000000000000..ef40b12e32db --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_calculate_checksum.txt @@ -0,0 +1,54 @@ +krb5_calculate_checksum +======================= + +.. + +.. c:function:: krb5_error_code krb5_calculate_checksum(krb5_context context, krb5_cksumtype ctype, krb5_const_pointer in, size_t in_length, krb5_const_pointer seed, size_t seed_length, krb5_checksum * outcksum) + +.. + + +:param: + + **context** + + **ctype** + + **in** + + **in_length** + + **seed** + + **seed_length** + + **outcksum** + + +.. + + + +.. + + +DEPRECATED See krb5_c_make_checksum() + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_cache_match.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_cache_match.txt new file mode 100644 index 000000000000..3e01accab529 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_cache_match.txt @@ -0,0 +1,56 @@ +krb5_cc_cache_match - Find a credential cache with a specified client principal. +================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_cc_cache_match(krb5_context context, krb5_principal client, krb5_ccache * cache_out) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **client** - Client principal + + **[out]** **cache_out** - Credential cache handle + + +.. + + +:retval: + - 0 Success + - KRB5_CC_NOTFOUND None + + +.. + + + + + + + +Find a cache within the collection whose default principal is *client* . Use *krb5_cc_close* to close *ccache* when it is no longer needed. + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.10 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_close.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_close.txt new file mode 100644 index 000000000000..6a58c9a214ab --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_close.txt @@ -0,0 +1,52 @@ +krb5_cc_close - Close a credential cache handle. +================================================== + +.. + +.. c:function:: krb5_error_code krb5_cc_close(krb5_context context, krb5_ccache cache) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **cache** - Credential cache handle + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +This function closes a credential cache handle *cache* without affecting the contents of the cache. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_copy_creds.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_copy_creds.txt new file mode 100644 index 000000000000..f3af7c11665f --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_copy_creds.txt @@ -0,0 +1,47 @@ +krb5_cc_copy_creds - Copy a credential cache. +=============================================== + +.. + +.. c:function:: krb5_error_code krb5_cc_copy_creds(krb5_context context, krb5_ccache incc, krb5_ccache outcc) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **incc** - Credential cache to be copied + + **[out]** **outcc** - Copy of credential cache to be filled in + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_default.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_default.txt new file mode 100644 index 000000000000..3a85ba4a1fd5 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_default.txt @@ -0,0 +1,54 @@ +krb5_cc_default - Resolve the default credential cache name. +============================================================== + +.. + +.. c:function:: krb5_error_code krb5_cc_default(krb5_context context, krb5_ccache * ccache) + +.. + + +:param: + + **[in]** **context** - Library context + + **[out]** **ccache** - Pointer to credential cache name + + +.. + + +:retval: + - 0 Success + - KV5M_CONTEXT Bad magic number for _krb5_context structure + - KRB5_FCC_INTERNAL The name of the default credential cache cannot be obtained + + +:return: + - Kerberos error codes + +.. + + + + + + + +Create a handle to the default credential cache as given by :c:func:`krb5_cc_default_name()` . + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_default_name.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_default_name.txt new file mode 100644 index 000000000000..f54c5e5c973f --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_default_name.txt @@ -0,0 +1,51 @@ +krb5_cc_default_name - Return the name of the default credential cache. +========================================================================= + +.. + +.. c:function:: const char * krb5_cc_default_name(krb5_context context) + +.. + + +:param: + + **[in]** **context** - Library context + + +.. + + + +:return: + - Name of default credential cache for the current user. + +.. + + + + + + + +Return a pointer to the default credential cache name for *context* , as determined by a prior call to :c:func:`krb5_cc_set_default_name()` , by the KRB5CCNAME environment variable, by the default_ccache_name profile variable, or by the operating system or build-time default value. The returned value must not be modified or freed by the caller. The returned value becomes invalid when *context* is destroyed :c:func:`krb5_free_context()` or if a subsequent call to :c:func:`krb5_cc_set_default_name()` is made on *context* . + + + +The default credential cache name is cached in *context* between calls to this function, so if the value of KRB5CCNAME changes in the process environment after the first call to this function on, that change will not be reflected in later calls with the same context. The caller can invoke :c:func:`krb5_cc_set_default_name()` with a NULL value of *name* to clear the cached value and force the default name to be recomputed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_destroy.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_destroy.txt new file mode 100644 index 000000000000..12254719d3d0 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_destroy.txt @@ -0,0 +1,52 @@ +krb5_cc_destroy - Destroy a credential cache. +=============================================== + +.. + +.. c:function:: krb5_error_code krb5_cc_destroy(krb5_context context, krb5_ccache cache) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **cache** - Credential cache handle + + +.. + + +:retval: + - 0 Success + + +:return: + - Permission errors + +.. + + + + + + + +This function destroys any existing contents of *cache* and closes the handle to it. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_dup.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_dup.txt new file mode 100644 index 000000000000..00179a0bf06c --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_dup.txt @@ -0,0 +1,44 @@ +krb5_cc_dup - Duplicate ccache handle. +======================================== + +.. + +.. c:function:: krb5_error_code krb5_cc_dup(krb5_context context, krb5_ccache in, krb5_ccache * out) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **in** - Credential cache handle to be duplicated + + **[out]** **out** - Credential cache handle + + +.. + + + +.. + + + + + + + +Create a new handle referring to the same cache as *in* . The new handle and *in* can be closed independently. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_end_seq_get.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_end_seq_get.txt new file mode 100644 index 000000000000..b5b0900972a9 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_end_seq_get.txt @@ -0,0 +1,54 @@ +krb5_cc_end_seq_get - Finish a series of sequential processing credential cache entries. +========================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_cc_end_seq_get(krb5_context context, krb5_ccache cache, krb5_cc_cursor * cursor) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **cache** - Credential cache handle + + **[in]** **cursor** - Cursor + + +.. + + +:retval: + - 0 (always) + + +.. + + + + + + + +This function finishes processing credential cache entries and invalidates *cursor* . + + + + + + + + + + +.. + +.. seealso:: + :c:func:`krb5_cc_start_seq_get()` , :c:func:`krb5_cc_next_cred()` + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_gen_new.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_gen_new.txt new file mode 100644 index 000000000000..3672b36274c8 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_gen_new.txt @@ -0,0 +1,39 @@ +krb5_cc_gen_new +=============== + +.. + +.. c:function:: krb5_error_code krb5_cc_gen_new(krb5_context context, krb5_ccache * cache) + +.. + + +:param: + + **context** + + **cache** + + +.. + + + +.. + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_get_config.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_get_config.txt new file mode 100644 index 000000000000..4021ee60e7f5 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_get_config.txt @@ -0,0 +1,58 @@ +krb5_cc_get_config - Get a configuration value from a credential cache. +========================================================================= + +.. + +.. c:function:: krb5_error_code krb5_cc_get_config(krb5_context context, krb5_ccache id, krb5_const_principal principal, const char * key, krb5_data * data) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **id** - Credential cache handle + + **[in]** **principal** - Configuration for this principal; if NULL, global for the whole cache + + **[in]** **key** - Name of config variable + + **[out]** **data** - Data to be fetched + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +Use :c:func:`krb5_free_data_contents()` to free *data* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_get_flags.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_get_flags.txt new file mode 100644 index 000000000000..ca764c8b4f06 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_get_flags.txt @@ -0,0 +1,55 @@ +krb5_cc_get_flags - Retrieve flags from a credential cache structure. +======================================================================= + +.. + +.. c:function:: krb5_error_code krb5_cc_get_flags(krb5_context context, krb5_ccache cache, krb5_flags * flags) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **cache** - Credential cache handle + + **[out]** **flags** - Flag bit mask + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + + + + + + + + +.. + + + + + +.. warning:: + + For memory credential cache always returns a flag mask of 0. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_get_full_name.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_get_full_name.txt new file mode 100644 index 000000000000..7c570459724f --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_get_full_name.txt @@ -0,0 +1,52 @@ +krb5_cc_get_full_name - Retrieve the full name of a credential cache. +======================================================================= + +.. + +.. c:function:: krb5_error_code krb5_cc_get_full_name(krb5_context context, krb5_ccache cache, char ** fullname_out) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **cache** - Credential cache handle + + **[out]** **fullname_out** - Full name of cache + + +.. + + + +.. + + + + + + + +Use :c:func:`krb5_free_string()` to free *fullname_out* when it is no longer needed. + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.10 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_get_name.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_get_name.txt new file mode 100644 index 000000000000..34afeee49de6 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_get_name.txt @@ -0,0 +1,53 @@ +krb5_cc_get_name - Retrieve the name, but not type of a credential cache. +=========================================================================== + +.. + +.. c:function:: const char * krb5_cc_get_name(krb5_context context, krb5_ccache cache) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **cache** - Credential cache handle + + +.. + + + +:return: + - On success - the name of the credential cache. + +.. + + + + + + + + + + + + + + +.. + + + + + +.. warning:: + + Returns the name of the credential cache. The result is an alias into *cache* and should not be freed or modified by the caller. This name does not include the cache type, so should not be used as input to :c:func:`krb5_cc_resolve()` . + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_get_principal.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_get_principal.txt new file mode 100644 index 000000000000..139817c0451b --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_get_principal.txt @@ -0,0 +1,58 @@ +krb5_cc_get_principal - Get the default principal of a credential cache. +========================================================================== + +.. + +.. c:function:: krb5_error_code krb5_cc_get_principal(krb5_context context, krb5_ccache cache, krb5_principal * principal) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **cache** - Credential cache handle + + **[out]** **principal** - Primary principal + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +Returns the default client principal of a credential cache as set by :c:func:`krb5_cc_initialize()` . + + + +Use :c:func:`krb5_free_principal()` to free *principal* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_get_type.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_get_type.txt new file mode 100644 index 000000000000..a970bd6d1974 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_get_type.txt @@ -0,0 +1,45 @@ +krb5_cc_get_type - Retrieve the type of a credential cache. +============================================================= + +.. + +.. c:function:: const char * krb5_cc_get_type(krb5_context context, krb5_ccache cache) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **cache** - Credential cache handle + + +.. + + + +:return: + - The type of a credential cache as an alias that must not be modified or freed by the caller. + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_initialize.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_initialize.txt new file mode 100644 index 000000000000..d306a2924db0 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_initialize.txt @@ -0,0 +1,54 @@ +krb5_cc_initialize - Initialize a credential cache. +===================================================== + +.. + +.. c:function:: krb5_error_code krb5_cc_initialize(krb5_context context, krb5_ccache cache, krb5_principal principal) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **cache** - Credential cache handle + + **[in]** **principal** - Default principal name + + +.. + + +:retval: + - 0 Success + + +:return: + - System errors; Permission errors; Kerberos error codes + +.. + + + + + + + +Destroy any existing contents of *cache* and initialize it for the default principal *principal* . + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_last_change_time.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_last_change_time.txt new file mode 100644 index 000000000000..c3c5701b2ead --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_last_change_time.txt @@ -0,0 +1,44 @@ +krb5_cc_last_change_time - Return a timestamp of the last modification to a credential cache. +=============================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_cc_last_change_time(krb5_context context, krb5_ccache ccache, krb5_timestamp * change_time) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **ccache** - Credential cache handle + + **[out]** **change_time** - The last change time of *ccache* + + +.. + + + +.. + + + + + + + +If an error occurs, *change_time* is set to 0. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_lock.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_lock.txt new file mode 100644 index 000000000000..58dfe6f412b7 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_lock.txt @@ -0,0 +1,49 @@ +krb5_cc_lock - Lock a credential cache. +========================================= + +.. + +.. c:function:: krb5_error_code krb5_cc_lock(krb5_context context, krb5_ccache ccache) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **ccache** - Credential cache handle + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +Use :c:func:`krb5_cc_unlock()` to unlock the lock. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_move.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_move.txt new file mode 100644 index 000000000000..ba9f0fd1ee7d --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_move.txt @@ -0,0 +1,54 @@ +krb5_cc_move - Move a credential cache. +========================================= + +.. + +.. c:function:: krb5_error_code krb5_cc_move(krb5_context context, krb5_ccache src, krb5_ccache dst) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **src** - The credential cache to move the content from + + **[in]** **dst** - The credential cache to move the content to + + +.. + + +:retval: + - 0 Success; src is closed. + + +:return: + - Kerberos error codes; src is still allocated. + +.. + + + + + + + +This function reinitializes *dst* and populates it with the credentials and default principal of *src* ; then, if successful, destroys *src* . + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_new_unique.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_new_unique.txt new file mode 100644 index 000000000000..e4313c07c636 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_new_unique.txt @@ -0,0 +1,52 @@ +krb5_cc_new_unique - Create a new credential cache of the specified type with a unique name. +============================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_cc_new_unique(krb5_context context, const char * type, const char * hint, krb5_ccache * id) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **type** - Credential cache type name + + **[in]** **hint** - Unused + + **[out]** **id** - Credential cache handle + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_next_cred.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_next_cred.txt new file mode 100644 index 000000000000..98d2586cd1e3 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_next_cred.txt @@ -0,0 +1,60 @@ +krb5_cc_next_cred - Retrieve the next entry from the credential cache. +======================================================================== + +.. + +.. c:function:: krb5_error_code krb5_cc_next_cred(krb5_context context, krb5_ccache cache, krb5_cc_cursor * cursor, krb5_creds * creds) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **cache** - Credential cache handle + + **[in]** **cursor** - Cursor + + **[out]** **creds** - Next credential cache entry + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function fills in *creds* with the next entry in *cache* and advances *cursor* . + + + +Use :c:func:`krb5_free_cred_contents()` to free *creds* when it is no longer needed. + + + + + + + + + + +.. + +.. seealso:: + :c:func:`krb5_cc_start_seq_get()` , krb5_end_seq_get() + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_remove_cred.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_remove_cred.txt new file mode 100644 index 000000000000..3843e74ad716 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_remove_cred.txt @@ -0,0 +1,64 @@ +krb5_cc_remove_cred - Remove credentials from a credential cache. +=================================================================== + +.. + +.. c:function:: krb5_error_code krb5_cc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags, krb5_creds * creds) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **cache** - Credential cache handle + + **[in]** **flags** - Bitwise-ORed search flags + + **[in]** **creds** - Credentials to be matched + + +.. + + +:retval: + - KRB5_CC_NOSUPP Not implemented for this cache type + + +:return: + - No matches found; Data cannot be deleted; Kerberos error codes + +.. + + + + + + + +This function accepts the same flag values as :c:func:`krb5_cc_retrieve_cred()` . + + + + + + + + + + +.. + + + + + +.. warning:: + + This function is not implemented for some cache types. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_resolve.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_resolve.txt new file mode 100644 index 000000000000..746ac6c2632c --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_resolve.txt @@ -0,0 +1,58 @@ +krb5_cc_resolve - Resolve a credential cache name. +==================================================== + +.. + +.. c:function:: krb5_error_code krb5_cc_resolve(krb5_context context, const char * name, krb5_ccache * cache) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **name** - Credential cache name to be resolved + + **[out]** **cache** - Credential cache handle + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +Fills in *cache* with a *cache* handle that corresponds to the name in *name* . *name* should be of the form **type:residual** , and *type* must be a type known to the library. If the *name* does not contain a colon, interpret it as a file name. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_retrieve_cred.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_retrieve_cred.txt new file mode 100644 index 000000000000..b334e3062a01 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_retrieve_cred.txt @@ -0,0 +1,94 @@ +krb5_cc_retrieve_cred - Retrieve a specified credentials from a credential cache. +=================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_cc_retrieve_cred(krb5_context context, krb5_ccache cache, krb5_flags flags, krb5_creds * mcreds, krb5_creds * creds) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **cache** - Credential cache handle + + **[in]** **flags** - Flags bit mask + + **[in]** **mcreds** - Credentials to match + + **[out]** **creds** - Credentials matching the requested value + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function searches a credential cache for credentials matching *mcreds* and returns it if found. + + + +Valid values for *flags* are: + + + + + + - :data:`KRB5_TC_MATCH_TIMES` The requested lifetime must be at least as great as in *mcreds* . + + + - :data:`KRB5_TC_MATCH_IS_SKEY` The *is_skey* field much match exactly. + + + - :data:`KRB5_TC_MATCH_FLAGS` Flags set in *mcreds* must be set. + + + - :data:`KRB5_TC_MATCH_TIMES_EXACT` The requested lifetime must match exactly. + + + - :data:`KRB5_TC_MATCH_FLAGS_EXACT` Flags must match exactly. + + + - :data:`KRB5_TC_MATCH_AUTHDATA` The authorization data must match. + + + - :data:`KRB5_TC_MATCH_SRV_NAMEONLY` Only the name portion of the principal name must match, not the realm. + + + - :data:`KRB5_TC_MATCH_2ND_TKT` The second tickets must match. + + + - :data:`KRB5_TC_MATCH_KTYPE` The encryption key types must match. + + + - :data:`KRB5_TC_SUPPORTED_KTYPES` Check all matching entries that have any supported encryption type and return the one with the encryption type listed earliest. + + Use :c:func:`krb5_free_cred_contents()` to free *creds* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_select.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_select.txt new file mode 100644 index 000000000000..221eb2844460 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_select.txt @@ -0,0 +1,73 @@ +krb5_cc_select - Select a credential cache to use with a server principal. +============================================================================ + +.. + +.. c:function:: krb5_error_code krb5_cc_select(krb5_context context, krb5_principal server, krb5_ccache * cache_out, krb5_principal * princ_out) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **server** - Server principal + + **[out]** **cache_out** - Credential cache handle + + **[out]** **princ_out** - Client principal + + +.. + + + +:return: + - If an appropriate cache is found, 0 is returned, cache_out is set to the selected cache, and princ_out is set to the default principal of that cache. + +.. + + + + + + + +Select a cache within the collection containing credentials most appropriate for use with *server* , according to configured rules and heuristics. + + + +Use :c:func:`krb5_cc_close()` to release *cache_out* when it is no longer needed. Use :c:func:`krb5_free_principal()` to release *princ_out* when it is no longer needed. Note that *princ_out* is set in some error conditions. + + + +If the appropriate client principal can be authoritatively determined but the cache collection contains no credentials for that principal, then KRB5_CC_NOTFOUND is returned, *cache_out* is set to NULL, and *princ_out* is set to the appropriate client principal. + + + +If no configured mechanism can determine the appropriate cache or principal, KRB5_CC_NOTFOUND is returned and *cache_out* and *princ_out* are set to NULL. + + + +Any other error code indicates a fatal error in the processing of a cache selection mechanism. + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.10 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_set_config.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_set_config.txt new file mode 100644 index 000000000000..fdcc61391db3 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_set_config.txt @@ -0,0 +1,66 @@ +krb5_cc_set_config - Store a configuration value in a credential cache. +========================================================================= + +.. + +.. c:function:: krb5_error_code krb5_cc_set_config(krb5_context context, krb5_ccache id, krb5_const_principal principal, const char * key, krb5_data * data) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **id** - Credential cache handle + + **[in]** **principal** - Configuration for a specific principal; if NULL, global for the whole cache + + **[in]** **key** - Name of config variable + + **[in]** **data** - Data to store, or NULL to remove + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + + + + + + + + +.. + + + + + +.. warning:: + + Before version 1.10 *data* was assumed to be always non-null. + + +.. note:: + + Existing configuration under the same key is over-written. + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_set_default_name.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_set_default_name.txt new file mode 100644 index 000000000000..f1eb902c25e8 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_set_default_name.txt @@ -0,0 +1,57 @@ +krb5_cc_set_default_name - Set the default credential cache name. +=================================================================== + +.. + +.. c:function:: krb5_error_code krb5_cc_set_default_name(krb5_context context, const char * name) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **name** - Default credential cache name or NULL + + +.. + + +:retval: + - 0 Success + - KV5M_CONTEXT Bad magic number for _krb5_context structure + + +:return: + - Kerberos error codes + +.. + + + + + + + +Set the default credential cache name to *name* for future operations using *context* . If *name* is NULL, clear any previous application-set default name and forget any cached value of the default name for *context* . + + + +Calls to this function invalidate the result of any previous calls to :c:func:`krb5_cc_default_name()` using *context* . + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_set_flags.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_set_flags.txt new file mode 100644 index 000000000000..d68d874835e0 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_set_flags.txt @@ -0,0 +1,51 @@ +krb5_cc_set_flags - Set options flags on a credential cache. +============================================================== + +.. + +.. c:function:: krb5_error_code krb5_cc_set_flags(krb5_context context, krb5_ccache cache, krb5_flags flags) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **cache** - Credential cache handle + + **[in]** **flags** - Flag bit mask + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function resets *cache* flags to *flags* . + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_start_seq_get.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_start_seq_get.txt new file mode 100644 index 000000000000..75f4b09f1d17 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_start_seq_get.txt @@ -0,0 +1,59 @@ +krb5_cc_start_seq_get - Prepare to sequentially read every credential in a credential cache. +============================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_cc_start_seq_get(krb5_context context, krb5_ccache cache, krb5_cc_cursor * cursor) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **cache** - Credential cache handle + + **[out]** **cursor** - Cursor + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + + :c:func:`krb5_cc_end_seq_get()` must be called to complete the retrieve operation. + + + + + + + + + + +.. + + + + + + +.. note:: + + If *cache* is modified between the time of the call to this function and the time of the final :c:func:`krb5_cc_end_seq_get()` , the results are undefined. + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_store_cred.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_store_cred.txt new file mode 100644 index 000000000000..1cc27ccc8685 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_store_cred.txt @@ -0,0 +1,54 @@ +krb5_cc_store_cred - Store credentials in a credential cache. +=============================================================== + +.. + +.. c:function:: krb5_error_code krb5_cc_store_cred(krb5_context context, krb5_ccache cache, krb5_creds * creds) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **cache** - Credential cache handle + + **[in]** **creds** - Credentials to be stored in cache + + +.. + + +:retval: + - 0 Success + + +:return: + - Permission errors; storage failure errors; Kerberos error codes + +.. + + + + + + + +This function stores *creds* into *cache* . If *creds->server* and the server in the decoded ticket *creds->ticket* differ, the credentials will be stored under both server principal names. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_support_switch.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_support_switch.txt new file mode 100644 index 000000000000..394629b0f939 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_support_switch.txt @@ -0,0 +1,50 @@ +krb5_cc_support_switch - Determine whether a credential cache type supports switching. +======================================================================================== + +.. + +.. c:function:: krb5_boolean krb5_cc_support_switch(krb5_context context, const char * type) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **type** - Credential cache type + + +.. + + +:retval: + - TRUE if type supports switching + - FALSE if it does not or is not a valid credential cache type. + + +.. + + + + + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.10 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_switch.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_switch.txt new file mode 100644 index 000000000000..ef4c570d4c74 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_switch.txt @@ -0,0 +1,52 @@ +krb5_cc_switch - Make a credential cache the primary cache for its collection. +================================================================================ + +.. + +.. c:function:: krb5_error_code krb5_cc_switch(krb5_context context, krb5_ccache cache) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **cache** - Credential cache handle + + +.. + + +:retval: + - 0 Success, or the type of cache doesn't support switching + + +:return: + - Kerberos error codes + +.. + + + + + + + +If the type of *cache* supports it, set *cache* to be the primary credential cache for the collection it belongs to. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cc_unlock.txt b/doc/html/_sources/appdev/refs/api/krb5_cc_unlock.txt new file mode 100644 index 000000000000..5e280461af3b --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cc_unlock.txt @@ -0,0 +1,49 @@ +krb5_cc_unlock - Unlock a credential cache. +============================================= + +.. + +.. c:function:: krb5_error_code krb5_cc_unlock(krb5_context context, krb5_ccache ccache) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **ccache** - Credential cache handle + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function unlocks the *ccache* locked by :c:func:`krb5_cc_lock()` . + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cccol_cursor_free.txt b/doc/html/_sources/appdev/refs/api/krb5_cccol_cursor_free.txt new file mode 100644 index 000000000000..14bc7306c1d6 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cccol_cursor_free.txt @@ -0,0 +1,48 @@ +krb5_cccol_cursor_free - Free a credential cache collection cursor. +===================================================================== + +.. + +.. c:function:: krb5_error_code krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor * cursor) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **cursor** - Cursor + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + + + + + + + + +.. + +.. seealso:: + :c:func:`krb5_cccol_cursor_new()` , :c:func:`krb5_cccol_cursor_next()` + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cccol_cursor_new.txt b/doc/html/_sources/appdev/refs/api/krb5_cccol_cursor_new.txt new file mode 100644 index 000000000000..8a447fc6a4dc --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cccol_cursor_new.txt @@ -0,0 +1,56 @@ +krb5_cccol_cursor_new - Prepare to iterate over the collection of known credential caches. +============================================================================================ + +.. + +.. c:function:: krb5_error_code krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor * cursor) + +.. + + +:param: + + **[in]** **context** - Library context + + **[out]** **cursor** - Cursor + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +Get a new cache iteration *cursor* that will iterate over all known credential caches independent of type. + + + +Use :c:func:`krb5_cccol_cursor_free()` to release *cursor* when it is no longer needed. + + + + + + + + + + +.. + +.. seealso:: + :c:func:`krb5_cccol_cursor_next()` + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cccol_cursor_next.txt b/doc/html/_sources/appdev/refs/api/krb5_cccol_cursor_next.txt new file mode 100644 index 000000000000..7b8c9646280e --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cccol_cursor_next.txt @@ -0,0 +1,62 @@ +krb5_cccol_cursor_next - Get the next credential cache in the collection. +=========================================================================== + +.. + +.. c:function:: krb5_error_code krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor, krb5_ccache * ccache) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **cursor** - Cursor + + **[out]** **ccache** - Credential cache handle + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +Use :c:func:`krb5_cc_close()` to close *ccache* when it is no longer needed. + + + + + + + + + + +.. + +.. seealso:: + :c:func:`krb5_cccol_cursor_new()` , :c:func:`krb5_cccol_cursor_free()` + + + + + + +.. note:: + + When all caches are iterated over and the end of the list is reached, *ccache* is set to NULL. + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cccol_have_content.txt b/doc/html/_sources/appdev/refs/api/krb5_cccol_have_content.txt new file mode 100644 index 000000000000..fbd6a8565c6e --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cccol_have_content.txt @@ -0,0 +1,48 @@ +krb5_cccol_have_content - Check if the credential cache collection contains any credentials. +============================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_cccol_have_content(krb5_context context) + +.. + + +:param: + + **[in]** **context** - Library context + + +.. + + +:retval: + - 0 Credentials are available in the collection + - KRB5_CC_NOTFOUND The collection contains no credentials + + +.. + + + + + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.11 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cccol_last_change_time.txt b/doc/html/_sources/appdev/refs/api/krb5_cccol_last_change_time.txt new file mode 100644 index 000000000000..b6868d061098 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cccol_last_change_time.txt @@ -0,0 +1,53 @@ +krb5_cccol_last_change_time - Return a timestamp of the last modification of any known credential cache. +========================================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_cccol_last_change_time(krb5_context context, krb5_timestamp * change_time) + +.. + + +:param: + + **[in]** **context** - Library context + + **[out]** **change_time** - Last modification timestamp + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function returns the most recent modification time of any known credential cache, ignoring any caches which cannot supply a last modification time. + + + +If there are no known credential caches, *change_time* is set to 0. