krb5: Import MIT 1.21.3
This commit is contained in:
@@ -1,4 +1,4 @@
|
|||||||
Copyright (C) 1985-2023 by the Massachusetts Institute of Technology.
|
Copyright (C) 1985-2024 by the Massachusetts Institute of Technology.
|
||||||
|
|
||||||
All rights reserved.
|
All rights reserved.
|
||||||
|
|
||||||
|
|||||||
@@ -6,7 +6,7 @@
|
|||||||
Copyright and Other Notices
|
Copyright and Other Notices
|
||||||
---------------------------
|
---------------------------
|
||||||
|
|
||||||
Copyright (C) 1985-2023 by the Massachusetts Institute of Technology
|
Copyright (C) 1985-2024 by the Massachusetts Institute of Technology
|
||||||
and its contributors. All rights reserved.
|
and its contributors. All rights reserved.
|
||||||
|
|
||||||
Please see the file named NOTICE for additional notices.
|
Please see the file named NOTICE for additional notices.
|
||||||
@@ -97,6 +97,30 @@ removed.
|
|||||||
Beginning with the krb5-1.18 release, all support for single-DES
|
Beginning with the krb5-1.18 release, all support for single-DES
|
||||||
encryption types has been removed.
|
encryption types has been removed.
|
||||||
|
|
||||||
|
Major changes in 1.21.3 (2024-06-26)
|
||||||
|
------------------------------------
|
||||||
|
|
||||||
|
This is a bug fix release.
|
||||||
|
|
||||||
|
* Fix vulnerabilities in GSS message token handling [CVE-2024-37370,
|
||||||
|
CVE-2024-37371].
|
||||||
|
|
||||||
|
* Fix a potential bad pointer free in krb5_cccol_have_contents().
|
||||||
|
|
||||||
|
* Fix a memory leak in the macOS ccache type.
|
||||||
|
|
||||||
|
krb5-1.21.2 changes by ticket ID
|
||||||
|
--------------------------------
|
||||||
|
|
||||||
|
9102 Eliminate sim_client include of getopt.h
|
||||||
|
9103 segfault trying to free a garbage pointer
|
||||||
|
9104 Work around Doxygen 1.9.7 change
|
||||||
|
9107 In PKINIT, check for null PKCS7 enveloped fields
|
||||||
|
9109 memory leak on macos
|
||||||
|
9115 Fix leak in KDC NDR encoding
|
||||||
|
9125 Formatting error in realm_config.rst
|
||||||
|
9128 Fix vulnerabilities in GSS message token handling
|
||||||
|
|
||||||
Major changes in 1.21.2 (2023-08-14)
|
Major changes in 1.21.2 (2023-08-14)
|
||||||
------------------------------------
|
------------------------------------
|
||||||
|
|
||||||
@@ -324,6 +348,7 @@ reports, suggestions, and valuable resources:
|
|||||||
Michael Calmer
|
Michael Calmer
|
||||||
Andrea Campi
|
Andrea Campi
|
||||||
Julien Chaffraix
|
Julien Chaffraix
|
||||||
|
Jacob Champion
|
||||||
Puran Chand
|
Puran Chand
|
||||||
Ravi Channavajhala
|
Ravi Channavajhala
|
||||||
Srinivas Cheruku
|
Srinivas Cheruku
|
||||||
@@ -454,6 +479,7 @@ reports, suggestions, and valuable resources:
|
|||||||
Mantas Mikulėnas
|
Mantas Mikulėnas
|
||||||
Markus Moeller
|
Markus Moeller
|
||||||
Kyle Moffett
|
Kyle Moffett
|
||||||
|
Jon Moore
|
||||||
Paul Moore
|
Paul Moore
|
||||||
Keiichi Mori
|
Keiichi Mori
|
||||||
Michael Morony
|
Michael Morony
|
||||||
@@ -506,6 +532,7 @@ reports, suggestions, and valuable resources:
|
|||||||
Richard Silverman
|
Richard Silverman
|
||||||
Cel Skeggs
|
Cel Skeggs
|
||||||
Simo Sorce
|
Simo Sorce
|
||||||
|
Anthony Sottile
|
||||||
Michael Spang
|
Michael Spang
|
||||||
Michael Ströder
|
Michael Ströder
|
||||||
Bjørn Tore Sund
|
Bjørn Tore Sund
|
||||||
|
|||||||
@@ -156,7 +156,8 @@ _kerberos-master._udp
|
|||||||
|
|
||||||
If you have only one KDC, or for whatever reason there is no
|
If you have only one KDC, or for whatever reason there is no
|
||||||
accessible KDC that would get database changes faster than the
|
accessible KDC that would get database changes faster than the
|
||||||
others, you do not need to define this entry. _kerberos-adm._tcp
|
others, you do not need to define this entry.
|
||||||
|
_kerberos-adm._tcp
|
||||||
This should list port 749 on your primary KDC. Support for it is
|
This should list port 749 on your primary KDC. Support for it is
|
||||||
not complete at this time, but it will eventually be used by the
|
not complete at this time, but it will eventually be used by the
|
||||||
:ref:`kadmin(1)` program and related utilities. For now, you will
|
:ref:`kadmin(1)` program and related utilities. For now, you will
|
||||||
|
|||||||
+1
-1
@@ -45,7 +45,7 @@
|
|||||||
|
|
||||||
# General information about the project.
|
# General information about the project.
|
||||||
project = u'MIT Kerberos'
|
project = u'MIT Kerberos'
|
||||||
copyright = u'1985-2023, MIT'
|
copyright = u'1985-2024, MIT'
|
||||||
|
|
||||||
# The version info for the project you're documenting, acts as replacement for
|
# The version info for the project you're documenting, acts as replacement for
|
||||||
# |version| and |release|, also used in various other places throughout the
|
# |version| and |release|, also used in various other places throughout the
|
||||||
|
|||||||
+1
-1
@@ -1,7 +1,7 @@
|
|||||||
Copyright
|
Copyright
|
||||||
=========
|
=========
|
||||||
|
|
||||||
Copyright |copy| 1985-2023 by the Massachusetts Institute of
|
Copyright |copy| 1985-2024 by the Massachusetts Institute of
|
||||||
Technology and its contributors. All rights reserved.
|
Technology and its contributors. All rights reserved.
|
||||||
|
|
||||||
See :ref:`mitK5license` for additional copyright and license
|
See :ref:`mitK5license` for additional copyright and license
|
||||||
|
|||||||
+1
-1
@@ -1,4 +1,4 @@
|
|||||||
# Sphinx build info version 1
|
# Sphinx build info version 1
|
||||||
# This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done.
|
# This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done.
|
||||||
config: 843ce36390960f2757117b09c16a0df0
|
config: 9ca503a4e24138fa47d4451ee9426bb5
|
||||||
tags: 645f666f9bcd5a90fca523b33c5a78b7
|
tags: 645f666f9bcd5a90fca523b33c5a78b7
|
||||||
|
|||||||
@@ -156,7 +156,8 @@ _kerberos-master._udp
|
|||||||
|
|
||||||
If you have only one KDC, or for whatever reason there is no
|
If you have only one KDC, or for whatever reason there is no
|
||||||
accessible KDC that would get database changes faster than the
|
accessible KDC that would get database changes faster than the
|
||||||
others, you do not need to define this entry. _kerberos-adm._tcp
|
others, you do not need to define this entry.
|
||||||
|
_kerberos-adm._tcp
|
||||||
This should list port 749 on your primary KDC. Support for it is
|
This should list port 749 on your primary KDC. Support for it is
|
||||||
not complete at this time, but it will eventually be used by the
|
not complete at this time, but it will eventually be used by the
|
||||||
:ref:`kadmin(1)` program and related utilities. For now, you will
|
:ref:`kadmin(1)` program and related utilities. For now, you will
|
||||||
|
|||||||
@@ -40,7 +40,7 @@ This function builds a *princ* from V4 specification based on given input *name.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Use :c:func:`krb5_free_principal()` to free *princ* when it is no longer needed.
