diff --git a/contrib/com_err/ChangeLog b/contrib/com_err/ChangeLog deleted file mode 100644 diff --git a/contrib/com_err/com_err.3 b/contrib/com_err/com_err.3 deleted file mode 100644 --- a/contrib/com_err/com_err.3 +++ /dev/null @@ -1,245 +0,0 @@ -.\" Copyright (c) 2005 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id$ -.\" -.\" This manpage was contributed by Gregory McGarry. -.\" -.Dd July 7, 2005 -.Dt COM_ERR 3 -.Os -.Sh NAME -.Nm com_err , -.Nm com_err_va , -.Nm error_message , -.Nm error_table_name , -.Nm init_error_table , -.Nm set_com_err_hook , -.Nm reset_com_err_hook , -.Nm add_to_error_table , -.Nm initialize_error_table_r -.Nm free_error_table , -.Nm com_right -.Nd common error display library -.Sh LIBRARY -Common Error Library (libcom_err, -lcom_err) -.Sh SYNOPSIS -.Fd #include -.Fd #include -.Fd #include -.Fd #include \&"XXX_err.h\&" -.Pp -typedef void (*errf)(const char *, long, const char *, ...); -.Ft void -.Fn com_err "const char *whoami" "long code" "const char *format" "..." -.Ft void -.Fn com_err_va "const char *whoami" "long code" "const char *format" "..." -.Ft const char * -.Fn error_message "long code" -.Ft const char * -.Fn error_table_name "int num" -.Ft int -.Fn init_error_table "const char **msgs" "long base" "int count" -.Ft errf -.Fn set_com_err_hook "errf func" -.Ft errf -.Fn reset_com_err_hook "" -.Ft void -.Fn add_to_error_table "struct et_list *new_table" -.Ft void -.Fn initialize_error_table_r "struct et_list **et_list" "const char **msgs" "int base" "long count" -.Ft void -.Fn free_error_table "struct et_list *" -.Ft const char * -.Fn com_right "struct et_list *list" long code" -.Sh DESCRIPTION -The -.Nm -library provides a common error-reporting mechanism for defining and -accessing error codes and descriptions for application software -packages. Error descriptions are defined in a table and error codes -are used to index the table. The error table, the descriptions and -the error codes are generated using -.Xr compile_et 1 . -.Pp -The error table is registered with the -.Nm -library by calling its initialisation function defined in its header -file. The initialisation function is generally defined as -.Fn initialize__error_table , -where -.Em name -is the name of the error table. -.Pp -If a thread-safe version of the library is needed -.Fn initialize__error_table_r -that internally calls -.Fn initialize_error_table_r -instead be used. -.Pp -Any variable which is to contain an error code should be declared -.Em _error_number -where -.Em name -is the name of the error table. -.Sh FUNCTIONS -The following functions are available to the application developer: -.Bl -tag -width compact -.It Fn com_err "whoami" "code" "format" "..." -Displays an error message on standard error composed of the -.Fa whoami -string, which should specify the program name, followed by an error -message generated from -.Fa code , -and a string produced using the -.Xr printf 3 -.Fa format -string and any following arguments. If -.Fa format -is NULL, the formatted message will not be -printed. The argument -.Fa format -may not be omitted. -.It Fn com_err_va "whoami" "code" "format" "va_list args" -This routine provides an interface, equivalent to -.Fn com_err , -which may be used by higher-level variadic functions (functions which -accept variable numbers of arguments). -.It Fn error_message "code" -Returns the character string error message associate with -.Fa code . -If -.Fa code is associated with an unknown error table, or if -.Fa code -is associated with a known error table but is not in the table, a -string of the form `Unknown code XXXX NN' is returned, where XXXX is -the error table name produced by reversing the compaction performed on -the error table number implied by that error code, and NN is the -offset from that base value. -.Pp -Although this routine is available for use when needed, its use should -be left to circumstances which render -.Fn com_err -unusable. -.Pp -.Fn com_right -returns the error string just like -.Fa com_err -but in a thread-safe way. -.Pp -.It Fn error_table_name "num" -Convert a machine-independent error table number -.Fa num -into an error table name. -.It Fn init_error_table "msgs" "base" "count" -Initialise the internal error table with the array of character string -error messages in -.Fa msgs -of length -.Fa count . -The error codes are assigned incrementally from -.Fa base . -This function is useful for using the error-reporting mechanism with -custom error tables that have not been generated with -.Xr compile_et 1 . -Although this routine is available for use when needed, its use should -be restricted. -.Pp -.Fn initialize_error_table_r -initialize the -.Fa et_list -in the same way as -.Fn init_error_table , -but in a thread-safe way. -.Pp -.It Fn set_com_err_hook "func" -Provides a hook into the -.Nm -library to allow the routine -.Fa func -to be dynamically substituted for -.Fn com_err . -After -.Fn set_com_err_hook - has been called, calls to -.Fn com_err -will turn into calls to the new hook routine. This function is -intended to be used in daemons to use a routine which calls -.Xr syslog 3 , -or in a window system application to pop up a dialogue box. -.It Fn reset_com_err_hook "" -Turns off the hook set in -.Fn set_com_err_hook . -.It Fn add_to_error_table "new_table" -Add the error table, its messages strings and error codes in -.Fa new_table -to the internal error table. -.El -.Sh EXAMPLES -The following is an example using the table defined in -.Xr compile_et 1 : -.Pp -.Bd -literal - #include - #include - #include - - #include "test_err.h" - - void - hook(const char *whoami, long code, - const char *format, va_list args) - { - char buffer[BUFSIZ]; - static int initialized = 0; - - if (!initialized) { - openlog(whoami, LOG_NOWAIT, LOG_DAEMON); - initialized = 1; - } - vsprintf(buffer, format, args); - syslog(LOG_ERR, "%s %s", error_message(code), buffer); - } - - int - main(int argc, char *argv[]) - { - char *whoami = argv[0]; - - initialize_test_error_table(); - com_err(whoami, TEST_INVAL, "before hook"); - set_com_err_hook(hook); - com_err(whoami, TEST_IO, "after hook"); - return (0); - } -.Ed -.Sh SEE ALSO -.Xr compile_et 1 diff --git a/contrib/com_err/com_err.c b/contrib/com_err/com_err.c deleted file mode 100644 --- a/contrib/com_err/com_err.c +++ /dev/null @@ -1,168 +0,0 @@ -/* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - - -#include -#include -#include -#include "com_err.h" - -struct et_list *_et_list = NULL; - - -KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL -error_message (long code) -{ - static char msg[128]; - const char *p = com_right(_et_list, code); - if (p == NULL) { - if (code < 0) - snprintf(msg, sizeof(msg), "Unknown error %ld", code); - else - p = strerror(code); - } - if (p != NULL && *p != '\0') { - strlcpy(msg, p, sizeof(msg)); - } else - snprintf(msg, sizeof(msg), "Unknown error %ld", code); - return msg; -} - -KRB5_LIB_FUNCTION int KRB5_LIB_CALL -init_error_table(const char **msgs, long base, int count) -{ - initialize_error_table_r(&_et_list, msgs, count, base); - return 0; -} - -static void KRB5_CALLCONV -default_proc (const char *whoami, long code, const char *fmt, va_list args) - __attribute__((__format__(__printf__, 3, 0))); - -static void KRB5_CALLCONV -default_proc (const char *whoami, long code, const char *fmt, va_list args) -{ - if (whoami) - fprintf(stderr, "%s: ", whoami); - if (code) - fprintf(stderr, "%s ", error_message(code)); - if (fmt) - vfprintf(stderr, fmt, args); - fprintf(stderr, "\r\n"); /* ??? */ -} - -static errf com_err_hook = default_proc; - -KRB5_LIB_FUNCTION void KRB5_LIB_CALL -com_err_va (const char *whoami, - long code, - const char *fmt, - va_list args) -{ - (*com_err_hook) (whoami, code, fmt, args); -} - -KRB5_LIB_FUNCTION void KRB5_LIB_CALL -com_err (const char *whoami, - long code, - const char *fmt, - ...) -{ - va_list ap; - va_start(ap, fmt); - com_err_va (whoami, code, fmt, ap); - va_end(ap); -} - -KRB5_LIB_FUNCTION errf KRB5_LIB_CALL -set_com_err_hook (errf new) -{ - errf old = com_err_hook; - - if (new) - com_err_hook = new; - else - com_err_hook = default_proc; - - return old; -} - -KRB5_LIB_FUNCTION errf KRB5_LIB_CALL -reset_com_err_hook (void) -{ - return set_com_err_hook(NULL); -} - -#define ERRCODE_RANGE 8 /* # of bits to shift table number */ -#define BITS_PER_CHAR 6 /* # bits to shift per character in name */ - -static const char char_set[] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_"; - -static char buf[6]; - -KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL -error_table_name(int num) -{ - int ch; - int i; - char *p; - - /* num = aa aaa abb bbb bcc ccc cdd ddd d?? ??? ??? */ - p = buf; - num >>= ERRCODE_RANGE; - /* num = ?? ??? ??? aaa aaa bbb bbb ccc ccc ddd ddd */ - num &= 077777777; - /* num = 00 000 000 aaa aaa bbb bbb ccc ccc ddd ddd */ - for (i = 4; i >= 0; i--) { - ch = (num >> BITS_PER_CHAR * i) & ((1 << BITS_PER_CHAR) - 1); - if (ch != 0) - *p++ = char_set[ch-1]; - } - *p = '\0'; - return(buf); -} - -KRB5_LIB_FUNCTION void KRB5_LIB_CALL -add_to_error_table(struct et_list *new_table) -{ - struct et_list *et; - - for (et = _et_list; et; et = et->next) { - if (et->table->base == new_table->table->base) - return; - } - - new_table->next = _et_list; - _et_list = new_table; -} diff --git a/contrib/com_err/compile_et.1 b/contrib/com_err/compile_et.1 deleted file mode 100644 --- a/contrib/com_err/compile_et.1 +++ /dev/null @@ -1,76 +0,0 @@ -.\" Copyright (c) 1988 Massachusetts Institute of Technology, -.\" Student Information Processing Board. All rights reserved. -.\" -.\" $FreeBSD$ -.\" -.Dd November 22, 1988 -.Dt COMPILE_ET 1 -.Os -.Sh NAME -.Nm compile_et -.Nd error table compiler -.Sh SYNOPSIS -.Nm compile_et -.Ar file -.Sh DESCRIPTION -.Nm Compile_et -converts a table listing error-code names and associated messages into -a C source file suitable for use with the -.Xr com_err 3 -library. -.Pp -The source file name must end with a suffix of ``.et''; the file -consists of a declaration supplying the name (up to four characters -long) of the error-code table: -.Pp -.Em error_table name -.Pp -followed by up to 256 entries of the form: -.Pp -.Em error_code name , -.No \(dq Ns Em string Ns \(dq -.Pp -and a final -.Pp -.Em end -.Pp -to indicate the end of the table. -.Pp -The name of the table is used to construct the name of a subroutine -.Em initialize_XXXX_error_table -which must be called in order for the -.Xr com_err 3 -library to recognize the error table. -.Pp -The various error codes defined are assigned sequentially increasing -numbers (starting with a large number computed as a hash function of -the name of the table); thus for compatibility it is suggested that -new codes be added only to the end of an existing table, and that no -codes be removed from tables. -.Pp -The names defined in the table are placed into a C header file with -preprocessor directives defining them as integer constants of up to -32 bits in magnitude. -.Pp -A C source file is also generated which should be compiled and linked -with the object files which reference these error codes; it contains -the text of the messages and the initialization subroutine. -Both C -files have names derived from that of the original source file, with -the ``.et'' suffix replaced by ``.c'' and ``.h''. -.Pp -A ``#'' in the source file is treated as a comment character, and all -remaining text to the end of the source line will be ignored. -.Sh SEE ALSO -.Xr yacc 1 , -.Xr com_err 3 -.Rs -.%A Ken Raeburn -.%T "A Common Error Description Library for UNIX" -.Re -.Sh BUGS -Since -.Nm compile_et -uses a very simple parser based on -.Xr yacc 1 , -its error recovery leaves much to be desired. diff --git a/contrib/com_err/compile_et.c b/contrib/com_err/compile_et.c deleted file mode 100644 --- a/contrib/com_err/compile_et.c +++ /dev/null @@ -1,242 +0,0 @@ -/* - * Copyright (c) 1998-2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#undef ROKEN_RENAME - -#define rk_PATH_DELIM '/' - -#include "compile_et.h" -#include - -#include -#include -#include "parse.h" - -int numerror; -extern FILE *yyin; - -extern void yyparse(void); - -long base_id; -int number; -char *prefix; -char *id_str; - -char name[128]; -char Basename[128]; - -#ifdef YYDEBUG -extern int yydebug = 1; -#endif - -char *filename; -char hfn[128]; -char cfn[128]; - -struct error_code *codes = NULL; - -static int -generate_c(void) -{ - int n; - struct error_code *ec; - - FILE *c_file = fopen(cfn, "w"); - if(c_file == NULL) - return 1; - - fprintf(c_file, "/* Generated from %s */\n", filename); - if(id_str) - fprintf(c_file, "/* %s */\n", id_str); - fprintf(c_file, "\n"); - fprintf(c_file, "#include \n"); - fprintf(c_file, "#include \n"); - fprintf(c_file, "#include \"%s\"\n", hfn); - fprintf(c_file, "\n"); - fprintf(c_file, "#define N_(x) (x)\n"); - fprintf(c_file, "\n"); - - fprintf(c_file, "static const char *%s_error_strings[] = {\n", name); - - for(ec = codes, n = 0; ec; ec = ec->next, n++) { - while(n < ec->number) { - fprintf(c_file, "\t/* %03d */ \"Reserved %s error (%d)\",\n", - n, name, n); - n++; - - } - fprintf(c_file, "\t/* %03d */ N_(\"%s\"),\n", - ec->number, ec->string); - } - - fprintf(c_file, "\tNULL\n"); - fprintf(c_file, "};\n"); - fprintf(c_file, "\n"); - fprintf(c_file, "#define num_errors %d\n", number); - fprintf(c_file, "\n"); - fprintf(c_file, - "void initialize_%s_error_table_r(struct et_list **list)\n", - name); - fprintf(c_file, "{\n"); - fprintf(c_file, - " initialize_error_table_r(list, %s_error_strings, " - "num_errors, ERROR_TABLE_BASE_%s);\n", name, name); - fprintf(c_file, "}\n"); - fprintf(c_file, "\n"); - fprintf(c_file, "void initialize_%s_error_table(void)\n", name); - fprintf(c_file, "{\n"); - fprintf(c_file, - " init_error_table(%s_error_strings, ERROR_TABLE_BASE_%s, " - "num_errors);\n", name, name); - fprintf(c_file, "}\n"); - - fclose(c_file); - return 0; -} - -static int -generate_h(void) -{ - struct error_code *ec; - char fn[128]; - FILE *h_file = fopen(hfn, "w"); - char *p; - - if(h_file == NULL) - return 1; - - snprintf(fn, sizeof(fn), "__%s__", hfn); - for(p = fn; *p; p++) - if(!isalnum((unsigned char)*p)) - *p = '_'; - - fprintf(h_file, "/* Generated from %s */\n", filename); - if(id_str) - fprintf(h_file, "/* %s */\n", id_str); - fprintf(h_file, "\n"); - fprintf(h_file, "#ifndef %s\n", fn); - fprintf(h_file, "#define %s\n", fn); - fprintf(h_file, "\n"); - fprintf(h_file, "struct et_list;\n"); - fprintf(h_file, "\n"); - fprintf(h_file, - "void initialize_%s_error_table_r(struct et_list **);\n", - name); - fprintf(h_file, "\n"); - fprintf(h_file, "void initialize_%s_error_table(void);\n", name); - fprintf(h_file, "#define init_%s_err_tbl initialize_%s_error_table\n", - name, name); - fprintf(h_file, "\n"); - fprintf(h_file, "typedef enum %s_error_number{\n", name); - - for(ec = codes; ec; ec = ec->next) { - fprintf(h_file, "\t%s = %ld%s\n", ec->name, base_id + ec->number, - (ec->next != NULL) ? "," : ""); - } - - fprintf(h_file, "} %s_error_number;\n", name); - fprintf(h_file, "\n"); - fprintf(h_file, "#define ERROR_TABLE_BASE_%s %ld\n", name, base_id); - fprintf(h_file, "\n"); - fprintf(h_file, "#define COM_ERR_BINDDOMAIN_%s \"heim_com_err%ld\"\n", name, base_id); - fprintf(h_file, "\n"); - fprintf(h_file, "#endif /* %s */\n", fn); - - - fclose(h_file); - return 0; -} - -static int -generate(void) -{ - return generate_c() || generate_h(); -} - -int version_flag; -int help_flag; -struct getargs args[] = { - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } -}; -int num_args = sizeof(args) / sizeof(args[0]); - -static void -usage(int code) -{ - arg_printusage(args, num_args, NULL, "error-table"); - exit(code); -} - -int -main(int argc, char **argv) -{ - char *p; - int optidx = 0; - - setprogname(argv[0]); - if(getarg(args, num_args, argc, argv, &optidx)) - usage(1); - if(help_flag) - usage(0); - if(version_flag) { - print_version(NULL); - exit(0); - } - - if(optidx == argc) - usage(1); - filename = argv[optidx]; - yyin = fopen(filename, "r"); - if(yyin == NULL) - err(1, "%s", filename); - - - p = strrchr(filename, rk_PATH_DELIM); - if(p) - p++; - else - p = filename; - strlcpy(Basename, p, sizeof(Basename)); - - Basename[strcspn(Basename, ".")] = '\0'; - - snprintf(hfn, sizeof(hfn), "%s.h", Basename); - snprintf(cfn, sizeof(cfn), "%s.c", Basename); - - yyparse(); - if(numerror) - return 1; - - return generate(); -} diff --git a/contrib/com_err/error.c b/contrib/com_err/error.c deleted file mode 100644 --- a/contrib/com_err/error.c +++ /dev/null @@ -1,111 +0,0 @@ -/* - * Copyright (c) 1997, 1998, 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - - -#include -#include -#include -#include - -#ifdef LIBINTL -#include -#else -#define dgettext(d,s) (s) -#endif - -KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL -com_right(struct et_list *list, long code) -{ - struct et_list *p; - for (p = list; p; p = p->next) - if (code >= p->table->base && code < p->table->base + p->table->n_msgs) - return p->table->msgs[code - p->table->base]; - return NULL; -} - -KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL -com_right_r(struct et_list *list, long code, char *str, size_t len) -{ - struct et_list *p; - for (p = list; p; p = p->next) { - if (code >= p->table->base && code < p->table->base + p->table->n_msgs) { - const char *msg = p->table->msgs[code - p->table->base]; -#ifdef LIBINTL - char domain[12 + 20]; - snprintf(domain, sizeof(domain), "heim_com_err%d", p->table->base); -#endif - strlcpy(str, dgettext(domain, msg), len); - return str; - } - } - return NULL; -} - -struct foobar { - struct et_list etl; - struct error_table et; -}; - -KRB5_LIB_FUNCTION void KRB5_LIB_CALL -initialize_error_table_r(struct et_list **list, - const char **messages, - int num_errors, - long base) -{ - struct et_list *et, **end; - struct foobar *f; - for (end = list, et = *list; et; end = &et->next, et = et->next) - if (et->table->msgs == messages) - return; - f = malloc(sizeof(*f)); - if (f == NULL) - return; - et = &f->etl; - et->table = &f->et; - et->table->msgs = messages; - et->table->n_msgs = num_errors; - et->table->base = base; - et->next = NULL; - *end = et; -} - - -KRB5_LIB_FUNCTION void KRB5_LIB_CALL -free_error_table(struct et_list *et) -{ - while(et){ - struct et_list *p = et; - et = et->next; - free(p); - } -} diff --git a/contrib/com_err/lex.l b/contrib/com_err/lex.l deleted file mode 100644 --- a/contrib/com_err/lex.l +++ /dev/null @@ -1,127 +0,0 @@ -%{ -/* - * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * This is to handle the definition of this symbol in some AIX - * headers, which will conflict with the definition that lex will - * generate for it. It's only a problem for AIX lex. - */ - -#undef ECHO - -#include "compile_et.h" -#include "parse.h" -#include "lex.h" - -static unsigned lineno = 1; -static int getstring(void); - -#define YY_NO_UNPUT - -#undef ECHO - -%} - -%option nounput - -%% -et { return ET; } -error_table { return ET; } -ec { return EC; } -error_code { return EC; } -prefix { return PREFIX; } -index { return INDEX; } -id { return ID; } -end { return END; } -[0-9]+ { yylval.number = atoi(yytext); return NUMBER; } -#[^\n]* ; -[ \t] ; -\n { lineno++; } -\" { return getstring(); } -[a-zA-Z0-9_]+ { yylval.string = strdup(yytext); return STRING; } -. { return *yytext; } -%% - -#ifndef yywrap /* XXX */ -int -yywrap () -{ - return 1; -} -#endif - -static int -getstring(void) -{ - char x[128]; - int i = 0; - int c; - int quote = 0; - while(i < sizeof(x) - 1 && (c = input()) != EOF){ - if(quote) { - x[i++] = c; - quote = 0; - continue; - } - if(c == '\n'){ - _lex_error_message("unterminated string"); - lineno++; - break; - } - if(c == '\\'){ - quote++; - continue; - } - if(c == '\"') - break; - x[i++] = c; - } - x[i] = '\0'; - yylval.string = strdup(x); - if (yylval.string == NULL) - err(1, "malloc"); - return STRING; -} - -void -_lex_error_message (const char *format, ...) -{ - va_list args; - - va_start (args, format); - fprintf (stderr, "%s:%d:", filename, lineno); - vfprintf (stderr, format, args); - va_end (args); - numerror++; -} diff --git a/contrib/com_err/parse.y b/contrib/com_err/parse.y deleted file mode 100644 --- a/contrib/com_err/parse.y +++ /dev/null @@ -1,174 +0,0 @@ -%{ -/* - * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "compile_et.h" -#include "lex.h" - -void yyerror (char *s); -static long name2number(const char *str); - -extern char *yytext; - -/* This is for bison */ - -#if !defined(alloca) && !defined(HAVE_ALLOCA) -#define alloca(x) malloc(x) -#endif - -#define YYMALLOC malloc -#define YYFREE free - -%} - -%union { - char *string; - int number; -} - -%token ET INDEX PREFIX EC ID END -%token STRING -%token NUMBER - -%% - -file : /* */ - | header statements - ; - -header : id et - | et - ; - -id : ID STRING - { - id_str = $2; - } - ; - -et : ET STRING - { - base_id = name2number($2); - strlcpy(name, $2, sizeof(name)); - free($2); - } - | ET STRING STRING - { - base_id = name2number($2); - strlcpy(name, $3, sizeof(name)); - free($2); - free($3); - } - ; - -statements : statement - | statements statement - ; - -statement : INDEX NUMBER - { - number = $2; - } - | PREFIX STRING - { - free(prefix); - asprintf (&prefix, "%s_", $2); - if (prefix == NULL) - errx(1, "malloc"); - free($2); - } - | PREFIX - { - prefix = realloc(prefix, 1); - if (prefix == NULL) - errx(1, "malloc"); - *prefix = '\0'; - } - | EC STRING ',' STRING - { - struct error_code *ec = malloc(sizeof(*ec)); - - if (ec == NULL) - errx(1, "malloc"); - - ec->next = NULL; - ec->number = number; - if(prefix && *prefix != '\0') { - asprintf (&ec->name, "%s%s", prefix, $2); - if (ec->name == NULL) - errx(1, "malloc"); - free($2); - } else - ec->name = $2; - ec->string = $4; - APPEND(codes, ec); - number++; - } - | END - { - YYACCEPT; - } - ; - -%% - -static long -name2number(const char *str) -{ - const char *p; - long num = 0; - const char *x = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" - "abcdefghijklmnopqrstuvwxyz0123456789_"; - if(strlen(str) > 4) { - yyerror("table name too long"); - return 0; - } - for(p = str; *p; p++){ - char *q = strchr(x, *p); - if(q == NULL) { - yyerror("invalid character in table name"); - return 0; - } - num = (num << 6) + (q - x) + 1; - } - num <<= 8; - if(num > 0x7fffffff) - num = -(0xffffffff - num + 1); - return num; -} - -void -yyerror (char *s) -{ - _lex_error_message ("%s\n", s); -} diff --git a/contrib/com_err/version-script.map b/contrib/com_err/version-script.map deleted file mode 100644 --- a/contrib/com_err/version-script.map +++ /dev/null @@ -1,20 +0,0 @@ -# $Id$ - -HEIMDAL_COM_ERR_1.0 { - global: - com_right; - com_right_r; - free_error_table; - initialize_error_table_r; - add_to_error_table; - com_err; - com_err_va; - error_message; - error_table_name; - init_error_table; - reset_com_err_hook; - set_com_err_hook; - _et_list; - local: - *; -}; diff --git a/kerberos5/include/.deps/bits.Po b/kerberos5/include/.deps/bits.Po new file mode 100644 --- /dev/null +++ b/kerberos5/include/.deps/bits.Po @@ -0,0 +1,96 @@ +bits.o: bits.c config.h /usr/include/sys/types.h /usr/include/sys/cdefs.h \ + /usr/include/machine/endian.h /usr/include/x86/endian.h \ + /usr/include/sys/_types.h /usr/include/machine/_types.h \ + /usr/include/x86/_types.h /usr/include/machine/_limits.h \ + /usr/include/x86/_limits.h /usr/include/sys/_endian.h \ + /usr/include/sys/_pthreadtypes.h /usr/include/sys/_stdint.h \ + /usr/include/sys/bitcount.h /usr/include/sys/select.h \ + /usr/include/sys/_sigset.h /usr/include/sys/_timeval.h \ + /usr/include/sys/timespec.h /usr/include/sys/_timespec.h \ + /usr/include/sys/param.h /usr/include/sys/_null.h \ + /usr/include/sys/syslimits.h /usr/include/sys/signal.h \ + /usr/include/machine/signal.h /usr/include/x86/signal.h \ + /usr/include/machine/param.h /usr/include/machine/_align.h \ + /usr/include/x86/_align.h /usr/include/sys/limits.h \ + /usr/include/stdio.h /usr/include/string.h /usr/include/strings.h \ + /usr/include/xlocale/_strings.h /usr/include/xlocale/_string.h \ + /usr/include/stdlib.h /usr/include/ctype.h /usr/include/_ctype.h \ + /usr/include/runetype.h /usr/include/xlocale/_ctype.h + +config.h: + +/usr/include/sys/types.h: + +/usr/include/sys/cdefs.h: + +/usr/include/machine/endian.h: + +/usr/include/x86/endian.h: + +/usr/include/sys/_types.h: + +/usr/include/machine/_types.h: + +/usr/include/x86/_types.h: + +/usr/include/machine/_limits.h: + +/usr/include/x86/_limits.h: + +/usr/include/sys/_endian.h: + +/usr/include/sys/_pthreadtypes.h: + +/usr/include/sys/_stdint.h: + +/usr/include/sys/bitcount.h: + +/usr/include/sys/select.h: + +/usr/include/sys/_sigset.h: + +/usr/include/sys/_timeval.h: + +/usr/include/sys/timespec.h: + +/usr/include/sys/_timespec.h: + +/usr/include/sys/param.h: + +/usr/include/sys/_null.h: + +/usr/include/sys/syslimits.h: + +/usr/include/sys/signal.h: + +/usr/include/machine/signal.h: + +/usr/include/x86/signal.h: + +/usr/include/machine/param.h: + +/usr/include/machine/_align.h: + +/usr/include/x86/_align.h: + +/usr/include/sys/limits.h: + +/usr/include/stdio.h: + +/usr/include/string.h: + +/usr/include/strings.h: + +/usr/include/xlocale/_strings.h: + +/usr/include/xlocale/_string.h: + +/usr/include/stdlib.h: + +/usr/include/ctype.h: + +/usr/include/_ctype.h: + +/usr/include/runetype.h: + +/usr/include/xlocale/_ctype.h: diff --git a/kerberos5/include/an2ln_plugin.h b/kerberos5/include/an2ln_plugin.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/an2ln_plugin.h @@ -0,0 +1,91 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef HEIMDAL_KRB5_AN2LN_PLUGIN_H +#define HEIMDAL_KRB5_AN2LN_PLUGIN_H 1 + +#define KRB5_PLUGIN_AN2LN "an2ln" +#define KRB5_PLUGIN_AN2LN_VERSION_0 0 + +typedef krb5_error_code (KRB5_LIB_CALL *set_result_f)(void *, const char *); + +/** @struct krb5plugin_an2ln_ftable_desc + * + * @brief Description of the krb5_aname_to_lname(3) plugin facility. + * + * The krb5_aname_to_lname(3) function is pluggable. The plugin is + * named KRB5_PLUGIN_AN2LN ("an2ln"), with a single minor version, + * KRB5_PLUGIN_AN2LN_VERSION_0 (0). + * + * The plugin for krb5_aname_to_lname(3) consists of a data symbol + * referencing a structure of type krb5plugin_an2ln_ftable, with four + * fields: + * + * @param init Plugin initialization function (see krb5-plugin(7)) + * + * @param minor_version The plugin minor version number (0) + * + * @param fini Plugin finalization function + * + * @param an2ln Plugin aname_to_lname function + * + * The an2ln field is the plugin entry point that performs the + * traditional aname_to_lname operation however the plugin desires. It + * is invoked in no particular order relative to other an2ln plugins, + * but it has a 'rule' argument that indicates which plugin is intended + * to act on the rule. The plugin an2ln function must return + * KRB5_PLUGIN_NO_HANDLE if the rule is not applicable to it. + * + * The plugin an2ln function has the following arguments, in this order: + * + * -# plug_ctx, the context value output by the plugin's init function + * -# context, a krb5_context + * -# rule, the aname_to_lname rule being evaluated (from krb5.conf(5)) + * -# aname, the krb5_principal to be mapped to an lname + * -# set_res_f, a function the plugin must call to set its result + * -# set_res_ctx, the first argument to set_res_f (the second is the result lname string) + * + * @ingroup krb5_support + */ +typedef struct krb5plugin_an2ln_ftable_desc { + int minor_version; + krb5_error_code (KRB5_LIB_CALL *init)(krb5_context, void **); + void (KRB5_LIB_CALL *fini)(void *); + krb5_error_code (KRB5_LIB_CALL *an2ln)(void *, krb5_context, const char *, + krb5_const_principal, set_result_f, void *); +} krb5plugin_an2ln_ftable; + +#endif /* HEIMDAL_KRB5_AN2LN_PLUGIN_H */ + diff --git a/kerberos5/include/asn1-common.h b/kerberos5/include/asn1-common.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/asn1-common.h @@ -0,0 +1,84 @@ +/* $Id$ */ + +#include +#include +#include + +#ifndef __asn1_common_definitions__ +#define __asn1_common_definitions__ + +#ifndef __HEIM_BASE_DATA__ +#define __HEIM_BASE_DATA__ 1 +struct heim_base_data { + size_t length; + void *data; +}; +#endif + +typedef struct heim_integer { + size_t length; + void *data; + int negative; +} heim_integer; + +typedef struct heim_base_data heim_octet_string; + +typedef char *heim_general_string; +typedef char *heim_utf8_string; +typedef struct heim_base_data heim_printable_string; +typedef struct heim_base_data heim_ia5_string; + +typedef struct heim_bmp_string { + size_t length; + uint16_t *data; +} heim_bmp_string; + +typedef struct heim_universal_string { + size_t length; + uint32_t *data; +} heim_universal_string; + +typedef char *heim_visible_string; + +typedef struct heim_oid { + size_t length; + unsigned *components; +} heim_oid; + +typedef struct heim_bit_string { + size_t length; + void *data; +} heim_bit_string; + +typedef struct heim_base_data heim_any; +typedef struct heim_base_data heim_any_set; + +#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \ + do { \ + (BL) = length_##T((S)); \ + (B) = malloc((BL)); \ + if((B) == NULL) { \ + (R) = ENOMEM; \ + } else { \ + (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \ + (S), (L)); \ + if((R) != 0) { \ + free((B)); \ + (B) = NULL; \ + } \ + } \ + } while (0) + +#ifdef _WIN32 +#ifndef ASN1_LIB +#define ASN1EXP __declspec(dllimport) +#else +#define ASN1EXP +#endif +#define ASN1CALL __stdcall +#else +#define ASN1EXP +#define ASN1CALL +#endif + +#endif diff --git a/kerberos5/include/asn1-template.h b/kerberos5/include/asn1-template.h new file mode 100644 index 0000000000000000000000000000000000000000..3c0400a4c706fd0225f3fbc8fc0533cd92957efe GIT binary patch literal 5481 zc$~#pZExa868;>1MM)#w+AKptGOwGxk&J1ewZ>*`Gnw4!z{Rn^tyZqAzxXo8upp0a3hUw}5%q4WOzTX+eV7Z-2fmvyp; zqeTe5_?$%f=MaW}Eb`B3942I_x#?3F15ffID%OR7bdJdBeUirM;;98*kxoC~r|}Yp zk76bgy-j9D9D|%MhfL%mdk`~{lWLr1MU*Ca%_nr`Js7K1EO4@E`#A7oePK($kTN;6;g5+C1Lgi^E6xLEqIKIdq^|+OxFdmEYn#ukES7Uv>?m`tVFhq zibBj_m8B2S3pM#%!EX)=ps1jIsiOHuq(y4Gpeyvr$JrCZZHlRJ0HgT8eCwrprTLaL!6z zHojoAvo-qnzi|gtpe55RovxQ6DZVFh_;TNS@A%N34XBt1L3eS7J&fhNcnKUPi^0s4~m*N+kY}d*C^J|Hg0`;CSph zA9;`UpnHo-6xp87{fW=OuzO%Sw(s)p#CKc|e*4Yv(By|7NF}$PeGBZ<*kzsvjthJ= zwm32&wQJZuXI=~GOl#8P_MipG0=DCW#YfynnD4Y`Mj|@21g8%p=9)u%HM-p5{;hPV z&wZPw>*IU|j1AZ4=EO2w7*E`><4HD(tj9gmGWdw~+JH{r#K1l>+XruGSXM1kgc%B&fb z3lFnr`ova2;;fiYzY;9iY+&&LvrU_rd6WOi{M`nC$OD{P57oh?;IQLPi|Ab){t5!nR0JOwiblIH4!9`~-NCVF)Ofjh_POT_Dw2){(UIf3Yo z*r>}~iFtbhV-6kML=y6D3#nrImND2R?qYs~MnW99rwmJ?I;T*w*_qszsLNyXVd?^3 z!~W%YEy{Ka1^St$Z4;}*zd_R!LWiG!#`01kLMuT>3J9y~b#7^=ebF%-4Il8~gCzJH z;A$O!iL!?6C~W5tYYa;0ml86kzr*M(W^086uA`(_6SWr>RCB~gGpC1QMY}%m-Mv9u6AN>G76s%9p_6#{YH6?z8 zoSQ&aCT^iU(_ufLPb#+dLrc^#%i?2?dq)hr{lM*;o!6ZUW!PxoQ3ekZvd;yZJ_o-y zs54O}uPy^Ta~9Y8f^0C6Rh08i3YR^^U6$G^WA1fQ>yX}KEpkU>4JYf6=2P>;G&#Rck7SCVV; zuw7S_(LwoC>N0EeP)lC=zNw)AkGEwRZB~YIfm17c74$*TfcF%yhJLxIGn^!y0#P;~WX1zm66@_OI<{DN&2NyhqZRL*XGyhpB z?b?b1#_I!gcQihbO>B;5EbqvSV|?}Lw0WSxBMm<$pZNWE2f{KS{twm*d`xK-Zq_6+ zxm|u3XV-BoX4sX$c_oiNvzX659a!0uQGf?k_f{?T7rb2I1^H;T?{%U8Z!61x?lJu9 zy3*3Rcz6sPJHX?r<7ztH7_&mFG}_+SF|}D(ge}#xbo>PF?P^Us-i&lI(gA)fn_cCT zfSh&89oe^O@aQJ*S@#0>6op(~Tk-Oq2thZ^yC-=~T!=(uA^ilfZOnPGzEd~c@`jg* zFpi&SYhgyic*oZUFG|!s`bqtu5N7hGj5o%YnAHcQYu^)v{8@o+p<#q>;M!y%-7kw& z?Lw(8ry+&3gh%>`V;Zl?-H=#h_rU9~D9_I5Q6rFRNt&QYSD-b{RH~1DbDD78ESl%7 z4M?RFg>W@AmOqj?{AheeU1}{`ys9|7WjiRq>a- hsnN^tvE(nw%8%!NS;fziesAJVayMRxWERaEe*#(hSe5_) literal 0 Hc$@ + +#define KRB5_PLUGIN_CCACHE "ccache_ops" + +#endif /* HEIMDAL_KRB5_CCACHE_PLUGIN_H */ diff --git a/kerberos5/include/cms_asn1.h b/kerberos5/include/cms_asn1.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/cms_asn1.h @@ -0,0 +1,721 @@ +/* Generated from ./cms.asn1 */ +/* Do not edit */ + +#ifndef __cms_asn1_h__ +#define __cms_asn1_h__ + +#include +#include + +#ifndef __asn1_common_definitions__ +#define __asn1_common_definitions__ + +#ifndef __HEIM_BASE_DATA__ +#define __HEIM_BASE_DATA__ 1 +struct heim_base_data { + size_t length; + void *data; +}; +typedef struct heim_base_data heim_octet_string; +#endif + +typedef struct heim_integer { + size_t length; + void *data; + int negative; +} heim_integer; + +typedef char *heim_general_string; + +typedef char *heim_utf8_string; + +typedef struct heim_base_data heim_printable_string; + +typedef struct heim_base_data heim_ia5_string; + +typedef struct heim_bmp_string { + size_t length; + uint16_t *data; +} heim_bmp_string; + +typedef struct heim_universal_string { + size_t length; + uint32_t *data; +} heim_universal_string; + +typedef char *heim_visible_string; + +typedef struct heim_oid { + size_t length; + unsigned *components; +} heim_oid; + +typedef struct heim_bit_string { + size_t length; + void *data; +} heim_bit_string; + +typedef struct heim_base_data heim_any; +typedef struct heim_base_data heim_any_set; + +#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \ + do { \ + (BL) = length_##T((S)); \ + (B) = malloc((BL)); \ + if((B) == NULL) { \ + (R) = ENOMEM; \ + } else { \ + (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \ + (S), (L)); \ + if((R) != 0) { \ + free((B)); \ + (B) = NULL; \ + } \ + } \ + } while (0) + +#ifdef _WIN32 +#ifndef ASN1_LIB +#define ASN1EXP __declspec(dllimport) +#else +#define ASN1EXP +#endif +#define ASN1CALL __stdcall +#else +#define ASN1EXP +#define ASN1CALL +#endif +struct units; + +#endif + +#include +#include +/* OBJECT IDENTIFIER id-pkcs7 ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs7; +#define ASN1_OID_ID_PKCS7 (&asn1_oid_id_pkcs7) + +/* OBJECT IDENTIFIER id-pkcs7-data ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) label-less(1) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs7_data; +#define ASN1_OID_ID_PKCS7_DATA (&asn1_oid_id_pkcs7_data) + +/* OBJECT IDENTIFIER id-pkcs7-signedData ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) label-less(2) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs7_signedData; +#define ASN1_OID_ID_PKCS7_SIGNEDDATA (&asn1_oid_id_pkcs7_signedData) + +/* OBJECT IDENTIFIER id-pkcs7-envelopedData ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) label-less(3) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs7_envelopedData; +#define ASN1_OID_ID_PKCS7_ENVELOPEDDATA (&asn1_oid_id_pkcs7_envelopedData) + +/* OBJECT IDENTIFIER id-pkcs7-signedAndEnvelopedData ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) label-less(4) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs7_signedAndEnvelopedData; +#define ASN1_OID_ID_PKCS7_SIGNEDANDENVELOPEDDATA (&asn1_oid_id_pkcs7_signedAndEnvelopedData) + +/* OBJECT IDENTIFIER id-pkcs7-digestedData ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) label-less(5) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs7_digestedData; +#define ASN1_OID_ID_PKCS7_DIGESTEDDATA (&asn1_oid_id_pkcs7_digestedData) + +/* OBJECT IDENTIFIER id-pkcs7-encryptedData ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) label-less(6) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs7_encryptedData; +#define ASN1_OID_ID_PKCS7_ENCRYPTEDDATA (&asn1_oid_id_pkcs7_encryptedData) + +/* +CMSVersion ::= INTEGER { + CMSVersion_v0(0), + CMSVersion_v1(1), + CMSVersion_v2(2), + CMSVersion_v3(3), + CMSVersion_v4(4) +} +*/ + +typedef enum CMSVersion { + CMSVersion_v0 = 0, + CMSVersion_v1 = 1, + CMSVersion_v2 = 2, + CMSVersion_v3 = 3, + CMSVersion_v4 = 4 +} CMSVersion; + +ASN1EXP int ASN1CALL decode_CMSVersion(const unsigned char *, size_t, CMSVersion *, size_t *); +ASN1EXP int ASN1CALL encode_CMSVersion(unsigned char *, size_t, const CMSVersion *, size_t *); +ASN1EXP size_t ASN1CALL length_CMSVersion(const CMSVersion *); +ASN1EXP int ASN1CALL copy_CMSVersion (const CMSVersion *, CMSVersion *); +ASN1EXP void ASN1CALL free_CMSVersion (CMSVersion *); + + +/* +DigestAlgorithmIdentifier ::= AlgorithmIdentifier +*/ + +typedef AlgorithmIdentifier DigestAlgorithmIdentifier; + +ASN1EXP int ASN1CALL decode_DigestAlgorithmIdentifier(const unsigned char *, size_t, DigestAlgorithmIdentifier *, size_t *); +ASN1EXP int ASN1CALL encode_DigestAlgorithmIdentifier(unsigned char *, size_t, const DigestAlgorithmIdentifier *, size_t *); +ASN1EXP size_t ASN1CALL length_DigestAlgorithmIdentifier(const DigestAlgorithmIdentifier *); +ASN1EXP int ASN1CALL copy_DigestAlgorithmIdentifier (const DigestAlgorithmIdentifier *, DigestAlgorithmIdentifier *); +ASN1EXP void ASN1CALL free_DigestAlgorithmIdentifier (DigestAlgorithmIdentifier *); + + +/* +DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier +*/ + +typedef struct DigestAlgorithmIdentifiers { + unsigned int len; + DigestAlgorithmIdentifier *val; +} DigestAlgorithmIdentifiers; + +ASN1EXP int ASN1CALL add_DigestAlgorithmIdentifiers (DigestAlgorithmIdentifiers *, const DigestAlgorithmIdentifier *); +ASN1EXP int ASN1CALL remove_DigestAlgorithmIdentifiers (DigestAlgorithmIdentifiers *, unsigned int); +ASN1EXP int ASN1CALL decode_DigestAlgorithmIdentifiers(const unsigned char *, size_t, DigestAlgorithmIdentifiers *, size_t *); +ASN1EXP int ASN1CALL encode_DigestAlgorithmIdentifiers(unsigned char *, size_t, const DigestAlgorithmIdentifiers *, size_t *); +ASN1EXP size_t ASN1CALL length_DigestAlgorithmIdentifiers(const DigestAlgorithmIdentifiers *); +ASN1EXP int ASN1CALL copy_DigestAlgorithmIdentifiers (const DigestAlgorithmIdentifiers *, DigestAlgorithmIdentifiers *); +ASN1EXP void ASN1CALL free_DigestAlgorithmIdentifiers (DigestAlgorithmIdentifiers *); + + +/* +SignatureAlgorithmIdentifier ::= AlgorithmIdentifier +*/ + +typedef AlgorithmIdentifier SignatureAlgorithmIdentifier; + +ASN1EXP int ASN1CALL decode_SignatureAlgorithmIdentifier(const unsigned char *, size_t, SignatureAlgorithmIdentifier *, size_t *); +ASN1EXP int ASN1CALL encode_SignatureAlgorithmIdentifier(unsigned char *, size_t, const SignatureAlgorithmIdentifier *, size_t *); +ASN1EXP size_t ASN1CALL length_SignatureAlgorithmIdentifier(const SignatureAlgorithmIdentifier *); +ASN1EXP int ASN1CALL copy_SignatureAlgorithmIdentifier (const SignatureAlgorithmIdentifier *, SignatureAlgorithmIdentifier *); +ASN1EXP void ASN1CALL free_SignatureAlgorithmIdentifier (SignatureAlgorithmIdentifier *); + + +/* +ContentType ::= OBJECT IDENTIFIER +*/ + +typedef heim_oid ContentType; + +ASN1EXP int ASN1CALL decode_ContentType(const unsigned char *, size_t, ContentType *, size_t *); +ASN1EXP int ASN1CALL encode_ContentType(unsigned char *, size_t, const ContentType *, size_t *); +ASN1EXP size_t ASN1CALL length_ContentType(const ContentType *); +ASN1EXP int ASN1CALL copy_ContentType (const ContentType *, ContentType *); +ASN1EXP void ASN1CALL free_ContentType (ContentType *); + + +/* +MessageDigest ::= OCTET STRING +*/ + +typedef heim_octet_string MessageDigest; + +ASN1EXP int ASN1CALL decode_MessageDigest(const unsigned char *, size_t, MessageDigest *, size_t *); +ASN1EXP int ASN1CALL encode_MessageDigest(unsigned char *, size_t, const MessageDigest *, size_t *); +ASN1EXP size_t ASN1CALL length_MessageDigest(const MessageDigest *); +ASN1EXP int ASN1CALL copy_MessageDigest (const MessageDigest *, MessageDigest *); +ASN1EXP void ASN1CALL free_MessageDigest (MessageDigest *); + + +/* +ContentInfo ::= SEQUENCE { + contentType ContentType, + content [0] heim_any OPTIONAL, +} +*/ + +typedef struct ContentInfo { + ContentType contentType; + heim_any *content; +} ContentInfo; + +ASN1EXP int ASN1CALL decode_ContentInfo(const unsigned char *, size_t, ContentInfo *, size_t *); +ASN1EXP int ASN1CALL encode_ContentInfo(unsigned char *, size_t, const ContentInfo *, size_t *); +ASN1EXP size_t ASN1CALL length_ContentInfo(const ContentInfo *); +ASN1EXP int ASN1CALL copy_ContentInfo (const ContentInfo *, ContentInfo *); +ASN1EXP void ASN1CALL free_ContentInfo (ContentInfo *); + + +/* +EncapsulatedContentInfo ::= SEQUENCE { + eContentType ContentType, + eContent [0] OCTET STRING OPTIONAL, +} +*/ + +typedef struct EncapsulatedContentInfo { + ContentType eContentType; + heim_octet_string *eContent; +} EncapsulatedContentInfo; + +ASN1EXP int ASN1CALL decode_EncapsulatedContentInfo(const unsigned char *, size_t, EncapsulatedContentInfo *, size_t *); +ASN1EXP int ASN1CALL encode_EncapsulatedContentInfo(unsigned char *, size_t, const EncapsulatedContentInfo *, size_t *); +ASN1EXP size_t ASN1CALL length_EncapsulatedContentInfo(const EncapsulatedContentInfo *); +ASN1EXP int ASN1CALL copy_EncapsulatedContentInfo (const EncapsulatedContentInfo *, EncapsulatedContentInfo *); +ASN1EXP void ASN1CALL free_EncapsulatedContentInfo (EncapsulatedContentInfo *); + + +/* +CertificateSet ::= SET OF heim_any +*/ + +typedef struct CertificateSet { + unsigned int len; + heim_any *val; +} CertificateSet; + +ASN1EXP int ASN1CALL decode_CertificateSet(const unsigned char *, size_t, CertificateSet *, size_t *); +ASN1EXP int ASN1CALL encode_CertificateSet(unsigned char *, size_t, const CertificateSet *, size_t *); +ASN1EXP size_t ASN1CALL length_CertificateSet(const CertificateSet *); +ASN1EXP int ASN1CALL copy_CertificateSet (const CertificateSet *, CertificateSet *); +ASN1EXP void ASN1CALL free_CertificateSet (CertificateSet *); + + +/* +CertificateList ::= Certificate +*/ + +typedef Certificate CertificateList; + +ASN1EXP int ASN1CALL decode_CertificateList(const unsigned char *, size_t, CertificateList *, size_t *); +ASN1EXP int ASN1CALL encode_CertificateList(unsigned char *, size_t, const CertificateList *, size_t *); +ASN1EXP size_t ASN1CALL length_CertificateList(const CertificateList *); +ASN1EXP int ASN1CALL copy_CertificateList (const CertificateList *, CertificateList *); +ASN1EXP void ASN1CALL free_CertificateList (CertificateList *); + + +/* +CertificateRevocationLists ::= SET OF CertificateList +*/ + +typedef struct CertificateRevocationLists { + unsigned int len; + CertificateList *val; +} CertificateRevocationLists; + +ASN1EXP int ASN1CALL decode_CertificateRevocationLists(const unsigned char *, size_t, CertificateRevocationLists *, size_t *); +ASN1EXP int ASN1CALL encode_CertificateRevocationLists(unsigned char *, size_t, const CertificateRevocationLists *, size_t *); +ASN1EXP size_t ASN1CALL length_CertificateRevocationLists(const CertificateRevocationLists *); +ASN1EXP int ASN1CALL copy_CertificateRevocationLists (const CertificateRevocationLists *, CertificateRevocationLists *); +ASN1EXP void ASN1CALL free_CertificateRevocationLists (CertificateRevocationLists *); + + +/* +IssuerAndSerialNumber ::= SEQUENCE { + issuer Name, + serialNumber CertificateSerialNumber, +} +*/ + +typedef struct IssuerAndSerialNumber { + Name issuer; + CertificateSerialNumber serialNumber; +} IssuerAndSerialNumber; + +ASN1EXP int ASN1CALL decode_IssuerAndSerialNumber(const unsigned char *, size_t, IssuerAndSerialNumber *, size_t *); +ASN1EXP int ASN1CALL encode_IssuerAndSerialNumber(unsigned char *, size_t, const IssuerAndSerialNumber *, size_t *); +ASN1EXP size_t ASN1CALL length_IssuerAndSerialNumber(const IssuerAndSerialNumber *); +ASN1EXP int ASN1CALL copy_IssuerAndSerialNumber (const IssuerAndSerialNumber *, IssuerAndSerialNumber *); +ASN1EXP void ASN1CALL free_IssuerAndSerialNumber (IssuerAndSerialNumber *); + + +/* +CMSIdentifier ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + subjectKeyIdentifier [0] SubjectKeyIdentifier, +} +*/ + +typedef struct CMSIdentifier { + enum CMSIdentifier_enum { + choice_CMSIdentifier_issuerAndSerialNumber = 1, + choice_CMSIdentifier_subjectKeyIdentifier + } element; + union { + IssuerAndSerialNumber issuerAndSerialNumber; + SubjectKeyIdentifier subjectKeyIdentifier; + } u; +} CMSIdentifier; + +ASN1EXP int ASN1CALL decode_CMSIdentifier(const unsigned char *, size_t, CMSIdentifier *, size_t *); +ASN1EXP int ASN1CALL encode_CMSIdentifier(unsigned char *, size_t, const CMSIdentifier *, size_t *); +ASN1EXP size_t ASN1CALL length_CMSIdentifier(const CMSIdentifier *); +ASN1EXP int ASN1CALL copy_CMSIdentifier (const CMSIdentifier *, CMSIdentifier *); +ASN1EXP void ASN1CALL free_CMSIdentifier (CMSIdentifier *); + + +/* +SignerIdentifier ::= CMSIdentifier +*/ + +typedef CMSIdentifier SignerIdentifier; + +ASN1EXP int ASN1CALL decode_SignerIdentifier(const unsigned char *, size_t, SignerIdentifier *, size_t *); +ASN1EXP int ASN1CALL encode_SignerIdentifier(unsigned char *, size_t, const SignerIdentifier *, size_t *); +ASN1EXP size_t ASN1CALL length_SignerIdentifier(const SignerIdentifier *); +ASN1EXP int ASN1CALL copy_SignerIdentifier (const SignerIdentifier *, SignerIdentifier *); +ASN1EXP void ASN1CALL free_SignerIdentifier (SignerIdentifier *); + + +/* +RecipientIdentifier ::= CMSIdentifier +*/ + +typedef CMSIdentifier RecipientIdentifier; + +ASN1EXP int ASN1CALL decode_RecipientIdentifier(const unsigned char *, size_t, RecipientIdentifier *, size_t *); +ASN1EXP int ASN1CALL encode_RecipientIdentifier(unsigned char *, size_t, const RecipientIdentifier *, size_t *); +ASN1EXP size_t ASN1CALL length_RecipientIdentifier(const RecipientIdentifier *); +ASN1EXP int ASN1CALL copy_RecipientIdentifier (const RecipientIdentifier *, RecipientIdentifier *); +ASN1EXP void ASN1CALL free_RecipientIdentifier (RecipientIdentifier *); + + +/* +CMSAttributes ::= SET OF Attribute +*/ + +typedef struct CMSAttributes { + unsigned int len; + Attribute *val; +} CMSAttributes; + +ASN1EXP int ASN1CALL decode_CMSAttributes(const unsigned char *, size_t, CMSAttributes *, size_t *); +ASN1EXP int ASN1CALL encode_CMSAttributes(unsigned char *, size_t, const CMSAttributes *, size_t *); +ASN1EXP size_t ASN1CALL length_CMSAttributes(const CMSAttributes *); +ASN1EXP int ASN1CALL copy_CMSAttributes (const CMSAttributes *, CMSAttributes *); +ASN1EXP void ASN1CALL free_CMSAttributes (CMSAttributes *); + + +/* +SignatureValue ::= OCTET STRING +*/ + +typedef heim_octet_string SignatureValue; + +ASN1EXP int ASN1CALL decode_SignatureValue(const unsigned char *, size_t, SignatureValue *, size_t *); +ASN1EXP int ASN1CALL encode_SignatureValue(unsigned char *, size_t, const SignatureValue *, size_t *); +ASN1EXP size_t ASN1CALL length_SignatureValue(const SignatureValue *); +ASN1EXP int ASN1CALL copy_SignatureValue (const SignatureValue *, SignatureValue *); +ASN1EXP void ASN1CALL free_SignatureValue (SignatureValue *); + + +/* +SignerInfo ::= SEQUENCE { + version CMSVersion, + sid SignerIdentifier, + digestAlgorithm DigestAlgorithmIdentifier, + signedAttrs [0] IMPLICIT SET OF Attribute OPTIONAL, + signatureAlgorithm SignatureAlgorithmIdentifier, + signature SignatureValue, + unsignedAttrs [1] IMPLICIT SET OF Attribute OPTIONAL, +} +*/ + +typedef struct SignerInfo { + CMSVersion version; + SignerIdentifier sid; + DigestAlgorithmIdentifier digestAlgorithm; + struct SignerInfo_signedAttrs { + unsigned int len; + Attribute *val; + } *signedAttrs; + SignatureAlgorithmIdentifier signatureAlgorithm; + SignatureValue signature; + struct SignerInfo_unsignedAttrs { + unsigned int len; + Attribute *val; + } *unsignedAttrs; +} SignerInfo; + +ASN1EXP int ASN1CALL decode_SignerInfo(const unsigned char *, size_t, SignerInfo *, size_t *); +ASN1EXP int ASN1CALL encode_SignerInfo(unsigned char *, size_t, const SignerInfo *, size_t *); +ASN1EXP size_t ASN1CALL length_SignerInfo(const SignerInfo *); +ASN1EXP int ASN1CALL copy_SignerInfo (const SignerInfo *, SignerInfo *); +ASN1EXP void ASN1CALL free_SignerInfo (SignerInfo *); + + +/* +SignerInfos ::= SET OF SignerInfo +*/ + +typedef struct SignerInfos { + unsigned int len; + SignerInfo *val; +} SignerInfos; + +ASN1EXP int ASN1CALL decode_SignerInfos(const unsigned char *, size_t, SignerInfos *, size_t *); +ASN1EXP int ASN1CALL encode_SignerInfos(unsigned char *, size_t, const SignerInfos *, size_t *); +ASN1EXP size_t ASN1CALL length_SignerInfos(const SignerInfos *); +ASN1EXP int ASN1CALL copy_SignerInfos (const SignerInfos *, SignerInfos *); +ASN1EXP void ASN1CALL free_SignerInfos (SignerInfos *); + + +/* +SignedData ::= SEQUENCE { + version CMSVersion, + digestAlgorithms DigestAlgorithmIdentifiers, + encapContentInfo EncapsulatedContentInfo, + certificates [0] IMPLICIT SET OF heim_any OPTIONAL, + crls [1] IMPLICIT heim_any OPTIONAL, + signerInfos SignerInfos, +} +*/ + +typedef struct SignedData { + CMSVersion version; + DigestAlgorithmIdentifiers digestAlgorithms; + EncapsulatedContentInfo encapContentInfo; + struct SignedData_certificates { + unsigned int len; + heim_any *val; + } *certificates; + heim_any *crls; + SignerInfos signerInfos; +} SignedData; + +ASN1EXP int ASN1CALL decode_SignedData(const unsigned char *, size_t, SignedData *, size_t *); +ASN1EXP int ASN1CALL encode_SignedData(unsigned char *, size_t, const SignedData *, size_t *); +ASN1EXP size_t ASN1CALL length_SignedData(const SignedData *); +ASN1EXP int ASN1CALL copy_SignedData (const SignedData *, SignedData *); +ASN1EXP void ASN1CALL free_SignedData (SignedData *); + + +/* +OriginatorInfo ::= SEQUENCE { + certs [0] IMPLICIT SET OF heim_any OPTIONAL, + crls [1] IMPLICIT heim_any OPTIONAL, +} +*/ + +typedef struct OriginatorInfo { + struct OriginatorInfo_certs { + unsigned int len; + heim_any *val; + } *certs; + heim_any *crls; +} OriginatorInfo; + +ASN1EXP int ASN1CALL decode_OriginatorInfo(const unsigned char *, size_t, OriginatorInfo *, size_t *); +ASN1EXP int ASN1CALL encode_OriginatorInfo(unsigned char *, size_t, const OriginatorInfo *, size_t *); +ASN1EXP size_t ASN1CALL length_OriginatorInfo(const OriginatorInfo *); +ASN1EXP int ASN1CALL copy_OriginatorInfo (const OriginatorInfo *, OriginatorInfo *); +ASN1EXP void ASN1CALL free_OriginatorInfo (OriginatorInfo *); + + +/* +KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier +*/ + +typedef AlgorithmIdentifier KeyEncryptionAlgorithmIdentifier; + +ASN1EXP int ASN1CALL decode_KeyEncryptionAlgorithmIdentifier(const unsigned char *, size_t, KeyEncryptionAlgorithmIdentifier *, size_t *); +ASN1EXP int ASN1CALL encode_KeyEncryptionAlgorithmIdentifier(unsigned char *, size_t, const KeyEncryptionAlgorithmIdentifier *, size_t *); +ASN1EXP size_t ASN1CALL length_KeyEncryptionAlgorithmIdentifier(const KeyEncryptionAlgorithmIdentifier *); +ASN1EXP int ASN1CALL copy_KeyEncryptionAlgorithmIdentifier (const KeyEncryptionAlgorithmIdentifier *, KeyEncryptionAlgorithmIdentifier *); +ASN1EXP void ASN1CALL free_KeyEncryptionAlgorithmIdentifier (KeyEncryptionAlgorithmIdentifier *); + + +/* +ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier +*/ + +typedef AlgorithmIdentifier ContentEncryptionAlgorithmIdentifier; + +ASN1EXP int ASN1CALL decode_ContentEncryptionAlgorithmIdentifier(const unsigned char *, size_t, ContentEncryptionAlgorithmIdentifier *, size_t *); +ASN1EXP int ASN1CALL encode_ContentEncryptionAlgorithmIdentifier(unsigned char *, size_t, const ContentEncryptionAlgorithmIdentifier *, size_t *); +ASN1EXP size_t ASN1CALL length_ContentEncryptionAlgorithmIdentifier(const ContentEncryptionAlgorithmIdentifier *); +ASN1EXP int ASN1CALL copy_ContentEncryptionAlgorithmIdentifier (const ContentEncryptionAlgorithmIdentifier *, ContentEncryptionAlgorithmIdentifier *); +ASN1EXP void ASN1CALL free_ContentEncryptionAlgorithmIdentifier (ContentEncryptionAlgorithmIdentifier *); + + +/* +EncryptedKey ::= OCTET STRING +*/ + +typedef heim_octet_string EncryptedKey; + +ASN1EXP int ASN1CALL decode_EncryptedKey(const unsigned char *, size_t, EncryptedKey *, size_t *); +ASN1EXP int ASN1CALL encode_EncryptedKey(unsigned char *, size_t, const EncryptedKey *, size_t *); +ASN1EXP size_t ASN1CALL length_EncryptedKey(const EncryptedKey *); +ASN1EXP int ASN1CALL copy_EncryptedKey (const EncryptedKey *, EncryptedKey *); +ASN1EXP void ASN1CALL free_EncryptedKey (EncryptedKey *); + + +/* +KeyTransRecipientInfo ::= SEQUENCE { + version CMSVersion, + rid RecipientIdentifier, + keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, + encryptedKey EncryptedKey, +} +*/ + +typedef struct KeyTransRecipientInfo { + CMSVersion version; + RecipientIdentifier rid; + KeyEncryptionAlgorithmIdentifier keyEncryptionAlgorithm; + EncryptedKey encryptedKey; +} KeyTransRecipientInfo; + +ASN1EXP int ASN1CALL decode_KeyTransRecipientInfo(const unsigned char *, size_t, KeyTransRecipientInfo *, size_t *); +ASN1EXP int ASN1CALL encode_KeyTransRecipientInfo(unsigned char *, size_t, const KeyTransRecipientInfo *, size_t *); +ASN1EXP size_t ASN1CALL length_KeyTransRecipientInfo(const KeyTransRecipientInfo *); +ASN1EXP int ASN1CALL copy_KeyTransRecipientInfo (const KeyTransRecipientInfo *, KeyTransRecipientInfo *); +ASN1EXP void ASN1CALL free_KeyTransRecipientInfo (KeyTransRecipientInfo *); + + +/* +RecipientInfo ::= KeyTransRecipientInfo +*/ + +typedef KeyTransRecipientInfo RecipientInfo; + +ASN1EXP int ASN1CALL decode_RecipientInfo(const unsigned char *, size_t, RecipientInfo *, size_t *); +ASN1EXP int ASN1CALL encode_RecipientInfo(unsigned char *, size_t, const RecipientInfo *, size_t *); +ASN1EXP size_t ASN1CALL length_RecipientInfo(const RecipientInfo *); +ASN1EXP int ASN1CALL copy_RecipientInfo (const RecipientInfo *, RecipientInfo *); +ASN1EXP void ASN1CALL free_RecipientInfo (RecipientInfo *); + + +/* +RecipientInfos ::= SET OF RecipientInfo +*/ + +typedef struct RecipientInfos { + unsigned int len; + RecipientInfo *val; +} RecipientInfos; + +ASN1EXP int ASN1CALL decode_RecipientInfos(const unsigned char *, size_t, RecipientInfos *, size_t *); +ASN1EXP int ASN1CALL encode_RecipientInfos(unsigned char *, size_t, const RecipientInfos *, size_t *); +ASN1EXP size_t ASN1CALL length_RecipientInfos(const RecipientInfos *); +ASN1EXP int ASN1CALL copy_RecipientInfos (const RecipientInfos *, RecipientInfos *); +ASN1EXP void ASN1CALL free_RecipientInfos (RecipientInfos *); + + +/* +EncryptedContent ::= OCTET STRING +*/ + +typedef heim_octet_string EncryptedContent; + +ASN1EXP int ASN1CALL decode_EncryptedContent(const unsigned char *, size_t, EncryptedContent *, size_t *); +ASN1EXP int ASN1CALL encode_EncryptedContent(unsigned char *, size_t, const EncryptedContent *, size_t *); +ASN1EXP size_t ASN1CALL length_EncryptedContent(const EncryptedContent *); +ASN1EXP int ASN1CALL copy_EncryptedContent (const EncryptedContent *, EncryptedContent *); +ASN1EXP void ASN1CALL free_EncryptedContent (EncryptedContent *); + + +/* +EncryptedContentInfo ::= SEQUENCE { + contentType ContentType, + contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier, + encryptedContent [0] IMPLICIT OCTET STRING OPTIONAL, +} +*/ + +typedef struct EncryptedContentInfo { + ContentType contentType; + ContentEncryptionAlgorithmIdentifier contentEncryptionAlgorithm; + heim_octet_string *encryptedContent; +} EncryptedContentInfo; + +ASN1EXP int ASN1CALL decode_EncryptedContentInfo(const unsigned char *, size_t, EncryptedContentInfo *, size_t *); +ASN1EXP int ASN1CALL encode_EncryptedContentInfo(unsigned char *, size_t, const EncryptedContentInfo *, size_t *); +ASN1EXP size_t ASN1CALL length_EncryptedContentInfo(const EncryptedContentInfo *); +ASN1EXP int ASN1CALL copy_EncryptedContentInfo (const EncryptedContentInfo *, EncryptedContentInfo *); +ASN1EXP void ASN1CALL free_EncryptedContentInfo (EncryptedContentInfo *); + + +/* +UnprotectedAttributes ::= SET OF Attribute +*/ + +typedef struct UnprotectedAttributes { + unsigned int len; + Attribute *val; +} UnprotectedAttributes; + +ASN1EXP int ASN1CALL decode_UnprotectedAttributes(const unsigned char *, size_t, UnprotectedAttributes *, size_t *); +ASN1EXP int ASN1CALL encode_UnprotectedAttributes(unsigned char *, size_t, const UnprotectedAttributes *, size_t *); +ASN1EXP size_t ASN1CALL length_UnprotectedAttributes(const UnprotectedAttributes *); +ASN1EXP int ASN1CALL copy_UnprotectedAttributes (const UnprotectedAttributes *, UnprotectedAttributes *); +ASN1EXP void ASN1CALL free_UnprotectedAttributes (UnprotectedAttributes *); + + +/* +CMSEncryptedData ::= SEQUENCE { + version CMSVersion, + encryptedContentInfo EncryptedContentInfo, + unprotectedAttrs [1] IMPLICIT heim_any OPTIONAL, +} +*/ + +typedef struct CMSEncryptedData { + CMSVersion version; + EncryptedContentInfo encryptedContentInfo; + heim_any *unprotectedAttrs; +} CMSEncryptedData; + +ASN1EXP int ASN1CALL decode_CMSEncryptedData(const unsigned char *, size_t, CMSEncryptedData *, size_t *); +ASN1EXP int ASN1CALL encode_CMSEncryptedData(unsigned char *, size_t, const CMSEncryptedData *, size_t *); +ASN1EXP size_t ASN1CALL length_CMSEncryptedData(const CMSEncryptedData *); +ASN1EXP int ASN1CALL copy_CMSEncryptedData (const CMSEncryptedData *, CMSEncryptedData *); +ASN1EXP void ASN1CALL free_CMSEncryptedData (CMSEncryptedData *); + + +/* +EnvelopedData ::= SEQUENCE { + version CMSVersion, + originatorInfo [0] IMPLICIT heim_any OPTIONAL, + recipientInfos RecipientInfos, + encryptedContentInfo EncryptedContentInfo, + unprotectedAttrs [1] IMPLICIT heim_any OPTIONAL, +} +*/ + +typedef struct EnvelopedData { + CMSVersion version; + heim_any *originatorInfo; + RecipientInfos recipientInfos; + EncryptedContentInfo encryptedContentInfo; + heim_any *unprotectedAttrs; +} EnvelopedData; + +ASN1EXP int ASN1CALL decode_EnvelopedData(const unsigned char *, size_t, EnvelopedData *, size_t *); +ASN1EXP int ASN1CALL encode_EnvelopedData(unsigned char *, size_t, const EnvelopedData *, size_t *); +ASN1EXP size_t ASN1CALL length_EnvelopedData(const EnvelopedData *); +ASN1EXP int ASN1CALL copy_EnvelopedData (const EnvelopedData *, EnvelopedData *); +ASN1EXP void ASN1CALL free_EnvelopedData (EnvelopedData *); + + +/* +CMSRC2CBCParameter ::= SEQUENCE { + rc2ParameterVersion INTEGER (0..4294967295), + iv OCTET STRING, +} +*/ + +typedef struct CMSRC2CBCParameter { + unsigned int rc2ParameterVersion; + heim_octet_string iv; +} CMSRC2CBCParameter; + +ASN1EXP int ASN1CALL decode_CMSRC2CBCParameter(const unsigned char *, size_t, CMSRC2CBCParameter *, size_t *); +ASN1EXP int ASN1CALL encode_CMSRC2CBCParameter(unsigned char *, size_t, const CMSRC2CBCParameter *, size_t *); +ASN1EXP size_t ASN1CALL length_CMSRC2CBCParameter(const CMSRC2CBCParameter *); +ASN1EXP int ASN1CALL copy_CMSRC2CBCParameter (const CMSRC2CBCParameter *, CMSRC2CBCParameter *); +ASN1EXP void ASN1CALL free_CMSRC2CBCParameter (CMSRC2CBCParameter *); + + +/* +CMSCBCParameter ::= OCTET STRING +*/ + +typedef heim_octet_string CMSCBCParameter; + +ASN1EXP int ASN1CALL decode_CMSCBCParameter(const unsigned char *, size_t, CMSCBCParameter *, size_t *); +ASN1EXP int ASN1CALL encode_CMSCBCParameter(unsigned char *, size_t, const CMSCBCParameter *, size_t *); +ASN1EXP size_t ASN1CALL length_CMSCBCParameter(const CMSCBCParameter *); +ASN1EXP int ASN1CALL copy_CMSCBCParameter (const CMSCBCParameter *, CMSCBCParameter *); +ASN1EXP void ASN1CALL free_CMSCBCParameter (CMSCBCParameter *); + + +#endif /* __cms_asn1_h__ */ diff --git a/kerberos5/include/config.h b/kerberos5/include/config.h --- a/kerberos5/include/config.h +++ b/kerberos5/include/config.h @@ -1,9 +1,9 @@ /* include/config.h. Generated from config.h.in by configure. */ /* include/config.h.in. Generated from configure.ac by autoheader. */ - #ifndef RCSID -#define RCSID(msg) +#define RCSID(msg) \ +static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } #endif /* Maximum values on all known systems */ @@ -61,7 +61,7 @@ #define AUTHENTICATION 1 /* path to bin */ -#define BINDIR "/usr/bin" +#define BINDIR "/usr/heimdal/bin" /* Define if realloc(NULL) doesn't work. */ /* #undef BROKEN_REALLOC */ @@ -115,9 +115,6 @@ /* Define to 1 if you have the `arc4random' function. */ #define HAVE_ARC4RANDOM 1 -/* Define to 1 if you have the header file. */ -#define HAVE_ARPA_FTP_H 1 - /* Define to 1 if you have the header file. */ #define HAVE_ARPA_INET_H 1 @@ -154,6 +151,9 @@ /* Define to 1 if you have the `bswap32' function. */ /* #undef HAVE_BSWAP32 */ +/* Define to 1 if you have the `bswap64' function. */ +/* #undef HAVE_BSWAP64 */ + /* Define to 1 if you have the header file. */ /* #undef HAVE_CAPABILITY_H */ @@ -199,7 +199,7 @@ /* define if you have a berkeley db1/2 library */ #define HAVE_DB1 1 -/* define if you have a berkeley db3/4/5 library */ +/* define if you have a berkeley db3/4/5/6 library */ /* #undef HAVE_DB3 */ /* Define to 1 if you have the header file. */ @@ -211,6 +211,9 @@ /* Define to 1 if you have the header file. */ /* #undef HAVE_DB5_DB_H */ +/* Define to 1 if you have the header file. */ +/* #undef HAVE_DB6_DB_H */ + /* Define if you have user supplied header location */ /* #undef HAVE_DBHEADER */ @@ -287,7 +290,7 @@ #define HAVE_DIRFD 1 /* Define if DIR has field dd_fd. */ -#define HAVE_DIR_DD_FD 1 +/* #undef HAVE_DIR_DD_FD */ /* Define to 1 if you have the `dispatch_async_f' function. */ /* #undef HAVE_DISPATCH_ASYNC_F */ @@ -295,6 +298,9 @@ /* Define to 1 if you have the header file. */ /* #undef HAVE_DISPATCH_DISPATCH_H */ +/* Define to 1 if you have the `dladdr' function. */ +#define HAVE_DLADDR 1 + /* Define to 1 if you have the header file. */ #define HAVE_DLFCN_H 1 @@ -316,6 +322,9 @@ /* Define if you have the function `ecalloc'. */ /* #undef HAVE_ECALLOC */ +/* Define to 1 if you have the header file. */ +/* #undef HAVE_EDITLINE_READLINE_H */ + /* Define if you have the function `emalloc'. */ /* #undef HAVE_EMALLOC */ @@ -338,7 +347,7 @@ /* #undef HAVE_ESTRDUP */ /* Define to 1 if you have the header file. */ -/* #undef HAVE_EXECINFO_H */ +#define HAVE_EXECINFO_H 1 /* Define if you have the function `fchown'. */ #define HAVE_FCHOWN 1 @@ -358,6 +367,9 @@ /* Define to 1 if you have the header file. */ #define HAVE_FNMATCH_H 1 +/* Define to 1 if you have the `fork' function. */ +#define HAVE_FORK 1 + /* Have -framework Security */ /* #undef HAVE_FRAMEWORK_SECURITY */ @@ -379,6 +391,9 @@ /* Define to 1 if you have the `getaddrinfo' function. */ #define HAVE_GETADDRINFO 1 +/* Define to 1 if you have the `getauxval' function. */ +/* #undef HAVE_GETAUXVAL */ + /* Define to 1 if you have the `getconfattr' function. */ /* #undef HAVE_GETCONFATTR */ @@ -473,6 +488,9 @@ /* Define to 1 if you have the header file. */ #define HAVE_GRP_H 1 +/* define to use openssl's libcrypto as the default backend for libhcrypto */ +#define HAVE_HCRYPTO_W_OPENSSL 1 + /* Define to 1 if you have the `hstrerror' function. */ #define HAVE_HSTRERROR 1 @@ -536,12 +554,18 @@ /* Define if you want to use the Kerberos Credentials Manager. */ #define HAVE_KCM 1 +/* Define to 1 if you have the `kill' function. */ +#define HAVE_KILL 1 + /* Define to 1 if you have the header file. */ #define HAVE_LIBUTIL_H 1 /* Define to 1 if you have the header file. */ #define HAVE_LIMITS_H 1 +/* define if you have the LMDB library */ +/* #undef HAVE_LMDB */ + /* Define to 1 if you have the `loadquery' function. */ /* #undef HAVE_LOADQUERY */ @@ -569,8 +593,8 @@ /* Define if you have the function `memmove'. */ #define HAVE_MEMMOVE 1 -/* Define to 1 if you have the header file. */ -#define HAVE_MEMORY_H 1 +/* Define if you have the function `memset_s'. */ +#define HAVE_MEMSET_S 1 /* Define if you have the function `mkstemp'. */ #define HAVE_MKSTEMP 1 @@ -629,9 +653,6 @@ /* Define to 1 if you have the `openpty' function. */ #define HAVE_OPENPTY 1 -/* define to use openssl's libcrypto */ -#define HAVE_OPENSSL 1 - /* Define to enable basic OSF C2 support. */ /* #undef HAVE_OSFC2 */ @@ -674,12 +695,11 @@ /* Define if you have a readline compatible library. */ #define HAVE_READLINE 1 -/* Define to 1 if you have the - <[readline.h])[][]_AH_CHECK_HEADER([readline/readline.h]> header file. */ +/* Define to 1 if you have the header file. */ /* #undef HAVE_READLINE_H */ -/* Define to 1 if you have the header file. */ -/* #undef HAVE_READLINE_READLINE_H_ */ +/* Define to 1 if you have the header file. */ +/* #undef HAVE_READLINE_READLINE_H */ /* Define if you have the function `readv'. */ #define HAVE_READV 1 @@ -712,7 +732,7 @@ #define HAVE_SA_FAMILY_T 1 /* Define if you want support for cache in sqlite. */ -#undef HAVE_SCC +#define HAVE_SCC 1 /* Define to 1 if you have the header file. */ #define HAVE_SEARCH_H 1 @@ -816,6 +836,9 @@ /* Define to 1 if you have the header file. */ #define HAVE_STDINT_H 1 +/* Define to 1 if you have the header file. */ +#define HAVE_STDIO_H 1 + /* Define to 1 if you have the header file. */ #define HAVE_STDLIB_H 1 @@ -874,14 +897,20 @@ #define HAVE_STRSTR 1 /* Define to 1 if you have the `strsvis' function. */ -/* #undef HAVE_STRSVIS */ +#define HAVE_STRSVIS 1 /* Define to 1 if you have the `strsvisx' function. */ -/* #undef HAVE_STRSVISX */ +#define HAVE_STRSVISX 1 /* Define if you have the function `strtok_r'. */ #define HAVE_STRTOK_R 1 +/* Define if you have the function strtoll. */ +#define HAVE_STRTOLL 1 + +/* Define if you have the function strtoull. */ +#define HAVE_STRTOULL 1 + /* Define to 1 if the system has the type `struct addrinfo'. */ #define HAVE_STRUCT_ADDRINFO 1 @@ -912,51 +941,6 @@ /* Define if struct tm has field tm_zone. */ #define HAVE_STRUCT_TM_TM_ZONE 1 -/* Define if struct utmpx has field ut_exit. */ -/* #undef HAVE_STRUCT_UTMPX_UT_EXIT */ - -/* Define if struct utmpx has field ut_host. */ -#define HAVE_STRUCT_UTMPX_UT_HOST 1 - -/* Define if struct utmpx has field ut_id. */ -#define HAVE_STRUCT_UTMPX_UT_ID 1 - -/* Define if struct utmpx has field ut_line. */ -#define HAVE_STRUCT_UTMPX_UT_LINE 1 - -/* Define if struct utmpx has field ut_pid. */ -#define HAVE_STRUCT_UTMPX_UT_PID 1 - -/* Define if struct utmpx has field ut_syslen. */ -/* #undef HAVE_STRUCT_UTMPX_UT_SYSLEN */ - -/* Define if struct utmpx has field ut_tv. */ -#define HAVE_STRUCT_UTMPX_UT_TV 1 - -/* Define if struct utmpx has field ut_type. */ -#define HAVE_STRUCT_UTMPX_UT_TYPE 1 - -/* Define if struct utmpx has field ut_user. */ -#define HAVE_STRUCT_UTMPX_UT_USER 1 - -/* Define if struct utmp has field ut_addr. */ -/* #undef HAVE_STRUCT_UTMP_UT_ADDR */ - -/* Define if struct utmp has field ut_host. */ -/* #undef HAVE_STRUCT_UTMP_UT_HOST */ - -/* Define if struct utmp has field ut_id. */ -/* #undef HAVE_STRUCT_UTMP_UT_ID */ - -/* Define if struct utmp has field ut_pid. */ -/* #undef HAVE_STRUCT_UTMP_UT_PID */ - -/* Define if struct utmp has field ut_type. */ -/* #undef HAVE_STRUCT_UTMP_UT_TYPE */ - -/* Define if struct utmp has field ut_user. */ -/* #undef HAVE_STRUCT_UTMP_UT_USER */ - /* define if struct winsize is declared in sys/termios.h */ #define HAVE_STRUCT_WINSIZE 1 @@ -990,6 +974,9 @@ /* Define to 1 if you have the header file. */ #define HAVE_SYSLOG_H 1 +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_AUXV_H 1 + /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_BITYPES_H */ @@ -997,11 +984,14 @@ /* #undef HAVE_SYS_BSWAP_H */ /* Define to 1 if you have the header file. */ -#define HAVE_SYS_CAPABILITY_H 1 +/* #undef HAVE_SYS_CAPABILITY_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_CATEGORY_H */ +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_ERRNO_H 1 + /* Define to 1 if you have the header file. */ #define HAVE_SYS_FILE_H 1 @@ -1188,12 +1178,6 @@ /* Define to 1 if you have the header file. */ /* #undef HAVE_UTIL_H */ -/* Define to 1 if you have the header file. */ -#define HAVE_UTMPX_H 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_UTMP_H */ - /* Define to 1 if the system has the type `u_int16_t'. */ #define HAVE_U_INT16_T 1 @@ -1239,6 +1223,9 @@ /* Define if you have the function `vwarnx'. */ #define HAVE_VWARNX 1 +/* Define to 1 if you have the `waitpid' function. */ +#define HAVE_WAITPID 1 + /* Define if you have the function `warn'. */ #define HAVE_WARN 1 @@ -1260,15 +1247,6 @@ /* define if struct winsize has ws_ypixel */ #define HAVE_WS_YPIXEL 1 -/* Define to 1 if you have the `XauFileName' function. */ -/* #undef HAVE_XAUFILENAME */ - -/* Define to 1 if you have the `XauReadAuth' function. */ -/* #undef HAVE_XAUREADAUTH */ - -/* Define to 1 if you have the `XauWriteAuth' function. */ -/* #undef HAVE_XAUWRITEAUTH */ - /* Define to 1 if you have the `yp_get_default_domain' function. */ #define HAVE_YP_GET_DEFAULT_DOMAIN 1 @@ -1288,18 +1266,18 @@ #define HAVE___PROGNAME 1 /* have __sync_add_and_fetch */ -#if defined(__FreeBSD__) && defined(__arm__) -#undef HAVE___SYNC_ADD_AND_FETCH /* Not supported on FreeBSD/arm */ -#else #define HAVE___SYNC_ADD_AND_FETCH 1 -#endif + +/* Define to one of cc, pkcs11, ossl, w32crypto, or hcrypto to set a default + hcrypto provider */ +/* #undef HCRYPTO_DEF_PROVIDER */ + +/* Set to 1 to allow fallback to hcrypto for unavailable algorithms */ +#define HCRYPTO_FALLBACK 1 /* Define if you want support for weak crypto */ #define HEIM_WEAK_CRYPTO 1 -/* Define if you have the hesiod package. */ -/* #undef HESIOD */ - /* Enable Kerberos 5 support in applications. */ #define KRB5 1 @@ -1307,13 +1285,13 @@ #define KX509 1 /* path to lib */ -#define LIBDIR "/usr/lib" +#define LIBDIR "/usr/heimdal/lib" /* Define if you have the libedit package. */ /* #undef LIBEDIT */ /* path to libexec */ -#define LIBEXECDIR "/usr/libexec" +#define LIBEXECDIR "/usr/heimdal/libexec" /* Define if you have the libintl package. */ /* #undef LIBINTL */ @@ -1321,8 +1299,7 @@ /* path to localstate */ #define LOCALSTATEDIR "/var/heimdal" -/* Define to the sub-directory in which libtool stores uninstalled libraries. - */ +/* Define to the sub-directory where libtool stores uninstalled libraries. */ #define LT_OBJDIR ".libs/" /* define if the system is missing a prototype for asnprintf() */ @@ -1377,10 +1354,10 @@ /* #undef NEED_STRSEP_PROTO */ /* define if the system is missing a prototype for strsvisx() */ -#define NEED_STRSVISX_PROTO 1 +/* #undef NEED_STRSVISX_PROTO */ /* define if the system is missing a prototype for strsvis() */ -#define NEED_STRSVIS_PROTO 1 +/* #undef NEED_STRSVIS_PROTO */ /* define if the system is missing a prototype for strtok_r() */ /* #undef NEED_STRTOK_R_PROTO */ @@ -1395,7 +1372,7 @@ /* #undef NEED_STRVIS_PROTO */ /* define if the system is missing a prototype for svis() */ -#define NEED_SVIS_PROTO 1 +/* #undef NEED_SVIS_PROTO */ /* define if the system is missing a prototype for unsetenv() */ /* #undef NEED_UNSETENV_PROTO */ @@ -1418,9 +1395,6 @@ /* Define if you don't wan't support for AFS. */ /* #undef NO_AFS */ -/* Define to 1 if your C compiler doesn't accept -c and -o together. */ -/* #undef NO_MINUS_C_MINUS_O */ - /* Define if you don't want to use mmap. */ /* #undef NO_MMAP */ @@ -1444,13 +1418,13 @@ #define PACKAGE "heimdal" /* Define to the address where bug reports for this package should be sent. */ -#define PACKAGE_BUGREPORT "heimdal-bugs@h5l.org" +#define PACKAGE_BUGREPORT "https://github.com/heimdal/heimdal/issues" /* Define to the full name of this package. */ #define PACKAGE_NAME "Heimdal" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "Heimdal 1.5.2" +#define PACKAGE_STRING "Heimdal 7.8.0" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "heimdal" @@ -1459,7 +1433,10 @@ #define PACKAGE_URL "" /* Define to the version of this package. */ -#define PACKAGE_VERSION "1.5.2" +#define PACKAGE_VERSION "7.8.0" + +/* path to PKCS11 module */ +/* #undef PKCS11_MODULE_PATH */ /* Define to enable PKINIT. */ #define PKINIT 1 @@ -1477,7 +1454,7 @@ #define RETSIGTYPE void /* path to sbin */ -#define SBINDIR "/usr/sbin" +#define SBINDIR "/usr/heimdal/sbin" /* Define if you want to use samba socket wrappers. */ /* #undef SOCKET_WRAPPER_REPLACE */ @@ -1485,7 +1462,9 @@ /* Define if you have the sqlite3 package. */ /* #undef SQLITE3 */ -/* Define to 1 if you have the ANSI C header files. */ +/* Define to 1 if all of the C90 standard headers exist (not just the ones + required in a freestanding environment). This macro is provided for + backward compatibility; new code need not use it. */ #define STDC_HEADERS 1 /* Define if you have streams ptys. */ @@ -1495,9 +1474,6 @@ char *, size_t) */ #define STRERROR_R_PROTO_COMPATIBLE 1 -/* Define if os support want to detach is daemonens. */ -#define SUPPORT_DETACH 1 - /* Enable use of inetd style startup. */ #define SUPPORT_INETD 1 @@ -1507,14 +1483,15 @@ /* Define to what version of SunOS you are running. */ /* #undef SunOS */ -/* Define to 1 if you can safely include both and . */ +/* Define to 1 if you can safely include both and . This + macro is obsolete. */ #define TIME_WITH_SYS_TIME 1 /* Define to 1 if your declares `struct tm'. */ /* #undef TM_IN_SYS_TIME */ /* Version number of package */ -#define VERSION "1.5.2" +#define VERSION "7.8.0" /* Define if signal handlers return void. */ #define VOID_RETSIGTYPE 1 @@ -1522,9 +1499,6 @@ /* define if target is big endian */ /* #undef WORDS_BIGENDIAN */ -/* Define to 1 if the X Window System is missing or not being used. */ -#define X_DISPLAY_MISSING 1 - /* Define to 1 if `lex' declares `yytext' as a `char *' by default, not a `char[]'. */ #define YYTEXT_POINTER 1 @@ -1544,6 +1518,12 @@ /* Define to get POSIX getpwnam_r in some systems. */ /* #undef _POSIX_PTHREAD_SEMANTICS */ +/* Enable C11 prototypes for memset_s and friends */ +/* #undef _STDC_C11_BCI */ + +/* Enable general extensions on Solaris. */ +/* #undef __EXTENSIONS__ */ + /* Define to empty if `const' does not conform to ANSI C. */ /* #undef const */ @@ -1562,7 +1542,7 @@ /* Define to `long int' if does not define. */ /* #undef off_t */ -/* Define to `int' if does not define. */ +/* Define as a signed integer type capable of holding a process identifier. */ /* #undef pid_t */ /* Path name delimiter */ @@ -1577,7 +1557,7 @@ /* Define to `int' if doesn't define. */ /* #undef uid_t */ -#ifdef _AIX +#if _AIX /* XXX this is gross, but kills about a gazillion warnings */ struct ether_addr; struct sockaddr; @@ -1585,10 +1565,6 @@ struct sockaddr_in; #endif -#ifdef __APPLE__ -#include -#endif - #ifdef ROKEN_RENAME #include "roken_rename.h" #endif @@ -1599,10 +1575,6 @@ #define SIGRETURN(x) return (RETSIGTYPE)(x) #endif -#ifdef BROKEN_REALLOC -#define realloc(X, Y) rk_realloc((X), (Y)) -#endif - #ifdef ENDIANESS_IN_SYS_PARAM_H # include @@ -1629,3 +1601,7 @@ #define LOGIN_PATH BINDIR "/login" #endif + +#ifdef __APPLE__ +#include +#endif diff --git a/kerberos5/include/config.h b/kerberos5/include/config.h.w32 copy from kerberos5/include/config.h copy to kerberos5/include/config.h.w32 --- a/kerberos5/include/config.h +++ b/kerberos5/include/config.h.w32 @@ -1,23 +1,62 @@ -/* include/config.h. Generated from config.h.in by configure. */ -/* include/config.h.in. Generated from configure.ac by autoheader. */ - +/*********************************************************************** + * Copyright (c) 2009-2016, Secure Endpoints Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + **********************************************************************/ + +#ifndef __CONFIG_H__ +#define __CONFIG_H__ #ifndef RCSID -#define RCSID(msg) +#define RCSID(msg) \ +static const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } #endif -/* Maximum values on all known systems */ -#define MaxHostNameLen (64+4) -#define MaxPathLen (1024+4) +/* If this file is being included by a resource script, don't bother + with anything other than the version macros. */ +#ifndef RC_INVOKED +#define MaxHostNameLen (64+4) +#define MaxPathLen MAX_PATH +#ifndef MAXHOSTNAMELEN +#define MAXHOSTNAMELEN MaxHostNameLen +#endif +#ifndef MAXPATHLEN +#define MAXPATHLEN MaxPathLen +#endif #ifdef BUILD_KRB5_LIB #ifndef KRB5_LIB -#ifdef _WIN32_ -#define KRB5_LIB_FUNCTION __declspec(dllexport) -#define KRB5_LIB_CALL __stdcall -#define KRB5_LIB_VARIABLE __declspec(dllexport) +#ifdef _WIN32 +#define KRB5_LIB_FUNCTION +#define KRB5_LIB_CALL __stdcall +#define KRB5_LIB_VARIABLE #else #define KRB5_LIB_FUNCTION #define KRB5_LIB_CALL @@ -29,10 +68,10 @@ #ifdef BUILD_ROKEN_LIB #ifndef ROKEN_LIB -#ifdef _WIN32_ -#define ROKEN_LIB_FUNCTION __declspec(dllexport) -#define ROKEN_LIB_CALL __stdcall -#define ROKEN_LIB_VARIABLE __declspec(dllexport) +#ifdef _WIN32 +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl +#define ROKEN_LIB_VARIABLE #else #define ROKEN_LIB_FUNCTION #define ROKEN_LIB_CALL @@ -44,10 +83,10 @@ #ifdef BUILD_GSSAPI_LIB #ifndef GSSAPI_LIB -#ifdef _WIN32_ -#define GSSAPI_LIB_FUNCTION __declspec(dllexport) -#define GSSAPI_LIB_CALL __stdcall -#define GSSAPI_LIB_VARIABLE __declspec(dllexport) +#ifdef _WIN32 +#define GSSAPI_LIB_FUNCTION +#define GSSAPI_LIB_CALL __stdcall +#define GSSAPI_LIB_VARIABLE #else #define GSSAPI_LIB_FUNCTION #define GSSAPI_LIB_CALL @@ -56,40 +95,19 @@ #endif #endif +/* Feature macros */ -/* Define if you want authentication support in telnet. */ -#define AUTHENTICATION 1 - -/* path to bin */ -#define BINDIR "/usr/bin" +@FEATURE_DEFS@ -/* Define if realloc(NULL) doesn't work. */ -/* #undef BROKEN_REALLOC */ +/* Define is backslashes act as path name delimiters */ +#define BACKSLASH_PATH_DELIM 1 -/* Define if you want support for DCE/DFS PAG's. */ -/* #undef DCE */ +/* Path separator character */ +#define PATH_SEP ";" /* Define if you want to use DES encryption in telnet. */ #define DES_ENCRYPTION 1 -/* Define this to enable diagnostics in telnet. */ -#define DIAGNOSTICS 1 - -/* Define to enable DIGEST. */ -#define DIGEST 1 - -/* Define if want to use the weak AFS string to key functions. */ -#define ENABLE_AFS_STRING_TO_KEY 1 - -/* Define if you want have a thread safe libraries */ -#define ENABLE_PTHREAD_SUPPORT 1 - -/* Define if you want encryption support in telnet. */ -#define ENCRYPTION 1 - -/* define if sys/param.h defines the endiness */ -#define ENDIANESS_IN_SYS_PARAM_H 1 - /* Define this if you want support for broken ENV_{VAR,VAL} telnets. */ /* #undef ENV_HACK */ @@ -107,25 +125,22 @@ /* define if prototype of getsockname is compatible with int getsockname(int, struct sockaddr*, socklen_t*) */ -#define GETSOCKNAME_PROTO_COMPATIBLE 1 +/* #undef GETSOCKNAME_PROTO_COMPATIBLE */ /* Define if you have the `altzone' variable. */ /* #undef HAVE_ALTZONE */ /* Define to 1 if you have the `arc4random' function. */ -#define HAVE_ARC4RANDOM 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_ARPA_FTP_H 1 +/* #undef HAVE_ARC4RANDOM */ /* Define to 1 if you have the header file. */ -#define HAVE_ARPA_INET_H 1 +/* #undef HAVE_ARPA_INET_H */ /* Define to 1 if you have the header file. */ -#define HAVE_ARPA_NAMESER_H 1 +/* #undef HAVE_ARPA_NAMESER_H */ /* Define to 1 if you have the header file. */ -#define HAVE_ARPA_TELNET_H 1 +/* #undef HAVE_ARPA_TELNET_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_ASL_H */ @@ -134,14 +149,11 @@ /* #undef HAVE_ASNPRINTF */ /* Define to 1 if you have the `asprintf' function. */ -#define HAVE_ASPRINTF 1 +/* #undef HAVE_ASPRINTF */ /* Define to 1 if you have the `atexit' function. */ #define HAVE_ATEXIT 1 -/* Define to 1 if you have the `backtrace' function. */ -/* #undef HAVE_BACKTRACE */ - /* Define to 1 if you have the header file. */ /* #undef HAVE_BIND_BITYPES_H */ @@ -157,80 +169,75 @@ /* Define to 1 if you have the header file. */ /* #undef HAVE_CAPABILITY_H */ -/* whether capng is available for privilege reduction */ -/* #undef HAVE_CAPNG */ - /* Define to 1 if you have the `cap_set_proc' function. */ /* #undef HAVE_CAP_SET_PROC */ /* Define to 1 if you have the `cgetent' function. */ -#define HAVE_CGETENT 1 +/* #undef HAVE_CGETENT */ + +/* Define if the system defines 'CHAR' type */ +#define HAVE_CHAR 1 /* Define if you have the function `chown'. */ #define HAVE_CHOWN 1 /* Define if you have the function `closefrom'. */ -#define HAVE_CLOSEFROM 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_COMMONCRYPTO_COMMONCRYPTOR_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_COMMONCRYPTO_COMMONDIGEST_H */ +/* #undef HAVE_CLOSEFROM */ /* Define to 1 if you have the header file. */ /* #undef HAVE_CONFIG_H */ +/* Define if is present on the system is should be used for + handling low level console operations. */ +#define HAVE_CONIO_H + /* Define if you have the function `copyhostent'. */ /* #undef HAVE_COPYHOSTENT */ /* Define to 1 if you have the `crypt' function. */ -#define HAVE_CRYPT 1 +/* #undef HAVE_CRYPT */ /* Define to 1 if you have the header file. */ -/* #undef HAVE_CRYPT_H */ +/* #ndef HAVE_CRYPT_H */ /* Define to 1 if you have the header file. */ -#define HAVE_CURSES_H 1 +/* #undef HAVE_CURSES_H */ /* Define if you have the function `daemon'. */ -#define HAVE_DAEMON 1 +/* #define HAVE_DAEMON 1 */ /* define if you have a berkeley db1/2 library */ -#define HAVE_DB1 1 +/* #undef HAVE_DB1 */ -/* define if you have a berkeley db3/4/5 library */ -/* #undef HAVE_DB3 */ +/* define if you have a berkeley db3/4 library */ +/* #define HAVE_DB3 1 */ /* Define to 1 if you have the header file. */ /* #undef HAVE_DB3_DB_H */ /* Define to 1 if you have the header file. */ -/* #undef HAVE_DB4_DB_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_DB5_DB_H */ - -/* Define if you have user supplied header location */ -/* #undef HAVE_DBHEADER */ +/* #define HAVE_DB4_DB_H 1 */ /* Define to 1 if you have the `dbm_firstkey' function. */ -#define HAVE_DBM_FIRSTKEY 1 +/* #define HAVE_DBM_FIRSTKEY 1 */ /* Define to 1 if you have the header file. */ /* #undef HAVE_DBM_H */ /* Define to 1 if you have the `dbopen' function. */ -#define HAVE_DBOPEN 1 +/* #undef HAVE_DBOPEN */ + +/* Define to 1 if you have the header file. */ +/* #define HAVE_DB_185_H 1 */ /* Define to 1 if you have the `db_create' function. */ -/* #undef HAVE_DB_CREATE */ +/* #define HAVE_DB_CREATE 1 */ /* Define to 1 if you have the header file. */ -#define HAVE_DB_H 1 +/* #define HAVE_DB_H 1 */ /* define if you have ndbm compat in db */ -/* #undef HAVE_DB_NDBM */ +/* #define HAVE_DB_NDBM 1 */ /* Define to 1 if you have the declaration of `altzone', and to 0 if you don't. */ @@ -238,11 +245,11 @@ /* Define to 1 if you have the declaration of `environ', and to 0 if you don't. */ -#define HAVE_DECL_ENVIRON 0 +#define HAVE_DECL_ENVIRON 1 /* Define to 1 if you have the declaration of `h_errlist', and to 0 if you don't. */ -#define HAVE_DECL_H_ERRLIST 0 +/* #undef HAVE_DECL_H_ERRLIST */ /* Define to 1 if you have the declaration of `h_errno', and to 0 if you don't. */ @@ -254,19 +261,19 @@ /* Define to 1 if you have the declaration of `optarg', and to 0 if you don't. */ -#define HAVE_DECL_OPTARG 1 +/* #undef HAVE_DECL_OPTARG */ /* Define to 1 if you have the declaration of `opterr', and to 0 if you don't. */ -#define HAVE_DECL_OPTERR 1 +/* #undef HAVE_DECL_OPTERR */ /* Define to 1 if you have the declaration of `optind', and to 0 if you don't. */ -#define HAVE_DECL_OPTIND 1 +/* #undef HAVE_DECL_OPTIND */ /* Define to 1 if you have the declaration of `optopt', and to 0 if you don't. */ -#define HAVE_DECL_OPTOPT 1 +/* #undef HAVE_DECL_OPTOPT */ /* Define to 1 if you have the declaration of `timezone', and to 0 if you don't. */ @@ -274,41 +281,31 @@ /* Define to 1 if you have the declaration of `_res', and to 0 if you don't. */ -#define HAVE_DECL__RES 1 +/* #undef HAVE_DECL__RES */ /* Define to 1 if you have the declaration of `__progname', and to 0 if you don't. */ #define HAVE_DECL___PROGNAME 0 /* Define to 1 if you have the header file. */ +/* MSVC doesn't provide a , but we implement it in + lib/roken. */ #define HAVE_DIRENT_H 1 -/* have a dirfd function/macro */ -#define HAVE_DIRFD 1 - -/* Define if DIR has field dd_fd. */ -#define HAVE_DIR_DD_FD 1 - -/* Define to 1 if you have the `dispatch_async_f' function. */ -/* #undef HAVE_DISPATCH_ASYNC_F */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_DISPATCH_DISPATCH_H */ - /* Define to 1 if you have the header file. */ +/* MSVC doesn't provide a , but we implement it in lib/roken. */ #define HAVE_DLFCN_H 1 /* Define to 1 if you have the `dlopen' function. */ +/* MSVC doesn't provide a , but we implement it in lib/roken. */ #define HAVE_DLOPEN 1 -/* Define to 1 if you have the header file. */ -/* #undef HAVE_DNS_H */ - -/* Define to 1 if you have the `dns_search' function. */ -/* #undef HAVE_DNS_SEARCH */ +/* Define to 1 if you have the `dladdr' function. */ +/* MSVC doesn't provide a , but we implement it in lib/roken. */ +#define HAVE_DLADDR 1 /* Define to 1 if you have the `dn_expand' function. */ -#define HAVE_DN_EXPAND 1 +/* #undef HAVE_DN_EXPAND */ /* Define to 1 if you have the `door_create' function. */ /* #undef HAVE_DOOR_CREATE */ @@ -316,6 +313,9 @@ /* Define if you have the function `ecalloc'. */ /* #undef HAVE_ECALLOC */ +/* Define to 1 if you have the `el_init' function. */ +/* #undef HAVE_EL_INIT */ + /* Define if you have the function `emalloc'. */ /* #undef HAVE_EMALLOC */ @@ -337,26 +337,26 @@ /* Define if you have the function `estrdup'. */ /* #undef HAVE_ESTRDUP */ -/* Define to 1 if you have the header file. */ -/* #undef HAVE_EXECINFO_H */ - /* Define if you have the function `fchown'. */ -#define HAVE_FCHOWN 1 +/* #undef HAVE_FCHOWN */ /* Define to 1 if you have the `fcntl' function. */ -#define HAVE_FCNTL 1 +/* #undef HAVE_FCNTL */ /* Define to 1 if you have the header file. */ #define HAVE_FCNTL_H 1 /* Define if you have the function `flock'. */ -#define HAVE_FLOCK 1 +/* #undef HAVE_FLOCK */ /* Define if you have the function `fnmatch'. */ -#define HAVE_FNMATCH 1 +/* #undef HAVE_FNMATCH */ /* Define to 1 if you have the header file. */ -#define HAVE_FNMATCH_H 1 +/* #undef HAVE_FNMATCH_H */ + +/* Define if el_init takes four arguments. */ +/* #undef HAVE_FOUR_VALUED_EL_INIT */ /* Have -framework Security */ /* #undef HAVE_FRAMEWORK_SECURITY */ @@ -365,14 +365,11 @@ #define HAVE_FREEADDRINFO 1 /* Define if you have the function `freehostent'. */ -#define HAVE_FREEHOSTENT 1 +/* #undef HAVE_FREEHOSTENT */ /* Define to 1 if you have the `gai_strerror' function. */ #define HAVE_GAI_STRERROR 1 -/* Define if os support gcd. */ -/* #undef HAVE_GCD */ - /* Define to 1 if you have the header file. */ /* #undef HAVE_GDBM_NDBM_H */ @@ -386,37 +383,37 @@ #define HAVE_GETCWD 1 /* Define if you have the function `getdtablesize'. */ -#define HAVE_GETDTABLESIZE 1 +/* #define HAVE_GETDTABLESIZE 1 */ /* Define if you have the function `getegid'. */ -#define HAVE_GETEGID 1 +/* #define HAVE_GETEGID 1 */ /* Define if you have the function `geteuid'. */ -#define HAVE_GETEUID 1 +/* #define HAVE_GETEUID 1 */ /* Define if you have the function `getgid'. */ -#define HAVE_GETGID 1 +/* #define HAVE_GETGID 1 */ /* Define to 1 if you have the `gethostbyname' function. */ #define HAVE_GETHOSTBYNAME 1 /* Define to 1 if you have the `gethostbyname2' function. */ -#define HAVE_GETHOSTBYNAME2 1 +/* #undef HAVE_GETHOSTBYNAME2 */ /* Define if you have the function `gethostname'. */ #define HAVE_GETHOSTNAME 1 /* Define if you have the function `getifaddrs'. */ -#define HAVE_GETIFADDRS 1 +/* #undef HAVE_GETIFADDRS */ /* Define if you have the function `getipnodebyaddr'. */ -#define HAVE_GETIPNODEBYADDR 1 +/* #undef HAVE_GETIPNODEBYADDR */ /* Define if you have the function `getipnodebyname'. */ -#define HAVE_GETIPNODEBYNAME 1 +/* #undef HAVE_GETIPNODEBYNAME */ /* Define to 1 if you have the `getlogin' function. */ -#define HAVE_GETLOGIN 1 +/* #define HAVE_GETLOGIN 1 */ /* Define if you have a working getmsg. */ /* #undef HAVE_GETMSG */ @@ -425,25 +422,25 @@ #define HAVE_GETNAMEINFO 1 /* Define if you have the function `getopt'. */ -#define HAVE_GETOPT 1 +/* #define HAVE_GETOPT 1 */ /* Define to 1 if you have the `getpagesize' function. */ -#define HAVE_GETPAGESIZE 1 +/* #define HAVE_GETPAGESIZE 1 */ /* Define to 1 if you have the `getpeereid' function. */ -#define HAVE_GETPEEREID 1 +/* #define HAVE_GETPEEREID 1 */ /* Define to 1 if you have the `getpeerucred' function. */ /* #undef HAVE_GETPEERUCRED */ /* Define to 1 if you have the `getprogname' function. */ -#define HAVE_GETPROGNAME 1 +/* #define HAVE_GETPROGNAME 1 */ /* Define to 1 if you have the `getpwnam_r' function. */ -#define HAVE_GETPWNAM_R 1 +/* #define HAVE_GETPWNAM_R 1 */ /* Define to 1 if you have the `getrlimit' function. */ -#define HAVE_GETRLIMIT 1 +/* #define HAVE_GETRLIMIT 1 */ /* Define to 1 if you have the `getsockopt' function. */ #define HAVE_GETSOCKOPT 1 @@ -452,92 +449,106 @@ /* #undef HAVE_GETSPNAM */ /* Define if you have the function `gettimeofday'. */ -#define HAVE_GETTIMEOFDAY 1 +/* #define HAVE_GETTIMEOFDAY 1 */ /* Define to 1 if you have the `getudbnam' function. */ /* #undef HAVE_GETUDBNAM */ /* Define if you have the function `getuid'. */ -#define HAVE_GETUID 1 +/* #define HAVE_GETUID 1 */ /* Define if you have the function `getusershell'. */ -#define HAVE_GETUSERSHELL 1 +/* #define HAVE_GETUSERSHELL 1 */ /* define if you have a glob() that groks GLOB_BRACE, GLOB_NOCHECK, GLOB_QUOTE, GLOB_TILDE, and GLOB_LIMIT */ -#define HAVE_GLOB 1 +/* #define HAVE_GLOB 1 */ /* Define to 1 if you have the `grantpt' function. */ -#define HAVE_GRANTPT 1 +/* #define HAVE_GRANTPT 1 */ /* Define to 1 if you have the header file. */ -#define HAVE_GRP_H 1 +/* #define HAVE_GRP_H 1 */ /* Define to 1 if you have the `hstrerror' function. */ -#define HAVE_HSTRERROR 1 +/* #define HAVE_HSTRERROR 1 */ /* Define if you have the `h_errlist' variable. */ -#define HAVE_H_ERRLIST 1 +/* #undef HAVE_H_ERRLIST */ /* Define if you have the `h_errno' variable. */ -#define HAVE_H_ERRNO 1 +/* #define HAVE_H_ERRNO 1 */ /* Define if you have the `h_nerr' variable. */ /* #undef HAVE_H_NERR */ /* Define to 1 if you have the header file. */ -#define HAVE_IFADDRS_H 1 +/* #undef HAVE_IFADDRS_H */ /* Define if you have the in6addr_loopback variable */ -#define HAVE_IN6ADDR_LOOPBACK 1 +/* #undef HAVE_IN6ADDR_LOOPBACK */ + +/* */ +#define HAVE_INET_ADDR 1 /* define */ -#define HAVE_INET_ATON 1 +/* #define HAVE_INET_ATON 1 */ /* define */ -#define HAVE_INET_NTOP 1 +/* #define HAVE_INET_NTOP 1 */ /* define */ +/* #define HAVE_INET_PTON 1 */ + +#if _WIN32_WINNT >= 0x0600 + +#define HAVE_INET_NTOP 1 + #define HAVE_INET_PTON 1 +#endif + /* Define if you have the function `initgroups'. */ -#define HAVE_INITGROUPS 1 +/* #define HAVE_INITGROUPS 1 */ + +/* Define to 1 if you have the `initstate' function. */ +/* #define HAVE_INITSTATE 1 */ /* Define if you have the function `innetgr'. */ -#define HAVE_INNETGR 1 +/* #undef HAVE_INNETGR */ /* Define to 1 if the system has the type `int16_t'. */ -#define HAVE_INT16_T 1 +/* #define HAVE_INT16_T 1 */ /* Define to 1 if the system has the type `int32_t'. */ -#define HAVE_INT32_T 1 +/* #define HAVE_INT32_T 1 */ /* Define to 1 if the system has the type `int64_t'. */ -#define HAVE_INT64_T 1 +/* #define HAVE_INT64_T 1 */ /* Define to 1 if the system has the type `int8_t'. */ -#define HAVE_INT8_T 1 +/* #define HAVE_INT8_T 1 */ /* Define to 1 if you have the header file. */ -#define HAVE_INTTYPES_H 1 +/* #define HAVE_INTTYPES_H 1 */ /* Define to 1 if you have the header file. */ -/* #undef HAVE_IO_H */ +#define HAVE_IO_H 1 /* Define if you have IPv6. */ #define HAVE_IPV6 1 /* Define if you have the function `iruserok'. */ -#define HAVE_IRUSEROK 1 +/* #define HAVE_IRUSEROK 1 */ /* Define to 1 if you have the `issetugid' function. */ -#define HAVE_ISSETUGID 1 +/* #undef HAVE_ISSETUGID */ /* Define if you want to use the Kerberos Credentials Manager. */ -#define HAVE_KCM 1 +/* #define HAVE_KCM 1 */ /* Define to 1 if you have the header file. */ -#define HAVE_LIBUTIL_H 1 +/* #undef HAVE_LIBUTIL_H */ /* Define to 1 if you have the header file. */ #define HAVE_LIMITS_H 1 @@ -545,23 +556,23 @@ /* Define to 1 if you have the `loadquery' function. */ /* #undef HAVE_LOADQUERY */ +/* Define if you have the function `localtime_r'. */ +/* #define HAVE_LOCALTIME_R 1 */ + /* Define to 1 if you have the header file. */ #define HAVE_LOCALE_H 1 -/* Define if you have the function `localtime_r'. */ -#define HAVE_LOCALTIME_R 1 - /* Define to 1 if you have the `logout' function. */ -/* #undef HAVE_LOGOUT */ +/* #define HAVE_LOGOUT 1 */ /* Define to 1 if you have the `logwtmp' function. */ -/* #undef HAVE_LOGWTMP */ +/* #define HAVE_LOGWTMP 1 */ /* Define to 1 if the system has the type `long long'. */ #define HAVE_LONG_LONG 1 /* Define if you have the function `lstat'. */ -#define HAVE_LSTAT 1 +/* #define HAVE_LSTAT 1 */ /* Define to 1 if you have the header file. */ /* #undef HAVE_MAILLOCK_H */ @@ -573,22 +584,22 @@ #define HAVE_MEMORY_H 1 /* Define if you have the function `mkstemp'. */ -#define HAVE_MKSTEMP 1 +/* #define HAVE_MKSTEMP 1 */ /* Define to 1 if you have the `mktime' function. */ #define HAVE_MKTIME 1 /* Define to 1 if you have a working `mmap' system call. */ -#define HAVE_MMAP 1 +/* #undef HAVE_MMAP */ /* define if you have a ndbm library */ -#define HAVE_NDBM 1 +/* #undef HAVE_NDBM */ /* Define to 1 if you have the header file. */ -#define HAVE_NDBM_H 1 +/* #undef HAVE_NDBM_H */ /* Define to 1 if you have the header file. */ -#define HAVE_NETDB_H 1 +/* #define HAVE_NETDB_H 1 */ /* Define to 1 if you have the header file. */ /* #undef HAVE_NETGROUP_H */ @@ -606,176 +617,179 @@ /* #undef HAVE_NETINET_IN6_MACHTYPES_H */ /* Define to 1 if you have the header file. */ -#define HAVE_NETINET_IN_H 1 +/* #define HAVE_NETINET_IN_H 1 */ + +/* Define to 1 if you have the header file. */ +/* #define HAVE_NETINET_TCP_H 1 */ /* Define to 1 if you have the header file. */ -#define HAVE_NETINET_IN_SYSTM_H 1 +/* #define HAVE_NETINET_IN_SYSTM_H 1 */ /* Define to 1 if you have the header file. */ -#define HAVE_NETINET_IP_H 1 +/* #define HAVE_NETINET_IP_H 1 */ /* Define to 1 if you have the header file. */ -#define HAVE_NETINET_TCP_H 1 +/* #define HAVE_NETINET_TCP_H 1 */ + +/* Define if you want to use Netinfo instead of krb5.conf. */ +/* #undef HAVE_NETINFO */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NETINFO_NI_H */ /* Define to 1 if you have the header file. */ -#define HAVE_NET_IF_H 1 +/* #define HAVE_NET_IF_H 1 */ /* Define if NDBM really is DB (creates files *.db) */ -#define HAVE_NEW_DB 1 +/* #define HAVE_NEW_DB 1 */ /* Define to 1 if you have the `on_exit' function. */ -/* #undef HAVE_ON_EXIT */ +/* #define HAVE_ON_EXIT 1 */ + +/* Define to 1 if you have the '_onexit' function */ +#define HAVE__ONEXIT 1 /* Define to 1 if you have the `openpty' function. */ -#define HAVE_OPENPTY 1 +/* #define HAVE_OPENPTY 1 */ -/* define to use openssl's libcrypto */ -#define HAVE_OPENSSL 1 +/* define to 1 to use openssl's libcrypto as a (default) backend for libhcrypto */ +/* #undef HAVE_HCRYPTO_W_OPENSSL */ /* Define to enable basic OSF C2 support. */ /* #undef HAVE_OSFC2 */ /* Define to 1 if you have the header file. */ -#define HAVE_PATHS_H 1 +/* #define HAVE_PATHS_H 1 */ /* Define to 1 if you have the `pidfile' function. */ /* #undef HAVE_PIDFILE */ /* Define to 1 if you have the `poll' function. */ -#define HAVE_POLL 1 +/* #define HAVE_POLL 1 */ /* Define to 1 if you have the header file. */ -#define HAVE_POLL_H 1 +/* #define HAVE_POLL_H 1 */ /* Define to 1 if you have the header file. */ -#define HAVE_PTHREAD_H 1 +/* This option is added by the NTMakefile if we have a . */ +/* #define HAVE_PTHREAD_H 1 */ /* Define to 1 if you have the `ptsname' function. */ -#define HAVE_PTSNAME 1 +/* #define HAVE_PTSNAME 1 */ /* Define to 1 if you have the header file. */ -/* #undef HAVE_PTY_H */ +/* #define HAVE_PTY_H 1 */ /* Define if you have the function `putenv'. */ #define HAVE_PUTENV 1 /* Define to 1 if you have the header file. */ -#define HAVE_PWD_H 1 +/* #define HAVE_PWD_H 1 */ /* Define to 1 if you have the `rand' function. */ #define HAVE_RAND 1 /* Define to 1 if you have the `random' function. */ -#define HAVE_RANDOM 1 +/* #define HAVE_RANDOM 1 */ /* Define if you have the function `rcmd'. */ -#define HAVE_RCMD 1 +/* #define HAVE_RCMD 1 */ /* Define if you have a readline compatible library. */ -#define HAVE_READLINE 1 - -/* Define to 1 if you have the - <[readline.h])[][]_AH_CHECK_HEADER([readline/readline.h]> header file. */ -/* #undef HAVE_READLINE_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_READLINE_READLINE_H_ */ +/* #define HAVE_READLINE 1 */ /* Define if you have the function `readv'. */ -#define HAVE_READV 1 +/* #define HAVE_READV 1 */ /* Define if you have the function `recvmsg'. */ -#define HAVE_RECVMSG 1 +/* #define HAVE_RECVMSG 1 */ /* Define to 1 if you have the header file. */ -#define HAVE_RESOLV_H 1 +/* #undef HAVE_RESOLV_H */ /* Define to 1 if you have the `res_ndestroy' function. */ -#define HAVE_RES_NDESTROY 1 +/* #undef HAVE_RES_NDESTROY */ /* Define to 1 if you have the `res_nsearch' function. */ -#define HAVE_RES_NSEARCH 1 +/* #undef HAVE_RES_NSEARCH */ /* Define to 1 if you have the `res_search' function. */ -#define HAVE_RES_SEARCH 1 +/* #undef HAVE_RES_SEARCH */ /* Define to 1 if you have the `revoke' function. */ -#define HAVE_REVOKE 1 +/* #define HAVE_REVOKE 1 */ /* Define to 1 if you have the header file. */ -#define HAVE_RPCSVC_YPCLNT_H 1 +/* #undef HAVE_RPCSVC_YPCLNT_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_SAC_H */ /* Define to 1 if the system has the type `sa_family_t'. */ -#define HAVE_SA_FAMILY_T 1 - -/* Define if you want support for cache in sqlite. */ -#undef HAVE_SCC - -/* Define to 1 if you have the header file. */ -#define HAVE_SEARCH_H 1 +/* #define HAVE_SA_FAMILY_T 1 */ /* Define to 1 if you have the header file. */ -#define HAVE_SECURITY_PAM_MODULES_H 1 +/* #undef HAVE_SECURITY_PAM_MODULES_H */ /* Define to 1 if you have the `select' function. */ #define HAVE_SELECT 1 /* Define if you have the function `sendmsg'. */ -#define HAVE_SENDMSG 1 +/* #define HAVE_SENDMSG 1 */ /* Define if you have the function `setegid'. */ -#define HAVE_SETEGID 1 +/* #define HAVE_SETEGID 1 */ /* Define if you have the function `setenv'. */ #define HAVE_SETENV 1 /* Define if you have the function `seteuid'. */ -#define HAVE_SETEUID 1 +/* #define HAVE_SETEUID 1 */ /* Define to 1 if you have the `setitimer' function. */ -#define HAVE_SETITIMER 1 +/* #define HAVE_SETITIMER 1 */ /* Define to 1 if you have the `setlim' function. */ /* #undef HAVE_SETLIM */ /* Define to 1 if you have the `setlogin' function. */ -#define HAVE_SETLOGIN 1 +/* #undef HAVE_SETLOGIN */ /* Define to 1 if you have the `setpcred' function. */ /* #undef HAVE_SETPCRED */ /* Define to 1 if you have the `setpgid' function. */ -#define HAVE_SETPGID 1 +/* #define HAVE_SETPGID 1 */ /* Define to 1 if you have the `setproctitle' function. */ -#define HAVE_SETPROCTITLE 1 +/* #undef HAVE_SETPROCTITLE */ /* Define to 1 if you have the `setprogname' function. */ -#define HAVE_SETPROGNAME 1 +/* #define HAVE_SETPROGNAME 1 */ /* Define to 1 if you have the `setregid' function. */ -#define HAVE_SETREGID 1 +/* #define HAVE_SETREGID 1 */ /* Define to 1 if you have the `setresgid' function. */ -#define HAVE_SETRESGID 1 +/* #undef HAVE_SETRESGID */ /* Define to 1 if you have the `setresuid' function. */ -#define HAVE_SETRESUID 1 +/* #undef HAVE_SETRESUID */ /* Define to 1 if you have the `setreuid' function. */ -#define HAVE_SETREUID 1 +/* #define HAVE_SETREUID 1 */ /* Define to 1 if you have the `setsid' function. */ -#define HAVE_SETSID 1 +/* #define HAVE_SETSID 1 */ /* Define to 1 if you have the `setsockopt' function. */ #define HAVE_SETSOCKOPT 1 +/* Define to 1 if you have the `setstate' function. */ +/* #define HAVE_SETSTATE 1 */ + /* Define to 1 if you have the `setutent' function. */ -/* #undef HAVE_SETUTENT */ +/* #define HAVE_SETUTENT 1 */ /* Define to 1 if you have the `sgi_getcapabilitybyname' function. */ /* #undef HAVE_SGI_GETCAPABILITYBYNAME */ @@ -790,13 +804,15 @@ /* #undef HAVE_SIAD_H */ /* Define to 1 if you have the `sigaction' function. */ -#define HAVE_SIGACTION 1 +/* #define HAVE_SIGACTION 1 */ /* Define to 1 if you have the header file. */ #define HAVE_SIGNAL_H 1 /* define if you have a working snprintf */ -#define HAVE_SNPRINTF 1 +/* snprintf() and vsnprintf() do exist. But the implementations are + not C99 compliant. */ +/* #define HAVE_SNPRINTF 1 */ /* Define to 1 if you have the `socket' function. */ #define HAVE_SOCKET 1 @@ -804,23 +820,21 @@ /* Define to 1 if the system has the type `socklen_t'. */ #define HAVE_SOCKLEN_T 1 -/* Define if you want support for sqlite in Heimdal. */ -#define HAVE_SQLITE3 1 - /* Define to 1 if the system has the type `ssize_t'. */ -#define HAVE_SSIZE_T 1 +/* #define HAVE_SSIZE_T 1 */ /* Define to 1 if you have the header file. */ /* #undef HAVE_STANDARDS_H */ /* Define to 1 if you have the header file. */ -#define HAVE_STDINT_H 1 +/* #define HAVE_STDINT_H 1 */ /* Define to 1 if you have the header file. */ #define HAVE_STDLIB_H 1 /* Define if you have the function `strcasecmp'. */ #define HAVE_STRCASECMP 1 +#define strcasecmp _stricmp /* Define if you have the function `strdup'. */ #define HAVE_STRDUP 1 @@ -828,32 +842,30 @@ /* Define if you have the function `strerror'. */ #define HAVE_STRERROR 1 -/* Define if you have the function strerror_r. */ -#define HAVE_STRERROR_R 1 - /* Define if you have the function `strftime'. */ #define HAVE_STRFTIME 1 /* Define to 1 if you have the header file. */ -#define HAVE_STRINGS_H 1 +/* #define HAVE_STRINGS_H 1 */ /* Define to 1 if you have the header file. */ #define HAVE_STRING_H 1 /* Define if you have the function `strlcat'. */ -#define HAVE_STRLCAT 1 +/* #define HAVE_STRLCAT 1 */ /* Define if you have the function `strlcpy'. */ -#define HAVE_STRLCPY 1 +/* #define HAVE_STRLCPY 1 */ /* Define if you have the function `strlwr'. */ -/* #undef HAVE_STRLWR */ +#define HAVE_STRLWR 1 /* Define if you have the function `strncasecmp'. */ #define HAVE_STRNCASECMP 1 +#define strncasecmp _strnicmp /* Define if you have the function `strndup'. */ -#define HAVE_STRNDUP 1 +/* #define HAVE_STRNDUP 1 */ /* Define if you have the function `strnlen'. */ #define HAVE_STRNLEN 1 @@ -862,10 +874,10 @@ /* #undef HAVE_STROPTS_H */ /* Define if you have the function `strptime'. */ -#define HAVE_STRPTIME 1 +/* #define HAVE_STRPTIME 1 */ /* Define if you have the function `strsep'. */ -#define HAVE_STRSEP 1 +/* #define HAVE_STRSEP 1 */ /* Define if you have the function `strsep_copy'. */ /* #undef HAVE_STRSEP_COPY */ @@ -876,29 +888,37 @@ /* Define to 1 if you have the `strsvis' function. */ /* #undef HAVE_STRSVIS */ -/* Define to 1 if you have the `strsvisx' function. */ -/* #undef HAVE_STRSVISX */ - /* Define if you have the function `strtok_r'. */ -#define HAVE_STRTOK_R 1 +/* #define HAVE_STRTOK_R 1 */ + +#if defined(__has_include) +# if __has_include() +# define HAVE_UCRT 1 +# endif +#endif + +#ifdef HAVE_UCRT +#define HAVE_STRTOLL 1 +#define HAVE_STRTOULL 1 +#endif /* Define to 1 if the system has the type `struct addrinfo'. */ #define HAVE_STRUCT_ADDRINFO 1 /* Define to 1 if the system has the type `struct ifaddrs'. */ -#define HAVE_STRUCT_IFADDRS 1 +/* #undef HAVE_STRUCT_IFADDRS */ /* Define to 1 if the system has the type `struct iovec'. */ -#define HAVE_STRUCT_IOVEC 1 +/* #define HAVE_STRUCT_IOVEC 1 */ /* Define to 1 if the system has the type `struct msghdr'. */ -#define HAVE_STRUCT_MSGHDR 1 +/* #define HAVE_STRUCT_MSGHDR 1 */ /* Define to 1 if the system has the type `struct sockaddr'. */ #define HAVE_STRUCT_SOCKADDR 1 /* Define if struct sockaddr has field sa_len. */ -#define HAVE_STRUCT_SOCKADDR_SA_LEN 1 +/* #undef HAVE_STRUCT_SOCKADDR_SA_LEN */ /* Define to 1 if the system has the type `struct sockaddr_storage'. */ #define HAVE_STRUCT_SOCKADDR_STORAGE 1 @@ -907,82 +927,39 @@ /* #undef HAVE_STRUCT_SPWD */ /* Define if struct tm has field tm_gmtoff. */ -#define HAVE_STRUCT_TM_TM_GMTOFF 1 +/* #undef HAVE_STRUCT_TM_TM_GMTOFF */ /* Define if struct tm has field tm_zone. */ -#define HAVE_STRUCT_TM_TM_ZONE 1 - -/* Define if struct utmpx has field ut_exit. */ -/* #undef HAVE_STRUCT_UTMPX_UT_EXIT */ - -/* Define if struct utmpx has field ut_host. */ -#define HAVE_STRUCT_UTMPX_UT_HOST 1 - -/* Define if struct utmpx has field ut_id. */ -#define HAVE_STRUCT_UTMPX_UT_ID 1 - -/* Define if struct utmpx has field ut_line. */ -#define HAVE_STRUCT_UTMPX_UT_LINE 1 - -/* Define if struct utmpx has field ut_pid. */ -#define HAVE_STRUCT_UTMPX_UT_PID 1 - -/* Define if struct utmpx has field ut_syslen. */ -/* #undef HAVE_STRUCT_UTMPX_UT_SYSLEN */ - -/* Define if struct utmpx has field ut_tv. */ -#define HAVE_STRUCT_UTMPX_UT_TV 1 - -/* Define if struct utmpx has field ut_type. */ -#define HAVE_STRUCT_UTMPX_UT_TYPE 1 - -/* Define if struct utmpx has field ut_user. */ -#define HAVE_STRUCT_UTMPX_UT_USER 1 - -/* Define if struct utmp has field ut_addr. */ -/* #undef HAVE_STRUCT_UTMP_UT_ADDR */ - -/* Define if struct utmp has field ut_host. */ -/* #undef HAVE_STRUCT_UTMP_UT_HOST */ - -/* Define if struct utmp has field ut_id. */ -/* #undef HAVE_STRUCT_UTMP_UT_ID */ - -/* Define if struct utmp has field ut_pid. */ -/* #undef HAVE_STRUCT_UTMP_UT_PID */ - -/* Define if struct utmp has field ut_type. */ -/* #undef HAVE_STRUCT_UTMP_UT_TYPE */ - -/* Define if struct utmp has field ut_user. */ -/* #undef HAVE_STRUCT_UTMP_UT_USER */ +/* #undef HAVE_STRUCT_TM_TM_ZONE */ /* define if struct winsize is declared in sys/termios.h */ -#define HAVE_STRUCT_WINSIZE 1 +/* #define HAVE_STRUCT_WINSIZE 1 */ /* Define to 1 if you have the `strunvis' function. */ -#define HAVE_STRUNVIS 1 +/* #undef HAVE_STRUNVIS */ /* Define if you have the function `strupr'. */ -/* #undef HAVE_STRUPR */ +#define HAVE_STRUPR 1 /* Define to 1 if you have the `strvis' function. */ -#define HAVE_STRVIS 1 +/* #undef HAVE_STRVIS */ /* Define to 1 if you have the `strvisx' function. */ -#define HAVE_STRVISX 1 +/* #undef HAVE_STRVISX */ /* Define to 1 if you have the `svis' function. */ -#define HAVE_SVIS 1 +/* #undef HAVE_SVIS */ /* Define if you have the function `swab'. */ #define HAVE_SWAB 1 /* Define to 1 if you have the `sysconf' function. */ -#define HAVE_SYSCONF 1 +/* #define HAVE_SYSCONF 1 */ /* Define to 1 if you have the `sysctl' function. */ -#define HAVE_SYSCTL 1 +/* #undef HAVE_SYSCTL */ + +/* syslog is provided for _win32 in lib/roken */ /* Define to 1 if you have the `syslog' function. */ #define HAVE_SYSLOG 1 @@ -997,31 +974,31 @@ /* #undef HAVE_SYS_BSWAP_H */ /* Define to 1 if you have the header file. */ -#define HAVE_SYS_CAPABILITY_H 1 +/* #undef HAVE_SYS_CAPABILITY_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_CATEGORY_H */ /* Define to 1 if you have the header file. */ -#define HAVE_SYS_FILE_H 1 +/* #define HAVE_SYS_FILE_H 1 */ /* Define to 1 if you have the header file. */ -#define HAVE_SYS_FILIO_H 1 +/* #undef HAVE_SYS_FILIO_H */ /* Define to 1 if you have the header file. */ -#define HAVE_SYS_IOCCOM_H 1 +/* #undef HAVE_SYS_IOCCOM_H */ /* Define to 1 if you have the header file. */ -#define HAVE_SYS_IOCTL_H 1 +/* #define HAVE_SYS_IOCTL_H 1 */ /* Define to 1 if you have the header file. */ -#define HAVE_SYS_MMAN_H 1 +/* #define HAVE_SYS_MMAN_H 1 */ /* Define to 1 if you have the header file. */ -#define HAVE_SYS_PARAM_H 1 +/* #define HAVE_SYS_PARAM_H 1 */ /* Define to 1 if you have the header file. */ -#define HAVE_SYS_PROC_H 1 +/* #undef HAVE_SYS_PROC_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_PTYIO_H */ @@ -1033,16 +1010,16 @@ /* #undef HAVE_SYS_PTY_H */ /* Define to 1 if you have the header file. */ -#define HAVE_SYS_RESOURCE_H 1 +/* #define HAVE_SYS_RESOURCE_H 1 */ /* Define to 1 if you have the header file. */ -#define HAVE_SYS_SELECT_H 1 +/* #define HAVE_SYS_SELECT_H 1 */ /* Define to 1 if you have the header file. */ -#define HAVE_SYS_SOCKET_H 1 +/* #define HAVE_SYS_SOCKET_H 1 */ /* Define to 1 if you have the header file. */ -#define HAVE_SYS_SOCKIO_H 1 +/* #undef HAVE_SYS_SOCKIO_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_STAT_H 1 @@ -1060,67 +1037,61 @@ /* #undef HAVE_SYS_STR_TTY_H */ /* Define to 1 if you have the header file. */ -#define HAVE_SYS_SYSCALL_H 1 +/* #undef HAVE_SYS_SYSCALL_H */ /* Define to 1 if you have the header file. */ -#define HAVE_SYS_SYSCTL_H 1 +/* #undef HAVE_SYS_SYSCTL_H */ /* Define to 1 if you have the header file. */ -/* #undef HAVE_SYS_TERMIO_H */ +/* #define HAVE_SYS_TERMIO_H 1 */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_TIMEB_H 1 /* Define to 1 if you have the header file. */ -#define HAVE_SYS_TIMES_H 1 +/* #define HAVE_SYS_TIMES_H 1 */ /* Define to 1 if you have the header file. */ -#define HAVE_SYS_TIME_H 1 +/* #define HAVE_SYS_TIME_H 1 */ /* Define to 1 if you have the header file. */ -#define HAVE_SYS_TTY_H 1 +/* #undef HAVE_SYS_TTY_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_TYPES_H 1 /* Define to 1 if you have the header file. */ -#define HAVE_SYS_UCRED_H 1 +/* #undef HAVE_SYS_UCRED_H */ /* Define to 1 if you have the header file. */ -#define HAVE_SYS_UIO_H 1 +/* #define HAVE_SYS_UIO_H 1 */ /* Define to 1 if you have the header file. */ -#define HAVE_SYS_UN_H 1 +/* #define HAVE_SYS_UN_H 1 */ /* Define to 1 if you have the header file. */ -#define HAVE_SYS_UTSNAME_H 1 +/* #define HAVE_SYS_UTSNAME_H 1 */ /* Define to 1 if you have the header file. */ -#define HAVE_SYS_WAIT_H 1 - -/* Define to 1 if you have the `tdelete' function. */ -#define HAVE_TDELETE 1 +/* #define HAVE_SYS_WAIT_H 1 */ /* Define to 1 if you have the header file. */ -#define HAVE_TERMCAP_H 1 +/* #define HAVE_TERMCAP_H 1 */ /* Define to 1 if you have the header file. */ -#define HAVE_TERMIOS_H 1 +/* #define HAVE_TERMIOS_H 1 */ /* Define to 1 if you have the header file. */ -/* #undef HAVE_TERMIO_H */ +/* #define HAVE_TERMIO_H 1 */ /* Define to 1 if you have the header file. */ -#define HAVE_TERM_H 1 - -/* Define to 1 if you have the `tfind' function. */ -#define HAVE_TFIND 1 +/* #undef HAVE_TERM_H */ /* Define to 1 if you have the `tgetent' function. */ -#define HAVE_TGETENT 1 +/* #define HAVE_TGETENT 1 */ /* Define if you have the function `timegm'. */ -#define HAVE_TIMEGM 1 +/* #define HAVE_TIMEGM 1 */ /* Define if you have the `timezone' variable. */ #define HAVE_TIMEZONE 1 @@ -1131,53 +1102,47 @@ /* Define to 1 if you have the header file. */ /* #undef HAVE_TMPDIR_H */ -/* Define if you have the function `tsearch'. */ -#define HAVE_TSEARCH 1 - /* Define to 1 if you have the `ttyname' function. */ -#define HAVE_TTYNAME 1 +/* #define HAVE_TTYNAME 1 */ /* Define to 1 if you have the `ttyslot' function. */ -/* #undef HAVE_TTYSLOT */ - -/* Define to 1 if you have the `twalk' function. */ -#define HAVE_TWALK 1 +/* #define HAVE_TTYSLOT 1 */ /* Define to 1 if you have the header file. */ /* #undef HAVE_UDB_H */ /* Define to 1 if the system has the type `uint16_t'. */ -#define HAVE_UINT16_T 1 +/* #define HAVE_UINT16_T 1 */ /* Define to 1 if the system has the type `uint32_t'. */ -#define HAVE_UINT32_T 1 +/* #define HAVE_UINT32_T 1 */ /* Define to 1 if the system has the type `uint64_t'. */ -#define HAVE_UINT64_T 1 +/* #define HAVE_UINT64_T 1 */ /* Define to 1 if the system has the type `uint8_t'. */ -#define HAVE_UINT8_T 1 +/* #define HAVE_UINT8_T 1 */ /* Define to 1 if the system has the type `uintptr_t'. */ #define HAVE_UINTPTR_T 1 /* Define to 1 if you have the `umask' function. */ -#define HAVE_UMASK 1 +/* #define HAVE_UMASK 1 */ /* Define to 1 if you have the `uname' function. */ -#define HAVE_UNAME 1 +/* #define HAVE_UNAME 1 */ /* Define to 1 if you have the header file. */ -#define HAVE_UNISTD_H 1 +/* #define HAVE_UNISTD_H 1 */ /* Define to 1 if you have the `unlockpt' function. */ -#define HAVE_UNLOCKPT 1 +/* #define HAVE_UNLOCKPT 1 */ /* Define if you have the function `unsetenv'. */ -#define HAVE_UNSETENV 1 +/* #define HAVE_UNSETENV 1 */ /* Define to 1 if you have the `unvis' function. */ -#define HAVE_UNVIS 1 +/* #undef HAVE_UNVIS */ /* Define to 1 if you have the header file. */ /* #undef HAVE_USERCONF_H */ @@ -1188,145 +1153,97 @@ /* Define to 1 if you have the header file. */ /* #undef HAVE_UTIL_H */ -/* Define to 1 if you have the header file. */ -#define HAVE_UTMPX_H 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_UTMP_H */ - /* Define to 1 if the system has the type `u_int16_t'. */ -#define HAVE_U_INT16_T 1 +/* #define HAVE_U_INT16_T 1 */ /* Define to 1 if the system has the type `u_int32_t'. */ -#define HAVE_U_INT32_T 1 +/* #define HAVE_U_INT32_T 1 */ /* Define to 1 if the system has the type `u_int64_t'. */ -#define HAVE_U_INT64_T 1 +/* #define HAVE_U_INT64_T 1 */ /* Define to 1 if the system has the type `u_int8_t'. */ -#define HAVE_U_INT8_T 1 +/* #define HAVE_U_INT8_T 1 */ /* Define to 1 if you have the `vasnprintf' function. */ /* #undef HAVE_VASNPRINTF */ /* Define to 1 if you have the `vasprintf' function. */ -#define HAVE_VASPRINTF 1 +/* #define HAVE_VASPRINTF 1 */ /* Define if you have the function `verr'. */ -#define HAVE_VERR 1 +/* #define HAVE_VERR 1 */ /* Define if you have the function `verrx'. */ -#define HAVE_VERRX 1 +/* #define HAVE_VERRX 1 */ /* Define to 1 if you have the `vhangup' function. */ -/* #undef HAVE_VHANGUP */ +/* #define HAVE_VHANGUP 1 */ /* Define to 1 if you have the `vis' function. */ -#define HAVE_VIS 1 +/* #undef HAVE_VIS */ /* Define to 1 if you have the header file. */ -#define HAVE_VIS_H 1 +/* #undef HAVE_VIS_H */ /* define if you have a working vsnprintf */ -#define HAVE_VSNPRINTF 1 +/* snprintf() and vsnprintf() do exist. But the implementations are + not C99 compliant. */ +/* #define HAVE_VSNPRINTF 1 */ /* Define if you have the function `vsyslog'. */ #define HAVE_VSYSLOG 1 /* Define if you have the function `vwarn'. */ -#define HAVE_VWARN 1 +/* #define HAVE_VWARN 1 */ /* Define if you have the function `vwarnx'. */ -#define HAVE_VWARNX 1 +/* #define HAVE_VWARNX 1 */ /* Define if you have the function `warn'. */ -#define HAVE_WARN 1 +/* #define HAVE_WARN 1 */ /* Define if you have the function `warnx'. */ -#define HAVE_WARNX 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_WINSOCK2_H */ +/* #define HAVE_WARNX 1 */ /* Define if you have the function `writev'. */ -#define HAVE_WRITEV 1 +/* #define HAVE_WRITEV 1 */ -/* Define to 1 if you have the header file. */ -/* #undef HAVE_WS2TCPIP_H */ +/* Defined if we have WinSock */ +#define HAVE_WINSOCK 1 + +/* Defined if we have WinDNS */ +#define HAVE_WINDNS 1 /* define if struct winsize has ws_xpixel */ -#define HAVE_WS_XPIXEL 1 +/* #define HAVE_WS_XPIXEL 1 */ /* define if struct winsize has ws_ypixel */ -#define HAVE_WS_YPIXEL 1 - -/* Define to 1 if you have the `XauFileName' function. */ -/* #undef HAVE_XAUFILENAME */ - -/* Define to 1 if you have the `XauReadAuth' function. */ -/* #undef HAVE_XAUREADAUTH */ - -/* Define to 1 if you have the `XauWriteAuth' function. */ -/* #undef HAVE_XAUWRITEAUTH */ +/* #define HAVE_WS_YPIXEL 1 */ /* Define to 1 if you have the `yp_get_default_domain' function. */ -#define HAVE_YP_GET_DEFAULT_DOMAIN 1 +/* #undef HAVE_YP_GET_DEFAULT_DOMAIN */ /* Define to 1 if you have the `_getpty' function. */ /* #undef HAVE__GETPTY */ /* Define if you have the `_res' variable. */ -#define HAVE__RES 1 +/* #undef HAVE__RES */ /* Define to 1 if you have the `_scrsize' function. */ /* #undef HAVE__SCRSIZE */ /* define if your compiler has __attribute__ */ -#define HAVE___ATTRIBUTE__ 1 +/* #define HAVE___ATTRIBUTE__ 1 */ /* Define if you have the `__progname' variable. */ -#define HAVE___PROGNAME 1 - -/* have __sync_add_and_fetch */ -#if defined(__FreeBSD__) && defined(__arm__) -#undef HAVE___SYNC_ADD_AND_FETCH /* Not supported on FreeBSD/arm */ -#else -#define HAVE___SYNC_ADD_AND_FETCH 1 -#endif - -/* Define if you want support for weak crypto */ -#define HEIM_WEAK_CRYPTO 1 - -/* Define if you have the hesiod package. */ -/* #undef HESIOD */ - -/* Enable Kerberos 5 support in applications. */ -#define KRB5 1 - -/* Define to enable kx509. */ -#define KX509 1 - -/* path to lib */ -#define LIBDIR "/usr/lib" - -/* Define if you have the libedit package. */ -/* #undef LIBEDIT */ - -/* path to libexec */ -#define LIBEXECDIR "/usr/libexec" - -/* Define if you have the libintl package. */ -/* #undef LIBINTL */ +/* #define HAVE___PROGNAME 1 */ -/* path to localstate */ -#define LOCALSTATEDIR "/var/heimdal" - -/* Define to the sub-directory in which libtool stores uninstalled libraries. - */ -#define LT_OBJDIR ".libs/" +/* Define if you are running IRIX 4. */ +/* #undef IRIX4 */ /* define if the system is missing a prototype for asnprintf() */ -#define NEED_ASNPRINTF_PROTO 1 +/* #define NEED_ASNPRINTF_PROTO 1 */ /* define if the system is missing a prototype for asprintf() */ /* #undef NEED_ASPRINTF_PROTO */ @@ -1335,7 +1252,7 @@ /* #undef NEED_CRYPT_PROTO */ /* define if the system is missing a prototype for daemon() */ -#define NEED_DAEMON_PROTO 1 +/* #undef NEED_DAEMON_PROTO */ /* define if the system is missing a prototype for gethostname() */ /* #undef NEED_GETHOSTNAME_PROTO */ @@ -1356,16 +1273,13 @@ /* #undef NEED_IRUSEROK_PROTO */ /* define if the system is missing a prototype for mkstemp() */ -/* #undef NEED_MKSTEMP_PROTO */ - -/* if your qsort is not a stable sort */ -/* #undef NEED_QSORT */ +/* #define NEED_MKSTEMP_PROTO 1 */ /* define if the system is missing a prototype for SecKeyGetCSPHandle() */ /* #undef NEED_SECKEYGETCSPHANDLE_PROTO */ /* define if the system is missing a prototype for setenv() */ -/* #undef NEED_SETENV_PROTO */ +#define NEED_SETENV_PROTO 1 /* define if the system is missing a prototype for snprintf() */ /* #undef NEED_SNPRINTF_PROTO */ @@ -1376,114 +1290,102 @@ /* define if the system is missing a prototype for strsep() */ /* #undef NEED_STRSEP_PROTO */ -/* define if the system is missing a prototype for strsvisx() */ -#define NEED_STRSVISX_PROTO 1 - /* define if the system is missing a prototype for strsvis() */ -#define NEED_STRSVIS_PROTO 1 +/* #define NEED_STRSVIS_PROTO 1 */ /* define if the system is missing a prototype for strtok_r() */ -/* #undef NEED_STRTOK_R_PROTO */ +#define NEED_STRTOK_R_PROTO 1 /* define if the system is missing a prototype for strunvis() */ -/* #undef NEED_STRUNVIS_PROTO */ +/* #define NEED_STRUNVIS_PROTO 1 */ /* define if the system is missing a prototype for strvisx() */ -/* #undef NEED_STRVISX_PROTO */ +/* #define NEED_STRVISX_PROTO 1 */ /* define if the system is missing a prototype for strvis() */ -/* #undef NEED_STRVIS_PROTO */ +/* #define NEED_STRVIS_PROTO 1 */ /* define if the system is missing a prototype for svis() */ -#define NEED_SVIS_PROTO 1 +/* #define NEED_SVIS_PROTO 1 */ /* define if the system is missing a prototype for unsetenv() */ /* #undef NEED_UNSETENV_PROTO */ /* define if the system is missing a prototype for unvis() */ -/* #undef NEED_UNVIS_PROTO */ +/* #define NEED_UNVIS_PROTO 1 */ /* define if the system is missing a prototype for vasnprintf() */ -#define NEED_VASNPRINTF_PROTO 1 +/* #define NEED_VASNPRINTF_PROTO 1 */ /* define if the system is missing a prototype for vasprintf() */ /* #undef NEED_VASPRINTF_PROTO */ /* define if the system is missing a prototype for vis() */ -/* #undef NEED_VIS_PROTO */ +/* #define NEED_VIS_PROTO 1 */ /* define if the system is missing a prototype for vsnprintf() */ /* #undef NEED_VSNPRINTF_PROTO */ -/* Define if you don't wan't support for AFS. */ -/* #undef NO_AFS */ - /* Define to 1 if your C compiler doesn't accept -c and -o together. */ /* #undef NO_MINUS_C_MINUS_O */ /* Define if you don't want to use mmap. */ -/* #undef NO_MMAP */ +#define NO_MMAP 1 -/* Define this to enable old environment option in telnet. */ -#define OLD_ENVIRON 1 +/* Define if the Unix rand method is not defined */ +#define NO_RAND_UNIX_METHOD 1 -/* Define if you have the openldap package. */ -/* #undef OPENLDAP */ - -/* Define if you want support for hdb ldap module */ -/* #undef OPENLDAP_MODULE */ - -/* define if prototype of openlog is compatible with void openlog(const char - *, int, int) */ -#define OPENLOG_PROTO_COMPATIBLE 1 +/* Define if the Fortuna rand method is not defined */ +#define NO_RAND_FORTUNA_METHOD 1 -/* Define if you want OTP support in applications. */ -#define OTP 1 +/* Define if PID files should not be used. */ +#define NO_PIDFILES 1 -/* Name of package */ -#define PACKAGE "heimdal" +/* Define if SIGPIPE is not supported */ +#define NO_SIGPIPE 1 -/* Define to the address where bug reports for this package should be sent. */ -#define PACKAGE_BUGREPORT "heimdal-bugs@h5l.org" +/* Define if SIGXCPU is not supported */ +#define NO_SIGXCPU 1 -/* Define to the full name of this package. */ -#define PACKAGE_NAME "Heimdal" +/* Define if sleep() is not available */ +#define NO_SLEEP 1 -/* Define to the full name and version of this package. */ -#define PACKAGE_STRING "Heimdal 1.5.2" +/* Define to 1 if Unix sockets (AF_UNIX) are not available. */ +#define NO_UNIX_SOCKETS 1 -/* Define to the one symbol short name of this package. */ -#define PACKAGE_TARNAME "heimdal" +/* Define to 1 if POSIX link/unlink operations should be avoided. + This may be because the behavior of links are not not consistent + with POSIX or because the filesystem may not support POSIX + links. */ +#define NO_POSIX_LINKS 1 -/* Define to the home page for this package. */ -#define PACKAGE_URL "" - -/* Define to the version of this package. */ -#define PACKAGE_VERSION "1.5.2" +/* Define this to enable old environment option in telnet. */ +/* #define OLD_ENVIRON 1 */ -/* Define to enable PKINIT. */ -#define PKINIT 1 +/* define if prototype of openlog is compatible with void openlog(const char + *, int, int) */ +#define OPENLOG_PROTO_COMPATIBLE 1 /* Define if getlogin has POSIX flavour (and not BSD). */ -/* #undef POSIX_GETLOGIN */ +/* #define POSIX_GETLOGIN 1 */ /* Define if getpwnam_r has POSIX flavour. */ -#define POSIX_GETPWNAM_R 1 +/* #define POSIX_GETPWNAM_R 1 */ /* Define if you have the readline package. */ -/* #undef READLINE */ +#define READLINE 1 -/* Define as the return type of signal handlers (`int' or `void'). */ -#define RETSIGTYPE void - -/* path to sbin */ -#define SBINDIR "/usr/sbin" +/* Define if rename() does not unlink an existing file */ +#define RENAME_DOES_NOT_UNLINK 1 /* Define if you want to use samba socket wrappers. */ /* #undef SOCKET_WRAPPER_REPLACE */ -/* Define if you have the sqlite3 package. */ -/* #undef SQLITE3 */ +/* Define if a socket is not a file descriptor */ +#define SOCKET_IS_NOT_AN_FD 1 + +/* Define if FD_SETSIZE check does not apply to this platform */ +#define NO_LIMIT_FD_SETSIZE 1 /* Define to 1 if you have the ANSI C header files. */ #define STDC_HEADERS 1 @@ -1491,34 +1393,12 @@ /* Define if you have streams ptys. */ /* #undef STREAMSPTY */ -/* define if prototype of strerror_r is compatible with int strerror_r(int, - char *, size_t) */ -#define STRERROR_R_PROTO_COMPATIBLE 1 - -/* Define if os support want to detach is daemonens. */ -#define SUPPORT_DETACH 1 - -/* Enable use of inetd style startup. */ -#define SUPPORT_INETD 1 - -/* path to sysconf */ -#define SYSCONFDIR "/etc" - -/* Define to what version of SunOS you are running. */ -/* #undef SunOS */ - /* Define to 1 if you can safely include both and . */ -#define TIME_WITH_SYS_TIME 1 +/* #define TIME_WITH_SYS_TIME 1 */ /* Define to 1 if your declares `struct tm'. */ /* #undef TM_IN_SYS_TIME */ -/* Version number of package */ -#define VERSION "1.5.2" - -/* Define if signal handlers return void. */ -#define VOID_RETSIGTYPE 1 - /* define if target is big endian */ /* #undef WORDS_BIGENDIAN */ @@ -1527,105 +1407,87 @@ /* Define to 1 if `lex' declares `yytext' as a `char *' by default, not a `char[]'. */ -#define YYTEXT_POINTER 1 - -/* Required for functional/sane headers on AIX */ -/* #undef _ALL_SOURCE */ +/* #undef YYTEXT_POINTER */ /* Number of bits in a file offset, on hosts where this is settable. */ /* #undef _FILE_OFFSET_BITS */ /* Define to enable extensions on glibc-based systems such as Linux. */ -#define _GNU_SOURCE 1 +/* #define _GNU_SOURCE 1 */ /* Define for large files, on AIX-style hosts. */ /* #undef _LARGE_FILES */ -/* Define to get POSIX getpwnam_r in some systems. */ -/* #undef _POSIX_PTHREAD_SEMANTICS */ +/* Set this to the default system lead string for telnetd + * can contain %-escapes: %s=sysname, %m=machine, %r=os-release + * %v=os-version, %t=tty, %h=hostname, %d=date and time + */ +/* #undef USE_IM */ -/* Define to empty if `const' does not conform to ANSI C. */ -/* #undef const */ +/* Used with login -p */ +/* #undef LOGIN_ARGS */ -/* Define to `int' if doesn't define. */ -/* #undef gid_t */ +#ifdef ROKEN_RENAME +#include "roken_rename.h" +#endif -/* Define to `__inline__' or `__inline' if that's what the C compiler - calls it, or to nothing if 'inline' is not supported under any name. */ -#ifndef __cplusplus -/* #undef inline */ +#if defined(ENCRYPTION) && !defined(AUTHENTICATION) +#define AUTHENTICATION 1 #endif -/* Define this to what the type mode_t should be. */ -/* #undef mode_t */ -/* Define to `long int' if does not define. */ -/* #undef off_t */ -/* Define to `int' if does not define. */ -/* #undef pid_t */ +/* Paths */ -/* Path name delimiter */ -#define rk_PATH_DELIM '/' +#define SYSCONFDIR "%{COMMONCONFIG}" -/* Define this to what the type sig_atomic_t should be. */ -/* #undef sig_atomic_t */ +#define LIBDIR "%{LIBDIR}" -/* Define to `unsigned int' if does not define. */ -/* #undef size_t */ +#endif /* RC_INVOKED */ -/* Define to `int' if doesn't define. */ -/* #undef uid_t */ -#ifdef _AIX -/* XXX this is gross, but kills about a gazillion warnings */ -struct ether_addr; -struct sockaddr; -struct sockaddr_dl; -struct sockaddr_in; -#endif +/* Version info */ -#ifdef __APPLE__ -#include -#endif +#define PACKAGE "@PACKAGE@" -#ifdef ROKEN_RENAME -#include "roken_rename.h" -#endif +#define PACKAGE_BUGREPORT "@PACKAGE_BUGREPORT@" -#ifdef VOID_RETSIGTYPE -#define SIGRETURN(x) return -#else -#define SIGRETURN(x) return (RETSIGTYPE)(x) -#endif +#define PACKAGE_NAME "@PACKAGE_NAME@" -#ifdef BROKEN_REALLOC -#define realloc(X, Y) rk_realloc((X), (Y)) -#endif +#define PACKAGE_STRING "@PACKAGE_NAME@ @PACKAGE_VERSION@" +#define PACKAGE_TARNAME "@PACKAGE@" -#ifdef ENDIANESS_IN_SYS_PARAM_H -# include -# include -# if BYTE_ORDER == BIG_ENDIAN -# define WORDS_BIGENDIAN 1 -# endif -#endif +#define PACKAGE_VERSION "@PACKAGE_VERSION@" +#define PACKAGE_COMPANY "@PACKAGE_COMPANY@" +#define PACKAGE_COPYRIGHT "@PACKAGE_COPYRIGHT@" +#define VERSION "@PACKAGE_VERSION@" -/* Set this to the default system lead string for telnetd - * can contain %-escapes: %s=sysname, %m=machine, %r=os-release - * %v=os-version, %t=tty, %h=hostname, %d=date and time - */ -/* #undef USE_IM */ +#define RC_PRODVER_MAJOR @MAJOR@ -/* Used with login -p */ -/* #undef LOGIN_ARGS */ +#define RC_PRODVER_MINOR @MINOR@ -/* set this to a sensible login */ -#ifndef LOGIN_PATH -#define LOGIN_PATH BINDIR "/login" -#endif +#define RC_PRODVER_AUX @AUX@ + +#define RC_PRODVER_PATCH @PATCH@ + +#define RC_PRODVER_C @MAJOR@,@MINOR@,@AUX@,@PATCH@ + +#define RC_PRODVER_CS "@MAJOR@,@MINOR@,@AUX@,@PATCH@" + +#define RC_PRODVER_DS "@MAJOR@.@MINOR@.@AUX@.@PATCH@" + +#define RC_PRODUCT_NAME_0409 PACKAGE_NAME + +#define RC_PRODUCT_VER_0409 PACKAGE_VERSION + +#define RC_COMPANY_0409 PACKAGE_COMPANY + +#define RC_COPYRIGHT_0409 PACKAGE_COPYRIGHT + +@VERSION_OPTDEFS@ +#endif /* __CONFIG_H__ */ diff --git a/kerberos5/include/crmf_asn1.h b/kerberos5/include/crmf_asn1.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/crmf_asn1.h @@ -0,0 +1,446 @@ +/* Generated from ./crmf.asn1 */ +/* Do not edit */ + +#ifndef __crmf_asn1_h__ +#define __crmf_asn1_h__ + +#include +#include + +#ifndef __asn1_common_definitions__ +#define __asn1_common_definitions__ + +#ifndef __HEIM_BASE_DATA__ +#define __HEIM_BASE_DATA__ 1 +struct heim_base_data { + size_t length; + void *data; +}; +typedef struct heim_base_data heim_octet_string; +#endif + +typedef struct heim_integer { + size_t length; + void *data; + int negative; +} heim_integer; + +typedef char *heim_general_string; + +typedef char *heim_utf8_string; + +typedef struct heim_base_data heim_printable_string; + +typedef struct heim_base_data heim_ia5_string; + +typedef struct heim_bmp_string { + size_t length; + uint16_t *data; +} heim_bmp_string; + +typedef struct heim_universal_string { + size_t length; + uint32_t *data; +} heim_universal_string; + +typedef char *heim_visible_string; + +typedef struct heim_oid { + size_t length; + unsigned *components; +} heim_oid; + +typedef struct heim_bit_string { + size_t length; + void *data; +} heim_bit_string; + +typedef struct heim_base_data heim_any; +typedef struct heim_base_data heim_any_set; + +#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \ + do { \ + (BL) = length_##T((S)); \ + (B) = malloc((BL)); \ + if((B) == NULL) { \ + (R) = ENOMEM; \ + } else { \ + (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \ + (S), (L)); \ + if((R) != 0) { \ + free((B)); \ + (B) = NULL; \ + } \ + } \ + } while (0) + +#ifdef _WIN32 +#ifndef ASN1_LIB +#define ASN1EXP __declspec(dllimport) +#else +#define ASN1EXP +#endif +#define ASN1CALL __stdcall +#else +#define ASN1EXP +#define ASN1CALL +#endif +struct units; + +#endif + +#include +#include +/* +CRMFRDNSequence ::= SEQUENCE OF RelativeDistinguishedName +*/ + +typedef struct CRMFRDNSequence { + unsigned int len; + RelativeDistinguishedName *val; +} CRMFRDNSequence; + +ASN1EXP int ASN1CALL decode_CRMFRDNSequence(const unsigned char *, size_t, CRMFRDNSequence *, size_t *); +ASN1EXP int ASN1CALL encode_CRMFRDNSequence(unsigned char *, size_t, const CRMFRDNSequence *, size_t *); +ASN1EXP size_t ASN1CALL length_CRMFRDNSequence(const CRMFRDNSequence *); +ASN1EXP int ASN1CALL copy_CRMFRDNSequence (const CRMFRDNSequence *, CRMFRDNSequence *); +ASN1EXP void ASN1CALL free_CRMFRDNSequence (CRMFRDNSequence *); + + +/* +Controls ::= SEQUENCE OF AttributeTypeAndValue +*/ + +typedef struct Controls { + unsigned int len; + AttributeTypeAndValue *val; +} Controls; + +ASN1EXP int ASN1CALL decode_Controls(const unsigned char *, size_t, Controls *, size_t *); +ASN1EXP int ASN1CALL encode_Controls(unsigned char *, size_t, const Controls *, size_t *); +ASN1EXP size_t ASN1CALL length_Controls(const Controls *); +ASN1EXP int ASN1CALL copy_Controls (const Controls *, Controls *); +ASN1EXP void ASN1CALL free_Controls (Controls *); + + +/* +POPOSigningKey ::= SEQUENCE { + poposkInput [0] IMPLICIT POPOSigningKeyInput OPTIONAL, + algorithmIdentifier AlgorithmIdentifier, + signature BIT STRING { + }, +} +*/ + +typedef struct POPOSigningKey { + POPOSigningKeyInput *poposkInput; + AlgorithmIdentifier algorithmIdentifier; + heim_bit_string signature; +} POPOSigningKey; + +ASN1EXP int ASN1CALL decode_POPOSigningKey(const unsigned char *, size_t, POPOSigningKey *, size_t *); +ASN1EXP int ASN1CALL encode_POPOSigningKey(unsigned char *, size_t, const POPOSigningKey *, size_t *); +ASN1EXP size_t ASN1CALL length_POPOSigningKey(const POPOSigningKey *); +ASN1EXP int ASN1CALL copy_POPOSigningKey (const POPOSigningKey *, POPOSigningKey *); +ASN1EXP void ASN1CALL free_POPOSigningKey (POPOSigningKey *); + + +/* +PKMACValue ::= SEQUENCE { + algId AlgorithmIdentifier, + value BIT STRING { + }, +} +*/ + +typedef struct PKMACValue { + AlgorithmIdentifier algId; + heim_bit_string value; +} PKMACValue; + +ASN1EXP int ASN1CALL decode_PKMACValue(const unsigned char *, size_t, PKMACValue *, size_t *); +ASN1EXP int ASN1CALL encode_PKMACValue(unsigned char *, size_t, const PKMACValue *, size_t *); +ASN1EXP size_t ASN1CALL length_PKMACValue(const PKMACValue *); +ASN1EXP int ASN1CALL copy_PKMACValue (const PKMACValue *, PKMACValue *); +ASN1EXP void ASN1CALL free_PKMACValue (PKMACValue *); + + +/* +POPOSigningKeyInput ::= SEQUENCE { + authInfo CHOICE { + sender [0] IMPLICIT GeneralName, + publicKeyMAC PKMACValue, + }, + publicKey SubjectPublicKeyInfo, +} +*/ + +typedef struct POPOSigningKeyInput { + struct POPOSigningKeyInput_authInfo { + enum POPOSigningKeyInput_authInfo_enum { + choice_POPOSigningKeyInput_authInfo_sender = 1, + choice_POPOSigningKeyInput_authInfo_publicKeyMAC + } element; + union { + GeneralName sender; + PKMACValue publicKeyMAC; + } u; + } authInfo; + SubjectPublicKeyInfo publicKey; +} POPOSigningKeyInput; + +ASN1EXP int ASN1CALL decode_POPOSigningKeyInput(const unsigned char *, size_t, POPOSigningKeyInput *, size_t *); +ASN1EXP int ASN1CALL encode_POPOSigningKeyInput(unsigned char *, size_t, const POPOSigningKeyInput *, size_t *); +ASN1EXP size_t ASN1CALL length_POPOSigningKeyInput(const POPOSigningKeyInput *); +ASN1EXP int ASN1CALL copy_POPOSigningKeyInput (const POPOSigningKeyInput *, POPOSigningKeyInput *); +ASN1EXP void ASN1CALL free_POPOSigningKeyInput (POPOSigningKeyInput *); + + +/* +PBMParameter ::= SEQUENCE { + salt OCTET STRING, + owf AlgorithmIdentifier, + iterationCount INTEGER, + mac AlgorithmIdentifier, +} +*/ + +typedef struct PBMParameter { + heim_octet_string salt; + AlgorithmIdentifier owf; + heim_integer iterationCount; + AlgorithmIdentifier mac; +} PBMParameter; + +ASN1EXP int ASN1CALL decode_PBMParameter(const unsigned char *, size_t, PBMParameter *, size_t *); +ASN1EXP int ASN1CALL encode_PBMParameter(unsigned char *, size_t, const PBMParameter *, size_t *); +ASN1EXP size_t ASN1CALL length_PBMParameter(const PBMParameter *); +ASN1EXP int ASN1CALL copy_PBMParameter (const PBMParameter *, PBMParameter *); +ASN1EXP void ASN1CALL free_PBMParameter (PBMParameter *); + + +/* +SubsequentMessage ::= INTEGER { + encrCert(0), + challengeResp(1) +} +*/ + +typedef enum SubsequentMessage { + encrCert = 0, + challengeResp = 1 +} SubsequentMessage; + +ASN1EXP int ASN1CALL decode_SubsequentMessage(const unsigned char *, size_t, SubsequentMessage *, size_t *); +ASN1EXP int ASN1CALL encode_SubsequentMessage(unsigned char *, size_t, const SubsequentMessage *, size_t *); +ASN1EXP size_t ASN1CALL length_SubsequentMessage(const SubsequentMessage *); +ASN1EXP int ASN1CALL copy_SubsequentMessage (const SubsequentMessage *, SubsequentMessage *); +ASN1EXP void ASN1CALL free_SubsequentMessage (SubsequentMessage *); + + +/* +POPOPrivKey ::= CHOICE { + thisMessage [0] BIT STRING { + }, + subsequentMessage [1] IMPLICIT SubsequentMessage, + dhMAC [2] BIT STRING { + }, + agreeMAC [3] IMPLICIT PKMACValue, + encryptedKey [4] heim_any, +} +*/ + +typedef struct POPOPrivKey { + enum POPOPrivKey_enum { + choice_POPOPrivKey_thisMessage = 1, + choice_POPOPrivKey_subsequentMessage, + choice_POPOPrivKey_dhMAC, + choice_POPOPrivKey_agreeMAC, + choice_POPOPrivKey_encryptedKey + } element; + union { + heim_bit_string thisMessage; + SubsequentMessage subsequentMessage; + heim_bit_string dhMAC; + PKMACValue agreeMAC; + heim_any encryptedKey; + } u; +} POPOPrivKey; + +ASN1EXP int ASN1CALL decode_POPOPrivKey(const unsigned char *, size_t, POPOPrivKey *, size_t *); +ASN1EXP int ASN1CALL encode_POPOPrivKey(unsigned char *, size_t, const POPOPrivKey *, size_t *); +ASN1EXP size_t ASN1CALL length_POPOPrivKey(const POPOPrivKey *); +ASN1EXP int ASN1CALL copy_POPOPrivKey (const POPOPrivKey *, POPOPrivKey *); +ASN1EXP void ASN1CALL free_POPOPrivKey (POPOPrivKey *); + + +/* +ProofOfPossession ::= CHOICE { + raVerified [0] NULL, + signature [1] POPOSigningKey, + keyEncipherment [2] POPOPrivKey, + keyAgreement [3] POPOPrivKey, +} +*/ + +typedef struct ProofOfPossession { + enum ProofOfPossession_enum { + choice_ProofOfPossession_raVerified = 1, + choice_ProofOfPossession_signature, + choice_ProofOfPossession_keyEncipherment, + choice_ProofOfPossession_keyAgreement + } element; + union { + int raVerified; + POPOSigningKey signature; + POPOPrivKey keyEncipherment; + POPOPrivKey keyAgreement; + } u; +} ProofOfPossession; + +ASN1EXP int ASN1CALL decode_ProofOfPossession(const unsigned char *, size_t, ProofOfPossession *, size_t *); +ASN1EXP int ASN1CALL encode_ProofOfPossession(unsigned char *, size_t, const ProofOfPossession *, size_t *); +ASN1EXP size_t ASN1CALL length_ProofOfPossession(const ProofOfPossession *); +ASN1EXP int ASN1CALL copy_ProofOfPossession (const ProofOfPossession *, ProofOfPossession *); +ASN1EXP void ASN1CALL free_ProofOfPossession (ProofOfPossession *); + + +/* +CertTemplate ::= SEQUENCE { + version [0] INTEGER OPTIONAL, + serialNumber [1] INTEGER OPTIONAL, + signingAlg [2] SEQUENCE { + algorithm OBJECT IDENTIFIER, + parameters heim_any OPTIONAL, + } OPTIONAL, + issuer [3] IMPLICIT CHOICE { + rdnSequence CRMFRDNSequence, + } OPTIONAL, + validity [4] SEQUENCE { + notBefore [0] Time OPTIONAL, + notAfter [1] Time OPTIONAL, + } OPTIONAL, + subject [5] IMPLICIT CHOICE { + rdnSequence CRMFRDNSequence, + } OPTIONAL, + publicKey [6] IMPLICIT SEQUENCE { + algorithm AlgorithmIdentifier, + subjectPublicKey BIT STRING { + } OPTIONAL, + } OPTIONAL, + issuerUID [7] IMPLICIT BIT STRING { + } OPTIONAL, + subjectUID [8] IMPLICIT BIT STRING { + } OPTIONAL, + extensions [9] IMPLICIT SEQUENCE OF Extension OPTIONAL, +} +*/ + +typedef struct CertTemplate { + heim_integer *version; + heim_integer *serialNumber; + struct CertTemplate_signingAlg { + heim_oid algorithm; + heim_any *parameters; + } *signingAlg; + struct CertTemplate_issuer { + enum CertTemplate_issuer_enum { + choice_CertTemplate_issuer_rdnSequence = 1 + } element; + union { + CRMFRDNSequence rdnSequence; + } u; + } *issuer; + struct CertTemplate_validity { + Time *notBefore; + Time *notAfter; + } *validity; + struct CertTemplate_subject { + enum CertTemplate_subject_enum { + choice_CertTemplate_subject_rdnSequence = 1 + } element; + union { + CRMFRDNSequence rdnSequence; + } u; + } *subject; + struct CertTemplate_publicKey { + AlgorithmIdentifier algorithm; + heim_bit_string *subjectPublicKey; + } *publicKey; + heim_bit_string *issuerUID; + heim_bit_string *subjectUID; + struct CertTemplate_extensions { + unsigned int len; + Extension *val; + } *extensions; +} CertTemplate; + +ASN1EXP int ASN1CALL decode_CertTemplate(const unsigned char *, size_t, CertTemplate *, size_t *); +ASN1EXP int ASN1CALL encode_CertTemplate(unsigned char *, size_t, const CertTemplate *, size_t *); +ASN1EXP size_t ASN1CALL length_CertTemplate(const CertTemplate *); +ASN1EXP int ASN1CALL copy_CertTemplate (const CertTemplate *, CertTemplate *); +ASN1EXP void ASN1CALL free_CertTemplate (CertTemplate *); + + +/* +CertRequest ::= SEQUENCE { + certReqId INTEGER, + certTemplate CertTemplate, + controls Controls OPTIONAL, +} +*/ + +typedef struct CertRequest { + heim_integer certReqId; + CertTemplate certTemplate; + Controls *controls; +} CertRequest; + +ASN1EXP int ASN1CALL decode_CertRequest(const unsigned char *, size_t, CertRequest *, size_t *); +ASN1EXP int ASN1CALL encode_CertRequest(unsigned char *, size_t, const CertRequest *, size_t *); +ASN1EXP size_t ASN1CALL length_CertRequest(const CertRequest *); +ASN1EXP int ASN1CALL copy_CertRequest (const CertRequest *, CertRequest *); +ASN1EXP void ASN1CALL free_CertRequest (CertRequest *); + + +/* +CertReqMsg ::= SEQUENCE { + certReq CertRequest, + popo ProofOfPossession OPTIONAL, + regInfo SEQUENCE OF AttributeTypeAndValue OPTIONAL, +} +*/ + +typedef struct CertReqMsg { + CertRequest certReq; + ProofOfPossession *popo; + struct CertReqMsg_regInfo { + unsigned int len; + AttributeTypeAndValue *val; + } *regInfo; +} CertReqMsg; + +ASN1EXP int ASN1CALL decode_CertReqMsg(const unsigned char *, size_t, CertReqMsg *, size_t *); +ASN1EXP int ASN1CALL encode_CertReqMsg(unsigned char *, size_t, const CertReqMsg *, size_t *); +ASN1EXP size_t ASN1CALL length_CertReqMsg(const CertReqMsg *); +ASN1EXP int ASN1CALL copy_CertReqMsg (const CertReqMsg *, CertReqMsg *); +ASN1EXP void ASN1CALL free_CertReqMsg (CertReqMsg *); + + +/* +CertReqMessages ::= SEQUENCE OF CertReqMsg +*/ + +typedef struct CertReqMessages { + unsigned int len; + CertReqMsg *val; +} CertReqMessages; + +ASN1EXP int ASN1CALL decode_CertReqMessages(const unsigned char *, size_t, CertReqMessages *, size_t *); +ASN1EXP int ASN1CALL encode_CertReqMessages(unsigned char *, size_t, const CertReqMessages *, size_t *); +ASN1EXP size_t ASN1CALL length_CertReqMessages(const CertReqMessages *); +ASN1EXP int ASN1CALL copy_CertReqMessages (const CertReqMessages *, CertReqMessages *); +ASN1EXP void ASN1CALL free_CertReqMessages (CertReqMessages *); + + +#endif /* __crmf_asn1_h__ */ diff --git a/kerberos5/include/crypto-headers.h b/kerberos5/include/crypto-headers.h --- a/kerberos5/include/crypto-headers.h +++ b/kerberos5/include/crypto-headers.h @@ -1,25 +1,25 @@ -#ifndef __crypto_headers_h__ -#define __crypto_headers_h__ +#ifndef __crypto_header__ +#define __crypto_header__ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) -#include -#include "fbsd_ossl_provider.h" +#ifndef PACKAGE_NAME +#error "need config.h" #endif -#endif /* __crypto_headers_h__ */ +#ifdef KRB5 +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#endif /* __crypto_header__ */ diff --git a/kerberos5/include/db_plugin.h b/kerberos5/include/db_plugin.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/db_plugin.h @@ -0,0 +1,68 @@ +/* + * Copyright (c) 2011, Secure Endpoints Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef HEIMDAL_KRB5_DB_PLUGIN_H +#define HEIMDAL_KRB5_DB_PLUGIN_H 1 + +#define KRB5_PLUGIN_DB "krb5_db_plug" +#define KRB5_PLUGIN_DB_VERSION_0 0 + +/** @struct krb5plugin_db_ftable_desc + * + * @brief Description of the krb5 DB plugin facility. + * + * The krb5_aname_to_lname(3) function's DB rule is pluggable. The + * plugin is named KRB5_PLUGIN_DB ("krb5_db_plug"), with a single minor + * version, KRB5_PLUGIN_DB_VERSION_0 (0). + * + * The plugin consists of a data symbol referencing a structure of type + * krb5plugin_db_ftable_desc, with three fields: + * + * @param init Plugin initialization function (see krb5-plugin(7)) + * + * @param minor_version The plugin minor version number (0) + * + * @param fini Plugin finalization function + * + * The init entry point is expected to call heim_db_register(). The + * fini entry point is expected to do nothing. + * + * @ingroup krb5_support + */ +typedef struct krb5plugin_db_ftable_desc { + int minor_version; + krb5_error_code (KRB5_LIB_CALL *init)(krb5_context, void **); + void (KRB5_LIB_CALL *fini)(void *); +} krb5plugin_db_ftable; + +#endif /* HEIMDAL_KRB5_DB_PLUGIN_H */ + diff --git a/kerberos5/include/der-private.h b/kerberos5/include/der-private.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/der-private.h @@ -0,0 +1,123 @@ +/* This is a generated file */ +#ifndef __der_private_h__ +#define __der_private_h__ + +#include + +int +_asn1_bmember_isset_bit ( + const void */*data*/, + unsigned int /*bit*/, + size_t /*size*/); + +void +_asn1_bmember_put_bit ( + unsigned char */*p*/, + const void */*data*/, + unsigned int /*bit*/, + size_t /*size*/, + unsigned int */*bitset*/); + +int +_asn1_copy ( + const struct asn1_template */*t*/, + const void */*from*/, + void */*to*/); + +int +_asn1_copy_top ( + const struct asn1_template */*t*/, + const void */*from*/, + void */*to*/); + +int +_asn1_decode ( + const struct asn1_template */*t*/, + unsigned /*flags*/, + const unsigned char */*p*/, + size_t /*len*/, + void */*data*/, + size_t */*size*/); + +int +_asn1_decode_top ( + const struct asn1_template */*t*/, + unsigned /*flags*/, + const unsigned char */*p*/, + size_t /*len*/, + void */*data*/, + size_t */*size*/); + +int +_asn1_encode ( + const struct asn1_template */*t*/, + unsigned char */*p*/, + size_t /*len*/, + const void */*data*/, + size_t */*size*/); + +int +_asn1_encode_fuzzer ( + const struct asn1_template */*t*/, + unsigned char */*p*/, + size_t /*len*/, + const void */*data*/, + size_t */*size*/); + +void +_asn1_free ( + const struct asn1_template */*t*/, + void */*data*/); + +void +_asn1_free_top ( + const struct asn1_template */*t*/, + void */*data*/); + +size_t +_asn1_length ( + const struct asn1_template */*t*/, + const void */*data*/); + +size_t +_asn1_length_fuzzer ( + const struct asn1_template */*t*/, + const void */*data*/); + +size_t +_asn1_sizeofType (const struct asn1_template */*t*/); + +struct tm * +_der_gmtime ( + time_t /*t*/, + struct tm */*tm*/); + +int +_heim_der_set_sort ( + const void */*a1*/, + const void */*a2*/); + +int +_heim_fix_dce ( + size_t /*reallen*/, + size_t */*len*/); + +size_t +_heim_len_int (int /*val*/); + +size_t +_heim_len_int64 (int64_t /*val*/); + +size_t +_heim_len_unsigned (unsigned /*val*/); + +size_t +_heim_len_unsigned64 (uint64_t /*val*/); + +int +_heim_time2generalizedtime ( + time_t /*t*/, + heim_octet_string */*s*/, + int /*gtimep*/); + +#endif /* __der_private_h__ */ diff --git a/kerberos5/include/der-protos.h b/kerberos5/include/der-protos.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/der-protos.h @@ -0,0 +1,692 @@ +/* This is a generated file */ +#ifndef __der_protos_h__ +#define __der_protos_h__ +#ifndef DOXY + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +int +asn1_fuzzer_done (void); + +int +asn1_fuzzer_method (const char */*mode*/); + +void +asn1_fuzzer_next (void); + +void +asn1_fuzzer_reset (void); + +int +copy_heim_any ( + const heim_any */*from*/, + heim_any */*to*/); + +int +copy_heim_any_set ( + const heim_any_set */*from*/, + heim_any_set */*to*/); + +int +decode_heim_any ( + const unsigned char */*p*/, + size_t /*len*/, + heim_any */*data*/, + size_t */*size*/); + +int +decode_heim_any_set ( + const unsigned char */*p*/, + size_t /*len*/, + heim_any_set */*data*/, + size_t */*size*/); + +int +der_copy_bit_string ( + const heim_bit_string */*from*/, + heim_bit_string */*to*/); + +int +der_copy_bmp_string ( + const heim_bmp_string */*from*/, + heim_bmp_string */*to*/); + +int +der_copy_general_string ( + const heim_general_string */*from*/, + heim_general_string */*to*/); + +int +der_copy_generalized_time ( + const time_t */*from*/, + time_t */*to*/); + +int +der_copy_heim_integer ( + const heim_integer */*from*/, + heim_integer */*to*/); + +int +der_copy_ia5_string ( + const heim_ia5_string */*from*/, + heim_ia5_string */*to*/); + +int +der_copy_integer ( + const int */*from*/, + int */*to*/); + +int +der_copy_integer64 ( + const int64_t */*from*/, + int64_t */*to*/); + +int +der_copy_octet_string ( + const heim_octet_string */*from*/, + heim_octet_string */*to*/); + +int +der_copy_oid ( + const heim_oid */*from*/, + heim_oid */*to*/); + +int +der_copy_printable_string ( + const heim_printable_string */*from*/, + heim_printable_string */*to*/); + +int +der_copy_universal_string ( + const heim_universal_string */*from*/, + heim_universal_string */*to*/); + +int +der_copy_unsigned ( + const unsigned */*from*/, + unsigned */*to*/); + +int +der_copy_unsigned64 ( + const uint64_t */*from*/, + uint64_t */*to*/); + +int +der_copy_utctime ( + const time_t */*from*/, + time_t */*to*/); + +int +der_copy_utf8string ( + const heim_utf8_string */*from*/, + heim_utf8_string */*to*/); + +int +der_copy_visible_string ( + const heim_visible_string */*from*/, + heim_visible_string */*to*/); + +void +der_free_bit_string (heim_bit_string */*k*/); + +void +der_free_bmp_string (heim_bmp_string */*k*/); + +void +der_free_general_string (heim_general_string */*str*/); + +void +der_free_generalized_time (time_t */*t*/); + +void +der_free_heim_integer (heim_integer */*k*/); + +void +der_free_ia5_string (heim_ia5_string */*str*/); + +void +der_free_integer (int */*i*/); + +void +der_free_integer64 (int64_t */*i*/); + +void +der_free_octet_string (heim_octet_string */*k*/); + +void +der_free_oid (heim_oid */*k*/); + +void +der_free_printable_string (heim_printable_string */*str*/); + +void +der_free_universal_string (heim_universal_string */*k*/); + +void +der_free_unsigned (unsigned */*u*/); + +void +der_free_unsigned64 (uint64_t */*u*/); + +void +der_free_utctime (time_t */*t*/); + +void +der_free_utf8string (heim_utf8_string */*str*/); + +void +der_free_visible_string (heim_visible_string */*str*/); + +int +der_get_bit_string ( + const unsigned char */*p*/, + size_t /*len*/, + heim_bit_string */*data*/, + size_t */*size*/); + +int +der_get_bmp_string ( + const unsigned char */*p*/, + size_t /*len*/, + heim_bmp_string */*data*/, + size_t */*size*/); + +int +der_get_boolean ( + const unsigned char */*p*/, + size_t /*len*/, + int */*data*/, + size_t */*size*/); + +const char * +der_get_class_name (unsigned /*num*/); + +int +der_get_class_num (const char */*name*/); + +int +der_get_general_string ( + const unsigned char */*p*/, + size_t /*len*/, + heim_general_string */*str*/, + size_t */*size*/); + +int +der_get_generalized_time ( + const unsigned char */*p*/, + size_t /*len*/, + time_t */*data*/, + size_t */*size*/); + +int +der_get_heim_integer ( + const unsigned char */*p*/, + size_t /*len*/, + heim_integer */*data*/, + size_t */*size*/); + +int +der_get_ia5_string ( + const unsigned char */*p*/, + size_t /*len*/, + heim_ia5_string */*str*/, + size_t */*size*/); + +int +der_get_integer ( + const unsigned char */*p*/, + size_t /*len*/, + int */*ret*/, + size_t */*size*/); + +int +der_get_integer64 ( + const unsigned char */*p*/, + size_t /*len*/, + int64_t */*ret*/, + size_t */*size*/); + +int +der_get_length ( + const unsigned char */*p*/, + size_t /*len*/, + size_t */*val*/, + size_t */*size*/); + +int +der_get_octet_string ( + const unsigned char */*p*/, + size_t /*len*/, + heim_octet_string */*data*/, + size_t */*size*/); + +int +der_get_octet_string_ber ( + const unsigned char */*p*/, + size_t /*len*/, + heim_octet_string */*data*/, + size_t */*size*/); + +int +der_get_oid ( + const unsigned char */*p*/, + size_t /*len*/, + heim_oid */*data*/, + size_t */*size*/); + +int +der_get_printable_string ( + const unsigned char */*p*/, + size_t /*len*/, + heim_printable_string */*str*/, + size_t */*size*/); + +int +der_get_tag ( + const unsigned char */*p*/, + size_t /*len*/, + Der_class */*cls*/, + Der_type */*type*/, + unsigned int */*tag*/, + size_t */*size*/); + +const char * +der_get_tag_name (unsigned /*num*/); + +int +der_get_tag_num (const char */*name*/); + +const char * +der_get_type_name (unsigned /*num*/); + +int +der_get_type_num (const char */*name*/); + +int +der_get_universal_string ( + const unsigned char */*p*/, + size_t /*len*/, + heim_universal_string */*data*/, + size_t */*size*/); + +int +der_get_unsigned ( + const unsigned char */*p*/, + size_t /*len*/, + unsigned */*ret*/, + size_t */*size*/); + +int +der_get_unsigned64 ( + const unsigned char */*p*/, + size_t /*len*/, + uint64_t */*ret*/, + size_t */*size*/); + +int +der_get_utctime ( + const unsigned char */*p*/, + size_t /*len*/, + time_t */*data*/, + size_t */*size*/); + +int +der_get_utf8string ( + const unsigned char */*p*/, + size_t /*len*/, + heim_utf8_string */*str*/, + size_t */*size*/); + +int +der_get_visible_string ( + const unsigned char */*p*/, + size_t /*len*/, + heim_visible_string */*str*/, + size_t */*size*/); + +int +der_heim_bit_string_cmp ( + const heim_bit_string */*p*/, + const heim_bit_string */*q*/); + +int +der_heim_bmp_string_cmp ( + const heim_bmp_string */*p*/, + const heim_bmp_string */*q*/); + +int +der_heim_integer_cmp ( + const heim_integer */*p*/, + const heim_integer */*q*/); + +int +der_heim_octet_string_cmp ( + const heim_octet_string */*p*/, + const heim_octet_string */*q*/); + +int +der_heim_oid_cmp ( + const heim_oid */*p*/, + const heim_oid */*q*/); + +int +der_heim_universal_string_cmp ( + const heim_universal_string */*p*/, + const heim_universal_string */*q*/); + +int +der_ia5_string_cmp ( + const heim_ia5_string */*p*/, + const heim_ia5_string */*q*/); + +size_t +der_length_bit_string (const heim_bit_string */*k*/); + +size_t +der_length_bmp_string (const heim_bmp_string */*data*/); + +size_t +der_length_boolean (const int */*k*/); + +size_t +der_length_enumerated (const unsigned */*data*/); + +size_t +der_length_general_string (const heim_general_string */*data*/); + +size_t +der_length_generalized_time (const time_t */*t*/); + +size_t +der_length_heim_integer (const heim_integer */*k*/); + +size_t +der_length_ia5_string (const heim_ia5_string */*data*/); + +size_t +der_length_integer (const int */*data*/); + +size_t +der_length_integer64 (const int64_t */*data*/); + +size_t +der_length_len (size_t /*len*/); + +size_t +der_length_octet_string (const heim_octet_string */*k*/); + +size_t +der_length_oid (const heim_oid */*k*/); + +size_t +der_length_printable_string (const heim_printable_string */*data*/); + +size_t +der_length_tag (unsigned int /*tag*/); + +size_t +der_length_universal_string (const heim_universal_string */*data*/); + +size_t +der_length_unsigned (const unsigned */*data*/); + +size_t +der_length_unsigned64 (const uint64_t */*data*/); + +size_t +der_length_utctime (const time_t */*t*/); + +size_t +der_length_utf8string (const heim_utf8_string */*data*/); + +size_t +der_length_visible_string (const heim_visible_string */*data*/); + +int +der_match_tag ( + const unsigned char */*p*/, + size_t /*len*/, + Der_class /*cls*/, + Der_type /*type*/, + unsigned int /*tag*/, + size_t */*size*/); + +int +der_match_tag2 ( + const unsigned char */*p*/, + size_t /*len*/, + Der_class /*cls*/, + Der_type */*type*/, + unsigned int /*tag*/, + size_t */*size*/); + +int +der_match_tag_and_length ( + const unsigned char */*p*/, + size_t /*len*/, + Der_class /*cls*/, + Der_type */*type*/, + unsigned int /*tag*/, + size_t */*length_ret*/, + size_t */*size*/); + +int +der_parse_heim_oid ( + const char */*str*/, + const char */*sep*/, + heim_oid */*data*/); + +int +der_parse_hex_heim_integer ( + const char */*p*/, + heim_integer */*data*/); + +int +der_print_heim_oid ( + const heim_oid */*oid*/, + char /*delim*/, + char **/*str*/); + +int +der_print_hex_heim_integer ( + const heim_integer */*data*/, + char **/*p*/); + +int +der_printable_string_cmp ( + const heim_printable_string */*p*/, + const heim_printable_string */*q*/); + +int +der_put_bit_string ( + unsigned char */*p*/, + size_t /*len*/, + const heim_bit_string */*data*/, + size_t */*size*/); + +int +der_put_bmp_string ( + unsigned char */*p*/, + size_t /*len*/, + const heim_bmp_string */*data*/, + size_t */*size*/); + +int +der_put_boolean ( + unsigned char */*p*/, + size_t /*len*/, + const int */*data*/, + size_t */*size*/); + +int +der_put_general_string ( + unsigned char */*p*/, + size_t /*len*/, + const heim_general_string */*str*/, + size_t */*size*/); + +int +der_put_generalized_time ( + unsigned char */*p*/, + size_t /*len*/, + const time_t */*data*/, + size_t */*size*/); + +int +der_put_heim_integer ( + unsigned char */*p*/, + size_t /*len*/, + const heim_integer */*data*/, + size_t */*size*/); + +int +der_put_ia5_string ( + unsigned char */*p*/, + size_t /*len*/, + const heim_ia5_string */*str*/, + size_t */*size*/); + +int +der_put_integer ( + unsigned char */*p*/, + size_t /*len*/, + const int */*v*/, + size_t */*size*/); + +int +der_put_integer64 ( + unsigned char */*p*/, + size_t /*len*/, + const int64_t */*v*/, + size_t */*size*/); + +int +der_put_length ( + unsigned char */*p*/, + size_t /*len*/, + size_t /*val*/, + size_t */*size*/); + +int +der_put_length_and_tag ( + unsigned char */*p*/, + size_t /*len*/, + size_t /*len_val*/, + Der_class /*class*/, + Der_type /*type*/, + unsigned int /*tag*/, + size_t */*size*/); + +int +der_put_octet_string ( + unsigned char */*p*/, + size_t /*len*/, + const heim_octet_string */*data*/, + size_t */*size*/); + +int +der_put_oid ( + unsigned char */*p*/, + size_t /*len*/, + const heim_oid */*data*/, + size_t */*size*/); + +int +der_put_printable_string ( + unsigned char */*p*/, + size_t /*len*/, + const heim_printable_string */*str*/, + size_t */*size*/); + +int +der_put_tag ( + unsigned char */*p*/, + size_t /*len*/, + Der_class /*class*/, + Der_type /*type*/, + unsigned int /*tag*/, + size_t */*size*/); + +int +der_put_universal_string ( + unsigned char */*p*/, + size_t /*len*/, + const heim_universal_string */*data*/, + size_t */*size*/); + +int +der_put_unsigned ( + unsigned char */*p*/, + size_t /*len*/, + const unsigned */*v*/, + size_t */*size*/); + +int +der_put_unsigned64 ( + unsigned char */*p*/, + size_t /*len*/, + const uint64_t */*v*/, + size_t */*size*/); + +int +der_put_utctime ( + unsigned char */*p*/, + size_t /*len*/, + const time_t */*data*/, + size_t */*size*/); + +int +der_put_utf8string ( + unsigned char */*p*/, + size_t /*len*/, + const heim_utf8_string */*str*/, + size_t */*size*/); + +int +der_put_visible_string ( + unsigned char */*p*/, + size_t /*len*/, + const heim_visible_string */*str*/, + size_t */*size*/); + +int +encode_heim_any ( + unsigned char */*p*/, + size_t /*len*/, + const heim_any */*data*/, + size_t */*size*/); + +int +encode_heim_any_set ( + unsigned char */*p*/, + size_t /*len*/, + const heim_any_set */*data*/, + size_t */*size*/); + +void +free_heim_any (heim_any */*data*/); + +void +free_heim_any_set (heim_any_set */*data*/); + +int +heim_any_cmp ( + const heim_any_set */*p*/, + const heim_any_set */*q*/); + +size_t +length_heim_any (const heim_any */*data*/); + +size_t +length_heim_any_set (const heim_any */*data*/); + +#ifdef __cplusplus +} +#endif + +#endif /* DOXY */ +#endif /* __der_protos_h__ */ diff --git a/contrib/com_err/com_right.h b/kerberos5/include/der.h rename from contrib/com_err/com_right.h rename to kerberos5/include/der.h --- a/contrib/com_err/com_right.h +++ b/kerberos5/include/der.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,66 +33,75 @@ /* $Id$ */ -#ifndef __COM_RIGHT_H__ -#define __COM_RIGHT_H__ +#ifndef __DER_H__ +#define __DER_H__ -#ifndef KRB5_LIB_FUNCTION -#if defined(_WIN32) -#define KRB5_LIB_FUNCTION __declspec(dllimport) -#else -#define KRB5_LIB_FUNCTION -#endif -#endif +#include -#ifndef KRB5_LIB_CALL -#if defined(_WIN32) -#define KRB5_LIB_CALL __stdcall -#else -#define KRB5_LIB_CALL -#endif -#endif +typedef enum { + ASN1_C_UNIV = 0, + ASN1_C_APPL = 1, + ASN1_C_CONTEXT = 2, + ASN1_C_PRIVATE = 3 +} Der_class; -#ifndef KRB5_LIB_VARIABLE -#if defined(_WIN32) -#define KRB5_LIB_VARIABLE __declspec(dllimport) -#else -#define KRB5_LIB_VARIABLE -#endif -#endif +typedef enum {PRIM = 0, CONS = 1} Der_type; -#ifdef _WIN32 -#define KRB5_CALLCONV __stdcall -#else -#define KRB5_CALLCONV -#endif +#define MAKE_TAG(CLASS, TYPE, TAG) (((CLASS) << 6) | ((TYPE) << 5) | (TAG)) -#include +/* Universal tags */ -#ifdef __STDC__ -#include -#endif - -struct error_table { - char const * const * msgs; - long base; - int n_msgs; -}; -struct et_list { - struct et_list *next; - struct error_table *table; +enum { + UT_EndOfContent = 0, + UT_Boolean = 1, + UT_Integer = 2, + UT_BitString = 3, + UT_OctetString = 4, + UT_Null = 5, + UT_OID = 6, + UT_Enumerated = 10, + UT_UTF8String = 12, + UT_Sequence = 16, + UT_Set = 17, + UT_PrintableString = 19, + UT_IA5String = 22, + UT_UTCTime = 23, + UT_GeneralizedTime = 24, + UT_UniversalString = 25, + UT_VisibleString = 26, + UT_GeneralString = 27, + UT_BMPString = 30, + /* unsupported types */ + UT_ObjectDescriptor = 7, + UT_External = 8, + UT_Real = 9, + UT_EmbeddedPDV = 11, + UT_RelativeOID = 13, + UT_NumericString = 18, + UT_TeletexString = 20, + UT_VideotexString = 21, + UT_GraphicString = 25 }; -extern struct et_list *_et_list; -KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL -com_right (struct et_list *list, long code); +#define ASN1_INDEFINITE 0xdce0deed + +typedef struct heim_der_time_t { + time_t dt_sec; + unsigned long dt_nsec; +} heim_der_time_t; + +typedef struct heim_ber_time_t { + time_t bt_sec; + unsigned bt_nsec; + int bt_zone; +} heim_ber_time_t; -KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL -com_right_r (struct et_list *list, long code, char *, size_t); +struct asn1_template; -KRB5_LIB_FUNCTION void KRB5_LIB_CALL -initialize_error_table_r (struct et_list **, const char **, int, long); +#include -KRB5_LIB_FUNCTION void KRB5_LIB_CALL -free_error_table (struct et_list *); +int _heim_fix_dce(size_t reallen, size_t *len); +int _heim_der_set_sort(const void *, const void *); +int _heim_time2generalizedtime (time_t, heim_octet_string *, int); -#endif /* __COM_RIGHT_H__ */ +#endif /* __DER_H__ */ diff --git a/kerberos5/include/digest_asn1.h b/kerberos5/include/digest_asn1.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/digest_asn1.h @@ -0,0 +1,562 @@ +/* Generated from ./digest.asn1 */ +/* Do not edit */ + +#ifndef __digest_asn1_h__ +#define __digest_asn1_h__ + +#include +#include + +#ifndef __asn1_common_definitions__ +#define __asn1_common_definitions__ + +#ifndef __HEIM_BASE_DATA__ +#define __HEIM_BASE_DATA__ 1 +struct heim_base_data { + size_t length; + void *data; +}; +typedef struct heim_base_data heim_octet_string; +#endif + +typedef struct heim_integer { + size_t length; + void *data; + int negative; +} heim_integer; + +typedef char *heim_general_string; + +typedef char *heim_utf8_string; + +typedef struct heim_base_data heim_printable_string; + +typedef struct heim_base_data heim_ia5_string; + +typedef struct heim_bmp_string { + size_t length; + uint16_t *data; +} heim_bmp_string; + +typedef struct heim_universal_string { + size_t length; + uint32_t *data; +} heim_universal_string; + +typedef char *heim_visible_string; + +typedef struct heim_oid { + size_t length; + unsigned *components; +} heim_oid; + +typedef struct heim_bit_string { + size_t length; + void *data; +} heim_bit_string; + +typedef struct heim_base_data heim_any; +typedef struct heim_base_data heim_any_set; + +#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \ + do { \ + (BL) = length_##T((S)); \ + (B) = malloc((BL)); \ + if((B) == NULL) { \ + (R) = ENOMEM; \ + } else { \ + (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \ + (S), (L)); \ + if((R) != 0) { \ + free((B)); \ + (B) = NULL; \ + } \ + } \ + } while (0) + +#ifdef _WIN32 +#ifndef ASN1_LIB +#define ASN1EXP __declspec(dllimport) +#else +#define ASN1EXP +#endif +#define ASN1CALL __stdcall +#else +#define ASN1EXP +#define ASN1CALL +#endif +struct units; + +#endif + +#include +/* +DigestTypes ::= BIT STRING { + ntlm-v1(0), + ntlm-v1-session(1), + ntlm-v2(2), + digest-md5(3), + chap-md5(4), + ms-chap-v2(5) +} +*/ + +typedef struct DigestTypes { + unsigned int ntlm_v1:1; + unsigned int ntlm_v1_session:1; + unsigned int ntlm_v2:1; + unsigned int digest_md5:1; + unsigned int chap_md5:1; + unsigned int ms_chap_v2:1; + unsigned int _unused6:1; + unsigned int _unused7:1; + unsigned int _unused8:1; + unsigned int _unused9:1; + unsigned int _unused10:1; + unsigned int _unused11:1; + unsigned int _unused12:1; + unsigned int _unused13:1; + unsigned int _unused14:1; + unsigned int _unused15:1; + unsigned int _unused16:1; + unsigned int _unused17:1; + unsigned int _unused18:1; + unsigned int _unused19:1; + unsigned int _unused20:1; + unsigned int _unused21:1; + unsigned int _unused22:1; + unsigned int _unused23:1; + unsigned int _unused24:1; + unsigned int _unused25:1; + unsigned int _unused26:1; + unsigned int _unused27:1; + unsigned int _unused28:1; + unsigned int _unused29:1; + unsigned int _unused30:1; + unsigned int _unused31:1; +} DigestTypes; + + +unsigned DigestTypes2int(DigestTypes); +DigestTypes int2DigestTypes(unsigned); +const struct units * asn1_DigestTypes_units(void); +ASN1EXP int ASN1CALL decode_DigestTypes(const unsigned char *, size_t, DigestTypes *, size_t *); +ASN1EXP int ASN1CALL encode_DigestTypes(unsigned char *, size_t, const DigestTypes *, size_t *); +ASN1EXP size_t ASN1CALL length_DigestTypes(const DigestTypes *); +ASN1EXP int ASN1CALL copy_DigestTypes (const DigestTypes *, DigestTypes *); +ASN1EXP void ASN1CALL free_DigestTypes (DigestTypes *); + + +/* +DigestInit ::= SEQUENCE { + type UTF8String, + channel [0] SEQUENCE { + cb-type UTF8String, + cb-binding UTF8String, + } OPTIONAL, + hostname [1] UTF8String OPTIONAL, +} +*/ + +typedef struct DigestInit { + heim_utf8_string type; + struct DigestInit_channel { + heim_utf8_string cb_type; + heim_utf8_string cb_binding; + } *channel; + heim_utf8_string *hostname; +} DigestInit; + +ASN1EXP int ASN1CALL decode_DigestInit(const unsigned char *, size_t, DigestInit *, size_t *); +ASN1EXP int ASN1CALL encode_DigestInit(unsigned char *, size_t, const DigestInit *, size_t *); +ASN1EXP size_t ASN1CALL length_DigestInit(const DigestInit *); +ASN1EXP int ASN1CALL copy_DigestInit (const DigestInit *, DigestInit *); +ASN1EXP void ASN1CALL free_DigestInit (DigestInit *); + + +/* +DigestInitReply ::= SEQUENCE { + nonce UTF8String, + opaque UTF8String, + identifier [0] UTF8String OPTIONAL, +} +*/ + +typedef struct DigestInitReply { + heim_utf8_string nonce; + heim_utf8_string opaque; + heim_utf8_string *identifier; +} DigestInitReply; + +ASN1EXP int ASN1CALL decode_DigestInitReply(const unsigned char *, size_t, DigestInitReply *, size_t *); +ASN1EXP int ASN1CALL encode_DigestInitReply(unsigned char *, size_t, const DigestInitReply *, size_t *); +ASN1EXP size_t ASN1CALL length_DigestInitReply(const DigestInitReply *); +ASN1EXP int ASN1CALL copy_DigestInitReply (const DigestInitReply *, DigestInitReply *); +ASN1EXP void ASN1CALL free_DigestInitReply (DigestInitReply *); + + +/* +DigestRequest ::= SEQUENCE { + type UTF8String, + digest UTF8String, + username UTF8String, + responseData UTF8String, + authid [0] UTF8String OPTIONAL, + authentication-user [1] Principal OPTIONAL, + realm [2] UTF8String OPTIONAL, + method [3] UTF8String OPTIONAL, + uri [4] UTF8String OPTIONAL, + serverNonce UTF8String, + clientNonce [5] UTF8String OPTIONAL, + nonceCount [6] UTF8String OPTIONAL, + qop [7] UTF8String OPTIONAL, + identifier [8] UTF8String OPTIONAL, + hostname [9] UTF8String OPTIONAL, + opaque UTF8String, +} +*/ + +typedef struct DigestRequest { + heim_utf8_string type; + heim_utf8_string digest; + heim_utf8_string username; + heim_utf8_string responseData; + heim_utf8_string *authid; + Principal *authentication_user; + heim_utf8_string *realm; + heim_utf8_string *method; + heim_utf8_string *uri; + heim_utf8_string serverNonce; + heim_utf8_string *clientNonce; + heim_utf8_string *nonceCount; + heim_utf8_string *qop; + heim_utf8_string *identifier; + heim_utf8_string *hostname; + heim_utf8_string opaque; +} DigestRequest; + +ASN1EXP int ASN1CALL decode_DigestRequest(const unsigned char *, size_t, DigestRequest *, size_t *); +ASN1EXP int ASN1CALL encode_DigestRequest(unsigned char *, size_t, const DigestRequest *, size_t *); +ASN1EXP size_t ASN1CALL length_DigestRequest(const DigestRequest *); +ASN1EXP int ASN1CALL copy_DigestRequest (const DigestRequest *, DigestRequest *); +ASN1EXP void ASN1CALL free_DigestRequest (DigestRequest *); + + +/* +DigestError ::= SEQUENCE { + reason UTF8String, + code INTEGER (-2147483648..2147483647), +} +*/ + +typedef struct DigestError { + heim_utf8_string reason; + int code; +} DigestError; + +ASN1EXP int ASN1CALL decode_DigestError(const unsigned char *, size_t, DigestError *, size_t *); +ASN1EXP int ASN1CALL encode_DigestError(unsigned char *, size_t, const DigestError *, size_t *); +ASN1EXP size_t ASN1CALL length_DigestError(const DigestError *); +ASN1EXP int ASN1CALL copy_DigestError (const DigestError *, DigestError *); +ASN1EXP void ASN1CALL free_DigestError (DigestError *); + + +/* +DigestResponse ::= SEQUENCE { + success BOOLEAN, + rsp [0] UTF8String OPTIONAL, + tickets [1] SEQUENCE OF OCTET STRING OPTIONAL, + channel [2] SEQUENCE { + cb-type UTF8String, + cb-binding UTF8String, + } OPTIONAL, + session-key [3] OCTET STRING OPTIONAL, +} +*/ + +typedef struct DigestResponse { + int success; + heim_utf8_string *rsp; + struct DigestResponse_tickets { + unsigned int len; + heim_octet_string *val; + } *tickets; + struct DigestResponse_channel { + heim_utf8_string cb_type; + heim_utf8_string cb_binding; + } *channel; + heim_octet_string *session_key; +} DigestResponse; + +ASN1EXP int ASN1CALL decode_DigestResponse(const unsigned char *, size_t, DigestResponse *, size_t *); +ASN1EXP int ASN1CALL encode_DigestResponse(unsigned char *, size_t, const DigestResponse *, size_t *); +ASN1EXP size_t ASN1CALL length_DigestResponse(const DigestResponse *); +ASN1EXP int ASN1CALL copy_DigestResponse (const DigestResponse *, DigestResponse *); +ASN1EXP void ASN1CALL free_DigestResponse (DigestResponse *); + + +/* +NTLMInit ::= SEQUENCE { + flags [0] INTEGER (0..4294967295), + hostname [1] UTF8String OPTIONAL, + domain [1] UTF8String OPTIONAL, +} +*/ + +typedef struct NTLMInit { + unsigned int flags; + heim_utf8_string *hostname; + heim_utf8_string *domain; +} NTLMInit; + +ASN1EXP int ASN1CALL decode_NTLMInit(const unsigned char *, size_t, NTLMInit *, size_t *); +ASN1EXP int ASN1CALL encode_NTLMInit(unsigned char *, size_t, const NTLMInit *, size_t *); +ASN1EXP size_t ASN1CALL length_NTLMInit(const NTLMInit *); +ASN1EXP int ASN1CALL copy_NTLMInit (const NTLMInit *, NTLMInit *); +ASN1EXP void ASN1CALL free_NTLMInit (NTLMInit *); + + +/* +NTLMInitReply ::= SEQUENCE { + flags [0] INTEGER (0..4294967295), + opaque [1] OCTET STRING, + targetname [2] UTF8String, + challenge [3] OCTET STRING, + targetinfo [4] OCTET STRING OPTIONAL, +} +*/ + +typedef struct NTLMInitReply { + unsigned int flags; + heim_octet_string opaque; + heim_utf8_string targetname; + heim_octet_string challenge; + heim_octet_string *targetinfo; +} NTLMInitReply; + +ASN1EXP int ASN1CALL decode_NTLMInitReply(const unsigned char *, size_t, NTLMInitReply *, size_t *); +ASN1EXP int ASN1CALL encode_NTLMInitReply(unsigned char *, size_t, const NTLMInitReply *, size_t *); +ASN1EXP size_t ASN1CALL length_NTLMInitReply(const NTLMInitReply *); +ASN1EXP int ASN1CALL copy_NTLMInitReply (const NTLMInitReply *, NTLMInitReply *); +ASN1EXP void ASN1CALL free_NTLMInitReply (NTLMInitReply *); + + +/* +NTLMRequest ::= SEQUENCE { + flags [0] INTEGER (0..4294967295), + opaque [1] OCTET STRING, + username [2] UTF8String, + targetname [3] UTF8String, + targetinfo [4] OCTET STRING OPTIONAL, + lm [5] OCTET STRING, + ntlm [6] OCTET STRING, + sessionkey [7] OCTET STRING OPTIONAL, +} +*/ + +typedef struct NTLMRequest { + unsigned int flags; + heim_octet_string opaque; + heim_utf8_string username; + heim_utf8_string targetname; + heim_octet_string *targetinfo; + heim_octet_string lm; + heim_octet_string ntlm; + heim_octet_string *sessionkey; +} NTLMRequest; + +ASN1EXP int ASN1CALL decode_NTLMRequest(const unsigned char *, size_t, NTLMRequest *, size_t *); +ASN1EXP int ASN1CALL encode_NTLMRequest(unsigned char *, size_t, const NTLMRequest *, size_t *); +ASN1EXP size_t ASN1CALL length_NTLMRequest(const NTLMRequest *); +ASN1EXP int ASN1CALL copy_NTLMRequest (const NTLMRequest *, NTLMRequest *); +ASN1EXP void ASN1CALL free_NTLMRequest (NTLMRequest *); + + +/* +NTLMResponse ::= SEQUENCE { + success [0] BOOLEAN, + flags [1] INTEGER (0..4294967295), + sessionkey [2] OCTET STRING OPTIONAL, + tickets [3] SEQUENCE OF OCTET STRING OPTIONAL, +} +*/ + +typedef struct NTLMResponse { + int success; + unsigned int flags; + heim_octet_string *sessionkey; + struct NTLMResponse_tickets { + unsigned int len; + heim_octet_string *val; + } *tickets; +} NTLMResponse; + +ASN1EXP int ASN1CALL decode_NTLMResponse(const unsigned char *, size_t, NTLMResponse *, size_t *); +ASN1EXP int ASN1CALL encode_NTLMResponse(unsigned char *, size_t, const NTLMResponse *, size_t *); +ASN1EXP size_t ASN1CALL length_NTLMResponse(const NTLMResponse *); +ASN1EXP int ASN1CALL copy_NTLMResponse (const NTLMResponse *, NTLMResponse *); +ASN1EXP void ASN1CALL free_NTLMResponse (NTLMResponse *); + + +/* +NTLMRequest2 ::= SEQUENCE { + loginUserName [0] UTF8String, + loginDomainName [1] UTF8String, + flags [2] INTEGER (0..4294967295), + lmchallenge [3] OCTET STRING, + ntChallengeResponce [4] OCTET STRING, + lmChallengeResponce [5] OCTET STRING, +} +*/ + +typedef struct NTLMRequest2 { + heim_utf8_string loginUserName; + heim_utf8_string loginDomainName; + unsigned int flags; + heim_octet_string lmchallenge; + heim_octet_string ntChallengeResponce; + heim_octet_string lmChallengeResponce; +} NTLMRequest2; + +ASN1EXP int ASN1CALL decode_NTLMRequest2(const unsigned char *, size_t, NTLMRequest2 *, size_t *); +ASN1EXP int ASN1CALL encode_NTLMRequest2(unsigned char *, size_t, const NTLMRequest2 *, size_t *); +ASN1EXP size_t ASN1CALL length_NTLMRequest2(const NTLMRequest2 *); +ASN1EXP int ASN1CALL copy_NTLMRequest2 (const NTLMRequest2 *, NTLMRequest2 *); +ASN1EXP void ASN1CALL free_NTLMRequest2 (NTLMRequest2 *); + + +/* +NTLMReply ::= SEQUENCE { + success [0] BOOLEAN, + flags [1] INTEGER (0..4294967295), + sessionkey [2] OCTET STRING OPTIONAL, +} +*/ + +typedef struct NTLMReply { + int success; + unsigned int flags; + heim_octet_string *sessionkey; +} NTLMReply; + +ASN1EXP int ASN1CALL decode_NTLMReply(const unsigned char *, size_t, NTLMReply *, size_t *); +ASN1EXP int ASN1CALL encode_NTLMReply(unsigned char *, size_t, const NTLMReply *, size_t *); +ASN1EXP size_t ASN1CALL length_NTLMReply(const NTLMReply *); +ASN1EXP int ASN1CALL copy_NTLMReply (const NTLMReply *, NTLMReply *); +ASN1EXP void ASN1CALL free_NTLMReply (NTLMReply *); + + +/* +DigestReqInner ::= CHOICE { + init [0] DigestInit, + digestRequest [1] DigestRequest, + ntlmInit [2] NTLMInit, + ntlmRequest [3] NTLMRequest, + supportedMechs [4] NULL, +} +*/ + +typedef struct DigestReqInner { + enum DigestReqInner_enum { + choice_DigestReqInner_init = 1, + choice_DigestReqInner_digestRequest, + choice_DigestReqInner_ntlmInit, + choice_DigestReqInner_ntlmRequest, + choice_DigestReqInner_supportedMechs + } element; + union { + DigestInit init; + DigestRequest digestRequest; + NTLMInit ntlmInit; + NTLMRequest ntlmRequest; + int supportedMechs; + } u; +} DigestReqInner; + +ASN1EXP int ASN1CALL decode_DigestReqInner(const unsigned char *, size_t, DigestReqInner *, size_t *); +ASN1EXP int ASN1CALL encode_DigestReqInner(unsigned char *, size_t, const DigestReqInner *, size_t *); +ASN1EXP size_t ASN1CALL length_DigestReqInner(const DigestReqInner *); +ASN1EXP int ASN1CALL copy_DigestReqInner (const DigestReqInner *, DigestReqInner *); +ASN1EXP void ASN1CALL free_DigestReqInner (DigestReqInner *); + + +/* +DigestREQ ::= [APPLICATION 128] SEQUENCE { + apReq [0] OCTET STRING, + innerReq [1] EncryptedData, +} +*/ + +typedef struct DigestREQ { + heim_octet_string apReq; + EncryptedData innerReq; +} DigestREQ; + +ASN1EXP int ASN1CALL decode_DigestREQ(const unsigned char *, size_t, DigestREQ *, size_t *); +ASN1EXP int ASN1CALL encode_DigestREQ(unsigned char *, size_t, const DigestREQ *, size_t *); +ASN1EXP size_t ASN1CALL length_DigestREQ(const DigestREQ *); +ASN1EXP int ASN1CALL copy_DigestREQ (const DigestREQ *, DigestREQ *); +ASN1EXP void ASN1CALL free_DigestREQ (DigestREQ *); + + +/* +DigestRepInner ::= CHOICE { + error [0] DigestError, + initReply [1] DigestInitReply, + response [2] DigestResponse, + ntlmInitReply [3] NTLMInitReply, + ntlmResponse [4] NTLMResponse, + supportedMechs [5] DigestTypes, + ..., +} +*/ + +typedef struct DigestRepInner { + enum DigestRepInner_enum { + choice_DigestRepInner_asn1_ellipsis = 0, + choice_DigestRepInner_error, + choice_DigestRepInner_initReply, + choice_DigestRepInner_response, + choice_DigestRepInner_ntlmInitReply, + choice_DigestRepInner_ntlmResponse, + choice_DigestRepInner_supportedMechs + /* ... */ + } element; + union { + DigestError error; + DigestInitReply initReply; + DigestResponse response; + NTLMInitReply ntlmInitReply; + NTLMResponse ntlmResponse; + DigestTypes supportedMechs; + heim_octet_string asn1_ellipsis; + } u; +} DigestRepInner; + +ASN1EXP int ASN1CALL decode_DigestRepInner(const unsigned char *, size_t, DigestRepInner *, size_t *); +ASN1EXP int ASN1CALL encode_DigestRepInner(unsigned char *, size_t, const DigestRepInner *, size_t *); +ASN1EXP size_t ASN1CALL length_DigestRepInner(const DigestRepInner *); +ASN1EXP int ASN1CALL copy_DigestRepInner (const DigestRepInner *, DigestRepInner *); +ASN1EXP void ASN1CALL free_DigestRepInner (DigestRepInner *); + + +/* +DigestREP ::= [APPLICATION 129] SEQUENCE { + apRep [0] OCTET STRING, + innerRep [1] EncryptedData, +} +*/ + +typedef struct DigestREP { + heim_octet_string apRep; + EncryptedData innerRep; +} DigestREP; + +ASN1EXP int ASN1CALL decode_DigestREP(const unsigned char *, size_t, DigestREP *, size_t *); +ASN1EXP int ASN1CALL encode_DigestREP(unsigned char *, size_t, const DigestREP *, size_t *); +ASN1EXP size_t ASN1CALL length_DigestREP(const DigestREP *); +ASN1EXP int ASN1CALL copy_DigestREP (const DigestREP *, DigestREP *); +ASN1EXP void ASN1CALL free_DigestREP (DigestREP *); + + +#endif /* __digest_asn1_h__ */ diff --git a/kerberos5/include/fbsd_ossl_provider.h b/kerberos5/include/fbsd_ossl_provider.h deleted file mode 100644 --- a/kerberos5/include/fbsd_ossl_provider.h +++ /dev/null @@ -1,4 +0,0 @@ -#ifndef __fbsd_ossl_provider_h -#define __fbsd_ossl_provider_h -int fbsd_ossl_provider_load(void); -#endif diff --git a/contrib/com_err/com_right.h b/kerberos5/include/getarg.h copy from contrib/com_err/com_right.h copy to kerberos5/include/getarg.h --- a/contrib/com_err/com_right.h +++ b/kerberos5/include/getarg.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,66 +33,80 @@ /* $Id$ */ -#ifndef __COM_RIGHT_H__ -#define __COM_RIGHT_H__ +#ifndef __GETARG_H__ +#define __GETARG_H__ -#ifndef KRB5_LIB_FUNCTION -#if defined(_WIN32) -#define KRB5_LIB_FUNCTION __declspec(dllimport) -#else -#define KRB5_LIB_FUNCTION -#endif -#endif +#include -#ifndef KRB5_LIB_CALL -#if defined(_WIN32) -#define KRB5_LIB_CALL __stdcall +#ifndef ROKEN_LIB_FUNCTION +#ifdef _WIN32 +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl #else -#define KRB5_LIB_CALL +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif #endif -#ifndef KRB5_LIB_VARIABLE -#if defined(_WIN32) -#define KRB5_LIB_VARIABLE __declspec(dllimport) -#else -#define KRB5_LIB_VARIABLE -#endif -#endif +struct getargs{ + const char *long_name; + char short_name; + enum { arg_integer, + arg_string, + arg_flag, + arg_negative_flag, + arg_strings, + arg_double, + arg_collect, + arg_counter + } type; + void *value; + const char *help; + const char *arg_help; +}; -#ifdef _WIN32 -#define KRB5_CALLCONV __stdcall -#else -#define KRB5_CALLCONV -#endif +enum { + ARG_ERR_NO_MATCH = 1, + ARG_ERR_BAD_ARG, + ARG_ERR_NO_ARG +}; -#include +typedef struct getarg_strings { + int num_strings; + char **strings; +} getarg_strings; -#ifdef __STDC__ -#include -#endif +typedef int (*getarg_collect_func)(int short_opt, + int argc, + char **argv, + int *goptind, + int *goptarg, + void *data); -struct error_table { - char const * const * msgs; - long base; - int n_msgs; -}; -struct et_list { - struct et_list *next; - struct error_table *table; -}; -extern struct et_list *_et_list; +typedef struct getarg_collect_info { + getarg_collect_func func; + void *data; +} getarg_collect_info; -KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL -com_right (struct et_list *list, long code); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +getarg(struct getargs *args, size_t num_args, + int argc, char **argv, int *goptind); -KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL -com_right_r (struct et_list *list, long code, char *, size_t); +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +arg_printusage (struct getargs *args, + size_t num_args, + const char *progname, + const char *extra_string); -KRB5_LIB_FUNCTION void KRB5_LIB_CALL -initialize_error_table_r (struct et_list **, const char **, int, long); +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +arg_printusage_i18n (struct getargs *args, + size_t num_args, + const char *usage, + const char *progname, + const char *extra_string, + char *(*i18n)(const char *)); -KRB5_LIB_FUNCTION void KRB5_LIB_CALL -free_error_table (struct et_list *); +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +free_getarg_strings (getarg_strings *); -#endif /* __COM_RIGHT_H__ */ +#endif /* __GETARG_H__ */ diff --git a/contrib/com_err/lex.h b/kerberos5/include/gssapi.h rename from contrib/com_err/lex.h rename to kerberos5/include/gssapi.h --- a/contrib/com_err/lex.h +++ b/kerberos5/include/gssapi.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,9 @@ /* $Id$ */ -void _lex_error_message (const char *, ...) -__attribute__ ((format (printf, 1, 2))); +#ifndef GSSAPI_H_ +#define GSSAPI_H_ -int yylex(void); +#include + +#endif diff --git a/kerberos5/include/gssapi/gssapi.h b/kerberos5/include/gssapi/gssapi.