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cccol_lock.txt b/doc/html/_sources/appdev/refs/api/krb5_cccol_lock.txt new file mode 100644 index 000000000000..79071292e271 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cccol_lock.txt @@ -0,0 +1,51 @@ +krb5_cccol_lock - Acquire a global lock for credential caches. +================================================================ + +.. + +.. c:function:: krb5_error_code krb5_cccol_lock(krb5_context context) + +.. + + +:param: + + **[in]** **context** - Library context + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function locks the global credential cache collection, ensuring that no ccaches are added to or removed from it until the collection lock is released. + + + +Use :c:func:`krb5_cccol_unlock()` to unlock the lock. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cccol_unlock.txt b/doc/html/_sources/appdev/refs/api/krb5_cccol_unlock.txt new file mode 100644 index 000000000000..4c5a2145e335 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cccol_unlock.txt @@ -0,0 +1,47 @@ +krb5_cccol_unlock - Release a global lock for credential caches. +================================================================== + +.. + +.. c:function:: krb5_error_code krb5_cccol_unlock(krb5_context context) + +.. + + +:param: + + **[in]** **context** - Library context + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function unlocks the lock from :c:func:`krb5_cccol_lock()` . + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_change_password.txt b/doc/html/_sources/appdev/refs/api/krb5_change_password.txt new file mode 100644 index 000000000000..7c5db7f5c5f1 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_change_password.txt @@ -0,0 +1,77 @@ +krb5_change_password - Change a password for an existing Kerberos account. +============================================================================ + +.. + +.. c:function:: krb5_error_code krb5_change_password(krb5_context context, krb5_creds * creds, const char * newpw, int * result_code, krb5_data * result_code_string, krb5_data * result_string) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **creds** - Credentials for kadmin/changepw service + + **[in]** **newpw** - New password + + **[out]** **result_code** - Numeric error code from server + + **[out]** **result_code_string** - String equivalent to *result_code* + + **[out]** **result_string** - Change password response from the KDC + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +Change the password for the existing principal identified by *creds* . + + + +The possible values of the output *result_code* are: + + + + + + - :data:`KRB5_KPASSWD_SUCCESS` (0) - success + + + - :data:`KRB5_KPASSWD_MALFORMED` (1) - Malformed request error + + + - :data:`KRB5_KPASSWD_HARDERROR` (2) - Server error + + + - :data:`KRB5_KPASSWD_AUTHERROR` (3) - Authentication error + + + - :data:`KRB5_KPASSWD_SOFTERROR` (4) - Password change rejected + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_check_clockskew.txt b/doc/html/_sources/appdev/refs/api/krb5_check_clockskew.txt new file mode 100644 index 000000000000..4999d4851800 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_check_clockskew.txt @@ -0,0 +1,54 @@ +krb5_check_clockskew - Check if a timestamp is within the allowed clock skew of the current time. +=================================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_check_clockskew(krb5_context context, krb5_timestamp date) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **date** - Timestamp to check + + +.. + + +:retval: + - 0 Success + - KRB5KRB_AP_ERR_SKEW date is not within allowable clock skew + + +.. + + + + + + + +This function checks if *date* is close enough to the current time according to the configured allowable clock skew. + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.10 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_checksum_size.txt b/doc/html/_sources/appdev/refs/api/krb5_checksum_size.txt new file mode 100644 index 000000000000..5a6769914f13 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_checksum_size.txt @@ -0,0 +1,44 @@ +krb5_checksum_size +================== + +.. + +.. c:function:: size_t krb5_checksum_size(krb5_context context, krb5_cksumtype ctype) + +.. + + +:param: + + **context** + + **ctype** + + +.. + + + +.. + + +DEPRECATED See krb5_c_checksum_length() + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_chpw_message.txt b/doc/html/_sources/appdev/refs/api/krb5_chpw_message.txt new file mode 100644 index 000000000000..372c95d29f61 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_chpw_message.txt @@ -0,0 +1,62 @@ +krb5_chpw_message - Get a result message for changing or setting a password. +============================================================================== + +.. + +.. c:function:: krb5_error_code krb5_chpw_message(krb5_context context, const krb5_data * server_string, char ** message_out) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **server_string** - Data returned from the remote system + + **[out]** **message_out** - A message displayable to the user + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +This function processes the *server_string* returned in the *result_string* parameter of :c:func:`krb5_change_password()` , :c:func:`krb5_set_password()` , and related functions, and returns a displayable string. If *server_string* contains Active Directory structured policy information, it will be converted into human-readable text. + + + +Use :c:func:`krb5_free_string()` to free *message_out* when it is no longer needed. + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.11 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_cksumtype_to_string.txt b/doc/html/_sources/appdev/refs/api/krb5_cksumtype_to_string.txt new file mode 100644 index 000000000000..a297c8f9666d --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_cksumtype_to_string.txt @@ -0,0 +1,47 @@ +krb5_cksumtype_to_string - Convert a checksum type to a string. +================================================================= + +.. + +.. c:function:: krb5_error_code krb5_cksumtype_to_string(krb5_cksumtype cksumtype, char * buffer, size_t buflen) + +.. + + +:param: + + **[in]** **cksumtype** - Checksum type + + **[out]** **buffer** - Buffer to hold converted checksum type + + **[in]** **buflen** - Storage available in *buffer* + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_clear_error_message.txt b/doc/html/_sources/appdev/refs/api/krb5_clear_error_message.txt new file mode 100644 index 000000000000..c988ca3ab07b --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_clear_error_message.txt @@ -0,0 +1,40 @@ +krb5_clear_error_message - Clear the extended error message in a context. +=========================================================================== + +.. + +.. c:function:: void krb5_clear_error_message(krb5_context ctx) + +.. + + +:param: + + **[in]** **ctx** - Library context + + +.. + + + +.. + + + + + + + +This function unsets the extended error message in a context, to ensure that it is not mistakenly applied to another occurrence of the same error code. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_copy_addresses.txt b/doc/html/_sources/appdev/refs/api/krb5_copy_addresses.txt new file mode 100644 index 000000000000..a9c7c748356e --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_copy_addresses.txt @@ -0,0 +1,51 @@ +krb5_copy_addresses - Copy an array of addresses. +=================================================== + +.. + +.. c:function:: krb5_error_code krb5_copy_addresses(krb5_context context, krb5_address *const * inaddr, krb5_address *** outaddr) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **inaddr** - Array of addresses to be copied + + **[out]** **outaddr** - Copy of array of addresses + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function creates a new address array containing a copy of *inaddr* . Use :c:func:`krb5_free_addresses()` to free *outaddr* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_copy_authdata.txt b/doc/html/_sources/appdev/refs/api/krb5_copy_authdata.txt new file mode 100644 index 000000000000..0ee9ba0c6f0e --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_copy_authdata.txt @@ -0,0 +1,59 @@ +krb5_copy_authdata - Copy an authorization data list. +======================================================= + +.. + +.. c:function:: krb5_error_code krb5_copy_authdata(krb5_context context, krb5_authdata *const * in_authdat, krb5_authdata *** out) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **in_authdat** - List of *krb5_authdata* structures + + **[out]** **out** - New array of *krb5_authdata* structures + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function creates a new authorization data list containing a copy of *in_authdat* , which must be null-terminated. Use :c:func:`krb5_free_authdata()` to free *out* when it is no longer needed. + + + + + + + + + + +.. + + + + + + +.. note:: + + The last array entry in *in_authdat* must be a NULL pointer. + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_copy_authenticator.txt b/doc/html/_sources/appdev/refs/api/krb5_copy_authenticator.txt new file mode 100644 index 000000000000..bc0c3459d80d --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_copy_authenticator.txt @@ -0,0 +1,51 @@ +krb5_copy_authenticator - Copy a krb5_authenticator structure. +================================================================ + +.. + +.. c:function:: krb5_error_code krb5_copy_authenticator(krb5_context context, const krb5_authenticator * authfrom, krb5_authenticator ** authto) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **authfrom** - krb5_authenticator structure to be copied + + **[out]** **authto** - Copy of krb5_authenticator structure + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function creates a new krb5_authenticator structure with the content of *authfrom* . Use :c:func:`krb5_free_authenticator()` to free *authto* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_copy_checksum.txt b/doc/html/_sources/appdev/refs/api/krb5_copy_checksum.txt new file mode 100644 index 000000000000..1c9395501490 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_copy_checksum.txt @@ -0,0 +1,51 @@ +krb5_copy_checksum - Copy a krb5_checksum structure. +====================================================== + +.. + +.. c:function:: krb5_error_code krb5_copy_checksum(krb5_context context, const krb5_checksum * ckfrom, krb5_checksum ** ckto) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **ckfrom** - Checksum to be copied + + **[out]** **ckto** - Copy of krb5_checksum structure + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function creates a new krb5_checksum structure with the contents of *ckfrom* . Use :c:func:`krb5_free_checksum()` to free *ckto* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_copy_context.txt b/doc/html/_sources/appdev/refs/api/krb5_copy_context.txt new file mode 100644 index 000000000000..2b5d2154dd11 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_copy_context.txt @@ -0,0 +1,52 @@ +krb5_copy_context - Copy a krb5_context structure. +==================================================== + +.. + +.. c:function:: krb5_error_code krb5_copy_context(krb5_context ctx, krb5_context * nctx_out) + +.. + + +:param: + + **[in]** **ctx** - Library context + + **[out]** **nctx_out** - New context structure + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +The newly created context must be released by calling :c:func:`krb5_free_context()` when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_copy_creds.txt b/doc/html/_sources/appdev/refs/api/krb5_copy_creds.txt new file mode 100644 index 000000000000..862293b075bc --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_copy_creds.txt @@ -0,0 +1,51 @@ +krb5_copy_creds - Copy a krb5_creds structure. +================================================ + +.. + +.. c:function:: krb5_error_code krb5_copy_creds(krb5_context context, const krb5_creds * incred, krb5_creds ** outcred) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **incred** - Credentials structure to be copied + + **[out]** **outcred** - Copy of *incred* + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function creates a new credential with the contents of *incred* . Use :c:func:`krb5_free_creds()` to free *outcred* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_copy_data.txt b/doc/html/_sources/appdev/refs/api/krb5_copy_data.txt new file mode 100644 index 000000000000..81ad0f2af5b0 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_copy_data.txt @@ -0,0 +1,51 @@ +krb5_copy_data - Copy a krb5_data object. +=========================================== + +.. + +.. c:function:: krb5_error_code krb5_copy_data(krb5_context context, const krb5_data * indata, krb5_data ** outdata) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **indata** - Data object to be copied + + **[out]** **outdata** - Copy of *indata* + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function creates a new krb5_data object with the contents of *indata* . Use :c:func:`krb5_free_data()` to free *outdata* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_copy_error_message.txt b/doc/html/_sources/appdev/refs/api/krb5_copy_error_message.txt new file mode 100644 index 000000000000..3904cabfff44 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_copy_error_message.txt @@ -0,0 +1,42 @@ +krb5_copy_error_message - Copy the most recent extended error message from one context to another. +==================================================================================================== + +.. + +.. c:function:: void krb5_copy_error_message(krb5_context dest_ctx, krb5_context src_ctx) + +.. + + +:param: + + **[in]** **dest_ctx** - Library context to copy message to + + **[in]** **src_ctx** - Library context with current message + + +.. + + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_copy_keyblock.txt b/doc/html/_sources/appdev/refs/api/krb5_copy_keyblock.txt new file mode 100644 index 000000000000..5bb2958ff546 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_copy_keyblock.txt @@ -0,0 +1,51 @@ +krb5_copy_keyblock - Copy a keyblock. +======================================= + +.. + +.. c:function:: krb5_error_code krb5_copy_keyblock(krb5_context context, const krb5_keyblock * from, krb5_keyblock ** to) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **from** - Keyblock to be copied + + **[out]** **to** - Copy of keyblock *from* + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function creates a new keyblock with the same contents as *from* . Use :c:func:`krb5_free_keyblock()` to free *to* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_copy_keyblock_contents.txt b/doc/html/_sources/appdev/refs/api/krb5_copy_keyblock_contents.txt new file mode 100644 index 000000000000..9f858598f6b1 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_copy_keyblock_contents.txt @@ -0,0 +1,51 @@ +krb5_copy_keyblock_contents - Copy the contents of a keyblock. +================================================================ + +.. + +.. c:function:: krb5_error_code krb5_copy_keyblock_contents(krb5_context context, const krb5_keyblock * from, krb5_keyblock * to) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **from** - Key to be copied + + **[out]** **to** - Output key + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function copies the contents of *from* to *to* . Use :c:func:`krb5_free_keyblock_contents()` to free *to* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_copy_principal.txt b/doc/html/_sources/appdev/refs/api/krb5_copy_principal.txt new file mode 100644 index 000000000000..1ca9fea71603 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_copy_principal.txt @@ -0,0 +1,51 @@ +krb5_copy_principal - Copy a principal. +========================================= + +.. + +.. c:function:: krb5_error_code krb5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_principal * outprinc) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **inprinc** - Principal to be copied + + **[out]** **outprinc** - Copy of *inprinc* + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function creates a new principal structure with the contents of *inprinc* . Use :c:func:`krb5_free_principal()` to free *outprinc* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_copy_ticket.txt b/doc/html/_sources/appdev/refs/api/krb5_copy_ticket.txt new file mode 100644 index 000000000000..a643cc5f42fa --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_copy_ticket.txt @@ -0,0 +1,51 @@ +krb5_copy_ticket - Copy a krb5_ticket structure. +================================================== + +.. + +.. c:function:: krb5_error_code krb5_copy_ticket(krb5_context context, const krb5_ticket * from, krb5_ticket ** pto) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **from** - Ticket to be copied + + **[out]** **pto** - Copy of ticket + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function creates a new krb5_ticket structure containing the contents of *from* . Use :c:func:`krb5_free_ticket()` to free *pto* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_decode_authdata_container.txt b/doc/html/_sources/appdev/refs/api/krb5_decode_authdata_container.txt new file mode 100644 index 000000000000..791b41be893c --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_decode_authdata_container.txt @@ -0,0 +1,52 @@ +krb5_decode_authdata_container - Unwrap authorization data. +============================================================= + +.. + +.. c:function:: krb5_error_code krb5_decode_authdata_container(krb5_context context, krb5_authdatatype type, const krb5_authdata * container, krb5_authdata *** authdata) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **type** - :data:`KRB5_AUTHDATA` type of *container* + + **[in]** **container** - Authorization data to be decoded + + **[out]** **authdata** - List of decoded authorization data + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + + + + + + + + +.. + +.. seealso:: + :c:func:`krb5_encode_authdata_container()` + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_decode_ticket.txt b/doc/html/_sources/appdev/refs/api/krb5_decode_ticket.txt new file mode 100644 index 000000000000..8f2cf8210baf --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_decode_ticket.txt @@ -0,0 +1,45 @@ +krb5_decode_ticket - Decode an ASN.1-formatted ticket. +======================================================== + +.. + +.. c:function:: krb5_error_code krb5_decode_ticket(const krb5_data * code, krb5_ticket ** rep) + +.. + + +:param: + + **[in]** **code** - ASN.1-formatted ticket + + **[out]** **rep** - Decoded ticket information + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_decrypt.txt b/doc/html/_sources/appdev/refs/api/krb5_decrypt.txt new file mode 100644 index 000000000000..eb8123ff54e0 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_decrypt.txt @@ -0,0 +1,52 @@ +krb5_decrypt +============ + +.. + +.. c:function:: krb5_error_code krb5_decrypt(krb5_context context, krb5_const_pointer inptr, krb5_pointer outptr, size_t size, krb5_encrypt_block * eblock, krb5_pointer ivec) + +.. + + +:param: + + **context** + + **inptr** + + **outptr** + + **size** + + **eblock** + + **ivec** + + +.. + + + +.. + + +DEPRECATED Replaced by krb5_c_* API family. + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_deltat_to_string.txt b/doc/html/_sources/appdev/refs/api/krb5_deltat_to_string.txt new file mode 100644 index 000000000000..3b66ba3b2095 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_deltat_to_string.txt @@ -0,0 +1,47 @@ +krb5_deltat_to_string - Convert a relative time value to a string. +==================================================================== + +.. + +.. c:function:: krb5_error_code krb5_deltat_to_string(krb5_deltat deltat, char * buffer, size_t buflen) + +.. + + +:param: + + **[in]** **deltat** - Relative time value to convert + + **[out]** **buffer** - Buffer to hold time string + + **[in]** **buflen** - Storage available in *buffer* + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_eblock_enctype.txt b/doc/html/_sources/appdev/refs/api/krb5_eblock_enctype.txt new file mode 100644 index 000000000000..c621a6df3755 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_eblock_enctype.txt @@ -0,0 +1,44 @@ +krb5_eblock_enctype +=================== + +.. + +.. c:function:: krb5_enctype krb5_eblock_enctype(krb5_context context, const krb5_encrypt_block * eblock) + +.. + + +:param: + + **context** + + **eblock** + + +.. + + + +.. + + +DEPRECATED Replaced by krb5_c_* API family. + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_encode_authdata_container.txt b/doc/html/_sources/appdev/refs/api/krb5_encode_authdata_container.txt new file mode 100644 index 000000000000..4ca53b4b4315 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_encode_authdata_container.txt @@ -0,0 +1,56 @@ +krb5_encode_authdata_container - Wrap authorization data in a container. +========================================================================== + +.. + +.. c:function:: krb5_error_code krb5_encode_authdata_container(krb5_context context, krb5_authdatatype type, krb5_authdata *const * authdata, krb5_authdata *** container) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **type** - :data:`KRB5_AUTHDATA` type of *container* + + **[in]** **authdata** - List of authorization data to be encoded + + **[out]** **container** - List of encoded authorization data + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +The result is returned in *container* as a single-element list. + + + + + + + + + + +.. + +.. seealso:: + :c:func:`krb5_decode_authdata_container()` + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_encrypt.txt b/doc/html/_sources/appdev/refs/api/krb5_encrypt.txt new file mode 100644 index 000000000000..56e93be139cf --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_encrypt.txt @@ -0,0 +1,52 @@ +krb5_encrypt +============ + +.. + +.. c:function:: krb5_error_code krb5_encrypt(krb5_context context, krb5_const_pointer inptr, krb5_pointer outptr, size_t size, krb5_encrypt_block * eblock, krb5_pointer ivec) + +.. + + +:param: + + **context** + + **inptr** + + **outptr** + + **size** + + **eblock** + + **ivec** + + +.. + + + +.. + + +DEPRECATED Replaced by krb5_c_* API family. + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_encrypt_size.txt b/doc/html/_sources/appdev/refs/api/krb5_encrypt_size.txt new file mode 100644 index 000000000000..f331490f5d2a --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_encrypt_size.txt @@ -0,0 +1,44 @@ +krb5_encrypt_size +================= + +.. + +.. c:function:: size_t krb5_encrypt_size(size_t length, krb5_enctype crypto) + +.. + + +:param: + + **length** + + **crypto** + + +.. + + + +.. + + +DEPRECATED Replaced by krb5_c_* API family. + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_enctype_to_name.txt b/doc/html/_sources/appdev/refs/api/krb5_enctype_to_name.txt new file mode 100644 index 000000000000..d830697cfd4b --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_enctype_to_name.txt @@ -0,0 +1,57 @@ +krb5_enctype_to_name - Convert an encryption type to a name or alias. +======================================================================= + +.. + +.. c:function:: krb5_error_code krb5_enctype_to_name(krb5_enctype enctype, krb5_boolean shortest, char * buffer, size_t buflen) + +.. + + +:param: + + **[in]** **enctype** - Encryption type + + **[in]** **shortest** - Flag + + **[out]** **buffer** - Buffer to hold encryption type string + + **[in]** **buflen** - Storage available in *buffer* + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +If *shortest* is FALSE, this function returns the enctype's canonical name (like"aes128-cts-hmac-sha1-96"). If *shortest* is TRUE, it return the enctype's shortest alias (like"aes128-cts"). + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.9 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_enctype_to_string.txt b/doc/html/_sources/appdev/refs/api/krb5_enctype_to_string.txt new file mode 100644 index 000000000000..d46d83eba426 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_enctype_to_string.txt @@ -0,0 +1,47 @@ +krb5_enctype_to_string - Convert an encryption type to a string. +================================================================== + +.. + +.. c:function:: krb5_error_code krb5_enctype_to_string(krb5_enctype enctype, char * buffer, size_t buflen) + +.. + + +:param: + + **[in]** **enctype** - Encryption type + + **[out]** **buffer** - Buffer to hold encryption type string + + **[in]** **buflen** - Storage available in *buffer* + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_expand_hostname.txt b/doc/html/_sources/appdev/refs/api/krb5_expand_hostname.txt new file mode 100644 index 000000000000..60ff0b5c321e --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_expand_hostname.txt @@ -0,0 +1,52 @@ +krb5_expand_hostname - Canonicalize a hostname, possibly using name service. +============================================================================== + +.. + +.. c:function:: krb5_error_code krb5_expand_hostname(krb5_context context, const char * host, char ** canonhost_out) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **host** - Input hostname + + **[out]** **canonhost_out** - Canonicalized hostname + + +.. + + + +.. + + + + + + + +This function canonicalizes orig_hostname, possibly using name service lookups if configuration permits. Use :c:func:`krb5_free_string()` to free *canonhost_out* when it is no longer needed. + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.15 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_find_authdata.txt b/doc/html/_sources/appdev/refs/api/krb5_find_authdata.txt new file mode 100644 index 000000000000..42aea2c405c0 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_find_authdata.txt @@ -0,0 +1,56 @@ +krb5_find_authdata - Find authorization data elements. +======================================================== + +.. + +.. c:function:: krb5_error_code krb5_find_authdata(krb5_context context, krb5_authdata *const * ticket_authdata, krb5_authdata *const * ap_req_authdata, krb5_authdatatype ad_type, krb5_authdata *** results) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **ticket_authdata** - Authorization data list from ticket + + **[in]** **ap_req_authdata** - Authorization data list from AP request + + **[in]** **ad_type** - Authorization data type to find + + **[out]** **results** - List of matching entries + + +.. + + + +.. + + + + + + + +This function searches *ticket_authdata* and *ap_req_authdata* for elements of type *ad_type* . Either input list may be NULL, in which case it will not be searched; otherwise, the input lists must be terminated by NULL entries. This function will search inside AD-IF-RELEVANT containers if found in either list. Use :c:func:`krb5_free_authdata()` to free *results* when it is no longer needed. + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.10 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_finish_key.txt b/doc/html/_sources/appdev/refs/api/krb5_finish_key.txt new file mode 100644 index 000000000000..a9f3da59e0a3 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_finish_key.txt @@ -0,0 +1,44 @@ +krb5_finish_key +=============== + +.. + +.. c:function:: krb5_error_code krb5_finish_key(krb5_context context, krb5_encrypt_block * eblock) + +.. + + +:param: + + **context** + + **eblock** + + +.. + + + +.. + + +DEPRECATED Replaced by krb5_c_* API family. + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_finish_random_key.txt b/doc/html/_sources/appdev/refs/api/krb5_finish_random_key.txt new file mode 100644 index 000000000000..26c8b59d29d0 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_finish_random_key.txt @@ -0,0 +1,46 @@ +krb5_finish_random_key +====================== + +.. + +.. c:function:: krb5_error_code krb5_finish_random_key(krb5_context context, const krb5_encrypt_block * eblock, krb5_pointer * ptr) + +.. + + +:param: + + **context** + + **eblock** + + **ptr** + + +.. + + + +.. + + +DEPRECATED Replaced by krb5_c_* API family. + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_free_addresses.txt b/doc/html/_sources/appdev/refs/api/krb5_free_addresses.txt new file mode 100644 index 000000000000..6717f529d8a4 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_free_addresses.txt @@ -0,0 +1,54 @@ +krb5_free_addresses - Free the data stored in array of addresses. +=================================================================== + +.. + +.. c:function:: void krb5_free_addresses(krb5_context context, krb5_address ** val) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **val** - Array of addresses to be freed + + +.. + + + +.. + + + + + + + +This function frees the contents of *val* and the array itself. + + + + + + + + + + +.. + + + + + + +.. note:: + + The last entry in the array must be a NULL pointer. + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_free_ap_rep_enc_part.txt b/doc/html/_sources/appdev/refs/api/krb5_free_ap_rep_enc_part.txt new file mode 100644 index 000000000000..33f24e8926ff --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_free_ap_rep_enc_part.txt @@ -0,0 +1,42 @@ +krb5_free_ap_rep_enc_part - Free a krb5_ap_rep_enc_part structure. +==================================================================== + +.. + +.. c:function:: void krb5_free_ap_rep_enc_part(krb5_context context, krb5_ap_rep_enc_part * val) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **val** - AP-REP enc part to be freed + + +.. + + + +.. + + + + + + + +This function frees the contents of *val* and the structure itself. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_free_authdata.txt b/doc/html/_sources/appdev/refs/api/krb5_free_authdata.txt new file mode 100644 index 000000000000..e2b3e90b0826 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_free_authdata.txt @@ -0,0 +1,54 @@ +krb5_free_authdata - Free the storage assigned to array of authentication data. +================================================================================= + +.. + +.. c:function:: void krb5_free_authdata(krb5_context context, krb5_authdata ** val) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **val** - Array of authentication data to be freed + + +.. + + + +.. + + + + + + + +This function frees the contents of *val* and the array itself. + + + + + + + + + + +.. + + + + + + +.. note:: + + The last entry in the array must be a NULL pointer. + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_free_authenticator.txt b/doc/html/_sources/appdev/refs/api/krb5_free_authenticator.txt new file mode 100644 index 000000000000..505a508ae731 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_free_authenticator.txt @@ -0,0 +1,42 @@ +krb5_free_authenticator - Free a krb5_authenticator structure. +================================================================ + +.. + +.. c:function:: void krb5_free_authenticator(krb5_context context, krb5_authenticator * val) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **val** - Authenticator structure to be freed + + +.. + + + +.. + + + + + + + +This function frees the contents of *val* and the structure itself. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_free_checksum.txt b/doc/html/_sources/appdev/refs/api/krb5_free_checksum.txt new file mode 100644 index 000000000000..b1cd9bc591d4 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_free_checksum.txt @@ -0,0 +1,42 @@ +krb5_free_checksum - Free a krb5_checksum structure. +====================================================== + +.. + +.. c:function:: void krb5_free_checksum(krb5_context context, register krb5_checksum * val) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **val** - Checksum structure to be freed + + +.. + + + +.. + + + + + + + +This function frees the contents of *val* and the structure itself. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_free_checksum_contents.txt b/doc/html/_sources/appdev/refs/api/krb5_free_checksum_contents.txt new file mode 100644 index 000000000000..d265d49f770a --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_free_checksum_contents.txt @@ -0,0 +1,42 @@ +krb5_free_checksum_contents - Free the contents of a krb5_checksum structure. +=============================================================================== + +.. + +.. c:function:: void krb5_free_checksum_contents(krb5_context context, register krb5_checksum * val) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **val** - Checksum structure to free contents of + + +.. + + + +.. + + + + + + + +This function frees the contents of *val* , but not the structure itself. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_free_cksumtypes.txt b/doc/html/_sources/appdev/refs/api/krb5_free_cksumtypes.txt new file mode 100644 index 000000000000..d4d0d288d3cc --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_free_cksumtypes.txt @@ -0,0 +1,42 @@ +krb5_free_cksumtypes - Free an array of checksum types. +========================================================= + +.. + +.. c:function:: void krb5_free_cksumtypes(krb5_context context, krb5_cksumtype * val) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **val** - Array of checksum types to be freed + + +.. + + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_free_context.txt b/doc/html/_sources/appdev/refs/api/krb5_free_context.txt new file mode 100644 index 000000000000..dc05228a2a40 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_free_context.txt @@ -0,0 +1,40 @@ +krb5_free_context - Free a krb5 library context. +================================================== + +.. + +.. c:function:: void krb5_free_context(krb5_context context) + +.. + + +:param: + + **[in]** **context** - Library context + + +.. + + + +.. + + + + + + + +This function frees a *context* that was created by :c:func:`krb5_init_context()` or :c:func:`krb5_init_secure_context()` . + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_free_cred_contents.txt b/doc/html/_sources/appdev/refs/api/krb5_free_cred_contents.txt new file mode 100644 index 000000000000..cc26788018cb --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_free_cred_contents.txt @@ -0,0 +1,42 @@ +krb5_free_cred_contents - Free the contents of a krb5_creds structure. +======================================================================== + +.. + +.. c:function:: void krb5_free_cred_contents(krb5_context context, krb5_creds * val) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **val** - Credential structure to free contents of + + +.. + + + +.. + + + + + + + +This function frees the contents of *val* , but not the structure itself. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_free_creds.txt b/doc/html/_sources/appdev/refs/api/krb5_free_creds.txt new file mode 100644 index 000000000000..c78ecdfcb83b --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_free_creds.txt @@ -0,0 +1,42 @@ +krb5_free_creds - Free a krb5_creds structure. +================================================ + +.. + +.. c:function:: void krb5_free_creds(krb5_context context, krb5_creds * val) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **val** - Credential structure to be freed. + + +.. + + + +.. + + + + + + + +This function frees the contents of *val* and the structure itself. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_free_data.txt b/doc/html/_sources/appdev/refs/api/krb5_free_data.txt new file mode 100644 index 000000000000..8cd23a50cc69 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_free_data.txt @@ -0,0 +1,42 @@ +krb5_free_data - Free a krb5_data structure. +============================================== + +.. + +.. c:function:: void krb5_free_data(krb5_context context, krb5_data * val) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **val** - Data structure to be freed + + +.. + + + +.. + + + + + + + +This function frees the contents of *val* and the structure itself. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_free_data_contents.txt b/doc/html/_sources/appdev/refs/api/krb5_free_data_contents.txt new file mode 100644 index 000000000000..9feddc9632fa --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_free_data_contents.txt @@ -0,0 +1,42 @@ +krb5_free_data_contents - Free the contents of a krb5_data structure and zero the data field. +=============================================================================================== + +.. + +.. c:function:: void krb5_free_data_contents(krb5_context context, krb5_data * val) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **val** - Data structure to free contents of + + +.. + + + +.. + + + + + + + +This function frees the contents of *val* , but not the structure itself. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_free_default_realm.txt b/doc/html/_sources/appdev/refs/api/krb5_free_default_realm.txt new file mode 100644 index 000000000000..79228bf869d9 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_free_default_realm.txt @@ -0,0 +1,42 @@ +krb5_free_default_realm - Free a default realm string returned by krb5_get_default_realm() . +============================================================================================== + +.. + +.. c:function:: void krb5_free_default_realm(krb5_context context, char * lrealm) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **lrealm** - Realm to be freed + + +.. + + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_free_enctypes.txt b/doc/html/_sources/appdev/refs/api/krb5_free_enctypes.txt new file mode 100644 index 000000000000..e1189cb0aade --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_free_enctypes.txt @@ -0,0 +1,46 @@ +krb5_free_enctypes - Free an array of encryption types. +========================================================= + +.. + +.. c:function:: void krb5_free_enctypes(krb5_context context, krb5_enctype * val) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **val** - Array of enctypes to be freed + + +.. + + + +.. + + + + + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.12 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_free_error.txt b/doc/html/_sources/appdev/refs/api/krb5_free_error.txt new file mode 100644 index 000000000000..4339bda91b2d --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_free_error.txt @@ -0,0 +1,42 @@ +krb5_free_error - Free an error allocated by krb5_read_error() or krb5_sendauth() . +===================================================================================== + +.. + +.. c:function:: void krb5_free_error(krb5_context context, register krb5_error * val) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **val** - Error data structure to be freed + + +.. + + + +.. + + + + + + + +This function frees the contents of *val* and the structure itself. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_free_error_message.txt b/doc/html/_sources/appdev/refs/api/krb5_free_error_message.txt new file mode 100644 index 000000000000..b4b006134acc --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_free_error_message.txt @@ -0,0 +1,42 @@ +krb5_free_error_message - Free an error message generated by krb5_get_error_message() . +========================================================================================= + +.. + +.. c:function:: void krb5_free_error_message(krb5_context ctx, const char * msg) + +.. + + +:param: + + **[in]** **ctx** - Library context + + **[in]** **msg** - Pointer to error message + + +.. + + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_free_host_realm.txt b/doc/html/_sources/appdev/refs/api/krb5_free_host_realm.txt new file mode 100644 index 000000000000..a38e6ae6a1ab --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_free_host_realm.txt @@ -0,0 +1,48 @@ +krb5_free_host_realm - Free the memory allocated by krb5_get_host_realm() . +============================================================================= + +.. + +.. c:function:: krb5_error_code krb5_free_host_realm(krb5_context context, char *const * realmlist) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **realmlist** - List of realm names to be released + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_free_keyblock.txt b/doc/html/_sources/appdev/refs/api/krb5_free_keyblock.txt new file mode 100644 index 000000000000..d3b7dc62b2d5 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_free_keyblock.txt @@ -0,0 +1,42 @@ +krb5_free_keyblock - Free a krb5_keyblock structure. +====================================================== + +.. + +.. c:function:: void krb5_free_keyblock(krb5_context context, register krb5_keyblock * val) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **val** - Keyblock to be freed + + +.. + + + +.. + + + + + + + +This function frees the contents of *val* and the structure itself. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_free_keyblock_contents.txt b/doc/html/_sources/appdev/refs/api/krb5_free_keyblock_contents.txt new file mode 100644 index 000000000000..5f5aa5824bc6 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_free_keyblock_contents.txt @@ -0,0 +1,42 @@ +krb5_free_keyblock_contents - Free the contents of a krb5_keyblock structure. +=============================================================================== + +.. + +.. c:function:: void krb5_free_keyblock_contents(krb5_context context, register krb5_keyblock * key) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **key** - Keyblock to be freed + + +.. + + + +.. + + + + + + + +This function frees the contents of *key* , but not the structure itself. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_free_keytab_entry_contents.txt b/doc/html/_sources/appdev/refs/api/krb5_free_keytab_entry_contents.txt new file mode 100644 index 000000000000..adecfe2fa9dc --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_free_keytab_entry_contents.txt @@ -0,0 +1,53 @@ +krb5_free_keytab_entry_contents - Free the contents of a key table entry. +=========================================================================== + +.. + +.. c:function:: krb5_error_code krb5_free_keytab_entry_contents(krb5_context context, krb5_keytab_entry * entry) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **entry** - Key table entry whose contents are to be freed + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + + + + + + + + +.. + + + + + + +.. note:: + + The pointer is not freed. + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_free_principal.txt b/doc/html/_sources/appdev/refs/api/krb5_free_principal.txt new file mode 100644 index 000000000000..218369af551e --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_free_principal.txt @@ -0,0 +1,42 @@ +krb5_free_principal - Free the storage assigned to a principal. +================================================================= + +.. + +.. c:function:: void krb5_free_principal(krb5_context context, krb5_principal val) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **val** - Principal to be freed + + +.. + + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_free_string.txt b/doc/html/_sources/appdev/refs/api/krb5_free_string.txt new file mode 100644 index 000000000000..4c7bcac3c100 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_free_string.txt @@ -0,0 +1,46 @@ +krb5_free_string - Free a string allocated by a krb5 function. +================================================================ + +.. + +.. c:function:: void krb5_free_string(krb5_context context, char * val) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **val** - String to be freed + + +.. + + + +.. + + + + + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.10 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_free_tgt_creds.txt b/doc/html/_sources/appdev/refs/api/krb5_free_tgt_creds.txt new file mode 100644 index 000000000000..f885fc0c9a8d --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_free_tgt_creds.txt @@ -0,0 +1,50 @@ +krb5_free_tgt_creds - Free an array of credential structures. +=============================================================== + +.. + +.. c:function:: void krb5_free_tgt_creds(krb5_context context, krb5_creds ** tgts) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **tgts** - Null-terminated array of credentials to free + + +.. + + + +.. + + + + + + + + + + + + + + +.. + + + + + + +.. note:: + + The last entry in the array *tgts* must be a NULL pointer. + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_free_ticket.txt b/doc/html/_sources/appdev/refs/api/krb5_free_ticket.txt new file mode 100644 index 000000000000..f523917c8d7c --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_free_ticket.txt @@ -0,0 +1,42 @@ +krb5_free_ticket - Free a ticket. +=================================== + +.. + +.. c:function:: void krb5_free_ticket(krb5_context context, krb5_ticket * val) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **val** - Ticket to be freed + + +.. + + + +.. + + + + + + + +This function frees the contents of *val* and the structure itself. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_free_unparsed_name.txt b/doc/html/_sources/appdev/refs/api/krb5_free_unparsed_name.txt new file mode 100644 index 000000000000..b6f9e1626b91 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_free_unparsed_name.txt @@ -0,0 +1,42 @@ +krb5_free_unparsed_name - Free a string representation of a principal. +======================================================================== + +.. + +.. c:function:: void krb5_free_unparsed_name(krb5_context context, char * val) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **val** - Name string to be freed + + +.. + + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_fwd_tgt_creds.txt b/doc/html/_sources/appdev/refs/api/krb5_fwd_tgt_creds.txt new file mode 100644 index 000000000000..a6273bbb2c75 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_fwd_tgt_creds.txt @@ -0,0 +1,68 @@ +krb5_fwd_tgt_creds - Get a forwarded TGT and format a KRB-CRED message. +========================================================================= + +.. + +.. c:function:: krb5_error_code krb5_fwd_tgt_creds(krb5_context context, krb5_auth_context auth_context, char * rhost, krb5_principal client, krb5_principal server, krb5_ccache cc, int forwardable, krb5_data * outbuf) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context + + **[in]** **rhost** - Remote host + + **[in]** **client** - Client principal of TGT + + **[in]** **server** - Principal of server to receive TGT + + **[in]** **cc** - Credential cache handle (NULL to use default) + + **[in]** **forwardable** - Whether TGT should be forwardable + + **[out]** **outbuf** - KRB-CRED message + + +.. + + +:retval: + - 0 Success + - ENOMEM Insufficient memory + - KRB5_PRINC_NOMATCH Requested principal and ticket do not match + - KRB5_NO_TKT_SUPPLIED Request did not supply a ticket + - KRB5_CC_BADNAME Credential cache name or principal name malformed + + +:return: + - Kerberos error codes + +.. + + + + + + + +Get a TGT for use at the remote host *rhost* and format it into a KRB-CRED message. If *rhost* is NULL and *server* is of type :data:`KRB5_NT_SRV_HST` , the second component of *server* will be used. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_credentials.txt b/doc/html/_sources/appdev/refs/api/krb5_get_credentials.txt new file mode 100644 index 000000000000..6cf56d0c71c3 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_credentials.txt @@ -0,0 +1,81 @@ +krb5_get_credentials - Get an additional ticket. +================================================== + +.. + +.. c:function:: krb5_error_code krb5_get_credentials(krb5_context context, krb5_flags options, krb5_ccache ccache, krb5_creds * in_creds, krb5_creds ** out_creds) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **options** - Options + + **[in]** **ccache** - Credential cache handle + + **[in]** **in_creds** - Input credentials + + **[out]** **out_creds** - Output updated credentials + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +Use *ccache* or a TGS exchange to get a service ticket matching *in_creds* . + + + +Valid values for *options* are: + + - :data:`KRB5_GC_CACHED` Search only credential cache for the ticket + + + - :data:`KRB5_GC_USER_USER` Return a user to user authentication ticket + + *in_creds* must be non-null. *in_creds->client* and *in_creds->server* must be filled in to specify the client and the server respectively. If any authorization data needs to be requested for the service ticket (such as restrictions on how the ticket can be used), specify it in *in_creds->authdata* ; otherwise set *in_creds->authdata* to NULL. The session key type is specified in *in_creds->keyblock.enctype* , if it is nonzero. + + + +The expiration date is specified in *in_creds->times.endtime* . The KDC may return tickets with an earlier expiration date. If *in_creds->times.endtime* is set to 0, the latest possible expiration date will be requested. + + + +Any returned ticket and intermediate ticket-granting tickets are stored in *ccache* . + + + +Use :c:func:`krb5_free_creds()` to free *out_creds* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_credentials_renew.txt b/doc/html/_sources/appdev/refs/api/krb5_get_credentials_renew.txt new file mode 100644 index 000000000000..75aac54057ed --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_credentials_renew.txt @@ -0,0 +1,50 @@ +krb5_get_credentials_renew +========================== + +.. + +.. c:function:: krb5_error_code krb5_get_credentials_renew(krb5_context context, krb5_flags options, krb5_ccache ccache, krb5_creds * in_creds, krb5_creds ** out_creds) + +.. + + +:param: + + **context** + + **options** + + **ccache** + + **in_creds** + + **out_creds** + + +.. + + + +.. + + +DEPRECATED Replaced by krb5_get_renewed_creds. + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_credentials_validate.txt b/doc/html/_sources/appdev/refs/api/krb5_get_credentials_validate.txt new file mode 100644 index 000000000000..29033b9d5c31 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_credentials_validate.txt @@ -0,0 +1,50 @@ +krb5_get_credentials_validate +============================= + +.. + +.. c:function:: krb5_error_code krb5_get_credentials_validate(krb5_context context, krb5_flags options, krb5_ccache ccache, krb5_creds * in_creds, krb5_creds ** out_creds) + +.. + + +:param: + + **context** + + **options** + + **ccache** + + **in_creds** + + **out_creds** + + +.. + + + +.. + + +DEPRECATED Replaced by krb5_get_validated_creds. + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_default_realm.txt b/doc/html/_sources/appdev/refs/api/krb5_get_default_realm.txt new file mode 100644 index 000000000000..5b63648cad73 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_default_realm.txt @@ -0,0 +1,56 @@ +krb5_get_default_realm - Retrieve the default realm. +====================================================== + +.. + +.. c:function:: krb5_error_code krb5_get_default_realm(krb5_context context, char ** lrealm) + +.. + + +:param: + + **[in]** **context** - Library context + + **[out]** **lrealm** - Default realm name + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +Retrieves the default realm to be used if no user-specified realm is available. + + + +Use :c:func:`krb5_free_default_realm()` to free *lrealm* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_error_message.txt b/doc/html/_sources/appdev/refs/api/krb5_get_error_message.txt new file mode 100644 index 000000000000..81b7de31f1b0 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_error_message.txt @@ -0,0 +1,62 @@ +krb5_get_error_message - Get the (possibly extended) error message for a code. +================================================================================ + +.. + +.. c:function:: const char * krb5_get_error_message(krb5_context ctx, krb5_error_code code) + +.. + + +:param: + + **[in]** **ctx** - Library context + + **[in]** **code** - Error code + + +.. + + + +.. + + + + + + + +The behavior of :c:func:`krb5_get_error_message()` is only defined the first time it is called after a failed call to a krb5 function using the same context, and only when the error code passed in is the same as that returned by the krb5 function. + + + +This function never returns NULL, so its result may be used unconditionally as a C string. + + + +The string returned by this function must be freed using :c:func:`krb5_free_error_message()` + + + + + + + + + + +.. + + + + + + +.. note:: + + Future versions may return the same string for the second and following calls. + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_fallback_host_realm.txt b/doc/html/_sources/appdev/refs/api/krb5_get_fallback_host_realm.txt new file mode 100644 index 000000000000..6ab4330cc686 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_fallback_host_realm.txt @@ -0,0 +1,52 @@ +krb5_get_fallback_host_realm +============================ + +.. + +.. c:function:: krb5_error_code krb5_get_fallback_host_realm(krb5_context context, krb5_data * hdata, char *** realmsp) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **hdata** - Host name (or NULL) + + **[out]** **realmsp** - Null-terminated list of realm names + + +.. + + + +.. + + + + + + + +Fill in *realmsp* with a pointer to a null-terminated list of realm names obtained through heuristics or insecure resolution methods which have lower priority than KDC referrals. + + + +If *host* is NULL, the local host's realms are determined. + + + +Use :c:func:`krb5_free_host_realm()` to release *realmsp* when it is no longer needed. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_host_realm.txt b/doc/html/_sources/appdev/refs/api/krb5_get_host_realm.txt new file mode 100644 index 000000000000..7cc8e947a2a3 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_host_realm.txt @@ -0,0 +1,63 @@ +krb5_get_host_realm - Get the Kerberos realm names for a host. +================================================================ + +.. + +.. c:function:: krb5_error_code krb5_get_host_realm(krb5_context context, const char * host, char *** realmsp) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **host** - Host name (or NULL) + + **[out]** **realmsp** - Null-terminated list of realm names + + +.. + + +:retval: + - 0 Success + - ENOMEM Insufficient memory + + +:return: + - Kerberos error codes + +.. + + + + + + + +Fill in *realmsp* with a pointer to a null-terminated list of realm names. If there are no known realms for the host, a list containing the referral (empty) realm is returned. + + + +If *host* is NULL, the local host's realms are determined. + + + +Use :c:func:`krb5_free_host_realm()` to release *realmsp* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_in_tkt_with_keytab.txt b/doc/html/_sources/appdev/refs/api/krb5_get_in_tkt_with_keytab.txt new file mode 100644 index 000000000000..fd3985bbd2eb --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_in_tkt_with_keytab.txt @@ -0,0 +1,58 @@ +krb5_get_in_tkt_with_keytab +=========================== + +.. + +.. c:function:: krb5_error_code krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options, krb5_address *const * addrs, krb5_enctype * ktypes, krb5_preauthtype * pre_auth_types, krb5_keytab arg_keytab, krb5_ccache ccache, krb5_creds * creds, krb5_kdc_rep ** ret_as_reply) + +.. + + +:param: + + **context** + + **options** + + **addrs** + + **ktypes** + + **pre_auth_types** + + **arg_keytab** + + **ccache** + + **creds** + + **ret_as_reply** + + +.. + + + +.. + + +DEPRECATED Replaced by krb5_get_init_creds_keytab() . + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_in_tkt_with_password.txt b/doc/html/_sources/appdev/refs/api/krb5_get_in_tkt_with_password.txt new file mode 100644 index 000000000000..556c6fee0ab7 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_in_tkt_with_password.txt @@ -0,0 +1,58 @@ +krb5_get_in_tkt_with_password +============================= + +.. + +.. c:function:: krb5_error_code krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options, krb5_address *const * addrs, krb5_enctype * ktypes, krb5_preauthtype * pre_auth_types, const char * password, krb5_ccache ccache, krb5_creds * creds, krb5_kdc_rep ** ret_as_reply) + +.. + + +:param: + + **context** + + **options** + + **addrs** + + **ktypes** + + **pre_auth_types** + + **password** + + **ccache** + + **creds** + + **ret_as_reply** + + +.. + + + +.. + + +DEPRECATED Replaced by krb5_get_init_creds_password() . + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_in_tkt_with_skey.txt b/doc/html/_sources/appdev/refs/api/krb5_get_in_tkt_with_skey.txt new file mode 100644 index 000000000000..fed7f0b47fec --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_in_tkt_with_skey.txt @@ -0,0 +1,58 @@ +krb5_get_in_tkt_with_skey +========================= + +.. + +.. c:function:: krb5_error_code krb5_get_in_tkt_with_skey(krb5_context context, krb5_flags options, krb5_address *const * addrs, krb5_enctype * ktypes, krb5_preauthtype * pre_auth_types, const krb5_keyblock * key, krb5_ccache ccache, krb5_creds * creds, krb5_kdc_rep ** ret_as_reply) + +.. + + +:param: + + **context** + + **options** + + **addrs** + + **ktypes** + + **pre_auth_types** + + **key** + + **ccache** + + **creds** + + **ret_as_reply** + + +.. + + + +.. + + +DEPRECATED Replaced by krb5_get_init_creds(). + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_keytab.txt b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_keytab.txt new file mode 100644 index 000000000000..32ce5cb62a71 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_keytab.txt @@ -0,0 +1,62 @@ +krb5_get_init_creds_keytab - Get initial credentials using a key table. +========================================================================= + +.. + +.. c:function:: krb5_error_code krb5_get_init_creds_keytab(krb5_context context, krb5_creds * creds, krb5_principal client, krb5_keytab arg_keytab, krb5_deltat start_time, const char * in_tkt_service, krb5_get_init_creds_opt * k5_gic_options) + +.. + + +:param: + + **[in]** **context** - Library context + + **[out]** **creds** - New credentials + + **[in]** **client** - Client principal + + **[in]** **arg_keytab** - Key table handle + + **[in]** **start_time** - Time when ticket becomes valid (0 for now) + + **[in]** **in_tkt_service** - Service name of initial credentials (or NULL) + + **[in]** **k5_gic_options** - Initial credential options + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +This function requests KDC for an initial credentials for *client* using a client key stored in *arg_keytab* . If *in_tkt_service* is specified, it is parsed as a principal name (with the realm ignored) and used as the service principal for the request; otherwise the ticket-granting service is used. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_alloc.txt b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_alloc.txt new file mode 100644 index 000000000000..45fa82d65514 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_alloc.txt @@ -0,0 +1,49 @@ +krb5_get_init_creds_opt_alloc - Allocate a new initial credential options structure. +====================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_get_init_creds_opt_alloc(krb5_context context, krb5_get_init_creds_opt ** opt) + +.. + + +:param: + + **[in]** **context** - Library context + + **[out]** **opt** - New options structure + + +.. + + +:retval: + - 0 - Success; Kerberos errors otherwise. + + +.. + + + + + + + +This function is the preferred way to create an options structure for getting initial credentials, and is required to make use of certain options. Use :c:func:`krb5_get_init_creds_opt_free()` to free *opt* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_free.txt b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_free.txt new file mode 100644 index 000000000000..0e75e152a718 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_free.txt @@ -0,0 +1,45 @@ +krb5_get_init_creds_opt_free - Free initial credential options. +================================================================= + +.. + +.. c:function:: void krb5_get_init_creds_opt_free(krb5_context context, krb5_get_init_creds_opt * opt) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **opt** - Options structure to free + + +.. + + + +.. + + + + + + + + + + + + + + +.. + +.. seealso:: + :c:func:`krb5_get_init_creds_opt_alloc()` + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_get_fast_flags.txt b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_get_fast_flags.txt new file mode 100644 index 000000000000..b38ddacf3087 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_get_fast_flags.txt @@ -0,0 +1,47 @@ +krb5_get_init_creds_opt_get_fast_flags - Retrieve FAST flags from initial credential options. +=============================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_get_init_creds_opt_get_fast_flags(krb5_context context, krb5_get_init_creds_opt * opt, krb5_flags * out_flags) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **opt** - Options + + **[out]** **out_flags** - FAST flags + + +.. + + +:retval: + - 0 - Success; Kerberos errors otherwise. + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_init.txt b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_init.txt new file mode 100644 index 000000000000..1cbaa9abc864 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_init.txt @@ -0,0 +1,42 @@ +krb5_get_init_creds_opt_init +============================ + +.. + +.. c:function:: void krb5_get_init_creds_opt_init(krb5_get_init_creds_opt * opt) + +.. + + +:param: + + **opt** + + +.. + + + +.. + + +DEPRECATED Use krb5_get_init_creds_opt_alloc() instead. + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_address_list.txt b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_address_list.txt new file mode 100644 index 000000000000..e460a46e96e5 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_address_list.txt @@ -0,0 +1,42 @@ +krb5_get_init_creds_opt_set_address_list - Set address restrictions in initial credential options. +==================================================================================================== + +.. + +.. c:function:: void krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt * opt, krb5_address ** addresses) + +.. + + +:param: + + **[in]** **opt** - Options structure + + **[in]** **addresses** - Null-terminated array of addresses + + +.. + + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_anonymous.txt b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_anonymous.txt new file mode 100644 index 000000000000..6953b2c526c6 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_anonymous.txt @@ -0,0 +1,42 @@ +krb5_get_init_creds_opt_set_anonymous - Set or unset the anonymous flag in initial credential options. +======================================================================================================== + +.. + +.. c:function:: void krb5_get_init_creds_opt_set_anonymous(krb5_get_init_creds_opt * opt, int anonymous) + +.. + + +:param: + + **[in]** **opt** - Options structure + + **[in]** **anonymous** - Whether to make an anonymous request + + +.. + + + +.. + + + + + + + +This function may be used to request anonymous credentials from the KDC by setting *anonymous* to non-zero. Note that anonymous credentials are only a request; clients must verify that credentials are anonymous if that is a requirement. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_canonicalize.txt b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_canonicalize.txt new file mode 100644 index 000000000000..099644fea0da --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_canonicalize.txt @@ -0,0 +1,42 @@ +krb5_get_init_creds_opt_set_canonicalize - Set or unset the canonicalize flag in initial credential options. +============================================================================================================== + +.. + +.. c:function:: void krb5_get_init_creds_opt_set_canonicalize(krb5_get_init_creds_opt * opt, int canonicalize) + +.. + + +:param: + + **[in]** **opt** - Options structure + + **[in]** **canonicalize** - Whether to canonicalize client principal + + +.. + + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_change_password_prompt.txt b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_change_password_prompt.txt new file mode 100644 index 000000000000..633dd7df0d60 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_change_password_prompt.txt @@ -0,0 +1,42 @@ +krb5_get_init_creds_opt_set_change_password_prompt - Set or unset change-password-prompt flag in initial credential options. +============================================================================================================================== + +.. + +.. c:function:: void krb5_get_init_creds_opt_set_change_password_prompt(krb5_get_init_creds_opt * opt, int prompt) + +.. + + +:param: + + **[in]** **opt** - Options structure + + **[in]** **prompt** - Whether to prompt to change password + + +.. + + + +.. + + + + + + + +This flag is on by default. It controls whether :c:func:`krb5_get_init_creds_password()` will react to an expired-password error by prompting for a new password and attempting to change the old one. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_etype_list.txt b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_etype_list.txt new file mode 100644 index 000000000000..ac6f8ab6402a --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_etype_list.txt @@ -0,0 +1,44 @@ +krb5_get_init_creds_opt_set_etype_list - Set allowable encryption types in initial credential options. +======================================================================================================== + +.. + +.. c:function:: void krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt * opt, krb5_enctype * etype_list, int etype_list_length) + +.. + + +:param: + + **[in]** **opt** - Options structure + + **[in]** **etype_list** - Array of encryption types + + **[in]** **etype_list_length** - Length of *etype_list* + + +.. + + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_expire_callback.txt b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_expire_callback.txt new file mode 100644 index 000000000000..2690cf1947c8 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_expire_callback.txt @@ -0,0 +1,78 @@ +krb5_get_init_creds_opt_set_expire_callback - Set an expiration callback in initial credential options. +========================================================================================================= + +.. + +.. c:function:: krb5_error_code krb5_get_init_creds_opt_set_expire_callback(krb5_context context, krb5_get_init_creds_opt * opt, krb5_expire_callback_func cb, void * data) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **opt** - Options structure + + **[in]** **cb** - Callback function + + **[in]** **data** - Callback argument + + +.. + + + +.. + + + + + + + +Set a callback to receive password and account expiration times. + + + +This option only applies to :c:func:`krb5_get_init_creds_password()` . *cb* will be invoked if and only if credentials are successfully acquired. The callback will receive the *context* from the :c:func:`krb5_get_init_creds_password()` call and the *data* argument supplied with this API. The remaining arguments should be interpreted as follows: + + + +If *is_last_req* is true, then the KDC reply contained last-req entries which unambiguously indicated the password expiration, account expiration, or both. (If either value was not present, the corresponding argument will be 0.) Furthermore, a non-zero *password_expiration* should be taken as a suggestion from the KDC that a warning be displayed. + + + +If *is_last_req* is false, then *account_expiration* will be 0 and *password_expiration* will contain the expiration time of either the password or account, or 0 if no expiration time was indicated in the KDC reply. The callback should independently decide whether to display a password expiration warning. + + + +Note that *cb* may be invoked even if credentials are being acquired for the kadmin/changepw service in order to change the password. It is the caller's responsibility to avoid displaying a password expiry warning in this case. + + + + + + + + + + +.. + + + + + +.. warning:: + + Setting an expire callback with this API will cause :c:func:`krb5_get_init_creds_password()` not to send password expiry warnings to the prompter, as it ordinarily may. + + + + +.. note:: + + New in 1.9 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache.txt b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache.txt new file mode 100644 index 000000000000..8a26b321b35e --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache.txt @@ -0,0 +1,52 @@ +krb5_get_init_creds_opt_set_fast_ccache - Set FAST armor cache in initial credential options. +=============================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_get_init_creds_opt_set_fast_ccache(krb5_context context, krb5_get_init_creds_opt * opt, krb5_ccache ccache) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **opt** - Options + + **[in]** **ccache** - Credential cache handle + + +.. + + + +.. + + + + + + + +This function is similar to :c:func:`krb5_get_init_creds_opt_set_fast_ccache_name()` , but uses a credential cache handle instead of a name. + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.9 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache_name.txt b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache_name.txt new file mode 100644 index 000000000000..da1c78231082 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache_name.txt @@ -0,0 +1,48 @@ +krb5_get_init_creds_opt_set_fast_ccache_name - Set location of FAST armor ccache in initial credential options. +================================================================================================================= + +.. + +.. c:function:: krb5_error_code krb5_get_init_creds_opt_set_fast_ccache_name(krb5_context context, krb5_get_init_creds_opt * opt, const char * fast_ccache_name) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **opt** - Options + + **[in]** **fast_ccache_name** - Credential cache name + + +.. + + + +.. + + + + + + + +Sets the location of a credential cache containing an armor ticket to protect an initial credential exchange using the FAST protocol extension. + + + +In version 1.7, setting an armor ccache requires that FAST be used for the exchange. In version 1.8 or later, setting the armor ccache causes FAST to be used if the KDC supports it; :c:func:`krb5_get_init_creds_opt_set_fast_flags()` must be used to require that FAST be used. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_fast_flags.txt b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_fast_flags.txt new file mode 100644 index 000000000000..272cbac19e4c --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_fast_flags.txt @@ -0,0 +1,51 @@ +krb5_get_init_creds_opt_set_fast_flags - Set FAST flags in initial credential options. +======================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_get_init_creds_opt_set_fast_flags(krb5_context context, krb5_get_init_creds_opt * opt, krb5_flags flags) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **opt** - Options + + **[in]** **flags** - FAST flags + + +.. + + +:retval: + - 0 - Success; Kerberos errors otherwise. + + +.. + + + + + + + +The following flag values are valid: + + - :data:`KRB5_FAST_REQUIRED` - Require FAST to be used + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_forwardable.txt b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_forwardable.txt new file mode 100644 index 000000000000..50d64b8cb505 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_forwardable.txt @@ -0,0 +1,42 @@ +krb5_get_init_creds_opt_set_forwardable - Set or unset the forwardable flag in initial credential options. +============================================================================================================ + +.. + +.. c:function:: void krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt * opt, int forwardable) + +.. + + +:param: + + **[in]** **opt** - Options structure + + **[in]** **forwardable** - Whether credentials should be forwardable + + +.. + + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_in_ccache.txt b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_in_ccache.txt new file mode 100644 index 000000000000..41d511766714 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_in_ccache.txt @@ -0,0 +1,52 @@ +krb5_get_init_creds_opt_set_in_ccache - Set an input credential cache in initial credential options. +====================================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_get_init_creds_opt_set_in_ccache(krb5_context context, krb5_get_init_creds_opt * opt, krb5_ccache ccache) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **opt** - Options + + **[in]** **ccache** - Credential cache handle + + +.. + + + +.. + + + + + + + +If an input credential cache is set, then the krb5_get_init_creds family of APIs will read settings from it. Setting an input ccache is desirable when the application wishes to perform authentication in the same way (using the same preauthentication mechanisms, and making the same non-security- sensitive choices) as the previous authentication attempt, which stored information in the passed-in ccache. + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.11 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_out_ccache.txt b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_out_ccache.txt new file mode 100644 index 000000000000..dcb1cf606c6a --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_out_ccache.txt @@ -0,0 +1,44 @@ +krb5_get_init_creds_opt_set_out_ccache - Set an output credential cache in initial credential options. +======================================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_get_init_creds_opt_set_out_ccache(krb5_context context, krb5_get_init_creds_opt * opt, krb5_ccache ccache) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **opt** - Options + + **[in]** **ccache** - Credential cache handle + + +.. + + + +.. + + + + + + + +If an output credential cache is set, then the krb5_get_init_creds family of APIs will write credentials to it. Setting an output ccache is desirable both because it simplifies calling code and because it permits the krb5_get_init_creds APIs to write out configuration information about the realm to the ccache. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_pa.txt b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_pa.txt new file mode 100644 index 000000000000..a610fa0cb557 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_pa.txt @@ -0,0 +1,46 @@ +krb5_get_init_creds_opt_set_pa - Supply options for preauthentication in initial credential options. +====================================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_get_init_creds_opt_set_pa(krb5_context context, krb5_get_init_creds_opt * opt, const char * attr, const char * value) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **opt** - Options structure + + **[in]** **attr** - Preauthentication option name + + **[in]** **value** - Preauthentication option value + + +.. + + + +.. + + + + + + + +This function allows the caller to supply options for preauthentication. The values of *attr* and *value* are supplied to each preauthentication module available within *context* . + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_pac_request.txt b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_pac_request.txt new file mode 100644 index 000000000000..ed46081b99df --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_pac_request.txt @@ -0,0 +1,52 @@ +krb5_get_init_creds_opt_set_pac_request - Ask the KDC to include or not include a PAC in the ticket. +====================================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_get_init_creds_opt_set_pac_request(krb5_context context, krb5_get_init_creds_opt * opt, krb5_boolean req_pac) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **opt** - Options structure + + **[in]** **req_pac** - Whether to request a PAC or not + + +.. + + + +.. + + + + + + + +If this option is set, the AS request will include a PAC-REQUEST pa-data item explicitly asking the KDC to either include or not include a privilege attribute certificate in the ticket authorization data. By default, no request is made; typically the KDC will default to including a PAC if it supports them. + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.15 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_preauth_list.txt b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_preauth_list.txt new file mode 100644 index 000000000000..3bcbcb4d363d --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_preauth_list.txt @@ -0,0 +1,44 @@ +krb5_get_init_creds_opt_set_preauth_list - Set preauthentication types in initial credential options. +======================================================================================================= + +.. + +.. c:function:: void krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt * opt, krb5_preauthtype * preauth_list, int preauth_list_length) + +.. + + +:param: + + **[in]** **opt** - Options structure + + **[in]** **preauth_list** - Array of preauthentication types + + **[in]** **preauth_list_length** - Length of *preauth_list* + + +.. + + + +.. + + + + + + + +This function can be used to perform optimistic preauthentication when getting initial credentials, in combination with :c:func:`krb5_get_init_creds_opt_set_salt()` and :c:func:`krb5_get_init_creds_opt_set_pa()` . + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_proxiable.txt b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_proxiable.txt new file mode 100644 index 000000000000..7ced7273c668 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_proxiable.txt @@ -0,0 +1,42 @@ +krb5_get_init_creds_opt_set_proxiable - Set or unset the proxiable flag in initial credential options. +======================================================================================================== + +.. + +.. c:function:: void krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt * opt, int proxiable) + +.. + + +:param: + + **[in]** **opt** - Options structure + + **[in]** **proxiable** - Whether credentials should be proxiable + + +.. + + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_renew_life.txt b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_renew_life.txt new file mode 100644 index 000000000000..58e938d9f079 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_renew_life.txt @@ -0,0 +1,42 @@ +krb5_get_init_creds_opt_set_renew_life - Set the ticket renewal lifetime in initial credential options. +========================================================================================================= + +.. + +.. c:function:: void krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt * opt, krb5_deltat renew_life) + +.. + + +:param: + + **[in]** **opt** - Pointer to *options* field + + **[in]** **renew_life** - Ticket renewal lifetime + + +.. + + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_responder.txt b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_responder.txt new file mode 100644 index 000000000000..220ba403df7a --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_responder.txt @@ -0,0 +1,50 @@ +krb5_get_init_creds_opt_set_responder - Set the responder function in initial credential options. +=================================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_get_init_creds_opt_set_responder(krb5_context context, krb5_get_init_creds_opt * opt, krb5_responder_fn responder, void * data) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **opt** - Options structure + + **[in]** **responder** - Responder function + + **[in]** **data** - Responder data argument + + +.. + + + +.. + + + + + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.11 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_salt.txt b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_salt.txt new file mode 100644 index 000000000000..22512f671ad7 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_salt.txt @@ -0,0 +1,42 @@ +krb5_get_init_creds_opt_set_salt - Set salt for optimistic preauthentication in initial credential options. +============================================================================================================= + +.. + +.. c:function:: void krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt * opt, krb5_data * salt) + +.. + + +:param: + + **[in]** **opt** - Options structure + + **[in]** **salt** - Salt data + + +.. + + + +.. + + + + + + + +When getting initial credentials with a password, a salt string it used to convert the password to a key. Normally this salt is obtained from the first KDC reply, but when performing optimistic preauthentication, the client may need to supply the salt string with this function. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_tkt_life.txt b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_tkt_life.txt new file mode 100644 index 000000000000..a5c1f685ca52 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_tkt_life.txt @@ -0,0 +1,42 @@ +krb5_get_init_creds_opt_set_tkt_life - Set the ticket lifetime in initial credential options. +=============================================================================================== + +.. + +.. c:function:: void krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt * opt, krb5_deltat tkt_life) + +.. + + +:param: + + **[in]** **opt** - Options structure + + **[in]** **tkt_life** - Ticket lifetime + + +.. + + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_password.txt b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_password.txt new file mode 100644 index 000000000000..1c6fd6853934 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_password.txt @@ -0,0 +1,75 @@ +krb5_get_init_creds_password - Get initial credentials using a password. +========================================================================== + +.. + +.. c:function:: krb5_error_code krb5_get_init_creds_password(krb5_context context, krb5_creds * creds, krb5_principal client, const char * password, krb5_prompter_fct prompter, void * data, krb5_deltat start_time, const char * in_tkt_service, krb5_get_init_creds_opt * k5_gic_options) + +.. + + +:param: + + **[in]** **context** - Library context + + **[out]** **creds** - New credentials + + **[in]** **client** - Client principal + + **[in]** **password** - Password (or NULL) + + **[in]** **prompter** - Prompter function + + **[in]** **data** - Prompter callback data + + **[in]** **start_time** - Time when ticket becomes valid (0 for now) + + **[in]** **in_tkt_service** - Service name of initial credentials (or NULL) + + **[in]** **k5_gic_options** - Initial credential options + + +.. + + +:retval: + - 0 Success + - EINVAL Invalid argument + - KRB5_KDC_UNREACH Cannot contact any KDC for requested realm + - KRB5_PREAUTH_FAILED Generic Pre-athentication failure + - KRB5_LIBOS_PWDINTR Password read interrupted + - KRB5_REALM_CANT_RESOLVE Cannot resolve network address for KDC in requested realm + - KRB5KDC_ERR_KEY_EXP Password has expired + - KRB5_LIBOS_BADPWDMATCH Password mismatch + - KRB5_CHPW_PWDNULL New password cannot be zero length + - KRB5_CHPW_FAIL Password change failed + + +:return: + - Kerberos error codes + +.. + + + + + + + +This function requests KDC for an initial credentials for *client* using *password* . If *password* is NULL, a password will be prompted for using *prompter* if necessary. If *in_tkt_service* is specified, it is parsed as a principal name (with the realm ignored) and used as the service principal for the request; otherwise the ticket-granting service is used. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_permitted_enctypes.txt b/doc/html/_sources/appdev/refs/api/krb5_get_permitted_enctypes.txt new file mode 100644 index 000000000000..f55adc6bfe02 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_permitted_enctypes.txt @@ -0,0 +1,53 @@ +krb5_get_permitted_enctypes - Return a list of encryption types permitted for session keys. +============================================================================================= + +.. + +.. c:function:: krb5_error_code krb5_get_permitted_enctypes(krb5_context context, krb5_enctype ** ktypes) + +.. + + +:param: + + **[in]** **context** - Library context + + **[out]** **ktypes** - Zero-terminated list of encryption types + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function returns the list of encryption types permitted for session keys within *context* , as determined by configuration or by a previous call to :c:func:`krb5_set_default_tgs_enctypes()` . + + + +Use :c:func:`krb5_free_enctypes()` to free *ktypes* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_profile.txt b/doc/html/_sources/appdev/refs/api/krb5_get_profile.txt new file mode 100644 index 000000000000..4ef2949a32df --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_profile.txt @@ -0,0 +1,56 @@ +krb5_get_profile - Retrieve configuration profile from the context. +===================================================================== + +.. + +.. c:function:: krb5_error_code krb5_get_profile(krb5_context context, struct _profile_t ** profile) + +.. + + +:param: + + **[in]** **context** - Library context + + **[out]** **profile** - Pointer to data read from a configuration file + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +This function creates a new *profile* object that reflects profile in the supplied *context* . + + + +The *profile* object may be freed with profile_release() function. See profile.h and profile API for more details. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_prompt_types.txt b/doc/html/_sources/appdev/refs/api/krb5_get_prompt_types.txt new file mode 100644 index 000000000000..39156ca153af --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_prompt_types.txt @@ -0,0 +1,43 @@ +krb5_get_prompt_types - Get prompt types array from a context. +================================================================ + +.. + +.. c:function:: krb5_prompt_type * krb5_get_prompt_types(krb5_context context) + +.. + + +:param: + + **[in]** **context** - Library context + + +.. + + + +:return: + - Pointer to an array of prompt types corresponding to the prompter's prompts arguments. Each type has one of the following values: KRB5_PROMPT_TYPE_PASSWORD KRB5_PROMPT_TYPE_NEW_PASSWORD KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN KRB5_PROMPT_TYPE_PREAUTH + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_renewed_creds.txt b/doc/html/_sources/appdev/refs/api/krb5_get_renewed_creds.txt new file mode 100644 index 000000000000..21458f8531bd --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_renewed_creds.txt @@ -0,0 +1,62 @@ +krb5_get_renewed_creds - Get renewed credential from KDC using an existing credential. +======================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_get_renewed_creds(krb5_context context, krb5_creds * creds, krb5_principal client, krb5_ccache ccache, const char * in_tkt_service) + +.. + + +:param: + + **[in]** **context** - Library context + + **[out]** **creds** - Renewed credentials + + **[in]** **client** - Client principal name + + **[in]** **ccache** - Credential cache + + **[in]** **in_tkt_service** - Server principal string (or NULL) + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +This function gets a renewed credential using an existing one from *ccache* . If *in_tkt_service* is specified, it is parsed (with the realm part ignored) and used as the server principal of the credential; otherwise, the ticket-granting service is used. + + + +If successful, the renewed credential is placed in *creds* . + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_server_rcache.txt b/doc/html/_sources/appdev/refs/api/krb5_get_server_rcache.txt new file mode 100644 index 000000000000..0e7474725991 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_server_rcache.txt @@ -0,0 +1,51 @@ +krb5_get_server_rcache - Generate a replay cache object for server use and open it. +===================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_get_server_rcache(krb5_context context, const krb5_data * piece, krb5_rcache * rcptr) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **piece** - Unique identifier for replay cache + + **[out]** **rcptr** - Handle to an open rcache + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function generates a replay cache name based on *piece* and opens a handle to it. Typically *piece* is the first component of the service principal name. Use krb5_rc_close() to close *rcptr* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_time_offsets.txt b/doc/html/_sources/appdev/refs/api/krb5_get_time_offsets.txt new file mode 100644 index 000000000000..9bdd8ecb5e69 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_time_offsets.txt @@ -0,0 +1,51 @@ +krb5_get_time_offsets - Return the time offsets from the os context. +====================================================================== + +.. + +.. c:function:: krb5_error_code krb5_get_time_offsets(krb5_context context, krb5_timestamp * seconds, krb5_int32 * microseconds) + +.. + + +:param: + + **[in]** **context** - Library context + + **[out]** **seconds** - Time offset, seconds portion + + **[out]** **microseconds** - Time offset, microseconds portion + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function returns the time offsets in *context* . + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_get_validated_creds.txt b/doc/html/_sources/appdev/refs/api/krb5_get_validated_creds.txt new file mode 100644 index 000000000000..e1bf3107abb7 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_get_validated_creds.txt @@ -0,0 +1,67 @@ +krb5_get_validated_creds - Get validated credentials from the KDC. +==================================================================== + +.. + +.. c:function:: krb5_error_code krb5_get_validated_creds(krb5_context context, krb5_creds * creds, krb5_principal client, krb5_ccache ccache, const char * in_tkt_service) + +.. + + +:param: + + **[in]** **context** - Library context + + **[out]** **creds** - Validated credentials + + **[in]** **client** - Client principal name + + **[in]** **ccache** - Credential cache + + **[in]** **in_tkt_service** - Server principal string (or NULL) + + +.. + + +:retval: + - 0 Success + - KRB5_NO_2ND_TKT Request missing second ticket + - KRB5_NO_TKT_SUPPLIED Request did not supply a ticket + - KRB5_PRINC_NOMATCH Requested principal and ticket do not match + - KRB5_KDCREP_MODIFIED KDC reply did not match expectations + - KRB5_KDCREP_SKEW Clock skew too great in KDC reply + + +:return: + - Kerberos error codes + +.. + + + + + + + +This function gets a validated credential using a postdated credential from *ccache* . If *in_tkt_service* is specified, it is parsed (with the realm part ignored) and used as the server principal of the credential; otherwise, the ticket-granting service is used. + + + +If successful, the validated credential is placed in *creds* . + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_init_context.txt b/doc/html/_sources/appdev/refs/api/krb5_init_context.txt new file mode 100644 index 000000000000..ec50809c440b --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_init_context.txt @@ -0,0 +1,58 @@ +krb5_init_context - Create a krb5 library context. +==================================================== + +.. + +.. c:function:: krb5_error_code krb5_init_context(krb5_context * context) + +.. + + +:param: + + **[out]** **context** - Library context + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +The *context* must be released by calling :c:func:`krb5_free_context()` when it is no longer needed. + + + + + + + + + + +.. + + + + + +.. warning:: + + Any program or module that needs the Kerberos code to not trust the environment must use :c:func:`krb5_init_secure_context()` , or clean out the environment. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_init_context_profile.txt b/doc/html/_sources/appdev/refs/api/krb5_init_context_profile.txt new file mode 100644 index 000000000000..273230908a4a --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_init_context_profile.txt @@ -0,0 +1,55 @@ +krb5_init_context_profile - Create a krb5 library context using a specified profile. +====================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_init_context_profile(struct _profile_t * profile, krb5_flags flags, krb5_context * context) + +.. + + +:param: + + **[in]** **profile** - Profile object (NULL to create default profile) + + **[in]** **flags** - Context initialization flags + + **[out]** **context** - Library context + + +.. + + + +.. + + + + + + + +Create a context structure, optionally using a specified profile and initialization flags. If *profile* is NULL, the default profile will be created from config files. If *profile* is non-null, a copy of it will be made for the new context; the caller should still clean up its copy. Valid flag values are: + + + + + + - :data:`KRB5_INIT_CONTEXT_SECURE` Ignore environment variables + + + - :data:`KRB5_INIT_CONTEXT_KDC` Use KDC configuration if creating profile + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_init_creds_free.txt b/doc/html/_sources/appdev/refs/api/krb5_init_creds_free.txt new file mode 100644 index 000000000000..85efec065a5e --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_init_creds_free.txt @@ -0,0 +1,42 @@ +krb5_init_creds_free - Free an initial credentials context. +============================================================= + +.. + +.. c:function:: void krb5_init_creds_free(krb5_context context, krb5_init_creds_context ctx) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **ctx** - Initial credentials context + + +.. + + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_init_creds_get.txt b/doc/html/_sources/appdev/refs/api/krb5_init_creds_get.txt new file mode 100644 index 000000000000..05c26f3759b4 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_init_creds_get.txt @@ -0,0 +1,49 @@ +krb5_init_creds_get - Acquire credentials using an initial credentials context. +================================================================================= + +.. + +.. c:function:: krb5_error_code krb5_init_creds_get(krb5_context context, krb5_init_creds_context ctx) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **ctx** - Initial credentials context + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function synchronously obtains credentials using a context created by :c:func:`krb5_init_creds_init()` . On successful return, the credentials can be retrieved with :c:func:`krb5_init_creds_get_creds()` . + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_init_creds_get_creds.txt b/doc/html/_sources/appdev/refs/api/krb5_init_creds_get_creds.txt new file mode 100644 index 000000000000..46ef1cf4e1df --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_init_creds_get_creds.txt @@ -0,0 +1,51 @@ +krb5_init_creds_get_creds - Retrieve acquired credentials from an initial credentials context. +================================================================================================ + +.. + +.. c:function:: krb5_error_code krb5_init_creds_get_creds(krb5_context context, krb5_init_creds_context ctx, krb5_creds * creds) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **ctx** - Initial credentials context + + **[out]** **creds** - Acquired credentials + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function copies the acquired initial credentials from *ctx* into *creds* , after the successful completion of :c:func:`krb5_init_creds_get()` or :c:func:`krb5_init_creds_step()` . Use :c:func:`krb5_free_cred_contents()` to free *creds* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_init_creds_get_error.txt b/doc/html/_sources/appdev/refs/api/krb5_init_creds_get_error.txt new file mode 100644 index 000000000000..66aea0b85b7f --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_init_creds_get_error.txt @@ -0,0 +1,47 @@ +krb5_init_creds_get_error - Get the last error from KDC from an initial credentials context. +============================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_init_creds_get_error(krb5_context context, krb5_init_creds_context ctx, krb5_error ** error) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **ctx** - Initial credentials context + + **[out]** **error** - Error from KDC, or NULL if none was received + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_init_creds_get_times.txt b/doc/html/_sources/appdev/refs/api/krb5_init_creds_get_times.txt new file mode 100644 index 000000000000..7e9d516fc79b --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_init_creds_get_times.txt @@ -0,0 +1,51 @@ +krb5_init_creds_get_times - Retrieve ticket times from an initial credentials context. +======================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_init_creds_get_times(krb5_context context, krb5_init_creds_context ctx, krb5_ticket_times * times) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **ctx** - Initial credentials context + + **[out]** **times** - Ticket times for acquired credentials + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +The initial credentials context must have completed obtaining credentials via either :c:func:`krb5_init_creds_get()` or :c:func:`krb5_init_creds_step()` . + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_init_creds_init.txt b/doc/html/_sources/appdev/refs/api/krb5_init_creds_init.txt new file mode 100644 index 000000000000..6bbbeed869e4 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_init_creds_init.txt @@ -0,0 +1,59 @@ +krb5_init_creds_init - Create a context for acquiring initial credentials. +============================================================================ + +.. + +.. c:function:: krb5_error_code krb5_init_creds_init(krb5_context context, krb5_principal client, krb5_prompter_fct prompter, void * data, krb5_deltat start_time, krb5_get_init_creds_opt * options, krb5_init_creds_context * ctx) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **client** - Client principal to get initial creds for + + **[in]** **prompter** - Prompter callback + + **[in]** **data** - Prompter callback argument + + **[in]** **start_time** - Time when credentials become valid (0 for now) + + **[in]** **options** - Options structure (NULL for default) + + **[out]** **ctx** - New initial credentials context + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function creates a new context for acquiring initial credentials. Use :c:func:`krb5_init_creds_free()` to free *ctx* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_init_creds_set_keytab.txt b/doc/html/_sources/appdev/refs/api/krb5_init_creds_set_keytab.txt new file mode 100644 index 000000000000..222755aab8bb --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_init_creds_set_keytab.txt @@ -0,0 +1,51 @@ +krb5_init_creds_set_keytab - Specify a keytab to use for acquiring initial credentials. +========================================================================================= + +.. + +.. c:function:: krb5_error_code krb5_init_creds_set_keytab(krb5_context context, krb5_init_creds_context ctx, krb5_keytab keytab) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **ctx** - Initial credentials context + + **[in]** **keytab** - Key table handle + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function supplies a keytab containing the client key for an initial credentials request. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_init_creds_set_password.txt b/doc/html/_sources/appdev/refs/api/krb5_init_creds_set_password.txt new file mode 100644 index 000000000000..10ad140d04d3 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_init_creds_set_password.txt @@ -0,0 +1,51 @@ +krb5_init_creds_set_password - Set a password for acquiring initial credentials. +================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_init_creds_set_password(krb5_context context, krb5_init_creds_context ctx, const char * password) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **ctx** - Initial credentials context + + **[in]** **password** - Password + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function supplies a password to be used to construct the client key for an initial credentials request. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_init_creds_set_service.txt b/doc/html/_sources/appdev/refs/api/krb5_init_creds_set_service.txt new file mode 100644 index 000000000000..d08ffc7d629d --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_init_creds_set_service.txt @@ -0,0 +1,51 @@ +krb5_init_creds_set_service - Specify a service principal for acquiring initial credentials. +============================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_init_creds_set_service(krb5_context context, krb5_init_creds_context ctx, const char * service) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **ctx** - Initial credentials context + + **[in]** **service** - Service principal string + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function supplies a service principal string to acquire initial credentials for instead of the default krbtgt service. *service* is parsed as a principal name; any realm part is ignored. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_init_creds_step.txt b/doc/html/_sources/appdev/refs/api/krb5_init_creds_step.txt new file mode 100644 index 000000000000..c4e8a202aa53 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_init_creds_step.txt @@ -0,0 +1,65 @@ +krb5_init_creds_step - Get the next KDC request for acquiring initial credentials. +==================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_init_creds_step(krb5_context context, krb5_init_creds_context ctx, krb5_data * in, krb5_data * out, krb5_data * realm, unsigned int * flags) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **ctx** - Initial credentials context + + **[in]** **in** - KDC response (empty on the first call) + + **[out]** **out** - Next KDC request + + **[out]** **realm** - Realm for next KDC request + + **[out]** **flags** - Output flags + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function constructs the next KDC request in an initial credential exchange, allowing the caller to control the transport of KDC requests and replies. On the first call, *in* should be set to an empty buffer; on subsequent calls, it should be set to the KDC's reply to the previous request. + + + +If more requests are needed, *flags* will be set to :data:`KRB5_INIT_CREDS_STEP_FLAG_CONTINUE` and the next request will be placed in *out* . If no more requests are needed, *flags* will not contain :data:`KRB5_INIT_CREDS_STEP_FLAG_CONTINUE` and *out* will be empty. + + + +If this function returns **KRB5KRB_ERR_RESPONSE_TOO_BIG** , the caller should transmit the next request using TCP rather than UDP. If this function returns any other error, the initial credential exchange has failed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_init_keyblock.txt b/doc/html/_sources/appdev/refs/api/krb5_init_keyblock.txt new file mode 100644 index 000000000000..b0258eb6a067 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_init_keyblock.txt @@ -0,0 +1,61 @@ +krb5_init_keyblock - Initialize an empty krb5_keyblock . +========================================================== + +.. + +.. c:function:: krb5_error_code krb5_init_keyblock(krb5_context context, krb5_enctype enctype, size_t length, krb5_keyblock ** out) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **enctype** - Encryption type + + **[in]** **length** - Length of keyblock (or 0) + + **[out]** **out** - New keyblock structure + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +Initialize a new keyblock and allocate storage for the contents of the key. It is legal to pass in a length of 0, in which case contents are left unallocated. Use :c:func:`krb5_free_keyblock()` to free *out* when it is no longer needed. + + + + + + + + + + +.. + + + + + + +.. note:: + + If *length* is set to 0, contents are left unallocated. + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_init_random_key.txt b/doc/html/_sources/appdev/refs/api/krb5_init_random_key.txt new file mode 100644 index 000000000000..271d7274a122 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_init_random_key.txt @@ -0,0 +1,48 @@ +krb5_init_random_key +==================== + +.. + +.. c:function:: krb5_error_code krb5_init_random_key(krb5_context context, const krb5_encrypt_block * eblock, const krb5_keyblock * keyblock, krb5_pointer * ptr) + +.. + + +:param: + + **context** + + **eblock** + + **keyblock** + + **ptr** + + +.. + + + +.. + + +DEPRECATED Replaced by krb5_c_* API family. + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_init_secure_context.txt b/doc/html/_sources/appdev/refs/api/krb5_init_secure_context.txt new file mode 100644 index 000000000000..8d27396e3890 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_init_secure_context.txt @@ -0,0 +1,54 @@ +krb5_init_secure_context - Create a krb5 library context using only configuration files. +========================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_init_secure_context(krb5_context * context) + +.. + + +:param: + + **[out]** **context** - Library context + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +Create a context structure, using only system configuration files. All information passed through the environment variables is ignored. + + + +The *context* must be released by calling :c:func:`krb5_free_context()` when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_is_config_principal.txt b/doc/html/_sources/appdev/refs/api/krb5_is_config_principal.txt new file mode 100644 index 000000000000..3b50605a0547 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_is_config_principal.txt @@ -0,0 +1,45 @@ +krb5_is_config_principal - Test whether a principal is a configuration principal. +=================================================================================== + +.. + +.. c:function:: krb5_boolean krb5_is_config_principal(krb5_context context, krb5_const_principal principal) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **principal** - Principal to check + + +.. + + + +:return: + - TRUE if the principal is a configuration principal (generated part of krb5_cc_set_config() ); FALSE otherwise. + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_is_referral_realm.txt b/doc/html/_sources/appdev/refs/api/krb5_is_referral_realm.txt new file mode 100644 index 000000000000..89916c322a10 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_is_referral_realm.txt @@ -0,0 +1,43 @@ +krb5_is_referral_realm - Check for a match with KRB5_REFERRAL_REALM. +====================================================================== + +.. + +.. c:function:: krb5_boolean krb5_is_referral_realm(const krb5_data * r) + +.. + + +:param: + + **[in]** **r** - Realm to check + + +.. + + + +:return: + - TRUE if r is zero-length, FALSE otherwise + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_is_thread_safe.txt b/doc/html/_sources/appdev/refs/api/krb5_is_thread_safe.txt new file mode 100644 index 000000000000..812a2c321121 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_is_thread_safe.txt @@ -0,0 +1,43 @@ +krb5_is_thread_safe - Test