|
Use krb5_free_principal() to free *princ* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -39,7 +39,7 @@ This function returns constant storage that must not be freed.
|
|||||||
..
|
..
|
||||||
|
|
||||||
.. seealso::
|
.. seealso::
|
||||||
:data:`KRB5_ANONYMOUS_PRINCSTR`
|
#KRB5_ANONYMOUS_PRINCSTR
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -39,7 +39,7 @@ This function returns constant storage that must not be freed.
|
|||||||
..
|
..
|
||||||
|
|
||||||
.. seealso::
|
.. seealso::
|
||||||
:data:`KRB5_ANONYMOUS_REALMSTR`
|
#KRB5_ANONYMOUS_REALMSTR
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -49,7 +49,7 @@ This function gets the application defaults for *option* based on the given *app
|
|||||||
..
|
..
|
||||||
|
|
||||||
.. seealso::
|
.. seealso::
|
||||||
:c:func:`krb5_appdefault_string()`
|
krb5_appdefault_string()
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -49,7 +49,7 @@ This function gets the application defaults for *option* based on the given *app
|
|||||||
..
|
..
|
||||||
|
|
||||||
.. seealso::
|
.. seealso::
|
||||||
:c:func:`krb5_appdefault_boolean()`
|
krb5_appdefault_boolean()
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -30,7 +30,7 @@ krb5_auth_con_free - Free a krb5_auth_context structure.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function frees an auth context allocated by :c:func:`krb5_auth_con_init()` .
|
This function frees an auth context allocated by krb5_auth_con_init().
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -40,16 +40,16 @@ This function sets the local and/or remote addresses in *auth_context* based on
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
- :data:`KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR` Generate local address.
|
- #KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR Generate local address.
|
||||||
|
|
||||||
|
|
||||||
- :data:`KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR` Generate remote address.
|
- #KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR Generate remote address.
|
||||||
|
|
||||||
|
|
||||||
- :data:`KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR` Generate local address and port.
|
- #KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR Generate local address and port.
|
||||||
|
|
||||||
|
|
||||||
- :data:`KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR` Generate remote address and port.
|
- #KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR Generate remote address and port.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ krb5_auth_con_getauthenticator - Retrieve the authenticator from an auth contex
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Use :c:func:`krb5_free_authenticator()` to free *authenticator* when it is no longer needed.
|
Use krb5_free_authenticator() to free *authenticator* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -34,16 +34,16 @@ krb5_auth_con_getflags - Retrieve flags from a krb5_auth_context structure.
|
|||||||
|
|
||||||
Valid values for *flags* are:
|
Valid values for *flags* are:
|
||||||
|
|
||||||
- :data:`KRB5_AUTH_CONTEXT_DO_TIME` Use timestamps
|
- #KRB5_AUTH_CONTEXT_DO_TIME Use timestamps
|
||||||
|
|
||||||
|
|
||||||
- :data:`KRB5_AUTH_CONTEXT_RET_TIME` Save timestamps
|
- #KRB5_AUTH_CONTEXT_RET_TIME Save timestamps
|
||||||
|
|
||||||
|
|
||||||
- :data:`KRB5_AUTH_CONTEXT_DO_SEQUENCE` Use sequence numbers
|
- #KRB5_AUTH_CONTEXT_DO_SEQUENCE Use sequence numbers
|
||||||
|
|
||||||
|
|
||||||
- :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` Save sequence numbers
|
- #KRB5_AUTH_CONTEXT_RET_SEQUENCE Save sequence numbers
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ krb5_auth_con_getkey - Retrieve the session key from an auth context as a keybl
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function creates a keyblock containing the session key from *auth_context* . Use :c:func:`krb5_free_keyblock()` to free *keyblock* when it is no longer needed
|
This function creates a keyblock containing the session key from *auth_context* . Use krb5_free_keyblock() to free *keyblock* when it is no longer needed
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ krb5_auth_con_getkey_k - Retrieve the session key from an auth context.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function sets *key* to the session key from *auth_context* . Use :c:func:`krb5_k_free_key()` to release *key* when it is no longer needed.
|
This function sets *key* to the session key from *auth_context* . Use krb5_k_free_key() to release *key* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ krb5_auth_con_getlocalseqnumber - Retrieve the local sequence number from an au
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Retrieve the local sequence number from *auth_context* and return it in *seqnumber* . The :data:`KRB5_AUTH_CONTEXT_DO_SEQUENCE` flag must be set in *auth_context* for this function to be useful.
|
Retrieve the local sequence number from *auth_context* and return it in *seqnumber* . The #KRB5_AUTH_CONTEXT_DO_SEQUENCE flag must be set in *auth_context* for this function to be useful.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -24,7 +24,7 @@ krb5_auth_con_getlocalsubkey
|
|||||||
..
|
..
|
||||||
|
|
||||||
|
|
||||||
DEPRECATED Replaced by krb5_auth_con_getsendsubkey() .
|
DEPRECATED Replaced by krb5_auth_con_getsendsubkey().
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ krb5_auth_con_getrecvsubkey - Retrieve the receiving subkey from an auth contex
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function creates a keyblock containing the receiving subkey from *auth_context* . Use :c:func:`krb5_free_keyblock()` to free *keyblock* when it is no longer needed.
|
This function creates a keyblock containing the receiving subkey from *auth_context* . Use krb5_free_keyblock() to free *keyblock* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ krb5_auth_con_getrecvsubkey_k - Retrieve the receiving subkey from an auth cont
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function sets *key* to the receiving subkey from *auth_context* . Use :c:func:`krb5_k_free_key()` to release *key* when it is no longer needed.
|
This function sets *key* to the receiving subkey from *auth_context* . Use krb5_k_free_key() to release *key* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ krb5_auth_con_getremoteseqnumber - Retrieve the remote sequence number from an
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Retrieve the remote sequence number from *auth_context* and return it in *seqnumber* . The :data:`KRB5_AUTH_CONTEXT_DO_SEQUENCE` flag must be set in *auth_context* for this function to be useful.
|
Retrieve the remote sequence number from *auth_context* and return it in *seqnumber* . The #KRB5_AUTH_CONTEXT_DO_SEQUENCE flag must be set in *auth_context* for this function to be useful.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -24,7 +24,7 @@ krb5_auth_con_getremotesubkey
|
|||||||
..
|
..
|
||||||
|
|
||||||
|
|
||||||
DEPRECATED Replaced by krb5_auth_con_getrecvsubkey() .
|
DEPRECATED Replaced by krb5_auth_con_getrecvsubkey().
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ krb5_auth_con_getsendsubkey - Retrieve the send subkey from an auth context as
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function creates a keyblock containing the send subkey from *auth_context* . Use :c:func:`krb5_free_keyblock()` to free *keyblock* when it is no longer needed.
|
This function creates a keyblock containing the send subkey from *auth_context* . Use krb5_free_keyblock() to free *keyblock* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ krb5_auth_con_getsendsubkey_k - Retrieve the send subkey from an auth context.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function sets *key* to the send subkey from *auth_context* . Use :c:func:`krb5_k_free_key()` to release *key* when it is no longer needed.
|
This function sets *key* to the send subkey from *auth_context* . Use krb5_k_free_key() to release *key* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -34,11 +34,11 @@ This function creates an authentication context to hold configuration and state
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
By default, flags for the context are set to enable the use of the replay cache ( :data:`KRB5_AUTH_CONTEXT_DO_TIME` ), but not sequence numbers. Use :c:func:`krb5_auth_con_setflags()` to change the flags.
|
By default, flags for the context are set to enable the use of the replay cache (#KRB5_AUTH_CONTEXT_DO_TIME), but not sequence numbers. Use krb5_auth_con_setflags() to change the flags.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
The allocated *auth_context* must be freed with :c:func:`krb5_auth_con_free()` when it is no longer needed.
|
The allocated *auth_context* must be freed with krb5_auth_con_free() when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -30,7 +30,7 @@ krb5_auth_con_initivector - Cause an auth context to use cipher state.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Prepare *auth_context* to use cipher state when :c:func:`krb5_mk_priv()` or :c:func:`krb5_rd_priv()` encrypt or decrypt data.
|
Prepare *auth_context* to use cipher state when krb5_mk_priv() or krb5_rd_priv() encrypt or decrypt data.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -34,7 +34,7 @@ krb5_auth_con_set_checksum_func - Set a checksum callback in an auth context.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Set a callback to obtain checksum data in :c:func:`krb5_mk_req()` . The callback will be invoked after the subkey and local sequence number are stored in *auth_context* .
|
Set a callback to obtain checksum data in krb5_mk_req(). The callback will be invoked after the subkey and local sequence number are stored in *auth_context* .