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/gssapi/gssapi.h @@ -0,0 +1,1134 @@ +/* + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef GSSAPI_GSSAPI_H_ +#define GSSAPI_GSSAPI_H_ + +/* + * First, include stddef.h to get size_t defined. + */ +#include + +#include + +#ifndef BUILD_GSSAPI_LIB +#if defined(_WIN32) +#define GSSAPI_LIB_FUNCTION __declspec(dllimport) +#define GSSAPI_LIB_CALL __stdcall +#define GSSAPI_LIB_VARIABLE __declspec(dllimport) +#else +#define GSSAPI_LIB_FUNCTION +#define GSSAPI_LIB_CALL +#define GSSAPI_LIB_VARIABLE +#endif +#endif + +#ifndef GSSAPI_DEPRECATED_FUNCTION +#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 ))) +#define GSSAPI_DEPRECATED_FUNCTION(X) __attribute__((deprecated)) +#else +#define GSSAPI_DEPRECATED_FUNCTION(X) +#endif +#endif + +/* Compatiblity with MIT Kerberos on the Mac */ +#if defined(__APPLE__) && (defined(__ppc__) || defined(__ppc64__) || defined(__i386__) || defined(__x86_64__)) +#pragma pack(push,2) +#endif + +#ifdef __cplusplus +#define GSSAPI_CPP_START extern "C" { +#define GSSAPI_CPP_END } +#else +#define GSSAPI_CPP_START +#define GSSAPI_CPP_END +#endif + +#ifdef _WIN32 +#define GSSAPI_CALLCONV __stdcall +#else +#define GSSAPI_CALLCONV +#endif + +/* + * Now define the three implementation-dependent types. + */ + +typedef uint32_t OM_uint32; +typedef uint64_t OM_uint64; + +typedef uint32_t gss_uint32; + +struct gss_name_t_desc_struct; +typedef struct gss_name_t_desc_struct *gss_name_t; +typedef const struct gss_name_t_desc_struct *gss_const_name_t; + +struct gss_ctx_id_t_desc_struct; +typedef struct gss_ctx_id_t_desc_struct *gss_ctx_id_t; +typedef const struct gss_ctx_id_t_desc_struct *gss_const_ctx_id_t; + +typedef struct gss_OID_desc_struct { + OM_uint32 length; + void *elements; +} gss_OID_desc, *gss_OID; +typedef const gss_OID_desc * gss_const_OID; + +typedef struct gss_OID_set_desc_struct { + size_t count; + gss_OID elements; +} gss_OID_set_desc, *gss_OID_set; +typedef const gss_OID_set_desc * gss_const_OID_set; + +typedef int gss_cred_usage_t; + +struct gss_cred_id_t_desc_struct; +typedef struct gss_cred_id_t_desc_struct *gss_cred_id_t; +typedef const struct gss_cred_id_t_desc_struct *gss_const_cred_id_t; + +typedef struct gss_buffer_desc_struct { + size_t length; + void *value; +} gss_buffer_desc, *gss_buffer_t; +typedef const gss_buffer_desc * gss_const_buffer_t; + +typedef struct gss_channel_bindings_struct { + OM_uint32 initiator_addrtype; + gss_buffer_desc initiator_address; + OM_uint32 acceptor_addrtype; + gss_buffer_desc acceptor_address; + gss_buffer_desc application_data; +} *gss_channel_bindings_t; +typedef const struct gss_channel_bindings_struct *gss_const_channel_bindings_t; + +/* GGF extension data types */ +typedef struct gss_buffer_set_desc_struct { + size_t count; + gss_buffer_desc *elements; +} gss_buffer_set_desc, *gss_buffer_set_t; + +typedef struct gss_iov_buffer_desc_struct { + OM_uint32 type; + gss_buffer_desc buffer; +} gss_iov_buffer_desc, *gss_iov_buffer_t; + +/* + * For now, define a QOP-type as an OM_uint32 + */ +typedef OM_uint32 gss_qop_t; + + + +/* + * Flag bits for context-level services. + */ +#define GSS_C_DELEG_FLAG 1 +#define GSS_C_MUTUAL_FLAG 2 +#define GSS_C_REPLAY_FLAG 4 +#define GSS_C_SEQUENCE_FLAG 8 +#define GSS_C_CONF_FLAG 16 +#define GSS_C_INTEG_FLAG 32 +#define GSS_C_ANON_FLAG 64 +#define GSS_C_PROT_READY_FLAG 128 +#define GSS_C_TRANS_FLAG 256 + +#define GSS_C_DCE_STYLE 4096 +#define GSS_C_IDENTIFY_FLAG 8192 +#define GSS_C_EXTENDED_ERROR_FLAG 16384 +#define GSS_C_DELEG_POLICY_FLAG 32768 + +/* + * Credential usage options + */ +#define GSS_C_BOTH 0 +#define GSS_C_INITIATE 1 +#define GSS_C_ACCEPT 2 + +/* + * Status code types for gss_display_status + */ +#define GSS_C_GSS_CODE 1 +#define GSS_C_MECH_CODE 2 + +/* + * The constant definitions for channel-bindings address families + */ +#define GSS_C_AF_UNSPEC 0 +#define GSS_C_AF_LOCAL 1 +#define GSS_C_AF_INET 2 +#define GSS_C_AF_IMPLINK 3 +#define GSS_C_AF_PUP 4 +#define GSS_C_AF_CHAOS 5 +#define GSS_C_AF_NS 6 +#define GSS_C_AF_NBS 7 +#define GSS_C_AF_ECMA 8 +#define GSS_C_AF_DATAKIT 9 +#define GSS_C_AF_CCITT 10 +#define GSS_C_AF_SNA 11 +#define GSS_C_AF_DECnet 12 +#define GSS_C_AF_DLI 13 +#define GSS_C_AF_LAT 14 +#define GSS_C_AF_HYLINK 15 +#define GSS_C_AF_APPLETALK 16 +#define GSS_C_AF_BSC 17 +#define GSS_C_AF_DSS 18 +#define GSS_C_AF_OSI 19 +#define GSS_C_AF_X25 21 +#define GSS_C_AF_INET6 24 + +#define GSS_C_AF_NULLADDR 255 + +/* + * Various Null values + */ +#define GSS_C_NO_NAME ((gss_name_t) 0) +#define GSS_C_NO_BUFFER ((gss_buffer_t) 0) +#define GSS_C_NO_BUFFER_SET ((gss_buffer_set_t) 0) +#define GSS_C_NO_OID ((gss_OID) 0) +#define GSS_C_NO_OID_SET ((gss_OID_set) 0) +#define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0) +#define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0) +#define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0) +#define GSS_C_EMPTY_BUFFER {0, NULL} +#define GSS_C_NO_IOV_BUFFER ((gss_iov_buffer_t)0) + +/* + * Some alternate names for a couple of the above + * values. These are defined for V1 compatibility. + */ +#define GSS_C_NULL_OID GSS_C_NO_OID +#define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET + +/* + * Define the default Quality of Protection for per-message + * services. Note that an implementation that offers multiple + * levels of QOP may define GSS_C_QOP_DEFAULT to be either zero + * (as done here) to mean "default protection", or to a specific + * explicit QOP value. However, a value of 0 should always be + * interpreted by a GSSAPI implementation as a request for the + * default protection level. + */ +#define GSS_C_QOP_DEFAULT 0 + +#define GSS_KRB5_CONF_C_QOP_DES 0x0100 +#define GSS_KRB5_CONF_C_QOP_DES3_KD 0x0200 + +/* + * Expiration time of 2^32-1 seconds means infinite lifetime for a + * credential or security context + */ +#define GSS_C_INDEFINITE 0xfffffffful + +/* + * Type of gss_wrap_iov()/gss_unwrap_iov(). + */ + +#define GSS_IOV_BUFFER_TYPE_EMPTY 0 +#define GSS_IOV_BUFFER_TYPE_DATA 1 +#define GSS_IOV_BUFFER_TYPE_HEADER 2 +#define GSS_IOV_BUFFER_TYPE_MECH_PARAMS 3 + +#define GSS_IOV_BUFFER_TYPE_TRAILER 7 +#define GSS_IOV_BUFFER_TYPE_PADDING 9 +#define GSS_IOV_BUFFER_TYPE_STREAM 10 +#define GSS_IOV_BUFFER_TYPE_SIGN_ONLY 11 + +#define GSS_IOV_BUFFER_TYPE_FLAG_MASK 0xffff0000 +#define GSS_IOV_BUFFER_FLAG_ALLOCATE 0x00010000 +#define GSS_IOV_BUFFER_FLAG_ALLOCATED 0x00020000 + +#define GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATE 0x00010000 /* old name */ +#define GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATED 0x00020000 /* old name */ + +#define GSS_IOV_BUFFER_TYPE(_t) ((_t) & ~GSS_IOV_BUFFER_TYPE_FLAG_MASK) +#define GSS_IOV_BUFFER_FLAGS(_t) ((_t) & GSS_IOV_BUFFER_TYPE_FLAG_MASK) + +GSSAPI_CPP_START + +#include + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" + * "\x01\x02\x01\x01"}, + * corresponding to an object-identifier value of + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant + * GSS_C_NT_USER_NAME should be initialized to point + * to that gss_OID_desc. + */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_user_name_oid_desc; +#define GSS_C_NT_USER_NAME (&__gss_c_nt_user_name_oid_desc) + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" + * "\x01\x02\x01\x02"}, + * corresponding to an object-identifier value of + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. + * The constant GSS_C_NT_MACHINE_UID_NAME should be + * initialized to point to that gss_OID_desc. + */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_machine_uid_name_oid_desc; +#define GSS_C_NT_MACHINE_UID_NAME (&__gss_c_nt_machine_uid_name_oid_desc) + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" + * "\x01\x02\x01\x03"}, + * corresponding to an object-identifier value of + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. + * The constant GSS_C_NT_STRING_UID_NAME should be + * initialized to point to that gss_OID_desc. + */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_string_uid_name_oid_desc; +#define GSS_C_NT_STRING_UID_NAME (&__gss_c_nt_string_uid_name_oid_desc) + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, + * corresponding to an object-identifier value of + * {iso(1) org(3) dod(6) internet(1) security(5) + * nametypes(6) gss-host-based-services(2)). The constant + * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point + * to that gss_OID_desc. This is a deprecated OID value, and + * implementations wishing to support hostbased-service names + * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID, + * defined below, to identify such names; + * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym + * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input + * parameter, but should not be emitted by GSS-API + * implementations + */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_hostbased_service_x_oid_desc; +#define GSS_C_NT_HOSTBASED_SERVICE_X (&__gss_c_nt_hostbased_service_x_oid_desc) + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" + * "\x01\x02\x01\x04"}, corresponding to an + * object-identifier value of {iso(1) member-body(2) + * Unites States(840) mit(113554) infosys(1) gssapi(2) + * generic(1) service_name(4)}. The constant + * GSS_C_NT_HOSTBASED_SERVICE should be initialized + * to point to that gss_OID_desc. + */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_hostbased_service_oid_desc; +#define GSS_C_NT_HOSTBASED_SERVICE (&__gss_c_nt_hostbased_service_oid_desc) + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {6, (void *)"\x2b\x06\01\x05\x06\x03"}, + * corresponding to an object identifier value of + * {1(iso), 3(org), 6(dod), 1(internet), 5(security), + * 6(nametypes), 3(gss-anonymous-name)}. The constant + * and GSS_C_NT_ANONYMOUS should be initialized to point + * to that gss_OID_desc. + */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_anonymous_oid_desc; +#define GSS_C_NT_ANONYMOUS (&__gss_c_nt_anonymous_oid_desc) + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, + * corresponding to an object-identifier value of + * {1(iso), 3(org), 6(dod), 1(internet), 5(security), + * 6(nametypes), 4(gss-api-exported-name)}. The constant + * GSS_C_NT_EXPORT_NAME should be initialized to point + * to that gss_OID_desc. + */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_export_name_oid_desc; +#define GSS_C_NT_EXPORT_NAME (&__gss_c_nt_export_name_oid_desc) + +/* Major status codes */ + +#define GSS_S_COMPLETE 0 + +/* + * Some "helper" definitions to make the status code macros obvious. + */ +#define GSS_C_CALLING_ERROR_OFFSET 24 +#define GSS_C_ROUTINE_ERROR_OFFSET 16 +#define GSS_C_SUPPLEMENTARY_OFFSET 0 +#define GSS_C_CALLING_ERROR_MASK 0377ul +#define GSS_C_ROUTINE_ERROR_MASK 0377ul +#define GSS_C_SUPPLEMENTARY_MASK 0177777ul + +/* + * The macros that test status codes for error conditions. + * Note that the GSS_ERROR() macro has changed slightly from + * the V1 GSSAPI so that it now evaluates its argument + * only once. + */ +#define GSS_CALLING_ERROR(x) \ + (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET)) +#define GSS_ROUTINE_ERROR(x) \ + (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)) +#define GSS_SUPPLEMENTARY_INFO(x) \ + (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET)) +#define GSS_ERROR(x) \ + (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \ + (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))) + +/* + * Now the actual status code definitions + */ + +/* + * Calling errors: + */ +#define GSS_S_CALL_INACCESSIBLE_READ \ + (1ul << GSS_C_CALLING_ERROR_OFFSET) +#define GSS_S_CALL_INACCESSIBLE_WRITE \ + (2ul << GSS_C_CALLING_ERROR_OFFSET) +#define GSS_S_CALL_BAD_STRUCTURE \ + (3ul << GSS_C_CALLING_ERROR_OFFSET) + +/* + * Routine errors: + */ +#define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET) + +#define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_MIC GSS_S_BAD_SIG +#define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_UNAUTHORIZED (15ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_MECH_ATTR (19ul << GSS_C_ROUTINE_ERROR_OFFSET) + +/* + * Apparently awating spec fix. + */ +#define GSS_S_CRED_UNAVAIL GSS_S_FAILURE + +/* + * Supplementary info bits: + */ +#define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0)) +#define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1)) +#define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2)) +#define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3)) +#define GSS_S_GAP_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4)) + +/* + * Finally, function prototypes for the GSS-API routines. + */ + +#define GSS_C_OPTION_MASK 0xffff +#define GSS_C_CRED_NO_UI 0x10000 + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_acquire_cred + (OM_uint32 * /*minor_status*/, + gss_const_name_t /*desired_name*/, + OM_uint32 /*time_req*/, + const gss_OID_set /*desired_mechs*/, + gss_cred_usage_t /*cred_usage*/, + gss_cred_id_t * /*output_cred_handle*/, + gss_OID_set * /*actual_mechs*/, + OM_uint32 * /*time_rec*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_cred + (OM_uint32 * /*minor_status*/, + gss_cred_id_t * /*cred_handle*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_init_sec_context + (OM_uint32 * /*minor_status*/, + gss_const_cred_id_t /*initiator_cred_handle*/, + gss_ctx_id_t * /*context_handle*/, + gss_const_name_t /*target_name*/, + const gss_OID /*mech_type*/, + OM_uint32 /*req_flags*/, + OM_uint32 /*time_req*/, + const gss_channel_bindings_t /*input_chan_bindings*/, + const gss_buffer_t /*input_token*/, + gss_OID * /*actual_mech_type*/, + gss_buffer_t /*output_token*/, + OM_uint32 * /*ret_flags*/, + OM_uint32 * /*time_rec*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_accept_sec_context + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t * /*context_handle*/, + gss_const_cred_id_t /*acceptor_cred_handle*/, + const gss_buffer_t /*input_token_buffer*/, + const gss_channel_bindings_t /*input_chan_bindings*/, + gss_name_t * /*src_name*/, + gss_OID * /*mech_type*/, + gss_buffer_t /*output_token*/, + OM_uint32 * /*ret_flags*/, + OM_uint32 * /*time_rec*/, + gss_cred_id_t * /*delegated_cred_handle*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_process_context_token + (OM_uint32 * /*minor_status*/, + gss_const_ctx_id_t /*context_handle*/, + const gss_buffer_t /*token_buffer*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_delete_sec_context + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t * /*context_handle*/, + gss_buffer_t /*output_token*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_context_time + (OM_uint32 * /*minor_status*/, + gss_const_ctx_id_t /*context_handle*/, + OM_uint32 * /*time_rec*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_get_mic + (OM_uint32 * /*minor_status*/, + gss_const_ctx_id_t /*context_handle*/, + gss_qop_t /*qop_req*/, + const gss_buffer_t /*message_buffer*/, + gss_buffer_t /*message_token*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_verify_mic + (OM_uint32 * /*minor_status*/, + gss_const_ctx_id_t /*context_handle*/, + const gss_buffer_t /*message_buffer*/, + const gss_buffer_t /*token_buffer*/, + gss_qop_t * /*qop_state*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap + (OM_uint32 * /*minor_status*/, + gss_const_ctx_id_t /*context_handle*/, + int /*conf_req_flag*/, + gss_qop_t /*qop_req*/, + const gss_buffer_t /*input_message_buffer*/, + int * /*conf_state*/, + gss_buffer_t /*output_message_buffer*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_unwrap + (OM_uint32 * /*minor_status*/, + gss_const_ctx_id_t /*context_handle*/, + const gss_buffer_t /*input_message_buffer*/, + gss_buffer_t /*output_message_buffer*/, + int * /*conf_state*/, + gss_qop_t * /*qop_state*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_display_status + (OM_uint32 * /*minor_status*/, + OM_uint32 /*status_value*/, + int /*status_type*/, + const gss_OID /*mech_type*/, + OM_uint32 * /*message_context*/, + gss_buffer_t /*status_string*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_indicate_mechs + (OM_uint32 * /*minor_status*/, + gss_OID_set * /*mech_set*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_compare_name + (OM_uint32 * /*minor_status*/, + gss_const_name_t /*name1*/, + gss_const_name_t /*name2*/, + int * /*name_equal*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_display_name + (OM_uint32 * /*minor_status*/, + gss_const_name_t /*input_name*/, + gss_buffer_t /*output_name_buffer*/, + gss_OID * /*output_name_type*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_import_name + (OM_uint32 * /*minor_status*/, + const gss_buffer_t /*input_name_buffer*/, + const gss_OID /*input_name_type*/, + gss_name_t * /*output_name*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_export_name + (OM_uint32 * /*minor_status*/, + gss_const_name_t /*input_name*/, + gss_buffer_t /*exported_name*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_name + (OM_uint32 * /*minor_status*/, + gss_name_t * /*input_name*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_buffer + (OM_uint32 * /*minor_status*/, + gss_buffer_t /*buffer*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_oid_set + (OM_uint32 * /*minor_status*/, + gss_OID_set * /*set*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_cred + (OM_uint32 * /*minor_status*/, + gss_const_cred_id_t /*cred_handle*/, + gss_name_t * /*name*/, + OM_uint32 * /*lifetime*/, + gss_cred_usage_t * /*cred_usage*/, + gss_OID_set * /*mechanisms*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_context ( + OM_uint32 * /*minor_status*/, + gss_const_ctx_id_t /*context_handle*/, + gss_name_t * /*src_name*/, + gss_name_t * /*targ_name*/, + OM_uint32 * /*lifetime_rec*/, + gss_OID * /*mech_type*/, + OM_uint32 * /*ctx_flags*/, + int * /*locally_initiated*/, + int * /*open_context*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap_size_limit ( + OM_uint32 * /*minor_status*/, + gss_const_ctx_id_t /*context_handle*/, + int /*conf_req_flag*/, + gss_qop_t /*qop_req*/, + OM_uint32 /*req_output_size*/, + OM_uint32 * /*max_input_size*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_add_cred ( + OM_uint32 * /*minor_status*/, + gss_const_cred_id_t /*input_cred_handle*/, + gss_const_name_t /*desired_name*/, + const gss_OID /*desired_mech*/, + gss_cred_usage_t /*cred_usage*/, + OM_uint32 /*initiator_time_req*/, + OM_uint32 /*acceptor_time_req*/, + gss_cred_id_t * /*output_cred_handle*/, + gss_OID_set * /*actual_mechs*/, + OM_uint32 * /*initiator_time_rec*/, + OM_uint32 * /*acceptor_time_rec*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_cred_by_mech ( + OM_uint32 * /*minor_status*/, + gss_const_cred_id_t /*cred_handle*/, + const gss_OID /*mech_type*/, + gss_name_t * /*name*/, + OM_uint32 * /*initiator_lifetime*/, + OM_uint32 * /*acceptor_lifetime*/, + gss_cred_usage_t * /*cred_usage*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_export_sec_context ( + OM_uint32 * /*minor_status*/, + gss_ctx_id_t * /*context_handle*/, + gss_buffer_t /*interprocess_token*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_import_sec_context ( + OM_uint32 * /*minor_status*/, + const gss_buffer_t /*interprocess_token*/, + gss_ctx_id_t * /*context_handle*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_create_empty_oid_set ( + OM_uint32 * /*minor_status*/, + gss_OID_set * /*oid_set*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_add_oid_set_member ( + OM_uint32 * /*minor_status*/, + const gss_OID /*member_oid*/, + gss_OID_set * /*oid_set*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_test_oid_set_member ( + OM_uint32 * /*minor_status*/, + const gss_OID /*member*/, + const gss_OID_set /*set*/, + int * /*present*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_names_for_mech ( + OM_uint32 * /*minor_status*/, + const gss_OID /*mechanism*/, + gss_OID_set * /*name_types*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_mechs_for_name ( + OM_uint32 * /*minor_status*/, + gss_const_name_t /*input_name*/, + gss_OID_set * /*mech_types*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_canonicalize_name ( + OM_uint32 * /*minor_status*/, + gss_const_name_t /*input_name*/, + const gss_OID /*mech_type*/, + gss_name_t * /*output_name*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_duplicate_name ( + OM_uint32 * /*minor_status*/, + gss_const_name_t /*src_name*/, + gss_name_t * /*dest_name*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_duplicate_oid ( + OM_uint32 * /* minor_status */, + gss_OID /* src_oid */, + gss_OID * /* dest_oid */ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_release_oid + (OM_uint32 * /*minor_status*/, + gss_OID * /* oid */ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_oid_to_str( + OM_uint32 * /*minor_status*/, + gss_OID /* oid */, + gss_buffer_t /* str */ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_sec_context_by_oid( + OM_uint32 * minor_status, + gss_const_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_set_sec_context_option (OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + const gss_OID desired_object, + const gss_buffer_t value); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_set_cred_option (OM_uint32 *minor_status, + gss_cred_id_t *cred_handle, + const gss_OID object, + const gss_buffer_t value); + +GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL +gss_oid_equal(gss_const_OID a, gss_const_OID b); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_create_empty_buffer_set + (OM_uint32 * minor_status, + gss_buffer_set_t *buffer_set); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_add_buffer_set_member + (OM_uint32 * minor_status, + const gss_buffer_t member_buffer, + gss_buffer_set_t *buffer_set); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_release_buffer_set + (OM_uint32 * minor_status, + gss_buffer_set_t *buffer_set); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_cred_by_oid(OM_uint32 *minor_status, + gss_const_cred_id_t cred_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set); + +/* + * RFC 4401 + */ + +#define GSS_C_PRF_KEY_FULL 0 +#define GSS_C_PRF_KEY_PARTIAL 1 + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_pseudo_random + (OM_uint32 *minor_status, + gss_ctx_id_t context, + int prf_key, + const gss_buffer_t prf_in, + ssize_t desired_output_len, + gss_buffer_t prf_out + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_store_cred(OM_uint32 * /* minor_status */, + gss_cred_id_t /* input_cred_handle */, + gss_cred_usage_t /* cred_usage */, + const gss_OID /* desired_mech */, + OM_uint32 /* overwrite_cred */, + OM_uint32 /* default_cred */, + gss_OID_set * /* elements_stored */, + gss_cred_usage_t * /* cred_usage_stored */); + + +/* + * Query functions + */ + +typedef struct { + size_t header; /**< size of header */ + size_t trailer; /**< size of trailer */ + size_t max_msg_size; /**< maximum message size */ + size_t buffers; /**< extra GSS_IOV_BUFFER_TYPE_EMPTY buffer to pass */ + size_t blocksize; /**< Specificed optimal size of messages, also + is the maximum padding size + (GSS_IOV_BUFFER_TYPE_PADDING) */ +} gss_context_stream_sizes; + +extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_attr_stream_sizes_oid_desc; +#define GSS_C_ATTR_STREAM_SIZES (&__gss_c_attr_stream_sizes_oid_desc) + + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_context_query_attributes(OM_uint32 * /* minor_status */, + gss_const_ctx_id_t /* context_handle */, + const gss_OID /* attribute */, + void * /*data*/, + size_t /* len */); +/* + * The following routines are obsolete variants of gss_get_mic, + * gss_verify_mic, gss_wrap and gss_unwrap. They should be + * provided by GSSAPI V2 implementations for backwards + * compatibility with V1 applications. Distinct entrypoints + * (as opposed to #defines) should be provided, both to allow + * GSSAPI V1 applications to link against GSSAPI V2 implementations, + * and to retain the slight parameter type differences between the + * obsolete versions of these routines and their current forms. + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_sign + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + int /*qop_req*/, + gss_buffer_t /*message_buffer*/, + gss_buffer_t /*message_token*/ + ) GSSAPI_DEPRECATED_FUNCTION("Use gss_get_mic"); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_verify + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + gss_buffer_t /*message_buffer*/, + gss_buffer_t /*token_buffer*/, + int * /*qop_state*/ + ) GSSAPI_DEPRECATED_FUNCTION("Use gss_verify_mic"); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_seal + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + int /*conf_req_flag*/, + int /*qop_req*/, + gss_buffer_t /*input_message_buffer*/, + int * /*conf_state*/, + gss_buffer_t /*output_message_buffer*/ + ) GSSAPI_DEPRECATED_FUNCTION("Use gss_wrap"); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_unseal + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + gss_buffer_t /*input_message_buffer*/, + gss_buffer_t /*output_message_buffer*/, + int * /*conf_state*/, + int * /*qop_state*/ + ) GSSAPI_DEPRECATED_FUNCTION("Use gss_unwrap"); + +/** + * + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_encapsulate_token(gss_const_buffer_t /* input_token */, + gss_const_OID /* oid */, + gss_buffer_t /* output_token */); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_decapsulate_token(gss_const_buffer_t /* input_token */, + gss_const_OID /* oid */, + gss_buffer_t /* output_token */); + + + +/* + * AEAD support + */ + +/* + * GSS_IOV + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_wrap_iov(OM_uint32 *, gss_ctx_id_t, int, gss_qop_t, int *, + gss_iov_buffer_desc *, int); + + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_unwrap_iov(OM_uint32 *, gss_ctx_id_t, int *, gss_qop_t *, + gss_iov_buffer_desc *, int); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_wrap_iov_length(OM_uint32 *, gss_ctx_id_t, int, gss_qop_t, int *, + gss_iov_buffer_desc *, int); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_release_iov_buffer(OM_uint32 *, gss_iov_buffer_desc *, int); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_wrap_aead(OM_uint32 *, gss_ctx_id_t, int, gss_qop_t, + gss_buffer_t, gss_buffer_t, int *, gss_buffer_t); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_unwrap_aead(OM_uint32 *, gss_ctx_id_t, gss_buffer_t, + gss_buffer_t, gss_buffer_t, int *, gss_qop_t *); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_export_cred(OM_uint32 * /* minor_status */, + gss_cred_id_t /* cred_handle */, + gss_buffer_t /* cred_token */); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_import_cred(OM_uint32 * /* minor_status */, + gss_buffer_t /* cred_token */, + gss_cred_id_t * /* cred_handle */); + +/* + * mech option + */ + +GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL +gss_mo_set(gss_const_OID mech, gss_const_OID option, + int enable, gss_buffer_t value); + +GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL +gss_mo_get(gss_const_OID mech, gss_const_OID option, gss_buffer_t value); + +GSSAPI_LIB_FUNCTION void GSSAPI_LIB_CALL +gss_mo_list(gss_const_OID mech, gss_OID_set *options); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_mo_name(gss_const_OID mech, gss_const_OID options, gss_buffer_t name); + +/* + * SASL glue functions and mech inquire + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_saslname_for_mech(OM_uint32 *minor_status, + const gss_OID desired_mech, + gss_buffer_t sasl_mech_name, + gss_buffer_t mech_name, + gss_buffer_t mech_description); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_mech_for_saslname(OM_uint32 *minor_status, + const gss_buffer_t sasl_mech_name, + gss_OID *mech_type); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_indicate_mechs_by_attrs(OM_uint32 * minor_status, + gss_const_OID_set desired_mech_attrs, + gss_const_OID_set except_mech_attrs, + gss_const_OID_set critical_mech_attrs, + gss_OID_set *mechs); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_attrs_for_mech(OM_uint32 * minor_status, + gss_const_OID mech, + gss_OID_set *mech_attr, + gss_OID_set *known_mech_attrs); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_display_mech_attr(OM_uint32 * minor_status, + gss_const_OID mech_attr, + gss_buffer_t name, + gss_buffer_t short_desc, + gss_buffer_t long_desc); + +/* + * Solaris compat + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_acquire_cred_with_password + (OM_uint32 * /*minor_status*/, + gss_const_name_t /*desired_name*/, + const gss_buffer_t /*password*/, + OM_uint32 /*time_req*/, + const gss_OID_set /*desired_mechs*/, + gss_cred_usage_t /*cred_usage*/, + gss_cred_id_t * /*output_cred_handle*/, + gss_OID_set * /*actual_mechs*/, + OM_uint32 * /*time_rec*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_add_cred_with_password ( + OM_uint32 * /*minor_status*/, + gss_const_cred_id_t /*input_cred_handle*/, + gss_const_name_t /*desired_name*/, + const gss_OID /*desired_mech*/, + const gss_buffer_t /*password*/, + gss_cred_usage_t /*cred_usage*/, + OM_uint32 /*initiator_time_req*/, + OM_uint32 /*acceptor_time_req*/, + gss_cred_id_t * /*output_cred_handle*/, + gss_OID_set * /*actual_mechs*/, + OM_uint32 * /*initiator_time_rec*/, + OM_uint32 * /*acceptor_time_rec*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_localname( + OM_uint32 *minor, + gss_const_name_t name, + const gss_OID mech_type, + gss_buffer_t localname); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_pname_to_uid( + OM_uint32 *minor, + gss_const_name_t name, + const gss_OID mech_type, + uid_t *uidOut); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_authorize_localname( + OM_uint32 *minor, + gss_const_name_t name, + gss_const_name_t user); + +GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL +gss_userok(gss_const_name_t name, + const char *user); + +extern GSSAPI_LIB_VARIABLE gss_buffer_desc __gss_c_attr_local_login_user; +#define GSS_C_ATTR_LOCAL_LOGIN_USER (&__gss_c_attr_local_login_user) + +/* + * Naming extensions + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_display_name_ext ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + gss_OID, /* display_as_name_type */ + gss_buffer_t /* display_name */ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_name ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + int *, /* name_is_MN */ + gss_OID *, /* MN_mech */ + gss_buffer_set_t * /* attrs */ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_get_name_attribute ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + gss_buffer_t, /* attr */ + int *, /* authenticated */ + int *, /* complete */ + gss_buffer_t, /* value */ + gss_buffer_t, /* display_value */ + int * /* more */ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_set_name_attribute ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + int, /* complete */ + gss_buffer_t, /* attr */ + gss_buffer_t /* value */ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_delete_name_attribute ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + gss_buffer_t /* attr */ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_export_name_composite ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + gss_buffer_t /* exp_composite_name */ + ); + +/* + * + */ + +GSSAPI_LIB_FUNCTION const char * GSSAPI_LIB_CALL +gss_oid_to_name(gss_const_OID oid); + +GSSAPI_LIB_FUNCTION gss_OID GSSAPI_LIB_CALL +gss_name_to_oid(const char *name); + +GSSAPI_CPP_END + +#if defined(__APPLE__) && (defined(__ppc__) || defined(__ppc64__) || defined(__i386__) || defined(__x86_64__)) +#pragma pack(pop) +#endif + +#undef GSSAPI_DEPRECATED_FUNCTION + +#endif /* GSSAPI_GSSAPI_H_ */ diff --git a/kerberos5/include/gssapi/gssapi_krb5.h b/kerberos5/include/gssapi/gssapi_krb5.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/gssapi/gssapi_krb5.h @@ -0,0 +1,223 @@ +/* + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef GSSAPI_KRB5_H_ +#define GSSAPI_KRB5_H_ + +#include +#include + +GSSAPI_CPP_START + +#if !defined(__GNUC__) && !defined(__attribute__) +#define __attribute__(x) +#endif + +#ifndef GSSKRB5_FUNCTION_DEPRECATED +#define GSSKRB5_FUNCTION_DEPRECATED __attribute__((deprecated)) +#endif + + +/* + * This is for kerberos5 names. + */ + +extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_oid_desc; +#define GSS_KRB5_NT_PRINCIPAL_NAME (&__gss_krb5_nt_principal_name_oid_desc) + +#define GSS_KRB5_NT_USER_NAME (&__gss_c_nt_user_name_oid_desc) +#define GSS_KRB5_NT_MACHINE_UID_NAME (&__gss_c_nt_machine_uid_name_oid_desc) +#define GSS_KRB5_NT_STRING_UID_NAME (&__gss_c_nt_string_uid_name_oid_desc) + +/* for compatibility with MIT api */ + +#define gss_mech_krb5 GSS_KRB5_MECHANISM +#define gss_krb5_nt_general_name GSS_KRB5_NT_PRINCIPAL_NAME + +/* + * kerberos mechanism specific functions + */ + +struct krb5_keytab_data; +struct krb5_ccache_data; +struct Principal; + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_krb5_ccache_name(OM_uint32 * /*minor_status*/, + const char * /*name */, + const char ** /*out_name */); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gsskrb5_register_acceptor_identity + (const char * /*identity*/); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL krb5_gss_register_acceptor_identity + (const char * /*identity*/); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_krb5_copy_ccache + (OM_uint32 * /*minor*/, + gss_cred_id_t /*cred*/, + struct krb5_ccache_data * /*out*/); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_krb5_import_cred(OM_uint32 * /*minor*/, + struct krb5_ccache_data * /*in*/, + struct Principal * /*keytab_principal*/, + struct krb5_keytab_data * /*keytab*/, + gss_cred_id_t * /*out*/); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_krb5_get_tkt_flags + (OM_uint32 * /*minor*/, + gss_ctx_id_t /*context_handle*/, + OM_uint32 * /*tkt_flags*/); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gsskrb5_extract_authz_data_from_sec_context + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + int /*ad_type*/, + gss_buffer_t /*ad_data*/); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gsskrb5_set_dns_canonicalize(int); + +struct gsskrb5_send_to_kdc { + void *func; + void *ptr; +}; + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *) + GSSKRB5_FUNCTION_DEPRECATED; + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gsskrb5_set_default_realm(const char *); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gsskrb5_extract_authtime_from_sec_context(OM_uint32 *, gss_ctx_id_t, time_t *); + +struct EncryptionKey; + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gsskrb5_extract_service_keyblock(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + struct EncryptionKey **out); +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gsskrb5_get_initiator_subkey(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + struct EncryptionKey **out); +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gsskrb5_get_subkey(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + struct EncryptionKey **out); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gsskrb5_set_time_offset(int); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gsskrb5_get_time_offset(int *); + +struct gsskrb5_krb5_plugin { + int type; + char *name; + void *symbol; +}; + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gsskrb5_plugin_register(struct gsskrb5_krb5_plugin *); + + +/* + * Lucid - NFSv4 interface to GSS-API KRB5 to expose key material to + * do GSS content token handling in-kernel. + */ + +typedef struct gss_krb5_lucid_key { + OM_uint32 type; + OM_uint32 length; + void * data; +} gss_krb5_lucid_key_t; + +typedef struct gss_krb5_rfc1964_keydata { + OM_uint32 sign_alg; + OM_uint32 seal_alg; + gss_krb5_lucid_key_t ctx_key; +} gss_krb5_rfc1964_keydata_t; + +typedef struct gss_krb5_cfx_keydata { + OM_uint32 have_acceptor_subkey; + gss_krb5_lucid_key_t ctx_key; + gss_krb5_lucid_key_t acceptor_subkey; +} gss_krb5_cfx_keydata_t; + +typedef struct gss_krb5_lucid_context_v1 { + OM_uint32 version; + OM_uint32 initiate; + OM_uint32 endtime; + OM_uint64 send_seq; + OM_uint64 recv_seq; + OM_uint32 protocol; + gss_krb5_rfc1964_keydata_t rfc1964_kd; + gss_krb5_cfx_keydata_t cfx_kd; +} gss_krb5_lucid_context_v1_t; + +typedef struct gss_krb5_lucid_context_version { + OM_uint32 version; /* Structure version number */ +} gss_krb5_lucid_context_version_t; + +/* + * Function declarations + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + OM_uint32 version, + void **kctx); + + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, + void *kctx); + + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, + gss_cred_id_t cred, + OM_uint32 num_enctypes, + int32_t *enctypes); + +GSSAPI_CPP_END + +#endif /* GSSAPI_SPNEGO_H_ */ diff --git a/kerberos5/lib/libgssapi_krb5/prefix.c b/kerberos5/include/gssapi/gssapi_ntlm.h rename from kerberos5/lib/libgssapi_krb5/prefix.c rename to kerberos5/include/gssapi/gssapi_ntlm.h --- a/kerberos5/lib/libgssapi_krb5/prefix.c +++ b/kerberos5/include/gssapi/gssapi_ntlm.h @@ -1,22 +1,27 @@ -/*- - * SPDX-License-Identifier: BSD-2-Clause - * - * Copyright (c) 2008 Doug Rabson +/* + * Copyright (c) 2006 - 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -26,8 +31,11 @@ * SUCH DAMAGE. */ -const char * -_gss_name_prefix(void) -{ - return "_gsskrb5"; -} +/* $Id$ */ + +#ifndef GSSAPI_NTLM_H_ +#define GSSAPI_NTLM_H_ + +#include + +#endif /* GSSAPI_NTLM_H_ */ diff --git a/kerberos5/include/gssapi/gssapi_oid.h b/kerberos5/include/gssapi/gssapi_oid.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/gssapi/gssapi_oid.h @@ -0,0 +1,245 @@ +/* Generated file */ +#ifndef GSSAPI_GSSAPI_OID +#define GSSAPI_GSSAPI_OID 1 + + /* contact Love Hörnquist Åstrand for new oid arcs */ + /* + * 1.2.752.43.13 Heimdal GSS-API Extentions + */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_copy_ccache_x_oid_desc; +#define GSS_KRB5_COPY_CCACHE_X (&__gss_krb5_copy_ccache_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_tkt_flags_x_oid_desc; +#define GSS_KRB5_GET_TKT_FLAGS_X (&__gss_krb5_get_tkt_flags_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc; +#define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X (&__gss_krb5_extract_authz_data_from_sec_context_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_compat_des3_mic_x_oid_desc; +#define GSS_KRB5_COMPAT_DES3_MIC_X (&__gss_krb5_compat_des3_mic_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_register_acceptor_identity_x_oid_desc; +#define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X (&__gss_krb5_register_acceptor_identity_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_export_lucid_context_x_oid_desc; +#define GSS_KRB5_EXPORT_LUCID_CONTEXT_X (&__gss_krb5_export_lucid_context_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_export_lucid_context_v1_x_oid_desc; +#define GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X (&__gss_krb5_export_lucid_context_v1_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_dns_canonicalize_x_oid_desc; +#define GSS_KRB5_SET_DNS_CANONICALIZE_X (&__gss_krb5_set_dns_canonicalize_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_subkey_x_oid_desc; +#define GSS_KRB5_GET_SUBKEY_X (&__gss_krb5_get_subkey_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_initiator_subkey_x_oid_desc; +#define GSS_KRB5_GET_INITIATOR_SUBKEY_X (&__gss_krb5_get_initiator_subkey_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_acceptor_subkey_x_oid_desc; +#define GSS_KRB5_GET_ACCEPTOR_SUBKEY_X (&__gss_krb5_get_acceptor_subkey_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_send_to_kdc_x_oid_desc; +#define GSS_KRB5_SEND_TO_KDC_X (&__gss_krb5_send_to_kdc_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_authtime_x_oid_desc; +#define GSS_KRB5_GET_AUTHTIME_X (&__gss_krb5_get_authtime_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_service_keyblock_x_oid_desc; +#define GSS_KRB5_GET_SERVICE_KEYBLOCK_X (&__gss_krb5_get_service_keyblock_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_allowable_enctypes_x_oid_desc; +#define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X (&__gss_krb5_set_allowable_enctypes_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_default_realm_x_oid_desc; +#define GSS_KRB5_SET_DEFAULT_REALM_X (&__gss_krb5_set_default_realm_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_ccache_name_x_oid_desc; +#define GSS_KRB5_CCACHE_NAME_X (&__gss_krb5_ccache_name_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_time_offset_x_oid_desc; +#define GSS_KRB5_SET_TIME_OFFSET_X (&__gss_krb5_set_time_offset_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_time_offset_x_oid_desc; +#define GSS_KRB5_GET_TIME_OFFSET_X (&__gss_krb5_get_time_offset_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_plugin_register_x_oid_desc; +#define GSS_KRB5_PLUGIN_REGISTER_X (&__gss_krb5_plugin_register_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_ntlm_get_session_key_x_oid_desc; +#define GSS_NTLM_GET_SESSION_KEY_X (&__gss_ntlm_get_session_key_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_ntlm_oid_desc; +#define GSS_C_NT_NTLM (&__gss_c_nt_ntlm_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_dn_oid_desc; +#define GSS_C_NT_DN (&__gss_c_nt_dn_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_nt_principal_name_referral_oid_desc; +#define GSS_KRB5_NT_PRINCIPAL_NAME_REFERRAL (&__gss_krb5_nt_principal_name_referral_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_avguest_oid_desc; +#define GSS_C_NTLM_AVGUEST (&__gss_c_ntlm_avguest_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_v1_oid_desc; +#define GSS_C_NTLM_V1 (&__gss_c_ntlm_v1_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_v2_oid_desc; +#define GSS_C_NTLM_V2 (&__gss_c_ntlm_v2_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_session_key_oid_desc; +#define GSS_C_NTLM_SESSION_KEY (&__gss_c_ntlm_session_key_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_force_v1_oid_desc; +#define GSS_C_NTLM_FORCE_V1 (&__gss_c_ntlm_force_v1_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_cred_no_ci_flags_x_oid_desc; +#define GSS_KRB5_CRED_NO_CI_FLAGS_X (&__gss_krb5_cred_no_ci_flags_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_import_cred_x_oid_desc; +#define GSS_KRB5_IMPORT_CRED_X (&__gss_krb5_import_cred_x_oid_desc) + + /* glue for gss_inquire_saslname_for_mech */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_sasl_mech_name_oid_desc; +#define GSS_C_MA_SASL_MECH_NAME (&__gss_c_ma_sasl_mech_name_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_name_oid_desc; +#define GSS_C_MA_MECH_NAME (&__gss_c_ma_mech_name_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_description_oid_desc; +#define GSS_C_MA_MECH_DESCRIPTION (&__gss_c_ma_mech_description_oid_desc) + + /* credential types */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_cred_password_oid_desc; +#define GSS_C_CRED_PASSWORD (&__gss_c_cred_password_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_cred_certificate_oid_desc; +#define GSS_C_CRED_CERTIFICATE (&__gss_c_cred_certificate_oid_desc) + +/* Heimdal mechanisms - 1.2.752.43.14 */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_sasl_digest_md5_mechanism_oid_desc; +#define GSS_SASL_DIGEST_MD5_MECHANISM (&__gss_sasl_digest_md5_mechanism_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_mechanism_oid_desc; +#define GSS_NETLOGON_MECHANISM (&__gss_netlogon_mechanism_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_set_session_key_x_oid_desc; +#define GSS_NETLOGON_SET_SESSION_KEY_X (&__gss_netlogon_set_session_key_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_set_sign_algorithm_x_oid_desc; +#define GSS_NETLOGON_SET_SIGN_ALGORITHM_X (&__gss_netlogon_set_sign_algorithm_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_nt_netbios_dns_name_oid_desc; +#define GSS_NETLOGON_NT_NETBIOS_DNS_NAME (&__gss_netlogon_nt_netbios_dns_name_oid_desc) + +/* GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X.128 */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_inq_win2k_pac_x_oid_desc; +#define GSS_C_INQ_WIN2K_PAC_X (&__gss_c_inq_win2k_pac_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_inq_sspi_session_key_oid_desc; +#define GSS_C_INQ_SSPI_SESSION_KEY (&__gss_c_inq_sspi_session_key_oid_desc) + +/* + * "Standard" mechs + */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_mechanism_oid_desc; +#define GSS_KRB5_MECHANISM (&__gss_krb5_mechanism_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_ntlm_mechanism_oid_desc; +#define GSS_NTLM_MECHANISM (&__gss_ntlm_mechanism_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_spnego_mechanism_oid_desc; +#define GSS_SPNEGO_MECHANISM (&__gss_spnego_mechanism_oid_desc) + + /* From Luke Howard */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_peer_has_updated_spnego_oid_desc; +#define GSS_C_PEER_HAS_UPDATED_SPNEGO (&__gss_c_peer_has_updated_spnego_oid_desc) + +/* + * OID mappings with name and short description and and slightly longer description + */ +/* + * RFC5587 + */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_concrete_oid_desc; +#define GSS_C_MA_MECH_CONCRETE (&__gss_c_ma_mech_concrete_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_pseudo_oid_desc; +#define GSS_C_MA_MECH_PSEUDO (&__gss_c_ma_mech_pseudo_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_composite_oid_desc; +#define GSS_C_MA_MECH_COMPOSITE (&__gss_c_ma_mech_composite_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_nego_oid_desc; +#define GSS_C_MA_MECH_NEGO (&__gss_c_ma_mech_nego_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_glue_oid_desc; +#define GSS_C_MA_MECH_GLUE (&__gss_c_ma_mech_glue_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_not_mech_oid_desc; +#define GSS_C_MA_NOT_MECH (&__gss_c_ma_not_mech_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_deprecated_oid_desc; +#define GSS_C_MA_DEPRECATED (&__gss_c_ma_deprecated_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_not_dflt_mech_oid_desc; +#define GSS_C_MA_NOT_DFLT_MECH (&__gss_c_ma_not_dflt_mech_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_itok_framed_oid_desc; +#define GSS_C_MA_ITOK_FRAMED (&__gss_c_ma_itok_framed_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_init_oid_desc; +#define GSS_C_MA_AUTH_INIT (&__gss_c_ma_auth_init_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_targ_oid_desc; +#define GSS_C_MA_AUTH_TARG (&__gss_c_ma_auth_targ_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_init_init_oid_desc; +#define GSS_C_MA_AUTH_INIT_INIT (&__gss_c_ma_auth_init_init_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_targ_init_oid_desc; +#define GSS_C_MA_AUTH_TARG_INIT (&__gss_c_ma_auth_targ_init_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_init_anon_oid_desc; +#define GSS_C_MA_AUTH_INIT_ANON (&__gss_c_ma_auth_init_anon_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_targ_anon_oid_desc; +#define GSS_C_MA_AUTH_TARG_ANON (&__gss_c_ma_auth_targ_anon_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_deleg_cred_oid_desc; +#define GSS_C_MA_DELEG_CRED (&__gss_c_ma_deleg_cred_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_integ_prot_oid_desc; +#define GSS_C_MA_INTEG_PROT (&__gss_c_ma_integ_prot_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_conf_prot_oid_desc; +#define GSS_C_MA_CONF_PROT (&__gss_c_ma_conf_prot_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mic_oid_desc; +#define GSS_C_MA_MIC (&__gss_c_ma_mic_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_wrap_oid_desc; +#define GSS_C_MA_WRAP (&__gss_c_ma_wrap_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_prot_ready_oid_desc; +#define GSS_C_MA_PROT_READY (&__gss_c_ma_prot_ready_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_replay_det_oid_desc; +#define GSS_C_MA_REPLAY_DET (&__gss_c_ma_replay_det_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_oos_det_oid_desc; +#define GSS_C_MA_OOS_DET (&__gss_c_ma_oos_det_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_cbindings_oid_desc; +#define GSS_C_MA_CBINDINGS (&__gss_c_ma_cbindings_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_pfs_oid_desc; +#define GSS_C_MA_PFS (&__gss_c_ma_pfs_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_compress_oid_desc; +#define GSS_C_MA_COMPRESS (&__gss_c_ma_compress_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_ctx_trans_oid_desc; +#define GSS_C_MA_CTX_TRANS (&__gss_c_ma_ctx_trans_oid_desc) + +#endif /* GSSAPI_GSSAPI_OID */ diff --git a/contrib/com_err/lex.h b/kerberos5/include/gssapi/gssapi_spnego.h copy from contrib/com_err/lex.h copy to kerberos5/include/gssapi/gssapi_spnego.h --- a/contrib/com_err/lex.h +++ b/kerberos5/include/gssapi/gssapi_spnego.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,23 @@ /* $Id$ */ -void _lex_error_message (const char *, ...) -__attribute__ ((format (printf, 1, 2))); +#ifndef GSSAPI_SPNEGO_H_ +#define GSSAPI_SPNEGO_H_ -int yylex(void); +#include + +GSSAPI_CPP_START + +/* + * RFC2478, SPNEGO: + * The security mechanism of the initial + * negotiation token is identified by the Object Identifier + * iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2). + */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_spnego_mechanism_oid_desc; +#define GSS_SPNEGO_MECHANISM (&__gss_spnego_mechanism_oid_desc) +#define gss_mech_spnego GSS_SPNEGO_MECHANISM + +GSSAPI_CPP_END + +#endif /* GSSAPI_SPNEGO_H_ */ diff --git a/kerberos5/include/gssapi_asn1.h b/kerberos5/include/gssapi_asn1.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/gssapi_asn1.h @@ -0,0 +1,112 @@ +/* Generated from ./mech/gssapi.asn1 */ +/* Do not edit */ + +#ifndef __gssapi_asn1_h__ +#define __gssapi_asn1_h__ + +#include +#include + +#ifndef __asn1_common_definitions__ +#define __asn1_common_definitions__ + +#ifndef __HEIM_BASE_DATA__ +#define __HEIM_BASE_DATA__ 1 +struct heim_base_data { + size_t length; + void *data; +}; +typedef struct heim_base_data heim_octet_string; +#endif + +typedef struct heim_integer { + size_t length; + void *data; + int negative; +} heim_integer; + +typedef char *heim_general_string; + +typedef char *heim_utf8_string; + +typedef struct heim_base_data heim_printable_string; + +typedef struct heim_base_data heim_ia5_string; + +typedef struct heim_bmp_string { + size_t length; + uint16_t *data; +} heim_bmp_string; + +typedef struct heim_universal_string { + size_t length; + uint32_t *data; +} heim_universal_string; + +typedef char *heim_visible_string; + +typedef struct heim_oid { + size_t length; + unsigned *components; +} heim_oid; + +typedef struct heim_bit_string { + size_t length; + void *data; +} heim_bit_string; + +typedef struct heim_base_data heim_any; +typedef struct heim_base_data heim_any_set; + +#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \ + do { \ + (BL) = length_##T((S)); \ + (B) = malloc((BL)); \ + if((B) == NULL) { \ + (R) = ENOMEM; \ + } else { \ + (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \ + (S), (L)); \ + if((R) != 0) { \ + free((B)); \ + (B) = NULL; \ + } \ + } \ + } while (0) + +#ifdef _WIN32 +#ifndef ASN1_LIB +#define ASN1EXP __declspec(dllimport) +#else +#define ASN1EXP +#endif +#define ASN1CALL __stdcall +#else +#define ASN1EXP +#define ASN1CALL +#endif +struct units; + +#endif + +#include +/* +GSSAPIContextToken ::= [APPLICATION 0] IMPLICIT SEQUENCE { + thisMech OBJECT IDENTIFIER, + innerContextToken heim_any_set, +} +*/ + +typedef struct GSSAPIContextToken { + heim_oid thisMech; + heim_any_set innerContextToken; +} GSSAPIContextToken; + +ASN1EXP int ASN1CALL decode_GSSAPIContextToken(const unsigned char *, size_t, GSSAPIContextToken *, size_t *); +ASN1EXP int ASN1CALL encode_GSSAPIContextToken(unsigned char *, size_t, const GSSAPIContextToken *, size_t *); +ASN1EXP size_t ASN1CALL length_GSSAPIContextToken(const GSSAPIContextToken *); +ASN1EXP int ASN1CALL copy_GSSAPIContextToken (const GSSAPIContextToken *, GSSAPIContextToken *); +ASN1EXP void ASN1CALL free_GSSAPIContextToken (GSSAPIContextToken *); + + +#endif /* __gssapi_asn1_h__ */ diff --git a/kerberos5/include/gssapi_mech.h b/kerberos5/include/gssapi_mech.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/gssapi_mech.h @@ -0,0 +1,594 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/mech_switch.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#ifndef GSSAPI_MECH_H +#define GSSAPI_MECH_H 1 + +#include + +typedef OM_uint32 GSSAPI_CALLCONV _gss_acquire_cred_t + (OM_uint32 *, /* minor_status */ + gss_const_name_t, /* desired_name */ + OM_uint32, /* time_req */ + const gss_OID_set, /* desired_mechs */ + gss_cred_usage_t, /* cred_usage */ + gss_cred_id_t *, /* output_cred_handle */ + gss_OID_set *, /* actual_mechs */ + OM_uint32 * /* time_rec */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_release_cred_t + (OM_uint32 *, /* minor_status */ + gss_cred_id_t * /* cred_handle */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_init_sec_context_t + (OM_uint32 *, /* minor_status */ + gss_const_cred_id_t, /* initiator_cred_handle */ + gss_ctx_id_t *, /* context_handle */ + gss_const_name_t, /* target_name */ + const gss_OID, /* mech_type */ + OM_uint32, /* req_flags */ + OM_uint32, /* time_req */ + const gss_channel_bindings_t, + /* input_chan_bindings */ + const gss_buffer_t, /* input_token */ + gss_OID *, /* actual_mech_type */ + gss_buffer_t, /* output_token */ + OM_uint32 *, /* ret_flags */ + OM_uint32 * /* time_rec */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_accept_sec_context_t + (OM_uint32 *, /* minor_status */ + gss_ctx_id_t *, /* context_handle */ + gss_const_cred_id_t, /* acceptor_cred_handle */ + const gss_buffer_t, /* input_token_buffer */ + const gss_channel_bindings_t, + /* input_chan_bindings */ + gss_name_t *, /* src_name */ + gss_OID *, /* mech_type */ + gss_buffer_t, /* output_token */ + OM_uint32 *, /* ret_flags */ + OM_uint32 *, /* time_rec */ + gss_cred_id_t * /* delegated_cred_handle */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_process_context_token_t + (OM_uint32 *, /* minor_status */ + gss_const_ctx_id_t, /* context_handle */ + const gss_buffer_t /* token_buffer */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_delete_sec_context_t + (OM_uint32 *, /* minor_status */ + gss_ctx_id_t *, /* context_handle */ + gss_buffer_t /* output_token */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_context_time_t + (OM_uint32 *, /* minor_status */ + gss_const_ctx_id_t, /* context_handle */ + OM_uint32 * /* time_rec */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_get_mic_t + (OM_uint32 *, /* minor_status */ + gss_const_ctx_id_t, /* context_handle */ + gss_qop_t, /* qop_req */ + const gss_buffer_t, /* message_buffer */ + gss_buffer_t /* message_token */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_verify_mic_t + (OM_uint32 *, /* minor_status */ + gss_const_ctx_id_t, /* context_handle */ + const gss_buffer_t, /* message_buffer */ + const gss_buffer_t, /* token_buffer */ + gss_qop_t * /* qop_state */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_wrap_t + (OM_uint32 *, /* minor_status */ + gss_const_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + gss_qop_t, /* qop_req */ + const gss_buffer_t, /* input_message_buffer */ + int *, /* conf_state */ + gss_buffer_t /* output_message_buffer */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_unwrap_t + (OM_uint32 *, /* minor_status */ + gss_const_ctx_id_t, /* context_handle */ + const gss_buffer_t, /* input_message_buffer */ + gss_buffer_t, /* output_message_buffer */ + int *, /* conf_state */ + gss_qop_t * /* qop_state */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_display_status_t + (OM_uint32 *, /* minor_status */ + OM_uint32, /* status_value */ + int, /* status_type */ + const gss_OID, /* mech_type */ + OM_uint32 *, /* message_context */ + gss_buffer_t /* status_string */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_indicate_mechs_t + (OM_uint32 *, /* minor_status */ + gss_OID_set * /* mech_set */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_compare_name_t + (OM_uint32 *, /* minor_status */ + gss_const_name_t, /* name1 */ + gss_const_name_t, /* name2 */ + int * /* name_equal */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_display_name_t + (OM_uint32 *, /* minor_status */ + gss_const_name_t, /* input_name */ + gss_buffer_t, /* output_name_buffer */ + gss_OID * /* output_name_type */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_import_name_t + (OM_uint32 *, /* minor_status */ + const gss_buffer_t, /* input_name_buffer */ + const gss_OID, /* input_name_type */ + gss_name_t * /* output_name */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_export_name_t + (OM_uint32 *, /* minor_status */ + gss_const_name_t, /* input_name */ + gss_buffer_t /* exported_name */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_release_name_t + (OM_uint32 *, /* minor_status */ + gss_name_t * /* input_name */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_cred_t + (OM_uint32 *, /* minor_status */ + gss_const_cred_id_t, /* cred_handle */ + gss_name_t *, /* name */ + OM_uint32 *, /* lifetime */ + gss_cred_usage_t *, /* cred_usage */ + gss_OID_set * /* mechanisms */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_context_t + (OM_uint32 *, /* minor_status */ + gss_const_ctx_id_t, /* context_handle */ + gss_name_t *, /* src_name */ + gss_name_t *, /* targ_name */ + OM_uint32 *, /* lifetime_rec */ + gss_OID *, /* mech_type */ + OM_uint32 *, /* ctx_flags */ + int *, /* locally_initiated */ + int * /* open */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_wrap_size_limit_t + (OM_uint32 *, /* minor_status */ + gss_const_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + gss_qop_t, /* qop_req */ + OM_uint32, /* req_output_size */ + OM_uint32 * /* max_input_size */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_add_cred_t ( + OM_uint32 *, /* minor_status */ + gss_const_cred_id_t, /* input_cred_handle */ + gss_const_name_t, /* desired_name */ + const gss_OID, /* desired_mech */ + gss_cred_usage_t, /* cred_usage */ + OM_uint32, /* initiator_time_req */ + OM_uint32, /* acceptor_time_req */ + gss_cred_id_t *, /* output_cred_handle */ + gss_OID_set *, /* actual_mechs */ + OM_uint32 *, /* initiator_time_rec */ + OM_uint32 * /* acceptor_time_rec */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_cred_by_mech_t ( + OM_uint32 *, /* minor_status */ + gss_const_cred_id_t, /* cred_handle */ + const gss_OID, /* mech_type */ + gss_name_t *, /* name */ + OM_uint32 *, /* initiator_lifetime */ + OM_uint32 *, /* acceptor_lifetime */ + gss_cred_usage_t * /* cred_usage */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_export_sec_context_t ( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t *, /* context_handle */ + gss_buffer_t /* interprocess_token */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_import_sec_context_t ( + OM_uint32 *, /* minor_status */ + const gss_buffer_t, /* interprocess_token */ + gss_ctx_id_t * /* context_handle */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_names_for_mech_t ( + OM_uint32 *, /* minor_status */ + const gss_OID, /* mechanism */ + gss_OID_set * /* name_types */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_mechs_for_name_t ( + OM_uint32 *, /* minor_status */ + gss_const_name_t, /* input_name */ + gss_OID_set * /* mech_types */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_canonicalize_name_t ( + OM_uint32 *, /* minor_status */ + gss_const_name_t, /* input_name */ + const gss_OID, /* mech_type */ + gss_name_t * /* output_name */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_duplicate_name_t ( + OM_uint32 *, /* minor_status */ + gss_const_name_t, /* src_name */ + gss_name_t * /* dest_name */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_sec_context_by_oid ( + OM_uint32 *minor_status, + gss_const_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_cred_by_oid ( + OM_uint32 *minor_status, + gss_const_cred_id_t cred, + const gss_OID desired_object, + gss_buffer_set_t *data_set + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_set_sec_context_option ( + OM_uint32 *minor_status, + gss_ctx_id_t *cred_handle, + const gss_OID desired_object, + const gss_buffer_t value + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_set_cred_option ( + OM_uint32 *minor_status, + gss_cred_id_t *cred_handle, + const gss_OID desired_object, + const gss_buffer_t value + ); + + +typedef OM_uint32 GSSAPI_CALLCONV _gss_pseudo_random( + OM_uint32 *minor_status, + gss_ctx_id_t context, + int prf_key, + const gss_buffer_t prf_in, + ssize_t desired_output_len, + gss_buffer_t prf_out + ); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_wrap_iov_t(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + int * conf_state, + gss_iov_buffer_desc *iov, + int iov_count); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_unwrap_iov_t(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int *conf_state, + gss_qop_t *qop_state, + gss_iov_buffer_desc *iov, + int iov_count); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_wrap_iov_length_t(OM_uint32 * minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_store_cred_t(OM_uint32 *minor_status, + gss_cred_id_t input_cred_handle, + gss_cred_usage_t cred_usage, + const gss_OID desired_mech, + OM_uint32 overwrite_cred, + OM_uint32 default_cred, + gss_OID_set *elements_stored, + gss_cred_usage_t *cred_usage_stored); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_export_cred_t(OM_uint32 *minor_status, + gss_cred_id_t cred_handle, + gss_buffer_t cred_token); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_import_cred_t(OM_uint32 * minor_status, + gss_buffer_t cred_token, + gss_cred_id_t * cred_handle); + + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_acquire_cred_ext_t(OM_uint32 * /*minor_status */, + gss_const_name_t /* desired_name */, + gss_const_OID /* credential_type */, + const void * /* credential_data */, + OM_uint32 /* time_req */, + gss_const_OID /* desired_mech */, + gss_cred_usage_t /* cred_usage */, + gss_cred_id_t * /* output_cred_handle */); + +typedef void GSSAPI_CALLCONV +_gss_iter_creds_t(OM_uint32 /* flags */, + void * /* userctx */, + void (* /*cred_iter */ )(void *, gss_OID, gss_cred_id_t)); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_destroy_cred_t(OM_uint32 * /* minor_status */, + gss_cred_id_t * /* cred */); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_cred_hold_t(OM_uint32 * /* minor_status */, + gss_cred_id_t /* cred */); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_cred_unhold_t(OM_uint32 * /* minor_status */, + gss_cred_id_t /* cred */); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_cred_label_set_t(OM_uint32 * /* minor_status */, + gss_cred_id_t /* cred */, + const char * /* label */, + gss_buffer_t /* value */); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_cred_label_get_t(OM_uint32 * /* minor_status */, + gss_cred_id_t /* cred */, + const char * /* label */, + gss_buffer_t /* value */); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_display_name_ext_t ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + gss_OID, /* display_as_name_type */ + gss_buffer_t /* display_name */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_name_t ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + int *, /* name_is_MN */ + gss_OID *, /* MN_mech */ + gss_buffer_set_t * /* attrs */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_get_name_attribute_t ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + gss_buffer_t, /* attr */ + int *, /* authenticated */ + int *, /* complete */ + gss_buffer_t, /* value */ + gss_buffer_t, /* display_value */ + int * /* more */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_set_name_attribute_t ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + int, /* complete */ + gss_buffer_t, /* attr */ + gss_buffer_t /* value */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_delete_name_attribute_t ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + gss_buffer_t /* attr */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_export_name_composite_t ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + gss_buffer_t /* exp_composite_name */ + ); + +/* + * + */ + +typedef struct gss_mo_desc_struct gss_mo_desc; + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_mo_init (OM_uint32 *, gss_OID, gss_mo_desc **, size_t *); + + +struct gss_mo_desc_struct { + gss_OID option; + OM_uint32 flags; +#define GSS_MO_MA 1 +#define GSS_MO_MA_CRITICAL 2 + const char *name; + void *ctx; + int (*get)(gss_const_OID, gss_mo_desc *, gss_buffer_t); + int (*set)(gss_const_OID, gss_mo_desc *, int, gss_buffer_t); +}; + +typedef OM_uint32 GSSAPI_CALLCONV _gss_localname_t ( + OM_uint32 *, /* minor_status */ + gss_const_name_t, /* name */ + const gss_OID, /* mech_type */ + gss_buffer_t /* localname */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_authorize_localname_t ( + OM_uint32 *, /* minor_status */ + gss_const_name_t, /* name */ + gss_const_buffer_t, /* user */ + gss_const_OID /* user_name_type */ + ); + +/* mechglue internal */ +struct gss_mech_compat_desc_struct; + +#define GMI_VERSION 5 + +/* gm_flags */ +#define GM_USE_MG_CRED 1 /* uses mech glue credentials */ + +typedef struct gssapi_mech_interface_desc { + unsigned gm_version; + const char *gm_name; + gss_OID_desc gm_mech_oid; + unsigned gm_flags; + _gss_acquire_cred_t *gm_acquire_cred; + _gss_release_cred_t *gm_release_cred; + _gss_init_sec_context_t *gm_init_sec_context; + _gss_accept_sec_context_t *gm_accept_sec_context; + _gss_process_context_token_t *gm_process_context_token; + _gss_delete_sec_context_t *gm_delete_sec_context; + _gss_context_time_t *gm_context_time; + _gss_get_mic_t *gm_get_mic; + _gss_verify_mic_t *gm_verify_mic; + _gss_wrap_t *gm_wrap; + _gss_unwrap_t *gm_unwrap; + _gss_display_status_t *gm_display_status; + _gss_indicate_mechs_t *gm_indicate_mechs; + _gss_compare_name_t *gm_compare_name; + _gss_display_name_t *gm_display_name; + _gss_import_name_t *gm_import_name; + _gss_export_name_t *gm_export_name; + _gss_release_name_t *gm_release_name; + _gss_inquire_cred_t *gm_inquire_cred; + _gss_inquire_context_t *gm_inquire_context; + _gss_wrap_size_limit_t *gm_wrap_size_limit; + _gss_add_cred_t *gm_add_cred; + _gss_inquire_cred_by_mech_t *gm_inquire_cred_by_mech; + _gss_export_sec_context_t *gm_export_sec_context; + _gss_import_sec_context_t *gm_import_sec_context; + _gss_inquire_names_for_mech_t *gm_inquire_names_for_mech; + _gss_inquire_mechs_for_name_t *gm_inquire_mechs_for_name; + _gss_canonicalize_name_t *gm_canonicalize_name; + _gss_duplicate_name_t *gm_duplicate_name; + _gss_inquire_sec_context_by_oid *gm_inquire_sec_context_by_oid; + _gss_inquire_cred_by_oid *gm_inquire_cred_by_oid; + _gss_set_sec_context_option *gm_set_sec_context_option; + _gss_set_cred_option *gm_set_cred_option; + _gss_pseudo_random *gm_pseudo_random; + _gss_wrap_iov_t *gm_wrap_iov; + _gss_unwrap_iov_t *gm_unwrap_iov; + _gss_wrap_iov_length_t *gm_wrap_iov_length; + _gss_store_cred_t *gm_store_cred; + _gss_export_cred_t *gm_export_cred; + _gss_import_cred_t *gm_import_cred; + _gss_acquire_cred_ext_t *gm_acquire_cred_ext; + _gss_iter_creds_t *gm_iter_creds; + _gss_destroy_cred_t *gm_destroy_cred; + _gss_cred_hold_t *gm_cred_hold; + _gss_cred_unhold_t *gm_cred_unhold; + _gss_cred_label_get_t *gm_cred_label_get; + _gss_cred_label_set_t *gm_cred_label_set; + gss_mo_desc *gm_mo; + size_t gm_mo_num; + _gss_localname_t *gm_localname; + _gss_authorize_localname_t *gm_authorize_localname; + _gss_display_name_ext_t *gm_display_name_ext; + _gss_inquire_name_t *gm_inquire_name; + _gss_get_name_attribute_t *gm_get_name_attribute; + _gss_set_name_attribute_t *gm_set_name_attribute; + _gss_delete_name_attribute_t *gm_delete_name_attribute; + _gss_export_name_composite_t *gm_export_name_composite; + struct gss_mech_compat_desc_struct *gm_compat; +} gssapi_mech_interface_desc, *gssapi_mech_interface; + +gssapi_mech_interface +__gss_get_mechanism(gss_const_OID /* oid */); + +gssapi_mech_interface __gss_spnego_initialize(void); +gssapi_mech_interface __gss_krb5_initialize(void); +gssapi_mech_interface __gss_ntlm_initialize(void); + +void gss_mg_collect_error(gss_OID, OM_uint32, OM_uint32); + +int _gss_mo_get_option_1(gss_const_OID, gss_mo_desc *, gss_buffer_t); +int _gss_mo_get_option_0(gss_const_OID, gss_mo_desc *, gss_buffer_t); +int _gss_mo_get_ctx_as_string(gss_const_OID, gss_mo_desc *, gss_buffer_t); + +struct _gss_oid_name_table { + gss_OID oid; + const char *name; + const char *short_desc; + const char *long_desc; +}; + +extern struct _gss_oid_name_table _gss_ont_mech[]; +extern struct _gss_oid_name_table _gss_ont_ma[]; + +/* + * Extended credentials acqusition API, not to be exported until + * it or something equivalent has been standardised. + */ +extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_cred_password_oid_desc; +#define GSS_C_CRED_PASSWORD (&__gss_c_cred_password_oid_desc) + +extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_cred_certificate_oid_desc; +#define GSS_C_CRED_CERTIFICATE (&__gss_c_cred_certificate_oid_desc) + +OM_uint32 _gss_acquire_cred_ext + (OM_uint32 * /*minor_status*/, + gss_const_name_t /*desired_name*/, + gss_const_OID /*credential_type*/, + const void * /*credential_data*/, + OM_uint32 /*time_req*/, + gss_const_OID /*desired_mech*/, + gss_cred_usage_t /*cred_usage*/, + gss_cred_id_t * /*output_cred_handle*/ + ); + +#endif /* GSSAPI_MECH_H */ diff --git a/contrib/com_err/com_err.h b/kerberos5/include/hcrypto/aes.h rename from contrib/com_err/com_err.h rename to kerberos5/include/hcrypto/aes.h --- a/contrib/com_err/com_err.h +++ b/kerberos5/include/hcrypto/aes.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 2003-2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,44 +33,51 @@ /* $Id$ */ -/* MIT compatible com_err library */ +#ifndef HEIM_AES_H +#define HEIM_AES_H 1 -#ifndef __COM_ERR_H__ -#define __COM_ERR_H__ +/* symbol renaming */ +#define AES_set_encrypt_key hc_AES_set_encrypt_key +#define AES_set_decrypt_key hc_AES_decrypt_key +#define AES_encrypt hc_AES_encrypt +#define AES_decrypt hc_AES_decrypt +#define AES_cbc_encrypt hc_AES_cbc_encrypt +#define AES_cfb8_encrypt hc_AES_cfb8_encrypt -#include -#include - -#if !defined(__GNUC__) && !defined(__attribute__) -#define __attribute__(X) -#endif - -typedef void (KRB5_CALLCONV *errf) (const char *, long, const char *, va_list); +/* + * + */ -KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL -error_message (long); +#define AES_BLOCK_SIZE 16 +#define AES_MAXNR 14 -KRB5_LIB_FUNCTION int KRB5_LIB_CALL -init_error_table (const char**, long, int); +#define AES_ENCRYPT 1 +#define AES_DECRYPT 0 -KRB5_LIB_FUNCTION void KRB5_LIB_CALL -com_err_va (const char *, long, const char *, va_list) - __attribute__((format(printf, 3, 0))); +typedef struct aes_key { + uint32_t key[(AES_MAXNR+1)*4]; + int rounds; +} AES_KEY; -KRB5_LIB_FUNCTION void KRB5_LIB_CALL -com_err (const char *, long, const char *, ...) - __attribute__((format(printf, 3, 4))); +#ifdef __cplusplus +extern "C" { +#endif -KRB5_LIB_FUNCTION errf KRB5_LIB_CALL -set_com_err_hook (errf); +int AES_set_encrypt_key(const unsigned char *, const int, AES_KEY *); +int AES_set_decrypt_key(const unsigned char *, const int, AES_KEY *); -KRB5_LIB_FUNCTION errf KRB5_LIB_CALL -reset_com_err_hook (void); +void AES_encrypt(const unsigned char *, unsigned char *, const AES_KEY *); +void AES_decrypt(const unsigned char *, unsigned char *, const AES_KEY *); -KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL -error_table_name (int num); +void AES_cbc_encrypt(const unsigned char *, unsigned char *, + unsigned long, const AES_KEY *, + unsigned char *, int); +void AES_cfb8_encrypt(const unsigned char *, unsigned char *, + unsigned long, const AES_KEY *, + unsigned char *, int); -KRB5_LIB_FUNCTION void KRB5_LIB_CALL -add_to_error_table (struct et_list *new_table); +#ifdef __cplusplus +} +#endif -#endif /* __COM_ERR_H__ */ +#endif /* HEIM_AES_H */ diff --git a/kerberos5/include/hcrypto/bn.h b/kerberos5/include/hcrypto/bn.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/hcrypto/bn.h @@ -0,0 +1,139 @@ +/* + * Copyright (c) 2006-2016 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id$ + */ + +#ifndef _HEIM_BN_H +#define _HEIM_BN_H 1 + +/* symbol renaming */ +#define BN_GENCB_call hc_BN_GENCB_call +#define BN_GENCB_set hc_BN_GENCB_set +#define BN_bin2bn hc_BN_bin2bn +#define BN_bn2bin hc_BN_bn2bin +#define BN_bn2hex hc_BN_bn2hex +#define BN_clear hc_BN_clear +#define BN_clear_bit hc_BN_clear_bit +#define BN_clear_free hc_BN_clear_free +#define BN_cmp hc_BN_cmp +#define BN_dup hc_BN_dup +#define BN_free hc_BN_free +#define BN_is_negative hc_BN_is_negative +#define BN_get_word hc_BN_get_word +#define BN_hex2bn hc_BN_hex2bn +#define BN_is_bit_set hc_BN_is_bit_set +#define BN_new hc_BN_new +#define BN_num_bits hc_BN_num_bits +#define BN_num_bytes hc_BN_num_bytes +#define BN_rand hc_BN_rand +#define BN_set_bit hc_BN_set_bit +#define BN_set_negative hc_BN_set_negative +#define BN_set_word hc_BN_set_word +#define BN_uadd hc_BN_uadd +#define BN_CTX_new hc_BN_CTX_new +#define BN_CTX_free hc_BN_CTX_free +#define BN_CTX_get hc_BN_CTX_get +#define BN_CTX_start hc_BN_CTX_start +#define BN_CTX_end hc_BN_CTX_end + +#define BIGNUM hc_BIGNUM +#define BN_GENCB hc_BN_GENCB +#define BN_CTX hc_BN_CTX +#define BN_BLINDING hc_BN_BLINDING +#define BN_MONT_CTX hc_BN_MONT_CTX + + +/* + * + */ + +typedef struct BIGNUM BIGNUM; +typedef struct BN_GENCB BN_GENCB; +typedef struct BN_CTX BN_CTX; +typedef struct BN_MONT_CTX BN_MONT_CTX; +typedef struct BN_BLINDING BN_BLINDING; + +struct BN_GENCB { + unsigned int ver; + void *arg; + union { + int (*cb_2)(int, int, BN_GENCB *); + } cb; +}; + +/* + * + */ + +BIGNUM *BN_new(void); +void BN_free(BIGNUM *); +void BN_clear_free(BIGNUM *); +void BN_clear(BIGNUM *); +BIGNUM *BN_dup(const BIGNUM *); + +int BN_num_bits(const BIGNUM *); +int BN_num_bytes(const BIGNUM *); + +int BN_cmp(const BIGNUM *, const BIGNUM *); + +void BN_set_negative(BIGNUM *, int); +int BN_is_negative(const BIGNUM *); + +int BN_is_bit_set(const BIGNUM *, int); +int BN_set_bit(BIGNUM *, int); +int BN_clear_bit(BIGNUM *, int); + +int BN_set_word(BIGNUM *, unsigned long); +unsigned long BN_get_word(const BIGNUM *); + +BIGNUM *BN_bin2bn(const void *,int len,BIGNUM *); +int BN_bn2bin(const BIGNUM *, void *); +int BN_hex2bn(BIGNUM **, const char *); +char * BN_bn2hex(const BIGNUM *); + +int BN_uadd(BIGNUM *, const BIGNUM *, const BIGNUM *); + +int BN_rand(BIGNUM *, int, int, int); + +void BN_GENCB_set(BN_GENCB *, int (*)(int, int, BN_GENCB *), void *); +int BN_GENCB_call(BN_GENCB *, int, int); + +BN_CTX *BN_CTX_new(void); +void BN_CTX_free(BN_CTX *); +BIGNUM *BN_CTX_get(BN_CTX *); +void BN_CTX_start(BN_CTX *); +void BN_CTX_end(BN_CTX *); + +#endif diff --git a/kerberos5/include/hcrypto/des.h b/kerberos5/include/hcrypto/des.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/hcrypto/des.h @@ -0,0 +1,146 @@ +/* + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef _DESperate_H +#define _DESperate_H 1 + +/* symbol renaming */ +#define _DES_ipfp_test _hc_DES_ipfp_test +#define DES_cbc_cksum hc_DES_cbc_cksum +#define DES_cbc_encrypt hc_DES_cbc_encrypt +#define DES_cfb64_encrypt hc_DES_cfb64_encrypt +#define DES_check_key_parity hc_DES_check_key_parity +#define DES_ecb3_encrypt hc_DES_ecb3_encrypt +#define DES_ecb_encrypt hc_DES_ecb_encrypt +#define DES_ede3_cbc_encrypt hc_DES_ede3_cbc_encrypt +#define DES_encrypt hc_DES_encrypt +#define DES_generate_random_block hc_DES_generate_random_block +#define DES_init_random_number_generator hc_DES_init_random_number_generator +#define DES_is_weak_key hc_DES_is_weak_key +#define DES_key_sched hc_DES_key_sched +#define DES_new_random_key hc_DES_new_random_key +#define DES_pcbc_encrypt hc_DES_pcbc_encrypt +#define DES_rand_data hc_DES_rand_data +#define DES_random_key hc_DES_random_key +#define DES_read_password hc_DES_read_password +#define DES_set_key hc_DES_set_key +#define DES_set_key_checked hc_DES_set_key_checked +#define DES_set_key_unchecked hc_DES_set_key_unchecked +#define DES_set_key_sched hc_DES_set_key_sched +#define DES_set_odd_parity hc_DES_set_odd_parity +#define DES_set_random_generator_seed hc_DES_set_random_generator_seed +#define DES_set_sequence_number hc_DES_set_sequence_number +#define DES_string_to_key hc_DES_string_to_key + +/* + * + */ + +#define DES_CBLOCK_LEN 8 +#define DES_KEY_SZ 8 + +#define DES_ENCRYPT 1 +#define DES_DECRYPT 0 + +typedef unsigned char DES_cblock[DES_CBLOCK_LEN]; +typedef struct DES_key_schedule +{ + uint32_t ks[32]; +} DES_key_schedule; + +/* + * + */ + +#ifndef HC_DEPRECATED +#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 ))) +#define HC_DEPRECATED __attribute__((deprecated)) +#elif defined(_MSC_VER) && (_MSC_VER>1200) +#define HC_DEPRECATED __declspec(deprecated) +#else +#define HC_DEPRECATED +#endif +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +void DES_set_odd_parity(DES_cblock *); +int DES_check_key_parity(DES_cblock *); +int DES_is_weak_key(DES_cblock *); +int HC_DEPRECATED DES_set_key(DES_cblock *, DES_key_schedule *); +int DES_set_key_checked(DES_cblock *, DES_key_schedule *); +int DES_set_key_unchecked(DES_cblock *, DES_key_schedule *); +int DES_key_sched(DES_cblock *, DES_key_schedule *); +void DES_string_to_key(const char *, DES_cblock *); +int DES_read_password(DES_cblock *, char *, int); + +void HC_DEPRECATED DES_rand_data(void *, int); +void HC_DEPRECATED DES_set_random_generator_seed(DES_cblock *); +void HC_DEPRECATED DES_generate_random_block(DES_cblock *); +void HC_DEPRECATED DES_set_sequence_number(void *); +void HC_DEPRECATED DES_init_random_number_generator(DES_cblock *); +void HC_DEPRECATED DES_random_key(DES_cblock *); +int HC_DEPRECATED DES_new_random_key(DES_cblock *); + + +void DES_encrypt(uint32_t [2], DES_key_schedule *, int); +void DES_ecb_encrypt(DES_cblock *, DES_cblock *, DES_key_schedule *, int); +void DES_ecb3_encrypt(DES_cblock *,DES_cblock *, DES_key_schedule *, + DES_key_schedule *, DES_key_schedule *, int); +void DES_pcbc_encrypt(const void *, void *, long, + DES_key_schedule *, DES_cblock *, int); +void DES_cbc_encrypt(const void *, void *, long, + DES_key_schedule *, DES_cblock *, int); +void DES_ede3_cbc_encrypt(const void *, void *, long, + DES_key_schedule *, DES_key_schedule *, + DES_key_schedule *, DES_cblock *, int); +void DES_cfb64_encrypt(const void *, void *, long, + DES_key_schedule *, DES_cblock *, int *, int); + + +uint32_t DES_cbc_cksum(const void *, DES_cblock *, + long, DES_key_schedule *, DES_cblock *); + + +void _DES_ipfp_test(void); + +#ifdef __cplusplus +} +#endif + + +#endif /* _DESperate_H */ diff --git a/kerberos5/include/hcrypto/dh.h b/kerberos5/include/hcrypto/dh.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/hcrypto/dh.h @@ -0,0 +1,148 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id$ + */ + +#ifndef _HEIM_DH_H +#define _HEIM_DH_H 1 + +/* symbol renaming */ +#define DH hc_DH +#define DH_METHOD hc_DH_METHOD +#define DH_null_method hc_DH_null_method +#define DH_tfm_method hc_DH_tfm_method +#define DH_ltm_method hc_DH_ltm_method +#define DH_new hc_DH_new +#define DH_new_method hc_DH_new_method +#define DH_free hc_DH_free +#define DH_up_ref hc_DH_up_ref +#define DH_size hc_DH_size +#define DH_set_default_method hc_DH_set_default_method +#define DH_get_default_method hc_DH_get_default_method +#define DH_set_method hc_DH_set_method +#define DH_get_method hc_DH_get_method +#define DH_set_ex_data hc_DH_set_ex_data +#define DH_get_ex_data hc_DH_get_ex_data +#define DH_generate_parameters_ex hc_DH_generate_parameters_ex +#define DH_check_pubkey hc_DH_check_pubkey +#define DH_generate_key hc_DH_generate_key +#define DH_compute_key hc_DH_compute_key +#define i2d_DHparams hc_i2d_DHparams + +/* + * + */ + +typedef struct DH DH; +typedef struct DH_METHOD DH_METHOD; + +#include +#include + +struct DH_METHOD { + const char *name; + int (*generate_key)(DH *); + int (*compute_key)(unsigned char *,const BIGNUM *,DH *); + int (*bn_mod_exp)(const DH *, BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, BN_CTX *, + BN_MONT_CTX *); + int (*init)(DH *); + int (*finish)(DH *); + int flags; + void *app_data; + int (*generate_params)(DH *, int, int, BN_GENCB *); +}; + +struct DH { + int pad; + int version; + BIGNUM *p; + BIGNUM *g; + long length; + BIGNUM *pub_key; + BIGNUM *priv_key; + int flags; + void *method_mont_p; + BIGNUM *q; + BIGNUM *j; + void *seed; + int seedlen; + BIGNUM *counter; + int references; + struct CRYPTO_EX_DATA { + void *sk; + int dummy; + } ex_data; + const DH_METHOD *meth; + ENGINE *engine; +}; + +/* DH_check_pubkey return codes in `codes' argument. */ +#define DH_CHECK_PUBKEY_TOO_SMALL 1 +#define DH_CHECK_PUBKEY_TOO_LARGE 2 + +/* + * + */ + +const DH_METHOD *DH_null_method(void); +const DH_METHOD *DH_tfm_method(void); +const DH_METHOD *DH_ltm_method(void); + +DH * DH_new(void); +DH * DH_new_method(ENGINE *); +void DH_free(DH *); +int DH_up_ref(DH *); + +int DH_size(const DH *); + + +void DH_set_default_method(const DH_METHOD *); +const DH_METHOD * + DH_get_default_method(void); +int DH_set_method(DH *, const DH_METHOD *); + +int DH_set_ex_data(DH *, int, void *); +void * DH_get_ex_data(DH *, int); + +int DH_generate_parameters_ex(DH *, int, int, BN_GENCB *); +int DH_check_pubkey(const DH *, const BIGNUM *, int *); +int DH_generate_key(DH *); +int DH_compute_key(unsigned char *,const BIGNUM *,DH *); + +int i2d_DHparams(DH *, unsigned char **); + +#endif /* _HEIM_DH_H */ + diff --git a/kerberos5/include/hcrypto/dsa.h b/kerberos5/include/hcrypto/dsa.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/hcrypto/dsa.h @@ -0,0 +1,142 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id$ + */ + +#ifndef _HEIM_DSA_H +#define _HEIM_DSA_H 1 + +#include + +/* symbol renaming */ +#define DSA hc_DSA +#define DSA_METHOD hc_DSA_METHOD +#define DSA_null_method hc_DSA_null_method +#define DSA_new hc_DSA_new +#define DSA_free hc_DSA_free +#define DSA_up_ref hc_DSA_up_ref +#define DSA_set_default_method hc_DSA_set_default_method +#define DSA_get_default_method hc_DSA_get_default_method +#define DSA_set_method hc_DSA_set_method +#define DSA_get_method hc_DSA_get_method +#define DSA_set_app_data hc_DSA_set_app_data +#define DSA_get_app_data hc_DSA_get_app_data +#define DSA_size hc_DSA_size +#define DSA_verify hc_DSA_verify + +/* + * + */ + + +typedef struct DSA DSA; +typedef struct DSA_METHOD DSA_METHOD; +typedef struct DSA_SIG DSA_SIG; + +struct DSA_SIG { + BIGNUM *r; + BIGNUM *s; +}; + +struct DSA_METHOD { + const char *name; + DSA_SIG * (*dsa_do_sign)(const unsigned char *, int, DSA *); + int (*dsa_sign_setup)(DSA *, BN_CTX *, BIGNUM **, BIGNUM **); + int (*dsa_do_verify)(const unsigned char *, int, DSA_SIG *, DSA *); + int (*dsa_mod_exp)(DSA *, BIGNUM *, BIGNUM *, BIGNUM *, + BIGNUM *, BIGNUM *, BIGNUM *, BN_CTX *, + BN_MONT_CTX *); + int (*bn_mod_exp)(DSA *, BIGNUM *, BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *, + BN_MONT_CTX *); + int (*init)(DSA *); + int (*finish)(DSA *); + int flags; + void *app_data; +}; + +struct DSA { + int pad; + long version; + int write_params; + BIGNUM *p; + BIGNUM *q; + BIGNUM *g; + + BIGNUM *pub_key; + BIGNUM *priv_key; + + BIGNUM *kinv; + BIGNUM *r; + int flags; + void *method_mont_p; + int references; + struct dsa_CRYPTO_EX_DATA { + void *sk; + int dummy; + } ex_data; + const DSA_METHOD *meth; + void *engine; +}; + +/* + * + */ + +const DSA_METHOD *DSA_null_method(void); + +/* + * + */ + +DSA * DSA_new(void); +void DSA_free(DSA *); +int DSA_up_ref(DSA *); + +void DSA_set_default_method(const DSA_METHOD *); +const DSA_METHOD * DSA_get_default_method(void); + +const DSA_METHOD * DSA_get_method(const DSA *); +int DSA_set_method(DSA *, const DSA_METHOD *); + +void DSA_set_app_data(DSA *, void *arg); +void * DSA_get_app_data(DSA *); + +int DSA_size(const DSA *); + +int DSA_verify(int, const unsigned char *, int, + const unsigned char *, int, DSA *); + +#endif /* _HEIM_DSA_H */ diff --git a/contrib/com_err/com_err.h b/kerberos5/include/hcrypto/ec.h copy from contrib/com_err/com_err.h copy to kerberos5/include/hcrypto/ec.h index 5b8b7e28f77858c5dc7a934254c2d1a53a4f0cf7..726deec6169f0aacc4048543807d485eeb4e43d7 GIT binary patch literal 3135 zc$~FXU2p0}5Pj!YjC3C^iQFVNl`6Hjs$|RtRu^pQkL2>?8he3N%x>h5MD&OExif16 z#&FfA<{_+iX3m^BdsuUSJAhko^xM9Wn{5Td^adUu9)A7l@!`ua@U2#xTy7Ew#jBF# zYXZ}MHs!0%6Gdf1U+{l9bgnmh3xZ0guUnn(aQPuJp>FP|%+7N# z-AX7#DT;TI(LRNIk;$?uQaDIQ0lr!h1pq2l@xne>ta`0@FA-$=)!#J zx+0XF&g5FA31L`}6awBvv6EFLGI%TWyUcJ=ZIcTB3B<{B{UOx`QmrycMJ1t7-A+`$ zwbZ`c_1Kj(Zc8iG879|dg%ec?(k0+zrQa#kYD*yar*tJ#VPS?WAxAudIdwJ@p3}mn zX`aZPC=N0`UUI>n9bFDwaN4X!e*X_0Xa;SOGM&~tp{nF?boY2F8si1*l1daZ$;*@c z=GX|hJH}zYpYOmG(v(t)N_NIuv_6?l=~L94g+xOk^9D^9Wy@=q>|rIyM>vTFp)!mK zvJ8^hX+&yN!s-lJq8nk2fku&1ud5GqLW|X!49Yi=lEtu8lJ^QSmuhTQmYqq$DGwm< zp28Q~XMpR4?>+M|8^dUcLELhKkcUyoz;?&rcy8$PQ51T90Dt{u2Uzm?Glk3-$6W&Z zzVKNPfae3BFJ>H(5Zbrhkh8!-IA<1(xjV4{QNZ;=nDIFeF)j2g>PSGBmEb+WocYca zAMFvJ@o;GfJ@L?`c2C&PhK22i+=*tk4~xiOc!5Eq$;LczW;UO*@f{!uYz*v~xgi8o zdp7G$idbiZju?`(M>B(FI^m#W?lUK(iB2mAl|z0ryiXR);k01i84hFnORI$q*q;$5 zVUW8u--H`cyvNz2ybuzIl>KS&11(!``e8ODEsO}Na3lG>09vTlQfj6CB?4_A8GUL;6 zA-87PF|cJ075Ed_<7ZCf+hnvtz+2mRPlOai&a_pZz6+v*Jj54-c`NvB7VoWOs}RN zy2kx_WiLYZRcT)1YyS6bTI}B{eZNw7+dr=C3$?)(6dP3gH$k4qR~)`z4xVm4zFvto z#y%{5n9*4Gw)6OPFsM~2HwxcgxmKIO6`u}|4Q_8R|MWDt@aV8*Y7(WY2A8hvpy8Fu zCvG%1D>rt+@5c@XWYBZz5&agGwctoR-6jQYT2RWrMO>Xhv=lGgIP8efA=`|jMA4q# z*+B1FW{0G8E6g!?F3S(T14C>BN@jhuqwkN97M!bo$Ub?$cPyO&j*cJV&zkaRACuPX i9CZJI-LKRU@#_}vP(BBzvQPN4Nv`4kwsTqIrT#D4=h!9y literal 2679 zc$~FX+iu%N5PjEIOpzdw1Xi|_7Dbw(07b2=MJQ6`#g`{$O|GPc$z6k7+3=6`2l`{3 zSxK?vq^MJ%euy_aGiT16nH~CM*n=Si=I*gotF?uGIe@bdAAW%!;oa%!8GPF4RjpP6 zGI^_2cPn7_*PpBI*3?2%WIr*Fq6V%ztL(-~FiUhT*V@!(_2@xrO?kUEb%VzTSxG$@ zQJ7!X;1YJw%1*ZTvZ8x3C9+bTZPm@jDx*Q@3O1btrJ*yMwv_JXMrqML!qT)&=fQ)r zYcQ?*Z8nxr8dIsIDg|M9AX*7`vTc;LvVyzT+^Y%?b}cOaBN3;r&4bb_D2=WZ1$Bf% zagDUU?x>xOp0Vqw+#RjbROr0vELLO%(j{PVWA4eclb1m7M;oh3>7j?}phi4`dCKf6 zJf?+7%UY;LwtJc0ea!`P9_X^?g4I?Vh4K?*ERw^EMs5a`w>J^xlnS^qH(iD=ci%Q=E>@Mp>Uv(`4-Kz-Huly9^ppP9APB} zq^{5=X=IR0V-RVp5=K|Z5~mTCXxJ*!nWcTeN!VfSh77tpS<;AMsG`|xX}I)u%)0KN zl5ECPNaJaC=_d^Eyh!2;K4B9WU!xJPqBP@Ko-y#F2?TMJC48J`agxI4&wh#_Z{L#1 zJ)Gzo*wrFoX$o-ye7*=dA|Z6*M;T|Shj2ldPk40h0ir+@XAtr^&(JN4J<3QxUq?bb zg*i)t8UEKF^N?rPj?k265v7}AJ|7l-lJOu9{R9?yvWQcMMwLx?8iYQdv&jgM1SSS{ z!J-V(nIDGFDn+cLLdOhA`s2`{xlCB-geNS>sG_G+fXX4i5ckP~1)L7-ieWK+a_#M4 zQ}#!WPG}^wi9h$xvAq7j2!m}2@`TNaGD?x=<2~8)IG&^gh43j$E_lGwj}XSG(=1P! zhe&7xO*|!}G!JGw_315~^m->lc+IQV`!i~f zueG_ub#YVEUTO;2wzz_BTH0dd^-3*uC6`bXK|C)|#9~$yy;pdpw0w4p&bq8OxQ2ft zD7WH9>)#KqJ6nl%MRx=YKWt&Deo>r9c~BGsc=P7)R@m((k!U(ddT`ypLIds-we0om zE&`lY@clV;89X$Bh>p6&! zkBey@1vEQHuJFZ7S$dejv<2?LPOK#K3HsX@O510lN-JAz7rixkvl;Sl&K;%7pFXlGS$U!Fvx*2ZQhB@e&fF(ddN)e)=Z@)Z=FaI%$i& z7;9s0q3;IarQ!6)(Q^PQ^FL09>u%w`rO>B2(3|GPT8gSFtT~<&{BGk{6Og0(yJ4v1 T!`4Ko+jjx@(2w3Jz3aaLwj?>9 diff --git a/contrib/com_err/lex.h b/kerberos5/include/hcrypto/ecdh.h copy from contrib/com_err/lex.h copy to kerberos5/include/hcrypto/ecdh.h index e158816bbb6ba5bdbb63f97fe59f6777ae462836..4dda28499c60ae966b7da2e9a78e18bc41e2bed0 GIT binary patch literal 1909 zc$~FVO>g5i5IwJd#Q=L)+Ypl7?Wx_OfGp855m|CYDp{YribUH)B+`)R1nv*-xihrg zINn1~&B3AO-Y0d9Jy-QFp%Ypkrc#x{0y2tYVnJ#TH(;_+40%8YKPEo>U_gL>#xueuji zQ=C${s&(%={j_)58YoQ-`(A-I(A#}iDIa;#rtA)|wq4r?@T%PwZ0G;my(5&?)_Se0 zk}v`&I|Vz{wc0sV!>+S0y2gXsmJWXu;xvtY)n)^gHMORuo=~W-RqnSFwJ$eU?0S-W zqE*=%i}$@lMXp4;1YADZ7fPLMB@p~G*6B(GSfP7p5RYKqCVPeNY2nbSDRry5vrS)r z=7KXXd^vMLwe=qP{XcZzDD;F>+iKq`@V2LpRxsRS_#ljKS%V!abOVMsEZ zBp%IALZLCwStLo(+bKflkY9q|lLd=79oTnpe)wAm;Bm$)M^bg#^);*#k19H@DT&rsLL398T=dek;=9^ zeBW2k>HynnbsZyMQ#E`10RO(Ny2H-dTUFg`{}>Fkaf9pf;fvKZj05QPUuxxo!G{m@ x(ZKH>i&pn+NvW%6Dmiuy$M^AcG(6_7fUcflJQ{r)AUXWr=r!Dq-)TfY{sFK5Me_gv literal 1761 zc$~FWO_SO<5WVv&`jD!?l$ZI~!&WvYV~atx#wLQBC_Ou*8R(HRC@2O?3uSReMk$pLKX18}RE+=sN>C+$Z8{FO8+`wOlc2}ES0ZKo& zrhhJA@$Wyo{@K<=OO<0`k3|iw2d=#H?pUDF5fX51cZ z=YQ?N5lUk#vo&Qw7y%TWh8Nv6#yMTVOJ`qAg$uVY9DZrUscZXY+8va(tqc|QghF+V zc7G1kZl^!7>q+iFtF#p+A9{z1T!C~6xOlR!6dLR$5d5^(nNkOsVS1<$k6_+AdxbyJ z!lq?im_~PJo9=$)f;}&MIdeg^)dBhaKXl+EbU>IzxnG{P1GCr5g_b#FKc1J*EP(7))CMhr_0&0a^t)t<(z?=O_7 z1(zVRxq1u*16;2}_P}En!)%Q~+)Ab5Dpw4`G=?ZkmEf~nWkSNYZ=uAJj~^-IFHX7! z_H`wgl#mJF%T>Y=386)pD$Znpa8Z)SJiQM9Q6S9}Bz(ygrl~BTjs)~;C1i70G7&BC zF`V&)tFGMptI&38hfF&8XSr09JWp>xPD!S~6EMVuDwD?>4%SO){FWM6Vj!XTl= z;WE5OdE@^u29G7m1zQqjv_j^yGuitrizPuJykz2mM@)W(B$M8=T(SV0sL;1Z6f_LO zxSr*bd+T_rm=O6&@hqJX&?0+8Z;)(=)v>oZOTA{aDHChLB|rQr1n{_ExG%_6?^;M+ zNOUh!gm#gMUC~cxM4^Jp=+Pj}&ZG`hZm54`%|*RR%8u&MRm8{Kub+u#lE zi=D=QAbjUIDECDNR{>0?)5&PFDctE!>&*tnV|u^gt9y)BuXWo1ZUeZROeUX4BYcMA L5mCp4k2~K1=Ia>^ diff --git a/contrib/com_err/lex.h b/kerberos5/include/hcrypto/ecdsa.h copy from contrib/com_err/lex.h copy to kerberos5/include/hcrypto/ecdsa.h index e158816bbb6ba5bdbb63f97fe59f6777ae462836..84886f4078fe0bf779a073b2cf5497190d4a936e GIT binary patch literal 2081 zc$~FVO>f&q5Isk~VgMgv8-$&tr!++Yid>I^=8`0yFN4rbHnO$k!n8{OZRF#mJY z-`l1%lyREdUD*IPz0+=R3hWvqtF5t(-RuGo&Q|wZ+q8ImQnfN?7nBw@4fsMmbgEa~ zqpHbHu3Xi+cb&c)oVEr^Q^U|J&<1)tbd~a!J8jBt2W#84eE?6|ZNYZ_-wuvYT3hS2 zu1dlPpzIVpsIJw{sTv+S`>1O?xNYh1M=D79jSf1_<>zd z?T)l6TVwFhJM74nNSA=iJNrnkQC0%M$5^K;6<~z!p+P)?IaKx?zNUpmtESYg>Rx2} z^p*?OJksTb3wB!%$nXE51N%ltq}os-hLcR870r(Q=vnn)UrrCvwgOh-@Zr!kht~ zmw9&0V-~}7g-$f3LULJ124NaQl%+D~(?VvsfbZW!fhq6blgocN=?d7lWzK|vEC;?= zCLECvIuBFHnFtUrN{X1LR{EHxSHTD?*dGN3p_9+GI0A5=As0)u(Uaaxyv5Yg4N=%o$(YvM3he?R;{A7H!lkBYd3vZQq+7 z@w;5_U|ZcDzyA=_>y0^t(A%4UXLTI#tcaAUngK8G-?mk^dvNwrRTtaeClhVltKz3< z2QBC_Ou*8R(HRC@2O?3uSReMk$pLKX18}RE+=sN>C+$Z8{FO8+`wOlc2}ES0ZKo& zrhhJA@$Wyo{@K<=OO<0`k3|iw2d=#H?pUDF5fX51cZ z=YQ?N5lUk#vo&Qw7y%TWh8Nv6#yMTVOJ`qAg$uVY9DZrUscZXY+8va(tqc|QghF+V zc7G1kZl^!7>q+iFtF#p+A9{z1T!C~6xOlR!6dLR$5d5^(nNkOsVS1<$k6_+AdxbyJ z!lq?im_~PJo9=$)f;}&MIdeg^)dBhaKXl+EbU>IzxnG{P1GCr5g_b#FKc1J*EP(7))CMhr_0&0a^t)t<(z?=O_7 z1(zVRxq1u*16;2}_P}En!)%Q~+)Ab5Dpw4`G=?ZkmEf~nWkSNYZ=uAJj~^-IFHX7! z_H`wgl#mJF%T>Y=386)pD$Znpa8Z)SJiQM9Q6S9}Bz(ygrl~BTjs)~;C1i70G7&BC zF`V&)tFGMptI&38hfF&8XSr09JWp>xPD!S~6EMVuDwD?>4%SO){FWM6Vj!XTl= z;WE5OdE@^u29G7m1zQqjv_j^yGuitrizPuJykz2mM@)W(B$M8=T(SV0sL;1Z6f_LO zxSr*bd+T_rm=O6&@hqJX&?0+8Z;)(=)v>oZOTA{aDHChLB|rQr1n{_ExG%_6?^;M+ zNOUh!gm#gMUC~cxM4^Jp=+Pj}&ZG`hZm54`%|*RR%8u&MRm8{Kub+u#lE zi=D=QAbjUIDECDNR{>0?)5&PFDctE!>&*tnV|u^gt9y)BuXWo1ZUeZROeUX4BYcMA L5mCp4k2~K1=Ia>^ diff --git a/kerberos5/include/hcrypto/engine.h b/kerberos5/include/hcrypto/engine.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/hcrypto/engine.h @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2006-2016 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id$ + */ + +#ifndef _HEIM_ENGINE_H +#define _HEIM_ENGINE_H 1 + +/* symbol renaming */ +#define ENGINE_add_conf_module hc_ENGINE_add_conf_module +#define ENGINE_by_dso hc_ENGINE_by_dso +#define ENGINE_by_id hc_ENGINE_by_id +#define ENGINE_finish hc_ENGINE_finish +#define ENGINE_get_DH hc_ENGINE_get_DH +#define ENGINE_get_RSA hc_ENGINE_get_RSA +#define ENGINE_get_RAND hc_ENGINE_get_RAND +#define ENGINE_get_id hc_ENGINE_get_id +#define ENGINE_get_name hc_ENGINE_get_name +#define ENGINE_load_builtin_engines hc_ENGINE_load_builtin_engines +#define ENGINE_set_DH hc_ENGINE_set_DH +#define ENGINE_set_RSA hc_ENGINE_set_RSA +#define ENGINE_set_id hc_ENGINE_set_id +#define ENGINE_set_name hc_ENGINE_set_name +#define ENGINE_set_destroy_function hc_ENGINE_set_destroy_function +#define ENGINE_new hc_ENGINE_new +#define ENGINE_free hc_ENGINE_free +#define ENGINE_up_ref hc_ENGINE_up_ref +#define ENGINE_get_default_DH hc_ENGINE_get_default_DH +#define ENGINE_get_default_RSA hc_ENGINE_get_default_RSA +#define ENGINE_set_default_DH hc_ENGINE_set_default_DH +#define ENGINE_set_default_RSA hc_ENGINE_set_default_RSA + +#define ENGINE hc_ENGINE + +/* + * + */ + +typedef struct hc_engine ENGINE; + +/*#define NID_md2 0 */ +#define NID_md4 1 +#define NID_md5 2 +#define NID_sha1 4 +#define NID_sha256 5 + +/* + * + */ + +#include +#include +#include +#include + +#define OPENSSL_DYNAMIC_VERSION (unsigned long)0x00020000 + +typedef int (*openssl_bind_engine)(ENGINE *, const char *, const void *); +typedef unsigned long (*openssl_v_check)(unsigned long); + +ENGINE * + ENGINE_new(void); +int ENGINE_free(ENGINE *); +void ENGINE_add_conf_module(void); +void ENGINE_load_builtin_engines(void); +ENGINE *ENGINE_by_id(const char *); +ENGINE *ENGINE_by_dso(const char *, const char *); +int ENGINE_finish(ENGINE *); +int ENGINE_up_ref(ENGINE *); +int ENGINE_set_id(ENGINE *, const char *); +int ENGINE_set_name(ENGINE *, const char *); +int ENGINE_set_RSA(ENGINE *, const RSA_METHOD *); +int ENGINE_set_DH(ENGINE *, const DH_METHOD *); +int ENGINE_set_destroy_function(ENGINE *, void (*)(ENGINE *)); + +const char * ENGINE_get_id(const ENGINE *); +const char * ENGINE_get_name(const ENGINE *); +const RSA_METHOD * ENGINE_get_RSA(const ENGINE *); +const DH_METHOD * ENGINE_get_DH(const ENGINE *); +const RAND_METHOD * ENGINE_get_RAND(const ENGINE *); + +int ENGINE_set_default_RSA(ENGINE *); +ENGINE * ENGINE_get_default_RSA(void); +int ENGINE_set_default_DH(ENGINE *); +ENGINE * ENGINE_get_default_DH(void); + + +#endif /* _HEIM_ENGINE_H */ diff --git a/kerberos5/include/hcrypto/evp-cc.h b/kerberos5/include/hcrypto/evp-cc.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/hcrypto/evp-cc.h @@ -0,0 +1,100 @@ +/* + * Copyright (c) 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef HEIM_EVP_CC_H +#define HEIM_EVP_CC_H 1 + +/* symbol renaming */ +#define EVP_cc_md4 hc_EVP_cc_md4 +#define EVP_cc_md5 hc_EVP_cc_md5 +#define EVP_cc_sha1 hc_EVP_cc_sha1 +#define EVP_cc_sha256 hc_EVP_cc_sha256 +#define EVP_cc_sha384 hc_EVP_cc_sha384 +#define EVP_cc_sha512 hc_EVP_cc_sha512 +#define EVP_cc_des_cbc hc_EVP_cc_des_cbc +#define EVP_cc_des_ede3_cbc hc_EVP_cc_des_ede3_cbc +#define EVP_cc_aes_128_cbc hc_EVP_cc_aes_128_cbc +#define EVP_cc_aes_192_cbc hc_EVP_cc_aes_192_cbc +#define EVP_cc_aes_256_cbc hc_EVP_cc_aes_256_cbc +#define EVP_cc_aes_128_cfb8 hc_EVP_cc_aes_128_cfb8 +#define EVP_cc_aes_192_cfb8 hc_EVP_cc_aes_192_cfb8 +#define EVP_cc_aes_256_cfb8 hc_EVP_cc_aes_256_cfb8 +#define EVP_cc_rc4 hc_EVP_cc_rc4 +#define EVP_cc_rc4_40 hc_EVP_cc_rc4_40 +#define EVP_cc_rc2_40_cbc hc_EVP_cc_rc2_40_cbc +#define EVP_cc_rc2_64_cbc hc_EVP_cc_rc2_64_cbc +#define EVP_cc_rc2_cbc hc_EVP_cc_rc2_cbc +#define EVP_cc_camellia_128_cbc hc_EVP_cc_camellia_128_cbc +#define EVP_cc_camellia_192_cbc hc_EVP_cc_camellia_192_cbc +#define EVP_cc_camellia_256_cbc hc_EVP_cc_camellia_256_cbc + +/* + * + */ + +HC_CPP_BEGIN + +const EVP_MD * EVP_cc_md4(void); +const EVP_MD * EVP_cc_md5(void); +const EVP_MD * EVP_cc_sha1(void); +const EVP_MD * EVP_cc_sha256(void); +const EVP_MD * EVP_cc_sha384(void); +const EVP_MD * EVP_cc_sha512(void); + +const EVP_CIPHER * EVP_cc_rc2_cbc(void); +const EVP_CIPHER * EVP_cc_rc2_40_cbc(void); +const EVP_CIPHER * EVP_cc_rc2_64_cbc(void); + +const EVP_CIPHER * EVP_cc_rc4(void); +const EVP_CIPHER * EVP_cc_rc4_40(void); + +const EVP_CIPHER * EVP_cc_des_cbc(void); +const EVP_CIPHER * EVP_cc_des_ede3_cbc(void); + +const EVP_CIPHER * EVP_cc_aes_128_cbc(void); +const EVP_CIPHER * EVP_cc_aes_192_cbc(void); +const EVP_CIPHER * EVP_cc_aes_256_cbc(void); + +const EVP_CIPHER * EVP_cc_aes_128_cfb8(void); +const EVP_CIPHER * EVP_cc_aes_192_cfb8(void); +const EVP_CIPHER * EVP_cc_aes_256_cfb8(void); + +const EVP_CIPHER * EVP_cc_camellia_128_cbc(void); +const EVP_CIPHER * EVP_cc_camellia_192_cbc(void); +const EVP_CIPHER * EVP_cc_camellia_256_cbc(void); + +HC_CPP_END + +#endif /* HEIM_EVP_CC_H */ diff --git a/kerberos5/include/hcrypto/evp-hcrypto.h b/kerberos5/include/hcrypto/evp-hcrypto.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/hcrypto/evp-hcrypto.h @@ -0,0 +1,101 @@ +/* + * Copyright (c) 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef HEIM_EVP_HCRYPTO_H +#define HEIM_EVP_HCRYPTO_H 1 + +/* symbol renaming */ +#define EVP_hcrypto_md4 hc_EVP_hcrypto_md4 +#define EVP_hcrypto_md5 hc_EVP_hcrypto_md5 +#define EVP_hcrypto_sha1 hc_EVP_hcrypto_sha1 +#define EVP_hcrypto_sha256 hc_EVP_hcrypto_sha256 +#define EVP_hcrypto_sha384 hc_EVP_hcrypto_sha384 +#define EVP_hcrypto_sha512 hc_EVP_hcrypto_sha512 +#define EVP_hcrypto_des_cbc hc_EVP_hcrypto_des_cbc +#define EVP_hcrypto_des_ede3_cbc hc_EVP_hcrypto_des_ede3_cbc +#define EVP_hcrypto_aes_128_cbc hc_EVP_hcrypto_aes_128_cbc +#define EVP_hcrypto_aes_192_cbc hc_EVP_hcrypto_aes_192_cbc +#define EVP_hcrypto_aes_256_cbc hc_EVP_hcrypto_aes_256_cbc +#define EVP_hcrypto_aes_128_cfb8 hc_EVP_hcrypto_aes_128_cfb8 +#define EVP_hcrypto_aes_192_cfb8 hc_EVP_hcrypto_aes_192_cfb8 +#define EVP_hcrypto_aes_256_cfb8 hc_EVP_hcrypto_aes_256_cfb8 +#define EVP_hcrypto_rc4 hc_EVP_hcrypto_rc4 +#define EVP_hcrypto_rc4_40 hc_EVP_hcrypto_rc4_40 +#define EVP_hcrypto_rc2_40_cbc hc_EVP_hcrypto_rc2_40_cbc +#define EVP_hcrypto_rc2_64_cbc hc_EVP_hcrypto_rc2_64_cbc +#define EVP_hcrypto_rc2_cbc hc_EVP_hcrypto_rc2_cbc +#define EVP_hcrypto_camellia_128_cbc hc_EVP_hcrypto_camellia_128_cbc +#define EVP_hcrypto_camellia_192_cbc hc_EVP_hcrypto_camellia_192_cbc +#define EVP_hcrypto_camellia_256_cbc hc_EVP_hcrypto_camellia_256_cbc + +/* + * + */ + +HC_CPP_BEGIN + +const EVP_MD * EVP_hcrypto_md4(void); +const EVP_MD * EVP_hcrypto_md5(void); +const EVP_MD * EVP_hcrypto_sha1(void); +const EVP_MD * EVP_hcrypto_sha256(void); +const EVP_MD * EVP_hcrypto_sha384(void); +const EVP_MD * EVP_hcrypto_sha512(void); + +const EVP_CIPHER * EVP_hcrypto_rc4(void); +const EVP_CIPHER * EVP_hcrypto_rc4_40(void); + +const EVP_CIPHER * EVP_hcrypto_rc2_cbc(void); +const EVP_CIPHER * EVP_hcrypto_rc2_40_cbc(void); +const EVP_CIPHER * EVP_hcrypto_rc2_64_cbc(void); + +const EVP_CIPHER * EVP_hcrypto_des_cbc(void); +const EVP_CIPHER * EVP_hcrypto_des_ede3_cbc(void); + +const EVP_CIPHER * EVP_hcrypto_aes_128_cbc(void); +const EVP_CIPHER * EVP_hcrypto_aes_192_cbc(void); +const EVP_CIPHER * EVP_hcrypto_aes_256_cbc(void); + +const EVP_CIPHER * EVP_hcrypto_aes_128_cfb8(void); +const EVP_CIPHER * EVP_hcrypto_aes_192_cfb8(void); +const EVP_CIPHER * EVP_hcrypto_aes_256_cfb8(void); + +const EVP_CIPHER * EVP_hcrypto_camellia_128_cbc(void); +const EVP_CIPHER * EVP_hcrypto_camellia_192_cbc(void); +const EVP_CIPHER * EVP_hcrypto_camellia_256_cbc(void); + + +HC_CPP_END + +#endif /* HEIM_EVP_HCRYPTO_H */ diff --git a/kerberos5/include/hcrypto/evp-openssl.h b/kerberos5/include/hcrypto/evp-openssl.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/hcrypto/evp-openssl.h @@ -0,0 +1,100 @@ +/* + * Copyright (c) 2009-2016 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef HEIM_EVP_OSSL_H +#define HEIM_EVP_OSSL_H 1 + +/* symbol renaming */ +#define EVP_ossl_md4 hc_EVP_ossl_md4 +#define EVP_ossl_md5 hc_EVP_ossl_md5 +#define EVP_ossl_sha1 hc_EVP_ossl_sha1 +#define EVP_ossl_sha256 hc_EVP_ossl_sha256 +#define EVP_ossl_sha384 hc_EVP_ossl_sha384 +#define EVP_ossl_sha512 hc_EVP_ossl_sha512 +#define EVP_ossl_des_cbc hc_EVP_ossl_des_cbc +#define EVP_ossl_des_ede3_cbc hc_EVP_ossl_des_ede3_cbc +#define EVP_ossl_aes_128_cbc hc_EVP_ossl_aes_128_cbc +#define EVP_ossl_aes_192_cbc hc_EVP_ossl_aes_192_cbc +#define EVP_ossl_aes_256_cbc hc_EVP_ossl_aes_256_cbc +#define EVP_ossl_aes_128_cfb8 hc_EVP_ossl_aes_128_cfb8 +#define EVP_ossl_aes_192_cfb8 hc_EVP_ossl_aes_192_cfb8 +#define EVP_ossl_aes_256_cfb8 hc_EVP_ossl_aes_256_cfb8 +#define EVP_ossl_rc4 hc_EVP_ossl_rc4 +#define EVP_ossl_rc4_40 hc_EVP_ossl_rc4_40 +#define EVP_ossl_rc2_40_cbc hc_EVP_ossl_rc2_40_cbc +#define EVP_ossl_rc2_64_cbc hc_EVP_ossl_rc2_64_cbc +#define EVP_ossl_rc2_cbc hc_EVP_ossl_rc2_cbc +#define EVP_ossl_camellia_128_cbc hc_EVP_ossl_camellia_128_cbc +#define EVP_ossl_camellia_192_cbc hc_EVP_ossl_camellia_192_cbc +#define EVP_ossl_camellia_256_cbc hc_EVP_ossl_camellia_256_cbc + +/* + * + */ + +HC_CPP_BEGIN + +const hc_EVP_MD * hc_EVP_ossl_md4(void); +const hc_EVP_MD * hc_EVP_ossl_md5(void); +const hc_EVP_MD * hc_EVP_ossl_sha1(void); +const hc_EVP_MD * hc_EVP_ossl_sha256(void); +const hc_EVP_MD * hc_EVP_ossl_sha384(void); +const hc_EVP_MD * hc_EVP_ossl_sha512(void); + +const hc_EVP_CIPHER * hc_EVP_ossl_rc2_cbc(void); +const hc_EVP_CIPHER * hc_EVP_ossl_rc2_40_cbc(void); +const hc_EVP_CIPHER * hc_EVP_ossl_rc2_64_cbc(void); + +const hc_EVP_CIPHER * hc_EVP_ossl_rc4(void); +const hc_EVP_CIPHER * hc_EVP_ossl_rc4_40(void); + +const hc_EVP_CIPHER * hc_EVP_ossl_des_cbc(void); +const hc_EVP_CIPHER * hc_EVP_ossl_des_ede3_cbc(void); + +const hc_EVP_CIPHER * hc_EVP_ossl_aes_128_cbc(void); +const hc_EVP_CIPHER * hc_EVP_ossl_aes_192_cbc(void); +const hc_EVP_CIPHER * hc_EVP_ossl_aes_256_cbc(void); + +const hc_EVP_CIPHER * hc_EVP_ossl_aes_128_cfb8(void); +const hc_EVP_CIPHER * hc_EVP_ossl_aes_192_cfb8(void); +const hc_EVP_CIPHER * hc_EVP_ossl_aes_256_cfb8(void); + +const hc_EVP_CIPHER * hc_EVP_ossl_camellia_128_cbc(void); +const hc_EVP_CIPHER * hc_EVP_ossl_camellia_192_cbc(void); +const hc_EVP_CIPHER * hc_EVP_ossl_camellia_256_cbc(void); + +HC_CPP_END + +#endif /* HEIM_EVP_OSSL_H */ diff --git a/kerberos5/include/hcrypto/evp-pkcs11.h b/kerberos5/include/hcrypto/evp-pkcs11.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/hcrypto/evp-pkcs11.h @@ -0,0 +1,153 @@ +/* + * Copyright (c) 2015, Secure Endpoints Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef HEIM_EVP_PKCS11_H +#define HEIM_EVP_PKCS11_H 1 + +/* symbol renaming */ + +#define EVP_pkcs11_md4() hc_EVP_pkcs11_md4() +#define EVP_pkcs11_md5() hc_EVP_pkcs11_md5() +#define EVP_pkcs11_sha1() hc_EVP_pkcs11_sha1() +#define EVP_pkcs11_sha256() hc_EVP_pkcs11_sha256() +#define EVP_pkcs11_sha384() hc_EVP_pkcs11_sha384() +#define EVP_pkcs11_sha512() hc_EVP_pkcs11_sha512() +#define EVP_pkcs11_des_cbc() hc_EVP_pkcs11_des_cbc() +#define EVP_pkcs11_des_ede3_cbc() hc_EVP_pkcs11_des_ede3_cbc() +#define EVP_pkcs11_aes_128_cbc() hc_EVP_pkcs11_aes_128_cbc() +#define EVP_pkcs11_aes_192_cbc() hc_EVP_pkcs11_aes_192_cbc() +#define EVP_pkcs11_aes_256_cbc() hc_EVP_pkcs11_aes_256_cbc() +#define EVP_pkcs11_aes_128_cfb8() hc_EVP_pkcs11_aes_128_cfb8() +#define EVP_pkcs11_aes_192_cfb8() hc_EVP_pkcs11_aes_192_cfb8() +#define EVP_pkcs11_aes_256_cfb8() hc_EVP_pkcs11_aes_256_cfb8() +#define EVP_pkcs11_rc4() hc_EVP_pkcs11_rc4() +#define EVP_pkcs11_rc4_40() hc_EVP_pkcs11_rc4_40() +#define EVP_pkcs11_rc2_40_cbc() hc_EVP_pkcs11_rc2_40_cbc() +#define EVP_pkcs11_rc2_64_cbc() hc_EVP_pkcs11_rc2_64_cbc() +#define EVP_pkcs11_rc2_cbc() hc_EVP_pkcs11_rc2_cbc() +#define EVP_pkcs11_camellia_128_cbc() hc_EVP_pkcs11_camellia_128_cbc() +#define EVP_pkcs11_camellia_192_cbc() hc_EVP_pkcs11_camellia_192_cbc() +#define EVP_pkcs11_camellia_256_cbc() hc_EVP_pkcs11_camellia_256_cbc() + +#define EVP_pkcs11_hcrypto_md4() hc_EVP_pkcs11_hcrypto_md4() +#define EVP_pkcs11_hcrypto_md5() hc_EVP_pkcs11_hcrypto_md5() +#define EVP_pkcs11_hcrypto_sha1() hc_EVP_pkcs11_hcrypto_sha1() +#define EVP_pkcs11_hcrypto_sha256() hc_EVP_pkcs11_hcrypto_sha256() +#define EVP_pkcs11_hcrypto_sha384() hc_EVP_pkcs11_hcrypto_sha384() +#define EVP_pkcs11_hcrypto_sha512() hc_EVP_pkcs11_hcrypto_sha512() +#define EVP_pkcs11_hcrypto_des_cbc() hc_EVP_pkcs11_hcrypto_des_cbc() +#define EVP_pkcs11_hcrypto_des_ede3_cbc() hc_EVP_pkcs11_hcrypto_des_ede3_cbc() +#define EVP_pkcs11_hcrypto_aes_128_cbc() hc_EVP_pkcs11_hcrypto_aes_128_cbc() +#define EVP_pkcs11_hcrypto_aes_192_cbc() hc_EVP_pkcs11_hcrypto_aes_192_cbc() +#define EVP_pkcs11_hcrypto_aes_256_cbc() hc_EVP_pkcs11_hcrypto_aes_256_cbc() +#define EVP_pkcs11_hcrypto_aes_128_cfb8() hc_EVP_pkcs11_hcrypto_aes_128_cfb8() +#define EVP_pkcs11_hcrypto_aes_192_cfb8() hc_EVP_pkcs11_hcrypto_aes_192_cfb8() +#define EVP_pkcs11_hcrypto_aes_256_cfb8() hc_EVP_pkcs11_hcrypto_aes_256_cfb8() +#define EVP_pkcs11_hcrypto_rc4() hc_EVP_pkcs11_hcrypto_rc4() +#define EVP_pkcs11_hcrypto_rc4_40() hc_EVP_pkcs11_hcrypto_rc4_40() +#define EVP_pkcs11_hcrypto_rc2_40_cbc() hc_EVP_pkcs11_hcrypto_rc2_40_cbc() +#define EVP_pkcs11_hcrypto_rc2_64_cbc() hc_EVP_pkcs11_hcrypto_rc2_64_cbc() +#define EVP_pkcs11_hcrypto_rc2_cbc() hc_EVP_pkcs11_hcrypto_rc2_cbc() +#define EVP_pkcs11_hcrypto_camellia_128_cbc() hc_EVP_pkcs11_hcrypto_camellia_128_cbc() +#define EVP_pkcs11_hcrypto_camellia_192_cbc() hc_EVP_pkcs11_hcrypto_camellia_192_cbc() +#define EVP_pkcs11_hcrypto_camellia_256_cbc() hc_EVP_pkcs11_hcrypto_camellia_256_cbc() + +HC_CPP_BEGIN + +/* + * Strict PKCS#11 implementations (these will return NULL if the underlying + * PKCS#11 implementation does not implement the cipher or hash). + */ +const EVP_MD * hc_EVP_pkcs11_md4(void); +const EVP_MD * hc_EVP_pkcs11_md5(void); +const EVP_MD * hc_EVP_pkcs11_sha1(void); +const EVP_MD * hc_EVP_pkcs11_sha256(void); +const EVP_MD * hc_EVP_pkcs11_sha384(void); +const EVP_MD * hc_EVP_pkcs11_sha512(void); + +const EVP_CIPHER * hc_EVP_pkcs11_rc2_cbc(void); +const EVP_CIPHER * hc_EVP_pkcs11_rc2_40_cbc(void); +const EVP_CIPHER * hc_EVP_pkcs11_rc2_64_cbc(void); + +const EVP_CIPHER * hc_EVP_pkcs11_rc4(void); +const EVP_CIPHER * hc_EVP_pkcs11_rc4_40(void); + +const EVP_CIPHER * hc_EVP_pkcs11_des_cbc(void); +const EVP_CIPHER * hc_EVP_pkcs11_des_ede3_cbc(void); + +const EVP_CIPHER * hc_EVP_pkcs11_aes_128_cbc(void); +const EVP_CIPHER * hc_EVP_pkcs11_aes_192_cbc(void); +const EVP_CIPHER * hc_EVP_pkcs11_aes_256_cbc(void); + +const EVP_CIPHER * hc_EVP_pkcs11_aes_128_cfb8(void); +const EVP_CIPHER * hc_EVP_pkcs11_aes_192_cfb8(void); +const EVP_CIPHER * hc_EVP_pkcs11_aes_256_cfb8(void); + +const EVP_CIPHER * hc_EVP_pkcs11_camellia_128_cbc(void); +const EVP_CIPHER * hc_EVP_pkcs11_camellia_192_cbc(void); +const EVP_CIPHER * hc_EVP_pkcs11_camellia_256_cbc(void); + +/* + * PKCS#11 implementations with fallback to hcrypto. + */ +const EVP_MD * hc_EVP_pkcs11_hcrypto_md4(void); +const EVP_MD * hc_EVP_pkcs11_hcrypto_md5(void); +const EVP_MD * hc_EVP_pkcs11_hcrypto_sha1(void); +const EVP_MD * hc_EVP_pkcs11_hcrypto_sha256(void); +const EVP_MD * hc_EVP_pkcs11_hcrypto_sha384(void); +const EVP_MD * hc_EVP_pkcs11_hcrypto_sha512(void); + +const EVP_CIPHER * hc_EVP_pkcs11_hcrypto_rc2_cbc(void); +const EVP_CIPHER * hc_EVP_pkcs11_hcrypto_rc2_40_cbc(void); +const EVP_CIPHER * hc_EVP_pkcs11_hcrypto_rc2_64_cbc(void); + +const EVP_CIPHER * hc_EVP_pkcs11_hcrypto_rc4(void); +const EVP_CIPHER * hc_EVP_pkcs11_hcrypto_rc4_40(void); + +const EVP_CIPHER * hc_EVP_pkcs11_hcrypto_des_cbc(void); +const EVP_CIPHER * hc_EVP_pkcs11_hcrypto_des_ede3_cbc(void); + +const EVP_CIPHER * hc_EVP_pkcs11_hcrypto_aes_128_cbc(void); +const EVP_CIPHER * hc_EVP_pkcs11_hcrypto_aes_192_cbc(void); +const EVP_CIPHER * hc_EVP_pkcs11_hcrypto_aes_256_cbc(void); + +const EVP_CIPHER * hc_EVP_pkcs11_hcrypto_aes_128_cfb8(void); +const EVP_CIPHER * hc_EVP_pkcs11_hcrypto_aes_192_cfb8(void); +const EVP_CIPHER * hc_EVP_pkcs11_hcrypto_aes_256_cfb8(void); + +const EVP_CIPHER * hc_EVP_pkcs11_hcrypto_camellia_128_cbc(void); +const EVP_CIPHER * hc_EVP_pkcs11_hcrypto_camellia_192_cbc(void); +const EVP_CIPHER * hc_EVP_pkcs11_hcrypto_camellia_256_cbc(void); + +HC_CPP_END + +#endif /* HEIM_EVP_PKCS11_H */ diff --git a/kerberos5/include/hcrypto/evp.h b/kerberos5/include/hcrypto/evp.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/hcrypto/evp.h @@ -0,0 +1,359 @@ +/* + * Copyright (c) 2005 - 2016 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef HEIM_EVP_H +#define HEIM_EVP_H 1 + +#include + +/* symbol renaming */ +#define EVP_CIPHER_CTX_block_size hc_EVP_CIPHER_CTX_block_size +#define EVP_CIPHER_CTX_cipher hc_EVP_CIPHER_CTX_cipher +#define EVP_CIPHER_CTX_cleanup hc_EVP_CIPHER_CTX_cleanup +#define EVP_CIPHER_CTX_flags hc_EVP_CIPHER_CTX_flags +#define EVP_CIPHER_CTX_get_app_data hc_EVP_CIPHER_CTX_get_app_data +#define EVP_CIPHER_CTX_init hc_EVP_CIPHER_CTX_init +#define EVP_CIPHER_CTX_iv_length hc_EVP_CIPHER_CTX_iv_length +#define EVP_CIPHER_CTX_key_length hc_EVP_CIPHER_CTX_key_length +#define EVP_CIPHER_CTX_mode hc_EVP_CIPHER_CTX_mode +#define EVP_CIPHER_CTX_set_app_data hc_EVP_CIPHER_CTX_set_app_data +#define EVP_CIPHER_CTX_set_key_length hc_EVP_CIPHER_CTX_set_key_length +#define EVP_CIPHER_CTX_set_padding hc_EVP_CIPHER_CTX_set_padding +#define EVP_CIPHER_block_size hc_EVP_CIPHER_block_size +#define EVP_CIPHER_iv_length hc_EVP_CIPHER_iv_length +#define EVP_CIPHER_key_length hc_EVP_CIPHER_key_length +#define EVP_Cipher hc_EVP_Cipher +#define EVP_CipherInit_ex hc_EVP_CipherInit_ex +#define EVP_CipherUpdate hc_EVP_CipherUpdate +#define EVP_CipherFinal_ex hc_EVP_CipherFinal_ex +#define EVP_Digest hc_EVP_Digest +#define EVP_DigestFinal_ex hc_EVP_DigestFinal_ex +#define EVP_DigestInit_ex hc_EVP_DigestInit_ex +#define EVP_DigestUpdate hc_EVP_DigestUpdate +#define EVP_MD_CTX_block_size hc_EVP_MD_CTX_block_size +#define EVP_MD_CTX_cleanup hc_EVP_MD_CTX_cleanup +#define EVP_MD_CTX_create hc_EVP_MD_CTX_create +#define EVP_MD_CTX_init hc_EVP_MD_CTX_init +#define EVP_MD_CTX_destroy hc_EVP_MD_CTX_destroy +#define EVP_MD_CTX_md hc_EVP_MD_CTX_md +#define EVP_MD_CTX_size hc_EVP_MD_CTX_size +#define EVP_MD_block_size hc_EVP_MD_block_size +#define EVP_MD_size hc_EVP_MD_size +#define EVP_aes_128_cbc hc_EVP_aes_128_cbc +#define EVP_aes_192_cbc hc_EVP_aes_192_cbc +#define EVP_aes_256_cbc hc_EVP_aes_256_cbc +#define EVP_aes_128_cfb8 hc_EVP_aes_128_cfb8 +#define EVP_aes_192_cfb8 hc_EVP_aes_192_cfb8 +#define EVP_aes_256_cfb8 hc_EVP_aes_256_cfb8 + +#define EVP_des_cbc hc_EVP_des_cbc +#define EVP_des_ede3_cbc hc_EVP_des_ede3_cbc +#define EVP_enc_null hc_EVP_enc_null +#define EVP_md4 hc_EVP_md4 +#define EVP_md5 hc_EVP_md5 +#define EVP_md_null hc_EVP_md_null +#define EVP_rc2_40_cbc hc_EVP_rc2_40_cbc +#define EVP_rc2_64_cbc hc_EVP_rc2_64_cbc +#define EVP_rc2_cbc hc_EVP_rc2_cbc +#define EVP_rc4 hc_EVP_rc4 +#define EVP_rc4_40 hc_EVP_rc4_40 +#define EVP_camellia_128_cbc hc_EVP_camellia_128_cbc +#define EVP_camellia_192_cbc hc_EVP_camellia_192_cbc +#define EVP_camellia_256_cbc hc_EVP_camellia_256_cbc +#define EVP_sha hc_EVP_sha +#define EVP_sha1 hc_EVP_sha1 +#define EVP_sha256 hc_EVP_sha256 +#define EVP_sha384 hc_EVP_sha384 +#define EVP_sha512 hc_EVP_sha512 +#define PKCS5_PBKDF2_HMAC hc_PKCS5_PBKDF2_HMAC +#define PKCS5_PBKDF2_HMAC_SHA1 hc_PKCS5_PBKDF2_HMAC_SHA1 +#define EVP_BytesToKey hc_EVP_BytesToKey +#define EVP_get_cipherbyname hc_EVP_get_cipherbyname +#define OpenSSL_add_all_algorithms hc_OpenSSL_add_all_algorithms +#define OpenSSL_add_all_algorithms_conf hc_OpenSSL_add_all_algorithms_conf +#define OpenSSL_add_all_algorithms_noconf hc_OpenSSL_add_all_algorithms_noconf +#define EVP_CIPHER_CTX_ctrl hc_EVP_CIPHER_CTX_ctrl +#define EVP_CIPHER_CTX_rand_key hc_EVP_CIPHER_CTX_rand_key +#define hcrypto_validate hc_hcrypto_validate + +/* Type name renaming */ +#define EVP_MD_CTX hc_EVP_MD_CTX +#define EVP_PKEY hc_EVP_PKEY +#define EVP_MD hc_EVP_MD +#define EVP_CIPHER hc_EVP_CIPHER +#define EVP_CIPHER_CTX hc_EVP_CIPHER_CTX + +/* Constant renaming */ +#define EVP_CIPH_STREAM_CIPHER hc_EVP_CIPH_STREAM_CIPHER +#define EVP_CIPH_CBC_MODE hc_EVP_CIPH_CBC_MODE +#define EVP_CIPH_CFB8_MODE hc_EVP_CIPH_CFB8_MODE +#define EVP_CIPH_MODE hc_EVP_CIPH_MODE +#define EVP_CIPH_CTRL_INIT hc_EVP_CIPH_CTRL_INIT + +#define EVP_CIPH_VARIABLE_LENGTH hc_EVP_CIPH_VARIABLE_LENGTH +#define EVP_CIPH_ALWAYS_CALL_INIT hc_EVP_CIPH_ALWAYS_CALL_INIT +#define EVP_CIPH_RAND_KEY hc_EVP_CIPH_RAND_KEY + +#define EVP_CTRL_INIT hc_EVP_CTRL_INIT + + +/* + * + */ + +typedef struct hc_EVP_MD_CTX EVP_MD_CTX; +typedef struct hc_evp_pkey EVP_PKEY; +typedef struct hc_evp_md EVP_MD; +typedef struct hc_CIPHER EVP_CIPHER; +typedef struct hc_CIPHER_CTX EVP_CIPHER_CTX; + +#define EVP_MAX_IV_LENGTH 16 +#define EVP_MAX_BLOCK_LENGTH 32 + +#define EVP_MAX_MD_SIZE 64 + +struct hc_CIPHER { + int nid; + int block_size; + int key_len; + int iv_len; + unsigned long flags; + /* The lowest 3 bits is used as integer field for the mode the + * cipher is used in (use EVP_CIPHER.._mode() to extract the + * mode). The rest of the flag field is a bitfield. + */ +#define hc_EVP_CIPH_STREAM_CIPHER 0 +#define hc_EVP_CIPH_CBC_MODE 2 +#define hc_EVP_CIPH_CFB8_MODE 4 +#define hc_EVP_CIPH_MODE 0x7 +#define hc_EVP_CIPH_CTRL_INIT 0x40 + +#define hc_EVP_CTRL_INIT 0x0 + +#define hc_EVP_CIPH_VARIABLE_LENGTH 0x008 /* variable key length */ +#define hc_EVP_CIPH_ALWAYS_CALL_INIT 0x020 /* backend maintains own cipherstate */ +#define hc_EVP_CIPH_RAND_KEY 0x200 + + int (*init)(EVP_CIPHER_CTX*,const unsigned char*,const unsigned char*,int); + int (*do_cipher)(EVP_CIPHER_CTX *, unsigned char *, + const unsigned char *, unsigned int); + int (*cleanup)(EVP_CIPHER_CTX *); + int ctx_size; + int (*set_asn1_parameters)(void); + int (*get_asn1_parameters)(void); + int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); +#define EVP_CTRL_RAND_KEY 0x6 + + void *app_data; +}; + +struct hc_CIPHER_CTX { + const EVP_CIPHER *cipher; + ENGINE *engine; + int encrypt; + int buf_len; /* bytes stored in buf for EVP_CipherUpdate */ + unsigned char oiv[EVP_MAX_IV_LENGTH]; + unsigned char iv[EVP_MAX_IV_LENGTH]; + unsigned char buf[EVP_MAX_BLOCK_LENGTH]; + int num; + void *app_data; + int key_len; + unsigned long flags; + void *cipher_data; + int final_used; + int block_mask; + unsigned char final[EVP_MAX_BLOCK_LENGTH]; +}; + +/* + * LIES. It's not an EVP_MD_CTX that gets passed to these functions + * here in hcrypto, but an object of ctx_size. + */ +typedef int (*hc_evp_md_init)(EVP_MD_CTX *); +typedef int (*hc_evp_md_update)(EVP_MD_CTX *,const void *, size_t); +typedef int (*hc_evp_md_final)(void *, EVP_MD_CTX *); +typedef int (*hc_evp_md_cleanup)(EVP_MD_CTX *); + +struct hc_evp_md { + int hash_size; + int block_size; + int ctx_size; + hc_evp_md_init init; + hc_evp_md_update update; + hc_evp_md_final final; + hc_evp_md_cleanup cleanup; +}; + +#if !defined(__GNUC__) && !defined(__attribute__) +#define __attribute__(x) +#endif + +#ifndef HC_DEPRECATED +#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 ))) +#define HC_DEPRECATED __attribute__((deprecated)) +#elif defined(_MSC_VER) && (_MSC_VER>1200) +#define HC_DEPRECATED __declspec(deprecated) +#else +#define HC_DEPRECATED +#endif +#endif + +#ifndef HC_DEPRECATED_CRYPTO +#define HC_DEPRECATED_CRYPTO HC_DEPRECATED +#endif + +#ifdef __cplusplus +#define HC_CPP_BEGIN extern "C" { +#define HC_CPP_END } +#else +#define HC_CPP_BEGIN +#define HC_CPP_END +#endif + +HC_CPP_BEGIN + +/* + * Avaible crypto algs + */ + +const EVP_MD *EVP_md_null(void); +HC_DEPRECATED_CRYPTO const EVP_MD *EVP_md4(void); +HC_DEPRECATED_CRYPTO const EVP_MD *EVP_md5(void); +const EVP_MD *EVP_sha(void); +const EVP_MD *EVP_sha1(void); +const EVP_MD *EVP_sha256(void); +const EVP_MD *EVP_sha384(void); +const EVP_MD *EVP_sha512(void); + +const EVP_CIPHER * EVP_aes_128_cbc(void); +const EVP_CIPHER * EVP_aes_192_cbc(void); +const EVP_CIPHER * EVP_aes_256_cbc(void); +const EVP_CIPHER * EVP_aes_128_cfb8(void); +const EVP_CIPHER * EVP_aes_192_cfb8(void); +const EVP_CIPHER * EVP_aes_256_cfb8(void); +HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_des_cbc(void); +const EVP_CIPHER * EVP_des_ede3_cbc(void); +const EVP_CIPHER * EVP_enc_null(void); +HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc2_40_cbc(void); +HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc2_64_cbc(void); +HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc2_cbc(void); +const EVP_CIPHER * EVP_rc4(void); +HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc4_40(void); +const EVP_CIPHER * EVP_camellia_128_cbc(void); +const EVP_CIPHER * EVP_camellia_192_cbc(void); +const EVP_CIPHER * EVP_camellia_256_cbc(void); + +size_t EVP_MD_size(const EVP_MD *); +size_t EVP_MD_block_size(const EVP_MD *); + +const EVP_MD * + EVP_MD_CTX_md(EVP_MD_CTX *); +size_t EVP_MD_CTX_size(EVP_MD_CTX *); +size_t EVP_MD_CTX_block_size(EVP_MD_CTX *); + +EVP_MD_CTX * + EVP_MD_CTX_create(void); +void HC_DEPRECATED EVP_MD_CTX_init(EVP_MD_CTX *); +void EVP_MD_CTX_destroy(EVP_MD_CTX *); +int HC_DEPRECATED EVP_MD_CTX_cleanup(EVP_MD_CTX *); + +int EVP_DigestInit_ex(EVP_MD_CTX *, const EVP_MD *, ENGINE *); +int EVP_DigestUpdate(EVP_MD_CTX *,const void *, size_t); +int EVP_DigestFinal_ex(EVP_MD_CTX *, void *, unsigned int *); +int EVP_Digest(const void *, size_t, void *, unsigned int *, + const EVP_MD *, ENGINE *); +/* + * + */ + +const EVP_CIPHER * + EVP_get_cipherbyname(const char *); + +size_t EVP_CIPHER_block_size(const EVP_CIPHER *); +size_t EVP_CIPHER_key_length(const EVP_CIPHER *); +size_t EVP_CIPHER_iv_length(const EVP_CIPHER *); + +void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *); +int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *); +int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *, int); +int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *, int); +unsigned long + EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *); +int EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *); + +const EVP_CIPHER * + EVP_CIPHER_CTX_cipher(EVP_CIPHER_CTX *); +size_t EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *); +size_t EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *); +size_t EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *); +void * EVP_CIPHER_CTX_get_app_data(EVP_CIPHER_CTX *); +void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *, void *); + +int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *, int, int, void *); +int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *, void *); + + +int EVP_CipherInit_ex(EVP_CIPHER_CTX *,const EVP_CIPHER *, ENGINE *, + const void *, const void *, int); +int EVP_CipherUpdate(EVP_CIPHER_CTX *, void *, int *, void *, size_t); +int EVP_CipherFinal_ex(EVP_CIPHER_CTX *, void *, int *); + +int EVP_Cipher(EVP_CIPHER_CTX *,void *,const void *,size_t); + +int PKCS5_PBKDF2_HMAC(const void *, size_t, const void *, size_t, + unsigned long, const EVP_MD *, size_t, void *); + +int PKCS5_PBKDF2_HMAC_SHA1(const void *, size_t, const void *, size_t, + unsigned long, size_t, void *); + +int EVP_BytesToKey(const EVP_CIPHER *, const EVP_MD *, + const void *, const void *, size_t, + unsigned int, void *, void *); + + +/* + * + */ + +void OpenSSL_add_all_algorithms(void); +void OpenSSL_add_all_algorithms_conf(void); +void OpenSSL_add_all_algorithms_noconf(void); + +void +hcrypto_validate(void); + +HC_CPP_END + +#endif /* HEIM_EVP_H */ diff --git a/contrib/com_err/com_err.h b/kerberos5/include/hcrypto/hmac.h copy from contrib/com_err/com_err.h copy to kerberos5/include/hcrypto/hmac.h --- a/contrib/com_err/com_err.h +++ b/kerberos5/include/hcrypto/hmac.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,44 +33,50 @@ /* $Id$ */ -/* MIT compatible com_err library */ +#ifndef HEIM_HMAC_H +#define HEIM_HMAC_H 1 -#ifndef __COM_ERR_H__ -#define __COM_ERR_H__ +#include -#include -#include +/* symbol renaming */ +#define HMAC_CTX_init hc_HMAC_CTX_init +#define HMAC_CTX_cleanup hc_HMAC_CTX_cleanup +#define HMAC_size hc_HMAC_size +#define HMAC_Init_ex hc_HMAC_Init_ex +#define HMAC_Update hc_HMAC_Update +#define HMAC_Final hc_HMAC_Final +#define HMAC hc_HMAC -#if !defined(__GNUC__) && !defined(__attribute__) -#define __attribute__(X) -#endif - -typedef void (KRB5_CALLCONV *errf) (const char *, long, const char *, va_list); +/* + * + */ -KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL -error_message (long); +#define HMAC_MAX_MD_CBLOCK 64 -KRB5_LIB_FUNCTION int KRB5_LIB_CALL -init_error_table (const char**, long, int); +typedef struct hc_HMAC_CTX HMAC_CTX; -KRB5_LIB_FUNCTION void KRB5_LIB_CALL -com_err_va (const char *, long, const char *, va_list) - __attribute__((format(printf, 3, 0))); +struct hc_HMAC_CTX { + const EVP_MD *md; + ENGINE *engine; + EVP_MD_CTX *ctx; + size_t key_length; + void *opad; + void *ipad; + void *buf; +}; -KRB5_LIB_FUNCTION void KRB5_LIB_CALL -com_err (const char *, long, const char *, ...) - __attribute__((format(printf, 3, 4))); -KRB5_LIB_FUNCTION errf KRB5_LIB_CALL -set_com_err_hook (errf); +void HMAC_CTX_init(HMAC_CTX *); +void HMAC_CTX_cleanup(HMAC_CTX *ctx); -KRB5_LIB_FUNCTION errf KRB5_LIB_CALL -reset_com_err_hook (void); +size_t HMAC_size(const HMAC_CTX *ctx); -KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL -error_table_name (int num); +void HMAC_Init_ex(HMAC_CTX *, const void *, size_t, + const EVP_MD *, ENGINE *); +void HMAC_Update(HMAC_CTX *ctx, const void *data, size_t len); +void HMAC_Final(HMAC_CTX *ctx, void *md, unsigned int *len); -KRB5_LIB_FUNCTION void KRB5_LIB_CALL -add_to_error_table (struct et_list *new_table); +void * HMAC(const EVP_MD *evp_md, const void *key, size_t key_len, + const void *data, size_t n, void *md, unsigned int *md_len); -#endif /* __COM_ERR_H__ */ +#endif /* HEIM_HMAC_H */ diff --git a/contrib/com_err/compile_et.h b/kerberos5/include/hcrypto/md4.h rename from contrib/com_err/compile_et.h rename to kerberos5/include/hcrypto/md4.h --- a/contrib/com_err/compile_et.h +++ b/kerberos5/include/hcrypto/md4.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,43 +33,30 @@ /* $Id$ */ -#ifndef __COMPILE_ET_H__ -#define __COMPILE_ET_H__ +#ifndef HEIM_MD4_H +#define HEIM_MD4_H 1 -#include -#include -#include -#include -#include -#include +/* symbol renaming */ +#define MD4_Init hc_MD4_Init +#define MD4_Update hc_MD4_Update +#define MD4_Final hc_MD4_Final -extern long base_id; -extern int number; -extern char *prefix; -extern char name[128]; -extern char *id_str; -extern char *filename; -extern int numerror; +/* + * + */ + +#define MD4_DIGEST_LENGTH 16 -struct error_code { - unsigned number; - char *name; - char *string; - struct error_code *next, **tail; +struct md4 { + unsigned int sz[2]; + uint32_t counter[4]; + unsigned char save[64]; }; -extern struct error_code *codes; +typedef struct md4 MD4_CTX; -#define APPEND(L, V) \ -do { \ - if((L) == NULL) { \ - (L) = (V); \ - (L)->tail = &(V)->next; \ - (L)->next = NULL; \ - }else{ \ - *(L)->tail = (V); \ - (L)->tail = &(V)->next; \ - } \ -}while(0) +int MD4_Init (struct md4 *m); +int MD4_Update (struct md4 *m, const void *p, size_t len); +int MD4_Final (void *res, struct md4 *m); -#endif /* __COMPILE_ET_H__ */ +#endif /* HEIM_MD4_H */ diff --git a/contrib/com_err/lex.h b/kerberos5/include/hcrypto/md5.h copy from contrib/com_err/lex.h copy to kerberos5/include/hcrypto/md5.h --- a/contrib/com_err/lex.h +++ b/kerberos5/include/hcrypto/md5.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,30 @@ /* $Id$ */ -void _lex_error_message (const char *, ...) -__attribute__ ((format (printf, 1, 2))); +#ifndef HEIM_MD5_H +#define HEIM_MD5_H 1 -int yylex(void); +/* symbol renaming */ +#define MD5_Init hc_MD5_Init +#define MD5_Update hc_MD5_Update +#define MD5_Final hc_MD5_Final + +/* + * + */ + +#define MD5_DIGEST_LENGTH 16 + +struct md5 { + unsigned int sz[2]; + uint32_t counter[4]; + unsigned char save[64]; +}; + +typedef struct md5 MD5_CTX; + +int MD5_Init (struct md5 *m); +int MD5_Update (struct md5 *m, const void *p, size_t len); +int MD5_Final (void *res, struct md5 *m); /* uint32_t res[4] */ + +#endif /* HEIM_MD5_H */ diff --git a/contrib/com_err/lex.h b/kerberos5/include/hcrypto/pkcs12.h copy from contrib/com_err/lex.h copy to kerberos5/include/hcrypto/pkcs12.h --- a/contrib/com_err/lex.h +++ b/kerberos5/include/hcrypto/pkcs12.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,9 +31,27 @@ * SUCH DAMAGE. */ -/* $Id$ */ +/* + * $Id$ + */ + +#ifndef _HEIM_PKCS12_H +#define _HEIM_PKCS12_H 1 + +/* symbol renaming */ +#define PKCS12_key_gen hc_PKCS12_key_gen + +/* + * + */ + +#include + +#define PKCS12_KEY_ID 1 +#define PKCS12_IV_ID 2 + +int PKCS12_key_gen(const void *, size_t, const void *, + size_t, int, int, size_t, void *, const EVP_MD *); -void _lex_error_message (const char *, ...) -__attribute__ ((format (printf, 1, 2))); -int yylex(void); +#endif /* _HEIM_PKCS12_H */ diff --git a/kerberos5/include/hcrypto/rand.h b/kerberos5/include/hcrypto/rand.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/hcrypto/rand.h @@ -0,0 +1,105 @@ + +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id$ + */ + +#ifndef _HEIM_RAND_H +#define _HEIM_RAND_H 1 + +#define RAND_METHOD hc_RAND_METHOD + +typedef struct RAND_METHOD RAND_METHOD; + +#include + +/* symbol renaming */ +#define RAND_bytes hc_RAND_bytes +#define RAND_pseudo_bytes hc_RAND_pseudo_bytes +#define RAND_seed hc_RAND_seed +#define RAND_cleanup hc_RAND_cleanup +#define RAND_add hc_RAND_add +#define RAND_set_rand_method hc_RAND_set_rand_method +#define RAND_get_rand_method hc_RAND_get_rand_method +#define RAND_set_rand_engine hc_RAND_set_rand_engine +#define RAND_file_name hc_RAND_file_name +#define RAND_load_file hc_RAND_load_file +#define RAND_write_file hc_RAND_write_file +#define RAND_status hc_RAND_status +#define RAND_fortuna_method hc_RAND_fortuna_method +#define RAND_unix_method hc_RAND_unix_method +#define RAND_w32crypto_method hc_RAND_w32crypto_method + +/* + * + */ + +struct RAND_METHOD +{ + void (*seed)(const void *, int); + int (*bytes)(unsigned char *, int); + void (*cleanup)(void); + void (*add)(const void *, int, double); + int (*pseudorand)(unsigned char *, int); + int (*status)(void); +}; + +/* + * + */ + +int RAND_bytes(void *, size_t num); +int RAND_pseudo_bytes(void *, size_t); +void RAND_seed(const void *, size_t); +void RAND_cleanup(void); +void RAND_add(const void *, size_t, double); + +int RAND_set_rand_method(const RAND_METHOD *); +const RAND_METHOD * + RAND_get_rand_method(void); +int RAND_set_rand_engine(ENGINE *); + +const char * + RAND_file_name(char *, size_t); +int RAND_load_file(const char *, size_t); +int RAND_write_file(const char *); +int RAND_status(void); + + +const RAND_METHOD * RAND_fortuna_method(void); +const RAND_METHOD * RAND_unix_method(void); +const RAND_METHOD * RAND_w32crypto_method(void); + +#endif /* _HEIM_RAND_H */ diff --git a/contrib/com_err/com_err.h b/kerberos5/include/hcrypto/rc2.h copy from contrib/com_err/com_err.h copy to kerberos5/include/hcrypto/rc2.h --- a/contrib/com_err/com_err.h +++ b/kerberos5/include/hcrypto/rc2.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,44 +33,39 @@ /* $Id$ */ -/* MIT compatible com_err library */ +/* symbol renaming */ +#define RC2_set_key hc_RC2_set_key +#define RC2_encryptc hc_RC2_encryptc +#define RC2_decryptc hc_RC2_decryptc +#define RC2_cbc_encrypt hc_RC2_cbc_encrypt -#ifndef __COM_ERR_H__ -#define __COM_ERR_H__ - -#include -#include - -#if !defined(__GNUC__) && !defined(__attribute__) -#define __attribute__(X) -#endif - -typedef void (KRB5_CALLCONV *errf) (const char *, long, const char *, va_list); - -KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL -error_message (long); +/* + * + */ -KRB5_LIB_FUNCTION int KRB5_LIB_CALL -init_error_table (const char**, long, int); +#define RC2_ENCRYPT 1 +#define RC2_DECRYPT 0 -KRB5_LIB_FUNCTION void KRB5_LIB_CALL -com_err_va (const char *, long, const char *, va_list) - __attribute__((format(printf, 3, 0))); +#define RC2_BLOCK_SIZE 8 +#define RC2_BLOCK RC2_BLOCK_SIZE +#define RC2_KEY_LENGTH 16 -KRB5_LIB_FUNCTION void KRB5_LIB_CALL -com_err (const char *, long, const char *, ...) - __attribute__((format(printf, 3, 4))); +typedef struct rc2_key { + unsigned int data[64]; +} RC2_KEY; -KRB5_LIB_FUNCTION errf KRB5_LIB_CALL -set_com_err_hook (errf); +#ifdef __cplusplus +extern "C" { +#endif -KRB5_LIB_FUNCTION errf KRB5_LIB_CALL -reset_com_err_hook (void); +void RC2_set_key(RC2_KEY *, int, const unsigned char *,int); -KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL -error_table_name (int num); +void RC2_encryptc(unsigned char *, unsigned char *, const RC2_KEY *); +void RC2_decryptc(unsigned char *, unsigned char *, const RC2_KEY *); -KRB5_LIB_FUNCTION void KRB5_LIB_CALL -add_to_error_table (struct et_list *new_table); +void RC2_cbc_encrypt(const unsigned char *, unsigned char *, long, + RC2_KEY *, unsigned char *, int); -#endif /* __COM_ERR_H__ */ +#ifdef __cplusplus +} +#endif diff --git a/contrib/com_err/lex.h b/kerberos5/include/hcrypto/rc4.h copy from contrib/com_err/lex.h copy to kerberos5/include/hcrypto/rc4.h --- a/contrib/com_err/lex.h +++ b/kerberos5/include/hcrypto/rc4.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,14 @@ /* $Id$ */ -void _lex_error_message (const char *, ...) -__attribute__ ((format (printf, 1, 2))); +/* symbol renaming */ +#define RC4_set_key hc_RC4_set_key +#define RC4 hc_RC4 -int yylex(void); +typedef struct rc4_key { + unsigned int x, y; + unsigned int state[256]; +} RC4_KEY; + +void RC4_set_key(RC4_KEY *, const int, const unsigned char *); +void RC4(RC4_KEY *, const int, const unsigned char *, unsigned char *); diff --git a/kerberos5/include/hcrypto/rsa.h b/kerberos5/include/hcrypto/rsa.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/hcrypto/rsa.h @@ -0,0 +1,184 @@ +/* + * Copyright (c) 2006-2016 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id$ + */ + +#ifndef _HEIM_RSA_H +#define _HEIM_RSA_H 1 + +/* symbol renaming */ +#define RSA_null_method hc_RSA_null_method +#define RSA_ltm_method hc_RSA_ltm_method +#define RSA_gmp_method hc_RSA_gmp_method +#define RSA_tfm_method hc_RSA_tfm_method +#define RSA_new hc_RSA_new +#define RSA_new_method hc_RSA_new_method +#define RSA_free hc_RSA_free +#define RSA_up_ref hc_RSA_up_ref +#define RSA_set_default_method hc_RSA_set_default_method +#define RSA_get_default_method hc_RSA_get_default_method +#define RSA_set_method hc_RSA_set_method +#define RSA_get_method hc_RSA_get_method +#define RSA_set_app_data hc_RSA_set_app_data +#define RSA_get_app_data hc_RSA_get_app_data +#define RSA_check_key hc_RSA_check_key +#define RSA_size hc_RSA_size +#define RSA_public_encrypt hc_RSA_public_encrypt +#define RSA_public_decrypt hc_RSA_public_decrypt +#define RSA_private_encrypt hc_RSA_private_encrypt +#define RSA_private_decrypt hc_RSA_private_decrypt +#define RSA_sign hc_RSA_sign +#define RSA_verify hc_RSA_verify +#define RSA_generate_key_ex hc_RSA_generate_key_ex +#define d2i_RSAPrivateKey hc_d2i_RSAPrivateKey +#define i2d_RSAPrivateKey hc_i2d_RSAPrivateKey +#define i2d_RSAPublicKey hc_i2d_RSAPublicKey +#define d2i_RSAPublicKey hc_d2i_RSAPublicKey + +#define RSA hc_RSA +#define RSA_METHOD hc_RSA_METHOD + +/* + * + */ + +typedef struct RSA RSA; +typedef struct RSA_METHOD RSA_METHOD; + +#include +#include + +struct RSA_METHOD { + const char *name; + int (*rsa_pub_enc)(int,const unsigned char *, unsigned char *, RSA *,int); + int (*rsa_pub_dec)(int,const unsigned char *, unsigned char *, RSA *,int); + int (*rsa_priv_enc)(int,const unsigned char *, unsigned char *, RSA *,int); + int (*rsa_priv_dec)(int,const unsigned char *, unsigned char *, RSA *,int); + void *rsa_mod_exp; + void *bn_mod_exp; + int (*init)(RSA *rsa); + int (*finish)(RSA *rsa); + int flags; + char *app_data; + int (*rsa_sign)(int, const unsigned char *, unsigned int, + unsigned char *, unsigned int *, const RSA *); + int (*rsa_verify)(int, const unsigned char *, unsigned int, + unsigned char *, unsigned int, const RSA *); + int (*rsa_keygen)(RSA *, int, BIGNUM *, BN_GENCB *); +}; + +struct RSA { + int pad; + long version; + const RSA_METHOD *meth; + void *engine; + BIGNUM *n; + BIGNUM *e; + BIGNUM *d; + BIGNUM *p; + BIGNUM *q; + BIGNUM *dmp1; + BIGNUM *dmq1; + BIGNUM *iqmp; + struct rsa_CRYPTO_EX_DATA { + void *sk; + int dummy; + } ex_data; + int references; + int flags; + void *_method_mod_n; + void *_method_mod_p; + void *_method_mod_q; + + char *bignum_data; + void *blinding; + void *mt_blinding; +}; + +#define RSA_FLAG_NO_BLINDING 0x0080 + +#define RSA_PKCS1_PADDING 1 +#define RSA_PKCS1_OAEP_PADDING 4 +#define RSA_PKCS1_PADDING_SIZE 11 + +/* + * + */ + +const RSA_METHOD *RSA_null_method(void); +const RSA_METHOD *RSA_gmp_method(void); +const RSA_METHOD *RSA_tfm_method(void); +const RSA_METHOD *RSA_ltm_method(void); + +/* + * + */ + +RSA * RSA_new(void); +RSA * RSA_new_method(ENGINE *); +void RSA_free(RSA *); +int RSA_up_ref(RSA *); + +void RSA_set_default_method(const RSA_METHOD *); +const RSA_METHOD * RSA_get_default_method(void); + +const RSA_METHOD * RSA_get_method(const RSA *); +int RSA_set_method(RSA *, const RSA_METHOD *); + +int RSA_set_app_data(RSA *, void *arg); +void * RSA_get_app_data(const RSA *); + +int RSA_check_key(const RSA *); +int RSA_size(const RSA *); + +int RSA_public_encrypt(int,const unsigned char*,unsigned char*,RSA *,int); +int RSA_private_encrypt(int,const unsigned char*,unsigned char*,RSA *,int); +int RSA_public_decrypt(int,const unsigned char*,unsigned char*,RSA *,int); +int RSA_private_decrypt(int,const unsigned char*,unsigned char*,RSA *,int); + +int RSA_sign(int, const unsigned char *, unsigned int, + unsigned char *, unsigned int *, RSA *); +int RSA_verify(int, const unsigned char *, unsigned int, + unsigned char *, unsigned int, RSA *); + +int RSA_generate_key_ex(RSA *, int, BIGNUM *, BN_GENCB *); + +RSA * d2i_RSAPrivateKey(RSA *, const unsigned char **, size_t); +int i2d_RSAPrivateKey(RSA *, unsigned char **); + +int i2d_RSAPublicKey(RSA *, unsigned char **); +RSA * d2i_RSAPublicKey(RSA *, const unsigned char **, size_t); + +#endif /* _HEIM_RSA_H */ diff --git a/kerberos5/include/hcrypto/sha.h b/kerberos5/include/hcrypto/sha.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/hcrypto/sha.h @@ -0,0 +1,115 @@ +/* + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef HEIM_SHA_H +#define HEIM_SHA_H 1 + +/* symbol renaming */ +#define SHA1_Init hc_SHA1_Init +#define SHA1_Update hc_SHA1_Update +#define SHA1_Final hc_SHA1_Final +#define SHA256_Init hc_SHA256_Init +#define SHA256_Update hc_SHA256_Update +#define SHA256_Final hc_SHA256_Final +#define SHA384_Init hc_SHA384_Init +#define SHA384_Update hc_SHA384_Update +#define SHA384_Final hc_SHA384_Final +#define SHA512_Init hc_SHA512_Init +#define SHA512_Update hc_SHA512_Update +#define SHA512_Final hc_SHA512_Final + +/* + * SHA-1 + */ + +#define SHA_DIGEST_LENGTH 20 + +struct sha { + unsigned int sz[2]; + uint32_t counter[5]; + unsigned char save[64]; +}; + +typedef struct sha SHA_CTX; + +int SHA1_Init (struct sha *m); +int SHA1_Update (struct sha *m, const void *v, size_t len); +int SHA1_Final (void *res, struct sha *m); + +/* + * SHA-2 256 + */ + +#define SHA256_DIGEST_LENGTH 32 + +struct hc_sha256state { + unsigned int sz[2]; + uint32_t counter[8]; + unsigned char save[64]; +}; + +typedef struct hc_sha256state SHA256_CTX; + +int SHA256_Init (SHA256_CTX *); +int SHA256_Update (SHA256_CTX *, const void *, size_t); +int SHA256_Final (void *, SHA256_CTX *); + +/* + * SHA-2 512 + */ + +#define SHA512_DIGEST_LENGTH 64 + +struct hc_sha512state { + uint64_t sz[2]; + uint64_t counter[8]; + unsigned char save[128]; +}; + +typedef struct hc_sha512state SHA512_CTX; + +int SHA512_Init (SHA512_CTX *); +int SHA512_Update (SHA512_CTX *, const void *, size_t); +int SHA512_Final (void *, SHA512_CTX *); + +#define SHA384_DIGEST_LENGTH 48 + +typedef struct hc_sha512state SHA384_CTX; + +int SHA384_Init (SHA384_CTX *); +int SHA384_Update (SHA384_CTX *, const void *, size_t); +int SHA384_Final (void *, SHA384_CTX *); + +#endif /* HEIM_SHA_H */ diff --git a/contrib/com_err/lex.h b/kerberos5/include/hcrypto/ui.h copy from contrib/com_err/lex.h copy to kerberos5/include/hcrypto/ui.h --- a/contrib/com_err/lex.h +++ b/kerberos5/include/hcrypto/ui.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,17 @@ /* $Id$ */ -void _lex_error_message (const char *, ...) -__attribute__ ((format (printf, 1, 2))); +#ifndef _HEIM_UI_H +#define _HEIM_UI_H 1 + +/* symbol renaming */ +#define UI_UTIL_read_pw_string hc_UI_UTIL_read_pw_string + +/* OpenSSL API extensions */ +#define UI_UTIL_FLAG_VERIFY 0x1 /* ask to verify password */ +#define UI_UTIL_FLAG_VERIFY_SILENT 0x2 /* silence on verify failure */ + +int UI_UTIL_read_pw_string(char *, int, const char *, int); /* XXX */ + +#endif /* _HEIM_UI_H */ -int yylex(void); diff --git a/kerberos5/include/hcrypto/undef.h b/kerberos5/include/hcrypto/undef.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/hcrypto/undef.h @@ -0,0 +1,167 @@ +/* + * Copyright (c) 2016 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef HEIM_UNDEF_H +#define HEIM_UNDEF_H 1 + +#undef BIGNUM +#undef BN_CTX +#undef BN_BLINDING +#undef BN_MONT_CTX +#undef BN_GENCB +#undef DH +#undef DH_METHOD +#undef DSA +#undef DSA_METHOD +#undef RSA +#undef RSA_METHOD +#undef RAND_METHOD +#undef ENGINE +#undef BN_GENCB_call +#undef BN_GENCB_set +#undef BN_CTX_new +#undef BN_CTX_free +#undef BN_CTX_start +#undef BN_CTX_get +#undef BN_CTX_end +#undef BN_is_negative +#undef BN_rand +#undef BN_num_bits +#undef BN_num_bytes +#undef BN_new +#undef BN_clear_free +#undef BN_bin2bn +#undef BN_bn2bin +#undef BN_uadd +#undef BN_set_negative +#undef BN_set_word +#undef BN_get_word +#undef BN_cmp +#undef BN_free +#undef BN_is_bit_set +#undef BN_clear +#undef BN_dup +#undef BN_set_bit +#undef BN_clear_bit +#undef BN_bn2hex +#undef BN_hex2bn +#undef EVP_CIPHER_CTX_block_size +#undef EVP_CIPHER_CTX_cipher +#undef EVP_CIPHER_CTX_cleanup +#undef EVP_CIPHER_CTX_flags +#undef EVP_CIPHER_CTX_get_app_data +#undef EVP_CIPHER_CTX_init +#undef EVP_CIPHER_CTX_iv_length +#undef EVP_CIPHER_CTX_key_length +#undef EVP_CIPHER_CTX_mode +#undef EVP_CIPHER_CTX_set_app_data +#undef EVP_CIPHER_CTX_set_key_length +#undef EVP_CIPHER_CTX_set_padding +#undef EVP_CIPHER_block_size +#undef EVP_CIPHER_iv_length +#undef EVP_CIPHER_key_length +#undef EVP_Cipher +#undef EVP_CipherInit_ex +#undef EVP_CipherUpdate +#undef EVP_CipherFinal_ex +#undef EVP_Digest +#undef EVP_DigestFinal_ex +#undef EVP_DigestInit_ex +#undef EVP_DigestUpdate +#undef EVP_MD_CTX_block_size +#undef EVP_MD_CTX_cleanup +#undef EVP_MD_CTX_create +#undef EVP_MD_CTX_init +#undef EVP_MD_CTX_destroy +#undef EVP_MD_CTX_md +#undef EVP_MD_CTX_size +#undef EVP_MD_block_size +#undef EVP_MD_size +#undef EVP_aes_128_cbc +#undef EVP_aes_192_cbc +#undef EVP_aes_256_cbc +#undef EVP_aes_128_cfb8 +#undef EVP_aes_192_cfb8 +#undef EVP_aes_256_cfb8 +#undef EVP_des_cbc +#undef EVP_des_ede3_cbc +#undef EVP_enc_null +#undef EVP_md4 +#undef EVP_md5 +#undef EVP_md_null +#undef EVP_rc2_40_cbc +#undef EVP_rc2_64_cbc +#undef EVP_rc2_cbc +#undef EVP_rc4 +#undef EVP_rc4_40 +#undef EVP_camellia_128_cbc +#undef EVP_camellia_192_cbc +#undef EVP_camellia_256_cbc +#undef EVP_sha +#undef EVP_sha1 +#undef EVP_sha256 +#undef EVP_sha384 +#undef EVP_sha512 +#undef PKCS5_PBKDF2_HMAC +#undef PKCS5_PBKDF2_HMAC_SHA1 +#undef EVP_BytesToKey +#undef EVP_get_cipherbyname +#undef OpenSSL_add_all_algorithms +#undef OpenSSL_add_all_algorithms_conf +#undef OpenSSL_add_all_algorithms_noconf +#undef EVP_CIPHER_CTX_ctrl +#undef EVP_CIPHER_CTX_rand_key +#undef hcrypto_validate +#undef EVP_MD_CTX +#undef EVP_PKEY +#undef EVP_MD +#undef EVP_CIPHER +#undef EVP_CIPHER_CTX +#undef EVP_CIPH_STREAM_CIPHER +#undef EVP_CIPH_CBC_MODE +#undef EVP_CIPH_CFB8_MODE +#undef EVP_CIPH_MODE +#undef EVP_CIPH_CTRL_INIT +#undef EVP_CTRL_INIT +#undef EVP_CIPH_VARIABLE_LENGTH +#undef EVP_CIPH_ALWAYS_CALL_INIT +#undef EVP_CIPH_RAND_KEY +#undef EVP_CTRL_RAND_KEY +#undef NID_md4 +#undef NID_md5 +#undef NID_sha1 +#undef NID_sha256 +#undef NID_sha384 +#undef NID_sha512 + +#endif /* HEIM_UNDEF_H */ diff --git a/kerberos5/include/hdb-private.h b/kerberos5/include/hdb-private.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/hdb-private.h @@ -0,0 +1,81 @@ +/* This is a generated file */ +#ifndef __hdb_private_h__ +#define __hdb_private_h__ + +#include + +krb5_error_code +_hdb_fetch_kvno ( + krb5_context /*context*/, + HDB */*db*/, + krb5_const_principal /*principal*/, + unsigned /*flags*/, + krb5_kvno /*kvno*/, + hdb_entry_ex */*entry*/); + +hdb_master_key +_hdb_find_master_key ( + unsigned int */*mkvno*/, + hdb_master_key /*mkey*/); + +krb5_error_code +_hdb_keytab2hdb_entry ( + krb5_context /*context*/, + const krb5_keytab_entry */*ktentry*/, + hdb_entry_ex */*entry*/); + +krb5_error_code +_hdb_mdb_value2entry ( + krb5_context /*context*/, + krb5_data */*data*/, + krb5_kvno /*target_kvno*/, + hdb_entry */*entry*/); + +int +_hdb_mit_dump2mitdb_entry ( + krb5_context /*context*/, + char */*line*/, + krb5_storage */*sp*/); + +int +_hdb_mkey_decrypt ( + krb5_context /*context*/, + hdb_master_key /*key*/, + krb5_key_usage /*usage*/, + void */*ptr*/, + size_t /*size*/, + krb5_data */*res*/); + +int +_hdb_mkey_encrypt ( + krb5_context /*context*/, + hdb_master_key /*key*/, + krb5_key_usage /*usage*/, + const void */*ptr*/, + size_t /*size*/, + krb5_data */*res*/); + +int +_hdb_mkey_version (hdb_master_key /*mkey*/); + +krb5_error_code +_hdb_remove ( + krb5_context /*context*/, + HDB */*db*/, + unsigned /*flags*/, + krb5_const_principal /*principal*/); + +krb5_error_code +_hdb_set_master_key_usage ( + krb5_context /*context*/, + HDB */*db*/, + unsigned int /*key_usage*/); + +krb5_error_code +_hdb_store ( + krb5_context /*context*/, + HDB */*db*/, + unsigned /*flags*/, + hdb_entry_ex */*entry*/); + +#endif /* __hdb_private_h__ */ diff --git a/kerberos5/include/hdb-protos.h b/kerberos5/include/hdb-protos.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/hdb-protos.h @@ -0,0 +1,592 @@ +/* This is a generated file */ +#ifndef __hdb_protos_h__ +#define __hdb_protos_h__ +#ifndef DOXY + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +krb5_error_code +entry2mit_string_int ( + krb5_context /*context*/, + krb5_storage */*sp*/, + hdb_entry */*ent*/); + +/** + * This function adds an HDB entry's current keyset to the entry's key + * history. The current keyset is left alone; the caller is responsible + * for freeing it. + * + * @param context Context + * @param entry HDB entry + */ + +krb5_error_code +hdb_add_current_keys_to_history ( + krb5_context /*context*/, + hdb_entry */*entry*/); + +/** + * This function adds a key to an HDB entry's key history. + * + * @param context Context + * @param entry HDB entry + * @param kvno Key version number of the key to add to the history + * @param key The Key to add + */ + +krb5_error_code +hdb_add_history_key ( + krb5_context /*context*/, + hdb_entry */*entry*/, + krb5_kvno /*kvno*/, + Key */*key*/); + +krb5_error_code +hdb_add_master_key ( + krb5_context /*context*/, + krb5_keyblock */*key*/, + hdb_master_key */*inout*/); + +/** + * This function changes an hdb_entry's kvno, swapping the current key + * set with a historical keyset. If no historical keys are found then + * an error is returned (the caller can still set entry->kvno directly). + * + * @param context krb5_context + * @param new_kvno New kvno for the entry + * @param entry hdb_entry to modify + */ + +krb5_error_code +hdb_change_kvno ( + krb5_context /*context*/, + krb5_kvno /*new_kvno*/, + hdb_entry */*entry*/); + +krb5_error_code +hdb_check_db_format ( + krb5_context /*context*/, + HDB */*db*/); + +krb5_error_code +hdb_clear_extension ( + krb5_context /*context*/, + hdb_entry */*entry*/, + int /*type*/); + +krb5_error_code +hdb_clear_master_key ( + krb5_context /*context*/, + HDB */*db*/); + +/** + * Create a handle for a Kerberos database + * + * Create a handle for a Kerberos database backend specified by a + * filename. Doesn't create a file if its doesn't exists, you have to + * use O_CREAT to tell the backend to create the file. + */ + +krb5_error_code +hdb_create ( + krb5_context /*context*/, + HDB **/*db*/, + const char */*filename*/); + +krb5_error_code +hdb_db1_create ( + krb5_context /*context*/, + HDB **/*db*/, + const char */*filename*/); + +krb5_error_code +hdb_db3_create ( + krb5_context /*context*/, + HDB **/*db*/, + const char */*filename*/); + +/** + * Return the directory where the hdb database resides. + * + * @param context Kerberos 5 context. + * + * @return string pointing to directory. + */ + +const char * +hdb_db_dir (krb5_context /*context*/); + +const char * +hdb_dbinfo_get_acl_file ( + krb5_context /*context*/, + struct hdb_dbinfo */*dbp*/); + +const krb5_config_binding * +hdb_dbinfo_get_binding ( + krb5_context /*context*/, + struct hdb_dbinfo */*dbp*/); + +const char * +hdb_dbinfo_get_dbname ( + krb5_context /*context*/, + struct hdb_dbinfo */*dbp*/); + +const char * +hdb_dbinfo_get_label ( + krb5_context /*context*/, + struct hdb_dbinfo */*dbp*/); + +const char * +hdb_dbinfo_get_log_file ( + krb5_context /*context*/, + struct hdb_dbinfo */*dbp*/); + +const char * +hdb_dbinfo_get_mkey_file ( + krb5_context /*context*/, + struct hdb_dbinfo */*dbp*/); + +struct hdb_dbinfo * +hdb_dbinfo_get_next ( + struct hdb_dbinfo */*dbp*/, + struct hdb_dbinfo */*dbprevp*/); + +const char * +hdb_dbinfo_get_realm ( + krb5_context /*context*/, + struct hdb_dbinfo */*dbp*/); + +/** + * Return the default hdb database resides. + * + * @param context Kerberos 5 context. + * + * @return string pointing to directory. + */ + +const char * +hdb_default_db (krb5_context /*context*/); + +krb5_error_code +hdb_enctype2key ( + krb5_context /*context*/, + hdb_entry */*e*/, + const Keys */*keyset*/, + krb5_enctype /*enctype*/, + Key **/*key*/); + +krb5_error_code +hdb_entry2string ( + krb5_context /*context*/, + hdb_entry */*ent*/, + char **/*str*/); + +int +hdb_entry2value ( + krb5_context /*context*/, + const hdb_entry */*ent*/, + krb5_data */*value*/); + +int +hdb_entry_alias2value ( + krb5_context /*context*/, + const hdb_entry_alias */*alias*/, + krb5_data */*value*/); + +krb5_error_code +hdb_entry_check_mandatory ( + krb5_context /*context*/, + const hdb_entry */*ent*/); + +krb5_error_code +hdb_entry_clear_kvno_diff_clnt ( + krb5_context /*context*/, + hdb_entry */*entry*/); + +krb5_error_code +hdb_entry_clear_kvno_diff_svc ( + krb5_context /*context*/, + hdb_entry */*entry*/); + +int +hdb_entry_clear_password ( + krb5_context /*context*/, + hdb_entry */*entry*/); + +krb5_error_code +hdb_entry_get_ConstrainedDelegACL ( + const hdb_entry */*entry*/, + const HDB_Ext_Constrained_delegation_acl **/*a*/); + +krb5_error_code +hdb_entry_get_aliases ( + const hdb_entry */*entry*/, + const HDB_Ext_Aliases **/*a*/); + +unsigned int +hdb_entry_get_kvno_diff_clnt (const hdb_entry */*entry*/); + +unsigned int +hdb_entry_get_kvno_diff_svc (const hdb_entry */*entry*/); + +int +hdb_entry_get_password ( + krb5_context /*context*/, + HDB */*db*/, + const hdb_entry */*entry*/, + char **/*p*/); + +krb5_error_code +hdb_entry_get_pkinit_acl ( + const hdb_entry */*entry*/, + const HDB_Ext_PKINIT_acl **/*a*/); + +krb5_error_code +hdb_entry_get_pkinit_cert ( + const hdb_entry */*entry*/, + const HDB_Ext_PKINIT_cert **/*a*/); + +krb5_error_code +hdb_entry_get_pkinit_hash ( + const hdb_entry */*entry*/, + const HDB_Ext_PKINIT_hash **/*a*/); + +krb5_error_code +hdb_entry_get_pw_change_time ( + const hdb_entry */*entry*/, + time_t */*t*/); + +krb5_error_code +hdb_entry_set_kvno_diff_clnt ( + krb5_context /*context*/, + hdb_entry */*entry*/, + unsigned int /*diff*/); + +krb5_error_code +hdb_entry_set_kvno_diff_svc ( + krb5_context /*context*/, + hdb_entry */*entry*/, + unsigned int /*diff*/); + +int +hdb_entry_set_password ( + krb5_context /*context*/, + HDB */*db*/, + hdb_entry */*entry*/, + const char */*p*/); + +krb5_error_code +hdb_entry_set_pw_change_time ( + krb5_context /*context*/, + hdb_entry */*entry*/, + time_t /*t*/); + +HDB_extension * +hdb_find_extension ( + const hdb_entry */*entry*/, + int /*type*/); + +krb5_error_code +hdb_foreach ( + krb5_context /*context*/, + HDB */*db*/, + unsigned /*flags*/, + hdb_foreach_func_t /*func*/, + void */*data*/); + +void +hdb_free_dbinfo ( + krb5_context /*context*/, + struct hdb_dbinfo **/*dbp*/); + +void +hdb_free_entry ( + krb5_context /*context*/, + hdb_entry_ex */*ent*/); + +void +hdb_free_key (Key */*key*/); + +void +hdb_free_keys ( + krb5_context /*context*/, + int /*len*/, + Key */*keys*/); + +void +hdb_free_master_key ( + krb5_context /*context*/, + hdb_master_key /*mkey*/); + +krb5_error_code +hdb_generate_key_set ( + krb5_context /*context*/, + krb5_principal /*principal*/, + krb5_key_salt_tuple */*ks_tuple*/, + int /*n_ks_tuple*/, + Key **/*ret_key_set*/, + size_t */*nkeyset*/, + int /*no_salt*/); + +krb5_error_code +hdb_generate_key_set_password ( + krb5_context /*context*/, + krb5_principal /*principal*/, + const char */*password*/, + Key **/*keys*/, + size_t */*num_keys*/); + +krb5_error_code +hdb_generate_key_set_password_with_ks_tuple ( + krb5_context /*context*/, + krb5_principal /*principal*/, + const char */*password*/, + krb5_key_salt_tuple */*ks_tuple*/, + int /*n_ks_tuple*/, + Key **/*keys*/, + size_t */*num_keys*/); + +int +hdb_get_dbinfo ( + krb5_context /*context*/, + struct hdb_dbinfo **/*dbp*/); + +krb5_error_code +hdb_init_db ( + krb5_context /*context*/, + HDB */*db*/); + +int +hdb_key2principal ( + krb5_context /*context*/, + krb5_data */*key*/, + krb5_principal /*p*/); + +krb5_error_code +hdb_keytab_create ( + krb5_context /*context*/, + HDB ** /*db*/, + const char */*arg*/); + +const Keys * +hdb_kvno2keys ( + krb5_context /*context*/, + const hdb_entry */*e*/, + krb5_kvno /*kvno*/); + +krb5_error_code +hdb_ldap_create ( + krb5_context /*context*/, + HDB ** /*db*/, + const char */*arg*/); + +krb5_error_code +hdb_ldapi_create ( + krb5_context /*context*/, + HDB ** /*db*/, + const char */*arg*/); + +krb5_error_code +hdb_list_builtin ( + krb5_context /*context*/, + char **/*list*/); + +krb5_error_code +hdb_lock ( + int /*fd*/, + int /*operation*/); + +krb5_error_code +hdb_mdb_create ( + krb5_context /*context*/, + HDB **/*db*/, + const char */*filename*/); + +krb5_error_code +hdb_mitdb_create ( + krb5_context /*context*/, + HDB **/*db*/, + const char */*filename*/); + +krb5_error_code +hdb_ndbm_create ( + krb5_context /*context*/, + HDB **/*db*/, + const char */*filename*/); + +krb5_error_code +hdb_next_enctype2key ( + krb5_context /*context*/, + const hdb_entry */*e*/, + const Keys */*keyset*/, + krb5_enctype /*enctype*/, + Key **/*key*/); + +int +hdb_principal2key ( + krb5_context /*context*/, + krb5_const_principal /*p*/, + krb5_data */*key*/); + +krb5_error_code +hdb_print_entry ( + krb5_context /*context*/, + HDB */*db*/, + hdb_entry_ex */*entry*/, + void */*data*/); + +krb5_error_code +hdb_process_master_key ( + krb5_context /*context*/, + int /*kvno*/, + krb5_keyblock */*key*/, + krb5_enctype /*etype*/, + hdb_master_key */*mkey*/); + +/** + * This function prunes an HDB entry's keys that are too old to have been used + * to mint still valid tickets (based on the entry's maximum ticket lifetime). + * + * @param context Context + * @param entry HDB entry + */ + +krb5_error_code +hdb_prune_keys ( + krb5_context /*context*/, + hdb_entry */*entry*/); + +krb5_error_code +hdb_read_master_key ( + krb5_context /*context*/, + const char */*filename*/, + hdb_master_key */*mkey*/); + +krb5_error_code +hdb_replace_extension ( + krb5_context /*context*/, + hdb_entry */*entry*/, + const HDB_extension */*ext*/); + +krb5_error_code +hdb_seal_key ( + krb5_context /*context*/, + HDB */*db*/, + Key */*k*/); + +krb5_error_code +hdb_seal_key_mkey ( + krb5_context /*context*/, + Key */*k*/, + hdb_master_key /*mkey*/); + +krb5_error_code +hdb_seal_keys ( + krb5_context /*context*/, + HDB */*db*/, + hdb_entry */*ent*/); + +krb5_error_code +hdb_seal_keys_mkey ( + krb5_context /*context*/, + hdb_entry */*ent*/, + hdb_master_key /*mkey*/); + +krb5_error_code +hdb_set_last_modified_by ( + krb5_context /*context*/, + hdb_entry */*entry*/, + krb5_principal /*modby*/, + time_t /*modtime*/); + +krb5_error_code +hdb_set_master_key ( + krb5_context /*context*/, + HDB */*db*/, + krb5_keyblock */*key*/); + +krb5_error_code +hdb_set_master_keyfile ( + krb5_context /*context*/, + HDB */*db*/, + const char */*keyfile*/); + +/** + * Create SQLITE object, and creates the on disk database if its doesn't exists. + * + * @param context A Kerberos 5 context. + * @param db a returned database handle. + * @param filename filename + * + * @return 0 on success, an error code if not + */ + +krb5_error_code +hdb_sqlite_create ( + krb5_context /*context*/, + HDB **/*db*/, + const char */*filename*/); + +krb5_error_code +hdb_unlock (int /*fd*/); + +krb5_error_code +hdb_unseal_key ( + krb5_context /*context*/, + HDB */*db*/, + Key */*k*/); + +krb5_error_code +hdb_unseal_key_mkey ( + krb5_context /*context*/, + Key */*k*/, + hdb_master_key /*mkey*/); + +krb5_error_code +hdb_unseal_keys ( + krb5_context /*context*/, + HDB */*db*/, + hdb_entry */*ent*/); + +krb5_error_code +hdb_unseal_keys_kvno ( + krb5_context /*context*/, + HDB */*db*/, + krb5_kvno /*kvno*/, + unsigned /*flags*/, + hdb_entry */*ent*/); + +krb5_error_code +hdb_unseal_keys_mkey ( + krb5_context /*context*/, + hdb_entry */*ent*/, + hdb_master_key /*mkey*/); + +int +hdb_value2entry ( + krb5_context /*context*/, + krb5_data */*value*/, + hdb_entry */*ent*/); + +int +hdb_value2entry_alias ( + krb5_context /*context*/, + krb5_data */*value*/, + hdb_entry_alias */*ent*/); + +krb5_error_code +hdb_write_master_key ( + krb5_context /*context*/, + const char */*filename*/, + hdb_master_key /*mkey*/); + +#ifdef __cplusplus +} +#endif + +#endif /* DOXY */ +#endif /* __hdb_protos_h__ */ diff --git a/kerberos5/include/hdb.h b/kerberos5/include/hdb.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/hdb.h @@ -0,0 +1,314 @@ +/* + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef __HDB_H__ +#define __HDB_H__ + +#include + +#include + +#include + +#include +#include + +struct hdb_dbinfo; + +enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK }; + +/* flags for various functions */ +#define HDB_F_DECRYPT 1 /* decrypt keys */ +#define HDB_F_REPLACE 2 /* replace entry */ +#define HDB_F_GET_CLIENT 4 /* fetch client */ +#define HDB_F_GET_SERVER 8 /* fetch server */ +#define HDB_F_GET_KRBTGT 16 /* fetch krbtgt */ +#define HDB_F_GET_ANY 28 /* fetch any of client,server,krbtgt */ +#define HDB_F_CANON 32 /* want canonicalition */ +#define HDB_F_ADMIN_DATA 64 /* want data that kdc don't use */ +#define HDB_F_KVNO_SPECIFIED 128 /* we want a particular KVNO */ +#define HDB_F_CURRENT_KVNO 256 /* we want the current KVNO */ +#define HDB_F_LIVE_CLNT_KVNOS 512 /* we want all live keys for pre-auth */ +#define HDB_F_LIVE_SVC_KVNOS 1024 /* we want all live keys for tix */ +#define HDB_F_ALL_KVNOS 2048 /* we want all the keys, live or not */ +#define HDB_F_FOR_AS_REQ 4096 /* fetch is for a AS REQ */ +#define HDB_F_FOR_TGS_REQ 8192 /* fetch is for a TGS REQ */ +#define HDB_F_PRECHECK 16384 /* check that the operation would succeed */ + +/* hdb_capability_flags */ +#define HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL 1 +#define HDB_CAP_F_HANDLE_PASSWORDS 2 +#define HDB_CAP_F_PASSWORD_UPDATE_KEYS 4 +#define HDB_CAP_F_SHARED_DIRECTORY 8 + +/* auth status values */ +#define HDB_AUTH_SUCCESS 0 +#define HDB_AUTH_WRONG_PASSWORD 1 +#define HDB_AUTH_INVALID_SIGNATURE 2 + +/* key usage for master key */ +#define HDB_KU_MKEY 0x484442 + +typedef struct hdb_master_key_data *hdb_master_key; + +/** + * hdb_entry_ex is a wrapper structure around the hdb_entry structure + * that allows backends to keep a pointer to the backing store, ie in + * ->hdb_fetch_kvno(), so that we the kadmin/kpasswd backend gets around to + * ->hdb_store(), the backend doesn't need to lookup the entry again. + */ + +typedef struct hdb_entry_ex { + void *ctx; + hdb_entry entry; + void (*free_entry)(krb5_context, struct hdb_entry_ex *); +} hdb_entry_ex; + + +/** + * HDB backend function pointer structure + * + * The HDB structure is what the KDC and kadmind framework uses to + * query the backend database when talking about principals. + */ + +typedef struct HDB { + void *hdb_db; + void *hdb_dbc; /** don't use, only for DB3 */ + char *hdb_name; + int hdb_master_key_set; + hdb_master_key hdb_master_key; + int hdb_openp; + int hdb_capability_flags; + int lock_count; + int lock_type; + /** + * Open (or create) the a Kerberos database. + * + * Open (or create) the a Kerberos database that was resolved with + * hdb_create(). The third and fourth flag to the function are the + * same as open(), thus passing O_CREAT will create the data base + * if it doesn't exists. + * + * Then done the caller should call hdb_close(), and to release + * all resources hdb_destroy(). + */ + krb5_error_code (*hdb_open)(krb5_context, struct HDB*, int, mode_t); + /** + * Close the database for transaction + * + * Closes the database for further transactions, wont release any + * permanant resources. the database can be ->hdb_open-ed again. + */ + krb5_error_code (*hdb_close)(krb5_context, struct HDB*); + /** + * Free an entry after use. + */ + void (*hdb_free)(krb5_context, struct HDB*, hdb_entry_ex*); + /** + * Fetch an entry from the backend + * + * Fetch an entry from the backend, flags are what type of entry + * should be fetch: client, server, krbtgt. + * knvo (if specified and flags HDB_F_KVNO_SPECIFIED set) is the kvno to get + */ + krb5_error_code (*hdb_fetch_kvno)(krb5_context, struct HDB*, + krb5_const_principal, unsigned, krb5_kvno, + hdb_entry_ex*); + /** + * Store an entry to database + */ + krb5_error_code (*hdb_store)(krb5_context, struct HDB*, + unsigned, hdb_entry_ex*); + /** + * Remove an entry from the database. + */ + krb5_error_code (*hdb_remove)(krb5_context, struct HDB*, + unsigned, krb5_const_principal); + /** + * As part of iteration, fetch one entry + */ + krb5_error_code (*hdb_firstkey)(krb5_context, struct HDB*, + unsigned, hdb_entry_ex*); + /** + * As part of iteration, fetch next entry + */ + krb5_error_code (*hdb_nextkey)(krb5_context, struct HDB*, + unsigned, hdb_entry_ex*); + /** + * Lock database + * + * A lock can only be held by one consumers. Transaction can still + * happen on the database while the lock is held, so the entry is + * only useful for syncroning creation of the database and renaming of the database. + */ + krb5_error_code (*hdb_lock)(krb5_context, struct HDB*, int); + /** + * Unlock database + */ + krb5_error_code (*hdb_unlock)(krb5_context, struct HDB*); + /** + * Rename the data base. + * + * Assume that the database is not hdb_open'ed and not locked. + */ + krb5_error_code (*hdb_rename)(krb5_context, struct HDB*, const char*); + /** + * Get an hdb_entry from a classical DB backend + * + * This function takes a principal key (krb5_data) and returns all + * data related to principal in the return krb5_data. The returned + * encoded entry is of type hdb_entry or hdb_entry_alias. + */ + krb5_error_code (*hdb__get)(krb5_context, struct HDB*, + krb5_data, krb5_data*); + /** + * Store an hdb_entry from a classical DB backend + * + * This function takes a principal key (krb5_data) and encoded + * hdb_entry or hdb_entry_alias as the data to store. + * + * For a file-based DB, this must synchronize to disk when done. + * This is sub-optimal for kadm5_s_rename_principal(), and for + * kadm5_s_modify_principal() when using principal aliases; to + * improve this so that only one fsync() need be done + * per-transaction will require HDB API extensions. + */ + krb5_error_code (*hdb__put)(krb5_context, struct HDB*, int, + krb5_data, krb5_data); + /** + * Delete and hdb_entry from a classical DB backend + * + * This function takes a principal key (krb5_data) naming the record + * to delete. + * + * Same discussion as in @ref HDB::hdb__put + */ + krb5_error_code (*hdb__del)(krb5_context, struct HDB*, krb5_data); + /** + * Destroy the handle to the database. + * + * Destroy the handle to the database, deallocate all memory and + * related resources. Does not remove any permanent data. Its the + * logical reverse of hdb_create() function that is the entry + * point for the module. + */ + krb5_error_code (*hdb_destroy)(krb5_context, struct HDB*); + /** + * Get the list of realms this backend handles. + * This call is optional to support. The returned realms are used + * for announcing the realms over bonjour. Free returned array + * with krb5_free_host_realm(). + */ + krb5_error_code (*hdb_get_realms)(krb5_context, struct HDB *, krb5_realm **); + /** + * Change password. + * + * Will update keys for the entry when given password. The new + * keys must be written into the entry and will then later be + * ->hdb_store() into the database. The backend will still perform + * all other operations, increasing the kvno, and update + * modification timestamp. + * + * The backend needs to call _kadm5_set_keys() and perform password + * quality checks. + */ + krb5_error_code (*hdb_password)(krb5_context, struct HDB*, hdb_entry_ex*, const char *, int); + + /** + * Auth feedback + * + * This is a feedback call that allows backends that provides + * lockout functionality to register failure and/or successes. + * + * In case the entry is locked out, the backend should set the + * hdb_entry.flags.locked-out flag. + */ + krb5_error_code (*hdb_auth_status)(krb5_context, struct HDB *, hdb_entry_ex *, int); + /** + * Check if delegation is allowed. + */ + krb5_error_code (*hdb_check_constrained_delegation)(krb5_context, struct HDB *, hdb_entry_ex *, krb5_const_principal); + + /** + * Check if this name is an alias for the supplied client for PKINIT userPrinicpalName logins + */ + krb5_error_code (*hdb_check_pkinit_ms_upn_match)(krb5_context, struct HDB *, hdb_entry_ex *, krb5_const_principal); + + /** + * Check if s4u2self is allowed from this client to this server + */ + krb5_error_code (*hdb_check_s4u2self)(krb5_context, struct HDB *, hdb_entry_ex *, krb5_const_principal); + + /** + * Enable/disable synchronous updates + * + * Calling this with 0 disables sync. Calling it with non-zero enables + * sync and does an fsync(). + */ + krb5_error_code (*hdb_set_sync)(krb5_context, struct HDB *, int); +}HDB; + +#define HDB_INTERFACE_VERSION 10 + +struct hdb_method { + int version; + krb5_error_code (*init)(krb5_context, void **); + void (*fini)(void *); + const char *prefix; + krb5_error_code (*create)(krb5_context, HDB **, const char *filename); +}; + +/* dump entry format, for hdb_print_entry() */ +typedef enum hdb_dump_format { + HDB_DUMP_HEIMDAL = 0, + HDB_DUMP_MIT = 1, +} hdb_dump_format_t; + +struct hdb_print_entry_arg { + FILE *out; + hdb_dump_format_t fmt; +}; + +typedef krb5_error_code (*hdb_foreach_func_t)(krb5_context, HDB*, + hdb_entry_ex*, void*); +extern krb5_kt_ops hdb_kt_ops; +extern krb5_kt_ops hdb_get_kt_ops; + +extern const int hdb_interface_version; + +#include + +#endif /* __HDB_H__ */ diff --git a/kerberos5/include/hdb_asn1.h b/kerberos5/include/hdb_asn1.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/hdb_asn1.h @@ -0,0 +1,594 @@ +/* Generated from ./hdb.asn1 */ +/* Do not edit */ + +#ifndef __hdb_asn1_h__ +#define __hdb_asn1_h__ + +#include +#include + +#ifndef __asn1_common_definitions__ +#define __asn1_common_definitions__ + +#ifndef __HEIM_BASE_DATA__ +#define __HEIM_BASE_DATA__ 1 +struct heim_base_data { + size_t length; + void *data; +}; +typedef struct heim_base_data heim_octet_string; +#endif + +typedef struct heim_integer { + size_t length; + void *data; + int negative; +} heim_integer; + +typedef char *heim_general_string; + +typedef char *heim_utf8_string; + +typedef struct heim_base_data heim_printable_string; + +typedef struct heim_base_data heim_ia5_string; + +typedef struct heim_bmp_string { + size_t length; + uint16_t *data; +} heim_bmp_string; + +typedef struct heim_universal_string { + size_t length; + uint32_t *data; +} heim_universal_string; + +typedef char *heim_visible_string; + +typedef struct heim_oid { + size_t length; + unsigned *components; +} heim_oid; + +typedef struct heim_bit_string { + size_t length; + void *data; +} heim_bit_string; + +typedef struct heim_base_data heim_any; +typedef struct heim_base_data heim_any_set; + +#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \ + do { \ + (BL) = length_##T((S)); \ + (B) = malloc((BL)); \ + if((B) == NULL) { \ + (R) = ENOMEM; \ + } else { \ + (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \ + (S), (L)); \ + if((R) != 0) { \ + free((B)); \ + (B) = NULL; \ + } \ + } \ + } while (0) + +#ifdef _WIN32 +#ifndef ASN1_LIB +#define ASN1EXP __declspec(dllimport) +#else +#define ASN1EXP +#endif +#define ASN1CALL __stdcall +#else +#define ASN1EXP +#define ASN1CALL +#endif +struct units; + +#endif + +#include +enum { HDB_DB_FORMAT = 2 }; + +enum { hdb_pw_salt = 3 }; + +enum { hdb_afs3_salt = 10 }; + +/* +Salt ::= SEQUENCE { + type [0] INTEGER (0..4294967295), + salt [1] OCTET STRING, + opaque [2] OCTET STRING OPTIONAL, +} +*/ + +typedef struct Salt { + unsigned int type; + heim_octet_string salt; + heim_octet_string *opaque; +} Salt; + +ASN1EXP int ASN1CALL decode_Salt(const unsigned char *, size_t, Salt *, size_t *); +ASN1EXP int ASN1CALL encode_Salt(unsigned char *, size_t, const Salt *, size_t *); +ASN1EXP size_t ASN1CALL length_Salt(const Salt *); +ASN1EXP int ASN1CALL copy_Salt (const Salt *, Salt *); +ASN1EXP void ASN1CALL free_Salt (Salt *); + + +/* +Key ::= SEQUENCE { + mkvno [0] INTEGER (0..4294967295) OPTIONAL, + key [1] EncryptionKey, + salt [2] Salt OPTIONAL, +} +*/ + +typedef struct Key { + unsigned int *mkvno; + EncryptionKey key; + Salt *salt; +} Key; + +ASN1EXP int ASN1CALL decode_Key(const unsigned char *, size_t, Key *, size_t *); +ASN1EXP int ASN1CALL encode_Key(unsigned char *, size_t, const Key *, size_t *); +ASN1EXP size_t ASN1CALL length_Key(const Key *); +ASN1EXP int ASN1CALL copy_Key (const Key *, Key *); +ASN1EXP void ASN1CALL free_Key (Key *); + + +/* +Event ::= SEQUENCE { + time [0] KerberosTime, + principal [1] Principal OPTIONAL, +} +*/ + +typedef struct Event { + KerberosTime time; + Principal *principal; +} Event; + +ASN1EXP int ASN1CALL decode_Event(const unsigned char *, size_t, Event *, size_t *); +ASN1EXP int ASN1CALL encode_Event(unsigned char *, size_t, const Event *, size_t *); +ASN1EXP size_t ASN1CALL length_Event(const Event *); +ASN1EXP int ASN1CALL copy_Event (const Event *, Event *); +ASN1EXP void ASN1CALL free_Event (Event *); + + +/* +HDBFlags ::= BIT STRING { + initial(0), + forwardable(1), + proxiable(2), + renewable(3), + postdate(4), + server(5), + client(6), + invalid(7), + require-preauth(8), + change-pw(9), + require-hwauth(10), + ok-as-delegate(11), + user-to-user(12), + immutable(13), + trusted-for-delegation(14), + allow-kerberos4(15), + allow-digest(16), + locked-out(17), + require-pwchange(18), + do-not-store(31) +} +*/ + +typedef struct HDBFlags { + unsigned int initial:1; + unsigned int forwardable:1; + unsigned int proxiable:1; + unsigned int renewable:1; + unsigned int postdate:1; + unsigned int server:1; + unsigned int client:1; + unsigned int invalid:1; + unsigned int require_preauth:1; + unsigned int change_pw:1; + unsigned int require_hwauth:1; + unsigned int ok_as_delegate:1; + unsigned int user_to_user:1; + unsigned int immutable:1; + unsigned int trusted_for_delegation:1; + unsigned int allow_kerberos4:1; + unsigned int allow_digest:1; + unsigned int locked_out:1; + unsigned int require_pwchange:1; + unsigned int _unused19:1; + unsigned int _unused20:1; + unsigned int _unused21:1; + unsigned int _unused22:1; + unsigned int _unused23:1; + unsigned int _unused24:1; + unsigned int _unused25:1; + unsigned int _unused26:1; + unsigned int _unused27:1; + unsigned int _unused28:1; + unsigned int _unused29:1; + unsigned int _unused30:1; + unsigned int do_not_store:1; +} HDBFlags; + + +unsigned HDBFlags2int(HDBFlags); +HDBFlags int2HDBFlags(unsigned); +const struct units * asn1_HDBFlags_units(void); +ASN1EXP int ASN1CALL decode_HDBFlags(const unsigned char *, size_t, HDBFlags *, size_t *); +ASN1EXP int ASN1CALL encode_HDBFlags(unsigned char *, size_t, const HDBFlags *, size_t *); +ASN1EXP size_t ASN1CALL length_HDBFlags(const HDBFlags *); +ASN1EXP int ASN1CALL copy_HDBFlags (const HDBFlags *, HDBFlags *); +ASN1EXP void ASN1CALL free_HDBFlags (HDBFlags *); + + +/* +GENERATION ::= SEQUENCE { + time [0] KerberosTime, + usec [1] INTEGER (0..4294967295), + gen [2] INTEGER (0..4294967295), +} +*/ + +typedef struct GENERATION { + KerberosTime time; + unsigned int usec; + unsigned int gen; +} GENERATION; + +ASN1EXP int ASN1CALL decode_GENERATION(const unsigned char *, size_t, GENERATION *, size_t *); +ASN1EXP int ASN1CALL encode_GENERATION(unsigned char *, size_t, const GENERATION *, size_t *); +ASN1EXP size_t ASN1CALL length_GENERATION(const GENERATION *); +ASN1EXP int ASN1CALL copy_GENERATION (const GENERATION *, GENERATION *); +ASN1EXP void ASN1CALL free_GENERATION (GENERATION *); + + +/* +HDB-Ext-PKINIT-acl ::= SEQUENCE OF SEQUENCE { + subject [0] UTF8String, + issuer [1] UTF8String OPTIONAL, + anchor [2] UTF8String OPTIONAL, +} +*/ + +typedef struct HDB_Ext_PKINIT_acl { + unsigned int len; + struct HDB_Ext_PKINIT_acl_val { + heim_utf8_string subject; + heim_utf8_string *issuer; + heim_utf8_string *anchor; + } *val; +} HDB_Ext_PKINIT_acl; + +ASN1EXP int ASN1CALL decode_HDB_Ext_PKINIT_acl(const unsigned char *, size_t, HDB_Ext_PKINIT_acl *, size_t *); +ASN1EXP int ASN1CALL encode_HDB_Ext_PKINIT_acl(unsigned char *, size_t, const HDB_Ext_PKINIT_acl *, size_t *); +ASN1EXP size_t ASN1CALL length_HDB_Ext_PKINIT_acl(const HDB_Ext_PKINIT_acl *); +ASN1EXP int ASN1CALL copy_HDB_Ext_PKINIT_acl (const HDB_Ext_PKINIT_acl *, HDB_Ext_PKINIT_acl *); +ASN1EXP void ASN1CALL free_HDB_Ext_PKINIT_acl (HDB_Ext_PKINIT_acl *); + + +/* +HDB-Ext-PKINIT-hash ::= SEQUENCE OF SEQUENCE { + digest-type [0] OBJECT IDENTIFIER, + digest [1] OCTET STRING, +} +*/ + +typedef struct HDB_Ext_PKINIT_hash { + unsigned int len; + struct HDB_Ext_PKINIT_hash_val { + heim_oid digest_type; + heim_octet_string digest; + } *val; +} HDB_Ext_PKINIT_hash; + +ASN1EXP int ASN1CALL decode_HDB_Ext_PKINIT_hash(const unsigned char *, size_t, HDB_Ext_PKINIT_hash *, size_t *); +ASN1EXP int ASN1CALL encode_HDB_Ext_PKINIT_hash(unsigned char *, size_t, const HDB_Ext_PKINIT_hash *, size_t *); +ASN1EXP size_t ASN1CALL length_HDB_Ext_PKINIT_hash(const HDB_Ext_PKINIT_hash *); +ASN1EXP int ASN1CALL copy_HDB_Ext_PKINIT_hash (const HDB_Ext_PKINIT_hash *, HDB_Ext_PKINIT_hash *); +ASN1EXP void ASN1CALL free_HDB_Ext_PKINIT_hash (HDB_Ext_PKINIT_hash *); + + +/* +HDB-Ext-PKINIT-cert ::= SEQUENCE OF SEQUENCE { + cert [0] OCTET STRING, +} +*/ + +typedef struct HDB_Ext_PKINIT_cert { + unsigned int len; + struct HDB_Ext_PKINIT_cert_val { + heim_octet_string cert; + } *val; +} HDB_Ext_PKINIT_cert; + +ASN1EXP int ASN1CALL decode_HDB_Ext_PKINIT_cert(const unsigned char *, size_t, HDB_Ext_PKINIT_cert *, size_t *); +ASN1EXP int ASN1CALL encode_HDB_Ext_PKINIT_cert(unsigned char *, size_t, const HDB_Ext_PKINIT_cert *, size_t *); +ASN1EXP size_t ASN1CALL length_HDB_Ext_PKINIT_cert(const HDB_Ext_PKINIT_cert *); +ASN1EXP int ASN1CALL copy_HDB_Ext_PKINIT_cert (const HDB_Ext_PKINIT_cert *, HDB_Ext_PKINIT_cert *); +ASN1EXP void ASN1CALL free_HDB_Ext_PKINIT_cert (HDB_Ext_PKINIT_cert *); + + +/* +HDB-Ext-Constrained-delegation-acl ::= SEQUENCE OF Principal +*/ + +typedef struct HDB_Ext_Constrained_delegation_acl { + unsigned int len; + Principal *val; +} HDB_Ext_Constrained_delegation_acl; + +ASN1EXP int ASN1CALL decode_HDB_Ext_Constrained_delegation_acl(const unsigned char *, size_t, HDB_Ext_Constrained_delegation_acl *, size_t *); +ASN1EXP int ASN1CALL encode_HDB_Ext_Constrained_delegation_acl(unsigned char *, size_t, const HDB_Ext_Constrained_delegation_acl *, size_t *); +ASN1EXP size_t ASN1CALL length_HDB_Ext_Constrained_delegation_acl(const HDB_Ext_Constrained_delegation_acl *); +ASN1EXP int ASN1CALL copy_HDB_Ext_Constrained_delegation_acl (const HDB_Ext_Constrained_delegation_acl *, HDB_Ext_Constrained_delegation_acl *); +ASN1EXP void ASN1CALL free_HDB_Ext_Constrained_delegation_acl (HDB_Ext_Constrained_delegation_acl *); + + +/* +HDB-Ext-Lan-Manager-OWF ::= OCTET STRING +*/ + +typedef heim_octet_string HDB_Ext_Lan_Manager_OWF; + +ASN1EXP int ASN1CALL decode_HDB_Ext_Lan_Manager_OWF(const unsigned char *, size_t, HDB_Ext_Lan_Manager_OWF *, size_t *); +ASN1EXP int ASN1CALL encode_HDB_Ext_Lan_Manager_OWF(unsigned char *, size_t, const HDB_Ext_Lan_Manager_OWF *, size_t *); +ASN1EXP size_t ASN1CALL length_HDB_Ext_Lan_Manager_OWF(const HDB_Ext_Lan_Manager_OWF *); +ASN1EXP int ASN1CALL copy_HDB_Ext_Lan_Manager_OWF (const HDB_Ext_Lan_Manager_OWF *, HDB_Ext_Lan_Manager_OWF *); +ASN1EXP void ASN1CALL free_HDB_Ext_Lan_Manager_OWF (HDB_Ext_Lan_Manager_OWF *); + + +/* +HDB-Ext-Password ::= SEQUENCE { + mkvno [0] INTEGER (0..4294967295) OPTIONAL, + password OCTET STRING, +} +*/ + +typedef struct HDB_Ext_Password { + unsigned int *mkvno; + heim_octet_string password; +} HDB_Ext_Password; + +ASN1EXP int ASN1CALL decode_HDB_Ext_Password(const unsigned char *, size_t, HDB_Ext_Password *, size_t *); +ASN1EXP int ASN1CALL encode_HDB_Ext_Password(unsigned char *, size_t, const HDB_Ext_Password *, size_t *); +ASN1EXP size_t ASN1CALL length_HDB_Ext_Password(const HDB_Ext_Password *); +ASN1EXP int ASN1CALL copy_HDB_Ext_Password (const HDB_Ext_Password *, HDB_Ext_Password *); +ASN1EXP void ASN1CALL free_HDB_Ext_Password (HDB_Ext_Password *); + + +/* +HDB-Ext-Aliases ::= SEQUENCE { + case-insensitive [0] BOOLEAN, + aliases [1] SEQUENCE OF Principal, +} +*/ + +typedef struct HDB_Ext_Aliases { + int case_insensitive; + struct HDB_Ext_Aliases_aliases { + unsigned int len; + Principal *val; + } aliases; +} HDB_Ext_Aliases; + +ASN1EXP int ASN1CALL decode_HDB_Ext_Aliases(const unsigned char *, size_t, HDB_Ext_Aliases *, size_t *); +ASN1EXP int ASN1CALL encode_HDB_Ext_Aliases(unsigned char *, size_t, const HDB_Ext_Aliases *, size_t *); +ASN1EXP size_t ASN1CALL length_HDB_Ext_Aliases(const HDB_Ext_Aliases *); +ASN1EXP int ASN1CALL copy_HDB_Ext_Aliases (const HDB_Ext_Aliases *, HDB_Ext_Aliases *); +ASN1EXP void ASN1CALL free_HDB_Ext_Aliases (HDB_Ext_Aliases *); + + +/* +Keys ::= SEQUENCE OF Key +*/ + +typedef struct Keys { + unsigned int len; + Key *val; +} Keys; + +ASN1EXP int ASN1CALL add_Keys (Keys *, const Key *); +ASN1EXP int ASN1CALL remove_Keys (Keys *, unsigned int); +ASN1EXP int ASN1CALL decode_Keys(const unsigned char *, size_t, Keys *, size_t *); +ASN1EXP int ASN1CALL encode_Keys(unsigned char *, size_t, const Keys *, size_t *); +ASN1EXP size_t ASN1CALL length_Keys(const Keys *); +ASN1EXP int ASN1CALL copy_Keys (const Keys *, Keys *); +ASN1EXP void ASN1CALL free_Keys (Keys *); + + +/* +hdb_keyset ::= SEQUENCE { + kvno [0] INTEGER (0..4294967295), + keys [1] Keys, + set-time [2] KerberosTime OPTIONAL, + ..., +} +*/ + +typedef struct hdb_keyset { + unsigned int kvno; + Keys keys; + KerberosTime *set_time; +} hdb_keyset; + +ASN1EXP int ASN1CALL decode_hdb_keyset(const unsigned char *, size_t, hdb_keyset *, size_t *); +ASN1EXP int ASN1CALL encode_hdb_keyset(unsigned char *, size_t, const hdb_keyset *, size_t *); +ASN1EXP size_t ASN1CALL length_hdb_keyset(const hdb_keyset *); +ASN1EXP int ASN1CALL copy_hdb_keyset (const hdb_keyset *, hdb_keyset *); +ASN1EXP void ASN1CALL free_hdb_keyset (hdb_keyset *); + + +/* +HDB-Ext-KeySet ::= SEQUENCE OF hdb_keyset +*/ + +typedef struct HDB_Ext_KeySet { + unsigned int len; + hdb_keyset *val; +} HDB_Ext_KeySet; + +ASN1EXP int ASN1CALL add_HDB_Ext_KeySet (HDB_Ext_KeySet *, const hdb_keyset *); +ASN1EXP int ASN1CALL remove_HDB_Ext_KeySet (HDB_Ext_KeySet *, unsigned int); +ASN1EXP int ASN1CALL decode_HDB_Ext_KeySet(const unsigned char *, size_t, HDB_Ext_KeySet *, size_t *); +ASN1EXP int ASN1CALL encode_HDB_Ext_KeySet(unsigned char *, size_t, const HDB_Ext_KeySet *, size_t *); +ASN1EXP size_t ASN1CALL length_HDB_Ext_KeySet(const HDB_Ext_KeySet *); +ASN1EXP int ASN1CALL copy_HDB_Ext_KeySet (const HDB_Ext_KeySet *, HDB_Ext_KeySet *); +ASN1EXP void ASN1CALL free_HDB_Ext_KeySet (HDB_Ext_KeySet *); + + +/* +HDB-extension ::= SEQUENCE { + mandatory [0] BOOLEAN, + data [1] CHOICE { + pkinit-acl [0] HDB-Ext-PKINIT-acl, + pkinit-cert-hash [1] HDB-Ext-PKINIT-hash, + allowed-to-delegate-to [2] HDB-Ext-Constrained-delegation-acl, + lm-owf [4] HDB-Ext-Lan-Manager-OWF, + password [5] HDB-Ext-Password, + aliases [6] HDB-Ext-Aliases, + last-pw-change [7] KerberosTime, + pkinit-cert [8] HDB-Ext-PKINIT-cert, + hist-keys [9] HDB-Ext-KeySet, + hist-kvno-diff-clnt [10] INTEGER (0..4294967295), + hist-kvno-diff-svc [11] INTEGER (0..4294967295), + policy [12] UTF8String, + principal-id [13] INTEGER (-9223372036854775808..9223372036854775807), + ..., + }, + ..., +} +*/ + +typedef struct HDB_extension { + int mandatory; + struct HDB_extension_data { + enum HDB_extension_data_enum { + choice_HDB_extension_data_asn1_ellipsis = 0, + choice_HDB_extension_data_pkinit_acl, + choice_HDB_extension_data_pkinit_cert_hash, + choice_HDB_extension_data_allowed_to_delegate_to, + choice_HDB_extension_data_lm_owf, + choice_HDB_extension_data_password, + choice_HDB_extension_data_aliases, + choice_HDB_extension_data_last_pw_change, + choice_HDB_extension_data_pkinit_cert, + choice_HDB_extension_data_hist_keys, + choice_HDB_extension_data_hist_kvno_diff_clnt, + choice_HDB_extension_data_hist_kvno_diff_svc, + choice_HDB_extension_data_policy, + choice_HDB_extension_data_principal_id + /* ... */ + } element; + union { + HDB_Ext_PKINIT_acl pkinit_acl; + HDB_Ext_PKINIT_hash pkinit_cert_hash; + HDB_Ext_Constrained_delegation_acl allowed_to_delegate_to; + HDB_Ext_Lan_Manager_OWF lm_owf; + HDB_Ext_Password password; + HDB_Ext_Aliases aliases; + KerberosTime last_pw_change; + HDB_Ext_PKINIT_cert pkinit_cert; + HDB_Ext_KeySet hist_keys; + unsigned int hist_kvno_diff_clnt; + unsigned int hist_kvno_diff_svc; + heim_utf8_string policy; + int64_t principal_id; + heim_octet_string asn1_ellipsis; + } u; + } data; +} HDB_extension; + +ASN1EXP int ASN1CALL decode_HDB_extension(const unsigned char *, size_t, HDB_extension *, size_t *); +ASN1EXP int ASN1CALL encode_HDB_extension(unsigned char *, size_t, const HDB_extension *, size_t *); +ASN1EXP size_t ASN1CALL length_HDB_extension(const HDB_extension *); +ASN1EXP int ASN1CALL copy_HDB_extension (const HDB_extension *, HDB_extension *); +ASN1EXP void ASN1CALL free_HDB_extension (HDB_extension *); + + +/* +HDB-extensions ::= SEQUENCE OF HDB-extension +*/ + +typedef struct HDB_extensions { + unsigned int len; + HDB_extension *val; +} HDB_extensions; + +ASN1EXP int ASN1CALL decode_HDB_extensions(const unsigned char *, size_t, HDB_extensions *, size_t *); +ASN1EXP int ASN1CALL encode_HDB_extensions(unsigned char *, size_t, const HDB_extensions *, size_t *); +ASN1EXP size_t ASN1CALL length_HDB_extensions(const HDB_extensions *); +ASN1EXP int ASN1CALL copy_HDB_extensions (const HDB_extensions *, HDB_extensions *); +ASN1EXP void ASN1CALL free_HDB_extensions (HDB_extensions *); + + +/* +hdb_entry ::= SEQUENCE { + principal [0] Principal OPTIONAL, + kvno [1] INTEGER (0..4294967295), + keys [2] Keys, + created-by [3] Event, + modified-by [4] Event OPTIONAL, + valid-start [5] KerberosTime OPTIONAL, + valid-end [6] KerberosTime OPTIONAL, + pw-end [7] KerberosTime OPTIONAL, + max-life [8] INTEGER (0..4294967295) OPTIONAL, + max-renew [9] INTEGER (0..4294967295) OPTIONAL, + flags [10] HDBFlags, + etypes [11] SEQUENCE OF INTEGER (0..4294967295) OPTIONAL, + generation [12] GENERATION OPTIONAL, + extensions [13] HDB-extensions OPTIONAL, +} +*/ + +typedef struct hdb_entry { + Principal *principal; + unsigned int kvno; + Keys keys; + Event created_by; + Event *modified_by; + KerberosTime *valid_start; + KerberosTime *valid_end; + KerberosTime *pw_end; + unsigned int *max_life; + unsigned int *max_renew; + HDBFlags flags; + struct hdb_entry_etypes { + unsigned int len; + unsigned int *val; + } *etypes; + GENERATION *generation; + HDB_extensions *extensions; +} hdb_entry; + +ASN1EXP int ASN1CALL decode_hdb_entry(const unsigned char *, size_t, hdb_entry *, size_t *); +ASN1EXP int ASN1CALL encode_hdb_entry(unsigned char *, size_t, const hdb_entry *, size_t *); +ASN1EXP size_t ASN1CALL length_hdb_entry(const hdb_entry *); +ASN1EXP int ASN1CALL copy_hdb_entry (const hdb_entry *, hdb_entry *); +ASN1EXP void ASN1CALL free_hdb_entry (hdb_entry *); + + +/* +hdb_entry_alias ::= [APPLICATION 0] SEQUENCE { + principal [0] Principal OPTIONAL, +} +*/ + +typedef struct hdb_entry_alias { + Principal *principal; +} hdb_entry_alias; + +ASN1EXP int ASN1CALL decode_hdb_entry_alias(const unsigned char *, size_t, hdb_entry_alias *, size_t *); +ASN1EXP int ASN1CALL encode_hdb_entry_alias(unsigned char *, size_t, const hdb_entry_alias *, size_t *); +ASN1EXP size_t ASN1CALL length_hdb_entry_alias(const hdb_entry_alias *); +ASN1EXP int ASN1CALL copy_hdb_entry_alias (const hdb_entry_alias *, hdb_entry_alias *); +ASN1EXP void ASN1CALL free_hdb_entry_alias (hdb_entry_alias *); + + +#endif /* __hdb_asn1_h__ */ diff --git a/kerberos5/include/hdb_err.h b/kerberos5/include/hdb_err.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/hdb_err.h @@ -0,0 +1,39 @@ +/* Generated from hdb_err.et */ +/* $Id$ */ + +#ifndef __hdb_err_h__ +#define __hdb_err_h__ + +struct et_list; + +void initialize_hdb_error_table_r(struct et_list **); + +void initialize_hdb_error_table(void); +#define init_hdb_err_tbl initialize_hdb_error_table + +typedef enum hdb_error_number{ + HDB_ERR_UK_SERROR = 36150273, + HDB_ERR_UK_RERROR = 36150274, + HDB_ERR_NOENTRY = 36150275, + HDB_ERR_DB_INUSE = 36150276, + HDB_ERR_DB_CHANGED = 36150277, + HDB_ERR_RECURSIVELOCK = 36150278, + HDB_ERR_NOTLOCKED = 36150279, + HDB_ERR_BADLOCKMODE = 36150280, + HDB_ERR_CANT_LOCK_DB = 36150281, + HDB_ERR_EXISTS = 36150282, + HDB_ERR_BADVERSION = 36150283, + HDB_ERR_NO_MKEY = 36150284, + HDB_ERR_MANDATORY_OPTION = 36150285, + HDB_ERR_NO_WRITE_SUPPORT = 36150286, + HDB_ERR_NOT_FOUND_HERE = 36150287, + HDB_ERR_MISUSE = 36150288, + HDB_ERR_KVNO_NOT_FOUND = 36150289, + HDB_ERR_WRONG_REALM = 36150290 +} hdb_error_number; + +#define ERROR_TABLE_BASE_hdb 36150272 + +#define COM_ERR_BINDDOMAIN_hdb "heim_com_err36150272" + +#endif /* __hdb_err_h__ */ diff --git a/kerberos5/include/heim-ipc.h b/kerberos5/include/heim-ipc.h new file mode 100644 index 0000000000000000000000000000000000000000..b5b919b64626a5abec5724b911444206bfb2e57d GIT binary patch literal 3525 zc$~FXO>>(_5Isx3qN{QUQV~0L_Ok1(t-=UfQ!9ZMkR6}M7{=0+fl$LoA+4SwC|a|GTK4 zRnANDutN35b6{nyrCw_R>Ip5=WvOztc(WnWDt%t6yujhB$V53fBR40{!33(I61Ava zL`L(pG*gw9s;rNZaaOBbV6gP;M+l+FWUVXtxF#UrWd`e7fGnX_>nasy=24csdV?ob z6}1hoQZGSO=Bw74PzsgFCz*1>uz^-^_QEgTl&N%Gh*I-S>CUk#3fC(r zxE7V9WQat6MT#+6J;UYPErao4V;>Q+rHBsLT>Z_rd#x4a7e29JXJ z2s2S2$_&>8wG5Ie6e2Y$p?8KXu^ZtD7aB!s^`u|16I!gc$)H||lv)g3CG}oK%~dvS zR@YmZ#A6mg6x_u3PUr!SXJK&1M&1anA8-+;{3vGeJodoxN8kp29J1?q9E1^k`{qRG z^6?`rnXTtPfcJG4dQk*H2y8l=FhoM=(D7sDMK;2@llh4Gw>BUO_(2R4Hf1rI#eq!` z3Fy!hf*Y86p*zN(&NZ8`_`wjmVX;r)ZZMt$GbfChJD)fq%;w=NhzuHKHe!)GaoE%w zodJ@-z~J3^ehksrnN0RFMXa4fuRSE`Tu%&|iG+!cSm?PiWz>yaR1Wz~@I;z z)x%_*@WF0jBk!L%8sQ?Ljhv}-i|JWE5eCcR&O>iXlu?Rke!U@k8w8_>pb$Rt!aL@A z(G^UB$Y?f?JR5_=jtP$_C>So|_<9~OBOUW&FAV3im<9fTfX2Z+YJ+4Q^d1?R1K;F~ zG6mrS;gTMv3O3x2J)93oRim0iT12Rx8xz`=B}PR(=D_iiWb*7IGXdO$$;Eb<0e zG!~HoYa-t}4<^UCNuSDv+?wH51KXykz;3`9-7zBH8e=O&tZkd%hLEDUJ8spdy>Q;| ze~@LGukoDxlh@_Nr&JXM?vv$T{l0!%;r)V#sjhGv!cxd0k*gGjo6*%#le)91Pa4Uz z!VNv_#wW~bQSjAL;h8_&n>g<9$ZL^gT=UkShNo#JDaT81xcmF6-#;Hhqk~cCMaitc z$vJtdgh+_7)sY{d&st`Q?#yU9SqPor{GR3FgyrJEa&^LT^~;vEFz4Q$^=?K5-i#Ja z(bAsEoz?pkf#bzt<*Hne2Yrv3y>h9oJvhA3@Pa-GqsP^brK8*ZFl4nuT;|=vfR>LmQp8l z*@^Gk!Y|(2>5^A4w70g;VJb~ewQiePGTQ;C=6qkZp@H8fXCM95?6dKTO0RcuYITms^q0$C@A8zvIF4t% z-f!J$Wt6psoocGUC$1I)Yj>L;Nq{(?gh7`_o<4W^9}%qI>(O&$XNlD4s{c;M-aCaT zc2^)XopaQCnc@CSm!`8$bksXHif;&PC~lp{JM}m4co+&^B=ooxrKl_;$Cf6Cz`q8I z700J*vM%NKUm*<5-wEukjbhMgzv4^J>W+~;gBlOL)+kxxYd6Qt+V*WqH#p*Sxc};A G1O5kEuYEcI literal 0 Hc$@= 106120000 && __NetBSD_Version__< 299001200 && defined(ENABLE_PTHREAD_SUPPORT) + +/* + * NetBSD have a thread lib that we can use that part of libc that + * works regardless if application are linked to pthreads or not. + * NetBSD newer then 2.99.11 just use pthread.h, and the same thing + * will happen. + */ +#include + +#define HEIMDAL_MUTEX mutex_t +#define HEIMDAL_MUTEX_INITIALIZER MUTEX_INITIALIZER +#define HEIMDAL_MUTEX_init(m) mutex_init(m, NULL) +#define HEIMDAL_MUTEX_lock(m) mutex_lock(m) +#define HEIMDAL_MUTEX_unlock(m) mutex_unlock(m) +#define HEIMDAL_MUTEX_destroy(m) mutex_destroy(m) + +#define HEIMDAL_RWLOCK rwlock_t +#define HEIMDAL_RWLOCK_INITIALIZER RWLOCK_INITIALIZER +#define HEIMDAL_RWLOCK_init(l) rwlock_init(l, NULL) +#define HEIMDAL_RWLOCK_rdlock(l) rwlock_rdlock(l) +#define HEIMDAL_RWLOCK_wrlock(l) rwlock_wrlock(l) +#define HEIMDAL_RWLOCK_tryrdlock(l) rwlock_tryrdlock(l) +#define HEIMDAL_RWLOCK_trywrlock(l) rwlock_trywrlock(l) +#define HEIMDAL_RWLOCK_unlock(l) rwlock_unlock(l) +#define HEIMDAL_RWLOCK_destroy(l) rwlock_destroy(l) + +#define HEIMDAL_thread_key thread_key_t +#define HEIMDAL_key_create(k,d,r) do { r = thr_keycreate(k,d); } while(0) +#define HEIMDAL_setspecific(k,s,r) do { r = thr_setspecific(k,s); } while(0) +#define HEIMDAL_getspecific(k) thr_getspecific(k) +#define HEIMDAL_key_delete(k) thr_keydelete(k) + +#define HEIMDAL_THREAD_ID thr_t +#define HEIMDAL_THREAD_create(t,f,a) thr_create((t), 0, (f), (a)) + +#elif defined(ENABLE_PTHREAD_SUPPORT) && (!defined(__NetBSD__) || __NetBSD_Version__ >= 299001200) + +#include + +#define HEIMDAL_MUTEX pthread_mutex_t +#define HEIMDAL_MUTEX_INITIALIZER PTHREAD_MUTEX_INITIALIZER +#define HEIMDAL_MUTEX_init(m) pthread_mutex_init(m, NULL) +#define HEIMDAL_MUTEX_lock(m) pthread_mutex_lock(m) +#define HEIMDAL_MUTEX_unlock(m) pthread_mutex_unlock(m) +#define HEIMDAL_MUTEX_destroy(m) pthread_mutex_destroy(m) + +#define HEIMDAL_RWLOCK pthread_rwlock_t +#define HEIMDAL_RWLOCK_INITIALIZER PTHREAD_RWLOCK_INITIALIZER +#define HEIMDAL_RWLOCK_init(l) pthread_rwlock_init(l, NULL) +#define HEIMDAL_RWLOCK_rdlock(l) pthread_rwlock_rdlock(l) +#define HEIMDAL_RWLOCK_wrlock(l) pthread_rwlock_wrlock(l) +#define HEIMDAL_RWLOCK_tryrdlock(l) pthread_rwlock_tryrdlock(l) +#define HEIMDAL_RWLOCK_trywrlock(l) pthread_rwlock_trywrlock(l) +#define HEIMDAL_RWLOCK_unlock(l) pthread_rwlock_unlock(l) +#define HEIMDAL_RWLOCK_destroy(l) pthread_rwlock_destroy(l) + +#ifdef HEIM_BASE_MAINTAINER +#define HEIMDAL_thread_key unsigned long +#define HEIM_PRIV_thread_key HEIMDAL_thread_key +#define HEIMDAL_key_create(k,d,r) do { r = heim_w32_key_create(k,d); } while(0) +#define HEIMDAL_setspecific(k,s,r) do { r = heim_w32_setspecific(k,s); } while(0) +#define HEIMDAL_getspecific(k) (heim_w32_getspecific(k)) +#define HEIMDAL_key_delete(k) (heim_w32_delete_key(k)) +#else +#define HEIMDAL_thread_key pthread_key_t +#define HEIMDAL_key_create(k,d,r) do { r = pthread_key_create(k,d); } while(0) +#define HEIMDAL_setspecific(k,s,r) do { r = pthread_setspecific(k,s); } while(0) +#define HEIMDAL_getspecific(k) pthread_getspecific(k) +#define HEIMDAL_key_delete(k) pthread_key_delete(k) +#endif + +#define HEIMDAL_THREAD_ID pthread_t +#define HEIMDAL_THREAD_create(t,f,a) pthread_create((t), 0, (f), (a)) + +#elif defined(_WIN32) + +typedef struct heim_mutex { + HANDLE h; +} heim_mutex_t; + +static inline int +heim_mutex_init(heim_mutex_t *m) +{ + m->h = CreateSemaphore(NULL, 1, 1, NULL); + if (m->h == INVALID_HANDLE_VALUE) + return EAGAIN; + return 0; +} + +static inline int +heim_mutex_lock(heim_mutex_t *m) +{ + HANDLE h, new_h; + int created = 0; + + h = InterlockedCompareExchangePointer(&m->h, m->h, m->h); + if (h == INVALID_HANDLE_VALUE || h == NULL) { + created = 1; + new_h = CreateSemaphore(NULL, 0, 1, NULL); + if (new_h == INVALID_HANDLE_VALUE) + return EAGAIN; + if (InterlockedCompareExchangePointer(&m->h, new_h, h) != h) { + created = 0; + CloseHandle(new_h); + } + } + if (!created) + WaitForSingleObject(m->h, INFINITE); + return 0; +} + +static inline int +heim_mutex_unlock(heim_mutex_t *m) +{ + if (ReleaseSemaphore(m->h, 1, NULL) == FALSE) + return EPERM; + return 0; +} + +static inline int +heim_mutex_destroy(heim_mutex_t *m) +{ + HANDLE h; + + h = InterlockedCompareExchangePointer(&m->h, INVALID_HANDLE_VALUE, m->h); + if (h != INVALID_HANDLE_VALUE) + CloseHandle(h); + return 0; +} + +#define HEIMDAL_MUTEX heim_mutex_t +#define HEIMDAL_MUTEX_INITIALIZER { INVALID_HANDLE_VALUE } +#define HEIMDAL_MUTEX_init(m) heim_mutex_init((m)) +#define HEIMDAL_MUTEX_lock(m) heim_mutex_lock((m)) +#define HEIMDAL_MUTEX_unlock(m) heim_mutex_unlock((m)) +#define HEIMDAL_MUTEX_destroy(m) heim_mutex_destroy((m)) + +typedef struct heim_rwlock { + SRWLOCK lock; + int exclusive; +} heim_rwlock_t; + +static inline int +heim_rwlock_init(heim_rwlock_t *l) +{ + InitializeSRWLock(&l->lock); + l->exclusive = 0; + return 0; +} + +static inline int +heim_rwlock_rdlock(heim_rwlock_t *l) +{ + AcquireSRWLockShared(&l->lock); + return 0; +} + +static inline int +heim_rwlock_wrlock(heim_rwlock_t *l) +{ + AcquireSRWLockExclusive(&l->lock); + l->exclusive = 1; + return 0; +} + +static inline int +heim_rwlock_tryrdlock(heim_rwlock_t *l) +{ + if (TryAcquireSRWLockShared(&l->lock)) + return 0; + return EBUSY; +} + +static inline int +heim_rwlock_trywrlock(heim_rwlock_t *l) +{ + if (TryAcquireSRWLockExclusive(&l->lock)) + return 0; + return EBUSY; +} + +static inline int +heim_rwlock_unlock(heim_rwlock_t *l) +{ + if (l->exclusive) { + l->exclusive = 0; + ReleaseSRWLockExclusive(&(l)->lock); + } else { + ReleaseSRWLockShared(&(l)->lock); + } + return 0; +} + +static inline int +heim_rwlock_destroy(heim_rwlock_t *l) +{ + /* SRW locks cannot be destroyed so re-initialize */ + InitializeSRWLock(&l->lock); + l->exclusive = 0; + return 0; +} + +#define HEIMDAL_RWLOCK heim_rwlock_t +#define HEIMDAL_RWLOCK_INITIALIZER {SRWLOCK_INIT, 0} +#define HEIMDAL_RWLOCK_init(l) heim_rwlock_init((l)) +#define HEIMDAL_RWLOCK_rdlock(l) heim_rwlock_rdlock((l)) +#define HEIMDAL_RWLOCK_wrlock(l) heim_rwlock_wrlock((l)) +#define HEIMDAL_RWLOCK_tryrdlock(l) heim_rwlock_tryrdlock((l)) +#define HEIMDAL_RWLOCK_trywrlock(l) heim_rwlock_trywrlock((l)) +#define HEIMDAL_RWLOCK_unlock(l) heim_rwlock_unlock((l)) +#define HEIMDAL_RWLOCK_destroy(l) heim_rwlock_destroy((l)) + +#define HEIMDAL_thread_key unsigned long +#define HEIM_PRIV_thread_key HEIMDAL_thread_key +#define HEIMDAL_key_create(k,d,r) do { r = heim_w32_key_create(k,d); } while(0) +#define HEIMDAL_setspecific(k,s,r) do { r = heim_w32_setspecific(k,s); } while(0) +#define HEIMDAL_getspecific(k) (heim_w32_getspecific(k)) +#define HEIMDAL_key_delete(k) (heim_w32_delete_key(k)) + +#define HEIMDAL_THREAD_ID DWORD +#define HEIMDAL_THREAD_create(t,f,a) \ + ((CreateThread(0, 0, (f), (a), 0, (t)) == INVALID_HANDLE_VALUE) ? EINVAL : 0) + +#elif defined(HEIMDAL_DEBUG_THREADS) + +/* no threads support, just do consistency checks */ +#include + +#define HEIMDAL_MUTEX int +#define HEIMDAL_MUTEX_INITIALIZER 0 +#define HEIMDAL_MUTEX_init(m) do { (*(m)) = 0; } while(0) +#define HEIMDAL_MUTEX_lock(m) do { if ((*(m))++ != 0) abort(); } while(0) +#define HEIMDAL_MUTEX_unlock(m) do { if ((*(m))-- != 1) abort(); } while(0) +#define HEIMDAL_MUTEX_destroy(m) do {if ((*(m)) != 0) abort(); } while(0) + +#define HEIMDAL_RWLOCK rwlock_t int +#define HEIMDAL_RWLOCK_INITIALIZER 0 +#define HEIMDAL_RWLOCK_init(l) do { } while(0) +#define HEIMDAL_RWLOCK_rdlock(l) do { } while(0) +#define HEIMDAL_RWLOCK_wrlock(l) do { } while(0) +#define HEIMDAL_RWLOCK_tryrdlock(l) do { } while(0) +#define HEIMDAL_RWLOCK_trywrlock(l) do { } while(0) +#define HEIMDAL_RWLOCK_unlock(l) do { } while(0) +#define HEIMDAL_RWLOCK_destroy(l) do { } while(0) + +#define HEIMDAL_internal_thread_key 1 + +#define HEIMDAL_THREAD_ID int +#define HEIMDAL_THREAD_create(t,f,a) abort() + +#else /* no thread support, no debug case */ + +#define HEIMDAL_MUTEX int +#define HEIMDAL_MUTEX_INITIALIZER 0 +#define HEIMDAL_MUTEX_init(m) do { (void)(m); } while(0) +#define HEIMDAL_MUTEX_lock(m) do { (void)(m); } while(0) +#define HEIMDAL_MUTEX_unlock(m) do { (void)(m); } while(0) +#define HEIMDAL_MUTEX_destroy(m) do { (void)(m); } while(0) + +#define HEIMDAL_RWLOCK rwlock_t int +#define HEIMDAL_RWLOCK_INITIALIZER 0 +#define HEIMDAL_RWLOCK_init(l) do { } while(0) +#define HEIMDAL_RWLOCK_rdlock(l) do { } while(0) +#define HEIMDAL_RWLOCK_wrlock(l) do { } while(0) +#define HEIMDAL_RWLOCK_tryrdlock(l) do { } while(0) +#define HEIMDAL_RWLOCK_trywrlock(l) do { } while(0) +#define HEIMDAL_RWLOCK_unlock(l) do { } while(0) +#define HEIMDAL_RWLOCK_destroy(l) do { } while(0) + +#define HEIMDAL_THREAD_ID int +#define HEIMDAL_THREAD_create(t,f,a) abort() + +#define HEIMDAL_internal_thread_key 1 + +#endif /* no thread support */ + +#ifdef HEIMDAL_internal_thread_key + +typedef struct heim_thread_key { + void *value; + void (*destructor)(void *); +} heim_thread_key; + +#define HEIMDAL_thread_key heim_thread_key +#define HEIMDAL_key_create(k,d,r) \ + do { (k)->value = NULL; (k)->destructor = (d); r = 0; } while(0) +#define HEIMDAL_setspecific(k,s,r) do { (k).value = s ; r = 0; } while(0) +#define HEIMDAL_getspecific(k) ((k).value) +#define HEIMDAL_key_delete(k) do { (*(k).destructor)((k).value); } while(0) + +#undef HEIMDAL_internal_thread_key +#endif /* HEIMDAL_internal_thread_key */ + +int heim_w32_key_create(HEIM_PRIV_thread_key *, void (*)(void *)); +int heim_w32_delete_key(HEIM_PRIV_thread_key); +int heim_w32_setspecific(HEIM_PRIV_thread_key, void *); +void *heim_w32_getspecific(HEIM_PRIV_thread_key); + +#endif /* HEIM_THREADS_H */ diff --git a/kerberos5/include/heimbase.h b/kerberos5/include/heimbase.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/heimbase.h @@ -0,0 +1,431 @@ +/* + * Copyright (c) 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef HEIM_BASE_H +#define HEIM_BASE_H 1 + +#include +#if !defined(WIN32) && !defined(HAVE_DISPATCH_DISPATCH_H) && defined(ENABLE_PTHREAD_SUPPORT) +#include +#endif +#include +#include +#ifdef HAVE_STDBOOL_H +#include +#else +#ifndef false +#define false 0 +#endif +#ifndef true +#define true 1 +#endif +#endif + +#define HEIM_BASE_API_VERSION 20130210 + +typedef void * heim_object_t; +typedef unsigned int heim_tid_t; +typedef heim_object_t heim_bool_t; +typedef heim_object_t heim_null_t; +#ifdef WIN32 +typedef LONG heim_base_once_t; +#define HEIM_BASE_ONCE_INIT 0 +#elif defined(HAVE_DISPATCH_DISPATCH_H) +typedef long heim_base_once_t; /* XXX arch dependant */ +#define HEIM_BASE_ONCE_INIT 0 +#elif defined(ENABLE_PTHREAD_SUPPORT) +typedef pthread_once_t heim_base_once_t; +#define HEIM_BASE_ONCE_INIT PTHREAD_ONCE_INIT +#else +typedef long heim_base_once_t; /* XXX arch dependant */ +#define HEIM_BASE_ONCE_INIT 0 +#endif + +#if !defined(__has_extension) +#define __has_extension(x) 0 +#endif + +#define HEIM_REQUIRE_GNUC(m,n,p) \ + (((__GNUC__ * 10000) + (__GNUC_MINOR__ * 100) + __GNUC_PATCHLEVEL__) >= \ + (((m) * 10000) + ((n) * 100) + (p))) + + +#if __has_extension(__builtin_expect) || HEIM_REQUIRE_GNUC(3,0,0) +#define heim_builtin_expect(_op,_res) __builtin_expect(_op,_res) +#else +#define heim_builtin_expect(_op,_res) (_op) +#endif + + +void * heim_retain(heim_object_t); +void heim_release(heim_object_t); + +void heim_show(heim_object_t); + +typedef void (*heim_type_dealloc)(void *); + +void * +heim_alloc(size_t size, const char *name, heim_type_dealloc dealloc); + +heim_tid_t +heim_get_tid(heim_object_t object); + +int +heim_cmp(heim_object_t a, heim_object_t b); + +unsigned long +heim_get_hash(heim_object_t ptr); + +void +heim_base_once_f(heim_base_once_t *, void *, void (*)(void *)); + +void +heim_abort(const char *fmt, ...) + HEIMDAL_NORETURN_ATTRIBUTE + HEIMDAL_PRINTF_ATTRIBUTE((__printf__, 1, 2)); + +void +heim_abortv(const char *fmt, va_list ap) + HEIMDAL_NORETURN_ATTRIBUTE + HEIMDAL_PRINTF_ATTRIBUTE((__printf__, 1, 0)); + +#define heim_assert(e,t) \ + (heim_builtin_expect(!(e), 0) ? heim_abort(t ":" #e) : (void)0) + +/* + * + */ + +heim_null_t +heim_null_create(void); + +heim_bool_t +heim_bool_create(int); + +int +heim_bool_val(heim_bool_t); + +/* + * Array + */ + +typedef struct heim_array_data *heim_array_t; + +heim_array_t heim_array_create(void); +heim_tid_t heim_array_get_type_id(void); + +typedef void (*heim_array_iterator_f_t)(heim_object_t, void *, int *); +typedef int (*heim_array_filter_f_t)(heim_object_t, void *); + +int heim_array_append_value(heim_array_t, heim_object_t); +int heim_array_insert_value(heim_array_t, size_t idx, heim_object_t); +void heim_array_iterate_f(heim_array_t, void *, heim_array_iterator_f_t); +void heim_array_iterate_reverse_f(heim_array_t, void *, heim_array_iterator_f_t); +#ifdef __BLOCKS__ +void heim_array_iterate(heim_array_t, void (^)(heim_object_t, int *)); +void heim_array_iterate_reverse(heim_array_t, void (^)(heim_object_t, int *)); +#endif +size_t heim_array_get_length(heim_array_t); +heim_object_t + heim_array_get_value(heim_array_t, size_t); +heim_object_t + heim_array_copy_value(heim_array_t, size_t); +void heim_array_set_value(heim_array_t, size_t, heim_object_t); +void heim_array_delete_value(heim_array_t, size_t); +void heim_array_filter_f(heim_array_t, void *, heim_array_filter_f_t); +#ifdef __BLOCKS__ +void heim_array_filter(heim_array_t, int (^)(heim_object_t)); +#endif + +/* + * Dict + */ + +typedef struct heim_dict_data *heim_dict_t; + +heim_dict_t heim_dict_create(size_t size); +heim_tid_t heim_dict_get_type_id(void); + +typedef void (*heim_dict_iterator_f_t)(heim_object_t, heim_object_t, void *); + +int heim_dict_set_value(heim_dict_t, heim_object_t, heim_object_t); +void heim_dict_iterate_f(heim_dict_t, void *, heim_dict_iterator_f_t); +#ifdef __BLOCKS__ +void heim_dict_iterate(heim_dict_t, void (^)(heim_object_t, heim_object_t)); +#endif + +heim_object_t + heim_dict_get_value(heim_dict_t, heim_object_t); +heim_object_t + heim_dict_copy_value(heim_dict_t, heim_object_t); +void heim_dict_delete_key(heim_dict_t, heim_object_t); + +/* + * String + */ + +typedef struct heim_string_data *heim_string_t; +typedef void (*heim_string_free_f_t)(void *); + +heim_string_t heim_string_create(const char *); +heim_string_t heim_string_ref_create(const char *, heim_string_free_f_t); +heim_string_t heim_string_create_with_bytes(const void *, size_t); +heim_string_t heim_string_ref_create_with_bytes(const void *, size_t, + heim_string_free_f_t); +heim_string_t heim_string_create_with_format(const char *, ...); +heim_tid_t heim_string_get_type_id(void); +const char * heim_string_get_utf8(heim_string_t); + +#define HSTR(_str) (__heim_string_constant("" _str "")) +heim_string_t __heim_string_constant(const char *); + +/* + * Errors + */ + +typedef struct heim_error * heim_error_t; + +heim_error_t heim_error_create_enomem(void); + +heim_error_t heim_error_create(int, const char *, ...) + HEIMDAL_PRINTF_ATTRIBUTE((__printf__, 2, 3)); + +void heim_error_create_opt(heim_error_t *error, int error_code, const char *fmt, ...) + HEIMDAL_PRINTF_ATTRIBUTE((__printf__, 3, 4)); + +heim_error_t heim_error_createv(int, const char *, va_list) + HEIMDAL_PRINTF_ATTRIBUTE((__printf__, 2, 0)); + +heim_string_t heim_error_copy_string(heim_error_t); +int heim_error_get_code(heim_error_t); + +heim_error_t heim_error_append(heim_error_t, heim_error_t); + +/* + * Path + */ + +heim_object_t heim_path_get(heim_object_t ptr, heim_error_t *error, ...); +heim_object_t heim_path_copy(heim_object_t ptr, heim_error_t *error, ...); +heim_object_t heim_path_vget(heim_object_t ptr, heim_error_t *error, + va_list ap); +heim_object_t heim_path_vcopy(heim_object_t ptr, heim_error_t *error, + va_list ap); + +int heim_path_vcreate(heim_object_t ptr, size_t size, heim_object_t leaf, + heim_error_t *error, va_list ap); +int heim_path_create(heim_object_t ptr, size_t size, heim_object_t leaf, + heim_error_t *error, ...); + +void heim_path_vdelete(heim_object_t ptr, heim_error_t *error, va_list ap); +void heim_path_delete(heim_object_t ptr, heim_error_t *error, ...); + +/* + * Data (octet strings) + */ + +#ifndef __HEIM_BASE_DATA__ +#define __HEIM_BASE_DATA__ +struct heim_base_data { + size_t length; + void *data; +}; +typedef struct heim_base_data heim_octet_string; +#endif + +typedef struct heim_base_data * heim_data_t; +typedef void (*heim_data_free_f_t)(void *); + +heim_data_t heim_data_create(const void *, size_t); +heim_data_t heim_data_ref_create(const void *, size_t, heim_data_free_f_t); +heim_tid_t heim_data_get_type_id(void); +const heim_octet_string * + heim_data_get_data(heim_data_t); +const void * heim_data_get_ptr(heim_data_t); +size_t heim_data_get_length(heim_data_t); + +/* + * DB + */ + +typedef struct heim_db_data *heim_db_t; + +typedef void (*heim_db_iterator_f_t)(heim_data_t, heim_data_t, void *); + +typedef int (*heim_db_plug_open_f_t)(void *, const char *, const char *, + heim_dict_t, void **, heim_error_t *); +typedef int (*heim_db_plug_clone_f_t)(void *, void **, heim_error_t *); +typedef int (*heim_db_plug_close_f_t)(void *, heim_error_t *); +typedef int (*heim_db_plug_lock_f_t)(void *, int, heim_error_t *); +typedef int (*heim_db_plug_unlock_f_t)(void *, heim_error_t *); +typedef int (*heim_db_plug_sync_f_t)(void *, heim_error_t *); +typedef int (*heim_db_plug_begin_f_t)(void *, int, heim_error_t *); +typedef int (*heim_db_plug_commit_f_t)(void *, heim_error_t *); +typedef int (*heim_db_plug_rollback_f_t)(void *, heim_error_t *); +typedef heim_data_t (*heim_db_plug_copy_value_f_t)(void *, heim_string_t, + heim_data_t, + heim_error_t *); +typedef int (*heim_db_plug_set_value_f_t)(void *, heim_string_t, heim_data_t, + heim_data_t, heim_error_t *); +typedef int (*heim_db_plug_del_key_f_t)(void *, heim_string_t, heim_data_t, + heim_error_t *); +typedef void (*heim_db_plug_iter_f_t)(void *, heim_string_t, void *, + heim_db_iterator_f_t, heim_error_t *); + +struct heim_db_type { + int version; + heim_db_plug_open_f_t openf; + heim_db_plug_clone_f_t clonef; + heim_db_plug_close_f_t closef; + heim_db_plug_lock_f_t lockf; + heim_db_plug_unlock_f_t unlockf; + heim_db_plug_sync_f_t syncf; + heim_db_plug_begin_f_t beginf; + heim_db_plug_commit_f_t commitf; + heim_db_plug_rollback_f_t rollbackf; + heim_db_plug_copy_value_f_t copyf; + heim_db_plug_set_value_f_t setf; + heim_db_plug_del_key_f_t delf; + heim_db_plug_iter_f_t iterf; +}; + +extern struct heim_db_type heim_sorted_text_file_dbtype; + +#define HEIM_DB_TYPE_VERSION_01 1 + +int heim_db_register(const char *dbtype, + void *data, + struct heim_db_type *plugin); + +heim_db_t heim_db_create(const char *dbtype, const char *dbname, + heim_dict_t options, heim_error_t *error); +heim_db_t heim_db_clone(heim_db_t, heim_error_t *); +int heim_db_begin(heim_db_t, int, heim_error_t *); +int heim_db_commit(heim_db_t, heim_error_t *); +int heim_db_rollback(heim_db_t, heim_error_t *); +heim_tid_t heim_db_get_type_id(void); + +int heim_db_set_value(heim_db_t, heim_string_t, heim_data_t, heim_data_t, + heim_error_t *); +heim_data_t heim_db_copy_value(heim_db_t, heim_string_t, heim_data_t, + heim_error_t *); +int heim_db_delete_key(heim_db_t, heim_string_t, heim_data_t, + heim_error_t *); +void heim_db_iterate_f(heim_db_t, heim_string_t, void *, + heim_db_iterator_f_t, heim_error_t *); +#ifdef __BLOCKS__ +void heim_db_iterate(heim_db_t, heim_string_t, + void (^)(heim_data_t, heim_data_t), heim_error_t *); +#endif + + +/* + * Number + */ + +typedef struct heim_number_data *heim_number_t; + +heim_number_t heim_number_create(int); +heim_tid_t heim_number_get_type_id(void); +int heim_number_get_int(heim_number_t); + +/* + * + */ + +typedef struct heim_auto_release * heim_auto_release_t; + +heim_auto_release_t heim_auto_release_create(void); +void heim_auto_release_drain(heim_auto_release_t); +heim_object_t heim_auto_release(heim_object_t); + +/* + * JSON + */ +typedef enum heim_json_flags { + HEIM_JSON_F_NO_C_NULL = 1, + HEIM_JSON_F_STRICT_STRINGS = 2, + HEIM_JSON_F_NO_DATA = 4, + HEIM_JSON_F_NO_DATA_DICT = 8, + HEIM_JSON_F_STRICT_DICT = 16, + HEIM_JSON_F_STRICT = 31, + HEIM_JSON_F_CNULL2JSNULL = 32, + HEIM_JSON_F_TRY_DECODE_DATA = 64, + HEIM_JSON_F_ONE_LINE = 128 +} heim_json_flags_t; + +heim_object_t heim_json_create(const char *, size_t, heim_json_flags_t, + heim_error_t *); +heim_object_t heim_json_create_with_bytes(const void *, size_t, size_t, + heim_json_flags_t, + heim_error_t *); +heim_string_t heim_json_copy_serialize(heim_object_t, heim_json_flags_t, + heim_error_t *); + + +/* + * Debug + */ + +heim_string_t +heim_description(heim_object_t ptr); + +/* + * Binary search. + * + * Note: these are private until integrated into the heimbase object system. + */ +typedef struct bsearch_file_handle *bsearch_file_handle; +int _bsearch_text(const char *buf, size_t buf_sz, const char *key, + char **value, size_t *location, size_t *loops); +int _bsearch_file_open(const char *fname, size_t max_sz, size_t page_sz, + bsearch_file_handle *bfh, size_t *reads); +int _bsearch_file(bsearch_file_handle bfh, const char *key, char **value, + size_t *location, size_t *loops, size_t *reads); +void _bsearch_file_info(bsearch_file_handle bfh, size_t *page_sz, + size_t *max_sz, int *blockwise); +void _bsearch_file_close(bsearch_file_handle *bfh); + +/* + * Thread-specific keys + */ + +int heim_w32_key_create(unsigned long *, void (*)(void *)); +int heim_w32_delete_key(unsigned long); +int heim_w32_setspecific(unsigned long, void *); +void *heim_w32_getspecific(unsigned long); +void heim_w32_service_thread_detach(void *); + +#endif /* HEIM_BASE_H */ diff --git a/kerberos5/include/heimntlm-protos.h b/kerberos5/include/heimntlm-protos.