whether the Kerberos library was built with multithread support. +============================================================================================= + +.. + +.. c:function:: krb5_boolean krb5_is_thread_safe(void None) + +.. + + +:param: + + **None** + + +.. + + +:retval: + - TRUE if the library is threadsafe; FALSE otherwise + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_k_create_key.txt b/doc/html/_sources/appdev/refs/api/krb5_k_create_key.txt new file mode 100644 index 000000000000..547338259701 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_k_create_key.txt @@ -0,0 +1,51 @@ +krb5_k_create_key - Create a krb5_key from the enctype and key data in a keyblock. +==================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_k_create_key(krb5_context context, const krb5_keyblock * key_data, krb5_key * out) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **key_data** - Keyblock + + **[out]** **out** - Opaque key + + +.. + + +:retval: + - 0 Success; otherwise - KRB5_BAD_ENCTYPE + + +.. + + + + + + + +The reference count on a key *out* is set to 1. Use :c:func:`krb5_k_free_key()` to free *out* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_k_decrypt.txt b/doc/html/_sources/appdev/refs/api/krb5_k_decrypt.txt new file mode 100644 index 000000000000..81b5c6321520 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_k_decrypt.txt @@ -0,0 +1,65 @@ +krb5_k_decrypt - Decrypt data using a key (operates on opaque key). +===================================================================== + +.. + +.. c:function:: krb5_error_code krb5_k_decrypt(krb5_context context, krb5_key key, krb5_keyusage usage, const krb5_data * cipher_state, const krb5_enc_data * input, krb5_data * output) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **key** - Encryption key + + **[in]** **usage** - Key usage (see :data:`KRB5_KEYUSAGE` types) + + **[inout]** **cipher_state** - Cipher state; specify NULL if not needed + + **[in]** **input** - Encrypted data + + **[out]** **output** - Decrypted data + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function decrypts the data block *input* and stores the output into *output* . The actual decryption key will be derived from *key* and *usage* if key derivation is specified for the encryption type. If non-null, *cipher_state* specifies the beginning state for the decryption operation, and is updated with the state to be passed as input to the next operation. + + + + + + + + + + +.. + + + + + + +.. note:: + + The caller must initialize *output* and allocate at least enough space for the result. The usual practice is to allocate an output buffer as long as the ciphertext, and let :c:func:`krb5_c_decrypt()` trim *output->length* . For some enctypes, the resulting *output->length* may include padding bytes. + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_k_decrypt_iov.txt b/doc/html/_sources/appdev/refs/api/krb5_k_decrypt_iov.txt new file mode 100644 index 000000000000..f6cf2f31f6e3 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_k_decrypt_iov.txt @@ -0,0 +1,70 @@ +krb5_k_decrypt_iov - Decrypt data in place supporting AEAD (operates on opaque key). +====================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_k_decrypt_iov(krb5_context context, krb5_key key, krb5_keyusage usage, const krb5_data * cipher_state, krb5_crypto_iov * data, size_t num_data) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **key** - Encryption key + + **[in]** **usage** - Key usage (see :data:`KRB5_KEYUSAGE` types) + + **[in]** **cipher_state** - Cipher state; specify NULL if not needed + + **[inout]** **data** - IOV array. Modified in-place. + + **[in]** **num_data** - Size of *data* + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function decrypts the data block *data* and stores the output in-place. The actual decryption key will be derived from *key* and *usage* if key derivation is specified for the encryption type. If non-null, *cipher_state* specifies the beginning state for the decryption operation, and is updated with the state to be passed as input to the next operation. The caller must allocate the right number of krb5_crypto_iov structures before calling into this API. + + + + + + + + + + +.. + +.. seealso:: + :c:func:`krb5_k_encrypt_iov()` + + + + + + +.. note:: + + On return from a :c:func:`krb5_c_decrypt_iov()` call, the *data->length* in the iov structure are adjusted to reflect actual lengths of the ciphertext used. For example, if the padding length is too large, the length will be reduced. Lengths are never increased. + + This function is similar to :c:func:`krb5_c_decrypt_iov()` , but operates on opaque key *key* . + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_k_encrypt.txt b/doc/html/_sources/appdev/refs/api/krb5_k_encrypt.txt new file mode 100644 index 000000000000..90f92c49e18c --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_k_encrypt.txt @@ -0,0 +1,65 @@ +krb5_k_encrypt - Encrypt data using a key (operates on opaque key). +===================================================================== + +.. + +.. c:function:: krb5_error_code krb5_k_encrypt(krb5_context context, krb5_key key, krb5_keyusage usage, const krb5_data * cipher_state, const krb5_data * input, krb5_enc_data * output) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **key** - Encryption key + + **[in]** **usage** - Key usage (see :data:`KRB5_KEYUSAGE` types) + + **[inout]** **cipher_state** - Cipher state; specify NULL if not needed + + **[in]** **input** - Data to be encrypted + + **[out]** **output** - Encrypted data + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function encrypts the data block *input* and stores the output into *output* . The actual encryption key will be derived from *key* and *usage* if key derivation is specified for the encryption type. If non-null, *cipher_state* specifies the beginning state for the encryption operation, and is updated with the state to be passed as input to the next operation. + + + + + + + + + + +.. + + + + + + +.. note:: + + The caller must initialize *output* and allocate at least enough space for the result (using :c:func:`krb5_c_encrypt_length()` to determine the amount of space needed). *output->length* will be set to the actual length of the ciphertext. + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_k_encrypt_iov.txt b/doc/html/_sources/appdev/refs/api/krb5_k_encrypt_iov.txt new file mode 100644 index 000000000000..c22152946681 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_k_encrypt_iov.txt @@ -0,0 +1,70 @@ +krb5_k_encrypt_iov - Encrypt data in place supporting AEAD (operates on opaque key). +====================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_k_encrypt_iov(krb5_context context, krb5_key key, krb5_keyusage usage, const krb5_data * cipher_state, krb5_crypto_iov * data, size_t num_data) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **key** - Encryption key + + **[in]** **usage** - Key usage (see :data:`KRB5_KEYUSAGE` types) + + **[in]** **cipher_state** - Cipher state; specify NULL if not needed + + **[inout]** **data** - IOV array. Modified in-place. + + **[in]** **num_data** - Size of *data* + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function encrypts the data block *data* and stores the output in-place. The actual encryption key will be derived from *key* and *usage* if key derivation is specified for the encryption type. If non-null, *cipher_state* specifies the beginning state for the encryption operation, and is updated with the state to be passed as input to the next operation. The caller must allocate the right number of krb5_crypto_iov structures before calling into this API. + + + + + + + + + + +.. + +.. seealso:: + :c:func:`krb5_k_decrypt_iov()` + + + + + + +.. note:: + + On return from a :c:func:`krb5_c_encrypt_iov()` call, the *data->length* in the iov structure are adjusted to reflect actual lengths of the ciphertext used. For example, if the padding length is too large, the length will be reduced. Lengths are never increased. + + This function is similar to :c:func:`krb5_c_encrypt_iov()` , but operates on opaque key *key* . + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_k_free_key.txt b/doc/html/_sources/appdev/refs/api/krb5_k_free_key.txt new file mode 100644 index 000000000000..c1060f6dd4d8 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_k_free_key.txt @@ -0,0 +1,39 @@ +krb5_k_free_key - Decrement the reference count on a key and free it if it hits zero. +======================================================================================= + +.. + +.. c:function:: void krb5_k_free_key(krb5_context context, krb5_key key) + +.. + + +:param: + + **context** + + **key** + + +.. + + + +.. + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_k_key_enctype.txt b/doc/html/_sources/appdev/refs/api/krb5_k_key_enctype.txt new file mode 100644 index 000000000000..d77a541e9869 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_k_key_enctype.txt @@ -0,0 +1,39 @@ +krb5_k_key_enctype - Retrieve the enctype of a krb5_key structure. +==================================================================== + +.. + +.. c:function:: krb5_enctype krb5_k_key_enctype(krb5_context context, krb5_key key) + +.. + + +:param: + + **context** + + **key** + + +.. + + + +.. + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_k_key_keyblock.txt b/doc/html/_sources/appdev/refs/api/krb5_k_key_keyblock.txt new file mode 100644 index 000000000000..efd782c95ee5 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_k_key_keyblock.txt @@ -0,0 +1,41 @@ +krb5_k_key_keyblock - Retrieve a copy of the keyblock from a krb5_key structure. +================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_k_key_keyblock(krb5_context context, krb5_key key, krb5_keyblock ** key_data) + +.. + + +:param: + + **context** + + **key** + + **key_data** + + +.. + + + +.. + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_k_make_checksum.txt b/doc/html/_sources/appdev/refs/api/krb5_k_make_checksum.txt new file mode 100644 index 000000000000..2a11066fc7cf --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_k_make_checksum.txt @@ -0,0 +1,68 @@ +krb5_k_make_checksum - Compute a checksum (operates on opaque key). +===================================================================== + +.. + +.. c:function:: krb5_error_code krb5_k_make_checksum(krb5_context context, krb5_cksumtype cksumtype, krb5_key key, krb5_keyusage usage, const krb5_data * input, krb5_checksum * cksum) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **cksumtype** - Checksum type (0 for mandatory type) + + **[in]** **key** - Encryption key for a keyed checksum + + **[in]** **usage** - Key usage (see :data:`KRB5_KEYUSAGE` types) + + **[in]** **input** - Input data + + **[out]** **cksum** - Generated checksum + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function computes a checksum of type *cksumtype* over *input* , using *key* if the checksum type is a keyed checksum. If *cksumtype* is 0 and *key* is non-null, the checksum type will be the mandatory-to-implement checksum type for the key's encryption type. The actual checksum key will be derived from *key* and *usage* if key derivation is specified for the checksum type. The newly created *cksum* must be released by calling :c:func:`krb5_free_checksum_contents()` when it is no longer needed. + + + + + + + + + + +.. + +.. seealso:: + :c:func:`krb5_c_verify_checksum()` + + + + + + +.. note:: + + This function is similar to :c:func:`krb5_c_make_checksum()` , but operates on opaque *key* . + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_k_make_checksum_iov.txt b/doc/html/_sources/appdev/refs/api/krb5_k_make_checksum_iov.txt new file mode 100644 index 000000000000..381f70632bf8 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_k_make_checksum_iov.txt @@ -0,0 +1,68 @@ +krb5_k_make_checksum_iov - Fill in a checksum element in IOV array (operates on opaque key) +============================================================================================= + +.. + +.. c:function:: krb5_error_code krb5_k_make_checksum_iov(krb5_context context, krb5_cksumtype cksumtype, krb5_key key, krb5_keyusage usage, krb5_crypto_iov * data, size_t num_data) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **cksumtype** - Checksum type (0 for mandatory type) + + **[in]** **key** - Encryption key for a keyed checksum + + **[in]** **usage** - Key usage (see :data:`KRB5_KEYUSAGE` types) + + **[inout]** **data** - IOV array + + **[in]** **num_data** - Size of *data* + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +Create a checksum in the :data:`KRB5_CRYPTO_TYPE_CHECKSUM` element over :data:`KRB5_CRYPTO_TYPE_DATA` and :data:`KRB5_CRYPTO_TYPE_SIGN_ONLY` chunks in *data* . Only the :data:`KRB5_CRYPTO_TYPE_CHECKSUM` region is modified. + + + + + + + + + + +.. + +.. seealso:: + :c:func:`krb5_k_verify_checksum_iov()` + + + + + + +.. note:: + + This function is similar to :c:func:`krb5_c_make_checksum_iov()` , but operates on opaque *key* . + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_k_prf.txt b/doc/html/_sources/appdev/refs/api/krb5_k_prf.txt new file mode 100644 index 000000000000..f6d952715098 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_k_prf.txt @@ -0,0 +1,61 @@ +krb5_k_prf - Generate enctype-specific pseudo-random bytes (operates on opaque key). +====================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_k_prf(krb5_context context, krb5_key key, krb5_data * input, krb5_data * output) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **key** - Key + + **[in]** **input** - Input data + + **[out]** **output** - Output data + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function selects a pseudo-random function based on *key* and computes its value over *input* , placing the result into *output* . The caller must preinitialize *output* and allocate space for the result. + + + + + + + + + + +.. + + + + + + +.. note:: + + This function is similar to :c:func:`krb5_c_prf()` , but operates on opaque *key* . + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_k_reference_key.txt b/doc/html/_sources/appdev/refs/api/krb5_k_reference_key.txt new file mode 100644 index 000000000000..06b4629eda7c --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_k_reference_key.txt @@ -0,0 +1,39 @@ +krb5_k_reference_key - Increment the reference count on a key. +================================================================ + +.. + +.. c:function:: void krb5_k_reference_key(krb5_context context, krb5_key key) + +.. + + +:param: + + **context** + + **key** + + +.. + + + +.. + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_k_verify_checksum.txt b/doc/html/_sources/appdev/refs/api/krb5_k_verify_checksum.txt new file mode 100644 index 000000000000..1a183f259804 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_k_verify_checksum.txt @@ -0,0 +1,65 @@ +krb5_k_verify_checksum - Verify a checksum (operates on opaque key). +====================================================================== + +.. + +.. c:function:: krb5_error_code krb5_k_verify_checksum(krb5_context context, krb5_key key, krb5_keyusage usage, const krb5_data * data, const krb5_checksum * cksum, krb5_boolean * valid) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **key** - Encryption key for a keyed checksum + + **[in]** **usage** - *key* usage + + **[in]** **data** - Data to be used to compute a new checksum using *key* to compare *cksum* against + + **[in]** **cksum** - Checksum to be verified + + **[out]** **valid** - Non-zero for success, zero for failure + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function verifies that *cksum* is a valid checksum for *data* . If the checksum type of *cksum* is a keyed checksum, *key* is used to verify the checksum. If the checksum type in *cksum* is 0 and *key* is not NULL, the mandatory checksum type for *key* will be used. The actual checksum key will be derived from *key* and *usage* if key derivation is specified for the checksum type. + + + + + + + + + + +.. + + + + + + +.. note:: + + This function is similar to :c:func:`krb5_c_verify_checksum()` , but operates on opaque *key* . + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_k_verify_checksum_iov.txt b/doc/html/_sources/appdev/refs/api/krb5_k_verify_checksum_iov.txt new file mode 100644 index 000000000000..1cfca031ea18 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_k_verify_checksum_iov.txt @@ -0,0 +1,70 @@ +krb5_k_verify_checksum_iov - Validate a checksum element in IOV array (operates on opaque key). +================================================================================================= + +.. + +.. c:function:: krb5_error_code krb5_k_verify_checksum_iov(krb5_context context, krb5_cksumtype cksumtype, krb5_key key, krb5_keyusage usage, const krb5_crypto_iov * data, size_t num_data, krb5_boolean * valid) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **cksumtype** - Checksum type (0 for mandatory type) + + **[in]** **key** - Encryption key for a keyed checksum + + **[in]** **usage** - Key usage (see :data:`KRB5_KEYUSAGE` types) + + **[in]** **data** - IOV array + + **[in]** **num_data** - Size of *data* + + **[out]** **valid** - Non-zero for success, zero for failure + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +Confirm that the checksum in the :data:`KRB5_CRYPTO_TYPE_CHECKSUM` element is a valid checksum of the :data:`KRB5_CRYPTO_TYPE_DATA` and :data:`KRB5_CRYPTO_TYPE_SIGN_ONLY` regions in the iov. + + + + + + + + + + +.. + +.. seealso:: + :c:func:`krb5_k_make_checksum_iov()` + + + + + + +.. note:: + + This function is similar to :c:func:`krb5_c_verify_checksum_iov()` , but operates on opaque *key* . + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_kt_add_entry.txt b/doc/html/_sources/appdev/refs/api/krb5_kt_add_entry.txt new file mode 100644 index 000000000000..f762d360ff70 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_kt_add_entry.txt @@ -0,0 +1,52 @@ +krb5_kt_add_entry - Add a new entry to a key table. +===================================================== + +.. + +.. c:function:: krb5_error_code krb5_kt_add_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry * entry) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **id** - Key table handle + + **[in]** **entry** - Entry to be added + + +.. + + +:retval: + - 0 Success + - ENOMEM Insufficient memory + - KRB5_KT_NOWRITE Key table is not writeable + + +:return: + - Kerberos error codes + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_kt_client_default.txt b/doc/html/_sources/appdev/refs/api/krb5_kt_client_default.txt new file mode 100644 index 000000000000..8f5663bcc05b --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_kt_client_default.txt @@ -0,0 +1,56 @@ +krb5_kt_client_default - Resolve the default client key table. +================================================================ + +.. + +.. c:function:: krb5_error_code krb5_kt_client_default(krb5_context context, krb5_keytab * keytab_out) + +.. + + +:param: + + **[in]** **context** - Library context + + **[out]** **keytab_out** - Key table handle + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +Fill *keytab_out* with a handle to the default client key table. + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.11 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_kt_close.txt b/doc/html/_sources/appdev/refs/api/krb5_kt_close.txt new file mode 100644 index 000000000000..4761ad689786 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_kt_close.txt @@ -0,0 +1,45 @@ +krb5_kt_close - Close a key table handle. +=========================================== + +.. + +.. c:function:: krb5_error_code krb5_kt_close(krb5_context context, krb5_keytab keytab) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **keytab** - Key table handle + + +.. + + +:retval: + - 0 None + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_kt_default.txt b/doc/html/_sources/appdev/refs/api/krb5_kt_default.txt new file mode 100644 index 000000000000..35f5a66049fb --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_kt_default.txt @@ -0,0 +1,52 @@ +krb5_kt_default - Resolve the default key table. +================================================== + +.. + +.. c:function:: krb5_error_code krb5_kt_default(krb5_context context, krb5_keytab * id) + +.. + + +:param: + + **[in]** **context** - Library context + + **[out]** **id** - Key table handle + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +Set *id* to a handle to the default key table. The key table is not opened. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_kt_default_name.txt b/doc/html/_sources/appdev/refs/api/krb5_kt_default_name.txt new file mode 100644 index 000000000000..6f9e558f97f5 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_kt_default_name.txt @@ -0,0 +1,55 @@ +krb5_kt_default_name - Get the default key table name. +======================================================== + +.. + +.. c:function:: krb5_error_code krb5_kt_default_name(krb5_context context, char * name, int name_size) + +.. + + +:param: + + **[in]** **context** - Library context + + **[out]** **name** - Default key table name + + **[in]** **name_size** - Space available in *name* + + +.. + + +:retval: + - 0 Success + - KRB5_CONFIG_NOTENUFSPACE Buffer is too short + + +:return: + - Kerberos error codes + +.. + + + + + + + +Fill *name* with the name of the default key table for *context* . + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_kt_dup.txt b/doc/html/_sources/appdev/refs/api/krb5_kt_dup.txt new file mode 100644 index 000000000000..745463503769 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_kt_dup.txt @@ -0,0 +1,52 @@ +krb5_kt_dup - Duplicate keytab handle. +======================================== + +.. + +.. c:function:: krb5_error_code krb5_kt_dup(krb5_context context, krb5_keytab in, krb5_keytab * out) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **in** - Key table handle to be duplicated + + **[out]** **out** - Key table handle + + +.. + + + +.. + + + + + + + +Create a new handle referring to the same key table as *in* . The new handle and *in* can be closed independently. + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.12 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_kt_end_seq_get.txt b/doc/html/_sources/appdev/refs/api/krb5_kt_end_seq_get.txt new file mode 100644 index 000000000000..9e4265307468 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_kt_end_seq_get.txt @@ -0,0 +1,54 @@ +krb5_kt_end_seq_get - Release a keytab cursor. +================================================ + +.. + +.. c:function:: krb5_error_code krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab, krb5_kt_cursor * cursor) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **keytab** - Key table handle + + **[out]** **cursor** - Cursor + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +This function should be called to release the cursor created by :c:func:`krb5_kt_start_seq_get()` . + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_kt_free_entry.txt b/doc/html/_sources/appdev/refs/api/krb5_kt_free_entry.txt new file mode 100644 index 000000000000..5eaa118f81c0 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_kt_free_entry.txt @@ -0,0 +1,44 @@ +krb5_kt_free_entry +================== + +.. + +.. c:function:: krb5_error_code krb5_kt_free_entry(krb5_context context, krb5_keytab_entry * entry) + +.. + + +:param: + + **context** + + **entry** + + +.. + + + +.. + + +DEPRECATED Use krb5_free_keytab_entry_contents instead. + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_kt_get_entry.txt b/doc/html/_sources/appdev/refs/api/krb5_kt_get_entry.txt new file mode 100644 index 000000000000..cfbae19e62d5 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_kt_get_entry.txt @@ -0,0 +1,70 @@ +krb5_kt_get_entry - Get an entry from a key table. +==================================================== + +.. + +.. c:function:: krb5_error_code krb5_kt_get_entry(krb5_context context, krb5_keytab keytab, krb5_const_principal principal, krb5_kvno vno, krb5_enctype enctype, krb5_keytab_entry * entry) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **keytab** - Key table handle + + **[in]** **principal** - Principal name + + **[in]** **vno** - Key version number (0 for highest available) + + **[in]** **enctype** - Encryption type (0 zero for any enctype) + + **[out]** **entry** - Returned entry from key table + + +.. + + +:retval: + - 0 Success + - Kerberos error codes on failure + + +.. + + + + + + + +Retrieve an entry from a key table which matches the *keytab* , *principal* , *vno* , and *enctype* . If *vno* is zero, retrieve the highest-numbered kvno matching the other fields. If *enctype* is 0, match any enctype. + + + +Use :c:func:`krb5_free_keytab_entry_contents()` to free *entry* when it is no longer needed. + + + + + + + + + + +.. + + + + + + +.. note:: + + If *vno* is zero, the function retrieves the highest-numbered-kvno entry that matches the specified principal. + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_kt_get_name.txt b/doc/html/_sources/appdev/refs/api/krb5_kt_get_name.txt new file mode 100644 index 000000000000..5d36dbba68a8 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_kt_get_name.txt @@ -0,0 +1,57 @@ +krb5_kt_get_name - Get a key table name. +========================================== + +.. + +.. c:function:: krb5_error_code krb5_kt_get_name(krb5_context context, krb5_keytab keytab, char * name, unsigned int namelen) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **keytab** - Key table handle + + **[out]** **name** - Key table name + + **[in]** **namelen** - Maximum length to fill in name + + +.. + + +:retval: + - 0 Success + - KRB5_KT_NAME_TOOLONG Key table name does not fit in namelen bytes + + +:return: + - Kerberos error codes + +.. + + + + + + + +Fill *name* with the name of *keytab* including the type and delimiter. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_kt_get_type.txt b/doc/html/_sources/appdev/refs/api/krb5_kt_get_type.txt new file mode 100644 index 000000000000..c675af8fa092 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_kt_get_type.txt @@ -0,0 +1,45 @@ +krb5_kt_get_type - Return the type of a key table. +==================================================== + +.. + +.. c:function:: const char * krb5_kt_get_type(krb5_context context, krb5_keytab keytab) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **keytab** - Key table handle + + +.. + + + +:return: + - The type of a key table as an alias that must not be modified or freed by the caller. + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_kt_have_content.txt b/doc/html/_sources/appdev/refs/api/krb5_kt_have_content.txt new file mode 100644 index 000000000000..dffa94e6ea54 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_kt_have_content.txt @@ -0,0 +1,50 @@ +krb5_kt_have_content - Check if a keytab exists and contains entries. +======================================================================= + +.. + +.. c:function:: krb5_error_code krb5_kt_have_content(krb5_context context, krb5_keytab keytab) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **keytab** - Key table handle + + +.. + + +:retval: + - 0 Keytab exists and contains entries + - KRB5_KT_NOTFOUND Keytab does not contain entries + + +.. + + + + + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.11 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_kt_next_entry.txt b/doc/html/_sources/appdev/refs/api/krb5_kt_next_entry.txt new file mode 100644 index 000000000000..993a4cc6f801 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_kt_next_entry.txt @@ -0,0 +1,57 @@ +krb5_kt_next_entry - Retrieve the next entry from the key table. +================================================================== + +.. + +.. c:function:: krb5_error_code krb5_kt_next_entry(krb5_context context, krb5_keytab keytab, krb5_keytab_entry * entry, krb5_kt_cursor * cursor) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **keytab** - Key table handle + + **[out]** **entry** - Returned key table entry + + **[in]** **cursor** - Key table cursor + + +.. + + +:retval: + - 0 Success + - KRB5_KT_END - if the last entry was reached + + +:return: + - Kerberos error codes + +.. + + + + + + + +Return the next sequential entry in *keytab* and advance *cursor* . Callers must release the returned entry with :c:func:`krb5_kt_free_entry()` . + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_kt_read_service_key.txt b/doc/html/_sources/appdev/refs/api/krb5_kt_read_service_key.txt new file mode 100644 index 000000000000..dd51694507e4 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_kt_read_service_key.txt @@ -0,0 +1,68 @@ +krb5_kt_read_service_key - Retrieve a service key from a key table. +===================================================================== + +.. + +.. c:function:: krb5_error_code krb5_kt_read_service_key(krb5_context context, krb5_pointer keyprocarg, krb5_principal principal, krb5_kvno vno, krb5_enctype enctype, krb5_keyblock ** key) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **keyprocarg** - Name of a key table (NULL to use default name) + + **[in]** **principal** - Service principal + + **[in]** **vno** - Key version number (0 for highest available) + + **[in]** **enctype** - Encryption type (0 for any type) + + **[out]** **key** - Service key from key table + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error code if not found or keyprocarg is invalid. + +.. + + + + + + + +Open and search the specified key table for the entry identified by *principal* , *enctype* , and *vno* . If no key is found, return an error code. + + + +The default key table is used, unless *keyprocarg* is non-null. *keyprocarg* designates a specific key table. + + + +Use :c:func:`krb5_free_keyblock()` to free *key* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_kt_remove_entry.txt b/doc/html/_sources/appdev/refs/api/krb5_kt_remove_entry.txt new file mode 100644 index 000000000000..10c1705acf76 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_kt_remove_entry.txt @@ -0,0 +1,51 @@ +krb5_kt_remove_entry - Remove an entry from a key table. +========================================================== + +.. + +.. c:function:: krb5_error_code krb5_kt_remove_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry * entry) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **id** - Key table handle + + **[in]** **entry** - Entry to remove from key table + + +.. + + +:retval: + - 0 Success + - KRB5_KT_NOWRITE Key table is not writable + + +:return: + - Kerberos error codes + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_kt_resolve.txt b/doc/html/_sources/appdev/refs/api/krb5_kt_resolve.txt new file mode 100644 index 000000000000..49d5e2563331 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_kt_resolve.txt @@ -0,0 +1,66 @@ +krb5_kt_resolve - Get a handle for a key table. +================================================= + +.. + +.. c:function:: krb5_error_code krb5_kt_resolve(krb5_context context, const char * name, krb5_keytab * ktid) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **name** - Name of the key table + + **[out]** **ktid** - Key table handle + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +Resolve the key table name *name* and set *ktid* to a handle identifying the key table. Use :c:func:`krb5_kt_close()` to free *ktid* when it is no longer needed. + + + + *name* must be of the form **type:residual** , where *type* must be a type known to the library and *residual* portion should be specific to the particular keytab type. If no *type* is given, the default is **FILE** . + + + +If *name* is of type **FILE** , the keytab file is not opened by this call. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_kt_start_seq_get.txt b/doc/html/_sources/appdev/refs/api/krb5_kt_start_seq_get.txt new file mode 100644 index 000000000000..b00b263656b9 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_kt_start_seq_get.txt @@ -0,0 +1,54 @@ +krb5_kt_start_seq_get - Start a sequential retrieval of key table entries. +============================================================================ + +.. + +.. c:function:: krb5_error_code krb5_kt_start_seq_get(krb5_context context, krb5_keytab keytab, krb5_kt_cursor * cursor) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **keytab** - Key table handle + + **[out]** **cursor** - Cursor + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +Prepare to read sequentially every key in the specified key table. Use :c:func:`krb5_kt_end_seq_get()` to release the cursor when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_kuserok.txt b/doc/html/_sources/appdev/refs/api/krb5_kuserok.txt new file mode 100644 index 000000000000..7dbd15f7646c --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_kuserok.txt @@ -0,0 +1,51 @@ +krb5_kuserok - Determine if a principal is authorized to log in as a local user. +================================================================================== + +.. + +.. c:function:: krb5_boolean krb5_kuserok(krb5_context context, krb5_principal principal, const char * luser) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **principal** - Principal name + + **[in]** **luser** - Local username + + +.. + + +:retval: + - TRUE Principal is authorized to log in as user; FALSE otherwise. + + +.. + + + + + + + +Determine whether *principal* is authorized to log in as a local user *luser* . + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_make_authdata_kdc_issued.txt b/doc/html/_sources/appdev/refs/api/krb5_make_authdata_kdc_issued.txt new file mode 100644 index 000000000000..e671af5f8e85 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_make_authdata_kdc_issued.txt @@ -0,0 +1,48 @@ +krb5_make_authdata_kdc_issued - Encode and sign AD-KDCIssued authorization data. +================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_make_authdata_kdc_issued(krb5_context context, const krb5_keyblock * key, krb5_const_principal issuer, krb5_authdata *const * authdata, krb5_authdata *** ad_kdcissued) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **key** - Session key + + **[in]** **issuer** - The name of the issuing principal + + **[in]** **authdata** - List of authorization data to be signed + + **[out]** **ad_kdcissued** - List containing AD-KDCIssued authdata + + +.. + + + +.. + + + + + + + +This function wraps a list of authorization data entries *authdata* in an AD-KDCIssued container (see RFC 4120 section 5.2.6.2) signed with *key* . The result is returned in *ad_kdcissued* as a single-element list. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_merge_authdata.txt b/doc/html/_sources/appdev/refs/api/krb5_merge_authdata.txt new file mode 100644 index 000000000000..86370ec42b93 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_merge_authdata.txt @@ -0,0 +1,61 @@ +krb5_merge_authdata - Merge two authorization data lists into a new list. +=========================================================================== + +.. + +.. c:function:: krb5_error_code krb5_merge_authdata(krb5_context context, krb5_authdata *const * inauthdat1, krb5_authdata *const * inauthdat2, krb5_authdata *** outauthdat) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **inauthdat1** - First list of *krb5_authdata* structures + + **[in]** **inauthdat2** - Second list of *krb5_authdata* structures + + **[out]** **outauthdat** - Merged list of *krb5_authdata* structures + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +Merge two authdata arrays, such as the array from a ticket and authenticator. Use :c:func:`krb5_free_authdata()` to free *outauthdat* when it is no longer needed. + + + + + + + + + + +.. + + + + + + +.. note:: + + The last array entry in *inauthdat1* and *inauthdat2* must be a NULL pointer. + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_mk_1cred.txt b/doc/html/_sources/appdev/refs/api/krb5_mk_1cred.txt new file mode 100644 index 000000000000..c1ab909eff14 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_mk_1cred.txt @@ -0,0 +1,60 @@ +krb5_mk_1cred - Format a KRB-CRED message for a single set of credentials. +============================================================================ + +.. + +.. c:function:: krb5_error_code krb5_mk_1cred(krb5_context context, krb5_auth_context auth_context, krb5_creds * pcreds, krb5_data ** ppdata, krb5_replay_data * outdata) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context + + **[in]** **pcreds** - Pointer to credentials + + **[out]** **ppdata** - Encoded credentials + + **[out]** **outdata** - Replay cache data (NULL if not needed) + + +.. + + +:retval: + - 0 Success + - ENOMEM Insufficient memory + - KRB5_RC_REQUIRED Message replay detection requires rcache parameter + + +:return: + - Kerberos error codes + +.. + + + + + + + +This is a convenience function that calls :c:func:`krb5_mk_ncred()` with a single set of credentials. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_mk_error.txt b/doc/html/_sources/appdev/refs/api/krb5_mk_error.txt new file mode 100644 index 000000000000..e0432106b031 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_mk_error.txt @@ -0,0 +1,51 @@ +krb5_mk_error - Format and encode a KRB_ERROR message. +======================================================== + +.. + +.. c:function:: krb5_error_code krb5_mk_error(krb5_context context, const krb5_error * dec_err, krb5_data * enc_err) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **dec_err** - Error structure to be encoded + + **[out]** **enc_err** - Encoded error structure + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function creates a **KRB_ERROR** message in *enc_err* . Use :c:func:`krb5_free_data_contents()` to free *enc_err* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_mk_ncred.txt b/doc/html/_sources/appdev/refs/api/krb5_mk_ncred.txt new file mode 100644 index 000000000000..7bf0577e5967 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_mk_ncred.txt @@ -0,0 +1,72 @@ +krb5_mk_ncred - Format a KRB-CRED message for an array of credentials. +======================================================================== + +.. + +.. c:function:: krb5_error_code krb5_mk_ncred(krb5_context context, krb5_auth_context auth_context, krb5_creds ** ppcreds, krb5_data ** ppdata, krb5_replay_data * outdata) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context + + **[in]** **ppcreds** - Null-terminated array of credentials + + **[out]** **ppdata** - Encoded credentials + + **[out]** **outdata** - Replay cache information (NULL if not needed) + + +.. + + +:retval: + - 0 Success + - ENOMEM Insufficient memory + - KRB5_RC_REQUIRED Message replay detection requires rcache parameter + + +:return: + - Kerberos error codes + +.. + + + + + + + +This function takes an array of credentials *ppcreds* and formats a **KRB-CRED** message *ppdata* to pass to :c:func:`krb5_rd_cred()` . + + + +The message will be encrypted using the send subkey of *auth_context* if it is present, or the session key otherwise. + + + + + + + + + + +.. + + + + + + +.. note:: + + If the :data:`KRB5_AUTH_CONTEXT_RET_TIME` or :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` flag is set in *auth_context* , *outdata* is required. + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_mk_priv.txt b/doc/html/_sources/appdev/refs/api/krb5_mk_priv.txt new file mode 100644 index 000000000000..2c3cefaf32e6 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_mk_priv.txt @@ -0,0 +1,82 @@ +krb5_mk_priv - Format a KRB-PRIV message. +=========================================== + +.. + +.. c:function:: krb5_error_code krb5_mk_priv(krb5_context context, krb5_auth_context auth_context, const krb5_data * userdata, krb5_data * outbuf, krb5_replay_data * outdata) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context + + **[in]** **userdata** - User data for **KRB-PRIV** message + + **[out]** **outbuf** - Formatted **KRB-PRIV** message + + **[out]** **outdata** - Replay cache handle (NULL if not needed) + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function is similar to :c:func:`krb5_mk_safe()` , but the message is encrypted and integrity-protected, not just integrity-protected. + + + +The local address in *auth_context* must be set, and is used to form the sender address used in the KRB-SAFE message. The remote address is optional; if specified, it will be used to form the receiver address used in the message. + + + + + + - :data:`KRB5_AUTH_CONTEXT_DO_TIME` - Use timestamps in *outdata* + + + - :data:`KRB5_AUTH_CONTEXT_RET_TIME` - Copy timestamp to *outdata* . + + + - :data:`KRB5_AUTH_CONTEXT_DO_SEQUENCE` - Use local sequence numbers from *auth_context* in replay cache. + + + - :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` - Use local sequence numbers from *auth_context* as a sequence number in the encrypted message *outbuf* . + + + + + + + + +.. + + + + + + +.. note:: + + If the :data:`KRB5_AUTH_CONTEXT_RET_TIME` or :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` flag is set in *auth_context* , the *outdata* is required. + + The flags from *auth_context* specify whether sequence numbers or timestamps will be used to identify the message. Valid values are: + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_mk_rep.txt b/doc/html/_sources/appdev/refs/api/krb5_mk_rep.txt new file mode 100644 index 000000000000..ef712e6849b6 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_mk_rep.txt @@ -0,0 +1,59 @@ +krb5_mk_rep - Format and encrypt a KRB_AP_REP message. +======================================================== + +.. + +.. c:function:: krb5_error_code krb5_mk_rep(krb5_context context, krb5_auth_context auth_context, krb5_data * outbuf) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context + + **[out]** **outbuf** - **AP-REP** message + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function fills in *outbuf* with an AP-REP message using information from *auth_context* . + + + +If the flags in *auth_context* indicate that a sequence number should be used (either :data:`KRB5_AUTH_CONTEXT_DO_SEQUENCE` or :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` ) and the local sequence number in *auth_context* is 0, a new number will be generated with krb5_generate_seq_number(). + + + +Use :c:func:`krb5_free_data_contents()` to free *outbuf* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_mk_rep_dce.txt b/doc/html/_sources/appdev/refs/api/krb5_mk_rep_dce.txt new file mode 100644 index 000000000000..ead597faa942 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_mk_rep_dce.txt @@ -0,0 +1,51 @@ +krb5_mk_rep_dce - Format and encrypt a KRB_AP_REP message for DCE RPC. +======================================================================== + +.. + +.. c:function:: krb5_error_code krb5_mk_rep_dce(krb5_context context, krb5_auth_context auth_context, krb5_data * outbuf) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context + + **[out]** **outbuf** - **AP-REP** message + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +Use :c:func:`krb5_free_data_contents()` to free *outbuf* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_mk_req.txt b/doc/html/_sources/appdev/refs/api/krb5_mk_req.txt new file mode 100644 index 000000000000..e3a5da424a8d --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_mk_req.txt @@ -0,0 +1,65 @@ +krb5_mk_req - Create a KRB_AP_REQ message. +============================================ + +.. + +.. c:function:: krb5_error_code krb5_mk_req(krb5_context context, krb5_auth_context * auth_context, krb5_flags ap_req_options, char * service, char * hostname, krb5_data * in_data, krb5_ccache ccache, krb5_data * outbuf) + +.. + + +:param: + + **[in]** **context** - Library context + + **[inout]** **auth_context** - Pre-existing or newly created auth context + + **[in]** **ap_req_options** - :data:`AP_OPTS` options + + **[in]** **service** - Service name, or NULL to use **"host"** + + **[in]** **hostname** - Host name, or NULL to use local hostname + + **[in]** **in_data** - Application data to be checksummed in the authenticator, or NULL + + **[in]** **ccache** - Credential cache used to obtain credentials for the desired service. + + **[out]** **outbuf** - **AP-REQ** message + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function is similar to :c:func:`krb5_mk_req_extended()` except that it uses a given *hostname* , *service* , and *ccache* to construct a service principal name and obtain credentials. + + + +Use :c:func:`krb5_free_data_contents()` to free *outbuf* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_mk_req_extended.txt b/doc/html/_sources/appdev/refs/api/krb5_mk_req_extended.txt new file mode 100644 index 000000000000..e3ef4b99b480 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_mk_req_extended.txt @@ -0,0 +1,74 @@ +krb5_mk_req_extended - Create a KRB_AP_REQ message using supplied credentials. +================================================================================ + +.. + +.. c:function:: krb5_error_code krb5_mk_req_extended(krb5_context context, krb5_auth_context * auth_context, krb5_flags ap_req_options, krb5_data * in_data, krb5_creds * in_creds, krb5_data * outbuf) + +.. + + +:param: + + **[in]** **context** - Library context + + **[inout]** **auth_context** - Pre-existing or newly created auth context + + **[in]** **ap_req_options** - :data:`AP_OPTS` options + + **[in]** **in_data** - Application data to be checksummed in the authenticator, or NULL + + **[in]** **in_creds** - Credentials for the service with valid ticket and key + + **[out]** **outbuf** - **AP-REQ** message + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +Valid *ap_req_options* are: + + - :data:`AP_OPTS_USE_SESSION_KEY` - Use the session key when creating the request used for user to user authentication. + + + - :data:`AP_OPTS_MUTUAL_REQUIRED` - Request a mutual authentication packet from the reciever. + + + - :data:`AP_OPTS_USE_SUBKEY` - Generate a subsession key from the current session key obtained from the credentials. + + This function creates a KRB_AP_REQ message using supplied credentials *in_creds* . *auth_context* may point to an existing auth context or to NULL, in which case a new one will be created. If *in_data* is non-null, a checksum of it will be included in the authenticator contained in the KRB_AP_REQ message. Use :c:func:`krb5_free_data_contents()` to free *outbuf* when it is no longer needed. + + + +On successful return, the authenticator is stored in *auth_context* with the *client* and *checksum* fields nulled out. (This is to prevent pointer-sharing problems; the caller should not need these fields anyway, since the caller supplied them.) + + + + + + + + + + +.. + +.. seealso:: + :c:func:`krb5_mk_req()` + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_mk_safe.txt b/doc/html/_sources/appdev/refs/api/krb5_mk_safe.txt new file mode 100644 index 000000000000..3921890d387c --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_mk_safe.txt @@ -0,0 +1,83 @@ +krb5_mk_safe - Format a KRB-SAFE message. +=========================================== + +.. + +.. c:function:: krb5_error_code krb5_mk_safe(krb5_context context, krb5_auth_context auth_context, const krb5_data * userdata, krb5_data * outbuf, krb5_replay_data * outdata) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context + + **[in]** **userdata** - User data in the message + + **[out]** **outbuf** - Formatted **KRB-SAFE** buffer + + **[out]** **outdata** - Replay data. Specify NULL if not needed + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function creates an integrity protected **KRB-SAFE** message using data supplied by the application. + + + +Fields in *auth_context* specify the checksum type, the keyblock that can be used to seed the checksum, full addresses (host and port) for the sender and receiver, and :data:`KRB5_AUTH_CONTEXT` flags. + + + +The local address in *auth_context* must be set, and is used to form the sender address used in the KRB-SAFE message. The remote address is optional; if specified, it will be used to form the receiver address used in the message. + + + +If :data:`KRB5_AUTH_CONTEXT_DO_TIME` flag is set in the *auth_context* , an entry describing the message is entered in the replay cache *auth_context->rcache* which enables the caller to detect if this message is reflected by an attacker. If :data:`KRB5_AUTH_CONTEXT_DO_TIME` is not set, the replay cache is not used. + + + +If either :data:`KRB5_AUTH_CONTEXT_DO_SEQUENCE` or :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` is set, the *auth_context* local sequence number will be placed in *outdata* as its sequence number. + + + +Use :c:func:`krb5_free_data_contents()` to free *outbuf* when it is no longer needed. + + + + + + + + + + +.. + + + + + + +.. note:: + + The *outdata* argument is required if :data:`KRB5_AUTH_CONTEXT_RET_TIME` or :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` flag is set in the *auth_context* . + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_os_localaddr.txt b/doc/html/_sources/appdev/refs/api/krb5_os_localaddr.txt new file mode 100644 index 000000000000..7af9e614a76f --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_os_localaddr.txt @@ -0,0 +1,49 @@ +krb5_os_localaddr - Return all interface addresses for this host. +=================================================================== + +.. + +.. c:function:: krb5_error_code krb5_os_localaddr(krb5_context context, krb5_address *** addr) + +.. + + +:param: + + **[in]** **context** - Library context + + **[out]** **addr** - Array of krb5_address pointers, ending with NULL + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +Use :c:func:`krb5_free_addresses()` to free *addr* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_pac_add_buffer.txt b/doc/html/_sources/appdev/refs/api/krb5_pac_add_buffer.txt new file mode 100644 index 000000000000..3f5fa7b8a69a --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_pac_add_buffer.txt @@ -0,0 +1,75 @@ +krb5_pac_add_buffer - Add a buffer to a PAC handle. +===================================================== + +.. + +.. c:function:: krb5_error_code krb5_pac_add_buffer(krb5_context context, krb5_pac pac, krb5_ui_4 type, const krb5_data * data) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **pac** - PAC handle + + **[in]** **type** - Buffer type + + **[in]** **data** - contents + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function adds a buffer of type *type* and contents *data* to *pac* if there isn't already a buffer of this type present. + + + +The valid values of *type* is one of the following: + + - :data:`KRB5_PAC_LOGON_INFO` - Logon information + + + - :data:`KRB5_PAC_CREDENTIALS_INFO` - Credentials information + + + - :data:`KRB5_PAC_SERVER_CHECKSUM` - Server checksum + + + - :data:`KRB5_PAC_PRIVSVR_CHECKSUM` - KDC checksum + + + - :data:`KRB5_PAC_CLIENT_INFO` - Client name and ticket information + + + - :data:`KRB5_PAC_DELEGATION_INFO` - Constrained delegation information + + + - :data:`KRB5_PAC_UPN_DNS_INFO` - User principal name and DNS information + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_pac_free.txt b/doc/html/_sources/appdev/refs/api/krb5_pac_free.txt new file mode 100644 index 000000000000..9b204befa350 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_pac_free.txt @@ -0,0 +1,42 @@ +krb5_pac_free - Free a PAC handle. +==================================== + +.. + +.. c:function:: void krb5_pac_free(krb5_context context, krb5_pac pac) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **pac** - PAC to be freed + + +.. + + + +.. + + + + + + + +This function frees the contents of *pac* and the structure itself. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_pac_get_buffer.txt b/doc/html/_sources/appdev/refs/api/krb5_pac_get_buffer.txt new file mode 100644 index 000000000000..ef31a5bcaa76 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_pac_get_buffer.txt @@ -0,0 +1,53 @@ +krb5_pac_get_buffer - Retrieve a buffer value from a PAC. +=========================================================== + +.. + +.. c:function:: krb5_error_code krb5_pac_get_buffer(krb5_context context, krb5_pac pac, krb5_ui_4 type, krb5_data * data) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **pac** - PAC handle + + **[in]** **type** - Type of buffer to retrieve + + **[out]** **data** - Buffer value + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +Use :c:func:`krb5_free_data_contents()` to free *data* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_pac_get_types.txt b/doc/html/_sources/appdev/refs/api/krb5_pac_get_types.txt new file mode 100644 index 000000000000..bce3b2c84fe6 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_pac_get_types.txt @@ -0,0 +1,49 @@ +krb5_pac_get_types - Return an array of buffer types in a PAC handle. +======================================================================= + +.. + +.. c:function:: krb5_error_code krb5_pac_get_types(krb5_context context, krb5_pac pac, size_t * len, krb5_ui_4 ** types) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **pac** - PAC handle + + **[out]** **len** - Number of entries in *types* + + **[out]** **types** - Array of buffer types + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_pac_init.txt b/doc/html/_sources/appdev/refs/api/krb5_pac_init.txt new file mode 100644 index 000000000000..4a0630d76917 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_pac_init.txt @@ -0,0 +1,49 @@ +krb5_pac_init - Create an empty Privilege Attribute Certificate (PAC) handle. +=============================================================================== + +.. + +.. c:function:: krb5_error_code krb5_pac_init(krb5_context context, krb5_pac * pac) + +.. + + +:param: + + **[in]** **context** - Library context + + **[out]** **pac** - New PAC handle + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +Use :c:func:`krb5_pac_free()` to free *pac* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_pac_parse.txt b/doc/html/_sources/appdev/refs/api/krb5_pac_parse.txt new file mode 100644 index 000000000000..1cae5be5a16c --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_pac_parse.txt @@ -0,0 +1,53 @@ +krb5_pac_parse - Unparse an encoded PAC into a new handle. +============================================================ + +.. + +.. c:function:: krb5_error_code krb5_pac_parse(krb5_context context, const void * ptr, size_t len, krb5_pac * pac) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **ptr** - PAC buffer + + **[in]** **len** - Length of *ptr* + + **[out]** **pac** - PAC handle + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +Use :c:func:`krb5_pac_free()` to free *pac* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_pac_sign.txt b/doc/html/_sources/appdev/refs/api/krb5_pac_sign.txt new file mode 100644 index 000000000000..3c6bc41e428c --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_pac_sign.txt @@ -0,0 +1,60 @@ +krb5_pac_sign - Sign a PAC. +============================= + +.. + +.. c:function:: krb5_error_code krb5_pac_sign(krb5_context context, krb5_pac pac, krb5_timestamp authtime, krb5_const_principal principal, const krb5_keyblock * server_key, const krb5_keyblock * privsvr_key, krb5_data * data) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **pac** - PAC handle + + **[in]** **authtime** - Expected timestamp + + **[in]** **principal** - Expected principal name (or NULL) + + **[in]** **server_key** - Key for server checksum + + **[in]** **privsvr_key** - Key for KDC checksum + + **[out]** **data** - Signed PAC encoding + + +.. + + + +.. + + + + + + + +This function signs *pac* using the keys *server_key* and *privsvr_key* and returns the signed encoding in *data* . *pac* is modified to include the server and KDC checksum buffers. Use :c:func:`krb5_free_data_contents()` to free *data* when it is no longer needed. + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.10 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_pac_verify.txt b/doc/html/_sources/appdev/refs/api/krb5_pac_verify.txt new file mode 100644 index 000000000000..d9af52f770ab --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_pac_verify.txt @@ -0,0 +1,69 @@ +krb5_pac_verify - Verify a PAC. +================================= + +.. + +.. c:function:: krb5_error_code krb5_pac_verify(krb5_context context, const krb5_pac pac, krb5_timestamp authtime, krb5_const_principal principal, const krb5_keyblock * server, const krb5_keyblock * privsvr) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **pac** - PAC handle + + **[in]** **authtime** - Expected timestamp + + **[in]** **principal** - Expected principal name (or NULL) + + **[in]** **server** - Key to validate server checksum (or NULL) + + **[in]** **privsvr** - Key to validate KDC checksum (or NULL) + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function validates *pac* against the supplied *server* , *privsvr* , *principal* and *authtime* . If *principal* is NULL, the principal and authtime are not verified. If *server* or *privsvr* is NULL, the corresponding checksum is not verified. + + + +If successful, *pac* is marked as verified. + + + + + + + + + + +.. + + + + + + +.. note:: + + A checksum mismatch can occur if the PAC was copied from a cross-realm TGT by an ignorant KDC; also Apple Mac OS X Server Open Directory (as of 10.6) generates PACs with no server checksum at all. One should consider not failing the whole authentication because of this reason, but, instead, treating the ticket as if it did not contain a PAC or marking the PAC information as non-verified. + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_parse_name.txt b/doc/html/_sources/appdev/refs/api/krb5_parse_name.txt new file mode 100644 index 000000000000..bbd1a1ac533f --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_parse_name.txt @@ -0,0 +1,74 @@ +krb5_parse_name - Convert a string principal name to a krb5_principal structure. +================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_parse_name(krb5_context context, const char * name, krb5_principal * principal_out) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **name** - String representation of a principal name + + **[out]** **principal_out** - New principal + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +Convert a string representation of a principal name to a krb5_principal structure. + + + +A string representation of a Kerberos name consists of one or more principal name components, separated by slashes, optionally followed by the @ character and a realm name. If the realm name is not specified, the local realm is used. + + + +To use the slash and @ symbols as part of a component (quoted) instead of using them as a component separator or as a realm prefix), put a backslash () character in front of the symbol. Similarly, newline, tab, backspace, and NULL characters can be included in a component by using **n** , **t** , **b** or **0** , respectively. + + + +Use :c:func:`krb5_free_principal()` to free *principal_out* when it is no longer needed. + + + + + + + + + + +.. + + + + + + +.. note:: + + The realm in a Kerberos *name* cannot contain slash, colon, or NULL characters. + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_parse_name_flags.txt b/doc/html/_sources/appdev/refs/api/krb5_parse_name_flags.txt new file mode 100644 index 000000000000..1190ec32d73e --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_parse_name_flags.txt @@ -0,0 +1,77 @@ +krb5_parse_name_flags - Convert a string principal name to a krb5_principal with flags. +========================================================================================= + +.. + +.. c:function:: krb5_error_code krb5_parse_name_flags(krb5_context context, const char * name, int flags, krb5_principal * principal_out) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **name** - String representation of a principal name + + **[in]** **flags** - Flag + + **[out]** **principal_out** - New principal + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +Similar to :c:func:`krb5_parse_name()` , this function converts a single-string representation of a principal name to a krb5_principal structure. + + + +The following flags are valid: + + - :data:`KRB5_PRINCIPAL_PARSE_NO_REALM` - no realm must be present in *name* + + + - :data:`KRB5_PRINCIPAL_PARSE_REQUIRE_REALM` - realm must be present in *name* + + + - :data:`KRB5_PRINCIPAL_PARSE_ENTERPRISE` - create single-component enterprise principal + + + - :data:`KRB5_PRINCIPAL_PARSE_IGNORE_REALM` - ignore realm if present in *name* + + If **KRB5_PRINCIPAL_PARSE_NO_REALM** or **KRB5_PRINCIPAL_PARSE_IGNORE_REALM** is specified in *flags* , the realm of the new principal will be empty. Otherwise, the default realm for *context* will be used if *name* does not specify a realm. + + + +Use :c:func:`krb5_free_principal()` to free *principal_out* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_prepend_error_message.txt b/doc/html/_sources/appdev/refs/api/krb5_prepend_error_message.txt new file mode 100644 index 000000000000..6503ab162196 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_prepend_error_message.txt @@ -0,0 +1,44 @@ +krb5_prepend_error_message - Add a prefix to the message for an error code. +============================================================================= + +.. + +.. c:function:: void krb5_prepend_error_message(krb5_context ctx, krb5_error_code code, const char * fmt, ... ) + +.. + + +:param: + + **[in]** **ctx** - Library context + + **[in]** **code** - Error code + + **[in]** **fmt** - Format string for error message prefix + + +.. + + + +.. + + + + + + + +Format a message and prepend it to the current message for *code* . The prefix will be separated from the old message with a colon and space. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_principal2salt.txt b/doc/html/_sources/appdev/refs/api/krb5_principal2salt.txt new file mode 100644 index 000000000000..c8852912309d --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_principal2salt.txt @@ -0,0 +1,47 @@ +krb5_principal2salt - Convert a principal name into the default salt for that principal. +========================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_principal2salt(krb5_context context, register krb5_const_principal pr, krb5_data * ret) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **pr** - Principal name + + **[out]** **ret** - Default salt for *pr* to be filled in + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_principal_compare.txt b/doc/html/_sources/appdev/refs/api/krb5_principal_compare.txt new file mode 100644 index 000000000000..269efe315b7b --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_principal_compare.txt @@ -0,0 +1,47 @@ +krb5_principal_compare - Compare two principals. +================================================== + +.. + +.. c:function:: krb5_boolean krb5_principal_compare(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **princ1** - First principal + + **[in]** **princ2** - Second principal + + +.. + + +:retval: + - TRUE if the principals are the same; FALSE otherwise + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_principal_compare_any_realm.txt b/doc/html/_sources/appdev/refs/api/krb5_principal_compare_any_realm.txt new file mode 100644 index 000000000000..d2766bdb0b66 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_principal_compare_any_realm.txt @@ -0,0 +1,51 @@ +krb5_principal_compare_any_realm - Compare two principals ignoring realm components. +====================================================================================== + +.. + +.. c:function:: krb5_boolean krb5_principal_compare_any_realm(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **princ1** - First principal + + **[in]** **princ2** - Second principal + + +.. + + +:retval: + - TRUE if the principals are the same; FALSE otherwise + + +.. + + + + + + + +Similar to :c:func:`krb5_principal_compare()` , but do not compare the realm components of the principals. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_principal_compare_flags.txt b/doc/html/_sources/appdev/refs/api/krb5_principal_compare_flags.txt new file mode 100644 index 000000000000..3df09d3f4aa0 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_principal_compare_flags.txt @@ -0,0 +1,65 @@ +krb5_principal_compare_flags - Compare two principals with additional flags. +============================================================================== + +.. + +.. c:function:: krb5_boolean krb5_principal_compare_flags(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2, int flags) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **princ1** - First principal + + **[in]** **princ2** - Second principal + + **[in]** **flags** - Flags + + +.. + + +:retval: + - TRUE if the principal names are the same; FALSE otherwise + + +.. + + + + + + + +Valid flags are: + + - :data:`KRB5_PRINCIPAL_COMPARE_IGNORE_REALM` - ignore realm component + + + - :data:`KRB5_PRINCIPAL_COMPARE_ENTERPRISE` - UPNs as real principals + + + - :data:`KRB5_PRINCIPAL_COMPARE_CASEFOLD` case-insensitive + + + - :data:`KRB5_PRINCIPAL_COMPARE_UTF8` - treat principals as UTF-8 + + + + + + + + +.. + +.. seealso:: + :c:func:`krb5_principal_compare()` + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_process_key.txt b/doc/html/_sources/appdev/refs/api/krb5_process_key.txt new file mode 100644 index 000000000000..3d08b5dcaea0 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_process_key.txt @@ -0,0 +1,46 @@ +krb5_process_key +================ + +.. + +.. c:function:: krb5_error_code krb5_process_key(krb5_context context, krb5_encrypt_block * eblock, const krb5_keyblock * key) + +.. + + +:param: + + **context** + + **eblock** + + **key** + + +.. + + + +.. + + +DEPRECATED Replaced by krb5_c_* API family. + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_prompter_posix.txt b/doc/html/_sources/appdev/refs/api/krb5_prompter_posix.txt new file mode 100644 index 000000000000..5450996a42de --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_prompter_posix.txt @@ -0,0 +1,64 @@ +krb5_prompter_posix - Prompt user for password. +================================================= + +.. + +.. c:function:: krb5_error_code krb5_prompter_posix(krb5_context context, void * data, const char * name, const char * banner, int num_prompts, krb5_prompt prompts) + +.. + + +:param: + + **[in]** **context** - Library context + + **data** - Unused (callback argument) + + **[in]** **name** - Name to output during prompt + + **[in]** **banner** - Banner to output during prompt + + **[in]** **num_prompts** - Number of prompts in *prompts* + + **[in]** **prompts** - Array of prompts and replies + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +This function is intended to be used as a prompter callback for :c:func:`krb5_get_init_creds_password()` or :c:func:`krb5_init_creds_init()` . + + + +Writes *name* and *banner* to stdout, each followed by a newline, then writes each prompt field in the *prompts* array, followed by":", and sets the reply field of the entry to a line of input read from stdin. If the hidden flag is set for a prompt, then terminal echoing is turned off when input is read. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_random_key.txt b/doc/html/_sources/appdev/refs/api/krb5_random_key.txt new file mode 100644 index 000000000000..d8e81ba33d79 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_random_key.txt @@ -0,0 +1,48 @@ +krb5_random_key +=============== + +.. + +.. c:function:: krb5_error_code krb5_random_key(krb5_context context, const krb5_encrypt_block * eblock, krb5_pointer ptr, krb5_keyblock ** keyblock) + +.. + + +:param: + + **context** + + **eblock** + + **ptr** + + **keyblock** + + +.. + + + +.. + + +DEPRECATED Replaced by krb5_c_* API family. + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_rd_cred.txt b/doc/html/_sources/appdev/refs/api/krb5_rd_cred.txt new file mode 100644 index 000000000000..29405647bf0e --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_rd_cred.txt @@ -0,0 +1,67 @@ +krb5_rd_cred - Read and validate a KRB-CRED message. +====================================================== + +.. + +.. c:function:: krb5_error_code krb5_rd_cred(krb5_context context, krb5_auth_context auth_context, krb5_data * pcreddata, krb5_creds *** pppcreds, krb5_replay_data * outdata) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context + + **[in]** **pcreddata** - **KRB-CRED** message + + **[out]** **pppcreds** - Null-terminated array of forwarded credentials + + **[out]** **outdata** - Replay data (NULL if not needed) + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + + *pcreddata* will be decrypted using the receiving subkey if it is present in *auth_context* , or the session key if the receiving subkey is not present or fails to decrypt the message. + + + +Use :c:func:`krb5_free_tgt_creds()` to free *pppcreds* when it is no longer needed. + + + + + + + + + + +.. + + + + + + +.. note:: + + The *outdata* argument is required if :data:`KRB5_AUTH_CONTEXT_RET_TIME` or :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` flag is set in the *auth_context* .` + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_rd_error.txt b/doc/html/_sources/appdev/refs/api/krb5_rd_error.txt new file mode 100644 index 000000000000..dd3437594e1b --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_rd_error.txt @@ -0,0 +1,51 @@ +krb5_rd_error - Decode a KRB-ERROR message. +============================================= + +.. + +.. c:function:: krb5_error_code krb5_rd_error(krb5_context context, const krb5_data * enc_errbuf, krb5_error ** dec_error) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **enc_errbuf** - Encoded error message + + **[out]** **dec_error** - Decoded error message + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function processes **KRB-ERROR** message *enc_errbuf* and returns an allocated structure *dec_error* containing the error message. Use :c:func:`krb5_free_error()` to free *dec_error* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_rd_priv.txt b/doc/html/_sources/appdev/refs/api/krb5_rd_priv.txt new file mode 100644 index 000000000000..af75e8f88eea --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_rd_priv.txt @@ -0,0 +1,76 @@ +krb5_rd_priv - Process a KRB-PRIV message. +============================================ + +.. + +.. c:function:: krb5_error_code krb5_rd_priv(krb5_context context, krb5_auth_context auth_context, const krb5_data * inbuf, krb5_data * outbuf, krb5_replay_data * outdata) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication structure + + **[in]** **inbuf** - **KRB-PRIV** message to be parsed + + **[out]** **outbuf** - Data parsed from **KRB-PRIV** message + + **[out]** **outdata** - Replay data. Specify NULL if not needed + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function parses a **KRB-PRIV** message, verifies its integrity, and stores its unencrypted data into *outbuf* . + + + +If the :data:`KRB5_AUTH_CONTEXT_DO_SEQUENCE` flag is set in *auth_context* , the sequence number of the KRB-SAFE message is checked against the remote sequence number field of *auth_context* . Otherwise, the sequence number is not used. + + + +If the :data:`KRB5_AUTH_CONTEXT_DO_TIME` flag is set in *auth_context* , then two additional checks are performed: + + - The timestamp in the message must be within the permitted clock skew (which is usually five minutes). + + + - The message must not be a replayed message field in *auth_context* . + + + + + + + + +.. + + + + + + +.. note:: + + If the :data:`KRB5_AUTH_CONTEXT_RET_TIME` or :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` flag is set in *auth_context* , *outdata* is required. + + *auth_context* must have a remote address set. This address will be used to verify the sender address in the KRB-PRIV message. If *auth_context* has a local address set, it will be used to verify the receiver address in the KRB-PRIV message if the message contains one. Both addresses must use type **ADDRTYPE_ADDRPORT** . + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_rd_rep.txt b/doc/html/_sources/appdev/refs/api/krb5_rd_rep.txt new file mode 100644 index 000000000000..67419a853be2 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_rd_rep.txt @@ -0,0 +1,57 @@ +krb5_rd_rep - Parse and decrypt a KRB_AP_REP message. +======================================================= + +.. + +.. c:function:: krb5_error_code krb5_rd_rep(krb5_context context, krb5_auth_context auth_context, const krb5_data * inbuf, krb5_ap_rep_enc_part ** repl) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context + + **[in]** **inbuf** - AP-REP message + + **[out]** **repl** - Decrypted reply message + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function parses, decrypts and verifies a message from *inbuf* and fills in *repl* with a pointer to allocated memory containing the fields from the encrypted response. + + + +Use :c:func:`krb5_free_ap_rep_enc_part()` to free *repl* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_rd_rep_dce.txt b/doc/html/_sources/appdev/refs/api/krb5_rd_rep_dce.txt new file mode 100644 index 000000000000..c82ef4317ce5 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_rd_rep_dce.txt @@ -0,0 +1,53 @@ +krb5_rd_rep_dce - Parse and decrypt a KRB_AP_REP message for DCE RPC. +======================================================================= + +.. + +.. c:function:: krb5_error_code krb5_rd_rep_dce(krb5_context context, krb5_auth_context auth_context, const krb5_data * inbuf, krb5_ui_4 * nonce) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context + + **[in]** **inbuf** - AP-REP message + + **[out]** **nonce** - Sequence number from the decrypted reply + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function parses, decrypts and verifies a message from *inbuf* and fills in *nonce* with a decrypted reply sequence number. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_rd_req.txt b/doc/html/_sources/appdev/refs/api/krb5_rd_req.txt new file mode 100644 index 000000000000..85516e3df54b --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_rd_req.txt @@ -0,0 +1,105 @@ +krb5_rd_req - Parse and decrypt a KRB_AP_REQ message. +======================================================= + +.. + +.. c:function:: krb5_error_code krb5_rd_req(krb5_context context, krb5_auth_context * auth_context, const krb5_data * inbuf, krb5_const_principal server, krb5_keytab keytab, krb5_flags * ap_req_options, krb5_ticket ** ticket) + +.. + + +:param: + + **[in]** **context** - Library context + + **[inout]** **auth_context** - Pre-existing or newly created auth context + + **[in]** **inbuf** - AP-REQ message to be parsed + + **[in]** **server** - Matching principal for server, or NULL to allow any principal in keytab + + **[in]** **keytab** - Key table, or NULL to use the default + + **[out]** **ap_req_options** - If non-null, the AP-REQ flags on output + + **[out]** **ticket** - If non-null, ticket from the AP-REQ message + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function parses, decrypts and verifies a AP-REQ message from *inbuf* and stores the authenticator in *auth_context* . + + + +If a keyblock was specified in *auth_context* using :c:func:`krb5_auth_con_setuseruserkey()` , that key is used to decrypt the ticket in AP-REQ message and *keytab* is ignored. In this case, *server* should be specified as a complete principal name to allow for proper transited-path checking and replay cache selection. + + + +Otherwise, the decryption key is obtained from *keytab* , or from the default keytab if it is NULL. In this case, *server* may be a complete principal name, a matching principal (see :c:func:`krb5_sname_match()` ), or NULL to match any principal name. The keys tried against the encrypted part of the ticket are determined as follows: + + + + + + - If *server* is a complete principal name, then its entry in *keytab* is tried. + + + - Otherwise, if *keytab* is iterable, then all entries in *keytab* which match *server* are tried. + + + - Otherwise, the server principal in the ticket must match *server* , and its entry in *keytab* is tried. + + + + + +The client specified in the decrypted authenticator must match the client specified in the decrypted ticket. + + + +If the *remote_addr* field of *auth_context* is set, the request must come from that address. + + + +If a replay cache handle is provided in the *auth_context* , the authenticator and ticket are verified against it. If no conflict is found, the new authenticator is then stored in the replay cache of *auth_context* . + + + +Various other checks are performed on the decoded data, including cross-realm policy, clockskew, and ticket validation times. + + + +On success the authenticator, subkey, and remote sequence number of the request are stored in *auth_context* . If the :data:`AP_OPTS_MUTUAL_REQUIRED` bit is set, the local sequence number is XORed with the remote sequence number in the request. + + + +Use :c:func:`krb5_free_ticket()` to free *ticket* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_rd_safe.txt b/doc/html/_sources/appdev/refs/api/krb5_rd_safe.txt new file mode 100644 index 000000000000..d6c096fa4c0e --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_rd_safe.txt @@ -0,0 +1,80 @@ +krb5_rd_safe - Process KRB-SAFE message. +========================================== + +.. + +.. c:function:: krb5_error_code krb5_rd_safe(krb5_context context, krb5_auth_context auth_context, const krb5_data * inbuf, krb5_data * outbuf, krb5_replay_data * outdata) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **auth_context** - Authentication context + + **[in]** **inbuf** - **KRB-SAFE** message to be parsed + + **[out]** **outbuf** - Data parsed from **KRB-SAFE** message + + **[out]** **outdata** - Replay data. Specify NULL if not needed + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function parses a **KRB-SAFE** message, verifies its integrity, and stores its data into *outbuf* . + + + +If the :data:`KRB5_AUTH_CONTEXT_DO_SEQUENCE` flag is set in *auth_context* , the sequence number of the KRB-SAFE message is checked against the remote sequence number field of *auth_context* . Otherwise, the sequence number is not used. + + + +If the :data:`KRB5_AUTH_CONTEXT_DO_TIME` flag is set in *auth_context* , then two additional checks are performed: + + - The timestamp in the message must be within the permitted clock skew (which is usually five minutes). + + + - The message must not be a replayed message field in *auth_context* . + + Use :c:func:`krb5_free_data_contents()` to free *outbuf* when it is no longer needed. + + + + + + + + + + +.. + + + + + + +.. note:: + + The *outdata* argument is required if :data:`KRB5_AUTH_CONTEXT_RET_TIME` or :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` flag is set in the *auth_context* . + + *auth_context* must have a remote address set. This address will be used to verify the sender address in the KRB-SAFE message. If *auth_context* has a local address set, it will be used to verify the receiver address in the KRB-SAFE message if the message contains one. Both addresses must use type **ADDRTYPE_ADDRPORT** . + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_read_password.txt b/doc/html/_sources/appdev/refs/api/krb5_read_password.txt new file mode 100644 index 000000000000..bc13db558e20 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_read_password.txt @@ -0,0 +1,70 @@ +krb5_read_password - Read a password from keyboard input. +=========================================================== + +.. + +.. c:function:: krb5_error_code krb5_read_password(krb5_context context, const char * prompt, const char * prompt2, char * return_pwd, unsigned int * size_return) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **prompt** - First user prompt when reading password + + **[in]** **prompt2** - Second user prompt (NULL to prompt only once) + + **[out]** **return_pwd** - Returned password + + **[inout]** **size_return** - On input, maximum size of password; on output, size of password read + + +.. + + +:retval: + - 0 Success + + +:return: + - Error in reading or verifying the password Kerberos error codes + +.. + + + + + + + +This function reads a password from keyboard input and stores it in *return_pwd* . *size_return* should be set by the caller to the amount of storage space available in *return_pwd* ; on successful return, it will be set to the length of the password read. + + + + *prompt* is printed to the terminal, followed by":", and then a password is read from the keyboard. + + + +If *prompt2* is NULL, the password is read only once. Otherwise, *prompt2* is printed to the terminal and a second password is read. If the two passwords entered are not identical, KRB5_LIBOS_BADPWDMATCH is returned. + + + +Echoing is turned off when the password is read. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_realm_compare.txt b/doc/html/_sources/appdev/refs/api/krb5_realm_compare.txt new file mode 100644 index 000000000000..f9df1b029aa2 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_realm_compare.txt @@ -0,0 +1,47 @@ +krb5_realm_compare - Compare the realms of two principals. +============================================================ + +.. + +.. c:function:: krb5_boolean krb5_realm_compare(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **princ1** - First principal + + **[in]** **princ2** - Second principal + + +.. + + +:retval: + - TRUE if the realm names are the same; FALSE otherwise + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_recvauth.txt b/doc/html/_sources/appdev/refs/api/krb5_recvauth.txt new file mode 100644 index 000000000000..c9bcaa870e35 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_recvauth.txt @@ -0,0 +1,68 @@ +krb5_recvauth - Server function for sendauth protocol. +======================================================== + +.. + +.. c:function:: krb5_error_code krb5_recvauth(krb5_context context, krb5_auth_context * auth_context, krb5_pointer fd, char * appl_version, krb5_principal server, krb5_int32 flags, krb5_keytab keytab, krb5_ticket ** ticket) + +.. + + +:param: + + **[in]** **context** - Library context + + **[inout]** **auth_context** - Pre-existing or newly created auth context + + **[in]** **fd** - File descriptor + + **[in]** **appl_version** - Application protocol version to be matched against the client's application version + + **[in]** **server** - Server principal (NULL for any in *keytab* ) + + **[in]** **flags** - Additional specifications + + **[in]** **keytab** - Key table containing service keys + + **[out]** **ticket** - Ticket (NULL if not needed) + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function performs the server side of a sendauth/recvauth exchange by sending and receiving messages over *fd* . + + + +Use :c:func:`krb5_free_ticket()` to free *ticket* when it is no longer needed. + + + + + + + + + + +.. + +.. seealso:: + :c:func:`krb5_sendauth()` + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_recvauth_version.txt b/doc/html/_sources/appdev/refs/api/krb5_recvauth_version.txt new file mode 100644 index 000000000000..6d3e446c5caf --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_recvauth_version.txt @@ -0,0 +1,61 @@ +krb5_recvauth_version - Server function for sendauth protocol with version parameter. +======================================================================================= + +.. + +.. c:function:: krb5_error_code krb5_recvauth_version(krb5_context context, krb5_auth_context * auth_context, krb5_pointer fd, krb5_principal server, krb5_int32 flags, krb5_keytab keytab, krb5_ticket ** ticket, krb5_data * version) + +.. + + +:param: + + **[in]** **context** - Library context + + **[inout]** **auth_context** - Pre-existing or newly created auth context + + **[in]** **fd** - File descriptor + + **[in]** **server** - Server principal (NULL for any in *keytab* ) + + **[in]** **flags** - Additional specifications + + **[in]** **keytab** - Decryption key + + **[out]** **ticket** - Ticket (NULL if not needed) + + **[out]** **version** - sendauth protocol version (NULL if not needed) + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function is similar to :c:func:`krb5_recvauth()` with the additional output information place into *version* . + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_responder_get_challenge.txt b/doc/html/_sources/appdev/refs/api/krb5_responder_get_challenge.txt new file mode 100644 index 000000000000..ae1edc9a4656 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_responder_get_challenge.txt @@ -0,0 +1,52 @@ +krb5_responder_get_challenge - Retrieve the challenge data for a given question in the responder context. +=========================================================================================================== + +.. + +.. c:function:: const char * krb5_responder_get_challenge(krb5_context ctx, krb5_responder_context rctx, const char * question) + +.. + + +:param: + + **[in]** **ctx** - Library context + + **[in]** **rctx** - Responder context + + **[in]** **question** - Question name + + +.. + + + +.. + + + + + + + +Return a pointer to a C string containing the challenge for *question* within *rctx* , or NULL if the question is not present in *rctx* . The structure of the question depends on the question name, but will always be printable UTF-8 text. The returned pointer is an alias, valid only as long as the lifetime of *rctx* , and should not be modified or freed by the caller. + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.11 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_responder_list_questions.txt b/doc/html/_sources/appdev/refs/api/krb5_responder_list_questions.txt new file mode 100644 index 000000000000..d1efd0148522 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_responder_list_questions.txt @@ -0,0 +1,50 @@ +krb5_responder_list_questions - List the question names contained in the responder context. +============================================================================================= + +.. + +.. c:function:: const char *const * krb5_responder_list_questions(krb5_context ctx, krb5_responder_context rctx) + +.. + + +:param: + + **[in]** **ctx** - Library context + + **[in]** **rctx** - Responder context + + +.. + + + +.. + + + + + + + +Return a pointer to a null-terminated list of question names which are present in *rctx* . The pointer is an alias, valid only as long as the lifetime of *rctx* , and should not be modified or freed by the caller. A question's challenge can be retrieved using :c:func:`krb5_responder_get_challenge()` and answered using :c:func:`krb5_responder_set_answer()` . + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.11 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_responder_otp_challenge_free.txt b/doc/html/_sources/appdev/refs/api/krb5_responder_otp_challenge_free.txt new file mode 100644 index 000000000000..fb4863ea1bb3 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_responder_otp_challenge_free.txt @@ -0,0 +1,48 @@ +krb5_responder_otp_challenge_free - Free the value returned by krb5_responder_otp_get_challenge() . +===================================================================================================== + +.. + +.. c:function:: void krb5_responder_otp_challenge_free(krb5_context ctx, krb5_responder_context rctx, krb5_responder_otp_challenge * chl) + +.. + + +:param: + + **[in]** **ctx** - Library context + + **[in]** **rctx** - Responder context + + **[in]** **chl** - The challenge to free + + +.. + + + +.. + + + + + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.11 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_responder_otp_get_challenge.txt b/doc/html/_sources/appdev/refs/api/krb5_responder_otp_get_challenge.txt new file mode 100644 index 000000000000..4fd609e980b6 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_responder_otp_get_challenge.txt @@ -0,0 +1,56 @@ +krb5_responder_otp_get_challenge - Decode the KRB5_RESPONDER_QUESTION_OTP to a C struct. +========================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_responder_otp_get_challenge(krb5_context ctx, krb5_responder_context rctx, krb5_responder_otp_challenge ** chl) + +.. + + +:param: + + **[in]** **ctx** - Library context + + **[in]** **rctx** - Responder context + + **[out]** **chl** - Challenge structure + + +.. + + + +.. + + + + + + + +A convenience function which parses the KRB5_RESPONDER_QUESTION_OTP question challenge data, making it available in native C. The main feature of this function is the ability to interact with OTP tokens without parsing the JSON. + + + +The returned value must be passed to :c:func:`krb5_responder_otp_challenge_free()` to be freed. + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.11 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_responder_otp_set_answer.txt b/doc/html/_sources/appdev/refs/api/krb5_responder_otp_set_answer.txt new file mode 100644 index 000000000000..0535a206aa19 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_responder_otp_set_answer.txt @@ -0,0 +1,52 @@ +krb5_responder_otp_set_answer - Answer the KRB5_RESPONDER_QUESTION_OTP question. +================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_responder_otp_set_answer(krb5_context ctx, krb5_responder_context rctx, size_t ti, const char * value, const char * pin) + +.. + + +:param: + + **[in]** **ctx** - Library context + + **[in]** **rctx** - Responder context + + **[in]** **ti** - The index of the tokeninfo selected + + **[in]** **value** - The value to set, or NULL for none + + **[in]** **pin** - The pin to set, or NULL for none + + +.. + + + +.. + + + + + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.11 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_responder_pkinit_challenge_free.txt b/doc/html/_sources/appdev/refs/api/krb5_responder_pkinit_challenge_free.txt new file mode 100644 index 000000000000..e7376aaf3852 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_responder_pkinit_challenge_free.txt @@ -0,0 +1,48 @@ +krb5_responder_pkinit_challenge_free - Free the value returned by krb5_responder_pkinit_get_challenge() . +=========================================================================================================== + +.. + +.. c:function:: void krb5_responder_pkinit_challenge_free(krb5_context ctx, krb5_responder_context rctx, krb5_responder_pkinit_challenge * chl) + +.. + + +:param: + + **[in]** **ctx** - Library context + + **[in]** **rctx** - Responder context + + **[in]** **chl** - The challenge to free + + +.. + + + +.. + + + + + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.12 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_responder_pkinit_get_challenge.txt b/doc/html/_sources/appdev/refs/api/krb5_responder_pkinit_get_challenge.txt new file mode 100644 index 000000000000..a14588127aca --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_responder_pkinit_get_challenge.txt @@ -0,0 +1,56 @@ +krb5_responder_pkinit_get_challenge - Decode the KRB5_RESPONDER_QUESTION_PKINIT to a C struct. +================================================================================================ + +.. + +.. c:function:: krb5_error_code krb5_responder_pkinit_get_challenge(krb5_context ctx, krb5_responder_context rctx, krb5_responder_pkinit_challenge ** chl_out) + +.. + + +:param: + + **[in]** **ctx** - Library context + + **[in]** **rctx** - Responder context + + **[out]** **chl_out** - Challenge structure + + +.. + + + +.. + + + + + + + +A convenience function which parses the KRB5_RESPONDER_QUESTION_PKINIT question challenge data, making it available in native C. The main feature of this function is the ability to read the challenge without parsing the JSON. + + + +The returned value must be passed to :c:func:`krb5_responder_pkinit_challenge_free()` to be freed. + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.12 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_responder_pkinit_set_answer.txt b/doc/html/_sources/appdev/refs/api/krb5_responder_pkinit_set_answer.txt new file mode 100644 index 000000000000..dc8fa57cc4a6 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_responder_pkinit_set_answer.txt @@ -0,0 +1,50 @@ +krb5_responder_pkinit_set_answer - Answer the KRB5_RESPONDER_QUESTION_PKINIT question for one identity. +========================================================================================================= + +.. + +.. c:function:: krb5_error_code krb5_responder_pkinit_set_answer(krb5_context ctx, krb5_responder_context rctx, const char * identity, const char * pin) + +.. + + +:param: + + **[in]** **ctx** - Library context + + **[in]** **rctx** - Responder context + + **[in]** **identity** - The identity for which a PIN is being supplied + + **[in]** **pin** - The provided PIN, or NULL for none + + +.. + + + +.. + + + + + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.12 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_responder_set_answer.txt b/doc/html/_sources/appdev/refs/api/krb5_responder_set_answer.txt new file mode 100644 index 000000000000..c5b588aacbbb --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_responder_set_answer.txt @@ -0,0 +1,57 @@ +krb5_responder_set_answer - Answer a named question in the responder context. +=============================================================================== + +.. + +.. c:function:: krb5_error_code krb5_responder_set_answer(krb5_context ctx, krb5_responder_context rctx, const char * question, const char * answer) + +.. + + +:param: + + **[in]** **ctx** - Library context + + **[in]** **rctx** - Responder context + + **[in]** **question** - Question name + + **[in]** **answer** - The string to set (MUST be printable UTF-8) + + +.. + + +:retval: + - EINVAL question is not present within rctx + + +.. + + + + + + + +This function supplies an answer to *question* within *rctx* . The appropriate form of the answer depends on the question name. + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.11 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_salttype_to_string.txt b/doc/html/_sources/appdev/refs/api/krb5_salttype_to_string.txt new file mode 100644 index 000000000000..e0e44a6bfba5 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_salttype_to_string.txt @@ -0,0 +1,47 @@ +krb5_salttype_to_string - Convert a salt type to a string. +============================================================ + +.. + +.. c:function:: krb5_error_code krb5_salttype_to_string(krb5_int32 salttype, char * buffer, size_t buflen) + +.. + + +:param: + + **[in]** **salttype** - Salttype to convert + + **[out]** **buffer** - Buffer to receive the converted string + + **[in]** **buflen** - Storage available in *buffer* + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_sendauth.txt b/doc/html/_sources/appdev/refs/api/krb5_sendauth.txt new file mode 100644 index 000000000000..29abeaf4a2f5 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_sendauth.txt @@ -0,0 +1,98 @@ +krb5_sendauth - Client function for sendauth protocol. +======================================================== + +.. + +.. c:function:: krb5_error_code krb5_sendauth(krb5_context context, krb5_auth_context * auth_context, krb5_pointer fd, char * appl_version, krb5_principal client, krb5_principal server, krb5_flags ap_req_options, krb5_data * in_data, krb5_creds * in_creds, krb5_ccache ccache, krb5_error ** error, krb5_ap_rep_enc_part ** rep_result, krb5_creds ** out_creds) + +.. + + +:param: + + **[in]** **context** - Library context + + **[inout]** **auth_context** - Pre-existing or newly created auth context + + **[in]** **fd** - File descriptor that describes network socket + + **[in]** **appl_version** - Application protocol version to be matched with the receiver's application version + + **[in]** **client** - Client principal + + **[in]** **server** - Server principal + + **[in]** **ap_req_options** - :data:`AP_OPTS` options + + **[in]** **in_data** - Data to be sent to the server + + **[in]** **in_creds** - Input credentials, or NULL to use *ccache* + + **[in]** **ccache** - Credential cache + + **[out]** **error** - If non-null, contains KRB_ERROR message returned from server + + **[out]** **rep_result** - If non-null and *ap_req_options* is :data:`AP_OPTS_MUTUAL_REQUIRED` , contains the result of mutual authentication exchange + + **[out]** **out_creds** - If non-null, the retrieved credentials + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function performs the client side of a sendauth/recvauth exchange by sending and receiving messages over *fd* . + + + +Credentials may be specified in three ways: + + + + + + - If *in_creds* is NULL, credentials are obtained with :c:func:`krb5_get_credentials()` using the principals *client* and *server* . *server* must be non-null; *client* may NULL to use the default principal of *ccache* . + + + + - If *in_creds* is non-null, but does not contain a ticket, credentials for the exchange are obtained with :c:func:`krb5_get_credentials()` using *in_creds* . In this case, the values of *client* and *server* are unused. + + + + - If *in_creds* is a complete credentials structure, it used directly. In this case, the values of *client* , *server* , and *ccache* are unused. + + If the server is using a different application protocol than that specified in *appl_version* , an error will be returned. + + + +Use :c:func:`krb5_free_creds()` to free *out_creds* , :c:func:`krb5_free_ap_rep_enc_part()` to free *rep_result* , and :c:func:`krb5_free_error()` to free *error* when they are no longer needed. + + + + + + + + + + +.. + +.. seealso:: + :c:func:`krb5_recvauth()` + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_server_decrypt_ticket_keytab.txt b/doc/html/_sources/appdev/refs/api/krb5_server_decrypt_ticket_keytab.txt new file mode 100644 index 000000000000..0ec0337159f2 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_server_decrypt_ticket_keytab.txt @@ -0,0 +1,51 @@ +krb5_server_decrypt_ticket_keytab - Decrypt a ticket using the specified key table. +===================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_server_decrypt_ticket_keytab(krb5_context context, const krb5_keytab kt, krb5_ticket * ticket) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **kt** - Key table + + **[in]** **ticket** - Ticket to be decrypted + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function takes a *ticket* as input and decrypts it using key data from *kt* . The result is placed into *ticket->enc_part2* . + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_set_default_realm.txt b/doc/html/_sources/appdev/refs/api/krb5_set_default_realm.txt new file mode 100644 index 000000000000..d9ac43d5efc3 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_set_default_realm.txt @@ -0,0 +1,52 @@ +krb5_set_default_realm - Override the default realm for the specified context. +================================================================================ + +.. + +.. c:function:: krb5_error_code krb5_set_default_realm(krb5_context context, const char * lrealm) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **lrealm** - Realm name for the default realm + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +If *lrealm* is NULL, clear the default realm setting. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_set_default_tgs_enctypes.txt b/doc/html/_sources/appdev/refs/api/krb5_set_default_tgs_enctypes.txt new file mode 100644 index 000000000000..870ca63dc202 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_set_default_tgs_enctypes.txt @@ -0,0 +1,61 @@ +krb5_set_default_tgs_enctypes - Set default TGS encryption types in a krb5_context structure. +=============================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_set_default_tgs_enctypes(krb5_context context, const krb5_enctype * etypes) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **etypes** - Encryption type(s) to set + + +.. + + +:retval: + - 0 Success + - KRB5_PROG_ETYPE_NOSUPP Program lacks support for encryption type + + +:return: + - Kerberos error codes + +.. + + + + + + + +This function sets the default enctype list for TGS requests made using *context* to *etypes* . + + + + + + + + + + +.. + + + + + + +.. note:: + + This overrides the default list (from config file or built-in). + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_set_error_message.txt b/doc/html/_sources/appdev/refs/api/krb5_set_error_message.txt new file mode 100644 index 000000000000..86bf9b7c7dde --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_set_error_message.txt @@ -0,0 +1,44 @@ +krb5_set_error_message - Set an extended error message for an error code. +=========================================================================== + +.. + +.. c:function:: void krb5_set_error_message(krb5_context ctx, krb5_error_code code, const char * fmt, ... ) + +.. + + +:param: + + **[in]** **ctx** - Library context + + **[in]** **code** - Error code + + **[in]** **fmt** - Error string for the error code + + +.. + + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_set_kdc_recv_hook.txt b/doc/html/_sources/appdev/refs/api/krb5_set_kdc_recv_hook.txt new file mode 100644 index 000000000000..66a334a44b8c --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_set_kdc_recv_hook.txt @@ -0,0 +1,52 @@ +krb5_set_kdc_recv_hook - Set a KDC post-receive hook function. +================================================================ + +.. + +.. c:function:: void krb5_set_kdc_recv_hook(krb5_context context, krb5_post_recv_fn recv_hook, void * data) + +.. + + +:param: + + **[in]** **context** - The library context. + + **[in]** **recv_hook** - Hook function (or NULL to disable the hook) + + **[in]** **data** - Callback data to be passed to *recv_hook* + + +.. + + + +.. + + + + + + + + *recv_hook* will be called after a reply is received from a KDC during a call to a library function such as :c:func:`krb5_get_credentials()` . The hook function may inspect or override the reply. This hook will not be executed if the pre-send hook returns a synthetic reply. + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.15 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_set_kdc_send_hook.txt b/doc/html/_sources/appdev/refs/api/krb5_set_kdc_send_hook.txt new file mode 100644 index 000000000000..7bffffb44616 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_set_kdc_send_hook.txt @@ -0,0 +1,52 @@ +krb5_set_kdc_send_hook - Set a KDC pre-send hook function. +============================================================ + +.. + +.. c:function:: void krb5_set_kdc_send_hook(krb5_context context, krb5_pre_send_fn send_hook, void * data) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **send_hook** - Hook function (or NULL to disable the hook) + + **[in]** **data** - Callback data to be passed to *send_hook* + + +.. + + + +.. + + + + + + + + *send_hook* will be called before messages are sent to KDCs by library functions such as :c:func:`krb5_get_credentials()` . The hook function may inspect, override, or synthesize its own reply to the message. + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.15 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_set_password.txt b/doc/html/_sources/appdev/refs/api/krb5_set_password.txt new file mode 100644 index 000000000000..0fefb2cea3e2 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_set_password.txt @@ -0,0 +1,74 @@ +krb5_set_password - Set a password for a principal using specified credentials. +================================================================================= + +.. + +.. c:function:: krb5_error_code krb5_set_password(krb5_context context, krb5_creds * creds, const char * newpw, krb5_principal change_password_for, int * result_code, krb5_data * result_code_string, krb5_data * result_string) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **creds** - Credentials for kadmin/changepw service + + **[in]** **newpw** - New password + + **[in]** **change_password_for** - Change the password for this principal + + **[out]** **result_code** - Numeric error code from server + + **[out]** **result_code_string** - String equivalent to *result_code* + + **[out]** **result_string** - Data returned from the remote system + + +.. + + +:retval: + - 0 Success and result_code is set to KRB5_KPASSWD_SUCCESS . + + +:return: + - Kerberos error codes. + +.. + + + + + + + +This function uses the credentials *creds* to set the password *newpw* for the principal *change_password_for* . It implements the set password operation of RFC 3244, for interoperability with Microsoft Windows implementations. + + + +The error code and strings are returned in *result_code* , *result_code_string* and *result_string* . + + + + + + + + + + +.. + + + + + + +.. note:: + + If *change_password_for* is NULL, the change is performed on the current principal. If *change_password_for* is non-null, the change is performed on the principal name passed in *change_password_for* . + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_set_password_using_ccache.txt b/doc/html/_sources/appdev/refs/api/krb5_set_password_using_ccache.txt new file mode 100644 index 000000000000..24bf4be7edd6 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_set_password_using_ccache.txt @@ -0,0 +1,74 @@ +krb5_set_password_using_ccache - Set a password for a principal using cached credentials. +=========================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_set_password_using_ccache(krb5_context context, krb5_ccache ccache, const char * newpw, krb5_principal change_password_for, int * result_code, krb5_data * result_code_string, krb5_data * result_string) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **ccache** - Credential cache + + **[in]** **newpw** - New password + + **[in]** **change_password_for** - Change the password for this principal + + **[out]** **result_code** - Numeric error code from server + + **[out]** **result_code_string** - String equivalent to *result_code* + + **[out]** **result_string** - Data returned from the remote system + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +This function uses the cached credentials from *ccache* to set the password *newpw* for the principal *change_password_for* . It implements RFC 3244 set password operation (interoperable with MS Windows implementations) using the credential cache. + + + +The error code and strings are returned in *result_code* , *result_code_string* and *result_string* . + + + + + + + + + + +.. + + + + + + +.. note:: + + If *change_password_for* is set to NULL, the change is performed on the default principal in *ccache* . If *change_password_for* is non null, the change is performed on the specified principal. + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_set_principal_realm.txt b/doc/html/_sources/appdev/refs/api/krb5_set_principal_realm.txt new file mode 100644 index 000000000000..0319b338aa78 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_set_principal_realm.txt @@ -0,0 +1,54 @@ +krb5_set_principal_realm - Set the realm field of a principal. +================================================================ + +.. + +.. c:function:: krb5_error_code krb5_set_principal_realm(krb5_context context, krb5_principal principal, const char * realm) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **principal** - Principal name + + **[in]** **realm** - Realm name + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +Set the realm name part of *principal* to *realm* , overwriting the previous realm. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_set_real_time.txt b/doc/html/_sources/appdev/refs/api/krb5_set_real_time.txt new file mode 100644 index 000000000000..18d7a6b5f913 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_set_real_time.txt @@ -0,0 +1,51 @@ +krb5_set_real_time - Set time offset field in a krb5_context structure. +========================================================================= + +.. + +.. c:function:: krb5_error_code krb5_set_real_time(krb5_context context, krb5_timestamp seconds, krb5_int32 microseconds) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **seconds** - Real time, seconds portion + + **[in]** **microseconds** - Real time, microseconds portion + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function sets the time offset in *context* to the difference between the system time and the real time as determined by *seconds* and *microseconds* . + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_set_trace_callback.txt b/doc/html/_sources/appdev/refs/api/krb5_set_trace_callback.txt new file mode 100644 index 000000000000..4c31ddb61001 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_set_trace_callback.txt @@ -0,0 +1,63 @@ +krb5_set_trace_callback - Specify a callback function for trace events. +========================================================================= + +.. + +.. c:function:: krb5_error_code krb5_set_trace_callback(krb5_context context, krb5_trace_callback fn, void * cb_data) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **fn** - Callback function + + **[in]** **cb_data** - Callback data + + +.. + + + +:return: + - Returns KRB5_TRACE_NOSUPP if tracing is not supported in the library (unless fn is NULL). + +.. + + + + + + + +Specify a callback for trace events occurring in krb5 operations performed within *context* . *fn* will be invoked with *context* as the first argument, *cb_data* as the last argument, and a pointer to a krb5_trace_info as the second argument. If the trace callback is reset via this function or *context* is destroyed, *fn* will be invoked with a NULL second argument so it can clean up *cb_data* . Supply a NULL value for *fn* to disable trace callbacks within *context* . + + + + + + + + + + +.. + + + + + + +.. note:: + + This function overrides the information passed through the *KRB5_TRACE* environment variable. + + + +.. note:: + + New in 1.9 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_set_trace_filename.txt b/doc/html/_sources/appdev/refs/api/krb5_set_trace_filename.txt new file mode 100644 index 000000000000..6d75325a3489 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_set_trace_filename.txt @@ -0,0 +1,61 @@ +krb5_set_trace_filename - Specify a file name for directing trace events. +=========================================================================== + +.. + +.. c:function:: krb5_error_code krb5_set_trace_filename(krb5_context context, const char * filename) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **filename** - File name + + +.. + + +:retval: + - KRB5_TRACE_NOSUPP Tracing is not supported in the library. + + +.. + + + + + + + +Open *filename* for appending (creating it, if necessary) and set up a callback to write trace events to it. + + + + + + + + + + +.. + + + + + + +.. note:: + + This function overrides the information passed through the *KRB5_TRACE* environment variable. + + + +.. note:: + + New in 1.9 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_sname_match.txt b/doc/html/_sources/appdev/refs/api/krb5_sname_match.txt new file mode 100644 index 000000000000..c37500068263 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_sname_match.txt @@ -0,0 +1,59 @@ +krb5_sname_match - Test whether a principal matches a matching principal. +=========================================================================== + +.. + +.. c:function:: krb5_boolean krb5_sname_match(krb5_context context, krb5_const_principal matching, krb5_const_principal princ) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **matching** - Matching principal + + **[in]** **princ** - Principal to test + + +.. + + + +:return: + - TRUE if princ matches matching , FALSE otherwise. + +.. + + + + + + + +If *matching* is NULL, return TRUE. If *matching* is not a matching principal, return the value of krb5_principal_compare(context, matching, princ). + + + + + + + + + + +.. + + + + + + +.. note:: + + A matching principal is a host-based principal with an empty realm and/or second data component (hostname). Profile configuration may cause the hostname to be ignored even if it is present. A principal matches a matching principal if the former has the same non-empty (and non-ignored) components of the latter. + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_sname_to_principal.txt b/doc/html/_sources/appdev/refs/api/krb5_sname_to_principal.txt new file mode 100644 index 000000000000..07b4849a91ab --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_sname_to_principal.txt @@ -0,0 +1,74 @@ +krb5_sname_to_principal - Generate a full principal name from a service name. +=============================================================================== + +.. + +.. c:function:: krb5_error_code krb5_sname_to_principal(krb5_context context, const char * hostname, const char * sname, krb5_int32 type, krb5_principal * ret_princ) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **hostname** - Host name, or NULL to use local host + + **[in]** **sname** - Service name, or NULL to use **"host"** + + **[in]** **type** - Principal type + + **[out]** **ret_princ** - Generated principal + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +This function converts a *hostname* and *sname* into *krb5_principal* structure *ret_princ* . The returned principal will be of the form *sname\/hostname@REALM* where REALM is determined by :c:func:`krb5_get_host_realm()` . In some cases this may be the referral (empty) realm. + + + +The *type* can be one of the following: + + + + + + - :data:`KRB5_NT_SRV_HST` canonicalizes the host name before looking up the realm and generating the principal. + + + + - :data:`KRB5_NT_UNKNOWN` accepts the hostname as given, and does not canonicalize it. + + Use krb5_free_principal to free *ret_princ* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_string_to_cksumtype.txt b/doc/html/_sources/appdev/refs/api/krb5_string_to_cksumtype.txt new file mode 100644 index 000000000000..8ad07f795d83 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_string_to_cksumtype.txt @@ -0,0 +1,45 @@ +krb5_string_to_cksumtype - Convert a string to a checksum type. +================================================================= + +.. + +.. c:function:: krb5_error_code krb5_string_to_cksumtype(char * string, krb5_cksumtype * cksumtypep) + +.. + + +:param: + + **[in]** **string** - String to be converted + + **[out]** **cksumtypep** - Checksum type to be filled in + + +.. + + +:retval: + - 0 Success; otherwise - EINVAL + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_string_to_deltat.txt b/doc/html/_sources/appdev/refs/api/krb5_string_to_deltat.txt new file mode 100644 index 000000000000..0f1b9584bfef --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_string_to_deltat.txt @@ -0,0 +1,45 @@ +krb5_string_to_deltat - Convert a string to a delta time value. +================================================================= + +.. + +.. c:function:: krb5_error_code krb5_string_to_deltat(char * string, krb5_deltat * deltatp) + +.. + + +:param: + + **[in]** **string** - String to be converted + + **[out]** **deltatp** - Delta time to be filled in + + +.. + + +:retval: + - 0 Success; otherwise - KRB5_DELTAT_BADFORMAT + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_string_to_enctype.txt b/doc/html/_sources/appdev/refs/api/krb5_string_to_enctype.txt new file mode 100644 index 000000000000..173251f6d98f --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_string_to_enctype.txt @@ -0,0 +1,45 @@ +krb5_string_to_enctype - Convert a string to an encryption type. +================================================================== + +.. + +.. c:function:: krb5_error_code krb5_string_to_enctype(char * string, krb5_enctype * enctypep) + +.. + + +:param: + + **[in]** **string** - String to convert to an encryption type + + **[out]** **enctypep** - Encryption type + + +.. + + +:retval: + - 0 Success; otherwise - EINVAL + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_string_to_key.txt b/doc/html/_sources/appdev/refs/api/krb5_string_to_key.txt new file mode 100644 index 000000000000..3f44b9d5ab28 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_string_to_key.txt @@ -0,0 +1,50 @@ +krb5_string_to_key +================== + +.. + +.. c:function:: krb5_error_code krb5_string_to_key(krb5_context context, const krb5_encrypt_block * eblock, krb5_keyblock * keyblock, const krb5_data * data, const krb5_data * salt) + +.. + + +:param: + + **context** + + **eblock** + + **keyblock** + + **data** + + **salt** + + +.. + + + +.. + + +DEPRECATED See krb5_c_string_to_key() + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_string_to_salttype.txt b/doc/html/_sources/appdev/refs/api/krb5_string_to_salttype.txt new file mode 100644 index 000000000000..36978f4b1bdc --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_string_to_salttype.txt @@ -0,0 +1,45 @@ +krb5_string_to_salttype - Convert a string to a salt type. +============================================================ + +.. + +.. c:function:: krb5_error_code krb5_string_to_salttype(char * string, krb5_int32 * salttypep) + +.. + + +:param: + + **[in]** **string** - String to convert to an encryption type + + **[out]** **salttypep** - Salt type to be filled in + + +.. + + +:retval: + - 0 Success; otherwise - EINVAL + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_string_to_timestamp.txt b/doc/html/_sources/appdev/refs/api/krb5_string_to_timestamp.txt new file mode 100644 index 000000000000..11b6d1e976a9 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_string_to_timestamp.txt @@ -0,0 +1,45 @@ +krb5_string_to_timestamp - Convert a string to a timestamp. +============================================================= + +.. + +.. c:function:: krb5_error_code krb5_string_to_timestamp(char * string, krb5_timestamp * timestampp) + +.. + + +:param: + + **[in]** **string** - String to be converted + + **[out]** **timestampp** - Pointer to timestamp + + +.. + + +:retval: + - 0 Success; otherwise - EINVAL + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_timeofday.txt b/doc/html/_sources/appdev/refs/api/krb5_timeofday.txt new file mode 100644 index 000000000000..0c38a97fe7fe --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_timeofday.txt @@ -0,0 +1,52 @@ +krb5_timeofday - Retrieve the current time with context specific time offset adjustment. +========================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_timeofday(krb5_context context, register krb5_timestamp * timeret) + +.. + + +:param: + + **[in]** **context** - Library context + + **[out]** **timeret** - Timestamp to fill in + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +This function retrieves the system time of day with the context specific time offset adjustment. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_timestamp_to_sfstring.txt b/doc/html/_sources/appdev/refs/api/krb5_timestamp_to_sfstring.txt new file mode 100644 index 000000000000..3750c45d010a --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_timestamp_to_sfstring.txt @@ -0,0 +1,53 @@ +krb5_timestamp_to_sfstring - Convert a timestamp to a string, with optional output padding. +============================================================================================= + +.. + +.. c:function:: krb5_error_code krb5_timestamp_to_sfstring(krb5_timestamp timestamp, char * buffer, size_t buflen, char * pad) + +.. + + +:param: + + **[in]** **timestamp** - Timestamp to convert + + **[out]** **buffer** - Buffer to hold the converted timestamp + + **[in]** **buflen** - Length of buffer + + **[in]** **pad** - Optional value to pad *buffer* if converted timestamp does not fill it + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +If *pad* is not NULL, *buffer* is padded out to *buflen* - 1 characters with the value of * *pad* . + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_timestamp_to_string.txt b/doc/html/_sources/appdev/refs/api/krb5_timestamp_to_string.txt new file mode 100644 index 000000000000..1c4c71eb2e1e --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_timestamp_to_string.txt @@ -0,0 +1,51 @@ +krb5_timestamp_to_string - Convert a timestamp to a string. +============================================================= + +.. + +.. c:function:: krb5_error_code krb5_timestamp_to_string(krb5_timestamp timestamp, char * buffer, size_t buflen) + +.. + + +:param: + + **[in]** **timestamp** - Timestamp to convert + + **[out]** **buffer** - Buffer to hold converted timestamp + + **[in]** **buflen** - Storage available in *buffer* + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +The string is returned in the locale's appropriate date and time representation. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_free.txt b/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_free.txt new file mode 100644 index 000000000000..623ed5be390b --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_free.txt @@ -0,0 +1,46 @@ +krb5_tkt_creds_free - Free a TGS request context. +=================================================== + +.. + +.. c:function:: void krb5_tkt_creds_free(krb5_context context, krb5_tkt_creds_context ctx) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **ctx** - TGS request context + + +.. + + + +.. + + + + + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.9 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_get.txt b/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_get.txt new file mode 100644 index 000000000000..4ff37fd13217 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_get.txt @@ -0,0 +1,53 @@ +krb5_tkt_creds_get - Synchronously obtain credentials using a TGS request context. +==================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_tkt_creds_get(krb5_context context, krb5_tkt_creds_context ctx) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **ctx** - TGS request context + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function synchronously obtains credentials using a context created by :c:func:`krb5_tkt_creds_init()` . On successful return, the credentials can be retrieved with :c:func:`krb5_tkt_creds_get_creds()` . + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.9 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_get_creds.txt b/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_get_creds.txt new file mode 100644 index 000000000000..1f402aee8b9e --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_get_creds.txt @@ -0,0 +1,55 @@ +krb5_tkt_creds_get_creds - Retrieve acquired credentials from a TGS request context. +====================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_tkt_creds_get_creds(krb5_context context, krb5_tkt_creds_context ctx, krb5_creds * creds) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **ctx** - TGS request context + + **[out]** **creds** - Acquired credentials + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function copies the acquired initial credentials from *ctx* into *creds* , after the successful completion of :c:func:`krb5_tkt_creds_get()` or :c:func:`krb5_tkt_creds_step()` . Use :c:func:`krb5_free_cred_contents()` to free *creds* when it is no longer needed. + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.9 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_get_times.txt b/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_get_times.txt new file mode 100644 index 000000000000..09701f05717b --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_get_times.txt @@ -0,0 +1,55 @@ +krb5_tkt_creds_get_times - Retrieve ticket times from a TGS request context. +============================================================================== + +.. + +.. c:function:: krb5_error_code krb5_tkt_creds_get_times(krb5_context context, krb5_tkt_creds_context ctx, krb5_ticket_times * times) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **ctx** - TGS request context + + **[out]** **times** - Ticket times for acquired credentials + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +The TGS request context must have completed obtaining credentials via either :c:func:`krb5_tkt_creds_get()` or :c:func:`krb5_tkt_creds_step()` . + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.9 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_init.txt b/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_init.txt new file mode 100644 index 000000000000..e61ee90f8af5 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_init.txt @@ -0,0 +1,67 @@ +krb5_tkt_creds_init - Create a context to get credentials from a KDC's Ticket Granting Service. +================================================================================================= + +.. + +.. c:function:: krb5_error_code krb5_tkt_creds_init(krb5_context context, krb5_ccache ccache, krb5_creds * creds, krb5_flags options, krb5_tkt_creds_context * ctx) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **ccache** - Credential cache handle + + **[in]** **creds** - Input credentials + + **[in]** **options** - :data:`KRB5_GC` options for this request. + + **[out]** **ctx** - New TGS request context + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function prepares to obtain credentials matching *creds* , either by retrieving them from *ccache* or by making requests to ticket-granting services beginning with a ticket-granting ticket for the client principal's realm. + + + +The resulting TGS acquisition context can be used asynchronously with :c:func:`krb5_tkt_creds_step()` or synchronously with :c:func:`krb5_tkt_creds_get()` . See also :c:func:`krb5_get_credentials()` for synchronous use. + + + +Use :c:func:`krb5_tkt_creds_free()` to free *ctx* when it is no longer needed. + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.9 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_step.txt b/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_step.txt new file mode 100644 index 000000000000..6cab1642b01e --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_step.txt @@ -0,0 +1,69 @@ +krb5_tkt_creds_step - Get the next KDC request in a TGS exchange. +=================================================================== + +.. + +.. c:function:: krb5_error_code krb5_tkt_creds_step(krb5_context context, krb5_tkt_creds_context ctx, krb5_data * in, krb5_data * out, krb5_data * realm, unsigned int * flags) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **ctx** - TGS request context + + **[in]** **in** - KDC response (empty on the first call) + + **[out]** **out** - Next KDC request + + **[out]** **realm** - Realm for next KDC request + + **[out]** **flags** - Output flags + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function constructs the next KDC request for a TGS exchange, allowing the caller to control the transport of KDC requests and replies. On the first call, *in* should be set to an empty buffer; on subsequent calls, it should be set to the KDC's reply to the previous request. + + + +If more requests are needed, *flags* will be set to :data:`KRB5_TKT_CREDS_STEP_FLAG_CONTINUE` and the next request will be placed in *out* . If no more requests are needed, *flags* will not contain :data:`KRB5_TKT_CREDS_STEP_FLAG_CONTINUE` and *out* will be empty. + + + +If this function returns **KRB5KRB_ERR_RESPONSE_TOO_BIG** , the caller should transmit the next request using TCP rather than UDP. If this function returns any other error, the TGS exchange has failed. + + + + + + + + + + +.. + + + + +.. note:: + + New in 1.9 + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_unparse_name.txt b/doc/html/_sources/appdev/refs/api/krb5_unparse_name.txt new file mode 100644 index 000000000000..11a434ad8f63 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_unparse_name.txt @@ -0,0 +1,58 @@ +krb5_unparse_name - Convert a krb5_principal structure to a string representation. +==================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_unparse_name(krb5_context context, krb5_const_principal principal, register char ** name) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **principal** - Principal + + **[out]** **name** - String representation of principal name + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +The resulting string representation uses the format and quoting conventions described for :c:func:`krb5_parse_name()` . + + + +Use :c:func:`krb5_free_unparsed_name()` to free *name* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_unparse_name_ext.txt b/doc/html/_sources/appdev/refs/api/krb5_unparse_name_ext.txt new file mode 100644 index 000000000000..61b13e1b88bd --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_unparse_name_ext.txt @@ -0,0 +1,60 @@ +krb5_unparse_name_ext - Convert krb5_principal structure to string and length. +================================================================================ + +.. + +.. c:function:: krb5_error_code krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, char ** name, unsigned int * size) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **principal** - Principal + + **[inout]** **name** - String representation of principal name + + **[inout]** **size** - Size of unparsed name + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes. On failure name is set to NULL + +.. + + + + + + + +This function is similar to :c:func:`krb5_unparse_name()` , but allows the use of an existing buffer for the result. If size is not NULL, then *name* must point to either NULL or an existing buffer of at least the size pointed to by *size* . The buffer will be allocated or resized if necessary, with the new pointer stored into *name* . Whether or not the buffer is resized, the necessary space for the result, including null terminator, will be stored into *size* . + + + +If size is NULL, this function behaves exactly as :c:func:`krb5_unparse_name()` . + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_unparse_name_flags.txt b/doc/html/_sources/appdev/refs/api/krb5_unparse_name_flags.txt new file mode 100644 index 000000000000..0cf41cf4ae87 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_unparse_name_flags.txt @@ -0,0 +1,70 @@ +krb5_unparse_name_flags - Convert krb5_principal structure to a string with flags. +==================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_unparse_name_flags(krb5_context context, krb5_const_principal principal, int flags, char ** name) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **principal** - Principal + + **[in]** **flags** - Flags + + **[out]** **name** - String representation of principal name + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes. On failure name is set to NULL + +.. + + + + + + + +Similar to :c:func:`krb5_unparse_name()` , this function converts a krb5_principal structure to a string representation. + + + +The following flags are valid: + + - :data:`KRB5_PRINCIPAL_UNPARSE_SHORT` - omit realm if it is the local realm + + + - :data:`KRB5_PRINCIPAL_UNPARSE_NO_REALM` - omit realm + + + - :data:`KRB5_PRINCIPAL_UNPARSE_DISPLAY` - do not quote special characters + + Use :c:func:`krb5_free_unparsed_name()` to free *name* when it is no longer needed. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_unparse_name_flags_ext.txt b/doc/html/_sources/appdev/refs/api/krb5_unparse_name_flags_ext.txt new file mode 100644 index 000000000000..aa713bda494f --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_unparse_name_flags_ext.txt @@ -0,0 +1,54 @@ +krb5_unparse_name_flags_ext - Convert krb5_principal structure to string format with flags. +============================================================================================= + +.. + +.. c:function:: krb5_error_code krb5_unparse_name_flags_ext(krb5_context context, krb5_const_principal principal, int flags, char ** name, unsigned int * size) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **principal** - Principal + + **[in]** **flags** - Flags + + **[out]** **name** - Single string format of principal name + + **[out]** **size** - Size of unparsed name buffer + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes. On failure name is set to NULL + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_us_timeofday.txt b/doc/html/_sources/appdev/refs/api/krb5_us_timeofday.txt new file mode 100644 index 000000000000..ba4ef8084f2c --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_us_timeofday.txt @@ -0,0 +1,54 @@ +krb5_us_timeofday - Retrieve the system time of day, in sec and ms, since the epoch. +====================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_us_timeofday(krb5_context context, krb5_timestamp * seconds, krb5_int32 * microseconds) + +.. + + +:param: + + **[in]** **context** - Library context + + **[out]** **seconds** - System timeofday, seconds portion + + **[out]** **microseconds** - System timeofday, microseconds portion + + +.. + + +:retval: + - 0 Success + + +:return: + - Kerberos error codes + +.. + + + + + + + +This function retrieves the system time of day with the context specific time offset adjustment. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_use_enctype.txt b/doc/html/_sources/appdev/refs/api/krb5_use_enctype.txt new file mode 100644 index 000000000000..10b3fa712482 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_use_enctype.txt @@ -0,0 +1,46 @@ +krb5_use_enctype +================ + +.. + +.. c:function:: krb5_error_code krb5_use_enctype(krb5_context context, krb5_encrypt_block * eblock, krb5_enctype enctype) + +.. + + +:param: + + **context** + + **eblock** + + **enctype** + + +.. + + + +.. + + +DEPRECATED Replaced by krb5_c_* API family. + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_verify_authdata_kdc_issued.txt b/doc/html/_sources/appdev/refs/api/krb5_verify_authdata_kdc_issued.txt new file mode 100644 index 000000000000..30971392e3ec --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_verify_authdata_kdc_issued.txt @@ -0,0 +1,48 @@ +krb5_verify_authdata_kdc_issued - Unwrap and verify AD-KDCIssued authorization data. +====================================================================================== + +.. + +.. c:function:: krb5_error_code krb5_verify_authdata_kdc_issued(krb5_context context, const krb5_keyblock * key, const krb5_authdata * ad_kdcissued, krb5_principal * issuer, krb5_authdata *** authdata) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **key** - Session key + + **[in]** **ad_kdcissued** - AD-KDCIssued authorization data to be unwrapped + + **[out]** **issuer** - Name of issuing principal (or NULL) + + **[out]** **authdata** - Unwrapped list of authorization data + + +.. + + + +.. + + + + + + + +This function unwraps an AD-KDCIssued authdatum (see RFC 4120 section 5.2.6.2) and verifies its signature against *key* . The issuer field of the authdatum element is returned in *issuer* , and the unwrapped list of authdata is returned in *authdata* . + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_verify_checksum.txt b/doc/html/_sources/appdev/refs/api/krb5_verify_checksum.txt new file mode 100644 index 000000000000..0ddf63185d72 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_verify_checksum.txt @@ -0,0 +1,54 @@ +krb5_verify_checksum +==================== + +.. + +.. c:function:: krb5_error_code krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype, const krb5_checksum * cksum, krb5_const_pointer in, size_t in_length, krb5_const_pointer seed, size_t seed_length) + +.. + + +:param: + + **context** + + **ctype** + + **cksum** + + **in** + + **in_length** + + **seed** + + **seed_length** + + +.. + + + +.. + + +DEPRECATED See krb5_c_verify_checksum() + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_verify_init_creds.txt b/doc/html/_sources/appdev/refs/api/krb5_verify_init_creds.txt new file mode 100644 index 000000000000..04185f342d69 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_verify_init_creds.txt @@ -0,0 +1,65 @@ +krb5_verify_init_creds - Verify initial credentials against a keytab. +======================================================================= + +.. + +.. c:function:: krb5_error_code krb5_verify_init_creds(krb5_context context, krb5_creds * creds, krb5_principal server, krb5_keytab keytab, krb5_ccache * ccache, krb5_verify_init_creds_opt * options) + +.. + + +:param: + + **[in]** **context** - Library context + + **[in]** **creds** - Initial credentials to be verified + + **[in]** **server** - Server principal (or NULL) + + **[in]** **keytab** - Key table (NULL to use default keytab) + + **[in]** **ccache** - Credential cache for fetched creds (or NULL) + + **[in]** **options** - Verification options (NULL for default options) + + +.. + + +:retval: + - 0 Success; otherwise - Kerberos error codes + + +.. + + + + + + + +This function attempts to verify that *creds* were obtained from a KDC with knowledge of a key in *keytab* , or the default keytab if *keytab* is NULL. If *server* is provided, the highest-kvno key entry for that principal name is used to verify the credentials; otherwise, all unique"host"service principals in the keytab are tried. + + + +If the specified keytab does not exist, or is empty, or cannot be read, or does not contain an entry for *server* , then credential verification may be skipped unless configuration demands that it succeed. The caller can control this behavior by providing a verification options structure; see :c:func:`krb5_verify_init_creds_opt_init()` and :c:func:`krb5_verify_init_creds_opt_set_ap_req_nofail()` . + + + +If *ccache* is NULL, any additional credentials fetched during the verification process will be destroyed. If *ccache* points to NULL, a memory ccache will be created for the additional credentials and returned in *ccache* . If *ccache* points to a valid credential cache handle, the additional credentials will be stored in that cache. + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_verify_init_creds_opt_init.txt b/doc/html/_sources/appdev/refs/api/krb5_verify_init_creds_opt_init.txt new file mode 100644 index 000000000000..a55fd3aa5094 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_verify_init_creds_opt_init.txt @@ -0,0 +1,40 @@ +krb5_verify_init_creds_opt_init - Initialize a credential verification options structure. +=========================================================================================== + +.. + +.. c:function:: void krb5_verify_init_creds_opt_init(krb5_verify_init_creds_opt * k5_vic_options) + +.. + + +:param: + + **[in]** **k5_vic_options** - Verification options structure + + +.. + + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_verify_init_creds_opt_set_ap_req_nofail.txt b/doc/html/_sources/appdev/refs/api/krb5_verify_init_creds_opt_set_ap_req_nofail.txt new file mode 100644 index 000000000000..fc6ac022cbad --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_verify_init_creds_opt_set_ap_req_nofail.txt @@ -0,0 +1,46 @@ +krb5_verify_init_creds_opt_set_ap_req_nofail - Set whether credential verification is required. +================================================================================================= + +.. + +.. c:function:: void krb5_verify_init_creds_opt_set_ap_req_nofail(krb5_verify_init_creds_opt * k5_vic_options, int ap_req_nofail) + +.. + + +:param: + + **[in]** **k5_vic_options** - Verification options structure + + **[in]** **ap_req_nofail** - Whether to require successful verification + + +.. + + + +.. + + + + + + + +This function determines how :c:func:`krb5_verify_init_creds()` behaves if no keytab information is available. If *ap_req_nofail* is **FALSE** , verification will be skipped in this case and :c:func:`krb5_verify_init_creds()` will return successfully. If *ap_req_nofail* is **TRUE** , :c:func:`krb5_verify_init_creds()` will not return successfully unless verification can be performed. + + + +If this function is not used, the behavior of :c:func:`krb5_verify_init_creds()` is determined through configuration. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_vprepend_error_message.txt b/doc/html/_sources/appdev/refs/api/krb5_vprepend_error_message.txt new file mode 100644 index 000000000000..7c493596028a --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_vprepend_error_message.txt @@ -0,0 +1,46 @@ +krb5_vprepend_error_message - Add a prefix to the message for an error code using a va_list. +============================================================================================== + +.. + +.. c:function:: void krb5_vprepend_error_message(krb5_context ctx, krb5_error_code code, const char * fmt, va_list args) + +.. + + +:param: + + **[in]** **ctx** - Library context + + **[in]** **code** - Error code + + **[in]** **fmt** - Format string for error message prefix + + **[in]** **args** - List of vprintf(3) style arguments + + +.. + + + +.. + + + + + + + +This function is similar to :c:func:`krb5_prepend_error_message()` , but uses a va_list instead of variadic arguments. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_vset_error_message.txt b/doc/html/_sources/appdev/refs/api/krb5_vset_error_message.txt new file mode 100644 index 000000000000..fcb4b6996f62 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_vset_error_message.txt @@ -0,0 +1,46 @@ +krb5_vset_error_message - Set an extended error message for an error code using a va_list. +============================================================================================ + +.. + +.. c:function:: void krb5_vset_error_message(krb5_context ctx, krb5_error_code code, const char * fmt, va_list args) + +.. + + +:param: + + **[in]** **ctx** - Library context + + **[in]** **code** - Error code + + **[in]** **fmt** - Error string for the error code + + **[in]** **args** - List of vprintf(3) style arguments + + +.. + + + +.. + + + + + + + + + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_vwrap_error_message.txt b/doc/html/_sources/appdev/refs/api/krb5_vwrap_error_message.txt new file mode 100644 index 000000000000..1e2a27e7eee5 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_vwrap_error_message.txt @@ -0,0 +1,48 @@ +krb5_vwrap_error_message - Add a prefix to a different error code's message using a va_list. +============================================================================================== + +.. + +.. c:function:: void krb5_vwrap_error_message(krb5_context ctx, krb5_error_code old_code, krb5_error_code code, const char * fmt, va_list args) + +.. + + +:param: + + **[in]** **ctx** - Library context + + **[in]** **old_code** - Previous error code + + **[in]** **code** - Error code + + **[in]** **fmt** - Format string for error message prefix + + **[in]** **args** - List of vprintf(3) style arguments + + +.. + + + +.. + + + + + + + +This function is similar to :c:func:`krb5_wrap_error_message()` , but uses a va_list instead of variadic arguments. + + + + + + +.. + + + + + diff --git a/doc/html/_sources/appdev/refs/api/krb5_wrap_error_message.txt b/doc/html/_sources/appdev/refs/api/krb5_wrap_error_message.txt new file mode 100644 index 000000000000..b599ae78ff71 --- /dev/null +++ b/doc/html/_sources/appdev/refs/api/krb5_wrap_error_message.txt @@ -0,0 +1,46 @@ +krb5_wrap_error_message - Add a prefix to a different error code's message. +============================================================================= + +.. + +.. c:function:: void krb5_wrap_error_message(krb5_context ctx, krb5_error_code old_code, krb5_error_code code, const char * fmt, ... ) + +.. + + +:param: + + **[in]** **ctx** - Library context + + **[in]** **old_code** - Previous error code + + **[in]** **code** - Error code + + **[in]** **fmt** - Format string for error message prefix + + +.. + + + +.. + + + + + + + +Format a message and prepend it to the message for *old_code* . The prefix will be separated from the old message with a colon and space. Set the resulting message as the extended error message for *code* . + + + + + + +.. + + + + + |