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ krb5_auth_con_set_req_cksumtype - Set checksum type in an an auth context.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function sets the checksum type in *auth_context* to be used by :c:func:`krb5_mk_req()` for the authenticator checksum.
|
This function sets the checksum type in *auth_context* to be used by krb5_mk_req() for the authenticator checksum.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -48,7 +48,7 @@ This function releases the storage assigned to the contents of the local and rem
|
|||||||
..
|
..
|
||||||
|
|
||||||
.. seealso::
|
.. seealso::
|
||||||
:c:func:`krb5_auth_con_genaddrs()`
|
krb5_auth_con_genaddrs()
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -34,16 +34,16 @@ krb5_auth_con_setflags - Set a flags field in a krb5_auth_context structure.
|
|||||||
|
|
||||||
Valid values for *flags* are:
|
Valid values for *flags* are:
|
||||||
|
|
||||||
- :data:`KRB5_AUTH_CONTEXT_DO_TIME` Use timestamps
|
- #KRB5_AUTH_CONTEXT_DO_TIME Use timestamps
|
||||||
|
|
||||||
|
|
||||||
- :data:`KRB5_AUTH_CONTEXT_RET_TIME` Save timestamps
|
- #KRB5_AUTH_CONTEXT_RET_TIME Save timestamps
|
||||||
|
|
||||||
|
|
||||||
- :data:`KRB5_AUTH_CONTEXT_DO_SEQUENCE` Use sequence numbers
|
- #KRB5_AUTH_CONTEXT_DO_SEQUENCE Use sequence numbers
|
||||||
|
|
||||||
|
|
||||||
- :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` Save sequence numbers
|
- #KRB5_AUTH_CONTEXT_RET_SEQUENCE Save sequence numbers
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -48,7 +48,7 @@ This function releases the storage assigned to the contents of the local and rem
|
|||||||
..
|
..
|
||||||
|
|
||||||
.. seealso::
|
.. seealso::
|
||||||
:c:func:`krb5_auth_con_genaddrs()`
|
krb5_auth_con_genaddrs()
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -37,7 +37,7 @@ krb5_build_principal - Build a principal name using null-terminated strings.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Call :c:func:`krb5_free_principal()` to free *princ* when it is no longer needed.
|
Call krb5_free_principal() to free *princ* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -65,7 +65,7 @@ Beginning with release 1.20, the name type of the principal will be inferred as
|
|||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
|
|
||||||
:c:func:`krb5_build_principal()` and :c:func:`krb5_build_principal_alloc_va()` perform the same task. :c:func:`krb5_build_principal()` takes variadic arguments. :c:func:`krb5_build_principal_alloc_va()` takes a pre-computed *varargs* pointer.
|
krb5_build_principal() and krb5_build_principal_alloc_va() perform the same task. krb5_build_principal() takes variadic arguments. krb5_build_principal_alloc_va() takes a pre-computed *varargs* pointer.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -39,11 +39,11 @@ krb5_build_principal_alloc_va - Build a principal name, using a precomputed var
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Similar to :c:func:`krb5_build_principal()` , this function builds a principal name, but its name components are specified as a va_list.
|
Similar to krb5_build_principal(), this function builds a principal name, but its name components are specified as a va_list.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Use :c:func:`krb5_free_principal()` to deallocate *princ* when it is no longer needed.
|
Use krb5_free_principal() to deallocate *princ* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -37,7 +37,7 @@ krb5_build_principal_ext - Build a principal name using length-counted strings.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function creates a principal from a length-counted string and a variable-length list of length-counted components. The list of components ends with the first 0 length argument (so it is not possible to specify an empty component with this function). Call :c:func:`krb5_free_principal()` to free allocated memory for principal when it is no longer needed.
|
This function creates a principal from a length-counted string and a variable-length list of length-counted components. The list of components ends with the first 0 length argument (so it is not possible to specify an empty component with this function). Call krb5_free_principal() to free allocated memory for principal when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -28,7 +28,7 @@ krb5_build_principal_va
|
|||||||
..
|
..
|
||||||
|
|
||||||
|
|
||||||
DEPRECATED Replaced by krb5_build_principal_alloc_va() .
|
DEPRECATED Replaced by krb5_build_principal_alloc_va().
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -14,7 +14,7 @@ krb5_c_crypto_length - Return a length of a message field specific to the encry
|
|||||||
|
|
||||||
**[in]** **enctype** - Encryption type
|
**[in]** **enctype** - Encryption type
|
||||||
|
|
||||||
**[in]** **type** - Type field (See :data:`KRB5_CRYPTO_TYPE` types)
|
**[in]** **type** - Type field (See KRB5_CRYPTO_TYPE macros)
|
||||||
|
|
||||||
**[out]** **size** - Length of the *type* specific to *enctype*
|
**[out]** **size** - Length of the *type* specific to *enctype*
|
||||||
|
|
||||||
|
|||||||
@@ -34,7 +34,7 @@ krb5_c_crypto_length_iov - Fill in lengths for header, trailer and padding in a
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Padding is set to the actual padding required based on the provided *data* buffers. Typically this API is used after setting up the data buffers and :data:`KRB5_CRYPTO_TYPE_SIGN_ONLY` buffers, but before actually allocating header, trailer and padding.
|
Padding is set to the actual padding required based on the provided *data* buffers. Typically this API is used after setting up the data buffers and #KRB5_CRYPTO_TYPE_SIGN_ONLY buffers, but before actually allocating header, trailer and padding.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -14,7 +14,7 @@ krb5_c_decrypt - Decrypt data using a key (operates on keyblock).
|
|||||||
|
|
||||||
**[in]** **key** - Encryption key
|
**[in]** **key** - Encryption key
|
||||||
|
|
||||||
**[in]** **usage** - Key usage (see :data:`KRB5_KEYUSAGE` types)
|
**[in]** **usage** - Key usage (see KRB5_KEYUSAGE macros)
|
||||||
|
|
||||||
**[inout]** **cipher_state** - Cipher state; specify NULL if not needed
|
**[inout]** **cipher_state** - Cipher state; specify NULL if not needed
|
||||||
|
|
||||||
@@ -58,7 +58,7 @@ This function decrypts the data block *input* and stores the output into *output
|
|||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
|
|
||||||
The caller must initialize *output* and allocate at least enough space for the result. The usual practice is to allocate an output buffer as long as the ciphertext, and let :c:func:`krb5_c_decrypt()` trim *output->length* . For some enctypes, the resulting *output->length* may include padding bytes.