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/heimntlm-protos.h @@ -0,0 +1,459 @@ +/* This is a generated file */ +#ifndef __heimntlm_protos_h__ +#define __heimntlm_protos_h__ +#ifndef DOXY + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * Generates an NTLMv1 session random with assosited session master key. + * + * @param key the ntlm v1 key + * @param len length of key + * @param session generated session nonce, should be freed with heim_ntlm_free_buf(). + * @param master calculated session master key, should be freed with heim_ntlm_free_buf(). + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core + */ + +int +heim_ntlm_build_ntlm1_master ( + void */*key*/, + size_t /*len*/, + struct ntlm_buf */*session*/, + struct ntlm_buf */*master*/); + +/** + * Generates an NTLMv2 session random with associated session master key. + * + * @param key the NTLMv2 key + * @param len length of key + * @param blob the NTLMv2 "blob" + * @param session generated session nonce, should be freed with heim_ntlm_free_buf(). + * @param master calculated session master key, should be freed with heim_ntlm_free_buf(). + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core + */ + +int +heim_ntlm_build_ntlm2_master ( + void */*key*/, + size_t /*len*/, + struct ntlm_buf */*blob*/, + struct ntlm_buf */*session*/, + struct ntlm_buf */*master*/); + +/** + * Calculate LMv2 response + * + * @param key the ntlm key + * @param len length of key + * @param username name of the user, as sent in the message, assumed to be in UTF8. + * @param target the name of the target, assumed to be in UTF8. + * @param serverchallenge challenge as sent by the server in the type2 message. + * @param ntlmv2 calculated session key + * @param answer ntlm response answer, should be freed with heim_ntlm_free_buf(). + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core + */ + +int +heim_ntlm_calculate_lm2 ( + const void */*key*/, + size_t /*len*/, + const char */*username*/, + const char */*target*/, + const unsigned char serverchallenge[8], + unsigned char ntlmv2[16], + struct ntlm_buf */*answer*/); + +/** + * Calculate NTLMv1 response hash + * + * @param key the ntlm v1 key + * @param len length of key + * @param challenge sent by the server + * @param answer calculated answer, should be freed with heim_ntlm_free_buf(). + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core + */ + +int +heim_ntlm_calculate_ntlm1 ( + void */*key*/, + size_t /*len*/, + unsigned char challenge[8], + struct ntlm_buf */*answer*/); + +/** + * Calculate NTLMv2 response + * + * @param key the ntlm key + * @param len length of key + * @param username name of the user, as sent in the message, assumed to be in UTF8. + * @param target the name of the target, assumed to be in UTF8. + * @param serverchallenge challenge as sent by the server in the type2 message. + * @param infotarget infotarget as sent by the server in the type2 message. + * @param ntlmv2 calculated session key + * @param answer ntlm response answer, should be freed with heim_ntlm_free_buf(). + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core + */ + +int +heim_ntlm_calculate_ntlm2 ( + const void */*key*/, + size_t /*len*/, + const char */*username*/, + const char */*target*/, + const unsigned char serverchallenge[8], + const struct ntlm_buf */*infotarget*/, + unsigned char ntlmv2[16], + struct ntlm_buf */*answer*/); + +/** + * Third check with empty domain. + */ + +int +heim_ntlm_calculate_ntlm2_sess ( + const unsigned char clnt_nonce[8], + const unsigned char svr_chal[8], + const unsigned char ntlm_hash[16], + struct ntlm_buf */*lm*/, + struct ntlm_buf */*ntlm*/); + +int +heim_ntlm_calculate_ntlm2_sess_hash ( + const unsigned char clnt_nonce[8], + const unsigned char svr_chal[8], + unsigned char verifier[8]); + +/** + * Decodes an NTLM targetinfo message + * + * @param data input data buffer with the encode NTLM targetinfo message + * @param ucs2 if the strings should be encoded with ucs2 (selected by flag in message). + * @param ti the decoded target info, should be freed with heim_ntlm_free_targetinfo(). + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core + */ + +int +heim_ntlm_decode_targetinfo ( + const struct ntlm_buf */*data*/, + int /*ucs2*/, + struct ntlm_targetinfo */*ti*/); + +int +heim_ntlm_decode_type1 ( + const struct ntlm_buf */*buf*/, + struct ntlm_type1 */*data*/); + +int +heim_ntlm_decode_type2 ( + const struct ntlm_buf */*buf*/, + struct ntlm_type2 */*type2*/); + +int +heim_ntlm_decode_type3 ( + const struct ntlm_buf */*buf*/, + int /*ucs2*/, + struct ntlm_type3 */*type3*/); + +void +heim_ntlm_derive_ntlm2_sess ( + const unsigned char sessionkey[16], + const unsigned char */*clnt_nonce*/, + size_t /*clnt_nonce_length*/, + const unsigned char svr_chal[8], + unsigned char derivedkey[16]); + +/** + * Encodes a ntlm_targetinfo message. + * + * @param ti the ntlm_targetinfo message to encode. + * @param ucs2 ignored + * @param data is the return buffer with the encoded message, should be + * freed with heim_ntlm_free_buf(). + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core + */ + +int +heim_ntlm_encode_targetinfo ( + const struct ntlm_targetinfo */*ti*/, + int /*ucs2*/, + struct ntlm_buf */*data*/); + +/** + * Encodes an ntlm_type1 message. + * + * @param type1 the ntlm_type1 message to encode. + * @param data is the return buffer with the encoded message, should be + * freed with heim_ntlm_free_buf(). + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core + */ + +int +heim_ntlm_encode_type1 ( + const struct ntlm_type1 */*type1*/, + struct ntlm_buf */*data*/); + +/** + * Encodes an ntlm_type2 message. + * + * @param type2 the ntlm_type2 message to encode. + * @param data is the return buffer with the encoded message, should be + * freed with heim_ntlm_free_buf(). + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core + */ + +int +heim_ntlm_encode_type2 ( + const struct ntlm_type2 */*type2*/, + struct ntlm_buf */*data*/); + +/** + * Encodes an ntlm_type3 message. + * + * @param type3 the ntlm_type3 message to encode. + * @param data is the return buffer with the encoded message, should be + * @param[out] mic_offset offset of message integrity code + * freed with heim_ntlm_free_buf(). + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core + */ + +int +heim_ntlm_encode_type3 ( + const struct ntlm_type3 */*type3*/, + struct ntlm_buf */*data*/, + size_t */*mic_offset*/); + +/** + * heim_ntlm_free_buf frees the ntlm buffer + * + * @param p buffer to be freed + * + * @ingroup ntlm_core + */ + +void +heim_ntlm_free_buf (struct ntlm_buf */*p*/); + +/** + * Frees the ntlm_targetinfo message + * + * @param ti targetinfo to be freed + * + * @ingroup ntlm_core + */ + +void +heim_ntlm_free_targetinfo (struct ntlm_targetinfo */*ti*/); + +/** + * Frees the ntlm_type1 message + * + * @param data message to be freed + * + * @ingroup ntlm_core + */ + +void +heim_ntlm_free_type1 (struct ntlm_type1 */*data*/); + +/** + * Frees the ntlm_type2 message + * + * @param data message to be freed + * + * @ingroup ntlm_core + */ + +void +heim_ntlm_free_type2 (struct ntlm_type2 */*data*/); + +/** + * Frees the ntlm_type3 message + * + * @param data message to be freed + * + * @ingroup ntlm_core + */ + +void +heim_ntlm_free_type3 (struct ntlm_type3 */*data*/); + +/** + * Given a key and encrypted session, unwrap the session key + * + * @param baseKey the sessionBaseKey + * @param encryptedSession encrypted session, type3.session field. + * @param session generated session nonce, should be freed with heim_ntlm_free_buf(). + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core + */ + +int +heim_ntlm_keyex_unwrap ( + struct ntlm_buf */*baseKey*/, + struct ntlm_buf */*encryptedSession*/, + struct ntlm_buf */*session*/); + +int +heim_ntlm_keyex_wrap ( + struct ntlm_buf */*base_session*/, + struct ntlm_buf */*session*/, + struct ntlm_buf */*encryptedSession*/); + +/** + * Calculate the NTLM key, the password is assumed to be in UTF8. + * + * @param password password to calcute the key for. + * @param key calcuted key, should be freed with heim_ntlm_free_buf(). + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core + */ + +int +heim_ntlm_nt_key ( + const char */*password*/, + struct ntlm_buf */*key*/); + +/** + * Generates an NTLMv2 session key. + * + * @param key the ntlm key + * @param len length of key + * @param username name of the user, as sent in the message, assumed to be in UTF8. + * @param target the name of the target, assumed to be in UTF8. + * @param upper_case_target upper case the target, should not be used only for legacy systems + * @param ntlmv2 the ntlmv2 session key + * + * @return 0 on success, or an error code on failure. + * + * @ingroup ntlm_core + */ + +int +heim_ntlm_ntlmv2_key ( + const void */*key*/, + size_t /*len*/, + const char */*username*/, + const char */*target*/, + int /*upper_case_target*/, + unsigned char ntlmv2[16]); + +time_t +heim_ntlm_ts2unixtime (uint64_t /*t*/); + +uint64_t +heim_ntlm_unix2ts_time (time_t /*unix_time*/); + +/** + @defgroup ntlm_core Heimdal NTLM library * + * The NTLM core functions implement the string2key generation + * function, message encode and decode function, and the hash function + * functions. + */ + +size_t +heim_ntlm_unparse_flags ( + uint32_t /*flags*/, + char */*s*/, + size_t /*len*/); + +int +heim_ntlm_v1_base_session ( + void */*key*/, + size_t /*len*/, + struct ntlm_buf */*session*/); + +int +heim_ntlm_v2_base_session ( + void */*key*/, + size_t /*len*/, + struct ntlm_buf */*ntlmResponse*/, + struct ntlm_buf */*session*/); + +/** + * Verify NTLMv2 response. + * + * @param key the ntlm key + * @param len length of key + * @param username name of the user, as sent in the message, assumed to be in UTF8. + * @param target the name of the target, assumed to be in UTF8. + * @param now the time now (0 if the library should pick it up itself) + * @param serverchallenge challenge as sent by the server in the type2 message. + * @param answer ntlm response answer, should be freed with heim_ntlm_free_buf(). + * @param infotarget infotarget as sent by the server in the type2 message. + * @param ntlmv2 calculated session key + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core + */ + +int +heim_ntlm_verify_ntlm2 ( + const void */*key*/, + size_t /*len*/, + const char */*username*/, + const char */*target*/, + time_t /*now*/, + const unsigned char serverchallenge[8], + const struct ntlm_buf */*answer*/, + struct ntlm_buf */*infotarget*/, + unsigned char ntlmv2[16]); + +#ifdef __cplusplus +} +#endif + +#endif /* DOXY */ +#endif /* __heimntlm_protos_h__ */ diff --git a/kerberos5/include/heimntlm.h b/kerberos5/include/heimntlm.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/heimntlm.h @@ -0,0 +1,166 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef HEIM_NTLM_H +#define HEIM_NTLM_H + +/** + * Buffer for storing data in the NTLM library. When filled in by the + * library it should be freed with heim_ntlm_free_buf(). + */ +struct ntlm_buf { + size_t length; /**< length buffer data */ + void *data; /**< pointer to the data itself */ +}; + +#define NTLM_NEG_UNICODE 0x00000001 +#define NTLM_NEG_OEM 0x00000002 +#define NTLM_NEG_TARGET 0x00000004 +#define NTLM_MBZ9 0x00000008 + +#define NTLM_NEG_SIGN 0x00000010 +#define NTLM_NEG_SEAL 0x00000020 +#define NTLM_NEG_DATAGRAM 0x00000040 +#define NTLM_NEG_LM_KEY 0x00000080 +#define NTLM_NEG_NTLM 0x00000200 +#define NTLM_NEG_ANONYMOUS 0x00000800 + +#define NTLM_MBZ8 0x00000100 +#define NTLM_NEG_NTLM 0x00000200 +#define NTLM_NEG_NT_ONLY 0x00000400 +#define NTLM_MBZ7 0x00000800 /* anon ? */ + +#define NTLM_OEM_SUPPLIED_DOMAIN 0x00001000 +#define NTLM_OEM_SUPPLIED_WORKSTATION 0x00002000 +#define NTLM_MBZ6 0x00004000 /* local call ? */ +#define NTLM_NEG_ALWAYS_SIGN 0x00008000 + +#define NTLM_TARGET_DOMAIN 0x00010000 +#define NTLM_TARGET_SERVER 0x00020000 + +#define NTLM_TARGET_SHARE 0x00040000 /* mbz */ +#define NTLM_NEG_NTLM2_SESSION 0x00080000 /* EXTENDED_SESSIONSECURITY */ +#define NTLM_NEG_NTLM2 0x00080000 + +#define NTLM_NEG_IDENTIFY 0x00100000 +#define NTLM_MBZ5 0x00200000 +#define NTLM_NON_NT_SESSION_KEY 0x00400000 +#define NTLM_NEG_TARGET_INFO 0x00800000 + +#define NTLM_MBZ4 0x01000000 +#define NTLM_NEG_VERSION 0x02000000 +#define NTLM_MBZ3 0x04000000 +#define NTLM_MBZ2 0x08000000 + +#define NTLM_MBZ1 0x10000000 +#define NTLM_ENC_128 0x20000000 +#define NTLM_NEG_KEYEX 0x40000000 +#define NTLM_ENC_56 0x80000000 + +/** + * Struct for the NTLM target info, the strings is assumed to be in + * UTF8. When filled in by the library it should be freed with + * heim_ntlm_free_targetinfo(). + */ + +/* avflags */ +#define NTLM_TI_AV_FLAG_GUEST 0x00000001 +#define NTLM_TI_AV_FLAG_MIC 0x00000002 + +struct ntlm_targetinfo { + char *servername; /**< */ + char *domainname; /**< */ + char *dnsdomainname; /**< */ + char *dnsservername; /**< */ + char *dnstreename; /**< */ + uint32_t avflags; /**< */ + char *targetname; + struct ntlm_buf channel_bindings; + uint64_t timestamp; +}; + +/** + * Struct for the NTLM type1 message info, the strings is assumed to + * be in UTF8. When filled in by the library it should be freed with + * heim_ntlm_free_type1(). + */ + +struct ntlm_type1 { + uint32_t flags; /**< */ + char *domain; /**< */ + char *hostname; /**< */ + uint32_t os[2]; /**< */ +}; + +/** + * Struct for the NTLM type2 message info, the strings is assumed to + * be in UTF8. When filled in by the library it should be freed with + * heim_ntlm_free_type2(). + */ + +struct ntlm_type2 { + uint32_t flags; /**< */ + char *targetname; /**< */ + struct ntlm_buf targetinfo; /**< */ + unsigned char challenge[8]; /**< */ + uint32_t context[2]; /**< */ + uint32_t os[2]; /**< */ +}; + +/** + * Struct for the NTLM type3 message info, the strings is assumed to + * be in UTF8. When filled in by the library it should be freed with + * heim_ntlm_free_type3(). + */ + +struct ntlm_type3 { + uint32_t flags; /**< */ + char *username; /**< */ + char *targetname; /**< */ + struct ntlm_buf lm; /**< */ + struct ntlm_buf ntlm; /**< */ + struct ntlm_buf sessionkey; /**< */ + char *ws; /**< */ + uint32_t os[2]; /**< */ + size_t mic_offset; + uint8_t mic[16]; +}; + +extern time_t heim_ntlm_time_skew; + +#include +#include + +#endif /* NTLM_NTLM_H */ diff --git a/contrib/com_err/lex.h b/kerberos5/include/hex.h copy from contrib/com_err/lex.h copy to kerberos5/include/hex.h --- a/contrib/com_err/lex.h +++ b/kerberos5/include/hex.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,25 @@ /* $Id$ */ -void _lex_error_message (const char *, ...) -__attribute__ ((format (printf, 1, 2))); +#ifndef _rk_HEX_H_ +#define _rk_HEX_H_ 1 -int yylex(void); +#ifndef ROKEN_LIB_FUNCTION +#ifdef _WIN32 +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl +#else +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL +#endif +#endif + +#define hex_encode rk_hex_encode +#define hex_decode rk_hex_decode + +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL + hex_encode(const void *, size_t, char **); +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL + hex_decode(const char *, void *, size_t); + +#endif /* _rk_HEX_H_ */ diff --git a/kerberos5/include/hx509-private.h b/kerberos5/include/hx509-private.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/hx509-private.h @@ -0,0 +1,493 @@ +/* This is a generated file */ +#ifndef __hx509_private_h__ +#define __hx509_private_h__ + +#include + +#if !defined(__GNUC__) && !defined(__attribute__) +#define __attribute__(x) +#endif + +int +_hx509_AlgorithmIdentifier_cmp ( + const AlgorithmIdentifier */*p*/, + const AlgorithmIdentifier */*q*/); + +int +_hx509_Certificate_cmp ( + const Certificate */*p*/, + const Certificate */*q*/); + +int +_hx509_Name_to_string ( + const Name */*n*/, + char **/*str*/); + +time_t +_hx509_Time2time_t (const Time */*t*/); + +void +_hx509_abort ( + const char */*fmt*/, + ...) + __attribute__ ((__noreturn__, __format__ (__printf__, 1, 2))); + +int +_hx509_calculate_path ( + hx509_context /*context*/, + int /*flags*/, + time_t /*time_now*/, + hx509_certs /*anchors*/, + unsigned int /*max_depth*/, + hx509_cert /*cert*/, + hx509_certs /*pool*/, + hx509_path */*path*/); + +int +_hx509_cert_assign_key ( + hx509_cert /*cert*/, + hx509_private_key /*private_key*/); + +int +_hx509_cert_get_eku ( + hx509_context /*context*/, + hx509_cert /*cert*/, + ExtKeyUsage */*e*/); + +int +_hx509_cert_get_keyusage ( + hx509_context /*context*/, + hx509_cert /*c*/, + KeyUsage */*ku*/); + +int +_hx509_cert_get_version (const Certificate */*t*/); + +int +_hx509_cert_is_parent_cmp ( + const Certificate */*subject*/, + const Certificate */*issuer*/, + int /*allow_self_signed*/); + +int +_hx509_cert_private_decrypt ( + hx509_context /*context*/, + const heim_octet_string */*ciphertext*/, + const heim_oid */*encryption_oid*/, + hx509_cert /*p*/, + heim_octet_string */*cleartext*/); + +hx509_private_key +_hx509_cert_private_key (hx509_cert /*p*/); + +int +_hx509_cert_private_key_exportable (hx509_cert /*p*/); + +void +_hx509_cert_set_release ( + hx509_cert /*cert*/, + _hx509_cert_release_func /*release*/, + void */*ctx*/); + +int +_hx509_cert_to_env ( + hx509_context /*context*/, + hx509_cert /*cert*/, + hx509_env */*env*/); + +int +_hx509_certs_keys_add ( + hx509_context /*context*/, + hx509_certs /*certs*/, + hx509_private_key /*key*/); + +void +_hx509_certs_keys_free ( + hx509_context /*context*/, + hx509_private_key */*keys*/); + +int +_hx509_certs_keys_get ( + hx509_context /*context*/, + hx509_certs /*certs*/, + hx509_private_key **/*keys*/); + +int +_hx509_check_key_usage ( + hx509_context /*context*/, + hx509_cert /*cert*/, + unsigned /*flags*/, + int /*req_present*/); + +int +_hx509_collector_alloc ( + hx509_context /*context*/, + hx509_lock /*lock*/, + struct hx509_collector **/*collector*/); + +int +_hx509_collector_certs_add ( + hx509_context /*context*/, + struct hx509_collector */*c*/, + hx509_cert /*cert*/); + +int +_hx509_collector_collect_certs ( + hx509_context /*context*/, + struct hx509_collector */*c*/, + hx509_certs */*ret_certs*/); + +int +_hx509_collector_collect_private_keys ( + hx509_context /*context*/, + struct hx509_collector */*c*/, + hx509_private_key **/*keys*/); + +void +_hx509_collector_free (struct hx509_collector */*c*/); + +hx509_lock +_hx509_collector_get_lock (struct hx509_collector */*c*/); + +int +_hx509_collector_private_key_add ( + hx509_context /*context*/, + struct hx509_collector */*c*/, + const AlgorithmIdentifier */*alg*/, + hx509_private_key /*private_key*/, + const heim_octet_string */*key_data*/, + const heim_octet_string */*localKeyId*/); + +int +_hx509_create_signature ( + hx509_context /*context*/, + const hx509_private_key /*signer*/, + const AlgorithmIdentifier */*alg*/, + const heim_octet_string */*data*/, + AlgorithmIdentifier */*signatureAlgorithm*/, + heim_octet_string */*sig*/); + +int +_hx509_create_signature_bitstring ( + hx509_context /*context*/, + const hx509_private_key /*signer*/, + const AlgorithmIdentifier */*alg*/, + const heim_octet_string */*data*/, + AlgorithmIdentifier */*signatureAlgorithm*/, + heim_bit_string */*sig*/); + +int +_hx509_expr_eval ( + hx509_context /*context*/, + hx509_env /*env*/, + struct hx_expr */*expr*/); + +void +_hx509_expr_free (struct hx_expr */*expr*/); + +struct hx_expr * +_hx509_expr_parse (const char */*buf*/); + +int +_hx509_find_extension_subject_key_id ( + const Certificate */*issuer*/, + SubjectKeyIdentifier */*si*/); + +const struct signature_alg * +_hx509_find_sig_alg (const heim_oid */*oid*/); + +int +_hx509_generate_private_key ( + hx509_context /*context*/, + struct hx509_generate_private_context */*ctx*/, + hx509_private_key */*private_key*/); + +int +_hx509_generate_private_key_bits ( + hx509_context /*context*/, + struct hx509_generate_private_context */*ctx*/, + unsigned long /*bits*/); + +void +_hx509_generate_private_key_free (struct hx509_generate_private_context **/*ctx*/); + +int +_hx509_generate_private_key_init ( + hx509_context /*context*/, + const heim_oid */*oid*/, + struct hx509_generate_private_context **/*ctx*/); + +int +_hx509_generate_private_key_is_ca ( + hx509_context /*context*/, + struct hx509_generate_private_context */*ctx*/); + +Certificate * +_hx509_get_cert (hx509_cert /*cert*/); + +void +_hx509_ks_dir_register (hx509_context /*context*/); + +void +_hx509_ks_file_register (hx509_context /*context*/); + +void +_hx509_ks_keychain_register (hx509_context /*context*/); + +void +_hx509_ks_mem_register (hx509_context /*context*/); + +void +_hx509_ks_null_register (hx509_context /*context*/); + +void +_hx509_ks_pkcs11_register (hx509_context /*context*/); + +void +_hx509_ks_pkcs12_register (hx509_context /*context*/); + +void +_hx509_ks_register ( + hx509_context /*context*/, + struct hx509_keyset_ops */*ops*/); + +int +_hx509_lock_find_cert ( + hx509_lock /*lock*/, + const hx509_query */*q*/, + hx509_cert */*c*/); + +const struct _hx509_password * +_hx509_lock_get_passwords (hx509_lock /*lock*/); + +hx509_certs +_hx509_lock_unlock_certs (hx509_lock /*lock*/); + +struct hx_expr * +_hx509_make_expr ( + enum hx_expr_op /*op*/, + void */*arg1*/, + void */*arg2*/); + +int +_hx509_map_file_os ( + const char */*fn*/, + heim_octet_string */*os*/); + +int +_hx509_match_keys ( + hx509_cert /*c*/, + hx509_private_key /*key*/); + +int +_hx509_name_cmp ( + const Name */*n1*/, + const Name */*n2*/, + int */*c*/); + +int +_hx509_name_ds_cmp ( + const DirectoryString */*ds1*/, + const DirectoryString */*ds2*/, + int */*diff*/); + +int +_hx509_name_from_Name ( + const Name */*n*/, + hx509_name */*name*/); + +int +_hx509_name_modify ( + hx509_context /*context*/, + Name */*name*/, + int /*append*/, + const heim_oid */*oid*/, + const char */*str*/); + +int +_hx509_path_append ( + hx509_context /*context*/, + hx509_path */*path*/, + hx509_cert /*cert*/); + +void +_hx509_path_free (hx509_path */*path*/); + +int +_hx509_pbe_decrypt ( + hx509_context /*context*/, + hx509_lock /*lock*/, + const AlgorithmIdentifier */*ai*/, + const heim_octet_string */*econtent*/, + heim_octet_string */*content*/); + +int +_hx509_pbe_encrypt ( + hx509_context /*context*/, + hx509_lock /*lock*/, + const AlgorithmIdentifier */*ai*/, + const heim_octet_string */*content*/, + heim_octet_string */*econtent*/); + +void +_hx509_pi_printf ( + int (*/*func*/)(void *, const char *), + void */*ctx*/, + const char */*fmt*/, + ...); + +void +_hx509_private_eckey_free (void */*eckey*/); + +int +_hx509_private_key_export ( + hx509_context /*context*/, + const hx509_private_key /*key*/, + hx509_key_format_t /*format*/, + heim_octet_string */*data*/); + +int +_hx509_private_key_exportable (hx509_private_key /*key*/); + +BIGNUM * +_hx509_private_key_get_internal ( + hx509_context /*context*/, + hx509_private_key /*key*/, + const char */*type*/); + +int +_hx509_private_key_oid ( + hx509_context /*context*/, + const hx509_private_key /*key*/, + heim_oid */*data*/); + +hx509_private_key +_hx509_private_key_ref (hx509_private_key /*key*/); + +const char * +_hx509_private_pem_name (hx509_private_key /*key*/); + +int +_hx509_public_encrypt ( + hx509_context /*context*/, + const heim_octet_string */*cleartext*/, + const Certificate */*cert*/, + heim_oid */*encryption_oid*/, + heim_octet_string */*ciphertext*/); + +void +_hx509_query_clear (hx509_query */*q*/); + +int +_hx509_query_match_cert ( + hx509_context /*context*/, + const hx509_query */*q*/, + hx509_cert /*cert*/); + +void +_hx509_query_statistic ( + hx509_context /*context*/, + int /*type*/, + const hx509_query */*q*/); + +int +_hx509_request_add_dns_name ( + hx509_context /*context*/, + hx509_request /*req*/, + const char */*hostname*/); + +int +_hx509_request_add_eku ( + hx509_context /*context*/, + hx509_request /*req*/, + const heim_oid */*oid*/); + +int +_hx509_request_add_email ( + hx509_context /*context*/, + hx509_request /*req*/, + const char */*email*/); + +int +_hx509_request_parse ( + hx509_context /*context*/, + const char */*path*/, + hx509_request */*req*/); + +int +_hx509_request_print ( + hx509_context /*context*/, + hx509_request /*req*/, + FILE */*f*/); + +int +_hx509_request_to_pkcs10 ( + hx509_context /*context*/, + const hx509_request /*req*/, + const hx509_private_key /*signer*/, + heim_octet_string */*request*/); + +hx509_revoke_ctx +_hx509_revoke_ref (hx509_revoke_ctx /*ctx*/); + +void +_hx509_sel_yyerror (const char */*s*/); + +int +_hx509_self_signed_valid ( + hx509_context /*context*/, + const AlgorithmIdentifier */*alg*/); + +int +_hx509_set_cert_attribute ( + hx509_context /*context*/, + hx509_cert /*cert*/, + const heim_oid */*oid*/, + const heim_octet_string */*attr*/); + +int +_hx509_set_digest_alg ( + DigestAlgorithmIdentifier */*id*/, + const heim_oid */*oid*/, + const void */*param*/, + size_t /*length*/); + +int +_hx509_signature_is_weak ( + hx509_context /*context*/, + const AlgorithmIdentifier */*alg*/); + +void +_hx509_unmap_file_os (heim_octet_string */*os*/); + +int +_hx509_unparse_Name ( + const Name */*aname*/, + char **/*str*/); + +time_t +_hx509_verify_get_time (hx509_verify_ctx /*ctx*/); + +int +_hx509_verify_signature ( + hx509_context /*context*/, + const hx509_cert /*cert*/, + const AlgorithmIdentifier */*alg*/, + const heim_octet_string */*data*/, + const heim_octet_string */*sig*/); + +int +_hx509_verify_signature_bitstring ( + hx509_context /*context*/, + const hx509_cert /*signer*/, + const AlgorithmIdentifier */*alg*/, + const heim_octet_string */*data*/, + const heim_bit_string */*sig*/); + +int +_hx509_write_file ( + const char */*fn*/, + const void */*data*/, + size_t /*length*/); + +#endif /* __hx509_private_h__ */ diff --git a/kerberos5/include/hx509-protos.h b/kerberos5/include/hx509-protos.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/hx509-protos.h @@ -0,0 +1,3154 @@ +/* This is a generated file */ +#ifndef __hx509_protos_h__ +#define __hx509_protos_h__ +#ifndef DOXY + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef HX509_LIB +#ifndef HX509_LIB_FUNCTION +#if defined(_WIN32) +#define HX509_LIB_FUNCTION __declspec(dllimport) +#define HX509_LIB_CALL __stdcall +#define HX509_LIB_VARIABLE __declspec(dllimport) +#else +#define HX509_LIB_FUNCTION +#define HX509_LIB_CALL +#define HX509_LIB_VARIABLE +#endif +#endif +#endif +/** + * Print a bitstring using a hx509_vprint_func function. To print to + * stdout use hx509_print_stdout(). + * + * @param b bit string to print. + * @param func hx509_vprint_func to print with. + * @param ctx context variable to hx509_vprint_func function. + * + * @ingroup hx509_print + */ + +void +hx509_bitstring_print ( + const heim_bit_string */*b*/, + hx509_vprint_func /*func*/, + void */*ctx*/); + +/** + * Sign a to-be-signed certificate object with a issuer certificate. + * + * The caller needs to at least have called the following functions on the + * to-be-signed certificate object: + * - hx509_ca_tbs_init() + * - hx509_ca_tbs_set_subject() + * - hx509_ca_tbs_set_spki() + * + * When done the to-be-signed certificate object should be freed with + * hx509_ca_tbs_free(). + * + * When creating self-signed certificate use hx509_ca_sign_self() instead. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param signer the CA certificate object to sign with (need private key). + * @param certificate return cerificate, free with hx509_cert_free(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + +int +hx509_ca_sign ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + hx509_cert /*signer*/, + hx509_cert */*certificate*/); + +/** + * Work just like hx509_ca_sign() but signs it-self. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param signer private key to sign with. + * @param certificate return cerificate, free with hx509_cert_free(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + +int +hx509_ca_sign_self ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + hx509_private_key /*signer*/, + hx509_cert */*certificate*/); + +/** + * Add CRL distribution point URI to the to-be-signed certificate + * object. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param uri uri to the CRL. + * @param issuername name of the issuer. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + +int +hx509_ca_tbs_add_crl_dp_uri ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + const char */*uri*/, + hx509_name /*issuername*/); + +/** + * An an extended key usage to the to-be-signed certificate object. + * Duplicates will detected and not added. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param oid extended key usage to add. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + +int +hx509_ca_tbs_add_eku ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + const heim_oid */*oid*/); + +/** + * Add a Subject Alternative Name hostname to to-be-signed certificate + * object. A domain match starts with ., an exact match does not. + * + * Example of a an domain match: .domain.se matches the hostname + * host.domain.se. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param dnsname a hostame. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + +int +hx509_ca_tbs_add_san_hostname ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + const char */*dnsname*/); + +/** + * Add a Jabber/XMPP jid Subject Alternative Name to the to-be-signed + * certificate object. The jid is an UTF8 string. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param jid string of an a jabber id in UTF8. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + +int +hx509_ca_tbs_add_san_jid ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + const char */*jid*/); + +/** + * Add Microsoft UPN Subject Alternative Name to the to-be-signed + * certificate object. The principal string is a UTF8 string. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param principal Microsoft UPN string. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + +int +hx509_ca_tbs_add_san_ms_upn ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + const char */*principal*/); + +/** + * Add Subject Alternative Name otherName to the to-be-signed + * certificate object. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param oid the oid of the OtherName. + * @param os data in the other name. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + +int +hx509_ca_tbs_add_san_otherName ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + const heim_oid */*oid*/, + const heim_octet_string */*os*/); + +/** + * Add Kerberos Subject Alternative Name to the to-be-signed + * certificate object. The principal string is a UTF8 string. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param principal Kerberos principal to add to the certificate. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + +int +hx509_ca_tbs_add_san_pkinit ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + const char */*principal*/); + +/** + * Add a Subject Alternative Name rfc822 (email address) to + * to-be-signed certificate object. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param rfc822Name a string to a email address. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + +int +hx509_ca_tbs_add_san_rfc822name ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + const char */*rfc822Name*/); + +/** + * Free an To Be Signed object. + * + * @param tbs object to free. + * + * @ingroup hx509_ca + */ + +void +hx509_ca_tbs_free (hx509_ca_tbs */*tbs*/); + +/** + * Allocate an to-be-signed certificate object that will be converted + * into an certificate. + * + * @param context A hx509 context. + * @param tbs returned to-be-signed certicate object, free with + * hx509_ca_tbs_free(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + +int +hx509_ca_tbs_init ( + hx509_context /*context*/, + hx509_ca_tbs */*tbs*/); + +/** + * Make the to-be-signed certificate object a CA certificate. If the + * pathLenConstraint is negative path length constraint is used. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param pathLenConstraint path length constraint, negative, no + * constraint. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + +int +hx509_ca_tbs_set_ca ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + int /*pathLenConstraint*/); + +/** + * Make the to-be-signed certificate object a windows domain controller certificate. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + +int +hx509_ca_tbs_set_domaincontroller ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/); + +/** + * Set the absolute time when the certificate is valid to. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param t time when the certificate will expire + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + +int +hx509_ca_tbs_set_notAfter ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + time_t /*t*/); + +/** + * Set the relative time when the certificiate is going to expire. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param delta seconds to the certificate is going to expire. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + +int +hx509_ca_tbs_set_notAfter_lifetime ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + time_t /*delta*/); + +/** + * Set the absolute time when the certificate is valid from. If not + * set the current time will be used. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param t time the certificated will start to be valid + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + +int +hx509_ca_tbs_set_notBefore ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + time_t /*t*/); + +/** + * Make the to-be-signed certificate object a proxy certificate. If the + * pathLenConstraint is negative path length constraint is used. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param pathLenConstraint path length constraint, negative, no + * constraint. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + +int +hx509_ca_tbs_set_proxy ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + int /*pathLenConstraint*/); + +/** + * Set the serial number to use for to-be-signed certificate object. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param serialNumber serial number to use for the to-be-signed + * certificate object. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + +int +hx509_ca_tbs_set_serialnumber ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + const heim_integer */*serialNumber*/); + +/** + * Set signature algorithm on the to be signed certificate + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param sigalg signature algorithm to use + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + +int +hx509_ca_tbs_set_signature_algorithm ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + const AlgorithmIdentifier */*sigalg*/); + +/** + * Set the subject public key info (SPKI) in the to-be-signed certificate + * object. SPKI is the public key and key related parameters in the + * certificate. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param spki subject public key info to use for the to-be-signed certificate object. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + +int +hx509_ca_tbs_set_spki ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + const SubjectPublicKeyInfo */*spki*/); + +/** + * Set the subject name of a to-be-signed certificate object. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param subject the name to set a subject. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + +int +hx509_ca_tbs_set_subject ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + hx509_name /*subject*/); + +/** + * Initialize the to-be-signed certificate object from a template certifiate. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param flags bit field selecting what to copy from the template + * certifiate. + * @param cert template certificate. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + +int +hx509_ca_tbs_set_template ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + int /*flags*/, + hx509_cert /*cert*/); + +/** + * Set the issuerUniqueID and subjectUniqueID + * + * These are only supposed to be used considered with version 2 + * certificates, replaced by the two extensions SubjectKeyIdentifier + * and IssuerKeyIdentifier. This function is to allow application + * using legacy protocol to issue them. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param issuerUniqueID to be set + * @param subjectUniqueID to be set + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + +int +hx509_ca_tbs_set_unique ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + const heim_bit_string */*subjectUniqueID*/, + const heim_bit_string */*issuerUniqueID*/); + +/** + * Expand the the subject name in the to-be-signed certificate object + * using hx509_name_expand(). + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param env environment variable to expand variables in the subject + * name, see hx509_env_init(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + +int +hx509_ca_tbs_subject_expand ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + hx509_env /*env*/); + +/** + * Make of template units, use to build flags argument to + * hx509_ca_tbs_set_template() with parse_units(). + * + * @return an units structure. + * + * @ingroup hx509_ca + */ + +const struct units * +hx509_ca_tbs_template_units (void); + +/** + * Encodes the hx509 certificate as a DER encode binary. + * + * @param context A hx509 context. + * @param c the certificate to encode. + * @param os the encode certificate, set to NULL, 0 on case of + * error. Free the os->data with hx509_xfree(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + +int +hx509_cert_binary ( + hx509_context /*context*/, + hx509_cert /*c*/, + heim_octet_string */*os*/); + +/** + * Check the extended key usage on the hx509 certificate. + * + * @param context A hx509 context. + * @param cert A hx509 context. + * @param eku the EKU to check for + * @param allow_any_eku if the any EKU is set, allow that to be a + * substitute. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + +int +hx509_cert_check_eku ( + hx509_context /*context*/, + hx509_cert /*cert*/, + const heim_oid */*eku*/, + int /*allow_any_eku*/); + +/** + * Compare to hx509 certificate object, useful for sorting. + * + * @param p a hx509 certificate object. + * @param q a hx509 certificate object. + * + * @return 0 the objects are the same, returns > 0 is p is "larger" + * then q, < 0 if p is "smaller" then q. + * + * @ingroup hx509_cert + */ + +int +hx509_cert_cmp ( + hx509_cert /*p*/, + hx509_cert /*q*/); + +/** + * Return a list of subjectAltNames specified by oid in the + * certificate. On error the + * + * The returned list of octet string should be freed with + * hx509_free_octet_string_list(). + * + * @param context A hx509 context. + * @param cert a hx509 certificate object. + * @param oid an oid to for SubjectAltName. + * @param list list of matching SubjectAltName. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + +int +hx509_cert_find_subjectAltName_otherName ( + hx509_context /*context*/, + hx509_cert /*cert*/, + const heim_oid */*oid*/, + hx509_octet_string_list */*list*/); + +/** + * Free reference to the hx509 certificate object, if the refcounter + * reaches 0, the object if freed. Its allowed to pass in NULL. + * + * @param cert the cert to free. + * + * @ingroup hx509_cert + */ + +void +hx509_cert_free (hx509_cert /*cert*/); + +/** + * Get the SubjectPublicKeyInfo structure from the hx509 certificate. + * + * @param context a hx509 context. + * @param p a hx509 certificate object. + * @param spki SubjectPublicKeyInfo, should be freed with + * free_SubjectPublicKeyInfo(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + +int +hx509_cert_get_SPKI ( + hx509_context /*context*/, + hx509_cert /*p*/, + SubjectPublicKeyInfo */*spki*/); + +/** + * Get the AlgorithmIdentifier from the hx509 certificate. + * + * @param context a hx509 context. + * @param p a hx509 certificate object. + * @param alg AlgorithmIdentifier, should be freed with + * free_AlgorithmIdentifier(). The algorithmidentifier is + * typicly rsaEncryption, or id-ecPublicKey, or some other + * public key mechanism. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + +int +hx509_cert_get_SPKI_AlgorithmIdentifier ( + hx509_context /*context*/, + hx509_cert /*p*/, + AlgorithmIdentifier */*alg*/); + +/** + * Get an external attribute for the certificate, examples are + * friendly name and id. + * + * @param cert hx509 certificate object to search + * @param oid an oid to search for. + * + * @return an hx509_cert_attribute, only valid as long as the + * certificate is referenced. + * + * @ingroup hx509_cert + */ + +hx509_cert_attribute +hx509_cert_get_attribute ( + hx509_cert /*cert*/, + const heim_oid */*oid*/); + +/** + * Return the name of the base subject of the hx509 certificate. If + * the certiicate is a verified proxy certificate, the this function + * return the base certificate (root of the proxy chain). If the proxy + * certificate is not verified with the base certificate + * HX509_PROXY_CERTIFICATE_NOT_CANONICALIZED is returned. + * + * @param context a hx509 context. + * @param c a hx509 certificate object. + * @param name a pointer to a hx509 name, should be freed by + * hx509_name_free(). See also hx509_cert_get_subject(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + +int +hx509_cert_get_base_subject ( + hx509_context /*context*/, + hx509_cert /*c*/, + hx509_name */*name*/); + +/** + * Get friendly name of the certificate. + * + * @param cert cert to get the friendly name from. + * + * @return an friendly name or NULL if there is. The friendly name is + * only valid as long as the certificate is referenced. + * + * @ingroup hx509_cert + */ + +const char * +hx509_cert_get_friendly_name (hx509_cert /*cert*/); + +/** + * Return the name of the issuer of the hx509 certificate. + * + * @param p a hx509 certificate object. + * @param name a pointer to a hx509 name, should be freed by + * hx509_name_free(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + +int +hx509_cert_get_issuer ( + hx509_cert /*p*/, + hx509_name */*name*/); + +/** + * Get a copy of the Issuer Unique ID + * + * @param context a hx509_context + * @param p a hx509 certificate + * @param issuer the issuer id returned, free with der_free_bit_string() + * + * @return An hx509 error code, see hx509_get_error_string(). The + * error code HX509_EXTENSION_NOT_FOUND is returned if the certificate + * doesn't have a issuerUniqueID + * + * @ingroup hx509_cert + */ + +int +hx509_cert_get_issuer_unique_id ( + hx509_context /*context*/, + hx509_cert /*p*/, + heim_bit_string */*issuer*/); + +/** + * Get notAfter time of the certificate. + * + * @param p a hx509 certificate object. + * + * @return return not after time. + * + * @ingroup hx509_cert + */ + +time_t +hx509_cert_get_notAfter (hx509_cert /*p*/); + +/** + * Get notBefore time of the certificate. + * + * @param p a hx509 certificate object. + * + * @return return not before time + * + * @ingroup hx509_cert + */ + +time_t +hx509_cert_get_notBefore (hx509_cert /*p*/); + +/** + * Get serial number of the certificate. + * + * @param p a hx509 certificate object. + * @param i serial number, should be freed ith der_free_heim_integer(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + +int +hx509_cert_get_serialnumber ( + hx509_cert /*p*/, + heim_integer */*i*/); + +/** + * Return the name of the subject of the hx509 certificate. + * + * @param p a hx509 certificate object. + * @param name a pointer to a hx509 name, should be freed by + * hx509_name_free(). See also hx509_cert_get_base_subject(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + +int +hx509_cert_get_subject ( + hx509_cert /*p*/, + hx509_name */*name*/); + +/** + * Get a copy of the Subect Unique ID + * + * @param context a hx509_context + * @param p a hx509 certificate + * @param subject the subject id returned, free with der_free_bit_string() + * + * @return An hx509 error code, see hx509_get_error_string(). The + * error code HX509_EXTENSION_NOT_FOUND is returned if the certificate + * doesn't have a subjectUniqueID + * + * @ingroup hx509_cert + */ + +int +hx509_cert_get_subject_unique_id ( + hx509_context /*context*/, + hx509_cert /*p*/, + heim_bit_string */*subject*/); + +int +hx509_cert_have_private_key (hx509_cert /*p*/); + +/** + * Allocate and init an hx509 certificate object from the decoded + * certificate `c´. + * + * @param context A hx509 context. + * @param c + * @param error + * + * @return Returns an hx509 certificate + * + * @ingroup hx509_cert + */ + +hx509_cert +hx509_cert_init ( + hx509_context /*context*/, + const Certificate */*c*/, + heim_error_t */*error*/); + +/** + * Just like hx509_cert_init(), but instead of a decode certificate + * takes an pointer and length to a memory region that contains a + * DER/BER encoded certificate. + * + * If the memory region doesn't contain just the certificate and + * nothing more the function will fail with + * HX509_EXTRA_DATA_AFTER_STRUCTURE. + * + * @param context A hx509 context. + * @param ptr pointer to memory region containing encoded certificate. + * @param len length of memory region. + * @param error possibly returns an error + * + * @return An hx509 certificate + * + * @ingroup hx509_cert + */ + +hx509_cert +hx509_cert_init_data ( + hx509_context /*context*/, + const void */*ptr*/, + size_t /*len*/, + heim_error_t */*error*/); + +/** + * Print certificate usage for a certificate to a string. + * + * @param context A hx509 context. + * @param c a certificate print the keyusage for. + * @param s the return string with the keysage printed in to, free + * with hx509_xfree(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_print + */ + +int +hx509_cert_keyusage_print ( + hx509_context /*context*/, + hx509_cert /*c*/, + char **/*s*/); + +int +hx509_cert_public_encrypt ( + hx509_context /*context*/, + const heim_octet_string */*cleartext*/, + const hx509_cert /*p*/, + heim_oid */*encryption_oid*/, + heim_octet_string */*ciphertext*/); + +/** + * Add a reference to a hx509 certificate object. + * + * @param cert a pointer to an hx509 certificate object. + * + * @return the same object as is passed in. + * + * @ingroup hx509_cert + */ + +hx509_cert +hx509_cert_ref (hx509_cert /*cert*/); + +/** + * Set the friendly name on the certificate. + * + * @param cert The certificate to set the friendly name on + * @param name Friendly name. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + +int +hx509_cert_set_friendly_name ( + hx509_cert /*cert*/, + const char */*name*/); + +/** + * Add a certificate to the certificiate store. + * + * The receiving keyset certs will either increase reference counter + * of the cert or make a deep copy, either way, the caller needs to + * free the cert itself. + * + * @param context a hx509 context. + * @param certs certificate store to add the certificate to. + * @param cert certificate to add. + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_keyset + */ + +int +hx509_certs_add ( + hx509_context /*context*/, + hx509_certs /*certs*/, + hx509_cert /*cert*/); + +/** + * Same a hx509_certs_merge() but use a lock and name to describe the + * from source. + * + * @param context a hx509 context. + * @param to the store to merge into. + * @param lock a lock that unlocks the certificates store, use NULL to + * select no password/certifictes/prompt lock (see @ref page_lock). + * @param name name of the source store + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_keyset + */ + +int +hx509_certs_append ( + hx509_context /*context*/, + hx509_certs /*to*/, + hx509_lock /*lock*/, + const char */*name*/); + +/** + * End the iteration over certificates. + * + * @param context a hx509 context. + * @param certs certificate store to iterate over. + * @param cursor cursor that will keep track of progress, freed. + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_keyset + */ + +int +hx509_certs_end_seq ( + hx509_context /*context*/, + hx509_certs /*certs*/, + hx509_cursor /*cursor*/); + +/** + * Filter certificate matching the query. + * + * @param context a hx509 context. + * @param certs certificate store to search. + * @param q query allocated with @ref hx509_query functions. + * @param result the filtered certificate store, caller must free with + * hx509_certs_free(). + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_keyset + */ + +int +hx509_certs_filter ( + hx509_context /*context*/, + hx509_certs /*certs*/, + const hx509_query */*q*/, + hx509_certs */*result*/); + +/** + * Find a certificate matching the query. + * + * @param context a hx509 context. + * @param certs certificate store to search. + * @param q query allocated with @ref hx509_query functions. + * @param r return certificate (or NULL on error), should be freed + * with hx509_cert_free(). + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_keyset + */ + +int +hx509_certs_find ( + hx509_context /*context*/, + hx509_certs /*certs*/, + const hx509_query */*q*/, + hx509_cert */*r*/); + +/** + * Free a certificate store. + * + * @param certs certificate store to free. + * + * @ingroup hx509_keyset + */ + +void +hx509_certs_free (hx509_certs */*certs*/); + +/** + * Print some info about the certificate store. + * + * @param context a hx509 context. + * @param certs certificate store to print information about. + * @param func function that will get each line of the information, if + * NULL is used the data is printed on a FILE descriptor that should + * be passed in ctx, if ctx also is NULL, stdout is used. + * @param ctx parameter to func. + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_keyset + */ + +int +hx509_certs_info ( + hx509_context /*context*/, + hx509_certs /*certs*/, + int (*/*func*/)(void *, const char *), + void */*ctx*/); + +/** + * Open or creates a new hx509 certificate store. + * + * @param context A hx509 context + * @param name name of the store, format is TYPE:type-specific-string, + * if NULL is used the MEMORY store is used. + * @param flags list of flags: + * - HX509_CERTS_CREATE create a new keystore of the specific TYPE. + * - HX509_CERTS_UNPROTECT_ALL fails if any private key failed to be extracted. + * @param lock a lock that unlocks the certificates store, use NULL to + * select no password/certifictes/prompt lock (see @ref page_lock). + * @param certs return pointer, free with hx509_certs_free(). + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_keyset + */ + +int +hx509_certs_init ( + hx509_context /*context*/, + const char */*name*/, + int /*flags*/, + hx509_lock /*lock*/, + hx509_certs */*certs*/); + +/** + * Iterate over all certificates in a keystore and call a block + * for each of them. + * + * @param context a hx509 context. + * @param certs certificate store to iterate over. + * @param func block to call for each certificate. The function + * should return non-zero to abort the iteration, that value is passed + * back to the caller of hx509_certs_iter(). + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_keyset + */ + +#ifdef __BLOCKS__ +int +hx509_certs_iter ( + hx509_context /*context*/, + hx509_certs /*certs*/, + int (^func)(hx509_cert)); +#endif /* __BLOCKS__ */ + +/** + * Iterate over all certificates in a keystore and call a function + * for each of them. + * + * @param context a hx509 context. + * @param certs certificate store to iterate over. + * @param func function to call for each certificate. The function + * should return non-zero to abort the iteration, that value is passed + * back to the caller of hx509_certs_iter_f(). + * @param ctx context variable that will passed to the function. + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_keyset + */ + +int +hx509_certs_iter_f ( + hx509_context /*context*/, + hx509_certs /*certs*/, + int (*/*func*/)(hx509_context, void *, hx509_cert), + void */*ctx*/); + +/** + * Merge a certificate store into another. The from store is keep + * intact. + * + * @param context a hx509 context. + * @param to the store to merge into. + * @param from the store to copy the object from. + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_keyset + */ + +int +hx509_certs_merge ( + hx509_context /*context*/, + hx509_certs /*to*/, + hx509_certs /*from*/); + +/** + * Get next ceritificate from the certificate keystore pointed out by + * cursor. + * + * @param context a hx509 context. + * @param certs certificate store to iterate over. + * @param cursor cursor that keeps track of progress. + * @param cert return certificate next in store, NULL if the store + * contains no more certificates. Free with hx509_cert_free(). + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_keyset + */ + +int +hx509_certs_next_cert ( + hx509_context /*context*/, + hx509_certs /*certs*/, + hx509_cursor /*cursor*/, + hx509_cert */*cert*/); + +hx509_certs +hx509_certs_ref (hx509_certs /*certs*/); + +/** + * Start the integration + * + * @param context a hx509 context. + * @param certs certificate store to iterate over + * @param cursor cursor that will keep track of progress, free with + * hx509_certs_end_seq(). + * + * @return Returns an hx509 error code. HX509_UNSUPPORTED_OPERATION is + * returned if the certificate store doesn't support the iteration + * operation. + * + * @ingroup hx509_keyset + */ + +int +hx509_certs_start_seq ( + hx509_context /*context*/, + hx509_certs /*certs*/, + hx509_cursor */*cursor*/); + +/** + * Write the certificate store to stable storage. + * + * @param context A hx509 context. + * @param certs a certificate store to store. + * @param flags currently unused, use 0. + * @param lock a lock that unlocks the certificates store, use NULL to + * select no password/certifictes/prompt lock (see @ref page_lock). + * + * @return Returns an hx509 error code. HX509_UNSUPPORTED_OPERATION if + * the certificate store doesn't support the store operation. + * + * @ingroup hx509_keyset + */ + +int +hx509_certs_store ( + hx509_context /*context*/, + hx509_certs /*certs*/, + int /*flags*/, + hx509_lock /*lock*/); + +/** + * Function to use to hx509_certs_iter_f() as a function argument, the + * ctx variable to hx509_certs_iter_f() should be a FILE file descriptor. + * + * @param context a hx509 context. + * @param ctx used by hx509_certs_iter_f(). + * @param c a certificate + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_keyset + */ + +int +hx509_ci_print_names ( + hx509_context /*context*/, + void */*ctx*/, + hx509_cert /*c*/); + +/** + * Resets the error strings the hx509 context. + * + * @param context A hx509 context. + * + * @ingroup hx509_error + */ + +void +hx509_clear_error_string (hx509_context /*context*/); + +int +hx509_cms_create_signed ( + hx509_context /*context*/, + int /*flags*/, + const heim_oid */*eContentType*/, + const void */*data*/, + size_t /*length*/, + const AlgorithmIdentifier */*digest_alg*/, + hx509_certs /*certs*/, + hx509_peer_info /*peer*/, + hx509_certs /*anchors*/, + hx509_certs /*pool*/, + heim_octet_string */*signed_data*/); + +/** + * Decode SignedData and verify that the signature is correct. + * + * @param context A hx509 context. + * @param flags + * @param eContentType the type of the data. + * @param data data to sign + * @param length length of the data that data point to. + * @param digest_alg digest algorithm to use, use NULL to get the + * default or the peer determined algorithm. + * @param cert certificate to use for sign the data. + * @param peer info about the peer the message to send the message to, + * like what digest algorithm to use. + * @param anchors trust anchors that the client will use, used to + * polulate the certificates included in the message + * @param pool certificates to use in try to build the path to the + * trust anchors. + * @param signed_data the output of the function, free with + * der_free_octet_string(). + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_cms + */ + +int +hx509_cms_create_signed_1 ( + hx509_context /*context*/, + int /*flags*/, + const heim_oid */*eContentType*/, + const void */*data*/, + size_t /*length*/, + const AlgorithmIdentifier */*digest_alg*/, + hx509_cert /*cert*/, + hx509_peer_info /*peer*/, + hx509_certs /*anchors*/, + hx509_certs /*pool*/, + heim_octet_string */*signed_data*/); + +/** + * Use HX509_CMS_SIGNATURE_NO_SIGNER to create no sigInfo (no + * signatures). + */ + +int +hx509_cms_decrypt_encrypted ( + hx509_context /*context*/, + hx509_lock /*lock*/, + const void */*data*/, + size_t /*length*/, + heim_oid */*contentType*/, + heim_octet_string */*content*/); + +/** + * Encrypt end encode EnvelopedData. + * + * Encrypt and encode EnvelopedData. The data is encrypted with a + * random key and the the random key is encrypted with the + * certificates private key. This limits what private key type can be + * used to RSA. + * + * @param context A hx509 context. + * @param flags flags to control the behavior. + * - HX509_CMS_EV_NO_KU_CHECK - Don't check KU on certificate + * - HX509_CMS_EV_ALLOW_WEAK - Allow weak crytpo + * - HX509_CMS_EV_ID_NAME - prefer issuer name and serial number + * @param cert Certificate to encrypt the EnvelopedData encryption key + * with. + * @param data pointer the data to encrypt. + * @param length length of the data that data point to. + * @param encryption_type Encryption cipher to use for the bulk data, + * use NULL to get default. + * @param contentType type of the data that is encrypted + * @param content the output of the function, + * free with der_free_octet_string(). + * + * @return an hx509 error code. + * + * @ingroup hx509_cms + */ + +int +hx509_cms_envelope_1 ( + hx509_context /*context*/, + int /*flags*/, + hx509_cert /*cert*/, + const void */*data*/, + size_t /*length*/, + const heim_oid */*encryption_type*/, + const heim_oid */*contentType*/, + heim_octet_string */*content*/); + +/** + * Decode and unencrypt EnvelopedData. + * + * Extract data and parameteres from from the EnvelopedData. Also + * supports using detached EnvelopedData. + * + * @param context A hx509 context. + * @param certs Certificate that can decrypt the EnvelopedData + * encryption key. + * @param flags HX509_CMS_UE flags to control the behavior. + * @param data pointer the structure the contains the DER/BER encoded + * EnvelopedData stucture. + * @param length length of the data that data point to. + * @param encryptedContent in case of detached signature, this + * contains the actual encrypted data, othersize its should be NULL. + * @param time_now set the current time, if zero the library uses now as the date. + * @param contentType output type oid, should be freed with der_free_oid(). + * @param content the data, free with der_free_octet_string(). + * + * @return an hx509 error code. + * + * @ingroup hx509_cms + */ + +int +hx509_cms_unenvelope ( + hx509_context /*context*/, + hx509_certs /*certs*/, + int /*flags*/, + const void */*data*/, + size_t /*length*/, + const heim_octet_string */*encryptedContent*/, + time_t /*time_now*/, + heim_oid */*contentType*/, + heim_octet_string */*content*/); + +/** + * Decode an ContentInfo and unwrap data and oid it. + * + * @param in the encoded buffer. + * @param oid type of the content. + * @param out data to be wrapped. + * @param have_data since the data is optional, this flags show dthe + * diffrence between no data and the zero length data. + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_cms + */ + +int +hx509_cms_unwrap_ContentInfo ( + const heim_octet_string */*in*/, + heim_oid */*oid*/, + heim_octet_string */*out*/, + int */*have_data*/); + +/** + * Decode SignedData and verify that the signature is correct. + * + * @param context A hx509 context. + * @param ctx a hx509 verify context. + * @param flags to control the behaivor of the function. + * - HX509_CMS_VS_NO_KU_CHECK - Don't check KeyUsage + * - HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH - allow oid mismatch + * - HX509_CMS_VS_ALLOW_ZERO_SIGNER - no signer, see below. + * @param data pointer to CMS SignedData encoded data. + * @param length length of the data that data point to. + * @param signedContent external data used for signature. + * @param pool certificate pool to build certificates paths. + * @param contentType free with der_free_oid(). + * @param content the output of the function, free with + * der_free_octet_string(). + * @param signer_certs list of the cerficates used to sign this + * request, free with hx509_certs_free(). + * + * @return an hx509 error code. + * + * @ingroup hx509_cms + */ + +int +hx509_cms_verify_signed ( + hx509_context /*context*/, + hx509_verify_ctx /*ctx*/, + unsigned int /*flags*/, + const void */*data*/, + size_t /*length*/, + const heim_octet_string */*signedContent*/, + hx509_certs /*pool*/, + heim_oid */*contentType*/, + heim_octet_string */*content*/, + hx509_certs */*signer_certs*/); + +/** + * Wrap data and oid in a ContentInfo and encode it. + * + * @param oid type of the content. + * @param buf data to be wrapped. If a NULL pointer is passed in, the + * optional content field in the ContentInfo is not going be filled + * in. + * @param res the encoded buffer, the result should be freed with + * der_free_octet_string(). + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_cms + */ + +int +hx509_cms_wrap_ContentInfo ( + const heim_oid */*oid*/, + const heim_octet_string */*buf*/, + heim_octet_string */*res*/); + +/** + * Free the context allocated by hx509_context_init(). + * + * @param context context to be freed. + * + * @ingroup hx509 + */ + +void +hx509_context_free (hx509_context */*context*/); + +/** + * Creates a hx509 context that most functions in the library + * uses. The context is only allowed to be used by one thread at each + * moment. Free the context with hx509_context_free(). + * + * @param context Returns a pointer to new hx509 context. + * + * @return Returns an hx509 error code. + * + * @ingroup hx509 + */ + +int +hx509_context_init (hx509_context */*context*/); + +/** + * Selects if the hx509_revoke_verify() function is going to require + * the existans of a revokation method (OCSP, CRL) or not. Note that + * hx509_verify_path(), hx509_cms_verify_signed(), and other function + * call hx509_revoke_verify(). + * + * @param context hx509 context to change the flag for. + * @param flag zero, revokation method required, non zero missing + * revokation method ok + * + * @ingroup hx509_verify + */ + +void +hx509_context_set_missing_revoke ( + hx509_context /*context*/, + int /*flag*/); + +/** + * Add revoked certificate to an CRL context. + * + * @param context a hx509 context. + * @param crl the CRL to add the revoked certificate to. + * @param certs keyset of certificate to revoke. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_verify + */ + +int +hx509_crl_add_revoked_certs ( + hx509_context /*context*/, + hx509_crl /*crl*/, + hx509_certs /*certs*/); + +/** + * Create a CRL context. Use hx509_crl_free() to free the CRL context. + * + * @param context a hx509 context. + * @param crl return pointer to a newly allocated CRL context. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_verify + */ + +int +hx509_crl_alloc ( + hx509_context /*context*/, + hx509_crl */*crl*/); + +/** + * Free a CRL context. + * + * @param context a hx509 context. + * @param crl a CRL context to free. + * + * @ingroup hx509_verify + */ + +void +hx509_crl_free ( + hx509_context /*context*/, + hx509_crl */*crl*/); + +/** + * Set the lifetime of a CRL context. + * + * @param context a hx509 context. + * @param crl a CRL context + * @param delta delta time the certificate is valid, library adds the + * current time to this. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_verify + */ + +int +hx509_crl_lifetime ( + hx509_context /*context*/, + hx509_crl /*crl*/, + int /*delta*/); + +/** + * Sign a CRL and return an encode certificate. + * + * @param context a hx509 context. + * @param signer certificate to sign the CRL with + * @param crl the CRL to sign + * @param os return the signed and encoded CRL, free with + * free_heim_octet_string() + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_verify + */ + +int +hx509_crl_sign ( + hx509_context /*context*/, + hx509_cert /*signer*/, + hx509_crl /*crl*/, + heim_octet_string */*os*/); + +const AlgorithmIdentifier * +hx509_crypto_aes128_cbc (void); + +const AlgorithmIdentifier * +hx509_crypto_aes256_cbc (void); + +void +hx509_crypto_allow_weak (hx509_crypto /*crypto*/); + +int +hx509_crypto_available ( + hx509_context /*context*/, + int /*type*/, + hx509_cert /*source*/, + AlgorithmIdentifier **/*val*/, + unsigned int */*plen*/); + +int +hx509_crypto_decrypt ( + hx509_crypto /*crypto*/, + const void */*data*/, + const size_t /*length*/, + heim_octet_string */*ivec*/, + heim_octet_string */*clear*/); + +const AlgorithmIdentifier * +hx509_crypto_des_rsdi_ede3_cbc (void); + +void +hx509_crypto_destroy (hx509_crypto /*crypto*/); + +int +hx509_crypto_encrypt ( + hx509_crypto /*crypto*/, + const void */*data*/, + const size_t /*length*/, + const heim_octet_string */*ivec*/, + heim_octet_string **/*ciphertext*/); + +const heim_oid * +hx509_crypto_enctype_by_name (const char */*name*/); + +void +hx509_crypto_free_algs ( + AlgorithmIdentifier */*val*/, + unsigned int /*len*/); + +int +hx509_crypto_get_params ( + hx509_context /*context*/, + hx509_crypto /*crypto*/, + const heim_octet_string */*ivec*/, + heim_octet_string */*param*/); + +int +hx509_crypto_init ( + hx509_context /*context*/, + const char */*provider*/, + const heim_oid */*enctype*/, + hx509_crypto */*crypto*/); + +const char * +hx509_crypto_provider (hx509_crypto /*crypto*/); + +int +hx509_crypto_random_iv ( + hx509_crypto /*crypto*/, + heim_octet_string */*ivec*/); + +int +hx509_crypto_select ( + const hx509_context /*context*/, + int /*type*/, + const hx509_private_key /*source*/, + hx509_peer_info /*peer*/, + AlgorithmIdentifier */*selected*/); + +int +hx509_crypto_set_key_data ( + hx509_crypto /*crypto*/, + const void */*data*/, + size_t /*length*/); + +int +hx509_crypto_set_key_name ( + hx509_crypto /*crypto*/, + const char */*name*/); + +void +hx509_crypto_set_padding ( + hx509_crypto /*crypto*/, + int /*padding_type*/); + +int +hx509_crypto_set_params ( + hx509_context /*context*/, + hx509_crypto /*crypto*/, + const heim_octet_string */*param*/, + heim_octet_string */*ivec*/); + +int +hx509_crypto_set_random_key ( + hx509_crypto /*crypto*/, + heim_octet_string */*key*/); + +/** + * Add a new key/value pair to the hx509_env. + * + * @param context A hx509 context. + * @param env environment to add the environment variable too. + * @param key key to add + * @param value value to add + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_env + */ + +int +hx509_env_add ( + hx509_context /*context*/, + hx509_env */*env*/, + const char */*key*/, + const char */*value*/); + +/** + * Add a new key/binding pair to the hx509_env. + * + * @param context A hx509 context. + * @param env environment to add the environment variable too. + * @param key key to add + * @param list binding list to add + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_env + */ + +int +hx509_env_add_binding ( + hx509_context /*context*/, + hx509_env */*env*/, + const char */*key*/, + hx509_env /*list*/); + +/** + * Search the hx509_env for a key. + * + * @param context A hx509 context. + * @param env environment to add the environment variable too. + * @param key key to search for. + * + * @return the value if the key is found, NULL otherwise. + * + * @ingroup hx509_env + */ + +const char * +hx509_env_find ( + hx509_context /*context*/, + hx509_env /*env*/, + const char */*key*/); + +/** + * Search the hx509_env for a binding. + * + * @param context A hx509 context. + * @param env environment to add the environment variable too. + * @param key key to search for. + * + * @return the binding if the key is found, NULL if not found. + * + * @ingroup hx509_env + */ + +hx509_env +hx509_env_find_binding ( + hx509_context /*context*/, + hx509_env /*env*/, + const char */*key*/); + +/** + * Free an hx509_env environment context. + * + * @param env the environment to free. + * + * @ingroup hx509_env + */ + +void +hx509_env_free (hx509_env */*env*/); + +/** + * Search the hx509_env for a length based key. + * + * @param context A hx509 context. + * @param env environment to add the environment variable too. + * @param key key to search for. + * @param len length of key. + * + * @return the value if the key is found, NULL otherwise. + * + * @ingroup hx509_env + */ + +const char * +hx509_env_lfind ( + hx509_context /*context*/, + hx509_env /*env*/, + const char */*key*/, + size_t /*len*/); + +/** + * Print error message and fatally exit from error code + * + * @param context A hx509 context. + * @param exit_code exit() code from process. + * @param error_code Error code for the reason to exit. + * @param fmt format string with the exit message. + * @param ... argument to format string. + * + * @ingroup hx509_error + */ + +void +hx509_err ( + hx509_context /*context*/, + int /*exit_code*/, + int /*error_code*/, + const char */*fmt*/, + ...); + +hx509_private_key_ops * +hx509_find_private_alg (const heim_oid */*oid*/); + +/** + * Free error string returned by hx509_get_error_string(). + * + * @param str error string to free. + * + * @ingroup hx509_error + */ + +void +hx509_free_error_string (char */*str*/); + +/** + * Free a list of octet strings returned by another hx509 library + * function. + * + * @param list list to be freed. + * + * @ingroup hx509_misc + */ + +void +hx509_free_octet_string_list (hx509_octet_string_list */*list*/); + +/** + * Unparse the hx509 name in name into a string. + * + * @param name the name to print + * @param str an allocated string returns the name in string form + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_name + */ + +int +hx509_general_name_unparse ( + GeneralName */*name*/, + char **/*str*/); + +/** + * Get an error string from context associated with error_code. + * + * @param context A hx509 context. + * @param error_code Get error message for this error code. + * + * @return error string, free with hx509_free_error_string(). + * + * @ingroup hx509_error + */ + +char * +hx509_get_error_string ( + hx509_context /*context*/, + int /*error_code*/); + +/** + * Get one random certificate from the certificate store. + * + * @param context a hx509 context. + * @param certs a certificate store to get the certificate from. + * @param c return certificate, should be freed with hx509_cert_free(). + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_keyset + */ + +int +hx509_get_one_cert ( + hx509_context /*context*/, + hx509_certs /*certs*/, + hx509_cert */*c*/); + +int +hx509_lock_add_cert ( + hx509_context /*context*/, + hx509_lock /*lock*/, + hx509_cert /*cert*/); + +int +hx509_lock_add_certs ( + hx509_context /*context*/, + hx509_lock /*lock*/, + hx509_certs /*certs*/); + +int +hx509_lock_add_password ( + hx509_lock /*lock*/, + const char */*password*/); + +int +hx509_lock_command_string ( + hx509_lock /*lock*/, + const char */*string*/); + +void +hx509_lock_free (hx509_lock /*lock*/); + +/** + * @page page_lock Locking and unlocking certificates and encrypted data. + * + * See the library functions here: @ref hx509_lock + */ + +int +hx509_lock_init ( + hx509_context /*context*/, + hx509_lock */*lock*/); + +int +hx509_lock_prompt ( + hx509_lock /*lock*/, + hx509_prompt */*prompt*/); + +void +hx509_lock_reset_certs ( + hx509_context /*context*/, + hx509_lock /*lock*/); + +void +hx509_lock_reset_passwords (hx509_lock /*lock*/); + +void +hx509_lock_reset_promper (hx509_lock /*lock*/); + +int +hx509_lock_set_prompter ( + hx509_lock /*lock*/, + hx509_prompter_fct /*prompt*/, + void */*data*/); + +/** + * Convert a hx509_name object to DER encoded name. + * + * @param name name to concert + * @param os data to a DER encoded name, free the resulting octet + * string with hx509_xfree(os->data). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_name + */ + +int +hx509_name_binary ( + const hx509_name /*name*/, + heim_octet_string */*os*/); + +/** + * Compare to hx509 name object, useful for sorting. + * + * @param n1 a hx509 name object. + * @param n2 a hx509 name object. + * + * @return 0 the objects are the same, returns > 0 is n2 is "larger" + * then n2, < 0 if n1 is "smaller" then n2. + * + * @ingroup hx509_name + */ + +int +hx509_name_cmp ( + hx509_name /*n1*/, + hx509_name /*n2*/); + +/** + * Copy a hx509 name object. + * + * @param context A hx509 cotext. + * @param from the name to copy from + * @param to the name to copy to + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_name + */ + +int +hx509_name_copy ( + hx509_context /*context*/, + const hx509_name /*from*/, + hx509_name */*to*/); + +/** + * Expands variables in the name using env. Variables are on the form + * ${name}. Useful when dealing with certificate templates. + * + * @param context A hx509 cotext. + * @param name the name to expand. + * @param env environment variable to expand. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_name + */ + +int +hx509_name_expand ( + hx509_context /*context*/, + hx509_name /*name*/, + hx509_env /*env*/); + +/** + * Free a hx509 name object, upond return *name will be NULL. + * + * @param name a hx509 name object to be freed. + * + * @ingroup hx509_name + */ + +void +hx509_name_free (hx509_name */*name*/); + +/** + * Unparse the hx509 name in name into a string. + * + * @param name the name to check if its empty/null. + * + * @return non zero if the name is empty/null. + * + * @ingroup hx509_name + */ + +int +hx509_name_is_null_p (const hx509_name /*name*/); + +int +hx509_name_normalize ( + hx509_context /*context*/, + hx509_name /*name*/); + +/** + * Convert a hx509_name into a Name. + * + * @param from the name to copy from + * @param to the name to copy to + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_name + */ + +int +hx509_name_to_Name ( + const hx509_name /*from*/, + Name */*to*/); + +/** + * Convert the hx509 name object into a printable string. + * The resulting string should be freed with free(). + * + * @param name name to print + * @param str the string to return + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_name + */ + +int +hx509_name_to_string ( + const hx509_name /*name*/, + char **/*str*/); + +/** + * Create an OCSP request for a set of certificates. + * + * @param context a hx509 context + * @param reqcerts list of certificates to request ocsp data for + * @param pool certificate pool to use when signing + * @param signer certificate to use to sign the request + * @param digest the signing algorithm in the request, if NULL use the + * default signature algorithm, + * @param request the encoded request, free with free_heim_octet_string(). + * @param nonce nonce in the request, free with free_heim_octet_string(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_revoke + */ + +int +hx509_ocsp_request ( + hx509_context /*context*/, + hx509_certs /*reqcerts*/, + hx509_certs /*pool*/, + hx509_cert /*signer*/, + const AlgorithmIdentifier */*digest*/, + heim_octet_string */*request*/, + heim_octet_string */*nonce*/); + +/** + * Verify that the certificate is part of the OCSP reply and it's not + * expired. Doesn't verify signature the OCSP reply or it's done by a + * authorized sender, that is assumed to be already done. + * + * @param context a hx509 context + * @param now the time right now, if 0, use the current time. + * @param cert the certificate to verify + * @param flags flags control the behavior + * @param data pointer to the encode ocsp reply + * @param length the length of the encode ocsp reply + * @param expiration return the time the OCSP will expire and need to + * be rechecked. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_verify + */ + +int +hx509_ocsp_verify ( + hx509_context /*context*/, + time_t /*now*/, + hx509_cert /*cert*/, + int /*flags*/, + const void */*data*/, + size_t /*length*/, + time_t */*expiration*/); + +/** + * Print a oid using a hx509_vprint_func function. To print to stdout + * use hx509_print_stdout(). + * + * @param oid oid to print + * @param func hx509_vprint_func to print with. + * @param ctx context variable to hx509_vprint_func function. + * + * @ingroup hx509_print + */ + +void +hx509_oid_print ( + const heim_oid */*oid*/, + hx509_vprint_func /*func*/, + void */*ctx*/); + +/** + * Print a oid to a string. + * + * @param oid oid to print + * @param str allocated string, free with hx509_xfree(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_print + */ + +int +hx509_oid_sprint ( + const heim_oid */*oid*/, + char **/*str*/); + +/** + * Parse a string into a hx509 name object. + * + * @param context A hx509 context. + * @param str a string to parse. + * @param name the resulting object, NULL in case of error. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_name + */ + +int +hx509_parse_name ( + hx509_context /*context*/, + const char */*str*/, + hx509_name */*name*/); + +int +hx509_parse_private_key ( + hx509_context /*context*/, + const AlgorithmIdentifier */*keyai*/, + const void */*data*/, + size_t /*len*/, + hx509_key_format_t /*format*/, + hx509_private_key */*private_key*/); + +/** + * Add an additional algorithm that the peer supports. + * + * @param context A hx509 context. + * @param peer the peer to set the new algorithms for + * @param val an AlgorithmsIdentier to add + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_peer + */ + +int +hx509_peer_info_add_cms_alg ( + hx509_context /*context*/, + hx509_peer_info /*peer*/, + const AlgorithmIdentifier */*val*/); + +/** + * Allocate a new peer info structure an init it to default values. + * + * @param context A hx509 context. + * @param peer return an allocated peer, free with hx509_peer_info_free(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_peer + */ + +int +hx509_peer_info_alloc ( + hx509_context /*context*/, + hx509_peer_info */*peer*/); + +/** + * Free a peer info structure. + * + * @param peer peer info to be freed. + * + * @ingroup hx509_peer + */ + +void +hx509_peer_info_free (hx509_peer_info /*peer*/); + +/** + * Set the certificate that remote peer is using. + * + * @param peer peer info to update + * @param cert cerificate of the remote peer. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_peer + */ + +int +hx509_peer_info_set_cert ( + hx509_peer_info /*peer*/, + hx509_cert /*cert*/); + +/** + * Set the algorithms that the peer supports. + * + * @param context A hx509 context. + * @param peer the peer to set the new algorithms for + * @param val array of supported AlgorithmsIdentiers + * @param len length of array val. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_peer + */ + +int +hx509_peer_info_set_cms_algs ( + hx509_context /*context*/, + hx509_peer_info /*peer*/, + const AlgorithmIdentifier */*val*/, + size_t /*len*/); + +int +hx509_pem_add_header ( + hx509_pem_header **/*headers*/, + const char */*header*/, + const char */*value*/); + +const char * +hx509_pem_find_header ( + const hx509_pem_header */*h*/, + const char */*header*/); + +void +hx509_pem_free_header (hx509_pem_header */*headers*/); + +int +hx509_pem_read ( + hx509_context /*context*/, + FILE */*f*/, + hx509_pem_read_func /*func*/, + void */*ctx*/); + +int +hx509_pem_write ( + hx509_context /*context*/, + const char */*type*/, + hx509_pem_header */*headers*/, + FILE */*f*/, + const void */*data*/, + size_t /*size*/); + +/** + * Print a simple representation of a certificate + * + * @param context A hx509 context, can be NULL + * @param cert certificate to print + * @param out the stdio output stream, if NULL, stdout is used + * + * @return An hx509 error code + * + * @ingroup hx509_cert + */ + +int +hx509_print_cert ( + hx509_context /*context*/, + hx509_cert /*cert*/, + FILE */*out*/); + +/** + * Helper function to print on stdout for: + * - hx509_oid_print(), + * - hx509_bitstring_print(), + * - hx509_validate_ctx_set_print(). + * + * @param ctx the context to the print function. If the ctx is NULL, + * stdout is used. + * @param fmt the printing format. + * @param va the argumet list. + * + * @ingroup hx509_print + */ + +void +hx509_print_stdout ( + void */*ctx*/, + const char */*fmt*/, + va_list /*va*/); + +int +hx509_private_key2SPKI ( + hx509_context /*context*/, + hx509_private_key /*private_key*/, + SubjectPublicKeyInfo */*spki*/); + +void +hx509_private_key_assign_rsa ( + hx509_private_key /*key*/, + void */*ptr*/); + +int +hx509_private_key_free (hx509_private_key */*key*/); + +int +hx509_private_key_init ( + hx509_private_key */*key*/, + hx509_private_key_ops */*ops*/, + void */*keydata*/); + +int +hx509_private_key_private_decrypt ( + hx509_context /*context*/, + const heim_octet_string */*ciphertext*/, + const heim_oid */*encryption_oid*/, + hx509_private_key /*p*/, + heim_octet_string */*cleartext*/); + +int +hx509_prompt_hidden (hx509_prompt_type /*type*/); + +/** + * Allocate an query controller. Free using hx509_query_free(). + * + * @param context A hx509 context. + * @param q return pointer to a hx509_query. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + +int +hx509_query_alloc ( + hx509_context /*context*/, + hx509_query **/*q*/); + +/** + * Free the query controller. + * + * @param context A hx509 context. + * @param q a pointer to the query controller. + * + * @ingroup hx509_cert + */ + +void +hx509_query_free ( + hx509_context /*context*/, + hx509_query */*q*/); + +/** + * Set the query controller to match using a specific match function. + * + * @param q a hx509 query controller. + * @param func function to use for matching, if the argument is NULL, + * the match function is removed. + * @param ctx context passed to the function. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + +int +hx509_query_match_cmp_func ( + hx509_query */*q*/, + int (*/*func*/)(hx509_context, hx509_cert, void *), + void */*ctx*/); + +/** + * Set the query controller to require an one specific EKU (extended + * key usage). Any previous EKU matching is overwitten. If NULL is + * passed in as the eku, the EKU requirement is reset. + * + * @param q a hx509 query controller. + * @param eku an EKU to match on. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + +int +hx509_query_match_eku ( + hx509_query */*q*/, + const heim_oid */*eku*/); + +int +hx509_query_match_expr ( + hx509_context /*context*/, + hx509_query */*q*/, + const char */*expr*/); + +/** + * Set the query controller to match on a friendly name + * + * @param q a hx509 query controller. + * @param name a friendly name to match on + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + +int +hx509_query_match_friendly_name ( + hx509_query */*q*/, + const char */*name*/); + +/** + * Set the issuer and serial number of match in the query + * controller. The function make copies of the isser and serial number. + * + * @param q a hx509 query controller + * @param issuer issuer to search for + * @param serialNumber the serialNumber of the issuer. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + +int +hx509_query_match_issuer_serial ( + hx509_query */*q*/, + const Name */*issuer*/, + const heim_integer */*serialNumber*/); + +/** + * Set match options for the hx509 query controller. + * + * @param q query controller. + * @param option options to control the query controller. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + +void +hx509_query_match_option ( + hx509_query */*q*/, + hx509_query_option /*option*/); + +/** + * Set a statistic file for the query statistics. + * + * @param context A hx509 context. + * @param fn statistics file name + * + * @ingroup hx509_cert + */ + +void +hx509_query_statistic_file ( + hx509_context /*context*/, + const char */*fn*/); + +/** + * Unparse the statistics file and print the result on a FILE descriptor. + * + * @param context A hx509 context. + * @param printtype tyep to print + * @param out the FILE to write the data on. + * + * @ingroup hx509_cert + */ + +void +hx509_query_unparse_stats ( + hx509_context /*context*/, + int /*printtype*/, + FILE */*out*/); + +void +hx509_request_free (hx509_request */*req*/); + +int +hx509_request_get_SubjectPublicKeyInfo ( + hx509_context /*context*/, + hx509_request /*req*/, + SubjectPublicKeyInfo */*key*/); + +int +hx509_request_get_name ( + hx509_context /*context*/, + hx509_request /*req*/, + hx509_name */*name*/); + +int +hx509_request_init ( + hx509_context /*context*/, + hx509_request */*req*/); + +int +hx509_request_set_SubjectPublicKeyInfo ( + hx509_context /*context*/, + hx509_request /*req*/, + const SubjectPublicKeyInfo */*key*/); + +int +hx509_request_set_name ( + hx509_context /*context*/, + hx509_request /*req*/, + hx509_name /*name*/); + +/** + * Add a CRL file to the revokation context. + * + * @param context hx509 context + * @param ctx hx509 revokation context + * @param path path to file that is going to be added to the context. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_revoke + */ + +int +hx509_revoke_add_crl ( + hx509_context /*context*/, + hx509_revoke_ctx /*ctx*/, + const char */*path*/); + +/** + * Add a OCSP file to the revokation context. + * + * @param context hx509 context + * @param ctx hx509 revokation context + * @param path path to file that is going to be added to the context. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_revoke + */ + +int +hx509_revoke_add_ocsp ( + hx509_context /*context*/, + hx509_revoke_ctx /*ctx*/, + const char */*path*/); + +/** + * Free a hx509 revokation context. + * + * @param ctx context to be freed + * + * @ingroup hx509_revoke + */ + +void +hx509_revoke_free (hx509_revoke_ctx */*ctx*/); + +/** + * Allocate a revokation context. Free with hx509_revoke_free(). + * + * @param context A hx509 context. + * @param ctx returns a newly allocated revokation context. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_revoke + */ + +int +hx509_revoke_init ( + hx509_context /*context*/, + hx509_revoke_ctx */*ctx*/); + +/** + * Print the OCSP reply stored in a file. + * + * @param context a hx509 context + * @param path path to a file with a OCSP reply + * @param out the out FILE descriptor to print the reply on + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_revoke + */ + +int +hx509_revoke_ocsp_print ( + hx509_context /*context*/, + const char */*path*/, + FILE */*out*/); + +int +hx509_revoke_print ( + hx509_context /*context*/, + hx509_revoke_ctx /*ctx*/, + FILE */*out*/); + +/** + * Check that a certificate is not expired according to a revokation + * context. Also need the parent certificte to the check OCSP + * parent identifier. + * + * @param context hx509 context + * @param ctx hx509 revokation context + * @param certs + * @param now + * @param cert + * @param parent_cert + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_revoke + */ + +int +hx509_revoke_verify ( + hx509_context /*context*/, + hx509_revoke_ctx /*ctx*/, + hx509_certs /*certs*/, + time_t /*now*/, + hx509_cert /*cert*/, + hx509_cert /*parent_cert*/); + +/** + * See hx509_set_error_stringv(). + * + * @param context A hx509 context. + * @param flags + * - HX509_ERROR_APPEND appends the error string to the old messages + (code is updated). + * @param code error code related to error message + * @param fmt error message format + * @param ... arguments to error message format + * + * @ingroup hx509_error + */ + +void +hx509_set_error_string ( + hx509_context /*context*/, + int /*flags*/, + int /*code*/, + const char */*fmt*/, + ...); + +/** + * Add an error message to the hx509 context. + * + * @param context A hx509 context. + * @param flags + * - HX509_ERROR_APPEND appends the error string to the old messages + (code is updated). + * @param code error code related to error message + * @param fmt error message format + * @param ap arguments to error message format + * + * @ingroup hx509_error + */ + +void +hx509_set_error_stringv ( + hx509_context /*context*/, + int /*flags*/, + int /*code*/, + const char */*fmt*/, + va_list /*ap*/); + +const AlgorithmIdentifier * +hx509_signature_ecPublicKey (void); + +const AlgorithmIdentifier * +hx509_signature_ecdsa_with_sha256 (void); + +const AlgorithmIdentifier * +hx509_signature_md5 (void); + +const AlgorithmIdentifier * +hx509_signature_rsa (void); + +const AlgorithmIdentifier * +hx509_signature_rsa_pkcs1_x509 (void); + +const AlgorithmIdentifier * +hx509_signature_rsa_with_md5 (void); + +const AlgorithmIdentifier * +hx509_signature_rsa_with_sha1 (void); + +const AlgorithmIdentifier * +hx509_signature_rsa_with_sha256 (void); + +const AlgorithmIdentifier * +hx509_signature_rsa_with_sha384 (void); + +const AlgorithmIdentifier * +hx509_signature_rsa_with_sha512 (void); + +const AlgorithmIdentifier * +hx509_signature_sha1 (void); + +const AlgorithmIdentifier * +hx509_signature_sha256 (void); + +const AlgorithmIdentifier * +hx509_signature_sha384 (void); + +const AlgorithmIdentifier * +hx509_signature_sha512 (void); + +/** + * Convert a DER encoded name info a string. + * + * @param data data to a DER/BER encoded name + * @param length length of data + * @param str the resulting string, is NULL on failure. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_name + */ + +int +hx509_unparse_der_name ( + const void */*data*/, + size_t /*length*/, + char **/*str*/); + +/** + * Validate/Print the status of the certificate. + * + * @param context A hx509 context. + * @param ctx A hx509 validation context. + * @param cert the cerificate to validate/print. + + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_print + */ + +int +hx509_validate_cert ( + hx509_context /*context*/, + hx509_validate_ctx /*ctx*/, + hx509_cert /*cert*/); + +/** + * Add flags to control the behaivor of the hx509_validate_cert() + * function. + * + * @param ctx A hx509 validation context. + * @param flags flags to add to the validation context. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_print + */ + +void +hx509_validate_ctx_add_flags ( + hx509_validate_ctx /*ctx*/, + int /*flags*/); + +/** + * Free an hx509 validate context. + * + * @param ctx the hx509 validate context to free. + * + * @ingroup hx509_print + */ + +void +hx509_validate_ctx_free (hx509_validate_ctx /*ctx*/); + +/** + * Allocate a hx509 validation/printing context. + * + * @param context A hx509 context. + * @param ctx a new allocated hx509 validation context, free with + * hx509_validate_ctx_free(). + + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_print + */ + +int +hx509_validate_ctx_init ( + hx509_context /*context*/, + hx509_validate_ctx */*ctx*/); + +/** + * Set the printing functions for the validation context. + * + * @param ctx a hx509 valication context. + * @param func the printing function to usea. + * @param c the context variable to the printing function. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_print + */ + +void +hx509_validate_ctx_set_print ( + hx509_validate_ctx /*ctx*/, + hx509_vprint_func /*func*/, + void */*c*/); + +/** + * Set the trust anchors in the verification context, makes an + * reference to the keyset, so the consumer can free the keyset + * independent of the destruction of the verification context (ctx). + * If there already is a keyset attached, it's released. + * + * @param ctx a verification context + * @param set a keyset containing the trust anchors. + * + * @ingroup hx509_verify + */ + +void +hx509_verify_attach_anchors ( + hx509_verify_ctx /*ctx*/, + hx509_certs /*set*/); + +/** + * Attach an revocation context to the verfication context, , makes an + * reference to the revoke context, so the consumer can free the + * revoke context independent of the destruction of the verification + * context. If there is no revoke context, the verification process is + * NOT going to check any verification status. + * + * @param ctx a verification context. + * @param revoke_ctx a revoke context. + * + * @ingroup hx509_verify + */ + +void +hx509_verify_attach_revoke ( + hx509_verify_ctx /*ctx*/, + hx509_revoke_ctx /*revoke_ctx*/); + +void +hx509_verify_ctx_f_allow_best_before_signature_algs ( + hx509_context /*ctx*/, + int /*boolean*/); + +/** + * Allow using the operating system builtin trust anchors if no other + * trust anchors are configured. + * + * @param ctx a verification context + * @param boolean if non zero, useing the operating systems builtin + * trust anchors. + * + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + +void +hx509_verify_ctx_f_allow_default_trustanchors ( + hx509_verify_ctx /*ctx*/, + int /*boolean*/); + +/** + * Free an hx509 verification context. + * + * @param ctx the context to be freed. + * + * @ingroup hx509_verify + */ + +void +hx509_verify_destroy_ctx (hx509_verify_ctx /*ctx*/); + +/** + * Verify that the certificate is allowed to be used for the hostname + * and address. + * + * @param context A hx509 context. + * @param cert the certificate to match with + * @param flags Flags to modify the behavior: + * - HX509_VHN_F_ALLOW_NO_MATCH no match is ok + * @param type type of hostname: + * - HX509_HN_HOSTNAME for plain hostname. + * - HX509_HN_DNSSRV for DNS SRV names. + * @param hostname the hostname to check + * @param sa address of the host + * @param sa_size length of address + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + +int +hx509_verify_hostname ( + hx509_context /*context*/, + const hx509_cert /*cert*/, + int /*flags*/, + hx509_hostname_type /*type*/, + const char */*hostname*/, + const struct sockaddr */*sa*/, + int /*sa_size*/); + +/** + * Allocate an verification context that is used fo control the + * verification process. + * + * @param context A hx509 context. + * @param ctx returns a pointer to a hx509_verify_ctx object. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_verify + */ + +int +hx509_verify_init_ctx ( + hx509_context /*context*/, + hx509_verify_ctx */*ctx*/); + +/** + * Build and verify the path for the certificate to the trust anchor + * specified in the verify context. The path is constructed from the + * certificate, the pool and the trust anchors. + * + * @param context A hx509 context. + * @param ctx A hx509 verification context. + * @param cert the certificate to build the path from. + * @param pool A keyset of certificates to build the chain from. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_verify + */ + +int +hx509_verify_path ( + hx509_context /*context*/, + hx509_verify_ctx /*ctx*/, + hx509_cert /*cert*/, + hx509_certs /*pool*/); + +/** + * Set the maximum depth of the certificate chain that the path + * builder is going to try. + * + * @param ctx a verification context + * @param max_depth maxium depth of the certificate chain, include + * trust anchor. + * + * @ingroup hx509_verify + */ + +void +hx509_verify_set_max_depth ( + hx509_verify_ctx /*ctx*/, + unsigned int /*max_depth*/); + +/** + * Allow or deny the use of proxy certificates + * + * @param ctx a verification context + * @param boolean if non zero, allow proxy certificates. + * + * @ingroup hx509_verify + */ + +void +hx509_verify_set_proxy_certificate ( + hx509_verify_ctx /*ctx*/, + int /*boolean*/); + +/** + * Select strict RFC3280 verification of certificiates. This means + * checking key usage on CA certificates, this will make version 1 + * certificiates unuseable. + * + * @param ctx a verification context + * @param boolean if non zero, use strict verification. + * + * @ingroup hx509_verify + */ + +void +hx509_verify_set_strict_rfc3280_verification ( + hx509_verify_ctx /*ctx*/, + int /*boolean*/); + +/** + * Set the clock time the the verification process is going to + * use. Used to check certificate in the past and future time. If not + * set the current time will be used. + * + * @param ctx a verification context. + * @param t the time the verifiation is using. + * + * + * @ingroup hx509_verify + */ + +void +hx509_verify_set_time ( + hx509_verify_ctx /*ctx*/, + time_t /*t*/); + +/** + * Verify a signature made using the private key of an certificate. + * + * @param context A hx509 context. + * @param signer the certificate that made the signature. + * @param alg algorthm that was used to sign the data. + * @param data the data that was signed. + * @param sig the sigature to verify. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_crypto + */ + +int +hx509_verify_signature ( + hx509_context /*context*/, + const hx509_cert /*signer*/, + const AlgorithmIdentifier */*alg*/, + const heim_octet_string */*data*/, + const heim_octet_string */*sig*/); + +/** + * Free a data element allocated in the library. + * + * @param ptr data to be freed. + * + * @ingroup hx509_misc + */ + +void +hx509_xfree (void */*ptr*/); + +int +yywrap (void); + +#ifdef __cplusplus +} +#endif + +#endif /* DOXY */ +#endif /* __hx509_protos_h__ */ diff --git a/kerberos5/include/hx509.h b/kerberos5/include/hx509.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/hx509.h @@ -0,0 +1,187 @@ +/* + * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef HEIMDAL_HX509_H +#define HEIMDAL_HX509_H 1 + +#include +#include +#include +#include + +typedef struct hx509_cert_attribute_data *hx509_cert_attribute; +typedef struct hx509_cert_data *hx509_cert; +typedef struct hx509_certs_data *hx509_certs; +typedef struct hx509_context_data *hx509_context; +typedef struct hx509_crypto_data *hx509_crypto; +typedef struct hx509_lock_data *hx509_lock; +typedef struct hx509_name_data *hx509_name; +typedef struct hx509_private_key *hx509_private_key; +typedef struct hx509_private_key_ops hx509_private_key_ops; +typedef struct hx509_validate_ctx_data *hx509_validate_ctx; +typedef struct hx509_verify_ctx_data *hx509_verify_ctx; +typedef struct hx509_revoke_ctx_data *hx509_revoke_ctx; +typedef struct hx509_query_data hx509_query; +typedef void * hx509_cursor; +typedef struct hx509_request_data *hx509_request; +typedef struct hx509_error_data *hx509_error; +typedef struct hx509_peer_info *hx509_peer_info; +typedef struct hx509_ca_tbs *hx509_ca_tbs; +typedef struct hx509_env_data *hx509_env; +typedef struct hx509_crl *hx509_crl; + +typedef void (*hx509_vprint_func)(void *, const char *, va_list); + +enum { + HX509_VHN_F_ALLOW_NO_MATCH = 1 +}; + +enum { + HX509_VALIDATE_F_VALIDATE = 1, + HX509_VALIDATE_F_VERBOSE = 2 +}; + +enum { + HX509_CRYPTO_PADDING_PKCS7 = 0, + HX509_CRYPTO_PADDING_NONE = 1 +}; + +enum { + HX509_KEY_FORMAT_GUESS = 0, + HX509_KEY_FORMAT_DER = 1, + HX509_KEY_FORMAT_WIN_BACKUPKEY = 2 +}; +typedef uint32_t hx509_key_format_t; + +struct hx509_cert_attribute_data { + heim_oid oid; + heim_octet_string data; +}; + +typedef enum { + HX509_PROMPT_TYPE_PASSWORD = 0x1, /* password, hidden */ + HX509_PROMPT_TYPE_QUESTION = 0x2, /* question, not hidden */ + HX509_PROMPT_TYPE_INFO = 0x4 /* infomation, reply doesn't matter */ +} hx509_prompt_type; + +typedef struct hx509_prompt { + const char *prompt; + hx509_prompt_type type; + heim_octet_string reply; +} hx509_prompt; + +typedef int (*hx509_prompter_fct)(void *, const hx509_prompt *); + +typedef struct hx509_octet_string_list { + size_t len; + heim_octet_string *val; +} hx509_octet_string_list; + +typedef struct hx509_pem_header { + struct hx509_pem_header *next; + char *header; + char *value; +} hx509_pem_header; + +typedef int +(*hx509_pem_read_func)(hx509_context, const char *, const hx509_pem_header *, + const void *, size_t, void *ctx); + +/* + * Options passed to hx509_query_match_option. + */ +typedef enum { + HX509_QUERY_OPTION_PRIVATE_KEY = 1, + HX509_QUERY_OPTION_KU_ENCIPHERMENT = 2, + HX509_QUERY_OPTION_KU_DIGITALSIGNATURE = 3, + HX509_QUERY_OPTION_KU_KEYCERTSIGN = 4, + HX509_QUERY_OPTION_END = 0xffff +} hx509_query_option; + +/* flags to hx509_certs_init */ +#define HX509_CERTS_CREATE 0x01 +#define HX509_CERTS_UNPROTECT_ALL 0x02 + +/* flags to hx509_set_error_string */ +#define HX509_ERROR_APPEND 0x01 + +/* flags to hx509_cms_unenvelope */ +#define HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT 0x01 +#define HX509_CMS_UE_ALLOW_WEAK 0x02 + +/* flags to hx509_cms_envelope_1 */ +#define HX509_CMS_EV_NO_KU_CHECK 0x01 +#define HX509_CMS_EV_ALLOW_WEAK 0x02 +#define HX509_CMS_EV_ID_NAME 0x04 + +/* flags to hx509_cms_verify_signed */ +#define HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH 0x01 +#define HX509_CMS_VS_NO_KU_CHECK 0x02 +#define HX509_CMS_VS_ALLOW_ZERO_SIGNER 0x04 +#define HX509_CMS_VS_NO_VALIDATE 0x08 + +/* selectors passed to hx509_crypto_select and hx509_crypto_available */ +#define HX509_SELECT_ALL 0 +#define HX509_SELECT_DIGEST 1 +#define HX509_SELECT_PUBLIC_SIG 2 +#define HX509_SELECT_PUBLIC_ENC 3 +#define HX509_SELECT_SECRET_ENC 4 + +/* flags to hx509_ca_tbs_set_template */ +#define HX509_CA_TEMPLATE_SUBJECT 1 +#define HX509_CA_TEMPLATE_SERIAL 2 +#define HX509_CA_TEMPLATE_NOTBEFORE 4 +#define HX509_CA_TEMPLATE_NOTAFTER 8 +#define HX509_CA_TEMPLATE_SPKI 16 +#define HX509_CA_TEMPLATE_KU 32 +#define HX509_CA_TEMPLATE_EKU 64 + +/* flags hx509_cms_create_signed* */ +#define HX509_CMS_SIGNATURE_DETACHED 0x01 +#define HX509_CMS_SIGNATURE_ID_NAME 0x02 +#define HX509_CMS_SIGNATURE_NO_SIGNER 0x04 +#define HX509_CMS_SIGNATURE_LEAF_ONLY 0x08 +#define HX509_CMS_SIGNATURE_NO_CERTS 0x10 + +/* hx509_verify_hostname nametype */ +typedef enum { + HX509_HN_HOSTNAME = 0, + HX509_HN_DNSSRV +} hx509_hostname_type; + +#include +#include + +#endif /* HEIMDAL_HX509_H */ diff --git a/kerberos5/include/hx509_err.h b/kerberos5/include/hx509_err.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/hx509_err.h @@ -0,0 +1,96 @@ +/* Generated from hx509_err.et */ +/* $Id$ */ + +#ifndef __hx509_err_h__ +#define __hx509_err_h__ + +struct et_list; + +void initialize_hx_error_table_r(struct et_list **); + +void initialize_hx_error_table(void); +#define init_hx_err_tbl initialize_hx_error_table + +typedef enum hx_error_number{ + HX509_BAD_TIMEFORMAT = 569856, + HX509_EXTENSION_NOT_FOUND = 569857, + HX509_NO_PATH = 569858, + HX509_PARENT_NOT_CA = 569859, + HX509_CA_PATH_TOO_DEEP = 569860, + HX509_SIG_ALG_NO_SUPPORTED = 569861, + HX509_SIG_ALG_DONT_MATCH_KEY_ALG = 569862, + HX509_CERT_USED_BEFORE_TIME = 569863, + HX509_CERT_USED_AFTER_TIME = 569864, + HX509_PRIVATE_KEY_MISSING = 569865, + HX509_ALG_NOT_SUPP = 569866, + HX509_ISSUER_NOT_FOUND = 569867, + HX509_VERIFY_CONSTRAINTS = 569868, + HX509_RANGE = 569869, + HX509_NAME_CONSTRAINT_ERROR = 569870, + HX509_PATH_TOO_LONG = 569871, + HX509_KU_CERT_MISSING = 569872, + HX509_CERT_NOT_FOUND = 569873, + HX509_UNKNOWN_LOCK_COMMAND = 569874, + HX509_PARENT_IS_CA = 569875, + HX509_EXTRA_DATA_AFTER_STRUCTURE = 569876, + HX509_PROXY_CERT_INVALID = 569877, + HX509_PROXY_CERT_NAME_WRONG = 569878, + HX509_NAME_MALFORMED = 569879, + HX509_CERTIFICATE_MALFORMED = 569880, + HX509_CERTIFICATE_MISSING_EKU = 569881, + HX509_PROXY_CERTIFICATE_NOT_CANONICALIZED = 569882, + HX509_CMS_FAILED_CREATE_SIGATURE = 569888, + HX509_CMS_MISSING_SIGNER_DATA = 569889, + HX509_CMS_SIGNER_NOT_FOUND = 569890, + HX509_CMS_NO_DATA_AVAILABLE = 569891, + HX509_CMS_INVALID_DATA = 569892, + HX509_CMS_PADDING_ERROR = 569893, + HX509_CMS_NO_RECIPIENT_CERTIFICATE = 569894, + HX509_CMS_DATA_OID_MISMATCH = 569895, + HX509_CRYPTO_INTERNAL_ERROR = 569920, + HX509_CRYPTO_EXTERNAL_ERROR = 569921, + HX509_CRYPTO_SIGNATURE_MISSING = 569922, + HX509_CRYPTO_BAD_SIGNATURE = 569923, + HX509_CRYPTO_SIG_NO_CONF = 569924, + HX509_CRYPTO_SIG_INVALID_FORMAT = 569925, + HX509_CRYPTO_OID_MISMATCH = 569926, + HX509_CRYPTO_NO_PROMPTER = 569927, + HX509_CRYPTO_SIGNATURE_WITHOUT_SIGNER = 569928, + HX509_CRYPTO_RSA_PUBLIC_ENCRYPT = 569929, + HX509_CRYPTO_RSA_PRIVATE_ENCRYPT = 569930, + HX509_CRYPTO_RSA_PUBLIC_DECRYPT = 569931, + HX509_CRYPTO_RSA_PRIVATE_DECRYPT = 569932, + HX509_CRYPTO_ALGORITHM_BEST_BEFORE = 569933, + HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED = 569934, + HX509_CRL_USED_BEFORE_TIME = 569952, + HX509_CRL_USED_AFTER_TIME = 569953, + HX509_CRL_INVALID_FORMAT = 569954, + HX509_CERT_REVOKED = 569955, + HX509_REVOKE_STATUS_MISSING = 569956, + HX509_CRL_UNKNOWN_EXTENSION = 569957, + HX509_REVOKE_WRONG_DATA = 569958, + HX509_REVOKE_NOT_SAME_PARENT = 569959, + HX509_CERT_NOT_IN_OCSP = 569960, + HX509_LOCAL_ATTRIBUTE_MISSING = 569964, + HX509_PARSING_KEY_FAILED = 569965, + HX509_UNSUPPORTED_OPERATION = 569966, + HX509_UNIMPLEMENTED_OPERATION = 569967, + HX509_PARSING_NAME_FAILED = 569968, + HX509_PKCS11_NO_SLOT = 569984, + HX509_PKCS11_NO_TOKEN = 569985, + HX509_PKCS11_NO_MECH = 569986, + HX509_PKCS11_TOKEN_CONFUSED = 569987, + HX509_PKCS11_OPEN_SESSION = 569988, + HX509_PKCS11_LOGIN = 569989, + HX509_PKCS11_LOAD = 569990, + HX509_PKCS11_PIN_INCORRECT = 569991, + HX509_PKCS11_PIN_LOCKED = 569992, + HX509_PKCS11_PIN_NOT_INITIALIZED = 569993, + HX509_PKCS11_PIN_EXPIRED = 569994 +} hx_error_number; + +#define ERROR_TABLE_BASE_hx 569856 + +#define COM_ERR_BINDDOMAIN_hx "heim_com_err569856" + +#endif /* __hx509_err_h__ */ diff --git a/kerberos5/include/k524_err.h b/kerberos5/include/k524_err.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/k524_err.h @@ -0,0 +1,29 @@ +/* Generated from k524_err.et */ +/* $Id$ */ + +#ifndef __k524_err_h__ +#define __k524_err_h__ + +struct et_list; + +void initialize_k524_error_table_r(struct et_list **); + +void initialize_k524_error_table(void); +#define init_k524_err_tbl initialize_k524_error_table + +typedef enum k524_error_number{ + KRB524_BADKEY = -1750206208, + KRB524_BADADDR = -1750206207, + KRB524_BADPRINC = -1750206206, + KRB524_BADREALM = -1750206205, + KRB524_V4ERR = -1750206204, + KRB524_ENCFULL = -1750206203, + KRB524_DECEMPTY = -1750206202, + KRB524_NOTRESP = -1750206201 +} k524_error_number; + +#define ERROR_TABLE_BASE_k524 -1750206208 + +#define COM_ERR_BINDDOMAIN_k524 "heim_com_err-1750206208" + +#endif /* __k524_err_h__ */ diff --git a/kerberos5/include/kadm5/admin.h b/kerberos5/include/kadm5/admin.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/kadm5/admin.h @@ -0,0 +1,237 @@ +/* + * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +/* $Id$ */ + +#ifndef __KADM5_ADMIN_H__ +#define __KADM5_ADMIN_H__ + +#define KADM5_API_VERSION_1 1 +#define KADM5_API_VERSION_2 2 + +#ifndef USE_KADM5_API_VERSION +#define USE_KADM5_API_VERSION KADM5_API_VERSION_2 +#endif + +#if USE_KADM5_API_VERSION != KADM5_API_VERSION_2 +#error No support for API versions other than 2 +#endif + +#define KADM5_STRUCT_VERSION 0 + +/* For kadm5_log_get_version_fd() */ +#define LOG_VERSION_LAST -1 +#define LOG_VERSION_FIRST 1 +#define LOG_VERSION_UBER 0 + +#include + +#define KRB5_KDB_DISALLOW_POSTDATED 0x00000001 +#define KRB5_KDB_DISALLOW_FORWARDABLE 0x00000002 +#define KRB5_KDB_DISALLOW_TGT_BASED 0x00000004 +#define KRB5_KDB_DISALLOW_RENEWABLE 0x00000008 +#define KRB5_KDB_DISALLOW_PROXIABLE 0x00000010 +#define KRB5_KDB_DISALLOW_DUP_SKEY 0x00000020 +#define KRB5_KDB_DISALLOW_ALL_TIX 0x00000040 +#define KRB5_KDB_REQUIRES_PRE_AUTH 0x00000080 +#define KRB5_KDB_REQUIRES_HW_AUTH 0x00000100 +#define KRB5_KDB_REQUIRES_PWCHANGE 0x00000200 +#define KRB5_KDB_DISALLOW_SVR 0x00001000 +#define KRB5_KDB_PWCHANGE_SERVICE 0x00002000 +#define KRB5_KDB_SUPPORT_DESMD5 0x00004000 +#define KRB5_KDB_NEW_PRINC 0x00008000 +#define KRB5_KDB_OK_AS_DELEGATE 0x00010000 +#define KRB5_KDB_TRUSTED_FOR_DELEGATION 0x00020000 +#define KRB5_KDB_ALLOW_KERBEROS4 0x00040000 +#define KRB5_KDB_ALLOW_DIGEST 0x00080000 + +#define KADM5_PRINCIPAL 0x000001 +#define KADM5_PRINC_EXPIRE_TIME 0x000002 +#define KADM5_PW_EXPIRATION 0x000004 +#define KADM5_LAST_PWD_CHANGE 0x000008 +#define KADM5_ATTRIBUTES 0x000010 +#define KADM5_MAX_LIFE 0x000020 +#define KADM5_MOD_TIME 0x000040 +#define KADM5_MOD_NAME 0x000080 +#define KADM5_KVNO 0x000100 +#define KADM5_MKVNO 0x000200 +#define KADM5_AUX_ATTRIBUTES 0x000400 +#define KADM5_POLICY 0x000800 +#define KADM5_POLICY_CLR 0x001000 +#define KADM5_MAX_RLIFE 0x002000 +#define KADM5_LAST_SUCCESS 0x004000 +#define KADM5_LAST_FAILED 0x008000 +#define KADM5_FAIL_AUTH_COUNT 0x010000 +#define KADM5_KEY_DATA 0x020000 +#define KADM5_TL_DATA 0x040000 + +#define KADM5_PRINCIPAL_NORMAL_MASK (~(KADM5_KEY_DATA | KADM5_TL_DATA)) + +#define KADM5_PW_MAX_LIFE 0x004000 +#define KADM5_PW_MIN_LIFE 0x008000 +#define KADM5_PW_MIN_LENGTH 0x010000 +#define KADM5_PW_MIN_CLASSES 0x020000 +#define KADM5_PW_HISTORY_NUM 0x040000 +#define KADM5_REF_COUNT 0x080000 + +#define KADM5_POLICY_NORMAL_MASK (~0) + +#define KADM5_ADMIN_SERVICE "kadmin/admin" +#define KADM5_HIST_PRINCIPAL "kadmin/history" +#define KADM5_CHANGEPW_SERVICE "kadmin/changepw" + +typedef struct { + int16_t key_data_ver; /* Version */ + int16_t key_data_kvno; /* Key Version */ + int16_t key_data_type[2]; /* Array of types */ + int16_t key_data_length[2]; /* Array of lengths */ + void* key_data_contents[2];/* Array of pointers */ +} krb5_key_data; + +typedef struct _krb5_keysalt { + int16_t type; + krb5_data data; /* Length, data */ +} krb5_keysalt; + +typedef struct _krb5_tl_data { + struct _krb5_tl_data* tl_data_next; + int16_t tl_data_type; + int16_t tl_data_length; + void* tl_data_contents; +} krb5_tl_data; + +#define KRB5_TL_LAST_PWD_CHANGE 0x0001 +#define KRB5_TL_MOD_PRINC 0x0002 +#define KRB5_TL_KADM_DATA 0x0003 +#define KRB5_TL_KADM5_E_DATA 0x0004 +#define KRB5_TL_RB1_CHALLENGE 0x0005 +#define KRB5_TL_SECURID_STATE 0x0006 +#define KRB5_TL_PASSWORD 0x0007 +#define KRB5_TL_EXTENSION 0x0008 +#define KRB5_TL_PKINIT_ACL 0x0009 +#define KRB5_TL_ALIASES 0x000a +#define KRB5_TL_HIST_KVNO_DIFF_CLNT 0x000b +#define KRB5_TL_HIST_KVNO_DIFF_SVC 0x000c + +typedef struct _kadm5_principal_ent_t { + krb5_principal principal; + + krb5_timestamp princ_expire_time; + krb5_timestamp last_pwd_change; + krb5_timestamp pw_expiration; + krb5_deltat max_life; + krb5_principal mod_name; + krb5_timestamp mod_date; + krb5_flags attributes; + krb5_kvno kvno; + krb5_kvno mkvno; + + char * policy; + uint32_t aux_attributes; + + krb5_deltat max_renewable_life; + krb5_timestamp last_success; + krb5_timestamp last_failed; + krb5_kvno fail_auth_count; + int16_t n_key_data; + int16_t n_tl_data; + krb5_tl_data *tl_data; + krb5_key_data *key_data; +} kadm5_principal_ent_rec, *kadm5_principal_ent_t; + +typedef struct _kadm5_policy_ent_t { + char *policy; + + uint32_t pw_min_life; + uint32_t pw_max_life; + uint32_t pw_min_length; + uint32_t pw_min_classes; + uint32_t pw_history_num; + uint32_t policy_refcnt; +} kadm5_policy_ent_rec, *kadm5_policy_ent_t; + +#define KADM5_CONFIG_REALM (1 << 0) +#define KADM5_CONFIG_PROFILE (1 << 1) +#define KADM5_CONFIG_KADMIND_PORT (1 << 2) +#define KADM5_CONFIG_ADMIN_SERVER (1 << 3) +#define KADM5_CONFIG_DBNAME (1 << 4) +#define KADM5_CONFIG_ADBNAME (1 << 5) +#define KADM5_CONFIG_ADB_LOCKFILE (1 << 6) +#define KADM5_CONFIG_ACL_FILE (1 << 7) +#define KADM5_CONFIG_DICT_FILE (1 << 8) +#define KADM5_CONFIG_ADMIN_KEYTAB (1 << 9) +#define KADM5_CONFIG_MKEY_FROM_KEYBOARD (1 << 10) +#define KADM5_CONFIG_STASH_FILE (1 << 11) +#define KADM5_CONFIG_MKEY_NAME (1 << 12) +#define KADM5_CONFIG_ENCTYPE (1 << 13) +#define KADM5_CONFIG_MAX_LIFE (1 << 14) +#define KADM5_CONFIG_MAX_RLIFE (1 << 15) +#define KADM5_CONFIG_EXPIRATION (1 << 16) +#define KADM5_CONFIG_FLAGS (1 << 17) +#define KADM5_CONFIG_ENCTYPES (1 << 18) + +#define KADM5_PRIV_GET (1 << 0) +#define KADM5_PRIV_ADD (1 << 1) +#define KADM5_PRIV_MODIFY (1 << 2) +#define KADM5_PRIV_DELETE (1 << 3) +#define KADM5_PRIV_LIST (1 << 4) +#define KADM5_PRIV_CPW (1 << 5) +#define KADM5_PRIV_GET_KEYS (1 << 6) + +/* Note: KADM5_PRIV_GET_KEYS not included */ +#define KADM5_PRIV_ALL (KADM5_PRIV_GET | KADM5_PRIV_ADD | KADM5_PRIV_MODIFY | KADM5_PRIV_DELETE | KADM5_PRIV_LIST | KADM5_PRIV_CPW) + +#define KADM5_BOGUS_KEY_DATA "\xe5\xe5\xe5\xe5" + +typedef struct _kadm5_config_params { + uint32_t mask; + + /* Client and server fields */ + char *realm; + int kadmind_port; + + /* client fields */ + char *admin_server; + + /* server fields */ + char *dbname; + char *acl_file; + + /* server library (database) fields */ + char *stash_file; +} kadm5_config_params; + +typedef krb5_error_code kadm5_ret_t; + +#include "kadm5-protos.h" + +#endif /* __KADM5_ADMIN_H__ */ diff --git a/kerberos5/include/kadm5/kadm5-private.h b/kerberos5/include/kadm5/kadm5-private.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/kadm5/kadm5-private.h @@ -0,0 +1,588 @@ +/* This is a generated file */ +#ifndef __kadm5_private_h__ +#define __kadm5_private_h__ + +#include + +kadm5_ret_t +_kadm5_acl_check_permission ( + kadm5_server_context */*context*/, + unsigned /*op*/, + krb5_const_principal /*princ*/); + +kadm5_ret_t +_kadm5_acl_init (kadm5_server_context */*context*/); + +kadm5_ret_t +_kadm5_bump_pw_expire ( + kadm5_server_context */*context*/, + hdb_entry */*ent*/); + +krb5_error_code +_kadm5_c_get_cred_cache ( + krb5_context /*context*/, + const char */*client_name*/, + const char */*server_name*/, + const char */*password*/, + krb5_prompter_fct /*prompter*/, + const char */*keytab*/, + krb5_ccache /*ccache*/, + krb5_ccache */*ret_cache*/); + +kadm5_ret_t +_kadm5_c_init_context ( + kadm5_client_context **/*ctx*/, + kadm5_config_params */*params*/, + krb5_context /*context*/); + +kadm5_ret_t +_kadm5_client_recv ( + kadm5_client_context */*context*/, + krb5_data */*reply*/); + +kadm5_ret_t +_kadm5_client_send ( + kadm5_client_context */*context*/, + krb5_storage */*sp*/); + +kadm5_ret_t +_kadm5_connect (void */*handle*/); + +kadm5_ret_t +_kadm5_error_code (kadm5_ret_t /*code*/); + +int +_kadm5_exists_keys_hist ( + Key */*keys1*/, + int /*len1*/, + HDB_Ext_KeySet */*hist_keys*/); + +void +_kadm5_free_keys ( + krb5_context /*context*/, + int /*len*/, + Key */*keys*/); + +void +_kadm5_init_keys ( + Key */*keys*/, + int /*len*/); + +kadm5_ret_t +_kadm5_marshal_params ( + krb5_context /*context*/, + kadm5_config_params */*params*/, + krb5_data */*out*/); + +kadm5_ret_t +_kadm5_privs_to_string ( + uint32_t /*privs*/, + char */*string*/, + size_t /*len*/); + +HDB * +_kadm5_s_get_db (void */*server_handle*/); + +kadm5_ret_t +_kadm5_s_init_context ( + kadm5_server_context **/*ctx*/, + kadm5_config_params */*params*/, + krb5_context /*context*/); + +kadm5_ret_t +_kadm5_set_keys ( + kadm5_server_context */*context*/, + hdb_entry */*ent*/, + int /*n_ks_tuple*/, + krb5_key_salt_tuple */*ks_tuple*/, + const char */*password*/); + +kadm5_ret_t +_kadm5_set_keys2 ( + kadm5_server_context */*context*/, + hdb_entry */*ent*/, + int16_t /*n_key_data*/, + krb5_key_data */*key_data*/); + +kadm5_ret_t +_kadm5_set_keys3 ( + kadm5_server_context */*context*/, + hdb_entry */*ent*/, + int /*n_keys*/, + krb5_keyblock */*keyblocks*/); + +kadm5_ret_t +_kadm5_set_keys_randomly ( + kadm5_server_context */*context*/, + hdb_entry */*ent*/, + int /*n_ks_tuple*/, + krb5_key_salt_tuple */*ks_tuple*/, + krb5_keyblock **/*new_keys*/, + int */*n_keys*/); + +kadm5_ret_t +_kadm5_set_modifier ( + kadm5_server_context */*context*/, + hdb_entry */*ent*/); + +kadm5_ret_t +_kadm5_setup_entry ( + kadm5_server_context */*context*/, + hdb_entry_ex */*ent*/, + uint32_t /*mask*/, + kadm5_principal_ent_t /*princ*/, + uint32_t /*princ_mask*/, + kadm5_principal_ent_t /*def*/, + uint32_t /*def_mask*/); + +kadm5_ret_t +_kadm5_string_to_privs ( + const char */*s*/, + uint32_t* /*privs*/); + +kadm5_ret_t +_kadm5_unmarshal_params ( + krb5_context /*context*/, + krb5_data */*in*/, + kadm5_config_params */*params*/); + +kadm5_ret_t +kadm5_c_chpass_principal ( + void */*server_handle*/, + krb5_principal /*princ*/, + int /*keepold*/, + int /*n_ks_tuple*/, + krb5_key_salt_tuple */*ks_tuple*/, + const char */*password*/); + +kadm5_ret_t +kadm5_c_chpass_principal_with_key ( + void */*server_handle*/, + krb5_principal /*princ*/, + int /*keepold*/, + int /*n_key_data*/, + krb5_key_data */*key_data*/); + +kadm5_ret_t +kadm5_c_create_principal ( + void */*server_handle*/, + kadm5_principal_ent_t /*princ*/, + uint32_t /*mask*/, + int /*n_ks_tuple*/, + krb5_key_salt_tuple */*ks_tuple*/, + const char */*password*/); + +kadm5_ret_t +kadm5_c_delete_principal ( + void */*server_handle*/, + krb5_principal /*princ*/); + +kadm5_ret_t +kadm5_c_destroy (void */*server_handle*/); + +kadm5_ret_t +kadm5_c_flush (void */*server_handle*/); + +kadm5_ret_t +kadm5_c_get_principal ( + void */*server_handle*/, + krb5_principal /*princ*/, + kadm5_principal_ent_t /*out*/, + uint32_t /*mask*/); + +kadm5_ret_t +kadm5_c_get_principals ( + void */*server_handle*/, + const char */*expression*/, + char ***/*princs*/, + int */*count*/); + +kadm5_ret_t +kadm5_c_get_privs ( + void */*server_handle*/, + uint32_t */*privs*/); + +kadm5_ret_t +kadm5_c_init_with_creds ( + const char */*client_name*/, + krb5_ccache /*ccache*/, + const char */*service_name*/, + kadm5_config_params */*realm_params*/, + unsigned long /*struct_version*/, + unsigned long /*api_version*/, + void **/*server_handle*/); + +kadm5_ret_t +kadm5_c_init_with_creds_ctx ( + krb5_context /*context*/, + const char */*client_name*/, + krb5_ccache /*ccache*/, + const char */*service_name*/, + kadm5_config_params */*realm_params*/, + unsigned long /*struct_version*/, + unsigned long /*api_version*/, + void **/*server_handle*/); + +kadm5_ret_t +kadm5_c_init_with_password ( + const char */*client_name*/, + const char */*password*/, + const char */*service_name*/, + kadm5_config_params */*realm_params*/, + unsigned long /*struct_version*/, + unsigned long /*api_version*/, + void **/*server_handle*/); + +kadm5_ret_t +kadm5_c_init_with_password_ctx ( + krb5_context /*context*/, + const char */*client_name*/, + const char */*password*/, + const char */*service_name*/, + kadm5_config_params */*realm_params*/, + unsigned long /*struct_version*/, + unsigned long /*api_version*/, + void **/*server_handle*/); + +kadm5_ret_t +kadm5_c_init_with_skey ( + const char */*client_name*/, + const char */*keytab*/, + const char */*service_name*/, + kadm5_config_params */*realm_params*/, + unsigned long /*struct_version*/, + unsigned long /*api_version*/, + void **/*server_handle*/); + +kadm5_ret_t +kadm5_c_init_with_skey_ctx ( + krb5_context /*context*/, + const char */*client_name*/, + const char */*keytab*/, + const char */*service_name*/, + kadm5_config_params */*realm_params*/, + unsigned long /*struct_version*/, + unsigned long /*api_version*/, + void **/*server_handle*/); + +kadm5_ret_t +kadm5_c_modify_principal ( + void */*server_handle*/, + kadm5_principal_ent_t /*princ*/, + uint32_t /*mask*/); + +kadm5_ret_t +kadm5_c_randkey_principal ( + void */*server_handle*/, + krb5_principal /*princ*/, + krb5_boolean /*keepold*/, + int /*n_ks_tuple*/, + krb5_key_salt_tuple */*ks_tuple*/, + krb5_keyblock **/*new_keys*/, + int */*n_keys*/); + +kadm5_ret_t +kadm5_c_rename_principal ( + void */*server_handle*/, + krb5_principal /*source*/, + krb5_principal /*target*/); + +kadm5_ret_t +kadm5_log_create ( + kadm5_server_context */*context*/, + hdb_entry */*entry*/); + +kadm5_ret_t +kadm5_log_delete ( + kadm5_server_context */*context*/, + krb5_principal /*princ*/); + +kadm5_ret_t +kadm5_log_end (kadm5_server_context */*server_context*/); + +kadm5_ret_t +kadm5_log_foreach ( + kadm5_server_context */*context*/, + enum kadm_iter_opts /*iter_opts*/, + off_t */*off_lastp*/, + kadm5_ret_t (*/*func*/)(kadm5_server_context *server_context, uint32_t ver, time_t timestamp, enum kadm_ops op, uint32_t len, krb5_storage *sp, void *ctx), + void */*ctx*/); + +kadm5_ret_t +kadm5_log_get_version ( + kadm5_server_context */*server_context*/, + uint32_t */*ver*/); + +kadm5_ret_t +kadm5_log_get_version_fd ( + kadm5_server_context */*server_context*/, + int /*fd*/, + int /*which*/, + uint32_t */*ver*/, + uint32_t */*tstamp*/); + +kadm5_ret_t +kadm5_log_goto_end ( + kadm5_server_context */*server_context*/, + krb5_storage */*sp*/); + +kadm5_ret_t +kadm5_log_goto_first ( + kadm5_server_context */*server_context*/, + krb5_storage */*sp*/); + +kadm5_ret_t +kadm5_log_init (kadm5_server_context */*server_context*/); + +kadm5_ret_t +kadm5_log_init_nb (kadm5_server_context */*server_context*/); + +kadm5_ret_t +kadm5_log_init_nolock (kadm5_server_context */*server_context*/); + +kadm5_ret_t +kadm5_log_init_sharedlock ( + kadm5_server_context */*server_context*/, + int /*lock_flags*/); + +kadm5_ret_t +kadm5_log_modify ( + kadm5_server_context */*context*/, + hdb_entry */*entry*/, + uint32_t /*mask*/); + +kadm5_ret_t +kadm5_log_next ( + krb5_context /*context*/, + krb5_storage */*sp*/, + uint32_t */*verp*/, + time_t */*tstampp*/, + enum kadm_ops */*opp*/, + uint32_t */*lenp*/); + +kadm5_ret_t +kadm5_log_nop ( + kadm5_server_context */*context*/, + enum kadm_nop_type /*nop_type*/); + +kadm5_ret_t +kadm5_log_previous ( + krb5_context /*context*/, + krb5_storage */*sp*/, + uint32_t */*verp*/, + time_t */*tstampp*/, + enum kadm_ops */*opp*/, + uint32_t */*lenp*/); + +kadm5_ret_t +kadm5_log_recover ( + kadm5_server_context */*context*/, + enum kadm_recover_mode /*mode*/); + +kadm5_ret_t +kadm5_log_reinit ( + kadm5_server_context */*server_context*/, + uint32_t /*vno*/); + +kadm5_ret_t +kadm5_log_rename ( + kadm5_server_context */*context*/, + krb5_principal /*source*/, + hdb_entry */*entry*/); + +kadm5_ret_t +kadm5_log_replay ( + kadm5_server_context */*context*/, + enum kadm_ops /*op*/, + uint32_t /*ver*/, + uint32_t /*len*/, + krb5_storage */*sp*/); + +kadm5_ret_t +kadm5_log_set_version ( + kadm5_server_context */*context*/, + uint32_t /*vno*/); + +void +kadm5_log_signal_master (kadm5_server_context */*context*/); + +const char * +kadm5_log_signal_socket (krb5_context /*context*/); + +kadm5_ret_t +kadm5_log_signal_socket_info ( + krb5_context /*context*/, + int /*server_end*/, + struct addrinfo **/*ret_addrs*/); + +kadm5_ret_t +kadm5_log_truncate ( + kadm5_server_context */*context*/, + size_t /*keep*/, + size_t /*maxbytes*/); + +kadm5_ret_t +kadm5_s_chpass_principal ( + void */*server_handle*/, + krb5_principal /*princ*/, + int /*keepold*/, + int /*n_ks_tuple*/, + krb5_key_salt_tuple */*ks_tuple*/, + const char */*password*/); + +kadm5_ret_t +kadm5_s_chpass_principal_cond ( + void */*server_handle*/, + krb5_principal /*princ*/, + int /*keepold*/, + const char */*password*/); + +kadm5_ret_t +kadm5_s_chpass_principal_with_key ( + void */*server_handle*/, + krb5_principal /*princ*/, + int /*keepold*/, + int /*n_key_data*/, + krb5_key_data */*key_data*/); + +kadm5_ret_t +kadm5_s_create_principal ( + void */*server_handle*/, + kadm5_principal_ent_t /*princ*/, + uint32_t /*mask*/, + int /*n_ks_tuple*/, + krb5_key_salt_tuple */*ks_tuple*/, + const char */*password*/); + +kadm5_ret_t +kadm5_s_create_principal_with_key ( + void */*server_handle*/, + kadm5_principal_ent_t /*princ*/, + uint32_t /*mask*/); + +kadm5_ret_t +kadm5_s_delete_principal ( + void */*server_handle*/, + krb5_principal /*princ*/); + +kadm5_ret_t +kadm5_s_destroy (void */*server_handle*/); + +kadm5_ret_t +kadm5_s_flush (void */*server_handle*/); + +kadm5_ret_t +kadm5_s_get_principal ( + void */*server_handle*/, + krb5_principal /*princ*/, + kadm5_principal_ent_t /*out*/, + uint32_t /*mask*/); + +kadm5_ret_t +kadm5_s_get_principals ( + void */*server_handle*/, + const char */*expression*/, + char ***/*princs*/, + int */*count*/); + +kadm5_ret_t +kadm5_s_get_privs ( + void */*server_handle*/, + uint32_t */*privs*/); + +kadm5_ret_t +kadm5_s_init_with_creds ( + const char */*client_name*/, + krb5_ccache /*ccache*/, + const char */*service_name*/, + kadm5_config_params */*realm_params*/, + unsigned long /*struct_version*/, + unsigned long /*api_version*/, + void **/*server_handle*/); + +kadm5_ret_t +kadm5_s_init_with_creds_ctx ( + krb5_context /*context*/, + const char */*client_name*/, + krb5_ccache /*ccache*/, + const char */*service_name*/, + kadm5_config_params */*realm_params*/, + unsigned long /*struct_version*/, + unsigned long /*api_version*/, + void **/*server_handle*/); + +kadm5_ret_t +kadm5_s_init_with_password ( + const char */*client_name*/, + const char */*password*/, + const char */*service_name*/, + kadm5_config_params */*realm_params*/, + unsigned long /*struct_version*/, + unsigned long /*api_version*/, + void **/*server_handle*/); + +kadm5_ret_t +kadm5_s_init_with_password_ctx ( + krb5_context /*context*/, + const char */*client_name*/, + const char */*password*/, + const char */*service_name*/, + kadm5_config_params */*realm_params*/, + unsigned long /*struct_version*/, + unsigned long /*api_version*/, + void **/*server_handle*/); + +kadm5_ret_t +kadm5_s_init_with_skey ( + const char */*client_name*/, + const char */*keytab*/, + const char */*service_name*/, + kadm5_config_params */*realm_params*/, + unsigned long /*struct_version*/, + unsigned long /*api_version*/, + void **/*server_handle*/); + +kadm5_ret_t +kadm5_s_init_with_skey_ctx ( + krb5_context /*context*/, + const char */*client_name*/, + const char */*keytab*/, + const char */*service_name*/, + kadm5_config_params */*realm_params*/, + unsigned long /*struct_version*/, + unsigned long /*api_version*/, + void **/*server_handle*/); + +kadm5_ret_t +kadm5_s_modify_principal ( + void */*server_handle*/, + kadm5_principal_ent_t /*princ*/, + uint32_t /*mask*/); + +kadm5_ret_t +kadm5_s_randkey_principal ( + void */*server_handle*/, + krb5_principal /*princ*/, + krb5_boolean /*keepold*/, + int /*n_ks_tuple*/, + krb5_key_salt_tuple */*ks_tuple*/, + krb5_keyblock **/*new_keys*/, + int */*n_keys*/); + +kadm5_ret_t +kadm5_s_rename_principal ( + void */*server_handle*/, + krb5_principal /*source*/, + krb5_principal /*target*/); + +kadm5_ret_t +kadm5_s_setkey_principal_3 ( + void */*server_handle*/, + krb5_principal /*princ*/, + krb5_boolean /*keepold*/, + int /*n_ks_tuple*/, + krb5_key_salt_tuple */*ks_tuple*/, + krb5_keyblock */*keyblocks*/, + int /*n_keys*/); + +#endif /* __kadm5_private_h__ */ diff --git a/kerberos5/include/kadm5/kadm5-protos.h b/kerberos5/include/kadm5/kadm5-protos.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/kadm5/kadm5-protos.h @@ -0,0 +1,395 @@ +/* This is a generated file */ +#ifndef __kadm5_protos_h__ +#define __kadm5_protos_h__ +#ifndef DOXY + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +kadm5_ret_t +kadm5_ad_init_with_password ( + const char */*client_name*/, + const char */*password*/, + const char */*service_name*/, + kadm5_config_params */*realm_params*/, + unsigned long /*struct_version*/, + unsigned long /*api_version*/, + void **/*server_handle*/); + +kadm5_ret_t +kadm5_ad_init_with_password_ctx ( + krb5_context /*context*/, + const char */*client_name*/, + const char */*password*/, + const char */*service_name*/, + kadm5_config_params */*realm_params*/, + unsigned long /*struct_version*/, + unsigned long /*api_version*/, + void **/*server_handle*/); + +krb5_error_code +kadm5_add_passwd_quality_verifier ( + krb5_context /*context*/, + const char */*check_library*/); + +int +kadm5_all_keys_are_bogus ( + size_t /*n_keys*/, + krb5_key_data */*keys*/); + +const char * +kadm5_check_password_quality ( + krb5_context /*context*/, + krb5_principal /*principal*/, + krb5_data */*pwd_data*/); + +kadm5_ret_t +kadm5_chpass_principal ( + void */*server_handle*/, + krb5_principal /*princ*/, + const char */*password*/); + +kadm5_ret_t +kadm5_chpass_principal_3 ( + void */*server_handle*/, + krb5_principal /*princ*/, + krb5_boolean /*keepold*/, + int /*n_ks_tuple*/, + krb5_key_salt_tuple */*ks_tuple*/, + const char */*password*/); + +kadm5_ret_t +kadm5_chpass_principal_with_key ( + void */*server_handle*/, + krb5_principal /*princ*/, + int /*n_key_data*/, + krb5_key_data */*key_data*/); + +kadm5_ret_t +kadm5_chpass_principal_with_key_3 ( + void */*server_handle*/, + krb5_principal /*princ*/, + int /*keepold*/, + int /*n_key_data*/, + krb5_key_data */*key_data*/); + +kadm5_ret_t +kadm5_create_policy ( + void */*server_handle*/, + kadm5_policy_ent_t /*policy*/, + long /*mask*/); + +kadm5_ret_t +kadm5_create_principal ( + void */*server_handle*/, + kadm5_principal_ent_t /*princ*/, + uint32_t /*mask*/, + const char */*password*/); + +kadm5_ret_t +kadm5_create_principal_3 ( + void */*server_handle*/, + kadm5_principal_ent_t /*princ*/, + uint32_t /*mask*/, + int /*n_ks_tuple*/, + krb5_key_salt_tuple */*ks_tuple*/, + char */*password*/); + +/** + * Extract decrypted keys from kadm5_principal_ent_t object. Mostly a + * no-op for Heimdal because we fetch the entry with decrypted keys. + * Sadly this is not fully a no-op, as we have to allocate a copy. + * + * @server_handle is the kadm5 handle + * @entry is the HDB entry for the principal in question + * @ktype is the enctype to get a key for, or -1 to get the first one + * @stype is the salttype to get a key for, or -1 to get the first match + * @kvno is the kvno to search for, or -1 to get the first match (highest kvno) + * @keyblock is where the key will be placed + * @keysalt, if not NULL, is where the salt will be placed + * @kvnop, if not NULL, is where the selected kvno will be placed + */ + +kadm5_ret_t +kadm5_decrypt_key ( + void */*server_handle*/, + kadm5_principal_ent_t /*entry*/, + int32_t /*ktype*/, + int32_t /*stype*/, + int32_t /*kvno*/, + krb5_keyblock */*keyblock*/, + krb5_keysalt */*keysalt*/, + int */*kvnop*/); + +kadm5_ret_t +kadm5_delete_policy ( + void */*server_handle*/, + char */*name*/); + +kadm5_ret_t +kadm5_delete_principal ( + void */*server_handle*/, + krb5_principal /*princ*/); + +kadm5_ret_t +kadm5_destroy (void */*server_handle*/); + +kadm5_ret_t +kadm5_flush (void */*server_handle*/); + +void +kadm5_free_key_data ( + void */*server_handle*/, + int16_t */*n_key_data*/, + krb5_key_data */*key_data*/); + +void +kadm5_free_name_list ( + void */*server_handle*/, + char **/*names*/, + int */*count*/); + +kadm5_ret_t +kadm5_free_policy_ent (kadm5_policy_ent_t /*ent*/); + +void +kadm5_free_principal_ent ( + void */*server_handle*/, + kadm5_principal_ent_t /*princ*/); + +kadm5_ret_t +kadm5_get_policies ( + void */*server_handle*/, + char */*exp*/, + char ***/*pols*/, + int */*count*/); + +kadm5_ret_t +kadm5_get_policy ( + void */*server_handle*/, + char */*policy*/, + kadm5_policy_ent_t /*ent*/); + +kadm5_ret_t +kadm5_get_principal ( + void */*server_handle*/, + krb5_principal /*princ*/, + kadm5_principal_ent_t /*out*/, + uint32_t /*mask*/); + +kadm5_ret_t +kadm5_get_principals ( + void */*server_handle*/, + const char */*expression*/, + char ***/*princs*/, + int */*count*/); + +kadm5_ret_t +kadm5_get_privs ( + void */*server_handle*/, + uint32_t */*privs*/); + +kadm5_ret_t +kadm5_init_with_creds ( + const char */*client_name*/, + krb5_ccache /*ccache*/, + const char */*service_name*/, + kadm5_config_params */*realm_params*/, + unsigned long /*struct_version*/, + unsigned long /*api_version*/, + void **/*server_handle*/); + +kadm5_ret_t +kadm5_init_with_creds_ctx ( + krb5_context /*context*/, + const char */*client_name*/, + krb5_ccache /*ccache*/, + const char */*service_name*/, + kadm5_config_params */*realm_params*/, + unsigned long /*struct_version*/, + unsigned long /*api_version*/, + void **/*server_handle*/); + +kadm5_ret_t +kadm5_init_with_password ( + const char */*client_name*/, + const char */*password*/, + const char */*service_name*/, + kadm5_config_params */*realm_params*/, + unsigned long /*struct_version*/, + unsigned long /*api_version*/, + void **/*server_handle*/); + +kadm5_ret_t +kadm5_init_with_password_ctx ( + krb5_context /*context*/, + const char */*client_name*/, + const char */*password*/, + const char */*service_name*/, + kadm5_config_params */*realm_params*/, + unsigned long /*struct_version*/, + unsigned long /*api_version*/, + void **/*server_handle*/); + +kadm5_ret_t +kadm5_init_with_skey ( + const char */*client_name*/, + const char */*keytab*/, + const char */*service_name*/, + kadm5_config_params */*realm_params*/, + unsigned long /*struct_version*/, + unsigned long /*api_version*/, + void **/*server_handle*/); + +kadm5_ret_t +kadm5_init_with_skey_ctx ( + krb5_context /*context*/, + const char */*client_name*/, + const char */*keytab*/, + const char */*service_name*/, + kadm5_config_params */*realm_params*/, + unsigned long /*struct_version*/, + unsigned long /*api_version*/, + void **/*server_handle*/); + +kadm5_ret_t +kadm5_lock (void */*server_handle*/); + +kadm5_ret_t +kadm5_modify_policy ( + void */*server_handle*/, + kadm5_policy_ent_t /*policy*/, + uint32_t /*mask*/); + +kadm5_ret_t +kadm5_modify_principal ( + void */*server_handle*/, + kadm5_principal_ent_t /*princ*/, + uint32_t /*mask*/); + +kadm5_ret_t +kadm5_randkey_principal ( + void */*server_handle*/, + krb5_principal /*princ*/, + krb5_keyblock **/*new_keys*/, + int */*n_keys*/); + +kadm5_ret_t +kadm5_randkey_principal_3 ( + void */*server_handle*/, + krb5_principal /*princ*/, + krb5_boolean /*keepold*/, + int /*n_ks_tuple*/, + krb5_key_salt_tuple */*ks_tuple*/, + krb5_keyblock **/*new_keys*/, + int */*n_keys*/); + +kadm5_ret_t +kadm5_rename_principal ( + void */*server_handle*/, + krb5_principal /*source*/, + krb5_principal /*target*/); + +kadm5_ret_t +kadm5_ret_key_data ( + krb5_storage */*sp*/, + krb5_key_data */*key*/); + +kadm5_ret_t +kadm5_ret_principal_ent ( + krb5_storage */*sp*/, + kadm5_principal_ent_t /*princ*/); + +kadm5_ret_t +kadm5_ret_principal_ent_mask ( + krb5_storage */*sp*/, + kadm5_principal_ent_t /*princ*/, + uint32_t */*mask*/); + +kadm5_ret_t +kadm5_ret_tl_data ( + krb5_storage */*sp*/, + krb5_tl_data */*tl*/); + +/** + * This function is allows the caller to set new keys for a principal. + * This is a trivial wrapper around kadm5_setkey_principal_3(). + */ + +kadm5_ret_t +kadm5_setkey_principal ( + void */*server_handle*/, + krb5_principal /*princ*/, + krb5_keyblock */*new_keys*/, + int /*n_keys*/); + +/** + * This function is allows the caller to set new keys for a principal. + * This is a simple wrapper around kadm5_get_principal() and + * kadm5_modify_principal(). + */ + +kadm5_ret_t +kadm5_setkey_principal_3 ( + void */*server_handle*/, + krb5_principal /*princ*/, + krb5_boolean /*keepold*/, + int /*n_ks_tuple*/, + krb5_key_salt_tuple */*ks_tuple*/, + krb5_keyblock */*keyblocks*/, + int /*n_keys*/); + +void +kadm5_setup_passwd_quality_check ( + krb5_context /*context*/, + const char */*check_library*/, + const char */*check_function*/); + +int +kadm5_some_keys_are_bogus ( + size_t /*n_keys*/, + krb5_key_data */*keys*/); + +kadm5_ret_t +kadm5_store_fake_key_data ( + krb5_storage */*sp*/, + krb5_key_data */*key*/); + +kadm5_ret_t +kadm5_store_key_data ( + krb5_storage */*sp*/, + krb5_key_data */*key*/); + +kadm5_ret_t +kadm5_store_principal_ent ( + krb5_storage */*sp*/, + kadm5_principal_ent_t /*princ*/); + +kadm5_ret_t +kadm5_store_principal_ent_mask ( + krb5_storage */*sp*/, + kadm5_principal_ent_t /*princ*/, + uint32_t /*mask*/); + +kadm5_ret_t +kadm5_store_principal_ent_nokeys ( + krb5_storage */*sp*/, + kadm5_principal_ent_t /*princ*/); + +kadm5_ret_t +kadm5_store_tl_data ( + krb5_storage */*sp*/, + krb5_tl_data */*tl*/); + +kadm5_ret_t +kadm5_unlock (void */*server_handle*/); + +#ifdef __cplusplus +} +#endif + +#endif /* DOXY */ +#endif /* __kadm5_protos_h__ */ diff --git a/contrib/com_err/compile_et.h b/kerberos5/include/kadm5/kadm5-pwcheck.h copy from contrib/com_err/compile_et.h copy to kerberos5/include/kadm5/kadm5-pwcheck.h --- a/contrib/com_err/compile_et.h +++ b/kerberos5/include/kadm5/kadm5-pwcheck.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,43 +33,41 @@ /* $Id$ */ -#ifndef __COMPILE_ET_H__ -#define __COMPILE_ET_H__ +#ifndef KADM5_PWCHECK_H +#define KADM5_PWCHECK_H 1 -#include -#include -#include -#include -#include -#include -extern long base_id; -extern int number; -extern char *prefix; -extern char name[128]; -extern char *id_str; -extern char *filename; -extern int numerror; +#define KADM5_PASSWD_VERSION_V0 0 +#define KADM5_PASSWD_VERSION_V1 1 -struct error_code { - unsigned number; - char *name; - char *string; - struct error_code *next, **tail; -}; +typedef const char* (*kadm5_passwd_quality_check_func_v0)(krb5_context, + krb5_principal, + krb5_data*); + +/* + * The 4th argument, is a tuning parameter for the quality check + * function, the lib/caller will providing it for the password quality + * module. + */ -extern struct error_code *codes; +typedef int +(*kadm5_passwd_quality_check_func)(krb5_context context, + krb5_principal principal, + krb5_data *password, + const char *tuning, + char *message, + size_t length); -#define APPEND(L, V) \ -do { \ - if((L) == NULL) { \ - (L) = (V); \ - (L)->tail = &(V)->next; \ - (L)->next = NULL; \ - }else{ \ - *(L)->tail = (V); \ - (L)->tail = &(V)->next; \ - } \ -}while(0) +struct kadm5_pw_policy_check_func { + const char *name; + kadm5_passwd_quality_check_func func; +}; + +struct kadm5_pw_policy_verifier { + const char *name; + int version; + const char *vendor; + const struct kadm5_pw_policy_check_func *funcs; +}; -#endif /* __COMPILE_ET_H__ */ +#endif /* KADM5_PWCHECK_H */ diff --git a/kerberos5/include/kadm5/kadm5_err.h b/kerberos5/include/kadm5/kadm5_err.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/kadm5/kadm5_err.h @@ -0,0 +1,80 @@ +/* Generated from kadm5_err.et */ +/* $Id$ */ + +#ifndef __kadm5_err_h__ +#define __kadm5_err_h__ + +struct et_list; + +void initialize_kadm5_error_table_r(struct et_list **); + +void initialize_kadm5_error_table(void); +#define init_kadm5_err_tbl initialize_kadm5_error_table + +typedef enum kadm5_error_number{ + KADM5_FAILURE = 43787520, + KADM5_AUTH_GET = 43787521, + KADM5_AUTH_ADD = 43787522, + KADM5_AUTH_MODIFY = 43787523, + KADM5_AUTH_DELETE = 43787524, + KADM5_AUTH_INSUFFICIENT = 43787525, + KADM5_BAD_DB = 43787526, + KADM5_DUP = 43787527, + KADM5_RPC_ERROR = 43787528, + KADM5_NO_SRV = 43787529, + KADM5_BAD_HIST_KEY = 43787530, + KADM5_NOT_INIT = 43787531, + KADM5_UNK_PRINC = 43787532, + KADM5_UNK_POLICY = 43787533, + KADM5_BAD_MASK = 43787534, + KADM5_BAD_CLASS = 43787535, + KADM5_BAD_LENGTH = 43787536, + KADM5_BAD_POLICY = 43787537, + KADM5_BAD_PRINCIPAL = 43787538, + KADM5_BAD_AUX_ATTR = 43787539, + KADM5_BAD_HISTORY = 43787540, + KADM5_BAD_MIN_PASS_LIFE = 43787541, + KADM5_PASS_Q_TOOSHORT = 43787542, + KADM5_PASS_Q_CLASS = 43787543, + KADM5_PASS_Q_DICT = 43787544, + KADM5_PASS_REUSE = 43787545, + KADM5_PASS_TOOSOON = 43787546, + KADM5_POLICY_REF = 43787547, + KADM5_INIT = 43787548, + KADM5_BAD_PASSWORD = 43787549, + KADM5_PROTECT_PRINCIPAL = 43787550, + KADM5_BAD_SERVER_HANDLE = 43787551, + KADM5_BAD_STRUCT_VERSION = 43787552, + KADM5_OLD_STRUCT_VERSION = 43787553, + KADM5_NEW_STRUCT_VERSION = 43787554, + KADM5_BAD_API_VERSION = 43787555, + KADM5_OLD_LIB_API_VERSION = 43787556, + KADM5_OLD_SERVER_API_VERSION = 43787557, + KADM5_NEW_LIB_API_VERSION = 43787558, + KADM5_NEW_SERVER_API_VERSION = 43787559, + KADM5_SECURE_PRINC_MISSING = 43787560, + KADM5_NO_RENAME_SALT = 43787561, + KADM5_BAD_CLIENT_PARAMS = 43787562, + KADM5_BAD_SERVER_PARAMS = 43787563, + KADM5_AUTH_LIST = 43787564, + KADM5_AUTH_CHANGEPW = 43787565, + KADM5_BAD_TL_TYPE = 43787566, + KADM5_MISSING_CONF_PARAMS = 43787567, + KADM5_BAD_SERVER_NAME = 43787568, + KADM5_KS_TUPLE_NOSUPP = 43787569, + KADM5_SETKEY3_ETYPE_MISMATCH = 43787570, + KADM5_DECRYPT_USAGE_NOSUPP = 43787571, + KADM5_POLICY_OP_NOSUPP = 43787572, + KADM5_KEEPOLD_NOSUPP = 43787573, + KADM5_AUTH_GET_KEYS = 43787574, + KADM5_ALREADY_LOCKED = 43787575, + KADM5_NOT_LOCKED = 43787576, + KADM5_LOG_CORRUPT = 43787577, + KADM5_LOG_NEEDS_UPGRADE = 43787578 +} kadm5_error_number; + +#define ERROR_TABLE_BASE_kadm5 43787520 + +#define COM_ERR_BINDDOMAIN_kadm5 "heim_com_err43787520" + +#endif /* __kadm5_err_h__ */ diff --git a/kerberos5/include/kadm5/private.h b/kerberos5/include/kadm5/private.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/kadm5/private.h @@ -0,0 +1,190 @@ +/* + * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef __kadm5_privatex_h__ +#define __kadm5_privatex_h__ + +#ifdef HAVE_SYS_UN_H +#include +#endif + +struct kadm_func { + kadm5_ret_t (*chpass_principal) (void *, krb5_principal, int, + int, krb5_key_salt_tuple*, const char*); + kadm5_ret_t (*create_principal) (void*, kadm5_principal_ent_t, uint32_t, + int, krb5_key_salt_tuple *, + const char*); + kadm5_ret_t (*delete_principal) (void*, krb5_principal); + kadm5_ret_t (*destroy) (void*); + kadm5_ret_t (*flush) (void*); + kadm5_ret_t (*get_principal) (void*, krb5_principal, + kadm5_principal_ent_t, uint32_t); + kadm5_ret_t (*get_principals) (void*, const char*, char***, int*); + kadm5_ret_t (*get_privs) (void*, uint32_t*); + kadm5_ret_t (*modify_principal) (void*, kadm5_principal_ent_t, uint32_t); + kadm5_ret_t (*randkey_principal) (void*, krb5_principal, krb5_boolean, int, + krb5_key_salt_tuple*, krb5_keyblock**, + int*); + kadm5_ret_t (*rename_principal) (void*, krb5_principal, krb5_principal); + kadm5_ret_t (*chpass_principal_with_key) (void *, krb5_principal, int, + int, krb5_key_data *); + kadm5_ret_t (*lock) (void *); + kadm5_ret_t (*unlock) (void *); + kadm5_ret_t (*setkey_principal_3) (void *, krb5_principal, krb5_boolean, + int, krb5_key_salt_tuple *, + krb5_keyblock *, int); +}; + +/* XXX should be integrated */ +typedef struct kadm5_common_context { + krb5_context context; + krb5_boolean my_context; + struct kadm_func funcs; + void *data; +} kadm5_common_context; + +typedef struct kadm5_log_peer { + int fd; + char *name; + krb5_auth_context ac; + struct kadm5_log_peer *next; +} kadm5_log_peer; + +typedef struct kadm5_log_context { + char *log_file; + int log_fd; + int read_only; + int lock_mode; + uint32_t version; + time_t last_time; +#ifndef NO_UNIX_SOCKETS + struct sockaddr_un socket_name; +#else + struct addrinfo *socket_info; +#endif + krb5_socket_t socket_fd; +} kadm5_log_context; + +typedef struct kadm5_server_context { + krb5_context context; + krb5_boolean my_context; + struct kadm_func funcs; + /* */ + kadm5_config_params config; + HDB *db; + int keep_open; + krb5_principal caller; + unsigned acl_flags; + kadm5_log_context log_context; +} kadm5_server_context; + +typedef struct kadm5_client_context { + krb5_context context; + krb5_boolean my_context; + struct kadm_func funcs; + /* */ + krb5_auth_context ac; + char *realm; + char *admin_server; + int kadmind_port; + krb5_socket_t sock; + char *client_name; + char *service_name; + krb5_prompter_fct prompter; + const char *keytab; + krb5_ccache ccache; + kadm5_config_params *realm_params; +} kadm5_client_context; + +typedef struct kadm5_ad_context { + krb5_context context; + krb5_boolean my_context; + struct kadm_func funcs; + /* */ + kadm5_config_params config; + krb5_principal caller; + krb5_ccache ccache; + char *client_name; + char *realm; + void *ldap_conn; + char *base_dn; +} kadm5_ad_context; + +/* + * This enum is used in the iprop log file and on the wire in the iprop + * protocol. DO NOT CHANGE, except to add new op types at the end, and + * look for places in lib/kadm5/log.c to update. + */ +enum kadm_ops { + kadm_get, + kadm_delete, + kadm_create, + kadm_rename, + kadm_chpass, + kadm_modify, + kadm_randkey, + kadm_get_privs, + kadm_get_princs, + kadm_chpass_with_key, + kadm_nop, + kadm_first = kadm_get, + kadm_last = kadm_nop +}; + +/* FIXME nop types are currently not implemented */ +enum kadm_nop_type { + kadm_nop_plain, /* plain nop, not relevance except as uberblock */ + kadm_nop_trunc, /* indicates that the master truncated the log */ + kadm_nop_close /* indicates that the master closed this log */ +}; + +enum kadm_iter_opts { + kadm_forward = 1, + kadm_backward = 2, + kadm_confirmed = 4, + kadm_unconfirmed = 8 +}; + +enum kadm_recover_mode { + kadm_recover_commit, + kadm_recover_replay +}; + +#define KADMIN_APPL_VERSION "KADM0.1" +#define KADMIN_OLD_APPL_VERSION "KADM0.0" + +#include "kadm5-private.h" + +#endif /* __kadm5_privatex_h__ */ diff --git a/kerberos5/include/kafs.h b/kerberos5/include/kafs.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/kafs.h @@ -0,0 +1,216 @@ +/* + * Copyright (c) 1995 - 2001, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef __KAFS_H +#define __KAFS_H + +/* XXX must include krb5.h or krb.h */ + +/* sys/ioctl.h must be included manually before kafs.h */ + +/* + */ +#define AFSCALL_PIOCTL 20 +#define AFSCALL_SETPAG 21 + +#ifndef _VICEIOCTL +#ifdef __GNU__ +#define _IOT_ViceIoctl _IOT(_IOTS(caddr_t), 2, _IOTS(short), 2, 0, 0) +#endif +#define _VICEIOCTL(id) ((unsigned int ) _IOW('V', id, struct ViceIoctl)) +#define _AFSCIOCTL(id) ((unsigned int ) _IOW('C', id, struct ViceIoctl)) +#endif /* _VICEIOCTL */ + +#define VIOCSETAL _VICEIOCTL(1) +#define VIOCGETAL _VICEIOCTL(2) +#define VIOCSETTOK _VICEIOCTL(3) +#define VIOCGETVOLSTAT _VICEIOCTL(4) +#define VIOCSETVOLSTAT _VICEIOCTL(5) +#define VIOCFLUSH _VICEIOCTL(6) +#define VIOCGETTOK _VICEIOCTL(8) +#define VIOCUNLOG _VICEIOCTL(9) +#define VIOCCKSERV _VICEIOCTL(10) +#define VIOCCKBACK _VICEIOCTL(11) +#define VIOCCKCONN _VICEIOCTL(12) +#define VIOCWHEREIS _VICEIOCTL(14) +#define VIOCACCESS _VICEIOCTL(20) +#define VIOCUNPAG _VICEIOCTL(21) +#define VIOCGETFID _VICEIOCTL(22) +#define VIOCSETCACHESIZE _VICEIOCTL(24) +#define VIOCFLUSHCB _VICEIOCTL(25) +#define VIOCNEWCELL _VICEIOCTL(26) +#define VIOCGETCELL _VICEIOCTL(27) +#define VIOC_AFS_DELETE_MT_PT _VICEIOCTL(28) +#define VIOC_AFS_STAT_MT_PT _VICEIOCTL(29) +#define VIOC_FILE_CELL_NAME _VICEIOCTL(30) +#define VIOC_GET_WS_CELL _VICEIOCTL(31) +#define VIOC_AFS_MARINER_HOST _VICEIOCTL(32) +#define VIOC_GET_PRIMARY_CELL _VICEIOCTL(33) +#define VIOC_VENUSLOG _VICEIOCTL(34) +#define VIOC_GETCELLSTATUS _VICEIOCTL(35) +#define VIOC_SETCELLSTATUS _VICEIOCTL(36) +#define VIOC_FLUSHVOLUME _VICEIOCTL(37) +#define VIOC_AFS_SYSNAME _VICEIOCTL(38) +#define VIOC_EXPORTAFS _VICEIOCTL(39) +#define VIOCGETCACHEPARAMS _VICEIOCTL(40) +#define VIOC_GCPAGS _VICEIOCTL(48) + +#define VIOCGETTOK2 _AFSCIOCTL(7) +#define VIOCSETTOK2 _AFSCIOCTL(8) + +struct ViceIoctl { + caddr_t in, out; + unsigned short in_size; + unsigned short out_size; +}; + +struct ClearToken { + int32_t AuthHandle; + char HandShakeKey[8]; + int32_t ViceId; + int32_t BeginTimestamp; + int32_t EndTimestamp; +}; + +/* Use k_hasafs() to probe if the machine supports AFS syscalls. + The other functions will generate a SIGSYS if AFS is not supported */ + +int k_hasafs (void); +int k_hasafs_recheck (void); + +int krb_afslog (const char *cell, const char *realm); +int krb_afslog_uid (const char *cell, const char *realm, uid_t uid); +int krb_afslog_home (const char *cell, const char *realm, + const char *homedir); +int krb_afslog_uid_home (const char *cell, const char *realm, uid_t uid, + const char *homedir); + +int krb_realm_of_cell (const char *cell, char **realm); + +/* compat */ +#define k_afsklog krb_afslog +#define k_afsklog_uid krb_afslog_uid + +int k_pioctl (char *a_path, + int o_opcode, + struct ViceIoctl *a_paramsP, + int a_followSymlinks); +int k_unlog (void); +int k_setpag (void); +int k_afs_cell_of_file (const char *path, char *cell, int len); + + + +/* XXX */ +#ifdef KFAILURE +#define KRB_H_INCLUDED +#endif + +#ifdef KRB5_RECVAUTH_IGNORE_VERSION +#define KRB5_H_INCLUDED +#endif + +void kafs_set_verbose (void (*kafs_verbose)(void *, const char *), void *); +int kafs_settoken_rxkad (const char *, struct ClearToken *, + void *ticket, size_t ticket_len); +#ifdef KRB_H_INCLUDED +int kafs_settoken (const char*, uid_t, CREDENTIALS*); +#endif +#ifdef KRB5_H_INCLUDED +int kafs_settoken5 (krb5_context, const char*, uid_t, krb5_creds*); +#endif + + +#ifdef KRB5_H_INCLUDED +krb5_error_code krb5_afslog_uid (krb5_context context, + krb5_ccache id, + const char *cell, + krb5_const_realm realm, + uid_t uid); +krb5_error_code krb5_afslog (krb5_context context, + krb5_ccache id, + const char *cell, + krb5_const_realm realm); +krb5_error_code krb5_afslog_uid_home (krb5_context context, + krb5_ccache id, + const char *cell, + krb5_const_realm realm, + uid_t uid, + const char *homedir); + +krb5_error_code krb5_afslog_home (krb5_context context, + krb5_ccache id, + const char *cell, + krb5_const_realm realm, + const char *homedir); + +krb5_error_code krb5_realm_of_cell (const char *cell, char **realm); + +#endif + + +#define _PATH_VICE "/usr/vice/etc/" +#define _PATH_THISCELL _PATH_VICE "ThisCell" +#define _PATH_CELLSERVDB _PATH_VICE "CellServDB" +#define _PATH_THESECELLS _PATH_VICE "TheseCells" + +#define _PATH_ARLA_VICE "/usr/arla/etc/" +#define _PATH_ARLA_THISCELL _PATH_ARLA_VICE "ThisCell" +#define _PATH_ARLA_CELLSERVDB _PATH_ARLA_VICE "CellServDB" +#define _PATH_ARLA_THESECELLS _PATH_ARLA_VICE "TheseCells" + +#define _PATH_OPENAFS_DEBIAN_VICE "/etc/openafs/" +#define _PATH_OPENAFS_DEBIAN_THISCELL _PATH_OPENAFS_DEBIAN_VICE "ThisCell" +#define _PATH_OPENAFS_DEBIAN_CELLSERVDB _PATH_OPENAFS_DEBIAN_VICE "CellServDB" +#define _PATH_OPENAFS_DEBIAN_THESECELLS _PATH_OPENAFS_DEBIAN_VICE "TheseCells" + +#define _PATH_OPENAFS_MACOSX_VICE "/var/db/openafs/etc/" +#define _PATH_OPENAFS_MACOSX_THISCELL _PATH_OPENAFS_MACOSX_VICE "ThisCell" +#define _PATH_OPENAFS_MACOSX_CELLSERVDB _PATH_OPENAFS_MACOSX_VICE "CellServDB" +#define _PATH_OPENAFS_MACOSX_THESECELLS _PATH_OPENAFS_MACOSX_VICE "TheseCells" + +#define _PATH_ARLA_DEBIAN_VICE "/etc/arla/" +#define _PATH_ARLA_DEBIAN_THISCELL _PATH_ARLA_DEBIAN_VICE "ThisCell" +#define _PATH_ARLA_DEBIAN_CELLSERVDB _PATH_ARLA_DEBIAN_VICE "CellServDB" +#define _PATH_ARLA_DEBIAN_THESECELLS _PATH_ARLA_DEBIAN_VICE "TheseCells" + +#define _PATH_ARLA_OPENBSD_VICE "/etc/afs/" +#define _PATH_ARLA_OPENBSD_THISCELL _PATH_ARLA_OPENBSD_VICE "ThisCell" +#define _PATH_ARLA_OPENBSD_CELLSERVDB _PATH_ARLA_OPENBSD_VICE "CellServDB" +#define _PATH_ARLA_OPENBSD_THESECELLS _PATH_ARLA_OPENBSD_VICE "TheseCells" + +extern int _kafs_debug; + +#endif /* __KAFS_H */ diff --git a/kerberos5/include/kcm-protos.h b/kerberos5/include/kcm-protos.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/kcm-protos.h @@ -0,0 +1,308 @@ +/* This is a generated file */ +#ifndef __kcm_protos_h__ +#define __kcm_protos_h__ +#ifndef DOXY + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +krb5_error_code +kcm_access ( + krb5_context /*context*/, + kcm_client */*client*/, + kcm_operation /*opcode*/, + kcm_ccache /*ccache*/); + +krb5_error_code +kcm_ccache_acquire ( + krb5_context /*context*/, + kcm_ccache /*ccache*/, + krb5_creds **/*credp*/); + +krb5_error_code +kcm_ccache_destroy ( + krb5_context /*context*/, + const char */*name*/); + +krb5_error_code +kcm_ccache_destroy_client ( + krb5_context /*context*/, + kcm_client */*client*/, + const char */*name*/); + +krb5_error_code +kcm_ccache_destroy_if_empty ( + krb5_context /*context*/, + kcm_ccache /*ccache*/); + +krb5_error_code +kcm_ccache_enqueue_default ( + krb5_context /*context*/, + kcm_ccache /*ccache*/, + krb5_creds */*newcred*/); + +struct kcm_creds * +kcm_ccache_find_cred_uuid ( + krb5_context /*context*/, + kcm_ccache /*ccache*/, + kcmuuid_t /*uuid*/); + +char * +kcm_ccache_first_name (kcm_client */*client*/); + +krb5_error_code +kcm_ccache_gen_new ( + krb5_context /*context*/, + pid_t /*pid*/, + uid_t /*uid*/, + gid_t /*gid*/, + kcm_ccache */*ccache*/); + +krb5_error_code +kcm_ccache_get_uuids ( + krb5_context /*context*/, + kcm_client */*client*/, + kcm_operation /*opcode*/, + krb5_storage */*sp*/); + +krb5_error_code +kcm_ccache_new ( + krb5_context /*context*/, + const char */*name*/, + kcm_ccache */*ccache*/); + +krb5_error_code +kcm_ccache_new_client ( + krb5_context /*context*/, + kcm_client */*client*/, + const char */*name*/, + kcm_ccache */*ccache_p*/); + +char *kcm_ccache_nextid ( + pid_t /*pid*/, + uid_t /*uid*/, + gid_t /*gid*/); + +krb5_error_code +kcm_ccache_refresh ( + krb5_context /*context*/, + kcm_ccache /*ccache*/, + krb5_creds **/*credp*/); + +krb5_error_code +kcm_ccache_remove_cred ( + krb5_context /*context*/, + kcm_ccache /*ccache*/, + krb5_flags /*whichfields*/, + const krb5_creds */*mcreds*/); + +krb5_error_code +kcm_ccache_remove_cred_internal ( + krb5_context /*context*/, + kcm_ccache /*ccache*/, + krb5_flags /*whichfields*/, + const krb5_creds */*mcreds*/); + +krb5_error_code +kcm_ccache_remove_creds ( + krb5_context /*context*/, + kcm_ccache /*ccache*/); + +krb5_error_code +kcm_ccache_remove_creds_internal ( + krb5_context /*context*/, + kcm_ccache /*ccache*/); + +krb5_error_code +kcm_ccache_resolve ( + krb5_context /*context*/, + const char */*name*/, + kcm_ccache */*ccache*/); + +krb5_error_code +kcm_ccache_resolve_by_uuid ( + krb5_context /*context*/, + kcmuuid_t /*uuid*/, + kcm_ccache */*ccache*/); + +krb5_error_code +kcm_ccache_resolve_client ( + krb5_context /*context*/, + kcm_client */*client*/, + kcm_operation /*opcode*/, + const char */*name*/, + kcm_ccache */*ccache*/); + +krb5_error_code +kcm_ccache_retrieve_cred ( + krb5_context /*context*/, + kcm_ccache /*ccache*/, + krb5_flags /*whichfields*/, + const krb5_creds */*mcreds*/, + krb5_creds **/*credp*/); + +krb5_error_code +kcm_ccache_retrieve_cred_internal ( + krb5_context /*context*/, + kcm_ccache /*ccache*/, + krb5_flags /*whichfields*/, + const krb5_creds */*mcreds*/, + krb5_creds **/*creds*/); + +krb5_error_code +kcm_ccache_store_cred ( + krb5_context /*context*/, + kcm_ccache /*ccache*/, + krb5_creds */*creds*/, + int /*copy*/); + +krb5_error_code +kcm_ccache_store_cred_internal ( + krb5_context /*context*/, + kcm_ccache /*ccache*/, + krb5_creds */*creds*/, + int /*copy*/, + krb5_creds **/*credp*/); + +krb5_error_code +kcm_chmod ( + krb5_context /*context*/, + kcm_client */*client*/, + kcm_ccache /*ccache*/, + uint16_t /*mode*/); + +krb5_error_code +kcm_chown ( + krb5_context /*context*/, + kcm_client */*client*/, + kcm_ccache /*ccache*/, + uid_t /*uid*/, + gid_t /*gid*/); + +krb5_error_code +kcm_cleanup_events ( + krb5_context /*context*/, + kcm_ccache /*ccache*/); + +void +kcm_configure ( + int /*argc*/, + char **/*argv*/); + +krb5_error_code +kcm_debug_ccache (krb5_context /*context*/); + +krb5_error_code +kcm_debug_events (krb5_context /*context*/); + +krb5_error_code +kcm_dispatch ( + krb5_context /*context*/, + kcm_client */*client*/, + krb5_data */*req_data*/, + krb5_data */*resp_data*/); + +krb5_error_code +kcm_enqueue_event ( + krb5_context /*context*/, + kcm_event */*event*/); + +krb5_error_code +kcm_enqueue_event_internal ( + krb5_context /*context*/, + kcm_event */*event*/); + +krb5_error_code +kcm_enqueue_event_relative ( + krb5_context /*context*/, + kcm_event */*event*/); + +krb5_error_code +kcm_internal_ccache ( + krb5_context /*context*/, + kcm_ccache /*c*/, + krb5_ccache /*id*/); + +int +kcm_is_same_session ( + kcm_client */*client*/, + uid_t /*uid*/, + pid_t /*session*/); + +void +kcm_log ( + int /*level*/, + const char */*fmt*/, + ...); + +char* +kcm_log_msg ( + int /*level*/, + const char */*fmt*/, + ...); + +char* +kcm_log_msg_va ( + int /*level*/, + const char */*fmt*/, + va_list /*ap*/); + +const char * +kcm_op2string (kcm_operation /*opcode*/); + +void +kcm_openlog (void); + +krb5_error_code +kcm_release_ccache ( + krb5_context /*context*/, + kcm_ccache /*c*/); + +krb5_error_code +kcm_remove_event ( + krb5_context /*context*/, + kcm_event */*event*/); + +krb5_error_code +kcm_retain_ccache ( + krb5_context /*context*/, + kcm_ccache /*ccache*/); + +krb5_error_code +kcm_run_events ( + krb5_context /*context*/, + time_t /*now*/); + +void +kcm_service ( + void */*ctx*/, + const heim_idata */*req*/, + const heim_icred /*cred*/, + heim_ipc_complete /*complete*/, + heim_sipc_call /*cctx*/); + +void +kcm_session_add (pid_t /*session_id*/); + +void +kcm_session_setup_handler (void); + +krb5_error_code +kcm_zero_ccache_data ( + krb5_context /*context*/, + kcm_ccache /*cache*/); + +krb5_error_code +kcm_zero_ccache_data_internal ( + krb5_context /*context*/, + kcm_ccache_data */*cache*/); + +#ifdef __cplusplus +} +#endif + +#endif /* DOXY */ +#endif /* __kcm_protos_h__ */ diff --git a/kerberos5/include/kdc-private.h b/kerberos5/include/kdc-private.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/kdc-private.h @@ -0,0 +1,298 @@ +/* This is a generated file */ +#ifndef __kdc_private_h__ +#define __kdc_private_h__ + +#include + +krb5_error_code +_kdc_add_KRB5SignedPath ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + hdb_entry_ex */*krbtgt*/, + krb5_enctype /*enctype*/, + krb5_const_principal /*client*/, + krb5_const_principal /*server*/, + krb5_principals /*principals*/, + EncTicketPart */*tkt*/); + +krb5_error_code +_kdc_add_inital_verified_cas ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + pk_client_params */*cp*/, + EncTicketPart */*tkt*/); + +krb5_error_code +_kdc_as_rep ( + kdc_request_t /*r*/, + krb5_data */*reply*/, + const char */*from*/, + struct sockaddr */*from_addr*/, + int /*datagram_reply*/); + +krb5_error_code +_kdc_check_access ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + hdb_entry_ex */*client_ex*/, + const char */*client_name*/, + hdb_entry_ex */*server_ex*/, + const char */*server_name*/, + KDC_REQ */*req*/, + METHOD_DATA */*method_data*/); + +krb5_boolean +_kdc_check_addresses ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + HostAddresses */*addresses*/, + const struct sockaddr */*from*/); + +krb5_error_code +_kdc_check_anon_policy ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + hdb_entry_ex */*client*/, + hdb_entry_ex */*server*/); + +krb5_error_code +_kdc_db_fetch ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + krb5_const_principal /*principal*/, + unsigned /*flags*/, + krb5uint32 */*kvno_ptr*/, + HDB **/*db*/, + hdb_entry_ex **/*h*/); + +krb5_error_code +_kdc_do_digest ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + const struct DigestREQ */*req*/, + krb5_data */*reply*/, + const char */*from*/, + struct sockaddr */*addr*/); + +krb5_error_code +_kdc_do_kx509 ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + const struct Kx509Request */*req*/, + krb5_data */*reply*/, + const char */*from*/, + struct sockaddr */*addr*/); + +krb5_error_code +_kdc_encode_reply ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + krb5_crypto /*armor_crypto*/, + uint32_t /*nonce*/, + KDC_REP */*rep*/, + EncTicketPart */*et*/, + EncKDCRepPart */*ek*/, + krb5_enctype /*etype*/, + int /*skvno*/, + const EncryptionKey */*skey*/, + int /*ckvno*/, + const EncryptionKey */*reply_key*/, + int /*rk_is_subkey*/, + const char **/*e_text*/, + krb5_data */*reply*/); + +krb5_error_code +_kdc_fast_mk_error ( + krb5_context /*context*/, + kdc_request_t /*r*/, + METHOD_DATA */*error_method*/, + krb5_crypto /*armor_crypto*/, + const KDC_REQ_BODY */*req_body*/, + krb5_error_code /*outer_error*/, + const char */*e_text*/, + krb5_principal /*error_server*/, + const PrincipalName */*error_client_name*/, + const Realm */*error_client_realm*/, + time_t */*csec*/, + int */*cusec*/, + krb5_data */*error_msg*/); + +krb5_error_code +_kdc_fast_mk_response ( + krb5_context /*context*/, + krb5_crypto /*armor_crypto*/, + METHOD_DATA */*pa_data*/, + krb5_keyblock */*strengthen_key*/, + KrbFastFinished */*finished*/, + krb5uint32 /*nonce*/, + krb5_data */*data*/); + +krb5_error_code +_kdc_fast_unwrap_request (kdc_request_t /*r*/); + +krb5_error_code +_kdc_find_etype ( + krb5_context /*context*/, + krb5_boolean /*use_strongest_session_key*/, + krb5_boolean /*is_preauth*/, + hdb_entry_ex */*princ*/, + krb5_enctype */*etypes*/, + unsigned /*len*/, + krb5_enctype */*ret_enctype*/, + Key **/*ret_key*/); + +const PA_DATA* +_kdc_find_padata ( + const KDC_REQ */*req*/, + int */*start*/, + int /*type*/); + +void +_kdc_fix_time (time_t **/*t*/); + +void +_kdc_free_ent ( + krb5_context /*context*/, + hdb_entry_ex */*ent*/); + +krb5_error_code +_kdc_generate_ecdh_keyblock ( + krb5_context /*context*/, + void */*ec_key_pk*/, + void **/*ec_key_key*/, + unsigned char **/*dh_gen_key*/, + size_t */*dh_gen_keylen*/); + +krb5_error_code +_kdc_get_ecdh_param ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + SubjectPublicKeyInfo */*dh_key_info*/, + void **/*out*/); + +krb5_error_code +_kdc_get_preferred_key ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + hdb_entry_ex */*h*/, + const char */*name*/, + krb5_enctype */*enctype*/, + Key **/*key*/); + +krb5_boolean +_kdc_is_anon_request (const KDC_REQ */*req*/); + +krb5_boolean +_kdc_is_anonymous ( + krb5_context /*context*/, + krb5_const_principal /*principal*/); + +krb5_boolean +_kdc_is_weak_exception ( + krb5_principal /*principal*/, + krb5_enctype /*etype*/); + +void +_kdc_log_timestamp ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + const char */*type*/, + KerberosTime /*authtime*/, + KerberosTime */*starttime*/, + KerberosTime /*endtime*/, + KerberosTime */*renew_till*/); + +krb5_error_code +_kdc_make_anonymous_principalname (PrincipalName */*pn*/); + +krb5_error_code +_kdc_pac_generate ( + krb5_context /*context*/, + hdb_entry_ex */*client*/, + krb5_pac */*pac*/); + +krb5_error_code +_kdc_pac_verify ( + krb5_context /*context*/, + const krb5_principal /*client_principal*/, + const krb5_principal /*delegated_proxy_principal*/, + hdb_entry_ex */*client*/, + hdb_entry_ex */*server*/, + hdb_entry_ex */*krbtgt*/, + krb5_pac */*pac*/, + int */*verified*/); + +krb5_error_code +_kdc_pk_check_client ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + HDB */*clientdb*/, + hdb_entry_ex */*client*/, + pk_client_params */*cp*/, + char **/*subject_name*/); + +void +_kdc_pk_free_client_ec_param ( + krb5_context /*context*/, + void */*ec_key_pk*/, + void */*ec_key_key*/); + +void +_kdc_pk_free_client_param ( + krb5_context /*context*/, + pk_client_params */*cp*/); + +krb5_error_code +_kdc_pk_mk_pa_reply ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + pk_client_params */*cp*/, + const hdb_entry_ex */*client*/, + krb5_enctype /*sessionetype*/, + const KDC_REQ */*req*/, + const krb5_data */*req_buffer*/, + krb5_keyblock */*reply_key*/, + krb5_keyblock */*sessionkey*/, + METHOD_DATA */*md*/); + +krb5_error_code +_kdc_pk_rd_padata ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + const KDC_REQ */*req*/, + const PA_DATA */*pa*/, + hdb_entry_ex */*client*/, + pk_client_params **/*ret_params*/); + +krb5_error_code +_kdc_serialize_ecdh_key ( + krb5_context /*context*/, + void */*key*/, + unsigned char **/*out*/, + size_t */*out_len*/); + +krb5_error_code +_kdc_tgs_rep ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + KDC_REQ */*req*/, + krb5_data */*data*/, + const char */*from*/, + struct sockaddr */*from_addr*/, + int /*datagram_reply*/); + +krb5_error_code +_kdc_tkt_add_if_relevant_ad ( + krb5_context /*context*/, + EncTicketPart */*tkt*/, + int /*type*/, + const krb5_data */*data*/); + +krb5_error_code +_kdc_try_kx509_request ( + void */*ptr*/, + size_t /*len*/, + struct Kx509Request */*req*/, + size_t */*size*/); + +#endif /* __kdc_private_h__ */ diff --git a/kerberos5/include/kdc-protos.h b/kerberos5/include/kdc-protos.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/kdc-protos.h @@ -0,0 +1,125 @@ +/* This is a generated file */ +#ifndef __kdc_protos_h__ +#define __kdc_protos_h__ +#ifndef DOXY + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +krb5_error_code +kdc_check_flags ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + hdb_entry_ex */*client_ex*/, + const char */*client_name*/, + hdb_entry_ex */*server_ex*/, + const char */*server_name*/, + krb5_boolean /*is_as_req*/); + +krb5_error_code +kdc_kx509_verify_service_principal ( + krb5_context /*context*/, + const char */*cname*/, + krb5_principal /*sprincipal*/); + +void +kdc_log ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + int /*level*/, + const char */*fmt*/, + ...); + +char* +kdc_log_msg ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + int /*level*/, + const char */*fmt*/, + ...); + +char* +kdc_log_msg_va ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + int /*level*/, + const char */*fmt*/, + va_list /*ap*/); + +void +kdc_openlog ( + krb5_context /*context*/, + const char */*service*/, + krb5_kdc_configuration */*config*/); + +krb5_error_code +krb5_kdc_get_config ( + krb5_context /*context*/, + krb5_kdc_configuration **/*config*/); + +krb5_error_code +krb5_kdc_pk_initialize ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + const char */*user_id*/, + const char */*anchors*/, + char **/*pool*/, + char **/*revoke_list*/); + +krb5_error_code +krb5_kdc_pkinit_config ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/); + +int +krb5_kdc_process_krb5_request ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + unsigned char */*buf*/, + size_t /*len*/, + krb5_data */*reply*/, + const char */*from*/, + struct sockaddr */*addr*/, + int /*datagram_reply*/); + +int +krb5_kdc_process_request ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + unsigned char */*buf*/, + size_t /*len*/, + krb5_data */*reply*/, + krb5_boolean */*prependlength*/, + const char */*from*/, + struct sockaddr */*addr*/, + int /*datagram_reply*/); + +int +krb5_kdc_save_request ( + krb5_context /*context*/, + const char */*fn*/, + const unsigned char */*buf*/, + size_t /*len*/, + const krb5_data */*reply*/, + const struct sockaddr */*sa*/); + +krb5_error_code +krb5_kdc_set_dbinfo ( + krb5_context /*context*/, + struct krb5_kdc_configuration */*c*/); + +void +krb5_kdc_update_time (struct timeval */*tv*/); + +krb5_error_code +krb5_kdc_windc_init (krb5_context /*context*/); + +#ifdef __cplusplus +} +#endif + +#endif /* DOXY */ +#endif /* __kdc_protos_h__ */ diff --git a/kerberos5/include/kdc.h b/kerberos5/include/kdc.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/kdc.h @@ -0,0 +1,117 @@ +/* + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * + * Copyright (c) 2005 Andrew Bartlett + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id$ + */ + +#ifndef __KDC_H__ +#define __KDC_H__ + +#include +#include + +enum krb5_kdc_trpolicy { + TRPOLICY_ALWAYS_CHECK, + TRPOLICY_ALLOW_PER_PRINCIPAL, + TRPOLICY_ALWAYS_HONOUR_REQUEST +}; + +typedef struct krb5_kdc_configuration { + krb5_boolean require_preauth; /* require preauth for all principals */ + time_t kdc_warn_pwexpire; /* time before expiration to print a warning */ + + struct HDB **db; + int num_db; + + int num_kdc_processes; + + krb5_boolean encode_as_rep_as_tgs_rep; /* bug compatibility */ + + krb5_boolean tgt_use_strongest_session_key; + krb5_boolean preauth_use_strongest_session_key; + krb5_boolean svc_use_strongest_session_key; + krb5_boolean use_strongest_server_key; + + krb5_boolean check_ticket_addresses; + krb5_boolean allow_null_ticket_addresses; + krb5_boolean allow_anonymous; + krb5_boolean historical_anon_realm; + krb5_boolean strict_nametypes; + enum krb5_kdc_trpolicy trpolicy; + + krb5_boolean enable_pkinit; + krb5_boolean pkinit_princ_in_cert; + const char *pkinit_kdc_identity; + const char *pkinit_kdc_anchors; + const char *pkinit_kdc_friendly_name; + const char *pkinit_kdc_ocsp_file; + char **pkinit_kdc_cert_pool; + char **pkinit_kdc_revoke; + int pkinit_dh_min_bits; + int pkinit_require_binding; + int pkinit_allow_proxy_certs; + + krb5_log_facility *logf; + + int enable_digest; + int digests_allowed; + + size_t max_datagram_reply_length; + + int enable_kx509; + const char *kx509_template; + const char *kx509_ca; + +} krb5_kdc_configuration; + +struct krb5_kdc_service { + unsigned int flags; +#define KS_KRB5 1 +#define KS_NO_LENGTH 2 + krb5_error_code (*process)(krb5_context context, + krb5_kdc_configuration *config, + krb5_data *req_buffer, + krb5_data *reply, + const char *from, + struct sockaddr *addr, + int datagram_reply, + int *claim); +}; + +#include + +#endif diff --git a/kerberos5/include/krb5-private.h b/kerberos5/include/krb5-private.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/krb5-private.h @@ -0,0 +1,733 @@ +/* This is a generated file */ +#ifndef __krb5_private_h__ +#define __krb5_private_h__ + +#include + +#if !defined(__GNUC__) && !defined(__attribute__) +#define __attribute__(x) +#endif + +#ifndef KRB5_DEPRECATED_FUNCTION +#ifndef __has_extension +#define __has_extension(x) 0 +#define KRB5_DEPRECATED_FUNCTIONhas_extension 1 +#endif +#if __has_extension(attribute_deprecated_with_message) +#define KRB5_DEPRECATED_FUNCTION(x) __attribute__((__deprecated__(x))) +#elif defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 ))) +#define KRB5_DEPRECATED_FUNCTION(X) __attribute__((__deprecated__)) +#else +#define KRB5_DEPRECATED_FUNCTION(X) +#endif +#ifdef KRB5_DEPRECATED_FUNCTIONhas_extension +#undef __has_extension +#undef KRB5_DEPRECATED_FUNCTIONhas_extension +#endif +#endif /* KRB5_DEPRECATED_FUNCTION */ + + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +_heim_krb5_ipc_client_clear_target (void); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +_heim_krb5_ipc_client_set_target_uid (uid_t /*uid*/); + +void +_krb5_DES3_random_to_key ( + krb5_context /*context*/, + krb5_keyblock */*key*/, + const void */*data*/, + size_t /*size*/); + +krb5_error_code +_krb5_HMAC_MD5_checksum ( + krb5_context /*context*/, + struct _krb5_key_data */*key*/, + const void */*data*/, + size_t /*len*/, + unsigned /*usage*/, + Checksum */*result*/); + +krb5_error_code +_krb5_SP800_108_HMAC_KDF ( + krb5_context /*context*/, + const krb5_data */*kdf_K1*/, + const krb5_data */*kdf_label*/, + const krb5_data */*kdf_context*/, + const EVP_MD */*md*/, + krb5_data */*kdf_K0*/); + +krb5_error_code +_krb5_SP_HMAC_SHA1_checksum ( + krb5_context /*context*/, + struct _krb5_key_data */*key*/, + const void */*data*/, + size_t /*len*/, + unsigned /*usage*/, + Checksum */*result*/); + +krb5_error_code +_krb5_aes_sha2_md_for_enctype ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + const EVP_MD **/*md*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_build_authenticator ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_enctype /*enctype*/, + krb5_creds */*cred*/, + Checksum */*cksum*/, + krb5_data */*result*/, + krb5_key_usage /*usage*/); + +krb5_error_code +_krb5_build_authpack_subjectPK_EC ( + krb5_context /*context*/, + krb5_pk_init_ctx /*ctx*/, + AuthPack */*a*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_cc_allocate ( + krb5_context /*context*/, + const krb5_cc_ops */*ops*/, + krb5_ccache */*id*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_config_copy ( + krb5_context /*context*/, + krb5_config_section */*c*/, + krb5_config_section **/*head*/); + +KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL +_krb5_config_get ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + int /*type*/, + ...); + +KRB5_LIB_FUNCTION krb5_config_section * KRB5_LIB_CALL +_krb5_config_get_entry ( + krb5_config_section **/*parent*/, + const char */*name*/, + int /*type*/); + +KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL +_krb5_config_get_next ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + const krb5_config_binding **/*pointer*/, + int /*type*/, + ...); + +KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL +_krb5_config_vget ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + int /*type*/, + va_list /*args*/); + +KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL +_krb5_config_vget_next ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + const krb5_config_binding **/*pointer*/, + int /*type*/, + va_list /*args*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_copy_send_to_kdc_func ( + krb5_context /*context*/, + krb5_context /*to*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +_krb5_crc_init_table (void); + +KRB5_LIB_FUNCTION uint32_t KRB5_LIB_CALL +_krb5_crc_update ( + const char */*p*/, + size_t /*len*/, + uint32_t /*res*/); + +void KRB5_LIB_FUNCTION +_krb5_debug ( + krb5_context /*context*/, + int /*level*/, + const char */*fmt*/, + ...) + __attribute__ ((__format__ (__printf__, 3, 4))); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +_krb5_debug_backtrace (krb5_context /*context*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_derive_key ( + krb5_context /*context*/, + struct _krb5_encryption_type */*et*/, + struct _krb5_key_data */*key*/, + const void */*constant*/, + size_t /*len*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_des_checksum ( + krb5_context /*context*/, + const EVP_MD */*evp_md*/, + struct _krb5_key_data */*key*/, + const void */*data*/, + size_t /*len*/, + Checksum */*cksum*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_des_verify ( + krb5_context /*context*/, + const EVP_MD */*evp_md*/, + struct _krb5_key_data */*key*/, + const void */*data*/, + size_t /*len*/, + Checksum */*C*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_dh_group_ok ( + krb5_context /*context*/, + unsigned long /*bits*/, + heim_integer */*p*/, + heim_integer */*g*/, + heim_integer */*q*/, + struct krb5_dh_moduli **/*moduli*/, + char **/*name*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_einval ( + krb5_context /*context*/, + const char */*func*/, + unsigned long /*argn*/); + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +_krb5_enctype_requires_random_salt ( + krb5_context /*context*/, + krb5_enctype /*enctype*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_erase_file ( + krb5_context /*context*/, + const char */*filename*/); + +void +_krb5_evp_cleanup ( + krb5_context /*context*/, + struct _krb5_key_data */*kd*/); + +krb5_error_code +_krb5_evp_encrypt ( + krb5_context /*context*/, + struct _krb5_key_data */*key*/, + void */*data*/, + size_t /*len*/, + krb5_boolean /*encryptp*/, + int /*usage*/, + void */*ivec*/); + +krb5_error_code +_krb5_evp_encrypt_cts ( + krb5_context /*context*/, + struct _krb5_key_data */*key*/, + void */*data*/, + size_t /*len*/, + krb5_boolean /*encryptp*/, + int /*usage*/, + void */*ivec*/); + +void +_krb5_evp_schedule ( + krb5_context /*context*/, + struct _krb5_key_type */*kt*/, + struct _krb5_key_data */*kd*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_expand_default_cc_name ( + krb5_context /*context*/, + const char */*str*/, + char **/*res*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_expand_path_tokens ( + krb5_context /*context*/, + const char */*path_in*/, + int /*filepath*/, + char **/*ppath_out*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_expand_path_tokensv ( + krb5_context /*context*/, + const char */*path_in*/, + int /*filepath*/, + char **/*ppath_out*/, + ...); + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +_krb5_extract_ticket ( + krb5_context /*context*/, + krb5_kdc_rep */*rep*/, + krb5_creds */*creds*/, + krb5_keyblock */*key*/, + krb5_const_pointer /*keyseed*/, + krb5_key_usage /*key_usage*/, + krb5_addresses */*addrs*/, + unsigned /*nonce*/, + unsigned /*flags*/, + krb5_data */*request*/, + krb5_decrypt_proc /*decrypt_proc*/, + krb5_const_pointer /*decryptarg*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_fast_armor_key ( + krb5_context /*context*/, + krb5_keyblock */*subkey*/, + krb5_keyblock */*sessionkey*/, + krb5_keyblock */*armorkey*/, + krb5_crypto */*armor_crypto*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_fast_cf2 ( + krb5_context /*context*/, + krb5_keyblock */*key1*/, + const char */*pepper1*/, + krb5_keyblock */*key2*/, + const char */*pepper2*/, + krb5_keyblock */*armorkey*/, + krb5_crypto */*armor_crypto*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_find_capath ( + krb5_context /*context*/, + const char */*client_realm*/, + const char */*local_realm*/, + const char */*server_realm*/, + krb5_boolean /*use_hierarchical*/, + char ***/*rpath*/, + size_t */*npath*/); + +KRB5_LIB_FUNCTION struct _krb5_checksum_type * KRB5_LIB_CALL +_krb5_find_checksum (krb5_cksumtype /*type*/); + +KRB5_LIB_FUNCTION struct _krb5_encryption_type * KRB5_LIB_CALL +_krb5_find_enctype (krb5_enctype /*type*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +_krb5_free_capath ( + krb5_context /*context*/, + char **/*capath*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +_krb5_free_key_data ( + krb5_context /*context*/, + struct _krb5_key_data */*key*/, + struct _krb5_encryption_type */*et*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +_krb5_free_krbhst_info (krb5_krbhst_info */*hi*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +_krb5_free_moduli (struct krb5_dh_moduli **/*moduli*/); + +KRB5_LIB_FUNCTION void +_krb5_free_name_canon_rules ( + krb5_context /*context*/, + krb5_name_canon_rule /*rules*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_get_ad ( + krb5_context /*context*/, + const AuthorizationData */*ad*/, + krb5_keyblock */*sessionkey*/, + int /*type*/, + krb5_data */*data*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_get_cred_kdc_any ( + krb5_context /*context*/, + krb5_kdc_flags /*flags*/, + krb5_ccache /*ccache*/, + krb5_creds */*in_creds*/, + krb5_principal /*impersonate_principal*/, + Ticket */*second_ticket*/, + krb5_creds **/*out_creds*/, + krb5_creds ***/*ret_tgts*/); + +KRB5_LIB_FUNCTION char * KRB5_LIB_CALL +_krb5_get_default_cc_name_from_registry (krb5_context /*context*/); + +KRB5_LIB_FUNCTION char * KRB5_LIB_CALL +_krb5_get_default_config_config_files_from_registry (void); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_get_default_principal_local ( + krb5_context /*context*/, + krb5_principal */*princ*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_get_host_realm_int ( + krb5_context /*context*/, + const char */*host*/, + krb5_boolean /*use_dns*/, + krb5_realm **/*realms*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +_krb5_get_init_creds_opt_free_pkinit (krb5_get_init_creds_opt */*opt*/); + +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL +_krb5_get_int ( + void */*buffer*/, + unsigned long */*value*/, + size_t /*size*/); + +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL +_krb5_get_int64 ( + void */*buffer*/, + uint64_t */*value*/, + size_t /*size*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_get_krbtgt ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_realm /*realm*/, + krb5_creds **/*cred*/); + +KRB5_LIB_FUNCTION krb5_error_code +_krb5_get_name_canon_rules ( + krb5_context /*context*/, + krb5_name_canon_rule */*rules*/); + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +_krb5_have_debug ( + krb5_context /*context*/, + int /*level*/); + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +_krb5_homedir_access (krb5_context /*context*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_init_etype ( + krb5_context /*context*/, + krb5_pdu /*pdu_type*/, + unsigned */*len*/, + krb5_enctype **/*val*/, + const krb5_enctype */*etypes*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_internal_hmac ( + krb5_context /*context*/, + struct _krb5_checksum_type */*cm*/, + const void */*data*/, + size_t /*len*/, + unsigned /*usage*/, + struct _krb5_key_data */*keyblock*/, + Checksum */*result*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_kcm_get_initial_ticket ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_principal /*server*/, + krb5_keyblock */*key*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_kcm_get_ticket ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_kdc_flags /*flags*/, + krb5_enctype /*enctype*/, + krb5_principal /*server*/); + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +_krb5_kcm_is_running (krb5_context /*context*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_kcm_noop ( + krb5_context /*context*/, + krb5_ccache /*id*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_kdc_retry ( + krb5_context /*context*/, + krb5_sendto_ctx /*ctx*/, + void */*data*/, + const krb5_data */*reply*/, + int */*action*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_krbhost_info_move ( + krb5_context /*context*/, + krb5_krbhst_info */*from*/, + krb5_krbhst_info **/*to*/); + +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL +_krb5_krbhst_get_realm (krb5_krbhst_handle /*handle*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_kt_principal_not_found ( + krb5_context /*context*/, + krb5_error_code /*ret*/, + krb5_keytab /*id*/, + krb5_const_principal /*principal*/, + krb5_enctype /*enctype*/, + int /*kvno*/); + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +_krb5_kuserok ( + krb5_context /*context*/, + krb5_principal /*principal*/, + const char */*luser*/, + krb5_boolean /*an2ln_ok*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_load_ccache_plugins (krb5_context /*context*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +_krb5_load_db_plugins (krb5_context /*context*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +_krb5_load_plugins ( + krb5_context /*context*/, + const char */*name*/, + const char **/*paths*/); + +krb5_error_code +_krb5_make_fast_ap_fxarmor ( + krb5_context /*context*/, + krb5_ccache /*armor_ccache*/, + krb5_data */*armor_value*/, + krb5_keyblock */*armor_key*/, + krb5_crypto */*armor_crypto*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_mk_req_internal ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + const krb5_flags /*ap_req_options*/, + krb5_data */*in_data*/, + krb5_creds */*in_creds*/, + krb5_data */*outbuf*/, + krb5_key_usage /*checksum_usage*/, + krb5_key_usage /*encrypt_usage*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_n_fold ( + const void */*str*/, + size_t /*len*/, + void */*key*/, + size_t /*size*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_pac_sign ( + krb5_context /*context*/, + krb5_pac /*p*/, + time_t /*authtime*/, + krb5_principal /*principal*/, + const krb5_keyblock */*server_key*/, + const krb5_keyblock */*priv_key*/, + krb5_data */*data*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_parse_moduli ( + krb5_context /*context*/, + const char */*file*/, + struct krb5_dh_moduli ***/*moduli*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_parse_moduli_line ( + krb5_context /*context*/, + const char */*file*/, + int /*lineno*/, + char */*p*/, + struct krb5_dh_moduli **/*m*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +_krb5_pk_cert_free (struct krb5_pk_cert */*cert*/); + +void +_krb5_pk_eckey_free (void */*eckey*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_pk_kdf ( + krb5_context /*context*/, + const struct AlgorithmIdentifier */*ai*/, + const void */*dhdata*/, + size_t /*dhsize*/, + krb5_const_principal /*client*/, + krb5_const_principal /*server*/, + krb5_enctype /*enctype*/, + const krb5_data */*as_req*/, + const krb5_data */*pk_as_rep*/, + const Ticket */*ticket*/, + krb5_keyblock */*key*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_pk_kx_confirm ( + krb5_context /*context*/, + krb5_pk_init_ctx /*ctx*/, + krb5_keyblock */*reply_key*/, + krb5_keyblock */*session_key*/, + PA_DATA */*pa_pkinit_kx*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_pk_load_id ( + krb5_context /*context*/, + struct krb5_pk_identity **/*ret_id*/, + const char */*user_id*/, + const char */*anchor_id*/, + char * const */*chain_list*/, + char * const */*revoke_list*/, + krb5_prompter_fct /*prompter*/, + void */*prompter_data*/, + char */*password*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_pk_mk_ContentInfo ( + krb5_context /*context*/, + const krb5_data */*buf*/, + const heim_oid */*oid*/, + struct ContentInfo */*content_info*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_pk_mk_padata ( + krb5_context /*context*/, + void */*c*/, + int /*ic_flags*/, + int /*win2k*/, + const KDC_REQ_BODY */*req_body*/, + unsigned /*nonce*/, + METHOD_DATA */*md*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_pk_octetstring2key ( + krb5_context /*context*/, + krb5_enctype /*type*/, + const void */*dhdata*/, + size_t /*dhsize*/, + const heim_octet_string */*c_n*/, + const heim_octet_string */*k_n*/, + krb5_keyblock */*key*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_pk_rd_pa_reply ( + krb5_context /*context*/, + const char */*realm*/, + void */*c*/, + krb5_enctype /*etype*/, + const krb5_krbhst_info */*hi*/, + unsigned /*nonce*/, + const krb5_data */*req_buffer*/, + PA_DATA */*pa*/, + krb5_keyblock **/*key*/); + +krb5_error_code +_krb5_pk_rd_pa_reply_ecdh_compute_key ( + krb5_context /*context*/, + krb5_pk_init_ctx /*ctx*/, + const unsigned char */*in*/, + size_t /*in_sz*/, + unsigned char **/*out*/, + int */*out_sz*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_plugin_find ( + krb5_context /*context*/, + enum krb5_plugin_type /*type*/, + const char */*name*/, + struct krb5_plugin **/*list*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +_krb5_plugin_free (struct krb5_plugin */*list*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_plugin_run_f ( + krb5_context /*context*/, + const char */*module*/, + const char */*name*/, + int /*min_version*/, + int /*flags*/, + void */*userctx*/, + krb5_error_code (KRB5_LIB_CALL *func)(krb5_context, const void *, void *, void *)); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_principal2principalname ( + PrincipalName */*p*/, + const krb5_principal /*from*/); + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +_krb5_principal_compare_PrincipalName ( + krb5_context /*context*/, + krb5_const_principal /*princ1*/, + PrincipalName */*princ2*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_principalname2krb5_principal ( + krb5_context /*context*/, + krb5_principal */*principal*/, + const PrincipalName /*from*/, + const Realm /*realm*/); + +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL +_krb5_put_int ( + void */*buffer*/, + uint64_t /*value*/, + size_t /*size*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_s4u2self_to_checksumdata ( + krb5_context /*context*/, + const PA_S4U2Self */*self*/, + krb5_data */*data*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +_krb5_sendto_ctx_set_krb5hst ( + krb5_context /*context*/, + krb5_sendto_ctx /*ctx*/, + krb5_krbhst_handle /*handle*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +_krb5_sendto_ctx_set_prexmit ( + krb5_sendto_ctx /*ctx*/, + krb5_sendto_prexmit /*prexmit*/, + void */*data*/); + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +_krb5_set_default_cc_name_to_registry ( + krb5_context /*context*/, + krb5_ccache /*id*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +_krb5_unload_plugins ( + krb5_context /*context*/, + const char */*name*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_usage2arcfour ( + krb5_context /*context*/, + unsigned */*usage*/); + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +_krb5_xlock ( + krb5_context /*context*/, + int /*fd*/, + krb5_boolean /*exclusive*/, + const char */*filename*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +_krb5_xor8 ( + unsigned char */*a*/, + const unsigned char */*b*/); + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +_krb5_xunlock ( + krb5_context /*context*/, + int /*fd*/); + +#undef KRB5_DEPRECATED_FUNCTION +#define KRB5_DEPRECATED_FUNCTION(X) + +#endif /* __krb5_private_h__ */ diff --git a/kerberos5/include/krb5-protos.h b/kerberos5/include/krb5-protos.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/krb5-protos.h @@ -0,0 +1,9301 @@ +/* This is a generated file */ +#ifndef __krb5_protos_h__ +#define __krb5_protos_h__ +#ifndef DOXY + +#include + +#if !defined(__GNUC__) && !defined(__attribute__) +#define __attribute__(x) +#endif + +#ifndef KRB5_DEPRECATED_FUNCTION +#ifndef __has_extension +#define __has_extension(x) 0 +#define KRB5_DEPRECATED_FUNCTIONhas_extension 1 +#endif +#if __has_extension(attribute_deprecated_with_message) +#define KRB5_DEPRECATED_FUNCTION(x) __attribute__((__deprecated__(x))) +#elif defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 ))) +#define KRB5_DEPRECATED_FUNCTION(X) __attribute__((__deprecated__)) +#else +#define KRB5_DEPRECATED_FUNCTION(X) +#endif +#ifdef KRB5_DEPRECATED_FUNCTIONhas_extension +#undef __has_extension +#undef KRB5_DEPRECATED_FUNCTIONhas_extension +#endif +#endif /* KRB5_DEPRECATED_FUNCTION */ + + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef KRB5_LIB +#ifndef KRB5_LIB_FUNCTION +#if defined(_WIN32) +#define KRB5_LIB_FUNCTION __declspec(dllimport) +#define KRB5_LIB_CALL __stdcall +#define KRB5_LIB_VARIABLE __declspec(dllimport) +#else +#define KRB5_LIB_FUNCTION +#define KRB5_LIB_CALL +#define KRB5_LIB_VARIABLE +#endif +#endif +#endif +/** + * Convert the v5 credentials in in_cred to v4-dito in v4creds. This + * is done by sending them to the 524 function in the KDC. If + * `in_cred' doesn't contain a DES session key, then a new one is + * gotten from the KDC and stored in the cred cache `ccache'. + * + * @param context Kerberos 5 context. + * @param in_cred the credential to convert + * @param v4creds the converted credential + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5_v4compat + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb524_convert_creds_kdc ( + krb5_context /*context*/, + krb5_creds */*in_cred*/, + struct credentials */*v4creds*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +/** + * Convert the v5 credentials in in_cred to v4-dito in v4creds, + * check the credential cache ccache before checking with the KDC. + * + * @param context Kerberos 5 context. + * @param ccache credential cache used to check for des-ticket. + * @param in_cred the credential to convert + * @param v4creds the converted credential + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5_v4compat + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb524_convert_creds_kdc_ccache ( + krb5_context /*context*/, + krb5_ccache /*ccache*/, + krb5_creds */*in_cred*/, + struct credentials */*v4creds*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +/** + * Log a warning to the log, default stderr, include the error from + * the last failure and then abort. + * + * @param context A Kerberos 5 context + * @param code error code of the last error + * @param fmt message to print + * @param ... arguments for format string + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_abort ( + krb5_context /*context*/, + krb5_error_code /*code*/, + const char */*fmt*/, + ...) + __attribute__ ((__noreturn__, __format__ (__printf__, 3, 4))); + +/** + * Log a warning to the log, default stderr, and then abort. + * + * @param context A Kerberos 5 context + * @param fmt printf format string of message to print + * @param ... arguments for format string + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_abortx ( + krb5_context /*context*/, + const char */*fmt*/, + ...) + __attribute__ ((__noreturn__, __format__ (__printf__, 2, 3))); + +/** + * krb5_acl_match_file matches ACL format against each line in a file + * using krb5_acl_match_string(). Lines starting with # are treated + * like comments and ignored. + * + * @param context Kerberos 5 context. + * @param file file with acl listed in the file. + * @param format format to match. + * @param ... parameter to format string. + * + * @return Return an error code or 0. + * + * @sa krb5_acl_match_string + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_acl_match_file ( + krb5_context /*context*/, + const char */*file*/, + const char */*format*/, + ...); + +/** + * krb5_acl_match_string matches ACL format against a string. + * + * The ACL format has three format specifiers: s, f, and r. Each + * specifier will retrieve one argument from the variable arguments + * for either matching or storing data. The input string is split up + * using " " (space) and "\t" (tab) as a delimiter; multiple and "\t" + * in a row are considered to be the same. + * + * List of format specifiers: + * - s Matches a string using strcmp(3) (case sensitive). + * - f Matches the string with fnmatch(3). Theflags + * argument (the last argument) passed to the fnmatch function is 0. + * - r Returns a copy of the string in the char ** passed in; the copy + * must be freed with free(3). There is no need to free(3) the + * string on error: the function will clean up and set the pointer + * to NULL. + * + * @param context Kerberos 5 context + * @param string string to match with + * @param format format to match + * @param ... parameter to format string + * + * @return Return an error code or 0. + * + * + * @code + * char *s; + * + * ret = krb5_acl_match_string(context, "foo", "s", "foo"); + * if (ret) + * krb5_errx(context, 1, "acl didn't match"); + * ret = krb5_acl_match_string(context, "foo foo baz/kaka", + * "ss", "foo", &s, "foo/\\*"); + * if (ret) { + * // no need to free(s) on error + * assert(s == NULL); + * krb5_errx(context, 1, "acl didn't match"); + * } + * free(s); + * @endcode + * + * @sa krb5_acl_match_file + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_acl_match_string ( + krb5_context /*context*/, + const char */*string*/, + const char */*format*/, + ...); + +/** + * Add a specified list of error messages to the et list in context. + * Call func (probably a comerr-generated function) with a pointer to + * the current et_list. + * + * @param context A kerberos context. + * @param func The generated com_err et function. + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_add_et_list ( + krb5_context /*context*/, + void (*/*func*/)(struct et_list **)); + +/** + * Add extra address to the address list that the library will add to + * the client's address list when communicating with the KDC. + * + * @param context Kerberos 5 context. + * @param addresses addreses to add + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_add_extra_addresses ( + krb5_context /*context*/, + krb5_addresses */*addresses*/); + +/** + * Add extra addresses to ignore when fetching addresses from the + * underlaying operating system. + * + * @param context Kerberos 5 context. + * @param addresses addreses to ignore + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_add_ignore_addresses ( + krb5_context /*context*/, + krb5_addresses */*addresses*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_addlog_dest ( + krb5_context /*context*/, + krb5_log_facility */*f*/, + const char */*orig*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_addlog_func ( + krb5_context /*context*/, + krb5_log_facility */*fac*/, + int /*min*/, + int /*max*/, + krb5_log_log_func_t /*log_func*/, + krb5_log_close_func_t /*close_func*/, + void */*data*/); + +/** + * krb5_addr2sockaddr sets the "struct sockaddr sockaddr" from addr + * and port. The argument sa_size should initially contain the size of + * the sa and after the call, it will contain the actual length of the + * address. In case of the sa is too small to fit the whole address, + * the up to *sa_size will be stored, and then *sa_size will be set to + * the required length. + * + * @param context a Keberos context + * @param addr the address to copy the from + * @param sa the struct sockaddr that will be filled in + * @param sa_size pointer to length of sa, and after the call, it will + * contain the actual length of the address. + * @param port set port in sa. + * + * @return Return an error code or 0. Will return + * KRB5_PROG_ATYPE_NOSUPP in case address type is not supported. + * + * @ingroup krb5_address + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_addr2sockaddr ( + krb5_context /*context*/, + const krb5_address */*addr*/, + struct sockaddr */*sa*/, + krb5_socklen_t */*sa_size*/, + int /*port*/); + +/** + * krb5_address_compare compares the addresses addr1 and addr2. + * Returns TRUE if the two addresses are the same. + * + * @param context a Keberos context + * @param addr1 address to compare + * @param addr2 address to compare + * + * @return Return an TRUE is the address are the same FALSE if not + * + * @ingroup krb5_address + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_address_compare ( + krb5_context /*context*/, + const krb5_address */*addr1*/, + const krb5_address */*addr2*/); + +/** + * krb5_address_order compares the addresses addr1 and addr2 so that + * it can be used for sorting addresses. If the addresses are the same + * address krb5_address_order will return 0. Behavies like memcmp(2). + * + * @param context a Keberos context + * @param addr1 krb5_address to compare + * @param addr2 krb5_address to compare + * + * @return < 0 if address addr1 in "less" then addr2. 0 if addr1 and + * addr2 is the same address, > 0 if addr2 is "less" then addr1. + * + * @ingroup krb5_address + */ + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_address_order ( + krb5_context /*context*/, + const krb5_address */*addr1*/, + const krb5_address */*addr2*/); + +/** + * Calculate the boundary addresses of `inaddr'/`prefixlen' and store + * them in `low' and `high'. + * + * @param context a Keberos context + * @param inaddr address in prefixlen that the bondery searched + * @param prefixlen width of boundery + * @param low lowest address + * @param high highest address + * + * @return Return an error code or 0. + * + * @ingroup krb5_address + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_address_prefixlen_boundary ( + krb5_context /*context*/, + const krb5_address */*inaddr*/, + unsigned long /*prefixlen*/, + krb5_address */*low*/, + krb5_address */*high*/); + +/** + * krb5_address_search checks if the address addr is a member of the + * address set list addrlist . + * + * @param context a Keberos context. + * @param addr address to search for. + * @param addrlist list of addresses to look in for addr. + * + * @return Return an error code or 0. + * + * @ingroup krb5_address + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_address_search ( + krb5_context /*context*/, + const krb5_address */*addr*/, + const krb5_addresses */*addrlist*/); + +/** + * Enable or disable all weak encryption types + * + * @param context Kerberos 5 context + * @param enable true to enable, false to disable + * + * @return Return an error code or 0. + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_allow_weak_crypto ( + krb5_context /*context*/, + krb5_boolean /*enable*/); + +/** + * Map a principal name to a local username. + * + * Returns 0 on success, KRB5_NO_LOCALNAME if no mapping was found, or + * some Kerberos or system error. + * + * Inputs: + * + * @param context A krb5_context + * @param aname A principal name + * @param lnsize The size of the buffer into which the username will be written + * @param lname The buffer into which the username will be written + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_aname_to_localname ( + krb5_context /*context*/, + krb5_const_principal /*aname*/, + size_t /*lnsize*/, + char */*lname*/); + +/** + * krb5_anyaddr fills in a "struct sockaddr sa" that can be used to + * bind(2) to. The argument sa_size should initially contain the size + * of the sa, and after the call, it will contain the actual length + * of the address. + * + * @param context a Keberos context + * @param af address family + * @param sa sockaddr + * @param sa_size lenght of sa. + * @param port for to fill into sa. + * + * @return Return an error code or 0. + * + * @ingroup krb5_address + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_anyaddr ( + krb5_context /*context*/, + int /*af*/, + struct sockaddr */*sa*/, + krb5_socklen_t */*sa_size*/, + int /*port*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_appdefault_boolean ( + krb5_context /*context*/, + const char */*appname*/, + krb5_const_realm /*realm*/, + const char */*option*/, + krb5_boolean /*def_val*/, + krb5_boolean */*ret_val*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_appdefault_string ( + krb5_context /*context*/, + const char */*appname*/, + krb5_const_realm /*realm*/, + const char */*option*/, + const char */*def_val*/, + char **/*ret_val*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_appdefault_time ( + krb5_context /*context*/, + const char */*appname*/, + krb5_const_realm /*realm*/, + const char */*option*/, + time_t /*def_val*/, + time_t */*ret_val*/); + +/** + * krb5_append_addresses adds the set of addresses in source to + * dest. While copying the addresses, duplicates are also sorted out. + * + * @param context a Keberos context + * @param dest destination of copy operation + * @param source adresses that are going to be added to dest + * + * @return Return an error code or 0. + * + * @ingroup krb5_address + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_append_addresses ( + krb5_context /*context*/, + krb5_addresses */*dest*/, + const krb5_addresses */*source*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_add_AuthorizationData ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + int /*type*/, + krb5_data */*data*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_addflags ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + int32_t /*addflags*/, + int32_t */*flags*/); + +/** + * Deallocate an authentication context previously initialized with + * krb5_auth_con_init(). + * + * @param context A kerberos context. + * @param auth_context The authentication context to be deallocated. + * + * @return An krb5 error code, see krb5_get_error_message(). + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_free ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/); + +/** + * Update the authentication context \a auth_context with the local + * and remote addresses from socket \a fd, according to \a flags. + * + * @return An krb5 error code, see krb5_get_error_message(). + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_genaddrs ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_socket_t /*fd*/, + int /*flags*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_generatelocalsubkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock */*key*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_getaddrs ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_address **/*local_addr*/, + krb5_address **/*remote_addr*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_getauthenticator ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_authenticator */*authenticator*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_getcksumtype ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_cksumtype */*cksumtype*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_getflags ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + int32_t */*flags*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_getkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock **/*keyblock*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_getkeytype ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keytype */*keytype*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_getlocalseqnumber ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + int32_t */*seqnumber*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_getlocalsubkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock **/*keyblock*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_getrcache ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_rcache */*rcache*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_getrecvsubkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock **/*keyblock*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_getremoteseqnumber ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + int32_t */*seqnumber*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_getremotesubkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock **/*keyblock*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_getsendsubkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock **/*keyblock*/); + +/** + * Allocate and initialize an autentication context. + * + * @param context A kerberos context. + * @param auth_context The authentication context to be initialized. + * + * Use krb5_auth_con_free() to release the memory when done using the context. + * + * @return An krb5 error code, see krb5_get_error_message(). + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_init ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_removeflags ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + int32_t /*removeflags*/, + int32_t */*flags*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_setaddrs ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_address */*local_addr*/, + krb5_address */*remote_addr*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_setaddrs_from_fd ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + void */*p_fd*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_setcksumtype ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_cksumtype /*cksumtype*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_setflags ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + int32_t /*flags*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_setkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock */*keyblock*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_setkeytype ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keytype /*keytype*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_setlocalseqnumber ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + int32_t /*seqnumber*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_setlocalsubkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock */*keyblock*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_setrcache ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_rcache /*rcache*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_setrecvsubkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock */*keyblock*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_setremoteseqnumber ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + int32_t /*seqnumber*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_setremotesubkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock */*keyblock*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_setsendsubkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock */*keyblock*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_setuserkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock */*keyblock*/); + +/** + * Deprecated: use krb5_auth_con_getremoteseqnumber() + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_getremoteseqnumber ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + int32_t */*seqnumber*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_build_ap_req ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + krb5_creds */*cred*/, + krb5_flags /*ap_options*/, + krb5_data /*authenticator*/, + krb5_data */*retdata*/); + +/** + * Build a principal using vararg style building + * + * @param context A Kerberos context. + * @param principal returned principal + * @param rlen length of realm + * @param realm realm name + * @param ... a list of components ended with NULL. + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_build_principal ( + krb5_context /*context*/, + krb5_principal */*principal*/, + int /*rlen*/, + krb5_const_realm /*realm*/, + ...); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_build_principal_ext ( + krb5_context /*context*/, + krb5_principal */*principal*/, + int /*rlen*/, + krb5_const_realm /*realm*/, + ...); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_build_principal_va ( + krb5_context /*context*/, + krb5_principal */*principal*/, + int /*rlen*/, + krb5_const_realm /*realm*/, + va_list /*ap*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_build_principal_va_ext ( + krb5_context /*context*/, + krb5_principal */*principal*/, + int /*rlen*/, + krb5_const_realm /*realm*/, + va_list /*ap*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_c_block_size ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + size_t */*blocksize*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_c_checksum_length ( + krb5_context /*context*/, + krb5_cksumtype /*cksumtype*/, + size_t */*length*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_c_decrypt ( + krb5_context /*context*/, + const krb5_keyblock /*key*/, + krb5_keyusage /*usage*/, + const krb5_data */*ivec*/, + krb5_enc_data */*input*/, + krb5_data */*output*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_c_encrypt ( + krb5_context /*context*/, + const krb5_keyblock */*key*/, + krb5_keyusage /*usage*/, + const krb5_data */*ivec*/, + const krb5_data */*input*/, + krb5_enc_data */*output*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_c_encrypt_length ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + size_t /*inputlen*/, + size_t */*length*/); + +/** + * Deprecated: keytypes doesn't exists, they are really enctypes. + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_c_enctype_compare ( + krb5_context /*context*/, + krb5_enctype /*e1*/, + krb5_enctype /*e2*/, + krb5_boolean */*similar*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_c_get_checksum ( + krb5_context /*context*/, + const krb5_checksum */*cksum*/, + krb5_cksumtype */*type*/, + krb5_data **/*data*/); + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_c_is_coll_proof_cksum (krb5_cksumtype /*ctype*/); + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_c_is_keyed_cksum (krb5_cksumtype /*ctype*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_c_keylengths ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + size_t */*ilen*/, + size_t */*keylen*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_c_make_checksum ( + krb5_context /*context*/, + krb5_cksumtype /*cksumtype*/, + const krb5_keyblock */*key*/, + krb5_keyusage /*usage*/, + const krb5_data */*input*/, + krb5_checksum */*cksum*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_c_make_random_key ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + krb5_keyblock */*random_key*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_c_prf ( + krb5_context /*context*/, + const krb5_keyblock */*key*/, + const krb5_data */*input*/, + krb5_data */*output*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_c_prf_length ( + krb5_context /*context*/, + krb5_enctype /*type*/, + size_t */*length*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_c_random_make_octets ( + krb5_context /*context*/, + krb5_data * /*data*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_c_set_checksum ( + krb5_context /*context*/, + krb5_checksum */*cksum*/, + krb5_cksumtype /*type*/, + const krb5_data */*data*/); + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_c_valid_cksumtype (krb5_cksumtype /*ctype*/); + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_c_valid_enctype (krb5_enctype /*etype*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_c_verify_checksum ( + krb5_context /*context*/, + const krb5_keyblock */*key*/, + krb5_keyusage /*usage*/, + const krb5_data */*data*/, + const krb5_checksum */*cksum*/, + krb5_boolean */*valid*/); + +/** + * Destroy the cursor `cursor'. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_cache_end_seq_get ( + krb5_context /*context*/, + krb5_cc_cache_cursor /*cursor*/); + +/** + * Start iterating over all caches of specified type. See also + * krb5_cccol_cursor_new(). + + * @param context A Kerberos 5 context + * @param type optional type to iterate over, if NULL, the default cache is used. + * @param cursor cursor should be freed with krb5_cc_cache_end_seq_get(). + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_cache_get_first ( + krb5_context /*context*/, + const char */*type*/, + krb5_cc_cache_cursor */*cursor*/); + +/** + * Search for a matching credential cache that have the + * `principal' as the default principal. On success, `id' needs to be + * freed with krb5_cc_close() or krb5_cc_destroy(). + * + * @param context A Kerberos 5 context + * @param client The principal to search for + * @param id the returned credential cache + * + * @return On failure, error code is returned and `id' is set to NULL. + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_cache_match ( + krb5_context /*context*/, + krb5_principal /*client*/, + krb5_ccache */*id*/); + +/** + * Retrieve the next cache pointed to by (`cursor') in `id' + * and advance `cursor'. + * + * @param context A Kerberos 5 context + * @param cursor the iterator cursor, returned by krb5_cc_cache_get_first() + * @param id next ccache + * + * @return Return 0 or an error code. Returns KRB5_CC_END when the end + * of caches is reached, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_cache_next ( + krb5_context /*context*/, + krb5_cc_cache_cursor /*cursor*/, + krb5_ccache */*id*/); + +/** + * Clear `mcreds' so it can be used with krb5_cc_retrieve_cred + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_cc_clear_mcred (krb5_creds */*mcred*/); + +/** + * Stop using the ccache `id' and free the related resources. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_close ( + krb5_context /*context*/, + krb5_ccache /*id*/); + +/** + * Just like krb5_cc_copy_match_f(), but copy everything. + * + * @ingroup @krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_copy_cache ( + krb5_context /*context*/, + const krb5_ccache /*from*/, + krb5_ccache /*to*/); + +/** + * MIT compat glue + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_copy_creds ( + krb5_context /*context*/, + const krb5_ccache /*from*/, + krb5_ccache /*to*/); + +/** + * Copy the contents of `from' to `to' if the given match function + * return true. + * + * @param context A Kerberos 5 context. + * @param from the cache to copy data from. + * @param to the cache to copy data to. + * @param match a match function that should return TRUE if cred argument should be copied, if NULL, all credentials are copied. + * @param matchctx context passed to match function. + * @param matched set to true if there was a credential that matched, may be NULL. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_copy_match_f ( + krb5_context /*context*/, + const krb5_ccache /*from*/, + krb5_ccache /*to*/, + krb5_boolean (*/*match*/)(krb5_context, void *, const krb5_creds *), + void */*matchctx*/, + unsigned int */*matched*/); + +/** + * Open the default ccache in `id'. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_default ( + krb5_context /*context*/, + krb5_ccache */*id*/); + +/** + * Return a pointer to a context static string containing the default + * ccache name. + * + * @return String to the default credential cache name. + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL +krb5_cc_default_name (krb5_context /*context*/); + +/** + * Remove the ccache `id'. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_destroy ( + krb5_context /*context*/, + krb5_ccache /*id*/); + +/** + * Destroy the cursor `cursor'. + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_end_seq_get ( + krb5_context /*context*/, + const krb5_ccache /*id*/, + krb5_cc_cursor */*cursor*/); + +/** + * Generate a new ccache of type `ops' in `id'. + * + * Deprecated: use krb5_cc_new_unique() instead. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_gen_new ( + krb5_context /*context*/, + const krb5_cc_ops */*ops*/, + krb5_ccache */*id*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +/** + * Get some configuration for the credential cache in the cache. + * + * @param context a Keberos context + * @param id the credential cache to store the data for + * @param principal configuration for a specific principal, if + * NULL, global for the whole cache. + * @param name name under which the configuraion is stored. + * @param data data to fetched, free with krb5_data_free() + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_get_config ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_const_principal /*principal*/, + const char */*name*/, + krb5_data */*data*/); + +/** + * Get the flags of `id', store them in `flags'. + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_get_flags ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_flags */*flags*/); + +/** + * Return a friendly name on credential cache. Free the result with krb5_xfree(). + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_get_friendly_name ( + krb5_context /*context*/, + krb5_ccache /*id*/, + char **/*name*/); + +/** + * Return the complete resolvable name the cache + + * @param context a Keberos context + * @param id return pointer to a found credential cache + * @param str the returned name of a credential cache, free with krb5_xfree() + * + * @return Returns 0 or an error (and then *str is set to NULL). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_get_full_name ( + krb5_context /*context*/, + krb5_ccache /*id*/, + char **/*str*/); + +/** + * Get the time offset betwen the client and the KDC + * + * If the backend doesn't support KDC offset, use the context global setting. + * + * @param context A Kerberos 5 context. + * @param id a credential cache + * @param offset the offset in seconds + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_get_kdc_offset ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_deltat */*offset*/); + +/** + * Get the lifetime of the initial ticket in the cache + * + * Get the lifetime of the initial ticket in the cache, if the initial + * ticket was not found, the error code KRB5_CC_END is returned. + * + * @param context A Kerberos 5 context. + * @param id a credential cache + * @param t the relative lifetime of the initial ticket + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_get_lifetime ( + krb5_context /*context*/, + krb5_ccache /*id*/, + time_t */*t*/); + +/** + * Return the name of the ccache `id' + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL +krb5_cc_get_name ( + krb5_context /*context*/, + krb5_ccache /*id*/); + +/** + * Return krb5_cc_ops of a the ccache `id'. + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION const krb5_cc_ops * KRB5_LIB_CALL +krb5_cc_get_ops ( + krb5_context /*context*/, + krb5_ccache /*id*/); + +/** + * Get the cc ops that is registered in `context' to handle the + * prefix. prefix can be a complete credential cache name or a + * prefix, the function will only use part up to the first colon (:) + * if there is one. If prefix the argument is NULL, the default ccache + * implemtation is returned. + * + * @return Returns NULL if ops not found. + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION const krb5_cc_ops * KRB5_LIB_CALL +krb5_cc_get_prefix_ops ( + krb5_context /*context*/, + const char */*prefix*/); + +/** + * Return the principal of `id' in `principal'. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_get_principal ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_principal */*principal*/); + +/** + * Return the type of the ccache `id'. + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL +krb5_cc_get_type ( + krb5_context /*context*/, + krb5_ccache /*id*/); + +/** + * Return the version of `id'. + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_get_version ( + krb5_context /*context*/, + const krb5_ccache /*id*/); + +/** + * Create a new ccache in `id' for `primary_principal'. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_initialize ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_principal /*primary_principal*/); + +/** + * Return the last time the credential cache was modified. + * + * @param context A Kerberos 5 context + * @param id The credential cache to probe + * @param mtime the last modification time, set to 0 on error. + + * @return Return 0 or and error. See krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_last_change_time ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_timestamp */*mtime*/); + +/** + * Move the content from one credential cache to another. The + * operation is an atomic switch. + * + * @param context a Keberos context + * @param from the credential cache to move the content from + * @param to the credential cache to move the content to + + * @return On sucess, from is freed. On failure, error code is + * returned and from and to are both still allocated, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_move ( + krb5_context /*context*/, + krb5_ccache /*from*/, + krb5_ccache /*to*/); + +/** + * Generates a new unique ccache of `type` in `id'. If `type' is NULL, + * the library chooses the default credential cache type. The supplied + * `hint' (that can be NULL) is a string that the credential cache + * type can use to base the name of the credential on, this is to make + * it easier for the user to differentiate the credentials. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_new_unique ( + krb5_context /*context*/, + const char */*type*/, + const char */*hint*/, + krb5_ccache */*id*/); + +/** + * Retrieve the next cred pointed to by (`id', `cursor') in `creds' + * and advance `cursor'. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_next_cred ( + krb5_context /*context*/, + const krb5_ccache /*id*/, + krb5_cc_cursor */*cursor*/, + krb5_creds */*creds*/); + +/** + * Add a new ccache type with operations `ops', overwriting any + * existing one if `override'. + * + * @param context a Keberos context + * @param ops type of plugin symbol + * @param override flag to select if the registration is to overide + * an existing ops with the same name. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_register ( + krb5_context /*context*/, + const krb5_cc_ops */*ops*/, + krb5_boolean /*override*/); + +/** + * Remove the credential identified by `cred', `which' from `id'. + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_remove_cred ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_flags /*which*/, + krb5_creds */*cred*/); + +/** + * Find and allocate a ccache in `id' from the specification in `residual'. + * If the ccache name doesn't contain any colon, interpret it as a file name. + * + * @param context a Keberos context. + * @param name string name of a credential cache. + * @param id return pointer to a found credential cache. + * + * @return Return 0 or an error code. In case of an error, id is set + * to NULL, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_resolve ( + krb5_context /*context*/, + const char */*name*/, + krb5_ccache */*id*/); + +/** + * Retrieve the credential identified by `mcreds' (and `whichfields') + * from `id' in `creds'. 'creds' must be free by the caller using + * krb5_free_cred_contents. + * + * @param context A Kerberos 5 context + * @param id a Kerberos 5 credential cache + * @param whichfields what fields to use for matching credentials, same + * flags as whichfields in krb5_compare_creds() + * @param mcreds template credential to use for comparing + * @param creds returned credential, free with krb5_free_cred_contents() + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_retrieve_cred ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_flags /*whichfields*/, + const krb5_creds */*mcreds*/, + krb5_creds */*creds*/); + +/** + * Store some configuration for the credential cache in the cache. + * Existing configuration under the same name is over-written. + * + * @param context a Keberos context + * @param id the credential cache to store the data for + * @param principal configuration for a specific principal, if + * NULL, global for the whole cache. + * @param name name under which the configuraion is stored. + * @param data data to store, if NULL, configure is removed. + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_set_config ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_const_principal /*principal*/, + const char */*name*/, + krb5_data */*data*/); + +/** + * Set the default cc name for `context' to `name'. + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_set_default_name ( + krb5_context /*context*/, + const char */*name*/); + +/** + * Set the flags of `id' to `flags'. + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_set_flags ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_flags /*flags*/); + +/** + * Set the friendly name on credential cache. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_set_friendly_name ( + krb5_context /*context*/, + krb5_ccache /*id*/, + const char */*name*/); + +/** + * Set the time offset betwen the client and the KDC + * + * If the backend doesn't support KDC offset, use the context global setting. + * + * @param context A Kerberos 5 context. + * @param id a credential cache + * @param offset the offset in seconds + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_set_kdc_offset ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_deltat /*offset*/); + +/** + * Start iterating over `id', `cursor' is initialized to the + * beginning. Caller must free the cursor with krb5_cc_end_seq_get(). + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_start_seq_get ( + krb5_context /*context*/, + const krb5_ccache /*id*/, + krb5_cc_cursor */*cursor*/); + +/** + * Store `creds' in the ccache `id'. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_store_cred ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_creds */*creds*/); + +/** + * Return true if the default credential cache support switch + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_cc_support_switch ( + krb5_context /*context*/, + const char */*type*/); + +/** + * Switch the default default credential cache for a specific + * credcache type (and name for some implementations). + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_switch ( + krb5_context /*context*/, + krb5_ccache /*id*/); + +/** + * End an iteration and free all resources, can be done before end is reached. + * + * @param context A Kerberos 5 context + * @param cursor the iteration cursor to be freed. + * + * @return Return 0 or and error, KRB5_CC_END is returned at the end + * of iteration. See krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cccol_cursor_free ( + krb5_context /*context*/, + krb5_cccol_cursor */*cursor*/); + +/** + * Get a new cache interation cursor that will interate over all + * credentials caches independent of type. + * + * @param context a Keberos context + * @param cursor passed into krb5_cccol_cursor_next() and free with krb5_cccol_cursor_free(). + * + * @return Returns 0 or and error code, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cccol_cursor_new ( + krb5_context /*context*/, + krb5_cccol_cursor */*cursor*/); + +/** + * Get next credential cache from the iteration. + * + * @param context A Kerberos 5 context + * @param cursor the iteration cursor + * @param cache the returned cursor, pointer is set to NULL on failure + * and a cache on success. The returned cache needs to be freed + * with krb5_cc_close() or destroyed with krb5_cc_destroy(). + * MIT Kerberos behavies slightly diffrent and sets cache to NULL + * when all caches are iterated over and return 0. + * + * @return Return 0 or and error, KRB5_CC_END is returned at the end + * of iteration. See krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cccol_cursor_next ( + krb5_context /*context*/, + krb5_cccol_cursor /*cursor*/, + krb5_ccache */*cache*/); + +/** + * Return the last modfication time for a cache collection. The query + * can be limited to a specific cache type. If the function return 0 + * and mtime is 0, there was no credentials in the caches. + * + * @param context A Kerberos 5 context + * @param type The credential cache to probe, if NULL, all type are traversed. + * @param mtime the last modification time, set to 0 on error. + + * @return Return 0 or and error. See krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cccol_last_change_time ( + krb5_context /*context*/, + const char */*type*/, + krb5_timestamp */*mtime*/); + +/** + * Deprecated: krb5_change_password() is deprecated, use krb5_set_password(). + * + * @param context a Keberos context + * @param creds + * @param newpw + * @param result_code + * @param result_code_string + * @param result_string + * + * @return On sucess password is changed. + + * @ingroup @krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_change_password ( + krb5_context /*context*/, + krb5_creds */*creds*/, + const char */*newpw*/, + int */*result_code*/, + krb5_data */*result_code_string*/, + krb5_data */*result_string*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_check_transited ( + krb5_context /*context*/, + krb5_const_realm /*client_realm*/, + krb5_const_realm /*server_realm*/, + krb5_realm */*realms*/, + unsigned int /*num_realms*/, + int */*bad_realm*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_check_transited_realms ( + krb5_context /*context*/, + const char *const */*realms*/, + unsigned int /*num_realms*/, + int */*bad_realm*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_checksum_disable ( + krb5_context /*context*/, + krb5_cksumtype /*type*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_checksum_free ( + krb5_context /*context*/, + krb5_checksum */*cksum*/); + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_checksum_is_collision_proof ( + krb5_context /*context*/, + krb5_cksumtype /*type*/); + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_checksum_is_keyed ( + krb5_context /*context*/, + krb5_cksumtype /*type*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_checksumsize ( + krb5_context /*context*/, + krb5_cksumtype /*type*/, + size_t */*size*/); + +/** + * Return the coresponding encryption type for a checksum type. + * + * @param context Kerberos context + * @param ctype The checksum type to get the result enctype for + * @param etype The returned encryption, when the matching etype is + * not found, etype is set to ETYPE_NULL. + * + * @return Return an error code for an failure or 0 on success. + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cksumtype_to_enctype ( + krb5_context /*context*/, + krb5_cksumtype /*ctype*/, + krb5_enctype */*etype*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cksumtype_valid ( + krb5_context /*context*/, + krb5_cksumtype /*ctype*/); + +/** + * Clears the error message from the Kerberos 5 context. + * + * @param context The Kerberos 5 context to clear + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_clear_error_message (krb5_context /*context*/); + +/** + * Clear the error message returned by krb5_get_error_string(). + * + * Deprecated: use krb5_clear_error_message() + * + * @param context Kerberos context + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_clear_error_string (krb5_context /*context*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_closelog ( + krb5_context /*context*/, + krb5_log_facility */*fac*/); + +/** + * Return TRUE if `mcreds' and `creds' are equal (`whichfields' + * determines what equal means). + * + * + * The following flags, set in whichfields affects the comparison: + * - KRB5_TC_MATCH_SRV_NAMEONLY Consider all realms equal when comparing the service principal. + * - KRB5_TC_MATCH_KEYTYPE Compare enctypes. + * - KRB5_TC_MATCH_FLAGS_EXACT Make sure that the ticket flags are identical. + * - KRB5_TC_MATCH_FLAGS Make sure that all ticket flags set in mcreds are also present in creds . + * - KRB5_TC_MATCH_TIMES_EXACT Compares the ticket times exactly. + * - KRB5_TC_MATCH_TIMES Compares only the expiration times of the creds. + * - KRB5_TC_MATCH_AUTHDATA Compares the authdata fields. + * - KRB5_TC_MATCH_2ND_TKT Compares the second tickets (used by user-to-user authentication). + * - KRB5_TC_MATCH_IS_SKEY Compares the existance of the second ticket. + * + * @param context Kerberos 5 context. + * @param whichfields which fields to compare. + * @param mcreds cred to compare with. + * @param creds cred to compare with. + * + * @return return TRUE if mcred and creds are equal, FALSE if not. + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_compare_creds ( + krb5_context /*context*/, + krb5_flags /*whichfields*/, + const krb5_creds * /*mcreds*/, + const krb5_creds * /*creds*/); + +/** + * Free configuration file section, the result of + * krb5_config_parse_file() and krb5_config_parse_file_multi(). + * + * @param context A Kerberos 5 context + * @param s the configuration section to free + * + * @return returns 0 on successes, otherwise an error code, see + * krb5_get_error_message() + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_config_file_free ( + krb5_context /*context*/, + krb5_config_section */*s*/); + +/** + * Free the resulting strings from krb5_config-get_strings() and + * krb5_config_vget_strings(). + * + * @param strings strings to free + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_config_free_strings (char **/*strings*/); + +/** + * Like krb5_config_get_bool() but with a va_list list of + * configuration selection. + * + * Configuration value to a boolean value, where yes/true and any + * non-zero number means TRUE and other value is FALSE. + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param ... a list of names, terminated with NULL. + * + * @return TRUE or FALSE + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_config_get_bool ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + ...); + +/** + * krb5_config_get_bool_default() will convert the configuration + * option value to a boolean value, where yes/true and any non-zero + * number means TRUE and other value is FALSE. + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param def_value the default value to return if no configuration + * found in the database. + * @param ... a list of names, terminated with NULL. + * + * @return TRUE or FALSE + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_config_get_bool_default ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + krb5_boolean /*def_value*/, + ...); + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_config_get_int ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + ...); + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_config_get_int_default ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + int /*def_value*/, + ...); + +/** + * Get a list of configuration binding list for more processing + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param ... a list of names, terminated with NULL. + * + * @return NULL if configuration list is not found, a list otherwise + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION const krb5_config_binding * KRB5_LIB_CALL +krb5_config_get_list ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + ...); + +/** + * Returns a "const char *" to a string in the configuration database. + * The string may not be valid after a reload of the configuration + * database so a caller should make a local copy if it needs to keep + * the string. + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param ... a list of names, terminated with NULL. + * + * @return NULL if configuration string not found, a string otherwise + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL +krb5_config_get_string ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + ...); + +/** + * Like krb5_config_get_string(), but instead of returning NULL, + * instead return a default value. + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param def_value the default value to return if no configuration + * found in the database. + * @param ... a list of names, terminated with NULL. + * + * @return a configuration string + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL +krb5_config_get_string_default ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + const char */*def_value*/, + ...); + +/** + * Get a list of configuration strings, free the result with + * krb5_config_free_strings(). + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param ... a list of names, terminated with NULL. + * + * @return TRUE or FALSE + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION char** KRB5_LIB_CALL +krb5_config_get_strings ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + ...); + +/** + * Get the time from the configuration file using a relative time, for example: 1h30s + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param ... a list of names, terminated with NULL. + * + * @return parsed the time or -1 on error + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_config_get_time ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + ...); + +/** + * Get the time from the configuration file using a relative time, for example: 1h30s + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param def_value the default value to return if no configuration + * found in the database. + * @param ... a list of names, terminated with NULL. + * + * @return parsed the time (or def_value on parse error) + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_config_get_time_default ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + int /*def_value*/, + ...); + +/** + * If the fname starts with "~/" parse configuration file in the + * current users home directory. The behavior can be disabled and + * enabled by calling krb5_set_home_dir_access(). + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_config_parse_file ( + krb5_context /*context*/, + const char */*fname*/, + krb5_config_section **/*res*/); + +/** + * Parse a configuration file and add the result into res. This + * interface can be used to parse several configuration files into one + * resulting krb5_config_section by calling it repeatably. + * + * @param context a Kerberos 5 context. + * @param fname a file name to a Kerberos configuration file + * @param res the returned result, must be free with krb5_free_config_files(). + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_config_parse_file_multi ( + krb5_context /*context*/, + const char */*fname*/, + krb5_config_section **/*res*/); + +/** + * Deprecated: configuration files are not strings + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_config_parse_string_multi ( + krb5_context /*context*/, + const char */*string*/, + krb5_config_section **/*res*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +/** + * krb5_config_get_bool() will convert the configuration + * option value to a boolean value, where yes/true and any non-zero + * number means TRUE and other value is FALSE. + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param args a va_list of arguments + * + * @return TRUE or FALSE + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_config_vget_bool ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + va_list /*args*/); + +/** + * Like krb5_config_get_bool_default() but with a va_list list of + * configuration selection. + * + * Configuration value to a boolean value, where yes/true and any + * non-zero number means TRUE and other value is FALSE. + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param def_value the default value to return if no configuration + * found in the database. + * @param args a va_list of arguments + * + * @return TRUE or FALSE + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_config_vget_bool_default ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + krb5_boolean /*def_value*/, + va_list /*args*/); + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_config_vget_int ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + va_list /*args*/); + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_config_vget_int_default ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + int /*def_value*/, + va_list /*args*/); + +/** + * Get a list of configuration binding list for more processing + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param args a va_list of arguments + * + * @return NULL if configuration list is not found, a list otherwise + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION const krb5_config_binding * KRB5_LIB_CALL +krb5_config_vget_list ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + va_list /*args*/); + +/** + * Like krb5_config_get_string(), but uses a va_list instead of ... + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param args a va_list of arguments + * + * @return NULL if configuration string not found, a string otherwise + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL +krb5_config_vget_string ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + va_list /*args*/); + +/** + * Like krb5_config_vget_string(), but instead of returning NULL, + * instead return a default value. + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param def_value the default value to return if no configuration + * found in the database. + * @param args a va_list of arguments + * + * @return a configuration string + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL +krb5_config_vget_string_default ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + const char */*def_value*/, + va_list /*args*/); + +/** + * Get a list of configuration strings, free the result with + * krb5_config_free_strings(). + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param args a va_list of arguments + * + * @return TRUE or FALSE + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION char ** KRB5_LIB_CALL +krb5_config_vget_strings ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + va_list /*args*/); + +/** + * Get the time from the configuration file using a relative time, for example: 1h30s + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param args a va_list of arguments + * + * @return parsed the time or -1 on error + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_config_vget_time ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + va_list /*args*/); + +/** + * Get the time from the configuration file using a relative time. + * + * Like krb5_config_get_time_default() but with a va_list list of + * configuration selection. + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param def_value the default value to return if no configuration + * found in the database. + * @param args a va_list of arguments + * + * @return parsed the time (or def_value on parse error) + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_config_vget_time_default ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + int /*def_value*/, + va_list /*args*/); + +/** + * krb5_copy_address copies the content of address + * inaddr to outaddr. + * + * @param context a Keberos context + * @param inaddr pointer to source address + * @param outaddr pointer to destination address + * + * @return Return an error code or 0. + * + * @ingroup krb5_address + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_copy_address ( + krb5_context /*context*/, + const krb5_address */*inaddr*/, + krb5_address */*outaddr*/); + +/** + * krb5_copy_addresses copies the content of addresses + * inaddr to outaddr. + * + * @param context a Keberos context + * @param inaddr pointer to source addresses + * @param outaddr pointer to destination addresses + * + * @return Return an error code or 0. + * + * @ingroup krb5_address + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_copy_addresses ( + krb5_context /*context*/, + const krb5_addresses */*inaddr*/, + krb5_addresses */*outaddr*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_copy_checksum ( + krb5_context /*context*/, + const krb5_checksum */*old*/, + krb5_checksum **/*new*/); + +/** + * Make a copy for the Kerberos 5 context, the new krb5_context shoud + * be freed with krb5_free_context(). + * + * @param context the Kerberos context to copy + * @param out the copy of the Kerberos, set to NULL error. + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_copy_context ( + krb5_context /*context*/, + krb5_context */*out*/); + +/** + * Copy krb5_creds. + * + * @param context Kerberos 5 context. + * @param incred source credential + * @param outcred destination credential, free with krb5_free_creds(). + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_copy_creds ( + krb5_context /*context*/, + const krb5_creds */*incred*/, + krb5_creds **/*outcred*/); + +/** + * Copy content of krb5_creds. + * + * @param context Kerberos 5 context. + * @param incred source credential + * @param c destination credential, free with krb5_free_cred_contents(). + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_copy_creds_contents ( + krb5_context /*context*/, + const krb5_creds */*incred*/, + krb5_creds */*c*/); + +/** + * Copy the data into a newly allocated krb5_data. + * + * @param context Kerberos 5 context. + * @param indata the krb5_data data to copy + * @param outdata new krb5_date to copy too. Free with krb5_free_data(). + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned. + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_copy_data ( + krb5_context /*context*/, + const krb5_data */*indata*/, + krb5_data **/*outdata*/); + +/** + * Copy the list of realms from `from' to `to'. + * + * @param context Kerberos 5 context. + * @param from list of realms to copy from. + * @param to list of realms to copy to, free list of krb5_free_host_realm(). + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_copy_host_realm ( + krb5_context /*context*/, + const krb5_realm */*from*/, + krb5_realm **/*to*/); + +/** + * Copy a keyblock, free the output keyblock with + * krb5_free_keyblock(). + * + * @param context a Kerberos 5 context + * @param inblock the key to copy + * @param to the output key. + * + * @return 0 on success or a Kerberos 5 error code + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_copy_keyblock ( + krb5_context /*context*/, + const krb5_keyblock */*inblock*/, + krb5_keyblock **/*to*/); + +/** + * Copy a keyblock, free the output keyblock with + * krb5_free_keyblock_contents(). + * + * @param context a Kerberos 5 context + * @param inblock the key to copy + * @param to the output key. + * + * @return 0 on success or a Kerberos 5 error code + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_copy_keyblock_contents ( + krb5_context /*context*/, + const krb5_keyblock */*inblock*/, + krb5_keyblock */*to*/); + +/** + * Copy a principal + * + * @param context A Kerberos context. + * @param inprinc principal to copy + * @param outprinc copied principal, free with krb5_free_principal() + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_copy_principal ( + krb5_context /*context*/, + krb5_const_principal /*inprinc*/, + krb5_principal */*outprinc*/); + +/** + * Copy ticket and content + * + * @param context a Kerberos 5 context + * @param from ticket to copy + * @param to new copy of ticket, free with krb5_free_ticket() + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_copy_ticket ( + krb5_context /*context*/, + const krb5_ticket */*from*/, + krb5_ticket **/*to*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_create_checksum ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + krb5_key_usage /*usage*/, + int /*type*/, + void */*data*/, + size_t /*len*/, + Checksum */*result*/); + +/** + * Create a Kerberos message checksum. + * + * @param context Kerberos context + * @param crypto Kerberos crypto context + * @param usage Key usage for this buffer + * @param data array of buffers to process + * @param num_data length of array + * @param type output data + * + * @return Return an error code or 0. + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_create_checksum_iov ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + unsigned /*usage*/, + krb5_crypto_iov */*data*/, + unsigned int /*num_data*/, + krb5_cksumtype */*type*/); + +/** + * Returns the ticket flags for the credentials in creds. + * See also krb5_ticket_get_flags(). + * + * @param creds credential to get ticket flags from + * + * @return ticket flags + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL +krb5_creds_get_ticket_flags (krb5_creds */*creds*/); + +/** + * Free a crypto context created by krb5_crypto_init(). + * + * @param context Kerberos context + * @param crypto crypto context to free + * + * @return Return an error code or 0. + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_crypto_destroy ( + krb5_context /*context*/, + krb5_crypto /*crypto*/); + +/** + * The FX-CF2 key derivation function, used in FAST and preauth framework. + * + * @param context Kerberos 5 context + * @param crypto1 first key to combine + * @param crypto2 second key to combine + * @param pepper1 factor to combine with first key to garante uniqueness + * @param pepper2 factor to combine with second key to garante uniqueness + * @param enctype the encryption type of the resulting key + * @param res allocated key, free with krb5_free_keyblock_contents() + * + * @return Return an error code or 0. + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_crypto_fx_cf2 ( + krb5_context /*context*/, + const krb5_crypto /*crypto1*/, + const krb5_crypto /*crypto2*/, + krb5_data */*pepper1*/, + krb5_data */*pepper2*/, + krb5_enctype /*enctype*/, + krb5_keyblock */*res*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_crypto_get_checksum_type ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + krb5_cksumtype */*type*/); + +/** + * Return the blocksize used algorithm referenced by the crypto context + * + * @param context Kerberos context + * @param crypto crypto context to query + * @param blocksize the resulting blocksize + * + * @return Return an error code or 0. + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_crypto_getblocksize ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + size_t */*blocksize*/); + +/** + * Return the confounder size used by the crypto context + * + * @param context Kerberos context + * @param crypto crypto context to query + * @param confoundersize the returned confounder size + * + * @return Return an error code or 0. + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_crypto_getconfoundersize ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + size_t */*confoundersize*/); + +/** + * Return the encryption type used by the crypto context + * + * @param context Kerberos context + * @param crypto crypto context to query + * @param enctype the resulting encryption type + * + * @return Return an error code or 0. + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_crypto_getenctype ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + krb5_enctype */*enctype*/); + +/** + * Return the padding size used by the crypto context + * + * @param context Kerberos context + * @param crypto crypto context to query + * @param padsize the return padding size + * + * @return Return an error code or 0. + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_crypto_getpadsize ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + size_t */*padsize*/); + +/** + * Create a crypto context used for all encryption and signature + * operation. The encryption type to use is taken from the key, but + * can be overridden with the enctype parameter. This can be useful + * for encryptions types which is compatiable (DES for example). + * + * To free the crypto context, use krb5_crypto_destroy(). + * + * @param context Kerberos context + * @param key the key block information with all key data + * @param etype the encryption type + * @param crypto the resulting crypto context + * + * @return Return an error code or 0. + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_crypto_init ( + krb5_context /*context*/, + const krb5_keyblock */*key*/, + krb5_enctype /*etype*/, + krb5_crypto */*crypto*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_crypto_length ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + int /*type*/, + size_t */*len*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_crypto_length_iov ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + krb5_crypto_iov */*data*/, + unsigned int /*num_data*/); + +KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL +krb5_crypto_overhead ( + krb5_context /*context*/, + krb5_crypto /*crypto*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_crypto_prf ( + krb5_context /*context*/, + const krb5_crypto /*crypto*/, + const krb5_data */*input*/, + krb5_data */*output*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_crypto_prf_length ( + krb5_context /*context*/, + krb5_enctype /*type*/, + size_t */*length*/); + +/** + * Allocate data of and krb5_data. + * + * @param p krb5_data to allocate. + * @param len size to allocate. + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned. + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_data_alloc ( + krb5_data */*p*/, + int /*len*/); + +/** + * Compare to data. + * + * @param data1 krb5_data to compare + * @param data2 krb5_data to compare + * + * @return return the same way as memcmp(), useful when sorting. + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_data_cmp ( + const krb5_data */*data1*/, + const krb5_data */*data2*/); + +/** + * Copy the data of len into the krb5_data. + * + * @param p krb5_data to copy into. + * @param data data to copy.. + * @param len new size. + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned. + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_data_copy ( + krb5_data */*p*/, + const void */*data*/, + size_t /*len*/); + +/** + * Compare to data not exposing timing information from the checksum data + * + * @param data1 krb5_data to compare + * @param data2 krb5_data to compare + * + * @return returns zero for same data, otherwise non zero. + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_data_ct_cmp ( + const krb5_data */*data1*/, + const krb5_data */*data2*/); + +/** + * Free the content of krb5_data structure, its ok to free a zeroed + * structure (with memset() or krb5_data_zero()). When done, the + * structure will be zeroed. The same function is called + * krb5_free_data_contents() in MIT Kerberos. + * + * @param p krb5_data to free. + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_data_free (krb5_data */*p*/); + +/** + * Grow (or shrink) the content of krb5_data to a new size. + * + * @param p krb5_data to free. + * @param len new size. + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned. + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_data_realloc ( + krb5_data */*p*/, + int /*len*/); + +/** + * Reset the (potentially uninitalized) krb5_data structure. + * + * @param p krb5_data to reset. + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_data_zero (krb5_data */*p*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_decode_Authenticator ( + krb5_context /*context*/, + const void */*data*/, + size_t /*length*/, + Authenticator */*t*/, + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_decode_ETYPE_INFO ( + krb5_context /*context*/, + const void */*data*/, + size_t /*length*/, + ETYPE_INFO */*t*/, + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_decode_ETYPE_INFO2 ( + krb5_context /*context*/, + const void */*data*/, + size_t /*length*/, + ETYPE_INFO2 */*t*/, + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_decode_EncAPRepPart ( + krb5_context /*context*/, + const void */*data*/, + size_t /*length*/, + EncAPRepPart */*t*/, + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_decode_EncASRepPart ( + krb5_context /*context*/, + const void */*data*/, + size_t /*length*/, + EncASRepPart */*t*/, + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_decode_EncKrbCredPart ( + krb5_context /*context*/, + const void */*data*/, + size_t /*length*/, + EncKrbCredPart */*t*/, + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_decode_EncTGSRepPart ( + krb5_context /*context*/, + const void */*data*/, + size_t /*length*/, + EncTGSRepPart */*t*/, + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_decode_EncTicketPart ( + krb5_context /*context*/, + const void */*data*/, + size_t /*length*/, + EncTicketPart */*t*/, + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_decode_ap_req ( + krb5_context /*context*/, + const krb5_data */*inbuf*/, + krb5_ap_req */*ap_req*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_decrypt ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + unsigned /*usage*/, + void */*data*/, + size_t /*len*/, + krb5_data */*result*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_decrypt_EncryptedData ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + unsigned /*usage*/, + const EncryptedData */*e*/, + krb5_data */*result*/); + +/** + * Inline decrypt a Kerberos message. + * + * @param context Kerberos context + * @param crypto Kerberos crypto context + * @param usage Key usage for this buffer + * @param data array of buffers to process + * @param num_data length of array + * @param ivec initial cbc/cts vector + * + * @return Return an error code or 0. + * @ingroup krb5_crypto + * + * 1. KRB5_CRYPTO_TYPE_HEADER + * 2. one KRB5_CRYPTO_TYPE_DATA and array [0,...] of KRB5_CRYPTO_TYPE_SIGN_ONLY in + * any order, however the receiver have to aware of the + * order. KRB5_CRYPTO_TYPE_SIGN_ONLY is commonly used unencrypoted + * protocol headers and trailers. The output data will be of same + * size as the input data or shorter. + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_decrypt_iov_ivec ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + unsigned /*usage*/, + krb5_crypto_iov */*data*/, + unsigned int /*num_data*/, + void */*ivec*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_decrypt_ivec ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + unsigned /*usage*/, + void */*data*/, + size_t /*len*/, + krb5_data */*result*/, + void */*ivec*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_decrypt_ticket ( + krb5_context /*context*/, + Ticket */*ticket*/, + krb5_keyblock */*key*/, + EncTicketPart */*out*/, + krb5_flags /*flags*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_derive_key ( + krb5_context /*context*/, + const krb5_keyblock */*key*/, + krb5_enctype /*etype*/, + const void */*constant*/, + size_t /*constant_len*/, + krb5_keyblock **/*derived_key*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_digest_alloc ( + krb5_context /*context*/, + krb5_digest */*digest*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_digest_free (krb5_digest /*digest*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_digest_get_client_binding ( + krb5_context /*context*/, + krb5_digest /*digest*/, + char **/*type*/, + char **/*binding*/); + +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL +krb5_digest_get_identifier ( + krb5_context /*context*/, + krb5_digest /*digest*/); + +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL +krb5_digest_get_opaque ( + krb5_context /*context*/, + krb5_digest /*digest*/); + +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL +krb5_digest_get_rsp ( + krb5_context /*context*/, + krb5_digest /*digest*/); + +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL +krb5_digest_get_server_nonce ( + krb5_context /*context*/, + krb5_digest /*digest*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_digest_get_session_key ( + krb5_context /*context*/, + krb5_digest /*digest*/, + krb5_data */*data*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_digest_get_tickets ( + krb5_context /*context*/, + krb5_digest /*digest*/, + Ticket **/*tickets*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_digest_init_request ( + krb5_context /*context*/, + krb5_digest /*digest*/, + krb5_realm /*realm*/, + krb5_ccache /*ccache*/); + +/** + * Get the supported/allowed mechanism for this principal. + * + * @param context A Keberos context. + * @param realm The realm of the KDC. + * @param ccache The credential cache to use when talking to the KDC. + * @param flags The supported mechanism. + * + * @return Return an error code or 0. + * + * @ingroup krb5_digest + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_digest_probe ( + krb5_context /*context*/, + krb5_realm /*realm*/, + krb5_ccache /*ccache*/, + unsigned */*flags*/); + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_digest_rep_get_status ( + krb5_context /*context*/, + krb5_digest /*digest*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_digest_request ( + krb5_context /*context*/, + krb5_digest /*digest*/, + krb5_realm /*realm*/, + krb5_ccache /*ccache*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_digest_set_authentication_user ( + krb5_context /*context*/, + krb5_digest /*digest*/, + krb5_principal /*authentication_user*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_digest_set_authid ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*authid*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_digest_set_client_nonce ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*nonce*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_digest_set_digest ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*dgst*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_digest_set_hostname ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*hostname*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_digest_set_identifier ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*id*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_digest_set_method ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*method*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_digest_set_nonceCount ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*nonce_count*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_digest_set_opaque ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*opaque*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_digest_set_qop ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*qop*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_digest_set_realm ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*realm*/); + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_digest_set_responseData ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*response*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_digest_set_server_cb ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*type*/, + const char */*binding*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_digest_set_server_nonce ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*nonce*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_digest_set_type ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*type*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_digest_set_uri ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*uri*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_digest_set_username ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*username*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_domain_x500_decode ( + krb5_context /*context*/, + krb5_data /*tr*/, + char ***/*realms*/, + unsigned int */*num_realms*/, + const char */*client_realm*/, + const char */*server_realm*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_domain_x500_encode ( + char **/*realms*/, + unsigned int /*num_realms*/, + krb5_data */*encoding*/); + +/** + * Convert the getaddrinfo() error code to a Kerberos et error code. + * + * @param eai_errno contains the error code from getaddrinfo(). + * @param system_error should have the value of errno after the failed getaddrinfo(). + * + * @return Kerberos error code representing the EAI errors. + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_eai_to_heim_errno ( + int /*eai_errno*/, + int /*system_error*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_encode_Authenticator ( + krb5_context /*context*/, + void */*data*/, + size_t /*length*/, + Authenticator */*t*/, + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_encode_ETYPE_INFO ( + krb5_context /*context*/, + void */*data*/, + size_t /*length*/, + ETYPE_INFO */*t*/, + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_encode_ETYPE_INFO2 ( + krb5_context /*context*/, + void */*data*/, + size_t /*length*/, + ETYPE_INFO2 */*t*/, + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_encode_EncAPRepPart ( + krb5_context /*context*/, + void */*data*/, + size_t /*length*/, + EncAPRepPart */*t*/, + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_encode_EncASRepPart ( + krb5_context /*context*/, + void */*data*/, + size_t /*length*/, + EncASRepPart */*t*/, + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_encode_EncKrbCredPart ( + krb5_context /*context*/, + void */*data*/, + size_t /*length*/, + EncKrbCredPart */*t*/, + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_encode_EncTGSRepPart ( + krb5_context /*context*/, + void */*data*/, + size_t /*length*/, + EncTGSRepPart */*t*/, + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_encode_EncTicketPart ( + krb5_context /*context*/, + void */*data*/, + size_t /*length*/, + EncTicketPart */*t*/, + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_encrypt ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + unsigned /*usage*/, + const void */*data*/, + size_t /*len*/, + krb5_data */*result*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_encrypt_EncryptedData ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + unsigned /*usage*/, + void */*data*/, + size_t /*len*/, + int /*kvno*/, + EncryptedData */*result*/); + +/** + * Inline encrypt a kerberos message + * + * @param context Kerberos context + * @param crypto Kerberos crypto context + * @param usage Key usage for this buffer + * @param data array of buffers to process + * @param num_data length of array + * @param ivec initial cbc/cts vector + * + * @return Return an error code or 0. + * @ingroup krb5_crypto + * + * Kerberos encrypted data look like this: + * + * 1. KRB5_CRYPTO_TYPE_HEADER + * 2. array [1,...] KRB5_CRYPTO_TYPE_DATA and array [0,...] + * KRB5_CRYPTO_TYPE_SIGN_ONLY in any order, however the receiver + * have to aware of the order. KRB5_CRYPTO_TYPE_SIGN_ONLY is + * commonly used headers and trailers. + * 3. KRB5_CRYPTO_TYPE_PADDING, at least on padsize long if padsize > 1 + * 4. KRB5_CRYPTO_TYPE_TRAILER + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_encrypt_iov_ivec ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + unsigned /*usage*/, + krb5_crypto_iov */*data*/, + int /*num_data*/, + void */*ivec*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_encrypt_ivec ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + unsigned /*usage*/, + const void */*data*/, + size_t /*len*/, + krb5_data */*result*/, + void */*ivec*/); + +/** + * Disable encryption type + * + * @param context Kerberos 5 context + * @param enctype encryption type to disable + * + * @return Return an error code or 0. + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_enctype_disable ( + krb5_context /*context*/, + krb5_enctype /*enctype*/); + +/** + * Enable encryption type + * + * @param context Kerberos 5 context + * @param enctype encryption type to enable + * + * @return Return an error code or 0. + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_enctype_enable ( + krb5_context /*context*/, + krb5_enctype /*enctype*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_enctype_keybits ( + krb5_context /*context*/, + krb5_enctype /*type*/, + size_t */*keybits*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_enctype_keysize ( + krb5_context /*context*/, + krb5_enctype /*type*/, + size_t */*keysize*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_enctype_to_keytype ( + krb5_context /*context*/, + krb5_enctype /*etype*/, + krb5_keytype */*keytype*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_enctype_to_string ( + krb5_context /*context*/, + krb5_enctype /*etype*/, + char **/*string*/); + +/** + * Check if a enctype is valid, return 0 if it is. + * + * @param context Kerberos context + * @param etype enctype to check if its valid or not + * + * @return Return an error code for an failure or 0 on success (enctype valid). + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_enctype_valid ( + krb5_context /*context*/, + krb5_enctype /*etype*/); + +/** + * Deprecated: keytypes doesn't exists, they are really enctypes. + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_enctypes_compatible_keys ( + krb5_context /*context*/, + krb5_enctype /*etype1*/, + krb5_enctype /*etype2*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +krb5_error_code +krb5_enomem (krb5_context /*context*/); + +/** + * Log a warning to the log, default stderr, include bthe error from + * the last failure and then exit. + * + * @param context A Kerberos 5 context + * @param eval the exit code to exit with + * @param code error code of the last error + * @param fmt message to print + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_err ( + krb5_context /*context*/, + int /*eval*/, + krb5_error_code /*code*/, + const char */*fmt*/, + ...) + __attribute__ ((__noreturn__, __format__ (__printf__, 4, 5))); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_error_from_rd_error ( + krb5_context /*context*/, + const krb5_error */*error*/, + const krb5_creds */*creds*/); + +/** + * Log a warning to the log, default stderr, and then exit. + * + * @param context A Kerberos 5 context + * @param eval the exit code to exit with + * @param fmt message to print + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_errx ( + krb5_context /*context*/, + int /*eval*/, + const char */*fmt*/, + ...) + __attribute__ ((__noreturn__, __format__ (__printf__, 3, 4))); + +/** + * krb5_expand_hostname() tries to make orig_hostname into a more + * canonical one in the newly allocated space returned in + * new_hostname. + + * @param context a Keberos context + * @param orig_hostname hostname to canonicalise. + * @param new_hostname output hostname, caller must free hostname with + * krb5_xfree(). + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_expand_hostname ( + krb5_context /*context*/, + const char */*orig_hostname*/, + char **/*new_hostname*/); + +/** + * krb5_expand_hostname_realms() expands orig_hostname to a name we + * believe to be a hostname in newly allocated space in new_hostname + * and return the realms new_hostname is believed to belong to in + * realms. + * + * @param context a Keberos context + * @param orig_hostname hostname to canonicalise. + * @param new_hostname output hostname, caller must free hostname with + * krb5_xfree(). + * @param realms output possible realms, is an array that is terminated + * with NULL. Caller must free with krb5_free_host_realm(). + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_expand_hostname_realms ( + krb5_context /*context*/, + const char */*orig_hostname*/, + char **/*new_hostname*/, + char ***/*realms*/); + +KRB5_LIB_FUNCTION PA_DATA * KRB5_LIB_CALL +krb5_find_padata ( + PA_DATA */*val*/, + unsigned /*len*/, + int /*type*/, + int */*idx*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_format_time ( + krb5_context /*context*/, + time_t /*t*/, + char */*s*/, + size_t /*len*/, + krb5_boolean /*include_time*/); + +/** + * krb5_free_address frees the data stored in the address that is + * alloced with any of the krb5_address functions. + * + * @param context a Keberos context + * @param address addresss to be freed. + * + * @return Return an error code or 0. + * + * @ingroup krb5_address + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_free_address ( + krb5_context /*context*/, + krb5_address */*address*/); + +/** + * krb5_free_addresses frees the data stored in the address that is + * alloced with any of the krb5_address functions. + * + * @param context a Keberos context + * @param addresses addressses to be freed. + * + * @return Return an error code or 0. + * + * @ingroup krb5_address + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_free_addresses ( + krb5_context /*context*/, + krb5_addresses */*addresses*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_free_ap_rep_enc_part ( + krb5_context /*context*/, + krb5_ap_rep_enc_part */*val*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_free_authenticator ( + krb5_context /*context*/, + krb5_authenticator */*authenticator*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_free_checksum ( + krb5_context /*context*/, + krb5_checksum */*cksum*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_free_checksum_contents ( + krb5_context /*context*/, + krb5_checksum */*cksum*/); + +/** + * Free a list of configuration files. + * + * @param filenames list, terminated with a NULL pointer, to be + * freed. NULL is an valid argument. + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_free_config_files (char **/*filenames*/); + +/** + * Frees the krb5_context allocated by krb5_init_context(). + * + * @param context context to be freed. + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_free_context (krb5_context /*context*/); + +/** + * Free content of krb5_creds. + * + * @param context Kerberos 5 context. + * @param c krb5_creds to free. + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_free_cred_contents ( + krb5_context /*context*/, + krb5_creds */*c*/); + +/** + * Free krb5_creds. + * + * @param context Kerberos 5 context. + * @param c krb5_creds to free. + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_free_creds ( + krb5_context /*context*/, + krb5_creds */*c*/); + +/** + * Deprecated: use krb5_free_cred_contents() + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_free_creds_contents ( + krb5_context /*context*/, + krb5_creds */*c*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +/** + * Free krb5_data (and its content). + * + * @param context Kerberos 5 context. + * @param p krb5_data to free. + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_free_data ( + krb5_context /*context*/, + krb5_data */*p*/); + +/** + * Same as krb5_data_free(). MIT compat. + * + * Deprecated: use krb5_data_free(). + * + * @param context Kerberos 5 context. + * @param data krb5_data to free. + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_free_data_contents ( + krb5_context /*context*/, + krb5_data */*data*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_free_default_realm ( + krb5_context /*context*/, + krb5_realm /*realm*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_free_error ( + krb5_context /*context*/, + krb5_error */*error*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_free_error_contents ( + krb5_context /*context*/, + krb5_error */*error*/); + +/** + * Free the error message returned by krb5_get_error_message(). + * + * @param context Kerberos context + * @param msg error message to free, returned byg + * krb5_get_error_message(). + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_free_error_message ( + krb5_context /*context*/, + const char */*msg*/); + +/** + * Free the error message returned by krb5_get_error_string(). + * + * Deprecated: use krb5_free_error_message() + * + * @param context Kerberos context + * @param str error message to free + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_free_error_string ( + krb5_context /*context*/, + char */*str*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +/** + * Free all memory allocated by `realmlist' + * + * @param context A Kerberos 5 context. + * @param realmlist realmlist to free, NULL is ok + * + * @return a Kerberos error code, always 0. + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_free_host_realm ( + krb5_context /*context*/, + krb5_realm */*realmlist*/); + +/** + * Variable containing the FILE based credential cache implemention. + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_free_kdc_rep ( + krb5_context /*context*/, + krb5_kdc_rep */*rep*/); + +/** + * Free a keyblock, also zero out the content of the keyblock, uses + * krb5_free_keyblock_contents() to free the content. + * + * @param context a Kerberos 5 context + * @param keyblock keyblock to free, NULL is valid argument + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_free_keyblock ( + krb5_context /*context*/, + krb5_keyblock */*keyblock*/); + +/** + * Free a keyblock's content, also zero out the content of the keyblock. + * + * @param context a Kerberos 5 context + * @param keyblock keyblock content to free, NULL is valid argument + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_free_keyblock_contents ( + krb5_context /*context*/, + krb5_keyblock */*keyblock*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_free_krbhst ( + krb5_context /*context*/, + char **/*hostlist*/); + +/** + * Free a name canonicalization rule iterator. + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_free_name_canon_iterator ( + krb5_context /*context*/, + krb5_name_canon_iterator /*iter*/); + +/** + * Frees a Kerberos principal allocated by the library with + * krb5_parse_name(), krb5_make_principal() or any other related + * principal functions. + * + * @param context A Kerberos context. + * @param p a principal to free. + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_free_principal ( + krb5_context /*context*/, + krb5_principal /*p*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_free_salt ( + krb5_context /*context*/, + krb5_salt /*salt*/); + +/** + * Free ticket and content + * + * @param context a Kerberos 5 context + * @param ticket ticket to free + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_free_ticket ( + krb5_context /*context*/, + krb5_ticket */*ticket*/); + +/** + * Deprecated: use krb5_xfree(). + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_free_unparsed_name ( + krb5_context /*context*/, + char */*str*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +/** + * Forward credentials for client to host hostname , making them + * forwardable if forwardable, and returning the blob of data to sent + * in out_data. If hostname == NULL, pick it from server. + * + * @param context A kerberos 5 context. + * @param auth_context the auth context with the key to encrypt the out_data. + * @param hostname the host to forward the tickets too. + * @param client the client to delegate from. + * @param server the server to delegate the credential too. + * @param ccache credential cache to use. + * @param forwardable make the forwarded ticket forwabledable. + * @param out_data the resulting credential. + * + * @return Return an error code or 0. + * + * @ingroup krb5_credential + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_fwd_tgt_creds ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + const char */*hostname*/, + krb5_principal /*client*/, + krb5_principal /*server*/, + krb5_ccache /*ccache*/, + int /*forwardable*/, + krb5_data */*out_data*/); + +/** + * Fill buffer buf with len bytes of PRNG randomness that is ok to use + * for key generation, padding and public diclosing the randomness w/o + * disclosing the randomness source. + * + * This function can fail, and callers must check the return value. + * + * @param buf a buffer to fill with randomness + * @param len length of memory that buf points to. + * + * @return return 0 on success or HEIM_ERR_RANDOM_OFFLINE if the + * funcation failed to initialize the randomness source. + * + * @ingroup krb5_crypto + */ + +HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_generate_random ( + void */*buf*/, + size_t /*len*/); + +/** + * Fill buffer buf with len bytes of PRNG randomness that is ok to use + * for key generation, padding and public diclosing the randomness w/o + * disclosing the randomness source. + * + * This function can NOT fail, instead it will abort() and program will crash. + * + * If this function is called after a successful krb5_init_context(), + * the chance of it failing is low due to that krb5_init_context() + * pulls out some random, and quite commonly the randomness sources + * will not fail once it have started to produce good output, + * /dev/urandom behavies that way. + * + * @param buf a buffer to fill with randomness + * @param len length of memory that buf points to. + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_generate_random_block ( + void */*buf*/, + size_t /*len*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_generate_random_keyblock ( + krb5_context /*context*/, + krb5_enctype /*type*/, + krb5_keyblock */*key*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_generate_seq_number ( + krb5_context /*context*/, + const krb5_keyblock */*key*/, + uint32_t */*seqno*/); + +/** + * Deprecated: use krb5_generate_subkey_extended() + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_generate_subkey ( + krb5_context /*context*/, + const krb5_keyblock */*key*/, + krb5_keyblock **/*subkey*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +/** + * Generate subkey, from keyblock + * + * @param context kerberos context + * @param key session key + * @param etype encryption type of subkey, if ETYPE_NULL, use key's enctype + * @param subkey returned new, free with krb5_free_keyblock(). + * + * @return 0 on success or a Kerberos 5 error code + * +* @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_generate_subkey_extended ( + krb5_context /*context*/, + const krb5_keyblock */*key*/, + krb5_enctype /*etype*/, + krb5_keyblock **/*subkey*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_all_client_addrs ( + krb5_context /*context*/, + krb5_addresses */*res*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_all_server_addrs ( + krb5_context /*context*/, + krb5_addresses */*res*/); + +/** + * Deprecated: use krb5_get_credentials_with_flags(). + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_cred_from_kdc ( + krb5_context /*context*/, + krb5_ccache /*ccache*/, + krb5_creds */*in_creds*/, + krb5_creds **/*out_creds*/, + krb5_creds ***/*ret_tgts*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +/** + * Deprecated: use krb5_get_credentials_with_flags(). + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_cred_from_kdc_opt ( + krb5_context /*context*/, + krb5_ccache /*ccache*/, + krb5_creds */*in_creds*/, + krb5_creds **/*out_creds*/, + krb5_creds ***/*ret_tgts*/, + krb5_flags /*flags*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_credentials ( + krb5_context /*context*/, + krb5_flags /*options*/, + krb5_ccache /*ccache*/, + krb5_creds */*in_creds*/, + krb5_creds **/*out_creds*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_credentials_with_flags ( + krb5_context /*context*/, + krb5_flags /*options*/, + krb5_kdc_flags /*flags*/, + krb5_ccache /*ccache*/, + krb5_creds */*in_creds*/, + krb5_creds **/*out_creds*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_creds ( + krb5_context /*context*/, + krb5_get_creds_opt /*opt*/, + krb5_ccache /*ccache*/, + krb5_const_principal /*inprinc*/, + krb5_creds **/*out_creds*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_get_creds_opt_add_options ( + krb5_context /*context*/, + krb5_get_creds_opt /*opt*/, + krb5_flags /*options*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_creds_opt_alloc ( + krb5_context /*context*/, + krb5_get_creds_opt */*opt*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_get_creds_opt_free ( + krb5_context /*context*/, + krb5_get_creds_opt /*opt*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_get_creds_opt_set_enctype ( + krb5_context /*context*/, + krb5_get_creds_opt /*opt*/, + krb5_enctype /*enctype*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_creds_opt_set_impersonate ( + krb5_context /*context*/, + krb5_get_creds_opt /*opt*/, + krb5_const_principal /*self*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_get_creds_opt_set_options ( + krb5_context /*context*/, + krb5_get_creds_opt /*opt*/, + krb5_flags /*options*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_creds_opt_set_ticket ( + krb5_context /*context*/, + krb5_get_creds_opt /*opt*/, + const Ticket */*ticket*/); + +/** + * Get the global configuration list. + * + * @param pfilenames return array of filenames, should be freed with krb5_free_config_files(). + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_default_config_files (char ***/*pfilenames*/); + +/** + * Get the default encryption types that will be use in communcation + * with the KDC, clients and servers. + * + * @param context Kerberos 5 context. + * @param pdu_type request type (AS, TGS or none) + * @param etypes Encryption types, array terminated with + * ETYPE_NULL(0), caller should free array with krb5_xfree(): + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_default_in_tkt_etypes ( + krb5_context /*context*/, + krb5_pdu /*pdu_type*/, + krb5_enctype **/*etypes*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_default_principal ( + krb5_context /*context*/, + krb5_principal */*princ*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_default_realm ( + krb5_context /*context*/, + krb5_realm */*realm*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_default_realms ( + krb5_context /*context*/, + krb5_realm **/*realms*/); + +/** + * Get if the library uses DNS to canonicalize hostnames. + * + * @param context Kerberos 5 context. + * + * @return return non zero if the library uses DNS to canonicalize hostnames. + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_get_dns_canonicalize_hostname (krb5_context /*context*/); + +/** + * Return the error string for the error code. The caller must not + * free the string. + * + * This function is deprecated since its not threadsafe. + * + * @param context Kerberos 5 context. + * @param code Kerberos error code. + * + * @return the error message matching code + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL +krb5_get_err_text ( + krb5_context /*context*/, + krb5_error_code /*code*/) + KRB5_DEPRECATED_FUNCTION("Use krb5_get_error_message instead"); + +/** + * Return the error message for `code' in context. On memory + * allocation error the function returns NULL. + * + * @param context Kerberos 5 context + * @param code Error code related to the error + * + * @return an error string, needs to be freed with + * krb5_free_error_message(). The functions return NULL on error. + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL +krb5_get_error_message ( + krb5_context /*context*/, + krb5_error_code /*code*/); + +/** + * Return the error message in context. On error or no error string, + * the function returns NULL. + * + * @param context Kerberos 5 context + * + * @return an error string, needs to be freed with + * krb5_free_error_message(). The functions return NULL on error. + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION char * KRB5_LIB_CALL +krb5_get_error_string (krb5_context /*context*/) + KRB5_DEPRECATED_FUNCTION("Use krb5_get_error_message instead"); + +/** + * Get extra address to the address list that the library will add to + * the client's address list when communicating with the KDC. + * + * @param context Kerberos 5 context. + * @param addresses addreses to set + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_extra_addresses ( + krb5_context /*context*/, + krb5_addresses */*addresses*/); + +/** + * Get version of fcache that the library should use. + * + * @param context Kerberos 5 context. + * @param version version number. + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_fcache_version ( + krb5_context /*context*/, + int */*version*/); + +/** + * Gets tickets forwarded to hostname. If the tickets that are + * forwarded are address-less, the forwarded tickets will also be + * address-less. + * + * If the ticket have any address, hostname will be used for figure + * out the address to forward the ticket too. This since this might + * use DNS, its insecure and also doesn't represent configured all + * addresses of the host. For example, the host might have two + * adresses, one IPv4 and one IPv6 address where the later is not + * published in DNS. This IPv6 address might be used communications + * and thus the resulting ticket useless. + * + * @param context A kerberos 5 context. + * @param auth_context the auth context with the key to encrypt the out_data. + * @param ccache credential cache to use + * @param flags the flags to control the resulting ticket flags + * @param hostname the host to forward the tickets too. + * @param in_creds the in client and server ticket names. The client + * and server components forwarded to the remote host. + * @param out_data the resulting credential. + * + * @return Return an error code or 0. + * + * @ingroup krb5_credential + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_forwarded_creds ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_ccache /*ccache*/, + krb5_flags /*flags*/, + const char */*hostname*/, + krb5_creds */*in_creds*/, + krb5_data */*out_data*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_host_realm ( + krb5_context /*context*/, + const char */*targethost*/, + krb5_realm **/*realms*/); + +/** + * Get extra addresses to ignore when fetching addresses from the + * underlaying operating system. + * + * @param context Kerberos 5 context. + * @param addresses list addreses ignored + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_ignore_addresses ( + krb5_context /*context*/, + krb5_addresses */*addresses*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_in_cred ( + krb5_context /*context*/, + krb5_flags /*options*/, + const krb5_addresses */*addrs*/, + const krb5_enctype */*etypes*/, + const krb5_preauthtype */*ptypes*/, + const krb5_preauthdata */*preauth*/, + krb5_key_proc /*key_proc*/, + krb5_const_pointer /*keyseed*/, + krb5_decrypt_proc /*decrypt_proc*/, + krb5_const_pointer /*decryptarg*/, + krb5_creds */*creds*/, + krb5_kdc_rep */*ret_as_reply*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_in_tkt ( + krb5_context /*context*/, + krb5_flags /*options*/, + const krb5_addresses */*addrs*/, + const krb5_enctype */*etypes*/, + const krb5_preauthtype */*ptypes*/, + krb5_key_proc /*key_proc*/, + krb5_const_pointer /*keyseed*/, + krb5_decrypt_proc /*decrypt_proc*/, + krb5_const_pointer /*decryptarg*/, + krb5_creds */*creds*/, + krb5_ccache /*ccache*/, + krb5_kdc_rep */*ret_as_reply*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +/** + * Deprecated: use krb5_get_init_creds() and friends. + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_in_tkt_with_keytab ( + krb5_context /*context*/, + krb5_flags /*options*/, + krb5_addresses */*addrs*/, + const krb5_enctype */*etypes*/, + const krb5_preauthtype */*pre_auth_types*/, + krb5_keytab /*keytab*/, + krb5_ccache /*ccache*/, + krb5_creds */*creds*/, + krb5_kdc_rep */*ret_as_reply*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +/** + * Deprecated: use krb5_get_init_creds() and friends. + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_in_tkt_with_password ( + krb5_context /*context*/, + krb5_flags /*options*/, + krb5_addresses */*addrs*/, + const krb5_enctype */*etypes*/, + const krb5_preauthtype */*pre_auth_types*/, + const char */*password*/, + krb5_ccache /*ccache*/, + krb5_creds */*creds*/, + krb5_kdc_rep */*ret_as_reply*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +/** + * Deprecated: use krb5_get_init_creds() and friends. + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_in_tkt_with_skey ( + krb5_context /*context*/, + krb5_flags /*options*/, + krb5_addresses */*addrs*/, + const krb5_enctype */*etypes*/, + const krb5_preauthtype */*pre_auth_types*/, + const krb5_keyblock */*key*/, + krb5_ccache /*ccache*/, + krb5_creds */*creds*/, + krb5_kdc_rep */*ret_as_reply*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +/** + * Get new credentials using keyblock. + * + * @ingroup krb5_credential + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_init_creds_keyblock ( + krb5_context /*context*/, + krb5_creds */*creds*/, + krb5_principal /*client*/, + krb5_keyblock */*keyblock*/, + krb5_deltat /*start_time*/, + const char */*in_tkt_service*/, + krb5_get_init_creds_opt */*options*/); + +/** + * Get new credentials using keytab. + * + * @ingroup krb5_credential + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_init_creds_keytab ( + krb5_context /*context*/, + krb5_creds */*creds*/, + krb5_principal /*client*/, + krb5_keytab /*keytab*/, + krb5_deltat /*start_time*/, + const char */*in_tkt_service*/, + krb5_get_init_creds_opt */*options*/); + +/** + * Allocate a new krb5_get_init_creds_opt structure, free with + * krb5_get_init_creds_opt_free(). + * + * @ingroup krb5_credential + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_init_creds_opt_alloc ( + krb5_context /*context*/, + krb5_get_init_creds_opt **/*opt*/); + +/** + * Free krb5_get_init_creds_opt structure. + * + * @ingroup krb5_credential + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_get_init_creds_opt_free ( + krb5_context /*context*/, + krb5_get_init_creds_opt */*opt*/); + +/** + * Deprecated: use the new krb5_init_creds_init() and + * krb5_init_creds_get_error(). + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_init_creds_opt_get_error ( + krb5_context /*context*/, + krb5_get_init_creds_opt */*opt*/, + KRB_ERROR **/*error*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +/** + * Deprecated: use krb5_get_init_creds_opt_alloc(). + * + * The reason krb5_get_init_creds_opt_init() is deprecated is that + * krb5_get_init_creds_opt is a static structure and for ABI reason it + * can't grow, ie can't add new functionality. + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_get_init_creds_opt_init (krb5_get_init_creds_opt */*opt*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_get_init_creds_opt_set_address_list ( + krb5_get_init_creds_opt */*opt*/, + krb5_addresses */*addresses*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_init_creds_opt_set_addressless ( + krb5_context /*context*/, + krb5_get_init_creds_opt */*opt*/, + krb5_boolean /*addressless*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_get_init_creds_opt_set_anonymous ( + krb5_get_init_creds_opt */*opt*/, + int /*anonymous*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_init_creds_opt_set_canonicalize ( + krb5_context /*context*/, + krb5_get_init_creds_opt */*opt*/, + krb5_boolean /*req*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_get_init_creds_opt_set_change_password_prompt ( + krb5_get_init_creds_opt */*opt*/, + int /*change_password_prompt*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_get_init_creds_opt_set_default_flags ( + krb5_context /*context*/, + const char */*appname*/, + krb5_const_realm /*realm*/, + krb5_get_init_creds_opt */*opt*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_get_init_creds_opt_set_etype_list ( + krb5_get_init_creds_opt */*opt*/, + krb5_enctype */*etype_list*/, + int /*etype_list_length*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_get_init_creds_opt_set_forwardable ( + krb5_get_init_creds_opt */*opt*/, + int /*forwardable*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_init_creds_opt_set_pa_password ( + krb5_context /*context*/, + krb5_get_init_creds_opt */*opt*/, + const char */*password*/, + krb5_s2k_proc /*key_proc*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_init_creds_opt_set_pac_request ( + krb5_context /*context*/, + krb5_get_init_creds_opt */*opt*/, + krb5_boolean /*req_pac*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_init_creds_opt_set_pkinit ( + krb5_context /*context*/, + krb5_get_init_creds_opt */*opt*/, + krb5_principal /*principal*/, + const char */*user_id*/, + const char */*x509_anchors*/, + char * const * /*pool*/, + char * const * /*pki_revoke*/, + int /*flags*/, + krb5_prompter_fct /*prompter*/, + void */*prompter_data*/, + char */*password*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_pkinit_user_certs ( + krb5_context /*context*/, + krb5_get_init_creds_opt */*opt*/, + struct hx509_certs_data */*certs*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_get_init_creds_opt_set_preauth_list ( + krb5_get_init_creds_opt */*opt*/, + krb5_preauthtype */*preauth_list*/, + int /*preauth_list_length*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_init_creds_opt_set_process_last_req ( + krb5_context /*context*/, + krb5_get_init_creds_opt */*opt*/, + krb5_gic_process_last_req /*func*/, + void */*ctx*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_get_init_creds_opt_set_proxiable ( + krb5_get_init_creds_opt */*opt*/, + int /*proxiable*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_get_init_creds_opt_set_renew_life ( + krb5_get_init_creds_opt */*opt*/, + krb5_deltat /*renew_life*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_get_init_creds_opt_set_salt ( + krb5_get_init_creds_opt */*opt*/, + krb5_data */*salt*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_get_init_creds_opt_set_tkt_life ( + krb5_get_init_creds_opt */*opt*/, + krb5_deltat /*tkt_life*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_init_creds_opt_set_win2k ( + krb5_context /*context*/, + krb5_get_init_creds_opt */*opt*/, + krb5_boolean /*req*/); + +/** + * Get new credentials using password. + * + * @ingroup krb5_credential + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_init_creds_password ( + krb5_context /*context*/, + krb5_creds */*creds*/, + krb5_principal /*client*/, + const char */*password*/, + krb5_prompter_fct /*prompter*/, + void */*data*/, + krb5_deltat /*start_time*/, + const char */*in_tkt_service*/, + krb5_get_init_creds_opt */*options*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_kdc_cred ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_kdc_flags /*flags*/, + krb5_addresses */*addresses*/, + Ticket */*second_ticket*/, + krb5_creds */*in_creds*/, + krb5_creds **out_creds ); + +/** + * Get current offset in time to the KDC. + * + * @param context Kerberos 5 context. + * @param sec seconds part of offset. + * @param usec micro seconds part of offset. + * + * @return returns zero + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_kdc_sec_offset ( + krb5_context /*context*/, + int32_t */*sec*/, + int32_t */*usec*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_krb524hst ( + krb5_context /*context*/, + const krb5_realm */*realm*/, + char ***/*hostlist*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_krb_admin_hst ( + krb5_context /*context*/, + const krb5_realm */*realm*/, + char ***/*hostlist*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_krb_changepw_hst ( + krb5_context /*context*/, + const krb5_realm */*realm*/, + char ***/*hostlist*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_krbhst ( + krb5_context /*context*/, + const krb5_realm */*realm*/, + char ***/*hostlist*/); + +/** + * Get max time skew allowed. + * + * @param context Kerberos 5 context. + * + * @return timeskew in seconds. + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL +krb5_get_max_time_skew (krb5_context /*context*/); + +/** + * krb5_init_context() will get one random byte to make sure our + * random is alive. Assumption is that once the non blocking + * source allows us to pull bytes, its all seeded and allows us to + * pull more bytes. + * + * Most Kerberos users calls krb5_init_context(), so this is + * useful point where we can do the checking. + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_permitted_enctypes ( + krb5_context /*context*/, + krb5_enctype **/*etypes*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_pw_salt ( + krb5_context /*context*/, + krb5_const_principal /*principal*/, + krb5_salt */*salt*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_renewed_creds ( + krb5_context /*context*/, + krb5_creds */*creds*/, + krb5_const_principal /*client*/, + krb5_ccache /*ccache*/, + const char */*in_tkt_service*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_server_rcache ( + krb5_context /*context*/, + const krb5_data */*piece*/, + krb5_rcache */*id*/); + +/** + * Make the kerberos library default to the admin KDC. + * + * @param context Kerberos 5 context. + * + * @return boolean flag to telling the context will use admin KDC as the default KDC. + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_get_use_admin_kdc (krb5_context /*context*/); + +/** + * Validate the newly fetch credential, see also krb5_verify_init_creds(). + * + * @param context a Kerberos 5 context + * @param creds the credentials to verify + * @param client the client name to match up + * @param ccache the credential cache to use + * @param service a service name to use, used with + * krb5_sname_to_principal() to build a hostname to use to + * verify. + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_validated_creds ( + krb5_context /*context*/, + krb5_creds */*creds*/, + krb5_principal /*client*/, + krb5_ccache /*ccache*/, + char */*service*/); + +/** + * Get the default logging facility. + * + * @param context A Kerberos 5 context + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION krb5_log_facility * KRB5_LIB_CALL +krb5_get_warn_dest (krb5_context /*context*/); + +KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL +krb5_get_wrapped_length ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + size_t /*data_len*/); + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_getportbyname ( + krb5_context /*context*/, + const char */*service*/, + const char */*proto*/, + int /*default_port*/); + +/** + * krb5_h_addr2addr works like krb5_h_addr2sockaddr with the exception + * that it operates on a krb5_address instead of a struct sockaddr. + * + * @param context a Keberos context + * @param af address family + * @param haddr host address from struct hostent. + * @param addr returned krb5_address. + * + * @return Return an error code or 0. + * + * @ingroup krb5_address + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_h_addr2addr ( + krb5_context /*context*/, + int /*af*/, + const char */*haddr*/, + krb5_address */*addr*/); + +/** + * krb5_h_addr2sockaddr initializes a "struct sockaddr sa" from af and + * the "struct hostent" (see gethostbyname(3) ) h_addr_list + * component. The argument sa_size should initially contain the size + * of the sa, and after the call, it will contain the actual length of + * the address. + * + * @param context a Keberos context + * @param af addresses + * @param addr address + * @param sa returned struct sockaddr + * @param sa_size size of sa + * @param port port to set in sa. + * + * @return Return an error code or 0. + * + * @ingroup krb5_address + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_h_addr2sockaddr ( + krb5_context /*context*/, + int /*af*/, + const char */*addr*/, + struct sockaddr */*sa*/, + krb5_socklen_t */*sa_size*/, + int /*port*/); + +/** + * Convert the gethostname() error code (h_error) to a Kerberos et + * error code. + * + * @param eai_errno contains the error code from gethostname(). + * + * @return Kerberos error code representing the gethostname errors. + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_h_errno_to_heim_errno (int /*eai_errno*/); + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_have_error_string (krb5_context /*context*/) + KRB5_DEPRECATED_FUNCTION("Use krb5_get_error_message instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_hmac ( + krb5_context /*context*/, + krb5_cksumtype /*cktype*/, + const void */*data*/, + size_t /*len*/, + unsigned /*usage*/, + krb5_keyblock */*key*/, + Checksum */*result*/); + +/** + * Initializes the context structure and reads the configuration file + * /etc/krb5.conf. The structure should be freed by calling + * krb5_free_context() when it is no longer being used. + * + * @param context pointer to returned context + * + * @return Returns 0 to indicate success. Otherwise an errno code is + * returned. Failure means either that something bad happened during + * initialization (typically ENOMEM) or that Kerberos should not be + * used ENXIO. If the function returns HEIM_ERR_RANDOM_OFFLINE, the + * random source is not available and later Kerberos calls might fail. + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_context (krb5_context */*context*/); + +/** + * Free the krb5_init_creds_context allocated by krb5_init_creds_init(). + * + * @param context A Kerberos 5 context. + * @param ctx The krb5_init_creds_context to free. + * + * @ingroup krb5_credential + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_init_creds_free ( + krb5_context /*context*/, + krb5_init_creds_context /*ctx*/); + +/** + * Get new credentials as setup by the krb5_init_creds_context. + * + * @param context A Kerberos 5 context. + * @param ctx The krb5_init_creds_context to process. + * + * @ingroup krb5_credential + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_get ( + krb5_context /*context*/, + krb5_init_creds_context /*ctx*/); + +/** + * Extract the newly acquired credentials from krb5_init_creds_context + * context. + * + * @param context A Kerberos 5 context. + * @param ctx + * @param cred credentials, free with krb5_free_cred_contents(). + * + * @return 0 for sucess or An Kerberos error code, see krb5_get_error_message(). + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_get_creds ( + krb5_context /*context*/, + krb5_init_creds_context /*ctx*/, + krb5_creds */*cred*/); + +/** + * Get the last error from the transaction. + * + * @return Returns 0 or an error code + * + * @ingroup krb5_credential + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_get_error ( + krb5_context /*context*/, + krb5_init_creds_context /*ctx*/, + KRB_ERROR */*error*/); + +/** + * Start a new context to get a new initial credential. + * + * @param context A Kerberos 5 context. + * @param client The Kerberos principal to get the credential for, if + * NULL is given, the default principal is used as determined by + * krb5_get_default_principal(). + * @param prompter + * @param prompter_data + * @param start_time the time the ticket should start to be valid or 0 for now. + * @param options a options structure, can be NULL for default options. + * @param rctx A new allocated free with krb5_init_creds_free(). + * + * @return 0 for success or an Kerberos 5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_credential + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_init ( + krb5_context /*context*/, + krb5_principal /*client*/, + krb5_prompter_fct /*prompter*/, + void */*prompter_data*/, + krb5_deltat /*start_time*/, + krb5_get_init_creds_opt */*options*/, + krb5_init_creds_context */*rctx*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_set_fast_ap_armor_service ( + krb5_context /*context*/, + krb5_init_creds_context /*ctx*/, + krb5_const_principal /*armor_service*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_set_fast_ccache ( + krb5_context /*context*/, + krb5_init_creds_context /*ctx*/, + krb5_ccache /*fast_ccache*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_set_keyblock ( + krb5_context /*context*/, + krb5_init_creds_context /*ctx*/, + krb5_keyblock */*keyblock*/); + +/** + * Set the keytab to use for authentication. + * + * @param context a Kerberos 5 context. + * @param ctx ctx krb5_init_creds_context context. + * @param keytab the keytab to read the key from. + * + * @return 0 for success, or an Kerberos 5 error code, see krb5_get_error_message(). + * @ingroup krb5_credential + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_set_keytab ( + krb5_context /*context*/, + krb5_init_creds_context /*ctx*/, + krb5_keytab /*keytab*/); + +/** + * Sets the password that will use for the request. + * + * @param context a Kerberos 5 context. + * @param ctx ctx krb5_init_creds_context context. + * @param password the password to use. + * + * @return 0 for success, or an Kerberos 5 error code, see krb5_get_error_message(). + * @ingroup krb5_credential + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_set_password ( + krb5_context /*context*/, + krb5_init_creds_context /*ctx*/, + const char */*password*/); + +/** + * Sets the service that the is requested. This call is only neede for + * special initial tickets, by default the a krbtgt is fetched in the default realm. + * + * @param context a Kerberos 5 context. + * @param ctx a krb5_init_creds_context context. + * @param service the service given as a string, for example + * "kadmind/admin". If NULL, the default krbtgt in the clients + * realm is set. + * + * @return 0 for success, or an Kerberos 5 error code, see krb5_get_error_message(). + * @ingroup krb5_credential + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_set_service ( + krb5_context /*context*/, + krb5_init_creds_context /*ctx*/, + const char */*service*/); + +/** + * The core loop if krb5_get_init_creds() function family. Create the + * packets and have the caller send them off to the KDC. + * + * If the caller want all work been done for them, use + * krb5_init_creds_get() instead. + * + * @param context a Kerberos 5 context. + * @param ctx ctx krb5_init_creds_context context. + * @param in input data from KDC, first round it should be reset by krb5_data_zer(). + * @param out reply to KDC. + * @param hostinfo KDC address info, first round it can be NULL. + * @param flags status of the round, if + * KRB5_INIT_CREDS_STEP_FLAG_CONTINUE is set, continue one more round. + * + * @return 0 for success, or an Kerberos 5 error code, see + * krb5_get_error_message(). + * + * @ingroup krb5_credential + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_step ( + krb5_context /*context*/, + krb5_init_creds_context /*ctx*/, + krb5_data */*in*/, + krb5_data */*out*/, + krb5_krbhst_info */*hostinfo*/, + unsigned int */*flags*/); + +/** + * + * @ingroup krb5_credential + */ + +krb5_error_code +krb5_init_creds_store ( + krb5_context /*context*/, + krb5_init_creds_context /*ctx*/, + krb5_ccache /*id*/); + +/** + * Init the built-in ets in the Kerberos library. + * + * @param context kerberos context to add the ets too + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_init_ets (krb5_context /*context*/); + +/** + @struct krb5plugin_kuserok_ftable_desc * + * @brief Description of the krb5_kuserok(3) plugin facility. + * + * The krb5_kuserok(3) function is pluggable. The plugin is named + * KRB5_PLUGIN_KUSEROK ("krb5_plugin_kuserok"), with a single minor + * version, KRB5_PLUGIN_KUSEROK_VERSION_0 (0). + * + * The plugin for krb5_kuserok(3) consists of a data symbol referencing + * a structure of type krb5plugin_kuserok_ftable, with four fields: + * + * @param init Plugin initialization function (see krb5-plugin(7)) + * + * @param minor_version The plugin minor version number (0) + * + * @param fini Plugin finalization function + * + * @param kuserok Plugin kuserok function + * + * The kuserok field is the plugin entry point that performs the + * traditional kuserok operation however the plugin desires. It is + * invoked in no particular order relative to other kuserok plugins, but + * it has a 'rule' argument that indicates which plugin is intended to + * act on the rule. The plugin kuserok function must return + * KRB5_PLUGIN_NO_HANDLE if the rule is not applicable to it. + * + * The plugin kuserok function has the following arguments, in this + * order: + * + * -# plug_ctx, the context value output by the plugin's init function + * -# context, a krb5_context + * -# rule, the kuserok rule being evaluated (from krb5.conf(5)) + * -# flags + * -# k5login_dir, configured location of k5login per-user files if any + * -# luser, name of the local user account to which principal is attempting to access. + * -# principal, the krb5_principal trying to access the luser account + * -# result, a krb5_boolean pointer where the plugin will output its result + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_initlog ( + krb5_context /*context*/, + const char */*program*/, + krb5_log_facility **/*fac*/); + +/** + * Return TRUE (non zero) if the principal is a configuration + * principal (generated part of krb5_cc_set_config()). Returns FALSE + * (zero) if not a configuration principal. + * + * @param context a Keberos context + * @param principal principal to check if it a configuration principal + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_is_config_principal ( + krb5_context /*context*/, + krb5_const_principal /*principal*/); + +/** + * Returns is the encryption is strong or weak + * + * @param context Kerberos 5 context + * @param enctype encryption type to probe + * + * @return Returns true if encryption type is weak or is not supported. + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_is_enctype_weak ( + krb5_context /*context*/, + krb5_enctype /*enctype*/); + +/** + * Runtime check if the Kerberos library was complied with thread support. + * + * @return TRUE if the library was compiled with thread support, FALSE if not. + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_is_thread_safe (void); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kcm_call ( + krb5_context /*context*/, + krb5_storage */*request*/, + krb5_storage **/*response_p*/, + krb5_data */*response_data_p*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kcm_storage_request ( + krb5_context /*context*/, + uint16_t /*opcode*/, + krb5_storage **/*storage_p*/); + +/** + * Returns the list of Kerberos encryption types sorted in order of + * most preferred to least preferred encryption type. Note that some + * encryption types might be disabled, so you need to check with + * krb5_enctype_valid() before using the encryption type. + * + * @return list of enctypes, terminated with ETYPE_NULL. Its a static + * array completed into the Kerberos library so the content doesn't + * need to be freed. + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION const krb5_enctype * KRB5_LIB_CALL +krb5_kerberos_enctypes (krb5_context /*context*/); + +/** + * Get encryption type of a keyblock. + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_enctype KRB5_LIB_CALL +krb5_keyblock_get_enctype (const krb5_keyblock */*block*/); + +/** + * Fill in `key' with key data of type `enctype' from `data' of length + * `size'. Key should be freed using krb5_free_keyblock_contents(). + * + * @return 0 on success or a Kerberos 5 error code + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_keyblock_init ( + krb5_context /*context*/, + krb5_enctype /*type*/, + const void */*data*/, + size_t /*size*/, + krb5_keyblock */*key*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_keyblock_key_proc ( + krb5_context /*context*/, + krb5_keytype /*type*/, + krb5_data */*salt*/, + krb5_const_pointer /*keyseed*/, + krb5_keyblock **/*key*/); + +/** + * Zero out a keyblock + * + * @param keyblock keyblock to zero out + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_keyblock_zero (krb5_keyblock */*keyblock*/); + +/** + * Deprecated: use krb5_get_init_creds() and friends. + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_CALLCONV +krb5_keytab_key_proc ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + krb5_salt /*salt*/, + krb5_const_pointer /*keyseed*/, + krb5_keyblock **/*key*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +/** + * Deprecated: keytypes doesn't exists, they are really enctypes. + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_keytype_to_enctypes ( + krb5_context /*context*/, + krb5_keytype /*keytype*/, + unsigned */*len*/, + krb5_enctype **/*val*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +/** + * Deprecated: keytypes doesn't exists, they are really enctypes. + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_keytype_to_enctypes_default ( + krb5_context /*context*/, + krb5_keytype /*keytype*/, + unsigned */*len*/, + krb5_enctype **/*val*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +/** + * Deprecated: keytypes doesn't exists, they are really enctypes in + * most cases, use krb5_enctype_to_string(). + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_keytype_to_string ( + krb5_context /*context*/, + krb5_keytype /*keytype*/, + char **/*string*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_krbhst_format_string ( + krb5_context /*context*/, + const krb5_krbhst_info */*host*/, + char */*hostname*/, + size_t /*hostlen*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_krbhst_free ( + krb5_context /*context*/, + krb5_krbhst_handle /*handle*/); + +/** + * Return an `struct addrinfo *' for a KDC host. + * + * Returns an the struct addrinfo in in that corresponds to the + * information in `host'. free:ing is handled by krb5_krbhst_free, so + * the returned ai must not be released. + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_krbhst_get_addrinfo ( + krb5_context /*context*/, + krb5_krbhst_info */*host*/, + struct addrinfo **/*ai*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_krbhst_init ( + krb5_context /*context*/, + const char */*realm*/, + unsigned int /*type*/, + krb5_krbhst_handle */*handle*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_krbhst_init_flags ( + krb5_context /*context*/, + const char */*realm*/, + unsigned int /*type*/, + int /*flags*/, + krb5_krbhst_handle */*handle*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_krbhst_next ( + krb5_context /*context*/, + krb5_krbhst_handle /*handle*/, + krb5_krbhst_info **/*host*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_krbhst_next_as_string ( + krb5_context /*context*/, + krb5_krbhst_handle /*handle*/, + char */*hostname*/, + size_t /*hostlen*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_krbhst_reset ( + krb5_context /*context*/, + krb5_krbhst_handle /*handle*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_krbhst_set_hostname ( + krb5_context /*context*/, + krb5_krbhst_handle /*handle*/, + const char */*hostname*/); + +/** + * Add the entry in `entry' to the keytab `id'. + * + * @param context a Keberos context. + * @param id a keytab. + * @param entry the entry to add + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kt_add_entry ( + krb5_context /*context*/, + krb5_keytab /*id*/, + krb5_keytab_entry */*entry*/); + +/** + * Finish using the keytab in `id'. All resources will be released, + * even on errors. + * + * @param context a Keberos context. + * @param id keytab to close. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kt_close ( + krb5_context /*context*/, + krb5_keytab /*id*/); + +/** + * Compare `entry' against `principal, vno, enctype'. + * Any of `principal, vno, enctype' might be 0 which acts as a wildcard. + * Return TRUE if they compare the same, FALSE otherwise. + * + * @param context a Keberos context. + * @param entry an entry to match with. + * @param principal principal to match, NULL matches all principals. + * @param vno key version to match, 0 matches all key version numbers. + * @param enctype encryption type to match, 0 matches all encryption types. + * + * @return Return TRUE or match, FALSE if not matched. + * + * @ingroup krb5_keytab + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_kt_compare ( + krb5_context /*context*/, + krb5_keytab_entry */*entry*/, + krb5_const_principal /*principal*/, + krb5_kvno /*vno*/, + krb5_enctype /*enctype*/); + +/** + * Copy the contents of `in' into `out'. + * + * @param context a Keberos context. + * @param in the keytab entry to copy. + * @param out the copy of the keytab entry, free with krb5_kt_free_entry(). + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kt_copy_entry_contents ( + krb5_context /*context*/, + const krb5_keytab_entry */*in*/, + krb5_keytab_entry */*out*/); + +/** + * Set `id' to the default keytab. + * + * @param context a Keberos context. + * @param id the new default keytab. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kt_default ( + krb5_context /*context*/, + krb5_keytab */*id*/); + +/** + * Copy the name of the default modify keytab into `name'. + * + * @param context a Keberos context. + * @param name buffer where the name will be written + * @param namesize length of name + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kt_default_modify_name ( + krb5_context /*context*/, + char */*name*/, + size_t /*namesize*/); + +/** + * copy the name of the default keytab into `name'. + * + * @param context a Keberos context. + * @param name buffer where the name will be written + * @param namesize length of name + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kt_default_name ( + krb5_context /*context*/, + char */*name*/, + size_t /*namesize*/); + +/** + * Destroy (remove) the keytab in `id'. All resources will be released, + * even on errors, does the equvalment of krb5_kt_close() on the resources. + * + * @param context a Keberos context. + * @param id keytab to destroy. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kt_destroy ( + krb5_context /*context*/, + krb5_keytab /*id*/); + +/** + * Release all resources associated with `cursor'. + * + * @param context a Keberos context. + * @param id a keytab. + * @param cursor the cursor to free. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kt_end_seq_get ( + krb5_context /*context*/, + krb5_keytab /*id*/, + krb5_kt_cursor */*cursor*/); + +/** + * Free the contents of `entry'. + * + * @param context a Keberos context. + * @param entry the entry to free + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kt_free_entry ( + krb5_context /*context*/, + krb5_keytab_entry */*entry*/); + +/** + * Retrieve the keytab entry for `principal, kvno, enctype' into `entry' + * from the keytab `id'. Matching is done like krb5_kt_compare(). + * + * @param context a Keberos context. + * @param id a keytab. + * @param principal principal to match, NULL matches all principals. + * @param kvno key version to match, 0 matches all key version numbers. + * @param enctype encryption type to match, 0 matches all encryption types. + * @param entry the returned entry, free with krb5_kt_free_entry(). + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kt_get_entry ( + krb5_context /*context*/, + krb5_keytab /*id*/, + krb5_const_principal /*principal*/, + krb5_kvno /*kvno*/, + krb5_enctype /*enctype*/, + krb5_keytab_entry */*entry*/); + +/** + * Retrieve the full name of the keytab `keytab' and store the name in + * `str'. + * + * @param context a Keberos context. + * @param keytab keytab to get name for. + * @param str the name of the keytab name, usee krb5_xfree() to free + * the string. On error, *str is set to NULL. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kt_get_full_name ( + krb5_context /*context*/, + krb5_keytab /*keytab*/, + char **/*str*/); + +/** + * Retrieve the name of the keytab `keytab' into `name', `namesize' + * + * @param context a Keberos context. + * @param keytab the keytab to get the name for. + * @param name name buffer. + * @param namesize size of name buffer. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kt_get_name ( + krb5_context /*context*/, + krb5_keytab /*keytab*/, + char */*name*/, + size_t /*namesize*/); + +/** + * Return the type of the `keytab' in the string `prefix of length + * `prefixsize'. + * + * @param context a Keberos context. + * @param keytab the keytab to get the prefix for + * @param prefix prefix buffer + * @param prefixsize length of prefix buffer + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kt_get_type ( + krb5_context /*context*/, + krb5_keytab /*keytab*/, + char */*prefix*/, + size_t /*prefixsize*/); + +/** + * Return true if the keytab exists and have entries + * + * @param context a Keberos context. + * @param id a keytab. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kt_have_content ( + krb5_context /*context*/, + krb5_keytab /*id*/); + +/** + * Get the next entry from keytab, advance the cursor. On last entry + * the function will return KRB5_KT_END. + * + * @param context a Keberos context. + * @param id a keytab. + * @param entry the returned entry, free with krb5_kt_free_entry(). + * @param cursor the cursor of the iteration. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kt_next_entry ( + krb5_context /*context*/, + krb5_keytab /*id*/, + krb5_keytab_entry */*entry*/, + krb5_kt_cursor */*cursor*/); + +/** + * Read the key identified by `(principal, vno, enctype)' from the + * keytab in `keyprocarg' (the default if == NULL) into `*key'. + * + * @param context a Keberos context. + * @param keyprocarg + * @param principal + * @param vno + * @param enctype + * @param key + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kt_read_service_key ( + krb5_context /*context*/, + krb5_pointer /*keyprocarg*/, + krb5_principal /*principal*/, + krb5_kvno /*vno*/, + krb5_enctype /*enctype*/, + krb5_keyblock **/*key*/); + +/** + * Register a new keytab backend. + * + * @param context a Keberos context. + * @param ops a backend to register. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kt_register ( + krb5_context /*context*/, + const krb5_kt_ops */*ops*/); + +/** + * Remove an entry from the keytab, matching is done using + * krb5_kt_compare(). + + * @param context a Keberos context. + * @param id a keytab. + * @param entry the entry to remove + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kt_remove_entry ( + krb5_context /*context*/, + krb5_keytab /*id*/, + krb5_keytab_entry */*entry*/); + +/** + * Resolve the keytab name (of the form `type:residual') in `name' + * into a keytab in `id'. + * + * @param context a Keberos context. + * @param name name to resolve + * @param id resulting keytab, free with krb5_kt_close(). + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kt_resolve ( + krb5_context /*context*/, + const char */*name*/, + krb5_keytab */*id*/); + +/** + * Set `cursor' to point at the beginning of `id'. + * + * @param context a Keberos context. + * @param id a keytab. + * @param cursor a newly allocated cursor, free with krb5_kt_end_seq_get(). + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kt_start_seq_get ( + krb5_context /*context*/, + krb5_keytab /*id*/, + krb5_kt_cursor */*cursor*/); + +/** + * This function takes the name of a local user and checks if + * principal is allowed to log in as that user. + * + * The user may have a ~/.k5login file listing principals that are + * allowed to login as that user. If that file does not exist, all + * principals with a only one component that is identical to the + * username, and a realm considered local, are allowed access. + * + * The .k5login file must contain one principal per line, be owned by + * user and not be writable by group or other (but must be readable by + * anyone). + * + * Note that if the file exists, no implicit access rights are given + * to user@@LOCALREALM. + * + * Optionally, a set of files may be put in ~/.k5login.d (a + * directory), in which case they will all be checked in the same + * manner as .k5login. The files may be called anything, but files + * starting with a hash (#) , or ending with a tilde (~) are + * ignored. Subdirectories are not traversed. Note that this directory + * may not be checked by other Kerberos implementations. + * + * If no configuration file exists, match user against local domains, + * ie luser@@LOCAL-REALMS-IN-CONFIGURATION-FILES. + * + * @param context Kerberos 5 context. + * @param principal principal to check if allowed to login + * @param luser local user id + * + * @return returns TRUE if access should be granted, FALSE otherwise. + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_kuserok ( + krb5_context /*context*/, + krb5_principal /*principal*/, + const char */*luser*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_log ( + krb5_context /*context*/, + krb5_log_facility */*fac*/, + int /*level*/, + const char */*fmt*/, + ...) + __attribute__ ((__format__ (__printf__, 4, 5))); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_log_msg ( + krb5_context /*context*/, + krb5_log_facility */*fac*/, + int /*level*/, + char **/*reply*/, + const char */*fmt*/, + ...) + __attribute__ ((__format__ (__printf__, 5, 6))); + +/** + * Create an address of type KRB5_ADDRESS_ADDRPORT from (addr, port) + * + * @param context a Keberos context + * @param res built address from addr/port + * @param addr address to use + * @param port port to use + * + * @return Return an error code or 0. + * + * @ingroup krb5_address + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_make_addrport ( + krb5_context /*context*/, + krb5_address **/*res*/, + const krb5_address */*addr*/, + int16_t /*port*/); + +/** + * Build a principal using vararg style building + * + * @param context A Kerberos context. + * @param principal returned principal + * @param realm realm name + * @param ... a list of components ended with NULL. + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_make_principal ( + krb5_context /*context*/, + krb5_principal */*principal*/, + krb5_const_realm /*realm*/, + ...); + +/** + * krb5_max_sockaddr_size returns the max size of the .Li struct + * sockaddr that the Kerberos library will return. + * + * @return Return an size_t of the maximum struct sockaddr. + * + * @ingroup krb5_address + */ + +KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL +krb5_max_sockaddr_size (void); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_mk_error ( + krb5_context /*context*/, + krb5_error_code /*error_code*/, + const char */*e_text*/, + const krb5_data */*e_data*/, + const krb5_principal /*client*/, + const krb5_principal /*server*/, + time_t */*client_time*/, + int */*client_usec*/, + krb5_data */*reply*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_mk_error_ext ( + krb5_context /*context*/, + krb5_error_code /*error_code*/, + const char */*e_text*/, + const krb5_data */*e_data*/, + const krb5_principal /*server*/, + const PrincipalName */*client_name*/, + const Realm */*client_realm*/, + time_t */*client_time*/, + int */*client_usec*/, + krb5_data */*reply*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_mk_priv ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + const krb5_data */*userdata*/, + krb5_data */*outbuf*/, + krb5_replay_data */*outdata*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_mk_rep ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_data */*outbuf*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_mk_req ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + const krb5_flags /*ap_req_options*/, + const char */*service*/, + const char */*hostname*/, + krb5_data */*in_data*/, + krb5_ccache /*ccache*/, + krb5_data */*outbuf*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_mk_req_exact ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + const krb5_flags /*ap_req_options*/, + const krb5_principal /*server*/, + krb5_data */*in_data*/, + krb5_ccache /*ccache*/, + krb5_data */*outbuf*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_mk_req_extended ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + const krb5_flags /*ap_req_options*/, + krb5_data */*in_data*/, + krb5_creds */*in_creds*/, + krb5_data */*outbuf*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_mk_safe ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + const krb5_data */*userdata*/, + krb5_data */*outbuf*/, + krb5_replay_data */*outdata*/); + +/** + * Iteratively apply name canon rules, outputing a principal and rule + * options each time. Iteration completes when the @iter is NULL on + * return or when an error is returned. Callers must free the iterator + * if they abandon it mid-way. + * + * @param context Kerberos context + * @param iter name canon rule iterator (input/output) + * @param try_princ output principal name + * @param rule_opts output rule options + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_name_canon_iterate ( + krb5_context /*context*/, + krb5_name_canon_iterator */*iter*/, + krb5_const_principal */*try_princ*/, + krb5_name_canon_rule_options */*rule_opts*/); + +/** + * Initialize name canonicalization iterator. + * + * @param context Kerberos context + * @param in_princ principal name to be canonicalized OR + * @param iter output iterator object + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_name_canon_iterator_start ( + krb5_context /*context*/, + krb5_const_principal /*in_princ*/, + krb5_name_canon_iterator */*iter*/); + +/** + * Read \a len bytes from socket \a p_fd into buffer \a buf. + * Block until \a len bytes are read or until an error. + * + * @return If successful, the number of bytes read: \a len. + * On end-of-file, 0. + * On error, less than 0 (if single-threaded, the error can be found + * in the errno global variable). + */ + +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL +krb5_net_read ( + krb5_context /*context*/, + void */*p_fd*/, + void */*buf*/, + size_t /*len*/); + +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL +krb5_net_write ( + krb5_context /*context*/, + void */*p_fd*/, + const void */*buf*/, + size_t /*len*/); + +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL +krb5_net_write_block ( + krb5_context /*context*/, + void */*p_fd*/, + const void */*buf*/, + size_t /*len*/, + time_t /*timeout*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_alloc ( + krb5_context /*context*/, + krb5_ntlm */*ntlm*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_free ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_init_get_challenge ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + krb5_data */*challenge*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_init_get_flags ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + uint32_t */*flags*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_init_get_opaque ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + krb5_data */*opaque*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_init_get_targetinfo ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + krb5_data */*data*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_init_get_targetname ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + char **/*name*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_init_request ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + krb5_realm /*realm*/, + krb5_ccache /*ccache*/, + uint32_t /*flags*/, + const char */*hostname*/, + const char */*domainname*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_rep_get_sessionkey ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + krb5_data */*data*/); + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_ntlm_rep_get_status ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_req_set_flags ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + uint32_t /*flags*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_req_set_lm ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + void */*hash*/, + size_t /*len*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_req_set_ntlm ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + void */*hash*/, + size_t /*len*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_req_set_opaque ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + krb5_data */*opaque*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_req_set_session ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + void */*sessionkey*/, + size_t /*length*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_req_set_targetname ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + const char */*targetname*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_req_set_username ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + const char */*username*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_request ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + krb5_realm /*realm*/, + krb5_ccache /*ccache*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_openlog ( + krb5_context /*context*/, + const char */*program*/, + krb5_log_facility **/*fac*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_pac_add_buffer ( + krb5_context /*context*/, + krb5_pac /*p*/, + uint32_t /*type*/, + const krb5_data */*data*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_pac_free ( + krb5_context /*context*/, + krb5_pac /*pac*/); + +/** + * Get the PAC buffer of specific type from the pac. + * + * @param context Kerberos 5 context. + * @param p the pac structure returned by krb5_pac_parse(). + * @param type type of buffer to get + * @param data return data, free with krb5_data_free(). + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5_pac + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_pac_get_buffer ( + krb5_context /*context*/, + krb5_pac /*p*/, + uint32_t /*type*/, + krb5_data */*data*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_pac_get_types ( + krb5_context /*context*/, + krb5_pac /*p*/, + size_t */*len*/, + uint32_t **/*types*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_pac_init ( + krb5_context /*context*/, + krb5_pac */*pac*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_pac_parse ( + krb5_context /*context*/, + const void */*ptr*/, + size_t /*len*/, + krb5_pac */*pac*/); + +/** + * Verify the PAC. + * + * @param context Kerberos 5 context. + * @param pac the pac structure returned by krb5_pac_parse(). + * @param authtime The time of the ticket the PAC belongs to. + * @param principal the principal to verify. + * @param server The service key, most always be given. + * @param privsvr The KDC key, may be given. + + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5_pac + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_pac_verify ( + krb5_context /*context*/, + const krb5_pac /*pac*/, + time_t /*authtime*/, + krb5_const_principal /*principal*/, + const krb5_keyblock */*server*/, + const krb5_keyblock */*privsvr*/); + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_padata_add ( + krb5_context /*context*/, + METHOD_DATA */*md*/, + int /*type*/, + void */*buf*/, + size_t /*len*/); + +/** + * krb5_parse_address returns the resolved hostname in string to the + * krb5_addresses addresses . + * + * @param context a Keberos context + * @param string + * @param addresses + * + * @return Return an error code or 0. + * + * @ingroup krb5_address + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_parse_address ( + krb5_context /*context*/, + const char */*string*/, + krb5_addresses */*addresses*/); + +/** + * Parse a name into a krb5_principal structure + * + * @param context Kerberos 5 context + * @param name name to parse into a Kerberos principal + * @param principal returned principal, free with krb5_free_principal(). + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_parse_name ( + krb5_context /*context*/, + const char */*name*/, + krb5_principal */*principal*/); + +/** + * Parse a name into a krb5_principal structure, flags controls the behavior. + * + * @param context Kerberos 5 context + * @param name name to parse into a Kerberos principal + * @param flags flags to control the behavior + * @param principal returned principal, free with krb5_free_principal(). + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_parse_name_flags ( + krb5_context /*context*/, + const char */*name*/, + int /*flags*/, + krb5_principal */*principal*/); + +/** + * Parse nametype string and return a nametype integer + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_parse_nametype ( + krb5_context /*context*/, + const char */*str*/, + int32_t */*nametype*/); + +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL +krb5_passwd_result_to_string ( + krb5_context /*context*/, + int /*result*/); + +/** + * Deprecated: use krb5_get_init_creds() and friends. + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_CALLCONV +krb5_password_key_proc ( + krb5_context /*context*/, + krb5_enctype /*type*/, + krb5_salt /*salt*/, + krb5_const_pointer /*keyseed*/, + krb5_keyblock **/*key*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_pk_enterprise_cert ( + krb5_context /*context*/, + const char */*user_id*/, + krb5_const_realm /*realm*/, + krb5_principal */*principal*/, + struct hx509_certs_data **/*res*/); + +/** + * Register a plugin symbol name of specific type. + * @param context a Keberos context + * @param type type of plugin symbol + * @param name name of plugin symbol + * @param symbol a pointer to the named symbol + * @return In case of error a non zero error com_err error is returned + * and the Kerberos error string is set. + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_plugin_register ( + krb5_context /*context*/, + enum krb5_plugin_type /*type*/, + const char */*name*/, + void */*symbol*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_prepend_config_files ( + const char */*filelist*/, + char **/*pq*/, + char ***/*ret_pp*/); + +/** + * Prepend the filename to the global configuration list. + * + * @param filelist a filename to add to the default list of filename + * @param pfilenames return array of filenames, should be freed with krb5_free_config_files(). + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_prepend_config_files_default ( + const char */*filelist*/, + char ***/*pfilenames*/); + +/** + * Prepend the context full error string for a specific error code. + * The error that is stored should be internationalized. + * + * The if context is NULL, no error string is stored. + * + * @param context Kerberos 5 context + * @param ret The error code + * @param fmt Error string for the error code + * @param ... printf(3) style parameters. + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_prepend_error_message ( + krb5_context /*context*/, + krb5_error_code /*ret*/, + const char */*fmt*/, + ...) + __attribute__ ((__format__ (__printf__, 3, 4))); + +/** + * Deprecated: use krb5_principal_get_realm() + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_realm * KRB5_LIB_CALL +krb5_princ_realm ( + krb5_context /*context*/, + krb5_principal /*principal*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +/** + * Deprecated: use krb5_principal_set_realm() + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_princ_set_realm ( + krb5_context /*context*/, + krb5_principal /*principal*/, + krb5_realm */*realm*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +/** + * Compares the two principals, including realm of the principals and returns + * TRUE if they are the same and FALSE if not. + * + * @param context Kerberos 5 context + * @param princ1 first principal to compare + * @param princ2 second principal to compare + * + * @ingroup krb5_principal + * @see krb5_principal_compare_any_realm() + * @see krb5_realm_compare() + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_principal_compare ( + krb5_context /*context*/, + krb5_const_principal /*princ1*/, + krb5_const_principal /*princ2*/); + +/** + * Return TRUE iff princ1 == princ2 (without considering the realm) + * + * @param context Kerberos 5 context + * @param princ1 first principal to compare + * @param princ2 second principal to compare + * + * @return non zero if equal, 0 if not + * + * @ingroup krb5_principal + * @see krb5_principal_compare() + * @see krb5_realm_compare() + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_principal_compare_any_realm ( + krb5_context /*context*/, + krb5_const_principal /*princ1*/, + krb5_const_principal /*princ2*/); + +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL +krb5_principal_get_comp_string ( + krb5_context /*context*/, + krb5_const_principal /*principal*/, + unsigned int /*component*/); + +/** + * Get number of component is principal. + * + * @param context Kerberos 5 context + * @param principal principal to query + * + * @return number of components in string + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION unsigned int KRB5_LIB_CALL +krb5_principal_get_num_comp ( + krb5_context /*context*/, + krb5_const_principal /*principal*/); + +/** + * Get the realm of the principal + * + * @param context A Kerberos context. + * @param principal principal to get the realm for + * + * @return realm of the principal, don't free or use after krb5_principal is freed + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL +krb5_principal_get_realm ( + krb5_context /*context*/, + krb5_const_principal /*principal*/); + +/** + * Get the type of the principal + * + * @param context A Kerberos context. + * @param principal principal to get the type for + * + * @return the type of principal + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_principal_get_type ( + krb5_context /*context*/, + krb5_const_principal /*principal*/); + +/** + * Returns true iff name is WELLKNOWN/ANONYMOUS + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_principal_is_anonymous ( + krb5_context /*context*/, + krb5_const_principal /*p*/, + unsigned int /*flags*/); + +/** + * Returns true iff name is an WELLKNOWN:ORG.H5L.HOSTBASED-SERVICE + * + * @ingroup krb5_principal + */ + +krb5_boolean KRB5_LIB_FUNCTION +krb5_principal_is_gss_hostbased_service ( + krb5_context /*context*/, + krb5_const_principal /*principal*/); + +/** + * Check if the cname part of the principal is a krbtgt principal + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_principal_is_krbtgt ( + krb5_context /*context*/, + krb5_const_principal /*p*/); + +/** + * Returns true if name is Kerberos an LKDC realm + * + * @ingroup krb5_principal + */ + +krb5_boolean KRB5_LIB_FUNCTION +krb5_principal_is_lkdc ( + krb5_context /*context*/, + krb5_const_principal /*principal*/); + +/** + * Returns true if name is Kerberos NULL name + * + * @ingroup krb5_principal + */ + +krb5_boolean KRB5_LIB_FUNCTION +krb5_principal_is_null ( + krb5_context /*context*/, + krb5_const_principal /*principal*/); + +/** + * Returns true if name is Kerberos an LKDC realm + * + * @ingroup krb5_principal + */ + +krb5_boolean KRB5_LIB_FUNCTION +krb5_principal_is_pku2u ( + krb5_context /*context*/, + krb5_const_principal /*principal*/); + +/** + * Check if the cname part of the principal is a initial or renewed krbtgt principal + * + * @ingroup krb5_principal + */ + +krb5_boolean KRB5_LIB_FUNCTION +krb5_principal_is_root_krbtgt ( + krb5_context /*context*/, + krb5_const_principal /*p*/); + +/** + * return TRUE iff princ matches pattern + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_principal_match ( + krb5_context /*context*/, + krb5_const_principal /*princ*/, + krb5_const_principal /*pattern*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_principal_set_comp_string ( + krb5_context /*context*/, + krb5_principal /*principal*/, + unsigned int /*k*/, + const char */*component*/); + +/** + * Set a new realm for a principal, and as a side-effect free the + * previous realm. + * + * @param context A Kerberos context. + * @param principal principal set the realm for + * @param realm the new realm to set + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_principal_set_realm ( + krb5_context /*context*/, + krb5_principal /*principal*/, + krb5_const_realm /*realm*/); + +/** + * Set the type of the principal + * + * @param context A Kerberos context. + * @param principal principal to set the type for + * @param type the new type + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_principal_set_type ( + krb5_context /*context*/, + krb5_principal /*principal*/, + int /*type*/); + +/** + * krb5_print_address prints the address in addr to the string string + * that have the length len. If ret_len is not NULL, it will be filled + * with the length of the string if size were unlimited (not including + * the final NUL) . + * + * @param addr address to be printed + * @param str pointer string to print the address into + * @param len length that will fit into area pointed to by "str". + * @param ret_len return length the str. + * + * @return Return an error code or 0. + * + * @ingroup krb5_address + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_print_address ( + const krb5_address */*addr*/, + char */*str*/, + size_t /*len*/, + size_t */*ret_len*/); + +krb5_error_code +krb5_process_last_request ( + krb5_context /*context*/, + krb5_get_init_creds_opt */*options*/, + krb5_init_creds_context /*ctx*/); + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_program_setup ( + krb5_context */*context*/, + int /*argc*/, + char **/*argv*/, + struct getargs */*args*/, + int /*num_args*/, + void (KRB5_LIB_CALL *usage)(int, struct getargs*, int)); + +KRB5_LIB_FUNCTION int KRB5_CALLCONV +krb5_prompter_posix ( + krb5_context /*context*/, + void */*data*/, + const char */*name*/, + const char */*banner*/, + int /*num_prompts*/, + krb5_prompt prompts[]); + +/** + * Converts the random bytestring to a protocol key according to + * Kerberos crypto frame work. It may be assumed that all the bits of + * the input string are equally random, even though the entropy + * present in the random source may be limited. + * + * @param context Kerberos 5 context + * @param type the enctype resulting key will be of + * @param data input random data to convert to a key + * @param size size of input random data, at least krb5_enctype_keysize() long + * @param key key, output key, free with krb5_free_keyblock_contents() + * + * @return Return an error code or 0. + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_random_to_key ( + krb5_context /*context*/, + krb5_enctype /*type*/, + const void */*data*/, + size_t /*size*/, + krb5_keyblock */*key*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rc_close ( + krb5_context /*context*/, + krb5_rcache /*id*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rc_default ( + krb5_context /*context*/, + krb5_rcache */*id*/); + +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL +krb5_rc_default_name (krb5_context /*context*/); + +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL +krb5_rc_default_type (krb5_context /*context*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rc_destroy ( + krb5_context /*context*/, + krb5_rcache /*id*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rc_expunge ( + krb5_context /*context*/, + krb5_rcache /*id*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rc_get_lifespan ( + krb5_context /*context*/, + krb5_rcache /*id*/, + krb5_deltat */*auth_lifespan*/); + +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL +krb5_rc_get_name ( + krb5_context /*context*/, + krb5_rcache /*id*/); + +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL +krb5_rc_get_type ( + krb5_context /*context*/, + krb5_rcache /*id*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rc_initialize ( + krb5_context /*context*/, + krb5_rcache /*id*/, + krb5_deltat /*auth_lifespan*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rc_recover ( + krb5_context /*context*/, + krb5_rcache /*id*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rc_resolve ( + krb5_context /*context*/, + krb5_rcache /*id*/, + const char */*name*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rc_resolve_full ( + krb5_context /*context*/, + krb5_rcache */*id*/, + const char */*string_name*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rc_resolve_type ( + krb5_context /*context*/, + krb5_rcache */*id*/, + const char */*type*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rc_store ( + krb5_context /*context*/, + krb5_rcache /*id*/, + krb5_donot_replay */*rep*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rd_cred ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_data */*in_data*/, + krb5_creds ***/*ret_creds*/, + krb5_replay_data */*outdata*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rd_cred2 ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_ccache /*ccache*/, + krb5_data */*in_data*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rd_error ( + krb5_context /*context*/, + const krb5_data */*msg*/, + KRB_ERROR */*result*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rd_priv ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + const krb5_data */*inbuf*/, + krb5_data */*outbuf*/, + krb5_replay_data */*outdata*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rd_rep ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + const krb5_data */*inbuf*/, + krb5_ap_rep_enc_part **/*repl*/); + +/** + * Process an AP_REQ message. + * + * @param context Kerberos 5 context. + * @param auth_context authentication context of the peer. + * @param inbuf the AP_REQ message, obtained for example with krb5_read_message(). + * @param server server principal. + * @param keytab server keytab. + * @param ap_req_options set to the AP_REQ options. See the AP_OPTS_* defines. + * @param ticket on success, set to the authenticated client credentials. + * Must be deallocated with krb5_free_ticket(). If not + * interested, pass a NULL value. + * + * @return 0 to indicate success. Otherwise a Kerberos error code is + * returned, see krb5_get_error_message(). + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rd_req ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + const krb5_data */*inbuf*/, + krb5_const_principal /*server*/, + krb5_keytab /*keytab*/, + krb5_flags */*ap_req_options*/, + krb5_ticket **/*ticket*/); + +/** + * The core server function that verify application authentication + * requests from clients. + * + * @param context Keberos 5 context. + * @param auth_context the authentication context, can be NULL, then + * default values for the authentication context will used. + * @param inbuf the (AP-REQ) authentication buffer + * + * @param server the server to authenticate to. If NULL the function + * will try to find any available credential in the keytab + * that will verify the reply. The function will prefer the + * server specified in the AP-REQ, but if + * there is no mach, it will try all keytab entries for a + * match. This has serious performance issues for large keytabs. + * + * @param inctx control the behavior of the function, if NULL, the + * default behavior is used. + * @param outctx the return outctx, free with krb5_rd_req_out_ctx_free(). + * @return Kerberos 5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_auth + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rd_req_ctx ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + const krb5_data */*inbuf*/, + krb5_const_principal /*server*/, + krb5_rd_req_in_ctx /*inctx*/, + krb5_rd_req_out_ctx */*outctx*/); + +/** + * Allocate a krb5_rd_req_in_ctx as an input parameter to + * krb5_rd_req_ctx(). The caller should free the context with + * krb5_rd_req_in_ctx_free() when done with the context. + * + * @param context Keberos 5 context. + * @param ctx in ctx to krb5_rd_req_ctx(). + * + * @return Kerberos 5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_auth + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rd_req_in_ctx_alloc ( + krb5_context /*context*/, + krb5_rd_req_in_ctx */*ctx*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_rd_req_in_ctx_free ( + krb5_context /*context*/, + krb5_rd_req_in_ctx /*ctx*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rd_req_in_set_keyblock ( + krb5_context /*context*/, + krb5_rd_req_in_ctx /*in*/, + krb5_keyblock */*keyblock*/); + +/** + * Set the keytab that krb5_rd_req_ctx() will use. + * + * @param context Keberos 5 context. + * @param in in ctx to krb5_rd_req_ctx(). + * @param keytab keytab that krb5_rd_req_ctx() will use, only copy the + * pointer, so the caller must free they keytab after + * krb5_rd_req_in_ctx_free() is called. + * + * @return Kerberos 5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_auth + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rd_req_in_set_keytab ( + krb5_context /*context*/, + krb5_rd_req_in_ctx /*in*/, + krb5_keytab /*keytab*/); + +/** + * Set if krb5_rq_red() is going to check the Windows PAC or not + * + * @param context Keberos 5 context. + * @param in krb5_rd_req_in_ctx to check the option on. + * @param flag flag to select if to check the pac (TRUE) or not (FALSE). + * + * @return Kerberos 5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_auth + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rd_req_in_set_pac_check ( + krb5_context /*context*/, + krb5_rd_req_in_ctx /*in*/, + krb5_boolean /*flag*/); + +/** + * Free the krb5_rd_req_out_ctx. + * + * @param context Keberos 5 context. + * @param ctx krb5_rd_req_out_ctx context to free. + * + * @ingroup krb5_auth + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_rd_req_out_ctx_free ( + krb5_context /*context*/, + krb5_rd_req_out_ctx /*ctx*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rd_req_out_get_ap_req_options ( + krb5_context /*context*/, + krb5_rd_req_out_ctx /*out*/, + krb5_flags */*ap_req_options*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rd_req_out_get_keyblock ( + krb5_context /*context*/, + krb5_rd_req_out_ctx /*out*/, + krb5_keyblock **/*keyblock*/); + +/** + * Get the principal that was used in the request from the + * client. Might not match whats in the ticket if krb5_rd_req_ctx() + * searched in the keytab for a matching key. + * + * @param context a Kerberos 5 context. + * @param out a krb5_rd_req_out_ctx from krb5_rd_req_ctx(). + * @param principal return principal, free with krb5_free_principal(). + * + * @ingroup krb5_auth + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rd_req_out_get_server ( + krb5_context /*context*/, + krb5_rd_req_out_ctx /*out*/, + krb5_principal */*principal*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rd_req_out_get_ticket ( + krb5_context /*context*/, + krb5_rd_req_out_ctx /*out*/, + krb5_ticket **/*ticket*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rd_req_with_keyblock ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + const krb5_data */*inbuf*/, + krb5_const_principal /*server*/, + krb5_keyblock */*keyblock*/, + krb5_flags */*ap_req_options*/, + krb5_ticket **/*ticket*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rd_safe ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + const krb5_data */*inbuf*/, + krb5_data */*outbuf*/, + krb5_replay_data */*outdata*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_read_message ( + krb5_context /*context*/, + krb5_pointer /*p_fd*/, + krb5_data */*data*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_read_priv_message ( + krb5_context /*context*/, + krb5_auth_context /*ac*/, + krb5_pointer /*p_fd*/, + krb5_data */*data*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_read_safe_message ( + krb5_context /*context*/, + krb5_auth_context /*ac*/, + krb5_pointer /*p_fd*/, + krb5_data */*data*/); + +/** + * return TRUE iff realm(princ1) == realm(princ2) + * + * @param context Kerberos 5 context + * @param princ1 first principal to compare + * @param princ2 second principal to compare + * + * @ingroup krb5_principal + * @see krb5_principal_compare_any_realm() + * @see krb5_principal_compare() + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_realm_compare ( + krb5_context /*context*/, + krb5_const_principal /*princ1*/, + krb5_const_principal /*princ2*/); + +/** + * Returns true if name is Kerberos an LKDC realm + * + * @ingroup krb5_principal + */ + +krb5_boolean KRB5_LIB_FUNCTION +krb5_realm_is_lkdc (const char */*realm*/); + +/** + * Perform the server side of the sendauth protocol. + * + * @param context Kerberos 5 context. + * @param auth_context authentication context of the peer. + * @param p_fd socket associated to the connection. + * @param appl_version server-specific string. + * @param server server principal. + * @param flags if KRB5_RECVAUTH_IGNORE_VERSION is set, skip the sendauth version + * part of the protocol. + * @param keytab server keytab. + * @param ticket on success, set to the authenticated client credentials. + * Must be deallocated with krb5_free_ticket(). If not + * interested, pass a NULL value. + * + * @return 0 to indicate success. Otherwise a Kerberos error code is + * returned, see krb5_get_error_message(). + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_recvauth ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + krb5_pointer /*p_fd*/, + const char */*appl_version*/, + krb5_principal /*server*/, + int32_t /*flags*/, + krb5_keytab /*keytab*/, + krb5_ticket **/*ticket*/); + +/** + * Perform the server side of the sendauth protocol like krb5_recvauth(), but support + * a user-specified callback, \a match_appl_version, to perform the match of the application + * version \a match_data. + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_recvauth_match_version ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + krb5_pointer /*p_fd*/, + krb5_boolean (*/*match_appl_version*/)(const void *, const char*), + const void */*match_data*/, + krb5_principal /*server*/, + int32_t /*flags*/, + krb5_keytab /*keytab*/, + krb5_ticket **/*ticket*/); + +/** + * Read a address block from the storage. + * + * @param sp the storage buffer to write to + * @param adr the address block read from storage + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ret_address ( + krb5_storage */*sp*/, + krb5_address */*adr*/); + +/** + * Read a addresses block from the storage. + * + * @param sp the storage buffer to write to + * @param adr the addresses block read from storage + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ret_addrs ( + krb5_storage */*sp*/, + krb5_addresses */*adr*/); + +/** + * Read a auth data from the storage. + * + * @param sp the storage buffer to write to + * @param auth the auth data block read from storage + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ret_authdata ( + krb5_storage */*sp*/, + krb5_authdata */*auth*/); + +/** + * Read a credentials block from the storage. + * + * @param sp the storage buffer to write to + * @param creds the credentials block read from storage + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ret_creds ( + krb5_storage */*sp*/, + krb5_creds */*creds*/); + +/** + * Read a tagged credentials block from the storage. + * + * @param sp the storage buffer to write to + * @param creds the credentials block read from storage + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ret_creds_tag ( + krb5_storage */*sp*/, + krb5_creds */*creds*/); + +/** + * Parse a data from the storage. + * + * @param sp the storage buffer to read from + * @param data the parsed data + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ret_data ( + krb5_storage */*sp*/, + krb5_data */*data*/); + +/** + * Read a int16 from storage, byte order is controlled by the settings + * on the storage, see krb5_storage_set_byteorder(). + * + * @param sp the storage to write too + * @param value the value read from the buffer + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ret_int16 ( + krb5_storage */*sp*/, + int16_t */*value*/); + +/** + * Read a int32 from storage, byte order is controlled by the settings + * on the storage, see krb5_storage_set_byteorder(). + * + * @param sp the storage to write too + * @param value the value read from the buffer + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ret_int32 ( + krb5_storage */*sp*/, + int32_t */*value*/); + +/** + * Read a int64 from storage, byte order is controlled by the settings + * on the storage, see krb5_storage_set_byteorder(). + * + * @param sp the storage to write too + * @param value the value read from the buffer + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ret_int64 ( + krb5_storage */*sp*/, + int64_t */*value*/); + +/** + * Read a int8 from storage + * + * @param sp the storage to write too + * @param value the value read from the buffer + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ret_int8 ( + krb5_storage */*sp*/, + int8_t */*value*/); + +/** + * Read a keyblock from the storage. + * + * @param sp the storage buffer to write to + * @param p the keyblock read from storage, free using krb5_free_keyblock() + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ret_keyblock ( + krb5_storage */*sp*/, + krb5_keyblock */*p*/); + +/** + * Parse principal from the storage. + * + * @param sp the storage buffer to read from + * @param princ the parsed principal + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ret_principal ( + krb5_storage */*sp*/, + krb5_principal */*princ*/); + +/** + * Parse a string from the storage. + * + * @param sp the storage buffer to read from + * @param string the parsed string + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ret_string ( + krb5_storage */*sp*/, + char **/*string*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ret_stringnl ( + krb5_storage */*sp*/, + char **/*string*/); + +/** + * Parse zero terminated string from the storage. + * + * @param sp the storage buffer to read from + * @param string the parsed string + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ret_stringz ( + krb5_storage */*sp*/, + char **/*string*/); + +/** + * Read a times block from the storage. + * + * @param sp the storage buffer to write to + * @param times the times block read from storage + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ret_times ( + krb5_storage */*sp*/, + krb5_times */*times*/); + +/** + * Read a int16 from storage, byte order is controlled by the settings + * on the storage, see krb5_storage_set_byteorder(). + * + * @param sp the storage to write too + * @param value the value read from the buffer + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ret_uint16 ( + krb5_storage */*sp*/, + uint16_t */*value*/); + +/** + * Read a uint32 from storage, byte order is controlled by the settings + * on the storage, see krb5_storage_set_byteorder(). + * + * @param sp the storage to write too + * @param value the value read from the buffer + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ret_uint32 ( + krb5_storage */*sp*/, + uint32_t */*value*/); + +/** + * Read a uint64 from storage, byte order is controlled by the settings + * on the storage, see krb5_storage_set_byteorder(). + * + * @param sp the storage to write too + * @param value the value read from the buffer + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ret_uint64 ( + krb5_storage */*sp*/, + uint64_t */*value*/); + +/** + * Read a uint8 from storage + * + * @param sp the storage to write too + * @param value the value read from the buffer + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ret_uint8 ( + krb5_storage */*sp*/, + uint8_t */*value*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_salttype_to_string ( + krb5_context /*context*/, + krb5_enctype /*etype*/, + krb5_salttype /*stype*/, + char **/*string*/); + +/** + * Perform the client side of the sendauth protocol. + * + * @param context Kerberos 5 context. + * @param auth_context Authentication context of the peer. + * @param p_fd Socket associated to the connection. + * @param appl_version Server-specific string. + * @param client Client principal. If NULL, use the credentials in \a ccache. + * @param server Server principal. + * @param ap_req_options Options for the AP_REQ message. See the AP_OPTS_* defines in krb5.h. + * @param in_data FIXME + * @param in_creds FIXME + * @param ccache Credentials cache. If NULL, use the default credentials cache. + * @param ret_error If not NULL, will be set to the error reported by server, if any. + * Must be deallocated with krb5_free_error_contents(). + * @param rep_result If not NULL, will be set to the EncApRepPart of the AP_REP message. + * Must be deallocated with krb5_free_ap_rep_enc_part(). + * @param out_creds FIXME If not NULL, will be set to FIXME. Must be deallocated with + * krb5_free_creds(). + * + * @return 0 to indicate success. Otherwise a Kerberos error code is + * returned, see krb5_get_error_message(). + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_sendauth ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + krb5_pointer /*p_fd*/, + const char */*appl_version*/, + krb5_principal /*client*/, + krb5_principal /*server*/, + krb5_flags /*ap_req_options*/, + krb5_data */*in_data*/, + krb5_creds */*in_creds*/, + krb5_ccache /*ccache*/, + krb5_error **/*ret_error*/, + krb5_ap_rep_enc_part **/*rep_result*/, + krb5_creds **/*out_creds*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_sendto ( + krb5_context /*context*/, + const krb5_data */*send_data*/, + krb5_krbhst_handle /*handle*/, + krb5_data */*receive*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_sendto_context ( + krb5_context /*context*/, + krb5_sendto_ctx /*ctx*/, + const krb5_data */*send_data*/, + krb5_const_realm /*realm*/, + krb5_data */*receive*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_sendto_ctx_add_flags ( + krb5_sendto_ctx /*ctx*/, + int /*flags*/); + +/** + * @section send_to_kdc Locating and sending packets to the KDC + * + * The send to kdc code is responsible to request the list of KDC from + * the locate-kdc subsystem and then send requests to each of them. + * + * - Each second a new hostname is tried. + * - If the hostname have several addresses, the first will be tried + * directly then in turn the other will be tried every 3 seconds + * (host_timeout). + * - UDP requests are tried 3 times, and it tried with a individual timeout of kdc_timeout / 3. + * - TCP and HTTP requests are tried 1 time. + * + * Total wait time shorter then (number of addresses * 3) + kdc_timeout seconds. + * + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_sendto_ctx_alloc ( + krb5_context /*context*/, + krb5_sendto_ctx */*ctx*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_sendto_ctx_free ( + krb5_context /*context*/, + krb5_sendto_ctx /*ctx*/); + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_sendto_ctx_get_flags (krb5_sendto_ctx /*ctx*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_sendto_ctx_set_func ( + krb5_sendto_ctx /*ctx*/, + krb5_sendto_ctx_func /*func*/, + void */*data*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_sendto_ctx_set_type ( + krb5_sendto_ctx /*ctx*/, + int /*type*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_sendto_kdc ( + krb5_context /*context*/, + const krb5_data */*send_data*/, + const krb5_realm */*realm*/, + krb5_data */*receive*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_sendto_kdc_flags ( + krb5_context /*context*/, + const krb5_data */*send_data*/, + const krb5_realm */*realm*/, + krb5_data */*receive*/, + int /*flags*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_sendto_set_hostname ( + krb5_context /*context*/, + krb5_sendto_ctx /*ctx*/, + const char */*hostname*/); + +/** + * Reinit the context from a new set of filenames. + * + * @param context context to add configuration too. + * @param filenames array of filenames, end of list is indicated with a NULL filename. + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_set_config_files ( + krb5_context /*context*/, + char **/*filenames*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_set_debug_dest ( + krb5_context /*context*/, + const char */*program*/, + const char */*log_spec*/); + +/** + * Set the default encryption types that will be use in communcation + * with the KDC, clients and servers. + * + * @param context Kerberos 5 context. + * @param etypes Encryption types, array terminated with ETYPE_NULL (0). + * A value of NULL resets the encryption types to the defaults set in the + * configuration file. + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_set_default_in_tkt_etypes ( + krb5_context /*context*/, + const krb5_enctype */*etypes*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_set_default_realm ( + krb5_context /*context*/, + const char */*realm*/); + +/** + * Set if the library should use DNS to canonicalize hostnames. + * + * @param context Kerberos 5 context. + * @param flag if its dns canonicalizion is used or not. + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_set_dns_canonicalize_hostname ( + krb5_context /*context*/, + krb5_boolean /*flag*/); + +/** + * Set the context full error string for a specific error code. + * The error that is stored should be internationalized. + * + * The if context is NULL, no error string is stored. + * + * @param context Kerberos 5 context + * @param ret The error code + * @param fmt Error string for the error code + * @param ... printf(3) style parameters. + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_set_error_message ( + krb5_context /*context*/, + krb5_error_code /*ret*/, + const char */*fmt*/, + ...) + __attribute__ ((__format__ (__printf__, 3, 4))); + +/** + * Set the error message returned by krb5_get_error_string(). + * + * Deprecated: use krb5_get_error_message() + * + * @param context Kerberos context + * @param fmt error message to free + * + * @return Return an error code or 0. + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_set_error_string ( + krb5_context /*context*/, + const char */*fmt*/, + ...) + __attribute__ ((__format__ (__printf__, 2, 3))) KRB5_DEPRECATED_FUNCTION("Use X instead"); + +/** + * Set extra address to the address list that the library will add to + * the client's address list when communicating with the KDC. + * + * @param context Kerberos 5 context. + * @param addresses addreses to set + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_set_extra_addresses ( + krb5_context /*context*/, + const krb5_addresses */*addresses*/); + +/** + * Set version of fcache that the library should use. + * + * @param context Kerberos 5 context. + * @param version version number. + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_set_fcache_version ( + krb5_context /*context*/, + int /*version*/); + +/** + * Enable and disable home directory access on either the global state + * or the krb5_context state. By calling krb5_set_home_dir_access() + * with context set to NULL, the global state is configured otherwise + * the state for the krb5_context is modified. + * + * For home directory access to be allowed, both the global state and + * the krb5_context state have to be allowed. + * + * @param context a Kerberos 5 context or NULL + * @param allow allow if TRUE home directory + * @return the old value + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_set_home_dir_access ( + krb5_context /*context*/, + krb5_boolean /*allow*/); + +/** + * Set extra addresses to ignore when fetching addresses from the + * underlaying operating system. + * + * @param context Kerberos 5 context. + * @param addresses addreses to ignore + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_set_ignore_addresses ( + krb5_context /*context*/, + const krb5_addresses */*addresses*/); + +/** + * Set current offset in time to the KDC. + * + * @param context Kerberos 5 context. + * @param sec seconds part of offset. + * @param usec micro seconds part of offset. + * + * @return returns zero + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_set_kdc_sec_offset ( + krb5_context /*context*/, + int32_t /*sec*/, + int32_t /*usec*/); + +/** + * Set max time skew allowed. + * + * @param context Kerberos 5 context. + * @param t timeskew in seconds. + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_set_max_time_skew ( + krb5_context /*context*/, + time_t /*t*/); + +/** + * Change password using creds. + * + * @param context a Keberos context + * @param creds The initial kadmin/passwd for the principal or an admin principal + * @param newpw The new password to set + * @param targprinc if unset, the default principal is used. + * @param result_code Result code, KRB5_KPASSWD_SUCCESS is when password is changed. + * @param result_code_string binary message from the server, contains + * at least the result_code. + * @param result_string A message from the kpasswd service or the + * library in human printable form. The string is NUL terminated. + * + * @return On sucess and *result_code is KRB5_KPASSWD_SUCCESS, the password is changed. + + * @ingroup @krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_set_password ( + krb5_context /*context*/, + krb5_creds */*creds*/, + const char */*newpw*/, + krb5_principal /*targprinc*/, + int */*result_code*/, + krb5_data */*result_code_string*/, + krb5_data */*result_string*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_set_password_using_ccache ( + krb5_context /*context*/, + krb5_ccache /*ccache*/, + const char */*newpw*/, + krb5_principal /*targprinc*/, + int */*result_code*/, + krb5_data */*result_code_string*/, + krb5_data */*result_string*/); + +/** + * Set the absolute time that the caller knows the kdc has so the + * kerberos library can calculate the relative diffrence beteen the + * KDC time and local system time. + * + * @param context Keberos 5 context. + * @param sec The applications new of "now" in seconds + * @param usec The applications new of "now" in micro seconds + + * @return Kerberos 5 error code, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_set_real_time ( + krb5_context /*context*/, + krb5_timestamp /*sec*/, + int32_t /*usec*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_set_send_to_kdc_func ( + krb5_context /*context*/, + krb5_send_to_kdc_func /*func*/, + void */*data*/); + +/** + * Make the kerberos library default to the admin KDC. + * + * @param context Kerberos 5 context. + * @param flag boolean flag to select if the use the admin KDC or not. + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_set_use_admin_kdc ( + krb5_context /*context*/, + krb5_boolean /*flag*/); + +/** + * Set the default logging facility. + * + * @param context A Kerberos 5 context + * @param fac Facility to use for logging. + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_set_warn_dest ( + krb5_context /*context*/, + krb5_log_facility */*fac*/); + +/** + * Create a principal for the given service running on the given + * hostname. If KRB5_NT_SRV_HST is used, the hostname is canonicalized + * according the configured name canonicalization rules, with + * canonicalization delayed in some cases. One rule involves DNS, which + * is insecure unless DNSSEC is used, but we don't use DNSSEC-capable + * resolver APIs here, so that if DNSSEC is used we wouldn't know it. + * + * Canonicalization is immediate (not delayed) only when there is only + * one canonicalization rule and that rule indicates that we should do a + * host lookup by name (i.e., DNS). + * + * @param context A Kerberos context. + * @param hostname hostname to use + * @param sname Service name to use + * @param type name type of principal, use KRB5_NT_SRV_HST or KRB5_NT_UNKNOWN. + * @param ret_princ return principal, free with krb5_free_principal(). + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_sname_to_principal ( + krb5_context /*context*/, + const char */*hostname*/, + const char */*sname*/, + int32_t /*type*/, + krb5_principal */*ret_princ*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_sock_to_principal ( + krb5_context /*context*/, + int /*sock*/, + const char */*sname*/, + int32_t /*type*/, + krb5_principal */*ret_princ*/); + +/** + * krb5_sockaddr2address stores a address a "struct sockaddr" sa in + * the krb5_address addr. + * + * @param context a Keberos context + * @param sa a struct sockaddr to extract the address from + * @param addr an Kerberos 5 address to store the address in. + * + * @return Return an error code or 0. + * + * @ingroup krb5_address + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_sockaddr2address ( + krb5_context /*context*/, + const struct sockaddr */*sa*/, + krb5_address */*addr*/); + +/** + * krb5_sockaddr2port extracts a port (if possible) from a "struct + * sockaddr. + * + * @param context a Keberos context + * @param sa a struct sockaddr to extract the port from + * @param port a pointer to an int16_t store the port in. + * + * @return Return an error code or 0. Will return + * KRB5_PROG_ATYPE_NOSUPP in case address type is not supported. + * + * @ingroup krb5_address + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_sockaddr2port ( + krb5_context /*context*/, + const struct sockaddr */*sa*/, + int16_t */*port*/); + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_sockaddr_is_loopback (const struct sockaddr */*sa*/); + +/** + * krb5_sockaddr_uninteresting returns TRUE for all .Fa sa that the + * kerberos library thinks are uninteresting. One example are link + * local addresses. + * + * @param sa pointer to struct sockaddr that might be interesting. + * + * @return Return a non zero for uninteresting addresses. + * + * @ingroup krb5_address + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_sockaddr_uninteresting (const struct sockaddr */*sa*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_std_usage ( + int /*code*/, + struct getargs */*args*/, + int /*num_args*/); + +/** + * Clear the flags on a storage buffer + * + * @param sp the storage buffer to clear the flags on + * @param flags the flags to clear + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_storage_clear_flags ( + krb5_storage */*sp*/, + krb5_flags /*flags*/); + +/** + * Create a elastic (allocating) memory storage backend. Memory is + * allocated on demand. Free returned krb5_storage with + * krb5_storage_free(). + * + * @return A krb5_storage on success, or NULL on out of memory error. + * + * @ingroup krb5_storage + * + * @sa krb5_storage_from_mem() + * @sa krb5_storage_from_readonly_mem() + * @sa krb5_storage_from_fd() + * @sa krb5_storage_from_data() + * @sa krb5_storage_from_socket() + */ + +KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL +krb5_storage_emem (void); + +/** + * Free a krb5 storage. + * + * @param sp the storage to free. + * + * @return An Kerberos 5 error code. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_storage_free (krb5_storage */*sp*/); + +/** + * Create a fixed size memory storage block + * + * @return A krb5_storage on success, or NULL on out of memory error. + * + * @ingroup krb5_storage + * + * @sa krb5_storage_mem() + * @sa krb5_storage_from_mem() + * @sa krb5_storage_from_readonly_mem() + * @sa krb5_storage_from_fd() + */ + +KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL +krb5_storage_from_data (krb5_data */*data*/); + +/** + * + * + * @return A krb5_storage on success, or NULL on out of memory error. + * + * @ingroup krb5_storage + * + * @sa krb5_storage_emem() + * @sa krb5_storage_from_mem() + * @sa krb5_storage_from_readonly_mem() + * @sa krb5_storage_from_data() + * @sa krb5_storage_from_socket() + */ + +KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL +krb5_storage_from_fd (int /*fd_in*/); + +/** + * Create a fixed size memory storage block + * + * @return A krb5_storage on success, or NULL on out of memory error. + * + * @ingroup krb5_storage + * + * @sa krb5_storage_mem() + * @sa krb5_storage_from_readonly_mem() + * @sa krb5_storage_from_data() + * @sa krb5_storage_from_fd() + * @sa krb5_storage_from_socket() + */ + +KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL +krb5_storage_from_mem ( + void */*buf*/, + size_t /*len*/); + +/** + * Create a fixed size memory storage block that is read only + * + * @return A krb5_storage on success, or NULL on out of memory error. + * + * @ingroup krb5_storage + * + * @sa krb5_storage_mem() + * @sa krb5_storage_from_mem() + * @sa krb5_storage_from_data() + * @sa krb5_storage_from_fd() + */ + +KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL +krb5_storage_from_readonly_mem ( + const void */*buf*/, + size_t /*len*/); + +/** + * + * + * @return A krb5_storage on success, or NULL on out of memory error. + * + * @ingroup krb5_storage + * + * @sa krb5_storage_emem() + * @sa krb5_storage_from_mem() + * @sa krb5_storage_from_readonly_mem() + * @sa krb5_storage_from_data() + * @sa krb5_storage_from_fd() + */ + +KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL +krb5_storage_from_socket (krb5_socket_t /*sock_in*/); + +/** + * Sync the storage buffer to its backing store. If there is no + * backing store this function will return success. + * + * @param sp the storage buffer to sync + * + * @return A Kerberos 5 error code + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_storage_fsync (krb5_storage */*sp*/); + +/** + * Return the current byteorder for the buffer. See krb5_storage_set_byteorder() for the list or byte order contants. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_flags KRB5_LIB_CALL +krb5_storage_get_byteorder (krb5_storage */*sp*/); + +/** + * Get the return code that will be used when end of storage is reached. + * + * @param sp the storage + * + * @return storage error code + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_storage_get_eof_code (krb5_storage */*sp*/); + +/** + * Return true or false depending on if the storage flags is set or + * not. NB testing for the flag 0 always return true. + * + * @param sp the storage buffer to check flags on + * @param flags The flags to test for + * + * @return true if all the flags are set, false if not. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_storage_is_flags ( + krb5_storage */*sp*/, + krb5_flags /*flags*/); + +/** + * Read to the storage buffer. + * + * @param sp the storage buffer to read from + * @param buf the buffer to store the data in + * @param len the length to read + * + * @return The length of data read (can be shorter then len), or negative on error. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL +krb5_storage_read ( + krb5_storage */*sp*/, + void */*buf*/, + size_t /*len*/); + +/** + * Seek to a new offset. + * + * @param sp the storage buffer to seek in. + * @param offset the offset to seek + * @param whence relateive searching, SEEK_CUR from the current + * position, SEEK_END from the end, SEEK_SET absolute from the start. + * + * @return The new current offset + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION off_t KRB5_LIB_CALL +krb5_storage_seek ( + krb5_storage */*sp*/, + off_t /*offset*/, + int /*whence*/); + +/** + * Set the new byte order of the storage buffer. + * + * @param sp the storage buffer to set the byte order for. + * @param byteorder the new byte order. + * + * The byte order are: KRB5_STORAGE_BYTEORDER_BE, + * KRB5_STORAGE_BYTEORDER_LE and KRB5_STORAGE_BYTEORDER_HOST. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_storage_set_byteorder ( + krb5_storage */*sp*/, + krb5_flags /*byteorder*/); + +/** + * Set the return code that will be used when end of storage is reached. + * + * @param sp the storage + * @param code the error code to return on end of storage + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_storage_set_eof_code ( + krb5_storage */*sp*/, + int /*code*/); + +/** + * Add the flags on a storage buffer by or-ing in the flags to the buffer. + * + * @param sp the storage buffer to set the flags on + * @param flags the flags to set + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_storage_set_flags ( + krb5_storage */*sp*/, + krb5_flags /*flags*/); + +/** + * Set the max alloc value + * + * @param sp the storage buffer set the max allow for + * @param size maximum size to allocate, use 0 to remove limit + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_storage_set_max_alloc ( + krb5_storage */*sp*/, + size_t /*size*/); + +/** + * Copy the contnent of storage + * + * @param sp the storage to copy to a data + * @param data the copied data, free with krb5_data_free() + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_storage_to_data ( + krb5_storage */*sp*/, + krb5_data */*data*/); + +/** + * Truncate the storage buffer in sp to offset. + * + * @param sp the storage buffer to truncate. + * @param offset the offset to truncate too. + * + * @return An Kerberos 5 error code. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_storage_truncate ( + krb5_storage */*sp*/, + off_t /*offset*/); + +/** + * Write to the storage buffer. + * + * @param sp the storage buffer to write to + * @param buf the buffer to write to the storage buffer + * @param len the length to write + * + * @return The length of data written (can be shorter then len), or negative on error. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL +krb5_storage_write ( + krb5_storage */*sp*/, + const void */*buf*/, + size_t /*len*/); + +/** + * Write a address block to storage. + * + * @param sp the storage buffer to write to + * @param p the address block to write. + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_store_address ( + krb5_storage */*sp*/, + krb5_address /*p*/); + +/** + * Write a addresses block to storage. + * + * @param sp the storage buffer to write to + * @param p the addresses block to write. + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_store_addrs ( + krb5_storage */*sp*/, + krb5_addresses /*p*/); + +/** + * Write a auth data block to storage. + * + * @param sp the storage buffer to write to + * @param auth the auth data block to write. + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_store_authdata ( + krb5_storage */*sp*/, + krb5_authdata /*auth*/); + +/** + * Write a credentials block to storage. + * + * @param sp the storage buffer to write to + * @param creds the creds block to write. + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_store_creds ( + krb5_storage */*sp*/, + krb5_creds */*creds*/); + +/** + * Write a tagged credentials block to storage. + * + * @param sp the storage buffer to write to + * @param creds the creds block to write. + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_store_creds_tag ( + krb5_storage */*sp*/, + krb5_creds */*creds*/); + +/** + * Store a data to the storage. The data is stored with an int32 as + * lenght plus the data (not padded). + * + * @param sp the storage buffer to write to + * @param data the buffer to store. + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_store_data ( + krb5_storage */*sp*/, + krb5_data /*data*/); + +/** + * Store a int16 to storage, byte order is controlled by the settings + * on the storage, see krb5_storage_set_byteorder(). + * + * @param sp the storage to write too + * @param value the value to store + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_store_int16 ( + krb5_storage */*sp*/, + int16_t /*value*/); + +/** + * Store a int32 to storage, byte order is controlled by the settings + * on the storage, see krb5_storage_set_byteorder(). + * + * @param sp the storage to write too + * @param value the value to store + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_store_int32 ( + krb5_storage */*sp*/, + int32_t /*value*/); + +/** + * Store a int64 to storage, byte order is controlled by the settings + * on the storage, see krb5_storage_set_byteorder(). + * + * @param sp the storage to write too + * @param value the value to store + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_store_int64 ( + krb5_storage */*sp*/, + int64_t /*value*/); + +/** + * Store a int8 to storage. + * + * @param sp the storage to write too + * @param value the value to store + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_store_int8 ( + krb5_storage */*sp*/, + int8_t /*value*/); + +/** + * Store a keyblock to the storage. + * + * @param sp the storage buffer to write to + * @param p the keyblock to write + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_store_keyblock ( + krb5_storage */*sp*/, + krb5_keyblock /*p*/); + +/** + * Write a principal block to storage. + * + * @param sp the storage buffer to write to + * @param p the principal block to write. + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_store_principal ( + krb5_storage */*sp*/, + krb5_const_principal /*p*/); + +/** + * Store a string to the buffer. The data is formated as an len:uint32 + * plus the string itself (not padded). + * + * @param sp the storage buffer to write to + * @param s the string to store. + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_store_string ( + krb5_storage */*sp*/, + const char */*s*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_store_stringnl ( + krb5_storage */*sp*/, + const char */*s*/); + +/** + * Store a zero terminated string to the buffer. The data is stored + * one character at a time until a NUL is stored. + * + * @param sp the storage buffer to write to + * @param s the string to store. + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_store_stringz ( + krb5_storage */*sp*/, + const char */*s*/); + +/** + * Write a times block to storage. + * + * @param sp the storage buffer to write to + * @param times the times block to write. + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_store_times ( + krb5_storage */*sp*/, + krb5_times /*times*/); + +/** + * Store a uint16 to storage, byte order is controlled by the settings + * on the storage, see krb5_storage_set_byteorder(). + * + * @param sp the storage to write too + * @param value the value to store + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_store_uint16 ( + krb5_storage */*sp*/, + uint16_t /*value*/); + +/** + * Store a uint32 to storage, byte order is controlled by the settings + * on the storage, see krb5_storage_set_byteorder(). + * + * @param sp the storage to write too + * @param value the value to store + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_store_uint32 ( + krb5_storage */*sp*/, + uint32_t /*value*/); + +/** + * Store a uint64 to storage, byte order is controlled by the settings + * on the storage, see krb5_storage_set_byteorder(). + * + * @param sp the storage to write too + * @param value the value to store + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_store_uint64 ( + krb5_storage */*sp*/, + uint64_t /*value*/); + +/** + * Store a uint8 to storage. + * + * @param sp the storage to write too + * @param value the value to store + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_store_uint8 ( + krb5_storage */*sp*/, + uint8_t /*value*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_string_to_deltat ( + const char */*string*/, + krb5_deltat */*deltat*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_string_to_enctype ( + krb5_context /*context*/, + const char */*string*/, + krb5_enctype */*etype*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_string_to_key ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + const char */*password*/, + krb5_principal /*principal*/, + krb5_keyblock */*key*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_string_to_key_data ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + krb5_data /*password*/, + krb5_principal /*principal*/, + krb5_keyblock */*key*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_string_to_key_data_salt ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + krb5_data /*password*/, + krb5_salt /*salt*/, + krb5_keyblock */*key*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_string_to_key_data_salt_opaque ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + krb5_data /*password*/, + krb5_salt /*salt*/, + krb5_data /*opaque*/, + krb5_keyblock */*key*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_string_to_key_derived ( + krb5_context /*context*/, + const void */*str*/, + size_t /*len*/, + krb5_enctype /*etype*/, + krb5_keyblock */*key*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_string_to_key_salt ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + const char */*password*/, + krb5_salt /*salt*/, + krb5_keyblock */*key*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_string_to_key_salt_opaque ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + const char */*password*/, + krb5_salt /*salt*/, + krb5_data /*opaque*/, + krb5_keyblock */*key*/); + +/** + * Deprecated: keytypes doesn't exists, they are really enctypes in + * most cases, use krb5_string_to_enctype(). + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_string_to_keytype ( + krb5_context /*context*/, + const char */*string*/, + krb5_keytype */*keytype*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_string_to_salttype ( + krb5_context /*context*/, + krb5_enctype /*etype*/, + const char */*string*/, + krb5_salttype */*salttype*/); + +/** + * Extract the authorization data type of type from the ticket. Store + * the field in data. This function is to use for kerberos + * applications. + * + * @param context a Kerberos 5 context + * @param ticket Kerberos ticket + * @param type type to fetch + * @param data returned data, free with krb5_data_free() + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ticket_get_authorization_data_type ( + krb5_context /*context*/, + krb5_ticket */*ticket*/, + int /*type*/, + krb5_data */*data*/); + +/** + * Return client principal in ticket + * + * @param context a Kerberos 5 context + * @param ticket ticket to copy + * @param client client principal, free with krb5_free_principal() + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ticket_get_client ( + krb5_context /*context*/, + const krb5_ticket */*ticket*/, + krb5_principal */*client*/); + +/** + * Return end time of ticket + * + * @param context a Kerberos 5 context + * @param ticket ticket to copy + * + * @return end time of ticket + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL +krb5_ticket_get_endtime ( + krb5_context /*context*/, + const krb5_ticket */*ticket*/); + +/** + * Get the flags from the Kerberos ticket + * + * @param context Kerberos context + * @param ticket Kerberos ticket + * + * @return ticket flags + * + * @ingroup krb5_ticket + */ + +KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL +krb5_ticket_get_flags ( + krb5_context /*context*/, + const krb5_ticket */*ticket*/); + +/** + * Return server principal in ticket + * + * @param context a Kerberos 5 context + * @param ticket ticket to copy + * @param server server principal, free with krb5_free_principal() + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ticket_get_server ( + krb5_context /*context*/, + const krb5_ticket */*ticket*/, + krb5_principal */*server*/); + +/** + * If the caller passes in a negative usec, its assumed to be + * unknown and the function will use the current time usec. + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_timeofday ( + krb5_context /*context*/, + krb5_timestamp */*timeret*/); + +/** + * Unparse the Kerberos name into a string + * + * @param context Kerberos 5 context + * @param principal principal to query + * @param name resulting string, free with krb5_xfree() + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_unparse_name ( + krb5_context /*context*/, + krb5_const_principal /*principal*/, + char **/*name*/); + +/** + * Unparse the principal name to a fixed buffer + * + * @param context A Kerberos context. + * @param principal principal to unparse + * @param name buffer to write name to + * @param len length of buffer + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_unparse_name_fixed ( + krb5_context /*context*/, + krb5_const_principal /*principal*/, + char */*name*/, + size_t /*len*/); + +/** + * Unparse the principal name with unparse flags to a fixed buffer. + * + * @param context A Kerberos context. + * @param principal principal to unparse + * @param flags unparse flags + * @param name buffer to write name to + * @param len length of buffer + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_unparse_name_fixed_flags ( + krb5_context /*context*/, + krb5_const_principal /*principal*/, + int /*flags*/, + char */*name*/, + size_t /*len*/); + +/** + * Unparse the principal name to a fixed buffer. The realm is skipped + * if its a default realm. + * + * @param context A Kerberos context. + * @param principal principal to unparse + * @param name buffer to write name to + * @param len length of buffer + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_unparse_name_fixed_short ( + krb5_context /*context*/, + krb5_const_principal /*principal*/, + char */*name*/, + size_t /*len*/); + +/** + * Unparse the Kerberos name into a string + * + * @param context Kerberos 5 context + * @param principal principal to query + * @param flags flag to determine the behavior + * @param name resulting string, free with krb5_xfree() + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_unparse_name_flags ( + krb5_context /*context*/, + krb5_const_principal /*principal*/, + int /*flags*/, + char **/*name*/); + +/** + * Unparse the principal name to a allocated buffer. The realm is + * skipped if its a default realm. + * + * @param context A Kerberos context. + * @param principal principal to unparse + * @param name returned buffer, free with krb5_xfree() + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_unparse_name_short ( + krb5_context /*context*/, + krb5_const_principal /*principal*/, + char **/*name*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_us_timeofday ( + krb5_context /*context*/, + krb5_timestamp */*sec*/, + int32_t */*usec*/); + +/** + * Log a warning to the log, default stderr, include bthe error from + * the last failure and then abort. + * + * @param context A Kerberos 5 context + * @param code error code of the last error + * @param fmt message to print + * @param ap arguments + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_vabort ( + krb5_context /*context*/, + krb5_error_code /*code*/, + const char */*fmt*/, + va_list /*ap*/) + __attribute__ ((__noreturn__, __format__ (__printf__, 3, 0))); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_vabortx ( + krb5_context /*context*/, + const char */*fmt*/, + va_list /*ap*/) + __attribute__ ((__noreturn__, __format__ (__printf__, 2, 0))); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_verify_ap_req ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + krb5_ap_req */*ap_req*/, + krb5_const_principal /*server*/, + krb5_keyblock */*keyblock*/, + krb5_flags /*flags*/, + krb5_flags */*ap_req_options*/, + krb5_ticket **/*ticket*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_verify_ap_req2 ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + krb5_ap_req */*ap_req*/, + krb5_const_principal /*server*/, + krb5_keyblock */*keyblock*/, + krb5_flags /*flags*/, + krb5_flags */*ap_req_options*/, + krb5_ticket **/*ticket*/, + krb5_key_usage /*usage*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_verify_authenticator_checksum ( + krb5_context /*context*/, + krb5_auth_context /*ac*/, + void */*data*/, + size_t /*len*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_verify_checksum ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + krb5_key_usage /*usage*/, + void */*data*/, + size_t /*len*/, + Checksum */*cksum*/); + +/** + * Verify a Kerberos message checksum. + * + * @param context Kerberos context + * @param crypto Kerberos crypto context + * @param usage Key usage for this buffer + * @param data array of buffers to process + * @param num_data length of array + * @param type return checksum type if not NULL + * + * @return Return an error code or 0. + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_verify_checksum_iov ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + unsigned /*usage*/, + krb5_crypto_iov */*data*/, + unsigned int /*num_data*/, + krb5_cksumtype */*type*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_verify_init_creds ( + krb5_context /*context*/, + krb5_creds */*creds*/, + krb5_principal /*ap_req_server*/, + krb5_keytab /*ap_req_keytab*/, + krb5_ccache */*ccache*/, + krb5_verify_init_creds_opt */*options*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_verify_init_creds_opt_init (krb5_verify_init_creds_opt */*options*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_verify_init_creds_opt_set_ap_req_nofail ( + krb5_verify_init_creds_opt */*options*/, + int /*ap_req_nofail*/); + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_verify_opt_alloc ( + krb5_context /*context*/, + krb5_verify_opt **/*opt*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_verify_opt_free (krb5_verify_opt */*opt*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_verify_opt_init (krb5_verify_opt */*opt*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_verify_opt_set_ccache ( + krb5_verify_opt */*opt*/, + krb5_ccache /*ccache*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_verify_opt_set_flags ( + krb5_verify_opt */*opt*/, + unsigned int /*flags*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_verify_opt_set_keytab ( + krb5_verify_opt */*opt*/, + krb5_keytab /*keytab*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_verify_opt_set_secure ( + krb5_verify_opt */*opt*/, + krb5_boolean /*secure*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_verify_opt_set_service ( + krb5_verify_opt */*opt*/, + const char */*service*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_verify_user ( + krb5_context /*context*/, + krb5_principal /*principal*/, + krb5_ccache /*ccache*/, + const char */*password*/, + krb5_boolean /*secure*/, + const char */*service*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_verify_user_lrealm ( + krb5_context /*context*/, + krb5_principal /*principal*/, + krb5_ccache /*ccache*/, + const char */*password*/, + krb5_boolean /*secure*/, + const char */*service*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_verify_user_opt ( + krb5_context /*context*/, + krb5_principal /*principal*/, + const char */*password*/, + krb5_verify_opt */*opt*/); + +/** + * Log a warning to the log, default stderr, include bthe error from + * the last failure and then exit. + * + * @param context A Kerberos 5 context + * @param eval the exit code to exit with + * @param code error code of the last error + * @param fmt message to print + * @param ap arguments + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_verr ( + krb5_context /*context*/, + int /*eval*/, + krb5_error_code /*code*/, + const char */*fmt*/, + va_list /*ap*/) + __attribute__ ((__noreturn__, __format__ (__printf__, 4, 0))); + +/** + * Log a warning to the log, default stderr, and then exit. + * + * @param context A Kerberos 5 context + * @param eval the exit code to exit with + * @param fmt message to print + * @param ap arguments + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_verrx ( + krb5_context /*context*/, + int /*eval*/, + const char */*fmt*/, + va_list /*ap*/) + __attribute__ ((__noreturn__, __format__ (__printf__, 3, 0))); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_vlog ( + krb5_context /*context*/, + krb5_log_facility */*fac*/, + int /*level*/, + const char */*fmt*/, + va_list /*ap*/) + __attribute__ ((__format__ (__printf__, 4, 0))); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_vlog_msg ( + krb5_context /*context*/, + krb5_log_facility */*fac*/, + char **/*reply*/, + int /*level*/, + const char */*fmt*/, + va_list /*ap*/) + __attribute__ ((__format__ (__printf__, 5, 0))); + +/** + * Prepend the contexts's full error string for a specific error code. + * + * The if context is NULL, no error string is stored. + * + * @param context Kerberos 5 context + * @param ret The error code + * @param fmt Error string for the error code + * @param args printf(3) style parameters. + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_vprepend_error_message ( + krb5_context /*context*/, + krb5_error_code /*ret*/, + const char */*fmt*/, + va_list /*args*/) + __attribute__ ((__format__ (__printf__, 3, 0))); + +/** + * Set the context full error string for a specific error code. + * + * The if context is NULL, no error string is stored. + * + * @param context Kerberos 5 context + * @param ret The error code + * @param fmt Error string for the error code + * @param args printf(3) style parameters. + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_vset_error_message ( + krb5_context /*context*/, + krb5_error_code /*ret*/, + const char */*fmt*/, + va_list /*args*/) + __attribute__ ((__format__ (__printf__, 3, 0))); + +/** + * Set the error message returned by krb5_get_error_string(), + * deprecated, use krb5_set_error_message(). + * + * Deprecated: use krb5_vset_error_message() + * + * @param context Kerberos context + * @param fmt error message to free + * @param args variable argument list vector + * + * @return Return an error code or 0. + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_vset_error_string ( + krb5_context /*context*/, + const char */*fmt*/, + va_list /*args*/) + __attribute__ ((__format__ (__printf__, 2, 0))) KRB5_DEPRECATED_FUNCTION("Use X instead"); + +/** + * Log a warning to the log, default stderr, include the error from + * the last failure. + * + * @param context A Kerberos 5 context. + * @param code error code of the last error + * @param fmt message to print + * @param ap arguments + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_vwarn ( + krb5_context /*context*/, + krb5_error_code /*code*/, + const char */*fmt*/, + va_list /*ap*/) + __attribute__ ((__format__ (__printf__, 3, 0))); + +/** + * Log a warning to the log, default stderr. + * + * @param context A Kerberos 5 context. + * @param fmt message to print + * @param ap arguments + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_vwarnx ( + krb5_context /*context*/, + const char */*fmt*/, + va_list /*ap*/) + __attribute__ ((__format__ (__printf__, 2, 0))); + +/** + * Log a warning to the log, default stderr, include the error from + * the last failure. + * + * @param context A Kerberos 5 context. + * @param code error code of the last error + * @param fmt message to print + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_warn ( + krb5_context /*context*/, + krb5_error_code /*code*/, + const char */*fmt*/, + ...) + __attribute__ ((__format__ (__printf__, 3, 4))); + +/** + * Log a warning to the log, default stderr. + * + * @param context A Kerberos 5 context. + * @param fmt message to print + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_warnx ( + krb5_context /*context*/, + const char */*fmt*/, + ...) + __attribute__ ((__format__ (__printf__, 2, 3))); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_write_message ( + krb5_context /*context*/, + krb5_pointer /*p_fd*/, + krb5_data */*data*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_write_priv_message ( + krb5_context /*context*/, + krb5_auth_context /*ac*/, + krb5_pointer /*p_fd*/, + krb5_data */*data*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_write_safe_message ( + krb5_context /*context*/, + krb5_auth_context /*ac*/, + krb5_pointer /*p_fd*/, + krb5_data */*data*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_xfree (void */*ptr*/); + +#ifdef __cplusplus +} +#endif + +#undef KRB5_DEPRECATED_FUNCTION + +#endif /* DOXY */ +#endif /* __krb5_protos_h__ */ diff --git a/kerberos5/include/krb5-types.h b/kerberos5/include/krb5-types.h --- a/kerberos5/include/krb5-types.h +++ b/kerberos5/include/krb5-types.h @@ -1,8 +1,3 @@ -/* - * generic krb5-types.h for cross compiling, assume system is posix/sus - */ - - #ifndef __krb5_types_h__ #define __krb5_types_h__ @@ -10,22 +5,26 @@ #include #include + typedef socklen_t krb5_socklen_t; #include typedef ssize_t krb5_ssize_t; +typedef int krb5_socket_t; + #if !defined(__has_extension) #define __has_extension(x) 0 #endif +#ifndef KRB5TYPES_REQUIRE_GNUC #define KRB5TYPES_REQUIRE_GNUC(m,n,p) \ (((__GNUC__ * 10000) + (__GNUC_MINOR__ * 100) + __GNUC_PATCHLEVEL__) >= \ (((m) * 10000) + ((n) * 100) + (p))) - +#endif #ifndef HEIMDAL_DEPRECATED #if __has_extension(deprecated) || KRB5TYPES_REQUIRE_GNUC(3,1,0) -#define HEIMDAL_DEPRECATED __attribute__((deprecated)) +#define HEIMDAL_DEPRECATED __attribute__ ((__deprecated__)) #elif defined(_MSC_VER) && (_MSC_VER>1200) #define HEIMDAL_DEPRECATED __declspec(deprecated) #else @@ -35,7 +34,7 @@ #ifndef HEIMDAL_PRINTF_ATTRIBUTE #if __has_extension(format) || KRB5TYPES_REQUIRE_GNUC(3,1,0) -#define HEIMDAL_PRINTF_ATTRIBUTE(x) __attribute__((format x)) +#define HEIMDAL_PRINTF_ATTRIBUTE(x) __attribute__ ((__format__ x)) #else #define HEIMDAL_PRINTF_ATTRIBUTE(x) #endif @@ -43,7 +42,7 @@ #ifndef HEIMDAL_NORETURN_ATTRIBUTE #if __has_extension(noreturn) || KRB5TYPES_REQUIRE_GNUC(3,1,0) -#define HEIMDAL_NORETURN_ATTRIBUTE __attribute__((noreturn)) +#define HEIMDAL_NORETURN_ATTRIBUTE __attribute__ ((__noreturn__)) #else #define HEIMDAL_NORETURN_ATTRIBUTE #endif @@ -51,12 +50,18 @@ #ifndef HEIMDAL_UNUSED_ATTRIBUTE #if __has_extension(unused) || KRB5TYPES_REQUIRE_GNUC(3,1,0) -#define HEIMDAL_UNUSED_ATTRIBUTE __attribute__((unused)) +#define HEIMDAL_UNUSED_ATTRIBUTE __attribute__ ((__unused__)) #else #define HEIMDAL_UNUSED_ATTRIBUTE #endif #endif -typedef int krb5_socket_t; +#ifndef HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE +#if __has_extension(warn_unused_result) || KRB5TYPES_REQUIRE_GNUC(3,3,0) +#define HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE __attribute__ ((__warn_unused_result__)) +#else +#define HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE +#endif +#endif #endif /* __krb5_types_h__ */ diff --git a/kerberos5/include/krb5.h b/kerberos5/include/krb5.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/krb5.h @@ -0,0 +1,1017 @@ +/* + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef __KRB5_H__ +#define __KRB5_H__ + +#include +#include + +#include +#include +#include +#include + +#include + +/* name confusion with MIT */ +#ifndef KRB5KDC_ERR_KEY_EXP +#define KRB5KDC_ERR_KEY_EXP KRB5KDC_ERR_KEY_EXPIRED +#endif + +#ifdef _WIN32 +#define KRB5_CALLCONV __stdcall +#else +#define KRB5_CALLCONV +#endif + +/* simple constants */ + +#ifndef TRUE +#define TRUE 1 +#define FALSE 0 +#endif + +typedef int krb5_boolean; + +typedef int32_t krb5_error_code; + +typedef int32_t krb5_kvno; + +typedef uint32_t krb5_flags; + +typedef void *krb5_pointer; +typedef const void *krb5_const_pointer; + +struct krb5_crypto_data; +typedef struct krb5_crypto_data *krb5_crypto; + +struct krb5_get_creds_opt_data; +typedef struct krb5_get_creds_opt_data *krb5_get_creds_opt; + +struct krb5_digest_data; +typedef struct krb5_digest_data *krb5_digest; +struct krb5_ntlm_data; +typedef struct krb5_ntlm_data *krb5_ntlm; + +struct krb5_pac_data; +typedef struct krb5_pac_data *krb5_pac; + +typedef struct krb5_rd_req_in_ctx_data *krb5_rd_req_in_ctx; +typedef struct krb5_rd_req_out_ctx_data *krb5_rd_req_out_ctx; + +typedef CKSUMTYPE krb5_cksumtype; + +typedef Checksum krb5_checksum; + +typedef ENCTYPE krb5_enctype; + +typedef struct krb5_get_init_creds_ctx *krb5_init_creds_context; + +typedef heim_octet_string krb5_data; + +/* PKINIT related forward declarations */ +struct ContentInfo; +struct krb5_pk_identity; +struct krb5_pk_cert; + +/* krb5_enc_data is a mit compat structure */ +typedef struct krb5_enc_data { + krb5_enctype enctype; + krb5_kvno kvno; + krb5_data ciphertext; +} krb5_enc_data; + +/* alternative names */ +#define ENCTYPE_NULL KRB5_ENCTYPE_NULL +#define ENCTYPE_DES_CBC_CRC KRB5_ENCTYPE_DES_CBC_CRC +#define ENCTYPE_DES_CBC_MD4 KRB5_ENCTYPE_DES_CBC_MD4 +#define ENCTYPE_DES_CBC_MD5 KRB5_ENCTYPE_DES_CBC_MD5 +#define ENCTYPE_DES3_CBC_MD5 KRB5_ENCTYPE_DES3_CBC_MD5 +#define ENCTYPE_OLD_DES3_CBC_SHA1 KRB5_ENCTYPE_OLD_DES3_CBC_SHA1 +#define ENCTYPE_SIGN_DSA_GENERATE KRB5_ENCTYPE_SIGN_DSA_GENERATE +#define ENCTYPE_ENCRYPT_RSA_PRIV KRB5_ENCTYPE_ENCRYPT_RSA_PRIV +#define ENCTYPE_ENCRYPT_RSA_PUB KRB5_ENCTYPE_ENCRYPT_RSA_PUB +#define ENCTYPE_DES3_CBC_SHA1 KRB5_ENCTYPE_DES3_CBC_SHA1 +#define ENCTYPE_AES128_CTS_HMAC_SHA1_96 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96 +#define ENCTYPE_AES256_CTS_HMAC_SHA1_96 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96 +#define ENCTYPE_ARCFOUR_HMAC KRB5_ENCTYPE_ARCFOUR_HMAC_MD5 +#define ENCTYPE_ARCFOUR_HMAC_MD5 KRB5_ENCTYPE_ARCFOUR_HMAC_MD5 +#define ENCTYPE_ARCFOUR_HMAC_MD5_56 KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56 +#define ENCTYPE_ENCTYPE_PK_CROSS KRB5_ENCTYPE_ENCTYPE_PK_CROSS +#define ENCTYPE_DES_CBC_NONE KRB5_ENCTYPE_DES_CBC_NONE +#define ENCTYPE_DES3_CBC_NONE KRB5_ENCTYPE_DES3_CBC_NONE +#define ENCTYPE_DES_CFB64_NONE KRB5_ENCTYPE_DES_CFB64_NONE +#define ENCTYPE_DES_PCBC_NONE KRB5_ENCTYPE_DES_PCBC_NONE +#define ETYPE_NULL KRB5_ENCTYPE_NULL +#define ETYPE_DES_CBC_CRC KRB5_ENCTYPE_DES_CBC_CRC +#define ETYPE_DES_CBC_MD4 KRB5_ENCTYPE_DES_CBC_MD4 +#define ETYPE_DES_CBC_MD5 KRB5_ENCTYPE_DES_CBC_MD5 +#define ETYPE_DES3_CBC_MD5 KRB5_ENCTYPE_DES3_CBC_MD5 +#define ETYPE_OLD_DES3_CBC_SHA1 KRB5_ENCTYPE_OLD_DES3_CBC_SHA1 +#define ETYPE_SIGN_DSA_GENERATE KRB5_ENCTYPE_SIGN_DSA_GENERATE +#define ETYPE_ENCRYPT_RSA_PRIV KRB5_ENCTYPE_ENCRYPT_RSA_PRIV +#define ETYPE_ENCRYPT_RSA_PUB KRB5_ENCTYPE_ENCRYPT_RSA_PUB +#define ETYPE_DES3_CBC_SHA1 KRB5_ENCTYPE_DES3_CBC_SHA1 +#define ETYPE_AES128_CTS_HMAC_SHA1_96 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96 +#define ETYPE_AES256_CTS_HMAC_SHA1_96 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96 +#define ETYPE_AES128_CTS_HMAC_SHA256_128 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128 +#define ETYPE_AES256_CTS_HMAC_SHA384_192 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192 +#define ETYPE_ARCFOUR_HMAC_MD5 KRB5_ENCTYPE_ARCFOUR_HMAC_MD5 +#define ETYPE_ARCFOUR_HMAC_MD5_56 KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56 +#define ETYPE_ENCTYPE_PK_CROSS KRB5_ENCTYPE_ENCTYPE_PK_CROSS +#define ETYPE_ARCFOUR_MD4 KRB5_ENCTYPE_ARCFOUR_MD4 +#define ETYPE_ARCFOUR_HMAC_OLD KRB5_ENCTYPE_ARCFOUR_HMAC_OLD +#define ETYPE_ARCFOUR_HMAC_OLD_EXP KRB5_ENCTYPE_ARCFOUR_HMAC_OLD_EXP +#define ETYPE_DES_CBC_NONE KRB5_ENCTYPE_DES_CBC_NONE +#define ETYPE_DES3_CBC_NONE KRB5_ENCTYPE_DES3_CBC_NONE +#define ETYPE_DES_CFB64_NONE KRB5_ENCTYPE_DES_CFB64_NONE +#define ETYPE_DES_PCBC_NONE KRB5_ENCTYPE_DES_PCBC_NONE +#define ETYPE_DIGEST_MD5_NONE KRB5_ENCTYPE_DIGEST_MD5_NONE +#define ETYPE_CRAM_MD5_NONE KRB5_ENCTYPE_CRAM_MD5_NONE + +/* PDU types */ +typedef enum krb5_pdu { + KRB5_PDU_ERROR = 0, + KRB5_PDU_TICKET = 1, + KRB5_PDU_AS_REQUEST = 2, + KRB5_PDU_AS_REPLY = 3, + KRB5_PDU_TGS_REQUEST = 4, + KRB5_PDU_TGS_REPLY = 5, + KRB5_PDU_AP_REQUEST = 6, + KRB5_PDU_AP_REPLY = 7, + KRB5_PDU_KRB_SAFE = 8, + KRB5_PDU_KRB_PRIV = 9, + KRB5_PDU_KRB_CRED = 10, + KRB5_PDU_NONE = 11 /* See krb5_get_permitted_enctypes() */ +} krb5_pdu; + +typedef PADATA_TYPE krb5_preauthtype; + +typedef enum krb5_key_usage { + KRB5_KU_PA_ENC_TIMESTAMP = 1, + /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the + client key (section 5.4.1) */ + KRB5_KU_TICKET = 2, + /* AS-REP Ticket and TGS-REP Ticket (includes tgs session key or + application session key), encrypted with the service key + (section 5.4.2) */ + KRB5_KU_AS_REP_ENC_PART = 3, + /* AS-REP encrypted part (includes tgs session key or application + session key), encrypted with the client key (section 5.4.2) */ + KRB5_KU_TGS_REQ_AUTH_DAT_SESSION = 4, + /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs + session key (section 5.4.1) */ + KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY = 5, + /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs + authenticator subkey (section 5.4.1) */ + KRB5_KU_TGS_REQ_AUTH_CKSUM = 6, + /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed + with the tgs session key (sections 5.3.2, 5.4.1) */ + KRB5_KU_TGS_REQ_AUTH = 7, + /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs + authenticator subkey), encrypted with the tgs session key + (section 5.3.2) */ + KRB5_KU_TGS_REP_ENC_PART_SESSION = 8, + /* TGS-REP encrypted part (includes application session key), + encrypted with the tgs session key (section 5.4.2) */ + KRB5_KU_TGS_REP_ENC_PART_SUB_KEY = 9, + /* TGS-REP encrypted part (includes application session key), + encrypted with the tgs authenticator subkey (section 5.4.2) */ + KRB5_KU_AP_REQ_AUTH_CKSUM = 10, + /* AP-REQ Authenticator cksum, keyed with the application session + key (section 5.3.2) */ + KRB5_KU_AP_REQ_AUTH = 11, + /* AP-REQ Authenticator (includes application authenticator + subkey), encrypted with the application session key (section + 5.3.2) */ + KRB5_KU_AP_REQ_ENC_PART = 12, + /* AP-REP encrypted part (includes application session subkey), + encrypted with the application session key (section 5.5.2) */ + KRB5_KU_KRB_PRIV = 13, + /* KRB-PRIV encrypted part, encrypted with a key chosen by the + application (section 5.7.1) */ + KRB5_KU_KRB_CRED = 14, + /* KRB-CRED encrypted part, encrypted with a key chosen by the + application (section 5.8.1) */ + KRB5_KU_KRB_SAFE_CKSUM = 15, + /* KRB-SAFE cksum, keyed with a key chosen by the application + (section 5.6.1) */ + KRB5_KU_OTHER_ENCRYPTED = 16, + /* Data which is defined in some specification outside of + Kerberos to be encrypted using an RFC1510 encryption type. */ + KRB5_KU_OTHER_CKSUM = 17, + /* Data which is defined in some specification outside of + Kerberos to be checksummed using an RFC1510 checksum type. */ + KRB5_KU_KRB_ERROR = 18, + /* Krb-error checksum */ + KRB5_KU_AD_KDC_ISSUED = 19, + /* AD-KDCIssued checksum */ + KRB5_KU_MANDATORY_TICKET_EXTENSION = 20, + /* Checksum for Mandatory Ticket Extensions */ + KRB5_KU_AUTH_DATA_TICKET_EXTENSION = 21, + /* Checksum in Authorization Data in Ticket Extensions */ + KRB5_KU_USAGE_SEAL = 22, + /* seal in GSSAPI krb5 mechanism */ + KRB5_KU_USAGE_SIGN = 23, + /* sign in GSSAPI krb5 mechanism */ + KRB5_KU_USAGE_SEQ = 24, + /* SEQ in GSSAPI krb5 mechanism */ + KRB5_KU_USAGE_ACCEPTOR_SEAL = 22, + /* acceptor sign in GSSAPI CFX krb5 mechanism */ + KRB5_KU_USAGE_ACCEPTOR_SIGN = 23, + /* acceptor seal in GSSAPI CFX krb5 mechanism */ + KRB5_KU_USAGE_INITIATOR_SEAL = 24, + /* initiator sign in GSSAPI CFX krb5 mechanism */ + KRB5_KU_USAGE_INITIATOR_SIGN = 25, + /* initiator seal in GSSAPI CFX krb5 mechanism */ + KRB5_KU_PA_SERVER_REFERRAL_DATA = 22, + /* encrypted server referral data */ + KRB5_KU_SAM_CHECKSUM = 25, + /* Checksum for the SAM-CHECKSUM field */ + KRB5_KU_SAM_ENC_TRACK_ID = 26, + /* Encryption of the SAM-TRACK-ID field */ + KRB5_KU_PA_SERVER_REFERRAL = 26, + /* Keyusage for the server referral in a TGS req */ + KRB5_KU_SAM_ENC_NONCE_SAD = 27, + /* Encryption of the SAM-NONCE-OR-SAD field */ + KRB5_KU_PA_PKINIT_KX = 44, + /* Encryption type of the kdc session contribution in pk-init */ + KRB5_KU_AS_REQ = 56, + /* Checksum of over the AS-REQ send by the KDC in PA-REQ-ENC-PA-REP */ + KRB5_KU_FAST_REQ_CHKSUM = 50, + /* FAST armor checksum */ + KRB5_KU_FAST_ENC = 51, + /* FAST armor encryption */ + KRB5_KU_FAST_REP = 52, + /* FAST armor reply */ + KRB5_KU_FAST_FINISHED = 53, + /* FAST finished checksum */ + KRB5_KU_ENC_CHALLENGE_CLIENT = 54, + /* fast challenge from client */ + KRB5_KU_ENC_CHALLENGE_KDC = 55, + /* fast challenge from kdc */ + KRB5_KU_DIGEST_ENCRYPT = -18, + /* Encryption key usage used in the digest encryption field */ + KRB5_KU_DIGEST_OPAQUE = -19, + /* Checksum key usage used in the digest opaque field */ + KRB5_KU_KRB5SIGNEDPATH = -21, + /* Checksum key usage on KRB5SignedPath */ + KRB5_KU_CANONICALIZED_NAMES = -23, + /* Checksum key usage on PA-CANONICALIZED */ + KRB5_KU_H5L_COOKIE = -25 + /* encrypted foo */ +} krb5_key_usage; + +typedef krb5_key_usage krb5_keyusage; + +typedef enum krb5_salttype { + KRB5_PW_SALT = KRB5_PADATA_PW_SALT, + KRB5_AFS3_SALT = KRB5_PADATA_AFS3_SALT +}krb5_salttype; + +typedef struct krb5_salt { + krb5_salttype salttype; + krb5_data saltvalue; +} krb5_salt; + +typedef ETYPE_INFO krb5_preauthinfo; + +typedef struct { + krb5_preauthtype type; + krb5_preauthinfo info; /* list of preauthinfo for this type */ +} krb5_preauthdata_entry; + +typedef struct krb5_preauthdata { + unsigned len; + krb5_preauthdata_entry *val; +}krb5_preauthdata; + +typedef enum krb5_address_type { + KRB5_ADDRESS_INET = 2, + KRB5_ADDRESS_NETBIOS = 20, + KRB5_ADDRESS_INET6 = 24, + KRB5_ADDRESS_ADDRPORT = 256, + KRB5_ADDRESS_IPPORT = 257 +} krb5_address_type; + +enum { + AP_OPTS_USE_SESSION_KEY = 1, + AP_OPTS_MUTUAL_REQUIRED = 2, + AP_OPTS_USE_SUBKEY = 4 /* library internal */ +}; + +typedef HostAddress krb5_address; + +typedef HostAddresses krb5_addresses; + +typedef krb5_enctype krb5_keytype; + +enum krb5_keytype_old { + KEYTYPE_NULL = ETYPE_NULL, + KEYTYPE_DES = ETYPE_DES_CBC_CRC, + KEYTYPE_DES3 = ETYPE_OLD_DES3_CBC_SHA1, + KEYTYPE_AES128 = ETYPE_AES128_CTS_HMAC_SHA1_96, + KEYTYPE_AES256 = ETYPE_AES256_CTS_HMAC_SHA1_96, + KEYTYPE_ARCFOUR = ETYPE_ARCFOUR_HMAC_MD5, + KEYTYPE_ARCFOUR_56 = ETYPE_ARCFOUR_HMAC_MD5_56 +}; + +typedef EncryptionKey krb5_keyblock; + +typedef AP_REQ krb5_ap_req; + +struct krb5_cc_ops; + +#ifdef _WIN32 +#define KRB5_USE_PATH_TOKENS 1 +#endif + +#ifdef KRB5_USE_PATH_TOKENS +#define KRB5_DEFAULT_CCFILE_ROOT "%{TEMP}/krb5cc_" +#else +#define KRB5_DEFAULT_CCFILE_ROOT "/tmp/krb5cc_" +#endif + +#define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT + +#define KRB5_ACCEPT_NULL_ADDRESSES(C) \ + krb5_config_get_bool_default((C), NULL, TRUE, \ + "libdefaults", "accept_null_addresses", \ + NULL) + +typedef void *krb5_cc_cursor; +typedef struct krb5_cccol_cursor_data *krb5_cccol_cursor; + +typedef struct krb5_ccache_data { + const struct krb5_cc_ops *ops; + krb5_data data; + int initialized; /* if non-zero: krb5_cc_initialize() called, now empty */ +}krb5_ccache_data; + +typedef struct krb5_ccache_data *krb5_ccache; + +typedef struct krb5_context_data *krb5_context; + +typedef Realm krb5_realm; +typedef const char *krb5_const_realm; /* stupid language */ + +#define krb5_realm_length(r) strlen(r) +#define krb5_realm_data(r) (r) + +typedef Principal krb5_principal_data; +typedef struct Principal *krb5_principal; +typedef const struct Principal *krb5_const_principal; +typedef struct Principals *krb5_principals; + +typedef time_t krb5_deltat; +typedef time_t krb5_timestamp; + +typedef struct krb5_times { + krb5_timestamp authtime; + krb5_timestamp starttime; + krb5_timestamp endtime; + krb5_timestamp renew_till; +} krb5_times; + +typedef union { + TicketFlags b; + krb5_flags i; +} krb5_ticket_flags; + +/* options for krb5_get_in_tkt() */ +#define KDC_OPT_FORWARDABLE (1 << 1) +#define KDC_OPT_FORWARDED (1 << 2) +#define KDC_OPT_PROXIABLE (1 << 3) +#define KDC_OPT_PROXY (1 << 4) +#define KDC_OPT_ALLOW_POSTDATE (1 << 5) +#define KDC_OPT_POSTDATED (1 << 6) +#define KDC_OPT_RENEWABLE (1 << 8) +#define KDC_OPT_REQUEST_ANONYMOUS (1 << 14) +#define KDC_OPT_DISABLE_TRANSITED_CHECK (1 << 26) +#define KDC_OPT_RENEWABLE_OK (1 << 27) +#define KDC_OPT_ENC_TKT_IN_SKEY (1 << 28) +#define KDC_OPT_RENEW (1 << 30) +#define KDC_OPT_VALIDATE (1 << 31) + +typedef union { + KDCOptions b; + krb5_flags i; +} krb5_kdc_flags; + +/* flags for krb5_verify_ap_req */ + +#define KRB5_VERIFY_AP_REQ_IGNORE_INVALID (1 << 0) + +#define KRB5_GC_CACHED (1U << 0) +#define KRB5_GC_USER_USER (1U << 1) +#define KRB5_GC_EXPIRED_OK (1U << 2) +#define KRB5_GC_NO_STORE (1U << 3) +#define KRB5_GC_FORWARDABLE (1U << 4) +#define KRB5_GC_NO_TRANSIT_CHECK (1U << 5) +#define KRB5_GC_CONSTRAINED_DELEGATION (1U << 6) +#define KRB5_GC_CANONICALIZE (1U << 7) +#define KRB5_GC_ANONYMOUS (1U << 8) + +/* constants for compare_creds (and cc_retrieve_cred) */ +#define KRB5_TC_DONT_MATCH_REALM (1U << 31) +#define KRB5_TC_MATCH_KEYTYPE (1U << 30) +#define KRB5_TC_MATCH_KTYPE KRB5_TC_MATCH_KEYTYPE /* MIT name */ +#define KRB5_TC_MATCH_SRV_NAMEONLY (1 << 29) +#define KRB5_TC_MATCH_FLAGS_EXACT (1 << 28) +#define KRB5_TC_MATCH_FLAGS (1 << 27) +#define KRB5_TC_MATCH_TIMES_EXACT (1 << 26) +#define KRB5_TC_MATCH_TIMES (1 << 25) +#define KRB5_TC_MATCH_AUTHDATA (1 << 24) +#define KRB5_TC_MATCH_2ND_TKT (1 << 23) +#define KRB5_TC_MATCH_IS_SKEY (1 << 22) + +/* constants for get_flags and set_flags */ +#define KRB5_TC_OPENCLOSE 0x00000001 +#define KRB5_TC_NOTICKET 0x00000002 + +typedef AuthorizationData krb5_authdata; + +typedef KRB_ERROR krb5_error; + +typedef struct krb5_creds { + krb5_principal client; + krb5_principal server; + krb5_keyblock session; + krb5_times times; + krb5_data ticket; + krb5_data second_ticket; + krb5_authdata authdata; + krb5_addresses addresses; + krb5_ticket_flags flags; +} krb5_creds; + +typedef struct krb5_cc_cache_cursor_data *krb5_cc_cache_cursor; + +#define KRB5_CC_OPS_VERSION 3 + +typedef struct krb5_cc_ops { + int version; + const char *prefix; + const char* (KRB5_CALLCONV * get_name)(krb5_context, krb5_ccache); + krb5_error_code (KRB5_CALLCONV * resolve)(krb5_context, krb5_ccache *, const char *); + krb5_error_code (KRB5_CALLCONV * gen_new)(krb5_context, krb5_ccache *); + krb5_error_code (KRB5_CALLCONV * init)(krb5_context, krb5_ccache, krb5_principal); + krb5_error_code (KRB5_CALLCONV * destroy)(krb5_context, krb5_ccache); + krb5_error_code (KRB5_CALLCONV * close)(krb5_context, krb5_ccache); + krb5_error_code (KRB5_CALLCONV * store)(krb5_context, krb5_ccache, krb5_creds*); + krb5_error_code (KRB5_CALLCONV * retrieve)(krb5_context, krb5_ccache, + krb5_flags, const krb5_creds*, krb5_creds *); + krb5_error_code (KRB5_CALLCONV * get_princ)(krb5_context, krb5_ccache, krb5_principal*); + krb5_error_code (KRB5_CALLCONV * get_first)(krb5_context, krb5_ccache, krb5_cc_cursor *); + krb5_error_code (KRB5_CALLCONV * get_next)(krb5_context, krb5_ccache, + krb5_cc_cursor*, krb5_creds*); + krb5_error_code (KRB5_CALLCONV * end_get)(krb5_context, krb5_ccache, krb5_cc_cursor*); + krb5_error_code (KRB5_CALLCONV * remove_cred)(krb5_context, krb5_ccache, + krb5_flags, krb5_creds*); + krb5_error_code (KRB5_CALLCONV * set_flags)(krb5_context, krb5_ccache, krb5_flags); + int (KRB5_CALLCONV * get_version)(krb5_context, krb5_ccache); + krb5_error_code (KRB5_CALLCONV * get_cache_first)(krb5_context, krb5_cc_cursor *); + krb5_error_code (KRB5_CALLCONV * get_cache_next)(krb5_context, krb5_cc_cursor, + krb5_ccache *); + krb5_error_code (KRB5_CALLCONV * end_cache_get)(krb5_context, krb5_cc_cursor); + krb5_error_code (KRB5_CALLCONV * move)(krb5_context, krb5_ccache, krb5_ccache); + krb5_error_code (KRB5_CALLCONV * get_default_name)(krb5_context, char **); + krb5_error_code (KRB5_CALLCONV * set_default)(krb5_context, krb5_ccache); + krb5_error_code (KRB5_CALLCONV * lastchange)(krb5_context, krb5_ccache, krb5_timestamp *); + krb5_error_code (KRB5_CALLCONV * set_kdc_offset)(krb5_context, krb5_ccache, krb5_deltat); + krb5_error_code (KRB5_CALLCONV * get_kdc_offset)(krb5_context, krb5_ccache, krb5_deltat *); +} krb5_cc_ops; + +struct krb5_log_facility; + +struct krb5_config_binding { + enum { krb5_config_string, krb5_config_list } type; + char *name; + struct krb5_config_binding *next; + union { + char *string; + struct krb5_config_binding *list; + void *generic; + } u; +}; + +typedef struct krb5_config_binding krb5_config_binding; + +typedef krb5_config_binding krb5_config_section; + +typedef struct krb5_ticket { + EncTicketPart ticket; + krb5_principal client; + krb5_principal server; +} krb5_ticket; + +typedef Authenticator krb5_authenticator_data; + +typedef krb5_authenticator_data *krb5_authenticator; + +struct krb5_rcache_data; +typedef struct krb5_rcache_data *krb5_rcache; +typedef Authenticator krb5_donot_replay; + +#define KRB5_STORAGE_HOST_BYTEORDER 0x01 /* old */ +#define KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS 0x02 +#define KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE 0x04 +#define KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE 0x08 +#define KRB5_STORAGE_BYTEORDER_MASK 0x60 +#define KRB5_STORAGE_BYTEORDER_BE 0x00 /* default */ +#define KRB5_STORAGE_BYTEORDER_LE 0x20 +#define KRB5_STORAGE_BYTEORDER_HOST 0x40 +#define KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER 0x80 + +struct krb5_storage_data; +typedef struct krb5_storage_data krb5_storage; + +typedef struct krb5_keytab_entry { + krb5_principal principal; + krb5_kvno vno; + krb5_keyblock keyblock; + uint32_t timestamp; + uint32_t flags; + krb5_principals aliases; +} krb5_keytab_entry; + +typedef struct krb5_kt_cursor { + int fd; + krb5_storage *sp; + void *data; +} krb5_kt_cursor; + +struct krb5_keytab_data; + +typedef struct krb5_keytab_data *krb5_keytab; + +#define KRB5_KT_PREFIX_MAX_LEN 30 + +struct krb5_keytab_data { + const char *prefix; + krb5_error_code (KRB5_CALLCONV * resolve)(krb5_context, const char*, krb5_keytab); + krb5_error_code (KRB5_CALLCONV * get_name)(krb5_context, krb5_keytab, char*, size_t); + krb5_error_code (KRB5_CALLCONV * close)(krb5_context, krb5_keytab); + krb5_error_code (KRB5_CALLCONV * destroy)(krb5_context, krb5_keytab); + krb5_error_code (KRB5_CALLCONV * get)(krb5_context, krb5_keytab, krb5_const_principal, + krb5_kvno, krb5_enctype, krb5_keytab_entry*); + krb5_error_code (KRB5_CALLCONV * start_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*); + krb5_error_code (KRB5_CALLCONV * next_entry)(krb5_context, krb5_keytab, + krb5_keytab_entry*, krb5_kt_cursor*); + krb5_error_code (KRB5_CALLCONV * end_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*); + krb5_error_code (KRB5_CALLCONV * add)(krb5_context, krb5_keytab, krb5_keytab_entry*); + krb5_error_code (KRB5_CALLCONV * remove)(krb5_context, krb5_keytab, krb5_keytab_entry*); + void *data; + int32_t version; +}; + +typedef struct krb5_keytab_data krb5_kt_ops; + +struct krb5_keytab_key_proc_args { + krb5_keytab keytab; + krb5_principal principal; +}; + +typedef struct krb5_keytab_key_proc_args krb5_keytab_key_proc_args; + +typedef struct krb5_replay_data { + krb5_timestamp timestamp; + int32_t usec; + uint32_t seq; +} krb5_replay_data; + +/* flags for krb5_auth_con_setflags */ +enum { + KRB5_AUTH_CONTEXT_DO_TIME = 1, + KRB5_AUTH_CONTEXT_RET_TIME = 2, + KRB5_AUTH_CONTEXT_DO_SEQUENCE = 4, + KRB5_AUTH_CONTEXT_RET_SEQUENCE = 8, + KRB5_AUTH_CONTEXT_PERMIT_ALL = 16, + KRB5_AUTH_CONTEXT_USE_SUBKEY = 32, + KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED = 64 +}; + +/* flags for krb5_auth_con_genaddrs */ +enum { + KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR = 1, + KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR = 3, + KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR = 4, + KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR = 12 +}; + +typedef struct krb5_auth_context_data { + unsigned int flags; + + krb5_address *local_address; + krb5_address *remote_address; + int16_t local_port; + int16_t remote_port; + krb5_keyblock *keyblock; + krb5_keyblock *local_subkey; + krb5_keyblock *remote_subkey; + + uint32_t local_seqnumber; + uint32_t remote_seqnumber; + + krb5_authenticator authenticator; + + krb5_pointer i_vector; + + krb5_rcache rcache; + + krb5_keytype keytype; /* ¿requested key type ? */ + krb5_cksumtype cksumtype; /* ¡requested checksum type! */ + + AuthorizationData *auth_data; + +}krb5_auth_context_data, *krb5_auth_context; + +typedef struct { + KDC_REP kdc_rep; + EncKDCRepPart enc_part; + KRB_ERROR error; +} krb5_kdc_rep; + +extern const char *heimdal_version, *heimdal_long_version; + +typedef void (KRB5_CALLCONV * krb5_log_log_func_t)(const char*, const char*, void*); +typedef void (KRB5_CALLCONV * krb5_log_close_func_t)(void*); + +typedef struct krb5_log_facility { + char *program; + int len; + struct facility *val; +} krb5_log_facility; + +typedef EncAPRepPart krb5_ap_rep_enc_part; + +#define KRB5_RECVAUTH_IGNORE_VERSION 1 + +#define KRB5_SENDAUTH_VERSION "KRB5_SENDAUTH_V1.0" + +#define KRB5_TGS_NAME_SIZE (6) +#define KRB5_TGS_NAME ("krbtgt") +#define KRB5_WELLKNOWN_NAME ("WELLKNOWN") +#define KRB5_ANON_NAME ("ANONYMOUS") +#define KRB5_ANON_REALM ("WELLKNOWN:ANONYMOUS") +#define KRB5_WELLKNOWN_ORG_H5L_REALM ("WELLKNOWN:ORG.H5L") +#define KRB5_DIGEST_NAME ("digest") + + +#define KRB5_PKU2U_REALM_NAME ("WELLKNOWN:PKU2U") +#define KRB5_LKDC_REALM_NAME ("WELLKNOWN:COM.APPLE.LKDC") + +#define KRB5_GSS_HOSTBASED_SERVICE_NAME ("WELLKNOWN:ORG.H5L.HOSTBASED-SERVICE") +#define KRB5_GSS_REFERALS_REALM_NAME ("WELLKNOWN:ORG.H5L.REFERALS-REALM") + +typedef enum { + KRB5_PROMPT_TYPE_PASSWORD = 0x1, + KRB5_PROMPT_TYPE_NEW_PASSWORD = 0x2, + KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN = 0x3, + KRB5_PROMPT_TYPE_PREAUTH = 0x4, + KRB5_PROMPT_TYPE_INFO = 0x5 +} krb5_prompt_type; + +typedef struct _krb5_prompt { + const char *prompt; + int hidden; + krb5_data *reply; + krb5_prompt_type type; +} krb5_prompt; + +typedef int (KRB5_CALLCONV * krb5_prompter_fct)(krb5_context /*context*/, + void * /*data*/, + const char * /*name*/, + const char * /*banner*/, + int /*num_prompts*/, + krb5_prompt /*prompts*/[]); +typedef krb5_error_code (KRB5_CALLCONV * krb5_key_proc)(krb5_context /*context*/, + krb5_enctype /*type*/, + krb5_salt /*salt*/, + krb5_const_pointer /*keyseed*/, + krb5_keyblock ** /*key*/); +typedef krb5_error_code (KRB5_CALLCONV * krb5_decrypt_proc)(krb5_context /*context*/, + krb5_keyblock * /*key*/, + krb5_key_usage /*usage*/, + krb5_const_pointer /*decrypt_arg*/, + krb5_kdc_rep * /*dec_rep*/); +typedef krb5_error_code (KRB5_CALLCONV * krb5_s2k_proc)(krb5_context /*context*/, + krb5_enctype /*type*/, + krb5_const_pointer /*keyseed*/, + krb5_salt /*salt*/, + krb5_data * /*s2kparms*/, + krb5_keyblock ** /*key*/); + +struct _krb5_get_init_creds_opt_private; + +struct _krb5_get_init_creds_opt { + krb5_flags flags; + krb5_deltat tkt_life; + krb5_deltat renew_life; + int forwardable; + int proxiable; + int anonymous; + int change_password_prompt; + krb5_enctype *etype_list; + int etype_list_length; + krb5_addresses *address_list; + /* XXX the next three should not be used, as they may be + removed later */ + krb5_preauthtype *preauth_list; + int preauth_list_length; + krb5_data *salt; + struct _krb5_get_init_creds_opt_private *opt_private; +}; + +typedef struct _krb5_get_init_creds_opt krb5_get_init_creds_opt; + +#define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001 +#define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002 +#define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004 +#define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008 +#define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010 +#define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020 +#define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040 +#define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080 /* no supported */ +#define KRB5_GET_INIT_CREDS_OPT_ANONYMOUS 0x0100 +#define KRB5_GET_INIT_CREDS_OPT_DISABLE_TRANSITED_CHECK 0x0200 +#define KRB5_GET_INIT_CREDS_OPT_CHANGE_PASSWORD_PROMPT 0x0400 + +/* krb5_init_creds_step flags argument */ +#define KRB5_INIT_CREDS_STEP_FLAG_CONTINUE 0x0001 + +typedef struct _krb5_verify_init_creds_opt { + krb5_flags flags; + int ap_req_nofail; +} krb5_verify_init_creds_opt; + +#define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001 + +typedef struct krb5_verify_opt { + unsigned int flags; + krb5_ccache ccache; + krb5_keytab keytab; + krb5_boolean secure; + const char *service; +} krb5_verify_opt; + +#define KRB5_VERIFY_LREALMS 1 +#define KRB5_VERIFY_NO_ADDRESSES 2 + +#define KRB5_KPASSWD_VERS_CHANGEPW 1 +#define KRB5_KPASSWD_VERS_SETPW 0xff80 + +#define KRB5_KPASSWD_SUCCESS 0 +#define KRB5_KPASSWD_MALFORMED 1 +#define KRB5_KPASSWD_HARDERROR 2 +#define KRB5_KPASSWD_AUTHERROR 3 +#define KRB5_KPASSWD_SOFTERROR 4 +#define KRB5_KPASSWD_ACCESSDENIED 5 +#define KRB5_KPASSWD_BAD_VERSION 6 +#define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7 + +#define KPASSWD_PORT 464 + +/* types for the new krbhst interface */ +struct krb5_krbhst_data; +typedef struct krb5_krbhst_data *krb5_krbhst_handle; + +#define KRB5_KRBHST_KDC 1 +#define KRB5_KRBHST_ADMIN 2 +#define KRB5_KRBHST_CHANGEPW 3 +#define KRB5_KRBHST_KRB524 4 +#define KRB5_KRBHST_KCA 5 + +typedef struct krb5_krbhst_info { + enum { KRB5_KRBHST_UDP, + KRB5_KRBHST_TCP, + KRB5_KRBHST_HTTP } proto; + unsigned short port; + unsigned short def_port; + struct addrinfo *ai; + struct krb5_krbhst_info *next; + char hostname[1]; /* has to come last */ +} krb5_krbhst_info; + +/* flags for krb5_krbhst_init_flags (and krb5_send_to_kdc_flags) */ +enum { + KRB5_KRBHST_FLAGS_MASTER = 1, + KRB5_KRBHST_FLAGS_LARGE_MSG = 2 +}; + +typedef krb5_error_code (*krb5_sendto_prexmit)(krb5_context, int, void *, int, krb5_data *); +typedef krb5_error_code +(KRB5_CALLCONV * krb5_send_to_kdc_func)(krb5_context, void *, krb5_krbhst_info *, time_t, + const krb5_data *, krb5_data *); + +/** flags for krb5_parse_name_flags */ +enum { + KRB5_PRINCIPAL_PARSE_NO_REALM = 1, /**< Require that there are no realm */ + KRB5_PRINCIPAL_PARSE_REQUIRE_REALM = 2, /**< Require a realm present */ + KRB5_PRINCIPAL_PARSE_ENTERPRISE = 4, /**< Parse as a NT-ENTERPRISE name */ + KRB5_PRINCIPAL_PARSE_IGNORE_REALM = 8, /**< Ignore realm if present */ + KRB5_PRINCIPAL_PARSE_NO_DEF_REALM = 16 /**< Don't default the realm */ +}; + +/** flags for krb5_unparse_name_flags */ +enum { + KRB5_PRINCIPAL_UNPARSE_SHORT = 1, /**< No realm if it is the default realm */ + KRB5_PRINCIPAL_UNPARSE_NO_REALM = 2, /**< No realm */ + KRB5_PRINCIPAL_UNPARSE_DISPLAY = 4 /**< No quoting */ +}; + +typedef struct krb5_sendto_ctx_data *krb5_sendto_ctx; + +#define KRB5_SENDTO_DONE 0 +#define KRB5_SENDTO_RESET 1 +#define KRB5_SENDTO_CONTINUE 2 +#define KRB5_SENDTO_TIMEOUT 3 +#define KRB5_SENDTO_INITIAL 4 +#define KRB5_SENDTO_FILTER 5 +#define KRB5_SENDTO_FAILED 6 +#define KRB5_SENDTO_KRBHST 7 + +typedef krb5_error_code +(KRB5_CALLCONV * krb5_sendto_ctx_func)(krb5_context, krb5_sendto_ctx, void *, + const krb5_data *, int *); + +struct krb5_plugin; +enum krb5_plugin_type { + PLUGIN_TYPE_DATA = 1, + PLUGIN_TYPE_FUNC +}; + +#define KRB5_PLUGIN_INVOKE_ALL 1 + +struct credentials; /* this is to keep the compiler happy */ +struct getargs; +struct sockaddr; + +/** + * Semi private, not stable yet + */ + +typedef struct krb5_crypto_iov { + unsigned int flags; + /* ignored */ +#define KRB5_CRYPTO_TYPE_EMPTY 0 + /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_HEADER) */ +#define KRB5_CRYPTO_TYPE_HEADER 1 + /* IN and OUT */ +#define KRB5_CRYPTO_TYPE_DATA 2 + /* IN */ +#define KRB5_CRYPTO_TYPE_SIGN_ONLY 3 + /* (only for encryption) OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */ +#define KRB5_CRYPTO_TYPE_PADDING 4 + /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */ +#define KRB5_CRYPTO_TYPE_TRAILER 5 + /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_CHECKSUM) */ +#define KRB5_CRYPTO_TYPE_CHECKSUM 6 + krb5_data data; +} krb5_crypto_iov; + + +/* Glue for MIT */ + +typedef struct { + int32_t lr_type; + krb5_timestamp value; +} krb5_last_req_entry; + +typedef krb5_error_code +(KRB5_CALLCONV * krb5_gic_process_last_req)(krb5_context, krb5_last_req_entry **, void *); + +typedef struct { + krb5_enctype ks_enctype; + krb5int32 ks_salttype; +}krb5_key_salt_tuple; + +/* + * Name canonicalization rule options + */ + +typedef enum krb5_name_canon_rule_options { + KRB5_NCRO_GC_ONLY = 1 << 0, + KRB5_NCRO_USE_REFERRALS = 1 << 1, + KRB5_NCRO_NO_REFERRALS = 1 << 2, + KRB5_NCRO_USE_FAST = 1 << 3, + KRB5_NCRO_USE_DNSSEC = 1 << 4, + KRB5_NCRO_LOOKUP_REALM = 1 << 5 +} krb5_name_canon_rule_options; + +typedef struct krb5_name_canon_rule_data *krb5_name_canon_rule; +typedef const struct krb5_name_canon_rule_data *krb5_const_name_canon_rule; +typedef struct krb5_name_canon_iterator_data *krb5_name_canon_iterator; + +/* + * krb5_get_init_creds_opt_set_pkinit flags + */ + +#define KRB5_GIC_OPT_PKINIT_USE_ENCKEY 2 /* use RSA, not DH */ +#define KRB5_GIC_OPT_PKINIT_ANONYMOUS 4 /* anonymous PKINIT */ +#define KRB5_GIC_OPT_PKINIT_BTMM 8 /* reserved by Apple */ +#define KRB5_GIC_OPT_PKINIT_NO_KDC_ANCHOR 16 /* do not authenticate KDC */ + +/* + * _krb5_principal_is_anonymous() flags + */ +#define KRB5_ANON_MATCH_AUTHENTICATED 1 /* authenticated with anon flag */ +#define KRB5_ANON_MATCH_UNAUTHENTICATED 2 /* anonymous PKINIT */ +#define KRB5_ANON_IGNORE_NAME_TYPE 4 /* don't check the name type */ +#define KRB5_ANON_MATCH_ANY ( KRB5_ANON_MATCH_AUTHENTICATED | \ + KRB5_ANON_MATCH_UNAUTHENTICATED ) +#define KRB5_ANON_MATCH_ANY_NONT ( KRB5_ANON_MATCH_ANY | \ + KRB5_ANON_IGNORE_NAME_TYPE ) + +/* + * + */ + +struct hx509_certs_data; + +#include + +/* variables */ + +extern KRB5_LIB_VARIABLE const char *krb5_config_file; +extern KRB5_LIB_VARIABLE const char *krb5_defkeyname; + + +extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops; +extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_dcc_ops; +extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops; +extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_mcc_ops; +extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_kcm_ops; +extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_akcm_ops; +extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_scc_ops; + +extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_fkt_ops; +extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_wrfkt_ops; +extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_javakt_ops; +extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_mkt_ops; +extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_akf_ops; +extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_any_ops; + +extern KRB5_LIB_VARIABLE const char *krb5_cc_type_api; +extern KRB5_LIB_VARIABLE const char *krb5_cc_type_file; +extern KRB5_LIB_VARIABLE const char *krb5_cc_type_memory; +extern KRB5_LIB_VARIABLE const char *krb5_cc_type_kcm; +extern KRB5_LIB_VARIABLE const char *krb5_cc_type_scc; +extern KRB5_LIB_VARIABLE const char *krb5_cc_type_dcc; + +/* clang analyzer workarounds */ + +#ifdef __clang_analyzer__ +/* + * The clang analyzer (lint) can't know that krb5_enomem() always returns + * non-zero, so code like: + * + * if ((x = malloc(...)) == NULL) + * ret = krb5_enomem(context) + * if (ret == 0) + * *x = ...; + * + * causes false positives. + * + * The fix is to make krb5_enomem() a macro that always evaluates to ENOMEM. + */ +#define krb5_enomem(c) (krb5_enomem(c), ENOMEM) +#endif + +#endif /* __KRB5_H__ */ + diff --git a/kerberos5/include/krb5_asn1.h b/kerberos5/include/krb5_asn1.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/krb5_asn1.h @@ -0,0 +1,2647 @@ +/* Generated from ./krb5.asn1 */ +/* Do not edit */ + +#ifndef __krb5_asn1_h__ +#define __krb5_asn1_h__ + +#include +#include + +#ifndef __asn1_common_definitions__ +#define __asn1_common_definitions__ + +#ifndef __HEIM_BASE_DATA__ +#define __HEIM_BASE_DATA__ 1 +struct heim_base_data { + size_t length; + void *data; +}; +typedef struct heim_base_data heim_octet_string; +#endif + +typedef struct heim_integer { + size_t length; + void *data; + int negative; +} heim_integer; + +typedef char *heim_general_string; + +typedef char *heim_utf8_string; + +typedef struct heim_base_data heim_printable_string; + +typedef struct heim_base_data heim_ia5_string; + +typedef struct heim_bmp_string { + size_t length; + uint16_t *data; +} heim_bmp_string; + +typedef struct heim_universal_string { + size_t length; + uint32_t *data; +} heim_universal_string; + +typedef char *heim_visible_string; + +typedef struct heim_oid { + size_t length; + unsigned *components; +} heim_oid; + +typedef struct heim_bit_string { + size_t length; + void *data; +} heim_bit_string; + +typedef struct heim_base_data heim_any; +typedef struct heim_base_data heim_any_set; + +#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \ + do { \ + (BL) = length_##T((S)); \ + (B) = malloc((BL)); \ + if((B) == NULL) { \ + (R) = ENOMEM; \ + } else { \ + (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \ + (S), (L)); \ + if((R) != 0) { \ + free((B)); \ + (B) = NULL; \ + } \ + } \ + } while (0) + +#ifdef _WIN32 +#ifndef ASN1_LIB +#define ASN1EXP __declspec(dllimport) +#else +#define ASN1EXP +#endif +#define ASN1CALL __stdcall +#else +#define ASN1EXP +#define ASN1CALL +#endif +struct units; + +#endif + +/* +NAME-TYPE ::= INTEGER { + KRB5_NT_UNKNOWN(0), + KRB5_NT_PRINCIPAL(1), + KRB5_NT_SRV_INST(2), + KRB5_NT_SRV_HST(3), + KRB5_NT_SRV_XHST(4), + KRB5_NT_UID(5), + KRB5_NT_X500_PRINCIPAL(6), + KRB5_NT_SMTP_NAME(7), + KRB5_NT_ENTERPRISE_PRINCIPAL(10), + KRB5_NT_WELLKNOWN(11), + KRB5_NT_SRV_HST_DOMAIN(12), + KRB5_NT_ENT_PRINCIPAL_AND_ID(-130), + KRB5_NT_MS_PRINCIPAL(-128), + KRB5_NT_MS_PRINCIPAL_AND_ID(-129), + KRB5_NT_NTLM(-1200), + KRB5_NT_X509_GENERAL_NAME(-1201), + KRB5_NT_GSS_HOSTBASED_SERVICE(-1202), + KRB5_NT_CACHE_UUID(-1203), + KRB5_NT_SRV_HST_NEEDS_CANON(-195894762) +} +*/ + +typedef enum NAME_TYPE { + KRB5_NT_UNKNOWN = 0, + KRB5_NT_PRINCIPAL = 1, + KRB5_NT_SRV_INST = 2, + KRB5_NT_SRV_HST = 3, + KRB5_NT_SRV_XHST = 4, + KRB5_NT_UID = 5, + KRB5_NT_X500_PRINCIPAL = 6, + KRB5_NT_SMTP_NAME = 7, + KRB5_NT_ENTERPRISE_PRINCIPAL = 10, + KRB5_NT_WELLKNOWN = 11, + KRB5_NT_SRV_HST_DOMAIN = 12, + KRB5_NT_ENT_PRINCIPAL_AND_ID = -130, + KRB5_NT_MS_PRINCIPAL = -128, + KRB5_NT_MS_PRINCIPAL_AND_ID = -129, + KRB5_NT_NTLM = -1200, + KRB5_NT_X509_GENERAL_NAME = -1201, + KRB5_NT_GSS_HOSTBASED_SERVICE = -1202, + KRB5_NT_CACHE_UUID = -1203, + KRB5_NT_SRV_HST_NEEDS_CANON = -195894762 +} NAME_TYPE; + +ASN1EXP int ASN1CALL decode_NAME_TYPE(const unsigned char *, size_t, NAME_TYPE *, size_t *); +ASN1EXP int ASN1CALL encode_NAME_TYPE(unsigned char *, size_t, const NAME_TYPE *, size_t *); +ASN1EXP size_t ASN1CALL length_NAME_TYPE(const NAME_TYPE *); +ASN1EXP int ASN1CALL copy_NAME_TYPE (const NAME_TYPE *, NAME_TYPE *); +ASN1EXP void ASN1CALL free_NAME_TYPE (NAME_TYPE *); + + +/* +MESSAGE-TYPE ::= INTEGER { + krb_as_req(10), + krb_as_rep(11), + krb_tgs_req(12), + krb_tgs_rep(13), + krb_ap_req(14), + krb_ap_rep(15), + krb_safe(20), + krb_priv(21), + krb_cred(22), + krb_error(30) +} +*/ + +typedef enum MESSAGE_TYPE { + krb_as_req = 10, + krb_as_rep = 11, + krb_tgs_req = 12, + krb_tgs_rep = 13, + krb_ap_req = 14, + krb_ap_rep = 15, + krb_safe = 20, + krb_priv = 21, + krb_cred = 22, + krb_error = 30 +} MESSAGE_TYPE; + +/* +PADATA-TYPE ::= INTEGER { + KRB5_PADATA_NONE(0), + KRB5_PADATA_TGS_REQ(1), + KRB5_PADATA_AP_REQ(1), + KRB5_PADATA_ENC_TIMESTAMP(2), + KRB5_PADATA_PW_SALT(3), + KRB5_PADATA_ENC_UNIX_TIME(5), + KRB5_PADATA_SANDIA_SECUREID(6), + KRB5_PADATA_SESAME(7), + KRB5_PADATA_OSF_DCE(8), + KRB5_PADATA_CYBERSAFE_SECUREID(9), + KRB5_PADATA_AFS3_SALT(10), + KRB5_PADATA_ETYPE_INFO(11), + KRB5_PADATA_SAM_CHALLENGE(12), + KRB5_PADATA_SAM_RESPONSE(13), + KRB5_PADATA_PK_AS_REQ_19(14), + KRB5_PADATA_PK_AS_REP_19(15), + KRB5_PADATA_PK_AS_REQ_WIN(15), + KRB5_PADATA_PK_AS_REQ(16), + KRB5_PADATA_PK_AS_REP(17), + KRB5_PADATA_PA_PK_OCSP_RESPONSE(18), + KRB5_PADATA_ETYPE_INFO2(19), + KRB5_PADATA_USE_SPECIFIED_KVNO(20), + KRB5_PADATA_SVR_REFERRAL_INFO(20), + KRB5_PADATA_SAM_REDIRECT(21), + KRB5_PADATA_GET_FROM_TYPED_DATA(22), + KRB5_PADATA_SAM_ETYPE_INFO(23), + KRB5_PADATA_SERVER_REFERRAL(25), + KRB5_PADATA_ALT_PRINC(24), + KRB5_PADATA_SAM_CHALLENGE2(30), + KRB5_PADATA_SAM_RESPONSE2(31), + KRB5_PA_EXTRA_TGT(41), + KRB5_PADATA_FX_FAST_ARMOR(71), + KRB5_PADATA_TD_KRB_PRINCIPAL(102), + KRB5_PADATA_PK_TD_TRUSTED_CERTIFIERS(104), + KRB5_PADATA_PK_TD_CERTIFICATE_INDEX(105), + KRB5_PADATA_TD_APP_DEFINED_ERROR(106), + KRB5_PADATA_TD_REQ_NONCE(107), + KRB5_PADATA_TD_REQ_SEQ(108), + KRB5_PADATA_PA_PAC_REQUEST(128), + KRB5_PADATA_FOR_USER(129), + KRB5_PADATA_FOR_X509_USER(130), + KRB5_PADATA_FOR_CHECK_DUPS(131), + KRB5_PADATA_AS_CHECKSUM(132), + KRB5_PADATA_PK_AS_09_BINDING(132), + KRB5_PADATA_FX_COOKIE(133), + KRB5_PADATA_AUTHENTICATION_SET(134), + KRB5_PADATA_AUTH_SET_SELECTED(135), + KRB5_PADATA_FX_FAST(136), + KRB5_PADATA_FX_ERROR(137), + KRB5_PADATA_ENCRYPTED_CHALLENGE(138), + KRB5_PADATA_OTP_CHALLENGE(141), + KRB5_PADATA_OTP_REQUEST(142), + KBB5_PADATA_OTP_CONFIRM(143), + KRB5_PADATA_OTP_PIN_CHANGE(144), + KRB5_PADATA_EPAK_AS_REQ(145), + KRB5_PADATA_EPAK_AS_REP(146), + KRB5_PADATA_PKINIT_KX(147), + KRB5_PADATA_PKU2U_NAME(148), + KRB5_PADATA_REQ_ENC_PA_REP(149), + KRB5_PADATA_SUPPORTED_ETYPES(165) +} +*/ + +typedef enum PADATA_TYPE { + KRB5_PADATA_NONE = 0, + KRB5_PADATA_TGS_REQ = 1, + KRB5_PADATA_AP_REQ = 1, + KRB5_PADATA_ENC_TIMESTAMP = 2, + KRB5_PADATA_PW_SALT = 3, + KRB5_PADATA_ENC_UNIX_TIME = 5, + KRB5_PADATA_SANDIA_SECUREID = 6, + KRB5_PADATA_SESAME = 7, + KRB5_PADATA_OSF_DCE = 8, + KRB5_PADATA_CYBERSAFE_SECUREID = 9, + KRB5_PADATA_AFS3_SALT = 10, + KRB5_PADATA_ETYPE_INFO = 11, + KRB5_PADATA_SAM_CHALLENGE = 12, + KRB5_PADATA_SAM_RESPONSE = 13, + KRB5_PADATA_PK_AS_REQ_19 = 14, + KRB5_PADATA_PK_AS_REP_19 = 15, + KRB5_PADATA_PK_AS_REQ_WIN = 15, + KRB5_PADATA_PK_AS_REQ = 16, + KRB5_PADATA_PK_AS_REP = 17, + KRB5_PADATA_PA_PK_OCSP_RESPONSE = 18, + KRB5_PADATA_ETYPE_INFO2 = 19, + KRB5_PADATA_USE_SPECIFIED_KVNO = 20, + KRB5_PADATA_SVR_REFERRAL_INFO = 20, + KRB5_PADATA_SAM_REDIRECT = 21, + KRB5_PADATA_GET_FROM_TYPED_DATA = 22, + KRB5_PADATA_SAM_ETYPE_INFO = 23, + KRB5_PADATA_SERVER_REFERRAL = 25, + KRB5_PADATA_ALT_PRINC = 24, + KRB5_PADATA_SAM_CHALLENGE2 = 30, + KRB5_PADATA_SAM_RESPONSE2 = 31, + KRB5_PA_EXTRA_TGT = 41, + KRB5_PADATA_FX_FAST_ARMOR = 71, + KRB5_PADATA_TD_KRB_PRINCIPAL = 102, + KRB5_PADATA_PK_TD_TRUSTED_CERTIFIERS = 104, + KRB5_PADATA_PK_TD_CERTIFICATE_INDEX = 105, + KRB5_PADATA_TD_APP_DEFINED_ERROR = 106, + KRB5_PADATA_TD_REQ_NONCE = 107, + KRB5_PADATA_TD_REQ_SEQ = 108, + KRB5_PADATA_PA_PAC_REQUEST = 128, + KRB5_PADATA_FOR_USER = 129, + KRB5_PADATA_FOR_X509_USER = 130, + KRB5_PADATA_FOR_CHECK_DUPS = 131, + KRB5_PADATA_AS_CHECKSUM = 132, + KRB5_PADATA_PK_AS_09_BINDING = 132, + KRB5_PADATA_FX_COOKIE = 133, + KRB5_PADATA_AUTHENTICATION_SET = 134, + KRB5_PADATA_AUTH_SET_SELECTED = 135, + KRB5_PADATA_FX_FAST = 136, + KRB5_PADATA_FX_ERROR = 137, + KRB5_PADATA_ENCRYPTED_CHALLENGE = 138, + KRB5_PADATA_OTP_CHALLENGE = 141, + KRB5_PADATA_OTP_REQUEST = 142, + KBB5_PADATA_OTP_CONFIRM = 143, + KRB5_PADATA_OTP_PIN_CHANGE = 144, + KRB5_PADATA_EPAK_AS_REQ = 145, + KRB5_PADATA_EPAK_AS_REP = 146, + KRB5_PADATA_PKINIT_KX = 147, + KRB5_PADATA_PKU2U_NAME = 148, + KRB5_PADATA_REQ_ENC_PA_REP = 149, + KRB5_PADATA_SUPPORTED_ETYPES = 165 +} PADATA_TYPE; + +ASN1EXP int ASN1CALL decode_PADATA_TYPE(const unsigned char *, size_t, PADATA_TYPE *, size_t *); +ASN1EXP int ASN1CALL encode_PADATA_TYPE(unsigned char *, size_t, const PADATA_TYPE *, size_t *); +ASN1EXP size_t ASN1CALL length_PADATA_TYPE(const PADATA_TYPE *); +ASN1EXP int ASN1CALL copy_PADATA_TYPE (const PADATA_TYPE *, PADATA_TYPE *); +ASN1EXP void ASN1CALL free_PADATA_TYPE (PADATA_TYPE *); + + +/* +AUTHDATA-TYPE ::= INTEGER { + KRB5_AUTHDATA_IF_RELEVANT(1), + KRB5_AUTHDATA_INTENDED_FOR_SERVER(2), + KRB5_AUTHDATA_INTENDED_FOR_APPLICATION_CLASS(3), + KRB5_AUTHDATA_KDC_ISSUED(4), + KRB5_AUTHDATA_AND_OR(5), + KRB5_AUTHDATA_MANDATORY_TICKET_EXTENSIONS(6), + KRB5_AUTHDATA_IN_TICKET_EXTENSIONS(7), + KRB5_AUTHDATA_MANDATORY_FOR_KDC(8), + KRB5_AUTHDATA_INITIAL_VERIFIED_CAS(9), + KRB5_AUTHDATA_OSF_DCE(64), + KRB5_AUTHDATA_SESAME(65), + KRB5_AUTHDATA_OSF_DCE_PKI_CERTID(66), + KRB5_AUTHDATA_WIN2K_PAC(128), + KRB5_AUTHDATA_GSS_API_ETYPE_NEGOTIATION(129), + KRB5_AUTHDATA_SIGNTICKET_OLDER(-17), + KRB5_AUTHDATA_SIGNTICKET_OLD(142), + KRB5_AUTHDATA_SIGNTICKET(512) +} +*/ + +typedef enum AUTHDATA_TYPE { + KRB5_AUTHDATA_IF_RELEVANT = 1, + KRB5_AUTHDATA_INTENDED_FOR_SERVER = 2, + KRB5_AUTHDATA_INTENDED_FOR_APPLICATION_CLASS = 3, + KRB5_AUTHDATA_KDC_ISSUED = 4, + KRB5_AUTHDATA_AND_OR = 5, + KRB5_AUTHDATA_MANDATORY_TICKET_EXTENSIONS = 6, + KRB5_AUTHDATA_IN_TICKET_EXTENSIONS = 7, + KRB5_AUTHDATA_MANDATORY_FOR_KDC = 8, + KRB5_AUTHDATA_INITIAL_VERIFIED_CAS = 9, + KRB5_AUTHDATA_OSF_DCE = 64, + KRB5_AUTHDATA_SESAME = 65, + KRB5_AUTHDATA_OSF_DCE_PKI_CERTID = 66, + KRB5_AUTHDATA_WIN2K_PAC = 128, + KRB5_AUTHDATA_GSS_API_ETYPE_NEGOTIATION = 129, + KRB5_AUTHDATA_SIGNTICKET_OLDER = -17, + KRB5_AUTHDATA_SIGNTICKET_OLD = 142, + KRB5_AUTHDATA_SIGNTICKET = 512 +} AUTHDATA_TYPE; + +ASN1EXP int ASN1CALL decode_AUTHDATA_TYPE(const unsigned char *, size_t, AUTHDATA_TYPE *, size_t *); +ASN1EXP int ASN1CALL encode_AUTHDATA_TYPE(unsigned char *, size_t, const AUTHDATA_TYPE *, size_t *); +ASN1EXP size_t ASN1CALL length_AUTHDATA_TYPE(const AUTHDATA_TYPE *); +ASN1EXP int ASN1CALL copy_AUTHDATA_TYPE (const AUTHDATA_TYPE *, AUTHDATA_TYPE *); +ASN1EXP void ASN1CALL free_AUTHDATA_TYPE (AUTHDATA_TYPE *); + + +/* +CKSUMTYPE ::= INTEGER { + CKSUMTYPE_NONE(0), + CKSUMTYPE_CRC32(1), + CKSUMTYPE_RSA_MD4(2), + CKSUMTYPE_RSA_MD4_DES(3), + CKSUMTYPE_DES_MAC(4), + CKSUMTYPE_DES_MAC_K(5), + CKSUMTYPE_RSA_MD4_DES_K(6), + CKSUMTYPE_RSA_MD5(7), + CKSUMTYPE_RSA_MD5_DES(8), + CKSUMTYPE_RSA_MD5_DES3(9), + CKSUMTYPE_SHA1_OTHER(10), + CKSUMTYPE_HMAC_SHA1_DES3(12), + CKSUMTYPE_SHA1(14), + CKSUMTYPE_HMAC_SHA1_96_AES_128(15), + CKSUMTYPE_HMAC_SHA1_96_AES_256(16), + CKSUMTYPE_HMAC_SHA256_128_AES128(19), + CKSUMTYPE_HMAC_SHA384_192_AES256(20), + CKSUMTYPE_GSSAPI(32771), + CKSUMTYPE_HMAC_MD5(-138), + CKSUMTYPE_HMAC_MD5_ENC(-1138) +} +*/ + +typedef enum CKSUMTYPE { + CKSUMTYPE_NONE = 0, + CKSUMTYPE_CRC32 = 1, + CKSUMTYPE_RSA_MD4 = 2, + CKSUMTYPE_RSA_MD4_DES = 3, + CKSUMTYPE_DES_MAC = 4, + CKSUMTYPE_DES_MAC_K = 5, + CKSUMTYPE_RSA_MD4_DES_K = 6, + CKSUMTYPE_RSA_MD5 = 7, + CKSUMTYPE_RSA_MD5_DES = 8, + CKSUMTYPE_RSA_MD5_DES3 = 9, + CKSUMTYPE_SHA1_OTHER = 10, + CKSUMTYPE_HMAC_SHA1_DES3 = 12, + CKSUMTYPE_SHA1 = 14, + CKSUMTYPE_HMAC_SHA1_96_AES_128 = 15, + CKSUMTYPE_HMAC_SHA1_96_AES_256 = 16, + CKSUMTYPE_HMAC_SHA256_128_AES128 = 19, + CKSUMTYPE_HMAC_SHA384_192_AES256 = 20, + CKSUMTYPE_GSSAPI = 32771, + CKSUMTYPE_HMAC_MD5 = -138, + CKSUMTYPE_HMAC_MD5_ENC = -1138 +} CKSUMTYPE; + +ASN1EXP int ASN1CALL decode_CKSUMTYPE(const unsigned char *, size_t, CKSUMTYPE *, size_t *); +ASN1EXP int ASN1CALL encode_CKSUMTYPE(unsigned char *, size_t, const CKSUMTYPE *, size_t *); +ASN1EXP size_t ASN1CALL length_CKSUMTYPE(const CKSUMTYPE *); +ASN1EXP int ASN1CALL copy_CKSUMTYPE (const CKSUMTYPE *, CKSUMTYPE *); +ASN1EXP void ASN1CALL free_CKSUMTYPE (CKSUMTYPE *); + + +/* +ENCTYPE ::= INTEGER { + KRB5_ENCTYPE_NULL(0), + KRB5_ENCTYPE_DES_CBC_CRC(1), + KRB5_ENCTYPE_DES_CBC_MD4(2), + KRB5_ENCTYPE_DES_CBC_MD5(3), + KRB5_ENCTYPE_DES3_CBC_MD5(5), + KRB5_ENCTYPE_OLD_DES3_CBC_SHA1(7), + KRB5_ENCTYPE_SIGN_DSA_GENERATE(8), + KRB5_ENCTYPE_ENCRYPT_RSA_PRIV(9), + KRB5_ENCTYPE_ENCRYPT_RSA_PUB(10), + KRB5_ENCTYPE_DES3_CBC_SHA1(16), + KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96(17), + KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96(18), + KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128(19), + KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192(20), + KRB5_ENCTYPE_ARCFOUR_HMAC_MD5(23), + KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56(24), + KRB5_ENCTYPE_ENCTYPE_PK_CROSS(48), + KRB5_ENCTYPE_ARCFOUR_MD4(-128), + KRB5_ENCTYPE_ARCFOUR_HMAC_OLD(-133), + KRB5_ENCTYPE_ARCFOUR_HMAC_OLD_EXP(-135), + KRB5_ENCTYPE_DES_CBC_NONE(-4096), + KRB5_ENCTYPE_DES3_CBC_NONE(-4097), + KRB5_ENCTYPE_DES_CFB64_NONE(-4098), + KRB5_ENCTYPE_DES_PCBC_NONE(-4099), + KRB5_ENCTYPE_DIGEST_MD5_NONE(-4100), + KRB5_ENCTYPE_CRAM_MD5_NONE(-4101) +} +*/ + +typedef enum ENCTYPE { + KRB5_ENCTYPE_NULL = 0, + KRB5_ENCTYPE_DES_CBC_CRC = 1, + KRB5_ENCTYPE_DES_CBC_MD4 = 2, + KRB5_ENCTYPE_DES_CBC_MD5 = 3, + KRB5_ENCTYPE_DES3_CBC_MD5 = 5, + KRB5_ENCTYPE_OLD_DES3_CBC_SHA1 = 7, + KRB5_ENCTYPE_SIGN_DSA_GENERATE = 8, + KRB5_ENCTYPE_ENCRYPT_RSA_PRIV = 9, + KRB5_ENCTYPE_ENCRYPT_RSA_PUB = 10, + KRB5_ENCTYPE_DES3_CBC_SHA1 = 16, + KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96 = 17, + KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96 = 18, + KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128 = 19, + KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192 = 20, + KRB5_ENCTYPE_ARCFOUR_HMAC_MD5 = 23, + KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56 = 24, + KRB5_ENCTYPE_ENCTYPE_PK_CROSS = 48, + KRB5_ENCTYPE_ARCFOUR_MD4 = -128, + KRB5_ENCTYPE_ARCFOUR_HMAC_OLD = -133, + KRB5_ENCTYPE_ARCFOUR_HMAC_OLD_EXP = -135, + KRB5_ENCTYPE_DES_CBC_NONE = -4096, + KRB5_ENCTYPE_DES3_CBC_NONE = -4097, + KRB5_ENCTYPE_DES_CFB64_NONE = -4098, + KRB5_ENCTYPE_DES_PCBC_NONE = -4099, + KRB5_ENCTYPE_DIGEST_MD5_NONE = -4100, + KRB5_ENCTYPE_CRAM_MD5_NONE = -4101 +} ENCTYPE; + +ASN1EXP int ASN1CALL decode_ENCTYPE(const unsigned char *, size_t, ENCTYPE *, size_t *); +ASN1EXP int ASN1CALL encode_ENCTYPE(unsigned char *, size_t, const ENCTYPE *, size_t *); +ASN1EXP size_t ASN1CALL length_ENCTYPE(const ENCTYPE *); +ASN1EXP int ASN1CALL copy_ENCTYPE (const ENCTYPE *, ENCTYPE *); +ASN1EXP void ASN1CALL free_ENCTYPE (ENCTYPE *); + + +/* +krb5uint32 ::= INTEGER (0..4294967295) +*/ + +typedef unsigned int krb5uint32; + +/* +krb5int32 ::= INTEGER (-2147483648..2147483647) +*/ + +typedef int krb5int32; + +/* +KerberosString ::= GeneralString +*/ + +typedef heim_general_string KerberosString; + +ASN1EXP int ASN1CALL decode_KerberosString(const unsigned char *, size_t, KerberosString *, size_t *); +ASN1EXP int ASN1CALL encode_KerberosString(unsigned char *, size_t, const KerberosString *, size_t *); +ASN1EXP size_t ASN1CALL length_KerberosString(const KerberosString *); +ASN1EXP int ASN1CALL copy_KerberosString (const KerberosString *, KerberosString *); +ASN1EXP void ASN1CALL free_KerberosString (KerberosString *); + + +/* +Realm ::= GeneralString +*/ + +typedef heim_general_string Realm; + +ASN1EXP int ASN1CALL decode_Realm(const unsigned char *, size_t, Realm *, size_t *); +ASN1EXP int ASN1CALL encode_Realm(unsigned char *, size_t, const Realm *, size_t *); +ASN1EXP size_t ASN1CALL length_Realm(const Realm *); +ASN1EXP int ASN1CALL copy_Realm (const Realm *, Realm *); +ASN1EXP void ASN1CALL free_Realm (Realm *); + + +/* +PrincipalName ::= SEQUENCE { + name-type [0] NAME-TYPE, + name-string [1] SEQUENCE OF GeneralString, +} +*/ + +typedef struct PrincipalName { + NAME_TYPE name_type; + struct PrincipalName_name_string { + unsigned int len; + heim_general_string *val; + } name_string; +} PrincipalName; + +ASN1EXP int ASN1CALL decode_PrincipalName(const unsigned char *, size_t, PrincipalName *, size_t *); +ASN1EXP int ASN1CALL encode_PrincipalName(unsigned char *, size_t, const PrincipalName *, size_t *); +ASN1EXP size_t ASN1CALL length_PrincipalName(const PrincipalName *); +ASN1EXP int ASN1CALL copy_PrincipalName (const PrincipalName *, PrincipalName *); +ASN1EXP void ASN1CALL free_PrincipalName (PrincipalName *); + + +/* +Principal ::= SEQUENCE { + name [0] PrincipalName, + realm [1] Realm, +} +*/ + +typedef struct Principal { + PrincipalName name; + Realm realm; +} Principal; + +ASN1EXP int ASN1CALL decode_Principal(const unsigned char *, size_t, Principal *, size_t *); +ASN1EXP int ASN1CALL encode_Principal(unsigned char *, size_t, const Principal *, size_t *); +ASN1EXP size_t ASN1CALL length_Principal(const Principal *); +ASN1EXP int ASN1CALL copy_Principal (const Principal *, Principal *); +ASN1EXP void ASN1CALL free_Principal (Principal *); + + +/* +Principals ::= SEQUENCE OF Principal +*/ + +typedef struct Principals { + unsigned int len; + Principal *val; +} Principals; + +ASN1EXP int ASN1CALL add_Principals (Principals *, const Principal *); +ASN1EXP int ASN1CALL remove_Principals (Principals *, unsigned int); +ASN1EXP int ASN1CALL decode_Principals(const unsigned char *, size_t, Principals *, size_t *); +ASN1EXP int ASN1CALL encode_Principals(unsigned char *, size_t, const Principals *, size_t *); +ASN1EXP size_t ASN1CALL length_Principals(const Principals *); +ASN1EXP int ASN1CALL copy_Principals (const Principals *, Principals *); +ASN1EXP void ASN1CALL free_Principals (Principals *); + + +/* +HostAddress ::= SEQUENCE { + addr-type [0] krb5int32, + address [1] OCTET STRING, +} +*/ + +typedef struct HostAddress { + krb5int32 addr_type; + heim_octet_string address; +} HostAddress; + +ASN1EXP int ASN1CALL decode_HostAddress(const unsigned char *, size_t, HostAddress *, size_t *); +ASN1EXP int ASN1CALL encode_HostAddress(unsigned char *, size_t, const HostAddress *, size_t *); +ASN1EXP size_t ASN1CALL length_HostAddress(const HostAddress *); +ASN1EXP int ASN1CALL copy_HostAddress (const HostAddress *, HostAddress *); +ASN1EXP void ASN1CALL free_HostAddress (HostAddress *); + + +/* +HostAddresses ::= SEQUENCE OF HostAddress +*/ + +typedef struct HostAddresses { + unsigned int len; + HostAddress *val; +} HostAddresses; + +ASN1EXP int ASN1CALL decode_HostAddresses(const unsigned char *, size_t, HostAddresses *, size_t *); +ASN1EXP int ASN1CALL encode_HostAddresses(unsigned char *, size_t, const HostAddresses *, size_t *); +ASN1EXP size_t ASN1CALL length_HostAddresses(const HostAddresses *); +ASN1EXP int ASN1CALL copy_HostAddresses (const HostAddresses *, HostAddresses *); +ASN1EXP void ASN1CALL free_HostAddresses (HostAddresses *); + + +/* +KerberosTime ::= GeneralizedTime +*/ + +typedef time_t KerberosTime; + +ASN1EXP int ASN1CALL decode_KerberosTime(const unsigned char *, size_t, KerberosTime *, size_t *); +ASN1EXP int ASN1CALL encode_KerberosTime(unsigned char *, size_t, const KerberosTime *, size_t *); +ASN1EXP size_t ASN1CALL length_KerberosTime(const KerberosTime *); +ASN1EXP int ASN1CALL copy_KerberosTime (const KerberosTime *, KerberosTime *); +ASN1EXP void ASN1CALL free_KerberosTime (KerberosTime *); + + +/* +AuthorizationDataElement ::= SEQUENCE { + ad-type [0] krb5int32, + ad-data [1] OCTET STRING, +} +*/ + +typedef struct AuthorizationDataElement { + krb5int32 ad_type; + heim_octet_string ad_data; +} AuthorizationDataElement; + +ASN1EXP int ASN1CALL decode_AuthorizationDataElement(const unsigned char *, size_t, AuthorizationDataElement *, size_t *); +ASN1EXP int ASN1CALL encode_AuthorizationDataElement(unsigned char *, size_t, const AuthorizationDataElement *, size_t *); +ASN1EXP size_t ASN1CALL length_AuthorizationDataElement(const AuthorizationDataElement *); +ASN1EXP int ASN1CALL copy_AuthorizationDataElement (const AuthorizationDataElement *, AuthorizationDataElement *); +ASN1EXP void ASN1CALL free_AuthorizationDataElement (AuthorizationDataElement *); + + +/* +AuthorizationData ::= SEQUENCE OF AuthorizationDataElement +*/ + +typedef struct AuthorizationData { + unsigned int len; + AuthorizationDataElement *val; +} AuthorizationData; + +ASN1EXP int ASN1CALL add_AuthorizationData (AuthorizationData *, const AuthorizationDataElement *); +ASN1EXP int ASN1CALL remove_AuthorizationData (AuthorizationData *, unsigned int); +ASN1EXP int ASN1CALL decode_AuthorizationData(const unsigned char *, size_t, AuthorizationData *, size_t *); +ASN1EXP int ASN1CALL encode_AuthorizationData(unsigned char *, size_t, const AuthorizationData *, size_t *); +ASN1EXP size_t ASN1CALL length_AuthorizationData(const AuthorizationData *); +ASN1EXP int ASN1CALL copy_AuthorizationData (const AuthorizationData *, AuthorizationData *); +ASN1EXP void ASN1CALL free_AuthorizationData (AuthorizationData *); + + +/* +APOptions ::= BIT STRING { + reserved(0), + use-session-key(1), + mutual-required(2) +} +*/ + +typedef struct APOptions { + unsigned int reserved:1; + unsigned int use_session_key:1; + unsigned int mutual_required:1; + unsigned int _unused3:1; + unsigned int _unused4:1; + unsigned int _unused5:1; + unsigned int _unused6:1; + unsigned int _unused7:1; + unsigned int _unused8:1; + unsigned int _unused9:1; + unsigned int _unused10:1; + unsigned int _unused11:1; + unsigned int _unused12:1; + unsigned int _unused13:1; + unsigned int _unused14:1; + unsigned int _unused15:1; + unsigned int _unused16:1; + unsigned int _unused17:1; + unsigned int _unused18:1; + unsigned int _unused19:1; + unsigned int _unused20:1; + unsigned int _unused21:1; + unsigned int _unused22:1; + unsigned int _unused23:1; + unsigned int _unused24:1; + unsigned int _unused25:1; + unsigned int _unused26:1; + unsigned int _unused27:1; + unsigned int _unused28:1; + unsigned int _unused29:1; + unsigned int _unused30:1; + unsigned int _unused31:1; +} APOptions; + + +unsigned APOptions2int(APOptions); +APOptions int2APOptions(unsigned); +const struct units * asn1_APOptions_units(void); +/* +TicketFlags ::= BIT STRING { + reserved(0), + forwardable(1), + forwarded(2), + proxiable(3), + proxy(4), + may-postdate(5), + postdated(6), + invalid(7), + renewable(8), + initial(9), + pre-authent(10), + hw-authent(11), + transited-policy-checked(12), + ok-as-delegate(13), + enc-pa-rep(15), + anonymous(16) +} +*/ + +typedef struct TicketFlags { + unsigned int reserved:1; + unsigned int forwardable:1; + unsigned int forwarded:1; + unsigned int proxiable:1; + unsigned int proxy:1; + unsigned int may_postdate:1; + unsigned int postdated:1; + unsigned int invalid:1; + unsigned int renewable:1; + unsigned int initial:1; + unsigned int pre_authent:1; + unsigned int hw_authent:1; + unsigned int transited_policy_checked:1; + unsigned int ok_as_delegate:1; + unsigned int _unused14:1; + unsigned int enc_pa_rep:1; + unsigned int anonymous:1; + unsigned int _unused17:1; + unsigned int _unused18:1; + unsigned int _unused19:1; + unsigned int _unused20:1; + unsigned int _unused21:1; + unsigned int _unused22:1; + unsigned int _unused23:1; + unsigned int _unused24:1; + unsigned int _unused25:1; + unsigned int _unused26:1; + unsigned int _unused27:1; + unsigned int _unused28:1; + unsigned int _unused29:1; + unsigned int _unused30:1; + unsigned int _unused31:1; +} TicketFlags; + + +unsigned TicketFlags2int(TicketFlags); +TicketFlags int2TicketFlags(unsigned); +const struct units * asn1_TicketFlags_units(void); +ASN1EXP int ASN1CALL decode_TicketFlags(const unsigned char *, size_t, TicketFlags *, size_t *); +ASN1EXP int ASN1CALL encode_TicketFlags(unsigned char *, size_t, const TicketFlags *, size_t *); +ASN1EXP size_t ASN1CALL length_TicketFlags(const TicketFlags *); +ASN1EXP int ASN1CALL copy_TicketFlags (const TicketFlags *, TicketFlags *); +ASN1EXP void ASN1CALL free_TicketFlags (TicketFlags *); + + +/* +KDCOptions ::= BIT STRING { + reserved(0), + forwardable(1), + forwarded(2), + proxiable(3), + proxy(4), + allow-postdate(5), + postdated(6), + renewable(8), + cname-in-addl-tkt(14), + canonicalize(15), + request-anonymous(16), + disable-transited-check(26), + renewable-ok(27), + enc-tkt-in-skey(28), + renew(30), + validate(31) +} +*/ + +typedef struct KDCOptions { + unsigned int reserved:1; + unsigned int forwardable:1; + unsigned int forwarded:1; + unsigned int proxiable:1; + unsigned int proxy:1; + unsigned int allow_postdate:1; + unsigned int postdated:1; + unsigned int _unused7:1; + unsigned int renewable:1; + unsigned int _unused9:1; + unsigned int _unused10:1; + unsigned int _unused11:1; + unsigned int _unused12:1; + unsigned int _unused13:1; + unsigned int cname_in_addl_tkt:1; + unsigned int canonicalize:1; + unsigned int request_anonymous:1; + unsigned int _unused17:1; + unsigned int _unused18:1; + unsigned int _unused19:1; + unsigned int _unused20:1; + unsigned int _unused21:1; + unsigned int _unused22:1; + unsigned int _unused23:1; + unsigned int _unused24:1; + unsigned int _unused25:1; + unsigned int disable_transited_check:1; + unsigned int renewable_ok:1; + unsigned int enc_tkt_in_skey:1; + unsigned int _unused29:1; + unsigned int renew:1; + unsigned int validate:1; +} KDCOptions; + + +unsigned KDCOptions2int(KDCOptions); +KDCOptions int2KDCOptions(unsigned); +const struct units * asn1_KDCOptions_units(void); +ASN1EXP int ASN1CALL decode_KDCOptions(const unsigned char *, size_t, KDCOptions *, size_t *); +ASN1EXP int ASN1CALL encode_KDCOptions(unsigned char *, size_t, const KDCOptions *, size_t *); +ASN1EXP size_t ASN1CALL length_KDCOptions(const KDCOptions *); +ASN1EXP int ASN1CALL copy_KDCOptions (const KDCOptions *, KDCOptions *); +ASN1EXP void ASN1CALL free_KDCOptions (KDCOptions *); + + +/* +LR-TYPE ::= INTEGER { + LR_NONE(0), + LR_INITIAL_TGT(1), + LR_INITIAL(2), + LR_ISSUE_USE_TGT(3), + LR_RENEWAL(4), + LR_REQUEST(5), + LR_PW_EXPTIME(6), + LR_ACCT_EXPTIME(7) +} +*/ + +typedef enum LR_TYPE { + LR_NONE = 0, + LR_INITIAL_TGT = 1, + LR_INITIAL = 2, + LR_ISSUE_USE_TGT = 3, + LR_RENEWAL = 4, + LR_REQUEST = 5, + LR_PW_EXPTIME = 6, + LR_ACCT_EXPTIME = 7 +} LR_TYPE; + +ASN1EXP int ASN1CALL decode_LR_TYPE(const unsigned char *, size_t, LR_TYPE *, size_t *); +ASN1EXP int ASN1CALL encode_LR_TYPE(unsigned char *, size_t, const LR_TYPE *, size_t *); +ASN1EXP size_t ASN1CALL length_LR_TYPE(const LR_TYPE *); +ASN1EXP int ASN1CALL copy_LR_TYPE (const LR_TYPE *, LR_TYPE *); +ASN1EXP void ASN1CALL free_LR_TYPE (LR_TYPE *); + + +/* +LastReq ::= SEQUENCE OF SEQUENCE { + lr-type [0] LR-TYPE, + lr-value [1] KerberosTime, +} +*/ + +typedef struct LastReq { + unsigned int len; + struct LastReq_val { + LR_TYPE lr_type; + KerberosTime lr_value; + } *val; +} LastReq; + +ASN1EXP int ASN1CALL decode_LastReq(const unsigned char *, size_t, LastReq *, size_t *); +ASN1EXP int ASN1CALL encode_LastReq(unsigned char *, size_t, const LastReq *, size_t *); +ASN1EXP size_t ASN1CALL length_LastReq(const LastReq *); +ASN1EXP int ASN1CALL copy_LastReq (const LastReq *, LastReq *); +ASN1EXP void ASN1CALL free_LastReq (LastReq *); + + +/* +EncryptedData ::= SEQUENCE { + etype [0] ENCTYPE, + kvno [1] krb5int32 OPTIONAL, + cipher [2] OCTET STRING, +} +*/ + +typedef struct EncryptedData { + ENCTYPE etype; + krb5int32 *kvno; + heim_octet_string cipher; +} EncryptedData; + +ASN1EXP int ASN1CALL decode_EncryptedData(const unsigned char *, size_t, EncryptedData *, size_t *); +ASN1EXP int ASN1CALL encode_EncryptedData(unsigned char *, size_t, const EncryptedData *, size_t *); +ASN1EXP size_t ASN1CALL length_EncryptedData(const EncryptedData *); +ASN1EXP int ASN1CALL copy_EncryptedData (const EncryptedData *, EncryptedData *); +ASN1EXP void ASN1CALL free_EncryptedData (EncryptedData *); + + +/* +EncryptionKey ::= SEQUENCE { + keytype [0] krb5int32, + keyvalue [1] OCTET STRING, +} +*/ + +typedef struct EncryptionKey { + krb5int32 keytype; + heim_octet_string keyvalue; +} EncryptionKey; + +ASN1EXP int ASN1CALL decode_EncryptionKey(const unsigned char *, size_t, EncryptionKey *, size_t *); +ASN1EXP int ASN1CALL encode_EncryptionKey(unsigned char *, size_t, const EncryptionKey *, size_t *); +ASN1EXP size_t ASN1CALL length_EncryptionKey(const EncryptionKey *); +ASN1EXP int ASN1CALL copy_EncryptionKey (const EncryptionKey *, EncryptionKey *); +ASN1EXP void ASN1CALL free_EncryptionKey (EncryptionKey *); + + +/* +TransitedEncoding ::= SEQUENCE { + tr-type [0] krb5int32, + contents [1] OCTET STRING, +} +*/ + +typedef struct TransitedEncoding { + krb5int32 tr_type; + heim_octet_string contents; +} TransitedEncoding; + +ASN1EXP int ASN1CALL decode_TransitedEncoding(const unsigned char *, size_t, TransitedEncoding *, size_t *); +ASN1EXP int ASN1CALL encode_TransitedEncoding(unsigned char *, size_t, const TransitedEncoding *, size_t *); +ASN1EXP size_t ASN1CALL length_TransitedEncoding(const TransitedEncoding *); +ASN1EXP int ASN1CALL copy_TransitedEncoding (const TransitedEncoding *, TransitedEncoding *); +ASN1EXP void ASN1CALL free_TransitedEncoding (TransitedEncoding *); + + +/* +Ticket ::= [APPLICATION 1] SEQUENCE { + tkt-vno [0] krb5int32, + realm [1] Realm, + sname [2] PrincipalName, + enc-part [3] EncryptedData, +} +*/ + +typedef struct Ticket { + krb5int32 tkt_vno; + Realm realm; + PrincipalName sname; + EncryptedData enc_part; +} Ticket; + +ASN1EXP int ASN1CALL decode_Ticket(const unsigned char *, size_t, Ticket *, size_t *); +ASN1EXP int ASN1CALL encode_Ticket(unsigned char *, size_t, const Ticket *, size_t *); +ASN1EXP size_t ASN1CALL length_Ticket(const Ticket *); +ASN1EXP int ASN1CALL copy_Ticket (const Ticket *, Ticket *); +ASN1EXP void ASN1CALL free_Ticket (Ticket *); + + +/* +EncTicketPart ::= [APPLICATION 3] SEQUENCE { + flags [0] TicketFlags, + key [1] EncryptionKey, + crealm [2] Realm, + cname [3] PrincipalName, + transited [4] TransitedEncoding, + authtime [5] KerberosTime, + starttime [6] KerberosTime OPTIONAL, + endtime [7] KerberosTime, + renew-till [8] KerberosTime OPTIONAL, + caddr [9] HostAddresses OPTIONAL, + authorization-data [10] AuthorizationData OPTIONAL, +} +*/ + +typedef struct EncTicketPart { + TicketFlags flags; + EncryptionKey key; + Realm crealm; + PrincipalName cname; + TransitedEncoding transited; + KerberosTime authtime; + KerberosTime *starttime; + KerberosTime endtime; + KerberosTime *renew_till; + HostAddresses *caddr; + AuthorizationData *authorization_data; +} EncTicketPart; + +ASN1EXP int ASN1CALL decode_EncTicketPart(const unsigned char *, size_t, EncTicketPart *, size_t *); +ASN1EXP int ASN1CALL encode_EncTicketPart(unsigned char *, size_t, const EncTicketPart *, size_t *); +ASN1EXP size_t ASN1CALL length_EncTicketPart(const EncTicketPart *); +ASN1EXP int ASN1CALL copy_EncTicketPart (const EncTicketPart *, EncTicketPart *); +ASN1EXP void ASN1CALL free_EncTicketPart (EncTicketPart *); + + +/* +Checksum ::= SEQUENCE { + cksumtype [0] CKSUMTYPE, + checksum [1] OCTET STRING, +} +*/ + +typedef struct Checksum { + CKSUMTYPE cksumtype; + heim_octet_string checksum; +} Checksum; + +ASN1EXP int ASN1CALL decode_Checksum(const unsigned char *, size_t, Checksum *, size_t *); +ASN1EXP int ASN1CALL encode_Checksum(unsigned char *, size_t, const Checksum *, size_t *); +ASN1EXP size_t ASN1CALL length_Checksum(const Checksum *); +ASN1EXP int ASN1CALL copy_Checksum (const Checksum *, Checksum *); +ASN1EXP void ASN1CALL free_Checksum (Checksum *); + + +/* +Authenticator ::= [APPLICATION 2] SEQUENCE { + authenticator-vno [0] krb5int32, + crealm [1] Realm, + cname [2] PrincipalName, + cksum [3] Checksum OPTIONAL, + cusec [4] krb5int32, + ctime [5] KerberosTime, + subkey [6] EncryptionKey OPTIONAL, + seq-number [7] krb5uint32 OPTIONAL, + authorization-data [8] AuthorizationData OPTIONAL, +} +*/ + +typedef struct Authenticator { + krb5int32 authenticator_vno; + Realm crealm; + PrincipalName cname; + Checksum *cksum; + krb5int32 cusec; + KerberosTime ctime; + EncryptionKey *subkey; + krb5uint32 *seq_number; + AuthorizationData *authorization_data; +} Authenticator; + +ASN1EXP int ASN1CALL decode_Authenticator(const unsigned char *, size_t, Authenticator *, size_t *); +ASN1EXP int ASN1CALL encode_Authenticator(unsigned char *, size_t, const Authenticator *, size_t *); +ASN1EXP size_t ASN1CALL length_Authenticator(const Authenticator *); +ASN1EXP int ASN1CALL copy_Authenticator (const Authenticator *, Authenticator *); +ASN1EXP void ASN1CALL free_Authenticator (Authenticator *); + + +/* +PA-DATA ::= SEQUENCE { + padata-type [1] PADATA-TYPE, + padata-value [2] OCTET STRING, +} +*/ + +typedef struct PA_DATA { + PADATA_TYPE padata_type; + heim_octet_string padata_value; +} PA_DATA; + +ASN1EXP int ASN1CALL decode_PA_DATA(const unsigned char *, size_t, PA_DATA *, size_t *); +ASN1EXP int ASN1CALL encode_PA_DATA(unsigned char *, size_t, const PA_DATA *, size_t *); +ASN1EXP size_t ASN1CALL length_PA_DATA(const PA_DATA *); +ASN1EXP int ASN1CALL copy_PA_DATA (const PA_DATA *, PA_DATA *); +ASN1EXP void ASN1CALL free_PA_DATA (PA_DATA *); + + +/* +ETYPE-INFO-ENTRY ::= SEQUENCE { + etype [0] ENCTYPE, + salt [1] OCTET STRING OPTIONAL, + salttype [2] krb5int32 OPTIONAL, +} +*/ + +typedef struct ETYPE_INFO_ENTRY { + ENCTYPE etype; + heim_octet_string *salt; + krb5int32 *salttype; +} ETYPE_INFO_ENTRY; + +ASN1EXP int ASN1CALL decode_ETYPE_INFO_ENTRY(const unsigned char *, size_t, ETYPE_INFO_ENTRY *, size_t *); +ASN1EXP int ASN1CALL encode_ETYPE_INFO_ENTRY(unsigned char *, size_t, const ETYPE_INFO_ENTRY *, size_t *); +ASN1EXP size_t ASN1CALL length_ETYPE_INFO_ENTRY(const ETYPE_INFO_ENTRY *); +ASN1EXP int ASN1CALL copy_ETYPE_INFO_ENTRY (const ETYPE_INFO_ENTRY *, ETYPE_INFO_ENTRY *); +ASN1EXP void ASN1CALL free_ETYPE_INFO_ENTRY (ETYPE_INFO_ENTRY *); + + +/* +ETYPE-INFO ::= SEQUENCE OF ETYPE-INFO-ENTRY +*/ + +typedef struct ETYPE_INFO { + unsigned int len; + ETYPE_INFO_ENTRY *val; +} ETYPE_INFO; + +ASN1EXP int ASN1CALL add_ETYPE_INFO (ETYPE_INFO *, const ETYPE_INFO_ENTRY *); +ASN1EXP int ASN1CALL remove_ETYPE_INFO (ETYPE_INFO *, unsigned int); +ASN1EXP int ASN1CALL decode_ETYPE_INFO(const unsigned char *, size_t, ETYPE_INFO *, size_t *); +ASN1EXP int ASN1CALL encode_ETYPE_INFO(unsigned char *, size_t, const ETYPE_INFO *, size_t *); +ASN1EXP size_t ASN1CALL length_ETYPE_INFO(const ETYPE_INFO *); +ASN1EXP int ASN1CALL copy_ETYPE_INFO (const ETYPE_INFO *, ETYPE_INFO *); +ASN1EXP void ASN1CALL free_ETYPE_INFO (ETYPE_INFO *); + + +/* +ETYPE-INFO2-ENTRY ::= SEQUENCE { + etype [0] ENCTYPE, + salt [1] KerberosString OPTIONAL, + s2kparams [2] OCTET STRING OPTIONAL, +} +*/ + +typedef struct ETYPE_INFO2_ENTRY { + ENCTYPE etype; + KerberosString *salt; + heim_octet_string *s2kparams; +} ETYPE_INFO2_ENTRY; + +ASN1EXP int ASN1CALL decode_ETYPE_INFO2_ENTRY(const unsigned char *, size_t, ETYPE_INFO2_ENTRY *, size_t *); +ASN1EXP int ASN1CALL encode_ETYPE_INFO2_ENTRY(unsigned char *, size_t, const ETYPE_INFO2_ENTRY *, size_t *); +ASN1EXP size_t ASN1CALL length_ETYPE_INFO2_ENTRY(const ETYPE_INFO2_ENTRY *); +ASN1EXP int ASN1CALL copy_ETYPE_INFO2_ENTRY (const ETYPE_INFO2_ENTRY *, ETYPE_INFO2_ENTRY *); +ASN1EXP void ASN1CALL free_ETYPE_INFO2_ENTRY (ETYPE_INFO2_ENTRY *); + + +/* +ETYPE-INFO2 ::= SEQUENCE OF ETYPE-INFO2-ENTRY +*/ + +typedef struct ETYPE_INFO2 { + unsigned int len; + ETYPE_INFO2_ENTRY *val; +} ETYPE_INFO2; + +ASN1EXP int ASN1CALL add_ETYPE_INFO2 (ETYPE_INFO2 *, const ETYPE_INFO2_ENTRY *); +ASN1EXP int ASN1CALL remove_ETYPE_INFO2 (ETYPE_INFO2 *, unsigned int); +ASN1EXP int ASN1CALL decode_ETYPE_INFO2(const unsigned char *, size_t, ETYPE_INFO2 *, size_t *); +ASN1EXP int ASN1CALL encode_ETYPE_INFO2(unsigned char *, size_t, const ETYPE_INFO2 *, size_t *); +ASN1EXP size_t ASN1CALL length_ETYPE_INFO2(const ETYPE_INFO2 *); +ASN1EXP int ASN1CALL copy_ETYPE_INFO2 (const ETYPE_INFO2 *, ETYPE_INFO2 *); +ASN1EXP void ASN1CALL free_ETYPE_INFO2 (ETYPE_INFO2 *); + + +/* +METHOD-DATA ::= SEQUENCE OF PA-DATA +*/ + +typedef struct METHOD_DATA { + unsigned int len; + PA_DATA *val; +} METHOD_DATA; + +ASN1EXP int ASN1CALL add_METHOD_DATA (METHOD_DATA *, const PA_DATA *); +ASN1EXP int ASN1CALL remove_METHOD_DATA (METHOD_DATA *, unsigned int); +ASN1EXP int ASN1CALL decode_METHOD_DATA(const unsigned char *, size_t, METHOD_DATA *, size_t *); +ASN1EXP int ASN1CALL encode_METHOD_DATA(unsigned char *, size_t, const METHOD_DATA *, size_t *); +ASN1EXP size_t ASN1CALL length_METHOD_DATA(const METHOD_DATA *); +ASN1EXP int ASN1CALL copy_METHOD_DATA (const METHOD_DATA *, METHOD_DATA *); +ASN1EXP void ASN1CALL free_METHOD_DATA (METHOD_DATA *); + + +/* +TypedData ::= SEQUENCE { + data-type [0] krb5int32, + data-value [1] OCTET STRING OPTIONAL, +} +*/ + +typedef struct TypedData { + krb5int32 data_type; + heim_octet_string *data_value; +} TypedData; + +ASN1EXP int ASN1CALL decode_TypedData(const unsigned char *, size_t, TypedData *, size_t *); +ASN1EXP int ASN1CALL encode_TypedData(unsigned char *, size_t, const TypedData *, size_t *); +ASN1EXP size_t ASN1CALL length_TypedData(const TypedData *); +ASN1EXP int ASN1CALL copy_TypedData (const TypedData *, TypedData *); +ASN1EXP void ASN1CALL free_TypedData (TypedData *); + + +/* +TYPED-DATA ::= SEQUENCE OF TypedData +*/ + +typedef struct TYPED_DATA { + unsigned int len; + TypedData *val; +} TYPED_DATA; + +/* +KDC-REQ-BODY ::= SEQUENCE { + kdc-options [0] KDCOptions, + cname [1] PrincipalName OPTIONAL, + realm [2] Realm, + sname [3] PrincipalName OPTIONAL, + from [4] KerberosTime OPTIONAL, + till [5] KerberosTime OPTIONAL, + rtime [6] KerberosTime OPTIONAL, + nonce [7] krb5int32, + etype [8] SEQUENCE OF ENCTYPE, + addresses [9] HostAddresses OPTIONAL, + enc-authorization-data [10] EncryptedData OPTIONAL, + additional-tickets [11] SEQUENCE OF Ticket OPTIONAL, +} +*/ + +typedef struct KDC_REQ_BODY { + KDCOptions kdc_options; + PrincipalName *cname; + Realm realm; + PrincipalName *sname; + KerberosTime *from; + KerberosTime *till; + KerberosTime *rtime; + krb5int32 nonce; + struct KDC_REQ_BODY_etype { + unsigned int len; + ENCTYPE *val; + } etype; + HostAddresses *addresses; + EncryptedData *enc_authorization_data; + struct KDC_REQ_BODY_additional_tickets { + unsigned int len; + Ticket *val; + } *additional_tickets; +} KDC_REQ_BODY; + +ASN1EXP int ASN1CALL decode_KDC_REQ_BODY(const unsigned char *, size_t, KDC_REQ_BODY *, size_t *); +ASN1EXP int ASN1CALL encode_KDC_REQ_BODY(unsigned char *, size_t, const KDC_REQ_BODY *, size_t *); +ASN1EXP size_t ASN1CALL length_KDC_REQ_BODY(const KDC_REQ_BODY *); +ASN1EXP int ASN1CALL copy_KDC_REQ_BODY (const KDC_REQ_BODY *, KDC_REQ_BODY *); +ASN1EXP void ASN1CALL free_KDC_REQ_BODY (KDC_REQ_BODY *); + + +/* +KDC-REQ ::= SEQUENCE { + pvno [1] krb5int32, + msg-type [2] MESSAGE-TYPE, + padata [3] METHOD-DATA OPTIONAL, + req-body [4] KDC-REQ-BODY, +} +*/ + +typedef struct KDC_REQ { + krb5int32 pvno; + MESSAGE_TYPE msg_type; + METHOD_DATA *padata; + KDC_REQ_BODY req_body; +} KDC_REQ; + +/* +AS-REQ ::= [APPLICATION 10] KDC-REQ +*/ + +typedef KDC_REQ AS_REQ; + +ASN1EXP int ASN1CALL decode_AS_REQ(const unsigned char *, size_t, AS_REQ *, size_t *); +ASN1EXP int ASN1CALL encode_AS_REQ(unsigned char *, size_t, const AS_REQ *, size_t *); +ASN1EXP size_t ASN1CALL length_AS_REQ(const AS_REQ *); +ASN1EXP int ASN1CALL copy_AS_REQ (const AS_REQ *, AS_REQ *); +ASN1EXP void ASN1CALL free_AS_REQ (AS_REQ *); + + +/* +TGS-REQ ::= [APPLICATION 12] KDC-REQ +*/ + +typedef KDC_REQ TGS_REQ; + +ASN1EXP int ASN1CALL decode_TGS_REQ(const unsigned char *, size_t, TGS_REQ *, size_t *); +ASN1EXP int ASN1CALL encode_TGS_REQ(unsigned char *, size_t, const TGS_REQ *, size_t *); +ASN1EXP size_t ASN1CALL length_TGS_REQ(const TGS_REQ *); +ASN1EXP int ASN1CALL copy_TGS_REQ (const TGS_REQ *, TGS_REQ *); +ASN1EXP void ASN1CALL free_TGS_REQ (TGS_REQ *); + + +/* +PA-ENC-TS-ENC ::= SEQUENCE { + patimestamp [0] KerberosTime, + pausec [1] krb5int32 OPTIONAL, +} +*/ + +typedef struct PA_ENC_TS_ENC { + KerberosTime patimestamp; + krb5int32 *pausec; +} PA_ENC_TS_ENC; + +ASN1EXP int ASN1CALL decode_PA_ENC_TS_ENC(const unsigned char *, size_t, PA_ENC_TS_ENC *, size_t *); +ASN1EXP int ASN1CALL encode_PA_ENC_TS_ENC(unsigned char *, size_t, const PA_ENC_TS_ENC *, size_t *); +ASN1EXP size_t ASN1CALL length_PA_ENC_TS_ENC(const PA_ENC_TS_ENC *); +ASN1EXP int ASN1CALL copy_PA_ENC_TS_ENC (const PA_ENC_TS_ENC *, PA_ENC_TS_ENC *); +ASN1EXP void ASN1CALL free_PA_ENC_TS_ENC (PA_ENC_TS_ENC *); + + +/* +PA-PAC-REQUEST ::= SEQUENCE { + include-pac [0] BOOLEAN, +} +*/ + +typedef struct PA_PAC_REQUEST { + int include_pac; +} PA_PAC_REQUEST; + +ASN1EXP int ASN1CALL decode_PA_PAC_REQUEST(const unsigned char *, size_t, PA_PAC_REQUEST *, size_t *); +ASN1EXP int ASN1CALL encode_PA_PAC_REQUEST(unsigned char *, size_t, const PA_PAC_REQUEST *, size_t *); +ASN1EXP size_t ASN1CALL length_PA_PAC_REQUEST(const PA_PAC_REQUEST *); +ASN1EXP int ASN1CALL copy_PA_PAC_REQUEST (const PA_PAC_REQUEST *, PA_PAC_REQUEST *); +ASN1EXP void ASN1CALL free_PA_PAC_REQUEST (PA_PAC_REQUEST *); + + +/* +PROV-SRV-LOCATION ::= GeneralString +*/ + +typedef heim_general_string PROV_SRV_LOCATION; + +/* +KDC-REP ::= SEQUENCE { + pvno [0] krb5int32, + msg-type [1] MESSAGE-TYPE, + padata [2] METHOD-DATA OPTIONAL, + crealm [3] Realm, + cname [4] PrincipalName, + ticket [5] Ticket, + enc-part [6] EncryptedData, +} +*/ + +typedef struct KDC_REP { + krb5int32 pvno; + MESSAGE_TYPE msg_type; + METHOD_DATA *padata; + Realm crealm; + PrincipalName cname; + Ticket ticket; + EncryptedData enc_part; +} KDC_REP; + +ASN1EXP int ASN1CALL decode_KDC_REP(const unsigned char *, size_t, KDC_REP *, size_t *); +ASN1EXP int ASN1CALL encode_KDC_REP(unsigned char *, size_t, const KDC_REP *, size_t *); +ASN1EXP size_t ASN1CALL length_KDC_REP(const KDC_REP *); +ASN1EXP int ASN1CALL copy_KDC_REP (const KDC_REP *, KDC_REP *); +ASN1EXP void ASN1CALL free_KDC_REP (KDC_REP *); + + +/* +AS-REP ::= [APPLICATION 11] KDC-REP +*/ + +typedef KDC_REP AS_REP; + +ASN1EXP int ASN1CALL decode_AS_REP(const unsigned char *, size_t, AS_REP *, size_t *); +ASN1EXP int ASN1CALL encode_AS_REP(unsigned char *, size_t, const AS_REP *, size_t *); +ASN1EXP size_t ASN1CALL length_AS_REP(const AS_REP *); +ASN1EXP int ASN1CALL copy_AS_REP (const AS_REP *, AS_REP *); +ASN1EXP void ASN1CALL free_AS_REP (AS_REP *); + + +/* +TGS-REP ::= [APPLICATION 13] KDC-REP +*/ + +typedef KDC_REP TGS_REP; + +ASN1EXP int ASN1CALL decode_TGS_REP(const unsigned char *, size_t, TGS_REP *, size_t *); +ASN1EXP int ASN1CALL encode_TGS_REP(unsigned char *, size_t, const TGS_REP *, size_t *); +ASN1EXP size_t ASN1CALL length_TGS_REP(const TGS_REP *); +ASN1EXP int ASN1CALL copy_TGS_REP (const TGS_REP *, TGS_REP *); +ASN1EXP void ASN1CALL free_TGS_REP (TGS_REP *); + + +/* +EncKDCRepPart ::= SEQUENCE { + key [0] EncryptionKey, + last-req [1] LastReq, + nonce [2] krb5int32, + key-expiration [3] KerberosTime OPTIONAL, + flags [4] TicketFlags, + authtime [5] KerberosTime, + starttime [6] KerberosTime OPTIONAL, + endtime [7] KerberosTime, + renew-till [8] KerberosTime OPTIONAL, + srealm [9] Realm, + sname [10] PrincipalName, + caddr [11] HostAddresses OPTIONAL, + encrypted-pa-data [12] METHOD-DATA OPTIONAL, +} +*/ + +typedef struct EncKDCRepPart { + EncryptionKey key; + LastReq last_req; + krb5int32 nonce; + KerberosTime *key_expiration; + TicketFlags flags; + KerberosTime authtime; + KerberosTime *starttime; + KerberosTime endtime; + KerberosTime *renew_till; + Realm srealm; + PrincipalName sname; + HostAddresses *caddr; + METHOD_DATA *encrypted_pa_data; +} EncKDCRepPart; + +ASN1EXP int ASN1CALL decode_EncKDCRepPart(const unsigned char *, size_t, EncKDCRepPart *, size_t *); +ASN1EXP int ASN1CALL encode_EncKDCRepPart(unsigned char *, size_t, const EncKDCRepPart *, size_t *); +ASN1EXP size_t ASN1CALL length_EncKDCRepPart(const EncKDCRepPart *); +ASN1EXP int ASN1CALL copy_EncKDCRepPart (const EncKDCRepPart *, EncKDCRepPart *); +ASN1EXP void ASN1CALL free_EncKDCRepPart (EncKDCRepPart *); + + +/* +EncASRepPart ::= [APPLICATION 25] EncKDCRepPart +*/ + +typedef EncKDCRepPart EncASRepPart; + +ASN1EXP int ASN1CALL decode_EncASRepPart(const unsigned char *, size_t, EncASRepPart *, size_t *); +ASN1EXP int ASN1CALL encode_EncASRepPart(unsigned char *, size_t, const EncASRepPart *, size_t *); +ASN1EXP size_t ASN1CALL length_EncASRepPart(const EncASRepPart *); +ASN1EXP int ASN1CALL copy_EncASRepPart (const EncASRepPart *, EncASRepPart *); +ASN1EXP void ASN1CALL free_EncASRepPart (EncASRepPart *); + + +/* +EncTGSRepPart ::= [APPLICATION 26] EncKDCRepPart +*/ + +typedef EncKDCRepPart EncTGSRepPart; + +ASN1EXP int ASN1CALL decode_EncTGSRepPart(const unsigned char *, size_t, EncTGSRepPart *, size_t *); +ASN1EXP int ASN1CALL encode_EncTGSRepPart(unsigned char *, size_t, const EncTGSRepPart *, size_t *); +ASN1EXP size_t ASN1CALL length_EncTGSRepPart(const EncTGSRepPart *); +ASN1EXP int ASN1CALL copy_EncTGSRepPart (const EncTGSRepPart *, EncTGSRepPart *); +ASN1EXP void ASN1CALL free_EncTGSRepPart (EncTGSRepPart *); + + +/* +AP-REQ ::= [APPLICATION 14] SEQUENCE { + pvno [0] krb5int32, + msg-type [1] MESSAGE-TYPE, + ap-options [2] APOptions, + ticket [3] Ticket, + authenticator [4] EncryptedData, +} +*/ + +typedef struct AP_REQ { + krb5int32 pvno; + MESSAGE_TYPE msg_type; + APOptions ap_options; + Ticket ticket; + EncryptedData authenticator; +} AP_REQ; + +ASN1EXP int ASN1CALL decode_AP_REQ(const unsigned char *, size_t, AP_REQ *, size_t *); +ASN1EXP int ASN1CALL encode_AP_REQ(unsigned char *, size_t, const AP_REQ *, size_t *); +ASN1EXP size_t ASN1CALL length_AP_REQ(const AP_REQ *); +ASN1EXP int ASN1CALL copy_AP_REQ (const AP_REQ *, AP_REQ *); +ASN1EXP void ASN1CALL free_AP_REQ (AP_REQ *); + + +/* +AP-REP ::= [APPLICATION 15] SEQUENCE { + pvno [0] krb5int32, + msg-type [1] MESSAGE-TYPE, + enc-part [2] EncryptedData, +} +*/ + +typedef struct AP_REP { + krb5int32 pvno; + MESSAGE_TYPE msg_type; + EncryptedData enc_part; +} AP_REP; + +ASN1EXP int ASN1CALL decode_AP_REP(const unsigned char *, size_t, AP_REP *, size_t *); +ASN1EXP int ASN1CALL encode_AP_REP(unsigned char *, size_t, const AP_REP *, size_t *); +ASN1EXP size_t ASN1CALL length_AP_REP(const AP_REP *); +ASN1EXP int ASN1CALL copy_AP_REP (const AP_REP *, AP_REP *); +ASN1EXP void ASN1CALL free_AP_REP (AP_REP *); + + +/* +EncAPRepPart ::= [APPLICATION 27] SEQUENCE { + ctime [0] KerberosTime, + cusec [1] krb5int32, + subkey [2] EncryptionKey OPTIONAL, + seq-number [3] krb5uint32 OPTIONAL, +} +*/ + +typedef struct EncAPRepPart { + KerberosTime ctime; + krb5int32 cusec; + EncryptionKey *subkey; + krb5uint32 *seq_number; +} EncAPRepPart; + +ASN1EXP int ASN1CALL decode_EncAPRepPart(const unsigned char *, size_t, EncAPRepPart *, size_t *); +ASN1EXP int ASN1CALL encode_EncAPRepPart(unsigned char *, size_t, const EncAPRepPart *, size_t *); +ASN1EXP size_t ASN1CALL length_EncAPRepPart(const EncAPRepPart *); +ASN1EXP int ASN1CALL copy_EncAPRepPart (const EncAPRepPart *, EncAPRepPart *); +ASN1EXP void ASN1CALL free_EncAPRepPart (EncAPRepPart *); + + +/* +KRB-SAFE-BODY ::= SEQUENCE { + user-data [0] OCTET STRING, + timestamp [1] KerberosTime OPTIONAL, + usec [2] krb5int32 OPTIONAL, + seq-number [3] krb5uint32 OPTIONAL, + s-address [4] HostAddress OPTIONAL, + r-address [5] HostAddress OPTIONAL, +} +*/ + +typedef struct KRB_SAFE_BODY { + heim_octet_string user_data; + KerberosTime *timestamp; + krb5int32 *usec; + krb5uint32 *seq_number; + HostAddress *s_address; + HostAddress *r_address; +} KRB_SAFE_BODY; + +ASN1EXP int ASN1CALL decode_KRB_SAFE_BODY(const unsigned char *, size_t, KRB_SAFE_BODY *, size_t *); +ASN1EXP int ASN1CALL encode_KRB_SAFE_BODY(unsigned char *, size_t, const KRB_SAFE_BODY *, size_t *); +ASN1EXP size_t ASN1CALL length_KRB_SAFE_BODY(const KRB_SAFE_BODY *); +ASN1EXP int ASN1CALL copy_KRB_SAFE_BODY (const KRB_SAFE_BODY *, KRB_SAFE_BODY *); +ASN1EXP void ASN1CALL free_KRB_SAFE_BODY (KRB_SAFE_BODY *); + + +/* +KRB-SAFE ::= [APPLICATION 20] SEQUENCE { + pvno [0] krb5int32, + msg-type [1] MESSAGE-TYPE, + safe-body [2] KRB-SAFE-BODY, + cksum [3] Checksum, +} +*/ + +typedef struct KRB_SAFE { + krb5int32 pvno; + MESSAGE_TYPE msg_type; + KRB_SAFE_BODY safe_body; + Checksum cksum; +} KRB_SAFE; + +ASN1EXP int ASN1CALL decode_KRB_SAFE(const unsigned char *, size_t, KRB_SAFE *, size_t *); +ASN1EXP int ASN1CALL encode_KRB_SAFE(unsigned char *, size_t, const KRB_SAFE *, size_t *); +ASN1EXP size_t ASN1CALL length_KRB_SAFE(const KRB_SAFE *); +ASN1EXP int ASN1CALL copy_KRB_SAFE (const KRB_SAFE *, KRB_SAFE *); +ASN1EXP void ASN1CALL free_KRB_SAFE (KRB_SAFE *); + + +/* +KRB-PRIV ::= [APPLICATION 21] SEQUENCE { + pvno [0] krb5int32, + msg-type [1] MESSAGE-TYPE, + enc-part [3] EncryptedData, +} +*/ + +typedef struct KRB_PRIV { + krb5int32 pvno; + MESSAGE_TYPE msg_type; + EncryptedData enc_part; +} KRB_PRIV; + +ASN1EXP int ASN1CALL decode_KRB_PRIV(const unsigned char *, size_t, KRB_PRIV *, size_t *); +ASN1EXP int ASN1CALL encode_KRB_PRIV(unsigned char *, size_t, const KRB_PRIV *, size_t *); +ASN1EXP size_t ASN1CALL length_KRB_PRIV(const KRB_PRIV *); +ASN1EXP int ASN1CALL copy_KRB_PRIV (const KRB_PRIV *, KRB_PRIV *); +ASN1EXP void ASN1CALL free_KRB_PRIV (KRB_PRIV *); + + +/* +EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE { + user-data [0] OCTET STRING, + timestamp [1] KerberosTime OPTIONAL, + usec [2] krb5int32 OPTIONAL, + seq-number [3] krb5uint32 OPTIONAL, + s-address [4] HostAddress OPTIONAL, + r-address [5] HostAddress OPTIONAL, +} +*/ + +typedef struct EncKrbPrivPart { + heim_octet_string user_data; + KerberosTime *timestamp; + krb5int32 *usec; + krb5uint32 *seq_number; + HostAddress *s_address; + HostAddress *r_address; +} EncKrbPrivPart; + +ASN1EXP int ASN1CALL decode_EncKrbPrivPart(const unsigned char *, size_t, EncKrbPrivPart *, size_t *); +ASN1EXP int ASN1CALL encode_EncKrbPrivPart(unsigned char *, size_t, const EncKrbPrivPart *, size_t *); +ASN1EXP size_t ASN1CALL length_EncKrbPrivPart(const EncKrbPrivPart *); +ASN1EXP int ASN1CALL copy_EncKrbPrivPart (const EncKrbPrivPart *, EncKrbPrivPart *); +ASN1EXP void ASN1CALL free_EncKrbPrivPart (EncKrbPrivPart *); + + +/* +KRB-CRED ::= [APPLICATION 22] SEQUENCE { + pvno [0] krb5int32, + msg-type [1] MESSAGE-TYPE, + tickets [2] SEQUENCE OF Ticket, + enc-part [3] EncryptedData, +} +*/ + +typedef struct KRB_CRED { + krb5int32 pvno; + MESSAGE_TYPE msg_type; + struct KRB_CRED_tickets { + unsigned int len; + Ticket *val; + } tickets; + EncryptedData enc_part; +} KRB_CRED; + +ASN1EXP int ASN1CALL decode_KRB_CRED(const unsigned char *, size_t, KRB_CRED *, size_t *); +ASN1EXP int ASN1CALL encode_KRB_CRED(unsigned char *, size_t, const KRB_CRED *, size_t *); +ASN1EXP size_t ASN1CALL length_KRB_CRED(const KRB_CRED *); +ASN1EXP int ASN1CALL copy_KRB_CRED (const KRB_CRED *, KRB_CRED *); +ASN1EXP void ASN1CALL free_KRB_CRED (KRB_CRED *); + + +/* +KrbCredInfo ::= SEQUENCE { + key [0] EncryptionKey, + prealm [1] Realm OPTIONAL, + pname [2] PrincipalName OPTIONAL, + flags [3] TicketFlags OPTIONAL, + authtime [4] KerberosTime OPTIONAL, + starttime [5] KerberosTime OPTIONAL, + endtime [6] KerberosTime OPTIONAL, + renew-till [7] KerberosTime OPTIONAL, + srealm [8] Realm OPTIONAL, + sname [9] PrincipalName OPTIONAL, + caddr [10] HostAddresses OPTIONAL, +} +*/ + +typedef struct KrbCredInfo { + EncryptionKey key; + Realm *prealm; + PrincipalName *pname; + TicketFlags *flags; + KerberosTime *authtime; + KerberosTime *starttime; + KerberosTime *endtime; + KerberosTime *renew_till; + Realm *srealm; + PrincipalName *sname; + HostAddresses *caddr; +} KrbCredInfo; + +ASN1EXP int ASN1CALL decode_KrbCredInfo(const unsigned char *, size_t, KrbCredInfo *, size_t *); +ASN1EXP int ASN1CALL encode_KrbCredInfo(unsigned char *, size_t, const KrbCredInfo *, size_t *); +ASN1EXP size_t ASN1CALL length_KrbCredInfo(const KrbCredInfo *); +ASN1EXP int ASN1CALL copy_KrbCredInfo (const KrbCredInfo *, KrbCredInfo *); +ASN1EXP void ASN1CALL free_KrbCredInfo (KrbCredInfo *); + + +/* +EncKrbCredPart ::= [APPLICATION 29] SEQUENCE { + ticket-info [0] SEQUENCE OF KrbCredInfo, + nonce [1] krb5int32 OPTIONAL, + timestamp [2] KerberosTime OPTIONAL, + usec [3] krb5int32 OPTIONAL, + s-address [4] HostAddress OPTIONAL, + r-address [5] HostAddress OPTIONAL, +} +*/ + +typedef struct EncKrbCredPart { + struct EncKrbCredPart_ticket_info { + unsigned int len; + KrbCredInfo *val; + } ticket_info; + krb5int32 *nonce; + KerberosTime *timestamp; + krb5int32 *usec; + HostAddress *s_address; + HostAddress *r_address; +} EncKrbCredPart; + +ASN1EXP int ASN1CALL decode_EncKrbCredPart(const unsigned char *, size_t, EncKrbCredPart *, size_t *); +ASN1EXP int ASN1CALL encode_EncKrbCredPart(unsigned char *, size_t, const EncKrbCredPart *, size_t *); +ASN1EXP size_t ASN1CALL length_EncKrbCredPart(const EncKrbCredPart *); +ASN1EXP int ASN1CALL copy_EncKrbCredPart (const EncKrbCredPart *, EncKrbCredPart *); +ASN1EXP void ASN1CALL free_EncKrbCredPart (EncKrbCredPart *); + + +/* +KRB-ERROR ::= [APPLICATION 30] SEQUENCE { + pvno [0] krb5int32, + msg-type [1] MESSAGE-TYPE, + ctime [2] KerberosTime OPTIONAL, + cusec [3] krb5int32 OPTIONAL, + stime [4] KerberosTime, + susec [5] krb5int32, + error-code [6] krb5int32, + crealm [7] Realm OPTIONAL, + cname [8] PrincipalName OPTIONAL, + realm [9] Realm, + sname [10] PrincipalName, + e-text [11] GeneralString OPTIONAL, + e-data [12] OCTET STRING OPTIONAL, +} +*/ + +typedef struct KRB_ERROR { + krb5int32 pvno; + MESSAGE_TYPE msg_type; + KerberosTime *ctime; + krb5int32 *cusec; + KerberosTime stime; + krb5int32 susec; + krb5int32 error_code; + Realm *crealm; + PrincipalName *cname; + Realm realm; + PrincipalName sname; + heim_general_string *e_text; + heim_octet_string *e_data; +} KRB_ERROR; + +ASN1EXP int ASN1CALL decode_KRB_ERROR(const unsigned char *, size_t, KRB_ERROR *, size_t *); +ASN1EXP int ASN1CALL encode_KRB_ERROR(unsigned char *, size_t, const KRB_ERROR *, size_t *); +ASN1EXP size_t ASN1CALL length_KRB_ERROR(const KRB_ERROR *); +ASN1EXP int ASN1CALL copy_KRB_ERROR (const KRB_ERROR *, KRB_ERROR *); +ASN1EXP void ASN1CALL free_KRB_ERROR (KRB_ERROR *); + + +/* +ChangePasswdDataMS ::= SEQUENCE { + newpasswd [0] OCTET STRING, + targname [1] PrincipalName OPTIONAL, + targrealm [2] Realm OPTIONAL, +} +*/ + +typedef struct ChangePasswdDataMS { + heim_octet_string newpasswd; + PrincipalName *targname; + Realm *targrealm; +} ChangePasswdDataMS; + +ASN1EXP int ASN1CALL decode_ChangePasswdDataMS(const unsigned char *, size_t, ChangePasswdDataMS *, size_t *); +ASN1EXP int ASN1CALL encode_ChangePasswdDataMS(unsigned char *, size_t, const ChangePasswdDataMS *, size_t *); +ASN1EXP size_t ASN1CALL length_ChangePasswdDataMS(const ChangePasswdDataMS *); +ASN1EXP int ASN1CALL copy_ChangePasswdDataMS (const ChangePasswdDataMS *, ChangePasswdDataMS *); +ASN1EXP void ASN1CALL free_ChangePasswdDataMS (ChangePasswdDataMS *); + + +/* +EtypeList ::= SEQUENCE OF ENCTYPE +*/ + +typedef struct EtypeList { + unsigned int len; + ENCTYPE *val; +} EtypeList; + +ASN1EXP int ASN1CALL decode_EtypeList(const unsigned char *, size_t, EtypeList *, size_t *); +ASN1EXP int ASN1CALL encode_EtypeList(unsigned char *, size_t, const EtypeList *, size_t *); +ASN1EXP size_t ASN1CALL length_EtypeList(const EtypeList *); +ASN1EXP int ASN1CALL copy_EtypeList (const EtypeList *, EtypeList *); +ASN1EXP void ASN1CALL free_EtypeList (EtypeList *); + + +enum { krb5_pvno = 5 }; + +enum { DOMAIN_X500_COMPRESS = 1 }; + +/* +AD-IF-RELEVANT ::= AuthorizationData +*/ + +typedef AuthorizationData AD_IF_RELEVANT; + +ASN1EXP int ASN1CALL decode_AD_IF_RELEVANT(const unsigned char *, size_t, AD_IF_RELEVANT *, size_t *); +ASN1EXP int ASN1CALL encode_AD_IF_RELEVANT(unsigned char *, size_t, const AD_IF_RELEVANT *, size_t *); +ASN1EXP size_t ASN1CALL length_AD_IF_RELEVANT(const AD_IF_RELEVANT *); +ASN1EXP int ASN1CALL copy_AD_IF_RELEVANT (const AD_IF_RELEVANT *, AD_IF_RELEVANT *); +ASN1EXP void ASN1CALL free_AD_IF_RELEVANT (AD_IF_RELEVANT *); + + +/* +AD-KDCIssued ::= SEQUENCE { + ad-checksum [0] Checksum, + i-realm [1] Realm OPTIONAL, + i-sname [2] PrincipalName OPTIONAL, + elements [3] AuthorizationData, +} +*/ + +typedef struct AD_KDCIssued { + Checksum ad_checksum; + Realm *i_realm; + PrincipalName *i_sname; + AuthorizationData elements; +} AD_KDCIssued; + +ASN1EXP int ASN1CALL decode_AD_KDCIssued(const unsigned char *, size_t, AD_KDCIssued *, size_t *); +ASN1EXP int ASN1CALL encode_AD_KDCIssued(unsigned char *, size_t, const AD_KDCIssued *, size_t *); +ASN1EXP size_t ASN1CALL length_AD_KDCIssued(const AD_KDCIssued *); +ASN1EXP int ASN1CALL copy_AD_KDCIssued (const AD_KDCIssued *, AD_KDCIssued *); +ASN1EXP void ASN1CALL free_AD_KDCIssued (AD_KDCIssued *); + + +/* +AD-AND-OR ::= SEQUENCE { + condition-count [0] INTEGER, + elements [1] AuthorizationData, +} +*/ + +typedef struct AD_AND_OR { + heim_integer condition_count; + AuthorizationData elements; +} AD_AND_OR; + +ASN1EXP int ASN1CALL decode_AD_AND_OR(const unsigned char *, size_t, AD_AND_OR *, size_t *); +ASN1EXP int ASN1CALL encode_AD_AND_OR(unsigned char *, size_t, const AD_AND_OR *, size_t *); +ASN1EXP size_t ASN1CALL length_AD_AND_OR(const AD_AND_OR *); +ASN1EXP int ASN1CALL copy_AD_AND_OR (const AD_AND_OR *, AD_AND_OR *); +ASN1EXP void ASN1CALL free_AD_AND_OR (AD_AND_OR *); + + +/* +AD-MANDATORY-FOR-KDC ::= AuthorizationData +*/ + +typedef AuthorizationData AD_MANDATORY_FOR_KDC; + +/* +PA-SAM-TYPE ::= INTEGER { + PA_SAM_TYPE_ENIGMA(1), + PA_SAM_TYPE_DIGI_PATH(2), + PA_SAM_TYPE_SKEY_K0(3), + PA_SAM_TYPE_SKEY(4), + PA_SAM_TYPE_SECURID(5), + PA_SAM_TYPE_CRYPTOCARD(6) +} +*/ + +typedef enum PA_SAM_TYPE { + PA_SAM_TYPE_ENIGMA = 1, + PA_SAM_TYPE_DIGI_PATH = 2, + PA_SAM_TYPE_SKEY_K0 = 3, + PA_SAM_TYPE_SKEY = 4, + PA_SAM_TYPE_SECURID = 5, + PA_SAM_TYPE_CRYPTOCARD = 6 +} PA_SAM_TYPE; + +/* +PA-SAM-REDIRECT ::= HostAddresses +*/ + +typedef HostAddresses PA_SAM_REDIRECT; + +/* +SAMFlags ::= BIT STRING { + use-sad-as-key(0), + send-encrypted-sad(1), + must-pk-encrypt-sad(2) +} +*/ + +typedef struct SAMFlags { + unsigned int use_sad_as_key:1; + unsigned int send_encrypted_sad:1; + unsigned int must_pk_encrypt_sad:1; + unsigned int _unused3:1; + unsigned int _unused4:1; + unsigned int _unused5:1; + unsigned int _unused6:1; + unsigned int _unused7:1; + unsigned int _unused8:1; + unsigned int _unused9:1; + unsigned int _unused10:1; + unsigned int _unused11:1; + unsigned int _unused12:1; + unsigned int _unused13:1; + unsigned int _unused14:1; + unsigned int _unused15:1; + unsigned int _unused16:1; + unsigned int _unused17:1; + unsigned int _unused18:1; + unsigned int _unused19:1; + unsigned int _unused20:1; + unsigned int _unused21:1; + unsigned int _unused22:1; + unsigned int _unused23:1; + unsigned int _unused24:1; + unsigned int _unused25:1; + unsigned int _unused26:1; + unsigned int _unused27:1; + unsigned int _unused28:1; + unsigned int _unused29:1; + unsigned int _unused30:1; + unsigned int _unused31:1; +} SAMFlags; + + +unsigned SAMFlags2int(SAMFlags); +SAMFlags int2SAMFlags(unsigned); +const struct units * asn1_SAMFlags_units(void); +/* +PA-SAM-CHALLENGE-2-BODY ::= SEQUENCE { + sam-type [0] krb5int32, + sam-flags [1] SAMFlags, + sam-type-name [2] GeneralString OPTIONAL, + sam-track-id [3] GeneralString OPTIONAL, + sam-challenge-label [4] GeneralString OPTIONAL, + sam-challenge [5] GeneralString OPTIONAL, + sam-response-prompt [6] GeneralString OPTIONAL, + sam-pk-for-sad [7] EncryptionKey OPTIONAL, + sam-nonce [8] krb5int32, + sam-etype [9] krb5int32, + ..., +} +*/ + +typedef struct PA_SAM_CHALLENGE_2_BODY { + krb5int32 sam_type; + SAMFlags sam_flags; + heim_general_string *sam_type_name; + heim_general_string *sam_track_id; + heim_general_string *sam_challenge_label; + heim_general_string *sam_challenge; + heim_general_string *sam_response_prompt; + EncryptionKey *sam_pk_for_sad; + krb5int32 sam_nonce; + krb5int32 sam_etype; +} PA_SAM_CHALLENGE_2_BODY; + +/* +PA-SAM-CHALLENGE-2 ::= SEQUENCE { + sam-body [0] PA-SAM-CHALLENGE-2-BODY, + sam-cksum [1] SEQUENCE OF Checksum, + ..., +} +*/ + +typedef struct PA_SAM_CHALLENGE_2 { + PA_SAM_CHALLENGE_2_BODY sam_body; + struct PA_SAM_CHALLENGE_2_sam_cksum { + unsigned int len; + Checksum *val; + } sam_cksum; +} PA_SAM_CHALLENGE_2; + +/* +PA-SAM-RESPONSE-2 ::= SEQUENCE { + sam-type [0] krb5int32, + sam-flags [1] SAMFlags, + sam-track-id [2] GeneralString OPTIONAL, + sam-enc-nonce-or-sad [3] EncryptedData, + sam-nonce [4] krb5int32, + ..., +} +*/ + +typedef struct PA_SAM_RESPONSE_2 { + krb5int32 sam_type; + SAMFlags sam_flags; + heim_general_string *sam_track_id; + EncryptedData sam_enc_nonce_or_sad; + krb5int32 sam_nonce; +} PA_SAM_RESPONSE_2; + +/* +PA-ENC-SAM-RESPONSE-ENC ::= SEQUENCE { + sam-nonce [0] krb5int32, + sam-sad [1] GeneralString OPTIONAL, + ..., +} +*/ + +typedef struct PA_ENC_SAM_RESPONSE_ENC { + krb5int32 sam_nonce; + heim_general_string *sam_sad; +} PA_ENC_SAM_RESPONSE_ENC; + +/* +PA-S4U2Self ::= SEQUENCE { + name [0] PrincipalName, + realm [1] Realm, + cksum [2] Checksum, + auth [3] GeneralString, +} +*/ + +typedef struct PA_S4U2Self { + PrincipalName name; + Realm realm; + Checksum cksum; + heim_general_string auth; +} PA_S4U2Self; + +ASN1EXP int ASN1CALL decode_PA_S4U2Self(const unsigned char *, size_t, PA_S4U2Self *, size_t *); +ASN1EXP int ASN1CALL encode_PA_S4U2Self(unsigned char *, size_t, const PA_S4U2Self *, size_t *); +ASN1EXP size_t ASN1CALL length_PA_S4U2Self(const PA_S4U2Self *); +ASN1EXP int ASN1CALL copy_PA_S4U2Self (const PA_S4U2Self *, PA_S4U2Self *); +ASN1EXP void ASN1CALL free_PA_S4U2Self (PA_S4U2Self *); + + +/* +KRB5SignedPathData ::= SEQUENCE { + client [0] Principal OPTIONAL, + authtime [1] KerberosTime, + delegated [2] Principals OPTIONAL, + method_data [3] METHOD-DATA OPTIONAL, +} +*/ + +typedef struct KRB5SignedPathData { + Principal *client; + KerberosTime authtime; + Principals *delegated; + METHOD_DATA *method_data; +} KRB5SignedPathData; + +ASN1EXP int ASN1CALL decode_KRB5SignedPathData(const unsigned char *, size_t, KRB5SignedPathData *, size_t *); +ASN1EXP int ASN1CALL encode_KRB5SignedPathData(unsigned char *, size_t, const KRB5SignedPathData *, size_t *); +ASN1EXP size_t ASN1CALL length_KRB5SignedPathData(const KRB5SignedPathData *); +ASN1EXP int ASN1CALL copy_KRB5SignedPathData (const KRB5SignedPathData *, KRB5SignedPathData *); +ASN1EXP void ASN1CALL free_KRB5SignedPathData (KRB5SignedPathData *); + + +/* +KRB5SignedPath ::= SEQUENCE { + etype [0] ENCTYPE, + cksum [1] Checksum, + delegated [2] Principals OPTIONAL, + method_data [3] METHOD-DATA OPTIONAL, +} +*/ + +typedef struct KRB5SignedPath { + ENCTYPE etype; + Checksum cksum; + Principals *delegated; + METHOD_DATA *method_data; +} KRB5SignedPath; + +ASN1EXP int ASN1CALL decode_KRB5SignedPath(const unsigned char *, size_t, KRB5SignedPath *, size_t *); +ASN1EXP int ASN1CALL encode_KRB5SignedPath(unsigned char *, size_t, const KRB5SignedPath *, size_t *); +ASN1EXP size_t ASN1CALL length_KRB5SignedPath(const KRB5SignedPath *); +ASN1EXP int ASN1CALL copy_KRB5SignedPath (const KRB5SignedPath *, KRB5SignedPath *); +ASN1EXP void ASN1CALL free_KRB5SignedPath (KRB5SignedPath *); + + +/* +AD-LoginAlias ::= SEQUENCE { + login-alias [0] PrincipalName, + checksum [1] Checksum, +} +*/ + +typedef struct AD_LoginAlias { + PrincipalName login_alias; + Checksum checksum; +} AD_LoginAlias; + +ASN1EXP int ASN1CALL decode_AD_LoginAlias(const unsigned char *, size_t, AD_LoginAlias *, size_t *); +ASN1EXP int ASN1CALL encode_AD_LoginAlias(unsigned char *, size_t, const AD_LoginAlias *, size_t *); +ASN1EXP size_t ASN1CALL length_AD_LoginAlias(const AD_LoginAlias *); +ASN1EXP int ASN1CALL copy_AD_LoginAlias (const AD_LoginAlias *, AD_LoginAlias *); +ASN1EXP void ASN1CALL free_AD_LoginAlias (AD_LoginAlias *); + + +/* +PA-SvrReferralData ::= SEQUENCE { + referred-name [1] PrincipalName OPTIONAL, + referred-realm [0] Realm, +} +*/ + +typedef struct PA_SvrReferralData { + PrincipalName *referred_name; + Realm referred_realm; +} PA_SvrReferralData; + +ASN1EXP int ASN1CALL decode_PA_SvrReferralData(const unsigned char *, size_t, PA_SvrReferralData *, size_t *); +ASN1EXP int ASN1CALL encode_PA_SvrReferralData(unsigned char *, size_t, const PA_SvrReferralData *, size_t *); +ASN1EXP size_t ASN1CALL length_PA_SvrReferralData(const PA_SvrReferralData *); +ASN1EXP int ASN1CALL copy_PA_SvrReferralData (const PA_SvrReferralData *, PA_SvrReferralData *); +ASN1EXP void ASN1CALL free_PA_SvrReferralData (PA_SvrReferralData *); + + +/* +PA-SERVER-REFERRAL-DATA ::= EncryptedData +*/ + +typedef EncryptedData PA_SERVER_REFERRAL_DATA; + +ASN1EXP int ASN1CALL decode_PA_SERVER_REFERRAL_DATA(const unsigned char *, size_t, PA_SERVER_REFERRAL_DATA *, size_t *); +ASN1EXP int ASN1CALL encode_PA_SERVER_REFERRAL_DATA(unsigned char *, size_t, const PA_SERVER_REFERRAL_DATA *, size_t *); +ASN1EXP size_t ASN1CALL length_PA_SERVER_REFERRAL_DATA(const PA_SERVER_REFERRAL_DATA *); +ASN1EXP int ASN1CALL copy_PA_SERVER_REFERRAL_DATA (const PA_SERVER_REFERRAL_DATA *, PA_SERVER_REFERRAL_DATA *); +ASN1EXP void ASN1CALL free_PA_SERVER_REFERRAL_DATA (PA_SERVER_REFERRAL_DATA *); + + +/* +PA-ServerReferralData ::= SEQUENCE { + referred-realm [0] Realm OPTIONAL, + true-principal-name [1] PrincipalName OPTIONAL, + requested-principal-name [2] PrincipalName OPTIONAL, + referral-valid-until [3] KerberosTime OPTIONAL, + ..., +} +*/ + +typedef struct PA_ServerReferralData { + Realm *referred_realm; + PrincipalName *true_principal_name; + PrincipalName *requested_principal_name; + KerberosTime *referral_valid_until; +} PA_ServerReferralData; + +ASN1EXP int ASN1CALL decode_PA_ServerReferralData(const unsigned char *, size_t, PA_ServerReferralData *, size_t *); +ASN1EXP int ASN1CALL encode_PA_ServerReferralData(unsigned char *, size_t, const PA_ServerReferralData *, size_t *); +ASN1EXP size_t ASN1CALL length_PA_ServerReferralData(const PA_ServerReferralData *); +ASN1EXP int ASN1CALL copy_PA_ServerReferralData (const PA_ServerReferralData *, PA_ServerReferralData *); +ASN1EXP void ASN1CALL free_PA_ServerReferralData (PA_ServerReferralData *); + + +/* +FastOptions ::= BIT STRING { + reserved(0), + hide-client-names(1), + kdc-follow-referrals(16) +} +*/ + +typedef struct FastOptions { + unsigned int reserved:1; + unsigned int hide_client_names:1; + unsigned int _unused2:1; + unsigned int _unused3:1; + unsigned int _unused4:1; + unsigned int _unused5:1; + unsigned int _unused6:1; + unsigned int _unused7:1; + unsigned int _unused8:1; + unsigned int _unused9:1; + unsigned int _unused10:1; + unsigned int _unused11:1; + unsigned int _unused12:1; + unsigned int _unused13:1; + unsigned int _unused14:1; + unsigned int _unused15:1; + unsigned int kdc_follow_referrals:1; + unsigned int _unused17:1; + unsigned int _unused18:1; + unsigned int _unused19:1; + unsigned int _unused20:1; + unsigned int _unused21:1; + unsigned int _unused22:1; + unsigned int _unused23:1; + unsigned int _unused24:1; + unsigned int _unused25:1; + unsigned int _unused26:1; + unsigned int _unused27:1; + unsigned int _unused28:1; + unsigned int _unused29:1; + unsigned int _unused30:1; + unsigned int _unused31:1; +} FastOptions; + + +unsigned FastOptions2int(FastOptions); +FastOptions int2FastOptions(unsigned); +const struct units * asn1_FastOptions_units(void); +/* +KrbFastReq ::= SEQUENCE { + fast-options [0] FastOptions, + padata [1] METHOD-DATA, + req-body [2] KDC-REQ-BODY, + ..., +} +*/ + +typedef struct KrbFastReq { + FastOptions fast_options; + METHOD_DATA padata; + KDC_REQ_BODY req_body; +} KrbFastReq; + +ASN1EXP int ASN1CALL decode_KrbFastReq(const unsigned char *, size_t, KrbFastReq *, size_t *); +ASN1EXP int ASN1CALL encode_KrbFastReq(unsigned char *, size_t, const KrbFastReq *, size_t *); +ASN1EXP size_t ASN1CALL length_KrbFastReq(const KrbFastReq *); +ASN1EXP int ASN1CALL copy_KrbFastReq (const KrbFastReq *, KrbFastReq *); +ASN1EXP void ASN1CALL free_KrbFastReq (KrbFastReq *); + + +/* +KrbFastArmor ::= SEQUENCE { + armor-type [0] krb5int32, + armor-value [1] OCTET STRING, + ..., +} +*/ + +typedef struct KrbFastArmor { + krb5int32 armor_type; + heim_octet_string armor_value; +} KrbFastArmor; + +ASN1EXP int ASN1CALL decode_KrbFastArmor(const unsigned char *, size_t, KrbFastArmor *, size_t *); +ASN1EXP int ASN1CALL encode_KrbFastArmor(unsigned char *, size_t, const KrbFastArmor *, size_t *); +ASN1EXP size_t ASN1CALL length_KrbFastArmor(const KrbFastArmor *); +ASN1EXP int ASN1CALL copy_KrbFastArmor (const KrbFastArmor *, KrbFastArmor *); +ASN1EXP void ASN1CALL free_KrbFastArmor (KrbFastArmor *); + + +/* +KrbFastArmoredReq ::= SEQUENCE { + armor [0] KrbFastArmor OPTIONAL, + req-checksum [1] Checksum, + enc-fast-req [2] EncryptedData, +} +*/ + +typedef struct KrbFastArmoredReq { + KrbFastArmor *armor; + Checksum req_checksum; + EncryptedData enc_fast_req; +} KrbFastArmoredReq; + +ASN1EXP int ASN1CALL decode_KrbFastArmoredReq(const unsigned char *, size_t, KrbFastArmoredReq *, size_t *); +ASN1EXP int ASN1CALL encode_KrbFastArmoredReq(unsigned char *, size_t, const KrbFastArmoredReq *, size_t *); +ASN1EXP size_t ASN1CALL length_KrbFastArmoredReq(const KrbFastArmoredReq *); +ASN1EXP int ASN1CALL copy_KrbFastArmoredReq (const KrbFastArmoredReq *, KrbFastArmoredReq *); +ASN1EXP void ASN1CALL free_KrbFastArmoredReq (KrbFastArmoredReq *); + + +/* +PA-FX-FAST-REQUEST ::= CHOICE { + armored-data [0] KrbFastArmoredReq, + ..., +} +*/ + +typedef struct PA_FX_FAST_REQUEST { + enum PA_FX_FAST_REQUEST_enum { + choice_PA_FX_FAST_REQUEST_asn1_ellipsis = 0, + choice_PA_FX_FAST_REQUEST_armored_data + /* ... */ + } element; + union { + KrbFastArmoredReq armored_data; + heim_octet_string asn1_ellipsis; + } u; +} PA_FX_FAST_REQUEST; + +ASN1EXP int ASN1CALL decode_PA_FX_FAST_REQUEST(const unsigned char *, size_t, PA_FX_FAST_REQUEST *, size_t *); +ASN1EXP int ASN1CALL encode_PA_FX_FAST_REQUEST(unsigned char *, size_t, const PA_FX_FAST_REQUEST *, size_t *); +ASN1EXP size_t ASN1CALL length_PA_FX_FAST_REQUEST(const PA_FX_FAST_REQUEST *); +ASN1EXP int ASN1CALL copy_PA_FX_FAST_REQUEST (const PA_FX_FAST_REQUEST *, PA_FX_FAST_REQUEST *); +ASN1EXP void ASN1CALL free_PA_FX_FAST_REQUEST (PA_FX_FAST_REQUEST *); + + +/* +KrbFastFinished ::= SEQUENCE { + timestamp [0] KerberosTime, + usec [1] krb5int32, + crealm [2] Realm, + cname [3] PrincipalName, + ticket-checksum [4] Checksum, + ..., +} +*/ + +typedef struct KrbFastFinished { + KerberosTime timestamp; + krb5int32 usec; + Realm crealm; + PrincipalName cname; + Checksum ticket_checksum; +} KrbFastFinished; + +ASN1EXP int ASN1CALL decode_KrbFastFinished(const unsigned char *, size_t, KrbFastFinished *, size_t *); +ASN1EXP int ASN1CALL encode_KrbFastFinished(unsigned char *, size_t, const KrbFastFinished *, size_t *); +ASN1EXP size_t ASN1CALL length_KrbFastFinished(const KrbFastFinished *); +ASN1EXP int ASN1CALL copy_KrbFastFinished (const KrbFastFinished *, KrbFastFinished *); +ASN1EXP void ASN1CALL free_KrbFastFinished (KrbFastFinished *); + + +/* +KrbFastResponse ::= SEQUENCE { + padata [0] METHOD-DATA, + strengthen-key [1] EncryptionKey OPTIONAL, + finished [2] KrbFastFinished OPTIONAL, + nonce [3] krb5uint32, + ..., +} +*/ + +typedef struct KrbFastResponse { + METHOD_DATA padata; + EncryptionKey *strengthen_key; + KrbFastFinished *finished; + krb5uint32 nonce; +} KrbFastResponse; + +ASN1EXP int ASN1CALL decode_KrbFastResponse(const unsigned char *, size_t, KrbFastResponse *, size_t *); +ASN1EXP int ASN1CALL encode_KrbFastResponse(unsigned char *, size_t, const KrbFastResponse *, size_t *); +ASN1EXP size_t ASN1CALL length_KrbFastResponse(const KrbFastResponse *); +ASN1EXP int ASN1CALL copy_KrbFastResponse (const KrbFastResponse *, KrbFastResponse *); +ASN1EXP void ASN1CALL free_KrbFastResponse (KrbFastResponse *); + + +/* +KrbFastArmoredRep ::= SEQUENCE { + enc-fast-rep [0] EncryptedData, + ..., +} +*/ + +typedef struct KrbFastArmoredRep { + EncryptedData enc_fast_rep; +} KrbFastArmoredRep; + +/* +PA-FX-FAST-REPLY ::= CHOICE { + armored-data [0] KrbFastArmoredRep, + ..., +} +*/ + +typedef struct PA_FX_FAST_REPLY { + enum PA_FX_FAST_REPLY_enum { + choice_PA_FX_FAST_REPLY_asn1_ellipsis = 0, + choice_PA_FX_FAST_REPLY_armored_data + /* ... */ + } element; + union { + KrbFastArmoredRep armored_data; + heim_octet_string asn1_ellipsis; + } u; +} PA_FX_FAST_REPLY; + +ASN1EXP int ASN1CALL decode_PA_FX_FAST_REPLY(const unsigned char *, size_t, PA_FX_FAST_REPLY *, size_t *); +ASN1EXP int ASN1CALL encode_PA_FX_FAST_REPLY(unsigned char *, size_t, const PA_FX_FAST_REPLY *, size_t *); +ASN1EXP size_t ASN1CALL length_PA_FX_FAST_REPLY(const PA_FX_FAST_REPLY *); +ASN1EXP int ASN1CALL copy_PA_FX_FAST_REPLY (const PA_FX_FAST_REPLY *, PA_FX_FAST_REPLY *); +ASN1EXP void ASN1CALL free_PA_FX_FAST_REPLY (PA_FX_FAST_REPLY *); + + +/* +KDCFastFlags ::= BIT STRING { + use_reply_key(0), + reply_key_used(1), + reply_key_replaced(2), + kdc_verfied(3) +} +*/ + +typedef struct KDCFastFlags { + unsigned int use_reply_key:1; + unsigned int reply_key_used:1; + unsigned int reply_key_replaced:1; + unsigned int kdc_verfied:1; + unsigned int _unused4:1; + unsigned int _unused5:1; + unsigned int _unused6:1; + unsigned int _unused7:1; + unsigned int _unused8:1; + unsigned int _unused9:1; + unsigned int _unused10:1; + unsigned int _unused11:1; + unsigned int _unused12:1; + unsigned int _unused13:1; + unsigned int _unused14:1; + unsigned int _unused15:1; + unsigned int _unused16:1; + unsigned int _unused17:1; + unsigned int _unused18:1; + unsigned int _unused19:1; + unsigned int _unused20:1; + unsigned int _unused21:1; + unsigned int _unused22:1; + unsigned int _unused23:1; + unsigned int _unused24:1; + unsigned int _unused25:1; + unsigned int _unused26:1; + unsigned int _unused27:1; + unsigned int _unused28:1; + unsigned int _unused29:1; + unsigned int _unused30:1; + unsigned int _unused31:1; +} KDCFastFlags; + + +unsigned KDCFastFlags2int(KDCFastFlags); +KDCFastFlags int2KDCFastFlags(unsigned); +const struct units * asn1_KDCFastFlags_units(void); +/* +KDCFastState ::= SEQUENCE { + flags [0] KDCFastFlags, + expiration [1] GeneralizedTime, + fast-state [2] METHOD-DATA, + expected-pa-types [3] SEQUENCE OF PADATA-TYPE OPTIONAL, +} +*/ + +typedef struct KDCFastState { + KDCFastFlags flags; + time_t expiration; + METHOD_DATA fast_state; + struct KDCFastState_expected_pa_types { + unsigned int len; + PADATA_TYPE *val; + } *expected_pa_types; +} KDCFastState; + +ASN1EXP int ASN1CALL decode_KDCFastState(const unsigned char *, size_t, KDCFastState *, size_t *); +ASN1EXP int ASN1CALL encode_KDCFastState(unsigned char *, size_t, const KDCFastState *, size_t *); +ASN1EXP size_t ASN1CALL length_KDCFastState(const KDCFastState *); +ASN1EXP int ASN1CALL copy_KDCFastState (const KDCFastState *, KDCFastState *); +ASN1EXP void ASN1CALL free_KDCFastState (KDCFastState *); + + +/* +KDCFastCookie ::= SEQUENCE { + version [0] UTF8String, + cookie [1] EncryptedData, +} +*/ + +typedef struct KDCFastCookie { + heim_utf8_string version; + EncryptedData cookie; +} KDCFastCookie; + +ASN1EXP int ASN1CALL decode_KDCFastCookie(const unsigned char *, size_t, KDCFastCookie *, size_t *); +ASN1EXP int ASN1CALL encode_KDCFastCookie(unsigned char *, size_t, const KDCFastCookie *, size_t *); +ASN1EXP size_t ASN1CALL length_KDCFastCookie(const KDCFastCookie *); +ASN1EXP int ASN1CALL copy_KDCFastCookie (const KDCFastCookie *, KDCFastCookie *); +ASN1EXP void ASN1CALL free_KDCFastCookie (KDCFastCookie *); + + +/* +KDC-PROXY-MESSAGE ::= SEQUENCE { + kerb-message [0] OCTET STRING, + target-domain [1] Realm OPTIONAL, + dclocator-hint [2] INTEGER OPTIONAL, +} +*/ + +typedef struct KDC_PROXY_MESSAGE { + heim_octet_string kerb_message; + Realm *target_domain; + heim_integer *dclocator_hint; +} KDC_PROXY_MESSAGE; + +ASN1EXP int ASN1CALL decode_KDC_PROXY_MESSAGE(const unsigned char *, size_t, KDC_PROXY_MESSAGE *, size_t *); +ASN1EXP int ASN1CALL encode_KDC_PROXY_MESSAGE(unsigned char *, size_t, const KDC_PROXY_MESSAGE *, size_t *); +ASN1EXP size_t ASN1CALL length_KDC_PROXY_MESSAGE(const KDC_PROXY_MESSAGE *); +ASN1EXP int ASN1CALL copy_KDC_PROXY_MESSAGE (const KDC_PROXY_MESSAGE *, KDC_PROXY_MESSAGE *); +ASN1EXP void ASN1CALL free_KDC_PROXY_MESSAGE (KDC_PROXY_MESSAGE *); + + +/* +KERB-TIMES ::= SEQUENCE { + authtime [0] KerberosTime, + starttime [1] KerberosTime, + endtime [2] KerberosTime, + renew_till [3] KerberosTime, +} +*/ + +typedef struct KERB_TIMES { + KerberosTime authtime; + KerberosTime starttime; + KerberosTime endtime; + KerberosTime renew_till; +} KERB_TIMES; + +ASN1EXP int ASN1CALL decode_KERB_TIMES(const unsigned char *, size_t, KERB_TIMES *, size_t *); +ASN1EXP int ASN1CALL encode_KERB_TIMES(unsigned char *, size_t, const KERB_TIMES *, size_t *); +ASN1EXP size_t ASN1CALL length_KERB_TIMES(const KERB_TIMES *); +ASN1EXP int ASN1CALL copy_KERB_TIMES (const KERB_TIMES *, KERB_TIMES *); +ASN1EXP void ASN1CALL free_KERB_TIMES (KERB_TIMES *); + + +/* +KERB-CRED ::= SEQUENCE { + client [0] Principal, + server [1] Principal, + keyblock [2] EncryptionKey, + times [3] KERB-TIMES, + ticket [4] OCTET STRING, + authdata [5] OCTET STRING, + addresses [6] HostAddresses, + flags [7] TicketFlags, +} +*/ + +typedef struct KERB_CRED { + Principal client; + Principal server; + EncryptionKey keyblock; + KERB_TIMES times; + heim_octet_string ticket; + heim_octet_string authdata; + HostAddresses addresses; + TicketFlags flags; +} KERB_CRED; + +ASN1EXP int ASN1CALL decode_KERB_CRED(const unsigned char *, size_t, KERB_CRED *, size_t *); +ASN1EXP int ASN1CALL encode_KERB_CRED(unsigned char *, size_t, const KERB_CRED *, size_t *); +ASN1EXP size_t ASN1CALL length_KERB_CRED(const KERB_CRED *); +ASN1EXP int ASN1CALL copy_KERB_CRED (const KERB_CRED *, KERB_CRED *); +ASN1EXP void ASN1CALL free_KERB_CRED (KERB_CRED *); + + +/* +KERB-TGS-REQ-IN ::= SEQUENCE { + cache [0] OCTET STRING, + addrs [1] HostAddresses, + flags [2] krb5uint32, + imp [3] Principal OPTIONAL, + ticket [4] OCTET STRING OPTIONAL, + in_cred [5] KERB-CRED, + krbtgt [6] KERB-CRED, + padata [7] METHOD-DATA, +} +*/ + +typedef struct KERB_TGS_REQ_IN { + heim_octet_string cache; + HostAddresses addrs; + krb5uint32 flags; + Principal *imp; + heim_octet_string *ticket; + KERB_CRED in_cred; + KERB_CRED krbtgt; + METHOD_DATA padata; +} KERB_TGS_REQ_IN; + +ASN1EXP int ASN1CALL decode_KERB_TGS_REQ_IN(const unsigned char *, size_t, KERB_TGS_REQ_IN *, size_t *); +ASN1EXP int ASN1CALL encode_KERB_TGS_REQ_IN(unsigned char *, size_t, const KERB_TGS_REQ_IN *, size_t *); +ASN1EXP size_t ASN1CALL length_KERB_TGS_REQ_IN(const KERB_TGS_REQ_IN *); +ASN1EXP int ASN1CALL copy_KERB_TGS_REQ_IN (const KERB_TGS_REQ_IN *, KERB_TGS_REQ_IN *); +ASN1EXP void ASN1CALL free_KERB_TGS_REQ_IN (KERB_TGS_REQ_IN *); + + +/* +KERB-TGS-REQ-OUT ::= SEQUENCE { + subkey [0] EncryptionKey OPTIONAL, + t [1] TGS-REQ, +} +*/ + +typedef struct KERB_TGS_REQ_OUT { + EncryptionKey *subkey; + TGS_REQ t; +} KERB_TGS_REQ_OUT; + +ASN1EXP int ASN1CALL decode_KERB_TGS_REQ_OUT(const unsigned char *, size_t, KERB_TGS_REQ_OUT *, size_t *); +ASN1EXP int ASN1CALL encode_KERB_TGS_REQ_OUT(unsigned char *, size_t, const KERB_TGS_REQ_OUT *, size_t *); +ASN1EXP size_t ASN1CALL length_KERB_TGS_REQ_OUT(const KERB_TGS_REQ_OUT *); +ASN1EXP int ASN1CALL copy_KERB_TGS_REQ_OUT (const KERB_TGS_REQ_OUT *, KERB_TGS_REQ_OUT *); +ASN1EXP void ASN1CALL free_KERB_TGS_REQ_OUT (KERB_TGS_REQ_OUT *); + + +/* +KERB-TGS-REP-IN ::= SEQUENCE { + cache [0] OCTET STRING, + subkey [1] EncryptionKey OPTIONAL, + in_cred [2] KERB-CRED, + t [3] TGS-REP, +} +*/ + +typedef struct KERB_TGS_REP_IN { + heim_octet_string cache; + EncryptionKey *subkey; + KERB_CRED in_cred; + TGS_REP t; +} KERB_TGS_REP_IN; + +/* +KERB-TGS-REP-OUT ::= SEQUENCE { + cache [0] OCTET STRING, + cred [1] KERB-CRED, + subkey [2] EncryptionKey, +} +*/ + +typedef struct KERB_TGS_REP_OUT { + heim_octet_string cache; + KERB_CRED cred; + EncryptionKey subkey; +} KERB_TGS_REP_OUT; + +/* +KERB-ARMOR-SERVICE-REPLY ::= SEQUENCE { + armor [0] KrbFastArmor, + armor-key [1] EncryptionKey, +} +*/ + +typedef struct KERB_ARMOR_SERVICE_REPLY { + KrbFastArmor armor; + EncryptionKey armor_key; +} KERB_ARMOR_SERVICE_REPLY; + +ASN1EXP int ASN1CALL decode_KERB_ARMOR_SERVICE_REPLY(const unsigned char *, size_t, KERB_ARMOR_SERVICE_REPLY *, size_t *); +ASN1EXP int ASN1CALL encode_KERB_ARMOR_SERVICE_REPLY(unsigned char *, size_t, const KERB_ARMOR_SERVICE_REPLY *, size_t *); +ASN1EXP size_t ASN1CALL length_KERB_ARMOR_SERVICE_REPLY(const KERB_ARMOR_SERVICE_REPLY *); +ASN1EXP int ASN1CALL copy_KERB_ARMOR_SERVICE_REPLY (const KERB_ARMOR_SERVICE_REPLY *, KERB_ARMOR_SERVICE_REPLY *); +ASN1EXP void ASN1CALL free_KERB_ARMOR_SERVICE_REPLY (KERB_ARMOR_SERVICE_REPLY *); + + +#endif /* __krb5_asn1_h__ */ diff --git a/kerberos5/include/krb5_ccapi.h b/kerberos5/include/krb5_ccapi.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/krb5_ccapi.h @@ -0,0 +1,239 @@ +/* + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef KRB5_CCAPI_H +#define KRB5_CCAPI_H 1 + +#include + +#ifdef __APPLE__ +#pragma pack(push,2) +#endif + +enum { + cc_credentials_v5 = 2 +}; + +enum { + ccapi_version_3 = 3, + ccapi_version_4 = 4 +}; + +enum { + ccNoError = 0, + + ccIteratorEnd = 201, + ccErrBadParam, + ccErrNoMem, + ccErrInvalidContext, + ccErrInvalidCCache, + + ccErrInvalidString, /* 206 */ + ccErrInvalidCredentials, + ccErrInvalidCCacheIterator, + ccErrInvalidCredentialsIterator, + ccErrInvalidLock, + + ccErrBadName, /* 211 */ + ccErrBadCredentialsVersion, + ccErrBadAPIVersion, + ccErrContextLocked, + ccErrContextUnlocked, + + ccErrCCacheLocked, /* 216 */ + ccErrCCacheUnlocked, + ccErrBadLockType, + ccErrNeverDefault, + ccErrCredentialsNotFound, + + ccErrCCacheNotFound, /* 221 */ + ccErrContextNotFound, + ccErrServerUnavailable, + ccErrServerInsecure, + ccErrServerCantBecomeUID, + + ccErrTimeOffsetNotSet /* 226 */ +}; + +typedef int32_t cc_int32; +typedef uint32_t cc_uint32; +typedef struct cc_context_t *cc_context_t; +typedef struct cc_ccache_t *cc_ccache_t; +typedef struct cc_ccache_iterator_t *cc_ccache_iterator_t; +typedef struct cc_credentials_v5_t cc_credentials_v5_t; +typedef struct cc_credentials_t *cc_credentials_t; +typedef struct cc_credentials_iterator_t *cc_credentials_iterator_t; +typedef struct cc_string_t *cc_string_t; +typedef cc_uint32 cc_time_t; + +typedef struct cc_data { + cc_uint32 type; + cc_uint32 length; + void *data; +} cc_data; + +struct cc_credentials_v5_t { + char *client; + char *server; + cc_data keyblock; + cc_time_t authtime; + cc_time_t starttime; + cc_time_t endtime; + cc_time_t renew_till; + cc_uint32 is_skey; + cc_uint32 ticket_flags; +#define KRB5_CCAPI_TKT_FLG_FORWARDABLE 0x40000000 +#define KRB5_CCAPI_TKT_FLG_FORWARDED 0x20000000 +#define KRB5_CCAPI_TKT_FLG_PROXIABLE 0x10000000 +#define KRB5_CCAPI_TKT_FLG_PROXY 0x08000000 +#define KRB5_CCAPI_TKT_FLG_MAY_POSTDATE 0x04000000 +#define KRB5_CCAPI_TKT_FLG_POSTDATED 0x02000000 +#define KRB5_CCAPI_TKT_FLG_INVALID 0x01000000 +#define KRB5_CCAPI_TKT_FLG_RENEWABLE 0x00800000 +#define KRB5_CCAPI_TKT_FLG_INITIAL 0x00400000 +#define KRB5_CCAPI_TKT_FLG_PRE_AUTH 0x00200000 +#define KRB5_CCAPI_TKT_FLG_HW_AUTH 0x00100000 +#define KRB5_CCAPI_TKT_FLG_TRANSIT_POLICY_CHECKED 0x00080000 +#define KRB5_CCAPI_TKT_FLG_OK_AS_DELEGATE 0x00040000 +#define KRB5_CCAPI_TKT_FLG_ANONYMOUS 0x00020000 + cc_data **addresses; + cc_data ticket; + cc_data second_ticket; + cc_data **authdata; +}; + + +typedef struct cc_string_functions { + cc_int32 (*release)(cc_string_t); +} cc_string_functions; + +struct cc_string_t { + const char *data; + const cc_string_functions *func; +}; + +typedef struct cc_credentials_union { + cc_int32 version; + union { + cc_credentials_v5_t* credentials_v5; + } credentials; +} cc_credentials_union; + +struct cc_credentials_functions { + cc_int32 (*release)(cc_credentials_t); + cc_int32 (*compare)(cc_credentials_t, cc_credentials_t, cc_uint32*); +}; + +struct cc_credentials_t { + const cc_credentials_union* data; + const struct cc_credentials_functions* func; +}; + +struct cc_credentials_iterator_functions { + cc_int32 (*release)(cc_credentials_iterator_t); + cc_int32 (*next)(cc_credentials_iterator_t, cc_credentials_t*); +}; + +struct cc_credentials_iterator_t { + const struct cc_credentials_iterator_functions *func; +}; + +struct cc_ccache_iterator_functions { + cc_int32 (*release) (cc_ccache_iterator_t); + cc_int32 (*next)(cc_ccache_iterator_t, cc_ccache_t*); +}; + +struct cc_ccache_iterator_t { + const struct cc_ccache_iterator_functions* func; +}; + +typedef struct cc_ccache_functions { + cc_int32 (*release)(cc_ccache_t); + cc_int32 (*destroy)(cc_ccache_t); + cc_int32 (*set_default)(cc_ccache_t); + cc_int32 (*get_credentials_version)(cc_ccache_t, cc_uint32*); + cc_int32 (*get_name)(cc_ccache_t, cc_string_t*); + cc_int32 (*get_principal)(cc_ccache_t, cc_uint32, cc_string_t*); + cc_int32 (*set_principal)(cc_ccache_t, cc_uint32, const char*); + cc_int32 (*store_credentials)(cc_ccache_t, const cc_credentials_union*); + cc_int32 (*remove_credentials)(cc_ccache_t, cc_credentials_t); + cc_int32 (*new_credentials_iterator)(cc_ccache_t, + cc_credentials_iterator_t*); + cc_int32 (*move)(cc_ccache_t, cc_ccache_t); + cc_int32 (*lock)(cc_ccache_t, cc_uint32, cc_uint32); + cc_int32 (*unlock)(cc_ccache_t); + cc_int32 (*get_last_default_time)(cc_ccache_t, cc_time_t*); + cc_int32 (*get_change_time)(cc_ccache_t, cc_time_t*); + cc_int32 (*compare)(cc_ccache_t, cc_ccache_t, cc_uint32*); + cc_int32 (*get_kdc_time_offset)(cc_ccache_t, cc_int32, cc_time_t *); + cc_int32 (*set_kdc_time_offset)(cc_ccache_t, cc_int32, cc_time_t); + cc_int32 (*clear_kdc_time_offset)(cc_ccache_t, cc_int32); +} cc_ccache_functions; + +struct cc_ccache_t { + const cc_ccache_functions *func; +}; + +struct cc_context_functions { + cc_int32 (*release)(cc_context_t); + cc_int32 (*get_change_time)(cc_context_t, cc_time_t *); + cc_int32 (*get_default_ccache_name)(cc_context_t, cc_string_t*); + cc_int32 (*open_ccache)(cc_context_t, const char*, cc_ccache_t *); + cc_int32 (*open_default_ccache)(cc_context_t, cc_ccache_t*); + cc_int32 (*create_ccache)(cc_context_t,const char*, cc_uint32, + const char*, cc_ccache_t*); + cc_int32 (*create_default_ccache)(cc_context_t, cc_uint32, + const char*, cc_ccache_t*); + cc_int32 (*create_new_ccache)(cc_context_t, cc_uint32, + const char*, cc_ccache_t*); + cc_int32 (*new_ccache_iterator)(cc_context_t, cc_ccache_iterator_t*); + cc_int32 (*lock)(cc_context_t, cc_uint32, cc_uint32); + cc_int32 (*unlock)(cc_context_t); + cc_int32 (*compare)(cc_context_t, cc_context_t, cc_uint32*); +}; + +struct cc_context_t { + const struct cc_context_functions* func; +}; + +typedef cc_int32 +(*cc_initialize_func)(cc_context_t*, cc_int32, cc_int32 *, char const **); + +#if defined(__APPLE__) +#pragma pack(pop) +#endif + + +#endif /* KRB5_CCAPI_H */ diff --git a/kerberos5/include/krb5_err.h b/kerberos5/include/krb5_err.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/krb5_err.h @@ -0,0 +1,203 @@ +/* Generated from krb5_err.et */ +/* $Id$ */ + +#ifndef __krb5_err_h__ +#define __krb5_err_h__ + +struct et_list; + +void initialize_krb5_error_table_r(struct et_list **); + +void initialize_krb5_error_table(void); +#define init_krb5_err_tbl initialize_krb5_error_table + +typedef enum krb5_error_number{ + KRB5KDC_ERR_NONE = -1765328384, + KRB5KDC_ERR_NAME_EXP = -1765328383, + KRB5KDC_ERR_SERVICE_EXP = -1765328382, + KRB5KDC_ERR_BAD_PVNO = -1765328381, + KRB5KDC_ERR_C_OLD_MAST_KVNO = -1765328380, + KRB5KDC_ERR_S_OLD_MAST_KVNO = -1765328379, + KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN = -1765328378, + KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN = -1765328377, + KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE = -1765328376, + KRB5KDC_ERR_NULL_KEY = -1765328375, + KRB5KDC_ERR_CANNOT_POSTDATE = -1765328374, + KRB5KDC_ERR_NEVER_VALID = -1765328373, + KRB5KDC_ERR_POLICY = -1765328372, + KRB5KDC_ERR_BADOPTION = -1765328371, + KRB5KDC_ERR_ETYPE_NOSUPP = -1765328370, + KRB5KDC_ERR_SUMTYPE_NOSUPP = -1765328369, + KRB5KDC_ERR_PADATA_TYPE_NOSUPP = -1765328368, + KRB5KDC_ERR_TRTYPE_NOSUPP = -1765328367, + KRB5KDC_ERR_CLIENT_REVOKED = -1765328366, + KRB5KDC_ERR_SERVICE_REVOKED = -1765328365, + KRB5KDC_ERR_TGT_REVOKED = -1765328364, + KRB5KDC_ERR_CLIENT_NOTYET = -1765328363, + KRB5KDC_ERR_SERVICE_NOTYET = -1765328362, + KRB5KDC_ERR_KEY_EXPIRED = -1765328361, + KRB5KDC_ERR_PREAUTH_FAILED = -1765328360, + KRB5KDC_ERR_PREAUTH_REQUIRED = -1765328359, + KRB5KDC_ERR_SERVER_NOMATCH = -1765328358, + KRB5KDC_ERR_KDC_ERR_MUST_USE_USER2USER = -1765328357, + KRB5KDC_ERR_PATH_NOT_ACCEPTED = -1765328356, + KRB5KDC_ERR_SVC_UNAVAILABLE = -1765328355, + KRB5KRB_AP_ERR_BAD_INTEGRITY = -1765328353, + KRB5KRB_AP_ERR_TKT_EXPIRED = -1765328352, + KRB5KRB_AP_ERR_TKT_NYV = -1765328351, + KRB5KRB_AP_ERR_REPEAT = -1765328350, + KRB5KRB_AP_ERR_NOT_US = -1765328349, + KRB5KRB_AP_ERR_BADMATCH = -1765328348, + KRB5KRB_AP_ERR_SKEW = -1765328347, + KRB5KRB_AP_ERR_BADADDR = -1765328346, + KRB5KRB_AP_ERR_BADVERSION = -1765328345, + KRB5KRB_AP_ERR_MSG_TYPE = -1765328344, + KRB5KRB_AP_ERR_MODIFIED = -1765328343, + KRB5KRB_AP_ERR_BADORDER = -1765328342, + KRB5KRB_AP_ERR_ILL_CR_TKT = -1765328341, + KRB5KRB_AP_ERR_BADKEYVER = -1765328340, + KRB5KRB_AP_ERR_NOKEY = -1765328339, + KRB5KRB_AP_ERR_MUT_FAIL = -1765328338, + KRB5KRB_AP_ERR_BADDIRECTION = -1765328337, + KRB5KRB_AP_ERR_METHOD = -1765328336, + KRB5KRB_AP_ERR_BADSEQ = -1765328335, + KRB5KRB_AP_ERR_INAPP_CKSUM = -1765328334, + KRB5KRB_AP_PATH_NOT_ACCEPTED = -1765328333, + KRB5KRB_ERR_RESPONSE_TOO_BIG = -1765328332, + KRB5KRB_ERR_GENERIC = -1765328324, + KRB5KRB_ERR_FIELD_TOOLONG = -1765328323, + KRB5_KDC_ERR_CLIENT_NOT_TRUSTED = -1765328322, + KRB5_KDC_ERR_KDC_NOT_TRUSTED = -1765328321, + KRB5_KDC_ERR_INVALID_SIG = -1765328320, + KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED = -1765328319, + KRB5_KDC_ERR_WRONG_REALM = -1765328316, + KRB5_AP_ERR_USER_TO_USER_REQUIRED = -1765328315, + KRB5_KDC_ERR_CANT_VERIFY_CERTIFICATE = -1765328314, + KRB5_KDC_ERR_INVALID_CERTIFICATE = -1765328313, + KRB5_KDC_ERR_REVOKED_CERTIFICATE = -1765328312, + KRB5_KDC_ERR_REVOCATION_STATUS_UNKNOWN = -1765328311, + KRB5_KDC_ERR_REVOCATION_STATUS_UNAVAILABLE = -1765328310, + KRB5_KDC_ERR_CLIENT_NAME_MISMATCH = -1765328309, + KRB5_KDC_ERR_INCONSISTENT_KEY_PURPOSE = -1765328308, + KRB5_KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED = -1765328307, + KRB5_KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED = -1765328306, + KRB5_KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED = -1765328305, + KRB5_KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED = -1765328304, + KRB5_KDC_ERR_INVALID_HASH_ALG = -1765328290, + KRB5_KDC_ERR_INVALID_ITERATION_COUNT = -1765328289, + KRB5_KDC_ERR_NO_ACCEPTABLE_KDF = -1765328284, + KRB5_ERR_RCSID = -1765328256, + KRB5_LIBOS_BADLOCKFLAG = -1765328255, + KRB5_LIBOS_CANTREADPWD = -1765328254, + KRB5_LIBOS_BADPWDMATCH = -1765328253, + KRB5_LIBOS_PWDINTR = -1765328252, + KRB5_PARSE_ILLCHAR = -1765328251, + KRB5_PARSE_MALFORMED = -1765328250, + KRB5_CONFIG_CANTOPEN = -1765328249, + KRB5_CONFIG_BADFORMAT = -1765328248, + KRB5_CONFIG_NOTENUFSPACE = -1765328247, + KRB5_BADMSGTYPE = -1765328246, + KRB5_CC_BADNAME = -1765328245, + KRB5_CC_UNKNOWN_TYPE = -1765328244, + KRB5_CC_NOTFOUND = -1765328243, + KRB5_CC_END = -1765328242, + KRB5_NO_TKT_SUPPLIED = -1765328241, + KRB5KRB_AP_WRONG_PRINC = -1765328240, + KRB5KRB_AP_ERR_TKT_INVALID = -1765328239, + KRB5_PRINC_NOMATCH = -1765328238, + KRB5_KDCREP_MODIFIED = -1765328237, + KRB5_KDCREP_SKEW = -1765328236, + KRB5_IN_TKT_REALM_MISMATCH = -1765328235, + KRB5_PROG_ETYPE_NOSUPP = -1765328234, + KRB5_PROG_KEYTYPE_NOSUPP = -1765328233, + KRB5_WRONG_ETYPE = -1765328232, + KRB5_PROG_SUMTYPE_NOSUPP = -1765328231, + KRB5_REALM_UNKNOWN = -1765328230, + KRB5_SERVICE_UNKNOWN = -1765328229, + KRB5_KDC_UNREACH = -1765328228, + KRB5_NO_LOCALNAME = -1765328227, + KRB5_MUTUAL_FAILED = -1765328226, + KRB5_RC_TYPE_EXISTS = -1765328225, + KRB5_RC_MALLOC = -1765328224, + KRB5_RC_TYPE_NOTFOUND = -1765328223, + KRB5_RC_UNKNOWN = -1765328222, + KRB5_RC_REPLAY = -1765328221, + KRB5_RC_IO = -1765328220, + KRB5_RC_NOIO = -1765328219, + KRB5_RC_PARSE = -1765328218, + KRB5_RC_IO_EOF = -1765328217, + KRB5_RC_IO_MALLOC = -1765328216, + KRB5_RC_IO_PERM = -1765328215, + KRB5_RC_IO_IO = -1765328214, + KRB5_RC_IO_UNKNOWN = -1765328213, + KRB5_RC_IO_SPACE = -1765328212, + KRB5_TRANS_CANTOPEN = -1765328211, + KRB5_TRANS_BADFORMAT = -1765328210, + KRB5_LNAME_CANTOPEN = -1765328209, + KRB5_LNAME_NOTRANS = -1765328208, + KRB5_LNAME_BADFORMAT = -1765328207, + KRB5_CRYPTO_INTERNAL = -1765328206, + KRB5_KT_BADNAME = -1765328205, + KRB5_KT_UNKNOWN_TYPE = -1765328204, + KRB5_KT_NOTFOUND = -1765328203, + KRB5_KT_END = -1765328202, + KRB5_KT_NOWRITE = -1765328201, + KRB5_KT_IOERR = -1765328200, + KRB5_NO_TKT_IN_RLM = -1765328199, + KRB5DES_BAD_KEYPAR = -1765328198, + KRB5DES_WEAK_KEY = -1765328197, + KRB5_BAD_ENCTYPE = -1765328196, + KRB5_BAD_KEYSIZE = -1765328195, + KRB5_BAD_MSIZE = -1765328194, + KRB5_CC_TYPE_EXISTS = -1765328193, + KRB5_KT_TYPE_EXISTS = -1765328192, + KRB5_CC_IO = -1765328191, + KRB5_FCC_PERM = -1765328190, + KRB5_FCC_NOFILE = -1765328189, + KRB5_FCC_INTERNAL = -1765328188, + KRB5_CC_WRITE = -1765328187, + KRB5_CC_NOMEM = -1765328186, + KRB5_CC_FORMAT = -1765328185, + KRB5_CC_NOT_KTYPE = -1765328184, + KRB5_INVALID_FLAGS = -1765328183, + KRB5_NO_2ND_TKT = -1765328182, + KRB5_NOCREDS_SUPPLIED = -1765328181, + KRB5_SENDAUTH_BADAUTHVERS = -1765328180, + KRB5_SENDAUTH_BADAPPLVERS = -1765328179, + KRB5_SENDAUTH_BADRESPONSE = -1765328178, + KRB5_SENDAUTH_REJECTED = -1765328177, + KRB5_PREAUTH_BAD_TYPE = -1765328176, + KRB5_PREAUTH_NO_KEY = -1765328175, + KRB5_PREAUTH_FAILED = -1765328174, + KRB5_RCACHE_BADVNO = -1765328173, + KRB5_CCACHE_BADVNO = -1765328172, + KRB5_KEYTAB_BADVNO = -1765328171, + KRB5_PROG_ATYPE_NOSUPP = -1765328170, + KRB5_RC_REQUIRED = -1765328169, + KRB5_ERR_BAD_HOSTNAME = -1765328168, + KRB5_ERR_HOST_REALM_UNKNOWN = -1765328167, + KRB5_SNAME_UNSUPP_NAMETYPE = -1765328166, + KRB5KRB_AP_ERR_V4_REPLY = -1765328165, + KRB5_REALM_CANT_RESOLVE = -1765328164, + KRB5_TKT_NOT_FORWARDABLE = -1765328163, + KRB5_FWD_BAD_PRINCIPAL = -1765328162, + KRB5_GET_IN_TKT_LOOP = -1765328161, + KRB5_CONFIG_NODEFREALM = -1765328160, + KRB5_SAM_UNSUPPORTED = -1765328159, + KRB5_SAM_INVALID_ETYPE = -1765328158, + KRB5_SAM_NO_CHECKSUM = -1765328157, + KRB5_SAM_BAD_CHECKSUM = -1765328156, + KRB5_OBSOLETE_FN = -1765328146, + KRB5_ERR_BAD_S2K_PARAMS = -1765328139, + KRB5_ERR_NO_SERVICE = -1765328138, + KRB5_CC_NOSUPP = -1765328137, + KRB5_DELTAT_BADFORMAT = -1765328136, + KRB5_PLUGIN_NO_HANDLE = -1765328135, + KRB5_PLUGIN_OP_NOTSUPP = -1765328134 +} krb5_error_number; + +#define ERROR_TABLE_BASE_krb5 -1765328384 + +#define COM_ERR_BINDDOMAIN_krb5 "heim_com_err-1765328384" + +#endif /* __krb5_err_h__ */ diff --git a/kerberos5/include/krb_err.h b/kerberos5/include/krb_err.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/krb_err.h @@ -0,0 +1,67 @@ +/* Generated from krb_err.et */ +/* $Id: krb_err.et,v 1.7 1998/03/29 14:19:52 bg Exp $ */ + +#ifndef __krb_err_h__ +#define __krb_err_h__ + +struct et_list; + +void initialize_krb_error_table_r(struct et_list **); + +void initialize_krb_error_table(void); +#define init_krb_err_tbl initialize_krb_error_table + +typedef enum krb_error_number{ + KRB4ET_KSUCCESS = 39525376, + KRB4ET_KDC_NAME_EXP = 39525377, + KRB4ET_KDC_SERVICE_EXP = 39525378, + KRB4ET_KDC_AUTH_EXP = 39525379, + KRB4ET_KDC_PKT_VER = 39525380, + KRB4ET_KDC_P_MKEY_VER = 39525381, + KRB4ET_KDC_S_MKEY_VER = 39525382, + KRB4ET_KDC_BYTE_ORDER = 39525383, + KRB4ET_KDC_PR_UNKNOWN = 39525384, + KRB4ET_KDC_PR_N_UNIQUE = 39525385, + KRB4ET_KDC_NULL_KEY = 39525386, + KRB4ET_KDC_GEN_ERR = 39525396, + KRB4ET_GC_TKFIL = 39525397, + KRB4ET_GC_NOTKT = 39525398, + KRB4ET_MK_AP_TGTEXP = 39525402, + KRB4ET_RD_AP_UNDEC = 39525407, + KRB4ET_RD_AP_EXP = 39525408, + KRB4ET_RD_AP_NYV = 39525409, + KRB4ET_RD_AP_REPEAT = 39525410, + KRB4ET_RD_AP_NOT_US = 39525411, + KRB4ET_RD_AP_INCON = 39525412, + KRB4ET_RD_AP_TIME = 39525413, + KRB4ET_RD_AP_BADD = 39525414, + KRB4ET_RD_AP_VERSION = 39525415, + KRB4ET_RD_AP_MSG_TYPE = 39525416, + KRB4ET_RD_AP_MODIFIED = 39525417, + KRB4ET_RD_AP_ORDER = 39525418, + KRB4ET_RD_AP_UNAUTHOR = 39525419, + KRB4ET_GT_PW_NULL = 39525427, + KRB4ET_GT_PW_BADPW = 39525428, + KRB4ET_GT_PW_PROT = 39525429, + KRB4ET_GT_PW_KDCERR = 39525430, + KRB4ET_GT_PW_NULLTKT = 39525431, + KRB4ET_SKDC_RETRY = 39525432, + KRB4ET_SKDC_CANT = 39525433, + KRB4ET_INTK_W_NOTALL = 39525437, + KRB4ET_INTK_BADPW = 39525438, + KRB4ET_INTK_PROT = 39525439, + KRB4ET_INTK_ERR = 39525446, + KRB4ET_AD_NOTGT = 39525447, + KRB4ET_NO_TKT_FIL = 39525452, + KRB4ET_TKT_FIL_ACC = 39525453, + KRB4ET_TKT_FIL_LCK = 39525454, + KRB4ET_TKT_FIL_FMT = 39525455, + KRB4ET_TKT_FIL_INI = 39525456, + KRB4ET_KNAME_FMT = 39525457 +} krb_error_number; + +#define ERROR_TABLE_BASE_krb 39525376 + +#define COM_ERR_BINDDOMAIN_krb "heim_com_err39525376" + +#endif /* __krb_err_h__ */ diff --git a/kerberos5/include/kx509_asn1.h b/kerberos5/include/kx509_asn1.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/kx509_asn1.h @@ -0,0 +1,165 @@ +/* Generated from ./kx509.asn1 */ +/* Do not edit */ + +#ifndef __kx509_asn1_h__ +#define __kx509_asn1_h__ + +#include +#include + +#ifndef __asn1_common_definitions__ +#define __asn1_common_definitions__ + +#ifndef __HEIM_BASE_DATA__ +#define __HEIM_BASE_DATA__ 1 +struct heim_base_data { + size_t length; + void *data; +}; +typedef struct heim_base_data heim_octet_string; +#endif + +typedef struct heim_integer { + size_t length; + void *data; + int negative; +} heim_integer; + +typedef char *heim_general_string; + +typedef char *heim_utf8_string; + +typedef struct heim_base_data heim_printable_string; + +typedef struct heim_base_data heim_ia5_string; + +typedef struct heim_bmp_string { + size_t length; + uint16_t *data; +} heim_bmp_string; + +typedef struct heim_universal_string { + size_t length; + uint32_t *data; +} heim_universal_string; + +typedef char *heim_visible_string; + +typedef struct heim_oid { + size_t length; + unsigned *components; +} heim_oid; + +typedef struct heim_bit_string { + size_t length; + void *data; +} heim_bit_string; + +typedef struct heim_base_data heim_any; +typedef struct heim_base_data heim_any_set; + +#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \ + do { \ + (BL) = length_##T((S)); \ + (B) = malloc((BL)); \ + if((B) == NULL) { \ + (R) = ENOMEM; \ + } else { \ + (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \ + (S), (L)); \ + if((R) != 0) { \ + free((B)); \ + (B) = NULL; \ + } \ + } \ + } while (0) + +#ifdef _WIN32 +#ifndef ASN1_LIB +#define ASN1EXP __declspec(dllimport) +#else +#define ASN1EXP +#endif +#define ASN1CALL __stdcall +#else +#define ASN1EXP +#define ASN1CALL +#endif +struct units; + +#endif + +/* +KX509-ERROR-CODE ::= INTEGER { + KX509_STATUS_GOOD(0), + KX509_STATUS_CLIENT_BAD(1), + KX509_STATUS_CLIENT_FIX(2), + KX509_STATUS_CLIENT_TEMP(3), + KX509_STATUS_SERVER_BAD(4), + KX509_STATUS_SERVER_TEMP(5), + KX509_STATUS_SERVER_KEY(7) +} +*/ + +typedef enum KX509_ERROR_CODE { + KX509_STATUS_GOOD = 0, + KX509_STATUS_CLIENT_BAD = 1, + KX509_STATUS_CLIENT_FIX = 2, + KX509_STATUS_CLIENT_TEMP = 3, + KX509_STATUS_SERVER_BAD = 4, + KX509_STATUS_SERVER_TEMP = 5, + KX509_STATUS_SERVER_KEY = 7 +} KX509_ERROR_CODE; + +ASN1EXP int ASN1CALL decode_KX509_ERROR_CODE(const unsigned char *, size_t, KX509_ERROR_CODE *, size_t *); +ASN1EXP int ASN1CALL encode_KX509_ERROR_CODE(unsigned char *, size_t, const KX509_ERROR_CODE *, size_t *); +ASN1EXP size_t ASN1CALL length_KX509_ERROR_CODE(const KX509_ERROR_CODE *); +ASN1EXP int ASN1CALL copy_KX509_ERROR_CODE (const KX509_ERROR_CODE *, KX509_ERROR_CODE *); +ASN1EXP void ASN1CALL free_KX509_ERROR_CODE (KX509_ERROR_CODE *); + + +/* +Kx509Request ::= SEQUENCE { + authenticator OCTET STRING, + pk-hash OCTET STRING, + pk-key OCTET STRING, +} +*/ + +typedef struct Kx509Request { + heim_octet_string authenticator; + heim_octet_string pk_hash; + heim_octet_string pk_key; +} Kx509Request; + +ASN1EXP int ASN1CALL decode_Kx509Request(const unsigned char *, size_t, Kx509Request *, size_t *); +ASN1EXP int ASN1CALL encode_Kx509Request(unsigned char *, size_t, const Kx509Request *, size_t *); +ASN1EXP size_t ASN1CALL length_Kx509Request(const Kx509Request *); +ASN1EXP int ASN1CALL copy_Kx509Request (const Kx509Request *, Kx509Request *); +ASN1EXP void ASN1CALL free_Kx509Request (Kx509Request *); + + +/* +Kx509Response ::= SEQUENCE { + error-code [0] INTEGER (-2147483648..2147483647) OPTIONAL, + hash [1] OCTET STRING OPTIONAL, + certificate [2] OCTET STRING OPTIONAL, + e-text [3] VisibleString OPTIONAL, +} +*/ + +typedef struct Kx509Response { + int *error_code; + heim_octet_string *hash; + heim_octet_string *certificate; + heim_visible_string *e_text; +} Kx509Response; + +ASN1EXP int ASN1CALL decode_Kx509Response(const unsigned char *, size_t, Kx509Response *, size_t *); +ASN1EXP int ASN1CALL encode_Kx509Response(unsigned char *, size_t, const Kx509Response *, size_t *); +ASN1EXP size_t ASN1CALL length_Kx509Response(const Kx509Response *); +ASN1EXP int ASN1CALL copy_Kx509Response (const Kx509Response *, Kx509Response *); +ASN1EXP void ASN1CALL free_Kx509Response (Kx509Response *); + + +#endif /* __kx509_asn1_h__ */ diff --git a/contrib/com_err/com_right.h b/kerberos5/include/locate_plugin.h copy from contrib/com_err/com_right.h copy to kerberos5/include/locate_plugin.h --- a/contrib/com_err/com_right.h +++ b/kerberos5/include/locate_plugin.h @@ -1,8 +1,10 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -33,66 +35,47 @@ /* $Id$ */ -#ifndef __COM_RIGHT_H__ -#define __COM_RIGHT_H__ - -#ifndef KRB5_LIB_FUNCTION -#if defined(_WIN32) -#define KRB5_LIB_FUNCTION __declspec(dllimport) -#else -#define KRB5_LIB_FUNCTION -#endif -#endif - -#ifndef KRB5_LIB_CALL -#if defined(_WIN32) -#define KRB5_LIB_CALL __stdcall -#else -#define KRB5_LIB_CALL -#endif -#endif - -#ifndef KRB5_LIB_VARIABLE -#if defined(_WIN32) -#define KRB5_LIB_VARIABLE __declspec(dllimport) -#else -#define KRB5_LIB_VARIABLE -#endif -#endif +#ifndef HEIMDAL_KRB5_LOCATE_PLUGIN_H +#define HEIMDAL_KRB5_LOCATE_PLUGIN_H 1 -#ifdef _WIN32 -#define KRB5_CALLCONV __stdcall -#else -#define KRB5_CALLCONV -#endif +#define KRB5_PLUGIN_LOCATE "service_locator" +#define KRB5_PLUGIN_LOCATE_VERSION 1 +#define KRB5_PLUGIN_LOCATE_VERSION_0 0 +#define KRB5_PLUGIN_LOCATE_VERSION_1 1 +#define KRB5_PLUGIN_LOCATE_VERSION_2 2 -#include +enum locate_service_type { + locate_service_kdc = 1, + locate_service_master_kdc, + locate_service_kadmin, + locate_service_krb524, + locate_service_kpasswd +}; -#ifdef __STDC__ -#include -#endif +typedef krb5_error_code +(KRB5_CALLCONV *krb5plugin_service_locate_lookup) + (void *, unsigned long, enum locate_service_type, + const char *, int, int, + int (*)(void *,int,struct sockaddr *), + void *); -struct error_table { - char const * const * msgs; - long base; - int n_msgs; -}; -struct et_list { - struct et_list *next; - struct error_table *table; -}; -extern struct et_list *_et_list; +#define KRB5_PLF_ALLOW_HOMEDIR 1 -KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL -com_right (struct et_list *list, long code); +typedef krb5_error_code +(KRB5_CALLCONV *krb5plugin_service_locate_lookup_old) + (void *, enum locate_service_type, + const char *, int, int, + int (*)(void *,int,struct sockaddr *), + void *); -KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL -com_right_r (struct et_list *list, long code, char *, size_t); -KRB5_LIB_FUNCTION void KRB5_LIB_CALL -initialize_error_table_r (struct et_list **, const char **, int, long); +typedef struct krb5plugin_service_locate_ftable { + int minor_version; + krb5_error_code (KRB5_CALLCONV *init)(krb5_context, void **); + void (KRB5_CALLCONV *fini)(void *); + krb5plugin_service_locate_lookup_old old_lookup; + krb5plugin_service_locate_lookup lookup; /* version 2 */ +} krb5plugin_service_locate_ftable; -KRB5_LIB_FUNCTION void KRB5_LIB_CALL -free_error_table (struct et_list *); +#endif /* HEIMDAL_KRB5_LOCATE_PLUGIN_H */ -#endif /* __COM_RIGHT_H__ */ diff --git a/kerberos5/include/ntlm_err.h b/kerberos5/include/ntlm_err.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/ntlm_err.h @@ -0,0 +1,51 @@ +/* Generated from ntlm_err.et */ + +#ifndef __ntlm_err_h__ +#define __ntlm_err_h__ + +struct et_list; + +void initialize_ntlm_error_table_r(struct et_list **); + +void initialize_ntlm_error_table(void); +#define init_ntlm_err_tbl initialize_ntlm_error_table + +typedef enum ntlm_error_number{ + HNTLM_ERR_DECODE = -1561745664, + HNTLM_ERR_INVALID_LENGTH = -1561745663, + HNTLM_ERR_CRYPTO = -1561745662, + HNTLM_ERR_RAND = -1561745661, + HNTLM_ERR_AUTH = -1561745660, + HNTLM_ERR_TIME_SKEW = -1561745659, + HNTLM_ERR_OEM = -1561745658, + HNTLM_ERR_MISSING_NAME_SEPARATOR = -1561745657, + HNTLM_ERR_MISSING_BUFFER = -1561745656, + HNTLM_ERR_INVALID_APOP = -1561745655, + HNTLM_ERR_INVALID_CRAM_MD5 = -1561745654, + HNTLM_ERR_INVALID_DIGEST_MD5 = -1561745653, + HNTLM_ERR_INVALID_DIGEST_MD5_RSPAUTH = -1561745652, + HNTLM_ERR_INVALID_CHANNEL_BINDINGS = -1561745651, + HNTLM_ERR_INVALID_MIC = -1561745650, + HNTLM_ERR_INVALID_SESSIONKEY = -1561745649, + HNTLM_ERR_NOT_CONFIGURED = -1561745600, + HNTLM_ERR_INVALID_CHALLANGE = -1561745599, + HNTLM_ERR_INVALID_LMv1_RESPONSE = -1561745598, + HNTLM_ERR_INVALID_NT_RESPONSE = -1561745597, + HNTLM_ERR_INVALID_LMv2_RESPONSE = -1561745596, + HNTLM_ERR_INVALID_NTv1_RESPONSE = -1561745595, + HNTLM_ERR_INVALID_NTv2_RESPONSE = -1561745594, + HNTLM_ERR_INVALID_NTv1_ANSWER = -1561745593, + HNTLM_ERR_INVALID_NTv2_ANSWER = -1561745592, + HNTLM_ERR_INVALID_SESSION_KEY = -1561745591, + HNTLM_ERR_INVALID_NO_GUEST = -1561745590, + HNTLM_ERR_NO_NETR_CONFIGURED = -1561745589, + HSCRAM_ERR_INVALID_MESSAGE = -1561745536, + HSCRAM_ERR_INVALID_PROOF = -1561745535, + HSCRAM_ERR_INVALID_ROLE = -1561745534 +} ntlm_error_number; + +#define ERROR_TABLE_BASE_ntlm -1561745664 + +#define COM_ERR_BINDDOMAIN_ntlm "heim_com_err-1561745664" + +#endif /* __ntlm_err_h__ */ diff --git a/kerberos5/include/ocsp_asn1.h b/kerberos5/include/ocsp_asn1.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/ocsp_asn1.h @@ -0,0 +1,453 @@ +/* Generated from ./ocsp.asn1 */ +/* Do not edit */ + +#ifndef __ocsp_asn1_h__ +#define __ocsp_asn1_h__ + +#include +#include + +#ifndef __asn1_common_definitions__ +#define __asn1_common_definitions__ + +#ifndef __HEIM_BASE_DATA__ +#define __HEIM_BASE_DATA__ 1 +struct heim_base_data { + size_t length; + void *data; +}; +typedef struct heim_base_data heim_octet_string; +#endif + +typedef struct heim_integer { + size_t length; + void *data; + int negative; +} heim_integer; + +typedef char *heim_general_string; + +typedef char *heim_utf8_string; + +typedef struct heim_base_data heim_printable_string; + +typedef struct heim_base_data heim_ia5_string; + +typedef struct heim_bmp_string { + size_t length; + uint16_t *data; +} heim_bmp_string; + +typedef struct heim_universal_string { + size_t length; + uint32_t *data; +} heim_universal_string; + +typedef char *heim_visible_string; + +typedef struct heim_oid { + size_t length; + unsigned *components; +} heim_oid; + +typedef struct heim_bit_string { + size_t length; + void *data; +} heim_bit_string; + +typedef struct heim_base_data heim_any; +typedef struct heim_base_data heim_any_set; + +#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \ + do { \ + (BL) = length_##T((S)); \ + (B) = malloc((BL)); \ + if((B) == NULL) { \ + (R) = ENOMEM; \ + } else { \ + (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \ + (S), (L)); \ + if((R) != 0) { \ + free((B)); \ + (B) = NULL; \ + } \ + } \ + } while (0) + +#ifdef _WIN32 +#ifndef ASN1_LIB +#define ASN1EXP __declspec(dllimport) +#else +#define ASN1EXP +#endif +#define ASN1CALL __stdcall +#else +#define ASN1EXP +#define ASN1CALL +#endif +struct units; + +#endif + +#include +/* +OCSPVersion ::= INTEGER { + ocsp_v1(0) +} +*/ + +typedef enum OCSPVersion { + ocsp_v1 = 0 +} OCSPVersion; + +ASN1EXP int ASN1CALL decode_OCSPVersion(const unsigned char *, size_t, OCSPVersion *, size_t *); +ASN1EXP int ASN1CALL encode_OCSPVersion(unsigned char *, size_t, const OCSPVersion *, size_t *); +ASN1EXP size_t ASN1CALL length_OCSPVersion(const OCSPVersion *); +ASN1EXP int ASN1CALL copy_OCSPVersion (const OCSPVersion *, OCSPVersion *); +ASN1EXP void ASN1CALL free_OCSPVersion (OCSPVersion *); + + +/* +OCSPCertStatus ::= CHOICE { + good [0] IMPLICIT NULL, + revoked [1] IMPLICIT SEQUENCE { + revocationTime GeneralizedTime, + revocationReason [0] CRLReason OPTIONAL, + }, + unknown [2] IMPLICIT NULL, +} +*/ + +typedef struct OCSPCertStatus { + enum OCSPCertStatus_enum { + choice_OCSPCertStatus_good = 1, + choice_OCSPCertStatus_revoked, + choice_OCSPCertStatus_unknown + } element; + union { + int good; + struct OCSPCertStatus_revoked { + time_t revocationTime; + CRLReason *revocationReason; + } revoked; + int unknown; + } u; +} OCSPCertStatus; + +ASN1EXP int ASN1CALL decode_OCSPCertStatus(const unsigned char *, size_t, OCSPCertStatus *, size_t *); +ASN1EXP int ASN1CALL encode_OCSPCertStatus(unsigned char *, size_t, const OCSPCertStatus *, size_t *); +ASN1EXP size_t ASN1CALL length_OCSPCertStatus(const OCSPCertStatus *); +ASN1EXP int ASN1CALL copy_OCSPCertStatus (const OCSPCertStatus *, OCSPCertStatus *); +ASN1EXP void ASN1CALL free_OCSPCertStatus (OCSPCertStatus *); + + +/* +OCSPCertID ::= SEQUENCE { + hashAlgorithm AlgorithmIdentifier, + issuerNameHash OCTET STRING, + issuerKeyHash OCTET STRING, + serialNumber CertificateSerialNumber, +} +*/ + +typedef struct OCSPCertID { + AlgorithmIdentifier hashAlgorithm; + heim_octet_string issuerNameHash; + heim_octet_string issuerKeyHash; + CertificateSerialNumber serialNumber; +} OCSPCertID; + +ASN1EXP int ASN1CALL decode_OCSPCertID(const unsigned char *, size_t, OCSPCertID *, size_t *); +ASN1EXP int ASN1CALL encode_OCSPCertID(unsigned char *, size_t, const OCSPCertID *, size_t *); +ASN1EXP size_t ASN1CALL length_OCSPCertID(const OCSPCertID *); +ASN1EXP int ASN1CALL copy_OCSPCertID (const OCSPCertID *, OCSPCertID *); +ASN1EXP void ASN1CALL free_OCSPCertID (OCSPCertID *); + + +/* +OCSPSingleResponse ::= SEQUENCE { + certID OCSPCertID, + certStatus OCSPCertStatus, + thisUpdate GeneralizedTime, + nextUpdate [0] GeneralizedTime OPTIONAL, + singleExtensions [1] Extensions OPTIONAL, +} +*/ + +typedef struct OCSPSingleResponse { + OCSPCertID certID; + OCSPCertStatus certStatus; + time_t thisUpdate; + time_t *nextUpdate; + Extensions *singleExtensions; +} OCSPSingleResponse; + +ASN1EXP int ASN1CALL decode_OCSPSingleResponse(const unsigned char *, size_t, OCSPSingleResponse *, size_t *); +ASN1EXP int ASN1CALL encode_OCSPSingleResponse(unsigned char *, size_t, const OCSPSingleResponse *, size_t *); +ASN1EXP size_t ASN1CALL length_OCSPSingleResponse(const OCSPSingleResponse *); +ASN1EXP int ASN1CALL copy_OCSPSingleResponse (const OCSPSingleResponse *, OCSPSingleResponse *); +ASN1EXP void ASN1CALL free_OCSPSingleResponse (OCSPSingleResponse *); + + +/* +OCSPInnerRequest ::= SEQUENCE { + reqCert OCSPCertID, + singleRequestExtensions [0] Extensions OPTIONAL, +} +*/ + +typedef struct OCSPInnerRequest { + OCSPCertID reqCert; + Extensions *singleRequestExtensions; +} OCSPInnerRequest; + +ASN1EXP int ASN1CALL decode_OCSPInnerRequest(const unsigned char *, size_t, OCSPInnerRequest *, size_t *); +ASN1EXP int ASN1CALL encode_OCSPInnerRequest(unsigned char *, size_t, const OCSPInnerRequest *, size_t *); +ASN1EXP size_t ASN1CALL length_OCSPInnerRequest(const OCSPInnerRequest *); +ASN1EXP int ASN1CALL copy_OCSPInnerRequest (const OCSPInnerRequest *, OCSPInnerRequest *); +ASN1EXP void ASN1CALL free_OCSPInnerRequest (OCSPInnerRequest *); + + +/* +OCSPTBSRequest ::= SEQUENCE { + version [0] OCSPVersion OPTIONAL, + requestorName [1] GeneralName OPTIONAL, + requestList SEQUENCE OF OCSPInnerRequest, + requestExtensions [2] Extensions OPTIONAL, +} +*/ + +typedef struct OCSPTBSRequest { + heim_octet_string _save; + OCSPVersion *version; + GeneralName *requestorName; + struct OCSPTBSRequest_requestList { + unsigned int len; + OCSPInnerRequest *val; + } requestList; + Extensions *requestExtensions; +} OCSPTBSRequest; + +ASN1EXP int ASN1CALL decode_OCSPTBSRequest(const unsigned char *, size_t, OCSPTBSRequest *, size_t *); +ASN1EXP int ASN1CALL encode_OCSPTBSRequest(unsigned char *, size_t, const OCSPTBSRequest *, size_t *); +ASN1EXP size_t ASN1CALL length_OCSPTBSRequest(const OCSPTBSRequest *); +ASN1EXP int ASN1CALL copy_OCSPTBSRequest (const OCSPTBSRequest *, OCSPTBSRequest *); +ASN1EXP void ASN1CALL free_OCSPTBSRequest (OCSPTBSRequest *); + + +/* +OCSPSignature ::= SEQUENCE { + signatureAlgorithm AlgorithmIdentifier, + signature BIT STRING { + }, + certs [0] SEQUENCE OF Certificate OPTIONAL, +} +*/ + +typedef struct OCSPSignature { + AlgorithmIdentifier signatureAlgorithm; + heim_bit_string signature; + struct OCSPSignature_certs { + unsigned int len; + Certificate *val; + } *certs; +} OCSPSignature; + +ASN1EXP int ASN1CALL decode_OCSPSignature(const unsigned char *, size_t, OCSPSignature *, size_t *); +ASN1EXP int ASN1CALL encode_OCSPSignature(unsigned char *, size_t, const OCSPSignature *, size_t *); +ASN1EXP size_t ASN1CALL length_OCSPSignature(const OCSPSignature *); +ASN1EXP int ASN1CALL copy_OCSPSignature (const OCSPSignature *, OCSPSignature *); +ASN1EXP void ASN1CALL free_OCSPSignature (OCSPSignature *); + + +/* +OCSPRequest ::= SEQUENCE { + tbsRequest OCSPTBSRequest, + optionalSignature [0] OCSPSignature OPTIONAL, +} +*/ + +typedef struct OCSPRequest { + OCSPTBSRequest tbsRequest; + OCSPSignature *optionalSignature; +} OCSPRequest; + +ASN1EXP int ASN1CALL decode_OCSPRequest(const unsigned char *, size_t, OCSPRequest *, size_t *); +ASN1EXP int ASN1CALL encode_OCSPRequest(unsigned char *, size_t, const OCSPRequest *, size_t *); +ASN1EXP size_t ASN1CALL length_OCSPRequest(const OCSPRequest *); +ASN1EXP int ASN1CALL copy_OCSPRequest (const OCSPRequest *, OCSPRequest *); +ASN1EXP void ASN1CALL free_OCSPRequest (OCSPRequest *); + + +/* +OCSPResponseBytes ::= SEQUENCE { + responseType OBJECT IDENTIFIER, + response OCTET STRING, +} +*/ + +typedef struct OCSPResponseBytes { + heim_oid responseType; + heim_octet_string response; +} OCSPResponseBytes; + +ASN1EXP int ASN1CALL decode_OCSPResponseBytes(const unsigned char *, size_t, OCSPResponseBytes *, size_t *); +ASN1EXP int ASN1CALL encode_OCSPResponseBytes(unsigned char *, size_t, const OCSPResponseBytes *, size_t *); +ASN1EXP size_t ASN1CALL length_OCSPResponseBytes(const OCSPResponseBytes *); +ASN1EXP int ASN1CALL copy_OCSPResponseBytes (const OCSPResponseBytes *, OCSPResponseBytes *); +ASN1EXP void ASN1CALL free_OCSPResponseBytes (OCSPResponseBytes *); + + +/* +OCSPResponseStatus ::= INTEGER { + successful(0), + malformedRequest(1), + internalError(2), + tryLater(3), + sigRequired(5), + unauthorized(6) +} +*/ + +typedef enum OCSPResponseStatus { + successful = 0, + malformedRequest = 1, + internalError = 2, + tryLater = 3, + sigRequired = 5, + unauthorized = 6 +} OCSPResponseStatus; + +ASN1EXP int ASN1CALL decode_OCSPResponseStatus(const unsigned char *, size_t, OCSPResponseStatus *, size_t *); +ASN1EXP int ASN1CALL encode_OCSPResponseStatus(unsigned char *, size_t, const OCSPResponseStatus *, size_t *); +ASN1EXP size_t ASN1CALL length_OCSPResponseStatus(const OCSPResponseStatus *); +ASN1EXP int ASN1CALL copy_OCSPResponseStatus (const OCSPResponseStatus *, OCSPResponseStatus *); +ASN1EXP void ASN1CALL free_OCSPResponseStatus (OCSPResponseStatus *); + + +/* +OCSPResponse ::= SEQUENCE { + responseStatus OCSPResponseStatus, + responseBytes [0] OCSPResponseBytes OPTIONAL, +} +*/ + +typedef struct OCSPResponse { + OCSPResponseStatus responseStatus; + OCSPResponseBytes *responseBytes; +} OCSPResponse; + +ASN1EXP int ASN1CALL decode_OCSPResponse(const unsigned char *, size_t, OCSPResponse *, size_t *); +ASN1EXP int ASN1CALL encode_OCSPResponse(unsigned char *, size_t, const OCSPResponse *, size_t *); +ASN1EXP size_t ASN1CALL length_OCSPResponse(const OCSPResponse *); +ASN1EXP int ASN1CALL copy_OCSPResponse (const OCSPResponse *, OCSPResponse *); +ASN1EXP void ASN1CALL free_OCSPResponse (OCSPResponse *); + + +/* +OCSPKeyHash ::= OCTET STRING +*/ + +typedef heim_octet_string OCSPKeyHash; + +ASN1EXP int ASN1CALL decode_OCSPKeyHash(const unsigned char *, size_t, OCSPKeyHash *, size_t *); +ASN1EXP int ASN1CALL encode_OCSPKeyHash(unsigned char *, size_t, const OCSPKeyHash *, size_t *); +ASN1EXP size_t ASN1CALL length_OCSPKeyHash(const OCSPKeyHash *); +ASN1EXP int ASN1CALL copy_OCSPKeyHash (const OCSPKeyHash *, OCSPKeyHash *); +ASN1EXP void ASN1CALL free_OCSPKeyHash (OCSPKeyHash *); + + +/* +OCSPResponderID ::= CHOICE { + byName [1] Name, + byKey [2] OCSPKeyHash, +} +*/ + +typedef struct OCSPResponderID { + enum OCSPResponderID_enum { + choice_OCSPResponderID_byName = 1, + choice_OCSPResponderID_byKey + } element; + union { + Name byName; + OCSPKeyHash byKey; + } u; +} OCSPResponderID; + +ASN1EXP int ASN1CALL decode_OCSPResponderID(const unsigned char *, size_t, OCSPResponderID *, size_t *); +ASN1EXP int ASN1CALL encode_OCSPResponderID(unsigned char *, size_t, const OCSPResponderID *, size_t *); +ASN1EXP size_t ASN1CALL length_OCSPResponderID(const OCSPResponderID *); +ASN1EXP int ASN1CALL copy_OCSPResponderID (const OCSPResponderID *, OCSPResponderID *); +ASN1EXP void ASN1CALL free_OCSPResponderID (OCSPResponderID *); + + +/* +OCSPResponseData ::= SEQUENCE { + version [0] OCSPVersion OPTIONAL, + responderID OCSPResponderID, + producedAt GeneralizedTime, + responses SEQUENCE OF OCSPSingleResponse, + responseExtensions [1] Extensions OPTIONAL, +} +*/ + +typedef struct OCSPResponseData { + heim_octet_string _save; + OCSPVersion *version; + OCSPResponderID responderID; + time_t producedAt; + struct OCSPResponseData_responses { + unsigned int len; + OCSPSingleResponse *val; + } responses; + Extensions *responseExtensions; +} OCSPResponseData; + +ASN1EXP int ASN1CALL decode_OCSPResponseData(const unsigned char *, size_t, OCSPResponseData *, size_t *); +ASN1EXP int ASN1CALL encode_OCSPResponseData(unsigned char *, size_t, const OCSPResponseData *, size_t *); +ASN1EXP size_t ASN1CALL length_OCSPResponseData(const OCSPResponseData *); +ASN1EXP int ASN1CALL copy_OCSPResponseData (const OCSPResponseData *, OCSPResponseData *); +ASN1EXP void ASN1CALL free_OCSPResponseData (OCSPResponseData *); + + +/* +OCSPBasicOCSPResponse ::= SEQUENCE { + tbsResponseData OCSPResponseData, + signatureAlgorithm AlgorithmIdentifier, + signature BIT STRING { + }, + certs [0] SEQUENCE OF Certificate OPTIONAL, +} +*/ + +typedef struct OCSPBasicOCSPResponse { + OCSPResponseData tbsResponseData; + AlgorithmIdentifier signatureAlgorithm; + heim_bit_string signature; + struct OCSPBasicOCSPResponse_certs { + unsigned int len; + Certificate *val; + } *certs; +} OCSPBasicOCSPResponse; + +ASN1EXP int ASN1CALL decode_OCSPBasicOCSPResponse(const unsigned char *, size_t, OCSPBasicOCSPResponse *, size_t *); +ASN1EXP int ASN1CALL encode_OCSPBasicOCSPResponse(unsigned char *, size_t, const OCSPBasicOCSPResponse *, size_t *); +ASN1EXP size_t ASN1CALL length_OCSPBasicOCSPResponse(const OCSPBasicOCSPResponse *); +ASN1EXP int ASN1CALL copy_OCSPBasicOCSPResponse (const OCSPBasicOCSPResponse *, OCSPBasicOCSPResponse *); +ASN1EXP void ASN1CALL free_OCSPBasicOCSPResponse (OCSPBasicOCSPResponse *); + + +/* OBJECT IDENTIFIER id-pkix-ocsp ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) pkix-ad(48) label-less(1) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkix_ocsp; +#define ASN1_OID_ID_PKIX_OCSP (&asn1_oid_id_pkix_ocsp) + +/* OBJECT IDENTIFIER id-pkix-ocsp-basic ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) pkix-ad(48) label-less(1) label-less(1) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkix_ocsp_basic; +#define ASN1_OID_ID_PKIX_OCSP_BASIC (&asn1_oid_id_pkix_ocsp_basic) + +/* OBJECT IDENTIFIER id-pkix-ocsp-nonce ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) pkix-ad(48) label-less(1) label-less(2) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkix_ocsp_nonce; +#define ASN1_OID_ID_PKIX_OCSP_NONCE (&asn1_oid_id_pkix_ocsp_nonce) + +#endif /* __ocsp_asn1_h__ */ diff --git a/kerberos5/include/otp.h b/kerberos5/include/otp.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/otp.h @@ -0,0 +1,101 @@ +/* + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef _OTP_H +#define _OTP_H + +#include +#include + +enum {OTPKEYSIZE = 8}; + +typedef unsigned char OtpKey[OTPKEYSIZE]; + +#define OTP_MIN_PASSPHRASE 10 +#define OTP_MAX_PASSPHRASE 63 + +#define OTP_USER_TIMEOUT 120 +#define OTP_DB_TIMEOUT 60 + +#define OTP_HEXPREFIX "hex:" +#define OTP_WORDPREFIX "word:" + +typedef enum { OTP_ALG_MD4, OTP_ALG_MD5, OTP_ALG_SHA } OtpAlgID; + +#define OTP_ALG_DEFAULT "md5" + +typedef struct { + OtpAlgID id; + char *name; + int hashsize; + int (*hash)(const char *, size_t, unsigned char *); + int (*init)(OtpKey, const char *, const char *); + int (*next)(OtpKey); +} OtpAlgorithm; + +typedef struct { + char *user; + OtpAlgorithm *alg; + unsigned n; + char seed[17]; + OtpKey key; + int challengep; + time_t lock_time; + char *err; +} OtpContext; + +OtpAlgorithm *otp_find_alg (char *); +void otp_print_stddict (OtpKey, char *, size_t); +void otp_print_hex (OtpKey, char *, size_t); +void otp_print_stddict_extended (OtpKey, char *, size_t); +void otp_print_hex_extended (OtpKey, char *, size_t); +unsigned otp_checksum (OtpKey); +int otp_parse_hex (OtpKey, const char *); +int otp_parse_stddict (OtpKey, const char *); +int otp_parse_altdict (OtpKey, const char *, OtpAlgorithm *); +int otp_parse (OtpKey, const char *, OtpAlgorithm *); +int otp_challenge (OtpContext *, char *, char *, size_t); +int otp_verify_user (OtpContext *, const char *); +int otp_verify_user_1 (OtpContext *, const char *); +char *otp_error (OtpContext *); + +void *otp_db_open (void); +void otp_db_close (void *); +int otp_put (void *, OtpContext *); +int otp_get (void *, OtpContext *); +int otp_simple_get (void *, OtpContext *); +int otp_delete (void *, OtpContext *); + +#endif /* _OTP_H */ diff --git a/contrib/com_err/lex.h b/kerberos5/include/parse_bytes.h copy from contrib/com_err/lex.h copy to kerberos5/include/parse_bytes.h --- a/contrib/com_err/lex.h +++ b/kerberos5/include/parse_bytes.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,26 @@ /* $Id$ */ -void _lex_error_message (const char *, ...) -__attribute__ ((format (printf, 1, 2))); +#ifndef __PARSE_BYTES_H__ +#define __PARSE_BYTES_H__ -int yylex(void); +#ifndef ROKEN_LIB_FUNCTION +#ifdef _WIN32 +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl +#else +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL +#endif +#endif + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +parse_bytes (const char *s, const char *def_unit); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +unparse_bytes (int t, char *s, size_t len); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +unparse_bytes_short (int t, char *s, size_t len); + +#endif /* __PARSE_BYTES_H__ */ diff --git a/contrib/com_err/roken_rename.h b/kerberos5/include/parse_time.h copy from contrib/com_err/roken_rename.h copy to kerberos5/include/parse_time.h --- a/contrib/com_err/roken_rename.h +++ b/kerberos5/include/parse_time.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,30 +33,29 @@ /* $Id$ */ -#ifndef __roken_rename_h__ -#define __roken_rename_h__ +#ifndef __PARSE_TIME_H__ +#define __PARSE_TIME_H__ -#ifndef HAVE_SNPRINTF -#define rk_snprintf _com_err_snprintf +#ifndef ROKEN_LIB_FUNCTION +#ifdef _WIN32 +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl +#else +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif -#ifndef HAVE_VSNPRINTF -#define rk_vsnprintf _com_err_vsnprintf -#endif -#ifndef HAVE_ASPRINTF -#define rk_asprintf _com_err_asprintf -#endif -#ifndef HAVE_ASNPRINTF -#define rk_asnprintf _com_err_asnprintf -#endif -#ifndef HAVE_VASPRINTF -#define rk_vasprintf _com_err_vasprintf -#endif -#ifndef HAVE_VASNPRINTF -#define rk_vasnprintf _com_err_vasnprintf -#endif -#ifndef HAVE_STRLCPY -#define rk_strlcpy _com_err_strlcpy #endif +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +parse_time (const char *s, const char *def_unit); + +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL +unparse_time (int t, char *s, size_t len); + +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL +unparse_time_approx (int t, char *s, size_t len); + +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +print_time_table (FILE *f); -#endif /* __roken_rename_h__ */ +#endif /* __PARSE_TIME_H__ */ diff --git a/contrib/com_err/com_right.h b/kerberos5/include/parse_units.h rename from contrib/com_err/com_right.h rename to kerberos5/include/parse_units.h --- a/contrib/com_err/com_right.h +++ b/kerberos5/include/parse_units.