|
The caller must initialize *output* and allocate at least enough space for the result. The usual practice is to allocate an output buffer as long as the ciphertext, and let krb5_c_decrypt() trim *output->length* . For some enctypes, the resulting *output->length* may include padding bytes.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -14,7 +14,7 @@ krb5_c_decrypt_iov - Decrypt data in place supporting AEAD (operates on keybloc
|
|||||||
|
|
||||||
**[in]** **keyblock** - Encryption key
|
**[in]** **keyblock** - Encryption key
|
||||||
|
|
||||||
**[in]** **usage** - Key usage (see :data:`KRB5_KEYUSAGE` types)
|
**[in]** **usage** - Key usage (see KRB5_KEYUSAGE macros)
|
||||||
|
|
||||||
**[in]** **cipher_state** - Cipher state; specify NULL if not needed
|
**[in]** **cipher_state** - Cipher state; specify NULL if not needed
|
||||||
|
|
||||||
@@ -52,7 +52,7 @@ This function decrypts the data block *data* and stores the output in-place. The
|
|||||||
..
|
..
|
||||||
|
|
||||||
.. seealso::
|
.. seealso::
|
||||||
:c:func:`krb5_c_decrypt_iov()`
|
krb5_c_decrypt_iov()
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -61,7 +61,7 @@ This function decrypts the data block *data* and stores the output in-place. The
|
|||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
|
|
||||||
On return from a :c:func:`krb5_c_decrypt_iov()` call, the *data->length* in the iov structure are adjusted to reflect actual lengths of the ciphertext used. For example, if the padding length is too large, the length will be reduced. Lengths are never increased.
|
On return from a krb5_c_decrypt_iov() call, the *data->length* in the iov structure are adjusted to reflect actual lengths of the ciphertext used. For example, if the padding length is too large, the length will be reduced. Lengths are never increased.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -14,7 +14,7 @@ krb5_c_encrypt - Encrypt data using a key (operates on keyblock).
|
|||||||
|
|
||||||
**[in]** **key** - Encryption key
|
**[in]** **key** - Encryption key
|
||||||
|
|
||||||
**[in]** **usage** - Key usage (see :data:`KRB5_KEYUSAGE` types)
|
**[in]** **usage** - Key usage (see KRB5_KEYUSAGE macros)
|
||||||
|
|
||||||
**[inout]** **cipher_state** - Cipher state; specify NULL if not needed
|
**[inout]** **cipher_state** - Cipher state; specify NULL if not needed
|
||||||
|
|
||||||
@@ -38,7 +38,7 @@ krb5_c_encrypt - Encrypt data using a key (operates on keyblock).
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function encrypts the data block *input* and stores the output into *output* . The actual encryption key will be derived from *key* and *usage* if key derivation is specified for the encryption type. If non-null, *cipher_state* specifies the beginning state for the encryption operation, and is updated with the state to be passed as input to the next operation.
|
This function encrypts the data block *input* and stores the outputinto *output* . The actual encryption key will be derived from *key* and *usage* if key derivation is specified for the encryption type. If non-null, *cipher_state* specifies the beginning state for the encryption operation, and is updated with the state to be passed as input to the next operation.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -58,7 +58,7 @@ This function encrypts the data block *input* and stores the output into *output
|
|||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
|
|
||||||
The caller must initialize *output* and allocate at least enough space for the result (using :c:func:`krb5_c_encrypt_length()` to determine the amount of space needed). *output->length* will be set to the actual length of the ciphertext.
|
The caller must initialize *output* and allocate at least enough space for the result (using krb5_c_encrypt_length() to determine the amount of space needed). *output->length* will be set to the actual length of the ciphertext.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -14,7 +14,7 @@ krb5_c_encrypt_iov - Encrypt data in place supporting AEAD (operates on keybloc
|
|||||||
|
|
||||||
**[in]** **keyblock** - Encryption key
|
**[in]** **keyblock** - Encryption key
|
||||||
|
|
||||||
**[in]** **usage** - Key usage (see :data:`KRB5_KEYUSAGE` types)
|
**[in]** **usage** - Key usage (see KRB5_KEYUSAGE macros)
|
||||||
|
|
||||||
**[in]** **cipher_state** - Cipher state; specify NULL if not needed
|
**[in]** **cipher_state** - Cipher state; specify NULL if not needed
|
||||||
|
|
||||||
@@ -52,7 +52,7 @@ This function encrypts the data block *data* and stores the output in-place. The
|
|||||||
..
|
..
|
||||||
|
|
||||||
.. seealso::
|
.. seealso::
|
||||||
:c:func:`krb5_c_decrypt_iov()`
|
krb5_c_decrypt_iov()
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -61,7 +61,7 @@ This function encrypts the data block *data* and stores the output in-place. The
|
|||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
|
|
||||||
On return from a :c:func:`krb5_c_encrypt_iov()` call, the *data->length* in the iov structure are adjusted to reflect actual lengths of the ciphertext used. For example, if the padding length is too large, the length will be reduced. Lengths are never increased.
|
On return from a krb5_c_encrypt_iov() call, the *data->length* in the iov structure are adjusted to reflect actual lengths of the ciphertext used. For example, if the padding length is too large, the length will be reduced. Lengths are never increased.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
krb5_c_free_state - Free a cipher state previously allocated by krb5_c_init_state() .
|
krb5_c_free_state - Free a cipher state previously allocated by krb5_c_init_state().
|
||||||
=======================================================================================
|
======================================================================================
|
||||||
|
|
||||||
..
|
..
|
||||||
|
|
||||||
|
|||||||
@@ -14,7 +14,7 @@ krb5_c_init_state - Initialize a new cipher state.
|
|||||||
|
|
||||||
**[in]** **key** - Key
|
**[in]** **key** - Key
|
||||||
|
|
||||||
**[in]** **usage** - Key usage (see :data:`KRB5_KEYUSAGE` types)
|
**[in]** **usage** - Key usage (see KRB5_KEYUSAGE macros)
|
||||||
|
|
||||||
**[out]** **new_state** - New cipher state
|
**[out]** **new_state** - New cipher state
|
||||||
|
|
||||||
|
|||||||
@@ -34,7 +34,7 @@ krb5_c_keyed_checksum_types - Return a list of keyed checksum types usable with
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Use :c:func:`krb5_free_cksumtypes()` to free *cksumtypes* when it is no longer needed.
|
Use krb5_free_cksumtypes() to free *cksumtypes* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ krb5_c_make_checksum - Compute a checksum (operates on keyblock).
|
|||||||
|
|
||||||
**[in]** **key** - Encryption key for a keyed checksum
|
**[in]** **key** - Encryption key for a keyed checksum
|
||||||
|
|
||||||
**[in]** **usage** - Key usage (see :data:`KRB5_KEYUSAGE` types)
|
**[in]** **usage** - Key usage (see KRB5_KEYUSAGE macros)
|
||||||
|
|
||||||
**[in]** **input** - Input data
|
**[in]** **input** - Input data
|
||||||
|
|
||||||
@@ -38,7 +38,7 @@ krb5_c_make_checksum - Compute a checksum (operates on keyblock).
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function computes a checksum of type *cksumtype* over *input* , using *key* if the checksum type is a keyed checksum. If *cksumtype* is 0 and *key* is non-null, the checksum type will be the mandatory-to-implement checksum type for the key's encryption type. The actual checksum key will be derived from *key* and *usage* if key derivation is specified for the checksum type. The newly created *cksum* must be released by calling :c:func:`krb5_free_checksum_contents()` when it is no longer needed.
|
This function computes a checksum of type *cksumtype* over *input* , using *key* if the checksum type is a keyed checksum. If *cksumtype* is 0 and *key* is non-null, the checksum type will be the mandatory-to-implement checksum type for the key's encryption type. The actual checksum key will be derived from *key* and *usage* if key derivation is specified for the checksum type. The newly created *cksum* must be released by calling krb5_free_checksum_contents() when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -52,7 +52,7 @@ This function computes a checksum of type *cksumtype* over *input* , using *key*
|
|||||||
..
|
..
|
||||||
|
|
||||||
.. seealso::
|
.. seealso::
|
||||||
:c:func:`krb5_c_verify_checksum()`
|
krb5_c_verify_checksum()
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -61,7 +61,7 @@ This function computes a checksum of type *cksumtype* over *input* , using *key*
|
|||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
|
|
||||||
This function is similar to :c:func:`krb5_k_make_checksum()` , but operates on keyblock *key* .
|
This function is similar to krb5_k_make_checksum(), but operates on keyblock *key* .