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,66 +33,49 @@ /* $Id$ */ -#ifndef __COM_RIGHT_H__ -#define __COM_RIGHT_H__ +#ifndef __PARSE_UNITS_H__ +#define __PARSE_UNITS_H__ -#ifndef KRB5_LIB_FUNCTION -#if defined(_WIN32) -#define KRB5_LIB_FUNCTION __declspec(dllimport) -#else -#define KRB5_LIB_FUNCTION -#endif -#endif - -#ifndef KRB5_LIB_CALL -#if defined(_WIN32) -#define KRB5_LIB_CALL __stdcall -#else -#define KRB5_LIB_CALL -#endif -#endif +#include +#include -#ifndef KRB5_LIB_VARIABLE -#if defined(_WIN32) -#define KRB5_LIB_VARIABLE __declspec(dllimport) +#ifndef ROKEN_LIB_FUNCTION +#ifdef _WIN32 +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl #else -#define KRB5_LIB_VARIABLE +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif #endif -#ifdef _WIN32 -#define KRB5_CALLCONV __stdcall -#else -#define KRB5_CALLCONV -#endif +struct units { + const char *name; + unsigned mult; +}; -#include +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +parse_units (const char *s, const struct units *units, + const char *def_unit); -#ifdef __STDC__ -#include -#endif +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +print_units_table (const struct units *units, FILE *f); -struct error_table { - char const * const * msgs; - long base; - int n_msgs; -}; -struct et_list { - struct et_list *next; - struct error_table *table; -}; -extern struct et_list *_et_list; +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +parse_flags (const char *s, const struct units *units, + int orig); -KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL -com_right (struct et_list *list, long code); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +unparse_units (int num, const struct units *units, char *s, size_t len); -KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL -com_right_r (struct et_list *list, long code, char *, size_t); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +unparse_units_approx (int num, const struct units *units, char *s, + size_t len); -KRB5_LIB_FUNCTION void KRB5_LIB_CALL -initialize_error_table_r (struct et_list **, const char **, int, long); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +unparse_flags (int num, const struct units *units, char *s, size_t len); -KRB5_LIB_FUNCTION void KRB5_LIB_CALL -free_error_table (struct et_list *); +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +print_flags_table (const struct units *units, FILE *f); -#endif /* __COM_RIGHT_H__ */ +#endif /* __PARSE_UNITS_H__ */ diff --git a/kerberos5/include/pkcs10_asn1.h b/kerberos5/include/pkcs10_asn1.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/pkcs10_asn1.h @@ -0,0 +1,146 @@ +/* Generated from ./pkcs10.asn1 */ +/* Do not edit */ + +#ifndef __pkcs10_asn1_h__ +#define __pkcs10_asn1_h__ + +#include +#include + +#ifndef __asn1_common_definitions__ +#define __asn1_common_definitions__ + +#ifndef __HEIM_BASE_DATA__ +#define __HEIM_BASE_DATA__ 1 +struct heim_base_data { + size_t length; + void *data; +}; +typedef struct heim_base_data heim_octet_string; +#endif + +typedef struct heim_integer { + size_t length; + void *data; + int negative; +} heim_integer; + +typedef char *heim_general_string; + +typedef char *heim_utf8_string; + +typedef struct heim_base_data heim_printable_string; + +typedef struct heim_base_data heim_ia5_string; + +typedef struct heim_bmp_string { + size_t length; + uint16_t *data; +} heim_bmp_string; + +typedef struct heim_universal_string { + size_t length; + uint32_t *data; +} heim_universal_string; + +typedef char *heim_visible_string; + +typedef struct heim_oid { + size_t length; + unsigned *components; +} heim_oid; + +typedef struct heim_bit_string { + size_t length; + void *data; +} heim_bit_string; + +typedef struct heim_base_data heim_any; +typedef struct heim_base_data heim_any_set; + +#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \ + do { \ + (BL) = length_##T((S)); \ + (B) = malloc((BL)); \ + if((B) == NULL) { \ + (R) = ENOMEM; \ + } else { \ + (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \ + (S), (L)); \ + if((R) != 0) { \ + free((B)); \ + (B) = NULL; \ + } \ + } \ + } while (0) + +#ifdef _WIN32 +#ifndef ASN1_LIB +#define ASN1EXP __declspec(dllimport) +#else +#define ASN1EXP +#endif +#define ASN1CALL __stdcall +#else +#define ASN1EXP +#define ASN1CALL +#endif +struct units; + +#endif + +#include +/* +CertificationRequestInfo ::= SEQUENCE { + version INTEGER { + pkcs10_v1(0) + }, + subject Name, + subjectPKInfo SubjectPublicKeyInfo, + attributes [0] IMPLICIT SET OF Attribute OPTIONAL, +} +*/ + +typedef struct CertificationRequestInfo { + heim_octet_string _save; + enum { + pkcs10_v1 = 0 +} version; + Name subject; + SubjectPublicKeyInfo subjectPKInfo; + struct CertificationRequestInfo_attributes { + unsigned int len; + Attribute *val; + } *attributes; +} CertificationRequestInfo; + +ASN1EXP int ASN1CALL decode_CertificationRequestInfo(const unsigned char *, size_t, CertificationRequestInfo *, size_t *); +ASN1EXP int ASN1CALL encode_CertificationRequestInfo(unsigned char *, size_t, const CertificationRequestInfo *, size_t *); +ASN1EXP size_t ASN1CALL length_CertificationRequestInfo(const CertificationRequestInfo *); +ASN1EXP int ASN1CALL copy_CertificationRequestInfo (const CertificationRequestInfo *, CertificationRequestInfo *); +ASN1EXP void ASN1CALL free_CertificationRequestInfo (CertificationRequestInfo *); + + +/* +CertificationRequest ::= SEQUENCE { + certificationRequestInfo CertificationRequestInfo, + signatureAlgorithm AlgorithmIdentifier, + signature BIT STRING { + }, +} +*/ + +typedef struct CertificationRequest { + CertificationRequestInfo certificationRequestInfo; + AlgorithmIdentifier signatureAlgorithm; + heim_bit_string signature; +} CertificationRequest; + +ASN1EXP int ASN1CALL decode_CertificationRequest(const unsigned char *, size_t, CertificationRequest *, size_t *); +ASN1EXP int ASN1CALL encode_CertificationRequest(unsigned char *, size_t, const CertificationRequest *, size_t *); +ASN1EXP size_t ASN1CALL length_CertificationRequest(const CertificationRequest *); +ASN1EXP int ASN1CALL copy_CertificationRequest (const CertificationRequest *, CertificationRequest *); +ASN1EXP void ASN1CALL free_CertificationRequest (CertificationRequest *); + + +#endif /* __pkcs10_asn1_h__ */ diff --git a/kerberos5/include/pkcs12_asn1.h b/kerberos5/include/pkcs12_asn1.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/pkcs12_asn1.h @@ -0,0 +1,336 @@ +/* Generated from ./pkcs12.asn1 */ +/* Do not edit */ + +#ifndef __pkcs12_asn1_h__ +#define __pkcs12_asn1_h__ + +#include +#include + +#ifndef __asn1_common_definitions__ +#define __asn1_common_definitions__ + +#ifndef __HEIM_BASE_DATA__ +#define __HEIM_BASE_DATA__ 1 +struct heim_base_data { + size_t length; + void *data; +}; +typedef struct heim_base_data heim_octet_string; +#endif + +typedef struct heim_integer { + size_t length; + void *data; + int negative; +} heim_integer; + +typedef char *heim_general_string; + +typedef char *heim_utf8_string; + +typedef struct heim_base_data heim_printable_string; + +typedef struct heim_base_data heim_ia5_string; + +typedef struct heim_bmp_string { + size_t length; + uint16_t *data; +} heim_bmp_string; + +typedef struct heim_universal_string { + size_t length; + uint32_t *data; +} heim_universal_string; + +typedef char *heim_visible_string; + +typedef struct heim_oid { + size_t length; + unsigned *components; +} heim_oid; + +typedef struct heim_bit_string { + size_t length; + void *data; +} heim_bit_string; + +typedef struct heim_base_data heim_any; +typedef struct heim_base_data heim_any_set; + +#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \ + do { \ + (BL) = length_##T((S)); \ + (B) = malloc((BL)); \ + if((B) == NULL) { \ + (R) = ENOMEM; \ + } else { \ + (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \ + (S), (L)); \ + if((R) != 0) { \ + free((B)); \ + (B) = NULL; \ + } \ + } \ + } while (0) + +#ifdef _WIN32 +#ifndef ASN1_LIB +#define ASN1EXP __declspec(dllimport) +#else +#define ASN1EXP +#endif +#define ASN1CALL __stdcall +#else +#define ASN1EXP +#define ASN1CALL +#endif +struct units; + +#endif + +#include +#include +#include +/* OBJECT IDENTIFIER id-pkcs-12 ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-12(12) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs_12; +#define ASN1_OID_ID_PKCS_12 (&asn1_oid_id_pkcs_12) + +/* OBJECT IDENTIFIER id-pkcs-12PbeIds ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-12(12) label-less(1) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs_12PbeIds; +#define ASN1_OID_ID_PKCS_12PBEIDS (&asn1_oid_id_pkcs_12PbeIds) + +/* OBJECT IDENTIFIER id-pbeWithSHAAnd128BitRC4 ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-12(12) label-less(1) label-less(1) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pbeWithSHAAnd128BitRC4; +#define ASN1_OID_ID_PBEWITHSHAAND128BITRC4 (&asn1_oid_id_pbeWithSHAAnd128BitRC4) + +/* OBJECT IDENTIFIER id-pbeWithSHAAnd40BitRC4 ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-12(12) label-less(1) label-less(2) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pbeWithSHAAnd40BitRC4; +#define ASN1_OID_ID_PBEWITHSHAAND40BITRC4 (&asn1_oid_id_pbeWithSHAAnd40BitRC4) + +/* OBJECT IDENTIFIER id-pbeWithSHAAnd3-KeyTripleDES-CBC ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-12(12) label-less(1) label-less(3) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pbeWithSHAAnd3_KeyTripleDES_CBC; +#define ASN1_OID_ID_PBEWITHSHAAND3_KEYTRIPLEDES_CBC (&asn1_oid_id_pbeWithSHAAnd3_KeyTripleDES_CBC) + +/* OBJECT IDENTIFIER id-pbeWithSHAAnd2-KeyTripleDES-CBC ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-12(12) label-less(1) label-less(4) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pbeWithSHAAnd2_KeyTripleDES_CBC; +#define ASN1_OID_ID_PBEWITHSHAAND2_KEYTRIPLEDES_CBC (&asn1_oid_id_pbeWithSHAAnd2_KeyTripleDES_CBC) + +/* OBJECT IDENTIFIER id-pbeWithSHAAnd128BitRC2-CBC ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-12(12) label-less(1) label-less(5) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pbeWithSHAAnd128BitRC2_CBC; +#define ASN1_OID_ID_PBEWITHSHAAND128BITRC2_CBC (&asn1_oid_id_pbeWithSHAAnd128BitRC2_CBC) + +/* OBJECT IDENTIFIER id-pbewithSHAAnd40BitRC2-CBC ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-12(12) label-less(1) label-less(6) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pbewithSHAAnd40BitRC2_CBC; +#define ASN1_OID_ID_PBEWITHSHAAND40BITRC2_CBC (&asn1_oid_id_pbewithSHAAnd40BitRC2_CBC) + +/* OBJECT IDENTIFIER id-pkcs12-bagtypes ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-12(12) label-less(10) label-less(1) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs12_bagtypes; +#define ASN1_OID_ID_PKCS12_BAGTYPES (&asn1_oid_id_pkcs12_bagtypes) + +/* OBJECT IDENTIFIER id-pkcs12-keyBag ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-12(12) label-less(10) label-less(1) label-less(1) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs12_keyBag; +#define ASN1_OID_ID_PKCS12_KEYBAG (&asn1_oid_id_pkcs12_keyBag) + +/* OBJECT IDENTIFIER id-pkcs12-pkcs8ShroudedKeyBag ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-12(12) label-less(10) label-less(1) label-less(2) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs12_pkcs8ShroudedKeyBag; +#define ASN1_OID_ID_PKCS12_PKCS8SHROUDEDKEYBAG (&asn1_oid_id_pkcs12_pkcs8ShroudedKeyBag) + +/* OBJECT IDENTIFIER id-pkcs12-certBag ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-12(12) label-less(10) label-less(1) label-less(3) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs12_certBag; +#define ASN1_OID_ID_PKCS12_CERTBAG (&asn1_oid_id_pkcs12_certBag) + +/* OBJECT IDENTIFIER id-pkcs12-crlBag ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-12(12) label-less(10) label-less(1) label-less(4) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs12_crlBag; +#define ASN1_OID_ID_PKCS12_CRLBAG (&asn1_oid_id_pkcs12_crlBag) + +/* OBJECT IDENTIFIER id-pkcs12-secretBag ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-12(12) label-less(10) label-less(1) label-less(5) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs12_secretBag; +#define ASN1_OID_ID_PKCS12_SECRETBAG (&asn1_oid_id_pkcs12_secretBag) + +/* OBJECT IDENTIFIER id-pkcs12-safeContentsBag ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-12(12) label-less(10) label-less(1) label-less(6) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs12_safeContentsBag; +#define ASN1_OID_ID_PKCS12_SAFECONTENTSBAG (&asn1_oid_id_pkcs12_safeContentsBag) + +/* +PKCS12-MacData ::= SEQUENCE { + mac DigestInfo, + macSalt OCTET STRING, + iterations INTEGER OPTIONAL, +} +*/ + +typedef struct PKCS12_MacData { + DigestInfo mac; + heim_octet_string macSalt; + heim_integer *iterations; +} PKCS12_MacData; + +ASN1EXP int ASN1CALL decode_PKCS12_MacData(const unsigned char *, size_t, PKCS12_MacData *, size_t *); +ASN1EXP int ASN1CALL encode_PKCS12_MacData(unsigned char *, size_t, const PKCS12_MacData *, size_t *); +ASN1EXP size_t ASN1CALL length_PKCS12_MacData(const PKCS12_MacData *); +ASN1EXP int ASN1CALL copy_PKCS12_MacData (const PKCS12_MacData *, PKCS12_MacData *); +ASN1EXP void ASN1CALL free_PKCS12_MacData (PKCS12_MacData *); + + +/* +PKCS12-PFX ::= SEQUENCE { + version INTEGER, + authSafe ContentInfo, + macData PKCS12-MacData OPTIONAL, +} +*/ + +typedef struct PKCS12_PFX { + heim_integer version; + ContentInfo authSafe; + PKCS12_MacData *macData; +} PKCS12_PFX; + +ASN1EXP int ASN1CALL decode_PKCS12_PFX(const unsigned char *, size_t, PKCS12_PFX *, size_t *); +ASN1EXP int ASN1CALL encode_PKCS12_PFX(unsigned char *, size_t, const PKCS12_PFX *, size_t *); +ASN1EXP size_t ASN1CALL length_PKCS12_PFX(const PKCS12_PFX *); +ASN1EXP int ASN1CALL copy_PKCS12_PFX (const PKCS12_PFX *, PKCS12_PFX *); +ASN1EXP void ASN1CALL free_PKCS12_PFX (PKCS12_PFX *); + + +/* +PKCS12-AuthenticatedSafe ::= SEQUENCE OF ContentInfo +*/ + +typedef struct PKCS12_AuthenticatedSafe { + unsigned int len; + ContentInfo *val; +} PKCS12_AuthenticatedSafe; + +ASN1EXP int ASN1CALL decode_PKCS12_AuthenticatedSafe(const unsigned char *, size_t, PKCS12_AuthenticatedSafe *, size_t *); +ASN1EXP int ASN1CALL encode_PKCS12_AuthenticatedSafe(unsigned char *, size_t, const PKCS12_AuthenticatedSafe *, size_t *); +ASN1EXP size_t ASN1CALL length_PKCS12_AuthenticatedSafe(const PKCS12_AuthenticatedSafe *); +ASN1EXP int ASN1CALL copy_PKCS12_AuthenticatedSafe (const PKCS12_AuthenticatedSafe *, PKCS12_AuthenticatedSafe *); +ASN1EXP void ASN1CALL free_PKCS12_AuthenticatedSafe (PKCS12_AuthenticatedSafe *); + + +/* +PKCS12-Attribute ::= SEQUENCE { + attrId OBJECT IDENTIFIER, + attrValues heim_any_set, +} +*/ + +typedef struct PKCS12_Attribute { + heim_oid attrId; + heim_any_set attrValues; +} PKCS12_Attribute; + +ASN1EXP int ASN1CALL decode_PKCS12_Attribute(const unsigned char *, size_t, PKCS12_Attribute *, size_t *); +ASN1EXP int ASN1CALL encode_PKCS12_Attribute(unsigned char *, size_t, const PKCS12_Attribute *, size_t *); +ASN1EXP size_t ASN1CALL length_PKCS12_Attribute(const PKCS12_Attribute *); +ASN1EXP int ASN1CALL copy_PKCS12_Attribute (const PKCS12_Attribute *, PKCS12_Attribute *); +ASN1EXP void ASN1CALL free_PKCS12_Attribute (PKCS12_Attribute *); + + +/* +PKCS12-Attributes ::= SET OF PKCS12-Attribute +*/ + +typedef struct PKCS12_Attributes { + unsigned int len; + PKCS12_Attribute *val; +} PKCS12_Attributes; + +ASN1EXP int ASN1CALL decode_PKCS12_Attributes(const unsigned char *, size_t, PKCS12_Attributes *, size_t *); +ASN1EXP int ASN1CALL encode_PKCS12_Attributes(unsigned char *, size_t, const PKCS12_Attributes *, size_t *); +ASN1EXP size_t ASN1CALL length_PKCS12_Attributes(const PKCS12_Attributes *); +ASN1EXP int ASN1CALL copy_PKCS12_Attributes (const PKCS12_Attributes *, PKCS12_Attributes *); +ASN1EXP void ASN1CALL free_PKCS12_Attributes (PKCS12_Attributes *); + + +/* +PKCS12-SafeBag ::= SEQUENCE { + bagId OBJECT IDENTIFIER, + bagValue [0] heim_any, + bagAttributes PKCS12-Attributes OPTIONAL, +} +*/ + +typedef struct PKCS12_SafeBag { + heim_oid bagId; + heim_any bagValue; + PKCS12_Attributes *bagAttributes; +} PKCS12_SafeBag; + +ASN1EXP int ASN1CALL decode_PKCS12_SafeBag(const unsigned char *, size_t, PKCS12_SafeBag *, size_t *); +ASN1EXP int ASN1CALL encode_PKCS12_SafeBag(unsigned char *, size_t, const PKCS12_SafeBag *, size_t *); +ASN1EXP size_t ASN1CALL length_PKCS12_SafeBag(const PKCS12_SafeBag *); +ASN1EXP int ASN1CALL copy_PKCS12_SafeBag (const PKCS12_SafeBag *, PKCS12_SafeBag *); +ASN1EXP void ASN1CALL free_PKCS12_SafeBag (PKCS12_SafeBag *); + + +/* +PKCS12-SafeContents ::= SEQUENCE OF PKCS12-SafeBag +*/ + +typedef struct PKCS12_SafeContents { + unsigned int len; + PKCS12_SafeBag *val; +} PKCS12_SafeContents; + +ASN1EXP int ASN1CALL decode_PKCS12_SafeContents(const unsigned char *, size_t, PKCS12_SafeContents *, size_t *); +ASN1EXP int ASN1CALL encode_PKCS12_SafeContents(unsigned char *, size_t, const PKCS12_SafeContents *, size_t *); +ASN1EXP size_t ASN1CALL length_PKCS12_SafeContents(const PKCS12_SafeContents *); +ASN1EXP int ASN1CALL copy_PKCS12_SafeContents (const PKCS12_SafeContents *, PKCS12_SafeContents *); +ASN1EXP void ASN1CALL free_PKCS12_SafeContents (PKCS12_SafeContents *); + + +/* +PKCS12-CertBag ::= SEQUENCE { + certType OBJECT IDENTIFIER, + certValue [0] heim_any, +} +*/ + +typedef struct PKCS12_CertBag { + heim_oid certType; + heim_any certValue; +} PKCS12_CertBag; + +ASN1EXP int ASN1CALL decode_PKCS12_CertBag(const unsigned char *, size_t, PKCS12_CertBag *, size_t *); +ASN1EXP int ASN1CALL encode_PKCS12_CertBag(unsigned char *, size_t, const PKCS12_CertBag *, size_t *); +ASN1EXP size_t ASN1CALL length_PKCS12_CertBag(const PKCS12_CertBag *); +ASN1EXP int ASN1CALL copy_PKCS12_CertBag (const PKCS12_CertBag *, PKCS12_CertBag *); +ASN1EXP void ASN1CALL free_PKCS12_CertBag (PKCS12_CertBag *); + + +/* +PKCS12-PBEParams ::= SEQUENCE { + salt OCTET STRING, + iterations INTEGER (0..4294967295) OPTIONAL, +} +*/ + +typedef struct PKCS12_PBEParams { + heim_octet_string salt; + unsigned int *iterations; +} PKCS12_PBEParams; + +ASN1EXP int ASN1CALL decode_PKCS12_PBEParams(const unsigned char *, size_t, PKCS12_PBEParams *, size_t *); +ASN1EXP int ASN1CALL encode_PKCS12_PBEParams(unsigned char *, size_t, const PKCS12_PBEParams *, size_t *); +ASN1EXP size_t ASN1CALL length_PKCS12_PBEParams(const PKCS12_PBEParams *); +ASN1EXP int ASN1CALL copy_PKCS12_PBEParams (const PKCS12_PBEParams *, PKCS12_PBEParams *); +ASN1EXP void ASN1CALL free_PKCS12_PBEParams (PKCS12_PBEParams *); + + +/* +PKCS12-OctetString ::= OCTET STRING +*/ + +typedef heim_octet_string PKCS12_OctetString; + +ASN1EXP int ASN1CALL decode_PKCS12_OctetString(const unsigned char *, size_t, PKCS12_OctetString *, size_t *); +ASN1EXP int ASN1CALL encode_PKCS12_OctetString(unsigned char *, size_t, const PKCS12_OctetString *, size_t *); +ASN1EXP size_t ASN1CALL length_PKCS12_OctetString(const PKCS12_OctetString *); +ASN1EXP int ASN1CALL copy_PKCS12_OctetString (const PKCS12_OctetString *, PKCS12_OctetString *); +ASN1EXP void ASN1CALL free_PKCS12_OctetString (PKCS12_OctetString *); + + +#endif /* __pkcs12_asn1_h__ */ diff --git a/kerberos5/include/pkcs8_asn1.h b/kerberos5/include/pkcs8_asn1.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/pkcs8_asn1.h @@ -0,0 +1,194 @@ +/* Generated from ./pkcs8.asn1 */ +/* Do not edit */ + +#ifndef __pkcs8_asn1_h__ +#define __pkcs8_asn1_h__ + +#include +#include + +#ifndef __asn1_common_definitions__ +#define __asn1_common_definitions__ + +#ifndef __HEIM_BASE_DATA__ +#define __HEIM_BASE_DATA__ 1 +struct heim_base_data { + size_t length; + void *data; +}; +typedef struct heim_base_data heim_octet_string; +#endif + +typedef struct heim_integer { + size_t length; + void *data; + int negative; +} heim_integer; + +typedef char *heim_general_string; + +typedef char *heim_utf8_string; + +typedef struct heim_base_data heim_printable_string; + +typedef struct heim_base_data heim_ia5_string; + +typedef struct heim_bmp_string { + size_t length; + uint16_t *data; +} heim_bmp_string; + +typedef struct heim_universal_string { + size_t length; + uint32_t *data; +} heim_universal_string; + +typedef char *heim_visible_string; + +typedef struct heim_oid { + size_t length; + unsigned *components; +} heim_oid; + +typedef struct heim_bit_string { + size_t length; + void *data; +} heim_bit_string; + +typedef struct heim_base_data heim_any; +typedef struct heim_base_data heim_any_set; + +#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \ + do { \ + (BL) = length_##T((S)); \ + (B) = malloc((BL)); \ + if((B) == NULL) { \ + (R) = ENOMEM; \ + } else { \ + (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \ + (S), (L)); \ + if((R) != 0) { \ + free((B)); \ + (B) = NULL; \ + } \ + } \ + } while (0) + +#ifdef _WIN32 +#ifndef ASN1_LIB +#define ASN1EXP __declspec(dllimport) +#else +#define ASN1EXP +#endif +#define ASN1CALL __stdcall +#else +#define ASN1EXP +#define ASN1CALL +#endif +struct units; + +#endif + +#include +#include +/* +PKCS8PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier +*/ + +typedef AlgorithmIdentifier PKCS8PrivateKeyAlgorithmIdentifier; + +ASN1EXP int ASN1CALL decode_PKCS8PrivateKeyAlgorithmIdentifier(const unsigned char *, size_t, PKCS8PrivateKeyAlgorithmIdentifier *, size_t *); +ASN1EXP int ASN1CALL encode_PKCS8PrivateKeyAlgorithmIdentifier(unsigned char *, size_t, const PKCS8PrivateKeyAlgorithmIdentifier *, size_t *); +ASN1EXP size_t ASN1CALL length_PKCS8PrivateKeyAlgorithmIdentifier(const PKCS8PrivateKeyAlgorithmIdentifier *); +ASN1EXP int ASN1CALL copy_PKCS8PrivateKeyAlgorithmIdentifier (const PKCS8PrivateKeyAlgorithmIdentifier *, PKCS8PrivateKeyAlgorithmIdentifier *); +ASN1EXP void ASN1CALL free_PKCS8PrivateKeyAlgorithmIdentifier (PKCS8PrivateKeyAlgorithmIdentifier *); + + +/* +PKCS8PrivateKey ::= OCTET STRING +*/ + +typedef heim_octet_string PKCS8PrivateKey; + +ASN1EXP int ASN1CALL decode_PKCS8PrivateKey(const unsigned char *, size_t, PKCS8PrivateKey *, size_t *); +ASN1EXP int ASN1CALL encode_PKCS8PrivateKey(unsigned char *, size_t, const PKCS8PrivateKey *, size_t *); +ASN1EXP size_t ASN1CALL length_PKCS8PrivateKey(const PKCS8PrivateKey *); +ASN1EXP int ASN1CALL copy_PKCS8PrivateKey (const PKCS8PrivateKey *, PKCS8PrivateKey *); +ASN1EXP void ASN1CALL free_PKCS8PrivateKey (PKCS8PrivateKey *); + + +/* +PKCS8Attributes ::= SET OF Attribute +*/ + +typedef struct PKCS8Attributes { + unsigned int len; + Attribute *val; +} PKCS8Attributes; + +ASN1EXP int ASN1CALL decode_PKCS8Attributes(const unsigned char *, size_t, PKCS8Attributes *, size_t *); +ASN1EXP int ASN1CALL encode_PKCS8Attributes(unsigned char *, size_t, const PKCS8Attributes *, size_t *); +ASN1EXP size_t ASN1CALL length_PKCS8Attributes(const PKCS8Attributes *); +ASN1EXP int ASN1CALL copy_PKCS8Attributes (const PKCS8Attributes *, PKCS8Attributes *); +ASN1EXP void ASN1CALL free_PKCS8Attributes (PKCS8Attributes *); + + +/* +PKCS8PrivateKeyInfo ::= SEQUENCE { + version INTEGER, + privateKeyAlgorithm PKCS8PrivateKeyAlgorithmIdentifier, + privateKey PKCS8PrivateKey, + attributes [0] IMPLICIT SET OF Attribute OPTIONAL, +} +*/ + +typedef struct PKCS8PrivateKeyInfo { + heim_integer version; + PKCS8PrivateKeyAlgorithmIdentifier privateKeyAlgorithm; + PKCS8PrivateKey privateKey; + struct PKCS8PrivateKeyInfo_attributes { + unsigned int len; + Attribute *val; + } *attributes; +} PKCS8PrivateKeyInfo; + +ASN1EXP int ASN1CALL decode_PKCS8PrivateKeyInfo(const unsigned char *, size_t, PKCS8PrivateKeyInfo *, size_t *); +ASN1EXP int ASN1CALL encode_PKCS8PrivateKeyInfo(unsigned char *, size_t, const PKCS8PrivateKeyInfo *, size_t *); +ASN1EXP size_t ASN1CALL length_PKCS8PrivateKeyInfo(const PKCS8PrivateKeyInfo *); +ASN1EXP int ASN1CALL copy_PKCS8PrivateKeyInfo (const PKCS8PrivateKeyInfo *, PKCS8PrivateKeyInfo *); +ASN1EXP void ASN1CALL free_PKCS8PrivateKeyInfo (PKCS8PrivateKeyInfo *); + + +/* +PKCS8EncryptedData ::= OCTET STRING +*/ + +typedef heim_octet_string PKCS8EncryptedData; + +ASN1EXP int ASN1CALL decode_PKCS8EncryptedData(const unsigned char *, size_t, PKCS8EncryptedData *, size_t *); +ASN1EXP int ASN1CALL encode_PKCS8EncryptedData(unsigned char *, size_t, const PKCS8EncryptedData *, size_t *); +ASN1EXP size_t ASN1CALL length_PKCS8EncryptedData(const PKCS8EncryptedData *); +ASN1EXP int ASN1CALL copy_PKCS8EncryptedData (const PKCS8EncryptedData *, PKCS8EncryptedData *); +ASN1EXP void ASN1CALL free_PKCS8EncryptedData (PKCS8EncryptedData *); + + +/* +PKCS8EncryptedPrivateKeyInfo ::= SEQUENCE { + encryptionAlgorithm AlgorithmIdentifier, + encryptedData PKCS8EncryptedData, +} +*/ + +typedef struct PKCS8EncryptedPrivateKeyInfo { + AlgorithmIdentifier encryptionAlgorithm; + PKCS8EncryptedData encryptedData; +} PKCS8EncryptedPrivateKeyInfo; + +ASN1EXP int ASN1CALL decode_PKCS8EncryptedPrivateKeyInfo(const unsigned char *, size_t, PKCS8EncryptedPrivateKeyInfo *, size_t *); +ASN1EXP int ASN1CALL encode_PKCS8EncryptedPrivateKeyInfo(unsigned char *, size_t, const PKCS8EncryptedPrivateKeyInfo *, size_t *); +ASN1EXP size_t ASN1CALL length_PKCS8EncryptedPrivateKeyInfo(const PKCS8EncryptedPrivateKeyInfo *); +ASN1EXP int ASN1CALL copy_PKCS8EncryptedPrivateKeyInfo (const PKCS8EncryptedPrivateKeyInfo *, PKCS8EncryptedPrivateKeyInfo *); +ASN1EXP void ASN1CALL free_PKCS8EncryptedPrivateKeyInfo (PKCS8EncryptedPrivateKeyInfo *); + + +#endif /* __pkcs8_asn1_h__ */ diff --git a/kerberos5/include/pkcs9_asn1.h b/kerberos5/include/pkcs9_asn1.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/pkcs9_asn1.h @@ -0,0 +1,161 @@ +/* Generated from ./pkcs9.asn1 */ +/* Do not edit */ + +#ifndef __pkcs9_asn1_h__ +#define __pkcs9_asn1_h__ + +#include +#include + +#ifndef __asn1_common_definitions__ +#define __asn1_common_definitions__ + +#ifndef __HEIM_BASE_DATA__ +#define __HEIM_BASE_DATA__ 1 +struct heim_base_data { + size_t length; + void *data; +}; +typedef struct heim_base_data heim_octet_string; +#endif + +typedef struct heim_integer { + size_t length; + void *data; + int negative; +} heim_integer; + +typedef char *heim_general_string; + +typedef char *heim_utf8_string; + +typedef struct heim_base_data heim_printable_string; + +typedef struct heim_base_data heim_ia5_string; + +typedef struct heim_bmp_string { + size_t length; + uint16_t *data; +} heim_bmp_string; + +typedef struct heim_universal_string { + size_t length; + uint32_t *data; +} heim_universal_string; + +typedef char *heim_visible_string; + +typedef struct heim_oid { + size_t length; + unsigned *components; +} heim_oid; + +typedef struct heim_bit_string { + size_t length; + void *data; +} heim_bit_string; + +typedef struct heim_base_data heim_any; +typedef struct heim_base_data heim_any_set; + +#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \ + do { \ + (BL) = length_##T((S)); \ + (B) = malloc((BL)); \ + if((B) == NULL) { \ + (R) = ENOMEM; \ + } else { \ + (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \ + (S), (L)); \ + if((R) != 0) { \ + free((B)); \ + (B) = NULL; \ + } \ + } \ + } while (0) + +#ifdef _WIN32 +#ifndef ASN1_LIB +#define ASN1EXP __declspec(dllimport) +#else +#define ASN1EXP +#endif +#define ASN1CALL __stdcall +#else +#define ASN1EXP +#define ASN1CALL +#endif +struct units; + +#endif + +/* OBJECT IDENTIFIER id-pkcs-9 ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs_9; +#define ASN1_OID_ID_PKCS_9 (&asn1_oid_id_pkcs_9) + +/* OBJECT IDENTIFIER id-pkcs9-emailAddress ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) label-less(1) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs9_emailAddress; +#define ASN1_OID_ID_PKCS9_EMAILADDRESS (&asn1_oid_id_pkcs9_emailAddress) + +/* OBJECT IDENTIFIER id-pkcs9-contentType ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) label-less(3) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs9_contentType; +#define ASN1_OID_ID_PKCS9_CONTENTTYPE (&asn1_oid_id_pkcs9_contentType) + +/* OBJECT IDENTIFIER id-pkcs9-messageDigest ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) label-less(4) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs9_messageDigest; +#define ASN1_OID_ID_PKCS9_MESSAGEDIGEST (&asn1_oid_id_pkcs9_messageDigest) + +/* OBJECT IDENTIFIER id-pkcs9-signingTime ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) label-less(5) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs9_signingTime; +#define ASN1_OID_ID_PKCS9_SIGNINGTIME (&asn1_oid_id_pkcs9_signingTime) + +/* OBJECT IDENTIFIER id-pkcs9-countersignature ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) label-less(6) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs9_countersignature; +#define ASN1_OID_ID_PKCS9_COUNTERSIGNATURE (&asn1_oid_id_pkcs9_countersignature) + +/* OBJECT IDENTIFIER id-pkcs-9-at-friendlyName ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) label-less(20) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs_9_at_friendlyName; +#define ASN1_OID_ID_PKCS_9_AT_FRIENDLYNAME (&asn1_oid_id_pkcs_9_at_friendlyName) + +/* OBJECT IDENTIFIER id-pkcs-9-at-localKeyId ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) label-less(21) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs_9_at_localKeyId; +#define ASN1_OID_ID_PKCS_9_AT_LOCALKEYID (&asn1_oid_id_pkcs_9_at_localKeyId) + +/* OBJECT IDENTIFIER id-pkcs-9-at-certTypes ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) label-less(22) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs_9_at_certTypes; +#define ASN1_OID_ID_PKCS_9_AT_CERTTYPES (&asn1_oid_id_pkcs_9_at_certTypes) + +/* OBJECT IDENTIFIER id-pkcs-9-at-certTypes-x509 ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) label-less(22) label-less(1) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs_9_at_certTypes_x509; +#define ASN1_OID_ID_PKCS_9_AT_CERTTYPES_X509 (&asn1_oid_id_pkcs_9_at_certTypes_x509) + +/* +PKCS9-BMPString ::= BMPString +*/ + +typedef heim_bmp_string PKCS9_BMPString; + +ASN1EXP int ASN1CALL decode_PKCS9_BMPString(const unsigned char *, size_t, PKCS9_BMPString *, size_t *); +ASN1EXP int ASN1CALL encode_PKCS9_BMPString(unsigned char *, size_t, const PKCS9_BMPString *, size_t *); +ASN1EXP size_t ASN1CALL length_PKCS9_BMPString(const PKCS9_BMPString *); +ASN1EXP int ASN1CALL copy_PKCS9_BMPString (const PKCS9_BMPString *, PKCS9_BMPString *); +ASN1EXP void ASN1CALL free_PKCS9_BMPString (PKCS9_BMPString *); + + +/* +PKCS9-friendlyName ::= SET OF PKCS9-BMPString +*/ + +typedef struct PKCS9_friendlyName { + unsigned int len; + PKCS9_BMPString *val; +} PKCS9_friendlyName; + +ASN1EXP int ASN1CALL decode_PKCS9_friendlyName(const unsigned char *, size_t, PKCS9_friendlyName *, size_t *); +ASN1EXP int ASN1CALL encode_PKCS9_friendlyName(unsigned char *, size_t, const PKCS9_friendlyName *, size_t *); +ASN1EXP size_t ASN1CALL length_PKCS9_friendlyName(const PKCS9_friendlyName *); +ASN1EXP int ASN1CALL copy_PKCS9_friendlyName (const PKCS9_friendlyName *, PKCS9_friendlyName *); +ASN1EXP void ASN1CALL free_PKCS9_friendlyName (PKCS9_friendlyName *); + + +#endif /* __pkcs9_asn1_h__ */ diff --git a/kerberos5/include/pkinit_asn1.h b/kerberos5/include/pkinit_asn1.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/pkinit_asn1.h @@ -0,0 +1,745 @@ +/* Generated from ./pkinit.asn1 */ +/* Do not edit */ + +#ifndef __pkinit_asn1_h__ +#define __pkinit_asn1_h__ + +#include +#include + +#ifndef __asn1_common_definitions__ +#define __asn1_common_definitions__ + +#ifndef __HEIM_BASE_DATA__ +#define __HEIM_BASE_DATA__ 1 +struct heim_base_data { + size_t length; + void *data; +}; +typedef struct heim_base_data heim_octet_string; +#endif + +typedef struct heim_integer { + size_t length; + void *data; + int negative; +} heim_integer; + +typedef char *heim_general_string; + +typedef char *heim_utf8_string; + +typedef struct heim_base_data heim_printable_string; + +typedef struct heim_base_data heim_ia5_string; + +typedef struct heim_bmp_string { + size_t length; + uint16_t *data; +} heim_bmp_string; + +typedef struct heim_universal_string { + size_t length; + uint32_t *data; +} heim_universal_string; + +typedef char *heim_visible_string; + +typedef struct heim_oid { + size_t length; + unsigned *components; +} heim_oid; + +typedef struct heim_bit_string { + size_t length; + void *data; +} heim_bit_string; + +typedef struct heim_base_data heim_any; +typedef struct heim_base_data heim_any_set; + +#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \ + do { \ + (BL) = length_##T((S)); \ + (B) = malloc((BL)); \ + if((B) == NULL) { \ + (R) = ENOMEM; \ + } else { \ + (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \ + (S), (L)); \ + if((R) != 0) { \ + free((B)); \ + (B) = NULL; \ + } \ + } \ + } while (0) + +#ifdef _WIN32 +#ifndef ASN1_LIB +#define ASN1EXP __declspec(dllimport) +#else +#define ASN1EXP +#endif +#define ASN1CALL __stdcall +#else +#define ASN1EXP +#define ASN1CALL +#endif +struct units; + +#endif + +#include +#include +#include +#include +/* OBJECT IDENTIFIER id-pkinit ::= { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2) pkinit(3) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkinit; +#define ASN1_OID_ID_PKINIT (&asn1_oid_id_pkinit) + +/* OBJECT IDENTIFIER id-pkauthdata ::= { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2) pkinit(3) label-less(1) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkauthdata; +#define ASN1_OID_ID_PKAUTHDATA (&asn1_oid_id_pkauthdata) + +/* OBJECT IDENTIFIER id-pkdhkeydata ::= { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2) pkinit(3) label-less(2) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkdhkeydata; +#define ASN1_OID_ID_PKDHKEYDATA (&asn1_oid_id_pkdhkeydata) + +/* OBJECT IDENTIFIER id-pkrkeydata ::= { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2) pkinit(3) label-less(3) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkrkeydata; +#define ASN1_OID_ID_PKRKEYDATA (&asn1_oid_id_pkrkeydata) + +/* OBJECT IDENTIFIER id-pkekuoid ::= { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2) pkinit(3) label-less(4) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkekuoid; +#define ASN1_OID_ID_PKEKUOID (&asn1_oid_id_pkekuoid) + +/* OBJECT IDENTIFIER id-pkkdcekuoid ::= { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2) pkinit(3) label-less(5) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkkdcekuoid; +#define ASN1_OID_ID_PKKDCEKUOID (&asn1_oid_id_pkkdcekuoid) + +/* OBJECT IDENTIFIER id-apple-system-id ::= { label-less(1) label-less(2) label-less(840) label-less(113635) label-less(100) label-less(4) label-less(4) } */ +extern ASN1EXP const heim_oid asn1_oid_id_apple_system_id; +#define ASN1_OID_ID_APPLE_SYSTEM_ID (&asn1_oid_id_apple_system_id) + +/* OBJECT IDENTIFIER id-pkinit-kdf ::= { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2) pkinit(3) label-less(6) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkinit_kdf; +#define ASN1_OID_ID_PKINIT_KDF (&asn1_oid_id_pkinit_kdf) + +/* OBJECT IDENTIFIER id-pkinit-kdf-ah-sha1 ::= { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2) pkinit(3) label-less(6) label-less(1) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkinit_kdf_ah_sha1; +#define ASN1_OID_ID_PKINIT_KDF_AH_SHA1 (&asn1_oid_id_pkinit_kdf_ah_sha1) + +/* OBJECT IDENTIFIER id-pkinit-kdf-ah-sha256 ::= { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2) pkinit(3) label-less(6) label-less(2) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkinit_kdf_ah_sha256; +#define ASN1_OID_ID_PKINIT_KDF_AH_SHA256 (&asn1_oid_id_pkinit_kdf_ah_sha256) + +/* OBJECT IDENTIFIER id-pkinit-kdf-ah-sha512 ::= { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2) pkinit(3) label-less(6) label-less(3) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkinit_kdf_ah_sha512; +#define ASN1_OID_ID_PKINIT_KDF_AH_SHA512 (&asn1_oid_id_pkinit_kdf_ah_sha512) + +/* OBJECT IDENTIFIER id-pkinit-san ::= { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2) x509-sanan(2) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkinit_san; +#define ASN1_OID_ID_PKINIT_SAN (&asn1_oid_id_pkinit_san) + +/* OBJECT IDENTIFIER id-pkinit-ms-eku ::= { iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) microsoft(311) label-less(20) label-less(2) label-less(2) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkinit_ms_eku; +#define ASN1_OID_ID_PKINIT_MS_EKU (&asn1_oid_id_pkinit_ms_eku) + +/* OBJECT IDENTIFIER id-pkinit-ms-san ::= { iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) microsoft(311) label-less(20) label-less(2) label-less(3) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkinit_ms_san; +#define ASN1_OID_ID_PKINIT_MS_SAN (&asn1_oid_id_pkinit_ms_san) + +/* +MS-UPN-SAN ::= UTF8String +*/ + +typedef heim_utf8_string MS_UPN_SAN; + +ASN1EXP int ASN1CALL decode_MS_UPN_SAN(const unsigned char *, size_t, MS_UPN_SAN *, size_t *); +ASN1EXP int ASN1CALL encode_MS_UPN_SAN(unsigned char *, size_t, const MS_UPN_SAN *, size_t *); +ASN1EXP size_t ASN1CALL length_MS_UPN_SAN(const MS_UPN_SAN *); +ASN1EXP int ASN1CALL copy_MS_UPN_SAN (const MS_UPN_SAN *, MS_UPN_SAN *); +ASN1EXP void ASN1CALL free_MS_UPN_SAN (MS_UPN_SAN *); + + +enum { pa_pk_as_req = 16 }; + +enum { pa_pk_as_rep = 17 }; + +enum { td_trusted_certifiers = 104 }; + +enum { td_invalid_certificates = 105 }; + +enum { td_dh_parameters = 109 }; + +/* +DHNonce ::= OCTET STRING +*/ + +typedef heim_octet_string DHNonce; + +ASN1EXP int ASN1CALL decode_DHNonce(const unsigned char *, size_t, DHNonce *, size_t *); +ASN1EXP int ASN1CALL encode_DHNonce(unsigned char *, size_t, const DHNonce *, size_t *); +ASN1EXP size_t ASN1CALL length_DHNonce(const DHNonce *); +ASN1EXP int ASN1CALL copy_DHNonce (const DHNonce *, DHNonce *); +ASN1EXP void ASN1CALL free_DHNonce (DHNonce *); + + +/* +KDFAlgorithmId ::= SEQUENCE { + kdf-id [0] OBJECT IDENTIFIER, + ..., +} +*/ + +typedef struct KDFAlgorithmId { + heim_oid kdf_id; +} KDFAlgorithmId; + +ASN1EXP int ASN1CALL decode_KDFAlgorithmId(const unsigned char *, size_t, KDFAlgorithmId *, size_t *); +ASN1EXP int ASN1CALL encode_KDFAlgorithmId(unsigned char *, size_t, const KDFAlgorithmId *, size_t *); +ASN1EXP size_t ASN1CALL length_KDFAlgorithmId(const KDFAlgorithmId *); +ASN1EXP int ASN1CALL copy_KDFAlgorithmId (const KDFAlgorithmId *, KDFAlgorithmId *); +ASN1EXP void ASN1CALL free_KDFAlgorithmId (KDFAlgorithmId *); + + +/* +TrustedCA ::= SEQUENCE { + caName [0] IMPLICIT OCTET STRING, + certificateSerialNumber [1] INTEGER OPTIONAL, + subjectKeyIdentifier [2] OCTET STRING OPTIONAL, + ..., +} +*/ + +typedef struct TrustedCA { + heim_octet_string caName; + heim_integer *certificateSerialNumber; + heim_octet_string *subjectKeyIdentifier; +} TrustedCA; + +ASN1EXP int ASN1CALL decode_TrustedCA(const unsigned char *, size_t, TrustedCA *, size_t *); +ASN1EXP int ASN1CALL encode_TrustedCA(unsigned char *, size_t, const TrustedCA *, size_t *); +ASN1EXP size_t ASN1CALL length_TrustedCA(const TrustedCA *); +ASN1EXP int ASN1CALL copy_TrustedCA (const TrustedCA *, TrustedCA *); +ASN1EXP void ASN1CALL free_TrustedCA (TrustedCA *); + + +/* +ExternalPrincipalIdentifier ::= SEQUENCE { + subjectName [0] IMPLICIT OCTET STRING OPTIONAL, + issuerAndSerialNumber [1] IMPLICIT OCTET STRING OPTIONAL, + subjectKeyIdentifier [2] IMPLICIT OCTET STRING OPTIONAL, + ..., +} +*/ + +typedef struct ExternalPrincipalIdentifier { + heim_octet_string *subjectName; + heim_octet_string *issuerAndSerialNumber; + heim_octet_string *subjectKeyIdentifier; +} ExternalPrincipalIdentifier; + +ASN1EXP int ASN1CALL decode_ExternalPrincipalIdentifier(const unsigned char *, size_t, ExternalPrincipalIdentifier *, size_t *); +ASN1EXP int ASN1CALL encode_ExternalPrincipalIdentifier(unsigned char *, size_t, const ExternalPrincipalIdentifier *, size_t *); +ASN1EXP size_t ASN1CALL length_ExternalPrincipalIdentifier(const ExternalPrincipalIdentifier *); +ASN1EXP int ASN1CALL copy_ExternalPrincipalIdentifier (const ExternalPrincipalIdentifier *, ExternalPrincipalIdentifier *); +ASN1EXP void ASN1CALL free_ExternalPrincipalIdentifier (ExternalPrincipalIdentifier *); + + +/* +ExternalPrincipalIdentifiers ::= SEQUENCE OF ExternalPrincipalIdentifier +*/ + +typedef struct ExternalPrincipalIdentifiers { + unsigned int len; + ExternalPrincipalIdentifier *val; +} ExternalPrincipalIdentifiers; + +ASN1EXP int ASN1CALL decode_ExternalPrincipalIdentifiers(const unsigned char *, size_t, ExternalPrincipalIdentifiers *, size_t *); +ASN1EXP int ASN1CALL encode_ExternalPrincipalIdentifiers(unsigned char *, size_t, const ExternalPrincipalIdentifiers *, size_t *); +ASN1EXP size_t ASN1CALL length_ExternalPrincipalIdentifiers(const ExternalPrincipalIdentifiers *); +ASN1EXP int ASN1CALL copy_ExternalPrincipalIdentifiers (const ExternalPrincipalIdentifiers *, ExternalPrincipalIdentifiers *); +ASN1EXP void ASN1CALL free_ExternalPrincipalIdentifiers (ExternalPrincipalIdentifiers *); + + +/* +PA-PK-AS-REQ ::= SEQUENCE { + signedAuthPack [0] IMPLICIT OCTET STRING, + trustedCertifiers [1] ExternalPrincipalIdentifiers OPTIONAL, + kdcPkId [2] IMPLICIT OCTET STRING OPTIONAL, + ..., +} +*/ + +typedef struct PA_PK_AS_REQ { + heim_octet_string signedAuthPack; + ExternalPrincipalIdentifiers *trustedCertifiers; + heim_octet_string *kdcPkId; +} PA_PK_AS_REQ; + +ASN1EXP int ASN1CALL decode_PA_PK_AS_REQ(const unsigned char *, size_t, PA_PK_AS_REQ *, size_t *); +ASN1EXP int ASN1CALL encode_PA_PK_AS_REQ(unsigned char *, size_t, const PA_PK_AS_REQ *, size_t *); +ASN1EXP size_t ASN1CALL length_PA_PK_AS_REQ(const PA_PK_AS_REQ *); +ASN1EXP int ASN1CALL copy_PA_PK_AS_REQ (const PA_PK_AS_REQ *, PA_PK_AS_REQ *); +ASN1EXP void ASN1CALL free_PA_PK_AS_REQ (PA_PK_AS_REQ *); + + +/* +PKAuthenticator ::= SEQUENCE { + cusec [0] INTEGER, + ctime [1] KerberosTime, + nonce [2] INTEGER (0..4294967295), + paChecksum [3] OCTET STRING OPTIONAL, + ..., +} +*/ + +typedef struct PKAuthenticator { + heim_integer cusec; + KerberosTime ctime; + unsigned int nonce; + heim_octet_string *paChecksum; +} PKAuthenticator; + +ASN1EXP int ASN1CALL decode_PKAuthenticator(const unsigned char *, size_t, PKAuthenticator *, size_t *); +ASN1EXP int ASN1CALL encode_PKAuthenticator(unsigned char *, size_t, const PKAuthenticator *, size_t *); +ASN1EXP size_t ASN1CALL length_PKAuthenticator(const PKAuthenticator *); +ASN1EXP int ASN1CALL copy_PKAuthenticator (const PKAuthenticator *, PKAuthenticator *); +ASN1EXP void ASN1CALL free_PKAuthenticator (PKAuthenticator *); + + +/* +AuthPack ::= SEQUENCE { + pkAuthenticator [0] PKAuthenticator, + clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL, + supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier OPTIONAL, + clientDHNonce [3] DHNonce OPTIONAL, + ..., + supportedKDFs [4] SEQUENCE OF KDFAlgorithmId OPTIONAL, + ..., +} +*/ + +typedef struct AuthPack { + PKAuthenticator pkAuthenticator; + SubjectPublicKeyInfo *clientPublicValue; + struct AuthPack_supportedCMSTypes { + unsigned int len; + AlgorithmIdentifier *val; + } *supportedCMSTypes; + DHNonce *clientDHNonce; + struct AuthPack_supportedKDFs { + unsigned int len; + KDFAlgorithmId *val; + } *supportedKDFs; +} AuthPack; + +ASN1EXP int ASN1CALL decode_AuthPack(const unsigned char *, size_t, AuthPack *, size_t *); +ASN1EXP int ASN1CALL encode_AuthPack(unsigned char *, size_t, const AuthPack *, size_t *); +ASN1EXP size_t ASN1CALL length_AuthPack(const AuthPack *); +ASN1EXP int ASN1CALL copy_AuthPack (const AuthPack *, AuthPack *); +ASN1EXP void ASN1CALL free_AuthPack (AuthPack *); + + +/* +TD-TRUSTED-CERTIFIERS ::= ExternalPrincipalIdentifiers +*/ + +typedef ExternalPrincipalIdentifiers TD_TRUSTED_CERTIFIERS; + +ASN1EXP int ASN1CALL decode_TD_TRUSTED_CERTIFIERS(const unsigned char *, size_t, TD_TRUSTED_CERTIFIERS *, size_t *); +ASN1EXP int ASN1CALL encode_TD_TRUSTED_CERTIFIERS(unsigned char *, size_t, const TD_TRUSTED_CERTIFIERS *, size_t *); +ASN1EXP size_t ASN1CALL length_TD_TRUSTED_CERTIFIERS(const TD_TRUSTED_CERTIFIERS *); +ASN1EXP int ASN1CALL copy_TD_TRUSTED_CERTIFIERS (const TD_TRUSTED_CERTIFIERS *, TD_TRUSTED_CERTIFIERS *); +ASN1EXP void ASN1CALL free_TD_TRUSTED_CERTIFIERS (TD_TRUSTED_CERTIFIERS *); + + +/* +TD-INVALID-CERTIFICATES ::= ExternalPrincipalIdentifiers +*/ + +typedef ExternalPrincipalIdentifiers TD_INVALID_CERTIFICATES; + +ASN1EXP int ASN1CALL decode_TD_INVALID_CERTIFICATES(const unsigned char *, size_t, TD_INVALID_CERTIFICATES *, size_t *); +ASN1EXP int ASN1CALL encode_TD_INVALID_CERTIFICATES(unsigned char *, size_t, const TD_INVALID_CERTIFICATES *, size_t *); +ASN1EXP size_t ASN1CALL length_TD_INVALID_CERTIFICATES(const TD_INVALID_CERTIFICATES *); +ASN1EXP int ASN1CALL copy_TD_INVALID_CERTIFICATES (const TD_INVALID_CERTIFICATES *, TD_INVALID_CERTIFICATES *); +ASN1EXP void ASN1CALL free_TD_INVALID_CERTIFICATES (TD_INVALID_CERTIFICATES *); + + +/* +KRB5PrincipalName ::= SEQUENCE { + realm [0] Realm, + principalName [1] PrincipalName, +} +*/ + +typedef struct KRB5PrincipalName { + Realm realm; + PrincipalName principalName; +} KRB5PrincipalName; + +ASN1EXP int ASN1CALL decode_KRB5PrincipalName(const unsigned char *, size_t, KRB5PrincipalName *, size_t *); +ASN1EXP int ASN1CALL encode_KRB5PrincipalName(unsigned char *, size_t, const KRB5PrincipalName *, size_t *); +ASN1EXP size_t ASN1CALL length_KRB5PrincipalName(const KRB5PrincipalName *); +ASN1EXP int ASN1CALL copy_KRB5PrincipalName (const KRB5PrincipalName *, KRB5PrincipalName *); +ASN1EXP void ASN1CALL free_KRB5PrincipalName (KRB5PrincipalName *); + + +/* +AD-INITIAL-VERIFIED-CAS ::= SEQUENCE OF ExternalPrincipalIdentifier +*/ + +typedef struct AD_INITIAL_VERIFIED_CAS { + unsigned int len; + ExternalPrincipalIdentifier *val; +} AD_INITIAL_VERIFIED_CAS; + +ASN1EXP int ASN1CALL decode_AD_INITIAL_VERIFIED_CAS(const unsigned char *, size_t, AD_INITIAL_VERIFIED_CAS *, size_t *); +ASN1EXP int ASN1CALL encode_AD_INITIAL_VERIFIED_CAS(unsigned char *, size_t, const AD_INITIAL_VERIFIED_CAS *, size_t *); +ASN1EXP size_t ASN1CALL length_AD_INITIAL_VERIFIED_CAS(const AD_INITIAL_VERIFIED_CAS *); +ASN1EXP int ASN1CALL copy_AD_INITIAL_VERIFIED_CAS (const AD_INITIAL_VERIFIED_CAS *, AD_INITIAL_VERIFIED_CAS *); +ASN1EXP void ASN1CALL free_AD_INITIAL_VERIFIED_CAS (AD_INITIAL_VERIFIED_CAS *); + + +/* +DHRepInfo ::= SEQUENCE { + dhSignedData [0] IMPLICIT OCTET STRING, + serverDHNonce [1] DHNonce OPTIONAL, + ..., + kdf [2] KDFAlgorithmId OPTIONAL, + ..., +} +*/ + +typedef struct DHRepInfo { + heim_octet_string dhSignedData; + DHNonce *serverDHNonce; + KDFAlgorithmId *kdf; +} DHRepInfo; + +ASN1EXP int ASN1CALL decode_DHRepInfo(const unsigned char *, size_t, DHRepInfo *, size_t *); +ASN1EXP int ASN1CALL encode_DHRepInfo(unsigned char *, size_t, const DHRepInfo *, size_t *); +ASN1EXP size_t ASN1CALL length_DHRepInfo(const DHRepInfo *); +ASN1EXP int ASN1CALL copy_DHRepInfo (const DHRepInfo *, DHRepInfo *); +ASN1EXP void ASN1CALL free_DHRepInfo (DHRepInfo *); + + +/* +PA-PK-AS-REP ::= CHOICE { + dhInfo [0] DHRepInfo, + encKeyPack [1] IMPLICIT OCTET STRING, + ..., +} +*/ + +typedef struct PA_PK_AS_REP { + enum PA_PK_AS_REP_enum { + choice_PA_PK_AS_REP_asn1_ellipsis = 0, + choice_PA_PK_AS_REP_dhInfo, + choice_PA_PK_AS_REP_encKeyPack + /* ... */ + } element; + union { + DHRepInfo dhInfo; + heim_octet_string encKeyPack; + heim_octet_string asn1_ellipsis; + } u; +} PA_PK_AS_REP; + +ASN1EXP int ASN1CALL decode_PA_PK_AS_REP(const unsigned char *, size_t, PA_PK_AS_REP *, size_t *); +ASN1EXP int ASN1CALL encode_PA_PK_AS_REP(unsigned char *, size_t, const PA_PK_AS_REP *, size_t *); +ASN1EXP size_t ASN1CALL length_PA_PK_AS_REP(const PA_PK_AS_REP *); +ASN1EXP int ASN1CALL copy_PA_PK_AS_REP (const PA_PK_AS_REP *, PA_PK_AS_REP *); +ASN1EXP void ASN1CALL free_PA_PK_AS_REP (PA_PK_AS_REP *); + + +/* +KDCDHKeyInfo ::= SEQUENCE { + subjectPublicKey [0] BIT STRING { + }, + nonce [1] INTEGER (0..4294967295), + dhKeyExpiration [2] KerberosTime OPTIONAL, + ..., +} +*/ + +typedef struct KDCDHKeyInfo { + heim_bit_string subjectPublicKey; + unsigned int nonce; + KerberosTime *dhKeyExpiration; +} KDCDHKeyInfo; + +ASN1EXP int ASN1CALL decode_KDCDHKeyInfo(const unsigned char *, size_t, KDCDHKeyInfo *, size_t *); +ASN1EXP int ASN1CALL encode_KDCDHKeyInfo(unsigned char *, size_t, const KDCDHKeyInfo *, size_t *); +ASN1EXP size_t ASN1CALL length_KDCDHKeyInfo(const KDCDHKeyInfo *); +ASN1EXP int ASN1CALL copy_KDCDHKeyInfo (const KDCDHKeyInfo *, KDCDHKeyInfo *); +ASN1EXP void ASN1CALL free_KDCDHKeyInfo (KDCDHKeyInfo *); + + +/* +ReplyKeyPack ::= SEQUENCE { + replyKey [0] EncryptionKey, + asChecksum [1] Checksum, + ..., +} +*/ + +typedef struct ReplyKeyPack { + EncryptionKey replyKey; + Checksum asChecksum; +} ReplyKeyPack; + +ASN1EXP int ASN1CALL decode_ReplyKeyPack(const unsigned char *, size_t, ReplyKeyPack *, size_t *); +ASN1EXP int ASN1CALL encode_ReplyKeyPack(unsigned char *, size_t, const ReplyKeyPack *, size_t *); +ASN1EXP size_t ASN1CALL length_ReplyKeyPack(const ReplyKeyPack *); +ASN1EXP int ASN1CALL copy_ReplyKeyPack (const ReplyKeyPack *, ReplyKeyPack *); +ASN1EXP void ASN1CALL free_ReplyKeyPack (ReplyKeyPack *); + + +/* +TD-DH-PARAMETERS ::= SEQUENCE OF AlgorithmIdentifier +*/ + +typedef struct TD_DH_PARAMETERS { + unsigned int len; + AlgorithmIdentifier *val; +} TD_DH_PARAMETERS; + +ASN1EXP int ASN1CALL decode_TD_DH_PARAMETERS(const unsigned char *, size_t, TD_DH_PARAMETERS *, size_t *); +ASN1EXP int ASN1CALL encode_TD_DH_PARAMETERS(unsigned char *, size_t, const TD_DH_PARAMETERS *, size_t *); +ASN1EXP size_t ASN1CALL length_TD_DH_PARAMETERS(const TD_DH_PARAMETERS *); +ASN1EXP int ASN1CALL copy_TD_DH_PARAMETERS (const TD_DH_PARAMETERS *, TD_DH_PARAMETERS *); +ASN1EXP void ASN1CALL free_TD_DH_PARAMETERS (TD_DH_PARAMETERS *); + + +/* +PKAuthenticator-Win2k ::= SEQUENCE { + kdcName [0] PrincipalName, + kdcRealm [1] Realm, + cusec [2] INTEGER (0..4294967295), + ctime [3] KerberosTime, + nonce [4] INTEGER (-2147483648..2147483647), +} +*/ + +typedef struct PKAuthenticator_Win2k { + PrincipalName kdcName; + Realm kdcRealm; + unsigned int cusec; + KerberosTime ctime; + int nonce; +} PKAuthenticator_Win2k; + +ASN1EXP int ASN1CALL decode_PKAuthenticator_Win2k(const unsigned char *, size_t, PKAuthenticator_Win2k *, size_t *); +ASN1EXP int ASN1CALL encode_PKAuthenticator_Win2k(unsigned char *, size_t, const PKAuthenticator_Win2k *, size_t *); +ASN1EXP size_t ASN1CALL length_PKAuthenticator_Win2k(const PKAuthenticator_Win2k *); +ASN1EXP int ASN1CALL copy_PKAuthenticator_Win2k (const PKAuthenticator_Win2k *, PKAuthenticator_Win2k *); +ASN1EXP void ASN1CALL free_PKAuthenticator_Win2k (PKAuthenticator_Win2k *); + + +/* +AuthPack-Win2k ::= SEQUENCE { + pkAuthenticator [0] PKAuthenticator-Win2k, + clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL, +} +*/ + +typedef struct AuthPack_Win2k { + PKAuthenticator_Win2k pkAuthenticator; + SubjectPublicKeyInfo *clientPublicValue; +} AuthPack_Win2k; + +ASN1EXP int ASN1CALL decode_AuthPack_Win2k(const unsigned char *, size_t, AuthPack_Win2k *, size_t *); +ASN1EXP int ASN1CALL encode_AuthPack_Win2k(unsigned char *, size_t, const AuthPack_Win2k *, size_t *); +ASN1EXP size_t ASN1CALL length_AuthPack_Win2k(const AuthPack_Win2k *); +ASN1EXP int ASN1CALL copy_AuthPack_Win2k (const AuthPack_Win2k *, AuthPack_Win2k *); +ASN1EXP void ASN1CALL free_AuthPack_Win2k (AuthPack_Win2k *); + + +/* +TrustedCA-Win2k ::= CHOICE { + caName [1] heim_any, + issuerAndSerial [2] IssuerAndSerialNumber, +} +*/ + +typedef struct TrustedCA_Win2k { + enum TrustedCA_Win2k_enum { + choice_TrustedCA_Win2k_caName = 1, + choice_TrustedCA_Win2k_issuerAndSerial + } element; + union { + heim_any caName; + IssuerAndSerialNumber issuerAndSerial; + } u; +} TrustedCA_Win2k; + +ASN1EXP int ASN1CALL decode_TrustedCA_Win2k(const unsigned char *, size_t, TrustedCA_Win2k *, size_t *); +ASN1EXP int ASN1CALL encode_TrustedCA_Win2k(unsigned char *, size_t, const TrustedCA_Win2k *, size_t *); +ASN1EXP size_t ASN1CALL length_TrustedCA_Win2k(const TrustedCA_Win2k *); +ASN1EXP int ASN1CALL copy_TrustedCA_Win2k (const TrustedCA_Win2k *, TrustedCA_Win2k *); +ASN1EXP void ASN1CALL free_TrustedCA_Win2k (TrustedCA_Win2k *); + + +/* +PA-PK-AS-REQ-Win2k ::= SEQUENCE { + signed-auth-pack [0] IMPLICIT OCTET STRING, + trusted-certifiers [2] SEQUENCE OF TrustedCA-Win2k OPTIONAL, + kdc-cert [3] IMPLICIT OCTET STRING OPTIONAL, + encryption-cert [4] IMPLICIT OCTET STRING OPTIONAL, +} +*/ + +typedef struct PA_PK_AS_REQ_Win2k { + heim_octet_string signed_auth_pack; + struct PA_PK_AS_REQ_Win2k_trusted_certifiers { + unsigned int len; + TrustedCA_Win2k *val; + } *trusted_certifiers; + heim_octet_string *kdc_cert; + heim_octet_string *encryption_cert; +} PA_PK_AS_REQ_Win2k; + +ASN1EXP int ASN1CALL decode_PA_PK_AS_REQ_Win2k(const unsigned char *, size_t, PA_PK_AS_REQ_Win2k *, size_t *); +ASN1EXP int ASN1CALL encode_PA_PK_AS_REQ_Win2k(unsigned char *, size_t, const PA_PK_AS_REQ_Win2k *, size_t *); +ASN1EXP size_t ASN1CALL length_PA_PK_AS_REQ_Win2k(const PA_PK_AS_REQ_Win2k *); +ASN1EXP int ASN1CALL copy_PA_PK_AS_REQ_Win2k (const PA_PK_AS_REQ_Win2k *, PA_PK_AS_REQ_Win2k *); +ASN1EXP void ASN1CALL free_PA_PK_AS_REQ_Win2k (PA_PK_AS_REQ_Win2k *); + + +/* +PA-PK-AS-REP-Win2k ::= CHOICE { + dhSignedData [0] IMPLICIT OCTET STRING, + encKeyPack [1] IMPLICIT OCTET STRING, +} +*/ + +typedef struct PA_PK_AS_REP_Win2k { + enum PA_PK_AS_REP_Win2k_enum { + choice_PA_PK_AS_REP_Win2k_dhSignedData = 1, + choice_PA_PK_AS_REP_Win2k_encKeyPack + } element; + union { + heim_octet_string dhSignedData; + heim_octet_string encKeyPack; + } u; +} PA_PK_AS_REP_Win2k; + +ASN1EXP int ASN1CALL decode_PA_PK_AS_REP_Win2k(const unsigned char *, size_t, PA_PK_AS_REP_Win2k *, size_t *); +ASN1EXP int ASN1CALL encode_PA_PK_AS_REP_Win2k(unsigned char *, size_t, const PA_PK_AS_REP_Win2k *, size_t *); +ASN1EXP size_t ASN1CALL length_PA_PK_AS_REP_Win2k(const PA_PK_AS_REP_Win2k *); +ASN1EXP int ASN1CALL copy_PA_PK_AS_REP_Win2k (const PA_PK_AS_REP_Win2k *, PA_PK_AS_REP_Win2k *); +ASN1EXP void ASN1CALL free_PA_PK_AS_REP_Win2k (PA_PK_AS_REP_Win2k *); + + +/* +KDCDHKeyInfo-Win2k ::= SEQUENCE { + nonce [0] INTEGER (-2147483648..2147483647), + subjectPublicKey [2] BIT STRING { + }, +} +*/ + +typedef struct KDCDHKeyInfo_Win2k { + int nonce; + heim_bit_string subjectPublicKey; +} KDCDHKeyInfo_Win2k; + +ASN1EXP int ASN1CALL decode_KDCDHKeyInfo_Win2k(const unsigned char *, size_t, KDCDHKeyInfo_Win2k *, size_t *); +ASN1EXP int ASN1CALL encode_KDCDHKeyInfo_Win2k(unsigned char *, size_t, const KDCDHKeyInfo_Win2k *, size_t *); +ASN1EXP size_t ASN1CALL length_KDCDHKeyInfo_Win2k(const KDCDHKeyInfo_Win2k *); +ASN1EXP int ASN1CALL copy_KDCDHKeyInfo_Win2k (const KDCDHKeyInfo_Win2k *, KDCDHKeyInfo_Win2k *); +ASN1EXP void ASN1CALL free_KDCDHKeyInfo_Win2k (KDCDHKeyInfo_Win2k *); + + +/* +ReplyKeyPack-Win2k ::= SEQUENCE { + replyKey [0] EncryptionKey, + nonce [1] INTEGER (-2147483648..2147483647), + ..., +} +*/ + +typedef struct ReplyKeyPack_Win2k { + EncryptionKey replyKey; + int nonce; +} ReplyKeyPack_Win2k; + +ASN1EXP int ASN1CALL decode_ReplyKeyPack_Win2k(const unsigned char *, size_t, ReplyKeyPack_Win2k *, size_t *); +ASN1EXP int ASN1CALL encode_ReplyKeyPack_Win2k(unsigned char *, size_t, const ReplyKeyPack_Win2k *, size_t *); +ASN1EXP size_t ASN1CALL length_ReplyKeyPack_Win2k(const ReplyKeyPack_Win2k *); +ASN1EXP int ASN1CALL copy_ReplyKeyPack_Win2k (const ReplyKeyPack_Win2k *, ReplyKeyPack_Win2k *); +ASN1EXP void ASN1CALL free_ReplyKeyPack_Win2k (ReplyKeyPack_Win2k *); + + +/* +PA-PK-AS-REP-BTMM ::= SEQUENCE { + dhSignedData [0] heim_any OPTIONAL, + encKeyPack [1] heim_any OPTIONAL, +} +*/ + +typedef struct PA_PK_AS_REP_BTMM { + heim_any *dhSignedData; + heim_any *encKeyPack; +} PA_PK_AS_REP_BTMM; + +ASN1EXP int ASN1CALL decode_PA_PK_AS_REP_BTMM(const unsigned char *, size_t, PA_PK_AS_REP_BTMM *, size_t *); +ASN1EXP int ASN1CALL encode_PA_PK_AS_REP_BTMM(unsigned char *, size_t, const PA_PK_AS_REP_BTMM *, size_t *); +ASN1EXP size_t ASN1CALL length_PA_PK_AS_REP_BTMM(const PA_PK_AS_REP_BTMM *); +ASN1EXP int ASN1CALL copy_PA_PK_AS_REP_BTMM (const PA_PK_AS_REP_BTMM *, PA_PK_AS_REP_BTMM *); +ASN1EXP void ASN1CALL free_PA_PK_AS_REP_BTMM (PA_PK_AS_REP_BTMM *); + + +/* +PkinitSP80056AOtherInfo ::= SEQUENCE { + algorithmID AlgorithmIdentifier, + partyUInfo [0] OCTET STRING, + partyVInfo [1] OCTET STRING, + suppPubInfo [2] OCTET STRING OPTIONAL, + suppPrivInfo [3] OCTET STRING OPTIONAL, +} +*/ + +typedef struct PkinitSP80056AOtherInfo { + AlgorithmIdentifier algorithmID; + heim_octet_string partyUInfo; + heim_octet_string partyVInfo; + heim_octet_string *suppPubInfo; + heim_octet_string *suppPrivInfo; +} PkinitSP80056AOtherInfo; + +ASN1EXP int ASN1CALL decode_PkinitSP80056AOtherInfo(const unsigned char *, size_t, PkinitSP80056AOtherInfo *, size_t *); +ASN1EXP int ASN1CALL encode_PkinitSP80056AOtherInfo(unsigned char *, size_t, const PkinitSP80056AOtherInfo *, size_t *); +ASN1EXP size_t ASN1CALL length_PkinitSP80056AOtherInfo(const PkinitSP80056AOtherInfo *); +ASN1EXP int ASN1CALL copy_PkinitSP80056AOtherInfo (const PkinitSP80056AOtherInfo *, PkinitSP80056AOtherInfo *); +ASN1EXP void ASN1CALL free_PkinitSP80056AOtherInfo (PkinitSP80056AOtherInfo *); + + +/* +PkinitSuppPubInfo ::= SEQUENCE { + enctype [0] INTEGER (-2147483648..2147483647), + as-REQ [1] OCTET STRING, + pk-as-rep [2] OCTET STRING, + ticket [3] Ticket, + ..., +} +*/ + +typedef struct PkinitSuppPubInfo { + int enctype; + heim_octet_string as_REQ; + heim_octet_string pk_as_rep; + Ticket ticket; +} PkinitSuppPubInfo; + +ASN1EXP int ASN1CALL decode_PkinitSuppPubInfo(const unsigned char *, size_t, PkinitSuppPubInfo *, size_t *); +ASN1EXP int ASN1CALL encode_PkinitSuppPubInfo(unsigned char *, size_t, const PkinitSuppPubInfo *, size_t *); +ASN1EXP size_t ASN1CALL length_PkinitSuppPubInfo(const PkinitSuppPubInfo *); +ASN1EXP int ASN1CALL copy_PkinitSuppPubInfo (const PkinitSuppPubInfo *, PkinitSuppPubInfo *); +ASN1EXP void ASN1CALL free_PkinitSuppPubInfo (PkinitSuppPubInfo *); + + +#endif /* __pkinit_asn1_h__ */ diff --git a/kerberos5/include/resolve.h b/kerberos5/include/resolve.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/resolve.h @@ -0,0 +1,251 @@ +/* + * Copyright (c) 1995 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef __RESOLVE_H__ +#define __RESOLVE_H__ + +#ifndef ROKEN_LIB_FUNCTION +#ifdef _WIN32 +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl +#else +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL +#endif +#endif + +enum { + rk_ns_c_in = 1 +}; + +enum { + rk_ns_t_invalid = 0, /* Cookie. */ + rk_ns_t_a = 1, /* Host address. */ + rk_ns_t_ns = 2, /* Authoritative server. */ + rk_ns_t_md = 3, /* Mail destination. */ + rk_ns_t_mf = 4, /* Mail forwarder. */ + rk_ns_t_cname = 5, /* Canonical name. */ + rk_ns_t_soa = 6, /* Start of authority zone. */ + rk_ns_t_mb = 7, /* Mailbox domain name. */ + rk_ns_t_mg = 8, /* Mail group member. */ + rk_ns_t_mr = 9, /* Mail rename name. */ + rk_ns_t_null = 10, /* Null resource record. */ + rk_ns_t_wks = 11, /* Well known service. */ + rk_ns_t_ptr = 12, /* Domain name pointer. */ + rk_ns_t_hinfo = 13, /* Host information. */ + rk_ns_t_minfo = 14, /* Mailbox information. */ + rk_ns_t_mx = 15, /* Mail routing information. */ + rk_ns_t_txt = 16, /* Text strings. */ + rk_ns_t_rp = 17, /* Responsible person. */ + rk_ns_t_afsdb = 18, /* AFS cell database. */ + rk_ns_t_x25 = 19, /* X_25 calling address. */ + rk_ns_t_isdn = 20, /* ISDN calling address. */ + rk_ns_t_rt = 21, /* Router. */ + rk_ns_t_nsap = 22, /* NSAP address. */ + rk_ns_t_nsap_ptr = 23, /* Reverse NSAP lookup (deprecated). */ + rk_ns_t_sig = 24, /* Security signature. */ + rk_ns_t_key = 25, /* Security key. */ + rk_ns_t_px = 26, /* X.400 mail mapping. */ + rk_ns_t_gpos = 27, /* Geographical position (withdrawn). */ + rk_ns_t_aaaa = 28, /* Ip6 Address. */ + rk_ns_t_loc = 29, /* Location Information. */ + rk_ns_t_nxt = 30, /* Next domain (security). */ + rk_ns_t_eid = 31, /* Endpoint identifier. */ + rk_ns_t_nimloc = 32, /* Nimrod Locator. */ + rk_ns_t_srv = 33, /* Server Selection. */ + rk_ns_t_atma = 34, /* ATM Address */ + rk_ns_t_naptr = 35, /* Naming Authority PoinTeR */ + rk_ns_t_kx = 36, /* Key Exchange */ + rk_ns_t_cert = 37, /* Certification record */ + rk_ns_t_a6 = 38, /* IPv6 address (deprecates AAAA) */ + rk_ns_t_dname = 39, /* Non-terminal DNAME (for IPv6) */ + rk_ns_t_sink = 40, /* Kitchen sink (experimentatl) */ + rk_ns_t_opt = 41, /* EDNS0 option (meta-RR) */ + rk_ns_t_apl = 42, /* Address prefix list (RFC 3123) */ + rk_ns_t_ds = 43, /* Delegation Signer (RFC 3658) */ + rk_ns_t_sshfp = 44, /* SSH fingerprint */ + rk_ns_t_tkey = 249, /* Transaction key */ + rk_ns_t_tsig = 250, /* Transaction signature. */ + rk_ns_t_ixfr = 251, /* Incremental zone transfer. */ + rk_ns_t_axfr = 252, /* Transfer zone of authority. */ + rk_ns_t_mailb = 253, /* Transfer mailbox records. */ + rk_ns_t_maila = 254, /* Transfer mail agent records. */ + rk_ns_t_any = 255, /* Wildcard match. */ + rk_ns_t_zxfr = 256, /* BIND-specific, nonstandard. */ + rk_ns_t_max = 65536 +}; + +#ifndef MAXDNAME +#define MAXDNAME 1025 +#endif + +#define mx_record rk_mx_record +#define srv_record rk_srv_record +#define key_record rk_key_record +#define sig_record rk_sig_record +#define cert_record rk_cert_record +#define sshfp_record rk_sshfp_record + +struct rk_dns_query{ + char *domain; + unsigned type; + unsigned class; +}; + +struct rk_mx_record{ + unsigned preference; + char domain[1]; +}; + +struct rk_srv_record{ + unsigned priority; + unsigned weight; + unsigned port; + char target[1]; +}; + +struct rk_key_record { + unsigned flags; + unsigned protocol; + unsigned algorithm; + size_t key_len; + u_char key_data[1]; +}; + +struct rk_sig_record { + unsigned type; + unsigned algorithm; + unsigned labels; + unsigned orig_ttl; + unsigned sig_expiration; + unsigned sig_inception; + unsigned key_tag; + char *signer; + size_t sig_len; + char sig_data[1]; /* also includes signer */ +}; + +struct rk_cert_record { + unsigned type; + unsigned tag; + unsigned algorithm; + size_t cert_len; + u_char cert_data[1]; +}; + +struct rk_sshfp_record { + unsigned algorithm; + unsigned type; + size_t sshfp_len; + u_char sshfp_data[1]; +}; + +struct rk_ds_record { + unsigned key_tag; + unsigned algorithm; + unsigned digest_type; + size_t digest_len; + u_char digest_data[1]; +}; + +struct rk_resource_record{ + char *domain; + unsigned type; + unsigned class; + unsigned ttl; + unsigned size; + union { + void *data; + struct rk_mx_record *mx; + struct rk_mx_record *afsdb; /* mx and afsdb are identical */ + struct rk_srv_record *srv; + struct in_addr *a; + char *txt; + struct rk_key_record *key; + struct rk_cert_record *cert; + struct rk_sig_record *sig; + struct rk_sshfp_record *sshfp; + struct rk_ds_record *ds; + }u; + struct rk_resource_record *next; +}; + +#define rk_DNS_MAX_PACKET_SIZE 0xffff + +struct rk_dns_header { + unsigned id; + unsigned flags; +#define rk_DNS_HEADER_RESPONSE_FLAG 1 +#define rk_DNS_HEADER_AUTHORITIVE_ANSWER 2 +#define rk_DNS_HEADER_TRUNCATED_MESSAGE 4 +#define rk_DNS_HEADER_RECURSION_DESIRED 8 +#define rk_DNS_HEADER_RECURSION_AVAILABLE 16 +#define rk_DNS_HEADER_AUTHENTIC_DATA 32 +#define rk_DNS_HEADER_CHECKING_DISABLED 64 + unsigned opcode; + unsigned response_code; + unsigned qdcount; + unsigned ancount; + unsigned nscount; + unsigned arcount; +}; + +struct rk_dns_reply{ + struct rk_dns_header h; + struct rk_dns_query q; + struct rk_resource_record *head; +}; + + +#ifdef __cplusplus +extern "C" { +#endif + +ROKEN_LIB_FUNCTION struct rk_dns_reply* ROKEN_LIB_CALL + rk_dns_lookup(const char *, const char *); +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL + rk_dns_free_data(struct rk_dns_reply *); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL + rk_dns_string_to_type(const char *name); +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL + rk_dns_type_to_string(int type); +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL + rk_dns_srv_order(struct rk_dns_reply*); + +#ifdef __cplusplus +} +#endif + +#endif /* __RESOLVE_H__ */ diff --git a/kerberos5/include/rfc2459_asn1.h b/kerberos5/include/rfc2459_asn1.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/rfc2459_asn1.h @@ -0,0 +1,1858 @@ +/* Generated from ./rfc2459.asn1 */ +/* Do not edit */ + +#ifndef __rfc2459_asn1_h__ +#define __rfc2459_asn1_h__ + +#include +#include + +#ifndef __asn1_common_definitions__ +#define __asn1_common_definitions__ + +#ifndef __HEIM_BASE_DATA__ +#define __HEIM_BASE_DATA__ 1 +struct heim_base_data { + size_t length; + void *data; +}; +typedef struct heim_base_data heim_octet_string; +#endif + +typedef struct heim_integer { + size_t length; + void *data; + int negative; +} heim_integer; + +typedef char *heim_general_string; + +typedef char *heim_utf8_string; + +typedef struct heim_base_data heim_printable_string; + +typedef struct heim_base_data heim_ia5_string; + +typedef struct heim_bmp_string { + size_t length; + uint16_t *data; +} heim_bmp_string; + +typedef struct heim_universal_string { + size_t length; + uint32_t *data; +} heim_universal_string; + +typedef char *heim_visible_string; + +typedef struct heim_oid { + size_t length; + unsigned *components; +} heim_oid; + +typedef struct heim_bit_string { + size_t length; + void *data; +} heim_bit_string; + +typedef struct heim_base_data heim_any; +typedef struct heim_base_data heim_any_set; + +#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \ + do { \ + (BL) = length_##T((S)); \ + (B) = malloc((BL)); \ + if((B) == NULL) { \ + (R) = ENOMEM; \ + } else { \ + (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \ + (S), (L)); \ + if((R) != 0) { \ + free((B)); \ + (B) = NULL; \ + } \ + } \ + } while (0) + +#ifdef _WIN32 +#ifndef ASN1_LIB +#define ASN1EXP __declspec(dllimport) +#else +#define ASN1EXP +#endif +#define ASN1CALL __stdcall +#else +#define ASN1EXP +#define ASN1CALL +#endif +struct units; + +#endif + +#include +/* +Version ::= INTEGER { + rfc3280_version_1(0), + rfc3280_version_2(1), + rfc3280_version_3(2) +} +*/ + +typedef enum Version { + rfc3280_version_1 = 0, + rfc3280_version_2 = 1, + rfc3280_version_3 = 2 +} Version; + +ASN1EXP int ASN1CALL decode_Version(const unsigned char *, size_t, Version *, size_t *); +ASN1EXP int ASN1CALL encode_Version(unsigned char *, size_t, const Version *, size_t *); +ASN1EXP size_t ASN1CALL length_Version(const Version *); +ASN1EXP int ASN1CALL copy_Version (const Version *, Version *); +ASN1EXP void ASN1CALL free_Version (Version *); + + +/* OBJECT IDENTIFIER id-pkcs-1 ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) label-less(1) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs_1; +#define ASN1_OID_ID_PKCS_1 (&asn1_oid_id_pkcs_1) + +/* OBJECT IDENTIFIER id-pkcs1-rsaEncryption ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) label-less(1) label-less(1) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs1_rsaEncryption; +#define ASN1_OID_ID_PKCS1_RSAENCRYPTION (&asn1_oid_id_pkcs1_rsaEncryption) + +/* OBJECT IDENTIFIER id-pkcs1-md2WithRSAEncryption ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) label-less(1) label-less(2) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs1_md2WithRSAEncryption; +#define ASN1_OID_ID_PKCS1_MD2WITHRSAENCRYPTION (&asn1_oid_id_pkcs1_md2WithRSAEncryption) + +/* OBJECT IDENTIFIER id-pkcs1-md5WithRSAEncryption ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) label-less(1) label-less(4) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs1_md5WithRSAEncryption; +#define ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION (&asn1_oid_id_pkcs1_md5WithRSAEncryption) + +/* OBJECT IDENTIFIER id-pkcs1-sha1WithRSAEncryption ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) label-less(1) label-less(5) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs1_sha1WithRSAEncryption; +#define ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION (&asn1_oid_id_pkcs1_sha1WithRSAEncryption) + +/* OBJECT IDENTIFIER id-pkcs1-sha256WithRSAEncryption ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) label-less(1) label-less(11) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs1_sha256WithRSAEncryption; +#define ASN1_OID_ID_PKCS1_SHA256WITHRSAENCRYPTION (&asn1_oid_id_pkcs1_sha256WithRSAEncryption) + +/* OBJECT IDENTIFIER id-pkcs1-sha384WithRSAEncryption ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) label-less(1) label-less(12) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs1_sha384WithRSAEncryption; +#define ASN1_OID_ID_PKCS1_SHA384WITHRSAENCRYPTION (&asn1_oid_id_pkcs1_sha384WithRSAEncryption) + +/* OBJECT IDENTIFIER id-pkcs1-sha512WithRSAEncryption ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) label-less(1) label-less(13) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs1_sha512WithRSAEncryption; +#define ASN1_OID_ID_PKCS1_SHA512WITHRSAENCRYPTION (&asn1_oid_id_pkcs1_sha512WithRSAEncryption) + +/* OBJECT IDENTIFIER id-heim-rsa-pkcs1-x509 ::= { label-less(1) label-less(2) label-less(752) label-less(43) label-less(16) label-less(1) } */ +extern ASN1EXP const heim_oid asn1_oid_id_heim_rsa_pkcs1_x509; +#define ASN1_OID_ID_HEIM_RSA_PKCS1_X509 (&asn1_oid_id_heim_rsa_pkcs1_x509) + +/* OBJECT IDENTIFIER id-pkcs-2 ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) label-less(2) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs_2; +#define ASN1_OID_ID_PKCS_2 (&asn1_oid_id_pkcs_2) + +/* OBJECT IDENTIFIER id-pkcs2-md2 ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) label-less(2) label-less(2) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs2_md2; +#define ASN1_OID_ID_PKCS2_MD2 (&asn1_oid_id_pkcs2_md2) + +/* OBJECT IDENTIFIER id-pkcs2-md4 ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) label-less(2) label-less(4) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs2_md4; +#define ASN1_OID_ID_PKCS2_MD4 (&asn1_oid_id_pkcs2_md4) + +/* OBJECT IDENTIFIER id-pkcs2-md5 ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) label-less(2) label-less(5) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs2_md5; +#define ASN1_OID_ID_PKCS2_MD5 (&asn1_oid_id_pkcs2_md5) + +/* OBJECT IDENTIFIER id-rsa-digestAlgorithm ::= { iso(1) member-body(2) us(840) rsadsi(113549) label-less(2) } */ +extern ASN1EXP const heim_oid asn1_oid_id_rsa_digestAlgorithm; +#define ASN1_OID_ID_RSA_DIGESTALGORITHM (&asn1_oid_id_rsa_digestAlgorithm) + +/* OBJECT IDENTIFIER id-rsa-digest-md2 ::= { iso(1) member-body(2) us(840) rsadsi(113549) label-less(2) label-less(2) } */ +extern ASN1EXP const heim_oid asn1_oid_id_rsa_digest_md2; +#define ASN1_OID_ID_RSA_DIGEST_MD2 (&asn1_oid_id_rsa_digest_md2) + +/* OBJECT IDENTIFIER id-rsa-digest-md4 ::= { iso(1) member-body(2) us(840) rsadsi(113549) label-less(2) label-less(4) } */ +extern ASN1EXP const heim_oid asn1_oid_id_rsa_digest_md4; +#define ASN1_OID_ID_RSA_DIGEST_MD4 (&asn1_oid_id_rsa_digest_md4) + +/* OBJECT IDENTIFIER id-rsa-digest-md5 ::= { iso(1) member-body(2) us(840) rsadsi(113549) label-less(2) label-less(5) } */ +extern ASN1EXP const heim_oid asn1_oid_id_rsa_digest_md5; +#define ASN1_OID_ID_RSA_DIGEST_MD5 (&asn1_oid_id_rsa_digest_md5) + +/* OBJECT IDENTIFIER id-pkcs-3 ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) label-less(3) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs_3; +#define ASN1_OID_ID_PKCS_3 (&asn1_oid_id_pkcs_3) + +/* OBJECT IDENTIFIER id-pkcs3-rc2-cbc ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) label-less(3) label-less(2) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs3_rc2_cbc; +#define ASN1_OID_ID_PKCS3_RC2_CBC (&asn1_oid_id_pkcs3_rc2_cbc) + +/* OBJECT IDENTIFIER id-pkcs3-rc4 ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) label-less(3) label-less(4) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs3_rc4; +#define ASN1_OID_ID_PKCS3_RC4 (&asn1_oid_id_pkcs3_rc4) + +/* OBJECT IDENTIFIER id-pkcs3-des-ede3-cbc ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) label-less(3) label-less(7) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkcs3_des_ede3_cbc; +#define ASN1_OID_ID_PKCS3_DES_EDE3_CBC (&asn1_oid_id_pkcs3_des_ede3_cbc) + +/* OBJECT IDENTIFIER id-rsadsi-encalg ::= { iso(1) member-body(2) us(840) rsadsi(113549) label-less(3) } */ +extern ASN1EXP const heim_oid asn1_oid_id_rsadsi_encalg; +#define ASN1_OID_ID_RSADSI_ENCALG (&asn1_oid_id_rsadsi_encalg) + +/* OBJECT IDENTIFIER id-rsadsi-rc2-cbc ::= { iso(1) member-body(2) us(840) rsadsi(113549) label-less(3) label-less(2) } */ +extern ASN1EXP const heim_oid asn1_oid_id_rsadsi_rc2_cbc; +#define ASN1_OID_ID_RSADSI_RC2_CBC (&asn1_oid_id_rsadsi_rc2_cbc) + +/* OBJECT IDENTIFIER id-rsadsi-des-ede3-cbc ::= { iso(1) member-body(2) us(840) rsadsi(113549) label-less(3) label-less(7) } */ +extern ASN1EXP const heim_oid asn1_oid_id_rsadsi_des_ede3_cbc; +#define ASN1_OID_ID_RSADSI_DES_EDE3_CBC (&asn1_oid_id_rsadsi_des_ede3_cbc) + +/* OBJECT IDENTIFIER id-secsig-sha-1 ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithm(2) label-less(26) } */ +extern ASN1EXP const heim_oid asn1_oid_id_secsig_sha_1; +#define ASN1_OID_ID_SECSIG_SHA_1 (&asn1_oid_id_secsig_sha_1) + +/* OBJECT IDENTIFIER id-secsig-sha-1WithRSAEncryption ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithm(2) label-less(29) } */ +extern ASN1EXP const heim_oid asn1_oid_id_secsig_sha_1WithRSAEncryption; +#define ASN1_OID_ID_SECSIG_SHA_1WITHRSAENCRYPTION (&asn1_oid_id_secsig_sha_1WithRSAEncryption) + +/* OBJECT IDENTIFIER id-nistAlgorithm ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) label-less(4) } */ +extern ASN1EXP const heim_oid asn1_oid_id_nistAlgorithm; +#define ASN1_OID_ID_NISTALGORITHM (&asn1_oid_id_nistAlgorithm) + +/* OBJECT IDENTIFIER id-nist-aes-algs ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) label-less(4) label-less(1) } */ +extern ASN1EXP const heim_oid asn1_oid_id_nist_aes_algs; +#define ASN1_OID_ID_NIST_AES_ALGS (&asn1_oid_id_nist_aes_algs) + +/* OBJECT IDENTIFIER id-aes-128-cbc ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) label-less(4) label-less(1) label-less(2) } */ +extern ASN1EXP const heim_oid asn1_oid_id_aes_128_cbc; +#define ASN1_OID_ID_AES_128_CBC (&asn1_oid_id_aes_128_cbc) + +/* OBJECT IDENTIFIER id-aes-192-cbc ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) label-less(4) label-less(1) label-less(22) } */ +extern ASN1EXP const heim_oid asn1_oid_id_aes_192_cbc; +#define ASN1_OID_ID_AES_192_CBC (&asn1_oid_id_aes_192_cbc) + +/* OBJECT IDENTIFIER id-aes-256-cbc ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) label-less(4) label-less(1) label-less(42) } */ +extern ASN1EXP const heim_oid asn1_oid_id_aes_256_cbc; +#define ASN1_OID_ID_AES_256_CBC (&asn1_oid_id_aes_256_cbc) + +/* OBJECT IDENTIFIER id-nist-sha-algs ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) label-less(4) label-less(2) } */ +extern ASN1EXP const heim_oid asn1_oid_id_nist_sha_algs; +#define ASN1_OID_ID_NIST_SHA_ALGS (&asn1_oid_id_nist_sha_algs) + +/* OBJECT IDENTIFIER id-sha256 ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) label-less(4) label-less(2) label-less(1) } */ +extern ASN1EXP const heim_oid asn1_oid_id_sha256; +#define ASN1_OID_ID_SHA256 (&asn1_oid_id_sha256) + +/* OBJECT IDENTIFIER id-sha224 ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) label-less(4) label-less(2) label-less(4) } */ +extern ASN1EXP const heim_oid asn1_oid_id_sha224; +#define ASN1_OID_ID_SHA224 (&asn1_oid_id_sha224) + +/* OBJECT IDENTIFIER id-sha384 ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) label-less(4) label-less(2) label-less(2) } */ +extern ASN1EXP const heim_oid asn1_oid_id_sha384; +#define ASN1_OID_ID_SHA384 (&asn1_oid_id_sha384) + +/* OBJECT IDENTIFIER id-sha512 ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) label-less(4) label-less(2) label-less(3) } */ +extern ASN1EXP const heim_oid asn1_oid_id_sha512; +#define ASN1_OID_ID_SHA512 (&asn1_oid_id_sha512) + +/* OBJECT IDENTIFIER id-dhpublicnumber ::= { iso(1) member-body(2) us(840) ansi-x942(10046) number-type(2) label-less(1) } */ +extern ASN1EXP const heim_oid asn1_oid_id_dhpublicnumber; +#define ASN1_OID_ID_DHPUBLICNUMBER (&asn1_oid_id_dhpublicnumber) + +/* OBJECT IDENTIFIER id-ecPublicKey ::= { iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) label-less(1) } */ +extern ASN1EXP const heim_oid asn1_oid_id_ecPublicKey; +#define ASN1_OID_ID_ECPUBLICKEY (&asn1_oid_id_ecPublicKey) + +/* OBJECT IDENTIFIER id-ecDH ::= { iso(1) identified-organization(3) certicom(132) schemes(1) ecdh(12) } */ +extern ASN1EXP const heim_oid asn1_oid_id_ecDH; +#define ASN1_OID_ID_ECDH (&asn1_oid_id_ecDH) + +/* OBJECT IDENTIFIER id-ecMQV ::= { iso(1) identified-organization(3) certicom(132) schemes(1) ecmqv(13) } */ +extern ASN1EXP const heim_oid asn1_oid_id_ecMQV; +#define ASN1_OID_ID_ECMQV (&asn1_oid_id_ecMQV) + +/* OBJECT IDENTIFIER id-ecdsa-with-SHA512 ::= { iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) label-less(4) } */ +extern ASN1EXP const heim_oid asn1_oid_id_ecdsa_with_SHA512; +#define ASN1_OID_ID_ECDSA_WITH_SHA512 (&asn1_oid_id_ecdsa_with_SHA512) + +/* OBJECT IDENTIFIER id-ecdsa-with-SHA384 ::= { iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) label-less(3) } */ +extern ASN1EXP const heim_oid asn1_oid_id_ecdsa_with_SHA384; +#define ASN1_OID_ID_ECDSA_WITH_SHA384 (&asn1_oid_id_ecdsa_with_SHA384) + +/* OBJECT IDENTIFIER id-ecdsa-with-SHA256 ::= { iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) label-less(2) } */ +extern ASN1EXP const heim_oid asn1_oid_id_ecdsa_with_SHA256; +#define ASN1_OID_ID_ECDSA_WITH_SHA256 (&asn1_oid_id_ecdsa_with_SHA256) + +/* OBJECT IDENTIFIER id-ecdsa-with-SHA224 ::= { iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) label-less(1) } */ +extern ASN1EXP const heim_oid asn1_oid_id_ecdsa_with_SHA224; +#define ASN1_OID_ID_ECDSA_WITH_SHA224 (&asn1_oid_id_ecdsa_with_SHA224) + +/* OBJECT IDENTIFIER id-ecdsa-with-SHA1 ::= { iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) label-less(1) } */ +extern ASN1EXP const heim_oid asn1_oid_id_ecdsa_with_SHA1; +#define ASN1_OID_ID_ECDSA_WITH_SHA1 (&asn1_oid_id_ecdsa_with_SHA1) + +/* OBJECT IDENTIFIER id-ec-group-secp256r1 ::= { iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) label-less(7) } */ +extern ASN1EXP const heim_oid asn1_oid_id_ec_group_secp256r1; +#define ASN1_OID_ID_EC_GROUP_SECP256R1 (&asn1_oid_id_ec_group_secp256r1) + +/* OBJECT IDENTIFIER id-ec-group-secp160r1 ::= { iso(1) identified-organization(3) certicom(132) label-less(0) label-less(8) } */ +extern ASN1EXP const heim_oid asn1_oid_id_ec_group_secp160r1; +#define ASN1_OID_ID_EC_GROUP_SECP160R1 (&asn1_oid_id_ec_group_secp160r1) + +/* OBJECT IDENTIFIER id-ec-group-secp160r2 ::= { iso(1) identified-organization(3) certicom(132) label-less(0) label-less(30) } */ +extern ASN1EXP const heim_oid asn1_oid_id_ec_group_secp160r2; +#define ASN1_OID_ID_EC_GROUP_SECP160R2 (&asn1_oid_id_ec_group_secp160r2) + +/* OBJECT IDENTIFIER id-ec-group-secp224r1 ::= { iso(1) identified-organization(3) certicom(132) label-less(0) label-less(33) } */ +extern ASN1EXP const heim_oid asn1_oid_id_ec_group_secp224r1; +#define ASN1_OID_ID_EC_GROUP_SECP224R1 (&asn1_oid_id_ec_group_secp224r1) + +/* OBJECT IDENTIFIER id-ec-group-secp384r1 ::= { iso(1) identified-organization(3) certicom(132) label-less(0) label-less(34) } */ +extern ASN1EXP const heim_oid asn1_oid_id_ec_group_secp384r1; +#define ASN1_OID_ID_EC_GROUP_SECP384R1 (&asn1_oid_id_ec_group_secp384r1) + +/* OBJECT IDENTIFIER id-ec-group-secp521r1 ::= { iso(1) identified-organization(3) certicom(132) label-less(0) label-less(35) } */ +extern ASN1EXP const heim_oid asn1_oid_id_ec_group_secp521r1; +#define ASN1_OID_ID_EC_GROUP_SECP521R1 (&asn1_oid_id_ec_group_secp521r1) + +/* OBJECT IDENTIFIER id-x9-57 ::= { iso(1) member-body(2) us(840) ansi-x942(10046) label-less(4) } */ +extern ASN1EXP const heim_oid asn1_oid_id_x9_57; +#define ASN1_OID_ID_X9_57 (&asn1_oid_id_x9_57) + +/* OBJECT IDENTIFIER id-dsa ::= { iso(1) member-body(2) us(840) ansi-x942(10046) label-less(4) label-less(1) } */ +extern ASN1EXP const heim_oid asn1_oid_id_dsa; +#define ASN1_OID_ID_DSA (&asn1_oid_id_dsa) + +/* OBJECT IDENTIFIER id-dsa-with-sha1 ::= { iso(1) member-body(2) us(840) ansi-x942(10046) label-less(4) label-less(3) } */ +extern ASN1EXP const heim_oid asn1_oid_id_dsa_with_sha1; +#define ASN1_OID_ID_DSA_WITH_SHA1 (&asn1_oid_id_dsa_with_sha1) + +/* OBJECT IDENTIFIER id-x520-at ::= { joint-iso-ccitt(2) ds(5) label-less(4) } */ +extern ASN1EXP const heim_oid asn1_oid_id_x520_at; +#define ASN1_OID_ID_X520_AT (&asn1_oid_id_x520_at) + +/* OBJECT IDENTIFIER id-at-commonName ::= { joint-iso-ccitt(2) ds(5) label-less(4) label-less(3) } */ +extern ASN1EXP const heim_oid asn1_oid_id_at_commonName; +#define ASN1_OID_ID_AT_COMMONNAME (&asn1_oid_id_at_commonName) + +/* OBJECT IDENTIFIER id-at-surname ::= { joint-iso-ccitt(2) ds(5) label-less(4) label-less(4) } */ +extern ASN1EXP const heim_oid asn1_oid_id_at_surname; +#define ASN1_OID_ID_AT_SURNAME (&asn1_oid_id_at_surname) + +/* OBJECT IDENTIFIER id-at-serialNumber ::= { joint-iso-ccitt(2) ds(5) label-less(4) label-less(5) } */ +extern ASN1EXP const heim_oid asn1_oid_id_at_serialNumber; +#define ASN1_OID_ID_AT_SERIALNUMBER (&asn1_oid_id_at_serialNumber) + +/* OBJECT IDENTIFIER id-at-countryName ::= { joint-iso-ccitt(2) ds(5) label-less(4) label-less(6) } */ +extern ASN1EXP const heim_oid asn1_oid_id_at_countryName; +#define ASN1_OID_ID_AT_COUNTRYNAME (&asn1_oid_id_at_countryName) + +/* OBJECT IDENTIFIER id-at-localityName ::= { joint-iso-ccitt(2) ds(5) label-less(4) label-less(7) } */ +extern ASN1EXP const heim_oid asn1_oid_id_at_localityName; +#define ASN1_OID_ID_AT_LOCALITYNAME (&asn1_oid_id_at_localityName) + +/* OBJECT IDENTIFIER id-at-stateOrProvinceName ::= { joint-iso-ccitt(2) ds(5) label-less(4) label-less(8) } */ +extern ASN1EXP const heim_oid asn1_oid_id_at_stateOrProvinceName; +#define ASN1_OID_ID_AT_STATEORPROVINCENAME (&asn1_oid_id_at_stateOrProvinceName) + +/* OBJECT IDENTIFIER id-at-streetAddress ::= { joint-iso-ccitt(2) ds(5) label-less(4) label-less(9) } */ +extern ASN1EXP const heim_oid asn1_oid_id_at_streetAddress; +#define ASN1_OID_ID_AT_STREETADDRESS (&asn1_oid_id_at_streetAddress) + +/* OBJECT IDENTIFIER id-at-organizationName ::= { joint-iso-ccitt(2) ds(5) label-less(4) label-less(10) } */ +extern ASN1EXP const heim_oid asn1_oid_id_at_organizationName; +#define ASN1_OID_ID_AT_ORGANIZATIONNAME (&asn1_oid_id_at_organizationName) + +/* OBJECT IDENTIFIER id-at-organizationalUnitName ::= { joint-iso-ccitt(2) ds(5) label-less(4) label-less(11) } */ +extern ASN1EXP const heim_oid asn1_oid_id_at_organizationalUnitName; +#define ASN1_OID_ID_AT_ORGANIZATIONALUNITNAME (&asn1_oid_id_at_organizationalUnitName) + +/* OBJECT IDENTIFIER id-at-title ::= { joint-iso-ccitt(2) ds(5) label-less(4) label-less(12) } */ +extern ASN1EXP const heim_oid asn1_oid_id_at_title; +#define ASN1_OID_ID_AT_TITLE (&asn1_oid_id_at_title) + +/* OBJECT IDENTIFIER id-at-description ::= { joint-iso-ccitt(2) ds(5) label-less(4) label-less(13) } */ +extern ASN1EXP const heim_oid asn1_oid_id_at_description; +#define ASN1_OID_ID_AT_DESCRIPTION (&asn1_oid_id_at_description) + +/* OBJECT IDENTIFIER id-at-name ::= { joint-iso-ccitt(2) ds(5) label-less(4) label-less(41) } */ +extern ASN1EXP const heim_oid asn1_oid_id_at_name; +#define ASN1_OID_ID_AT_NAME (&asn1_oid_id_at_name) + +/* OBJECT IDENTIFIER id-at-givenName ::= { joint-iso-ccitt(2) ds(5) label-less(4) label-less(42) } */ +extern ASN1EXP const heim_oid asn1_oid_id_at_givenName; +#define ASN1_OID_ID_AT_GIVENNAME (&asn1_oid_id_at_givenName) + +/* OBJECT IDENTIFIER id-at-initials ::= { joint-iso-ccitt(2) ds(5) label-less(4) label-less(43) } */ +extern ASN1EXP const heim_oid asn1_oid_id_at_initials; +#define ASN1_OID_ID_AT_INITIALS (&asn1_oid_id_at_initials) + +/* OBJECT IDENTIFIER id-at-generationQualifier ::= { joint-iso-ccitt(2) ds(5) label-less(4) label-less(44) } */ +extern ASN1EXP const heim_oid asn1_oid_id_at_generationQualifier; +#define ASN1_OID_ID_AT_GENERATIONQUALIFIER (&asn1_oid_id_at_generationQualifier) + +/* OBJECT IDENTIFIER id-at-pseudonym ::= { joint-iso-ccitt(2) ds(5) label-less(4) label-less(65) } */ +extern ASN1EXP const heim_oid asn1_oid_id_at_pseudonym; +#define ASN1_OID_ID_AT_PSEUDONYM (&asn1_oid_id_at_pseudonym) + +/* OBJECT IDENTIFIER id-Userid ::= { label-less(0) label-less(9) label-less(2342) label-less(19200300) label-less(100) label-less(1) label-less(1) } */ +extern ASN1EXP const heim_oid asn1_oid_id_Userid; +#define ASN1_OID_ID_USERID (&asn1_oid_id_Userid) + +/* OBJECT IDENTIFIER id-domainComponent ::= { label-less(0) label-less(9) label-less(2342) label-less(19200300) label-less(100) label-less(1) label-less(25) } */ +extern ASN1EXP const heim_oid asn1_oid_id_domainComponent; +#define ASN1_OID_ID_DOMAINCOMPONENT (&asn1_oid_id_domainComponent) + +/* OBJECT IDENTIFIER id-x509-ce ::= { joint-iso-ccitt(2) ds(5) label-less(29) } */ +extern ASN1EXP const heim_oid asn1_oid_id_x509_ce; +#define ASN1_OID_ID_X509_CE (&asn1_oid_id_x509_ce) + +/* +AlgorithmIdentifier ::= SEQUENCE { + algorithm OBJECT IDENTIFIER, + parameters heim_any OPTIONAL, +} +*/ + +typedef struct AlgorithmIdentifier { + heim_oid algorithm; + heim_any *parameters; +} AlgorithmIdentifier; + +ASN1EXP int ASN1CALL decode_AlgorithmIdentifier(const unsigned char *, size_t, AlgorithmIdentifier *, size_t *); +ASN1EXP int ASN1CALL encode_AlgorithmIdentifier(unsigned char *, size_t, const AlgorithmIdentifier *, size_t *); +ASN1EXP size_t ASN1CALL length_AlgorithmIdentifier(const AlgorithmIdentifier *); +ASN1EXP int ASN1CALL copy_AlgorithmIdentifier (const AlgorithmIdentifier *, AlgorithmIdentifier *); +ASN1EXP void ASN1CALL free_AlgorithmIdentifier (AlgorithmIdentifier *); + + +/* +AttributeType ::= OBJECT IDENTIFIER +*/ + +typedef heim_oid AttributeType; + +ASN1EXP int ASN1CALL decode_AttributeType(const unsigned char *, size_t, AttributeType *, size_t *); +ASN1EXP int ASN1CALL encode_AttributeType(unsigned char *, size_t, const AttributeType *, size_t *); +ASN1EXP size_t ASN1CALL length_AttributeType(const AttributeType *); +ASN1EXP int ASN1CALL copy_AttributeType (const AttributeType *, AttributeType *); +ASN1EXP void ASN1CALL free_AttributeType (AttributeType *); + + +/* +AttributeValue ::= heim_any +*/ + +typedef heim_any AttributeValue; + +ASN1EXP int ASN1CALL decode_AttributeValue(const unsigned char *, size_t, AttributeValue *, size_t *); +ASN1EXP int ASN1CALL encode_AttributeValue(unsigned char *, size_t, const AttributeValue *, size_t *); +ASN1EXP size_t ASN1CALL length_AttributeValue(const AttributeValue *); +ASN1EXP int ASN1CALL copy_AttributeValue (const AttributeValue *, AttributeValue *); +ASN1EXP void ASN1CALL free_AttributeValue (AttributeValue *); + + +/* +DirectoryString ::= CHOICE { + ia5String IA5String, + teletexString TeletexString, + printableString PrintableString, + universalString UniversalString, + utf8String UTF8String, + bmpString BMPString, +} +*/ + +typedef struct DirectoryString { + enum DirectoryString_enum { + choice_DirectoryString_ia5String = 1, + choice_DirectoryString_teletexString, + choice_DirectoryString_printableString, + choice_DirectoryString_universalString, + choice_DirectoryString_utf8String, + choice_DirectoryString_bmpString + } element; + union { + heim_ia5_string ia5String; + heim_general_string teletexString; + heim_printable_string printableString; + heim_universal_string universalString; + heim_utf8_string utf8String; + heim_bmp_string bmpString; + } u; +} DirectoryString; + +ASN1EXP int ASN1CALL decode_DirectoryString(const unsigned char *, size_t, DirectoryString *, size_t *); +ASN1EXP int ASN1CALL encode_DirectoryString(unsigned char *, size_t, const DirectoryString *, size_t *); +ASN1EXP size_t ASN1CALL length_DirectoryString(const DirectoryString *); +ASN1EXP int ASN1CALL copy_DirectoryString (const DirectoryString *, DirectoryString *); +ASN1EXP void ASN1CALL free_DirectoryString (DirectoryString *); + + +/* +Attribute ::= SEQUENCE { + type AttributeType, + value SET OF heim_any, +} +*/ + +typedef struct Attribute { + AttributeType type; + struct Attribute_value { + unsigned int len; + heim_any *val; + } value; +} Attribute; + +ASN1EXP int ASN1CALL decode_Attribute(const unsigned char *, size_t, Attribute *, size_t *); +ASN1EXP int ASN1CALL encode_Attribute(unsigned char *, size_t, const Attribute *, size_t *); +ASN1EXP size_t ASN1CALL length_Attribute(const Attribute *); +ASN1EXP int ASN1CALL copy_Attribute (const Attribute *, Attribute *); +ASN1EXP void ASN1CALL free_Attribute (Attribute *); + + +/* +AttributeTypeAndValue ::= SEQUENCE { + type AttributeType, + value DirectoryString, +} +*/ + +typedef struct AttributeTypeAndValue { + AttributeType type; + DirectoryString value; +} AttributeTypeAndValue; + +ASN1EXP int ASN1CALL decode_AttributeTypeAndValue(const unsigned char *, size_t, AttributeTypeAndValue *, size_t *); +ASN1EXP int ASN1CALL encode_AttributeTypeAndValue(unsigned char *, size_t, const AttributeTypeAndValue *, size_t *); +ASN1EXP size_t ASN1CALL length_AttributeTypeAndValue(const AttributeTypeAndValue *); +ASN1EXP int ASN1CALL copy_AttributeTypeAndValue (const AttributeTypeAndValue *, AttributeTypeAndValue *); +ASN1EXP void ASN1CALL free_AttributeTypeAndValue (AttributeTypeAndValue *); + + +/* +RelativeDistinguishedName ::= SET OF AttributeTypeAndValue +*/ + +typedef struct RelativeDistinguishedName { + unsigned int len; + AttributeTypeAndValue *val; +} RelativeDistinguishedName; + +ASN1EXP int ASN1CALL decode_RelativeDistinguishedName(const unsigned char *, size_t, RelativeDistinguishedName *, size_t *); +ASN1EXP int ASN1CALL encode_RelativeDistinguishedName(unsigned char *, size_t, const RelativeDistinguishedName *, size_t *); +ASN1EXP size_t ASN1CALL length_RelativeDistinguishedName(const RelativeDistinguishedName *); +ASN1EXP int ASN1CALL copy_RelativeDistinguishedName (const RelativeDistinguishedName *, RelativeDistinguishedName *); +ASN1EXP void ASN1CALL free_RelativeDistinguishedName (RelativeDistinguishedName *); + + +/* +RDNSequence ::= SEQUENCE OF RelativeDistinguishedName +*/ + +typedef struct RDNSequence { + unsigned int len; + RelativeDistinguishedName *val; +} RDNSequence; + +ASN1EXP int ASN1CALL decode_RDNSequence(const unsigned char *, size_t, RDNSequence *, size_t *); +ASN1EXP int ASN1CALL encode_RDNSequence(unsigned char *, size_t, const RDNSequence *, size_t *); +ASN1EXP size_t ASN1CALL length_RDNSequence(const RDNSequence *); +ASN1EXP int ASN1CALL copy_RDNSequence (const RDNSequence *, RDNSequence *); +ASN1EXP void ASN1CALL free_RDNSequence (RDNSequence *); + + +/* +Name ::= CHOICE { + rdnSequence RDNSequence, +} +*/ + +typedef struct Name { + heim_octet_string _save; + enum Name_enum { + choice_Name_rdnSequence = 1 + } element; + union { + RDNSequence rdnSequence; + } u; +} Name; + +ASN1EXP int ASN1CALL decode_Name(const unsigned char *, size_t, Name *, size_t *); +ASN1EXP int ASN1CALL encode_Name(unsigned char *, size_t, const Name *, size_t *); +ASN1EXP size_t ASN1CALL length_Name(const Name *); +ASN1EXP int ASN1CALL copy_Name (const Name *, Name *); +ASN1EXP void ASN1CALL free_Name (Name *); + + +/* +CertificateSerialNumber ::= INTEGER +*/ + +typedef heim_integer CertificateSerialNumber; + +ASN1EXP int ASN1CALL decode_CertificateSerialNumber(const unsigned char *, size_t, CertificateSerialNumber *, size_t *); +ASN1EXP int ASN1CALL encode_CertificateSerialNumber(unsigned char *, size_t, const CertificateSerialNumber *, size_t *); +ASN1EXP size_t ASN1CALL length_CertificateSerialNumber(const CertificateSerialNumber *); +ASN1EXP int ASN1CALL copy_CertificateSerialNumber (const CertificateSerialNumber *, CertificateSerialNumber *); +ASN1EXP void ASN1CALL free_CertificateSerialNumber (CertificateSerialNumber *); + + +/* +Time ::= CHOICE { + utcTime UTCTime, + generalTime GeneralizedTime, +} +*/ + +typedef struct Time { + enum Time_enum { + choice_Time_utcTime = 1, + choice_Time_generalTime + } element; + union { + time_t utcTime; + time_t generalTime; + } u; +} Time; + +ASN1EXP int ASN1CALL decode_Time(const unsigned char *, size_t, Time *, size_t *); +ASN1EXP int ASN1CALL encode_Time(unsigned char *, size_t, const Time *, size_t *); +ASN1EXP size_t ASN1CALL length_Time(const Time *); +ASN1EXP int ASN1CALL copy_Time (const Time *, Time *); +ASN1EXP void ASN1CALL free_Time (Time *); + + +/* +Validity ::= SEQUENCE { + notBefore Time, + notAfter Time, +} +*/ + +typedef struct Validity { + Time notBefore; + Time notAfter; +} Validity; + +ASN1EXP int ASN1CALL decode_Validity(const unsigned char *, size_t, Validity *, size_t *); +ASN1EXP int ASN1CALL encode_Validity(unsigned char *, size_t, const Validity *, size_t *); +ASN1EXP size_t ASN1CALL length_Validity(const Validity *); +ASN1EXP int ASN1CALL copy_Validity (const Validity *, Validity *); +ASN1EXP void ASN1CALL free_Validity (Validity *); + + +/* +UniqueIdentifier ::= BIT STRING { +} +*/ + +typedef heim_bit_string UniqueIdentifier; + +ASN1EXP int ASN1CALL decode_UniqueIdentifier(const unsigned char *, size_t, UniqueIdentifier *, size_t *); +ASN1EXP int ASN1CALL encode_UniqueIdentifier(unsigned char *, size_t, const UniqueIdentifier *, size_t *); +ASN1EXP size_t ASN1CALL length_UniqueIdentifier(const UniqueIdentifier *); +ASN1EXP int ASN1CALL copy_UniqueIdentifier (const UniqueIdentifier *, UniqueIdentifier *); +ASN1EXP void ASN1CALL free_UniqueIdentifier (UniqueIdentifier *); + + +/* +SubjectPublicKeyInfo ::= SEQUENCE { + algorithm AlgorithmIdentifier, + subjectPublicKey BIT STRING { + }, +} +*/ + +typedef struct SubjectPublicKeyInfo { + AlgorithmIdentifier algorithm; + heim_bit_string subjectPublicKey; +} SubjectPublicKeyInfo; + +ASN1EXP int ASN1CALL decode_SubjectPublicKeyInfo(const unsigned char *, size_t, SubjectPublicKeyInfo *, size_t *); +ASN1EXP int ASN1CALL encode_SubjectPublicKeyInfo(unsigned char *, size_t, const SubjectPublicKeyInfo *, size_t *); +ASN1EXP size_t ASN1CALL length_SubjectPublicKeyInfo(const SubjectPublicKeyInfo *); +ASN1EXP int ASN1CALL copy_SubjectPublicKeyInfo (const SubjectPublicKeyInfo *, SubjectPublicKeyInfo *); +ASN1EXP void ASN1CALL free_SubjectPublicKeyInfo (SubjectPublicKeyInfo *); + + +/* +Extension ::= SEQUENCE { + extnID OBJECT IDENTIFIER, + critical BOOLEAN OPTIONAL, + extnValue OCTET STRING, +} +*/ + +typedef struct Extension { + heim_oid extnID; + int *critical; + heim_octet_string extnValue; +} Extension; + +ASN1EXP int ASN1CALL decode_Extension(const unsigned char *, size_t, Extension *, size_t *); +ASN1EXP int ASN1CALL encode_Extension(unsigned char *, size_t, const Extension *, size_t *); +ASN1EXP size_t ASN1CALL length_Extension(const Extension *); +ASN1EXP int ASN1CALL copy_Extension (const Extension *, Extension *); +ASN1EXP void ASN1CALL free_Extension (Extension *); + + +/* +Extensions ::= SEQUENCE OF Extension +*/ + +typedef struct Extensions { + unsigned int len; + Extension *val; +} Extensions; + +ASN1EXP int ASN1CALL add_Extensions (Extensions *, const Extension *); +ASN1EXP int ASN1CALL remove_Extensions (Extensions *, unsigned int); +ASN1EXP int ASN1CALL decode_Extensions(const unsigned char *, size_t, Extensions *, size_t *); +ASN1EXP int ASN1CALL encode_Extensions(unsigned char *, size_t, const Extensions *, size_t *); +ASN1EXP size_t ASN1CALL length_Extensions(const Extensions *); +ASN1EXP int ASN1CALL copy_Extensions (const Extensions *, Extensions *); +ASN1EXP void ASN1CALL free_Extensions (Extensions *); + + +/* +TBSCertificate ::= SEQUENCE { + version [0] Version OPTIONAL, + serialNumber CertificateSerialNumber, + signature AlgorithmIdentifier, + issuer Name, + validity Validity, + subject Name, + subjectPublicKeyInfo SubjectPublicKeyInfo, + issuerUniqueID [1] IMPLICIT BIT STRING { + } OPTIONAL, + subjectUniqueID [2] IMPLICIT BIT STRING { + } OPTIONAL, + extensions [3] Extensions OPTIONAL, +} +*/ + +typedef struct TBSCertificate { + heim_octet_string _save; + Version *version; + CertificateSerialNumber serialNumber; + AlgorithmIdentifier signature; + Name issuer; + Validity validity; + Name subject; + SubjectPublicKeyInfo subjectPublicKeyInfo; + heim_bit_string *issuerUniqueID; + heim_bit_string *subjectUniqueID; + Extensions *extensions; +} TBSCertificate; + +ASN1EXP int ASN1CALL decode_TBSCertificate(const unsigned char *, size_t, TBSCertificate *, size_t *); +ASN1EXP int ASN1CALL encode_TBSCertificate(unsigned char *, size_t, const TBSCertificate *, size_t *); +ASN1EXP size_t ASN1CALL length_TBSCertificate(const TBSCertificate *); +ASN1EXP int ASN1CALL copy_TBSCertificate (const TBSCertificate *, TBSCertificate *); +ASN1EXP void ASN1CALL free_TBSCertificate (TBSCertificate *); + + +/* +Certificate ::= SEQUENCE { + tbsCertificate TBSCertificate, + signatureAlgorithm AlgorithmIdentifier, + signatureValue BIT STRING { + }, +} +*/ + +typedef struct Certificate { + TBSCertificate tbsCertificate; + AlgorithmIdentifier signatureAlgorithm; + heim_bit_string signatureValue; +} Certificate; + +ASN1EXP int ASN1CALL decode_Certificate(const unsigned char *, size_t, Certificate *, size_t *); +ASN1EXP int ASN1CALL encode_Certificate(unsigned char *, size_t, const Certificate *, size_t *); +ASN1EXP size_t ASN1CALL length_Certificate(const Certificate *); +ASN1EXP int ASN1CALL copy_Certificate (const Certificate *, Certificate *); +ASN1EXP void ASN1CALL free_Certificate (Certificate *); + + +/* +Certificates ::= SEQUENCE OF Certificate +*/ + +typedef struct Certificates { + unsigned int len; + Certificate *val; +} Certificates; + +ASN1EXP int ASN1CALL decode_Certificates(const unsigned char *, size_t, Certificates *, size_t *); +ASN1EXP int ASN1CALL encode_Certificates(unsigned char *, size_t, const Certificates *, size_t *); +ASN1EXP size_t ASN1CALL length_Certificates(const Certificates *); +ASN1EXP int ASN1CALL copy_Certificates (const Certificates *, Certificates *); +ASN1EXP void ASN1CALL free_Certificates (Certificates *); + + +/* +ValidationParms ::= SEQUENCE { + seed BIT STRING { + }, + pgenCounter INTEGER, +} +*/ + +typedef struct ValidationParms { + heim_bit_string seed; + heim_integer pgenCounter; +} ValidationParms; + +ASN1EXP int ASN1CALL decode_ValidationParms(const unsigned char *, size_t, ValidationParms *, size_t *); +ASN1EXP int ASN1CALL encode_ValidationParms(unsigned char *, size_t, const ValidationParms *, size_t *); +ASN1EXP size_t ASN1CALL length_ValidationParms(const ValidationParms *); +ASN1EXP int ASN1CALL copy_ValidationParms (const ValidationParms *, ValidationParms *); +ASN1EXP void ASN1CALL free_ValidationParms (ValidationParms *); + + +/* +DomainParameters ::= SEQUENCE { + p INTEGER, + g INTEGER, + q INTEGER OPTIONAL, + j INTEGER OPTIONAL, + validationParms ValidationParms OPTIONAL, +} +*/ + +typedef struct DomainParameters { + heim_integer p; + heim_integer g; + heim_integer *q; + heim_integer *j; + ValidationParms *validationParms; +} DomainParameters; + +ASN1EXP int ASN1CALL decode_DomainParameters(const unsigned char *, size_t, DomainParameters *, size_t *); +ASN1EXP int ASN1CALL encode_DomainParameters(unsigned char *, size_t, const DomainParameters *, size_t *); +ASN1EXP size_t ASN1CALL length_DomainParameters(const DomainParameters *); +ASN1EXP int ASN1CALL copy_DomainParameters (const DomainParameters *, DomainParameters *); +ASN1EXP void ASN1CALL free_DomainParameters (DomainParameters *); + + +/* +DHParameter ::= SEQUENCE { + prime INTEGER, + base INTEGER, + privateValueLength INTEGER OPTIONAL, +} +*/ + +typedef struct DHParameter { + heim_integer prime; + heim_integer base; + heim_integer *privateValueLength; +} DHParameter; + +ASN1EXP int ASN1CALL decode_DHParameter(const unsigned char *, size_t, DHParameter *, size_t *); +ASN1EXP int ASN1CALL encode_DHParameter(unsigned char *, size_t, const DHParameter *, size_t *); +ASN1EXP size_t ASN1CALL length_DHParameter(const DHParameter *); +ASN1EXP int ASN1CALL copy_DHParameter (const DHParameter *, DHParameter *); +ASN1EXP void ASN1CALL free_DHParameter (DHParameter *); + + +/* +DHPublicKey ::= INTEGER +*/ + +typedef heim_integer DHPublicKey; + +ASN1EXP int ASN1CALL decode_DHPublicKey(const unsigned char *, size_t, DHPublicKey *, size_t *); +ASN1EXP int ASN1CALL encode_DHPublicKey(unsigned char *, size_t, const DHPublicKey *, size_t *); +ASN1EXP size_t ASN1CALL length_DHPublicKey(const DHPublicKey *); +ASN1EXP int ASN1CALL copy_DHPublicKey (const DHPublicKey *, DHPublicKey *); +ASN1EXP void ASN1CALL free_DHPublicKey (DHPublicKey *); + + +/* +OtherName ::= SEQUENCE { + type-id OBJECT IDENTIFIER, + value [0] heim_any, +} +*/ + +typedef struct OtherName { + heim_oid type_id; + heim_any value; +} OtherName; + +ASN1EXP int ASN1CALL decode_OtherName(const unsigned char *, size_t, OtherName *, size_t *); +ASN1EXP int ASN1CALL encode_OtherName(unsigned char *, size_t, const OtherName *, size_t *); +ASN1EXP size_t ASN1CALL length_OtherName(const OtherName *); +ASN1EXP int ASN1CALL copy_OtherName (const OtherName *, OtherName *); +ASN1EXP void ASN1CALL free_OtherName (OtherName *); + + +/* +GeneralName ::= CHOICE { + otherName [0] IMPLICIT SEQUENCE { + type-id OBJECT IDENTIFIER, + value [0] heim_any, + }, + rfc822Name [1] IMPLICIT IA5String, + dNSName [2] IMPLICIT IA5String, + directoryName [4] IMPLICIT CHOICE { + rdnSequence RDNSequence, + }, + uniformResourceIdentifier [6] IMPLICIT IA5String, + iPAddress [7] IMPLICIT OCTET STRING, + registeredID [8] IMPLICIT OBJECT IDENTIFIER, +} +*/ + +typedef struct GeneralName { + enum GeneralName_enum { + choice_GeneralName_otherName = 1, + choice_GeneralName_rfc822Name, + choice_GeneralName_dNSName, + choice_GeneralName_directoryName, + choice_GeneralName_uniformResourceIdentifier, + choice_GeneralName_iPAddress, + choice_GeneralName_registeredID + } element; + union { + struct GeneralName_otherName { + heim_oid type_id; + heim_any value; + } otherName; + heim_ia5_string rfc822Name; + heim_ia5_string dNSName; + struct GeneralName_directoryName { + enum GeneralName_directoryName_enum { + choice_GeneralName_directoryName_rdnSequence = 1 + } element; + union { + RDNSequence rdnSequence; + } u; + } directoryName; + heim_ia5_string uniformResourceIdentifier; + heim_octet_string iPAddress; + heim_oid registeredID; + } u; +} GeneralName; + +ASN1EXP int ASN1CALL decode_GeneralName(const unsigned char *, size_t, GeneralName *, size_t *); +ASN1EXP int ASN1CALL encode_GeneralName(unsigned char *, size_t, const GeneralName *, size_t *); +ASN1EXP size_t ASN1CALL length_GeneralName(const GeneralName *); +ASN1EXP int ASN1CALL copy_GeneralName (const GeneralName *, GeneralName *); +ASN1EXP void ASN1CALL free_GeneralName (GeneralName *); + + +/* +GeneralNames ::= SEQUENCE OF GeneralName +*/ + +typedef struct GeneralNames { + unsigned int len; + GeneralName *val; +} GeneralNames; + +ASN1EXP int ASN1CALL add_GeneralNames (GeneralNames *, const GeneralName *); +ASN1EXP int ASN1CALL remove_GeneralNames (GeneralNames *, unsigned int); +ASN1EXP int ASN1CALL decode_GeneralNames(const unsigned char *, size_t, GeneralNames *, size_t *); +ASN1EXP int ASN1CALL encode_GeneralNames(unsigned char *, size_t, const GeneralNames *, size_t *); +ASN1EXP size_t ASN1CALL length_GeneralNames(const GeneralNames *); +ASN1EXP int ASN1CALL copy_GeneralNames (const GeneralNames *, GeneralNames *); +ASN1EXP void ASN1CALL free_GeneralNames (GeneralNames *); + + +/* OBJECT IDENTIFIER id-x509-ce-keyUsage ::= { joint-iso-ccitt(2) ds(5) label-less(29) label-less(15) } */ +extern ASN1EXP const heim_oid asn1_oid_id_x509_ce_keyUsage; +#define ASN1_OID_ID_X509_CE_KEYUSAGE (&asn1_oid_id_x509_ce_keyUsage) + +/* +KeyUsage ::= BIT STRING { + digitalSignature(0), + nonRepudiation(1), + keyEncipherment(2), + dataEncipherment(3), + keyAgreement(4), + keyCertSign(5), + cRLSign(6), + encipherOnly(7), + decipherOnly(8) +} +*/ + +typedef struct KeyUsage { + unsigned int digitalSignature:1; + unsigned int nonRepudiation:1; + unsigned int keyEncipherment:1; + unsigned int dataEncipherment:1; + unsigned int keyAgreement:1; + unsigned int keyCertSign:1; + unsigned int cRLSign:1; + unsigned int encipherOnly:1; + unsigned int decipherOnly:1; + unsigned int _unused9:1; + unsigned int _unused10:1; + unsigned int _unused11:1; + unsigned int _unused12:1; + unsigned int _unused13:1; + unsigned int _unused14:1; + unsigned int _unused15:1; + unsigned int _unused16:1; + unsigned int _unused17:1; + unsigned int _unused18:1; + unsigned int _unused19:1; + unsigned int _unused20:1; + unsigned int _unused21:1; + unsigned int _unused22:1; + unsigned int _unused23:1; + unsigned int _unused24:1; + unsigned int _unused25:1; + unsigned int _unused26:1; + unsigned int _unused27:1; + unsigned int _unused28:1; + unsigned int _unused29:1; + unsigned int _unused30:1; + unsigned int _unused31:1; +} KeyUsage; + + +unsigned KeyUsage2int(KeyUsage); +KeyUsage int2KeyUsage(unsigned); +const struct units * asn1_KeyUsage_units(void); +ASN1EXP int ASN1CALL decode_KeyUsage(const unsigned char *, size_t, KeyUsage *, size_t *); +ASN1EXP int ASN1CALL encode_KeyUsage(unsigned char *, size_t, const KeyUsage *, size_t *); +ASN1EXP size_t ASN1CALL length_KeyUsage(const KeyUsage *); +ASN1EXP int ASN1CALL copy_KeyUsage (const KeyUsage *, KeyUsage *); +ASN1EXP void ASN1CALL free_KeyUsage (KeyUsage *); + + +/* OBJECT IDENTIFIER id-x509-ce-authorityKeyIdentifier ::= { joint-iso-ccitt(2) ds(5) label-less(29) label-less(35) } */ +extern ASN1EXP const heim_oid asn1_oid_id_x509_ce_authorityKeyIdentifier; +#define ASN1_OID_ID_X509_CE_AUTHORITYKEYIDENTIFIER (&asn1_oid_id_x509_ce_authorityKeyIdentifier) + +/* +KeyIdentifier ::= OCTET STRING +*/ + +typedef heim_octet_string KeyIdentifier; + +ASN1EXP int ASN1CALL decode_KeyIdentifier(const unsigned char *, size_t, KeyIdentifier *, size_t *); +ASN1EXP int ASN1CALL encode_KeyIdentifier(unsigned char *, size_t, const KeyIdentifier *, size_t *); +ASN1EXP size_t ASN1CALL length_KeyIdentifier(const KeyIdentifier *); +ASN1EXP int ASN1CALL copy_KeyIdentifier (const KeyIdentifier *, KeyIdentifier *); +ASN1EXP void ASN1CALL free_KeyIdentifier (KeyIdentifier *); + + +/* +AuthorityKeyIdentifier ::= SEQUENCE { + keyIdentifier [0] IMPLICIT OCTET STRING OPTIONAL, + authorityCertIssuer [1] IMPLICIT SEQUENCE OF GeneralName OPTIONAL, + authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL, +} +*/ + +typedef struct AuthorityKeyIdentifier { + heim_octet_string *keyIdentifier; + struct AuthorityKeyIdentifier_authorityCertIssuer { + unsigned int len; + GeneralName *val; + } *authorityCertIssuer; + heim_integer *authorityCertSerialNumber; +} AuthorityKeyIdentifier; + +ASN1EXP int ASN1CALL decode_AuthorityKeyIdentifier(const unsigned char *, size_t, AuthorityKeyIdentifier *, size_t *); +ASN1EXP int ASN1CALL encode_AuthorityKeyIdentifier(unsigned char *, size_t, const AuthorityKeyIdentifier *, size_t *); +ASN1EXP size_t ASN1CALL length_AuthorityKeyIdentifier(const AuthorityKeyIdentifier *); +ASN1EXP int ASN1CALL copy_AuthorityKeyIdentifier (const AuthorityKeyIdentifier *, AuthorityKeyIdentifier *); +ASN1EXP void ASN1CALL free_AuthorityKeyIdentifier (AuthorityKeyIdentifier *); + + +/* OBJECT IDENTIFIER id-x509-ce-subjectKeyIdentifier ::= { joint-iso-ccitt(2) ds(5) label-less(29) label-less(14) } */ +extern ASN1EXP const heim_oid asn1_oid_id_x509_ce_subjectKeyIdentifier; +#define ASN1_OID_ID_X509_CE_SUBJECTKEYIDENTIFIER (&asn1_oid_id_x509_ce_subjectKeyIdentifier) + +/* +SubjectKeyIdentifier ::= KeyIdentifier +*/ + +typedef KeyIdentifier SubjectKeyIdentifier; + +ASN1EXP int ASN1CALL decode_SubjectKeyIdentifier(const unsigned char *, size_t, SubjectKeyIdentifier *, size_t *); +ASN1EXP int ASN1CALL encode_SubjectKeyIdentifier(unsigned char *, size_t, const SubjectKeyIdentifier *, size_t *); +ASN1EXP size_t ASN1CALL length_SubjectKeyIdentifier(const SubjectKeyIdentifier *); +ASN1EXP int ASN1CALL copy_SubjectKeyIdentifier (const SubjectKeyIdentifier *, SubjectKeyIdentifier *); +ASN1EXP void ASN1CALL free_SubjectKeyIdentifier (SubjectKeyIdentifier *); + + +/* OBJECT IDENTIFIER id-x509-ce-basicConstraints ::= { joint-iso-ccitt(2) ds(5) label-less(29) label-less(19) } */ +extern ASN1EXP const heim_oid asn1_oid_id_x509_ce_basicConstraints; +#define ASN1_OID_ID_X509_CE_BASICCONSTRAINTS (&asn1_oid_id_x509_ce_basicConstraints) + +/* +BasicConstraints ::= SEQUENCE { + cA BOOLEAN OPTIONAL, + pathLenConstraint INTEGER (0..4294967295) OPTIONAL, +} +*/ + +typedef struct BasicConstraints { + int *cA; + unsigned int *pathLenConstraint; +} BasicConstraints; + +ASN1EXP int ASN1CALL decode_BasicConstraints(const unsigned char *, size_t, BasicConstraints *, size_t *); +ASN1EXP int ASN1CALL encode_BasicConstraints(unsigned char *, size_t, const BasicConstraints *, size_t *); +ASN1EXP size_t ASN1CALL length_BasicConstraints(const BasicConstraints *); +ASN1EXP int ASN1CALL copy_BasicConstraints (const BasicConstraints *, BasicConstraints *); +ASN1EXP void ASN1CALL free_BasicConstraints (BasicConstraints *); + + +/* OBJECT IDENTIFIER id-x509-ce-nameConstraints ::= { joint-iso-ccitt(2) ds(5) label-less(29) label-less(30) } */ +extern ASN1EXP const heim_oid asn1_oid_id_x509_ce_nameConstraints; +#define ASN1_OID_ID_X509_CE_NAMECONSTRAINTS (&asn1_oid_id_x509_ce_nameConstraints) + +/* +BaseDistance ::= INTEGER +*/ + +typedef heim_integer BaseDistance; + +ASN1EXP int ASN1CALL decode_BaseDistance(const unsigned char *, size_t, BaseDistance *, size_t *); +ASN1EXP int ASN1CALL encode_BaseDistance(unsigned char *, size_t, const BaseDistance *, size_t *); +ASN1EXP size_t ASN1CALL length_BaseDistance(const BaseDistance *); +ASN1EXP int ASN1CALL copy_BaseDistance (const BaseDistance *, BaseDistance *); +ASN1EXP void ASN1CALL free_BaseDistance (BaseDistance *); + + +/* +GeneralSubtree ::= SEQUENCE { + base GeneralName, + minimum [0] IMPLICIT INTEGER OPTIONAL, + maximum [1] IMPLICIT INTEGER OPTIONAL, +} +*/ + +typedef struct GeneralSubtree { + GeneralName base; + heim_integer *minimum; + heim_integer *maximum; +} GeneralSubtree; + +ASN1EXP int ASN1CALL decode_GeneralSubtree(const unsigned char *, size_t, GeneralSubtree *, size_t *); +ASN1EXP int ASN1CALL encode_GeneralSubtree(unsigned char *, size_t, const GeneralSubtree *, size_t *); +ASN1EXP size_t ASN1CALL length_GeneralSubtree(const GeneralSubtree *); +ASN1EXP int ASN1CALL copy_GeneralSubtree (const GeneralSubtree *, GeneralSubtree *); +ASN1EXP void ASN1CALL free_GeneralSubtree (GeneralSubtree *); + + +/* +GeneralSubtrees ::= SEQUENCE OF GeneralSubtree +*/ + +typedef struct GeneralSubtrees { + unsigned int len; + GeneralSubtree *val; +} GeneralSubtrees; + +ASN1EXP int ASN1CALL decode_GeneralSubtrees(const unsigned char *, size_t, GeneralSubtrees *, size_t *); +ASN1EXP int ASN1CALL encode_GeneralSubtrees(unsigned char *, size_t, const GeneralSubtrees *, size_t *); +ASN1EXP size_t ASN1CALL length_GeneralSubtrees(const GeneralSubtrees *); +ASN1EXP int ASN1CALL copy_GeneralSubtrees (const GeneralSubtrees *, GeneralSubtrees *); +ASN1EXP void ASN1CALL free_GeneralSubtrees (GeneralSubtrees *); + + +/* +NameConstraints ::= SEQUENCE { + permittedSubtrees [0] IMPLICIT SEQUENCE OF GeneralSubtree OPTIONAL, + excludedSubtrees [1] IMPLICIT SEQUENCE OF GeneralSubtree OPTIONAL, +} +*/ + +typedef struct NameConstraints { + struct NameConstraints_permittedSubtrees { + unsigned int len; + GeneralSubtree *val; + } *permittedSubtrees; + struct NameConstraints_excludedSubtrees { + unsigned int len; + GeneralSubtree *val; + } *excludedSubtrees; +} NameConstraints; + +ASN1EXP int ASN1CALL decode_NameConstraints(const unsigned char *, size_t, NameConstraints *, size_t *); +ASN1EXP int ASN1CALL encode_NameConstraints(unsigned char *, size_t, const NameConstraints *, size_t *); +ASN1EXP size_t ASN1CALL length_NameConstraints(const NameConstraints *); +ASN1EXP int ASN1CALL copy_NameConstraints (const NameConstraints *, NameConstraints *); +ASN1EXP void ASN1CALL free_NameConstraints (NameConstraints *); + + +/* OBJECT IDENTIFIER id-x509-ce-privateKeyUsagePeriod ::= { joint-iso-ccitt(2) ds(5) label-less(29) label-less(16) } */ +extern ASN1EXP const heim_oid asn1_oid_id_x509_ce_privateKeyUsagePeriod; +#define ASN1_OID_ID_X509_CE_PRIVATEKEYUSAGEPERIOD (&asn1_oid_id_x509_ce_privateKeyUsagePeriod) + +/* OBJECT IDENTIFIER id-x509-ce-certificatePolicies ::= { joint-iso-ccitt(2) ds(5) label-less(29) label-less(32) } */ +extern ASN1EXP const heim_oid asn1_oid_id_x509_ce_certificatePolicies; +#define ASN1_OID_ID_X509_CE_CERTIFICATEPOLICIES (&asn1_oid_id_x509_ce_certificatePolicies) + +/* OBJECT IDENTIFIER id-x509-ce-policyMappings ::= { joint-iso-ccitt(2) ds(5) label-less(29) label-less(33) } */ +extern ASN1EXP const heim_oid asn1_oid_id_x509_ce_policyMappings; +#define ASN1_OID_ID_X509_CE_POLICYMAPPINGS (&asn1_oid_id_x509_ce_policyMappings) + +/* OBJECT IDENTIFIER id-x509-ce-subjectAltName ::= { joint-iso-ccitt(2) ds(5) label-less(29) label-less(17) } */ +extern ASN1EXP const heim_oid asn1_oid_id_x509_ce_subjectAltName; +#define ASN1_OID_ID_X509_CE_SUBJECTALTNAME (&asn1_oid_id_x509_ce_subjectAltName) + +/* OBJECT IDENTIFIER id-x509-ce-issuerAltName ::= { joint-iso-ccitt(2) ds(5) label-less(29) label-less(18) } */ +extern ASN1EXP const heim_oid asn1_oid_id_x509_ce_issuerAltName; +#define ASN1_OID_ID_X509_CE_ISSUERALTNAME (&asn1_oid_id_x509_ce_issuerAltName) + +/* OBJECT IDENTIFIER id-x509-ce-subjectDirectoryAttributes ::= { joint-iso-ccitt(2) ds(5) label-less(29) label-less(9) } */ +extern ASN1EXP const heim_oid asn1_oid_id_x509_ce_subjectDirectoryAttributes; +#define ASN1_OID_ID_X509_CE_SUBJECTDIRECTORYATTRIBUTES (&asn1_oid_id_x509_ce_subjectDirectoryAttributes) + +/* OBJECT IDENTIFIER id-x509-ce-policyConstraints ::= { joint-iso-ccitt(2) ds(5) label-less(29) label-less(36) } */ +extern ASN1EXP const heim_oid asn1_oid_id_x509_ce_policyConstraints; +#define ASN1_OID_ID_X509_CE_POLICYCONSTRAINTS (&asn1_oid_id_x509_ce_policyConstraints) + +/* OBJECT IDENTIFIER id-x509-ce-extKeyUsage ::= { joint-iso-ccitt(2) ds(5) label-less(29) label-less(37) } */ +extern ASN1EXP const heim_oid asn1_oid_id_x509_ce_extKeyUsage; +#define ASN1_OID_ID_X509_CE_EXTKEYUSAGE (&asn1_oid_id_x509_ce_extKeyUsage) + +/* +ExtKeyUsage ::= SEQUENCE OF OBJECT IDENTIFIER +*/ + +typedef struct ExtKeyUsage { + unsigned int len; + heim_oid *val; +} ExtKeyUsage; + +ASN1EXP int ASN1CALL decode_ExtKeyUsage(const unsigned char *, size_t, ExtKeyUsage *, size_t *); +ASN1EXP int ASN1CALL encode_ExtKeyUsage(unsigned char *, size_t, const ExtKeyUsage *, size_t *); +ASN1EXP size_t ASN1CALL length_ExtKeyUsage(const ExtKeyUsage *); +ASN1EXP int ASN1CALL copy_ExtKeyUsage (const ExtKeyUsage *, ExtKeyUsage *); +ASN1EXP void ASN1CALL free_ExtKeyUsage (ExtKeyUsage *); + + +/* OBJECT IDENTIFIER id-x509-ce-cRLDistributionPoints ::= { joint-iso-ccitt(2) ds(5) label-less(29) label-less(31) } */ +extern ASN1EXP const heim_oid asn1_oid_id_x509_ce_cRLDistributionPoints; +#define ASN1_OID_ID_X509_CE_CRLDISTRIBUTIONPOINTS (&asn1_oid_id_x509_ce_cRLDistributionPoints) + +/* OBJECT IDENTIFIER id-x509-ce-deltaCRLIndicator ::= { joint-iso-ccitt(2) ds(5) label-less(29) label-less(27) } */ +extern ASN1EXP const heim_oid asn1_oid_id_x509_ce_deltaCRLIndicator; +#define ASN1_OID_ID_X509_CE_DELTACRLINDICATOR (&asn1_oid_id_x509_ce_deltaCRLIndicator) + +/* OBJECT IDENTIFIER id-x509-ce-issuingDistributionPoint ::= { joint-iso-ccitt(2) ds(5) label-less(29) label-less(28) } */ +extern ASN1EXP const heim_oid asn1_oid_id_x509_ce_issuingDistributionPoint; +#define ASN1_OID_ID_X509_CE_ISSUINGDISTRIBUTIONPOINT (&asn1_oid_id_x509_ce_issuingDistributionPoint) + +/* OBJECT IDENTIFIER id-x509-ce-holdInstructionCode ::= { joint-iso-ccitt(2) ds(5) label-less(29) label-less(23) } */ +extern ASN1EXP const heim_oid asn1_oid_id_x509_ce_holdInstructionCode; +#define ASN1_OID_ID_X509_CE_HOLDINSTRUCTIONCODE (&asn1_oid_id_x509_ce_holdInstructionCode) + +/* OBJECT IDENTIFIER id-x509-ce-invalidityDate ::= { joint-iso-ccitt(2) ds(5) label-less(29) label-less(24) } */ +extern ASN1EXP const heim_oid asn1_oid_id_x509_ce_invalidityDate; +#define ASN1_OID_ID_X509_CE_INVALIDITYDATE (&asn1_oid_id_x509_ce_invalidityDate) + +/* OBJECT IDENTIFIER id-x509-ce-certificateIssuer ::= { joint-iso-ccitt(2) ds(5) label-less(29) label-less(29) } */ +extern ASN1EXP const heim_oid asn1_oid_id_x509_ce_certificateIssuer; +#define ASN1_OID_ID_X509_CE_CERTIFICATEISSUER (&asn1_oid_id_x509_ce_certificateIssuer) + +/* OBJECT IDENTIFIER id-x509-ce-inhibitAnyPolicy ::= { joint-iso-ccitt(2) ds(5) label-less(29) label-less(54) } */ +extern ASN1EXP const heim_oid asn1_oid_id_x509_ce_inhibitAnyPolicy; +#define ASN1_OID_ID_X509_CE_INHIBITANYPOLICY (&asn1_oid_id_x509_ce_inhibitAnyPolicy) + +/* +DistributionPointReasonFlags ::= BIT STRING { + unused(0), + keyCompromise(1), + cACompromise(2), + affiliationChanged(3), + superseded(4), + cessationOfOperation(5), + certificateHold(6), + privilegeWithdrawn(7), + aACompromise(8) +} +*/ + +typedef struct DistributionPointReasonFlags { + unsigned int unused:1; + unsigned int keyCompromise:1; + unsigned int cACompromise:1; + unsigned int affiliationChanged:1; + unsigned int superseded:1; + unsigned int cessationOfOperation:1; + unsigned int certificateHold:1; + unsigned int privilegeWithdrawn:1; + unsigned int aACompromise:1; + unsigned int _unused9:1; + unsigned int _unused10:1; + unsigned int _unused11:1; + unsigned int _unused12:1; + unsigned int _unused13:1; + unsigned int _unused14:1; + unsigned int _unused15:1; + unsigned int _unused16:1; + unsigned int _unused17:1; + unsigned int _unused18:1; + unsigned int _unused19:1; + unsigned int _unused20:1; + unsigned int _unused21:1; + unsigned int _unused22:1; + unsigned int _unused23:1; + unsigned int _unused24:1; + unsigned int _unused25:1; + unsigned int _unused26:1; + unsigned int _unused27:1; + unsigned int _unused28:1; + unsigned int _unused29:1; + unsigned int _unused30:1; + unsigned int _unused31:1; +} DistributionPointReasonFlags; + + +unsigned DistributionPointReasonFlags2int(DistributionPointReasonFlags); +DistributionPointReasonFlags int2DistributionPointReasonFlags(unsigned); +const struct units * asn1_DistributionPointReasonFlags_units(void); +ASN1EXP int ASN1CALL decode_DistributionPointReasonFlags(const unsigned char *, size_t, DistributionPointReasonFlags *, size_t *); +ASN1EXP int ASN1CALL encode_DistributionPointReasonFlags(unsigned char *, size_t, const DistributionPointReasonFlags *, size_t *); +ASN1EXP size_t ASN1CALL length_DistributionPointReasonFlags(const DistributionPointReasonFlags *); +ASN1EXP int ASN1CALL copy_DistributionPointReasonFlags (const DistributionPointReasonFlags *, DistributionPointReasonFlags *); +ASN1EXP void ASN1CALL free_DistributionPointReasonFlags (DistributionPointReasonFlags *); + + +/* +DistributionPointName ::= CHOICE { + fullName [0] IMPLICIT SEQUENCE OF GeneralName, + nameRelativeToCRLIssuer [1] RelativeDistinguishedName, +} +*/ + +typedef struct DistributionPointName { + enum DistributionPointName_enum { + choice_DistributionPointName_fullName = 1, + choice_DistributionPointName_nameRelativeToCRLIssuer + } element; + union { + struct DistributionPointName_fullName { + unsigned int len; + GeneralName *val; + } fullName; + RelativeDistinguishedName nameRelativeToCRLIssuer; + } u; +} DistributionPointName; + +ASN1EXP int ASN1CALL decode_DistributionPointName(const unsigned char *, size_t, DistributionPointName *, size_t *); +ASN1EXP int ASN1CALL encode_DistributionPointName(unsigned char *, size_t, const DistributionPointName *, size_t *); +ASN1EXP size_t ASN1CALL length_DistributionPointName(const DistributionPointName *); +ASN1EXP int ASN1CALL copy_DistributionPointName (const DistributionPointName *, DistributionPointName *); +ASN1EXP void ASN1CALL free_DistributionPointName (DistributionPointName *); + + +/* +DistributionPoint ::= SEQUENCE { + distributionPoint [0] IMPLICIT heim_any OPTIONAL, + reasons [1] IMPLICIT heim_any OPTIONAL, + cRLIssuer [2] IMPLICIT heim_any OPTIONAL, +} +*/ + +typedef struct DistributionPoint { + heim_any *distributionPoint; + heim_any *reasons; + heim_any *cRLIssuer; +} DistributionPoint; + +ASN1EXP int ASN1CALL decode_DistributionPoint(const unsigned char *, size_t, DistributionPoint *, size_t *); +ASN1EXP int ASN1CALL encode_DistributionPoint(unsigned char *, size_t, const DistributionPoint *, size_t *); +ASN1EXP size_t ASN1CALL length_DistributionPoint(const DistributionPoint *); +ASN1EXP int ASN1CALL copy_DistributionPoint (const DistributionPoint *, DistributionPoint *); +ASN1EXP void ASN1CALL free_DistributionPoint (DistributionPoint *); + + +/* +CRLDistributionPoints ::= SEQUENCE OF DistributionPoint +*/ + +typedef struct CRLDistributionPoints { + unsigned int len; + DistributionPoint *val; +} CRLDistributionPoints; + +ASN1EXP int ASN1CALL add_CRLDistributionPoints (CRLDistributionPoints *, const DistributionPoint *); +ASN1EXP int ASN1CALL remove_CRLDistributionPoints (CRLDistributionPoints *, unsigned int); +ASN1EXP int ASN1CALL decode_CRLDistributionPoints(const unsigned char *, size_t, CRLDistributionPoints *, size_t *); +ASN1EXP int ASN1CALL encode_CRLDistributionPoints(unsigned char *, size_t, const CRLDistributionPoints *, size_t *); +ASN1EXP size_t ASN1CALL length_CRLDistributionPoints(const CRLDistributionPoints *); +ASN1EXP int ASN1CALL copy_CRLDistributionPoints (const CRLDistributionPoints *, CRLDistributionPoints *); +ASN1EXP void ASN1CALL free_CRLDistributionPoints (CRLDistributionPoints *); + + +/* +DSASigValue ::= SEQUENCE { + r INTEGER, + s INTEGER, +} +*/ + +typedef struct DSASigValue { + heim_integer r; + heim_integer s; +} DSASigValue; + +ASN1EXP int ASN1CALL decode_DSASigValue(const unsigned char *, size_t, DSASigValue *, size_t *); +ASN1EXP int ASN1CALL encode_DSASigValue(unsigned char *, size_t, const DSASigValue *, size_t *); +ASN1EXP size_t ASN1CALL length_DSASigValue(const DSASigValue *); +ASN1EXP int ASN1CALL copy_DSASigValue (const DSASigValue *, DSASigValue *); +ASN1EXP void ASN1CALL free_DSASigValue (DSASigValue *); + + +/* +DSAPublicKey ::= INTEGER +*/ + +typedef heim_integer DSAPublicKey; + +ASN1EXP int ASN1CALL decode_DSAPublicKey(const unsigned char *, size_t, DSAPublicKey *, size_t *); +ASN1EXP int ASN1CALL encode_DSAPublicKey(unsigned char *, size_t, const DSAPublicKey *, size_t *); +ASN1EXP size_t ASN1CALL length_DSAPublicKey(const DSAPublicKey *); +ASN1EXP int ASN1CALL copy_DSAPublicKey (const DSAPublicKey *, DSAPublicKey *); +ASN1EXP void ASN1CALL free_DSAPublicKey (DSAPublicKey *); + + +/* +DSAParams ::= SEQUENCE { + p INTEGER, + q INTEGER, + g INTEGER, +} +*/ + +typedef struct DSAParams { + heim_integer p; + heim_integer q; + heim_integer g; +} DSAParams; + +ASN1EXP int ASN1CALL decode_DSAParams(const unsigned char *, size_t, DSAParams *, size_t *); +ASN1EXP int ASN1CALL encode_DSAParams(unsigned char *, size_t, const DSAParams *, size_t *); +ASN1EXP size_t ASN1CALL length_DSAParams(const DSAParams *); +ASN1EXP int ASN1CALL copy_DSAParams (const DSAParams *, DSAParams *); +ASN1EXP void ASN1CALL free_DSAParams (DSAParams *); + + +/* +ECPoint ::= OCTET STRING +*/ + +typedef heim_octet_string ECPoint; + +ASN1EXP int ASN1CALL decode_ECPoint(const unsigned char *, size_t, ECPoint *, size_t *); +ASN1EXP int ASN1CALL encode_ECPoint(unsigned char *, size_t, const ECPoint *, size_t *); +ASN1EXP size_t ASN1CALL length_ECPoint(const ECPoint *); +ASN1EXP int ASN1CALL copy_ECPoint (const ECPoint *, ECPoint *); +ASN1EXP void ASN1CALL free_ECPoint (ECPoint *); + + +/* +ECParameters ::= CHOICE { + namedCurve OBJECT IDENTIFIER, +} +*/ + +typedef struct ECParameters { + enum ECParameters_enum { + choice_ECParameters_namedCurve = 1 + } element; + union { + heim_oid namedCurve; + } u; +} ECParameters; + +ASN1EXP int ASN1CALL decode_ECParameters(const unsigned char *, size_t, ECParameters *, size_t *); +ASN1EXP int ASN1CALL encode_ECParameters(unsigned char *, size_t, const ECParameters *, size_t *); +ASN1EXP size_t ASN1CALL length_ECParameters(const ECParameters *); +ASN1EXP int ASN1CALL copy_ECParameters (const ECParameters *, ECParameters *); +ASN1EXP void ASN1CALL free_ECParameters (ECParameters *); + + +/* +ECDSA-Sig-Value ::= SEQUENCE { + r INTEGER, + s INTEGER, +} +*/ + +typedef struct ECDSA_Sig_Value { + heim_integer r; + heim_integer s; +} ECDSA_Sig_Value; + +ASN1EXP int ASN1CALL decode_ECDSA_Sig_Value(const unsigned char *, size_t, ECDSA_Sig_Value *, size_t *); +ASN1EXP int ASN1CALL encode_ECDSA_Sig_Value(unsigned char *, size_t, const ECDSA_Sig_Value *, size_t *); +ASN1EXP size_t ASN1CALL length_ECDSA_Sig_Value(const ECDSA_Sig_Value *); +ASN1EXP int ASN1CALL copy_ECDSA_Sig_Value (const ECDSA_Sig_Value *, ECDSA_Sig_Value *); +ASN1EXP void ASN1CALL free_ECDSA_Sig_Value (ECDSA_Sig_Value *); + + +/* +RSAPublicKey ::= SEQUENCE { + modulus INTEGER, + publicExponent INTEGER, +} +*/ + +typedef struct RSAPublicKey { + heim_integer modulus; + heim_integer publicExponent; +} RSAPublicKey; + +ASN1EXP int ASN1CALL decode_RSAPublicKey(const unsigned char *, size_t, RSAPublicKey *, size_t *); +ASN1EXP int ASN1CALL encode_RSAPublicKey(unsigned char *, size_t, const RSAPublicKey *, size_t *); +ASN1EXP size_t ASN1CALL length_RSAPublicKey(const RSAPublicKey *); +ASN1EXP int ASN1CALL copy_RSAPublicKey (const RSAPublicKey *, RSAPublicKey *); +ASN1EXP void ASN1CALL free_RSAPublicKey (RSAPublicKey *); + + +/* +RSAPrivateKey ::= SEQUENCE { + version INTEGER (0..4294967295), + modulus INTEGER, + publicExponent INTEGER, + privateExponent INTEGER, + prime1 INTEGER, + prime2 INTEGER, + exponent1 INTEGER, + exponent2 INTEGER, + coefficient INTEGER, +} +*/ + +typedef struct RSAPrivateKey { + unsigned int version; + heim_integer modulus; + heim_integer publicExponent; + heim_integer privateExponent; + heim_integer prime1; + heim_integer prime2; + heim_integer exponent1; + heim_integer exponent2; + heim_integer coefficient; +} RSAPrivateKey; + +ASN1EXP int ASN1CALL decode_RSAPrivateKey(const unsigned char *, size_t, RSAPrivateKey *, size_t *); +ASN1EXP int ASN1CALL encode_RSAPrivateKey(unsigned char *, size_t, const RSAPrivateKey *, size_t *); +ASN1EXP size_t ASN1CALL length_RSAPrivateKey(const RSAPrivateKey *); +ASN1EXP int ASN1CALL copy_RSAPrivateKey (const RSAPrivateKey *, RSAPrivateKey *); +ASN1EXP void ASN1CALL free_RSAPrivateKey (RSAPrivateKey *); + + +/* +DigestInfo ::= SEQUENCE { + digestAlgorithm AlgorithmIdentifier, + digest OCTET STRING, +} +*/ + +typedef struct DigestInfo { + AlgorithmIdentifier digestAlgorithm; + heim_octet_string digest; +} DigestInfo; + +ASN1EXP int ASN1CALL decode_DigestInfo(const unsigned char *, size_t, DigestInfo *, size_t *); +ASN1EXP int ASN1CALL encode_DigestInfo(unsigned char *, size_t, const DigestInfo *, size_t *); +ASN1EXP size_t ASN1CALL length_DigestInfo(const DigestInfo *); +ASN1EXP int ASN1CALL copy_DigestInfo (const DigestInfo *, DigestInfo *); +ASN1EXP void ASN1CALL free_DigestInfo (DigestInfo *); + + +/* +TBSCRLCertList ::= SEQUENCE { + version Version OPTIONAL, + signature AlgorithmIdentifier, + issuer Name, + thisUpdate Time, + nextUpdate Time OPTIONAL, + revokedCertificates SEQUENCE OF SEQUENCE { + userCertificate CertificateSerialNumber, + revocationDate Time, + crlEntryExtensions Extensions OPTIONAL, +} OPTIONAL, + crlExtensions [0] Extensions OPTIONAL, +} +*/ + +typedef struct TBSCRLCertList { + heim_octet_string _save; + Version *version; + AlgorithmIdentifier signature; + Name issuer; + Time thisUpdate; + Time *nextUpdate; + struct TBSCRLCertList_revokedCertificates { + unsigned int len; + struct TBSCRLCertList_revokedCertificates_val { + CertificateSerialNumber userCertificate; + Time revocationDate; + Extensions *crlEntryExtensions; + } *val; + } *revokedCertificates; + Extensions *crlExtensions; +} TBSCRLCertList; + +ASN1EXP int ASN1CALL decode_TBSCRLCertList(const unsigned char *, size_t, TBSCRLCertList *, size_t *); +ASN1EXP int ASN1CALL encode_TBSCRLCertList(unsigned char *, size_t, const TBSCRLCertList *, size_t *); +ASN1EXP size_t ASN1CALL length_TBSCRLCertList(const TBSCRLCertList *); +ASN1EXP int ASN1CALL copy_TBSCRLCertList (const TBSCRLCertList *, TBSCRLCertList *); +ASN1EXP void ASN1CALL free_TBSCRLCertList (TBSCRLCertList *); + + +/* +CRLCertificateList ::= SEQUENCE { + tbsCertList TBSCRLCertList, + signatureAlgorithm AlgorithmIdentifier, + signatureValue BIT STRING { + }, +} +*/ + +typedef struct CRLCertificateList { + TBSCRLCertList tbsCertList; + AlgorithmIdentifier signatureAlgorithm; + heim_bit_string signatureValue; +} CRLCertificateList; + +ASN1EXP int ASN1CALL decode_CRLCertificateList(const unsigned char *, size_t, CRLCertificateList *, size_t *); +ASN1EXP int ASN1CALL encode_CRLCertificateList(unsigned char *, size_t, const CRLCertificateList *, size_t *); +ASN1EXP size_t ASN1CALL length_CRLCertificateList(const CRLCertificateList *); +ASN1EXP int ASN1CALL copy_CRLCertificateList (const CRLCertificateList *, CRLCertificateList *); +ASN1EXP void ASN1CALL free_CRLCertificateList (CRLCertificateList *); + + +/* OBJECT IDENTIFIER id-x509-ce-cRLNumber ::= { joint-iso-ccitt(2) ds(5) label-less(29) label-less(20) } */ +extern ASN1EXP const heim_oid asn1_oid_id_x509_ce_cRLNumber; +#define ASN1_OID_ID_X509_CE_CRLNUMBER (&asn1_oid_id_x509_ce_cRLNumber) + +/* OBJECT IDENTIFIER id-x509-ce-freshestCRL ::= { joint-iso-ccitt(2) ds(5) label-less(29) label-less(46) } */ +extern ASN1EXP const heim_oid asn1_oid_id_x509_ce_freshestCRL; +#define ASN1_OID_ID_X509_CE_FRESHESTCRL (&asn1_oid_id_x509_ce_freshestCRL) + +/* OBJECT IDENTIFIER id-x509-ce-cRLReason ::= { joint-iso-ccitt(2) ds(5) label-less(29) label-less(21) } */ +extern ASN1EXP const heim_oid asn1_oid_id_x509_ce_cRLReason; +#define ASN1_OID_ID_X509_CE_CRLREASON (&asn1_oid_id_x509_ce_cRLReason) + +/* +CRLReason ::= INTEGER { + unspecified(0), + keyCompromise(1), + cACompromise(2), + affiliationChanged(3), + superseded(4), + cessationOfOperation(5), + certificateHold(6), + removeFromCRL(8), + privilegeWithdrawn(9), + aACompromise(10) +} +*/ + +typedef enum CRLReason { + unspecified = 0, + keyCompromise = 1, + cACompromise = 2, + affiliationChanged = 3, + superseded = 4, + cessationOfOperation = 5, + certificateHold = 6, + removeFromCRL = 8, + privilegeWithdrawn = 9, + aACompromise = 10 +} CRLReason; + +ASN1EXP int ASN1CALL decode_CRLReason(const unsigned char *, size_t, CRLReason *, size_t *); +ASN1EXP int ASN1CALL encode_CRLReason(unsigned char *, size_t, const CRLReason *, size_t *); +ASN1EXP size_t ASN1CALL length_CRLReason(const CRLReason *); +ASN1EXP int ASN1CALL copy_CRLReason (const CRLReason *, CRLReason *); +ASN1EXP void ASN1CALL free_CRLReason (CRLReason *); + + +/* +PKIXXmppAddr ::= UTF8String +*/ + +typedef heim_utf8_string PKIXXmppAddr; + +ASN1EXP int ASN1CALL decode_PKIXXmppAddr(const unsigned char *, size_t, PKIXXmppAddr *, size_t *); +ASN1EXP int ASN1CALL encode_PKIXXmppAddr(unsigned char *, size_t, const PKIXXmppAddr *, size_t *); +ASN1EXP size_t ASN1CALL length_PKIXXmppAddr(const PKIXXmppAddr *); +ASN1EXP int ASN1CALL copy_PKIXXmppAddr (const PKIXXmppAddr *, PKIXXmppAddr *); +ASN1EXP void ASN1CALL free_PKIXXmppAddr (PKIXXmppAddr *); + + +/* OBJECT IDENTIFIER id-pkix ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkix; +#define ASN1_OID_ID_PKIX (&asn1_oid_id_pkix) + +/* OBJECT IDENTIFIER id-pkix-on ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) label-less(8) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkix_on; +#define ASN1_OID_ID_PKIX_ON (&asn1_oid_id_pkix_on) + +/* OBJECT IDENTIFIER id-pkix-on-xmppAddr ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) label-less(8) label-less(5) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkix_on_xmppAddr; +#define ASN1_OID_ID_PKIX_ON_XMPPADDR (&asn1_oid_id_pkix_on_xmppAddr) + +/* OBJECT IDENTIFIER id-pkix-on-dnsSRV ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) label-less(8) label-less(7) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkix_on_dnsSRV; +#define ASN1_OID_ID_PKIX_ON_DNSSRV (&asn1_oid_id_pkix_on_dnsSRV) + +/* OBJECT IDENTIFIER id-pkix-kp ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) label-less(3) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkix_kp; +#define ASN1_OID_ID_PKIX_KP (&asn1_oid_id_pkix_kp) + +/* OBJECT IDENTIFIER id-pkix-kp-serverAuth ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) label-less(3) label-less(1) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkix_kp_serverAuth; +#define ASN1_OID_ID_PKIX_KP_SERVERAUTH (&asn1_oid_id_pkix_kp_serverAuth) + +/* OBJECT IDENTIFIER id-pkix-kp-clientAuth ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) label-less(3) label-less(2) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkix_kp_clientAuth; +#define ASN1_OID_ID_PKIX_KP_CLIENTAUTH (&asn1_oid_id_pkix_kp_clientAuth) + +/* OBJECT IDENTIFIER id-pkix-kp-emailProtection ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) label-less(3) label-less(4) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkix_kp_emailProtection; +#define ASN1_OID_ID_PKIX_KP_EMAILPROTECTION (&asn1_oid_id_pkix_kp_emailProtection) + +/* OBJECT IDENTIFIER id-pkix-kp-timeStamping ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) label-less(3) label-less(8) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkix_kp_timeStamping; +#define ASN1_OID_ID_PKIX_KP_TIMESTAMPING (&asn1_oid_id_pkix_kp_timeStamping) + +/* OBJECT IDENTIFIER id-pkix-kp-OCSPSigning ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) label-less(3) label-less(9) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkix_kp_OCSPSigning; +#define ASN1_OID_ID_PKIX_KP_OCSPSIGNING (&asn1_oid_id_pkix_kp_OCSPSigning) + +/* OBJECT IDENTIFIER id-pkix-pe ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) label-less(1) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkix_pe; +#define ASN1_OID_ID_PKIX_PE (&asn1_oid_id_pkix_pe) + +/* OBJECT IDENTIFIER id-pkix-pe-authorityInfoAccess ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) label-less(1) label-less(1) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkix_pe_authorityInfoAccess; +#define ASN1_OID_ID_PKIX_PE_AUTHORITYINFOACCESS (&asn1_oid_id_pkix_pe_authorityInfoAccess) + +/* +AccessDescription ::= SEQUENCE { + accessMethod OBJECT IDENTIFIER, + accessLocation GeneralName, +} +*/ + +typedef struct AccessDescription { + heim_oid accessMethod; + GeneralName accessLocation; +} AccessDescription; + +ASN1EXP int ASN1CALL decode_AccessDescription(const unsigned char *, size_t, AccessDescription *, size_t *); +ASN1EXP int ASN1CALL encode_AccessDescription(unsigned char *, size_t, const AccessDescription *, size_t *); +ASN1EXP size_t ASN1CALL length_AccessDescription(const AccessDescription *); +ASN1EXP int ASN1CALL copy_AccessDescription (const AccessDescription *, AccessDescription *); +ASN1EXP void ASN1CALL free_AccessDescription (AccessDescription *); + + +/* +AuthorityInfoAccessSyntax ::= SEQUENCE OF AccessDescription +*/ + +typedef struct AuthorityInfoAccessSyntax { + unsigned int len; + AccessDescription *val; +} AuthorityInfoAccessSyntax; + +ASN1EXP int ASN1CALL decode_AuthorityInfoAccessSyntax(const unsigned char *, size_t, AuthorityInfoAccessSyntax *, size_t *); +ASN1EXP int ASN1CALL encode_AuthorityInfoAccessSyntax(unsigned char *, size_t, const AuthorityInfoAccessSyntax *, size_t *); +ASN1EXP size_t ASN1CALL length_AuthorityInfoAccessSyntax(const AuthorityInfoAccessSyntax *); +ASN1EXP int ASN1CALL copy_AuthorityInfoAccessSyntax (const AuthorityInfoAccessSyntax *, AuthorityInfoAccessSyntax *); +ASN1EXP void ASN1CALL free_AuthorityInfoAccessSyntax (AuthorityInfoAccessSyntax *); + + +/* OBJECT IDENTIFIER id-pkix-pe-proxyCertInfo ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) label-less(1) label-less(14) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkix_pe_proxyCertInfo; +#define ASN1_OID_ID_PKIX_PE_PROXYCERTINFO (&asn1_oid_id_pkix_pe_proxyCertInfo) + +/* OBJECT IDENTIFIER id-pkix-ppl ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) label-less(21) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkix_ppl; +#define ASN1_OID_ID_PKIX_PPL (&asn1_oid_id_pkix_ppl) + +/* OBJECT IDENTIFIER id-pkix-ppl-anyLanguage ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) label-less(21) label-less(0) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkix_ppl_anyLanguage; +#define ASN1_OID_ID_PKIX_PPL_ANYLANGUAGE (&asn1_oid_id_pkix_ppl_anyLanguage) + +/* OBJECT IDENTIFIER id-pkix-ppl-inheritAll ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) label-less(21) label-less(1) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkix_ppl_inheritAll; +#define ASN1_OID_ID_PKIX_PPL_INHERITALL (&asn1_oid_id_pkix_ppl_inheritAll) + +/* OBJECT IDENTIFIER id-pkix-ppl-independent ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) label-less(21) label-less(2) } */ +extern ASN1EXP const heim_oid asn1_oid_id_pkix_ppl_independent; +#define ASN1_OID_ID_PKIX_PPL_INDEPENDENT (&asn1_oid_id_pkix_ppl_independent) + +/* +ProxyPolicy ::= SEQUENCE { + policyLanguage OBJECT IDENTIFIER, + policy OCTET STRING OPTIONAL, +} +*/ + +typedef struct ProxyPolicy { + heim_oid policyLanguage; + heim_octet_string *policy; +} ProxyPolicy; + +ASN1EXP int ASN1CALL decode_ProxyPolicy(const unsigned char *, size_t, ProxyPolicy *, size_t *); +ASN1EXP int ASN1CALL encode_ProxyPolicy(unsigned char *, size_t, const ProxyPolicy *, size_t *); +ASN1EXP size_t ASN1CALL length_ProxyPolicy(const ProxyPolicy *); +ASN1EXP int ASN1CALL copy_ProxyPolicy (const ProxyPolicy *, ProxyPolicy *); +ASN1EXP void ASN1CALL free_ProxyPolicy (ProxyPolicy *); + + +/* +ProxyCertInfo ::= SEQUENCE { + pCPathLenConstraint INTEGER (0..4294967295) OPTIONAL, + proxyPolicy ProxyPolicy, +} +*/ + +typedef struct ProxyCertInfo { + unsigned int *pCPathLenConstraint; + ProxyPolicy proxyPolicy; +} ProxyCertInfo; + +ASN1EXP int ASN1CALL decode_ProxyCertInfo(const unsigned char *, size_t, ProxyCertInfo *, size_t *); +ASN1EXP int ASN1CALL encode_ProxyCertInfo(unsigned char *, size_t, const ProxyCertInfo *, size_t *); +ASN1EXP size_t ASN1CALL length_ProxyCertInfo(const ProxyCertInfo *); +ASN1EXP int ASN1CALL copy_ProxyCertInfo (const ProxyCertInfo *, ProxyCertInfo *); +ASN1EXP void ASN1CALL free_ProxyCertInfo (ProxyCertInfo *); + + +/* OBJECT IDENTIFIER id-uspkicommon-card-id ::= { label-less(2) label-less(16) label-less(840) label-less(1) label-less(101) label-less(3) label-less(6) label-less(6) } */ +extern ASN1EXP const heim_oid asn1_oid_id_uspkicommon_card_id; +#define ASN1_OID_ID_USPKICOMMON_CARD_ID (&asn1_oid_id_uspkicommon_card_id) + +/* OBJECT IDENTIFIER id-uspkicommon-piv-interim ::= { label-less(2) label-less(16) label-less(840) label-less(1) label-less(101) label-less(3) label-less(6) label-less(9) label-less(1) } */ +extern ASN1EXP const heim_oid asn1_oid_id_uspkicommon_piv_interim; +#define ASN1_OID_ID_USPKICOMMON_PIV_INTERIM (&asn1_oid_id_uspkicommon_piv_interim) + +/* OBJECT IDENTIFIER id-netscape ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) } */ +extern ASN1EXP const heim_oid asn1_oid_id_netscape; +#define ASN1_OID_ID_NETSCAPE (&asn1_oid_id_netscape) + +/* OBJECT IDENTIFIER id-netscape-cert-comment ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) label-less(1) label-less(13) } */ +extern ASN1EXP const heim_oid asn1_oid_id_netscape_cert_comment; +#define ASN1_OID_ID_NETSCAPE_CERT_COMMENT (&asn1_oid_id_netscape_cert_comment) + +/* OBJECT IDENTIFIER id-ms-cert-enroll-domaincontroller ::= { label-less(1) label-less(3) label-less(6) label-less(1) label-less(4) label-less(1) label-less(311) label-less(20) label-less(2) } */ +extern ASN1EXP const heim_oid asn1_oid_id_ms_cert_enroll_domaincontroller; +#define ASN1_OID_ID_MS_CERT_ENROLL_DOMAINCONTROLLER (&asn1_oid_id_ms_cert_enroll_domaincontroller) + +/* OBJECT IDENTIFIER id-ms-client-authentication ::= { label-less(1) label-less(3) label-less(6) label-less(1) label-less(5) label-less(5) label-less(7) label-less(3) label-less(2) } */ +extern ASN1EXP const heim_oid asn1_oid_id_ms_client_authentication; +#define ASN1_OID_ID_MS_CLIENT_AUTHENTICATION (&asn1_oid_id_ms_client_authentication) + +#endif /* __rfc2459_asn1_h__ */ diff --git a/kerberos5/include/roken-common.h b/kerberos5/include/roken-common.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/roken-common.h @@ -0,0 +1,522 @@ +/* + * Copyright (c) 1995 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef __ROKEN_COMMON_H__ +#define __ROKEN_COMMON_H__ + +#ifndef ROKEN_LIB_FUNCTION +#ifdef _WIN32 +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl +#else +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL +#endif +#endif + +#ifdef __cplusplus +#define ROKEN_CPP_START extern "C" { +#define ROKEN_CPP_END } +#else +#define ROKEN_CPP_START +#define ROKEN_CPP_END +#endif + +#ifndef INADDR_NONE +#define INADDR_NONE 0xffffffff +#endif + +#ifndef INADDR_LOOPBACK +#define INADDR_LOOPBACK 0x7f000001 +#endif + +#ifndef SOMAXCONN +#define SOMAXCONN 5 +#endif + +#ifndef STDIN_FILENO +#define STDIN_FILENO 0 +#endif + +#ifndef STDOUT_FILENO +#define STDOUT_FILENO 1 +#endif + +#ifndef STDERR_FILENO +#define STDERR_FILENO 2 +#endif + +#ifndef max +#define max(a,b) (((a)>(b))?(a):(b)) +#endif + +#ifndef min +#define min(a,b) (((a)<(b))?(a):(b)) +#endif + +#ifndef TRUE +#define TRUE 1 +#endif + +#ifndef FALSE +#define FALSE 0 +#endif + +#ifndef LOG_DAEMON +#define openlog(id,option,facility) openlog((id),(option)) +#define LOG_DAEMON 0 +#endif +#ifndef LOG_ODELAY +#define LOG_ODELAY 0 +#endif +#ifndef LOG_NDELAY +#define LOG_NDELAY 0x08 +#endif +#ifndef LOG_CONS +#define LOG_CONS 0 +#endif +#ifndef LOG_AUTH +#define LOG_AUTH 0 +#endif +#ifndef LOG_AUTHPRIV +#define LOG_AUTHPRIV LOG_AUTH +#endif + +#ifndef F_OK +#define F_OK 0 +#endif + +#ifndef O_ACCMODE +#define O_ACCMODE 003 +#endif + +#ifndef O_NOFOLLOW +#define O_NOFOLLOW 0 +#endif + +#ifdef _WIN32 + +#define _PATH_DEVNULL "\\\\.\\NUL" + +#else + +#ifndef _PATH_DEV +#define _PATH_DEV "/dev/" +#endif + +#ifndef _PATH_DEVNULL +#define _PATH_DEVNULL "/dev/null" +#endif + +#ifndef _PATH_HEQUIV +#define _PATH_HEQUIV "/etc/hosts.equiv" +#endif + +#ifndef _PATH_VARRUN +#define _PATH_VARRUN "/var/run/" +#endif + +#ifndef _PATH_BSHELL +#define _PATH_BSHELL "/bin/sh" +#endif + +#ifndef MAXPATHLEN +#define MAXPATHLEN (1024+4) +#endif + +#endif /* !_WIN32 */ + +#ifndef PATH_MAX +#ifdef MAX_PATH +#define PATH_MAX MAX_PATH +#else +#define PATH_MAX 4096 +#endif +#endif + +#ifndef RETSIGTYPE +#define RETSIGTYPE void +#endif + +#ifndef SIG_ERR +#define SIG_ERR ((RETSIGTYPE (*)(int))-1) +#endif + +/* + * error code for getipnodeby{name,addr} + */ + +#ifndef HOST_NOT_FOUND +#define HOST_NOT_FOUND 1 +#endif + +#ifndef TRY_AGAIN +#define TRY_AGAIN 2 +#endif + +#ifndef NO_RECOVERY +#define NO_RECOVERY 3 +#endif + +#ifndef NO_DATA +#define NO_DATA 4 +#endif + +#ifndef NO_ADDRESS +#define NO_ADDRESS NO_DATA +#endif + +/* + * error code for getaddrinfo + */ + +#ifndef EAI_NOERROR +#define EAI_NOERROR 0 /* no error */ +#endif + +#ifndef EAI_NONAME + +#define EAI_ADDRFAMILY 1 /* address family for nodename not supported */ +#define EAI_AGAIN 2 /* temporary failure in name resolution */ +#define EAI_BADFLAGS 3 /* invalid value for ai_flags */ +#define EAI_FAIL 4 /* non-recoverable failure in name resolution */ +#define EAI_FAMILY 5 /* ai_family not supported */ +#define EAI_MEMORY 6 /* memory allocation failure */ +#define EAI_NODATA 7 /* no address associated with nodename */ +#define EAI_NONAME 8 /* nodename nor servname provided, or not known */ +#define EAI_SERVICE 9 /* servname not supported for ai_socktype */ +#define EAI_SOCKTYPE 10 /* ai_socktype not supported */ +#define EAI_SYSTEM 11 /* system error returned in errno */ + +#endif /* EAI_NONAME */ + +/* flags for getaddrinfo() */ + +#ifndef AI_PASSIVE +#define AI_PASSIVE 0x01 +#define AI_CANONNAME 0x02 +#endif /* AI_PASSIVE */ + +#ifndef AI_NUMERICHOST +#define AI_NUMERICHOST 0x04 +#endif + +#ifndef AI_NUMERICSERV +#define AI_NUMERICSERV 0x08 +#endif + +/* flags for getnameinfo() */ + +#ifndef NI_DGRAM +#define NI_DGRAM 0x01 +#define NI_NAMEREQD 0x02 +#define NI_NOFQDN 0x04 +#define NI_NUMERICHOST 0x08 +#define NI_NUMERICSERV 0x10 +#endif + +/* + * constants for getnameinfo + */ + +#ifndef NI_MAXHOST +#define NI_MAXHOST 1025 +#define NI_MAXSERV 32 +#endif + +/* + * constants for inet_ntop + */ + +#ifndef INET_ADDRSTRLEN +#define INET_ADDRSTRLEN 16 +#endif + +#ifndef INET6_ADDRSTRLEN +#define INET6_ADDRSTRLEN 46 +#endif + +/* + * for shutdown(2) + */ + +#ifndef SHUT_RD +#define SHUT_RD 0 +#endif + +#ifndef SHUT_WR +#define SHUT_WR 1 +#endif + +#ifndef SHUT_RDWR +#define SHUT_RDWR 2 +#endif + +#ifndef HAVE___ATTRIBUTE__ +#define __attribute__(x) +#endif + +ROKEN_CPP_START + +#ifndef IRIX4 /* fix for compiler bug */ +#ifndef _WIN32 +#ifdef RETSIGTYPE +typedef RETSIGTYPE (*SigAction)(int); +SigAction signal(int iSig, SigAction pAction); /* BSD compatible */ +#endif +#endif +#endif + +#define SE_E_UNSPECIFIED (-1) +#define SE_E_FORKFAILED (-2) +#define SE_E_WAITPIDFAILED (-3) +#define SE_E_EXECTIMEOUT (-4) +#define SE_E_NOEXEC 126 +#define SE_E_NOTFOUND 127 + +#define SE_PROCSTATUS(st) (((st) >= 0 && (st) < 126)? st: -1) +#define SE_PROCSIGNAL(st) (((st) >= 128)? (st) - 128: -1) +#define SE_IS_ERROR(st) ((st) < 0 || (st) >= 126) + + +#define simple_execve rk_simple_execve +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +simple_execve(const char*, char*const[], char*const[]); + +#define simple_execve_timed rk_simple_execve_timed +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +simple_execve_timed(const char *, char *const[], + char *const [], time_t (*)(void *), + void *, time_t); + +#define simple_execvp rk_simple_execvp +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +simple_execvp(const char*, char *const[]); + +#define simple_execvp_timed rk_simple_execvp_timed +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +simple_execvp_timed(const char *, char *const[], + time_t (*)(void *), void *, time_t); + +#define simple_execlp rk_simple_execlp +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +simple_execlp(const char*, ...); + +#define simple_execle rk_simple_execle +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +simple_execle(const char*, ...); + +#define wait_for_process rk_wait_for_process +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +wait_for_process(pid_t); + +#define wait_for_process_timed rk_wait_for_process_timed +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +wait_for_process_timed(pid_t, time_t (*)(void *), + void *, time_t); + +#define pipe_execv rk_pipe_execv +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +pipe_execv(FILE**, FILE**, FILE**, const char*, ...); + +#define print_version rk_print_version +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +print_version(const char *); + +#define eread rk_eread +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL +eread (int fd, void *buf, size_t nbytes); + +#define ewrite rk_ewrite +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL +ewrite (int fd, const void *buf, size_t nbytes); + +struct hostent; + +#define hostent_find_fqdn rk_hostent_find_fqdn +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL +hostent_find_fqdn (const struct hostent *); + +#define esetenv rk_esetenv +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +esetenv(const char *, const char *, int); + +#define socket_set_address_and_port rk_socket_set_address_and_port +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_address_and_port (struct sockaddr *, const void *, int); + +#define socket_addr_size rk_socket_addr_size +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL +socket_addr_size (const struct sockaddr *); + +#define socket_set_any rk_socket_set_any +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_any (struct sockaddr *, int); + +#define socket_sockaddr_size rk_socket_sockaddr_size +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL +socket_sockaddr_size (const struct sockaddr *); + +#define socket_get_address rk_socket_get_address +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL +socket_get_address (const struct sockaddr *); + +#define socket_get_port rk_socket_get_port +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +socket_get_port (const struct sockaddr *); + +#define socket_set_port rk_socket_set_port +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_port (struct sockaddr *, int); + +#define socket_set_portrange rk_socket_set_portrange +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_portrange (rk_socket_t, int, int); + +#define socket_set_debug rk_socket_set_debug +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_debug (rk_socket_t); + +#define socket_set_tos rk_socket_set_tos +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_tos (rk_socket_t, int); + +#define socket_set_nonblocking rk_socket_set_nonblocking +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_nonblocking(rk_socket_t, int); + +#define socket_set_reuseaddr rk_socket_set_reuseaddr +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_reuseaddr (rk_socket_t, int); + +#define socket_set_ipv6only rk_socket_set_ipv6only +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_ipv6only (rk_socket_t, int); + +#define socket_to_fd rk_socket_to_fd +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +socket_to_fd(rk_socket_t, int); + +#define vstrcollect rk_vstrcollect +ROKEN_LIB_FUNCTION char ** ROKEN_LIB_CALL +vstrcollect(va_list *ap); + +#define strcollect rk_strcollect +ROKEN_LIB_FUNCTION char ** ROKEN_LIB_CALL +strcollect(char *first, ...); + +#define timevalfix rk_timevalfix +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +timevalfix(struct timeval *t1); + +#define timevaladd rk_timevaladd +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +timevaladd(struct timeval *t1, const struct timeval *t2); + +#define timevalsub rk_timevalsub +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +timevalsub(struct timeval *t1, const struct timeval *t2); + +#define pid_file_write rk_pid_file_write +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL +pid_file_write (const char *progname); + +#define pid_file_delete rk_pid_file_delete +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +pid_file_delete (char **); + +#define read_environment rk_read_environment +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +read_environment(const char *file, char ***env); + +#define free_environment rk_free_environment +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +free_environment(char **); + +#define warnerr rk_warnerr +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +rk_warnerr(int doerrno, const char *fmt, va_list ap) + __attribute__ ((__format__ (__printf__, 2, 0))); + +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL +rk_realloc(void *, size_t); + +struct rk_strpool; + +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL +rk_strpoolcollect(struct rk_strpool *); + +ROKEN_LIB_FUNCTION struct rk_strpool * ROKEN_LIB_CALL +rk_strpoolprintf(struct rk_strpool *, const char *, ...) + __attribute__ ((__format__ (__printf__, 2, 3))); + +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +rk_strpoolfree(struct rk_strpool *); + +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +rk_dumpdata (const char *, const void *, size_t); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rk_undumpdata (const char *, void **, size_t *); + +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +rk_xfree (void *); + +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +rk_cloexec(int); + +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +rk_cloexec_file(FILE *); + +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +rk_cloexec_dir(DIR *); + +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +rk_cloexec_socket(rk_socket_t); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +ct_memcmp(const volatile void * volatile, + const volatile void * volatile, + size_t); + +void ROKEN_LIB_FUNCTION +rk_random_init(void); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rk_mkdir(const char *, mode_t); + +ROKEN_CPP_END + +#endif /* __ROKEN_COMMON_H__ */ diff --git a/kerberos5/include/roken.h b/kerberos5/include/roken.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/roken.h @@ -0,0 +1,319 @@ +/* This is an OS dependent, generated file */ + + +#ifndef __ROKEN_H__ +#define __ROKEN_H__ + +/* -*- C -*- */ +/* + * Copyright (c) 1995-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + + +#include +#include +#include +#include +#include +#include +#include + + + +typedef int rk_socket_t; + +#define rk_closesocket(x) close(x) +#define rk_SOCK_IOCTL(s,c,a) ioctl((s),(c),(a)) +#define rk_IS_BAD_SOCKET(s) ((s) < 0) +#define rk_IS_SOCKET_ERROR(rv) ((rv) < 0) +#define rk_SOCK_ERRNO errno +#define rk_INVALID_SOCKET (-1) + +#define rk_SOCK_INIT() 0 +#define rk_SOCK_EXIT() do { } while(0) + + +#define IN_LOOPBACKNET 127 + + +#define UNREACHABLE(x) +#define UNUSED_ARGUMENT(x) + + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include + + + + +#include + +ROKEN_CPP_START + +#define rk_UNCONST(x) ((void *)(uintptr_t)(const void *)(x)) + + + + + + + + + + + + +#define asnprintf rk_asnprintf +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL + rk_asnprintf (char **, size_t, const char *, ...) + __attribute__ ((__format__ (__printf__, 3, 4))); + +#define vasnprintf rk_vasnprintf +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL + vasnprintf (char **, size_t, const char *, va_list) + __attribute__ ((__format__ (__printf__, 3, 0))); + + + +#define strlwr rk_strlwr +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strlwr(char *); + + + +#define strsep_copy rk_strsep_copy +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL strsep_copy(const char**, const char*, char*, size_t); + + + + +#define strupr rk_strupr +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strupr(char *); + + + + + +#define rk_strerror_r strerror_r + + + + + + + +#include +ROKEN_LIB_FUNCTION struct passwd * ROKEN_LIB_CALL k_getpwnam (const char *); +ROKEN_LIB_FUNCTION struct passwd * ROKEN_LIB_CALL k_getpwuid (uid_t); + +#define rk_getpwnam_r(_n, _pw, _b, _sz, _pwd) getpwnam_r(_n, _pw, _b, _sz, _pwd) + +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL get_default_username (void); + + + + + + + + +#define rk_rename(__rk_rn_from,__rk_rn_to) rename(__rk_rn_from,__rk_rn_to) + +#define rk_mkdir(__rk_rn_name, __rk_rn_mode) mkdir(__rk_rn_name,__rk_rn_mode) + + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL daemon(int, int); + + + + + + + + +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rk_pidfile (const char*); + +#define bswap64 rk_bswap64 +ROKEN_LIB_FUNCTION uint64_t ROKEN_LIB_CALL bswap64(uint64_t); + +#define bswap32 rk_bswap32 +ROKEN_LIB_FUNCTION unsigned int ROKEN_LIB_CALL bswap32(unsigned int); + +#define bswap16 rk_bswap16 +ROKEN_LIB_FUNCTION unsigned short ROKEN_LIB_CALL bswap16(unsigned short); + + + +ROKEN_LIB_FUNCTION time_t ROKEN_LIB_CALL tm2time (struct tm, int); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL unix_verify_user(char *, char *); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL roken_concat (char *, size_t, ...); + +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL roken_mconcat (char **, size_t, ...); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL roken_vconcat (char *, size_t, va_list); + +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL + roken_vmconcat (char **, size_t, va_list); + +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL roken_detach_prep(int, char **, char *); +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL roken_detach_finish(const char *, int); + +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL + net_write (rk_socket_t, const void *, size_t); + +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL + net_read (rk_socket_t, void *, size_t); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL + issuid(void); + + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL get_window_size(int fd, int *, int *); + + + + + + + +#define copyhostent rk_copyhostent +ROKEN_LIB_FUNCTION struct hostent * ROKEN_LIB_CALL +copyhostent (const struct hostent *); + + + + + + + + + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +getnameinfo_verified(const struct sockaddr *, socklen_t, + char *, size_t, + char *, size_t, + int); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +roken_getaddrinfo_hostspec(const char *, int, struct addrinfo **); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +roken_getaddrinfo_hostspec2(const char *, int, int, struct addrinfo **); + + + + +#define emalloc rk_emalloc +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL emalloc (size_t); +#define ecalloc rk_ecalloc +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL ecalloc(size_t, size_t); +#define erealloc rk_erealloc +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL erealloc (void *, size_t); +#define estrdup rk_estrdup +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL estrdup (const char *); + +/* + * kludges and such + */ + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +roken_gethostby_setup(const char*, const char*); +ROKEN_LIB_FUNCTION struct hostent* ROKEN_LIB_CALL +roken_gethostbyname(const char*); +ROKEN_LIB_FUNCTION struct hostent* ROKEN_LIB_CALL +roken_gethostbyaddr(const void*, size_t, int); + +#define roken_getservbyname(x,y) getservbyname(x,y) + +#define roken_openlog(a,b,c) openlog(a,b,c) + +#define roken_getsockname(a,b,c) getsockname(a,b,c) + + + + +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +mini_inetd_addrinfo (struct addrinfo*, rk_socket_t *); + +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +mini_inetd (int, rk_socket_t *); + + + + + + + + + + + + + + + + +# define rk_random() arc4random() + + + +/* Microsoft VC 2010 POSIX definitions */ + + + +ROKEN_CPP_END + +#endif /* __ROKEN_H__ */ diff --git a/kerberos5/include/rtbl.h b/kerberos5/include/rtbl.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/rtbl.h @@ -0,0 +1,124 @@ +/* + * Copyright (c) 2000,2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +/* $Id$ */ + +#ifndef __rtbl_h__ +#define __rtbl_h__ + +#ifndef ROKEN_LIB_FUNCTION +#ifdef _WIN32 +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl +#else +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL +#endif +#endif + +#if !defined(__GNUC__) && !defined(__attribute__) +#define __attribute__(x) +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +struct rtbl_data; +typedef struct rtbl_data *rtbl_t; + +#define RTBL_ALIGN_LEFT 0 +#define RTBL_ALIGN_RIGHT 1 + +/* flags */ +#define RTBL_HEADER_STYLE_NONE 1 +#define RTBL_JSON 2 + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rtbl_add_column (rtbl_t, const char*, unsigned int); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rtbl_add_column_by_id (rtbl_t, unsigned int, const char*, unsigned int); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rtbl_add_column_entryv_by_id (rtbl_t table, unsigned int id, + const char *fmt, ...) + __attribute__ ((__format__ (__printf__, 3, 0))); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rtbl_add_column_entry (rtbl_t, const char*, const char*); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rtbl_add_column_entryv (rtbl_t, const char*, const char*, ...) + __attribute__ ((__format__ (__printf__, 3, 0))); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rtbl_add_column_entry_by_id (rtbl_t, unsigned int, const char*); + +ROKEN_LIB_FUNCTION rtbl_t ROKEN_LIB_CALL +rtbl_create (void); + +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +rtbl_destroy (rtbl_t); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rtbl_format (rtbl_t, FILE*); + +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL +rtbl_format_str (rtbl_t); + +ROKEN_LIB_FUNCTION unsigned int ROKEN_LIB_CALL +rtbl_get_flags (rtbl_t); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rtbl_new_row (rtbl_t); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rtbl_set_column_affix_by_id (rtbl_t, unsigned int, const char*, const char*); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rtbl_set_column_prefix (rtbl_t, const char*, const char*); + +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +rtbl_set_flags (rtbl_t, unsigned int); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rtbl_set_prefix (rtbl_t, const char*); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rtbl_set_separator (rtbl_t, const char*); + +#ifdef __cplusplus +} +#endif + +#endif /* __rtbl_h__ */ diff --git a/contrib/com_err/compile_et.h b/kerberos5/include/send_to_kdc_plugin.h rename from contrib/com_err/compile_et.h rename to kerberos5/include/send_to_kdc_plugin.h --- a/contrib/com_err/compile_et.h +++ b/kerberos5/include/send_to_kdc_plugin.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 2008 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,43 +33,39 @@ /* $Id$ */ -#ifndef __COMPILE_ET_H__ -#define __COMPILE_ET_H__ +#ifndef HEIMDAL_KRB5_SEND_TO_KDC_PLUGIN_H +#define HEIMDAL_KRB5_SEND_TO_KDC_PLUGIN_H 1 -#include -#include -#include -#include -#include -#include +#include -extern long base_id; -extern int number; -extern char *prefix; -extern char name[128]; -extern char *id_str; -extern char *filename; -extern int numerror; +#define KRB5_PLUGIN_SEND_TO_KDC "send_to_kdc" -struct error_code { - unsigned number; - char *name; - char *string; - struct error_code *next, **tail; -}; +#define KRB5_PLUGIN_SEND_TO_KDC_VERSION_0 0 +#define KRB5_PLUGIN_SEND_TO_KDC_VERSION_2 2 +#define KRB5_PLUGIN_SEND_TO_KDC_VERSION KRB5_PLUGIN_SEND_TO_KDC_VERSION_2 -extern struct error_code *codes; +typedef krb5_error_code +(KRB5_CALLCONV *krb5plugin_send_to_kdc_func)(krb5_context, + void *, + krb5_krbhst_info *, + time_t timeout, + const krb5_data *, + krb5_data *); +typedef krb5_error_code +(KRB5_CALLCONV *krb5plugin_send_to_realm_func)(krb5_context, + void *, + krb5_const_realm, + time_t timeout, + const krb5_data *, + krb5_data *); -#define APPEND(L, V) \ -do { \ - if((L) == NULL) { \ - (L) = (V); \ - (L)->tail = &(V)->next; \ - (L)->next = NULL; \ - }else{ \ - *(L)->tail = (V); \ - (L)->tail = &(V)->next; \ - } \ -}while(0) -#endif /* __COMPILE_ET_H__ */ +typedef struct krb5plugin_send_to_kdc_ftable { + int minor_version; + krb5_error_code (KRB5_CALLCONV *init)(krb5_context, void **); + void (KRB5_CALLCONV *fini)(void *); + krb5plugin_send_to_kdc_func send_to_kdc; + krb5plugin_send_to_realm_func send_to_realm; /* added in version 2 */ +} krb5plugin_send_to_kdc_ftable; + +#endif /* HEIMDAL_KRB5_SEND_TO_KDC_PLUGIN_H */ diff --git a/contrib/com_err/roken_rename.h b/kerberos5/include/sl.h rename from contrib/com_err/roken_rename.h rename to kerberos5/include/sl.h --- a/contrib/com_err/roken_rename.h +++ b/kerberos5/include/sl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,30 +33,39 @@ /* $Id$ */ -#ifndef __roken_rename_h__ -#define __roken_rename_h__ +#ifndef _SL_H +#define _SL_H -#ifndef HAVE_SNPRINTF -#define rk_snprintf _com_err_snprintf -#endif -#ifndef HAVE_VSNPRINTF -#define rk_vsnprintf _com_err_vsnprintf -#endif -#ifndef HAVE_ASPRINTF -#define rk_asprintf _com_err_asprintf -#endif -#ifndef HAVE_ASNPRINTF -#define rk_asnprintf _com_err_asnprintf -#endif -#ifndef HAVE_VASPRINTF -#define rk_vasprintf _com_err_vasprintf -#endif -#ifndef HAVE_VASNPRINTF -#define rk_vasnprintf _com_err_vasnprintf -#endif -#ifndef HAVE_STRLCPY -#define rk_strlcpy _com_err_strlcpy +#define SL_BADCOMMAND -1 + +typedef int (*cmd_func)(int, char **); + +struct sl_cmd { + const char *name; + cmd_func func; + const char *usage; + const char *help; +}; + +typedef struct sl_cmd SL_cmd; + +#ifdef __cplusplus +extern "C" { #endif +void sl_help (SL_cmd *, int argc, char **argv); +int sl_loop (SL_cmd *, const char *prompt); +int sl_command_loop (SL_cmd *cmds, const char *prompt, void **data); +int sl_command (SL_cmd *cmds, int argc, char **argv); +int sl_make_argv(char*, int*, char***); +void sl_apropos (SL_cmd *cmd, const char *topic); +SL_cmd *sl_match (SL_cmd *cmds, char *cmd, int exactp); +void sl_slc_help (SL_cmd *cmds, int argc, char **argv); +void sl_did_you_mean(SL_cmd *cmds, const char *match); + + +#ifdef __cplusplus +} +#endif -#endif /* __roken_rename_h__ */ +#endif /* _SL_H */ diff --git a/kerberos5/include/spnego_asn1.h b/kerberos5/include/spnego_asn1.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/spnego_asn1.h @@ -0,0 +1,328 @@ +/* Generated from ./spnego/spnego.asn1 */ +/* Do not edit */ + +#ifndef __spnego_asn1_h__ +#define __spnego_asn1_h__ + +#include +#include + +#ifndef __asn1_common_definitions__ +#define __asn1_common_definitions__ + +#ifndef __HEIM_BASE_DATA__ +#define __HEIM_BASE_DATA__ 1 +struct heim_base_data { + size_t length; + void *data; +}; +typedef struct heim_base_data heim_octet_string; +#endif + +typedef struct heim_integer { + size_t length; + void *data; + int negative; +} heim_integer; + +typedef char *heim_general_string; + +typedef char *heim_utf8_string; + +typedef struct heim_base_data heim_printable_string; + +typedef struct heim_base_data heim_ia5_string; + +typedef struct heim_bmp_string { + size_t length; + uint16_t *data; +} heim_bmp_string; + +typedef struct heim_universal_string { + size_t length; + uint32_t *data; +} heim_universal_string; + +typedef char *heim_visible_string; + +typedef struct heim_oid { + size_t length; + unsigned *components; +} heim_oid; + +typedef struct heim_bit_string { + size_t length; + void *data; +} heim_bit_string; + +typedef struct heim_base_data heim_any; +typedef struct heim_base_data heim_any_set; + +#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \ + do { \ + (BL) = length_##T((S)); \ + (B) = malloc((BL)); \ + if((B) == NULL) { \ + (R) = ENOMEM; \ + } else { \ + (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \ + (S), (L)); \ + if((R) != 0) { \ + free((B)); \ + (B) = NULL; \ + } \ + } \ + } while (0) + +#ifdef _WIN32 +#ifndef ASN1_LIB +#define ASN1EXP __declspec(dllimport) +#else +#define ASN1EXP +#endif +#define ASN1CALL __stdcall +#else +#define ASN1EXP +#define ASN1CALL +#endif +struct units; + +#endif + +/* +MechType ::= OBJECT IDENTIFIER +*/ + +typedef heim_oid MechType; + +ASN1EXP int ASN1CALL decode_MechType(const unsigned char *, size_t, MechType *, size_t *); +ASN1EXP int ASN1CALL encode_MechType(unsigned char *, size_t, const MechType *, size_t *); +ASN1EXP size_t ASN1CALL length_MechType(const MechType *); +ASN1EXP int ASN1CALL copy_MechType (const MechType *, MechType *); +ASN1EXP void ASN1CALL free_MechType (MechType *); + + +/* +MechTypeList ::= SEQUENCE OF MechType +*/ + +typedef struct MechTypeList { + unsigned int len; + MechType *val; +} MechTypeList; + +ASN1EXP int ASN1CALL add_MechTypeList (MechTypeList *, const MechType *); +ASN1EXP int ASN1CALL remove_MechTypeList (MechTypeList *, unsigned int); +ASN1EXP int ASN1CALL decode_MechTypeList(const unsigned char *, size_t, MechTypeList *, size_t *); +ASN1EXP int ASN1CALL encode_MechTypeList(unsigned char *, size_t, const MechTypeList *, size_t *); +ASN1EXP size_t ASN1CALL length_MechTypeList(const MechTypeList *); +ASN1EXP int ASN1CALL copy_MechTypeList (const MechTypeList *, MechTypeList *); +ASN1EXP void ASN1CALL free_MechTypeList (MechTypeList *); + + +/* +ContextFlags ::= BIT STRING { + delegFlag(0), + mutualFlag(1), + replayFlag(2), + sequenceFlag(3), + anonFlag(4), + confFlag(5), + integFlag(6) +} +*/ + +typedef struct ContextFlags { + unsigned int delegFlag:1; + unsigned int mutualFlag:1; + unsigned int replayFlag:1; + unsigned int sequenceFlag:1; + unsigned int anonFlag:1; + unsigned int confFlag:1; + unsigned int integFlag:1; + unsigned int _unused7:1; + unsigned int _unused8:1; + unsigned int _unused9:1; + unsigned int _unused10:1; + unsigned int _unused11:1; + unsigned int _unused12:1; + unsigned int _unused13:1; + unsigned int _unused14:1; + unsigned int _unused15:1; + unsigned int _unused16:1; + unsigned int _unused17:1; + unsigned int _unused18:1; + unsigned int _unused19:1; + unsigned int _unused20:1; + unsigned int _unused21:1; + unsigned int _unused22:1; + unsigned int _unused23:1; + unsigned int _unused24:1; + unsigned int _unused25:1; + unsigned int _unused26:1; + unsigned int _unused27:1; + unsigned int _unused28:1; + unsigned int _unused29:1; + unsigned int _unused30:1; + unsigned int _unused31:1; +} ContextFlags; + + +unsigned ContextFlags2int(ContextFlags); +ContextFlags int2ContextFlags(unsigned); +const struct units * asn1_ContextFlags_units(void); +ASN1EXP int ASN1CALL decode_ContextFlags(const unsigned char *, size_t, ContextFlags *, size_t *); +ASN1EXP int ASN1CALL encode_ContextFlags(unsigned char *, size_t, const ContextFlags *, size_t *); +ASN1EXP size_t ASN1CALL length_ContextFlags(const ContextFlags *); +ASN1EXP int ASN1CALL copy_ContextFlags (const ContextFlags *, ContextFlags *); +ASN1EXP void ASN1CALL free_ContextFlags (ContextFlags *); + + +/* +NegHints ::= SEQUENCE { + hintName [0] GeneralString OPTIONAL, + hintAddress [1] OCTET STRING OPTIONAL, +} +*/ + +typedef struct NegHints { + heim_general_string *hintName; + heim_octet_string *hintAddress; +} NegHints; + +ASN1EXP int ASN1CALL decode_NegHints(const unsigned char *, size_t, NegHints *, size_t *); +ASN1EXP int ASN1CALL encode_NegHints(unsigned char *, size_t, const NegHints *, size_t *); +ASN1EXP size_t ASN1CALL length_NegHints(const NegHints *); +ASN1EXP int ASN1CALL copy_NegHints (const NegHints *, NegHints *); +ASN1EXP void ASN1CALL free_NegHints (NegHints *); + + +/* +NegTokenInitWin ::= SEQUENCE { + mechTypes [0] MechTypeList, + reqFlags [1] ContextFlags OPTIONAL, + mechToken [2] OCTET STRING OPTIONAL, + negHints [3] NegHints OPTIONAL, +} +*/ + +typedef struct NegTokenInitWin { + MechTypeList mechTypes; + ContextFlags *reqFlags; + heim_octet_string *mechToken; + NegHints *negHints; +} NegTokenInitWin; + +ASN1EXP int ASN1CALL decode_NegTokenInitWin(const unsigned char *, size_t, NegTokenInitWin *, size_t *); +ASN1EXP int ASN1CALL encode_NegTokenInitWin(unsigned char *, size_t, const NegTokenInitWin *, size_t *); +ASN1EXP size_t ASN1CALL length_NegTokenInitWin(const NegTokenInitWin *); +ASN1EXP int ASN1CALL copy_NegTokenInitWin (const NegTokenInitWin *, NegTokenInitWin *); +ASN1EXP void ASN1CALL free_NegTokenInitWin (NegTokenInitWin *); + + +/* +NegTokenInit ::= SEQUENCE { + mechTypes [0] MechTypeList, + reqFlags [1] ContextFlags OPTIONAL, + mechToken [2] OCTET STRING OPTIONAL, + mechListMIC [3] OCTET STRING OPTIONAL, + ..., +} +*/ + +typedef struct NegTokenInit { + MechTypeList mechTypes; + ContextFlags *reqFlags; + heim_octet_string *mechToken; + heim_octet_string *mechListMIC; +} NegTokenInit; + +ASN1EXP int ASN1CALL decode_NegTokenInit(const unsigned char *, size_t, NegTokenInit *, size_t *); +ASN1EXP int ASN1CALL encode_NegTokenInit(unsigned char *, size_t, const NegTokenInit *, size_t *); +ASN1EXP size_t ASN1CALL length_NegTokenInit(const NegTokenInit *); +ASN1EXP int ASN1CALL copy_NegTokenInit (const NegTokenInit *, NegTokenInit *); +ASN1EXP void ASN1CALL free_NegTokenInit (NegTokenInit *); + + +/* +NegTokenResp ::= SEQUENCE { + negResult [0] INTEGER { + accept_completed(0), + accept_incomplete(1), + reject(2), + request_mic(3) + } OPTIONAL, + supportedMech [1] MechType OPTIONAL, + responseToken [2] OCTET STRING OPTIONAL, + mechListMIC [3] OCTET STRING OPTIONAL, + ..., +} +*/ + +typedef struct NegTokenResp { + enum { + accept_completed = 0, + accept_incomplete = 1, + reject = 2, + request_mic = 3 +} *negResult; + MechType *supportedMech; + heim_octet_string *responseToken; + heim_octet_string *mechListMIC; +} NegTokenResp; + +ASN1EXP int ASN1CALL decode_NegTokenResp(const unsigned char *, size_t, NegTokenResp *, size_t *); +ASN1EXP int ASN1CALL encode_NegTokenResp(unsigned char *, size_t, const NegTokenResp *, size_t *); +ASN1EXP size_t ASN1CALL length_NegTokenResp(const NegTokenResp *); +ASN1EXP int ASN1CALL copy_NegTokenResp (const NegTokenResp *, NegTokenResp *); +ASN1EXP void ASN1CALL free_NegTokenResp (NegTokenResp *); + + +/* +NegotiationToken ::= CHOICE { + negTokenInit [0] NegTokenInit, + negTokenResp [1] NegTokenResp, +} +*/ + +typedef struct NegotiationToken { + enum NegotiationToken_enum { + choice_NegotiationToken_negTokenInit = 1, + choice_NegotiationToken_negTokenResp + } element; + union { + NegTokenInit negTokenInit; + NegTokenResp negTokenResp; + } u; +} NegotiationToken; + +ASN1EXP int ASN1CALL decode_NegotiationToken(const unsigned char *, size_t, NegotiationToken *, size_t *); +ASN1EXP int ASN1CALL encode_NegotiationToken(unsigned char *, size_t, const NegotiationToken *, size_t *); +ASN1EXP size_t ASN1CALL length_NegotiationToken(const NegotiationToken *); +ASN1EXP int ASN1CALL copy_NegotiationToken (const NegotiationToken *, NegotiationToken *); +ASN1EXP void ASN1CALL free_NegotiationToken (NegotiationToken *); + + +/* +NegotiationTokenWin ::= CHOICE { + negTokenInit [0] NegTokenInitWin, +} +*/ + +typedef struct NegotiationTokenWin { + enum NegotiationTokenWin_enum { + choice_NegotiationTokenWin_negTokenInit = 1 + } element; + union { + NegTokenInitWin negTokenInit; + } u; +} NegotiationTokenWin; + +ASN1EXP int ASN1CALL decode_NegotiationTokenWin(const unsigned char *, size_t, NegotiationTokenWin *, size_t *); +ASN1EXP int ASN1CALL encode_NegotiationTokenWin(unsigned char *, size_t, const NegotiationTokenWin *, size_t *); +ASN1EXP size_t ASN1CALL length_NegotiationTokenWin(const NegotiationTokenWin *); +ASN1EXP int ASN1CALL copy_NegotiationTokenWin (const NegotiationTokenWin *, NegotiationTokenWin *); +ASN1EXP void ASN1CALL free_NegotiationTokenWin (NegotiationTokenWin *); + + +#endif /* __spnego_asn1_h__ */ diff --git a/kerberos5/include/sqlite3.h b/kerberos5/include/sqlite3.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/sqlite3.h @@ -0,0 +1,10371 @@ +/* +** 2001 September 15 +** +** The author disclaims copyright to this source code. In place of +** a legal notice, here is a blessing: +** +** May you do good and not evil. +** May you find forgiveness for yourself and forgive others. +** May you share freely, never taking more than you give. +** +************************************************************************* +** This header file defines the interface that the SQLite library +** presents to client programs. If a C-function, structure, datatype, +** or constant definition does not appear in this file, then it is +** not a published API of SQLite, is subject to change without +** notice, and should not be referenced by programs that use SQLite. +** +** Some of the definitions that are in this file are marked as +** "experimental". Experimental interfaces are normally new +** features recently added to SQLite. We do not anticipate changes +** to experimental interfaces but reserve the right to make minor changes +** if experience from use "in the wild" suggest such changes are prudent. +** +** The official C-language API documentation for SQLite is derived +** from comments in this file. This file is the authoritative source +** on how SQLite interfaces are supposed to operate. +** +** The name of this file under configuration management is "sqlite.h.in". +** The makefile makes some minor changes to this file (such as inserting +** the version number) and changes its name to "sqlite3.h" as +** part of the build process. +*/ +#ifndef SQLITE3_H +#define SQLITE3_H +#include /* Needed for the definition of va_list */ + +/* +** Make sure we can call this stuff from C++. +*/ +#ifdef __cplusplus +extern "C" { +#endif + + +/* +** Provide the ability to override linkage features of the interface. +*/ +#ifndef SQLITE_EXTERN +# define SQLITE_EXTERN extern +#endif +#ifndef SQLITE_API +# define SQLITE_API +#endif +#ifndef SQLITE_CDECL +# define SQLITE_CDECL +#endif +#ifndef SQLITE_APICALL +# define SQLITE_APICALL +#endif +#ifndef SQLITE_STDCALL +# define SQLITE_STDCALL SQLITE_APICALL +#endif +#ifndef SQLITE_CALLBACK +# define SQLITE_CALLBACK +#endif +#ifndef SQLITE_SYSAPI +# define SQLITE_SYSAPI +#endif + +/* +** These no-op macros are used in front of interfaces to mark those +** interfaces as either deprecated or experimental. New applications +** should not use deprecated interfaces - they are supported for backwards +** compatibility only. Application writers should be aware that +** experimental interfaces are subject to change in point releases. +** +** These macros used to resolve to various kinds of compiler magic that +** would generate warning messages when they were used. But that +** compiler magic ended up generating such a flurry of bug reports +** that we have taken it all out and gone back to using simple +** noop macros. +*/ +#define SQLITE_DEPRECATED +#define SQLITE_EXPERIMENTAL + +/* +** Ensure these symbols were not defined by some previous header file. +*/ +#ifdef SQLITE_VERSION +# undef SQLITE_VERSION +#endif +#ifdef SQLITE_VERSION_NUMBER +# undef SQLITE_VERSION_NUMBER +#endif + +/* +** CAPI3REF: Compile-Time Library Version Numbers +** +** ^(The [SQLITE_VERSION] C preprocessor macro in the sqlite3.h header +** evaluates to a string literal that is the SQLite version in the +** format "X.Y.Z" where X is the major version number (always 3 for +** SQLite3) and Y is the minor version number and Z is the release number.)^ +** ^(The [SQLITE_VERSION_NUMBER] C preprocessor macro resolves to an integer +** with the value (X*1000000 + Y*1000 + Z) where X, Y, and Z are the same +** numbers used in [SQLITE_VERSION].)^ +** The SQLITE_VERSION_NUMBER for any given release of SQLite will also +** be larger than the release from which it is derived. Either Y will +** be held constant and Z will be incremented or else Y will be incremented +** and Z will be reset to zero. +** +** Since [version 3.6.18] ([dateof:3.6.18]), +** SQLite source code has been stored in the +** Fossil configuration management +** system. ^The SQLITE_SOURCE_ID macro evaluates to +** a string which identifies a particular check-in of SQLite +** within its configuration management system. ^The SQLITE_SOURCE_ID +** string contains the date and time of the check-in (UTC) and an SHA1 +** hash of the entire source tree. +** +** See also: [sqlite3_libversion()], +** [sqlite3_libversion_number()], [sqlite3_sourceid()], +** [sqlite_version()] and [sqlite_source_id()]. +*/ +#define SQLITE_VERSION "3.15.1" +#define SQLITE_VERSION_NUMBER 3015001 +#define SQLITE_SOURCE_ID "2016-11-04 12:08:49 1136863c76576110e710dd5d69ab6bf347c65e36" + +/* +** CAPI3REF: Run-Time Library Version Numbers +** KEYWORDS: sqlite3_version, sqlite3_sourceid +** +** These interfaces provide the same information as the [SQLITE_VERSION], +** [SQLITE_VERSION_NUMBER], and [SQLITE_SOURCE_ID] C preprocessor macros +** but are associated with the library instead of the header file. ^(Cautious +** programmers might include assert() statements in their application to +** verify that values returned by these interfaces match the macros in +** the header, and thus ensure that the application is +** compiled with matching library and header files. +** +** 
+** assert( sqlite3_libversion_number()==SQLITE_VERSION_NUMBER );
+** assert( strcmp(sqlite3_sourceid(),SQLITE_SOURCE_ID)==0 );
+** assert( strcmp(sqlite3_libversion(),SQLITE_VERSION)==0 );
+**
)^ +** +** ^The sqlite3_version[] string constant contains the text of [SQLITE_VERSION] +** macro. ^The sqlite3_libversion() function returns a pointer to the +** to the sqlite3_version[] string constant. The sqlite3_libversion() +** function is provided for use in DLLs since DLL users usually do not have +** direct access to string constants within the DLL. ^The +** sqlite3_libversion_number() function returns an integer equal to +** [SQLITE_VERSION_NUMBER]. ^The sqlite3_sourceid() function returns +** a pointer to a string constant whose value is the same as the +** [SQLITE_SOURCE_ID] C preprocessor macro. +** +** See also: [sqlite_version()] and [sqlite_source_id()]. +*/ +SQLITE_API SQLITE_EXTERN const char sqlite3_version[]; +SQLITE_API const char *sqlite3_libversion(void); +SQLITE_API const char *sqlite3_sourceid(void); +SQLITE_API int sqlite3_libversion_number(void); + +/* +** CAPI3REF: Run-Time Library Compilation Options Diagnostics +** +** ^The sqlite3_compileoption_used() function returns 0 or 1 +** indicating whether the specified option was defined at +** compile time. ^The SQLITE_ prefix may be omitted from the +** option name passed to sqlite3_compileoption_used(). +** +** ^The sqlite3_compileoption_get() function allows iterating +** over the list of options that were defined at compile time by +** returning the N-th compile time option string. ^If N is out of range, +** sqlite3_compileoption_get() returns a NULL pointer. ^The SQLITE_ +** prefix is omitted from any strings returned by +** sqlite3_compileoption_get(). +** +** ^Support for the diagnostic functions sqlite3_compileoption_used() +** and sqlite3_compileoption_get() may be omitted by specifying the +** [SQLITE_OMIT_COMPILEOPTION_DIAGS] option at compile time. +** +** See also: SQL functions [sqlite_compileoption_used()] and +** [sqlite_compileoption_get()] and the [compile_options pragma]. +*/ +#ifndef SQLITE_OMIT_COMPILEOPTION_DIAGS +SQLITE_API int sqlite3_compileoption_used(const char *zOptName); +SQLITE_API const char *sqlite3_compileoption_get(int N); +#endif + +/* +** CAPI3REF: Test To See If The Library Is Threadsafe +** +** ^The sqlite3_threadsafe() function returns zero if and only if +** SQLite was compiled with mutexing code omitted due to the +** [SQLITE_THREADSAFE] compile-time option being set to 0. +** +** SQLite can be compiled with or without mutexes. When +** the [SQLITE_THREADSAFE] C preprocessor macro is 1 or 2, mutexes +** are enabled and SQLite is threadsafe. When the +** [SQLITE_THREADSAFE] macro is 0, +** the mutexes are omitted. Without the mutexes, it is not safe +** to use SQLite concurrently from more than one thread. +** +** Enabling mutexes incurs a measurable performance penalty. +** So if speed is of utmost importance, it makes sense to disable +** the mutexes. But for maximum safety, mutexes should be enabled. +** ^The default behavior is for mutexes to be enabled. +** +** This interface can be used by an application to make sure that the +** version of SQLite that it is linking against was compiled with +** the desired setting of the [SQLITE_THREADSAFE] macro. +** +** This interface only reports on the compile-time mutex setting +** of the [SQLITE_THREADSAFE] flag. If SQLite is compiled with +** SQLITE_THREADSAFE=1 or =2 then mutexes are enabled by default but +** can be fully or partially disabled using a call to [sqlite3_config()] +** with the verbs [SQLITE_CONFIG_SINGLETHREAD], [SQLITE_CONFIG_MULTITHREAD], +** or [SQLITE_CONFIG_SERIALIZED]. ^(The return value of the +** sqlite3_threadsafe() function shows only the compile-time setting of +** thread safety, not any run-time changes to that setting made by +** sqlite3_config(). In other words, the return value from sqlite3_threadsafe() +** is unchanged by calls to sqlite3_config().)^ +** +** See the [threading mode] documentation for additional information. +*/ +SQLITE_API int sqlite3_threadsafe(void); + +/* +** CAPI3REF: Database Connection Handle +** KEYWORDS: {database connection} {database connections} +** +** Each open SQLite database is represented by a pointer to an instance of +** the opaque structure named "sqlite3". It is useful to think of an sqlite3 +** pointer as an object. The [sqlite3_open()], [sqlite3_open16()], and +** [sqlite3_open_v2()] interfaces are its constructors, and [sqlite3_close()] +** and [sqlite3_close_v2()] are its destructors. There are many other +** interfaces (such as +** [sqlite3_prepare_v2()], [sqlite3_create_function()], and +** [sqlite3_busy_timeout()] to name but three) that are methods on an +** sqlite3 object. +*/ +typedef struct sqlite3 sqlite3; + +/* +** CAPI3REF: 64-Bit Integer Types +** KEYWORDS: sqlite_int64 sqlite_uint64 +** +** Because there is no cross-platform way to specify 64-bit integer types +** SQLite includes typedefs for 64-bit signed and unsigned integers. +** +** The sqlite3_int64 and sqlite3_uint64 are the preferred type definitions. +** The sqlite_int64 and sqlite_uint64 types are supported for backwards +** compatibility only. +** +** ^The sqlite3_int64 and sqlite_int64 types can store integer values +** between -9223372036854775808 and +9223372036854775807 inclusive. ^The +** sqlite3_uint64 and sqlite_uint64 types can store integer values +** between 0 and +18446744073709551615 inclusive. +*/ +#ifdef SQLITE_INT64_TYPE + typedef SQLITE_INT64_TYPE sqlite_int64; + typedef unsigned SQLITE_INT64_TYPE sqlite_uint64; +#elif defined(_MSC_VER) || defined(__BORLANDC__) + typedef __int64 sqlite_int64; + typedef unsigned __int64 sqlite_uint64; +#else + typedef long long int sqlite_int64; + typedef unsigned long long int sqlite_uint64; +#endif +typedef sqlite_int64 sqlite3_int64; +typedef sqlite_uint64 sqlite3_uint64; + +/* +** If compiling for a processor that lacks floating point support, +** substitute integer for floating-point. +*/ +#ifdef SQLITE_OMIT_FLOATING_POINT +# define double sqlite3_int64 +#endif + +/* +** CAPI3REF: Closing A Database Connection +** DESTRUCTOR: sqlite3 +** +** ^The sqlite3_close() and sqlite3_close_v2() routines are destructors +** for the [sqlite3] object. +** ^Calls to sqlite3_close() and sqlite3_close_v2() return [SQLITE_OK] if +** the [sqlite3] object is successfully destroyed and all associated +** resources are deallocated. +** +** ^If the database connection is associated with unfinalized prepared +** statements or unfinished sqlite3_backup objects then sqlite3_close() +** will leave the database connection open and return [SQLITE_BUSY]. +** ^If sqlite3_close_v2() is called with unfinalized prepared statements +** and/or unfinished sqlite3_backups, then the database connection becomes +** an unusable "zombie" which will automatically be deallocated when the +** last prepared statement is finalized or the last sqlite3_backup is +** finished. The sqlite3_close_v2() interface is intended for use with +** host languages that are garbage collected, and where the order in which +** destructors are called is arbitrary. +** +** Applications should [sqlite3_finalize | finalize] all [prepared statements], +** [sqlite3_blob_close | close] all [BLOB handles], and +** [sqlite3_backup_finish | finish] all [sqlite3_backup] objects associated +** with the [sqlite3] object prior to attempting to close the object. ^If +** sqlite3_close_v2() is called on a [database connection] that still has +** outstanding [prepared statements], [BLOB handles], and/or +** [sqlite3_backup] objects then it returns [SQLITE_OK] and the deallocation +** of resources is deferred until all [prepared statements], [BLOB handles], +** and [sqlite3_backup] objects are also destroyed. +** +** ^If an [sqlite3] object is destroyed while a transaction is open, +** the transaction is automatically rolled back. +** +** The C parameter to [sqlite3_close(C)] and [sqlite3_close_v2(C)] +** must be either a NULL +** pointer or an [sqlite3] object pointer obtained +** from [sqlite3_open()], [sqlite3_open16()], or +** [sqlite3_open_v2()], and not previously closed. +** ^Calling sqlite3_close() or sqlite3_close_v2() with a NULL pointer +** argument is a harmless no-op. +*/ +SQLITE_API int sqlite3_close(sqlite3*); +SQLITE_API int sqlite3_close_v2(sqlite3*); + +/* +** The type for a callback function. +** This is legacy and deprecated. It is included for historical +** compatibility and is not documented. +*/ +typedef int (*sqlite3_callback)(void*,int,char**, char**); + +/* +** CAPI3REF: One-Step Query Execution Interface +** METHOD: sqlite3 +** +** The sqlite3_exec() interface is a convenience wrapper around +** [sqlite3_prepare_v2()], [sqlite3_step()], and [sqlite3_finalize()], +** that allows an application to run multiple statements of SQL +** without having to use a lot of C code. +** +** ^The sqlite3_exec() interface runs zero or more UTF-8 encoded, +** semicolon-separate SQL statements passed into its 2nd argument, +** in the context of the [database connection] passed in as its 1st +** argument. ^If the callback function of the 3rd argument to +** sqlite3_exec() is not NULL, then it is invoked for each result row +** coming out of the evaluated SQL statements. ^The 4th argument to +** sqlite3_exec() is relayed through to the 1st argument of each +** callback invocation. ^If the callback pointer to sqlite3_exec() +** is NULL, then no callback is ever invoked and result rows are +** ignored. +** +** ^If an error occurs while evaluating the SQL statements passed into +** sqlite3_exec(), then execution of the current statement stops and +** subsequent statements are skipped. ^If the 5th parameter to sqlite3_exec() +** is not NULL then any error message is written into memory obtained +** from [sqlite3_malloc()] and passed back through the 5th parameter. +** To avoid memory leaks, the application should invoke [sqlite3_free()] +** on error message strings returned through the 5th parameter of +** sqlite3_exec() after the error message string is no longer needed. +** ^If the 5th parameter to sqlite3_exec() is not NULL and no errors +** occur, then sqlite3_exec() sets the pointer in its 5th parameter to +** NULL before returning. +** +** ^If an sqlite3_exec() callback returns non-zero, the sqlite3_exec() +** routine returns SQLITE_ABORT without invoking the callback again and +** without running any subsequent SQL statements. +** +** ^The 2nd argument to the sqlite3_exec() callback function is the +** number of columns in the result. ^The 3rd argument to the sqlite3_exec() +** callback is an array of pointers to strings obtained as if from +** [sqlite3_column_text()], one for each column. ^If an element of a +** result row is NULL then the corresponding string pointer for the +** sqlite3_exec() callback is a NULL pointer. ^The 4th argument to the +** sqlite3_exec() callback is an array of pointers to strings where each +** entry represents the name of corresponding result column as obtained +** from [sqlite3_column_name()]. +** +** ^If the 2nd parameter to sqlite3_exec() is a NULL pointer, a pointer +** to an empty string, or a pointer that contains only whitespace and/or +** SQL comments, then no SQL statements are evaluated and the database +** is not changed. +** +** Restrictions: +** +**
    +**