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ krb5_c_make_checksum_iov - Fill in a checksum element in IOV array (operates on
|
|||||||
|
|
||||||
**[in]** **key** - Encryption key for a keyed checksum
|
**[in]** **key** - Encryption key for a keyed checksum
|
||||||
|
|
||||||
**[in]** **usage** - Key usage (see :data:`KRB5_KEYUSAGE` types)
|
**[in]** **usage** - Key usage (see KRB5_KEYUSAGE macros)
|
||||||
|
|
||||||
**[inout]** **data** - IOV array
|
**[inout]** **data** - IOV array
|
||||||
|
|
||||||
@@ -38,7 +38,7 @@ krb5_c_make_checksum_iov - Fill in a checksum element in IOV array (operates on
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Create a checksum in the :data:`KRB5_CRYPTO_TYPE_CHECKSUM` element over :data:`KRB5_CRYPTO_TYPE_DATA` and :data:`KRB5_CRYPTO_TYPE_SIGN_ONLY` chunks in *data* . Only the :data:`KRB5_CRYPTO_TYPE_CHECKSUM` region is modified.
|
Create a checksum in the #KRB5_CRYPTO_TYPE_CHECKSUM element over #KRB5_CRYPTO_TYPE_DATA and #KRB5_CRYPTO_TYPE_SIGN_ONLY chunks in *data* . Only the #KRB5_CRYPTO_TYPE_CHECKSUM region is modified.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -52,7 +52,7 @@ Create a checksum in the :data:`KRB5_CRYPTO_TYPE_CHECKSUM` element over :data:`K
|
|||||||
..
|
..
|
||||||
|
|
||||||
.. seealso::
|
.. seealso::
|
||||||
:c:func:`krb5_c_verify_checksum_iov()`
|
krb5_c_verify_checksum_iov()
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -61,7 +61,7 @@ Create a checksum in the :data:`KRB5_CRYPTO_TYPE_CHECKSUM` element over :data:`K
|
|||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
|
|
||||||
This function is similar to :c:func:`krb5_k_make_checksum_iov()` , but operates on keyblock *key* .
|
This function is similar to krb5_k_make_checksum_iov(), but operates on keyblock *key* .
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ krb5_c_make_random_key - Generate an enctype-specific random encryption key.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Use :c:func:`krb5_free_keyblock_contents()` to free *k5_random_key* when no longer needed.
|
Use krb5_free_keyblock_contents() to free *k5_random_key* when no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -34,7 +34,7 @@ krb5_c_prf - Generate enctype-specific pseudo-random bytes.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function selects a pseudo-random function based on *keyblock* and computes its value over *input* , placing the result into *output* . The caller must preinitialize *output* and allocate space for the result, using :c:func:`krb5_c_prf_length()` to determine the required length.
|
This function selects a pseudo-random function based on *keyblock* and computes its value over *input* , placing the result into *output* . The caller must preinitialize *output* and allocate space for the result, using krb5_c_prf_length() to determine the required length.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -48,7 +48,7 @@ This function takes random input data *random_data* and produces a valid key *k5
|
|||||||
..
|
..
|
||||||
|
|
||||||
.. seealso::
|
.. seealso::
|
||||||
:c:func:`krb5_c_keylengths()`
|
krb5_c_keylengths()
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -36,7 +36,7 @@ krb5_c_string_to_key - Convert a string (such a password) to a key.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function converts *string* to a *key* of encryption type *enctype* , using the specified *salt* . The newly created *key* must be released by calling :c:func:`krb5_free_keyblock_contents()` when it is no longer needed.
|
This function converts *string* to a *key* of encryption type *enctype* , using the specified *salt* . The newly created *key* must be released by calling krb5_free_keyblock_contents() when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -38,7 +38,7 @@ krb5_c_string_to_key_with_params - Convert a string (such as a password) to a k
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function is similar to :c:func:`krb5_c_string_to_key()` , but also takes parameters which may affect the algorithm in an enctype-dependent way. The newly created *key* must be released by calling :c:func:`krb5_free_keyblock_contents()` when it is no longer needed.
|
This function is similar to krb5_c_string_to_key(), but also takes parameters which may affect the algorithm in an enctype-dependent way. The newly created *key* must be released by calling krb5_free_keyblock_contents() when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -58,7 +58,7 @@ This function verifies that *cksum* is a valid checksum for *data* . If the chec
|
|||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
|
|
||||||
This function is similar to :c:func:`krb5_k_verify_checksum()` , but operates on keyblock *key* .
|
This function is similar to krb5_k_verify_checksum(), but operates on keyblock *key* .
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ krb5_c_verify_checksum_iov - Validate a checksum element in IOV array (operates
|
|||||||
|
|
||||||
**[in]** **key** - Encryption key for a keyed checksum
|
**[in]** **key** - Encryption key for a keyed checksum
|
||||||
|
|
||||||
**[in]** **usage** - Key usage (see :data:`KRB5_KEYUSAGE` types)
|
**[in]** **usage** - Key usage (see KRB5_KEYUSAGE macros)
|
||||||
|
|
||||||
**[in]** **data** - IOV array
|
**[in]** **data** - IOV array
|
||||||
|
|
||||||
@@ -40,7 +40,7 @@ krb5_c_verify_checksum_iov - Validate a checksum element in IOV array (operates
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Confirm that the checksum in the :data:`KRB5_CRYPTO_TYPE_CHECKSUM` element is a valid checksum of the :data:`KRB5_CRYPTO_TYPE_DATA` and :data:`KRB5_CRYPTO_TYPE_SIGN_ONLY` regions in the iov.
|
Confirm that the checksum in the #KRB5_CRYPTO_TYPE_CHECKSUM element is a valid checksum of the #KRB5_CRYPTO_TYPE_DATA and #KRB5_CRYPTO_TYPE_SIGN_ONLY regions in the iov.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -54,7 +54,7 @@ Confirm that the checksum in the :data:`KRB5_CRYPTO_TYPE_CHECKSUM` element is a
|
|||||||
..
|
..
|
||||||
|
|
||||||
.. seealso::
|
.. seealso::
|
||||||
:c:func:`krb5_c_make_checksum_iov()`
|
krb5_c_make_checksum_iov()
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -63,7 +63,7 @@ Confirm that the checksum in the :data:`KRB5_CRYPTO_TYPE_CHECKSUM` element is a
|
|||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
|
|
||||||
This function is similar to :c:func:`krb5_k_verify_checksum_iov()` , but operates on keyblock *key* .
|
This function is similar to krb5_k_verify_checksum_iov(), but operates on keyblock *key* .
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -35,7 +35,7 @@ krb5_cc_default - Resolve the default credential cache name.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Create a handle to the default credential cache as given by :c:func:`krb5_cc_default_name()` .
|
Create a handle to the default credential cache as given by krb5_cc_default_name().
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -28,11 +28,11 @@ krb5_cc_default_name - Return the name of the default credential cache.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Return a pointer to the default credential cache name for *context* , as determined by a prior call to :c:func:`krb5_cc_set_default_name()` , by the KRB5CCNAME environment variable, by the default_ccache_name profile variable, or by the operating system or build-time default value. The returned value must not be modified or freed by the caller. The returned value becomes invalid when *context* is destroyed :c:func:`krb5_free_context()` or if a subsequent call to :c:func:`krb5_cc_set_default_name()` is made on *context* .
|
Return a pointer to the default credential cache name for *context* , as determined by a prior call to krb5_cc_set_default_name(), by the KRB5CCNAME environment variable, by the default_ccache_name profile variable, or by the operating system or build-time default value. The returned value must not be modified or freed by the caller. The returned value becomes invalid when *context* is destroyed krb5_free_context() or if a subsequent call to krb5_cc_set_default_name() is made on *context* .