  • The application must ensure that the 1st parameter to sqlite3_exec() +** is a valid and open [database connection]. +**
  • The application must not close the [database connection] specified by +** the 1st parameter to sqlite3_exec() while sqlite3_exec() is running. +**
  • The application must not modify the SQL statement text passed into +** the 2nd parameter of sqlite3_exec() while sqlite3_exec() is running. +**
+*/ +SQLITE_API int sqlite3_exec( + sqlite3*, /* An open database */ + const char *sql, /* SQL to be evaluated */ + int (*callback)(void*,int,char**,char**), /* Callback function */ + void *, /* 1st argument to callback */ + char **errmsg /* Error msg written here */ +); + +/* +** CAPI3REF: Result Codes +** KEYWORDS: {result code definitions} +** +** Many SQLite functions return an integer result code from the set shown +** here in order to indicate success or failure. +** +** New error codes may be added in future versions of SQLite. +** +** See also: [extended result code definitions] +*/ +#define SQLITE_OK 0 /* Successful result */ +/* beginning-of-error-codes */ +#define SQLITE_ERROR 1 /* SQL error or missing database */ +#define SQLITE_INTERNAL 2 /* Internal logic error in SQLite */ +#define SQLITE_PERM 3 /* Access permission denied */ +#define SQLITE_ABORT 4 /* Callback routine requested an abort */ +#define SQLITE_BUSY 5 /* The database file is locked */ +#define SQLITE_LOCKED 6 /* A table in the database is locked */ +#define SQLITE_NOMEM 7 /* A malloc() failed */ +#define SQLITE_READONLY 8 /* Attempt to write a readonly database */ +#define SQLITE_INTERRUPT 9 /* Operation terminated by sqlite3_interrupt()*/ +#define SQLITE_IOERR 10 /* Some kind of disk I/O error occurred */ +#define SQLITE_CORRUPT 11 /* The database disk image is malformed */ +#define SQLITE_NOTFOUND 12 /* Unknown opcode in sqlite3_file_control() */ +#define SQLITE_FULL 13 /* Insertion failed because database is full */ +#define SQLITE_CANTOPEN 14 /* Unable to open the database file */ +#define SQLITE_PROTOCOL 15 /* Database lock protocol error */ +#define SQLITE_EMPTY 16 /* Database is empty */ +#define SQLITE_SCHEMA 17 /* The database schema changed */ +#define SQLITE_TOOBIG 18 /* String or BLOB exceeds size limit */ +#define SQLITE_CONSTRAINT 19 /* Abort due to constraint violation */ +#define SQLITE_MISMATCH 20 /* Data type mismatch */ +#define SQLITE_MISUSE 21 /* Library used incorrectly */ +#define SQLITE_NOLFS 22 /* Uses OS features not supported on host */ +#define SQLITE_AUTH 23 /* Authorization denied */ +#define SQLITE_FORMAT 24 /* Auxiliary database format error */ +#define SQLITE_RANGE 25 /* 2nd parameter to sqlite3_bind out of range */ +#define SQLITE_NOTADB 26 /* File opened that is not a database file */ +#define SQLITE_NOTICE 27 /* Notifications from sqlite3_log() */ +#define SQLITE_WARNING 28 /* Warnings from sqlite3_log() */ +#define SQLITE_ROW 100 /* sqlite3_step() has another row ready */ +#define SQLITE_DONE 101 /* sqlite3_step() has finished executing */ +/* end-of-error-codes */ + +/* +** CAPI3REF: Extended Result Codes +** KEYWORDS: {extended result code definitions} +** +** In its default configuration, SQLite API routines return one of 30 integer +** [result codes]. However, experience has shown that many of +** these result codes are too coarse-grained. They do not provide as +** much information about problems as programmers might like. In an effort to +** address this, newer versions of SQLite (version 3.3.8 [dateof:3.3.8] +** and later) include +** support for additional result codes that provide more detailed information +** about errors. These [extended result codes] are enabled or disabled +** on a per database connection basis using the +** [sqlite3_extended_result_codes()] API. Or, the extended code for +** the most recent error can be obtained using +** [sqlite3_extended_errcode()]. +*/ +#define SQLITE_IOERR_READ (SQLITE_IOERR | (1<<8)) +#define SQLITE_IOERR_SHORT_READ (SQLITE_IOERR | (2<<8)) +#define SQLITE_IOERR_WRITE (SQLITE_IOERR | (3<<8)) +#define SQLITE_IOERR_FSYNC (SQLITE_IOERR | (4<<8)) +#define SQLITE_IOERR_DIR_FSYNC (SQLITE_IOERR | (5<<8)) +#define SQLITE_IOERR_TRUNCATE (SQLITE_IOERR | (6<<8)) +#define SQLITE_IOERR_FSTAT (SQLITE_IOERR | (7<<8)) +#define SQLITE_IOERR_UNLOCK (SQLITE_IOERR | (8<<8)) +#define SQLITE_IOERR_RDLOCK (SQLITE_IOERR | (9<<8)) +#define SQLITE_IOERR_DELETE (SQLITE_IOERR | (10<<8)) +#define SQLITE_IOERR_BLOCKED (SQLITE_IOERR | (11<<8)) +#define SQLITE_IOERR_NOMEM (SQLITE_IOERR | (12<<8)) +#define SQLITE_IOERR_ACCESS (SQLITE_IOERR | (13<<8)) +#define SQLITE_IOERR_CHECKRESERVEDLOCK (SQLITE_IOERR | (14<<8)) +#define SQLITE_IOERR_LOCK (SQLITE_IOERR | (15<<8)) +#define SQLITE_IOERR_CLOSE (SQLITE_IOERR | (16<<8)) +#define SQLITE_IOERR_DIR_CLOSE (SQLITE_IOERR | (17<<8)) +#define SQLITE_IOERR_SHMOPEN (SQLITE_IOERR | (18<<8)) +#define SQLITE_IOERR_SHMSIZE (SQLITE_IOERR | (19<<8)) +#define SQLITE_IOERR_SHMLOCK (SQLITE_IOERR | (20<<8)) +#define SQLITE_IOERR_SHMMAP (SQLITE_IOERR | (21<<8)) +#define SQLITE_IOERR_SEEK (SQLITE_IOERR | (22<<8)) +#define SQLITE_IOERR_DELETE_NOENT (SQLITE_IOERR | (23<<8)) +#define SQLITE_IOERR_MMAP (SQLITE_IOERR | (24<<8)) +#define SQLITE_IOERR_GETTEMPPATH (SQLITE_IOERR | (25<<8)) +#define SQLITE_IOERR_CONVPATH (SQLITE_IOERR | (26<<8)) +#define SQLITE_IOERR_VNODE (SQLITE_IOERR | (27<<8)) +#define SQLITE_IOERR_AUTH (SQLITE_IOERR | (28<<8)) +#define SQLITE_LOCKED_SHAREDCACHE (SQLITE_LOCKED | (1<<8)) +#define SQLITE_BUSY_RECOVERY (SQLITE_BUSY | (1<<8)) +#define SQLITE_BUSY_SNAPSHOT (SQLITE_BUSY | (2<<8)) +#define SQLITE_CANTOPEN_NOTEMPDIR (SQLITE_CANTOPEN | (1<<8)) +#define SQLITE_CANTOPEN_ISDIR (SQLITE_CANTOPEN | (2<<8)) +#define SQLITE_CANTOPEN_FULLPATH (SQLITE_CANTOPEN | (3<<8)) +#define SQLITE_CANTOPEN_CONVPATH (SQLITE_CANTOPEN | (4<<8)) +#define SQLITE_CORRUPT_VTAB (SQLITE_CORRUPT | (1<<8)) +#define SQLITE_READONLY_RECOVERY (SQLITE_READONLY | (1<<8)) +#define SQLITE_READONLY_CANTLOCK (SQLITE_READONLY | (2<<8)) +#define SQLITE_READONLY_ROLLBACK (SQLITE_READONLY | (3<<8)) +#define SQLITE_READONLY_DBMOVED (SQLITE_READONLY | (4<<8)) +#define SQLITE_ABORT_ROLLBACK (SQLITE_ABORT | (2<<8)) +#define SQLITE_CONSTRAINT_CHECK (SQLITE_CONSTRAINT | (1<<8)) +#define SQLITE_CONSTRAINT_COMMITHOOK (SQLITE_CONSTRAINT | (2<<8)) +#define SQLITE_CONSTRAINT_FOREIGNKEY (SQLITE_CONSTRAINT | (3<<8)) +#define SQLITE_CONSTRAINT_FUNCTION (SQLITE_CONSTRAINT | (4<<8)) +#define SQLITE_CONSTRAINT_NOTNULL (SQLITE_CONSTRAINT | (5<<8)) +#define SQLITE_CONSTRAINT_PRIMARYKEY (SQLITE_CONSTRAINT | (6<<8)) +#define SQLITE_CONSTRAINT_TRIGGER (SQLITE_CONSTRAINT | (7<<8)) +#define SQLITE_CONSTRAINT_UNIQUE (SQLITE_CONSTRAINT | (8<<8)) +#define SQLITE_CONSTRAINT_VTAB (SQLITE_CONSTRAINT | (9<<8)) +#define SQLITE_CONSTRAINT_ROWID (SQLITE_CONSTRAINT |(10<<8)) +#define SQLITE_NOTICE_RECOVER_WAL (SQLITE_NOTICE | (1<<8)) +#define SQLITE_NOTICE_RECOVER_ROLLBACK (SQLITE_NOTICE | (2<<8)) +#define SQLITE_WARNING_AUTOINDEX (SQLITE_WARNING | (1<<8)) +#define SQLITE_AUTH_USER (SQLITE_AUTH | (1<<8)) +#define SQLITE_OK_LOAD_PERMANENTLY (SQLITE_OK | (1<<8)) + +/* +** CAPI3REF: Flags For File Open Operations +** +** These bit values are intended for use in the +** 3rd parameter to the [sqlite3_open_v2()] interface and +** in the 4th parameter to the [sqlite3_vfs.xOpen] method. +*/ +#define SQLITE_OPEN_READONLY 0x00000001 /* Ok for sqlite3_open_v2() */ +#define SQLITE_OPEN_READWRITE 0x00000002 /* Ok for sqlite3_open_v2() */ +#define SQLITE_OPEN_CREATE 0x00000004 /* Ok for sqlite3_open_v2() */ +#define SQLITE_OPEN_DELETEONCLOSE 0x00000008 /* VFS only */ +#define SQLITE_OPEN_EXCLUSIVE 0x00000010 /* VFS only */ +#define SQLITE_OPEN_AUTOPROXY 0x00000020 /* VFS only */ +#define SQLITE_OPEN_URI 0x00000040 /* Ok for sqlite3_open_v2() */ +#define SQLITE_OPEN_MEMORY 0x00000080 /* Ok for sqlite3_open_v2() */ +#define SQLITE_OPEN_MAIN_DB 0x00000100 /* VFS only */ +#define SQLITE_OPEN_TEMP_DB 0x00000200 /* VFS only */ +#define SQLITE_OPEN_TRANSIENT_DB 0x00000400 /* VFS only */ +#define SQLITE_OPEN_MAIN_JOURNAL 0x00000800 /* VFS only */ +#define SQLITE_OPEN_TEMP_JOURNAL 0x00001000 /* VFS only */ +#define SQLITE_OPEN_SUBJOURNAL 0x00002000 /* VFS only */ +#define SQLITE_OPEN_MASTER_JOURNAL 0x00004000 /* VFS only */ +#define SQLITE_OPEN_NOMUTEX 0x00008000 /* Ok for sqlite3_open_v2() */ +#define SQLITE_OPEN_FULLMUTEX 0x00010000 /* Ok for sqlite3_open_v2() */ +#define SQLITE_OPEN_SHAREDCACHE 0x00020000 /* Ok for sqlite3_open_v2() */ +#define SQLITE_OPEN_PRIVATECACHE 0x00040000 /* Ok for sqlite3_open_v2() */ +#define SQLITE_OPEN_WAL 0x00080000 /* VFS only */ + +/* Reserved: 0x00F00000 */ + +/* +** CAPI3REF: Device Characteristics +** +** The xDeviceCharacteristics method of the [sqlite3_io_methods] +** object returns an integer which is a vector of these +** bit values expressing I/O characteristics of the mass storage +** device that holds the file that the [sqlite3_io_methods] +** refers to. +** +** The SQLITE_IOCAP_ATOMIC property means that all writes of +** any size are atomic. The SQLITE_IOCAP_ATOMICnnn values +** mean that writes of blocks that are nnn bytes in size and +** are aligned to an address which is an integer multiple of +** nnn are atomic. The SQLITE_IOCAP_SAFE_APPEND value means +** that when data is appended to a file, the data is appended +** first then the size of the file is extended, never the other +** way around. The SQLITE_IOCAP_SEQUENTIAL property means that +** information is written to disk in the same order as calls +** to xWrite(). The SQLITE_IOCAP_POWERSAFE_OVERWRITE property means that +** after reboot following a crash or power loss, the only bytes in a +** file that were written at the application level might have changed +** and that adjacent bytes, even bytes within the same sector are +** guaranteed to be unchanged. The SQLITE_IOCAP_UNDELETABLE_WHEN_OPEN +** flag indicate that a file cannot be deleted when open. The +** SQLITE_IOCAP_IMMUTABLE flag indicates that the file is on +** read-only media and cannot be changed even by processes with +** elevated privileges. +*/ +#define SQLITE_IOCAP_ATOMIC 0x00000001 +#define SQLITE_IOCAP_ATOMIC512 0x00000002 +#define SQLITE_IOCAP_ATOMIC1K 0x00000004 +#define SQLITE_IOCAP_ATOMIC2K 0x00000008 +#define SQLITE_IOCAP_ATOMIC4K 0x00000010 +#define SQLITE_IOCAP_ATOMIC8K 0x00000020 +#define SQLITE_IOCAP_ATOMIC16K 0x00000040 +#define SQLITE_IOCAP_ATOMIC32K 0x00000080 +#define SQLITE_IOCAP_ATOMIC64K 0x00000100 +#define SQLITE_IOCAP_SAFE_APPEND 0x00000200 +#define SQLITE_IOCAP_SEQUENTIAL 0x00000400 +#define SQLITE_IOCAP_UNDELETABLE_WHEN_OPEN 0x00000800 +#define SQLITE_IOCAP_POWERSAFE_OVERWRITE 0x00001000 +#define SQLITE_IOCAP_IMMUTABLE 0x00002000 + +/* +** CAPI3REF: File Locking Levels +** +** SQLite uses one of these integer values as the second +** argument to calls it makes to the xLock() and xUnlock() methods +** of an [sqlite3_io_methods] object. +*/ +#define SQLITE_LOCK_NONE 0 +#define SQLITE_LOCK_SHARED 1 +#define SQLITE_LOCK_RESERVED 2 +#define SQLITE_LOCK_PENDING 3 +#define SQLITE_LOCK_EXCLUSIVE 4 + +/* +** CAPI3REF: Synchronization Type Flags +** +** When SQLite invokes the xSync() method of an +** [sqlite3_io_methods] object it uses a combination of +** these integer values as the second argument. +** +** When the SQLITE_SYNC_DATAONLY flag is used, it means that the +** sync operation only needs to flush data to mass storage. Inode +** information need not be flushed. If the lower four bits of the flag +** equal SQLITE_SYNC_NORMAL, that means to use normal fsync() semantics. +** If the lower four bits equal SQLITE_SYNC_FULL, that means +** to use Mac OS X style fullsync instead of fsync(). +** +** Do not confuse the SQLITE_SYNC_NORMAL and SQLITE_SYNC_FULL flags +** with the [PRAGMA synchronous]=NORMAL and [PRAGMA synchronous]=FULL +** settings. The [synchronous pragma] determines when calls to the +** xSync VFS method occur and applies uniformly across all platforms. +** The SQLITE_SYNC_NORMAL and SQLITE_SYNC_FULL flags determine how +** energetic or rigorous or forceful the sync operations are and +** only make a difference on Mac OSX for the default SQLite code. +** (Third-party VFS implementations might also make the distinction +** between SQLITE_SYNC_NORMAL and SQLITE_SYNC_FULL, but among the +** operating systems natively supported by SQLite, only Mac OSX +** cares about the difference.) +*/ +#define SQLITE_SYNC_NORMAL 0x00002 +#define SQLITE_SYNC_FULL 0x00003 +#define SQLITE_SYNC_DATAONLY 0x00010 + +/* +** CAPI3REF: OS Interface Open File Handle +** +** An [sqlite3_file] object represents an open file in the +** [sqlite3_vfs | OS interface layer]. Individual OS interface +** implementations will +** want to subclass this object by appending additional fields +** for their own use. The pMethods entry is a pointer to an +** [sqlite3_io_methods] object that defines methods for performing +** I/O operations on the open file. +*/ +typedef struct sqlite3_file sqlite3_file; +struct sqlite3_file { + const struct sqlite3_io_methods *pMethods; /* Methods for an open file */ +}; + +/* +** CAPI3REF: OS Interface File Virtual Methods Object +** +** Every file opened by the [sqlite3_vfs.xOpen] method populates an +** [sqlite3_file] object (or, more commonly, a subclass of the +** [sqlite3_file] object) with a pointer to an instance of this object. +** This object defines the methods used to perform various operations +** against the open file represented by the [sqlite3_file] object. +** +** If the [sqlite3_vfs.xOpen] method sets the sqlite3_file.pMethods element +** to a non-NULL pointer, then the sqlite3_io_methods.xClose method +** may be invoked even if the [sqlite3_vfs.xOpen] reported that it failed. The +** only way to prevent a call to xClose following a failed [sqlite3_vfs.xOpen] +** is for the [sqlite3_vfs.xOpen] to set the sqlite3_file.pMethods element +** to NULL. +** +** The flags argument to xSync may be one of [SQLITE_SYNC_NORMAL] or +** [SQLITE_SYNC_FULL]. The first choice is the normal fsync(). +** The second choice is a Mac OS X style fullsync. The [SQLITE_SYNC_DATAONLY] +** flag may be ORed in to indicate that only the data of the file +** and not its inode needs to be synced. +** +** The integer values to xLock() and xUnlock() are one of +**
    +**
  • [SQLITE_LOCK_NONE], +**
  • [SQLITE_LOCK_SHARED], +**
  • [SQLITE_LOCK_RESERVED], +**
  • [SQLITE_LOCK_PENDING], or +**
  • [SQLITE_LOCK_EXCLUSIVE]. +**
+** xLock() increases the lock. xUnlock() decreases the lock. +** The xCheckReservedLock() method checks whether any database connection, +** either in this process or in some other process, is holding a RESERVED, +** PENDING, or EXCLUSIVE lock on the file. It returns true +** if such a lock exists and false otherwise. +** +** The xFileControl() method is a generic interface that allows custom +** VFS implementations to directly control an open file using the +** [sqlite3_file_control()] interface. The second "op" argument is an +** integer opcode. The third argument is a generic pointer intended to +** point to a structure that may contain arguments or space in which to +** write return values. Potential uses for xFileControl() might be +** functions to enable blocking locks with timeouts, to change the +** locking strategy (for example to use dot-file locks), to inquire +** about the status of a lock, or to break stale locks. The SQLite +** core reserves all opcodes less than 100 for its own use. +** A [file control opcodes | list of opcodes] less than 100 is available. +** Applications that define a custom xFileControl method should use opcodes +** greater than 100 to avoid conflicts. VFS implementations should +** return [SQLITE_NOTFOUND] for file control opcodes that they do not +** recognize. +** +** The xSectorSize() method returns the sector size of the +** device that underlies the file. The sector size is the +** minimum write that can be performed without disturbing +** other bytes in the file. The xDeviceCharacteristics() +** method returns a bit vector describing behaviors of the +** underlying device: +** +**
    +**
  • [SQLITE_IOCAP_ATOMIC] +**
  • [SQLITE_IOCAP_ATOMIC512] +**
  • [SQLITE_IOCAP_ATOMIC1K] +**
  • [SQLITE_IOCAP_ATOMIC2K] +**
  • [SQLITE_IOCAP_ATOMIC4K] +**
  • [SQLITE_IOCAP_ATOMIC8K] +**
  • [SQLITE_IOCAP_ATOMIC16K] +**
  • [SQLITE_IOCAP_ATOMIC32K] +**
  • [SQLITE_IOCAP_ATOMIC64K] +**
  • [SQLITE_IOCAP_SAFE_APPEND] +**
  • [SQLITE_IOCAP_SEQUENTIAL] +**
+** +** The SQLITE_IOCAP_ATOMIC property means that all writes of +** any size are atomic. The SQLITE_IOCAP_ATOMICnnn values +** mean that writes of blocks that are nnn bytes in size and +** are aligned to an address which is an integer multiple of +** nnn are atomic. The SQLITE_IOCAP_SAFE_APPEND value means +** that when data is appended to a file, the data is appended +** first then the size of the file is extended, never the other +** way around. The SQLITE_IOCAP_SEQUENTIAL property means that +** information is written to disk in the same order as calls +** to xWrite(). +** +** If xRead() returns SQLITE_IOERR_SHORT_READ it must also fill +** in the unread portions of the buffer with zeros. A VFS that +** fails to zero-fill short reads might seem to work. However, +** failure to zero-fill short reads will eventually lead to +** database corruption. +*/ +typedef struct sqlite3_io_methods sqlite3_io_methods; +struct sqlite3_io_methods { + int iVersion; + int (*xClose)(sqlite3_file*); + int (*xRead)(sqlite3_file*, void*, int iAmt, sqlite3_int64 iOfst); + int (*xWrite)(sqlite3_file*, const void*, int iAmt, sqlite3_int64 iOfst); + int (*xTruncate)(sqlite3_file*, sqlite3_int64 size); + int (*xSync)(sqlite3_file*, int flags); + int (*xFileSize)(sqlite3_file*, sqlite3_int64 *pSize); + int (*xLock)(sqlite3_file*, int); + int (*xUnlock)(sqlite3_file*, int); + int (*xCheckReservedLock)(sqlite3_file*, int *pResOut); + int (*xFileControl)(sqlite3_file*, int op, void *pArg); + int (*xSectorSize)(sqlite3_file*); + int (*xDeviceCharacteristics)(sqlite3_file*); + /* Methods above are valid for version 1 */ + int (*xShmMap)(sqlite3_file*, int iPg, int pgsz, int, void volatile**); + int (*xShmLock)(sqlite3_file*, int offset, int n, int flags); + void (*xShmBarrier)(sqlite3_file*); + int (*xShmUnmap)(sqlite3_file*, int deleteFlag); + /* Methods above are valid for version 2 */ + int (*xFetch)(sqlite3_file*, sqlite3_int64 iOfst, int iAmt, void **pp); + int (*xUnfetch)(sqlite3_file*, sqlite3_int64 iOfst, void *p); + /* Methods above are valid for version 3 */ + /* Additional methods may be added in future releases */ +}; + +/* +** CAPI3REF: Standard File Control Opcodes +** KEYWORDS: {file control opcodes} {file control opcode} +** +** These integer constants are opcodes for the xFileControl method +** of the [sqlite3_io_methods] object and for the [sqlite3_file_control()] +** interface. +** +**
    +**
  • [[SQLITE_FCNTL_LOCKSTATE]] +** The [SQLITE_FCNTL_LOCKSTATE] opcode is used for debugging. This +** opcode causes the xFileControl method to write the current state of +** the lock (one of [SQLITE_LOCK_NONE], [SQLITE_LOCK_SHARED], +** [SQLITE_LOCK_RESERVED], [SQLITE_LOCK_PENDING], or [SQLITE_LOCK_EXCLUSIVE]) +** into an integer that the pArg argument points to. This capability +** is used during testing and is only available when the SQLITE_TEST +** compile-time option is used. +** +**
  • [[SQLITE_FCNTL_SIZE_HINT]] +** The [SQLITE_FCNTL_SIZE_HINT] opcode is used by SQLite to give the VFS +** layer a hint of how large the database file will grow to be during the +** current transaction. This hint is not guaranteed to be accurate but it +** is often close. The underlying VFS might choose to preallocate database +** file space based on this hint in order to help writes to the database +** file run faster. +** +**
  • [[SQLITE_FCNTL_CHUNK_SIZE]] +** The [SQLITE_FCNTL_CHUNK_SIZE] opcode is used to request that the VFS +** extends and truncates the database file in chunks of a size specified +** by the user. The fourth argument to [sqlite3_file_control()] should +** point to an integer (type int) containing the new chunk-size to use +** for the nominated database. Allocating database file space in large +** chunks (say 1MB at a time), may reduce file-system fragmentation and +** improve performance on some systems. +** +**
  • [[SQLITE_FCNTL_FILE_POINTER]] +** The [SQLITE_FCNTL_FILE_POINTER] opcode is used to obtain a pointer +** to the [sqlite3_file] object associated with a particular database +** connection. See also [SQLITE_FCNTL_JOURNAL_POINTER]. +** +**
  • [[SQLITE_FCNTL_JOURNAL_POINTER]] +** The [SQLITE_FCNTL_JOURNAL_POINTER] opcode is used to obtain a pointer +** to the [sqlite3_file] object associated with the journal file (either +** the [rollback journal] or the [write-ahead log]) for a particular database +** connection. See also [SQLITE_FCNTL_FILE_POINTER]. +** +**
  • [[SQLITE_FCNTL_SYNC_OMITTED]] +** No longer in use. +** +**
  • [[SQLITE_FCNTL_SYNC]] +** The [SQLITE_FCNTL_SYNC] opcode is generated internally by SQLite and +** sent to the VFS immediately before the xSync method is invoked on a +** database file descriptor. Or, if the xSync method is not invoked +** because the user has configured SQLite with +** [PRAGMA synchronous | PRAGMA synchronous=OFF] it is invoked in place +** of the xSync method. In most cases, the pointer argument passed with +** this file-control is NULL. However, if the database file is being synced +** as part of a multi-database commit, the argument points to a nul-terminated +** string containing the transactions master-journal file name. VFSes that +** do not need this signal should silently ignore this opcode. Applications +** should not call [sqlite3_file_control()] with this opcode as doing so may +** disrupt the operation of the specialized VFSes that do require it. +** +**
  • [[SQLITE_FCNTL_COMMIT_PHASETWO]] +** The [SQLITE_FCNTL_COMMIT_PHASETWO] opcode is generated internally by SQLite +** and sent to the VFS after a transaction has been committed immediately +** but before the database is unlocked. VFSes that do not need this signal +** should silently ignore this opcode. Applications should not call +** [sqlite3_file_control()] with this opcode as doing so may disrupt the +** operation of the specialized VFSes that do require it. +** +**
  • [[SQLITE_FCNTL_WIN32_AV_RETRY]] +** ^The [SQLITE_FCNTL_WIN32_AV_RETRY] opcode is used to configure automatic +** retry counts and intervals for certain disk I/O operations for the +** windows [VFS] in order to provide robustness in the presence of +** anti-virus programs. By default, the windows VFS will retry file read, +** file write, and file delete operations up to 10 times, with a delay +** of 25 milliseconds before the first retry and with the delay increasing +** by an additional 25 milliseconds with each subsequent retry. This +** opcode allows these two values (10 retries and 25 milliseconds of delay) +** to be adjusted. The values are changed for all database connections +** within the same process. The argument is a pointer to an array of two +** integers where the first integer i the new retry count and the second +** integer is the delay. If either integer is negative, then the setting +** is not changed but instead the prior value of that setting is written +** into the array entry, allowing the current retry settings to be +** interrogated. The zDbName parameter is ignored. +** +**
  • [[SQLITE_FCNTL_PERSIST_WAL]] +** ^The [SQLITE_FCNTL_PERSIST_WAL] opcode is used to set or query the +** persistent [WAL | Write Ahead Log] setting. By default, the auxiliary +** write ahead log and shared memory files used for transaction control +** are automatically deleted when the latest connection to the database +** closes. Setting persistent WAL mode causes those files to persist after +** close. Persisting the files is useful when other processes that do not +** have write permission on the directory containing the database file want +** to read the database file, as the WAL and shared memory files must exist +** in order for the database to be readable. The fourth parameter to +** [sqlite3_file_control()] for this opcode should be a pointer to an integer. +** That integer is 0 to disable persistent WAL mode or 1 to enable persistent +** WAL mode. If the integer is -1, then it is overwritten with the current +** WAL persistence setting. +** +**
  • [[SQLITE_FCNTL_POWERSAFE_OVERWRITE]] +** ^The [SQLITE_FCNTL_POWERSAFE_OVERWRITE] opcode is used to set or query the +** persistent "powersafe-overwrite" or "PSOW" setting. The PSOW setting +** determines the [SQLITE_IOCAP_POWERSAFE_OVERWRITE] bit of the +** xDeviceCharacteristics methods. The fourth parameter to +** [sqlite3_file_control()] for this opcode should be a pointer to an integer. +** That integer is 0 to disable zero-damage mode or 1 to enable zero-damage +** mode. If the integer is -1, then it is overwritten with the current +** zero-damage mode setting. +** +**
  • [[SQLITE_FCNTL_OVERWRITE]] +** ^The [SQLITE_FCNTL_OVERWRITE] opcode is invoked by SQLite after opening +** a write transaction to indicate that, unless it is rolled back for some +** reason, the entire database file will be overwritten by the current +** transaction. This is used by VACUUM operations. +** +**
  • [[SQLITE_FCNTL_VFSNAME]] +** ^The [SQLITE_FCNTL_VFSNAME] opcode can be used to obtain the names of +** all [VFSes] in the VFS stack. The names are of all VFS shims and the +** final bottom-level VFS are written into memory obtained from +** [sqlite3_malloc()] and the result is stored in the char* variable +** that the fourth parameter of [sqlite3_file_control()] points to. +** The caller is responsible for freeing the memory when done. As with +** all file-control actions, there is no guarantee that this will actually +** do anything. Callers should initialize the char* variable to a NULL +** pointer in case this file-control is not implemented. This file-control +** is intended for diagnostic use only. +** +**
  • [[SQLITE_FCNTL_VFS_POINTER]] +** ^The [SQLITE_FCNTL_VFS_POINTER] opcode finds a pointer to the top-level +** [VFSes] currently in use. ^(The argument X in +** sqlite3_file_control(db,SQLITE_FCNTL_VFS_POINTER,X) must be +** of type "[sqlite3_vfs] **". This opcodes will set *X +** to a pointer to the top-level VFS.)^ +** ^When there are multiple VFS shims in the stack, this opcode finds the +** upper-most shim only. +** +**
  • [[SQLITE_FCNTL_PRAGMA]] +** ^Whenever a [PRAGMA] statement is parsed, an [SQLITE_FCNTL_PRAGMA] +** file control is sent to the open [sqlite3_file] object corresponding +** to the database file to which the pragma statement refers. ^The argument +** to the [SQLITE_FCNTL_PRAGMA] file control is an array of +** pointers to strings (char**) in which the second element of the array +** is the name of the pragma and the third element is the argument to the +** pragma or NULL if the pragma has no argument. ^The handler for an +** [SQLITE_FCNTL_PRAGMA] file control can optionally make the first element +** of the char** argument point to a string obtained from [sqlite3_mprintf()] +** or the equivalent and that string will become the result of the pragma or +** the error message if the pragma fails. ^If the +** [SQLITE_FCNTL_PRAGMA] file control returns [SQLITE_NOTFOUND], then normal +** [PRAGMA] processing continues. ^If the [SQLITE_FCNTL_PRAGMA] +** file control returns [SQLITE_OK], then the parser assumes that the +** VFS has handled the PRAGMA itself and the parser generates a no-op +** prepared statement if result string is NULL, or that returns a copy +** of the result string if the string is non-NULL. +** ^If the [SQLITE_FCNTL_PRAGMA] file control returns +** any result code other than [SQLITE_OK] or [SQLITE_NOTFOUND], that means +** that the VFS encountered an error while handling the [PRAGMA] and the +** compilation of the PRAGMA fails with an error. ^The [SQLITE_FCNTL_PRAGMA] +** file control occurs at the beginning of pragma statement analysis and so +** it is able to override built-in [PRAGMA] statements. +** +**
  • [[SQLITE_FCNTL_BUSYHANDLER]] +** ^The [SQLITE_FCNTL_BUSYHANDLER] +** file-control may be invoked by SQLite on the database file handle +** shortly after it is opened in order to provide a custom VFS with access +** to the connections busy-handler callback. The argument is of type (void **) +** - an array of two (void *) values. The first (void *) actually points +** to a function of type (int (*)(void *)). In order to invoke the connections +** busy-handler, this function should be invoked with the second (void *) in +** the array as the only argument. If it returns non-zero, then the operation +** should be retried. If it returns zero, the custom VFS should abandon the +** current operation. +** +**
  • [[SQLITE_FCNTL_TEMPFILENAME]] +** ^Application can invoke the [SQLITE_FCNTL_TEMPFILENAME] file-control +** to have SQLite generate a +** temporary filename using the same algorithm that is followed to generate +** temporary filenames for TEMP tables and other internal uses. The +** argument should be a char** which will be filled with the filename +** written into memory obtained from [sqlite3_malloc()]. The caller should +** invoke [sqlite3_free()] on the result to avoid a memory leak. +** +**
  • [[SQLITE_FCNTL_MMAP_SIZE]] +** The [SQLITE_FCNTL_MMAP_SIZE] file control is used to query or set the +** maximum number of bytes that will be used for memory-mapped I/O. +** The argument is a pointer to a value of type sqlite3_int64 that +** is an advisory maximum number of bytes in the file to memory map. The +** pointer is overwritten with the old value. The limit is not changed if +** the value originally pointed to is negative, and so the current limit +** can be queried by passing in a pointer to a negative number. This +** file-control is used internally to implement [PRAGMA mmap_size]. +** +**
  • [[SQLITE_FCNTL_TRACE]] +** The [SQLITE_FCNTL_TRACE] file control provides advisory information +** to the VFS about what the higher layers of the SQLite stack are doing. +** This file control is used by some VFS activity tracing [shims]. +** The argument is a zero-terminated string. Higher layers in the +** SQLite stack may generate instances of this file control if +** the [SQLITE_USE_FCNTL_TRACE] compile-time option is enabled. +** +**
  • [[SQLITE_FCNTL_HAS_MOVED]] +** The [SQLITE_FCNTL_HAS_MOVED] file control interprets its argument as a +** pointer to an integer and it writes a boolean into that integer depending +** on whether or not the file has been renamed, moved, or deleted since it +** was first opened. +** +**
  • [[SQLITE_FCNTL_WIN32_GET_HANDLE]] +** The [SQLITE_FCNTL_WIN32_GET_HANDLE] opcode can be used to obtain the +** underlying native file handle associated with a file handle. This file +** control interprets its argument as a pointer to a native file handle and +** writes the resulting value there. +** +**
  • [[SQLITE_FCNTL_WIN32_SET_HANDLE]] +** The [SQLITE_FCNTL_WIN32_SET_HANDLE] opcode is used for debugging. This +** opcode causes the xFileControl method to swap the file handle with the one +** pointed to by the pArg argument. This capability is used during testing +** and only needs to be supported when SQLITE_TEST is defined. +** +**
  • [[SQLITE_FCNTL_WAL_BLOCK]] +** The [SQLITE_FCNTL_WAL_BLOCK] is a signal to the VFS layer that it might +** be advantageous to block on the next WAL lock if the lock is not immediately +** available. The WAL subsystem issues this signal during rare +** circumstances in order to fix a problem with priority inversion. +** Applications should not use this file-control. +** +**
  • [[SQLITE_FCNTL_ZIPVFS]] +** The [SQLITE_FCNTL_ZIPVFS] opcode is implemented by zipvfs only. All other +** VFS should return SQLITE_NOTFOUND for this opcode. +** +**
  • [[SQLITE_FCNTL_RBU]] +** The [SQLITE_FCNTL_RBU] opcode is implemented by the special VFS used by +** the RBU extension only. All other VFS should return SQLITE_NOTFOUND for +** this opcode. +**
+*/ +#define SQLITE_FCNTL_LOCKSTATE 1 +#define SQLITE_FCNTL_GET_LOCKPROXYFILE 2 +#define SQLITE_FCNTL_SET_LOCKPROXYFILE 3 +#define SQLITE_FCNTL_LAST_ERRNO 4 +#define SQLITE_FCNTL_SIZE_HINT 5 +#define SQLITE_FCNTL_CHUNK_SIZE 6 +#define SQLITE_FCNTL_FILE_POINTER 7 +#define SQLITE_FCNTL_SYNC_OMITTED 8 +#define SQLITE_FCNTL_WIN32_AV_RETRY 9 +#define SQLITE_FCNTL_PERSIST_WAL 10 +#define SQLITE_FCNTL_OVERWRITE 11 +#define SQLITE_FCNTL_VFSNAME 12 +#define SQLITE_FCNTL_POWERSAFE_OVERWRITE 13 +#define SQLITE_FCNTL_PRAGMA 14 +#define SQLITE_FCNTL_BUSYHANDLER 15 +#define SQLITE_FCNTL_TEMPFILENAME 16 +#define SQLITE_FCNTL_MMAP_SIZE 18 +#define SQLITE_FCNTL_TRACE 19 +#define SQLITE_FCNTL_HAS_MOVED 20 +#define SQLITE_FCNTL_SYNC 21 +#define SQLITE_FCNTL_COMMIT_PHASETWO 22 +#define SQLITE_FCNTL_WIN32_SET_HANDLE 23 +#define SQLITE_FCNTL_WAL_BLOCK 24 +#define SQLITE_FCNTL_ZIPVFS 25 +#define SQLITE_FCNTL_RBU 26 +#define SQLITE_FCNTL_VFS_POINTER 27 +#define SQLITE_FCNTL_JOURNAL_POINTER 28 +#define SQLITE_FCNTL_WIN32_GET_HANDLE 29 + +/* deprecated names */ +#define SQLITE_GET_LOCKPROXYFILE SQLITE_FCNTL_GET_LOCKPROXYFILE +#define SQLITE_SET_LOCKPROXYFILE SQLITE_FCNTL_SET_LOCKPROXYFILE +#define SQLITE_LAST_ERRNO SQLITE_FCNTL_LAST_ERRNO + + +/* +** CAPI3REF: Mutex Handle +** +** The mutex module within SQLite defines [sqlite3_mutex] to be an +** abstract type for a mutex object. The SQLite core never looks +** at the internal representation of an [sqlite3_mutex]. It only +** deals with pointers to the [sqlite3_mutex] object. +** +** Mutexes are created using [sqlite3_mutex_alloc()]. +*/ +typedef struct sqlite3_mutex sqlite3_mutex; + +/* +** CAPI3REF: Loadable Extension Thunk +** +** A pointer to the opaque sqlite3_api_routines structure is passed as +** the third parameter to entry points of [loadable extensions]. This +** structure must be typedefed in order to work around compiler warnings +** on some platforms. +*/ +typedef struct sqlite3_api_routines sqlite3_api_routines; + +/* +** CAPI3REF: OS Interface Object +** +** An instance of the sqlite3_vfs object defines the interface between +** the SQLite core and the underlying operating system. The "vfs" +** in the name of the object stands for "virtual file system". See +** the [VFS | VFS documentation] for further information. +** +** The value of the iVersion field is initially 1 but may be larger in +** future versions of SQLite. Additional fields may be appended to this +** object when the iVersion value is increased. Note that the structure +** of the sqlite3_vfs object changes in the transaction between +** SQLite version 3.5.9 and 3.6.0 and yet the iVersion field was not +** modified. +** +** The szOsFile field is the size of the subclassed [sqlite3_file] +** structure used by this VFS. mxPathname is the maximum length of +** a pathname in this VFS. +** +** Registered sqlite3_vfs objects are kept on a linked list formed by +** the pNext pointer. The [sqlite3_vfs_register()] +** and [sqlite3_vfs_unregister()] interfaces manage this list +** in a thread-safe way. The [sqlite3_vfs_find()] interface +** searches the list. Neither the application code nor the VFS +** implementation should use the pNext pointer. +** +** The pNext field is the only field in the sqlite3_vfs +** structure that SQLite will ever modify. SQLite will only access +** or modify this field while holding a particular static mutex. +** The application should never modify anything within the sqlite3_vfs +** object once the object has been registered. +** +** The zName field holds the name of the VFS module. The name must +** be unique across all VFS modules. +** +** [[sqlite3_vfs.xOpen]] +** ^SQLite guarantees that the zFilename parameter to xOpen +** is either a NULL pointer or string obtained +** from xFullPathname() with an optional suffix added. +** ^If a suffix is added to the zFilename parameter, it will +** consist of a single "-" character followed by no more than +** 11 alphanumeric and/or "-" characters. +** ^SQLite further guarantees that +** the string will be valid and unchanged until xClose() is +** called. Because of the previous sentence, +** the [sqlite3_file] can safely store a pointer to the +** filename if it needs to remember the filename for some reason. +** If the zFilename parameter to xOpen is a NULL pointer then xOpen +** must invent its own temporary name for the file. ^Whenever the +** xFilename parameter is NULL it will also be the case that the +** flags parameter will include [SQLITE_OPEN_DELETEONCLOSE]. +** +** The flags argument to xOpen() includes all bits set in +** the flags argument to [sqlite3_open_v2()]. Or if [sqlite3_open()] +** or [sqlite3_open16()] is used, then flags includes at least +** [SQLITE_OPEN_READWRITE] | [SQLITE_OPEN_CREATE]. +** If xOpen() opens a file read-only then it sets *pOutFlags to +** include [SQLITE_OPEN_READONLY]. Other bits in *pOutFlags may be set. +** +** ^(SQLite will also add one of the following flags to the xOpen() +** call, depending on the object being opened: +** +**
    +**
  • [SQLITE_OPEN_MAIN_DB] +**
  • [SQLITE_OPEN_MAIN_JOURNAL] +**
  • [SQLITE_OPEN_TEMP_DB] +**
  • [SQLITE_OPEN_TEMP_JOURNAL] +**
  • [SQLITE_OPEN_TRANSIENT_DB] +**
  • [SQLITE_OPEN_SUBJOURNAL] +**
  • [SQLITE_OPEN_MASTER_JOURNAL] +**
  • [SQLITE_OPEN_WAL] +**
)^ +** +** The file I/O implementation can use the object type flags to +** change the way it deals with files. For example, an application +** that does not care about crash recovery or rollback might make +** the open of a journal file a no-op. Writes to this journal would +** also be no-ops, and any attempt to read the journal would return +** SQLITE_IOERR. Or the implementation might recognize that a database +** file will be doing page-aligned sector reads and writes in a random +** order and set up its I/O subsystem accordingly. +** +** SQLite might also add one of the following flags to the xOpen method: +** +**
    +**
  • [SQLITE_OPEN_DELETEONCLOSE] +**
  • [SQLITE_OPEN_EXCLUSIVE] +**
+** +** The [SQLITE_OPEN_DELETEONCLOSE] flag means the file should be +** deleted when it is closed. ^The [SQLITE_OPEN_DELETEONCLOSE] +** will be set for TEMP databases and their journals, transient +** databases, and subjournals. +** +** ^The [SQLITE_OPEN_EXCLUSIVE] flag is always used in conjunction +** with the [SQLITE_OPEN_CREATE] flag, which are both directly +** analogous to the O_EXCL and O_CREAT flags of the POSIX open() +** API. The SQLITE_OPEN_EXCLUSIVE flag, when paired with the +** SQLITE_OPEN_CREATE, is used to indicate that file should always +** be created, and that it is an error if it already exists. +** It is not used to indicate the file should be opened +** for exclusive access. +** +** ^At least szOsFile bytes of memory are allocated by SQLite +** to hold the [sqlite3_file] structure passed as the third +** argument to xOpen. The xOpen method does not have to +** allocate the structure; it should just fill it in. Note that +** the xOpen method must set the sqlite3_file.pMethods to either +** a valid [sqlite3_io_methods] object or to NULL. xOpen must do +** this even if the open fails. SQLite expects that the sqlite3_file.pMethods +** element will be valid after xOpen returns regardless of the success +** or failure of the xOpen call. +** +** [[sqlite3_vfs.xAccess]] +** ^The flags argument to xAccess() may be [SQLITE_ACCESS_EXISTS] +** to test for the existence of a file, or [SQLITE_ACCESS_READWRITE] to +** test whether a file is readable and writable, or [SQLITE_ACCESS_READ] +** to test whether a file is at least readable. The file can be a +** directory. +** +** ^SQLite will always allocate at least mxPathname+1 bytes for the +** output buffer xFullPathname. The exact size of the output buffer +** is also passed as a parameter to both methods. If the output buffer +** is not large enough, [SQLITE_CANTOPEN] should be returned. Since this is +** handled as a fatal error by SQLite, vfs implementations should endeavor +** to prevent this by setting mxPathname to a sufficiently large value. +** +** The xRandomness(), xSleep(), xCurrentTime(), and xCurrentTimeInt64() +** interfaces are not strictly a part of the filesystem, but they are +** included in the VFS structure for completeness. +** The xRandomness() function attempts to return nBytes bytes +** of good-quality randomness into zOut. The return value is +** the actual number of bytes of randomness obtained. +** The xSleep() method causes the calling thread to sleep for at +** least the number of microseconds given. ^The xCurrentTime() +** method returns a Julian Day Number for the current date and time as +** a floating point value. +** ^The xCurrentTimeInt64() method returns, as an integer, the Julian +** Day Number multiplied by 86400000 (the number of milliseconds in +** a 24-hour day). +** ^SQLite will use the xCurrentTimeInt64() method to get the current +** date and time if that method is available (if iVersion is 2 or +** greater and the function pointer is not NULL) and will fall back +** to xCurrentTime() if xCurrentTimeInt64() is unavailable. +** +** ^The xSetSystemCall(), xGetSystemCall(), and xNestSystemCall() interfaces +** are not used by the SQLite core. These optional interfaces are provided +** by some VFSes to facilitate testing of the VFS code. By overriding +** system calls with functions under its control, a test program can +** simulate faults and error conditions that would otherwise be difficult +** or impossible to induce. The set of system calls that can be overridden +** varies from one VFS to another, and from one version of the same VFS to the +** next. Applications that use these interfaces must be prepared for any +** or all of these interfaces to be NULL or for their behavior to change +** from one release to the next. Applications must not attempt to access +** any of these methods if the iVersion of the VFS is less than 3. +*/ +typedef struct sqlite3_vfs sqlite3_vfs; +typedef void (*sqlite3_syscall_ptr)(void); +struct sqlite3_vfs { + int iVersion; /* Structure version number (currently 3) */ + int szOsFile; /* Size of subclassed sqlite3_file */ + int mxPathname; /* Maximum file pathname length */ + sqlite3_vfs *pNext; /* Next registered VFS */ + const char *zName; /* Name of this virtual file system */ + void *pAppData; /* Pointer to application-specific data */ + int (*xOpen)(sqlite3_vfs*, const char *zName, sqlite3_file*, + int flags, int *pOutFlags); + int (*xDelete)(sqlite3_vfs*, const char *zName, int syncDir); + int (*xAccess)(sqlite3_vfs*, const char *zName, int flags, int *pResOut); + int (*xFullPathname)(sqlite3_vfs*, const char *zName, int nOut, char *zOut); + void *(*xDlOpen)(sqlite3_vfs*, const char *zFilename); + void (*xDlError)(sqlite3_vfs*, int nByte, char *zErrMsg); + void (*(*xDlSym)(sqlite3_vfs*,void*, const char *zSymbol))(void); + void (*xDlClose)(sqlite3_vfs*, void*); + int (*xRandomness)(sqlite3_vfs*, int nByte, char *zOut); + int (*xSleep)(sqlite3_vfs*, int microseconds); + int (*xCurrentTime)(sqlite3_vfs*, double*); + int (*xGetLastError)(sqlite3_vfs*, int, char *); + /* + ** The methods above are in version 1 of the sqlite_vfs object + ** definition. Those that follow are added in version 2 or later + */ + int (*xCurrentTimeInt64)(sqlite3_vfs*, sqlite3_int64*); + /* + ** The methods above are in versions 1 and 2 of the sqlite_vfs object. + ** Those below are for version 3 and greater. + */ + int (*xSetSystemCall)(sqlite3_vfs*, const char *zName, sqlite3_syscall_ptr); + sqlite3_syscall_ptr (*xGetSystemCall)(sqlite3_vfs*, const char *zName); + const char *(*xNextSystemCall)(sqlite3_vfs*, const char *zName); + /* + ** The methods above are in versions 1 through 3 of the sqlite_vfs object. + ** New fields may be appended in future versions. The iVersion + ** value will increment whenever this happens. + */ +}; + +/* +** CAPI3REF: Flags for the xAccess VFS method +** +** These integer constants can be used as the third parameter to +** the xAccess method of an [sqlite3_vfs] object. They determine +** what kind of permissions the xAccess method is looking for. +** With SQLITE_ACCESS_EXISTS, the xAccess method +** simply checks whether the file exists. +** With SQLITE_ACCESS_READWRITE, the xAccess method +** checks whether the named directory is both readable and writable +** (in other words, if files can be added, removed, and renamed within +** the directory). +** The SQLITE_ACCESS_READWRITE constant is currently used only by the +** [temp_store_directory pragma], though this could change in a future +** release of SQLite. +** With SQLITE_ACCESS_READ, the xAccess method +** checks whether the file is readable. The SQLITE_ACCESS_READ constant is +** currently unused, though it might be used in a future release of +** SQLite. +*/ +#define SQLITE_ACCESS_EXISTS 0 +#define SQLITE_ACCESS_READWRITE 1 /* Used by PRAGMA temp_store_directory */ +#define SQLITE_ACCESS_READ 2 /* Unused */ + +/* +** CAPI3REF: Flags for the xShmLock VFS method +** +** These integer constants define the various locking operations +** allowed by the xShmLock method of [sqlite3_io_methods]. The +** following are the only legal combinations of flags to the +** xShmLock method: +** +**
    +**
  • SQLITE_SHM_LOCK | SQLITE_SHM_SHARED +**
  • SQLITE_SHM_LOCK | SQLITE_SHM_EXCLUSIVE +**
  • SQLITE_SHM_UNLOCK | SQLITE_SHM_SHARED +**
  • SQLITE_SHM_UNLOCK | SQLITE_SHM_EXCLUSIVE +**
+** +** When unlocking, the same SHARED or EXCLUSIVE flag must be supplied as +** was given on the corresponding lock. +** +** The xShmLock method can transition between unlocked and SHARED or +** between unlocked and EXCLUSIVE. It cannot transition between SHARED +** and EXCLUSIVE. +*/ +#define SQLITE_SHM_UNLOCK 1 +#define SQLITE_SHM_LOCK 2 +#define SQLITE_SHM_SHARED 4 +#define SQLITE_SHM_EXCLUSIVE 8 + +/* +** CAPI3REF: Maximum xShmLock index +** +** The xShmLock method on [sqlite3_io_methods] may use values +** between 0 and this upper bound as its "offset" argument. +** The SQLite core will never attempt to acquire or release a +** lock outside of this range +*/ +#define SQLITE_SHM_NLOCK 8 + + +/* +** CAPI3REF: Initialize The SQLite Library +** +** ^The sqlite3_initialize() routine initializes the +** SQLite library. ^The sqlite3_shutdown() routine +** deallocates any resources that were allocated by sqlite3_initialize(). +** These routines are designed to aid in process initialization and +** shutdown on embedded systems. Workstation applications using +** SQLite normally do not need to invoke either of these routines. +** +** A call to sqlite3_initialize() is an "effective" call if it is +** the first time sqlite3_initialize() is invoked during the lifetime of +** the process, or if it is the first time sqlite3_initialize() is invoked +** following a call to sqlite3_shutdown(). ^(Only an effective call +** of sqlite3_initialize() does any initialization. All other calls +** are harmless no-ops.)^ +** +** A call to sqlite3_shutdown() is an "effective" call if it is the first +** call to sqlite3_shutdown() since the last sqlite3_initialize(). ^(Only +** an effective call to sqlite3_shutdown() does any deinitialization. +** All other valid calls to sqlite3_shutdown() are harmless no-ops.)^ +** +** The sqlite3_initialize() interface is threadsafe, but sqlite3_shutdown() +** is not. The sqlite3_shutdown() interface must only be called from a +** single thread. All open [database connections] must be closed and all +** other SQLite resources must be deallocated prior to invoking +** sqlite3_shutdown(). +** +** Among other things, ^sqlite3_initialize() will invoke +** sqlite3_os_init(). Similarly, ^sqlite3_shutdown() +** will invoke sqlite3_os_end(). +** +** ^The sqlite3_initialize() routine returns [SQLITE_OK] on success. +** ^If for some reason, sqlite3_initialize() is unable to initialize +** the library (perhaps it is unable to allocate a needed resource such +** as a mutex) it returns an [error code] other than [SQLITE_OK]. +** +** ^The sqlite3_initialize() routine is called internally by many other +** SQLite interfaces so that an application usually does not need to +** invoke sqlite3_initialize() directly. For example, [sqlite3_open()] +** calls sqlite3_initialize() so the SQLite library will be automatically +** initialized when [sqlite3_open()] is called if it has not be initialized +** already. ^However, if SQLite is compiled with the [SQLITE_OMIT_AUTOINIT] +** compile-time option, then the automatic calls to sqlite3_initialize() +** are omitted and the application must call sqlite3_initialize() directly +** prior to using any other SQLite interface. For maximum portability, +** it is recommended that applications always invoke sqlite3_initialize() +** directly prior to using any other SQLite interface. Future releases +** of SQLite may require this. In other words, the behavior exhibited +** when SQLite is compiled with [SQLITE_OMIT_AUTOINIT] might become the +** default behavior in some future release of SQLite. +** +** The sqlite3_os_init() routine does operating-system specific +** initialization of the SQLite library. The sqlite3_os_end() +** routine undoes the effect of sqlite3_os_init(). Typical tasks +** performed by these routines include allocation or deallocation +** of static resources, initialization of global variables, +** setting up a default [sqlite3_vfs] module, or setting up +** a default configuration using [sqlite3_config()]. +** +** The application should never invoke either sqlite3_os_init() +** or sqlite3_os_end() directly. The application should only invoke +** sqlite3_initialize() and sqlite3_shutdown(). The sqlite3_os_init() +** interface is called automatically by sqlite3_initialize() and +** sqlite3_os_end() is called by sqlite3_shutdown(). Appropriate +** implementations for sqlite3_os_init() and sqlite3_os_end() +** are built into SQLite when it is compiled for Unix, Windows, or OS/2. +** When [custom builds | built for other platforms] +** (using the [SQLITE_OS_OTHER=1] compile-time +** option) the application must supply a suitable implementation for +** sqlite3_os_init() and sqlite3_os_end(). An application-supplied +** implementation of sqlite3_os_init() or sqlite3_os_end() +** must return [SQLITE_OK] on success and some other [error code] upon +** failure. +*/ +SQLITE_API int sqlite3_initialize(void); +SQLITE_API int sqlite3_shutdown(void); +SQLITE_API int sqlite3_os_init(void); +SQLITE_API int sqlite3_os_end(void); + +/* +** CAPI3REF: Configuring The SQLite Library +** +** The sqlite3_config() interface is used to make global configuration +** changes to SQLite in order to tune SQLite to the specific needs of +** the application. The default configuration is recommended for most +** applications and so this routine is usually not necessary. It is +** provided to support rare applications with unusual needs. +** +** The sqlite3_config() interface is not threadsafe. The application +** must ensure that no other SQLite interfaces are invoked by other +** threads while sqlite3_config() is running. +** +** The sqlite3_config() interface +** may only be invoked prior to library initialization using +** [sqlite3_initialize()] or after shutdown by [sqlite3_shutdown()]. +** ^If sqlite3_config() is called after [sqlite3_initialize()] and before +** [sqlite3_shutdown()] then it will return SQLITE_MISUSE. +** Note, however, that ^sqlite3_config() can be called as part of the +** implementation of an application-defined [sqlite3_os_init()]. +** +** The first argument to sqlite3_config() is an integer +** [configuration option] that determines +** what property of SQLite is to be configured. Subsequent arguments +** vary depending on the [configuration option] +** in the first argument. +** +** ^When a configuration option is set, sqlite3_config() returns [SQLITE_OK]. +** ^If the option is unknown or SQLite is unable to set the option +** then this routine returns a non-zero [error code]. +*/ +SQLITE_API int sqlite3_config(int, ...); + +/* +** CAPI3REF: Configure database connections +** METHOD: sqlite3 +** +** The sqlite3_db_config() interface is used to make configuration +** changes to a [database connection]. The interface is similar to +** [sqlite3_config()] except that the changes apply to a single +** [database connection] (specified in the first argument). +** +** The second argument to sqlite3_db_config(D,V,...) is the +** [SQLITE_DBCONFIG_LOOKASIDE | configuration verb] - an integer code +** that indicates what aspect of the [database connection] is being configured. +** Subsequent arguments vary depending on the configuration verb. +** +** ^Calls to sqlite3_db_config() return SQLITE_OK if and only if +** the call is considered successful. +*/ +SQLITE_API int sqlite3_db_config(sqlite3*, int op, ...); + +/* +** CAPI3REF: Memory Allocation Routines +** +** An instance of this object defines the interface between SQLite +** and low-level memory allocation routines. +** +** This object is used in only one place in the SQLite interface. +** A pointer to an instance of this object is the argument to +** [sqlite3_config()] when the configuration option is +** [SQLITE_CONFIG_MALLOC] or [SQLITE_CONFIG_GETMALLOC]. +** By creating an instance of this object +** and passing it to [sqlite3_config]([SQLITE_CONFIG_MALLOC]) +** during configuration, an application can specify an alternative +** memory allocation subsystem for SQLite to use for all of its +** dynamic memory needs. +** +** Note that SQLite comes with several [built-in memory allocators] +** that are perfectly adequate for the overwhelming majority of applications +** and that this object is only useful to a tiny minority of applications +** with specialized memory allocation requirements. This object is +** also used during testing of SQLite in order to specify an alternative +** memory allocator that simulates memory out-of-memory conditions in +** order to verify that SQLite recovers gracefully from such +** conditions. +** +** The xMalloc, xRealloc, and xFree methods must work like the +** malloc(), realloc() and free() functions from the standard C library. +** ^SQLite guarantees that the second argument to +** xRealloc is always a value returned by a prior call to xRoundup. +** +** xSize should return the allocated size of a memory allocation +** previously obtained from xMalloc or xRealloc. The allocated size +** is always at least as big as the requested size but may be larger. +** +** The xRoundup method returns what would be the allocated size of +** a memory allocation given a particular requested size. Most memory +** allocators round up memory allocations at least to the next multiple +** of 8. Some allocators round up to a larger multiple or to a power of 2. +** Every memory allocation request coming in through [sqlite3_malloc()] +** or [sqlite3_realloc()] first calls xRoundup. If xRoundup returns 0, +** that causes the corresponding memory allocation to fail. +** +** The xInit method initializes the memory allocator. For example, +** it might allocate any require mutexes or initialize internal data +** structures. The xShutdown method is invoked (indirectly) by +** [sqlite3_shutdown()] and should deallocate any resources acquired +** by xInit. The pAppData pointer is used as the only parameter to +** xInit and xShutdown. +** +** SQLite holds the [SQLITE_MUTEX_STATIC_MASTER] mutex when it invokes +** the xInit method, so the xInit method need not be threadsafe. The +** xShutdown method is only called from [sqlite3_shutdown()] so it does +** not need to be threadsafe either. For all other methods, SQLite +** holds the [SQLITE_MUTEX_STATIC_MEM] mutex as long as the +** [SQLITE_CONFIG_MEMSTATUS] configuration option is turned on (which +** it is by default) and so the methods are automatically serialized. +** However, if [SQLITE_CONFIG_MEMSTATUS] is disabled, then the other +** methods must be threadsafe or else make their own arrangements for +** serialization. +** +** SQLite will never invoke xInit() more than once without an intervening +** call to xShutdown(). +*/ +typedef struct sqlite3_mem_methods sqlite3_mem_methods; +struct sqlite3_mem_methods { + void *(*xMalloc)(int); /* Memory allocation function */ + void (*xFree)(void*); /* Free a prior allocation */ + void *(*xRealloc)(void*,int); /* Resize an allocation */ + int (*xSize)(void*); /* Return the size of an allocation */ + int (*xRoundup)(int); /* Round up request size to allocation size */ + int (*xInit)(void*); /* Initialize the memory allocator */ + void (*xShutdown)(void*); /* Deinitialize the memory allocator */ + void *pAppData; /* Argument to xInit() and xShutdown() */ +}; + +/* +** CAPI3REF: Configuration Options +** KEYWORDS: {configuration option} +** +** These constants are the available integer configuration options that +** can be passed as the first argument to the [sqlite3_config()] interface. +** +** New configuration options may be added in future releases of SQLite. +** Existing configuration options might be discontinued. Applications +** should check the return code from [sqlite3_config()] to make sure that +** the call worked. The [sqlite3_config()] interface will return a +** non-zero [error code] if a discontinued or unsupported configuration option +** is invoked. +** +**
+** [[SQLITE_CONFIG_SINGLETHREAD]]
SQLITE_CONFIG_SINGLETHREAD
+**
There are no arguments to this option. ^This option sets the +** [threading mode] to Single-thread. In other words, it disables +** all mutexing and puts SQLite into a mode where it can only be used +** by a single thread. ^If SQLite is compiled with +** the [SQLITE_THREADSAFE | SQLITE_THREADSAFE=0] compile-time option then +** it is not possible to change the [threading mode] from its default +** value of Single-thread and so [sqlite3_config()] will return +** [SQLITE_ERROR] if called with the SQLITE_CONFIG_SINGLETHREAD +** configuration option.
+** +** [[SQLITE_CONFIG_MULTITHREAD]]
SQLITE_CONFIG_MULTITHREAD
+**
There are no arguments to this option. ^This option sets the +** [threading mode] to Multi-thread. In other words, it disables +** mutexing on [database connection] and [prepared statement] objects. +** The application is responsible for serializing access to +** [database connections] and [prepared statements]. But other mutexes +** are enabled so that SQLite will be safe to use in a multi-threaded +** environment as long as no two threads attempt to use the same +** [database connection] at the same time. ^If SQLite is compiled with +** the [SQLITE_THREADSAFE | SQLITE_THREADSAFE=0] compile-time option then +** it is not possible to set the Multi-thread [threading mode] and +** [sqlite3_config()] will return [SQLITE_ERROR] if called with the +** SQLITE_CONFIG_MULTITHREAD configuration option.
+** +** [[SQLITE_CONFIG_SERIALIZED]]
SQLITE_CONFIG_SERIALIZED
+**
There are no arguments to this option. ^This option sets the +** [threading mode] to Serialized. In other words, this option enables +** all mutexes including the recursive +** mutexes on [database connection] and [prepared statement] objects. +** In this mode (which is the default when SQLite is compiled with +** [SQLITE_THREADSAFE=1]) the SQLite library will itself serialize access +** to [database connections] and [prepared statements] so that the +** application is free to use the same [database connection] or the +** same [prepared statement] in different threads at the same time. +** ^If SQLite is compiled with +** the [SQLITE_THREADSAFE | SQLITE_THREADSAFE=0] compile-time option then +** it is not possible to set the Serialized [threading mode] and +** [sqlite3_config()] will return [SQLITE_ERROR] if called with the +** SQLITE_CONFIG_SERIALIZED configuration option.
+** +** [[SQLITE_CONFIG_MALLOC]]
SQLITE_CONFIG_MALLOC
+**
^(The SQLITE_CONFIG_MALLOC option takes a single argument which is +** a pointer to an instance of the [sqlite3_mem_methods] structure. +** The argument specifies +** alternative low-level memory allocation routines to be used in place of +** the memory allocation routines built into SQLite.)^ ^SQLite makes +** its own private copy of the content of the [sqlite3_mem_methods] structure +** before the [sqlite3_config()] call returns.
+** +** [[SQLITE_CONFIG_GETMALLOC]]
SQLITE_CONFIG_GETMALLOC
+**
^(The SQLITE_CONFIG_GETMALLOC option takes a single argument which +** is a pointer to an instance of the [sqlite3_mem_methods] structure. +** The [sqlite3_mem_methods] +** structure is filled with the currently defined memory allocation routines.)^ +** This option can be used to overload the default memory allocation +** routines with a wrapper that simulations memory allocation failure or +** tracks memory usage, for example.
+** +** [[SQLITE_CONFIG_MEMSTATUS]]
SQLITE_CONFIG_MEMSTATUS
+**
^The SQLITE_CONFIG_MEMSTATUS option takes single argument of type int, +** interpreted as a boolean, which enables or disables the collection of +** memory allocation statistics. ^(When memory allocation statistics are +** disabled, the following SQLite interfaces become non-operational: +**
    +**
  • [sqlite3_memory_used()] +**
  • [sqlite3_memory_highwater()] +**
  • [sqlite3_soft_heap_limit64()] +**
  • [sqlite3_status64()] +**
)^ +** ^Memory allocation statistics are enabled by default unless SQLite is +** compiled with [SQLITE_DEFAULT_MEMSTATUS]=0 in which case memory +** allocation statistics are disabled by default. +**
+** +** [[SQLITE_CONFIG_SCRATCH]]
SQLITE_CONFIG_SCRATCH
+**
^The SQLITE_CONFIG_SCRATCH option specifies a static memory buffer +** that SQLite can use for scratch memory. ^(There are three arguments +** to SQLITE_CONFIG_SCRATCH: A pointer an 8-byte +** aligned memory buffer from which the scratch allocations will be +** drawn, the size of each scratch allocation (sz), +** and the maximum number of scratch allocations (N).)^ +** The first argument must be a pointer to an 8-byte aligned buffer +** of at least sz*N bytes of memory. +** ^SQLite will not use more than one scratch buffers per thread. +** ^SQLite will never request a scratch buffer that is more than 6 +** times the database page size. +** ^If SQLite needs needs additional +** scratch memory beyond what is provided by this configuration option, then +** [sqlite3_malloc()] will be used to obtain the memory needed.

+** ^When the application provides any amount of scratch memory using +** SQLITE_CONFIG_SCRATCH, SQLite avoids unnecessary large +** [sqlite3_malloc|heap allocations]. +** This can help [Robson proof|prevent memory allocation failures] due to heap +** fragmentation in low-memory embedded systems. +**

+** +** [[SQLITE_CONFIG_PAGECACHE]]
SQLITE_CONFIG_PAGECACHE
+**
^The SQLITE_CONFIG_PAGECACHE option specifies a memory pool +** that SQLite can use for the database page cache with the default page +** cache implementation. +** This configuration option is a no-op if an application-define page +** cache implementation is loaded using the [SQLITE_CONFIG_PCACHE2]. +** ^There are three arguments to SQLITE_CONFIG_PAGECACHE: A pointer to +** 8-byte aligned memory (pMem), the size of each page cache line (sz), +** and the number of cache lines (N). +** The sz argument should be the size of the largest database page +** (a power of two between 512 and 65536) plus some extra bytes for each +** page header. ^The number of extra bytes needed by the page header +** can be determined using [SQLITE_CONFIG_PCACHE_HDRSZ]. +** ^It is harmless, apart from the wasted memory, +** for the sz parameter to be larger than necessary. The pMem +** argument must be either a NULL pointer or a pointer to an 8-byte +** aligned block of memory of at least sz*N bytes, otherwise +** subsequent behavior is undefined. +** ^When pMem is not NULL, SQLite will strive to use the memory provided +** to satisfy page cache needs, falling back to [sqlite3_malloc()] if +** a page cache line is larger than sz bytes or if all of the pMem buffer +** is exhausted. +** ^If pMem is NULL and N is non-zero, then each database connection +** does an initial bulk allocation for page cache memory +** from [sqlite3_malloc()] sufficient for N cache lines if N is positive or +** of -1024*N bytes if N is negative, . ^If additional +** page cache memory is needed beyond what is provided by the initial +** allocation, then SQLite goes to [sqlite3_malloc()] separately for each +** additional cache line.
+** +** [[SQLITE_CONFIG_HEAP]]
SQLITE_CONFIG_HEAP
+**
^The SQLITE_CONFIG_HEAP option specifies a static memory buffer +** that SQLite will use for all of its dynamic memory allocation needs +** beyond those provided for by [SQLITE_CONFIG_SCRATCH] and +** [SQLITE_CONFIG_PAGECACHE]. +** ^The SQLITE_CONFIG_HEAP option is only available if SQLite is compiled +** with either [SQLITE_ENABLE_MEMSYS3] or [SQLITE_ENABLE_MEMSYS5] and returns +** [SQLITE_ERROR] if invoked otherwise. +** ^There are three arguments to SQLITE_CONFIG_HEAP: +** An 8-byte aligned pointer to the memory, +** the number of bytes in the memory buffer, and the minimum allocation size. +** ^If the first pointer (the memory pointer) is NULL, then SQLite reverts +** to using its default memory allocator (the system malloc() implementation), +** undoing any prior invocation of [SQLITE_CONFIG_MALLOC]. ^If the +** memory pointer is not NULL then the alternative memory +** allocator is engaged to handle all of SQLites memory allocation needs. +** The first pointer (the memory pointer) must be aligned to an 8-byte +** boundary or subsequent behavior of SQLite will be undefined. +** The minimum allocation size is capped at 2**12. Reasonable values +** for the minimum allocation size are 2**5 through 2**8.
+** +** [[SQLITE_CONFIG_MUTEX]]
SQLITE_CONFIG_MUTEX
+**
^(The SQLITE_CONFIG_MUTEX option takes a single argument which is a +** pointer to an instance of the [sqlite3_mutex_methods] structure. +** The argument specifies alternative low-level mutex routines to be used +** in place the mutex routines built into SQLite.)^ ^SQLite makes a copy of +** the content of the [sqlite3_mutex_methods] structure before the call to +** [sqlite3_config()] returns. ^If SQLite is compiled with +** the [SQLITE_THREADSAFE | SQLITE_THREADSAFE=0] compile-time option then +** the entire mutexing subsystem is omitted from the build and hence calls to +** [sqlite3_config()] with the SQLITE_CONFIG_MUTEX configuration option will +** return [SQLITE_ERROR].
+** +** [[SQLITE_CONFIG_GETMUTEX]]
SQLITE_CONFIG_GETMUTEX
+**
^(The SQLITE_CONFIG_GETMUTEX option takes a single argument which +** is a pointer to an instance of the [sqlite3_mutex_methods] structure. The +** [sqlite3_mutex_methods] +** structure is filled with the currently defined mutex routines.)^ +** This option can be used to overload the default mutex allocation +** routines with a wrapper used to track mutex usage for performance +** profiling or testing, for example. ^If SQLite is compiled with +** the [SQLITE_THREADSAFE | SQLITE_THREADSAFE=0] compile-time option then +** the entire mutexing subsystem is omitted from the build and hence calls to +** [sqlite3_config()] with the SQLITE_CONFIG_GETMUTEX configuration option will +** return [SQLITE_ERROR].
+** +** [[SQLITE_CONFIG_LOOKASIDE]]
SQLITE_CONFIG_LOOKASIDE
+**
^(The SQLITE_CONFIG_LOOKASIDE option takes two arguments that determine +** the default size of lookaside memory on each [database connection]. +** The first argument is the +** size of each lookaside buffer slot and the second is the number of +** slots allocated to each database connection.)^ ^(SQLITE_CONFIG_LOOKASIDE +** sets the default lookaside size. The [SQLITE_DBCONFIG_LOOKASIDE] +** option to [sqlite3_db_config()] can be used to change the lookaside +** configuration on individual connections.)^
+** +** [[SQLITE_CONFIG_PCACHE2]]
SQLITE_CONFIG_PCACHE2
+**
^(The SQLITE_CONFIG_PCACHE2 option takes a single argument which is +** a pointer to an [sqlite3_pcache_methods2] object. This object specifies +** the interface to a custom page cache implementation.)^ +** ^SQLite makes a copy of the [sqlite3_pcache_methods2] object.
+** +** [[SQLITE_CONFIG_GETPCACHE2]]
SQLITE_CONFIG_GETPCACHE2
+**
^(The SQLITE_CONFIG_GETPCACHE2 option takes a single argument which +** is a pointer to an [sqlite3_pcache_methods2] object. SQLite copies of +** the current page cache implementation into that object.)^
+** +** [[SQLITE_CONFIG_LOG]]
SQLITE_CONFIG_LOG
+**
The SQLITE_CONFIG_LOG option is used to configure the SQLite +** global [error log]. +** (^The SQLITE_CONFIG_LOG option takes two arguments: a pointer to a +** function with a call signature of void(*)(void*,int,const char*), +** and a pointer to void. ^If the function pointer is not NULL, it is +** invoked by [sqlite3_log()] to process each logging event. ^If the +** function pointer is NULL, the [sqlite3_log()] interface becomes a no-op. +** ^The void pointer that is the second argument to SQLITE_CONFIG_LOG is +** passed through as the first parameter to the application-defined logger +** function whenever that function is invoked. ^The second parameter to +** the logger function is a copy of the first parameter to the corresponding +** [sqlite3_log()] call and is intended to be a [result code] or an +** [extended result code]. ^The third parameter passed to the logger is +** log message after formatting via [sqlite3_snprintf()]. +** The SQLite logging interface is not reentrant; the logger function +** supplied by the application must not invoke any SQLite interface. +** In a multi-threaded application, the application-defined logger +** function must be threadsafe.
+** +** [[SQLITE_CONFIG_URI]]
SQLITE_CONFIG_URI +**
^(The SQLITE_CONFIG_URI option takes a single argument of type int. +** If non-zero, then URI handling is globally enabled. If the parameter is zero, +** then URI handling is globally disabled.)^ ^If URI handling is globally +** enabled, all filenames passed to [sqlite3_open()], [sqlite3_open_v2()], +** [sqlite3_open16()] or +** specified as part of [ATTACH] commands are interpreted as URIs, regardless +** of whether or not the [SQLITE_OPEN_URI] flag is set when the database +** connection is opened. ^If it is globally disabled, filenames are +** only interpreted as URIs if the SQLITE_OPEN_URI flag is set when the +** database connection is opened. ^(By default, URI handling is globally +** disabled. The default value may be changed by compiling with the +** [SQLITE_USE_URI] symbol defined.)^ +** +** [[SQLITE_CONFIG_COVERING_INDEX_SCAN]]
SQLITE_CONFIG_COVERING_INDEX_SCAN +**
^The SQLITE_CONFIG_COVERING_INDEX_SCAN option takes a single integer +** argument which is interpreted as a boolean in order to enable or disable +** the use of covering indices for full table scans in the query optimizer. +** ^The default setting is determined +** by the [SQLITE_ALLOW_COVERING_INDEX_SCAN] compile-time option, or is "on" +** if that compile-time option is omitted. +** The ability to disable the use of covering indices for full table scans +** is because some incorrectly coded legacy applications might malfunction +** when the optimization is enabled. Providing the ability to +** disable the optimization allows the older, buggy application code to work +** without change even with newer versions of SQLite. +** +** [[SQLITE_CONFIG_PCACHE]] [[SQLITE_CONFIG_GETPCACHE]] +**
SQLITE_CONFIG_PCACHE and SQLITE_CONFIG_GETPCACHE +**
These options are obsolete and should not be used by new code. +** They are retained for backwards compatibility but are now no-ops. +**
+** +** [[SQLITE_CONFIG_SQLLOG]] +**
SQLITE_CONFIG_SQLLOG +**
This option is only available if sqlite is compiled with the +** [SQLITE_ENABLE_SQLLOG] pre-processor macro defined. The first argument should +** be a pointer to a function of type void(*)(void*,sqlite3*,const char*, int). +** The second should be of type (void*). The callback is invoked by the library +** in three separate circumstances, identified by the value passed as the +** fourth parameter. If the fourth parameter is 0, then the database connection +** passed as the second argument has just been opened. The third argument +** points to a buffer containing the name of the main database file. If the +** fourth parameter is 1, then the SQL statement that the third parameter +** points to has just been executed. Or, if the fourth parameter is 2, then +** the connection being passed as the second parameter is being closed. The +** third parameter is passed NULL In this case. An example of using this +** configuration option can be seen in the "test_sqllog.c" source file in +** the canonical SQLite source tree.
+** +** [[SQLITE_CONFIG_MMAP_SIZE]] +**
SQLITE_CONFIG_MMAP_SIZE +**
^SQLITE_CONFIG_MMAP_SIZE takes two 64-bit integer (sqlite3_int64) values +** that are the default mmap size limit (the default setting for +** [PRAGMA mmap_size]) and the maximum allowed mmap size limit. +** ^The default setting can be overridden by each database connection using +** either the [PRAGMA mmap_size] command, or by using the +** [SQLITE_FCNTL_MMAP_SIZE] file control. ^(The maximum allowed mmap size +** will be silently truncated if necessary so that it does not exceed the +** compile-time maximum mmap size set by the +** [SQLITE_MAX_MMAP_SIZE] compile-time option.)^ +** ^If either argument to this option is negative, then that argument is +** changed to its compile-time default. +** +** [[SQLITE_CONFIG_WIN32_HEAPSIZE]] +**
SQLITE_CONFIG_WIN32_HEAPSIZE +**
^The SQLITE_CONFIG_WIN32_HEAPSIZE option is only available if SQLite is +** compiled for Windows with the [SQLITE_WIN32_MALLOC] pre-processor macro +** defined. ^SQLITE_CONFIG_WIN32_HEAPSIZE takes a 32-bit unsigned integer value +** that specifies the maximum size of the created heap. +** +** [[SQLITE_CONFIG_PCACHE_HDRSZ]] +**
SQLITE_CONFIG_PCACHE_HDRSZ +**
^The SQLITE_CONFIG_PCACHE_HDRSZ option takes a single parameter which +** is a pointer to an integer and writes into that integer the number of extra +** bytes per page required for each page in [SQLITE_CONFIG_PAGECACHE]. +** The amount of extra space required can change depending on the compiler, +** target platform, and SQLite version. +** +** [[SQLITE_CONFIG_PMASZ]] +**
SQLITE_CONFIG_PMASZ +**
^The SQLITE_CONFIG_PMASZ option takes a single parameter which +** is an unsigned integer and sets the "Minimum PMA Size" for the multithreaded +** sorter to that integer. The default minimum PMA Size is set by the +** [SQLITE_SORTER_PMASZ] compile-time option. New threads are launched +** to help with sort operations when multithreaded sorting +** is enabled (using the [PRAGMA threads] command) and the amount of content +** to be sorted exceeds the page size times the minimum of the +** [PRAGMA cache_size] setting and this value. +** +** [[SQLITE_CONFIG_STMTJRNL_SPILL]] +**
SQLITE_CONFIG_STMTJRNL_SPILL +**
^The SQLITE_CONFIG_STMTJRNL_SPILL option takes a single parameter which +** becomes the [statement journal] spill-to-disk threshold. +** [Statement journals] are held in memory until their size (in bytes) +** exceeds this threshold, at which point they are written to disk. +** Or if the threshold is -1, statement journals are always held +** exclusively in memory. +** Since many statement journals never become large, setting the spill +** threshold to a value such as 64KiB can greatly reduce the amount of +** I/O required to support statement rollback. +** The default value for this setting is controlled by the +** [SQLITE_STMTJRNL_SPILL] compile-time option. +**
+*/ +#define SQLITE_CONFIG_SINGLETHREAD 1 /* nil */ +#define SQLITE_CONFIG_MULTITHREAD 2 /* nil */ +#define SQLITE_CONFIG_SERIALIZED 3 /* nil */ +#define SQLITE_CONFIG_MALLOC 4 /* sqlite3_mem_methods* */ +#define SQLITE_CONFIG_GETMALLOC 5 /* sqlite3_mem_methods* */ +#define SQLITE_CONFIG_SCRATCH 6 /* void*, int sz, int N */ +#define SQLITE_CONFIG_PAGECACHE 7 /* void*, int sz, int N */ +#define SQLITE_CONFIG_HEAP 8 /* void*, int nByte, int min */ +#define SQLITE_CONFIG_MEMSTATUS 9 /* boolean */ +#define SQLITE_CONFIG_MUTEX 10 /* sqlite3_mutex_methods* */ +#define SQLITE_CONFIG_GETMUTEX 11 /* sqlite3_mutex_methods* */ +/* previously SQLITE_CONFIG_CHUNKALLOC 12 which is now unused. */ +#define SQLITE_CONFIG_LOOKASIDE 13 /* int int */ +#define SQLITE_CONFIG_PCACHE 14 /* no-op */ +#define SQLITE_CONFIG_GETPCACHE 15 /* no-op */ +#define SQLITE_CONFIG_LOG 16 /* xFunc, void* */ +#define SQLITE_CONFIG_URI 17 /* int */ +#define SQLITE_CONFIG_PCACHE2 18 /* sqlite3_pcache_methods2* */ +#define SQLITE_CONFIG_GETPCACHE2 19 /* sqlite3_pcache_methods2* */ +#define SQLITE_CONFIG_COVERING_INDEX_SCAN 20 /* int */ +#define SQLITE_CONFIG_SQLLOG 21 /* xSqllog, void* */ +#define SQLITE_CONFIG_MMAP_SIZE 22 /* sqlite3_int64, sqlite3_int64 */ +#define SQLITE_CONFIG_WIN32_HEAPSIZE 23 /* int nByte */ +#define SQLITE_CONFIG_PCACHE_HDRSZ 24 /* int *psz */ +#define SQLITE_CONFIG_PMASZ 25 /* unsigned int szPma */ +#define SQLITE_CONFIG_STMTJRNL_SPILL 26 /* int nByte */ + +/* +** CAPI3REF: Database Connection Configuration Options +** +** These constants are the available integer configuration options that +** can be passed as the second argument to the [sqlite3_db_config()] interface. +** +** New configuration options may be added in future releases of SQLite. +** Existing configuration options might be discontinued. Applications +** should check the return code from [sqlite3_db_config()] to make sure that +** the call worked. ^The [sqlite3_db_config()] interface will return a +** non-zero [error code] if a discontinued or unsupported configuration option +** is invoked. +** +**
+**
SQLITE_DBCONFIG_LOOKASIDE
+**
^This option takes three additional arguments that determine the +** [lookaside memory allocator] configuration for the [database connection]. +** ^The first argument (the third parameter to [sqlite3_db_config()] is a +** pointer to a memory buffer to use for lookaside memory. +** ^The first argument after the SQLITE_DBCONFIG_LOOKASIDE verb +** may be NULL in which case SQLite will allocate the +** lookaside buffer itself using [sqlite3_malloc()]. ^The second argument is the +** size of each lookaside buffer slot. ^The third argument is the number of +** slots. The size of the buffer in the first argument must be greater than +** or equal to the product of the second and third arguments. The buffer +** must be aligned to an 8-byte boundary. ^If the second argument to +** SQLITE_DBCONFIG_LOOKASIDE is not a multiple of 8, it is internally +** rounded down to the next smaller multiple of 8. ^(The lookaside memory +** configuration for a database connection can only be changed when that +** connection is not currently using lookaside memory, or in other words +** when the "current value" returned by +** [sqlite3_db_status](D,[SQLITE_CONFIG_LOOKASIDE],...) is zero. +** Any attempt to change the lookaside memory configuration when lookaside +** memory is in use leaves the configuration unchanged and returns +** [SQLITE_BUSY].)^
+** +**
SQLITE_DBCONFIG_ENABLE_FKEY
+**
^This option is used to enable or disable the enforcement of +** [foreign key constraints]. There should be two additional arguments. +** The first argument is an integer which is 0 to disable FK enforcement, +** positive to enable FK enforcement or negative to leave FK enforcement +** unchanged. The second parameter is a pointer to an integer into which +** is written 0 or 1 to indicate whether FK enforcement is off or on +** following this call. The second parameter may be a NULL pointer, in +** which case the FK enforcement setting is not reported back.
+** +**
SQLITE_DBCONFIG_ENABLE_TRIGGER
+**
^This option is used to enable or disable [CREATE TRIGGER | triggers]. +** There should be two additional arguments. +** The first argument is an integer which is 0 to disable triggers, +** positive to enable triggers or negative to leave the setting unchanged. +** The second parameter is a pointer to an integer into which +** is written 0 or 1 to indicate whether triggers are disabled or enabled +** following this call. The second parameter may be a NULL pointer, in +** which case the trigger setting is not reported back.
+** +**
SQLITE_DBCONFIG_ENABLE_FTS3_TOKENIZER
+**
^This option is used to enable or disable the two-argument +** version of the [fts3_tokenizer()] function which is part of the +** [FTS3] full-text search engine extension. +** There should be two additional arguments. +** The first argument is an integer which is 0 to disable fts3_tokenizer() or +** positive to enable fts3_tokenizer() or negative to leave the setting +** unchanged. +** The second parameter is a pointer to an integer into which +** is written 0 or 1 to indicate whether fts3_tokenizer is disabled or enabled +** following this call. The second parameter may be a NULL pointer, in +** which case the new setting is not reported back.
+** +**
SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION
+**
^This option is used to enable or disable the [sqlite3_load_extension()] +** interface independently of the [load_extension()] SQL function. +** The [sqlite3_enable_load_extension()] API enables or disables both the +** C-API [sqlite3_load_extension()] and the SQL function [load_extension()]. +** There should be two additional arguments. +** When the first argument to this interface is 1, then only the C-API is +** enabled and the SQL function remains disabled. If the first argument to +** this interface is 0, then both the C-API and the SQL function are disabled. +** If the first argument is -1, then no changes are made to state of either the +** C-API or the SQL function. +** The second parameter is a pointer to an integer into which +** is written 0 or 1 to indicate whether [sqlite3_load_extension()] interface +** is disabled or enabled following this call. The second parameter may +** be a NULL pointer, in which case the new setting is not reported back. +**
+** +**
SQLITE_DBCONFIG_MAINDBNAME
+**
^This option is used to change the name of the "main" database +** schema. ^The sole argument is a pointer to a constant UTF8 string +** which will become the new schema name in place of "main". ^SQLite +** does not make a copy of the new main schema name string, so the application +** must ensure that the argument passed into this DBCONFIG option is unchanged +** until after the database connection closes. +**
+** +**
+*/ +#define SQLITE_DBCONFIG_MAINDBNAME 1000 /* const char* */ +#define SQLITE_DBCONFIG_LOOKASIDE 1001 /* void* int int */ +#define SQLITE_DBCONFIG_ENABLE_FKEY 1002 /* int int* */ +#define SQLITE_DBCONFIG_ENABLE_TRIGGER 1003 /* int int* */ +#define SQLITE_DBCONFIG_ENABLE_FTS3_TOKENIZER 1004 /* int int* */ +#define SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION 1005 /* int int* */ + + +/* +** CAPI3REF: Enable Or Disable Extended Result Codes +** METHOD: sqlite3 +** +** ^The sqlite3_extended_result_codes() routine enables or disables the +** [extended result codes] feature of SQLite. ^The extended result +** codes are disabled by default for historical compatibility. +*/ +SQLITE_API int sqlite3_extended_result_codes(sqlite3*, int onoff); + +/* +** CAPI3REF: Last Insert Rowid +** METHOD: sqlite3 +** +** ^Each entry in most SQLite tables (except for [WITHOUT ROWID] tables) +** has a unique 64-bit signed +** integer key called the [ROWID | "rowid"]. ^The rowid is always available +** as an undeclared column named ROWID, OID, or _ROWID_ as long as those +** names are not also used by explicitly declared columns. ^If +** the table has a column of type [INTEGER PRIMARY KEY] then that column +** is another alias for the rowid. +** +** ^The sqlite3_last_insert_rowid(D) interface returns the [rowid] of the +** most recent successful [INSERT] into a rowid table or [virtual table] +** on database connection D. +** ^Inserts into [WITHOUT ROWID] tables are not recorded. +** ^If no successful [INSERT]s into rowid tables +** have ever occurred on the database connection D, +** then sqlite3_last_insert_rowid(D) returns zero. +** +** ^(If an [INSERT] occurs within a trigger or within a [virtual table] +** method, then this routine will return the [rowid] of the inserted +** row as long as the trigger or virtual table method is running. +** But once the trigger or virtual table method ends, the value returned +** by this routine reverts to what it was before the trigger or virtual +** table method began.)^ +** +** ^An [INSERT] that fails due to a constraint violation is not a +** successful [INSERT] and does not change the value returned by this +** routine. ^Thus INSERT OR FAIL, INSERT OR IGNORE, INSERT OR ROLLBACK, +** and INSERT OR ABORT make no changes to the return value of this +** routine when their insertion fails. ^(When INSERT OR REPLACE +** encounters a constraint violation, it does not fail. The +** INSERT continues to completion after deleting rows that caused +** the constraint problem so INSERT OR REPLACE will always change +** the return value of this interface.)^ +** +** ^For the purposes of this routine, an [INSERT] is considered to +** be successful even if it is subsequently rolled back. +** +** This function is accessible to SQL statements via the +** [last_insert_rowid() SQL function]. +** +** If a separate thread performs a new [INSERT] on the same +** database connection while the [sqlite3_last_insert_rowid()] +** function is running and thus changes the last insert [rowid], +** then the value returned by [sqlite3_last_insert_rowid()] is +** unpredictable and might not equal either the old or the new +** last insert [rowid]. +*/ +SQLITE_API sqlite3_int64 sqlite3_last_insert_rowid(sqlite3*); + +/* +** CAPI3REF: Count The Number Of Rows Modified +** METHOD: sqlite3 +** +** ^This function returns the number of rows modified, inserted or +** deleted by the most recently completed INSERT, UPDATE or DELETE +** statement on the database connection specified by the only parameter. +** ^Executing any other type of SQL statement does not modify the value +** returned by this function. +** +** ^Only changes made directly by the INSERT, UPDATE or DELETE statement are +** considered - auxiliary changes caused by [CREATE TRIGGER | triggers], +** [foreign key actions] or [REPLACE] constraint resolution are not counted. +** +** Changes to a view that are intercepted by +** [INSTEAD OF trigger | INSTEAD OF triggers] are not counted. ^The value +** returned by sqlite3_changes() immediately after an INSERT, UPDATE or +** DELETE statement run on a view is always zero. Only changes made to real +** tables are counted. +** +** Things are more complicated if the sqlite3_changes() function is +** executed while a trigger program is running. This may happen if the +** program uses the [changes() SQL function], or if some other callback +** function invokes sqlite3_changes() directly. Essentially: +** +**
    +**
  • ^(Before entering a trigger program the value returned by +** sqlite3_changes() function is saved. After the trigger program +** has finished, the original value is restored.)^ +** +**
  • ^(Within a trigger program each INSERT, UPDATE and DELETE +** statement sets the value returned by sqlite3_changes() +** upon completion as normal. Of course, this value will not include +** any changes performed by sub-triggers, as the sqlite3_changes() +** value will be saved and restored after each sub-trigger has run.)^ +**
+** +** ^This means that if the changes() SQL function (or similar) is used +** by the first INSERT, UPDATE or DELETE statement within a trigger, it +** returns the value as set when the calling statement began executing. +** ^If it is used by the second or subsequent such statement within a trigger +** program, the value returned reflects the number of rows modified by the +** previous INSERT, UPDATE or DELETE statement within the same trigger. +** +** See also the [sqlite3_total_changes()] interface, the +** [count_changes pragma], and the [changes() SQL function]. +** +** If a separate thread makes changes on the same database connection +** while [sqlite3_changes()] is running then the value returned +** is unpredictable and not meaningful. +*/ +SQLITE_API int sqlite3_changes(sqlite3*); + +/* +** CAPI3REF: Total Number Of Rows Modified +** METHOD: sqlite3 +** +** ^This function returns the total number of rows inserted, modified or +** deleted by all [INSERT], [UPDATE] or [DELETE] statements completed +** since the database connection was opened, including those executed as +** part of trigger programs. ^Executing any other type of SQL statement +** does not affect the value returned by sqlite3_total_changes(). +** +** ^Changes made as part of [foreign key actions] are included in the +** count, but those made as part of REPLACE constraint resolution are +** not. ^Changes to a view that are intercepted by INSTEAD OF triggers +** are not counted. +** +** See also the [sqlite3_changes()] interface, the +** [count_changes pragma], and the [total_changes() SQL function]. +** +** If a separate thread makes changes on the same database connection +** while [sqlite3_total_changes()] is running then the value +** returned is unpredictable and not meaningful. +*/ +SQLITE_API int sqlite3_total_changes(sqlite3*); + +/* +** CAPI3REF: Interrupt A Long-Running Query +** METHOD: sqlite3 +** +** ^This function causes any pending database operation to abort and +** return at its earliest opportunity. This routine is typically +** called in response to a user action such as pressing "Cancel" +** or Ctrl-C where the user wants a long query operation to halt +** immediately. +** +** ^It is safe to call this routine from a thread different from the +** thread that is currently running the database operation. But it +** is not safe to call this routine with a [database connection] that +** is closed or might close before sqlite3_interrupt() returns. +** +** ^If an SQL operation is very nearly finished at the time when +** sqlite3_interrupt() is called, then it might not have an opportunity +** to be interrupted and might continue to completion. +** +** ^An SQL operation that is interrupted will return [SQLITE_INTERRUPT]. +** ^If the interrupted SQL operation is an INSERT, UPDATE, or DELETE +** that is inside an explicit transaction, then the entire transaction +** will be rolled back automatically. +** +** ^The sqlite3_interrupt(D) call is in effect until all currently running +** SQL statements on [database connection] D complete. ^Any new SQL statements +** that are started after the sqlite3_interrupt() call and before the +** running statements reaches zero are interrupted as if they had been +** running prior to the sqlite3_interrupt() call. ^New SQL statements +** that are started after the running statement count reaches zero are +** not effected by the sqlite3_interrupt(). +** ^A call to sqlite3_interrupt(D) that occurs when there are no running +** SQL statements is a no-op and has no effect on SQL statements +** that are started after the sqlite3_interrupt() call returns. +** +** If the database connection closes while [sqlite3_interrupt()] +** is running then bad things will likely happen. +*/ +SQLITE_API void sqlite3_interrupt(sqlite3*); + +/* +** CAPI3REF: Determine If An SQL Statement Is Complete +** +** These routines are useful during command-line input to determine if the +** currently entered text seems to form a complete SQL statement or +** if additional input is needed before sending the text into +** SQLite for parsing. ^These routines return 1 if the input string +** appears to be a complete SQL statement. ^A statement is judged to be +** complete if it ends with a semicolon token and is not a prefix of a +** well-formed CREATE TRIGGER statement. ^Semicolons that are embedded within +** string literals or quoted identifier names or comments are not +** independent tokens (they are part of the token in which they are +** embedded) and thus do not count as a statement terminator. ^Whitespace +** and comments that follow the final semicolon are ignored. +** +** ^These routines return 0 if the statement is incomplete. ^If a +** memory allocation fails, then SQLITE_NOMEM is returned. +** +** ^These routines do not parse the SQL statements thus +** will not detect syntactically incorrect SQL. +** +** ^(If SQLite has not been initialized using [sqlite3_initialize()] prior +** to invoking sqlite3_complete16() then sqlite3_initialize() is invoked +** automatically by sqlite3_complete16(). If that initialization fails, +** then the return value from sqlite3_complete16() will be non-zero +** regardless of whether or not the input SQL is complete.)^ +** +** The input to [sqlite3_complete()] must be a zero-terminated +** UTF-8 string. +** +** The input to [sqlite3_complete16()] must be a zero-terminated +** UTF-16 string in native byte order. +*/ +SQLITE_API int sqlite3_complete(const char *sql); +SQLITE_API int sqlite3_complete16(const void *sql); + +/* +** CAPI3REF: Register A Callback To Handle SQLITE_BUSY Errors +** KEYWORDS: {busy-handler callback} {busy handler} +** METHOD: sqlite3 +** +** ^The sqlite3_busy_handler(D,X,P) routine sets a callback function X +** that might be invoked with argument P whenever +** an attempt is made to access a database table associated with +** [database connection] D when another thread +** or process has the table locked. +** The sqlite3_busy_handler() interface is used to implement +** [sqlite3_busy_timeout()] and [PRAGMA busy_timeout]. +** +** ^If the busy callback is NULL, then [SQLITE_BUSY] +** is returned immediately upon encountering the lock. ^If the busy callback +** is not NULL, then the callback might be invoked with two arguments. +** +** ^The first argument to the busy handler is a copy of the void* pointer which +** is the third argument to sqlite3_busy_handler(). ^The second argument to +** the busy handler callback is the number of times that the busy handler has +** been invoked previously for the same locking event. ^If the +** busy callback returns 0, then no additional attempts are made to +** access the database and [SQLITE_BUSY] is returned +** to the application. +** ^If the callback returns non-zero, then another attempt +** is made to access the database and the cycle repeats. +** +** The presence of a busy handler does not guarantee that it will be invoked +** when there is lock contention. ^If SQLite determines that invoking the busy +** handler could result in a deadlock, it will go ahead and return [SQLITE_BUSY] +** to the application instead of invoking the +** busy handler. +** Consider a scenario where one process is holding a read lock that +** it is trying to promote to a reserved lock and +** a second process is holding a reserved lock that it is trying +** to promote to an exclusive lock. The first process cannot proceed +** because it is blocked by the second and the second process cannot +** proceed because it is blocked by the first. If both processes +** invoke the busy handlers, neither will make any progress. Therefore, +** SQLite returns [SQLITE_BUSY] for the first process, hoping that this +** will induce the first process to release its read lock and allow +** the second process to proceed. +** +** ^The default busy callback is NULL. +** +** ^(There can only be a single busy handler defined for each +** [database connection]. Setting a new busy handler clears any +** previously set handler.)^ ^Note that calling [sqlite3_busy_timeout()] +** or evaluating [PRAGMA busy_timeout=N] will change the +** busy handler and thus clear any previously set busy handler. +** +** The busy callback should not take any actions which modify the +** database connection that invoked the busy handler. In other words, +** the busy handler is not reentrant. Any such actions +** result in undefined behavior. +** +** A busy handler must not close the database connection +** or [prepared statement] that invoked the busy handler. +*/ +SQLITE_API int sqlite3_busy_handler(sqlite3*,int(*)(void*,int),void*); + +/* +** CAPI3REF: Set A Busy Timeout +** METHOD: sqlite3 +** +** ^This routine sets a [sqlite3_busy_handler | busy handler] that sleeps +** for a specified amount of time when a table is locked. ^The handler +** will sleep multiple times until at least "ms" milliseconds of sleeping +** have accumulated. ^After at least "ms" milliseconds of sleeping, +** the handler returns 0 which causes [sqlite3_step()] to return +** [SQLITE_BUSY]. +** +** ^Calling this routine with an argument less than or equal to zero +** turns off all busy handlers. +** +** ^(There can only be a single busy handler for a particular +** [database connection] at any given moment. If another busy handler +** was defined (using [sqlite3_busy_handler()]) prior to calling +** this routine, that other busy handler is cleared.)^ +** +** See also: [PRAGMA busy_timeout] +*/ +SQLITE_API int sqlite3_busy_timeout(sqlite3*, int ms); + +/* +** CAPI3REF: Convenience Routines For Running Queries +** METHOD: sqlite3 +** +** This is a legacy interface that is preserved for backwards compatibility. +** Use of this interface is not recommended. +** +** Definition: A result table is memory data structure created by the +** [sqlite3_get_table()] interface. A result table records the +** complete query results from one or more queries. +** +** The table conceptually has a number of rows and columns. But +** these numbers are not part of the result table itself. These +** numbers are obtained separately. Let N be the number of rows +** and M be the number of columns. +** +** A result table is an array of pointers to zero-terminated UTF-8 strings. +** There are (N+1)*M elements in the array. The first M pointers point +** to zero-terminated strings that contain the names of the columns. +** The remaining entries all point to query results. NULL values result +** in NULL pointers. All other values are in their UTF-8 zero-terminated +** string representation as returned by [sqlite3_column_text()]. +** +** A result table might consist of one or more memory allocations. +** It is not safe to pass a result table directly to [sqlite3_free()]. +** A result table should be deallocated using [sqlite3_free_table()]. +** +** ^(As an example of the result table format, suppose a query result +** is as follows: +** +** 
+**        Name        | Age
+**        -----------------------
+**        Alice       | 43
+**        Bob         | 28
+**        Cindy       | 21
+**
+** +** There are two column (M==2) and three rows (N==3). Thus the +** result table has 8 entries. Suppose the result table is stored +** in an array names azResult. Then azResult holds this content: +** +** 
+**        azResult[0] = "Name";
+**        azResult[1] = "Age";
+**        azResult[2] = "Alice";
+**        azResult[3] = "43";
+**        azResult[4] = "Bob";
+**        azResult[5] = "28";
+**        azResult[6] = "Cindy";
+**        azResult[7] = "21";
+**
)^ +** +** ^The sqlite3_get_table() function evaluates one or more +** semicolon-separated SQL statements in the zero-terminated UTF-8 +** string of its 2nd parameter and returns a result table to the +** pointer given in its 3rd parameter. +** +** After the application has finished with the result from sqlite3_get_table(), +** it must pass the result table pointer to sqlite3_free_table() in order to +** release the memory that was malloced. Because of the way the +** [sqlite3_malloc()] happens within sqlite3_get_table(), the calling +** function must not try to call [sqlite3_free()] directly. Only +** [sqlite3_free_table()] is able to release the memory properly and safely. +** +** The sqlite3_get_table() interface is implemented as a wrapper around +** [sqlite3_exec()]. The sqlite3_get_table() routine does not have access +** to any internal data structures of SQLite. It uses only the public +** interface defined here. As a consequence, errors that occur in the +** wrapper layer outside of the internal [sqlite3_exec()] call are not +** reflected in subsequent calls to [sqlite3_errcode()] or +** [sqlite3_errmsg()]. +*/ +SQLITE_API int sqlite3_get_table( + sqlite3 *db, /* An open database */ + const char *zSql, /* SQL to be evaluated */ + char ***pazResult, /* Results of the query */ + int *pnRow, /* Number of result rows written here */ + int *pnColumn, /* Number of result columns written here */ + char **pzErrmsg /* Error msg written here */ +); +SQLITE_API void sqlite3_free_table(char **result); + +/* +** CAPI3REF: Formatted String Printing Functions +** +** These routines are work-alikes of the "printf()" family of functions +** from the standard C library. +** These routines understand most of the common K&R formatting options, +** plus some additional non-standard formats, detailed below. +** Note that some of the more obscure formatting options from recent +** C-library standards are omitted from this implementation. +** +** ^The sqlite3_mprintf() and sqlite3_vmprintf() routines write their +** results into memory obtained from [sqlite3_malloc()]. +** The strings returned by these two routines should be +** released by [sqlite3_free()]. ^Both routines return a +** NULL pointer if [sqlite3_malloc()] is unable to allocate enough +** memory to hold the resulting string. +** +** ^(The sqlite3_snprintf() routine is similar to "snprintf()" from +** the standard C library. The result is written into the +** buffer supplied as the second parameter whose size is given by +** the first parameter. Note that the order of the +** first two parameters is reversed from snprintf().)^ This is an +** historical accident that cannot be fixed without breaking +** backwards compatibility. ^(Note also that sqlite3_snprintf() +** returns a pointer to its buffer instead of the number of +** characters actually written into the buffer.)^ We admit that +** the number of characters written would be a more useful return +** value but we cannot change the implementation of sqlite3_snprintf() +** now without breaking compatibility. +** +** ^As long as the buffer size is greater than zero, sqlite3_snprintf() +** guarantees that the buffer is always zero-terminated. ^The first +** parameter "n" is the total size of the buffer, including space for +** the zero terminator. So the longest string that can be completely +** written will be n-1 characters. +** +** ^The sqlite3_vsnprintf() routine is a varargs version of sqlite3_snprintf(). +** +** These routines all implement some additional formatting +** options that are useful for constructing SQL statements. +** All of the usual printf() formatting options apply. In addition, there +** is are "%q", "%Q", "%w" and "%z" options. +** +** ^(The %q option works like %s in that it substitutes a nul-terminated +** string from the argument list. But %q also doubles every '\'' character. +** %q is designed for use inside a string literal.)^ By doubling each '\'' +** character it escapes that character and allows it to be inserted into +** the string. +** +** For example, assume the string variable zText contains text as follows: +** +** 
+**  char *zText = "It's a happy day!";
+**
+** +** One can use this text in an SQL statement as follows: +** +** 
+**  char *zSQL = sqlite3_mprintf("INSERT INTO table VALUES('%q')", zText);
+**  sqlite3_exec(db, zSQL, 0, 0, 0);
+**  sqlite3_free(zSQL);
+**
+** +** Because the %q format string is used, the '\'' character in zText +** is escaped and the SQL generated is as follows: +** +** 
+**  INSERT INTO table1 VALUES('It''s a happy day!')
+**
+** +** This is correct. Had we used %s instead of %q, the generated SQL +** would have looked like this: +** +** 
+**  INSERT INTO table1 VALUES('It's a happy day!');
+**
+** +** This second example is an SQL syntax error. As a general rule you should +** always use %q instead of %s when inserting text into a string literal. +** +** ^(The %Q option works like %q except it also adds single quotes around +** the outside of the total string. Additionally, if the parameter in the +** argument list is a NULL pointer, %Q substitutes the text "NULL" (without +** single quotes).)^ So, for example, one could say: +** +** 
+**  char *zSQL = sqlite3_mprintf("INSERT INTO table VALUES(%Q)", zText);
+**  sqlite3_exec(db, zSQL, 0, 0, 0);
+**  sqlite3_free(zSQL);
+**
+** +** The code above will render a correct SQL statement in the zSQL +** variable even if the zText variable is a NULL pointer. +** +** ^(The "%w" formatting option is like "%q" except that it expects to +** be contained within double-quotes instead of single quotes, and it +** escapes the double-quote character instead of the single-quote +** character.)^ The "%w" formatting option is intended for safely inserting +** table and column names into a constructed SQL statement. +** +** ^(The "%z" formatting option works like "%s" but with the +** addition that after the string has been read and copied into +** the result, [sqlite3_free()] is called on the input string.)^ +*/ +SQLITE_API char *sqlite3_mprintf(const char*,...); +SQLITE_API char *sqlite3_vmprintf(const char*, va_list); +SQLITE_API char *sqlite3_snprintf(int,char*,const char*, ...); +SQLITE_API char *sqlite3_vsnprintf(int,char*,const char*, va_list); + +/* +** CAPI3REF: Memory Allocation Subsystem +** +** The SQLite core uses these three routines for all of its own +** internal memory allocation needs. "Core" in the previous sentence +** does not include operating-system specific VFS implementation. The +** Windows VFS uses native malloc() and free() for some operations. +** +** ^The sqlite3_malloc() routine returns a pointer to a block +** of memory at least N bytes in length, where N is the parameter. +** ^If sqlite3_malloc() is unable to obtain sufficient free +** memory, it returns a NULL pointer. ^If the parameter N to +** sqlite3_malloc() is zero or negative then sqlite3_malloc() returns +** a NULL pointer. +** +** ^The sqlite3_malloc64(N) routine works just like +** sqlite3_malloc(N) except that N is an unsigned 64-bit integer instead +** of a signed 32-bit integer. +** +** ^Calling sqlite3_free() with a pointer previously returned +** by sqlite3_malloc() or sqlite3_realloc() releases that memory so +** that it might be reused. ^The sqlite3_free() routine is +** a no-op if is called with a NULL pointer. Passing a NULL pointer +** to sqlite3_free() is harmless. After being freed, memory +** should neither be read nor written. Even reading previously freed +** memory might result in a segmentation fault or other severe error. +** Memory corruption, a segmentation fault, or other severe error +** might result if sqlite3_free() is called with a non-NULL pointer that +** was not obtained from sqlite3_malloc() or sqlite3_realloc(). +** +** ^The sqlite3_realloc(X,N) interface attempts to resize a +** prior memory allocation X to be at least N bytes. +** ^If the X parameter to sqlite3_realloc(X,N) +** is a NULL pointer then its behavior is identical to calling +** sqlite3_malloc(N). +** ^If the N parameter to sqlite3_realloc(X,N) is zero or +** negative then the behavior is exactly the same as calling +** sqlite3_free(X). +** ^sqlite3_realloc(X,N) returns a pointer to a memory allocation +** of at least N bytes in size or NULL if insufficient memory is available. +** ^If M is the size of the prior allocation, then min(N,M) bytes +** of the prior allocation are copied into the beginning of buffer returned +** by sqlite3_realloc(X,N) and the prior allocation is freed. +** ^If sqlite3_realloc(X,N) returns NULL and N is positive, then the +** prior allocation is not freed. +** +** ^The sqlite3_realloc64(X,N) interfaces works the same as +** sqlite3_realloc(X,N) except that N is a 64-bit unsigned integer instead +** of a 32-bit signed integer. +** +** ^If X is a memory allocation previously obtained from sqlite3_malloc(), +** sqlite3_malloc64(), sqlite3_realloc(), or sqlite3_realloc64(), then +** sqlite3_msize(X) returns the size of that memory allocation in bytes. +** ^The value returned by sqlite3_msize(X) might be larger than the number +** of bytes requested when X was allocated. ^If X is a NULL pointer then +** sqlite3_msize(X) returns zero. If X points to something that is not +** the beginning of memory allocation, or if it points to a formerly +** valid memory allocation that has now been freed, then the behavior +** of sqlite3_msize(X) is undefined and possibly harmful. +** +** ^The memory returned by sqlite3_malloc(), sqlite3_realloc(), +** sqlite3_malloc64(), and sqlite3_realloc64() +** is always aligned to at least an 8 byte boundary, or to a +** 4 byte boundary if the [SQLITE_4_BYTE_ALIGNED_MALLOC] compile-time +** option is used. +** +** In SQLite version 3.5.0 and 3.5.1, it was possible to define +** the SQLITE_OMIT_MEMORY_ALLOCATION which would cause the built-in +** implementation of these routines to be omitted. That capability +** is no longer provided. Only built-in memory allocators can be used. +** +** Prior to SQLite version 3.7.10, the Windows OS interface layer called +** the system malloc() and free() directly when converting +** filenames between the UTF-8 encoding used by SQLite +** and whatever filename encoding is used by the particular Windows +** installation. Memory allocation errors were detected, but +** they were reported back as [SQLITE_CANTOPEN] or +** [SQLITE_IOERR] rather than [SQLITE_NOMEM]. +** +** The pointer arguments to [sqlite3_free()] and [sqlite3_realloc()] +** must be either NULL or else pointers obtained from a prior +** invocation of [sqlite3_malloc()] or [sqlite3_realloc()] that have +** not yet been released. +** +** The application must not read or write any part of +** a block of memory after it has been released using +** [sqlite3_free()] or [sqlite3_realloc()]. +*/ +SQLITE_API void *sqlite3_malloc(int); +SQLITE_API void *sqlite3_malloc64(sqlite3_uint64); +SQLITE_API void *sqlite3_realloc(void*, int); +SQLITE_API void *sqlite3_realloc64(void*, sqlite3_uint64); +SQLITE_API void sqlite3_free(void*); +SQLITE_API sqlite3_uint64 sqlite3_msize(void*); + +/* +** CAPI3REF: Memory Allocator Statistics +** +** SQLite provides these two interfaces for reporting on the status +** of the [sqlite3_malloc()], [sqlite3_free()], and [sqlite3_realloc()] +** routines, which form the built-in memory allocation subsystem. +** +** ^The [sqlite3_memory_used()] routine returns the number of bytes +** of memory currently outstanding (malloced but not freed). +** ^The [sqlite3_memory_highwater()] routine returns the maximum +** value of [sqlite3_memory_used()] since the high-water mark +** was last reset. ^The values returned by [sqlite3_memory_used()] and +** [sqlite3_memory_highwater()] include any overhead +** added by SQLite in its implementation of [sqlite3_malloc()], +** but not overhead added by the any underlying system library +** routines that [sqlite3_malloc()] may call. +** +** ^The memory high-water mark is reset to the current value of +** [sqlite3_memory_used()] if and only if the parameter to +** [sqlite3_memory_highwater()] is true. ^The value returned +** by [sqlite3_memory_highwater(1)] is the high-water mark +** prior to the reset. +*/ +SQLITE_API sqlite3_int64 sqlite3_memory_used(void); +SQLITE_API sqlite3_int64 sqlite3_memory_highwater(int resetFlag); + +/* +** CAPI3REF: Pseudo-Random Number Generator +** +** SQLite contains a high-quality pseudo-random number generator (PRNG) used to +** select random [ROWID | ROWIDs] when inserting new records into a table that +** already uses the largest possible [ROWID]. The PRNG is also used for +** the build-in random() and randomblob() SQL functions. This interface allows +** applications to access the same PRNG for other purposes. +** +** ^A call to this routine stores N bytes of randomness into buffer P. +** ^The P parameter can be a NULL pointer. +** +** ^If this routine has not been previously called or if the previous +** call had N less than one or a NULL pointer for P, then the PRNG is +** seeded using randomness obtained from the xRandomness method of +** the default [sqlite3_vfs] object. +** ^If the previous call to this routine had an N of 1 or more and a +** non-NULL P then the pseudo-randomness is generated +** internally and without recourse to the [sqlite3_vfs] xRandomness +** method. +*/ +SQLITE_API void sqlite3_randomness(int N, void *P); + +/* +** CAPI3REF: Compile-Time Authorization Callbacks +** METHOD: sqlite3 +** +** ^This routine registers an authorizer callback with a particular +** [database connection], supplied in the first argument. +** ^The authorizer callback is invoked as SQL statements are being compiled +** by [sqlite3_prepare()] or its variants [sqlite3_prepare_v2()], +** [sqlite3_prepare16()] and [sqlite3_prepare16_v2()]. ^At various +** points during the compilation process, as logic is being created +** to perform various actions, the authorizer callback is invoked to +** see if those actions are allowed. ^The authorizer callback should +** return [SQLITE_OK] to allow the action, [SQLITE_IGNORE] to disallow the +** specific action but allow the SQL statement to continue to be +** compiled, or [SQLITE_DENY] to cause the entire SQL statement to be +** rejected with an error. ^If the authorizer callback returns +** any value other than [SQLITE_IGNORE], [SQLITE_OK], or [SQLITE_DENY] +** then the [sqlite3_prepare_v2()] or equivalent call that triggered +** the authorizer will fail with an error message. +** +** When the callback returns [SQLITE_OK], that means the operation +** requested is ok. ^When the callback returns [SQLITE_DENY], the +** [sqlite3_prepare_v2()] or equivalent call that triggered the +** authorizer will fail with an error message explaining that +** access is denied. +** +** ^The first parameter to the authorizer callback is a copy of the third +** parameter to the sqlite3_set_authorizer() interface. ^The second parameter +** to the callback is an integer [SQLITE_COPY | action code] that specifies +** the particular action to be authorized. ^The third through sixth parameters +** to the callback are zero-terminated strings that contain additional +** details about the action to be authorized. +** +** ^If the action code is [SQLITE_READ] +** and the callback returns [SQLITE_IGNORE] then the +** [prepared statement] statement is constructed to substitute +** a NULL value in place of the table column that would have +** been read if [SQLITE_OK] had been returned. The [SQLITE_IGNORE] +** return can be used to deny an untrusted user access to individual +** columns of a table. +** ^If the action code is [SQLITE_DELETE] and the callback returns +** [SQLITE_IGNORE] then the [DELETE] operation proceeds but the +** [truncate optimization] is disabled and all rows are deleted individually. +** +** An authorizer is used when [sqlite3_prepare | preparing] +** SQL statements from an untrusted source, to ensure that the SQL statements +** do not try to access data they are not allowed to see, or that they do not +** try to execute malicious statements that damage the database. For +** example, an application may allow a user to enter arbitrary +** SQL queries for evaluation by a database. But the application does +** not want the user to be able to make arbitrary changes to the +** database. An authorizer could then be put in place while the +** user-entered SQL is being [sqlite3_prepare | prepared] that +** disallows everything except [SELECT] statements. +** +** Applications that need to process SQL from untrusted sources +** might also consider lowering resource limits using [sqlite3_limit()] +** and limiting database size using the [max_page_count] [PRAGMA] +** in addition to using an authorizer. +** +** ^(Only a single authorizer can be in place on a database connection +** at a time. Each call to sqlite3_set_authorizer overrides the +** previous call.)^ ^Disable the authorizer by installing a NULL callback. +** The authorizer is disabled by default. +** +** The authorizer callback must not do anything that will modify +** the database connection that invoked the authorizer callback. +** Note that [sqlite3_prepare_v2()] and [sqlite3_step()] both modify their +** database connections for the meaning of "modify" in this paragraph. +** +** ^When [sqlite3_prepare_v2()] is used to prepare a statement, the +** statement might be re-prepared during [sqlite3_step()] due to a +** schema change. Hence, the application should ensure that the +** correct authorizer callback remains in place during the [sqlite3_step()]. +** +** ^Note that the authorizer callback is invoked only during +** [sqlite3_prepare()] or its variants. Authorization is not +** performed during statement evaluation in [sqlite3_step()], unless +** as stated in the previous paragraph, sqlite3_step() invokes +** sqlite3_prepare_v2() to reprepare a statement after a schema change. +*/ +SQLITE_API int sqlite3_set_authorizer( + sqlite3*, + int (*xAuth)(void*,int,const char*,const char*,const char*,const char*), + void *pUserData +); + +/* +** CAPI3REF: Authorizer Return Codes +** +** The [sqlite3_set_authorizer | authorizer callback function] must +** return either [SQLITE_OK] or one of these two constants in order +** to signal SQLite whether or not the action is permitted. See the +** [sqlite3_set_authorizer | authorizer documentation] for additional +** information. +** +** Note that SQLITE_IGNORE is also used as a [conflict resolution mode] +** returned from the [sqlite3_vtab_on_conflict()] interface. +*/ +#define SQLITE_DENY 1 /* Abort the SQL statement with an error */ +#define SQLITE_IGNORE 2 /* Don't allow access, but don't generate an error */ + +/* +** CAPI3REF: Authorizer Action Codes +** +** The [sqlite3_set_authorizer()] interface registers a callback function +** that is invoked to authorize certain SQL statement actions. The +** second parameter to the callback is an integer code that specifies +** what action is being authorized. These are the integer action codes that +** the authorizer callback may be passed. +** +** These action code values signify what kind of operation is to be +** authorized. The 3rd and 4th parameters to the authorization +** callback function will be parameters or NULL depending on which of these +** codes is used as the second parameter. ^(The 5th parameter to the +** authorizer callback is the name of the database ("main", "temp", +** etc.) if applicable.)^ ^The 6th parameter to the authorizer callback +** is the name of the inner-most trigger or view that is responsible for +** the access attempt or NULL if this access attempt is directly from +** top-level SQL code. +*/ +/******************************************* 3rd ************ 4th ***********/ +#define SQLITE_CREATE_INDEX 1 /* Index Name Table Name */ +#define SQLITE_CREATE_TABLE 2 /* Table Name NULL */ +#define SQLITE_CREATE_TEMP_INDEX 3 /* Index Name Table Name */ +#define SQLITE_CREATE_TEMP_TABLE 4 /* Table Name NULL */ +#define SQLITE_CREATE_TEMP_TRIGGER 5 /* Trigger Name Table Name */ +#define SQLITE_CREATE_TEMP_VIEW 6 /* View Name NULL */ +#define SQLITE_CREATE_TRIGGER 7 /* Trigger Name Table Name */ +#define SQLITE_CREATE_VIEW 8 /* View Name NULL */ +#define SQLITE_DELETE 9 /* Table Name NULL */ +#define SQLITE_DROP_INDEX 10 /* Index Name Table Name */ +#define SQLITE_DROP_TABLE 11 /* Table Name NULL */ +#define SQLITE_DROP_TEMP_INDEX 12 /* Index Name Table Name */ +#define SQLITE_DROP_TEMP_TABLE 13 /* Table Name NULL */ +#define SQLITE_DROP_TEMP_TRIGGER 14 /* Trigger Name Table Name */ +#define SQLITE_DROP_TEMP_VIEW 15 /* View Name NULL */ +#define SQLITE_DROP_TRIGGER 16 /* Trigger Name Table Name */ +#define SQLITE_DROP_VIEW 17 /* View Name NULL */ +#define SQLITE_INSERT 18 /* Table Name NULL */ +#define SQLITE_PRAGMA 19 /* Pragma Name 1st arg or NULL */ +#define SQLITE_READ 20 /* Table Name Column Name */ +#define SQLITE_SELECT 21 /* NULL NULL */ +#define SQLITE_TRANSACTION 22 /* Operation NULL */ +#define SQLITE_UPDATE 23 /* Table Name Column Name */ +#define SQLITE_ATTACH 24 /* Filename NULL */ +#define SQLITE_DETACH 25 /* Database Name NULL */ +#define SQLITE_ALTER_TABLE 26 /* Database Name Table Name */ +#define SQLITE_REINDEX 27 /* Index Name NULL */ +#define SQLITE_ANALYZE 28 /* Table Name NULL */ +#define SQLITE_CREATE_VTABLE 29 /* Table Name Module Name */ +#define SQLITE_DROP_VTABLE 30 /* Table Name Module Name */ +#define SQLITE_FUNCTION 31 /* NULL Function Name */ +#define SQLITE_SAVEPOINT 32 /* Operation Savepoint Name */ +#define SQLITE_COPY 0 /* No longer used */ +#define SQLITE_RECURSIVE 33 /* NULL NULL */ + +/* +** CAPI3REF: Tracing And Profiling Functions +** METHOD: sqlite3 +** +** These routines are deprecated. Use the [sqlite3_trace_v2()] interface +** instead of the routines described here. +** +** These routines register callback functions that can be used for +** tracing and profiling the execution of SQL statements. +** +** ^The callback function registered by sqlite3_trace() is invoked at +** various times when an SQL statement is being run by [sqlite3_step()]. +** ^The sqlite3_trace() callback is invoked with a UTF-8 rendering of the +** SQL statement text as the statement first begins executing. +** ^(Additional sqlite3_trace() callbacks might occur +** as each triggered subprogram is entered. The callbacks for triggers +** contain a UTF-8 SQL comment that identifies the trigger.)^ +** +** The [SQLITE_TRACE_SIZE_LIMIT] compile-time option can be used to limit +** the length of [bound parameter] expansion in the output of sqlite3_trace(). +** +** ^The callback function registered by sqlite3_profile() is invoked +** as each SQL statement finishes. ^The profile callback contains +** the original statement text and an estimate of wall-clock time +** of how long that statement took to run. ^The profile callback +** time is in units of nanoseconds, however the current implementation +** is only capable of millisecond resolution so the six least significant +** digits in the time are meaningless. Future versions of SQLite +** might provide greater resolution on the profiler callback. The +** sqlite3_profile() function is considered experimental and is +** subject to change in future versions of SQLite. +*/ +SQLITE_API SQLITE_DEPRECATED void *sqlite3_trace(sqlite3*, + void(*xTrace)(void*,const char*), void*); +SQLITE_API SQLITE_DEPRECATED void *sqlite3_profile(sqlite3*, + void(*xProfile)(void*,const char*,sqlite3_uint64), void*); + +/* +** CAPI3REF: SQL Trace Event Codes +** KEYWORDS: SQLITE_TRACE +** +** These constants identify classes of events that can be monitored +** using the [sqlite3_trace_v2()] tracing logic. The third argument +** to [sqlite3_trace_v2()] is an OR-ed combination of one or more of +** the following constants. ^The first argument to the trace callback +** is one of the following constants. +** +** New tracing constants may be added in future releases. +** +** ^A trace callback has four arguments: xCallback(T,C,P,X). +** ^The T argument is one of the integer type codes above. +** ^The C argument is a copy of the context pointer passed in as the +** fourth argument to [sqlite3_trace_v2()]. +** The P and X arguments are pointers whose meanings depend on T. +** +**
+** [[SQLITE_TRACE_STMT]]
SQLITE_TRACE_STMT
+**
^An SQLITE_TRACE_STMT callback is invoked when a prepared statement +** first begins running and possibly at other times during the +** execution of the prepared statement, such as at the start of each +** trigger subprogram. ^The P argument is a pointer to the +** [prepared statement]. ^The X argument is a pointer to a string which +** is the unexpanded SQL text of the prepared statement or an SQL comment +** that indicates the invocation of a trigger. ^The callback can compute +** the same text that would have been returned by the legacy [sqlite3_trace()] +** interface by using the X argument when X begins with "--" and invoking +** [sqlite3_expanded_sql(P)] otherwise. +** +** [[SQLITE_TRACE_PROFILE]]
SQLITE_TRACE_PROFILE
+**
^An SQLITE_TRACE_PROFILE callback provides approximately the same +** information as is provided by the [sqlite3_profile()] callback. +** ^The P argument is a pointer to the [prepared statement] and the +** X argument points to a 64-bit integer which is the estimated of +** the number of nanosecond that the prepared statement took to run. +** ^The SQLITE_TRACE_PROFILE callback is invoked when the statement finishes. +** +** [[SQLITE_TRACE_ROW]]
SQLITE_TRACE_ROW
+**
^An SQLITE_TRACE_ROW callback is invoked whenever a prepared +** statement generates a single row of result. +** ^The P argument is a pointer to the [prepared statement] and the +** X argument is unused. +** +** [[SQLITE_TRACE_CLOSE]]
SQLITE_TRACE_CLOSE
+**
^An SQLITE_TRACE_CLOSE callback is invoked when a database +** connection closes. +** ^The P argument is a pointer to the [database connection] object +** and the X argument is unused. +**
+*/ +#define SQLITE_TRACE_STMT 0x01 +#define SQLITE_TRACE_PROFILE 0x02 +#define SQLITE_TRACE_ROW 0x04 +#define SQLITE_TRACE_CLOSE 0x08 + +/* +** CAPI3REF: SQL Trace Hook +** METHOD: sqlite3 +** +** ^The sqlite3_trace_v2(D,M,X,P) interface registers a trace callback +** function X against [database connection] D, using property mask M +** and context pointer P. ^If the X callback is +** NULL or if the M mask is zero, then tracing is disabled. The +** M argument should be the bitwise OR-ed combination of +** zero or more [SQLITE_TRACE] constants. +** +** ^Each call to either sqlite3_trace() or sqlite3_trace_v2() overrides +** (cancels) any prior calls to sqlite3_trace() or sqlite3_trace_v2(). +** +** ^The X callback is invoked whenever any of the events identified by +** mask M occur. ^The integer return value from the callback is currently +** ignored, though this may change in future releases. Callback +** implementations should return zero to ensure future compatibility. +** +** ^A trace callback is invoked with four arguments: callback(T,C,P,X). +** ^The T argument is one of the [SQLITE_TRACE] +** constants to indicate why the callback was invoked. +** ^The C argument is a copy of the context pointer. +** The P and X arguments are pointers whose meanings depend on T. +** +** The sqlite3_trace_v2() interface is intended to replace the legacy +** interfaces [sqlite3_trace()] and [sqlite3_profile()], both of which +** are deprecated. +*/ +SQLITE_API int sqlite3_trace_v2( + sqlite3*, + unsigned uMask, + int(*xCallback)(unsigned,void*,void*,void*), + void *pCtx +); + +/* +** CAPI3REF: Query Progress Callbacks +** METHOD: sqlite3 +** +** ^The sqlite3_progress_handler(D,N,X,P) interface causes the callback +** function X to be invoked periodically during long running calls to +** [sqlite3_exec()], [sqlite3_step()] and [sqlite3_get_table()] for +** database connection D. An example use for this +** interface is to keep a GUI updated during a large query. +** +** ^The parameter P is passed through as the only parameter to the +** callback function X. ^The parameter N is the approximate number of +** [virtual machine instructions] that are evaluated between successive +** invocations of the callback X. ^If N is less than one then the progress +** handler is disabled. +** +** ^Only a single progress handler may be defined at one time per +** [database connection]; setting a new progress handler cancels the +** old one. ^Setting parameter X to NULL disables the progress handler. +** ^The progress handler is also disabled by setting N to a value less +** than 1. +** +** ^If the progress callback returns non-zero, the operation is +** interrupted. This feature can be used to implement a +** "Cancel" button on a GUI progress dialog box. +** +** The progress handler callback must not do anything that will modify +** the database connection that invoked the progress handler. +** Note that [sqlite3_prepare_v2()] and [sqlite3_step()] both modify their +** database connections for the meaning of "modify" in this paragraph. +** +*/ +SQLITE_API void sqlite3_progress_handler(sqlite3*, int, int(*)(void*), void*); + +/* +** CAPI3REF: Opening A New Database Connection +** CONSTRUCTOR: sqlite3 +** +** ^These routines open an SQLite database file as specified by the +** filename argument. ^The filename argument is interpreted as UTF-8 for +** sqlite3_open() and sqlite3_open_v2() and as UTF-16 in the native byte +** order for sqlite3_open16(). ^(A [database connection] handle is usually +** returned in *ppDb, even if an error occurs. The only exception is that +** if SQLite is unable to allocate memory to hold the [sqlite3] object, +** a NULL will be written into *ppDb instead of a pointer to the [sqlite3] +** object.)^ ^(If the database is opened (and/or created) successfully, then +** [SQLITE_OK] is returned. Otherwise an [error code] is returned.)^ ^The +** [sqlite3_errmsg()] or [sqlite3_errmsg16()] routines can be used to obtain +** an English language description of the error following a failure of any +** of the sqlite3_open() routines. +** +** ^The default encoding will be UTF-8 for databases created using +** sqlite3_open() or sqlite3_open_v2(). ^The default encoding for databases +** created using sqlite3_open16() will be UTF-16 in the native byte order. +** +** Whether or not an error occurs when it is opened, resources +** associated with the [database connection] handle should be released by +** passing it to [sqlite3_close()] when it is no longer required. +** +** The sqlite3_open_v2() interface works like sqlite3_open() +** except that it accepts two additional parameters for additional control +** over the new database connection. ^(The flags parameter to +** sqlite3_open_v2() can take one of +** the following three values, optionally combined with the +** [SQLITE_OPEN_NOMUTEX], [SQLITE_OPEN_FULLMUTEX], [SQLITE_OPEN_SHAREDCACHE], +** [SQLITE_OPEN_PRIVATECACHE], and/or [SQLITE_OPEN_URI] flags:)^ +** +**
+** ^(
[SQLITE_OPEN_READONLY]
+**
The database is opened in read-only mode. If the database does not +** already exist, an error is returned.
)^ +** +** ^(
[SQLITE_OPEN_READWRITE]
+**
The database is opened for reading and writing if possible, or reading +** only if the file is write protected by the operating system. In either +** case the database must already exist, otherwise an error is returned.
)^ +** +** ^(
[SQLITE_OPEN_READWRITE] | [SQLITE_OPEN_CREATE]
+**
The database is opened for reading and writing, and is created if +** it does not already exist. This is the behavior that is always used for +** sqlite3_open() and sqlite3_open16().
)^ +**
+** +** If the 3rd parameter to sqlite3_open_v2() is not one of the +** combinations shown above optionally combined with other +** [SQLITE_OPEN_READONLY | SQLITE_OPEN_* bits] +** then the behavior is undefined. +** +** ^If the [SQLITE_OPEN_NOMUTEX] flag is set, then the database connection +** opens in the multi-thread [threading mode] as long as the single-thread +** mode has not been set at compile-time or start-time. ^If the +** [SQLITE_OPEN_FULLMUTEX] flag is set then the database connection opens +** in the serialized [threading mode] unless single-thread was +** previously selected at compile-time or start-time. +** ^The [SQLITE_OPEN_SHAREDCACHE] flag causes the database connection to be +** eligible to use [shared cache mode], regardless of whether or not shared +** cache is enabled using [sqlite3_enable_shared_cache()]. ^The +** [SQLITE_OPEN_PRIVATECACHE] flag causes the database connection to not +** participate in [shared cache mode] even if it is enabled. +** +** ^The fourth parameter to sqlite3_open_v2() is the name of the +** [sqlite3_vfs] object that defines the operating system interface that +** the new database connection should use. ^If the fourth parameter is +** a NULL pointer then the default [sqlite3_vfs] object is used. +** +** ^If the filename is ":memory:", then a private, temporary in-memory database +** is created for the connection. ^This in-memory database will vanish when +** the database connection is closed. Future versions of SQLite might +** make use of additional special filenames that begin with the ":" character. +** It is recommended that when a database filename actually does begin with +** a ":" character you should prefix the filename with a pathname such as +** "./" to avoid ambiguity. +** +** ^If the filename is an empty string, then a private, temporary +** on-disk database will be created. ^This private database will be +** automatically deleted as soon as the database connection is closed. +** +** [[URI filenames in sqlite3_open()]]

URI Filenames

+** +** ^If [URI filename] interpretation is enabled, and the filename argument +** begins with "file:", then the filename is interpreted as a URI. ^URI +** filename interpretation is enabled if the [SQLITE_OPEN_URI] flag is +** set in the fourth argument to sqlite3_open_v2(), or if it has +** been enabled globally using the [SQLITE_CONFIG_URI] option with the +** [sqlite3_config()] method or by the [SQLITE_USE_URI] compile-time option. +** As of SQLite version 3.7.7, URI filename interpretation is turned off +** by default, but future releases of SQLite might enable URI filename +** interpretation by default. See "[URI filenames]" for additional +** information. +** +** URI filenames are parsed according to RFC 3986. ^If the URI contains an +** authority, then it must be either an empty string or the string +** "localhost". ^If the authority is not an empty string or "localhost", an +** error is returned to the caller. ^The fragment component of a URI, if +** present, is ignored. +** +** ^SQLite uses the path component of the URI as the name of the disk file +** which contains the database. ^If the path begins with a '/' character, +** then it is interpreted as an absolute path. ^If the path does not begin +** with a '/' (meaning that the authority section is omitted from the URI) +** then the path is interpreted as a relative path. +** ^(On windows, the first component of an absolute path +** is a drive specification (e.g. "C:").)^ +** +** [[core URI query parameters]] +** The query component of a URI may contain parameters that are interpreted +** either by SQLite itself, or by a [VFS | custom VFS implementation]. +** SQLite and its built-in [VFSes] interpret the +** following query parameters: +** +**
    +**
  • vfs: ^The "vfs" parameter may be used to specify the name of +** a VFS object that provides the operating system interface that should +** be used to access the database file on disk. ^If this option is set to +** an empty string the default VFS object is used. ^Specifying an unknown +** VFS is an error. ^If sqlite3_open_v2() is used and the vfs option is +** present, then the VFS specified by the option takes precedence over +** the value passed as the fourth parameter to sqlite3_open_v2(). +** +**
  • mode: ^(The mode parameter may be set to either "ro", "rw", +** "rwc", or "memory". Attempting to set it to any other value is +** an error)^. +** ^If "ro" is specified, then the database is opened for read-only +** access, just as if the [SQLITE_OPEN_READONLY] flag had been set in the +** third argument to sqlite3_open_v2(). ^If the mode option is set to +** "rw", then the database is opened for read-write (but not create) +** access, as if SQLITE_OPEN_READWRITE (but not SQLITE_OPEN_CREATE) had +** been set. ^Value "rwc" is equivalent to setting both +** SQLITE_OPEN_READWRITE and SQLITE_OPEN_CREATE. ^If the mode option is +** set to "memory" then a pure [in-memory database] that never reads +** or writes from disk is used. ^It is an error to specify a value for +** the mode parameter that is less restrictive than that specified by +** the flags passed in the third parameter to sqlite3_open_v2(). +** +**
  • cache: ^The cache parameter may be set to either "shared" or +** "private". ^Setting it to "shared" is equivalent to setting the +** SQLITE_OPEN_SHAREDCACHE bit in the flags argument passed to +** sqlite3_open_v2(). ^Setting the cache parameter to "private" is +** equivalent to setting the SQLITE_OPEN_PRIVATECACHE bit. +** ^If sqlite3_open_v2() is used and the "cache" parameter is present in +** a URI filename, its value overrides any behavior requested by setting +** SQLITE_OPEN_PRIVATECACHE or SQLITE_OPEN_SHAREDCACHE flag. +** +**
  • psow: ^The psow parameter indicates whether or not the +** [powersafe overwrite] property does or does not apply to the +** storage media on which the database file resides. +** +**
  • nolock: ^The nolock parameter is a boolean query parameter +** which if set disables file locking in rollback journal modes. This +** is useful for accessing a database on a filesystem that does not +** support locking. Caution: Database corruption might result if two +** or more processes write to the same database and any one of those +** processes uses nolock=1. +** +**
  • immutable: ^The immutable parameter is a boolean query +** parameter that indicates that the database file is stored on +** read-only media. ^When immutable is set, SQLite assumes that the +** database file cannot be changed, even by a process with higher +** privilege, and so the database is opened read-only and all locking +** and change detection is disabled. Caution: Setting the immutable +** property on a database file that does in fact change can result +** in incorrect query results and/or [SQLITE_CORRUPT] errors. +** See also: [SQLITE_IOCAP_IMMUTABLE]. +** +**
+** +** ^Specifying an unknown parameter in the query component of a URI is not an +** error. Future versions of SQLite might understand additional query +** parameters. See "[query parameters with special meaning to SQLite]" for +** additional information. +** +** [[URI filename examples]]

URI filename examples

+** +** +**
URI filenames Results +**
file:data.db +** Open the file "data.db" in the current directory. +**
file:/home/fred/data.db
+** file:///home/fred/data.db
+** file://localhost/home/fred/data.db
+** Open the database file "/home/fred/data.db". +**
file://darkstar/home/fred/data.db +** An error. "darkstar" is not a recognized authority. +**
+** file:///C:/Documents%20and%20Settings/fred/Desktop/data.db +** Windows only: Open the file "data.db" on fred's desktop on drive +** C:. Note that the %20 escaping in this example is not strictly +** necessary - space characters can be used literally +** in URI filenames. +**
file:data.db?mode=ro&cache=private +** Open file "data.db" in the current directory for read-only access. +** Regardless of whether or not shared-cache mode is enabled by +** default, use a private cache. +**
file:/home/fred/data.db?vfs=unix-dotfile +** Open file "/home/fred/data.db". Use the special VFS "unix-dotfile" +** that uses dot-files in place of posix advisory locking. +**
file:data.db?mode=readonly +** An error. "readonly" is not a valid option for the "mode" parameter. +**
+** +** ^URI hexadecimal escape sequences (%HH) are supported within the path and +** query components of a URI. A hexadecimal escape sequence consists of a +** percent sign - "%" - followed by exactly two hexadecimal digits +** specifying an octet value. ^Before the path or query components of a +** URI filename are interpreted, they are encoded using UTF-8 and all +** hexadecimal escape sequences replaced by a single byte containing the +** corresponding octet. If this process generates an invalid UTF-8 encoding, +** the results are undefined. +** +** Note to Windows users: The encoding used for the filename argument +** of sqlite3_open() and sqlite3_open_v2() must be UTF-8, not whatever +** codepage is currently defined. Filenames containing international +** characters must be converted to UTF-8 prior to passing them into +** sqlite3_open() or sqlite3_open_v2(). +** +** Note to Windows Runtime users: The temporary directory must be set +** prior to calling sqlite3_open() or sqlite3_open_v2(). Otherwise, various +** features that require the use of temporary files may fail. +** +** See also: [sqlite3_temp_directory] +*/ +SQLITE_API int sqlite3_open( + const char *filename, /* Database filename (UTF-8) */ + sqlite3 **ppDb /* OUT: SQLite db handle */ +); +SQLITE_API int sqlite3_open16( + const void *filename, /* Database filename (UTF-16) */ + sqlite3 **ppDb /* OUT: SQLite db handle */ +); +SQLITE_API int sqlite3_open_v2( + const char *filename, /* Database filename (UTF-8) */ + sqlite3 **ppDb, /* OUT: SQLite db handle */ + int flags, /* Flags */ + const char *zVfs /* Name of VFS module to use */ +); + +/* +** CAPI3REF: Obtain Values For URI Parameters +** +** These are utility routines, useful to VFS implementations, that check +** to see if a database file was a URI that contained a specific query +** parameter, and if so obtains the value of that query parameter. +** +** If F is the database filename pointer passed into the xOpen() method of +** a VFS implementation when the flags parameter to xOpen() has one or +** more of the [SQLITE_OPEN_URI] or [SQLITE_OPEN_MAIN_DB] bits set and +** P is the name of the query parameter, then +** sqlite3_uri_parameter(F,P) returns the value of the P +** parameter if it exists or a NULL pointer if P does not appear as a +** query parameter on F. If P is a query parameter of F +** has no explicit value, then sqlite3_uri_parameter(F,P) returns +** a pointer to an empty string. +** +** The sqlite3_uri_boolean(F,P,B) routine assumes that P is a boolean +** parameter and returns true (1) or false (0) according to the value +** of P. The sqlite3_uri_boolean(F,P,B) routine returns true (1) if the +** value of query parameter P is one of "yes", "true", or "on" in any +** case or if the value begins with a non-zero number. The +** sqlite3_uri_boolean(F,P,B) routines returns false (0) if the value of +** query parameter P is one of "no", "false", or "off" in any case or +** if the value begins with a numeric zero. If P is not a query +** parameter on F or if the value of P is does not match any of the +** above, then sqlite3_uri_boolean(F,P,B) returns (B!=0). +** +** The sqlite3_uri_int64(F,P,D) routine converts the value of P into a +** 64-bit signed integer and returns that integer, or D if P does not +** exist. If the value of P is something other than an integer, then +** zero is returned. +** +** If F is a NULL pointer, then sqlite3_uri_parameter(F,P) returns NULL and +** sqlite3_uri_boolean(F,P,B) returns B. If F is not a NULL pointer and +** is not a database file pathname pointer that SQLite passed into the xOpen +** VFS method, then the behavior of this routine is undefined and probably +** undesirable. +*/ +SQLITE_API const char *sqlite3_uri_parameter(const char *zFilename, const char *zParam); +SQLITE_API int sqlite3_uri_boolean(const char *zFile, const char *zParam, int bDefault); +SQLITE_API sqlite3_int64 sqlite3_uri_int64(const char*, const char*, sqlite3_int64); + + +/* +** CAPI3REF: Error Codes And Messages +** METHOD: sqlite3 +** +** ^If the most recent sqlite3_* API call associated with +** [database connection] D failed, then the sqlite3_errcode(D) interface +** returns the numeric [result code] or [extended result code] for that +** API call. +** If the most recent API call was successful, +** then the return value from sqlite3_errcode() is undefined. +** ^The sqlite3_extended_errcode() +** interface is the same except that it always returns the +** [extended result code] even when extended result codes are +** disabled. +** +** ^The sqlite3_errmsg() and sqlite3_errmsg16() return English-language +** text that describes the error, as either UTF-8 or UTF-16 respectively. +** ^(Memory to hold the error message string is managed internally. +** The application does not need to worry about freeing the result. +** However, the error string might be overwritten or deallocated by +** subsequent calls to other SQLite interface functions.)^ +** +** ^The sqlite3_errstr() interface returns the English-language text +** that describes the [result code], as UTF-8. +** ^(Memory to hold the error message string is managed internally +** and must not be freed by the application)^. +** +** When the serialized [threading mode] is in use, it might be the +** case that a second error occurs on a separate thread in between +** the time of the first error and the call to these interfaces. +** When that happens, the second error will be reported since these +** interfaces always report the most recent result. To avoid +** this, each thread can obtain exclusive use of the [database connection] D +** by invoking [sqlite3_mutex_enter]([sqlite3_db_mutex](D)) before beginning +** to use D and invoking [sqlite3_mutex_leave]([sqlite3_db_mutex](D)) after +** all calls to the interfaces listed here are completed. +** +** If an interface fails with SQLITE_MISUSE, that means the interface +** was invoked incorrectly by the application. In that case, the +** error code and message may or may not be set. +*/ +SQLITE_API int sqlite3_errcode(sqlite3 *db); +SQLITE_API int sqlite3_extended_errcode(sqlite3 *db); +SQLITE_API const char *sqlite3_errmsg(sqlite3*); +SQLITE_API const void *sqlite3_errmsg16(sqlite3*); +SQLITE_API const char *sqlite3_errstr(int); + +/* +** CAPI3REF: Prepared Statement Object +** KEYWORDS: {prepared statement} {prepared statements} +** +** An instance of this object represents a single SQL statement that +** has been compiled into binary form and is ready to be evaluated. +** +** Think of each SQL statement as a separate computer program. The +** original SQL text is source code. A prepared statement object +** is the compiled object code. All SQL must be converted into a +** prepared statement before it can be run. +** +** The life-cycle of a prepared statement object usually goes like this: +** +**
    +**
  1. Create the prepared statement object using [sqlite3_prepare_v2()]. +**
  2. Bind values to [parameters] using the sqlite3_bind_*() +** interfaces. +**
  3. Run the SQL by calling [sqlite3_step()] one or more times. +**
  4. Reset the prepared statement using [sqlite3_reset()] then go back +** to step 2. Do this zero or more times. +**
  5. Destroy the object using [sqlite3_finalize()]. +**
+*/ +typedef struct sqlite3_stmt sqlite3_stmt; + +/* +** CAPI3REF: Run-time Limits +** METHOD: sqlite3 +** +** ^(This interface allows the size of various constructs to be limited +** on a connection by connection basis. The first parameter is the +** [database connection] whose limit is to be set or queried. The +** second parameter is one of the [limit categories] that define a +** class of constructs to be size limited. The third parameter is the +** new limit for that construct.)^ +** +** ^If the new limit is a negative number, the limit is unchanged. +** ^(For each limit category SQLITE_LIMIT_NAME there is a +** [limits | hard upper bound] +** set at compile-time by a C preprocessor macro called +** [limits | SQLITE_MAX_NAME]. +** (The "_LIMIT_" in the name is changed to "_MAX_".))^ +** ^Attempts to increase a limit above its hard upper bound are +** silently truncated to the hard upper bound. +** +** ^Regardless of whether or not the limit was changed, the +** [sqlite3_limit()] interface returns the prior value of the limit. +** ^Hence, to find the current value of a limit without changing it, +** simply invoke this interface with the third parameter set to -1. +** +** Run-time limits are intended for use in applications that manage +** both their own internal database and also databases that are controlled +** by untrusted external sources. An example application might be a +** web browser that has its own databases for storing history and +** separate databases controlled by JavaScript applications downloaded +** off the Internet. The internal databases can be given the +** large, default limits. Databases managed by external sources can +** be given much smaller limits designed to prevent a denial of service +** attack. Developers might also want to use the [sqlite3_set_authorizer()] +** interface to further control untrusted SQL. The size of the database +** created by an untrusted script can be contained using the +** [max_page_count] [PRAGMA]. +** +** New run-time limit categories may be added in future releases. +*/ +SQLITE_API int sqlite3_limit(sqlite3*, int id, int newVal); + +/* +** CAPI3REF: Run-Time Limit Categories +** KEYWORDS: {limit category} {*limit categories} +** +** These constants define various performance limits +** that can be lowered at run-time using [sqlite3_limit()]. +** The synopsis of the meanings of the various limits is shown below. +** Additional information is available at [limits | Limits in SQLite]. +** +**
+** [[SQLITE_LIMIT_LENGTH]] ^(
SQLITE_LIMIT_LENGTH
+**
The maximum size of any string or BLOB or table row, in bytes.
)^ +** +** [[SQLITE_LIMIT_SQL_LENGTH]] ^(
SQLITE_LIMIT_SQL_LENGTH
+**
The maximum length of an SQL statement, in bytes.
)^ +** +** [[SQLITE_LIMIT_COLUMN]] ^(
SQLITE_LIMIT_COLUMN
+**
The maximum number of columns in a table definition or in the +** result set of a [SELECT] or the maximum number of columns in an index +** or in an ORDER BY or GROUP BY clause.
)^ +** +** [[SQLITE_LIMIT_EXPR_DEPTH]] ^(
SQLITE_LIMIT_EXPR_DEPTH
+**
The maximum depth of the parse tree on any expression.
)^ +** +** [[SQLITE_LIMIT_COMPOUND_SELECT]] ^(
SQLITE_LIMIT_COMPOUND_SELECT
+**
The maximum number of terms in a compound SELECT statement.
)^ +** +** [[SQLITE_LIMIT_VDBE_OP]] ^(
SQLITE_LIMIT_VDBE_OP
+**
The maximum number of instructions in a virtual machine program +** used to implement an SQL statement. This limit is not currently +** enforced, though that might be added in some future release of +** SQLite.
)^ +** +** [[SQLITE_LIMIT_FUNCTION_ARG]] ^(
SQLITE_LIMIT_FUNCTION_ARG
+**
The maximum number of arguments on a function.
)^ +** +** [[SQLITE_LIMIT_ATTACHED]] ^(
SQLITE_LIMIT_ATTACHED
+**
The maximum number of [ATTACH | attached databases].)^
+** +** [[SQLITE_LIMIT_LIKE_PATTERN_LENGTH]] +** ^(
SQLITE_LIMIT_LIKE_PATTERN_LENGTH
+**
The maximum length of the pattern argument to the [LIKE] or +** [GLOB] operators.
)^ +** +** [[SQLITE_LIMIT_VARIABLE_NUMBER]] +** ^(
SQLITE_LIMIT_VARIABLE_NUMBER
+**
The maximum index number of any [parameter] in an SQL statement.)^ +** +** [[SQLITE_LIMIT_TRIGGER_DEPTH]] ^(
SQLITE_LIMIT_TRIGGER_DEPTH
+**
The maximum depth of recursion for triggers.
)^ +** +** [[SQLITE_LIMIT_WORKER_THREADS]] ^(
SQLITE_LIMIT_WORKER_THREADS
+**
The maximum number of auxiliary worker threads that a single +** [prepared statement] may start.
)^ +**
+*/ +#define SQLITE_LIMIT_LENGTH 0 +#define SQLITE_LIMIT_SQL_LENGTH 1 +#define SQLITE_LIMIT_COLUMN 2 +#define SQLITE_LIMIT_EXPR_DEPTH 3 +#define SQLITE_LIMIT_COMPOUND_SELECT 4 +#define SQLITE_LIMIT_VDBE_OP 5 +#define SQLITE_LIMIT_FUNCTION_ARG 6 +#define SQLITE_LIMIT_ATTACHED 7 +#define SQLITE_LIMIT_LIKE_PATTERN_LENGTH 8 +#define SQLITE_LIMIT_VARIABLE_NUMBER 9 +#define SQLITE_LIMIT_TRIGGER_DEPTH 10 +#define SQLITE_LIMIT_WORKER_THREADS 11 + +/* +** CAPI3REF: Compiling An SQL Statement +** KEYWORDS: {SQL statement compiler} +** METHOD: sqlite3 +** CONSTRUCTOR: sqlite3_stmt +** +** To execute an SQL query, it must first be compiled into a byte-code +** program using one of these routines. +** +** The first argument, "db", is a [database connection] obtained from a +** prior successful call to [sqlite3_open()], [sqlite3_open_v2()] or +** [sqlite3_open16()]. The database connection must not have been closed. +** +** The second argument, "zSql", is the statement to be compiled, encoded +** as either UTF-8 or UTF-16. The sqlite3_prepare() and sqlite3_prepare_v2() +** interfaces use UTF-8, and sqlite3_prepare16() and sqlite3_prepare16_v2() +** use UTF-16. +** +** ^If the nByte argument is negative, then zSql is read up to the +** first zero terminator. ^If nByte is positive, then it is the +** number of bytes read from zSql. ^If nByte is zero, then no prepared +** statement is generated. +** If the caller knows that the supplied string is nul-terminated, then +** there is a small performance advantage to passing an nByte parameter that +** is the number of bytes in the input string including +** the nul-terminator. +** +** ^If pzTail is not NULL then *pzTail is made to point to the first byte +** past the end of the first SQL statement in zSql. These routines only +** compile the first statement in zSql, so *pzTail is left pointing to +** what remains uncompiled. +** +** ^*ppStmt is left pointing to a compiled [prepared statement] that can be +** executed using [sqlite3_step()]. ^If there is an error, *ppStmt is set +** to NULL. ^If the input text contains no SQL (if the input is an empty +** string or a comment) then *ppStmt is set to NULL. +** The calling procedure is responsible for deleting the compiled +** SQL statement using [sqlite3_finalize()] after it has finished with it. +** ppStmt may not be NULL. +** +** ^On success, the sqlite3_prepare() family of routines return [SQLITE_OK]; +** otherwise an [error code] is returned. +** +** The sqlite3_prepare_v2() and sqlite3_prepare16_v2() interfaces are +** recommended for all new programs. The two older interfaces are retained +** for backwards compatibility, but their use is discouraged. +** ^In the "v2" interfaces, the prepared statement +** that is returned (the [sqlite3_stmt] object) contains a copy of the +** original SQL text. This causes the [sqlite3_step()] interface to +** behave differently in three ways: +** +**
    +**
  1. +** ^If the database schema changes, instead of returning [SQLITE_SCHEMA] as it +** always used to do, [sqlite3_step()] will automatically recompile the SQL +** statement and try to run it again. As many as [SQLITE_MAX_SCHEMA_RETRY] +** retries will occur before sqlite3_step() gives up and returns an error. +**
    2. +** +**
  2. +** ^When an error occurs, [sqlite3_step()] will return one of the detailed +** [error codes] or [extended error codes]. ^The legacy behavior was that +** [sqlite3_step()] would only return a generic [SQLITE_ERROR] result code +** and the application would have to make a second call to [sqlite3_reset()] +** in order to find the underlying cause of the problem. With the "v2" prepare +** interfaces, the underlying reason for the error is returned immediately. +**
    3. +** +**
  3. +** ^If the specific value bound to [parameter | host parameter] in the +** WHERE clause might influence the choice of query plan for a statement, +** then the statement will be automatically recompiled, as if there had been +** a schema change, on the first [sqlite3_step()] call following any change +** to the [sqlite3_bind_text | bindings] of that [parameter]. +** ^The specific value of WHERE-clause [parameter] might influence the +** choice of query plan if the parameter is the left-hand side of a [LIKE] +** or [GLOB] operator or if the parameter is compared to an indexed column +** and the [SQLITE_ENABLE_STAT3] compile-time option is enabled. +**
    4. +**
+*/ +SQLITE_API int sqlite3_prepare( + sqlite3 *db, /* Database handle */ + const char *zSql, /* SQL statement, UTF-8 encoded */ + int nByte, /* Maximum length of zSql in bytes. */ + sqlite3_stmt **ppStmt, /* OUT: Statement handle */ + const char **pzTail /* OUT: Pointer to unused portion of zSql */ +); +SQLITE_API int sqlite3_prepare_v2( + sqlite3 *db, /* Database handle */ + const char *zSql, /* SQL statement, UTF-8 encoded */ + int nByte, /* Maximum length of zSql in bytes. */ + sqlite3_stmt **ppStmt, /* OUT: Statement handle */ + const char **pzTail /* OUT: Pointer to unused portion of zSql */ +); +SQLITE_API int sqlite3_prepare16( + sqlite3 *db, /* Database handle */ + const void *zSql, /* SQL statement, UTF-16 encoded */ + int nByte, /* Maximum length of zSql in bytes. */ + sqlite3_stmt **ppStmt, /* OUT: Statement handle */ + const void **pzTail /* OUT: Pointer to unused portion of zSql */ +); +SQLITE_API int sqlite3_prepare16_v2( + sqlite3 *db, /* Database handle */ + const void *zSql, /* SQL statement, UTF-16 encoded */ + int nByte, /* Maximum length of zSql in bytes. */ + sqlite3_stmt **ppStmt, /* OUT: Statement handle */ + const void **pzTail /* OUT: Pointer to unused portion of zSql */ +); + +/* +** CAPI3REF: Retrieving Statement SQL +** METHOD: sqlite3_stmt +** +** ^The sqlite3_sql(P) interface returns a pointer to a copy of the UTF-8 +** SQL text used to create [prepared statement] P if P was +** created by either [sqlite3_prepare_v2()] or [sqlite3_prepare16_v2()]. +** ^The sqlite3_expanded_sql(P) interface returns a pointer to a UTF-8 +** string containing the SQL text of prepared statement P with +** [bound parameters] expanded. +** +** ^(For example, if a prepared statement is created using the SQL +** text "SELECT $abc,:xyz" and if parameter $abc is bound to integer 2345 +** and parameter :xyz is unbound, then sqlite3_sql() will return +** the original string, "SELECT $abc,:xyz" but sqlite3_expanded_sql() +** will return "SELECT 2345,NULL".)^ +** +** ^The sqlite3_expanded_sql() interface returns NULL if insufficient memory +** is available to hold the result, or if the result would exceed the +** the maximum string length determined by the [SQLITE_LIMIT_LENGTH]. +** +** ^The [SQLITE_TRACE_SIZE_LIMIT] compile-time option limits the size of +** bound parameter expansions. ^The [SQLITE_OMIT_TRACE] compile-time +** option causes sqlite3_expanded_sql() to always return NULL. +** +** ^The string returned by sqlite3_sql(P) is managed by SQLite and is +** automatically freed when the prepared statement is finalized. +** ^The string returned by sqlite3_expanded_sql(P), on the other hand, +** is obtained from [sqlite3_malloc()] and must be free by the application +** by passing it to [sqlite3_free()]. +*/ +SQLITE_API const char *sqlite3_sql(sqlite3_stmt *pStmt); +SQLITE_API char *sqlite3_expanded_sql(sqlite3_stmt *pStmt); + +/* +** CAPI3REF: Determine If An SQL Statement Writes The Database +** METHOD: sqlite3_stmt +** +** ^The sqlite3_stmt_readonly(X) interface returns true (non-zero) if +** and only if the [prepared statement] X makes no direct changes to +** the content of the database file. +** +** Note that [application-defined SQL functions] or +** [virtual tables] might change the database indirectly as a side effect. +** ^(For example, if an application defines a function "eval()" that +** calls [sqlite3_exec()], then the following SQL statement would +** change the database file through side-effects: +** +** 
+**    SELECT eval('DELETE FROM t1') FROM t2;
+**
+** +** But because the [SELECT] statement does not change the database file +** directly, sqlite3_stmt_readonly() would still return true.)^ +** +** ^Transaction control statements such as [BEGIN], [COMMIT], [ROLLBACK], +** [SAVEPOINT], and [RELEASE] cause sqlite3_stmt_readonly() to return true, +** since the statements themselves do not actually modify the database but +** rather they control the timing of when other statements modify the +** database. ^The [ATTACH] and [DETACH] statements also cause +** sqlite3_stmt_readonly() to return true since, while those statements +** change the configuration of a database connection, they do not make +** changes to the content of the database files on disk. +*/ +SQLITE_API int sqlite3_stmt_readonly(sqlite3_stmt *pStmt); + +/* +** CAPI3REF: Determine If A Prepared Statement Has Been Reset +** METHOD: sqlite3_stmt +** +** ^The sqlite3_stmt_busy(S) interface returns true (non-zero) if the +** [prepared statement] S has been stepped at least once using +** [sqlite3_step(S)] but has neither run to completion (returned +** [SQLITE_DONE] from [sqlite3_step(S)]) nor +** been reset using [sqlite3_reset(S)]. ^The sqlite3_stmt_busy(S) +** interface returns false if S is a NULL pointer. If S is not a +** NULL pointer and is not a pointer to a valid [prepared statement] +** object, then the behavior is undefined and probably undesirable. +** +** This interface can be used in combination [sqlite3_next_stmt()] +** to locate all prepared statements associated with a database +** connection that are in need of being reset. This can be used, +** for example, in diagnostic routines to search for prepared +** statements that are holding a transaction open. +*/ +SQLITE_API int sqlite3_stmt_busy(sqlite3_stmt*); + +/* +** CAPI3REF: Dynamically Typed Value Object +** KEYWORDS: {protected sqlite3_value} {unprotected sqlite3_value} +** +** SQLite uses the sqlite3_value object to represent all values +** that can be stored in a database table. SQLite uses dynamic typing +** for the values it stores. ^Values stored in sqlite3_value objects +** can be integers, floating point values, strings, BLOBs, or NULL. +** +** An sqlite3_value object may be either "protected" or "unprotected". +** Some interfaces require a protected sqlite3_value. Other interfaces +** will accept either a protected or an unprotected sqlite3_value. +** Every interface that accepts sqlite3_value arguments specifies +** whether or not it requires a protected sqlite3_value. The +** [sqlite3_value_dup()] interface can be used to construct a new +** protected sqlite3_value from an unprotected sqlite3_value. +** +** The terms "protected" and "unprotected" refer to whether or not +** a mutex is held. An internal mutex is held for a protected +** sqlite3_value object but no mutex is held for an unprotected +** sqlite3_value object. If SQLite is compiled to be single-threaded +** (with [SQLITE_THREADSAFE=0] and with [sqlite3_threadsafe()] returning 0) +** or if SQLite is run in one of reduced mutex modes +** [SQLITE_CONFIG_SINGLETHREAD] or [SQLITE_CONFIG_MULTITHREAD] +** then there is no distinction between protected and unprotected +** sqlite3_value objects and they can be used interchangeably. However, +** for maximum code portability it is recommended that applications +** still make the distinction between protected and unprotected +** sqlite3_value objects even when not strictly required. +** +** ^The sqlite3_value objects that are passed as parameters into the +** implementation of [application-defined SQL functions] are protected. +** ^The sqlite3_value object returned by +** [sqlite3_column_value()] is unprotected. +** Unprotected sqlite3_value objects may only be used with +** [sqlite3_result_value()] and [sqlite3_bind_value()]. +** The [sqlite3_value_blob | sqlite3_value_type()] family of +** interfaces require protected sqlite3_value objects. +*/ +typedef struct Mem sqlite3_value; + +/* +** CAPI3REF: SQL Function Context Object +** +** The context in which an SQL function executes is stored in an +** sqlite3_context object. ^A pointer to an sqlite3_context object +** is always first parameter to [application-defined SQL functions]. +** The application-defined SQL function implementation will pass this +** pointer through into calls to [sqlite3_result_int | sqlite3_result()], +** [sqlite3_aggregate_context()], [sqlite3_user_data()], +** [sqlite3_context_db_handle()], [sqlite3_get_auxdata()], +** and/or [sqlite3_set_auxdata()]. +*/ +typedef struct sqlite3_context sqlite3_context; + +/* +** CAPI3REF: Binding Values To Prepared Statements +** KEYWORDS: {host parameter} {host parameters} {host parameter name} +** KEYWORDS: {SQL parameter} {SQL parameters} {parameter binding} +** METHOD: sqlite3_stmt +** +** ^(In the SQL statement text input to [sqlite3_prepare_v2()] and its variants, +** literals may be replaced by a [parameter] that matches one of following +** templates: +** +**
    +**
  • ? +**
  • ?NNN +**
  • :VVV +**
  • @VVV +**
  • $VVV +**
+** +** In the templates above, NNN represents an integer literal, +** and VVV represents an alphanumeric identifier.)^ ^The values of these +** parameters (also called "host parameter names" or "SQL parameters") +** can be set using the sqlite3_bind_*() routines defined here. +** +** ^The first argument to the sqlite3_bind_*() routines is always +** a pointer to the [sqlite3_stmt] object returned from +** [sqlite3_prepare_v2()] or its variants. +** +** ^The second argument is the index of the SQL parameter to be set. +** ^The leftmost SQL parameter has an index of 1. ^When the same named +** SQL parameter is used more than once, second and subsequent +** occurrences have the same index as the first occurrence. +** ^The index for named parameters can be looked up using the +** [sqlite3_bind_parameter_index()] API if desired. ^The index +** for "?NNN" parameters is the value of NNN. +** ^The NNN value must be between 1 and the [sqlite3_limit()] +** parameter [SQLITE_LIMIT_VARIABLE_NUMBER] (default value: 999). +** +** ^The third argument is the value to bind to the parameter. +** ^If the third parameter to sqlite3_bind_text() or sqlite3_bind_text16() +** or sqlite3_bind_blob() is a NULL pointer then the fourth parameter +** is ignored and the end result is the same as sqlite3_bind_null(). +** +** ^(In those routines that have a fourth argument, its value is the +** number of bytes in the parameter. To be clear: the value is the +** number of bytes in the value, not the number of characters.)^ +** ^If the fourth parameter to sqlite3_bind_text() or sqlite3_bind_text16() +** is negative, then the length of the string is +** the number of bytes up to the first zero terminator. +** If the fourth parameter to sqlite3_bind_blob() is negative, then +** the behavior is undefined. +** If a non-negative fourth parameter is provided to sqlite3_bind_text() +** or sqlite3_bind_text16() or sqlite3_bind_text64() then +** that parameter must be the byte offset +** where the NUL terminator would occur assuming the string were NUL +** terminated. If any NUL characters occur at byte offsets less than +** the value of the fourth parameter then the resulting string value will +** contain embedded NULs. The result of expressions involving strings +** with embedded NULs is undefined. +** +** ^The fifth argument to the BLOB and string binding interfaces +** is a destructor used to dispose of the BLOB or +** string after SQLite has finished with it. ^The destructor is called +** to dispose of the BLOB or string even if the call to bind API fails. +** ^If the fifth argument is +** the special value [SQLITE_STATIC], then SQLite assumes that the +** information is in static, unmanaged space and does not need to be freed. +** ^If the fifth argument has the value [SQLITE_TRANSIENT], then +** SQLite makes its own private copy of the data immediately, before +** the sqlite3_bind_*() routine returns. +** +** ^The sixth argument to sqlite3_bind_text64() must be one of +** [SQLITE_UTF8], [SQLITE_UTF16], [SQLITE_UTF16BE], or [SQLITE_UTF16LE] +** to specify the encoding of the text in the third parameter. If +** the sixth argument to sqlite3_bind_text64() is not one of the +** allowed values shown above, or if the text encoding is different +** from the encoding specified by the sixth parameter, then the behavior +** is undefined. +** +** ^The sqlite3_bind_zeroblob() routine binds a BLOB of length N that +** is filled with zeroes. ^A zeroblob uses a fixed amount of memory +** (just an integer to hold its size) while it is being processed. +** Zeroblobs are intended to serve as placeholders for BLOBs whose +** content is later written using +** [sqlite3_blob_open | incremental BLOB I/O] routines. +** ^A negative value for the zeroblob results in a zero-length BLOB. +** +** ^If any of the sqlite3_bind_*() routines are called with a NULL pointer +** for the [prepared statement] or with a prepared statement for which +** [sqlite3_step()] has been called more recently than [sqlite3_reset()], +** then the call will return [SQLITE_MISUSE]. If any sqlite3_bind_() +** routine is passed a [prepared statement] that has been finalized, the +** result is undefined and probably harmful. +** +** ^Bindings are not cleared by the [sqlite3_reset()] routine. +** ^Unbound parameters are interpreted as NULL. +** +** ^The sqlite3_bind_* routines return [SQLITE_OK] on success or an +** [error code] if anything goes wrong. +** ^[SQLITE_TOOBIG] might be returned if the size of a string or BLOB +** exceeds limits imposed by [sqlite3_limit]([SQLITE_LIMIT_LENGTH]) or +** [SQLITE_MAX_LENGTH]. +** ^[SQLITE_RANGE] is returned if the parameter +** index is out of range. ^[SQLITE_NOMEM] is returned if malloc() fails. +** +** See also: [sqlite3_bind_parameter_count()], +** [sqlite3_bind_parameter_name()], and [sqlite3_bind_parameter_index()]. +*/ +SQLITE_API int sqlite3_bind_blob(sqlite3_stmt*, int, const void*, int n, void(*)(void*)); +SQLITE_API int sqlite3_bind_blob64(sqlite3_stmt*, int, const void*, sqlite3_uint64, + void(*)(void*)); +SQLITE_API int sqlite3_bind_double(sqlite3_stmt*, int, double); +SQLITE_API int sqlite3_bind_int(sqlite3_stmt*, int, int); +SQLITE_API int sqlite3_bind_int64(sqlite3_stmt*, int, sqlite3_int64); +SQLITE_API int sqlite3_bind_null(sqlite3_stmt*, int); +SQLITE_API int sqlite3_bind_text(sqlite3_stmt*,int,const char*,int,void(*)(void*)); +SQLITE_API int sqlite3_bind_text16(sqlite3_stmt*, int, const void*, int, void(*)(void*)); +SQLITE_API int sqlite3_bind_text64(sqlite3_stmt*, int, const char*, sqlite3_uint64, + void(*)(void*), unsigned char encoding); +SQLITE_API int sqlite3_bind_value(sqlite3_stmt*, int, const sqlite3_value*); +SQLITE_API int sqlite3_bind_zeroblob(sqlite3_stmt*, int, int n); +SQLITE_API int sqlite3_bind_zeroblob64(sqlite3_stmt*, int, sqlite3_uint64); + +/* +** CAPI3REF: Number Of SQL Parameters +** METHOD: sqlite3_stmt +** +** ^This routine can be used to find the number of [SQL parameters] +** in a [prepared statement]. SQL parameters are tokens of the +** form "?", "?NNN", ":AAA", "$AAA", or "@AAA" that serve as +** placeholders for values that are [sqlite3_bind_blob | bound] +** to the parameters at a later time. +** +** ^(This routine actually returns the index of the largest (rightmost) +** parameter. For all forms except ?NNN, this will correspond to the +** number of unique parameters. If parameters of the ?NNN form are used, +** there may be gaps in the list.)^ +** +** See also: [sqlite3_bind_blob|sqlite3_bind()], +** [sqlite3_bind_parameter_name()], and +** [sqlite3_bind_parameter_index()]. +*/ +SQLITE_API int sqlite3_bind_parameter_count(sqlite3_stmt*); + +/* +** CAPI3REF: Name Of A Host Parameter +** METHOD: sqlite3_stmt +** +** ^The sqlite3_bind_parameter_name(P,N) interface returns +** the name of the N-th [SQL parameter] in the [prepared statement] P. +** ^(SQL parameters of the form "?NNN" or ":AAA" or "@AAA" or "$AAA" +** have a name which is the string "?NNN" or ":AAA" or "@AAA" or "$AAA" +** respectively. +** In other words, the initial ":" or "$" or "@" or "?" +** is included as part of the name.)^ +** ^Parameters of the form "?" without a following integer have no name +** and are referred to as "nameless" or "anonymous parameters". +** +** ^The first host parameter has an index of 1, not 0. +** +** ^If the value N is out of range or if the N-th parameter is +** nameless, then NULL is returned. ^The returned string is +** always in UTF-8 encoding even if the named parameter was +** originally specified as UTF-16 in [sqlite3_prepare16()] or +** [sqlite3_prepare16_v2()]. +** +** See also: [sqlite3_bind_blob|sqlite3_bind()], +** [sqlite3_bind_parameter_count()], and +** [sqlite3_bind_parameter_index()]. +*/ +SQLITE_API const char *sqlite3_bind_parameter_name(sqlite3_stmt*, int); + +/* +** CAPI3REF: Index Of A Parameter With A Given Name +** METHOD: sqlite3_stmt +** +** ^Return the index of an SQL parameter given its name. ^The +** index value returned is suitable for use as the second +** parameter to [sqlite3_bind_blob|sqlite3_bind()]. ^A zero +** is returned if no matching parameter is found. ^The parameter +** name must be given in UTF-8 even if the original statement +** was prepared from UTF-16 text using [sqlite3_prepare16_v2()]. +** +** See also: [sqlite3_bind_blob|sqlite3_bind()], +** [sqlite3_bind_parameter_count()], and +** [sqlite3_bind_parameter_name()]. +*/ +SQLITE_API int sqlite3_bind_parameter_index(sqlite3_stmt*, const char *zName); + +/* +** CAPI3REF: Reset All Bindings On A Prepared Statement +** METHOD: sqlite3_stmt +** +** ^Contrary to the intuition of many, [sqlite3_reset()] does not reset +** the [sqlite3_bind_blob | bindings] on a [prepared statement]. +** ^Use this routine to reset all host parameters to NULL. +*/ +SQLITE_API int sqlite3_clear_bindings(sqlite3_stmt*); + +/* +** CAPI3REF: Number Of Columns In A Result Set +** METHOD: sqlite3_stmt +** +** ^Return the number of columns in the result set returned by the +** [prepared statement]. ^This routine returns 0 if pStmt is an SQL +** statement that does not return data (for example an [UPDATE]). +** +** See also: [sqlite3_data_count()] +*/ +SQLITE_API int sqlite3_column_count(sqlite3_stmt *pStmt); + +/* +** CAPI3REF: Column Names In A Result Set +** METHOD: sqlite3_stmt +** +** ^These routines return the name assigned to a particular column +** in the result set of a [SELECT] statement. ^The sqlite3_column_name() +** interface returns a pointer to a zero-terminated UTF-8 string +** and sqlite3_column_name16() returns a pointer to a zero-terminated +** UTF-16 string. ^The first parameter is the [prepared statement] +** that implements the [SELECT] statement. ^The second parameter is the +** column number. ^The leftmost column is number 0. +** +** ^The returned string pointer is valid until either the [prepared statement] +** is destroyed by [sqlite3_finalize()] or until the statement is automatically +** reprepared by the first call to [sqlite3_step()] for a particular run +** or until the next call to +** sqlite3_column_name() or sqlite3_column_name16() on the same column. +** +** ^If sqlite3_malloc() fails during the processing of either routine +** (for example during a conversion from UTF-8 to UTF-16) then a +** NULL pointer is returned. +** +** ^The name of a result column is the value of the "AS" clause for +** that column, if there is an AS clause. If there is no AS clause +** then the name of the column is unspecified and may change from +** one release of SQLite to the next. +*/ +SQLITE_API const char *sqlite3_column_name(sqlite3_stmt*, int N); +SQLITE_API const void *sqlite3_column_name16(sqlite3_stmt*, int N); + +/* +** CAPI3REF: Source Of Data In A Query Result +** METHOD: sqlite3_stmt +** +** ^These routines provide a means to determine the database, table, and +** table column that is the origin of a particular result column in +** [SELECT] statement. +** ^The name of the database or table or column can be returned as +** either a UTF-8 or UTF-16 string. ^The _database_ routines return +** the database name, the _table_ routines return the table name, and +** the origin_ routines return the column name. +** ^The returned string is valid until the [prepared statement] is destroyed +** using [sqlite3_finalize()] or until the statement is automatically +** reprepared by the first call to [sqlite3_step()] for a particular run +** or until the same information is requested +** again in a different encoding. +** +** ^The names returned are the original un-aliased names of the +** database, table, and column. +** +** ^The first argument to these interfaces is a [prepared statement]. +** ^These functions return information about the Nth result column returned by +** the statement, where N is the second function argument. +** ^The left-most column is column 0 for these routines. +** +** ^If the Nth column returned by the statement is an expression or +** subquery and is not a column value, then all of these functions return +** NULL. ^These routine might also return NULL if a memory allocation error +** occurs. ^Otherwise, they return the name of the attached database, table, +** or column that query result column was extracted from. +** +** ^As with all other SQLite APIs, those whose names end with "16" return +** UTF-16 encoded strings and the other functions return UTF-8. +** +** ^These APIs are only available if the library was compiled with the +** [SQLITE_ENABLE_COLUMN_METADATA] C-preprocessor symbol. +** +** If two or more threads call one or more of these routines against the same +** prepared statement and column at the same time then the results are +** undefined. +** +** If two or more threads call one or more +** [sqlite3_column_database_name | column metadata interfaces] +** for the same [prepared statement] and result column +** at the same time then the results are undefined. +*/ +SQLITE_API const char *sqlite3_column_database_name(sqlite3_stmt*,int); +SQLITE_API const void *sqlite3_column_database_name16(sqlite3_stmt*,int); +SQLITE_API const char *sqlite3_column_table_name(sqlite3_stmt*,int); +SQLITE_API const void *sqlite3_column_table_name16(sqlite3_stmt*,int); +SQLITE_API const char *sqlite3_column_origin_name(sqlite3_stmt*,int); +SQLITE_API const void *sqlite3_column_origin_name16(sqlite3_stmt*,int); + +/* +** CAPI3REF: Declared Datatype Of A Query Result +** METHOD: sqlite3_stmt +** +** ^(The first parameter is a [prepared statement]. +** If this statement is a [SELECT] statement and the Nth column of the +** returned result set of that [SELECT] is a table column (not an +** expression or subquery) then the declared type of the table +** column is returned.)^ ^If the Nth column of the result set is an +** expression or subquery, then a NULL pointer is returned. +** ^The returned string is always UTF-8 encoded. +** +** ^(For example, given the database schema: +** +** CREATE TABLE t1(c1 VARIANT); +** +** and the following statement to be compiled: +** +** SELECT c1 + 1, c1 FROM t1; +** +** this routine would return the string "VARIANT" for the second result +** column (i==1), and a NULL pointer for the first result column (i==0).)^ +** +** ^SQLite uses dynamic run-time typing. ^So just because a column +** is declared to contain a particular type does not mean that the +** data stored in that column is of the declared type. SQLite is +** strongly typed, but the typing is dynamic not static. ^Type +** is associated with individual values, not with the containers +** used to hold those values. +*/ +SQLITE_API const char *sqlite3_column_decltype(sqlite3_stmt*,int); +SQLITE_API const void *sqlite3_column_decltype16(sqlite3_stmt*,int); + +/* +** CAPI3REF: Evaluate An SQL Statement +** METHOD: sqlite3_stmt +** +** After a [prepared statement] has been prepared using either +** [sqlite3_prepare_v2()] or [sqlite3_prepare16_v2()] or one of the legacy +** interfaces [sqlite3_prepare()] or [sqlite3_prepare16()], this function +** must be called one or more times to evaluate the statement. +** +** The details of the behavior of the sqlite3_step() interface depend +** on whether the statement was prepared using the newer "v2" interface +** [sqlite3_prepare_v2()] and [sqlite3_prepare16_v2()] or the older legacy +** interface [sqlite3_prepare()] and [sqlite3_prepare16()]. The use of the +** new "v2" interface is recommended for new applications but the legacy +** interface will continue to be supported. +** +** ^In the legacy interface, the return value will be either [SQLITE_BUSY], +** [SQLITE_DONE], [SQLITE_ROW], [SQLITE_ERROR], or [SQLITE_MISUSE]. +** ^With the "v2" interface, any of the other [result codes] or +** [extended result codes] might be returned as well. +** +** ^[SQLITE_BUSY] means that the database engine was unable to acquire the +** database locks it needs to do its job. ^If the statement is a [COMMIT] +** or occurs outside of an explicit transaction, then you can retry the +** statement. If the statement is not a [COMMIT] and occurs within an +** explicit transaction then you should rollback the transaction before +** continuing. +** +** ^[SQLITE_DONE] means that the statement has finished executing +** successfully. sqlite3_step() should not be called again on this virtual +** machine without first calling [sqlite3_reset()] to reset the virtual +** machine back to its initial state. +** +** ^If the SQL statement being executed returns any data, then [SQLITE_ROW] +** is returned each time a new row of data is ready for processing by the +** caller. The values may be accessed using the [column access functions]. +** sqlite3_step() is called again to retrieve the next row of data. +** +** ^[SQLITE_ERROR] means that a run-time error (such as a constraint +** violation) has occurred. sqlite3_step() should not be called again on +** the VM. More information may be found by calling [sqlite3_errmsg()]. +** ^With the legacy interface, a more specific error code (for example, +** [SQLITE_INTERRUPT], [SQLITE_SCHEMA], [SQLITE_CORRUPT], and so forth) +** can be obtained by calling [sqlite3_reset()] on the +** [prepared statement]. ^In the "v2" interface, +** the more specific error code is returned directly by sqlite3_step(). +** +** [SQLITE_MISUSE] means that the this routine was called inappropriately. +** Perhaps it was called on a [prepared statement] that has +** already been [sqlite3_finalize | finalized] or on one that had +** previously returned [SQLITE_ERROR] or [SQLITE_DONE]. Or it could +** be the case that the same database connection is being used by two or +** more threads at the same moment in time. +** +** For all versions of SQLite up to and including 3.6.23.1, a call to +** [sqlite3_reset()] was required after sqlite3_step() returned anything +** other than [SQLITE_ROW] before any subsequent invocation of +** sqlite3_step(). Failure to reset the prepared statement using +** [sqlite3_reset()] would result in an [SQLITE_MISUSE] return from +** sqlite3_step(). But after [version 3.6.23.1] ([dateof:3.6.23.1], +** sqlite3_step() began +** calling [sqlite3_reset()] automatically in this circumstance rather +** than returning [SQLITE_MISUSE]. This is not considered a compatibility +** break because any application that ever receives an SQLITE_MISUSE error +** is broken by definition. The [SQLITE_OMIT_AUTORESET] compile-time option +** can be used to restore the legacy behavior. +** +** Goofy Interface Alert: In the legacy interface, the sqlite3_step() +** API always returns a generic error code, [SQLITE_ERROR], following any +** error other than [SQLITE_BUSY] and [SQLITE_MISUSE]. You must call +** [sqlite3_reset()] or [sqlite3_finalize()] in order to find one of the +** specific [error codes] that better describes the error. +** We admit that this is a goofy design. The problem has been fixed +** with the "v2" interface. If you prepare all of your SQL statements +** using either [sqlite3_prepare_v2()] or [sqlite3_prepare16_v2()] instead +** of the legacy [sqlite3_prepare()] and [sqlite3_prepare16()] interfaces, +** then the more specific [error codes] are returned directly +** by sqlite3_step(). The use of the "v2" interface is recommended. +*/ +SQLITE_API int sqlite3_step(sqlite3_stmt*); + +/* +** CAPI3REF: Number of columns in a result set +** METHOD: sqlite3_stmt +** +** ^The sqlite3_data_count(P) interface returns the number of columns in the +** current row of the result set of [prepared statement] P. +** ^If prepared statement P does not have results ready to return +** (via calls to the [sqlite3_column_int | sqlite3_column_*()] of +** interfaces) then sqlite3_data_count(P) returns 0. +** ^The sqlite3_data_count(P) routine also returns 0 if P is a NULL pointer. +** ^The sqlite3_data_count(P) routine returns 0 if the previous call to +** [sqlite3_step](P) returned [SQLITE_DONE]. ^The sqlite3_data_count(P) +** will return non-zero if previous call to [sqlite3_step](P) returned +** [SQLITE_ROW], except in the case of the [PRAGMA incremental_vacuum] +** where it always returns zero since each step of that multi-step +** pragma returns 0 columns of data. +** +** See also: [sqlite3_column_count()] +*/ +SQLITE_API int sqlite3_data_count(sqlite3_stmt *pStmt); + +/* +** CAPI3REF: Fundamental Datatypes +** KEYWORDS: SQLITE_TEXT +** +** ^(Every value in SQLite has one of five fundamental datatypes: +** +**
    +**
  • 64-bit signed integer +**
  • 64-bit IEEE floating point number +**
  • string +**
  • BLOB +**
  • NULL +**
)^ +** +** These constants are codes for each of those types. +** +** Note that the SQLITE_TEXT constant was also used in SQLite version 2 +** for a completely different meaning. Software that links against both +** SQLite version 2 and SQLite version 3 should use SQLITE3_TEXT, not +** SQLITE_TEXT. +*/ +#define SQLITE_INTEGER 1 +#define SQLITE_FLOAT 2 +#define SQLITE_BLOB 4 +#define SQLITE_NULL 5 +#ifdef SQLITE_TEXT +# undef SQLITE_TEXT +#else +# define SQLITE_TEXT 3 +#endif +#define SQLITE3_TEXT 3 + +/* +** CAPI3REF: Result Values From A Query +** KEYWORDS: {column access functions} +** METHOD: sqlite3_stmt +** +** ^These routines return information about a single column of the current +** result row of a query. ^In every case the first argument is a pointer +** to the [prepared statement] that is being evaluated (the [sqlite3_stmt*] +** that was returned from [sqlite3_prepare_v2()] or one of its variants) +** and the second argument is the index of the column for which information +** should be returned. ^The leftmost column of the result set has the index 0. +** ^The number of columns in the result can be determined using +** [sqlite3_column_count()]. +** +** If the SQL statement does not currently point to a valid row, or if the +** column index is out of range, the result is undefined. +** These routines may only be called when the most recent call to +** [sqlite3_step()] has returned [SQLITE_ROW] and neither +** [sqlite3_reset()] nor [sqlite3_finalize()] have been called subsequently. +** If any of these routines are called after [sqlite3_reset()] or +** [sqlite3_finalize()] or after [sqlite3_step()] has returned +** something other than [SQLITE_ROW], the results are undefined. +** If [sqlite3_step()] or [sqlite3_reset()] or [sqlite3_finalize()] +** are called from a different thread while any of these routines +** are pending, then the results are undefined. +** +** ^The sqlite3_column_type() routine returns the +** [SQLITE_INTEGER | datatype code] for the initial data type +** of the result column. ^The returned value is one of [SQLITE_INTEGER], +** [SQLITE_FLOAT], [SQLITE_TEXT], [SQLITE_BLOB], or [SQLITE_NULL]. The value +** returned by sqlite3_column_type() is only meaningful if no type +** conversions have occurred as described below. After a type conversion, +** the value returned by sqlite3_column_type() is undefined. Future +** versions of SQLite may change the behavior of sqlite3_column_type() +** following a type conversion. +** +** ^If the result is a BLOB or UTF-8 string then the sqlite3_column_bytes() +** routine returns the number of bytes in that BLOB or string. +** ^If the result is a UTF-16 string, then sqlite3_column_bytes() converts +** the string to UTF-8 and then returns the number of bytes. +** ^If the result is a numeric value then sqlite3_column_bytes() uses +** [sqlite3_snprintf()] to convert that value to a UTF-8 string and returns +** the number of bytes in that string. +** ^If the result is NULL, then sqlite3_column_bytes() returns zero. +** +** ^If the result is a BLOB or UTF-16 string then the sqlite3_column_bytes16() +** routine returns the number of bytes in that BLOB or string. +** ^If the result is a UTF-8 string, then sqlite3_column_bytes16() converts +** the string to UTF-16 and then returns the number of bytes. +** ^If the result is a numeric value then sqlite3_column_bytes16() uses +** [sqlite3_snprintf()] to convert that value to a UTF-16 string and returns +** the number of bytes in that string. +** ^If the result is NULL, then sqlite3_column_bytes16() returns zero. +** +** ^The values returned by [sqlite3_column_bytes()] and +** [sqlite3_column_bytes16()] do not include the zero terminators at the end +** of the string. ^For clarity: the values returned by +** [sqlite3_column_bytes()] and [sqlite3_column_bytes16()] are the number of +** bytes in the string, not the number of characters. +** +** ^Strings returned by sqlite3_column_text() and sqlite3_column_text16(), +** even empty strings, are always zero-terminated. ^The return +** value from sqlite3_column_blob() for a zero-length BLOB is a NULL pointer. +** +** Warning: ^The object returned by [sqlite3_column_value()] is an +** [unprotected sqlite3_value] object. In a multithreaded environment, +** an unprotected sqlite3_value object may only be used safely with +** [sqlite3_bind_value()] and [sqlite3_result_value()]. +** If the [unprotected sqlite3_value] object returned by +** [sqlite3_column_value()] is used in any other way, including calls +** to routines like [sqlite3_value_int()], [sqlite3_value_text()], +** or [sqlite3_value_bytes()], the behavior is not threadsafe. +** +** These routines attempt to convert the value where appropriate. ^For +** example, if the internal representation is FLOAT and a text result +** is requested, [sqlite3_snprintf()] is used internally to perform the +** conversion automatically. ^(The following table details the conversions +** that are applied: +** +**
+** +**
Internal
Type 		Requested
Type 		Conversion +** +**
NULL INTEGER Result is 0 +**
NULL FLOAT Result is 0.0 +**
NULL TEXT Result is a NULL pointer +**
NULL BLOB Result is a NULL pointer +**
INTEGER FLOAT Convert from integer to float +**
INTEGER TEXT ASCII rendering of the integer +**
INTEGER BLOB Same as INTEGER->TEXT +**
FLOAT INTEGER [CAST] to INTEGER +**
FLOAT TEXT ASCII rendering of the float +**
FLOAT BLOB [CAST] to BLOB +**
TEXT INTEGER [CAST] to INTEGER +**
TEXT FLOAT [CAST] to REAL +**
TEXT BLOB No change +**
BLOB INTEGER [CAST] to INTEGER +**
BLOB FLOAT [CAST] to REAL +**
BLOB TEXT Add a zero terminator if needed +**
+**
)^ +** +** Note that when type conversions occur, pointers returned by prior +** calls to sqlite3_column_blob(), sqlite3_column_text(), and/or +** sqlite3_column_text16() may be invalidated. +** Type conversions and pointer invalidations might occur +** in the following cases: +** +**
    +**
  • The initial content is a BLOB and sqlite3_column_text() or +** sqlite3_column_text16() is called. A zero-terminator might +** need to be added to the string.