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
The default credential cache name is cached in *context* between calls to this function, so if the value of KRB5CCNAME changes in the process environment after the first call to this function on, that change will not be reflected in later calls with the same context. The caller can invoke :c:func:`krb5_cc_set_default_name()` with a NULL value of *name* to clear the cached value and force the default name to be recomputed.
|
The default credential cache name is cached in *context* between calls to this function, so if the value of KRB5CCNAME changes in the process environment after the first call to this function on, that change will not be reflected in later calls with the same context. The caller can invoke krb5_cc_set_default_name() with a NULL value of *name* to clear the cached value and force the default name to be recomputed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -46,7 +46,7 @@ This function finishes processing credential cache entries and invalidates *curs
|
|||||||
..
|
..
|
||||||
|
|
||||||
.. seealso::
|
.. seealso::
|
||||||
:c:func:`krb5_cc_start_seq_get()` , :c:func:`krb5_cc_next_cred()`
|
krb5_cc_start_seq_get(), krb5_cc_next_cred()
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -39,7 +39,7 @@ krb5_cc_get_config - Get a configuration value from a credential cache.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Use :c:func:`krb5_free_data_contents()` to free *data* when it is no longer needed.
|
Use krb5_free_data_contents() to free *data* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -29,7 +29,7 @@ krb5_cc_get_full_name - Retrieve the full name of a credential cache.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Use :c:func:`krb5_free_string()` to free *fullname_out* when it is no longer needed.
|
Use krb5_free_string() to free *fullname_out* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -45,7 +45,7 @@ krb5_cc_get_name - Retrieve the name, but not type of a credential cache.
|
|||||||
|
|
||||||
.. warning::
|
.. warning::
|
||||||
|
|
||||||
Returns the name of the credential cache. The result is an alias into *cache* and should not be freed or modified by the caller. This name does not include the cache type, so should not be used as input to :c:func:`krb5_cc_resolve()` .
|
Returns the name of the credential cache. The result is an alias into *cache* and should not be freed or modified by the caller. This name does not include the cache type, so should not be used as input to krb5_cc_resolve().
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -35,11 +35,11 @@ krb5_cc_get_principal - Get the default principal of a credential cache.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Returns the default client principal of a credential cache as set by :c:func:`krb5_cc_initialize()` .
|
Returns the default client principal of a credential cache as set by krb5_cc_initialize().
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Use :c:func:`krb5_free_principal()` to free *principal* when it is no longer needed.
|
Use krb5_free_principal() to free *principal* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -38,7 +38,7 @@ This function fills in *creds* with the next entry in *cache* and advances *curs
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Use :c:func:`krb5_free_cred_contents()` to free *creds* when it is no longer needed.
|
Use krb5_free_cred_contents() to free *creds* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -52,7 +52,7 @@ Use :c:func:`krb5_free_cred_contents()` to free *creds* when it is no longer nee
|
|||||||
..
|
..
|
||||||
|
|
||||||
.. seealso::
|
.. seealso::
|
||||||
:c:func:`krb5_cc_start_seq_get()` , krb5_end_seq_get()
|
krb5_cc_start_seq_get(), krb5_end_seq_get()
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -37,7 +37,7 @@ krb5_cc_remove_cred - Remove credentials from a credential cache.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function accepts the same flag values as :c:func:`krb5_cc_retrieve_cred()` .
|
This function accepts the same flag values as krb5_cc_retrieve_cred().
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -46,36 +46,36 @@ Valid values for *flags* are:
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
- :data:`KRB5_TC_MATCH_TIMES` The requested lifetime must be at least as great as in *mcreds* .
|
- #KRB5_TC_MATCH_TIMES The requested lifetime must be at least as great as in *mcreds* .
|
||||||
|
|
||||||
|
|
||||||
- :data:`KRB5_TC_MATCH_IS_SKEY` The *is_skey* field much match exactly.
|
- #KRB5_TC_MATCH_IS_SKEY The *is_skey* field much match exactly.
|
||||||
|
|
||||||
|
|
||||||
- :data:`KRB5_TC_MATCH_FLAGS` Flags set in *mcreds* must be set.
|
- #KRB5_TC_MATCH_FLAGS Flags set in *mcreds* must be set.
|
||||||
|
|
||||||
|
|
||||||
- :data:`KRB5_TC_MATCH_TIMES_EXACT` The requested lifetime must match exactly.
|
- #KRB5_TC_MATCH_TIMES_EXACT The requested lifetime must match exactly.
|
||||||
|
|
||||||
|
|
||||||
- :data:`KRB5_TC_MATCH_FLAGS_EXACT` Flags must match exactly.
|
- #KRB5_TC_MATCH_FLAGS_EXACT Flags must match exactly.
|
||||||
|
|
||||||
|
|
||||||
- :data:`KRB5_TC_MATCH_AUTHDATA` The authorization data must match.
|
- #KRB5_TC_MATCH_AUTHDATA The authorization data must match.
|
||||||
|
|
||||||
|
|
||||||
- :data:`KRB5_TC_MATCH_SRV_NAMEONLY` Only the name portion of the principal name must match, not the realm.
|
- #KRB5_TC_MATCH_SRV_NAMEONLY Only the name portion of the principal name must match, not the realm.
|
||||||
|
|
||||||
|
|
||||||
- :data:`KRB5_TC_MATCH_2ND_TKT` The second tickets must match.
|
- #KRB5_TC_MATCH_2ND_TKT The second tickets must match.
|
||||||
|
|
||||||
|
|
||||||
- :data:`KRB5_TC_MATCH_KTYPE` The encryption key types must match.
|
- #KRB5_TC_MATCH_KTYPE The encryption key types must match.
|
||||||
|
|
||||||
|
|
||||||
- :data:`KRB5_TC_SUPPORTED_KTYPES` Check all matching entries that have any supported encryption type and return the one with the encryption type listed earliest.
|
- #KRB5_TC_SUPPORTED_KTYPES Check all matching entries that have any supported encryption type and return the one with the encryption type listed earliest.
|
||||||
|
|
||||||
Use :c:func:`krb5_free_cred_contents()` to free *creds* when it is no longer needed.
|
Use krb5_free_cred_contents() to free *creds* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -38,7 +38,7 @@ Select a cache within the collection containing credentials most appropriate for
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Use :c:func:`krb5_cc_close()` to release *cache_out* when it is no longer needed. Use :c:func:`krb5_free_principal()` to release *princ_out* when it is no longer needed. Note that *princ_out* is set in some error conditions.
|
Use krb5_cc_close() to release *cache_out* when it is no longer needed. Use krb5_free_principal() to release *princ_out* when it is no longer needed. Note that *princ_out* is set in some error conditions.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -38,7 +38,7 @@ Set the default credential cache name to *name* for future operations using *con
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Calls to this function invalidate the result of any previous calls to :c:func:`krb5_cc_default_name()` using *context* .
|
Calls to this function invalidate the result of any previous calls to krb5_cc_default_name() using *context* .
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ krb5_cc_start_seq_get - Prepare to sequentially read every credential in a cred
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
:c:func:`krb5_cc_end_seq_get()` must be called to complete the retrieve operation.
|
krb5_cc_end_seq_get() must be called to complete the retrieve operation.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -52,7 +52,7 @@ krb5_cc_start_seq_get - Prepare to sequentially read every credential in a cred
|
|||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
|
|
||||||
If the cache represented by *cache* is modified between the time of the call to this function and the time of the final :c:func:`krb5_cc_end_seq_get()` , these changes may not be reflected in the results of :c:func:`krb5_cc_next_cred()` calls.
|
If the cache represented by *cache* is modified between the time of the call to this function and the time of the final krb5_cc_end_seq_get(), these changes may not be reflected in the results of krb5_cc_next_cred() calls.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -40,7 +40,7 @@ krb5_cccol_cursor_free - Free a credential cache collection cursor.
|
|||||||
..
|
..
|
||||||
|
|
||||||
.. seealso::
|
.. seealso::
|
||||||
:c:func:`krb5_cccol_cursor_new()` , :c:func:`krb5_cccol_cursor_next()`
|
krb5_cccol_cursor_new(), krb5_cccol_cursor_next()
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -34,7 +34,7 @@ Get a new cache iteration *cursor* that will iterate over all known credential c
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Use :c:func:`krb5_cccol_cursor_free()` to release *cursor* when it is no longer needed.
|
Use krb5_cccol_cursor_free() to release *cursor* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -48,7 +48,7 @@ Use :c:func:`krb5_cccol_cursor_free()` to release *cursor* when it is no longer
|
|||||||
..
|
..
|
||||||
|
|
||||||
.. seealso::
|
.. seealso::
|
||||||
:c:func:`krb5_cccol_cursor_next()`
|
krb5_cccol_cursor_next()
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ krb5_cccol_cursor_next - Get the next credential cache in the collection.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Use :c:func:`krb5_cc_close()` to close *ccache* when it is no longer needed.
|
Use krb5_cc_close() to close *ccache* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -46,7 +46,7 @@ Use :c:func:`krb5_cc_close()` to close *ccache* when it is no longer needed.
|
|||||||
..
|
..
|
||||||
|
|
||||||
.. seealso::
|
.. seealso::
|
||||||
:c:func:`krb5_cccol_cursor_new()` , :c:func:`krb5_cccol_cursor_free()`
|
krb5_cccol_cursor_new(), krb5_cccol_cursor_free()
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -48,19 +48,19 @@ The possible values of the output *result_code* are:
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
- :data:`KRB5_KPASSWD_SUCCESS` (0) - success
|
- #KRB5_KPASSWD_SUCCESS (0) - success
|
||||||
|
|
||||||
|
|
||||||
- :data:`KRB5_KPASSWD_MALFORMED` (1) - Malformed request error
|
- #KRB5_KPASSWD_MALFORMED (1) - Malformed request error
|
||||||
|
|
||||||
|
|
||||||
- :data:`KRB5_KPASSWD_HARDERROR` (2) - Server error
|
- #KRB5_KPASSWD_HARDERROR (2) - Server error
|
||||||
|
|
||||||
|
|
||||||
- :data:`KRB5_KPASSWD_AUTHERROR` (3) - Authentication error
|
- #KRB5_KPASSWD_AUTHERROR (3) - Authentication error
|
||||||
|
|
||||||
|
|
||||||
- :data:`KRB5_KPASSWD_SOFTERROR` (4) - Password change rejected
|
- #KRB5_KPASSWD_SOFTERROR (4) - Password change rejected
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -35,11 +35,11 @@ krb5_chpw_message - Get a result message for changing or setting a password.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function processes the *server_string* returned in the *result_string* parameter of :c:func:`krb5_change_password()` , :c:func:`krb5_set_password()` , and related functions, and returns a displayable string. If *server_string* contains Active Directory structured policy information, it will be converted into human-readable text.
|
This function processes the *server_string* returned in the *result_string* parameter of krb5_change_password(), krb5_set_password(), and related functions, and returns a displayable string. If *server_string* contains Active Directory structured policy information, it will be converted into human-readable text.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Use :c:func:`krb5_free_string()` to free *message_out* when it is no longer needed.
|
Use krb5_free_string() to free *message_out* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ krb5_copy_addresses - Copy an array of addresses.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function creates a new address array containing a copy of *inaddr* . Use :c:func:`krb5_free_addresses()` to free *outaddr* when it is no longer needed.
|
This function creates a new address array containing a copy of *inaddr* . Use krb5_free_addresses() to free *outaddr* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ krb5_copy_authdata - Copy an authorization data list.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function creates a new authorization data list containing a copy of *in_authdat* , which must be null-terminated. Use :c:func:`krb5_free_authdata()` to free *out* when it is no longer needed.
|
This function creates a new authorization data list containing a copy of *in_authdat* , which must be null-terminated. Use krb5_free_authdata() to free *out* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ krb5_copy_authenticator - Copy a krb5_authenticator structure.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function creates a new krb5_authenticator structure with the content of *authfrom* . Use :c:func:`krb5_free_authenticator()` to free *authto* when it is no longer needed.
|
This function creates a new krb5_authenticator structure with the content of *authfrom* . Use krb5_free_authenticator() to free *authto* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ krb5_copy_checksum - Copy a krb5_checksum structure.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function creates a new krb5_checksum structure with the contents of *ckfrom* . Use :c:func:`krb5_free_checksum()` to free *ckto* when it is no longer needed.
|
This function creates a new krb5_checksum structure with the contents of *ckfrom* . Use krb5_free_checksum() to free *ckto* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -33,7 +33,7 @@ krb5_copy_context - Copy a krb5_context structure.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
The newly created context must be released by calling :c:func:`krb5_free_context()` when it is no longer needed.
|
The newly created context must be released by calling krb5_free_context() when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ krb5_copy_creds - Copy a krb5_creds structure.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function creates a new credential with the contents of *incred* . Use :c:func:`krb5_free_creds()` to free *outcred* when it is no longer needed.
|
This function creates a new credential with the contents of *incred* . Use krb5_free_creds() to free *outcred* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ krb5_copy_data - Copy a krb5_data object.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function creates a new krb5_data object with the contents of *indata* . Use :c:func:`krb5_free_data()` to free *outdata* when it is no longer needed.
|
This function creates a new krb5_data object with the contents of *indata* . Use krb5_free_data() to free *outdata* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ krb5_copy_keyblock - Copy a keyblock.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function creates a new keyblock with the same contents as *from* . Use :c:func:`krb5_free_keyblock()` to free *to* when it is no longer needed.
|
This function creates a new keyblock with the same contents as *from* . Use krb5_free_keyblock() to free *to* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ krb5_copy_keyblock_contents - Copy the contents of a keyblock.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function copies the contents of *from* to *to* . Use :c:func:`krb5_free_keyblock_contents()` to free *to* when it is no longer needed.
|
This function copies the contents of *from* to *to* . Use krb5_free_keyblock_contents() to free *to* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ krb5_copy_principal - Copy a principal.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function creates a new principal structure with the contents of *inprinc* . Use :c:func:`krb5_free_principal()` to free *outprinc* when it is no longer needed.
|
This function creates a new principal structure with the contents of *inprinc* . Use krb5_free_principal() to free *outprinc* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ krb5_copy_ticket - Copy a krb5_ticket structure.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function creates a new krb5_ticket structure containing the contents of *from* . Use :c:func:`krb5_free_ticket()` to free *pto* when it is no longer needed.
|
This function creates a new krb5_ticket structure containing the contents of *from* . Use krb5_free_ticket() to free *pto* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -12,7 +12,7 @@ krb5_decode_authdata_container - Unwrap authorization data.
|
|||||||
|
|
||||||
**[in]** **context** - Library context
|
**[in]** **context** - Library context
|
||||||
|
|
||||||
**[in]** **type** - :data:`KRB5_AUTHDATA` type of *container*
|
**[in]** **type** - Container type (see KRB5_AUTHDATA macros)
|
||||||
|
|
||||||
**[in]** **container** - Authorization data to be decoded
|
**[in]** **container** - Authorization data to be decoded
|
||||||
|
|
||||||
@@ -44,7 +44,7 @@ krb5_decode_authdata_container - Unwrap authorization data.
|
|||||||
..
|
..
|
||||||
|
|
||||||
.. seealso::
|
.. seealso::
|
||||||
:c:func:`krb5_encode_authdata_container()`
|
krb5_encode_authdata_container()
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -12,7 +12,7 @@ krb5_encode_authdata_container - Wrap authorization data in a container.
|
|||||||
|
|
||||||
**[in]** **context** - Library context
|
**[in]** **context** - Library context
|
||||||
|
|
||||||
**[in]** **type** - :data:`KRB5_AUTHDATA` type of *container*
|
**[in]** **type** - Container type (see KRB5_AUTHDATA macros)
|
||||||
|
|
||||||
**[in]** **authdata** - List of authorization data to be encoded
|
**[in]** **authdata** - List of authorization data to be encoded
|
||||||
|
|
||||||
@@ -48,7 +48,7 @@ The result is returned in *container* as a single-element list.
|
|||||||
..
|
..
|
||||||
|
|
||||||
.. seealso::
|
.. seealso::
|
||||||
:c:func:`krb5_decode_authdata_container()`
|
krb5_decode_authdata_container()
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -29,7 +29,7 @@ krb5_expand_hostname - Canonicalize a hostname, possibly using name service.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function canonicalizes orig_hostname, possibly using name service lookups if configuration permits. Use :c:func:`krb5_free_string()` to free *canonhost_out* when it is no longer needed.
|
This function canonicalizes orig_hostname, possibly using name service lookups if configuration permits. Use krb5_free_string() to free *canonhost_out* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -33,7 +33,7 @@ krb5_find_authdata - Find authorization data elements.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function searches *ticket_authdata* and *ap_req_authdata* for elements of type *ad_type* . Either input list may be NULL, in which case it will not be searched; otherwise, the input lists must be terminated by NULL entries. This function will search inside AD-IF-RELEVANT containers if found in either list. Use :c:func:`krb5_free_authdata()` to free *results* when it is no longer needed.
|
This function searches *ticket_authdata* and *ap_req_authdata* for elements of type *ad_type* . Either input list may be NULL, in which case it will not be searched; otherwise, the input lists must be terminated by NULL entries. This function will search inside AD-IF-RELEVANT containers if found in either list. Use krb5_free_authdata() to free *results* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -25,7 +25,7 @@ krb5_free_context - Free a krb5 library context.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
This function frees a *context* that was created by :c:func:`krb5_init_context()` or :c:func:`krb5_init_secure_context()` .
|
This function frees a *context* that was created by krb5_init_context() or krb5_init_secure_context().
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
krb5_free_default_realm - Free a default realm string returned by krb5_get_default_realm() .
|
krb5_free_default_realm - Free a default realm string returned by krb5_get_default_realm().
|
||||||
==============================================================================================
|
=============================================================================================
|
||||||
|
|
||||||
..
|
..
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
krb5_free_error - Free an error allocated by krb5_read_error() or krb5_sendauth() .
|
krb5_free_error - Free an error allocated by krb5_read_error() or krb5_sendauth().
|
||||||
=====================================================================================
|
====================================================================================
|
||||||
|
|
||||||
..
|
..
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
krb5_free_error_message - Free an error message generated by krb5_get_error_message() .
|
krb5_free_error_message - Free an error message generated by krb5_get_error_message().
|
||||||
=========================================================================================
|
========================================================================================
|
||||||
|
|
||||||
..
|
..
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
krb5_free_host_realm - Free the memory allocated by krb5_get_host_realm() .
|
krb5_free_host_realm - Free the memory allocated by krb5_get_host_realm().
|
||||||
=============================================================================
|
============================================================================
|
||||||
|
|
||||||
..
|
..
|
||||||
|
|
||||||
|
|||||||
@@ -49,7 +49,7 @@ krb5_fwd_tgt_creds - Get a forwarded TGT and format a KRB-CRED message.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Get a TGT for use at the remote host *rhost* and format it into a KRB-CRED message. If *rhost* is NULL and *server* is of type :data:`KRB5_NT_SRV_HST` , the second component of *server* will be used.
|
Get a TGT for use at the remote host *rhost* and format it into a KRB-CRED message. If *rhost* is NULL and *server* is of type #KRB5_NT_SRV_HST, the second component of *server* will be used.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -45,10 +45,10 @@ Use *ccache* or a TGS exchange to get a service ticket matching *in_creds* .
|
|||||||
|
|
||||||
Valid values for *options* are:
|
Valid values for *options* are:
|
||||||
|
|
||||||
- :data:`KRB5_GC_CACHED` Search only credential cache for the ticket
|
- #KRB5_GC_CACHED Search only credential cache for the ticket
|
||||||
|
|
||||||
|
|
||||||
- :data:`KRB5_GC_USER_USER` Return a user to user authentication ticket
|
- #KRB5_GC_USER_USER Return a user to user authentication ticket
|
||||||
|
|
||||||
*in_creds* must be non-null. *in_creds->client* and *in_creds->server* must be filled in to specify the client and the server respectively. If any authorization data needs to be requested for the service ticket (such as restrictions on how the ticket can be used), specify it in *in_creds->authdata* ; otherwise set *in_creds->authdata* to NULL. The session key type is specified in *in_creds->keyblock.enctype* , if it is nonzero.
|
*in_creds* must be non-null. *in_creds->client* and *in_creds->server* must be filled in to specify the client and the server respectively. If any authorization data needs to be requested for the service ticket (such as restrictions on how the ticket can be used), specify it in *in_creds->authdata* ; otherwise set *in_creds->authdata* to NULL. The session key type is specified in *in_creds->keyblock.enctype* , if it is nonzero.
|
||||||
|
|
||||||
@@ -62,7 +62,7 @@ Any returned ticket and intermediate ticket-granting tickets are stored in *ccac
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Use :c:func:`krb5_free_creds()` to free *out_creds* when it is no longer needed.
|
Use krb5_free_creds() to free *out_creds* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -37,7 +37,7 @@ Retrieves the default realm to be used if no user-specified realm is available.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Use :c:func:`krb5_free_default_realm()` to free *lrealm* when it is no longer needed.
|
Use krb5_free_default_realm() to free *lrealm* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -27,7 +27,7 @@ krb5_get_error_message - Get the (possibly extended) error message for a code.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
The behavior of :c:func:`krb5_get_error_message()` is only defined the first time it is called after a failed call to a krb5 function using the same context, and only when the error code passed in is the same as that returned by the krb5 function.
|
The behavior of krb5_get_error_message() is only defined the first time it is called after a failed call to a krb5 function using the same context, and only when the error code passed in is the same as that returned by the krb5 function.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -35,7 +35,7 @@ This function never returns NULL, so its result may be used unconditionally as a
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
The string returned by this function must be freed using :c:func:`krb5_free_error_message()`
|
The string returned by this function must be freed using krb5_free_error_message()
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -45,11 +45,11 @@ Send an initial ticket request for *principal* and extract the encryption type,
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
*opt* may be used to specify options which affect the initial request, such as request encryption types or a FAST armor cache (see :c:func:`krb5_get_init_creds_opt_set_etype_list()` and :c:func:`krb5_get_init_creds_opt_set_fast_ccache_name()` ).
|
*opt* may be used to specify options which affect the initial request, such as request encryption types or a FAST armor cache (see krb5_get_init_creds_opt_set_etype_list() and krb5_get_init_creds_opt_set_fast_ccache_name()).
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Use :c:func:`krb5_free_data_contents()` to free *salt_out* and *s2kparams_out* when they are no longer needed.
|
Use krb5_free_data_contents() to free *salt_out* and *s2kparams_out* when they are no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -37,7 +37,7 @@ If *host* is NULL, the local host's realms are determined.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Use :c:func:`krb5_free_host_realm()` to release *realmsp* when it is no longer needed.
|
Use krb5_free_host_realm() to release *realmsp* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -44,7 +44,7 @@ If *host* is NULL, the local host's realms are determined.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Use :c:func:`krb5_free_host_realm()` to release *realmsp* when it is no longer needed.
|
Use krb5_free_host_realm() to release *realmsp* when it is no longer needed.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user