    • +**
  • The initial content is UTF-8 text and sqlite3_column_bytes16() or +** sqlite3_column_text16() is called. The content must be converted +** to UTF-16.
    • +**
  • The initial content is UTF-16 text and sqlite3_column_bytes() or +** sqlite3_column_text() is called. The content must be converted +** to UTF-8.
    • +**
+** +** ^Conversions between UTF-16be and UTF-16le are always done in place and do +** not invalidate a prior pointer, though of course the content of the buffer +** that the prior pointer references will have been modified. Other kinds +** of conversion are done in place when it is possible, but sometimes they +** are not possible and in those cases prior pointers are invalidated. +** +** The safest policy is to invoke these routines +** in one of the following ways: +** +**
    +**
  • sqlite3_column_text() followed by sqlite3_column_bytes()
    • +**
  • sqlite3_column_blob() followed by sqlite3_column_bytes()
    • +**
  • sqlite3_column_text16() followed by sqlite3_column_bytes16()
    • +**
+** +** In other words, you should call sqlite3_column_text(), +** sqlite3_column_blob(), or sqlite3_column_text16() first to force the result +** into the desired format, then invoke sqlite3_column_bytes() or +** sqlite3_column_bytes16() to find the size of the result. Do not mix calls +** to sqlite3_column_text() or sqlite3_column_blob() with calls to +** sqlite3_column_bytes16(), and do not mix calls to sqlite3_column_text16() +** with calls to sqlite3_column_bytes(). +** +** ^The pointers returned are valid until a type conversion occurs as +** described above, or until [sqlite3_step()] or [sqlite3_reset()] or +** [sqlite3_finalize()] is called. ^The memory space used to hold strings +** and BLOBs is freed automatically. Do not pass the pointers returned +** from [sqlite3_column_blob()], [sqlite3_column_text()], etc. into +** [sqlite3_free()]. +** +** ^(If a memory allocation error occurs during the evaluation of any +** of these routines, a default value is returned. The default value +** is either the integer 0, the floating point number 0.0, or a NULL +** pointer. Subsequent calls to [sqlite3_errcode()] will return +** [SQLITE_NOMEM].)^ +*/ +SQLITE_API const void *sqlite3_column_blob(sqlite3_stmt*, int iCol); +SQLITE_API int sqlite3_column_bytes(sqlite3_stmt*, int iCol); +SQLITE_API int sqlite3_column_bytes16(sqlite3_stmt*, int iCol); +SQLITE_API double sqlite3_column_double(sqlite3_stmt*, int iCol); +SQLITE_API int sqlite3_column_int(sqlite3_stmt*, int iCol); +SQLITE_API sqlite3_int64 sqlite3_column_int64(sqlite3_stmt*, int iCol); +SQLITE_API const unsigned char *sqlite3_column_text(sqlite3_stmt*, int iCol); +SQLITE_API const void *sqlite3_column_text16(sqlite3_stmt*, int iCol); +SQLITE_API int sqlite3_column_type(sqlite3_stmt*, int iCol); +SQLITE_API sqlite3_value *sqlite3_column_value(sqlite3_stmt*, int iCol); + +/* +** CAPI3REF: Destroy A Prepared Statement Object +** DESTRUCTOR: sqlite3_stmt +** +** ^The sqlite3_finalize() function is called to delete a [prepared statement]. +** ^If the most recent evaluation of the statement encountered no errors +** or if the statement is never been evaluated, then sqlite3_finalize() returns +** SQLITE_OK. ^If the most recent evaluation of statement S failed, then +** sqlite3_finalize(S) returns the appropriate [error code] or +** [extended error code]. +** +** ^The sqlite3_finalize(S) routine can be called at any point during +** the life cycle of [prepared statement] S: +** before statement S is ever evaluated, after +** one or more calls to [sqlite3_reset()], or after any call +** to [sqlite3_step()] regardless of whether or not the statement has +** completed execution. +** +** ^Invoking sqlite3_finalize() on a NULL pointer is a harmless no-op. +** +** The application must finalize every [prepared statement] in order to avoid +** resource leaks. It is a grievous error for the application to try to use +** a prepared statement after it has been finalized. Any use of a prepared +** statement after it has been finalized can result in undefined and +** undesirable behavior such as segfaults and heap corruption. +*/ +SQLITE_API int sqlite3_finalize(sqlite3_stmt *pStmt); + +/* +** CAPI3REF: Reset A Prepared Statement Object +** METHOD: sqlite3_stmt +** +** The sqlite3_reset() function is called to reset a [prepared statement] +** object back to its initial state, ready to be re-executed. +** ^Any SQL statement variables that had values bound to them using +** the [sqlite3_bind_blob | sqlite3_bind_*() API] retain their values. +** Use [sqlite3_clear_bindings()] to reset the bindings. +** +** ^The [sqlite3_reset(S)] interface resets the [prepared statement] S +** back to the beginning of its program. +** +** ^If the most recent call to [sqlite3_step(S)] for the +** [prepared statement] S returned [SQLITE_ROW] or [SQLITE_DONE], +** or if [sqlite3_step(S)] has never before been called on S, +** then [sqlite3_reset(S)] returns [SQLITE_OK]. +** +** ^If the most recent call to [sqlite3_step(S)] for the +** [prepared statement] S indicated an error, then +** [sqlite3_reset(S)] returns an appropriate [error code]. +** +** ^The [sqlite3_reset(S)] interface does not change the values +** of any [sqlite3_bind_blob|bindings] on the [prepared statement] S. +*/ +SQLITE_API int sqlite3_reset(sqlite3_stmt *pStmt); + +/* +** CAPI3REF: Create Or Redefine SQL Functions +** KEYWORDS: {function creation routines} +** KEYWORDS: {application-defined SQL function} +** KEYWORDS: {application-defined SQL functions} +** METHOD: sqlite3 +** +** ^These functions (collectively known as "function creation routines") +** are used to add SQL functions or aggregates or to redefine the behavior +** of existing SQL functions or aggregates. The only differences between +** these routines are the text encoding expected for +** the second parameter (the name of the function being created) +** and the presence or absence of a destructor callback for +** the application data pointer. +** +** ^The first parameter is the [database connection] to which the SQL +** function is to be added. ^If an application uses more than one database +** connection then application-defined SQL functions must be added +** to each database connection separately. +** +** ^The second parameter is the name of the SQL function to be created or +** redefined. ^The length of the name is limited to 255 bytes in a UTF-8 +** representation, exclusive of the zero-terminator. ^Note that the name +** length limit is in UTF-8 bytes, not characters nor UTF-16 bytes. +** ^Any attempt to create a function with a longer name +** will result in [SQLITE_MISUSE] being returned. +** +** ^The third parameter (nArg) +** is the number of arguments that the SQL function or +** aggregate takes. ^If this parameter is -1, then the SQL function or +** aggregate may take any number of arguments between 0 and the limit +** set by [sqlite3_limit]([SQLITE_LIMIT_FUNCTION_ARG]). If the third +** parameter is less than -1 or greater than 127 then the behavior is +** undefined. +** +** ^The fourth parameter, eTextRep, specifies what +** [SQLITE_UTF8 | text encoding] this SQL function prefers for +** its parameters. The application should set this parameter to +** [SQLITE_UTF16LE] if the function implementation invokes +** [sqlite3_value_text16le()] on an input, or [SQLITE_UTF16BE] if the +** implementation invokes [sqlite3_value_text16be()] on an input, or +** [SQLITE_UTF16] if [sqlite3_value_text16()] is used, or [SQLITE_UTF8] +** otherwise. ^The same SQL function may be registered multiple times using +** different preferred text encodings, with different implementations for +** each encoding. +** ^When multiple implementations of the same function are available, SQLite +** will pick the one that involves the least amount of data conversion. +** +** ^The fourth parameter may optionally be ORed with [SQLITE_DETERMINISTIC] +** to signal that the function will always return the same result given +** the same inputs within a single SQL statement. Most SQL functions are +** deterministic. The built-in [random()] SQL function is an example of a +** function that is not deterministic. The SQLite query planner is able to +** perform additional optimizations on deterministic functions, so use +** of the [SQLITE_DETERMINISTIC] flag is recommended where possible. +** +** ^(The fifth parameter is an arbitrary pointer. The implementation of the +** function can gain access to this pointer using [sqlite3_user_data()].)^ +** +** ^The sixth, seventh and eighth parameters, xFunc, xStep and xFinal, are +** pointers to C-language functions that implement the SQL function or +** aggregate. ^A scalar SQL function requires an implementation of the xFunc +** callback only; NULL pointers must be passed as the xStep and xFinal +** parameters. ^An aggregate SQL function requires an implementation of xStep +** and xFinal and NULL pointer must be passed for xFunc. ^To delete an existing +** SQL function or aggregate, pass NULL pointers for all three function +** callbacks. +** +** ^(If the ninth parameter to sqlite3_create_function_v2() is not NULL, +** then it is destructor for the application data pointer. +** The destructor is invoked when the function is deleted, either by being +** overloaded or when the database connection closes.)^ +** ^The destructor is also invoked if the call to +** sqlite3_create_function_v2() fails. +** ^When the destructor callback of the tenth parameter is invoked, it +** is passed a single argument which is a copy of the application data +** pointer which was the fifth parameter to sqlite3_create_function_v2(). +** +** ^It is permitted to register multiple implementations of the same +** functions with the same name but with either differing numbers of +** arguments or differing preferred text encodings. ^SQLite will use +** the implementation that most closely matches the way in which the +** SQL function is used. ^A function implementation with a non-negative +** nArg parameter is a better match than a function implementation with +** a negative nArg. ^A function where the preferred text encoding +** matches the database encoding is a better +** match than a function where the encoding is different. +** ^A function where the encoding difference is between UTF16le and UTF16be +** is a closer match than a function where the encoding difference is +** between UTF8 and UTF16. +** +** ^Built-in functions may be overloaded by new application-defined functions. +** +** ^An application-defined function is permitted to call other +** SQLite interfaces. However, such calls must not +** close the database connection nor finalize or reset the prepared +** statement in which the function is running. +*/ +SQLITE_API int sqlite3_create_function( + sqlite3 *db, + const char *zFunctionName, + int nArg, + int eTextRep, + void *pApp, + void (*xFunc)(sqlite3_context*,int,sqlite3_value**), + void (*xStep)(sqlite3_context*,int,sqlite3_value**), + void (*xFinal)(sqlite3_context*) +); +SQLITE_API int sqlite3_create_function16( + sqlite3 *db, + const void *zFunctionName, + int nArg, + int eTextRep, + void *pApp, + void (*xFunc)(sqlite3_context*,int,sqlite3_value**), + void (*xStep)(sqlite3_context*,int,sqlite3_value**), + void (*xFinal)(sqlite3_context*) +); +SQLITE_API int sqlite3_create_function_v2( + sqlite3 *db, + const char *zFunctionName, + int nArg, + int eTextRep, + void *pApp, + void (*xFunc)(sqlite3_context*,int,sqlite3_value**), + void (*xStep)(sqlite3_context*,int,sqlite3_value**), + void (*xFinal)(sqlite3_context*), + void(*xDestroy)(void*) +); + +/* +** CAPI3REF: Text Encodings +** +** These constant define integer codes that represent the various +** text encodings supported by SQLite. +*/ +#define SQLITE_UTF8 1 /* IMP: R-37514-35566 */ +#define SQLITE_UTF16LE 2 /* IMP: R-03371-37637 */ +#define SQLITE_UTF16BE 3 /* IMP: R-51971-34154 */ +#define SQLITE_UTF16 4 /* Use native byte order */ +#define SQLITE_ANY 5 /* Deprecated */ +#define SQLITE_UTF16_ALIGNED 8 /* sqlite3_create_collation only */ + +/* +** CAPI3REF: Function Flags +** +** These constants may be ORed together with the +** [SQLITE_UTF8 | preferred text encoding] as the fourth argument +** to [sqlite3_create_function()], [sqlite3_create_function16()], or +** [sqlite3_create_function_v2()]. +*/ +#define SQLITE_DETERMINISTIC 0x800 + +/* +** CAPI3REF: Deprecated Functions +** DEPRECATED +** +** These functions are [deprecated]. In order to maintain +** backwards compatibility with older code, these functions continue +** to be supported. However, new applications should avoid +** the use of these functions. To encourage programmers to avoid +** these functions, we will not explain what they do. +*/ +#ifndef SQLITE_OMIT_DEPRECATED +SQLITE_API SQLITE_DEPRECATED int sqlite3_aggregate_count(sqlite3_context*); +SQLITE_API SQLITE_DEPRECATED int sqlite3_expired(sqlite3_stmt*); +SQLITE_API SQLITE_DEPRECATED int sqlite3_transfer_bindings(sqlite3_stmt*, sqlite3_stmt*); +SQLITE_API SQLITE_DEPRECATED int sqlite3_global_recover(void); +SQLITE_API SQLITE_DEPRECATED void sqlite3_thread_cleanup(void); +SQLITE_API SQLITE_DEPRECATED int sqlite3_memory_alarm(void(*)(void*,sqlite3_int64,int), + void*,sqlite3_int64); +#endif + +/* +** CAPI3REF: Obtaining SQL Values +** METHOD: sqlite3_value +** +** The C-language implementation of SQL functions and aggregates uses +** this set of interface routines to access the parameter values on +** the function or aggregate. +** +** The xFunc (for scalar functions) or xStep (for aggregates) parameters +** to [sqlite3_create_function()] and [sqlite3_create_function16()] +** define callbacks that implement the SQL functions and aggregates. +** The 3rd parameter to these callbacks is an array of pointers to +** [protected sqlite3_value] objects. There is one [sqlite3_value] object for +** each parameter to the SQL function. These routines are used to +** extract values from the [sqlite3_value] objects. +** +** These routines work only with [protected sqlite3_value] objects. +** Any attempt to use these routines on an [unprotected sqlite3_value] +** object results in undefined behavior. +** +** ^These routines work just like the corresponding [column access functions] +** except that these routines take a single [protected sqlite3_value] object +** pointer instead of a [sqlite3_stmt*] pointer and an integer column number. +** +** ^The sqlite3_value_text16() interface extracts a UTF-16 string +** in the native byte-order of the host machine. ^The +** sqlite3_value_text16be() and sqlite3_value_text16le() interfaces +** extract UTF-16 strings as big-endian and little-endian respectively. +** +** ^(The sqlite3_value_numeric_type() interface attempts to apply +** numeric affinity to the value. This means that an attempt is +** made to convert the value to an integer or floating point. If +** such a conversion is possible without loss of information (in other +** words, if the value is a string that looks like a number) +** then the conversion is performed. Otherwise no conversion occurs. +** The [SQLITE_INTEGER | datatype] after conversion is returned.)^ +** +** Please pay particular attention to the fact that the pointer returned +** from [sqlite3_value_blob()], [sqlite3_value_text()], or +** [sqlite3_value_text16()] can be invalidated by a subsequent call to +** [sqlite3_value_bytes()], [sqlite3_value_bytes16()], [sqlite3_value_text()], +** or [sqlite3_value_text16()]. +** +** These routines must be called from the same thread as +** the SQL function that supplied the [sqlite3_value*] parameters. +*/ +SQLITE_API const void *sqlite3_value_blob(sqlite3_value*); +SQLITE_API int sqlite3_value_bytes(sqlite3_value*); +SQLITE_API int sqlite3_value_bytes16(sqlite3_value*); +SQLITE_API double sqlite3_value_double(sqlite3_value*); +SQLITE_API int sqlite3_value_int(sqlite3_value*); +SQLITE_API sqlite3_int64 sqlite3_value_int64(sqlite3_value*); +SQLITE_API const unsigned char *sqlite3_value_text(sqlite3_value*); +SQLITE_API const void *sqlite3_value_text16(sqlite3_value*); +SQLITE_API const void *sqlite3_value_text16le(sqlite3_value*); +SQLITE_API const void *sqlite3_value_text16be(sqlite3_value*); +SQLITE_API int sqlite3_value_type(sqlite3_value*); +SQLITE_API int sqlite3_value_numeric_type(sqlite3_value*); + +/* +** CAPI3REF: Finding The Subtype Of SQL Values +** METHOD: sqlite3_value +** +** The sqlite3_value_subtype(V) function returns the subtype for +** an [application-defined SQL function] argument V. The subtype +** information can be used to pass a limited amount of context from +** one SQL function to another. Use the [sqlite3_result_subtype()] +** routine to set the subtype for the return value of an SQL function. +** +** SQLite makes no use of subtype itself. It merely passes the subtype +** from the result of one [application-defined SQL function] into the +** input of another. +*/ +SQLITE_API unsigned int sqlite3_value_subtype(sqlite3_value*); + +/* +** CAPI3REF: Copy And Free SQL Values +** METHOD: sqlite3_value +** +** ^The sqlite3_value_dup(V) interface makes a copy of the [sqlite3_value] +** object D and returns a pointer to that copy. ^The [sqlite3_value] returned +** is a [protected sqlite3_value] object even if the input is not. +** ^The sqlite3_value_dup(V) interface returns NULL if V is NULL or if a +** memory allocation fails. +** +** ^The sqlite3_value_free(V) interface frees an [sqlite3_value] object +** previously obtained from [sqlite3_value_dup()]. ^If V is a NULL pointer +** then sqlite3_value_free(V) is a harmless no-op. +*/ +SQLITE_API sqlite3_value *sqlite3_value_dup(const sqlite3_value*); +SQLITE_API void sqlite3_value_free(sqlite3_value*); + +/* +** CAPI3REF: Obtain Aggregate Function Context +** METHOD: sqlite3_context +** +** Implementations of aggregate SQL functions use this +** routine to allocate memory for storing their state. +** +** ^The first time the sqlite3_aggregate_context(C,N) routine is called +** for a particular aggregate function, SQLite +** allocates N of memory, zeroes out that memory, and returns a pointer +** to the new memory. ^On second and subsequent calls to +** sqlite3_aggregate_context() for the same aggregate function instance, +** the same buffer is returned. Sqlite3_aggregate_context() is normally +** called once for each invocation of the xStep callback and then one +** last time when the xFinal callback is invoked. ^(When no rows match +** an aggregate query, the xStep() callback of the aggregate function +** implementation is never called and xFinal() is called exactly once. +** In those cases, sqlite3_aggregate_context() might be called for the +** first time from within xFinal().)^ +** +** ^The sqlite3_aggregate_context(C,N) routine returns a NULL pointer +** when first called if N is less than or equal to zero or if a memory +** allocate error occurs. +** +** ^(The amount of space allocated by sqlite3_aggregate_context(C,N) is +** determined by the N parameter on first successful call. Changing the +** value of N in subsequent call to sqlite3_aggregate_context() within +** the same aggregate function instance will not resize the memory +** allocation.)^ Within the xFinal callback, it is customary to set +** N=0 in calls to sqlite3_aggregate_context(C,N) so that no +** pointless memory allocations occur. +** +** ^SQLite automatically frees the memory allocated by +** sqlite3_aggregate_context() when the aggregate query concludes. +** +** The first parameter must be a copy of the +** [sqlite3_context | SQL function context] that is the first parameter +** to the xStep or xFinal callback routine that implements the aggregate +** function. +** +** This routine must be called from the same thread in which +** the aggregate SQL function is running. +*/ +SQLITE_API void *sqlite3_aggregate_context(sqlite3_context*, int nBytes); + +/* +** CAPI3REF: User Data For Functions +** METHOD: sqlite3_context +** +** ^The sqlite3_user_data() interface returns a copy of +** the pointer that was the pUserData parameter (the 5th parameter) +** of the [sqlite3_create_function()] +** and [sqlite3_create_function16()] routines that originally +** registered the application defined function. +** +** This routine must be called from the same thread in which +** the application-defined function is running. +*/ +SQLITE_API void *sqlite3_user_data(sqlite3_context*); + +/* +** CAPI3REF: Database Connection For Functions +** METHOD: sqlite3_context +** +** ^The sqlite3_context_db_handle() interface returns a copy of +** the pointer to the [database connection] (the 1st parameter) +** of the [sqlite3_create_function()] +** and [sqlite3_create_function16()] routines that originally +** registered the application defined function. +*/ +SQLITE_API sqlite3 *sqlite3_context_db_handle(sqlite3_context*); + +/* +** CAPI3REF: Function Auxiliary Data +** METHOD: sqlite3_context +** +** These functions may be used by (non-aggregate) SQL functions to +** associate metadata with argument values. If the same value is passed to +** multiple invocations of the same SQL function during query execution, under +** some circumstances the associated metadata may be preserved. An example +** of where this might be useful is in a regular-expression matching +** function. The compiled version of the regular expression can be stored as +** metadata associated with the pattern string. +** Then as long as the pattern string remains the same, +** the compiled regular expression can be reused on multiple +** invocations of the same function. +** +** ^The sqlite3_get_auxdata() interface returns a pointer to the metadata +** associated by the sqlite3_set_auxdata() function with the Nth argument +** value to the application-defined function. ^If there is no metadata +** associated with the function argument, this sqlite3_get_auxdata() interface +** returns a NULL pointer. +** +** ^The sqlite3_set_auxdata(C,N,P,X) interface saves P as metadata for the N-th +** argument of the application-defined function. ^Subsequent +** calls to sqlite3_get_auxdata(C,N) return P from the most recent +** sqlite3_set_auxdata(C,N,P,X) call if the metadata is still valid or +** NULL if the metadata has been discarded. +** ^After each call to sqlite3_set_auxdata(C,N,P,X) where X is not NULL, +** SQLite will invoke the destructor function X with parameter P exactly +** once, when the metadata is discarded. +** SQLite is free to discard the metadata at any time, including:
    +**
  • ^(when the corresponding function parameter changes)^, or +**
  • ^(when [sqlite3_reset()] or [sqlite3_finalize()] is called for the +** SQL statement)^, or +**
  • ^(when sqlite3_set_auxdata() is invoked again on the same +** parameter)^, or +**
  • ^(during the original sqlite3_set_auxdata() call when a memory +** allocation error occurs.)^
+** +** Note the last bullet in particular. The destructor X in +** sqlite3_set_auxdata(C,N,P,X) might be called immediately, before the +** sqlite3_set_auxdata() interface even returns. Hence sqlite3_set_auxdata() +** should be called near the end of the function implementation and the +** function implementation should not make any use of P after +** sqlite3_set_auxdata() has been called. +** +** ^(In practice, metadata is preserved between function calls for +** function parameters that are compile-time constants, including literal +** values and [parameters] and expressions composed from the same.)^ +** +** These routines must be called from the same thread in which +** the SQL function is running. +*/ +SQLITE_API void *sqlite3_get_auxdata(sqlite3_context*, int N); +SQLITE_API void sqlite3_set_auxdata(sqlite3_context*, int N, void*, void (*)(void*)); + + +/* +** CAPI3REF: Constants Defining Special Destructor Behavior +** +** These are special values for the destructor that is passed in as the +** final argument to routines like [sqlite3_result_blob()]. ^If the destructor +** argument is SQLITE_STATIC, it means that the content pointer is constant +** and will never change. It does not need to be destroyed. ^The +** SQLITE_TRANSIENT value means that the content will likely change in +** the near future and that SQLite should make its own private copy of +** the content before returning. +** +** The typedef is necessary to work around problems in certain +** C++ compilers. +*/ +typedef void (*sqlite3_destructor_type)(void*); +#define SQLITE_STATIC ((sqlite3_destructor_type)0) +#define SQLITE_TRANSIENT ((sqlite3_destructor_type)-1) + +/* +** CAPI3REF: Setting The Result Of An SQL Function +** METHOD: sqlite3_context +** +** These routines are used by the xFunc or xFinal callbacks that +** implement SQL functions and aggregates. See +** [sqlite3_create_function()] and [sqlite3_create_function16()] +** for additional information. +** +** These functions work very much like the [parameter binding] family of +** functions used to bind values to host parameters in prepared statements. +** Refer to the [SQL parameter] documentation for additional information. +** +** ^The sqlite3_result_blob() interface sets the result from +** an application-defined function to be the BLOB whose content is pointed +** to by the second parameter and which is N bytes long where N is the +** third parameter. +** +** ^The sqlite3_result_zeroblob(C,N) and sqlite3_result_zeroblob64(C,N) +** interfaces set the result of the application-defined function to be +** a BLOB containing all zero bytes and N bytes in size. +** +** ^The sqlite3_result_double() interface sets the result from +** an application-defined function to be a floating point value specified +** by its 2nd argument. +** +** ^The sqlite3_result_error() and sqlite3_result_error16() functions +** cause the implemented SQL function to throw an exception. +** ^SQLite uses the string pointed to by the +** 2nd parameter of sqlite3_result_error() or sqlite3_result_error16() +** as the text of an error message. ^SQLite interprets the error +** message string from sqlite3_result_error() as UTF-8. ^SQLite +** interprets the string from sqlite3_result_error16() as UTF-16 in native +** byte order. ^If the third parameter to sqlite3_result_error() +** or sqlite3_result_error16() is negative then SQLite takes as the error +** message all text up through the first zero character. +** ^If the third parameter to sqlite3_result_error() or +** sqlite3_result_error16() is non-negative then SQLite takes that many +** bytes (not characters) from the 2nd parameter as the error message. +** ^The sqlite3_result_error() and sqlite3_result_error16() +** routines make a private copy of the error message text before +** they return. Hence, the calling function can deallocate or +** modify the text after they return without harm. +** ^The sqlite3_result_error_code() function changes the error code +** returned by SQLite as a result of an error in a function. ^By default, +** the error code is SQLITE_ERROR. ^A subsequent call to sqlite3_result_error() +** or sqlite3_result_error16() resets the error code to SQLITE_ERROR. +** +** ^The sqlite3_result_error_toobig() interface causes SQLite to throw an +** error indicating that a string or BLOB is too long to represent. +** +** ^The sqlite3_result_error_nomem() interface causes SQLite to throw an +** error indicating that a memory allocation failed. +** +** ^The sqlite3_result_int() interface sets the return value +** of the application-defined function to be the 32-bit signed integer +** value given in the 2nd argument. +** ^The sqlite3_result_int64() interface sets the return value +** of the application-defined function to be the 64-bit signed integer +** value given in the 2nd argument. +** +** ^The sqlite3_result_null() interface sets the return value +** of the application-defined function to be NULL. +** +** ^The sqlite3_result_text(), sqlite3_result_text16(), +** sqlite3_result_text16le(), and sqlite3_result_text16be() interfaces +** set the return value of the application-defined function to be +** a text string which is represented as UTF-8, UTF-16 native byte order, +** UTF-16 little endian, or UTF-16 big endian, respectively. +** ^The sqlite3_result_text64() interface sets the return value of an +** application-defined function to be a text string in an encoding +** specified by the fifth (and last) parameter, which must be one +** of [SQLITE_UTF8], [SQLITE_UTF16], [SQLITE_UTF16BE], or [SQLITE_UTF16LE]. +** ^SQLite takes the text result from the application from +** the 2nd parameter of the sqlite3_result_text* interfaces. +** ^If the 3rd parameter to the sqlite3_result_text* interfaces +** is negative, then SQLite takes result text from the 2nd parameter +** through the first zero character. +** ^If the 3rd parameter to the sqlite3_result_text* interfaces +** is non-negative, then as many bytes (not characters) of the text +** pointed to by the 2nd parameter are taken as the application-defined +** function result. If the 3rd parameter is non-negative, then it +** must be the byte offset into the string where the NUL terminator would +** appear if the string where NUL terminated. If any NUL characters occur +** in the string at a byte offset that is less than the value of the 3rd +** parameter, then the resulting string will contain embedded NULs and the +** result of expressions operating on strings with embedded NULs is undefined. +** ^If the 4th parameter to the sqlite3_result_text* interfaces +** or sqlite3_result_blob is a non-NULL pointer, then SQLite calls that +** function as the destructor on the text or BLOB result when it has +** finished using that result. +** ^If the 4th parameter to the sqlite3_result_text* interfaces or to +** sqlite3_result_blob is the special constant SQLITE_STATIC, then SQLite +** assumes that the text or BLOB result is in constant space and does not +** copy the content of the parameter nor call a destructor on the content +** when it has finished using that result. +** ^If the 4th parameter to the sqlite3_result_text* interfaces +** or sqlite3_result_blob is the special constant SQLITE_TRANSIENT +** then SQLite makes a copy of the result into space obtained from +** from [sqlite3_malloc()] before it returns. +** +** ^The sqlite3_result_value() interface sets the result of +** the application-defined function to be a copy of the +** [unprotected sqlite3_value] object specified by the 2nd parameter. ^The +** sqlite3_result_value() interface makes a copy of the [sqlite3_value] +** so that the [sqlite3_value] specified in the parameter may change or +** be deallocated after sqlite3_result_value() returns without harm. +** ^A [protected sqlite3_value] object may always be used where an +** [unprotected sqlite3_value] object is required, so either +** kind of [sqlite3_value] object can be used with this interface. +** +** If these routines are called from within the different thread +** than the one containing the application-defined function that received +** the [sqlite3_context] pointer, the results are undefined. +*/ +SQLITE_API void sqlite3_result_blob(sqlite3_context*, const void*, int, void(*)(void*)); +SQLITE_API void sqlite3_result_blob64(sqlite3_context*,const void*, + sqlite3_uint64,void(*)(void*)); +SQLITE_API void sqlite3_result_double(sqlite3_context*, double); +SQLITE_API void sqlite3_result_error(sqlite3_context*, const char*, int); +SQLITE_API void sqlite3_result_error16(sqlite3_context*, const void*, int); +SQLITE_API void sqlite3_result_error_toobig(sqlite3_context*); +SQLITE_API void sqlite3_result_error_nomem(sqlite3_context*); +SQLITE_API void sqlite3_result_error_code(sqlite3_context*, int); +SQLITE_API void sqlite3_result_int(sqlite3_context*, int); +SQLITE_API void sqlite3_result_int64(sqlite3_context*, sqlite3_int64); +SQLITE_API void sqlite3_result_null(sqlite3_context*); +SQLITE_API void sqlite3_result_text(sqlite3_context*, const char*, int, void(*)(void*)); +SQLITE_API void sqlite3_result_text64(sqlite3_context*, const char*,sqlite3_uint64, + void(*)(void*), unsigned char encoding); +SQLITE_API void sqlite3_result_text16(sqlite3_context*, const void*, int, void(*)(void*)); +SQLITE_API void sqlite3_result_text16le(sqlite3_context*, const void*, int,void(*)(void*)); +SQLITE_API void sqlite3_result_text16be(sqlite3_context*, const void*, int,void(*)(void*)); +SQLITE_API void sqlite3_result_value(sqlite3_context*, sqlite3_value*); +SQLITE_API void sqlite3_result_zeroblob(sqlite3_context*, int n); +SQLITE_API int sqlite3_result_zeroblob64(sqlite3_context*, sqlite3_uint64 n); + + +/* +** CAPI3REF: Setting The Subtype Of An SQL Function +** METHOD: sqlite3_context +** +** The sqlite3_result_subtype(C,T) function causes the subtype of +** the result from the [application-defined SQL function] with +** [sqlite3_context] C to be the value T. Only the lower 8 bits +** of the subtype T are preserved in current versions of SQLite; +** higher order bits are discarded. +** The number of subtype bytes preserved by SQLite might increase +** in future releases of SQLite. +*/ +SQLITE_API void sqlite3_result_subtype(sqlite3_context*,unsigned int); + +/* +** CAPI3REF: Define New Collating Sequences +** METHOD: sqlite3 +** +** ^These functions add, remove, or modify a [collation] associated +** with the [database connection] specified as the first argument. +** +** ^The name of the collation is a UTF-8 string +** for sqlite3_create_collation() and sqlite3_create_collation_v2() +** and a UTF-16 string in native byte order for sqlite3_create_collation16(). +** ^Collation names that compare equal according to [sqlite3_strnicmp()] are +** considered to be the same name. +** +** ^(The third argument (eTextRep) must be one of the constants: +**
    +**
  • [SQLITE_UTF8], +**
  • [SQLITE_UTF16LE], +**
  • [SQLITE_UTF16BE], +**
  • [SQLITE_UTF16], or +**
  • [SQLITE_UTF16_ALIGNED]. +**
)^ +** ^The eTextRep argument determines the encoding of strings passed +** to the collating function callback, xCallback. +** ^The [SQLITE_UTF16] and [SQLITE_UTF16_ALIGNED] values for eTextRep +** force strings to be UTF16 with native byte order. +** ^The [SQLITE_UTF16_ALIGNED] value for eTextRep forces strings to begin +** on an even byte address. +** +** ^The fourth argument, pArg, is an application data pointer that is passed +** through as the first argument to the collating function callback. +** +** ^The fifth argument, xCallback, is a pointer to the collating function. +** ^Multiple collating functions can be registered using the same name but +** with different eTextRep parameters and SQLite will use whichever +** function requires the least amount of data transformation. +** ^If the xCallback argument is NULL then the collating function is +** deleted. ^When all collating functions having the same name are deleted, +** that collation is no longer usable. +** +** ^The collating function callback is invoked with a copy of the pArg +** application data pointer and with two strings in the encoding specified +** by the eTextRep argument. The collating function must return an +** integer that is negative, zero, or positive +** if the first string is less than, equal to, or greater than the second, +** respectively. A collating function must always return the same answer +** given the same inputs. If two or more collating functions are registered +** to the same collation name (using different eTextRep values) then all +** must give an equivalent answer when invoked with equivalent strings. +** The collating function must obey the following properties for all +** strings A, B, and C: +** +**
    +**
  1. If A==B then B==A. +**
  2. If A==B and B==C then A==C. +**
  3. If A<B THEN B>A. +**
  4. If A<B and B<C then A<C. +**
+** +** If a collating function fails any of the above constraints and that +** collating function is registered and used, then the behavior of SQLite +** is undefined. +** +** ^The sqlite3_create_collation_v2() works like sqlite3_create_collation() +** with the addition that the xDestroy callback is invoked on pArg when +** the collating function is deleted. +** ^Collating functions are deleted when they are overridden by later +** calls to the collation creation functions or when the +** [database connection] is closed using [sqlite3_close()]. +** +** ^The xDestroy callback is not called if the +** sqlite3_create_collation_v2() function fails. Applications that invoke +** sqlite3_create_collation_v2() with a non-NULL xDestroy argument should +** check the return code and dispose of the application data pointer +** themselves rather than expecting SQLite to deal with it for them. +** This is different from every other SQLite interface. The inconsistency +** is unfortunate but cannot be changed without breaking backwards +** compatibility. +** +** See also: [sqlite3_collation_needed()] and [sqlite3_collation_needed16()]. +*/ +SQLITE_API int sqlite3_create_collation( + sqlite3*, + const char *zName, + int eTextRep, + void *pArg, + int(*xCompare)(void*,int,const void*,int,const void*) +); +SQLITE_API int sqlite3_create_collation_v2( + sqlite3*, + const char *zName, + int eTextRep, + void *pArg, + int(*xCompare)(void*,int,const void*,int,const void*), + void(*xDestroy)(void*) +); +SQLITE_API int sqlite3_create_collation16( + sqlite3*, + const void *zName, + int eTextRep, + void *pArg, + int(*xCompare)(void*,int,const void*,int,const void*) +); + +/* +** CAPI3REF: Collation Needed Callbacks +** METHOD: sqlite3 +** +** ^To avoid having to register all collation sequences before a database +** can be used, a single callback function may be registered with the +** [database connection] to be invoked whenever an undefined collation +** sequence is required. +** +** ^If the function is registered using the sqlite3_collation_needed() API, +** then it is passed the names of undefined collation sequences as strings +** encoded in UTF-8. ^If sqlite3_collation_needed16() is used, +** the names are passed as UTF-16 in machine native byte order. +** ^A call to either function replaces the existing collation-needed callback. +** +** ^(When the callback is invoked, the first argument passed is a copy +** of the second argument to sqlite3_collation_needed() or +** sqlite3_collation_needed16(). The second argument is the database +** connection. The third argument is one of [SQLITE_UTF8], [SQLITE_UTF16BE], +** or [SQLITE_UTF16LE], indicating the most desirable form of the collation +** sequence function required. The fourth parameter is the name of the +** required collation sequence.)^ +** +** The callback function should register the desired collation using +** [sqlite3_create_collation()], [sqlite3_create_collation16()], or +** [sqlite3_create_collation_v2()]. +*/ +SQLITE_API int sqlite3_collation_needed( + sqlite3*, + void*, + void(*)(void*,sqlite3*,int eTextRep,const char*) +); +SQLITE_API int sqlite3_collation_needed16( + sqlite3*, + void*, + void(*)(void*,sqlite3*,int eTextRep,const void*) +); + +#ifdef SQLITE_HAS_CODEC +/* +** Specify the key for an encrypted database. This routine should be +** called right after sqlite3_open(). +** +** The code to implement this API is not available in the public release +** of SQLite. +*/ +SQLITE_API int sqlite3_key( + sqlite3 *db, /* Database to be rekeyed */ + const void *pKey, int nKey /* The key */ +); +SQLITE_API int sqlite3_key_v2( + sqlite3 *db, /* Database to be rekeyed */ + const char *zDbName, /* Name of the database */ + const void *pKey, int nKey /* The key */ +); + +/* +** Change the key on an open database. If the current database is not +** encrypted, this routine will encrypt it. If pNew==0 or nNew==0, the +** database is decrypted. +** +** The code to implement this API is not available in the public release +** of SQLite. +*/ +SQLITE_API int sqlite3_rekey( + sqlite3 *db, /* Database to be rekeyed */ + const void *pKey, int nKey /* The new key */ +); +SQLITE_API int sqlite3_rekey_v2( + sqlite3 *db, /* Database to be rekeyed */ + const char *zDbName, /* Name of the database */ + const void *pKey, int nKey /* The new key */ +); + +/* +** Specify the activation key for a SEE database. Unless +** activated, none of the SEE routines will work. +*/ +SQLITE_API void sqlite3_activate_see( + const char *zPassPhrase /* Activation phrase */ +); +#endif + +#ifdef SQLITE_ENABLE_CEROD +/* +** Specify the activation key for a CEROD database. Unless +** activated, none of the CEROD routines will work. +*/ +SQLITE_API void sqlite3_activate_cerod( + const char *zPassPhrase /* Activation phrase */ +); +#endif + +/* +** CAPI3REF: Suspend Execution For A Short Time +** +** The sqlite3_sleep() function causes the current thread to suspend execution +** for at least a number of milliseconds specified in its parameter. +** +** If the operating system does not support sleep requests with +** millisecond time resolution, then the time will be rounded up to +** the nearest second. The number of milliseconds of sleep actually +** requested from the operating system is returned. +** +** ^SQLite implements this interface by calling the xSleep() +** method of the default [sqlite3_vfs] object. If the xSleep() method +** of the default VFS is not implemented correctly, or not implemented at +** all, then the behavior of sqlite3_sleep() may deviate from the description +** in the previous paragraphs. +*/ +SQLITE_API int sqlite3_sleep(int); + +/* +** CAPI3REF: Name Of The Folder Holding Temporary Files +** +** ^(If this global variable is made to point to a string which is +** the name of a folder (a.k.a. directory), then all temporary files +** created by SQLite when using a built-in [sqlite3_vfs | VFS] +** will be placed in that directory.)^ ^If this variable +** is a NULL pointer, then SQLite performs a search for an appropriate +** temporary file directory. +** +** Applications are strongly discouraged from using this global variable. +** It is required to set a temporary folder on Windows Runtime (WinRT). +** But for all other platforms, it is highly recommended that applications +** neither read nor write this variable. This global variable is a relic +** that exists for backwards compatibility of legacy applications and should +** be avoided in new projects. +** +** It is not safe to read or modify this variable in more than one +** thread at a time. It is not safe to read or modify this variable +** if a [database connection] is being used at the same time in a separate +** thread. +** It is intended that this variable be set once +** as part of process initialization and before any SQLite interface +** routines have been called and that this variable remain unchanged +** thereafter. +** +** ^The [temp_store_directory pragma] may modify this variable and cause +** it to point to memory obtained from [sqlite3_malloc]. ^Furthermore, +** the [temp_store_directory pragma] always assumes that any string +** that this variable points to is held in memory obtained from +** [sqlite3_malloc] and the pragma may attempt to free that memory +** using [sqlite3_free]. +** Hence, if this variable is modified directly, either it should be +** made NULL or made to point to memory obtained from [sqlite3_malloc] +** or else the use of the [temp_store_directory pragma] should be avoided. +** Except when requested by the [temp_store_directory pragma], SQLite +** does not free the memory that sqlite3_temp_directory points to. If +** the application wants that memory to be freed, it must do +** so itself, taking care to only do so after all [database connection] +** objects have been destroyed. +** +** Note to Windows Runtime users: The temporary directory must be set +** prior to calling [sqlite3_open] or [sqlite3_open_v2]. Otherwise, various +** features that require the use of temporary files may fail. Here is an +** example of how to do this using C++ with the Windows Runtime: +** +** 
+** LPCWSTR zPath = Windows::Storage::ApplicationData::Current->
+**       TemporaryFolder->Path->Data();
+** char zPathBuf[MAX_PATH + 1];
+** memset(zPathBuf, 0, sizeof(zPathBuf));
+** WideCharToMultiByte(CP_UTF8, 0, zPath, -1, zPathBuf, sizeof(zPathBuf),
+**       NULL, NULL);
+** sqlite3_temp_directory = sqlite3_mprintf("%s", zPathBuf);
+**
+*/ +SQLITE_API SQLITE_EXTERN char *sqlite3_temp_directory; + +/* +** CAPI3REF: Name Of The Folder Holding Database Files +** +** ^(If this global variable is made to point to a string which is +** the name of a folder (a.k.a. directory), then all database files +** specified with a relative pathname and created or accessed by +** SQLite when using a built-in windows [sqlite3_vfs | VFS] will be assumed +** to be relative to that directory.)^ ^If this variable is a NULL +** pointer, then SQLite assumes that all database files specified +** with a relative pathname are relative to the current directory +** for the process. Only the windows VFS makes use of this global +** variable; it is ignored by the unix VFS. +** +** Changing the value of this variable while a database connection is +** open can result in a corrupt database. +** +** It is not safe to read or modify this variable in more than one +** thread at a time. It is not safe to read or modify this variable +** if a [database connection] is being used at the same time in a separate +** thread. +** It is intended that this variable be set once +** as part of process initialization and before any SQLite interface +** routines have been called and that this variable remain unchanged +** thereafter. +** +** ^The [data_store_directory pragma] may modify this variable and cause +** it to point to memory obtained from [sqlite3_malloc]. ^Furthermore, +** the [data_store_directory pragma] always assumes that any string +** that this variable points to is held in memory obtained from +** [sqlite3_malloc] and the pragma may attempt to free that memory +** using [sqlite3_free]. +** Hence, if this variable is modified directly, either it should be +** made NULL or made to point to memory obtained from [sqlite3_malloc] +** or else the use of the [data_store_directory pragma] should be avoided. +*/ +SQLITE_API SQLITE_EXTERN char *sqlite3_data_directory; + +/* +** CAPI3REF: Test For Auto-Commit Mode +** KEYWORDS: {autocommit mode} +** METHOD: sqlite3 +** +** ^The sqlite3_get_autocommit() interface returns non-zero or +** zero if the given database connection is or is not in autocommit mode, +** respectively. ^Autocommit mode is on by default. +** ^Autocommit mode is disabled by a [BEGIN] statement. +** ^Autocommit mode is re-enabled by a [COMMIT] or [ROLLBACK]. +** +** If certain kinds of errors occur on a statement within a multi-statement +** transaction (errors including [SQLITE_FULL], [SQLITE_IOERR], +** [SQLITE_NOMEM], [SQLITE_BUSY], and [SQLITE_INTERRUPT]) then the +** transaction might be rolled back automatically. The only way to +** find out whether SQLite automatically rolled back the transaction after +** an error is to use this function. +** +** If another thread changes the autocommit status of the database +** connection while this routine is running, then the return value +** is undefined. +*/ +SQLITE_API int sqlite3_get_autocommit(sqlite3*); + +/* +** CAPI3REF: Find The Database Handle Of A Prepared Statement +** METHOD: sqlite3_stmt +** +** ^The sqlite3_db_handle interface returns the [database connection] handle +** to which a [prepared statement] belongs. ^The [database connection] +** returned by sqlite3_db_handle is the same [database connection] +** that was the first argument +** to the [sqlite3_prepare_v2()] call (or its variants) that was used to +** create the statement in the first place. +*/ +SQLITE_API sqlite3 *sqlite3_db_handle(sqlite3_stmt*); + +/* +** CAPI3REF: Return The Filename For A Database Connection +** METHOD: sqlite3 +** +** ^The sqlite3_db_filename(D,N) interface returns a pointer to a filename +** associated with database N of connection D. ^The main database file +** has the name "main". If there is no attached database N on the database +** connection D, or if database N is a temporary or in-memory database, then +** a NULL pointer is returned. +** +** ^The filename returned by this function is the output of the +** xFullPathname method of the [VFS]. ^In other words, the filename +** will be an absolute pathname, even if the filename used +** to open the database originally was a URI or relative pathname. +*/ +SQLITE_API const char *sqlite3_db_filename(sqlite3 *db, const char *zDbName); + +/* +** CAPI3REF: Determine if a database is read-only +** METHOD: sqlite3 +** +** ^The sqlite3_db_readonly(D,N) interface returns 1 if the database N +** of connection D is read-only, 0 if it is read/write, or -1 if N is not +** the name of a database on connection D. +*/ +SQLITE_API int sqlite3_db_readonly(sqlite3 *db, const char *zDbName); + +/* +** CAPI3REF: Find the next prepared statement +** METHOD: sqlite3 +** +** ^This interface returns a pointer to the next [prepared statement] after +** pStmt associated with the [database connection] pDb. ^If pStmt is NULL +** then this interface returns a pointer to the first prepared statement +** associated with the database connection pDb. ^If no prepared statement +** satisfies the conditions of this routine, it returns NULL. +** +** The [database connection] pointer D in a call to +** [sqlite3_next_stmt(D,S)] must refer to an open database +** connection and in particular must not be a NULL pointer. +*/ +SQLITE_API sqlite3_stmt *sqlite3_next_stmt(sqlite3 *pDb, sqlite3_stmt *pStmt); + +/* +** CAPI3REF: Commit And Rollback Notification Callbacks +** METHOD: sqlite3 +** +** ^The sqlite3_commit_hook() interface registers a callback +** function to be invoked whenever a transaction is [COMMIT | committed]. +** ^Any callback set by a previous call to sqlite3_commit_hook() +** for the same database connection is overridden. +** ^The sqlite3_rollback_hook() interface registers a callback +** function to be invoked whenever a transaction is [ROLLBACK | rolled back]. +** ^Any callback set by a previous call to sqlite3_rollback_hook() +** for the same database connection is overridden. +** ^The pArg argument is passed through to the callback. +** ^If the callback on a commit hook function returns non-zero, +** then the commit is converted into a rollback. +** +** ^The sqlite3_commit_hook(D,C,P) and sqlite3_rollback_hook(D,C,P) functions +** return the P argument from the previous call of the same function +** on the same [database connection] D, or NULL for +** the first call for each function on D. +** +** The commit and rollback hook callbacks are not reentrant. +** The callback implementation must not do anything that will modify +** the database connection that invoked the callback. Any actions +** to modify the database connection must be deferred until after the +** completion of the [sqlite3_step()] call that triggered the commit +** or rollback hook in the first place. +** Note that running any other SQL statements, including SELECT statements, +** or merely calling [sqlite3_prepare_v2()] and [sqlite3_step()] will modify +** the database connections for the meaning of "modify" in this paragraph. +** +** ^Registering a NULL function disables the callback. +** +** ^When the commit hook callback routine returns zero, the [COMMIT] +** operation is allowed to continue normally. ^If the commit hook +** returns non-zero, then the [COMMIT] is converted into a [ROLLBACK]. +** ^The rollback hook is invoked on a rollback that results from a commit +** hook returning non-zero, just as it would be with any other rollback. +** +** ^For the purposes of this API, a transaction is said to have been +** rolled back if an explicit "ROLLBACK" statement is executed, or +** an error or constraint causes an implicit rollback to occur. +** ^The rollback callback is not invoked if a transaction is +** automatically rolled back because the database connection is closed. +** +** See also the [sqlite3_update_hook()] interface. +*/ +SQLITE_API void *sqlite3_commit_hook(sqlite3*, int(*)(void*), void*); +SQLITE_API void *sqlite3_rollback_hook(sqlite3*, void(*)(void *), void*); + +/* +** CAPI3REF: Data Change Notification Callbacks +** METHOD: sqlite3 +** +** ^The sqlite3_update_hook() interface registers a callback function +** with the [database connection] identified by the first argument +** to be invoked whenever a row is updated, inserted or deleted in +** a [rowid table]. +** ^Any callback set by a previous call to this function +** for the same database connection is overridden. +** +** ^The second argument is a pointer to the function to invoke when a +** row is updated, inserted or deleted in a rowid table. +** ^The first argument to the callback is a copy of the third argument +** to sqlite3_update_hook(). +** ^The second callback argument is one of [SQLITE_INSERT], [SQLITE_DELETE], +** or [SQLITE_UPDATE], depending on the operation that caused the callback +** to be invoked. +** ^The third and fourth arguments to the callback contain pointers to the +** database and table name containing the affected row. +** ^The final callback parameter is the [rowid] of the row. +** ^In the case of an update, this is the [rowid] after the update takes place. +** +** ^(The update hook is not invoked when internal system tables are +** modified (i.e. sqlite_master and sqlite_sequence).)^ +** ^The update hook is not invoked when [WITHOUT ROWID] tables are modified. +** +** ^In the current implementation, the update hook +** is not invoked when duplication rows are deleted because of an +** [ON CONFLICT | ON CONFLICT REPLACE] clause. ^Nor is the update hook +** invoked when rows are deleted using the [truncate optimization]. +** The exceptions defined in this paragraph might change in a future +** release of SQLite. +** +** The update hook implementation must not do anything that will modify +** the database connection that invoked the update hook. Any actions +** to modify the database connection must be deferred until after the +** completion of the [sqlite3_step()] call that triggered the update hook. +** Note that [sqlite3_prepare_v2()] and [sqlite3_step()] both modify their +** database connections for the meaning of "modify" in this paragraph. +** +** ^The sqlite3_update_hook(D,C,P) function +** returns the P argument from the previous call +** on the same [database connection] D, or NULL for +** the first call on D. +** +** See also the [sqlite3_commit_hook()], [sqlite3_rollback_hook()], +** and [sqlite3_preupdate_hook()] interfaces. +*/ +SQLITE_API void *sqlite3_update_hook( + sqlite3*, + void(*)(void *,int ,char const *,char const *,sqlite3_int64), + void* +); + +/* +** CAPI3REF: Enable Or Disable Shared Pager Cache +** +** ^(This routine enables or disables the sharing of the database cache +** and schema data structures between [database connection | connections] +** to the same database. Sharing is enabled if the argument is true +** and disabled if the argument is false.)^ +** +** ^Cache sharing is enabled and disabled for an entire process. +** This is a change as of SQLite [version 3.5.0] ([dateof:3.5.0]). +** In prior versions of SQLite, +** sharing was enabled or disabled for each thread separately. +** +** ^(The cache sharing mode set by this interface effects all subsequent +** calls to [sqlite3_open()], [sqlite3_open_v2()], and [sqlite3_open16()]. +** Existing database connections continue use the sharing mode +** that was in effect at the time they were opened.)^ +** +** ^(This routine returns [SQLITE_OK] if shared cache was enabled or disabled +** successfully. An [error code] is returned otherwise.)^ +** +** ^Shared cache is disabled by default. But this might change in +** future releases of SQLite. Applications that care about shared +** cache setting should set it explicitly. +** +** Note: This method is disabled on MacOS X 10.7 and iOS version 5.0 +** and will always return SQLITE_MISUSE. On those systems, +** shared cache mode should be enabled per-database connection via +** [sqlite3_open_v2()] with [SQLITE_OPEN_SHAREDCACHE]. +** +** This interface is threadsafe on processors where writing a +** 32-bit integer is atomic. +** +** See Also: [SQLite Shared-Cache Mode] +*/ +SQLITE_API int sqlite3_enable_shared_cache(int); + +/* +** CAPI3REF: Attempt To Free Heap Memory +** +** ^The sqlite3_release_memory() interface attempts to free N bytes +** of heap memory by deallocating non-essential memory allocations +** held by the database library. Memory used to cache database +** pages to improve performance is an example of non-essential memory. +** ^sqlite3_release_memory() returns the number of bytes actually freed, +** which might be more or less than the amount requested. +** ^The sqlite3_release_memory() routine is a no-op returning zero +** if SQLite is not compiled with [SQLITE_ENABLE_MEMORY_MANAGEMENT]. +** +** See also: [sqlite3_db_release_memory()] +*/ +SQLITE_API int sqlite3_release_memory(int); + +/* +** CAPI3REF: Free Memory Used By A Database Connection +** METHOD: sqlite3 +** +** ^The sqlite3_db_release_memory(D) interface attempts to free as much heap +** memory as possible from database connection D. Unlike the +** [sqlite3_release_memory()] interface, this interface is in effect even +** when the [SQLITE_ENABLE_MEMORY_MANAGEMENT] compile-time option is +** omitted. +** +** See also: [sqlite3_release_memory()] +*/ +SQLITE_API int sqlite3_db_release_memory(sqlite3*); + +/* +** CAPI3REF: Impose A Limit On Heap Size +** +** ^The sqlite3_soft_heap_limit64() interface sets and/or queries the +** soft limit on the amount of heap memory that may be allocated by SQLite. +** ^SQLite strives to keep heap memory utilization below the soft heap +** limit by reducing the number of pages held in the page cache +** as heap memory usages approaches the limit. +** ^The soft heap limit is "soft" because even though SQLite strives to stay +** below the limit, it will exceed the limit rather than generate +** an [SQLITE_NOMEM] error. In other words, the soft heap limit +** is advisory only. +** +** ^The return value from sqlite3_soft_heap_limit64() is the size of +** the soft heap limit prior to the call, or negative in the case of an +** error. ^If the argument N is negative +** then no change is made to the soft heap limit. Hence, the current +** size of the soft heap limit can be determined by invoking +** sqlite3_soft_heap_limit64() with a negative argument. +** +** ^If the argument N is zero then the soft heap limit is disabled. +** +** ^(The soft heap limit is not enforced in the current implementation +** if one or more of following conditions are true: +** +**
    +**
  • The soft heap limit is set to zero. +**
  • Memory accounting is disabled using a combination of the +** [sqlite3_config]([SQLITE_CONFIG_MEMSTATUS],...) start-time option and +** the [SQLITE_DEFAULT_MEMSTATUS] compile-time option. +**
  • An alternative page cache implementation is specified using +** [sqlite3_config]([SQLITE_CONFIG_PCACHE2],...). +**
  • The page cache allocates from its own memory pool supplied +** by [sqlite3_config]([SQLITE_CONFIG_PAGECACHE],...) rather than +** from the heap. +**
)^ +** +** Beginning with SQLite [version 3.7.3] ([dateof:3.7.3]), +** the soft heap limit is enforced +** regardless of whether or not the [SQLITE_ENABLE_MEMORY_MANAGEMENT] +** compile-time option is invoked. With [SQLITE_ENABLE_MEMORY_MANAGEMENT], +** the soft heap limit is enforced on every memory allocation. Without +** [SQLITE_ENABLE_MEMORY_MANAGEMENT], the soft heap limit is only enforced +** when memory is allocated by the page cache. Testing suggests that because +** the page cache is the predominate memory user in SQLite, most +** applications will achieve adequate soft heap limit enforcement without +** the use of [SQLITE_ENABLE_MEMORY_MANAGEMENT]. +** +** The circumstances under which SQLite will enforce the soft heap limit may +** changes in future releases of SQLite. +*/ +SQLITE_API sqlite3_int64 sqlite3_soft_heap_limit64(sqlite3_int64 N); + +/* +** CAPI3REF: Deprecated Soft Heap Limit Interface +** DEPRECATED +** +** This is a deprecated version of the [sqlite3_soft_heap_limit64()] +** interface. This routine is provided for historical compatibility +** only. All new applications should use the +** [sqlite3_soft_heap_limit64()] interface rather than this one. +*/ +SQLITE_API SQLITE_DEPRECATED void sqlite3_soft_heap_limit(int N); + + +/* +** CAPI3REF: Extract Metadata About A Column Of A Table +** METHOD: sqlite3 +** +** ^(The sqlite3_table_column_metadata(X,D,T,C,....) routine returns +** information about column C of table T in database D +** on [database connection] X.)^ ^The sqlite3_table_column_metadata() +** interface returns SQLITE_OK and fills in the non-NULL pointers in +** the final five arguments with appropriate values if the specified +** column exists. ^The sqlite3_table_column_metadata() interface returns +** SQLITE_ERROR and if the specified column does not exist. +** ^If the column-name parameter to sqlite3_table_column_metadata() is a +** NULL pointer, then this routine simply checks for the existence of the +** table and returns SQLITE_OK if the table exists and SQLITE_ERROR if it +** does not. +** +** ^The column is identified by the second, third and fourth parameters to +** this function. ^(The second parameter is either the name of the database +** (i.e. "main", "temp", or an attached database) containing the specified +** table or NULL.)^ ^If it is NULL, then all attached databases are searched +** for the table using the same algorithm used by the database engine to +** resolve unqualified table references. +** +** ^The third and fourth parameters to this function are the table and column +** name of the desired column, respectively. +** +** ^Metadata is returned by writing to the memory locations passed as the 5th +** and subsequent parameters to this function. ^Any of these arguments may be +** NULL, in which case the corresponding element of metadata is omitted. +** +** ^(
+** +**
Parameter Output
Type 		Description +** +**
5th const char* Data type +**
6th const char* Name of default collation sequence +**
7th int True if column has a NOT NULL constraint +**
8th int True if column is part of the PRIMARY KEY +**
9th int True if column is [AUTOINCREMENT] +**
+**
)^ +** +** ^The memory pointed to by the character pointers returned for the +** declaration type and collation sequence is valid until the next +** call to any SQLite API function. +** +** ^If the specified table is actually a view, an [error code] is returned. +** +** ^If the specified column is "rowid", "oid" or "_rowid_" and the table +** is not a [WITHOUT ROWID] table and an +** [INTEGER PRIMARY KEY] column has been explicitly declared, then the output +** parameters are set for the explicitly declared column. ^(If there is no +** [INTEGER PRIMARY KEY] column, then the outputs +** for the [rowid] are set as follows: +** +** 
+**     data type: "INTEGER"
+**     collation sequence: "BINARY"
+**     not null: 0
+**     primary key: 1
+**     auto increment: 0
+**
)^ +** +** ^This function causes all database schemas to be read from disk and +** parsed, if that has not already been done, and returns an error if +** any errors are encountered while loading the schema. +*/ +SQLITE_API int sqlite3_table_column_metadata( + sqlite3 *db, /* Connection handle */ + const char *zDbName, /* Database name or NULL */ + const char *zTableName, /* Table name */ + const char *zColumnName, /* Column name */ + char const **pzDataType, /* OUTPUT: Declared data type */ + char const **pzCollSeq, /* OUTPUT: Collation sequence name */ + int *pNotNull, /* OUTPUT: True if NOT NULL constraint exists */ + int *pPrimaryKey, /* OUTPUT: True if column part of PK */ + int *pAutoinc /* OUTPUT: True if column is auto-increment */ +); + +/* +** CAPI3REF: Load An Extension +** METHOD: sqlite3 +** +** ^This interface loads an SQLite extension library from the named file. +** +** ^The sqlite3_load_extension() interface attempts to load an +** [SQLite extension] library contained in the file zFile. If +** the file cannot be loaded directly, attempts are made to load +** with various operating-system specific extensions added. +** So for example, if "samplelib" cannot be loaded, then names like +** "samplelib.so" or "samplelib.dylib" or "samplelib.dll" might +** be tried also. +** +** ^The entry point is zProc. +** ^(zProc may be 0, in which case SQLite will try to come up with an +** entry point name on its own. It first tries "sqlite3_extension_init". +** If that does not work, it constructs a name "sqlite3_X_init" where the +** X is consists of the lower-case equivalent of all ASCII alphabetic +** characters in the filename from the last "/" to the first following +** "." and omitting any initial "lib".)^ +** ^The sqlite3_load_extension() interface returns +** [SQLITE_OK] on success and [SQLITE_ERROR] if something goes wrong. +** ^If an error occurs and pzErrMsg is not 0, then the +** [sqlite3_load_extension()] interface shall attempt to +** fill *pzErrMsg with error message text stored in memory +** obtained from [sqlite3_malloc()]. The calling function +** should free this memory by calling [sqlite3_free()]. +** +** ^Extension loading must be enabled using +** [sqlite3_enable_load_extension()] or +** [sqlite3_db_config](db,[SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION],1,NULL) +** prior to calling this API, +** otherwise an error will be returned. +** +** Security warning: It is recommended that the +** [SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION] method be used to enable only this +** interface. The use of the [sqlite3_enable_load_extension()] interface +** should be avoided. This will keep the SQL function [load_extension()] +** disabled and prevent SQL injections from giving attackers +** access to extension loading capabilities. +** +** See also the [load_extension() SQL function]. +*/ +SQLITE_API int sqlite3_load_extension( + sqlite3 *db, /* Load the extension into this database connection */ + const char *zFile, /* Name of the shared library containing extension */ + const char *zProc, /* Entry point. Derived from zFile if 0 */ + char **pzErrMsg /* Put error message here if not 0 */ +); + +/* +** CAPI3REF: Enable Or Disable Extension Loading +** METHOD: sqlite3 +** +** ^So as not to open security holes in older applications that are +** unprepared to deal with [extension loading], and as a means of disabling +** [extension loading] while evaluating user-entered SQL, the following API +** is provided to turn the [sqlite3_load_extension()] mechanism on and off. +** +** ^Extension loading is off by default. +** ^Call the sqlite3_enable_load_extension() routine with onoff==1 +** to turn extension loading on and call it with onoff==0 to turn +** it back off again. +** +** ^This interface enables or disables both the C-API +** [sqlite3_load_extension()] and the SQL function [load_extension()]. +** ^(Use [sqlite3_db_config](db,[SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION],..) +** to enable or disable only the C-API.)^ +** +** Security warning: It is recommended that extension loading +** be disabled using the [SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION] method +** rather than this interface, so the [load_extension()] SQL function +** remains disabled. This will prevent SQL injections from giving attackers +** access to extension loading capabilities. +*/ +SQLITE_API int sqlite3_enable_load_extension(sqlite3 *db, int onoff); + +/* +** CAPI3REF: Automatically Load Statically Linked Extensions +** +** ^This interface causes the xEntryPoint() function to be invoked for +** each new [database connection] that is created. The idea here is that +** xEntryPoint() is the entry point for a statically linked [SQLite extension] +** that is to be automatically loaded into all new database connections. +** +** ^(Even though the function prototype shows that xEntryPoint() takes +** no arguments and returns void, SQLite invokes xEntryPoint() with three +** arguments and expects an integer result as if the signature of the +** entry point where as follows: +** +** 
+**    int xEntryPoint(
+**      sqlite3 *db,
+**      const char **pzErrMsg,
+**      const struct sqlite3_api_routines *pThunk
+**    );
+**
)^ +** +** If the xEntryPoint routine encounters an error, it should make *pzErrMsg +** point to an appropriate error message (obtained from [sqlite3_mprintf()]) +** and return an appropriate [error code]. ^SQLite ensures that *pzErrMsg +** is NULL before calling the xEntryPoint(). ^SQLite will invoke +** [sqlite3_free()] on *pzErrMsg after xEntryPoint() returns. ^If any +** xEntryPoint() returns an error, the [sqlite3_open()], [sqlite3_open16()], +** or [sqlite3_open_v2()] call that provoked the xEntryPoint() will fail. +** +** ^Calling sqlite3_auto_extension(X) with an entry point X that is already +** on the list of automatic extensions is a harmless no-op. ^No entry point +** will be called more than once for each database connection that is opened. +** +** See also: [sqlite3_reset_auto_extension()] +** and [sqlite3_cancel_auto_extension()] +*/ +SQLITE_API int sqlite3_auto_extension(void(*xEntryPoint)(void)); + +/* +** CAPI3REF: Cancel Automatic Extension Loading +** +** ^The [sqlite3_cancel_auto_extension(X)] interface unregisters the +** initialization routine X that was registered using a prior call to +** [sqlite3_auto_extension(X)]. ^The [sqlite3_cancel_auto_extension(X)] +** routine returns 1 if initialization routine X was successfully +** unregistered and it returns 0 if X was not on the list of initialization +** routines. +*/ +SQLITE_API int sqlite3_cancel_auto_extension(void(*xEntryPoint)(void)); + +/* +** CAPI3REF: Reset Automatic Extension Loading +** +** ^This interface disables all automatic extensions previously +** registered using [sqlite3_auto_extension()]. +*/ +SQLITE_API void sqlite3_reset_auto_extension(void); + +/* +** The interface to the virtual-table mechanism is currently considered +** to be experimental. The interface might change in incompatible ways. +** If this is a problem for you, do not use the interface at this time. +** +** When the virtual-table mechanism stabilizes, we will declare the +** interface fixed, support it indefinitely, and remove this comment. +*/ + +/* +** Structures used by the virtual table interface +*/ +typedef struct sqlite3_vtab sqlite3_vtab; +typedef struct sqlite3_index_info sqlite3_index_info; +typedef struct sqlite3_vtab_cursor sqlite3_vtab_cursor; +typedef struct sqlite3_module sqlite3_module; + +/* +** CAPI3REF: Virtual Table Object +** KEYWORDS: sqlite3_module {virtual table module} +** +** This structure, sometimes called a "virtual table module", +** defines the implementation of a [virtual tables]. +** This structure consists mostly of methods for the module. +** +** ^A virtual table module is created by filling in a persistent +** instance of this structure and passing a pointer to that instance +** to [sqlite3_create_module()] or [sqlite3_create_module_v2()]. +** ^The registration remains valid until it is replaced by a different +** module or until the [database connection] closes. The content +** of this structure must not change while it is registered with +** any database connection. +*/ +struct sqlite3_module { + int iVersion; + int (*xCreate)(sqlite3*, void *pAux, + int argc, const char *const*argv, + sqlite3_vtab **ppVTab, char**); + int (*xConnect)(sqlite3*, void *pAux, + int argc, const char *const*argv, + sqlite3_vtab **ppVTab, char**); + int (*xBestIndex)(sqlite3_vtab *pVTab, sqlite3_index_info*); + int (*xDisconnect)(sqlite3_vtab *pVTab); + int (*xDestroy)(sqlite3_vtab *pVTab); + int (*xOpen)(sqlite3_vtab *pVTab, sqlite3_vtab_cursor **ppCursor); + int (*xClose)(sqlite3_vtab_cursor*); + int (*xFilter)(sqlite3_vtab_cursor*, int idxNum, const char *idxStr, + int argc, sqlite3_value **argv); + int (*xNext)(sqlite3_vtab_cursor*); + int (*xEof)(sqlite3_vtab_cursor*); + int (*xColumn)(sqlite3_vtab_cursor*, sqlite3_context*, int); + int (*xRowid)(sqlite3_vtab_cursor*, sqlite3_int64 *pRowid); + int (*xUpdate)(sqlite3_vtab *, int, sqlite3_value **, sqlite3_int64 *); + int (*xBegin)(sqlite3_vtab *pVTab); + int (*xSync)(sqlite3_vtab *pVTab); + int (*xCommit)(sqlite3_vtab *pVTab); + int (*xRollback)(sqlite3_vtab *pVTab); + int (*xFindFunction)(sqlite3_vtab *pVtab, int nArg, const char *zName, + void (**pxFunc)(sqlite3_context*,int,sqlite3_value**), + void **ppArg); + int (*xRename)(sqlite3_vtab *pVtab, const char *zNew); + /* The methods above are in version 1 of the sqlite_module object. Those + ** below are for version 2 and greater. */ + int (*xSavepoint)(sqlite3_vtab *pVTab, int); + int (*xRelease)(sqlite3_vtab *pVTab, int); + int (*xRollbackTo)(sqlite3_vtab *pVTab, int); +}; + +/* +** CAPI3REF: Virtual Table Indexing Information +** KEYWORDS: sqlite3_index_info +** +** The sqlite3_index_info structure and its substructures is used as part +** of the [virtual table] interface to +** pass information into and receive the reply from the [xBestIndex] +** method of a [virtual table module]. The fields under **Inputs** are the +** inputs to xBestIndex and are read-only. xBestIndex inserts its +** results into the **Outputs** fields. +** +** ^(The aConstraint[] array records WHERE clause constraints of the form: +** +**
column OP expr
+** +** where OP is =, <, <=, >, or >=.)^ ^(The particular operator is +** stored in aConstraint[].op using one of the +** [SQLITE_INDEX_CONSTRAINT_EQ | SQLITE_INDEX_CONSTRAINT_ values].)^ +** ^(The index of the column is stored in +** aConstraint[].iColumn.)^ ^(aConstraint[].usable is TRUE if the +** expr on the right-hand side can be evaluated (and thus the constraint +** is usable) and false if it cannot.)^ +** +** ^The optimizer automatically inverts terms of the form "expr OP column" +** and makes other simplifications to the WHERE clause in an attempt to +** get as many WHERE clause terms into the form shown above as possible. +** ^The aConstraint[] array only reports WHERE clause terms that are +** relevant to the particular virtual table being queried. +** +** ^Information about the ORDER BY clause is stored in aOrderBy[]. +** ^Each term of aOrderBy records a column of the ORDER BY clause. +** +** The colUsed field indicates which columns of the virtual table may be +** required by the current scan. Virtual table columns are numbered from +** zero in the order in which they appear within the CREATE TABLE statement +** passed to sqlite3_declare_vtab(). For the first 63 columns (columns 0-62), +** the corresponding bit is set within the colUsed mask if the column may be +** required by SQLite. If the table has at least 64 columns and any column +** to the right of the first 63 is required, then bit 63 of colUsed is also +** set. In other words, column iCol may be required if the expression +** (colUsed & ((sqlite3_uint64)1 << (iCol>=63 ? 63 : iCol))) evaluates to +** non-zero. +** +** The [xBestIndex] method must fill aConstraintUsage[] with information +** about what parameters to pass to xFilter. ^If argvIndex>0 then +** the right-hand side of the corresponding aConstraint[] is evaluated +** and becomes the argvIndex-th entry in argv. ^(If aConstraintUsage[].omit +** is true, then the constraint is assumed to be fully handled by the +** virtual table and is not checked again by SQLite.)^ +** +** ^The idxNum and idxPtr values are recorded and passed into the +** [xFilter] method. +** ^[sqlite3_free()] is used to free idxPtr if and only if +** needToFreeIdxPtr is true. +** +** ^The orderByConsumed means that output from [xFilter]/[xNext] will occur in +** the correct order to satisfy the ORDER BY clause so that no separate +** sorting step is required. +** +** ^The estimatedCost value is an estimate of the cost of a particular +** strategy. A cost of N indicates that the cost of the strategy is similar +** to a linear scan of an SQLite table with N rows. A cost of log(N) +** indicates that the expense of the operation is similar to that of a +** binary search on a unique indexed field of an SQLite table with N rows. +** +** ^The estimatedRows value is an estimate of the number of rows that +** will be returned by the strategy. +** +** The xBestIndex method may optionally populate the idxFlags field with a +** mask of SQLITE_INDEX_SCAN_* flags. Currently there is only one such flag - +** SQLITE_INDEX_SCAN_UNIQUE. If the xBestIndex method sets this flag, SQLite +** assumes that the strategy may visit at most one row. +** +** Additionally, if xBestIndex sets the SQLITE_INDEX_SCAN_UNIQUE flag, then +** SQLite also assumes that if a call to the xUpdate() method is made as +** part of the same statement to delete or update a virtual table row and the +** implementation returns SQLITE_CONSTRAINT, then there is no need to rollback +** any database changes. In other words, if the xUpdate() returns +** SQLITE_CONSTRAINT, the database contents must be exactly as they were +** before xUpdate was called. By contrast, if SQLITE_INDEX_SCAN_UNIQUE is not +** set and xUpdate returns SQLITE_CONSTRAINT, any database changes made by +** the xUpdate method are automatically rolled back by SQLite. +** +** IMPORTANT: The estimatedRows field was added to the sqlite3_index_info +** structure for SQLite [version 3.8.2] ([dateof:3.8.2]). +** If a virtual table extension is +** used with an SQLite version earlier than 3.8.2, the results of attempting +** to read or write the estimatedRows field are undefined (but are likely +** to included crashing the application). The estimatedRows field should +** therefore only be used if [sqlite3_libversion_number()] returns a +** value greater than or equal to 3008002. Similarly, the idxFlags field +** was added for [version 3.9.0] ([dateof:3.9.0]). +** It may therefore only be used if +** sqlite3_libversion_number() returns a value greater than or equal to +** 3009000. +*/ +struct sqlite3_index_info { + /* Inputs */ + int nConstraint; /* Number of entries in aConstraint */ + struct sqlite3_index_constraint { + int iColumn; /* Column constrained. -1 for ROWID */ + unsigned char op; /* Constraint operator */ + unsigned char usable; /* True if this constraint is usable */ + int iTermOffset; /* Used internally - xBestIndex should ignore */ + } *aConstraint; /* Table of WHERE clause constraints */ + int nOrderBy; /* Number of terms in the ORDER BY clause */ + struct sqlite3_index_orderby { + int iColumn; /* Column number */ + unsigned char desc; /* True for DESC. False for ASC. */ + } *aOrderBy; /* The ORDER BY clause */ + /* Outputs */ + struct sqlite3_index_constraint_usage { + int argvIndex; /* if >0, constraint is part of argv to xFilter */ + unsigned char omit; /* Do not code a test for this constraint */ + } *aConstraintUsage; + int idxNum; /* Number used to identify the index */ + char *idxStr; /* String, possibly obtained from sqlite3_malloc */ + int needToFreeIdxStr; /* Free idxStr using sqlite3_free() if true */ + int orderByConsumed; /* True if output is already ordered */ + double estimatedCost; /* Estimated cost of using this index */ + /* Fields below are only available in SQLite 3.8.2 and later */ + sqlite3_int64 estimatedRows; /* Estimated number of rows returned */ + /* Fields below are only available in SQLite 3.9.0 and later */ + int idxFlags; /* Mask of SQLITE_INDEX_SCAN_* flags */ + /* Fields below are only available in SQLite 3.10.0 and later */ + sqlite3_uint64 colUsed; /* Input: Mask of columns used by statement */ +}; + +/* +** CAPI3REF: Virtual Table Scan Flags +*/ +#define SQLITE_INDEX_SCAN_UNIQUE 1 /* Scan visits at most 1 row */ + +/* +** CAPI3REF: Virtual Table Constraint Operator Codes +** +** These macros defined the allowed values for the +** [sqlite3_index_info].aConstraint[].op field. Each value represents +** an operator that is part of a constraint term in the wHERE clause of +** a query that uses a [virtual table]. +*/ +#define SQLITE_INDEX_CONSTRAINT_EQ 2 +#define SQLITE_INDEX_CONSTRAINT_GT 4 +#define SQLITE_INDEX_CONSTRAINT_LE 8 +#define SQLITE_INDEX_CONSTRAINT_LT 16 +#define SQLITE_INDEX_CONSTRAINT_GE 32 +#define SQLITE_INDEX_CONSTRAINT_MATCH 64 +#define SQLITE_INDEX_CONSTRAINT_LIKE 65 +#define SQLITE_INDEX_CONSTRAINT_GLOB 66 +#define SQLITE_INDEX_CONSTRAINT_REGEXP 67 + +/* +** CAPI3REF: Register A Virtual Table Implementation +** METHOD: sqlite3 +** +** ^These routines are used to register a new [virtual table module] name. +** ^Module names must be registered before +** creating a new [virtual table] using the module and before using a +** preexisting [virtual table] for the module. +** +** ^The module name is registered on the [database connection] specified +** by the first parameter. ^The name of the module is given by the +** second parameter. ^The third parameter is a pointer to +** the implementation of the [virtual table module]. ^The fourth +** parameter is an arbitrary client data pointer that is passed through +** into the [xCreate] and [xConnect] methods of the virtual table module +** when a new virtual table is be being created or reinitialized. +** +** ^The sqlite3_create_module_v2() interface has a fifth parameter which +** is a pointer to a destructor for the pClientData. ^SQLite will +** invoke the destructor function (if it is not NULL) when SQLite +** no longer needs the pClientData pointer. ^The destructor will also +** be invoked if the call to sqlite3_create_module_v2() fails. +** ^The sqlite3_create_module() +** interface is equivalent to sqlite3_create_module_v2() with a NULL +** destructor. +*/ +SQLITE_API int sqlite3_create_module( + sqlite3 *db, /* SQLite connection to register module with */ + const char *zName, /* Name of the module */ + const sqlite3_module *p, /* Methods for the module */ + void *pClientData /* Client data for xCreate/xConnect */ +); +SQLITE_API int sqlite3_create_module_v2( + sqlite3 *db, /* SQLite connection to register module with */ + const char *zName, /* Name of the module */ + const sqlite3_module *p, /* Methods for the module */ + void *pClientData, /* Client data for xCreate/xConnect */ + void(*xDestroy)(void*) /* Module destructor function */ +); + +/* +** CAPI3REF: Virtual Table Instance Object +** KEYWORDS: sqlite3_vtab +** +** Every [virtual table module] implementation uses a subclass +** of this object to describe a particular instance +** of the [virtual table]. Each subclass will +** be tailored to the specific needs of the module implementation. +** The purpose of this superclass is to define certain fields that are +** common to all module implementations. +** +** ^Virtual tables methods can set an error message by assigning a +** string obtained from [sqlite3_mprintf()] to zErrMsg. The method should +** take care that any prior string is freed by a call to [sqlite3_free()] +** prior to assigning a new string to zErrMsg. ^After the error message +** is delivered up to the client application, the string will be automatically +** freed by sqlite3_free() and the zErrMsg field will be zeroed. +*/ +struct sqlite3_vtab { + const sqlite3_module *pModule; /* The module for this virtual table */ + int nRef; /* Number of open cursors */ + char *zErrMsg; /* Error message from sqlite3_mprintf() */ + /* Virtual table implementations will typically add additional fields */ +}; + +/* +** CAPI3REF: Virtual Table Cursor Object +** KEYWORDS: sqlite3_vtab_cursor {virtual table cursor} +** +** Every [virtual table module] implementation uses a subclass of the +** following structure to describe cursors that point into the +** [virtual table] and are used +** to loop through the virtual table. Cursors are created using the +** [sqlite3_module.xOpen | xOpen] method of the module and are destroyed +** by the [sqlite3_module.xClose | xClose] method. Cursors are used +** by the [xFilter], [xNext], [xEof], [xColumn], and [xRowid] methods +** of the module. Each module implementation will define +** the content of a cursor structure to suit its own needs. +** +** This superclass exists in order to define fields of the cursor that +** are common to all implementations. +*/ +struct sqlite3_vtab_cursor { + sqlite3_vtab *pVtab; /* Virtual table of this cursor */ + /* Virtual table implementations will typically add additional fields */ +}; + +/* +** CAPI3REF: Declare The Schema Of A Virtual Table +** +** ^The [xCreate] and [xConnect] methods of a +** [virtual table module] call this interface +** to declare the format (the names and datatypes of the columns) of +** the virtual tables they implement. +*/ +SQLITE_API int sqlite3_declare_vtab(sqlite3*, const char *zSQL); + +/* +** CAPI3REF: Overload A Function For A Virtual Table +** METHOD: sqlite3 +** +** ^(Virtual tables can provide alternative implementations of functions +** using the [xFindFunction] method of the [virtual table module]. +** But global versions of those functions +** must exist in order to be overloaded.)^ +** +** ^(This API makes sure a global version of a function with a particular +** name and number of parameters exists. If no such function exists +** before this API is called, a new function is created.)^ ^The implementation +** of the new function always causes an exception to be thrown. So +** the new function is not good for anything by itself. Its only +** purpose is to be a placeholder function that can be overloaded +** by a [virtual table]. +*/ +SQLITE_API int sqlite3_overload_function(sqlite3*, const char *zFuncName, int nArg); + +/* +** The interface to the virtual-table mechanism defined above (back up +** to a comment remarkably similar to this one) is currently considered +** to be experimental. The interface might change in incompatible ways. +** If this is a problem for you, do not use the interface at this time. +** +** When the virtual-table mechanism stabilizes, we will declare the +** interface fixed, support it indefinitely, and remove this comment. +*/ + +/* +** CAPI3REF: A Handle To An Open BLOB +** KEYWORDS: {BLOB handle} {BLOB handles} +** +** An instance of this object represents an open BLOB on which +** [sqlite3_blob_open | incremental BLOB I/O] can be performed. +** ^Objects of this type are created by [sqlite3_blob_open()] +** and destroyed by [sqlite3_blob_close()]. +** ^The [sqlite3_blob_read()] and [sqlite3_blob_write()] interfaces +** can be used to read or write small subsections of the BLOB. +** ^The [sqlite3_blob_bytes()] interface returns the size of the BLOB in bytes. +*/ +typedef struct sqlite3_blob sqlite3_blob; + +/* +** CAPI3REF: Open A BLOB For Incremental I/O +** METHOD: sqlite3 +** CONSTRUCTOR: sqlite3_blob +** +** ^(This interfaces opens a [BLOB handle | handle] to the BLOB located +** in row iRow, column zColumn, table zTable in database zDb; +** in other words, the same BLOB that would be selected by: +** +** 
+**     SELECT zColumn FROM zDb.zTable WHERE [rowid] = iRow;
+**
)^ +** +** ^(Parameter zDb is not the filename that contains the database, but +** rather the symbolic name of the database. For attached databases, this is +** the name that appears after the AS keyword in the [ATTACH] statement. +** For the main database file, the database name is "main". For TEMP +** tables, the database name is "temp".)^ +** +** ^If the flags parameter is non-zero, then the BLOB is opened for read +** and write access. ^If the flags parameter is zero, the BLOB is opened for +** read-only access. +** +** ^(On success, [SQLITE_OK] is returned and the new [BLOB handle] is stored +** in *ppBlob. Otherwise an [error code] is returned and, unless the error +** code is SQLITE_MISUSE, *ppBlob is set to NULL.)^ ^This means that, provided +** the API is not misused, it is always safe to call [sqlite3_blob_close()] +** on *ppBlob after this function it returns. +** +** This function fails with SQLITE_ERROR if any of the following are true: +**
    +**
  • ^(Database zDb does not exist)^, +**
  • ^(Table zTable does not exist within database zDb)^, +**
  • ^(Table zTable is a WITHOUT ROWID table)^, +**
  • ^(Column zColumn does not exist)^, +**
  • ^(Row iRow is not present in the table)^, +**
  • ^(The specified column of row iRow contains a value that is not +** a TEXT or BLOB value)^, +**
  • ^(Column zColumn is part of an index, PRIMARY KEY or UNIQUE +** constraint and the blob is being opened for read/write access)^, +**
  • ^([foreign key constraints | Foreign key constraints] are enabled, +** column zColumn is part of a [child key] definition and the blob is +** being opened for read/write access)^. +**
+** +** ^Unless it returns SQLITE_MISUSE, this function sets the +** [database connection] error code and message accessible via +** [sqlite3_errcode()] and [sqlite3_errmsg()] and related functions. +** +** +** ^(If the row that a BLOB handle points to is modified by an +** [UPDATE], [DELETE], or by [ON CONFLICT] side-effects +** then the BLOB handle is marked as "expired". +** This is true if any column of the row is changed, even a column +** other than the one the BLOB handle is open on.)^ +** ^Calls to [sqlite3_blob_read()] and [sqlite3_blob_write()] for +** an expired BLOB handle fail with a return code of [SQLITE_ABORT]. +** ^(Changes written into a BLOB prior to the BLOB expiring are not +** rolled back by the expiration of the BLOB. Such changes will eventually +** commit if the transaction continues to completion.)^ +** +** ^Use the [sqlite3_blob_bytes()] interface to determine the size of +** the opened blob. ^The size of a blob may not be changed by this +** interface. Use the [UPDATE] SQL command to change the size of a +** blob. +** +** ^The [sqlite3_bind_zeroblob()] and [sqlite3_result_zeroblob()] interfaces +** and the built-in [zeroblob] SQL function may be used to create a +** zero-filled blob to read or write using the incremental-blob interface. +** +** To avoid a resource leak, every open [BLOB handle] should eventually +** be released by a call to [sqlite3_blob_close()]. +*/ +SQLITE_API int sqlite3_blob_open( + sqlite3*, + const char *zDb, + const char *zTable, + const char *zColumn, + sqlite3_int64 iRow, + int flags, + sqlite3_blob **ppBlob +); + +/* +** CAPI3REF: Move a BLOB Handle to a New Row +** METHOD: sqlite3_blob +** +** ^This function is used to move an existing blob handle so that it points +** to a different row of the same database table. ^The new row is identified +** by the rowid value passed as the second argument. Only the row can be +** changed. ^The database, table and column on which the blob handle is open +** remain the same. Moving an existing blob handle to a new row can be +** faster than closing the existing handle and opening a new one. +** +** ^(The new row must meet the same criteria as for [sqlite3_blob_open()] - +** it must exist and there must be either a blob or text value stored in +** the nominated column.)^ ^If the new row is not present in the table, or if +** it does not contain a blob or text value, or if another error occurs, an +** SQLite error code is returned and the blob handle is considered aborted. +** ^All subsequent calls to [sqlite3_blob_read()], [sqlite3_blob_write()] or +** [sqlite3_blob_reopen()] on an aborted blob handle immediately return +** SQLITE_ABORT. ^Calling [sqlite3_blob_bytes()] on an aborted blob handle +** always returns zero. +** +** ^This function sets the database handle error code and message. +*/ +SQLITE_API int sqlite3_blob_reopen(sqlite3_blob *, sqlite3_int64); + +/* +** CAPI3REF: Close A BLOB Handle +** DESTRUCTOR: sqlite3_blob +** +** ^This function closes an open [BLOB handle]. ^(The BLOB handle is closed +** unconditionally. Even if this routine returns an error code, the +** handle is still closed.)^ +** +** ^If the blob handle being closed was opened for read-write access, and if +** the database is in auto-commit mode and there are no other open read-write +** blob handles or active write statements, the current transaction is +** committed. ^If an error occurs while committing the transaction, an error +** code is returned and the transaction rolled back. +** +** Calling this function with an argument that is not a NULL pointer or an +** open blob handle results in undefined behaviour. ^Calling this routine +** with a null pointer (such as would be returned by a failed call to +** [sqlite3_blob_open()]) is a harmless no-op. ^Otherwise, if this function +** is passed a valid open blob handle, the values returned by the +** sqlite3_errcode() and sqlite3_errmsg() functions are set before returning. +*/ +SQLITE_API int sqlite3_blob_close(sqlite3_blob *); + +/* +** CAPI3REF: Return The Size Of An Open BLOB +** METHOD: sqlite3_blob +** +** ^Returns the size in bytes of the BLOB accessible via the +** successfully opened [BLOB handle] in its only argument. ^The +** incremental blob I/O routines can only read or overwriting existing +** blob content; they cannot change the size of a blob. +** +** This routine only works on a [BLOB handle] which has been created +** by a prior successful call to [sqlite3_blob_open()] and which has not +** been closed by [sqlite3_blob_close()]. Passing any other pointer in +** to this routine results in undefined and probably undesirable behavior. +*/ +SQLITE_API int sqlite3_blob_bytes(sqlite3_blob *); + +/* +** CAPI3REF: Read Data From A BLOB Incrementally +** METHOD: sqlite3_blob +** +** ^(This function is used to read data from an open [BLOB handle] into a +** caller-supplied buffer. N bytes of data are copied into buffer Z +** from the open BLOB, starting at offset iOffset.)^ +** +** ^If offset iOffset is less than N bytes from the end of the BLOB, +** [SQLITE_ERROR] is returned and no data is read. ^If N or iOffset is +** less than zero, [SQLITE_ERROR] is returned and no data is read. +** ^The size of the blob (and hence the maximum value of N+iOffset) +** can be determined using the [sqlite3_blob_bytes()] interface. +** +** ^An attempt to read from an expired [BLOB handle] fails with an +** error code of [SQLITE_ABORT]. +** +** ^(On success, sqlite3_blob_read() returns SQLITE_OK. +** Otherwise, an [error code] or an [extended error code] is returned.)^ +** +** This routine only works on a [BLOB handle] which has been created +** by a prior successful call to [sqlite3_blob_open()] and which has not +** been closed by [sqlite3_blob_close()]. Passing any other pointer in +** to this routine results in undefined and probably undesirable behavior. +** +** See also: [sqlite3_blob_write()]. +*/ +SQLITE_API int sqlite3_blob_read(sqlite3_blob *, void *Z, int N, int iOffset); + +/* +** CAPI3REF: Write Data Into A BLOB Incrementally +** METHOD: sqlite3_blob +** +** ^(This function is used to write data into an open [BLOB handle] from a +** caller-supplied buffer. N bytes of data are copied from the buffer Z +** into the open BLOB, starting at offset iOffset.)^ +** +** ^(On success, sqlite3_blob_write() returns SQLITE_OK. +** Otherwise, an [error code] or an [extended error code] is returned.)^ +** ^Unless SQLITE_MISUSE is returned, this function sets the +** [database connection] error code and message accessible via +** [sqlite3_errcode()] and [sqlite3_errmsg()] and related functions. +** +** ^If the [BLOB handle] passed as the first argument was not opened for +** writing (the flags parameter to [sqlite3_blob_open()] was zero), +** this function returns [SQLITE_READONLY]. +** +** This function may only modify the contents of the BLOB; it is +** not possible to increase the size of a BLOB using this API. +** ^If offset iOffset is less than N bytes from the end of the BLOB, +** [SQLITE_ERROR] is returned and no data is written. The size of the +** BLOB (and hence the maximum value of N+iOffset) can be determined +** using the [sqlite3_blob_bytes()] interface. ^If N or iOffset are less +** than zero [SQLITE_ERROR] is returned and no data is written. +** +** ^An attempt to write to an expired [BLOB handle] fails with an +** error code of [SQLITE_ABORT]. ^Writes to the BLOB that occurred +** before the [BLOB handle] expired are not rolled back by the +** expiration of the handle, though of course those changes might +** have been overwritten by the statement that expired the BLOB handle +** or by other independent statements. +** +** This routine only works on a [BLOB handle] which has been created +** by a prior successful call to [sqlite3_blob_open()] and which has not +** been closed by [sqlite3_blob_close()]. Passing any other pointer in +** to this routine results in undefined and probably undesirable behavior. +** +** See also: [sqlite3_blob_read()]. +*/ +SQLITE_API int sqlite3_blob_write(sqlite3_blob *, const void *z, int n, int iOffset); + +/* +** CAPI3REF: Virtual File System Objects +** +** A virtual filesystem (VFS) is an [sqlite3_vfs] object +** that SQLite uses to interact +** with the underlying operating system. Most SQLite builds come with a +** single default VFS that is appropriate for the host computer. +** New VFSes can be registered and existing VFSes can be unregistered. +** The following interfaces are provided. +** +** ^The sqlite3_vfs_find() interface returns a pointer to a VFS given its name. +** ^Names are case sensitive. +** ^Names are zero-terminated UTF-8 strings. +** ^If there is no match, a NULL pointer is returned. +** ^If zVfsName is NULL then the default VFS is returned. +** +** ^New VFSes are registered with sqlite3_vfs_register(). +** ^Each new VFS becomes the default VFS if the makeDflt flag is set. +** ^The same VFS can be registered multiple times without injury. +** ^To make an existing VFS into the default VFS, register it again +** with the makeDflt flag set. If two different VFSes with the +** same name are registered, the behavior is undefined. If a +** VFS is registered with a name that is NULL or an empty string, +** then the behavior is undefined. +** +** ^Unregister a VFS with the sqlite3_vfs_unregister() interface. +** ^(If the default VFS is unregistered, another VFS is chosen as +** the default. The choice for the new VFS is arbitrary.)^ +*/ +SQLITE_API sqlite3_vfs *sqlite3_vfs_find(const char *zVfsName); +SQLITE_API int sqlite3_vfs_register(sqlite3_vfs*, int makeDflt); +SQLITE_API int sqlite3_vfs_unregister(sqlite3_vfs*); + +/* +** CAPI3REF: Mutexes +** +** The SQLite core uses these routines for thread +** synchronization. Though they are intended for internal +** use by SQLite, code that links against SQLite is +** permitted to use any of these routines. +** +** The SQLite source code contains multiple implementations +** of these mutex routines. An appropriate implementation +** is selected automatically at compile-time. The following +** implementations are available in the SQLite core: +** +**
    +**
  • SQLITE_MUTEX_PTHREADS +**
  • SQLITE_MUTEX_W32 +**
  • SQLITE_MUTEX_NOOP +**
+** +** The SQLITE_MUTEX_NOOP implementation is a set of routines +** that does no real locking and is appropriate for use in +** a single-threaded application. The SQLITE_MUTEX_PTHREADS and +** SQLITE_MUTEX_W32 implementations are appropriate for use on Unix +** and Windows. +** +** If SQLite is compiled with the SQLITE_MUTEX_APPDEF preprocessor +** macro defined (with "-DSQLITE_MUTEX_APPDEF=1"), then no mutex +** implementation is included with the library. In this case the +** application must supply a custom mutex implementation using the +** [SQLITE_CONFIG_MUTEX] option of the sqlite3_config() function +** before calling sqlite3_initialize() or any other public sqlite3_ +** function that calls sqlite3_initialize(). +** +** ^The sqlite3_mutex_alloc() routine allocates a new +** mutex and returns a pointer to it. ^The sqlite3_mutex_alloc() +** routine returns NULL if it is unable to allocate the requested +** mutex. The argument to sqlite3_mutex_alloc() must one of these +** integer constants: +** +**
    +**
  • SQLITE_MUTEX_FAST +**
  • SQLITE_MUTEX_RECURSIVE +**
  • SQLITE_MUTEX_STATIC_MASTER +**
  • SQLITE_MUTEX_STATIC_MEM +**
  • SQLITE_MUTEX_STATIC_OPEN +**
  • SQLITE_MUTEX_STATIC_PRNG +**
  • SQLITE_MUTEX_STATIC_LRU +**
  • SQLITE_MUTEX_STATIC_PMEM +**
  • SQLITE_MUTEX_STATIC_APP1 +**
  • SQLITE_MUTEX_STATIC_APP2 +**
  • SQLITE_MUTEX_STATIC_APP3 +**
  • SQLITE_MUTEX_STATIC_VFS1 +**
  • SQLITE_MUTEX_STATIC_VFS2 +**
  • SQLITE_MUTEX_STATIC_VFS3 +**
+** +** ^The first two constants (SQLITE_MUTEX_FAST and SQLITE_MUTEX_RECURSIVE) +** cause sqlite3_mutex_alloc() to create +** a new mutex. ^The new mutex is recursive when SQLITE_MUTEX_RECURSIVE +** is used but not necessarily so when SQLITE_MUTEX_FAST is used. +** The mutex implementation does not need to make a distinction +** between SQLITE_MUTEX_RECURSIVE and SQLITE_MUTEX_FAST if it does +** not want to. SQLite will only request a recursive mutex in +** cases where it really needs one. If a faster non-recursive mutex +** implementation is available on the host platform, the mutex subsystem +** might return such a mutex in response to SQLITE_MUTEX_FAST. +** +** ^The other allowed parameters to sqlite3_mutex_alloc() (anything other +** than SQLITE_MUTEX_FAST and SQLITE_MUTEX_RECURSIVE) each return +** a pointer to a static preexisting mutex. ^Nine static mutexes are +** used by the current version of SQLite. Future versions of SQLite +** may add additional static mutexes. Static mutexes are for internal +** use by SQLite only. Applications that use SQLite mutexes should +** use only the dynamic mutexes returned by SQLITE_MUTEX_FAST or +** SQLITE_MUTEX_RECURSIVE. +** +** ^Note that if one of the dynamic mutex parameters (SQLITE_MUTEX_FAST +** or SQLITE_MUTEX_RECURSIVE) is used then sqlite3_mutex_alloc() +** returns a different mutex on every call. ^For the static +** mutex types, the same mutex is returned on every call that has +** the same type number. +** +** ^The sqlite3_mutex_free() routine deallocates a previously +** allocated dynamic mutex. Attempting to deallocate a static +** mutex results in undefined behavior. +** +** ^The sqlite3_mutex_enter() and sqlite3_mutex_try() routines attempt +** to enter a mutex. ^If another thread is already within the mutex, +** sqlite3_mutex_enter() will block and sqlite3_mutex_try() will return +** SQLITE_BUSY. ^The sqlite3_mutex_try() interface returns [SQLITE_OK] +** upon successful entry. ^(Mutexes created using +** SQLITE_MUTEX_RECURSIVE can be entered multiple times by the same thread. +** In such cases, the +** mutex must be exited an equal number of times before another thread +** can enter.)^ If the same thread tries to enter any mutex other +** than an SQLITE_MUTEX_RECURSIVE more than once, the behavior is undefined. +** +** ^(Some systems (for example, Windows 95) do not support the operation +** implemented by sqlite3_mutex_try(). On those systems, sqlite3_mutex_try() +** will always return SQLITE_BUSY. The SQLite core only ever uses +** sqlite3_mutex_try() as an optimization so this is acceptable +** behavior.)^ +** +** ^The sqlite3_mutex_leave() routine exits a mutex that was +** previously entered by the same thread. The behavior +** is undefined if the mutex is not currently entered by the +** calling thread or is not currently allocated. +** +** ^If the argument to sqlite3_mutex_enter(), sqlite3_mutex_try(), or +** sqlite3_mutex_leave() is a NULL pointer, then all three routines +** behave as no-ops. +** +** See also: [sqlite3_mutex_held()] and [sqlite3_mutex_notheld()]. +*/ +SQLITE_API sqlite3_mutex *sqlite3_mutex_alloc(int); +SQLITE_API void sqlite3_mutex_free(sqlite3_mutex*); +SQLITE_API void sqlite3_mutex_enter(sqlite3_mutex*); +SQLITE_API int sqlite3_mutex_try(sqlite3_mutex*); +SQLITE_API void sqlite3_mutex_leave(sqlite3_mutex*); + +/* +** CAPI3REF: Mutex Methods Object +** +** An instance of this structure defines the low-level routines +** used to allocate and use mutexes. +** +** Usually, the default mutex implementations provided by SQLite are +** sufficient, however the application has the option of substituting a custom +** implementation for specialized deployments or systems for which SQLite +** does not provide a suitable implementation. In this case, the application +** creates and populates an instance of this structure to pass +** to sqlite3_config() along with the [SQLITE_CONFIG_MUTEX] option. +** Additionally, an instance of this structure can be used as an +** output variable when querying the system for the current mutex +** implementation, using the [SQLITE_CONFIG_GETMUTEX] option. +** +** ^The xMutexInit method defined by this structure is invoked as +** part of system initialization by the sqlite3_initialize() function. +** ^The xMutexInit routine is called by SQLite exactly once for each +** effective call to [sqlite3_initialize()]. +** +** ^The xMutexEnd method defined by this structure is invoked as +** part of system shutdown by the sqlite3_shutdown() function. The +** implementation of this method is expected to release all outstanding +** resources obtained by the mutex methods implementation, especially +** those obtained by the xMutexInit method. ^The xMutexEnd() +** interface is invoked exactly once for each call to [sqlite3_shutdown()]. +** +** ^(The remaining seven methods defined by this structure (xMutexAlloc, +** xMutexFree, xMutexEnter, xMutexTry, xMutexLeave, xMutexHeld and +** xMutexNotheld) implement the following interfaces (respectively): +** +**
    +**
  • [sqlite3_mutex_alloc()]
    • +**
  • [sqlite3_mutex_free()]
    • +**
  • [sqlite3_mutex_enter()]
    • +**
  • [sqlite3_mutex_try()]
    • +**
  • [sqlite3_mutex_leave()]
    • +**
  • [sqlite3_mutex_held()]
    • +**
  • [sqlite3_mutex_notheld()]
    • +**
)^ +** +** The only difference is that the public sqlite3_XXX functions enumerated +** above silently ignore any invocations that pass a NULL pointer instead +** of a valid mutex handle. The implementations of the methods defined +** by this structure are not required to handle this case, the results +** of passing a NULL pointer instead of a valid mutex handle are undefined +** (i.e. it is acceptable to provide an implementation that segfaults if +** it is passed a NULL pointer). +** +** The xMutexInit() method must be threadsafe. It must be harmless to +** invoke xMutexInit() multiple times within the same process and without +** intervening calls to xMutexEnd(). Second and subsequent calls to +** xMutexInit() must be no-ops. +** +** xMutexInit() must not use SQLite memory allocation ([sqlite3_malloc()] +** and its associates). Similarly, xMutexAlloc() must not use SQLite memory +** allocation for a static mutex. ^However xMutexAlloc() may use SQLite +** memory allocation for a fast or recursive mutex. +** +** ^SQLite will invoke the xMutexEnd() method when [sqlite3_shutdown()] is +** called, but only if the prior call to xMutexInit returned SQLITE_OK. +** If xMutexInit fails in any way, it is expected to clean up after itself +** prior to returning. +*/ +typedef struct sqlite3_mutex_methods sqlite3_mutex_methods; +struct sqlite3_mutex_methods { + int (*xMutexInit)(void); + int (*xMutexEnd)(void); + sqlite3_mutex *(*xMutexAlloc)(int); + void (*xMutexFree)(sqlite3_mutex *); + void (*xMutexEnter)(sqlite3_mutex *); + int (*xMutexTry)(sqlite3_mutex *); + void (*xMutexLeave)(sqlite3_mutex *); + int (*xMutexHeld)(sqlite3_mutex *); + int (*xMutexNotheld)(sqlite3_mutex *); +}; + +/* +** CAPI3REF: Mutex Verification Routines +** +** The sqlite3_mutex_held() and sqlite3_mutex_notheld() routines +** are intended for use inside assert() statements. The SQLite core +** never uses these routines except inside an assert() and applications +** are advised to follow the lead of the core. The SQLite core only +** provides implementations for these routines when it is compiled +** with the SQLITE_DEBUG flag. External mutex implementations +** are only required to provide these routines if SQLITE_DEBUG is +** defined and if NDEBUG is not defined. +** +** These routines should return true if the mutex in their argument +** is held or not held, respectively, by the calling thread. +** +** The implementation is not required to provide versions of these +** routines that actually work. If the implementation does not provide working +** versions of these routines, it should at least provide stubs that always +** return true so that one does not get spurious assertion failures. +** +** If the argument to sqlite3_mutex_held() is a NULL pointer then +** the routine should return 1. This seems counter-intuitive since +** clearly the mutex cannot be held if it does not exist. But +** the reason the mutex does not exist is because the build is not +** using mutexes. And we do not want the assert() containing the +** call to sqlite3_mutex_held() to fail, so a non-zero return is +** the appropriate thing to do. The sqlite3_mutex_notheld() +** interface should also return 1 when given a NULL pointer. +*/ +#ifndef NDEBUG +SQLITE_API int sqlite3_mutex_held(sqlite3_mutex*); +SQLITE_API int sqlite3_mutex_notheld(sqlite3_mutex*); +#endif + +/* +** CAPI3REF: Mutex Types +** +** The [sqlite3_mutex_alloc()] interface takes a single argument +** which is one of these integer constants. +** +** The set of static mutexes may change from one SQLite release to the +** next. Applications that override the built-in mutex logic must be +** prepared to accommodate additional static mutexes. +*/ +#define SQLITE_MUTEX_FAST 0 +#define SQLITE_MUTEX_RECURSIVE 1 +#define SQLITE_MUTEX_STATIC_MASTER 2 +#define SQLITE_MUTEX_STATIC_MEM 3 /* sqlite3_malloc() */ +#define SQLITE_MUTEX_STATIC_MEM2 4 /* NOT USED */ +#define SQLITE_MUTEX_STATIC_OPEN 4 /* sqlite3BtreeOpen() */ +#define SQLITE_MUTEX_STATIC_PRNG 5 /* sqlite3_randomness() */ +#define SQLITE_MUTEX_STATIC_LRU 6 /* lru page list */ +#define SQLITE_MUTEX_STATIC_LRU2 7 /* NOT USED */ +#define SQLITE_MUTEX_STATIC_PMEM 7 /* sqlite3PageMalloc() */ +#define SQLITE_MUTEX_STATIC_APP1 8 /* For use by application */ +#define SQLITE_MUTEX_STATIC_APP2 9 /* For use by application */ +#define SQLITE_MUTEX_STATIC_APP3 10 /* For use by application */ +#define SQLITE_MUTEX_STATIC_VFS1 11 /* For use by built-in VFS */ +#define SQLITE_MUTEX_STATIC_VFS2 12 /* For use by extension VFS */ +#define SQLITE_MUTEX_STATIC_VFS3 13 /* For use by application VFS */ + +/* +** CAPI3REF: Retrieve the mutex for a database connection +** METHOD: sqlite3 +** +** ^This interface returns a pointer the [sqlite3_mutex] object that +** serializes access to the [database connection] given in the argument +** when the [threading mode] is Serialized. +** ^If the [threading mode] is Single-thread or Multi-thread then this +** routine returns a NULL pointer. +*/ +SQLITE_API sqlite3_mutex *sqlite3_db_mutex(sqlite3*); + +/* +** CAPI3REF: Low-Level Control Of Database Files +** METHOD: sqlite3 +** +** ^The [sqlite3_file_control()] interface makes a direct call to the +** xFileControl method for the [sqlite3_io_methods] object associated +** with a particular database identified by the second argument. ^The +** name of the database is "main" for the main database or "temp" for the +** TEMP database, or the name that appears after the AS keyword for +** databases that are added using the [ATTACH] SQL command. +** ^A NULL pointer can be used in place of "main" to refer to the +** main database file. +** ^The third and fourth parameters to this routine +** are passed directly through to the second and third parameters of +** the xFileControl method. ^The return value of the xFileControl +** method becomes the return value of this routine. +** +** ^The SQLITE_FCNTL_FILE_POINTER value for the op parameter causes +** a pointer to the underlying [sqlite3_file] object to be written into +** the space pointed to by the 4th parameter. ^The SQLITE_FCNTL_FILE_POINTER +** case is a short-circuit path which does not actually invoke the +** underlying sqlite3_io_methods.xFileControl method. +** +** ^If the second parameter (zDbName) does not match the name of any +** open database file, then SQLITE_ERROR is returned. ^This error +** code is not remembered and will not be recalled by [sqlite3_errcode()] +** or [sqlite3_errmsg()]. The underlying xFileControl method might +** also return SQLITE_ERROR. There is no way to distinguish between +** an incorrect zDbName and an SQLITE_ERROR return from the underlying +** xFileControl method. +** +** See also: [SQLITE_FCNTL_LOCKSTATE] +*/ +SQLITE_API int sqlite3_file_control(sqlite3*, const char *zDbName, int op, void*); + +/* +** CAPI3REF: Testing Interface +** +** ^The sqlite3_test_control() interface is used to read out internal +** state of SQLite and to inject faults into SQLite for testing +** purposes. ^The first parameter is an operation code that determines +** the number, meaning, and operation of all subsequent parameters. +** +** This interface is not for use by applications. It exists solely +** for verifying the correct operation of the SQLite library. Depending +** on how the SQLite library is compiled, this interface might not exist. +** +** The details of the operation codes, their meanings, the parameters +** they take, and what they do are all subject to change without notice. +** Unlike most of the SQLite API, this function is not guaranteed to +** operate consistently from one release to the next. +*/ +SQLITE_API int sqlite3_test_control(int op, ...); + +/* +** CAPI3REF: Testing Interface Operation Codes +** +** These constants are the valid operation code parameters used +** as the first argument to [sqlite3_test_control()]. +** +** These parameters and their meanings are subject to change +** without notice. These values are for testing purposes only. +** Applications should not use any of these parameters or the +** [sqlite3_test_control()] interface. +*/ +#define SQLITE_TESTCTRL_FIRST 5 +#define SQLITE_TESTCTRL_PRNG_SAVE 5 +#define SQLITE_TESTCTRL_PRNG_RESTORE 6 +#define SQLITE_TESTCTRL_PRNG_RESET 7 +#define SQLITE_TESTCTRL_BITVEC_TEST 8 +#define SQLITE_TESTCTRL_FAULT_INSTALL 9 +#define SQLITE_TESTCTRL_BENIGN_MALLOC_HOOKS 10 +#define SQLITE_TESTCTRL_PENDING_BYTE 11 +#define SQLITE_TESTCTRL_ASSERT 12 +#define SQLITE_TESTCTRL_ALWAYS 13 +#define SQLITE_TESTCTRL_RESERVE 14 +#define SQLITE_TESTCTRL_OPTIMIZATIONS 15 +#define SQLITE_TESTCTRL_ISKEYWORD 16 +#define SQLITE_TESTCTRL_SCRATCHMALLOC 17 +#define SQLITE_TESTCTRL_LOCALTIME_FAULT 18 +#define SQLITE_TESTCTRL_EXPLAIN_STMT 19 /* NOT USED */ +#define SQLITE_TESTCTRL_ONCE_RESET_THRESHOLD 19 +#define SQLITE_TESTCTRL_NEVER_CORRUPT 20 +#define SQLITE_TESTCTRL_VDBE_COVERAGE 21 +#define SQLITE_TESTCTRL_BYTEORDER 22 +#define SQLITE_TESTCTRL_ISINIT 23 +#define SQLITE_TESTCTRL_SORTER_MMAP 24 +#define SQLITE_TESTCTRL_IMPOSTER 25 +#define SQLITE_TESTCTRL_LAST 25 + +/* +** CAPI3REF: SQLite Runtime Status +** +** ^These interfaces are used to retrieve runtime status information +** about the performance of SQLite, and optionally to reset various +** highwater marks. ^The first argument is an integer code for +** the specific parameter to measure. ^(Recognized integer codes +** are of the form [status parameters | SQLITE_STATUS_...].)^ +** ^The current value of the parameter is returned into *pCurrent. +** ^The highest recorded value is returned in *pHighwater. ^If the +** resetFlag is true, then the highest record value is reset after +** *pHighwater is written. ^(Some parameters do not record the highest +** value. For those parameters +** nothing is written into *pHighwater and the resetFlag is ignored.)^ +** ^(Other parameters record only the highwater mark and not the current +** value. For these latter parameters nothing is written into *pCurrent.)^ +** +** ^The sqlite3_status() and sqlite3_status64() routines return +** SQLITE_OK on success and a non-zero [error code] on failure. +** +** If either the current value or the highwater mark is too large to +** be represented by a 32-bit integer, then the values returned by +** sqlite3_status() are undefined. +** +** See also: [sqlite3_db_status()] +*/ +SQLITE_API int sqlite3_status(int op, int *pCurrent, int *pHighwater, int resetFlag); +SQLITE_API int sqlite3_status64( + int op, + sqlite3_int64 *pCurrent, + sqlite3_int64 *pHighwater, + int resetFlag +); + + +/* +** CAPI3REF: Status Parameters +** KEYWORDS: {status parameters} +** +** These integer constants designate various run-time status parameters +** that can be returned by [sqlite3_status()]. +** +**
+** [[SQLITE_STATUS_MEMORY_USED]] ^(
SQLITE_STATUS_MEMORY_USED
+**
This parameter is the current amount of memory checked out +** using [sqlite3_malloc()], either directly or indirectly. The +** figure includes calls made to [sqlite3_malloc()] by the application +** and internal memory usage by the SQLite library. Scratch memory +** controlled by [SQLITE_CONFIG_SCRATCH] and auxiliary page-cache +** memory controlled by [SQLITE_CONFIG_PAGECACHE] is not included in +** this parameter. The amount returned is the sum of the allocation +** sizes as reported by the xSize method in [sqlite3_mem_methods].
)^ +** +** [[SQLITE_STATUS_MALLOC_SIZE]] ^(
SQLITE_STATUS_MALLOC_SIZE
+**
This parameter records the largest memory allocation request +** handed to [sqlite3_malloc()] or [sqlite3_realloc()] (or their +** internal equivalents). Only the value returned in the +** *pHighwater parameter to [sqlite3_status()] is of interest. +** The value written into the *pCurrent parameter is undefined.
)^ +** +** [[SQLITE_STATUS_MALLOC_COUNT]] ^(
SQLITE_STATUS_MALLOC_COUNT
+**
This parameter records the number of separate memory allocations +** currently checked out.
)^ +** +** [[SQLITE_STATUS_PAGECACHE_USED]] ^(
SQLITE_STATUS_PAGECACHE_USED
+**
This parameter returns the number of pages used out of the +** [pagecache memory allocator] that was configured using +** [SQLITE_CONFIG_PAGECACHE]. The +** value returned is in pages, not in bytes.
)^ +** +** [[SQLITE_STATUS_PAGECACHE_OVERFLOW]] +** ^(
SQLITE_STATUS_PAGECACHE_OVERFLOW
+**
This parameter returns the number of bytes of page cache +** allocation which could not be satisfied by the [SQLITE_CONFIG_PAGECACHE] +** buffer and where forced to overflow to [sqlite3_malloc()]. The +** returned value includes allocations that overflowed because they +** where too large (they were larger than the "sz" parameter to +** [SQLITE_CONFIG_PAGECACHE]) and allocations that overflowed because +** no space was left in the page cache.
)^ +** +** [[SQLITE_STATUS_PAGECACHE_SIZE]] ^(
SQLITE_STATUS_PAGECACHE_SIZE
+**
This parameter records the largest memory allocation request +** handed to [pagecache memory allocator]. Only the value returned in the +** *pHighwater parameter to [sqlite3_status()] is of interest. +** The value written into the *pCurrent parameter is undefined.
)^ +** +** [[SQLITE_STATUS_SCRATCH_USED]] ^(
SQLITE_STATUS_SCRATCH_USED
+**
This parameter returns the number of allocations used out of the +** [scratch memory allocator] configured using +** [SQLITE_CONFIG_SCRATCH]. The value returned is in allocations, not +** in bytes. Since a single thread may only have one scratch allocation +** outstanding at time, this parameter also reports the number of threads +** using scratch memory at the same time.
)^ +** +** [[SQLITE_STATUS_SCRATCH_OVERFLOW]] ^(
SQLITE_STATUS_SCRATCH_OVERFLOW
+**
This parameter returns the number of bytes of scratch memory +** allocation which could not be satisfied by the [SQLITE_CONFIG_SCRATCH] +** buffer and where forced to overflow to [sqlite3_malloc()]. The values +** returned include overflows because the requested allocation was too +** larger (that is, because the requested allocation was larger than the +** "sz" parameter to [SQLITE_CONFIG_SCRATCH]) and because no scratch buffer +** slots were available. +**
)^ +** +** [[SQLITE_STATUS_SCRATCH_SIZE]] ^(
SQLITE_STATUS_SCRATCH_SIZE
+**
This parameter records the largest memory allocation request +** handed to [scratch memory allocator]. Only the value returned in the +** *pHighwater parameter to [sqlite3_status()] is of interest. +** The value written into the *pCurrent parameter is undefined.
)^ +** +** [[SQLITE_STATUS_PARSER_STACK]] ^(
SQLITE_STATUS_PARSER_STACK
+**
The *pHighwater parameter records the deepest parser stack. +** The *pCurrent value is undefined. The *pHighwater value is only +** meaningful if SQLite is compiled with [YYTRACKMAXSTACKDEPTH].
)^ +**
+** +** New status parameters may be added from time to time. +*/ +#define SQLITE_STATUS_MEMORY_USED 0 +#define SQLITE_STATUS_PAGECACHE_USED 1 +#define SQLITE_STATUS_PAGECACHE_OVERFLOW 2 +#define SQLITE_STATUS_SCRATCH_USED 3 +#define SQLITE_STATUS_SCRATCH_OVERFLOW 4 +#define SQLITE_STATUS_MALLOC_SIZE 5 +#define SQLITE_STATUS_PARSER_STACK 6 +#define SQLITE_STATUS_PAGECACHE_SIZE 7 +#define SQLITE_STATUS_SCRATCH_SIZE 8 +#define SQLITE_STATUS_MALLOC_COUNT 9 + +/* +** CAPI3REF: Database Connection Status +** METHOD: sqlite3 +** +** ^This interface is used to retrieve runtime status information +** about a single [database connection]. ^The first argument is the +** database connection object to be interrogated. ^The second argument +** is an integer constant, taken from the set of +** [SQLITE_DBSTATUS options], that +** determines the parameter to interrogate. The set of +** [SQLITE_DBSTATUS options] is likely +** to grow in future releases of SQLite. +** +** ^The current value of the requested parameter is written into *pCur +** and the highest instantaneous value is written into *pHiwtr. ^If +** the resetFlg is true, then the highest instantaneous value is +** reset back down to the current value. +** +** ^The sqlite3_db_status() routine returns SQLITE_OK on success and a +** non-zero [error code] on failure. +** +** See also: [sqlite3_status()] and [sqlite3_stmt_status()]. +*/ +SQLITE_API int sqlite3_db_status(sqlite3*, int op, int *pCur, int *pHiwtr, int resetFlg); + +/* +** CAPI3REF: Status Parameters for database connections +** KEYWORDS: {SQLITE_DBSTATUS options} +** +** These constants are the available integer "verbs" that can be passed as +** the second argument to the [sqlite3_db_status()] interface. +** +** New verbs may be added in future releases of SQLite. Existing verbs +** might be discontinued. Applications should check the return code from +** [sqlite3_db_status()] to make sure that the call worked. +** The [sqlite3_db_status()] interface will return a non-zero error code +** if a discontinued or unsupported verb is invoked. +** +**
+** [[SQLITE_DBSTATUS_LOOKASIDE_USED]] ^(
SQLITE_DBSTATUS_LOOKASIDE_USED
+**
This parameter returns the number of lookaside memory slots currently +** checked out.
)^ +** +** [[SQLITE_DBSTATUS_LOOKASIDE_HIT]] ^(
SQLITE_DBSTATUS_LOOKASIDE_HIT
+**
This parameter returns the number malloc attempts that were +** satisfied using lookaside memory. Only the high-water value is meaningful; +** the current value is always zero.)^ +** +** [[SQLITE_DBSTATUS_LOOKASIDE_MISS_SIZE]] +** ^(
SQLITE_DBSTATUS_LOOKASIDE_MISS_SIZE
+**
This parameter returns the number malloc attempts that might have +** been satisfied using lookaside memory but failed due to the amount of +** memory requested being larger than the lookaside slot size. +** Only the high-water value is meaningful; +** the current value is always zero.)^ +** +** [[SQLITE_DBSTATUS_LOOKASIDE_MISS_FULL]] +** ^(
SQLITE_DBSTATUS_LOOKASIDE_MISS_FULL
+**
This parameter returns the number malloc attempts that might have +** been satisfied using lookaside memory but failed due to all lookaside +** memory already being in use. +** Only the high-water value is meaningful; +** the current value is always zero.)^ +** +** [[SQLITE_DBSTATUS_CACHE_USED]] ^(
SQLITE_DBSTATUS_CACHE_USED
+**
This parameter returns the approximate number of bytes of heap +** memory used by all pager caches associated with the database connection.)^ +** ^The highwater mark associated with SQLITE_DBSTATUS_CACHE_USED is always 0. +** +** [[SQLITE_DBSTATUS_CACHE_USED_SHARED]] +** ^(
SQLITE_DBSTATUS_CACHE_USED_SHARED
+**
This parameter is similar to DBSTATUS_CACHE_USED, except that if a +** pager cache is shared between two or more connections the bytes of heap +** memory used by that pager cache is divided evenly between the attached +** connections.)^ In other words, if none of the pager caches associated +** with the database connection are shared, this request returns the same +** value as DBSTATUS_CACHE_USED. Or, if one or more or the pager caches are +** shared, the value returned by this call will be smaller than that returned +** by DBSTATUS_CACHE_USED. ^The highwater mark associated with +** SQLITE_DBSTATUS_CACHE_USED_SHARED is always 0. +** +** [[SQLITE_DBSTATUS_SCHEMA_USED]] ^(
SQLITE_DBSTATUS_SCHEMA_USED
+**
This parameter returns the approximate number of bytes of heap +** memory used to store the schema for all databases associated +** with the connection - main, temp, and any [ATTACH]-ed databases.)^ +** ^The full amount of memory used by the schemas is reported, even if the +** schema memory is shared with other database connections due to +** [shared cache mode] being enabled. +** ^The highwater mark associated with SQLITE_DBSTATUS_SCHEMA_USED is always 0. +** +** [[SQLITE_DBSTATUS_STMT_USED]] ^(
SQLITE_DBSTATUS_STMT_USED
+**
This parameter returns the approximate number of bytes of heap +** and lookaside memory used by all prepared statements associated with +** the database connection.)^ +** ^The highwater mark associated with SQLITE_DBSTATUS_STMT_USED is always 0. +**
+** +** [[SQLITE_DBSTATUS_CACHE_HIT]] ^(
SQLITE_DBSTATUS_CACHE_HIT
+**
This parameter returns the number of pager cache hits that have +** occurred.)^ ^The highwater mark associated with SQLITE_DBSTATUS_CACHE_HIT +** is always 0. +**
+** +** [[SQLITE_DBSTATUS_CACHE_MISS]] ^(
SQLITE_DBSTATUS_CACHE_MISS
+**
This parameter returns the number of pager cache misses that have +** occurred.)^ ^The highwater mark associated with SQLITE_DBSTATUS_CACHE_MISS +** is always 0. +**
+** +** [[SQLITE_DBSTATUS_CACHE_WRITE]] ^(
SQLITE_DBSTATUS_CACHE_WRITE
+**
This parameter returns the number of dirty cache entries that have +** been written to disk. Specifically, the number of pages written to the +** wal file in wal mode databases, or the number of pages written to the +** database file in rollback mode databases. Any pages written as part of +** transaction rollback or database recovery operations are not included. +** If an IO or other error occurs while writing a page to disk, the effect +** on subsequent SQLITE_DBSTATUS_CACHE_WRITE requests is undefined.)^ ^The +** highwater mark associated with SQLITE_DBSTATUS_CACHE_WRITE is always 0. +**
+** +** [[SQLITE_DBSTATUS_DEFERRED_FKS]] ^(
SQLITE_DBSTATUS_DEFERRED_FKS
+**
This parameter returns zero for the current value if and only if +** all foreign key constraints (deferred or immediate) have been +** resolved.)^ ^The highwater mark is always 0. +**
+**
+*/ +#define SQLITE_DBSTATUS_LOOKASIDE_USED 0 +#define SQLITE_DBSTATUS_CACHE_USED 1 +#define SQLITE_DBSTATUS_SCHEMA_USED 2 +#define SQLITE_DBSTATUS_STMT_USED 3 +#define SQLITE_DBSTATUS_LOOKASIDE_HIT 4 +#define SQLITE_DBSTATUS_LOOKASIDE_MISS_SIZE 5 +#define SQLITE_DBSTATUS_LOOKASIDE_MISS_FULL 6 +#define SQLITE_DBSTATUS_CACHE_HIT 7 +#define SQLITE_DBSTATUS_CACHE_MISS 8 +#define SQLITE_DBSTATUS_CACHE_WRITE 9 +#define SQLITE_DBSTATUS_DEFERRED_FKS 10 +#define SQLITE_DBSTATUS_CACHE_USED_SHARED 11 +#define SQLITE_DBSTATUS_MAX 11 /* Largest defined DBSTATUS */ + + +/* +** CAPI3REF: Prepared Statement Status +** METHOD: sqlite3_stmt +** +** ^(Each prepared statement maintains various +** [SQLITE_STMTSTATUS counters] that measure the number +** of times it has performed specific operations.)^ These counters can +** be used to monitor the performance characteristics of the prepared +** statements. For example, if the number of table steps greatly exceeds +** the number of table searches or result rows, that would tend to indicate +** that the prepared statement is using a full table scan rather than +** an index. +** +** ^(This interface is used to retrieve and reset counter values from +** a [prepared statement]. The first argument is the prepared statement +** object to be interrogated. The second argument +** is an integer code for a specific [SQLITE_STMTSTATUS counter] +** to be interrogated.)^ +** ^The current value of the requested counter is returned. +** ^If the resetFlg is true, then the counter is reset to zero after this +** interface call returns. +** +** See also: [sqlite3_status()] and [sqlite3_db_status()]. +*/ +SQLITE_API int sqlite3_stmt_status(sqlite3_stmt*, int op,int resetFlg); + +/* +** CAPI3REF: Status Parameters for prepared statements +** KEYWORDS: {SQLITE_STMTSTATUS counter} {SQLITE_STMTSTATUS counters} +** +** These preprocessor macros define integer codes that name counter +** values associated with the [sqlite3_stmt_status()] interface. +** The meanings of the various counters are as follows: +** +**
+** [[SQLITE_STMTSTATUS_FULLSCAN_STEP]]
SQLITE_STMTSTATUS_FULLSCAN_STEP
+**
^This is the number of times that SQLite has stepped forward in +** a table as part of a full table scan. Large numbers for this counter +** may indicate opportunities for performance improvement through +** careful use of indices.
+** +** [[SQLITE_STMTSTATUS_SORT]]
SQLITE_STMTSTATUS_SORT
+**
^This is the number of sort operations that have occurred. +** A non-zero value in this counter may indicate an opportunity to +** improvement performance through careful use of indices.
+** +** [[SQLITE_STMTSTATUS_AUTOINDEX]]
SQLITE_STMTSTATUS_AUTOINDEX
+**
^This is the number of rows inserted into transient indices that +** were created automatically in order to help joins run faster. +** A non-zero value in this counter may indicate an opportunity to +** improvement performance by adding permanent indices that do not +** need to be reinitialized each time the statement is run.
+** +** [[SQLITE_STMTSTATUS_VM_STEP]]
SQLITE_STMTSTATUS_VM_STEP
+**
^This is the number of virtual machine operations executed +** by the prepared statement if that number is less than or equal +** to 2147483647. The number of virtual machine operations can be +** used as a proxy for the total work done by the prepared statement. +** If the number of virtual machine operations exceeds 2147483647 +** then the value returned by this statement status code is undefined. +**
+**
+*/ +#define SQLITE_STMTSTATUS_FULLSCAN_STEP 1 +#define SQLITE_STMTSTATUS_SORT 2 +#define SQLITE_STMTSTATUS_AUTOINDEX 3 +#define SQLITE_STMTSTATUS_VM_STEP 4 + +/* +** CAPI3REF: Custom Page Cache Object +** +** The sqlite3_pcache type is opaque. It is implemented by +** the pluggable module. The SQLite core has no knowledge of +** its size or internal structure and never deals with the +** sqlite3_pcache object except by holding and passing pointers +** to the object. +** +** See [sqlite3_pcache_methods2] for additional information. +*/ +typedef struct sqlite3_pcache sqlite3_pcache; + +/* +** CAPI3REF: Custom Page Cache Object +** +** The sqlite3_pcache_page object represents a single page in the +** page cache. The page cache will allocate instances of this +** object. Various methods of the page cache use pointers to instances +** of this object as parameters or as their return value. +** +** See [sqlite3_pcache_methods2] for additional information. +*/ +typedef struct sqlite3_pcache_page sqlite3_pcache_page; +struct sqlite3_pcache_page { + void *pBuf; /* The content of the page */ + void *pExtra; /* Extra information associated with the page */ +}; + +/* +** CAPI3REF: Application Defined Page Cache. +** KEYWORDS: {page cache} +** +** ^(The [sqlite3_config]([SQLITE_CONFIG_PCACHE2], ...) interface can +** register an alternative page cache implementation by passing in an +** instance of the sqlite3_pcache_methods2 structure.)^ +** In many applications, most of the heap memory allocated by +** SQLite is used for the page cache. +** By implementing a +** custom page cache using this API, an application can better control +** the amount of memory consumed by SQLite, the way in which +** that memory is allocated and released, and the policies used to +** determine exactly which parts of a database file are cached and for +** how long. +** +** The alternative page cache mechanism is an +** extreme measure that is only needed by the most demanding applications. +** The built-in page cache is recommended for most uses. +** +** ^(The contents of the sqlite3_pcache_methods2 structure are copied to an +** internal buffer by SQLite within the call to [sqlite3_config]. Hence +** the application may discard the parameter after the call to +** [sqlite3_config()] returns.)^ +** +** [[the xInit() page cache method]] +** ^(The xInit() method is called once for each effective +** call to [sqlite3_initialize()])^ +** (usually only once during the lifetime of the process). ^(The xInit() +** method is passed a copy of the sqlite3_pcache_methods2.pArg value.)^ +** The intent of the xInit() method is to set up global data structures +** required by the custom page cache implementation. +** ^(If the xInit() method is NULL, then the +** built-in default page cache is used instead of the application defined +** page cache.)^ +** +** [[the xShutdown() page cache method]] +** ^The xShutdown() method is called by [sqlite3_shutdown()]. +** It can be used to clean up +** any outstanding resources before process shutdown, if required. +** ^The xShutdown() method may be NULL. +** +** ^SQLite automatically serializes calls to the xInit method, +** so the xInit method need not be threadsafe. ^The +** xShutdown method is only called from [sqlite3_shutdown()] so it does +** not need to be threadsafe either. All other methods must be threadsafe +** in multithreaded applications. +** +** ^SQLite will never invoke xInit() more than once without an intervening +** call to xShutdown(). +** +** [[the xCreate() page cache methods]] +** ^SQLite invokes the xCreate() method to construct a new cache instance. +** SQLite will typically create one cache instance for each open database file, +** though this is not guaranteed. ^The +** first parameter, szPage, is the size in bytes of the pages that must +** be allocated by the cache. ^szPage will always a power of two. ^The +** second parameter szExtra is a number of bytes of extra storage +** associated with each page cache entry. ^The szExtra parameter will +** a number less than 250. SQLite will use the +** extra szExtra bytes on each page to store metadata about the underlying +** database page on disk. The value passed into szExtra depends +** on the SQLite version, the target platform, and how SQLite was compiled. +** ^The third argument to xCreate(), bPurgeable, is true if the cache being +** created will be used to cache database pages of a file stored on disk, or +** false if it is used for an in-memory database. The cache implementation +** does not have to do anything special based with the value of bPurgeable; +** it is purely advisory. ^On a cache where bPurgeable is false, SQLite will +** never invoke xUnpin() except to deliberately delete a page. +** ^In other words, calls to xUnpin() on a cache with bPurgeable set to +** false will always have the "discard" flag set to true. +** ^Hence, a cache created with bPurgeable false will +** never contain any unpinned pages. +** +** [[the xCachesize() page cache method]] +** ^(The xCachesize() method may be called at any time by SQLite to set the +** suggested maximum cache-size (number of pages stored by) the cache +** instance passed as the first argument. This is the value configured using +** the SQLite "[PRAGMA cache_size]" command.)^ As with the bPurgeable +** parameter, the implementation is not required to do anything with this +** value; it is advisory only. +** +** [[the xPagecount() page cache methods]] +** The xPagecount() method must return the number of pages currently +** stored in the cache, both pinned and unpinned. +** +** [[the xFetch() page cache methods]] +** The xFetch() method locates a page in the cache and returns a pointer to +** an sqlite3_pcache_page object associated with that page, or a NULL pointer. +** The pBuf element of the returned sqlite3_pcache_page object will be a +** pointer to a buffer of szPage bytes used to store the content of a +** single database page. The pExtra element of sqlite3_pcache_page will be +** a pointer to the szExtra bytes of extra storage that SQLite has requested +** for each entry in the page cache. +** +** The page to be fetched is determined by the key. ^The minimum key value +** is 1. After it has been retrieved using xFetch, the page is considered +** to be "pinned". +** +** If the requested page is already in the page cache, then the page cache +** implementation must return a pointer to the page buffer with its content +** intact. If the requested page is not already in the cache, then the +** cache implementation should use the value of the createFlag +** parameter to help it determined what action to take: +** +** +**
createFlag Behavior when page is not already in cache +**
0 Do not allocate a new page. Return NULL. +**
1 Allocate a new page if it easy and convenient to do so. +** Otherwise return NULL. +**
2 Make every effort to allocate a new page. Only return +** NULL if allocating a new page is effectively impossible. +**
+** +** ^(SQLite will normally invoke xFetch() with a createFlag of 0 or 1. SQLite +** will only use a createFlag of 2 after a prior call with a createFlag of 1 +** failed.)^ In between the to xFetch() calls, SQLite may +** attempt to unpin one or more cache pages by spilling the content of +** pinned pages to disk and synching the operating system disk cache. +** +** [[the xUnpin() page cache method]] +** ^xUnpin() is called by SQLite with a pointer to a currently pinned page +** as its second argument. If the third parameter, discard, is non-zero, +** then the page must be evicted from the cache. +** ^If the discard parameter is +** zero, then the page may be discarded or retained at the discretion of +** page cache implementation. ^The page cache implementation +** may choose to evict unpinned pages at any time. +** +** The cache must not perform any reference counting. A single +** call to xUnpin() unpins the page regardless of the number of prior calls +** to xFetch(). +** +** [[the xRekey() page cache methods]] +** The xRekey() method is used to change the key value associated with the +** page passed as the second argument. If the cache +** previously contains an entry associated with newKey, it must be +** discarded. ^Any prior cache entry associated with newKey is guaranteed not +** to be pinned. +** +** When SQLite calls the xTruncate() method, the cache must discard all +** existing cache entries with page numbers (keys) greater than or equal +** to the value of the iLimit parameter passed to xTruncate(). If any +** of these pages are pinned, they are implicitly unpinned, meaning that +** they can be safely discarded. +** +** [[the xDestroy() page cache method]] +** ^The xDestroy() method is used to delete a cache allocated by xCreate(). +** All resources associated with the specified cache should be freed. ^After +** calling the xDestroy() method, SQLite considers the [sqlite3_pcache*] +** handle invalid, and will not use it with any other sqlite3_pcache_methods2 +** functions. +** +** [[the xShrink() page cache method]] +** ^SQLite invokes the xShrink() method when it wants the page cache to +** free up as much of heap memory as possible. The page cache implementation +** is not obligated to free any memory, but well-behaved implementations should +** do their best. +*/ +typedef struct sqlite3_pcache_methods2 sqlite3_pcache_methods2; +struct sqlite3_pcache_methods2 { + int iVersion; + void *pArg; + int (*xInit)(void*); + void (*xShutdown)(void*); + sqlite3_pcache *(*xCreate)(int szPage, int szExtra, int bPurgeable); + void (*xCachesize)(sqlite3_pcache*, int nCachesize); + int (*xPagecount)(sqlite3_pcache*); + sqlite3_pcache_page *(*xFetch)(sqlite3_pcache*, unsigned key, int createFlag); + void (*xUnpin)(sqlite3_pcache*, sqlite3_pcache_page*, int discard); + void (*xRekey)(sqlite3_pcache*, sqlite3_pcache_page*, + unsigned oldKey, unsigned newKey); + void (*xTruncate)(sqlite3_pcache*, unsigned iLimit); + void (*xDestroy)(sqlite3_pcache*); + void (*xShrink)(sqlite3_pcache*); +}; + +/* +** This is the obsolete pcache_methods object that has now been replaced +** by sqlite3_pcache_methods2. This object is not used by SQLite. It is +** retained in the header file for backwards compatibility only. +*/ +typedef struct sqlite3_pcache_methods sqlite3_pcache_methods; +struct sqlite3_pcache_methods { + void *pArg; + int (*xInit)(void*); + void (*xShutdown)(void*); + sqlite3_pcache *(*xCreate)(int szPage, int bPurgeable); + void (*xCachesize)(sqlite3_pcache*, int nCachesize); + int (*xPagecount)(sqlite3_pcache*); + void *(*xFetch)(sqlite3_pcache*, unsigned key, int createFlag); + void (*xUnpin)(sqlite3_pcache*, void*, int discard); + void (*xRekey)(sqlite3_pcache*, void*, unsigned oldKey, unsigned newKey); + void (*xTruncate)(sqlite3_pcache*, unsigned iLimit); + void (*xDestroy)(sqlite3_pcache*); +}; + + +/* +** CAPI3REF: Online Backup Object +** +** The sqlite3_backup object records state information about an ongoing +** online backup operation. ^The sqlite3_backup object is created by +** a call to [sqlite3_backup_init()] and is destroyed by a call to +** [sqlite3_backup_finish()]. +** +** See Also: [Using the SQLite Online Backup API] +*/ +typedef struct sqlite3_backup sqlite3_backup; + +/* +** CAPI3REF: Online Backup API. +** +** The backup API copies the content of one database into another. +** It is useful either for creating backups of databases or +** for copying in-memory databases to or from persistent files. +** +** See Also: [Using the SQLite Online Backup API] +** +** ^SQLite holds a write transaction open on the destination database file +** for the duration of the backup operation. +** ^The source database is read-locked only while it is being read; +** it is not locked continuously for the entire backup operation. +** ^Thus, the backup may be performed on a live source database without +** preventing other database connections from +** reading or writing to the source database while the backup is underway. +** +** ^(To perform a backup operation: +**
    +**
  1. sqlite3_backup_init() is called once to initialize the +** backup, +**
  2. sqlite3_backup_step() is called one or more times to transfer +** the data between the two databases, and finally +**
  3. sqlite3_backup_finish() is called to release all resources +** associated with the backup operation. +**
)^ +** There should be exactly one call to sqlite3_backup_finish() for each +** successful call to sqlite3_backup_init(). +** +** [[sqlite3_backup_init()]] sqlite3_backup_init() +** +** ^The D and N arguments to sqlite3_backup_init(D,N,S,M) are the +** [database connection] associated with the destination database +** and the database name, respectively. +** ^The database name is "main" for the main database, "temp" for the +** temporary database, or the name specified after the AS keyword in +** an [ATTACH] statement for an attached database. +** ^The S and M arguments passed to +** sqlite3_backup_init(D,N,S,M) identify the [database connection] +** and database name of the source database, respectively. +** ^The source and destination [database connections] (parameters S and D) +** must be different or else sqlite3_backup_init(D,N,S,M) will fail with +** an error. +** +** ^A call to sqlite3_backup_init() will fail, returning NULL, if +** there is already a read or read-write transaction open on the +** destination database. +** +** ^If an error occurs within sqlite3_backup_init(D,N,S,M), then NULL is +** returned and an error code and error message are stored in the +** destination [database connection] D. +** ^The error code and message for the failed call to sqlite3_backup_init() +** can be retrieved using the [sqlite3_errcode()], [sqlite3_errmsg()], and/or +** [sqlite3_errmsg16()] functions. +** ^A successful call to sqlite3_backup_init() returns a pointer to an +** [sqlite3_backup] object. +** ^The [sqlite3_backup] object may be used with the sqlite3_backup_step() and +** sqlite3_backup_finish() functions to perform the specified backup +** operation. +** +** [[sqlite3_backup_step()]] sqlite3_backup_step() +** +** ^Function sqlite3_backup_step(B,N) will copy up to N pages between +** the source and destination databases specified by [sqlite3_backup] object B. +** ^If N is negative, all remaining source pages are copied. +** ^If sqlite3_backup_step(B,N) successfully copies N pages and there +** are still more pages to be copied, then the function returns [SQLITE_OK]. +** ^If sqlite3_backup_step(B,N) successfully finishes copying all pages +** from source to destination, then it returns [SQLITE_DONE]. +** ^If an error occurs while running sqlite3_backup_step(B,N), +** then an [error code] is returned. ^As well as [SQLITE_OK] and +** [SQLITE_DONE], a call to sqlite3_backup_step() may return [SQLITE_READONLY], +** [SQLITE_NOMEM], [SQLITE_BUSY], [SQLITE_LOCKED], or an +** [SQLITE_IOERR_ACCESS | SQLITE_IOERR_XXX] extended error code. +** +** ^(The sqlite3_backup_step() might return [SQLITE_READONLY] if +**
    +**
  1. the destination database was opened read-only, or +**
  2. the destination database is using write-ahead-log journaling +** and the destination and source page sizes differ, or +**
  3. the destination database is an in-memory database and the +** destination and source page sizes differ. +**
)^ +** +** ^If sqlite3_backup_step() cannot obtain a required file-system lock, then +** the [sqlite3_busy_handler | busy-handler function] +** is invoked (if one is specified). ^If the +** busy-handler returns non-zero before the lock is available, then +** [SQLITE_BUSY] is returned to the caller. ^In this case the call to +** sqlite3_backup_step() can be retried later. ^If the source +** [database connection] +** is being used to write to the source database when sqlite3_backup_step() +** is called, then [SQLITE_LOCKED] is returned immediately. ^Again, in this +** case the call to sqlite3_backup_step() can be retried later on. ^(If +** [SQLITE_IOERR_ACCESS | SQLITE_IOERR_XXX], [SQLITE_NOMEM], or +** [SQLITE_READONLY] is returned, then +** there is no point in retrying the call to sqlite3_backup_step(). These +** errors are considered fatal.)^ The application must accept +** that the backup operation has failed and pass the backup operation handle +** to the sqlite3_backup_finish() to release associated resources. +** +** ^The first call to sqlite3_backup_step() obtains an exclusive lock +** on the destination file. ^The exclusive lock is not released until either +** sqlite3_backup_finish() is called or the backup operation is complete +** and sqlite3_backup_step() returns [SQLITE_DONE]. ^Every call to +** sqlite3_backup_step() obtains a [shared lock] on the source database that +** lasts for the duration of the sqlite3_backup_step() call. +** ^Because the source database is not locked between calls to +** sqlite3_backup_step(), the source database may be modified mid-way +** through the backup process. ^If the source database is modified by an +** external process or via a database connection other than the one being +** used by the backup operation, then the backup will be automatically +** restarted by the next call to sqlite3_backup_step(). ^If the source +** database is modified by the using the same database connection as is used +** by the backup operation, then the backup database is automatically +** updated at the same time. +** +** [[sqlite3_backup_finish()]] sqlite3_backup_finish() +** +** When sqlite3_backup_step() has returned [SQLITE_DONE], or when the +** application wishes to abandon the backup operation, the application +** should destroy the [sqlite3_backup] by passing it to sqlite3_backup_finish(). +** ^The sqlite3_backup_finish() interfaces releases all +** resources associated with the [sqlite3_backup] object. +** ^If sqlite3_backup_step() has not yet returned [SQLITE_DONE], then any +** active write-transaction on the destination database is rolled back. +** The [sqlite3_backup] object is invalid +** and may not be used following a call to sqlite3_backup_finish(). +** +** ^The value returned by sqlite3_backup_finish is [SQLITE_OK] if no +** sqlite3_backup_step() errors occurred, regardless or whether or not +** sqlite3_backup_step() completed. +** ^If an out-of-memory condition or IO error occurred during any prior +** sqlite3_backup_step() call on the same [sqlite3_backup] object, then +** sqlite3_backup_finish() returns the corresponding [error code]. +** +** ^A return of [SQLITE_BUSY] or [SQLITE_LOCKED] from sqlite3_backup_step() +** is not a permanent error and does not affect the return value of +** sqlite3_backup_finish(). +** +** [[sqlite3_backup_remaining()]] [[sqlite3_backup_pagecount()]] +** sqlite3_backup_remaining() and sqlite3_backup_pagecount() +** +** ^The sqlite3_backup_remaining() routine returns the number of pages still +** to be backed up at the conclusion of the most recent sqlite3_backup_step(). +** ^The sqlite3_backup_pagecount() routine returns the total number of pages +** in the source database at the conclusion of the most recent +** sqlite3_backup_step(). +** ^(The values returned by these functions are only updated by +** sqlite3_backup_step(). If the source database is modified in a way that +** changes the size of the source database or the number of pages remaining, +** those changes are not reflected in the output of sqlite3_backup_pagecount() +** and sqlite3_backup_remaining() until after the next +** sqlite3_backup_step().)^ +** +** Concurrent Usage of Database Handles +** +** ^The source [database connection] may be used by the application for other +** purposes while a backup operation is underway or being initialized. +** ^If SQLite is compiled and configured to support threadsafe database +** connections, then the source database connection may be used concurrently +** from within other threads. +** +** However, the application must guarantee that the destination +** [database connection] is not passed to any other API (by any thread) after +** sqlite3_backup_init() is called and before the corresponding call to +** sqlite3_backup_finish(). SQLite does not currently check to see +** if the application incorrectly accesses the destination [database connection] +** and so no error code is reported, but the operations may malfunction +** nevertheless. Use of the destination database connection while a +** backup is in progress might also also cause a mutex deadlock. +** +** If running in [shared cache mode], the application must +** guarantee that the shared cache used by the destination database +** is not accessed while the backup is running. In practice this means +** that the application must guarantee that the disk file being +** backed up to is not accessed by any connection within the process, +** not just the specific connection that was passed to sqlite3_backup_init(). +** +** The [sqlite3_backup] object itself is partially threadsafe. Multiple +** threads may safely make multiple concurrent calls to sqlite3_backup_step(). +** However, the sqlite3_backup_remaining() and sqlite3_backup_pagecount() +** APIs are not strictly speaking threadsafe. If they are invoked at the +** same time as another thread is invoking sqlite3_backup_step() it is +** possible that they return invalid values. +*/ +SQLITE_API sqlite3_backup *sqlite3_backup_init( + sqlite3 *pDest, /* Destination database handle */ + const char *zDestName, /* Destination database name */ + sqlite3 *pSource, /* Source database handle */ + const char *zSourceName /* Source database name */ +); +SQLITE_API int sqlite3_backup_step(sqlite3_backup *p, int nPage); +SQLITE_API int sqlite3_backup_finish(sqlite3_backup *p); +SQLITE_API int sqlite3_backup_remaining(sqlite3_backup *p); +SQLITE_API int sqlite3_backup_pagecount(sqlite3_backup *p); + +/* +** CAPI3REF: Unlock Notification +** METHOD: sqlite3 +** +** ^When running in shared-cache mode, a database operation may fail with +** an [SQLITE_LOCKED] error if the required locks on the shared-cache or +** individual tables within the shared-cache cannot be obtained. See +** [SQLite Shared-Cache Mode] for a description of shared-cache locking. +** ^This API may be used to register a callback that SQLite will invoke +** when the connection currently holding the required lock relinquishes it. +** ^This API is only available if the library was compiled with the +** [SQLITE_ENABLE_UNLOCK_NOTIFY] C-preprocessor symbol defined. +** +** See Also: [Using the SQLite Unlock Notification Feature]. +** +** ^Shared-cache locks are released when a database connection concludes +** its current transaction, either by committing it or rolling it back. +** +** ^When a connection (known as the blocked connection) fails to obtain a +** shared-cache lock and SQLITE_LOCKED is returned to the caller, the +** identity of the database connection (the blocking connection) that +** has locked the required resource is stored internally. ^After an +** application receives an SQLITE_LOCKED error, it may call the +** sqlite3_unlock_notify() method with the blocked connection handle as +** the first argument to register for a callback that will be invoked +** when the blocking connections current transaction is concluded. ^The +** callback is invoked from within the [sqlite3_step] or [sqlite3_close] +** call that concludes the blocking connections transaction. +** +** ^(If sqlite3_unlock_notify() is called in a multi-threaded application, +** there is a chance that the blocking connection will have already +** concluded its transaction by the time sqlite3_unlock_notify() is invoked. +** If this happens, then the specified callback is invoked immediately, +** from within the call to sqlite3_unlock_notify().)^ +** +** ^If the blocked connection is attempting to obtain a write-lock on a +** shared-cache table, and more than one other connection currently holds +** a read-lock on the same table, then SQLite arbitrarily selects one of +** the other connections to use as the blocking connection. +** +** ^(There may be at most one unlock-notify callback registered by a +** blocked connection. If sqlite3_unlock_notify() is called when the +** blocked connection already has a registered unlock-notify callback, +** then the new callback replaces the old.)^ ^If sqlite3_unlock_notify() is +** called with a NULL pointer as its second argument, then any existing +** unlock-notify callback is canceled. ^The blocked connections +** unlock-notify callback may also be canceled by closing the blocked +** connection using [sqlite3_close()]. +** +** The unlock-notify callback is not reentrant. If an application invokes +** any sqlite3_xxx API functions from within an unlock-notify callback, a +** crash or deadlock may be the result. +** +** ^Unless deadlock is detected (see below), sqlite3_unlock_notify() always +** returns SQLITE_OK. +** +** Callback Invocation Details +** +** When an unlock-notify callback is registered, the application provides a +** single void* pointer that is passed to the callback when it is invoked. +** However, the signature of the callback function allows SQLite to pass +** it an array of void* context pointers. The first argument passed to +** an unlock-notify callback is a pointer to an array of void* pointers, +** and the second is the number of entries in the array. +** +** When a blocking connections transaction is concluded, there may be +** more than one blocked connection that has registered for an unlock-notify +** callback. ^If two or more such blocked connections have specified the +** same callback function, then instead of invoking the callback function +** multiple times, it is invoked once with the set of void* context pointers +** specified by the blocked connections bundled together into an array. +** This gives the application an opportunity to prioritize any actions +** related to the set of unblocked database connections. +** +** Deadlock Detection +** +** Assuming that after registering for an unlock-notify callback a +** database waits for the callback to be issued before taking any further +** action (a reasonable assumption), then using this API may cause the +** application to deadlock. For example, if connection X is waiting for +** connection Y's transaction to be concluded, and similarly connection +** Y is waiting on connection X's transaction, then neither connection +** will proceed and the system may remain deadlocked indefinitely. +** +** To avoid this scenario, the sqlite3_unlock_notify() performs deadlock +** detection. ^If a given call to sqlite3_unlock_notify() would put the +** system in a deadlocked state, then SQLITE_LOCKED is returned and no +** unlock-notify callback is registered. The system is said to be in +** a deadlocked state if connection A has registered for an unlock-notify +** callback on the conclusion of connection B's transaction, and connection +** B has itself registered for an unlock-notify callback when connection +** A's transaction is concluded. ^Indirect deadlock is also detected, so +** the system is also considered to be deadlocked if connection B has +** registered for an unlock-notify callback on the conclusion of connection +** C's transaction, where connection C is waiting on connection A. ^Any +** number of levels of indirection are allowed. +** +** The "DROP TABLE" Exception +** +** When a call to [sqlite3_step()] returns SQLITE_LOCKED, it is almost +** always appropriate to call sqlite3_unlock_notify(). There is however, +** one exception. When executing a "DROP TABLE" or "DROP INDEX" statement, +** SQLite checks if there are any currently executing SELECT statements +** that belong to the same connection. If there are, SQLITE_LOCKED is +** returned. In this case there is no "blocking connection", so invoking +** sqlite3_unlock_notify() results in the unlock-notify callback being +** invoked immediately. If the application then re-attempts the "DROP TABLE" +** or "DROP INDEX" query, an infinite loop might be the result. +** +** One way around this problem is to check the extended error code returned +** by an sqlite3_step() call. ^(If there is a blocking connection, then the +** extended error code is set to SQLITE_LOCKED_SHAREDCACHE. Otherwise, in +** the special "DROP TABLE/INDEX" case, the extended error code is just +** SQLITE_LOCKED.)^ +*/ +SQLITE_API int sqlite3_unlock_notify( + sqlite3 *pBlocked, /* Waiting connection */ + void (*xNotify)(void **apArg, int nArg), /* Callback function to invoke */ + void *pNotifyArg /* Argument to pass to xNotify */ +); + + +/* +** CAPI3REF: String Comparison +** +** ^The [sqlite3_stricmp()] and [sqlite3_strnicmp()] APIs allow applications +** and extensions to compare the contents of two buffers containing UTF-8 +** strings in a case-independent fashion, using the same definition of "case +** independence" that SQLite uses internally when comparing identifiers. +*/ +SQLITE_API int sqlite3_stricmp(const char *, const char *); +SQLITE_API int sqlite3_strnicmp(const char *, const char *, int); + +/* +** CAPI3REF: String Globbing +* +** ^The [sqlite3_strglob(P,X)] interface returns zero if and only if +** string X matches the [GLOB] pattern P. +** ^The definition of [GLOB] pattern matching used in +** [sqlite3_strglob(P,X)] is the same as for the "X GLOB P" operator in the +** SQL dialect understood by SQLite. ^The [sqlite3_strglob(P,X)] function +** is case sensitive. +** +** Note that this routine returns zero on a match and non-zero if the strings +** do not match, the same as [sqlite3_stricmp()] and [sqlite3_strnicmp()]. +** +** See also: [sqlite3_strlike()]. +*/ +SQLITE_API int sqlite3_strglob(const char *zGlob, const char *zStr); + +/* +** CAPI3REF: String LIKE Matching +* +** ^The [sqlite3_strlike(P,X,E)] interface returns zero if and only if +** string X matches the [LIKE] pattern P with escape character E. +** ^The definition of [LIKE] pattern matching used in +** [sqlite3_strlike(P,X,E)] is the same as for the "X LIKE P ESCAPE E" +** operator in the SQL dialect understood by SQLite. ^For "X LIKE P" without +** the ESCAPE clause, set the E parameter of [sqlite3_strlike(P,X,E)] to 0. +** ^As with the LIKE operator, the [sqlite3_strlike(P,X,E)] function is case +** insensitive - equivalent upper and lower case ASCII characters match +** one another. +** +** ^The [sqlite3_strlike(P,X,E)] function matches Unicode characters, though +** only ASCII characters are case folded. +** +** Note that this routine returns zero on a match and non-zero if the strings +** do not match, the same as [sqlite3_stricmp()] and [sqlite3_strnicmp()]. +** +** See also: [sqlite3_strglob()]. +*/ +SQLITE_API int sqlite3_strlike(const char *zGlob, const char *zStr, unsigned int cEsc); + +/* +** CAPI3REF: Error Logging Interface +** +** ^The [sqlite3_log()] interface writes a message into the [error log] +** established by the [SQLITE_CONFIG_LOG] option to [sqlite3_config()]. +** ^If logging is enabled, the zFormat string and subsequent arguments are +** used with [sqlite3_snprintf()] to generate the final output string. +** +** The sqlite3_log() interface is intended for use by extensions such as +** virtual tables, collating functions, and SQL functions. While there is +** nothing to prevent an application from calling sqlite3_log(), doing so +** is considered bad form. +** +** The zFormat string must not be NULL. +** +** To avoid deadlocks and other threading problems, the sqlite3_log() routine +** will not use dynamically allocated memory. The log message is stored in +** a fixed-length buffer on the stack. If the log message is longer than +** a few hundred characters, it will be truncated to the length of the +** buffer. +*/ +SQLITE_API void sqlite3_log(int iErrCode, const char *zFormat, ...); + +/* +** CAPI3REF: Write-Ahead Log Commit Hook +** METHOD: sqlite3 +** +** ^The [sqlite3_wal_hook()] function is used to register a callback that +** is invoked each time data is committed to a database in wal mode. +** +** ^(The callback is invoked by SQLite after the commit has taken place and +** the associated write-lock on the database released)^, so the implementation +** may read, write or [checkpoint] the database as required. +** +** ^The first parameter passed to the callback function when it is invoked +** is a copy of the third parameter passed to sqlite3_wal_hook() when +** registering the callback. ^The second is a copy of the database handle. +** ^The third parameter is the name of the database that was written to - +** either "main" or the name of an [ATTACH]-ed database. ^The fourth parameter +** is the number of pages currently in the write-ahead log file, +** including those that were just committed. +** +** The callback function should normally return [SQLITE_OK]. ^If an error +** code is returned, that error will propagate back up through the +** SQLite code base to cause the statement that provoked the callback +** to report an error, though the commit will have still occurred. If the +** callback returns [SQLITE_ROW] or [SQLITE_DONE], or if it returns a value +** that does not correspond to any valid SQLite error code, the results +** are undefined. +** +** A single database handle may have at most a single write-ahead log callback +** registered at one time. ^Calling [sqlite3_wal_hook()] replaces any +** previously registered write-ahead log callback. ^Note that the +** [sqlite3_wal_autocheckpoint()] interface and the +** [wal_autocheckpoint pragma] both invoke [sqlite3_wal_hook()] and will +** overwrite any prior [sqlite3_wal_hook()] settings. +*/ +SQLITE_API void *sqlite3_wal_hook( + sqlite3*, + int(*)(void *,sqlite3*,const char*,int), + void* +); + +/* +** CAPI3REF: Configure an auto-checkpoint +** METHOD: sqlite3 +** +** ^The [sqlite3_wal_autocheckpoint(D,N)] is a wrapper around +** [sqlite3_wal_hook()] that causes any database on [database connection] D +** to automatically [checkpoint] +** after committing a transaction if there are N or +** more frames in the [write-ahead log] file. ^Passing zero or +** a negative value as the nFrame parameter disables automatic +** checkpoints entirely. +** +** ^The callback registered by this function replaces any existing callback +** registered using [sqlite3_wal_hook()]. ^Likewise, registering a callback +** using [sqlite3_wal_hook()] disables the automatic checkpoint mechanism +** configured by this function. +** +** ^The [wal_autocheckpoint pragma] can be used to invoke this interface +** from SQL. +** +** ^Checkpoints initiated by this mechanism are +** [sqlite3_wal_checkpoint_v2|PASSIVE]. +** +** ^Every new [database connection] defaults to having the auto-checkpoint +** enabled with a threshold of 1000 or [SQLITE_DEFAULT_WAL_AUTOCHECKPOINT] +** pages. The use of this interface +** is only necessary if the default setting is found to be suboptimal +** for a particular application. +*/ +SQLITE_API int sqlite3_wal_autocheckpoint(sqlite3 *db, int N); + +/* +** CAPI3REF: Checkpoint a database +** METHOD: sqlite3 +** +** ^(The sqlite3_wal_checkpoint(D,X) is equivalent to +** [sqlite3_wal_checkpoint_v2](D,X,[SQLITE_CHECKPOINT_PASSIVE],0,0).)^ +** +** In brief, sqlite3_wal_checkpoint(D,X) causes the content in the +** [write-ahead log] for database X on [database connection] D to be +** transferred into the database file and for the write-ahead log to +** be reset. See the [checkpointing] documentation for addition +** information. +** +** This interface used to be the only way to cause a checkpoint to +** occur. But then the newer and more powerful [sqlite3_wal_checkpoint_v2()] +** interface was added. This interface is retained for backwards +** compatibility and as a convenience for applications that need to manually +** start a callback but which do not need the full power (and corresponding +** complication) of [sqlite3_wal_checkpoint_v2()]. +*/ +SQLITE_API int sqlite3_wal_checkpoint(sqlite3 *db, const char *zDb); + +/* +** CAPI3REF: Checkpoint a database +** METHOD: sqlite3 +** +** ^(The sqlite3_wal_checkpoint_v2(D,X,M,L,C) interface runs a checkpoint +** operation on database X of [database connection] D in mode M. Status +** information is written back into integers pointed to by L and C.)^ +** ^(The M parameter must be a valid [checkpoint mode]:)^ +** +**
+**
SQLITE_CHECKPOINT_PASSIVE
+** ^Checkpoint as many frames as possible without waiting for any database +** readers or writers to finish, then sync the database file if all frames +** in the log were checkpointed. ^The [busy-handler callback] +** is never invoked in the SQLITE_CHECKPOINT_PASSIVE mode. +** ^On the other hand, passive mode might leave the checkpoint unfinished +** if there are concurrent readers or writers. +** +**
SQLITE_CHECKPOINT_FULL
+** ^This mode blocks (it invokes the +** [sqlite3_busy_handler|busy-handler callback]) until there is no +** database writer and all readers are reading from the most recent database +** snapshot. ^It then checkpoints all frames in the log file and syncs the +** database file. ^This mode blocks new database writers while it is pending, +** but new database readers are allowed to continue unimpeded. +** +**
SQLITE_CHECKPOINT_RESTART
+** ^This mode works the same way as SQLITE_CHECKPOINT_FULL with the addition +** that after checkpointing the log file it blocks (calls the +** [busy-handler callback]) +** until all readers are reading from the database file only. ^This ensures +** that the next writer will restart the log file from the beginning. +** ^Like SQLITE_CHECKPOINT_FULL, this mode blocks new +** database writer attempts while it is pending, but does not impede readers. +** +**
SQLITE_CHECKPOINT_TRUNCATE
+** ^This mode works the same way as SQLITE_CHECKPOINT_RESTART with the +** addition that it also truncates the log file to zero bytes just prior +** to a successful return. +**
+** +** ^If pnLog is not NULL, then *pnLog is set to the total number of frames in +** the log file or to -1 if the checkpoint could not run because +** of an error or because the database is not in [WAL mode]. ^If pnCkpt is not +** NULL,then *pnCkpt is set to the total number of checkpointed frames in the +** log file (including any that were already checkpointed before the function +** was called) or to -1 if the checkpoint could not run due to an error or +** because the database is not in WAL mode. ^Note that upon successful +** completion of an SQLITE_CHECKPOINT_TRUNCATE, the log file will have been +** truncated to zero bytes and so both *pnLog and *pnCkpt will be set to zero. +** +** ^All calls obtain an exclusive "checkpoint" lock on the database file. ^If +** any other process is running a checkpoint operation at the same time, the +** lock cannot be obtained and SQLITE_BUSY is returned. ^Even if there is a +** busy-handler configured, it will not be invoked in this case. +** +** ^The SQLITE_CHECKPOINT_FULL, RESTART and TRUNCATE modes also obtain the +** exclusive "writer" lock on the database file. ^If the writer lock cannot be +** obtained immediately, and a busy-handler is configured, it is invoked and +** the writer lock retried until either the busy-handler returns 0 or the lock +** is successfully obtained. ^The busy-handler is also invoked while waiting for +** database readers as described above. ^If the busy-handler returns 0 before +** the writer lock is obtained or while waiting for database readers, the +** checkpoint operation proceeds from that point in the same way as +** SQLITE_CHECKPOINT_PASSIVE - checkpointing as many frames as possible +** without blocking any further. ^SQLITE_BUSY is returned in this case. +** +** ^If parameter zDb is NULL or points to a zero length string, then the +** specified operation is attempted on all WAL databases [attached] to +** [database connection] db. In this case the +** values written to output parameters *pnLog and *pnCkpt are undefined. ^If +** an SQLITE_BUSY error is encountered when processing one or more of the +** attached WAL databases, the operation is still attempted on any remaining +** attached databases and SQLITE_BUSY is returned at the end. ^If any other +** error occurs while processing an attached database, processing is abandoned +** and the error code is returned to the caller immediately. ^If no error +** (SQLITE_BUSY or otherwise) is encountered while processing the attached +** databases, SQLITE_OK is returned. +** +** ^If database zDb is the name of an attached database that is not in WAL +** mode, SQLITE_OK is returned and both *pnLog and *pnCkpt set to -1. ^If +** zDb is not NULL (or a zero length string) and is not the name of any +** attached database, SQLITE_ERROR is returned to the caller. +** +** ^Unless it returns SQLITE_MISUSE, +** the sqlite3_wal_checkpoint_v2() interface +** sets the error information that is queried by +** [sqlite3_errcode()] and [sqlite3_errmsg()]. +** +** ^The [PRAGMA wal_checkpoint] command can be used to invoke this interface +** from SQL. +*/ +SQLITE_API int sqlite3_wal_checkpoint_v2( + sqlite3 *db, /* Database handle */ + const char *zDb, /* Name of attached database (or NULL) */ + int eMode, /* SQLITE_CHECKPOINT_* value */ + int *pnLog, /* OUT: Size of WAL log in frames */ + int *pnCkpt /* OUT: Total number of frames checkpointed */ +); + +/* +** CAPI3REF: Checkpoint Mode Values +** KEYWORDS: {checkpoint mode} +** +** These constants define all valid values for the "checkpoint mode" passed +** as the third parameter to the [sqlite3_wal_checkpoint_v2()] interface. +** See the [sqlite3_wal_checkpoint_v2()] documentation for details on the +** meaning of each of these checkpoint modes. +*/ +#define SQLITE_CHECKPOINT_PASSIVE 0 /* Do as much as possible w/o blocking */ +#define SQLITE_CHECKPOINT_FULL 1 /* Wait for writers, then checkpoint */ +#define SQLITE_CHECKPOINT_RESTART 2 /* Like FULL but wait for for readers */ +#define SQLITE_CHECKPOINT_TRUNCATE 3 /* Like RESTART but also truncate WAL */ + +/* +** CAPI3REF: Virtual Table Interface Configuration +** +** This function may be called by either the [xConnect] or [xCreate] method +** of a [virtual table] implementation to configure +** various facets of the virtual table interface. +** +** If this interface is invoked outside the context of an xConnect or +** xCreate virtual table method then the behavior is undefined. +** +** At present, there is only one option that may be configured using +** this function. (See [SQLITE_VTAB_CONSTRAINT_SUPPORT].) Further options +** may be added in the future. +*/ +SQLITE_API int sqlite3_vtab_config(sqlite3*, int op, ...); + +/* +** CAPI3REF: Virtual Table Configuration Options +** +** These macros define the various options to the +** [sqlite3_vtab_config()] interface that [virtual table] implementations +** can use to customize and optimize their behavior. +** +**
+**
SQLITE_VTAB_CONSTRAINT_SUPPORT +**
Calls of the form +** [sqlite3_vtab_config](db,SQLITE_VTAB_CONSTRAINT_SUPPORT,X) are supported, +** where X is an integer. If X is zero, then the [virtual table] whose +** [xCreate] or [xConnect] method invoked [sqlite3_vtab_config()] does not +** support constraints. In this configuration (which is the default) if +** a call to the [xUpdate] method returns [SQLITE_CONSTRAINT], then the entire +** statement is rolled back as if [ON CONFLICT | OR ABORT] had been +** specified as part of the users SQL statement, regardless of the actual +** ON CONFLICT mode specified. +** +** If X is non-zero, then the virtual table implementation guarantees +** that if [xUpdate] returns [SQLITE_CONSTRAINT], it will do so before +** any modifications to internal or persistent data structures have been made. +** If the [ON CONFLICT] mode is ABORT, FAIL, IGNORE or ROLLBACK, SQLite +** is able to roll back a statement or database transaction, and abandon +** or continue processing the current SQL statement as appropriate. +** If the ON CONFLICT mode is REPLACE and the [xUpdate] method returns +** [SQLITE_CONSTRAINT], SQLite handles this as if the ON CONFLICT mode +** had been ABORT. +** +** Virtual table implementations that are required to handle OR REPLACE +** must do so within the [xUpdate] method. If a call to the +** [sqlite3_vtab_on_conflict()] function indicates that the current ON +** CONFLICT policy is REPLACE, the virtual table implementation should +** silently replace the appropriate rows within the xUpdate callback and +** return SQLITE_OK. Or, if this is not possible, it may return +** SQLITE_CONSTRAINT, in which case SQLite falls back to OR ABORT +** constraint handling. +**
+*/ +#define SQLITE_VTAB_CONSTRAINT_SUPPORT 1 + +/* +** CAPI3REF: Determine The Virtual Table Conflict Policy +** +** This function may only be called from within a call to the [xUpdate] method +** of a [virtual table] implementation for an INSERT or UPDATE operation. ^The +** value returned is one of [SQLITE_ROLLBACK], [SQLITE_IGNORE], [SQLITE_FAIL], +** [SQLITE_ABORT], or [SQLITE_REPLACE], according to the [ON CONFLICT] mode +** of the SQL statement that triggered the call to the [xUpdate] method of the +** [virtual table]. +*/ +SQLITE_API int sqlite3_vtab_on_conflict(sqlite3 *); + +/* +** CAPI3REF: Conflict resolution modes +** KEYWORDS: {conflict resolution mode} +** +** These constants are returned by [sqlite3_vtab_on_conflict()] to +** inform a [virtual table] implementation what the [ON CONFLICT] mode +** is for the SQL statement being evaluated. +** +** Note that the [SQLITE_IGNORE] constant is also used as a potential +** return value from the [sqlite3_set_authorizer()] callback and that +** [SQLITE_ABORT] is also a [result code]. +*/ +#define SQLITE_ROLLBACK 1 +/* #define SQLITE_IGNORE 2 // Also used by sqlite3_authorizer() callback */ +#define SQLITE_FAIL 3 +/* #define SQLITE_ABORT 4 // Also an error code */ +#define SQLITE_REPLACE 5 + +/* +** CAPI3REF: Prepared Statement Scan Status Opcodes +** KEYWORDS: {scanstatus options} +** +** The following constants can be used for the T parameter to the +** [sqlite3_stmt_scanstatus(S,X,T,V)] interface. Each constant designates a +** different metric for sqlite3_stmt_scanstatus() to return. +** +** When the value returned to V is a string, space to hold that string is +** managed by the prepared statement S and will be automatically freed when +** S is finalized. +** +**
+** [[SQLITE_SCANSTAT_NLOOP]]
SQLITE_SCANSTAT_NLOOP
+**
^The [sqlite3_int64] variable pointed to by the T parameter will be +** set to the total number of times that the X-th loop has run.
+** +** [[SQLITE_SCANSTAT_NVISIT]]
SQLITE_SCANSTAT_NVISIT
+**
^The [sqlite3_int64] variable pointed to by the T parameter will be set +** to the total number of rows examined by all iterations of the X-th loop.
+** +** [[SQLITE_SCANSTAT_EST]]
SQLITE_SCANSTAT_EST
+**
^The "double" variable pointed to by the T parameter will be set to the +** query planner's estimate for the average number of rows output from each +** iteration of the X-th loop. If the query planner's estimates was accurate, +** then this value will approximate the quotient NVISIT/NLOOP and the +** product of this value for all prior loops with the same SELECTID will +** be the NLOOP value for the current loop. +** +** [[SQLITE_SCANSTAT_NAME]]
SQLITE_SCANSTAT_NAME
+**
^The "const char *" variable pointed to by the T parameter will be set +** to a zero-terminated UTF-8 string containing the name of the index or table +** used for the X-th loop. +** +** [[SQLITE_SCANSTAT_EXPLAIN]]
SQLITE_SCANSTAT_EXPLAIN
+**
^The "const char *" variable pointed to by the T parameter will be set +** to a zero-terminated UTF-8 string containing the [EXPLAIN QUERY PLAN] +** description for the X-th loop. +** +** [[SQLITE_SCANSTAT_SELECTID]]
SQLITE_SCANSTAT_SELECT
+**
^The "int" variable pointed to by the T parameter will be set to the +** "select-id" for the X-th loop. The select-id identifies which query or +** subquery the loop is part of. The main query has a select-id of zero. +** The select-id is the same value as is output in the first column +** of an [EXPLAIN QUERY PLAN] query. +**
+*/ +#define SQLITE_SCANSTAT_NLOOP 0 +#define SQLITE_SCANSTAT_NVISIT 1 +#define SQLITE_SCANSTAT_EST 2 +#define SQLITE_SCANSTAT_NAME 3 +#define SQLITE_SCANSTAT_EXPLAIN 4 +#define SQLITE_SCANSTAT_SELECTID 5 + +/* +** CAPI3REF: Prepared Statement Scan Status +** METHOD: sqlite3_stmt +** +** This interface returns information about the predicted and measured +** performance for pStmt. Advanced applications can use this +** interface to compare the predicted and the measured performance and +** issue warnings and/or rerun [ANALYZE] if discrepancies are found. +** +** Since this interface is expected to be rarely used, it is only +** available if SQLite is compiled using the [SQLITE_ENABLE_STMT_SCANSTATUS] +** compile-time option. +** +** The "iScanStatusOp" parameter determines which status information to return. +** The "iScanStatusOp" must be one of the [scanstatus options] or the behavior +** of this interface is undefined. +** ^The requested measurement is written into a variable pointed to by +** the "pOut" parameter. +** Parameter "idx" identifies the specific loop to retrieve statistics for. +** Loops are numbered starting from zero. ^If idx is out of range - less than +** zero or greater than or equal to the total number of loops used to implement +** the statement - a non-zero value is returned and the variable that pOut +** points to is unchanged. +** +** ^Statistics might not be available for all loops in all statements. ^In cases +** where there exist loops with no available statistics, this function behaves +** as if the loop did not exist - it returns non-zero and leave the variable +** that pOut points to unchanged. +** +** See also: [sqlite3_stmt_scanstatus_reset()] +*/ +SQLITE_API int sqlite3_stmt_scanstatus( + sqlite3_stmt *pStmt, /* Prepared statement for which info desired */ + int idx, /* Index of loop to report on */ + int iScanStatusOp, /* Information desired. SQLITE_SCANSTAT_* */ + void *pOut /* Result written here */ +); + +/* +** CAPI3REF: Zero Scan-Status Counters +** METHOD: sqlite3_stmt +** +** ^Zero all [sqlite3_stmt_scanstatus()] related event counters. +** +** This API is only available if the library is built with pre-processor +** symbol [SQLITE_ENABLE_STMT_SCANSTATUS] defined. +*/ +SQLITE_API void sqlite3_stmt_scanstatus_reset(sqlite3_stmt*); + +/* +** CAPI3REF: Flush caches to disk mid-transaction +** +** ^If a write-transaction is open on [database connection] D when the +** [sqlite3_db_cacheflush(D)] interface invoked, any dirty +** pages in the pager-cache that are not currently in use are written out +** to disk. A dirty page may be in use if a database cursor created by an +** active SQL statement is reading from it, or if it is page 1 of a database +** file (page 1 is always "in use"). ^The [sqlite3_db_cacheflush(D)] +** interface flushes caches for all schemas - "main", "temp", and +** any [attached] databases. +** +** ^If this function needs to obtain extra database locks before dirty pages +** can be flushed to disk, it does so. ^If those locks cannot be obtained +** immediately and there is a busy-handler callback configured, it is invoked +** in the usual manner. ^If the required lock still cannot be obtained, then +** the database is skipped and an attempt made to flush any dirty pages +** belonging to the next (if any) database. ^If any databases are skipped +** because locks cannot be obtained, but no other error occurs, this +** function returns SQLITE_BUSY. +** +** ^If any other error occurs while flushing dirty pages to disk (for +** example an IO error or out-of-memory condition), then processing is +** abandoned and an SQLite [error code] is returned to the caller immediately. +** +** ^Otherwise, if no error occurs, [sqlite3_db_cacheflush()] returns SQLITE_OK. +** +** ^This function does not set the database handle error code or message +** returned by the [sqlite3_errcode()] and [sqlite3_errmsg()] functions. +*/ +SQLITE_API int sqlite3_db_cacheflush(sqlite3*); + +/* +** CAPI3REF: The pre-update hook. +** +** ^These interfaces are only available if SQLite is compiled using the +** [SQLITE_ENABLE_PREUPDATE_HOOK] compile-time option. +** +** ^The [sqlite3_preupdate_hook()] interface registers a callback function +** that is invoked prior to each [INSERT], [UPDATE], and [DELETE] operation +** on a [rowid table]. +** ^At most one preupdate hook may be registered at a time on a single +** [database connection]; each call to [sqlite3_preupdate_hook()] overrides +** the previous setting. +** ^The preupdate hook is disabled by invoking [sqlite3_preupdate_hook()] +** with a NULL pointer as the second parameter. +** ^The third parameter to [sqlite3_preupdate_hook()] is passed through as +** the first parameter to callbacks. +** +** ^The preupdate hook only fires for changes to [rowid tables]; the preupdate +** hook is not invoked for changes to [virtual tables] or [WITHOUT ROWID] +** tables. +** +** ^The second parameter to the preupdate callback is a pointer to +** the [database connection] that registered the preupdate hook. +** ^The third parameter to the preupdate callback is one of the constants +** [SQLITE_INSERT], [SQLITE_DELETE], or [SQLITE_UPDATE] to identify the +** kind of update operation that is about to occur. +** ^(The fourth parameter to the preupdate callback is the name of the +** database within the database connection that is being modified. This +** will be "main" for the main database or "temp" for TEMP tables or +** the name given after the AS keyword in the [ATTACH] statement for attached +** databases.)^ +** ^The fifth parameter to the preupdate callback is the name of the +** table that is being modified. +** ^The sixth parameter to the preupdate callback is the initial [rowid] of the +** row being changes for SQLITE_UPDATE and SQLITE_DELETE changes and is +** undefined for SQLITE_INSERT changes. +** ^The seventh parameter to the preupdate callback is the final [rowid] of +** the row being changed for SQLITE_UPDATE and SQLITE_INSERT changes and is +** undefined for SQLITE_DELETE changes. +** +** The [sqlite3_preupdate_old()], [sqlite3_preupdate_new()], +** [sqlite3_preupdate_count()], and [sqlite3_preupdate_depth()] interfaces +** provide additional information about a preupdate event. These routines +** may only be called from within a preupdate callback. Invoking any of +** these routines from outside of a preupdate callback or with a +** [database connection] pointer that is different from the one supplied +** to the preupdate callback results in undefined and probably undesirable +** behavior. +** +** ^The [sqlite3_preupdate_count(D)] interface returns the number of columns +** in the row that is being inserted, updated, or deleted. +** +** ^The [sqlite3_preupdate_old(D,N,P)] interface writes into P a pointer to +** a [protected sqlite3_value] that contains the value of the Nth column of +** the table row before it is updated. The N parameter must be between 0 +** and one less than the number of columns or the behavior will be +** undefined. This must only be used within SQLITE_UPDATE and SQLITE_DELETE +** preupdate callbacks; if it is used by an SQLITE_INSERT callback then the +** behavior is undefined. The [sqlite3_value] that P points to +** will be destroyed when the preupdate callback returns. +** +** ^The [sqlite3_preupdate_new(D,N,P)] interface writes into P a pointer to +** a [protected sqlite3_value] that contains the value of the Nth column of +** the table row after it is updated. The N parameter must be between 0 +** and one less than the number of columns or the behavior will be +** undefined. This must only be used within SQLITE_INSERT and SQLITE_UPDATE +** preupdate callbacks; if it is used by an SQLITE_DELETE callback then the +** behavior is undefined. The [sqlite3_value] that P points to +** will be destroyed when the preupdate callback returns. +** +** ^The [sqlite3_preupdate_depth(D)] interface returns 0 if the preupdate +** callback was invoked as a result of a direct insert, update, or delete +** operation; or 1 for inserts, updates, or deletes invoked by top-level +** triggers; or 2 for changes resulting from triggers called by top-level +** triggers; and so forth. +** +** See also: [sqlite3_update_hook()] +*/ +SQLITE_API SQLITE_EXPERIMENTAL void *sqlite3_preupdate_hook( + sqlite3 *db, + void(*xPreUpdate)( + void *pCtx, /* Copy of third arg to preupdate_hook() */ + sqlite3 *db, /* Database handle */ + int op, /* SQLITE_UPDATE, DELETE or INSERT */ + char const *zDb, /* Database name */ + char const *zName, /* Table name */ + sqlite3_int64 iKey1, /* Rowid of row about to be deleted/updated */ + sqlite3_int64 iKey2 /* New rowid value (for a rowid UPDATE) */ + ), + void* +); +SQLITE_API SQLITE_EXPERIMENTAL int sqlite3_preupdate_old(sqlite3 *, int, sqlite3_value **); +SQLITE_API SQLITE_EXPERIMENTAL int sqlite3_preupdate_count(sqlite3 *); +SQLITE_API SQLITE_EXPERIMENTAL int sqlite3_preupdate_depth(sqlite3 *); +SQLITE_API SQLITE_EXPERIMENTAL int sqlite3_preupdate_new(sqlite3 *, int, sqlite3_value **); + +/* +** CAPI3REF: Low-level system error code +** +** ^Attempt to return the underlying operating system error code or error +** number that caused the most recent I/O error or failure to open a file. +** The return value is OS-dependent. For example, on unix systems, after +** [sqlite3_open_v2()] returns [SQLITE_CANTOPEN], this interface could be +** called to get back the underlying "errno" that caused the problem, such +** as ENOSPC, EAUTH, EISDIR, and so forth. +*/ +SQLITE_API int sqlite3_system_errno(sqlite3*); + +/* +** CAPI3REF: Database Snapshot +** KEYWORDS: {snapshot} +** EXPERIMENTAL +** +** An instance of the snapshot object records the state of a [WAL mode] +** database for some specific point in history. +** +** In [WAL mode], multiple [database connections] that are open on the +** same database file can each be reading a different historical version +** of the database file. When a [database connection] begins a read +** transaction, that connection sees an unchanging copy of the database +** as it existed for the point in time when the transaction first started. +** Subsequent changes to the database from other connections are not seen +** by the reader until a new read transaction is started. +** +** The sqlite3_snapshot object records state information about an historical +** version of the database file so that it is possible to later open a new read +** transaction that sees that historical version of the database rather than +** the most recent version. +** +** The constructor for this object is [sqlite3_snapshot_get()]. The +** [sqlite3_snapshot_open()] method causes a fresh read transaction to refer +** to an historical snapshot (if possible). The destructor for +** sqlite3_snapshot objects is [sqlite3_snapshot_free()]. +*/ +typedef struct sqlite3_snapshot sqlite3_snapshot; + +/* +** CAPI3REF: Record A Database Snapshot +** EXPERIMENTAL +** +** ^The [sqlite3_snapshot_get(D,S,P)] interface attempts to make a +** new [sqlite3_snapshot] object that records the current state of +** schema S in database connection D. ^On success, the +** [sqlite3_snapshot_get(D,S,P)] interface writes a pointer to the newly +** created [sqlite3_snapshot] object into *P and returns SQLITE_OK. +** ^If schema S of [database connection] D is not a [WAL mode] database +** that is in a read transaction, then [sqlite3_snapshot_get(D,S,P)] +** leaves the *P value unchanged and returns an appropriate [error code]. +** +** The [sqlite3_snapshot] object returned from a successful call to +** [sqlite3_snapshot_get()] must be freed using [sqlite3_snapshot_free()] +** to avoid a memory leak. +** +** The [sqlite3_snapshot_get()] interface is only available when the +** SQLITE_ENABLE_SNAPSHOT compile-time option is used. +*/ +SQLITE_API SQLITE_EXPERIMENTAL int sqlite3_snapshot_get( + sqlite3 *db, + const char *zSchema, + sqlite3_snapshot **ppSnapshot +); + +/* +** CAPI3REF: Start a read transaction on an historical snapshot +** EXPERIMENTAL +** +** ^The [sqlite3_snapshot_open(D,S,P)] interface starts a +** read transaction for schema S of +** [database connection] D such that the read transaction +** refers to historical [snapshot] P, rather than the most +** recent change to the database. +** ^The [sqlite3_snapshot_open()] interface returns SQLITE_OK on success +** or an appropriate [error code] if it fails. +** +** ^In order to succeed, a call to [sqlite3_snapshot_open(D,S,P)] must be +** the first operation following the [BEGIN] that takes the schema S +** out of [autocommit mode]. +** ^In other words, schema S must not currently be in +** a transaction for [sqlite3_snapshot_open(D,S,P)] to work, but the +** database connection D must be out of [autocommit mode]. +** ^A [snapshot] will fail to open if it has been overwritten by a +** [checkpoint]. +** ^(A call to [sqlite3_snapshot_open(D,S,P)] will fail if the +** database connection D does not know that the database file for +** schema S is in [WAL mode]. A database connection might not know +** that the database file is in [WAL mode] if there has been no prior +** I/O on that database connection, or if the database entered [WAL mode] +** after the most recent I/O on the database connection.)^ +** (Hint: Run "[PRAGMA application_id]" against a newly opened +** database connection in order to make it ready to use snapshots.) +** +** The [sqlite3_snapshot_open()] interface is only available when the +** SQLITE_ENABLE_SNAPSHOT compile-time option is used. +*/ +SQLITE_API SQLITE_EXPERIMENTAL int sqlite3_snapshot_open( + sqlite3 *db, + const char *zSchema, + sqlite3_snapshot *pSnapshot +); + +/* +** CAPI3REF: Destroy a snapshot +** EXPERIMENTAL +** +** ^The [sqlite3_snapshot_free(P)] interface destroys [sqlite3_snapshot] P. +** The application must eventually free every [sqlite3_snapshot] object +** using this routine to avoid a memory leak. +** +** The [sqlite3_snapshot_free()] interface is only available when the +** SQLITE_ENABLE_SNAPSHOT compile-time option is used. +*/ +SQLITE_API SQLITE_EXPERIMENTAL void sqlite3_snapshot_free(sqlite3_snapshot*); + +/* +** CAPI3REF: Compare the ages of two snapshot handles. +** EXPERIMENTAL +** +** The sqlite3_snapshot_cmp(P1, P2) interface is used to compare the ages +** of two valid snapshot handles. +** +** If the two snapshot handles are not associated with the same database +** file, the result of the comparison is undefined. +** +** Additionally, the result of the comparison is only valid if both of the +** snapshot handles were obtained by calling sqlite3_snapshot_get() since the +** last time the wal file was deleted. The wal file is deleted when the +** database is changed back to rollback mode or when the number of database +** clients drops to zero. If either snapshot handle was obtained before the +** wal file was last deleted, the value returned by this function +** is undefined. +** +** Otherwise, this API returns a negative value if P1 refers to an older +** snapshot than P2, zero if the two handles refer to the same database +** snapshot, and a positive value if P1 is a newer snapshot than P2. +*/ +SQLITE_API SQLITE_EXPERIMENTAL int sqlite3_snapshot_cmp( + sqlite3_snapshot *p1, + sqlite3_snapshot *p2 +); + +/* +** Undo the hack that converts floating point types to integer for +** builds on processors without floating point support. +*/ +#ifdef SQLITE_OMIT_FLOATING_POINT +# undef double +#endif + +#ifdef __cplusplus +} /* End of the 'extern "C"' block */ +#endif +#endif /* SQLITE3_H */ + +/******** Begin file sqlite3rtree.h *********/ +/* +** 2010 August 30 +** +** The author disclaims copyright to this source code. In place of +** a legal notice, here is a blessing: +** +** May you do good and not evil. +** May you find forgiveness for yourself and forgive others. +** May you share freely, never taking more than you give. +** +************************************************************************* +*/ + +#ifndef _SQLITE3RTREE_H_ +#define _SQLITE3RTREE_H_ + + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct sqlite3_rtree_geometry sqlite3_rtree_geometry; +typedef struct sqlite3_rtree_query_info sqlite3_rtree_query_info; + +/* The double-precision datatype used by RTree depends on the +** SQLITE_RTREE_INT_ONLY compile-time option. +*/ +#ifdef SQLITE_RTREE_INT_ONLY + typedef sqlite3_int64 sqlite3_rtree_dbl; +#else + typedef double sqlite3_rtree_dbl; +#endif + +/* +** Register a geometry callback named zGeom that can be used as part of an +** R-Tree geometry query as follows: +** +** SELECT ... FROM WHERE MATCH $zGeom(... params ...) +*/ +SQLITE_API int sqlite3_rtree_geometry_callback( + sqlite3 *db, + const char *zGeom, + int (*xGeom)(sqlite3_rtree_geometry*, int, sqlite3_rtree_dbl*,int*), + void *pContext +); + + +/* +** A pointer to a structure of the following type is passed as the first +** argument to callbacks registered using rtree_geometry_callback(). +*/ +struct sqlite3_rtree_geometry { + void *pContext; /* Copy of pContext passed to s_r_g_c() */ + int nParam; /* Size of array aParam[] */ + sqlite3_rtree_dbl *aParam; /* Parameters passed to SQL geom function */ + void *pUser; /* Callback implementation user data */ + void (*xDelUser)(void *); /* Called by SQLite to clean up pUser */ +}; + +/* +** Register a 2nd-generation geometry callback named zScore that can be +** used as part of an R-Tree geometry query as follows: +** +** SELECT ... FROM WHERE MATCH $zQueryFunc(... params ...) +*/ +SQLITE_API int sqlite3_rtree_query_callback( + sqlite3 *db, + const char *zQueryFunc, + int (*xQueryFunc)(sqlite3_rtree_query_info*), + void *pContext, + void (*xDestructor)(void*) +); + + +/* +** A pointer to a structure of the following type is passed as the +** argument to scored geometry callback registered using +** sqlite3_rtree_query_callback(). +** +** Note that the first 5 fields of this structure are identical to +** sqlite3_rtree_geometry. This structure is a subclass of +** sqlite3_rtree_geometry. +*/ +struct sqlite3_rtree_query_info { + void *pContext; /* pContext from when function registered */ + int nParam; /* Number of function parameters */ + sqlite3_rtree_dbl *aParam; /* value of function parameters */ + void *pUser; /* callback can use this, if desired */ + void (*xDelUser)(void*); /* function to free pUser */ + sqlite3_rtree_dbl *aCoord; /* Coordinates of node or entry to check */ + unsigned int *anQueue; /* Number of pending entries in the queue */ + int nCoord; /* Number of coordinates */ + int iLevel; /* Level of current node or entry */ + int mxLevel; /* The largest iLevel value in the tree */ + sqlite3_int64 iRowid; /* Rowid for current entry */ + sqlite3_rtree_dbl rParentScore; /* Score of parent node */ + int eParentWithin; /* Visibility of parent node */ + int eWithin; /* OUT: Visiblity */ + sqlite3_rtree_dbl rScore; /* OUT: Write the score here */ + /* The following fields are only available in 3.8.11 and later */ + sqlite3_value **apSqlParam; /* Original SQL values of parameters */ +}; + +/* +** Allowed values for sqlite3_rtree_query.eWithin and .eParentWithin. +*/ +#define NOT_WITHIN 0 /* Object completely outside of query region */ +#define PARTLY_WITHIN 1 /* Object partially overlaps query region */ +#define FULLY_WITHIN 2 /* Object fully contained within query region */ + + +#ifdef __cplusplus +} /* end of the 'extern "C"' block */ +#endif + +#endif /* ifndef _SQLITE3RTREE_H_ */ + +/******** End of sqlite3rtree.h *********/ +/******** Begin file sqlite3session.h *********/ + +#if !defined(__SQLITESESSION_H_) && defined(SQLITE_ENABLE_SESSION) +#define __SQLITESESSION_H_ 1 + +/* +** Make sure we can call this stuff from C++. +*/ +#ifdef __cplusplus +extern "C" { +#endif + + +/* +** CAPI3REF: Session Object Handle +*/ +typedef struct sqlite3_session sqlite3_session; + +/* +** CAPI3REF: Changeset Iterator Handle +*/ +typedef struct sqlite3_changeset_iter sqlite3_changeset_iter; + +/* +** CAPI3REF: Create A New Session Object +** +** Create a new session object attached to database handle db. If successful, +** a pointer to the new object is written to *ppSession and SQLITE_OK is +** returned. If an error occurs, *ppSession is set to NULL and an SQLite +** error code (e.g. SQLITE_NOMEM) is returned. +** +** It is possible to create multiple session objects attached to a single +** database handle. +** +** Session objects created using this function should be deleted using the +** [sqlite3session_delete()] function before the database handle that they +** are attached to is itself closed. If the database handle is closed before +** the session object is deleted, then the results of calling any session +** module function, including [sqlite3session_delete()] on the session object +** are undefined. +** +** Because the session module uses the [sqlite3_preupdate_hook()] API, it +** is not possible for an application to register a pre-update hook on a +** database handle that has one or more session objects attached. Nor is +** it possible to create a session object attached to a database handle for +** which a pre-update hook is already defined. The results of attempting +** either of these things are undefined. +** +** The session object will be used to create changesets for tables in +** database zDb, where zDb is either "main", or "temp", or the name of an +** attached database. It is not an error if database zDb is not attached +** to the database when the session object is created. +*/ +int sqlite3session_create( + sqlite3 *db, /* Database handle */ + const char *zDb, /* Name of db (e.g. "main") */ + sqlite3_session **ppSession /* OUT: New session object */ +); + +/* +** CAPI3REF: Delete A Session Object +** +** Delete a session object previously allocated using +** [sqlite3session_create()]. Once a session object has been deleted, the +** results of attempting to use pSession with any other session module +** function are undefined. +** +** Session objects must be deleted before the database handle to which they +** are attached is closed. Refer to the documentation for +** [sqlite3session_create()] for details. +*/ +void sqlite3session_delete(sqlite3_session *pSession); + + +/* +** CAPI3REF: Enable Or Disable A Session Object +** +** Enable or disable the recording of changes by a session object. When +** enabled, a session object records changes made to the database. When +** disabled - it does not. A newly created session object is enabled. +** Refer to the documentation for [sqlite3session_changeset()] for further +** details regarding how enabling and disabling a session object affects +** the eventual changesets. +** +** Passing zero to this function disables the session. Passing a value +** greater than zero enables it. Passing a value less than zero is a +** no-op, and may be used to query the current state of the session. +** +** The return value indicates the final state of the session object: 0 if +** the session is disabled, or 1 if it is enabled. +*/ +int sqlite3session_enable(sqlite3_session *pSession, int bEnable); + +/* +** CAPI3REF: Set Or Clear the Indirect Change Flag +** +** Each change recorded by a session object is marked as either direct or +** indirect. A change is marked as indirect if either: +** +**
    +**
  • The session object "indirect" flag is set when the change is +** made, or +**
  • The change is made by an SQL trigger or foreign key action +** instead of directly as a result of a users SQL statement. +**
+** +** If a single row is affected by more than one operation within a session, +** then the change is considered indirect if all operations meet the criteria +** for an indirect change above, or direct otherwise. +** +** This function is used to set, clear or query the session object indirect +** flag. If the second argument passed to this function is zero, then the +** indirect flag is cleared. If it is greater than zero, the indirect flag +** is set. Passing a value less than zero does not modify the current value +** of the indirect flag, and may be used to query the current state of the +** indirect flag for the specified session object. +** +** The return value indicates the final state of the indirect flag: 0 if +** it is clear, or 1 if it is set. +*/ +int sqlite3session_indirect(sqlite3_session *pSession, int bIndirect); + +/* +** CAPI3REF: Attach A Table To A Session Object +** +** If argument zTab is not NULL, then it is the name of a table to attach +** to the session object passed as the first argument. All subsequent changes +** made to the table while the session object is enabled will be recorded. See +** documentation for [sqlite3session_changeset()] for further details. +** +** Or, if argument zTab is NULL, then changes are recorded for all tables +** in the database. If additional tables are added to the database (by +** executing "CREATE TABLE" statements) after this call is made, changes for +** the new tables are also recorded. +** +** Changes can only be recorded for tables that have a PRIMARY KEY explicitly +** defined as part of their CREATE TABLE statement. It does not matter if the +** PRIMARY KEY is an "INTEGER PRIMARY KEY" (rowid alias) or not. The PRIMARY +** KEY may consist of a single column, or may be a composite key. +** +** It is not an error if the named table does not exist in the database. Nor +** is it an error if the named table does not have a PRIMARY KEY. However, +** no changes will be recorded in either of these scenarios. +** +** Changes are not recorded for individual rows that have NULL values stored +** in one or more of their PRIMARY KEY columns. +** +** SQLITE_OK is returned if the call completes without error. Or, if an error +** occurs, an SQLite error code (e.g. SQLITE_NOMEM) is returned. +*/ +int sqlite3session_attach( + sqlite3_session *pSession, /* Session object */ + const char *zTab /* Table name */ +); + +/* +** CAPI3REF: Set a table filter on a Session Object. +** +** The second argument (xFilter) is the "filter callback". For changes to rows +** in tables that are not attached to the Session object, the filter is called +** to determine whether changes to the table's rows should be tracked or not. +** If xFilter returns 0, changes is not tracked. Note that once a table is +** attached, xFilter will not be called again. +*/ +void sqlite3session_table_filter( + sqlite3_session *pSession, /* Session object */ + int(*xFilter)( + void *pCtx, /* Copy of third arg to _filter_table() */ + const char *zTab /* Table name */ + ), + void *pCtx /* First argument passed to xFilter */ +); + +/* +** CAPI3REF: Generate A Changeset From A Session Object +** +** Obtain a changeset containing changes to the tables attached to the +** session object passed as the first argument. If successful, +** set *ppChangeset to point to a buffer containing the changeset +** and *pnChangeset to the size of the changeset in bytes before returning +** SQLITE_OK. If an error occurs, set both *ppChangeset and *pnChangeset to +** zero and return an SQLite error code. +** +** A changeset consists of zero or more INSERT, UPDATE and/or DELETE changes, +** each representing a change to a single row of an attached table. An INSERT +** change contains the values of each field of a new database row. A DELETE +** contains the original values of each field of a deleted database row. An +** UPDATE change contains the original values of each field of an updated +** database row along with the updated values for each updated non-primary-key +** column. It is not possible for an UPDATE change to represent a change that +** modifies the values of primary key columns. If such a change is made, it +** is represented in a changeset as a DELETE followed by an INSERT. +** +** Changes are not recorded for rows that have NULL values stored in one or +** more of their PRIMARY KEY columns. If such a row is inserted or deleted, +** no corresponding change is present in the changesets returned by this +** function. If an existing row with one or more NULL values stored in +** PRIMARY KEY columns is updated so that all PRIMARY KEY columns are non-NULL, +** only an INSERT is appears in the changeset. Similarly, if an existing row +** with non-NULL PRIMARY KEY values is updated so that one or more of its +** PRIMARY KEY columns are set to NULL, the resulting changeset contains a +** DELETE change only. +** +** The contents of a changeset may be traversed using an iterator created +** using the [sqlite3changeset_start()] API. A changeset may be applied to +** a database with a compatible schema using the [sqlite3changeset_apply()] +** API. +** +** Within a changeset generated by this function, all changes related to a +** single table are grouped together. In other words, when iterating through +** a changeset or when applying a changeset to a database, all changes related +** to a single table are processed before moving on to the next table. Tables +** are sorted in the same order in which they were attached (or auto-attached) +** to the sqlite3_session object. The order in which the changes related to +** a single table are stored is undefined. +** +** Following a successful call to this function, it is the responsibility of +** the caller to eventually free the buffer that *ppChangeset points to using +** [sqlite3_free()]. +** +**

Changeset Generation

+** +** Once a table has been attached to a session object, the session object +** records the primary key values of all new rows inserted into the table. +** It also records the original primary key and other column values of any +** deleted or updated rows. For each unique primary key value, data is only +** recorded once - the first time a row with said primary key is inserted, +** updated or deleted in the lifetime of the session. +** +** There is one exception to the previous paragraph: when a row is inserted, +** updated or deleted, if one or more of its primary key columns contain a +** NULL value, no record of the change is made. +** +** The session object therefore accumulates two types of records - those +** that consist of primary key values only (created when the user inserts +** a new record) and those that consist of the primary key values and the +** original values of other table columns (created when the users deletes +** or updates a record). +** +** When this function is called, the requested changeset is created using +** both the accumulated records and the current contents of the database +** file. Specifically: +** +**
    +**
  • For each record generated by an insert, the database is queried +** for a row with a matching primary key. If one is found, an INSERT +** change is added to the changeset. If no such row is found, no change +** is added to the changeset. +** +**
  • For each record generated by an update or delete, the database is +** queried for a row with a matching primary key. If such a row is +** found and one or more of the non-primary key fields have been +** modified from their original values, an UPDATE change is added to +** the changeset. Or, if no such row is found in the table, a DELETE +** change is added to the changeset. If there is a row with a matching +** primary key in the database, but all fields contain their original +** values, no change is added to the changeset. +**
+** +** This means, amongst other things, that if a row is inserted and then later +** deleted while a session object is active, neither the insert nor the delete +** will be present in the changeset. Or if a row is deleted and then later a +** row with the same primary key values inserted while a session object is +** active, the resulting changeset will contain an UPDATE change instead of +** a DELETE and an INSERT. +** +** When a session object is disabled (see the [sqlite3session_enable()] API), +** it does not accumulate records when rows are inserted, updated or deleted. +** This may appear to have some counter-intuitive effects if a single row +** is written to more than once during a session. For example, if a row +** is inserted while a session object is enabled, then later deleted while +** the same session object is disabled, no INSERT record will appear in the +** changeset, even though the delete took place while the session was disabled. +** Or, if one field of a row is updated while a session is disabled, and +** another field of the same row is updated while the session is enabled, the +** resulting changeset will contain an UPDATE change that updates both fields. +*/ +int sqlite3session_changeset( + sqlite3_session *pSession, /* Session object */ + int *pnChangeset, /* OUT: Size of buffer at *ppChangeset */ + void **ppChangeset /* OUT: Buffer containing changeset */ +); + +/* +** CAPI3REF: Load The Difference Between Tables Into A Session +** +** If it is not already attached to the session object passed as the first +** argument, this function attaches table zTbl in the same manner as the +** [sqlite3session_attach()] function. If zTbl does not exist, or if it +** does not have a primary key, this function is a no-op (but does not return +** an error). +** +** Argument zFromDb must be the name of a database ("main", "temp" etc.) +** attached to the same database handle as the session object that contains +** a table compatible with the table attached to the session by this function. +** A table is considered compatible if it: +** +**
    +**
  • Has the same name, +**
  • Has the same set of columns declared in the same order, and +**
  • Has the same PRIMARY KEY definition. +**
+** +** If the tables are not compatible, SQLITE_SCHEMA is returned. If the tables +** are compatible but do not have any PRIMARY KEY columns, it is not an error +** but no changes are added to the session object. As with other session +** APIs, tables without PRIMARY KEYs are simply ignored. +** +** This function adds a set of changes to the session object that could be +** used to update the table in database zFrom (call this the "from-table") +** so that its content is the same as the table attached to the session +** object (call this the "to-table"). Specifically: +** +**
    +**
  • For each row (primary key) that exists in the to-table but not in +** the from-table, an INSERT record is added to the session object. +** +**
  • For each row (primary key) that exists in the to-table but not in +** the from-table, a DELETE record is added to the session object. +** +**
  • For each row (primary key) that exists in both tables, but features +** different in each, an UPDATE record is added to the session. +**
+** +** To clarify, if this function is called and then a changeset constructed +** using [sqlite3session_changeset()], then after applying that changeset to +** database zFrom the contents of the two compatible tables would be +** identical. +** +** It an error if database zFrom does not exist or does not contain the +** required compatible table. +** +** If the operation successful, SQLITE_OK is returned. Otherwise, an SQLite +** error code. In this case, if argument pzErrMsg is not NULL, *pzErrMsg +** may be set to point to a buffer containing an English language error +** message. It is the responsibility of the caller to free this buffer using +** sqlite3_free(). +*/ +int sqlite3session_diff( + sqlite3_session *pSession, + const char *zFromDb, + const char *zTbl, + char **pzErrMsg +); + + +/* +** CAPI3REF: Generate A Patchset From A Session Object +** +** The differences between a patchset and a changeset are that: +** +**
    +**
  • DELETE records consist of the primary key fields only. The +** original values of other fields are omitted. +**
  • The original values of any modified fields are omitted from +** UPDATE records. +**
+** +** A patchset blob may be used with up to date versions of all +** sqlite3changeset_xxx API functions except for sqlite3changeset_invert(), +** which returns SQLITE_CORRUPT if it is passed a patchset. Similarly, +** attempting to use a patchset blob with old versions of the +** sqlite3changeset_xxx APIs also provokes an SQLITE_CORRUPT error. +** +** Because the non-primary key "old.*" fields are omitted, no +** SQLITE_CHANGESET_DATA conflicts can be detected or reported if a patchset +** is passed to the sqlite3changeset_apply() API. Other conflict types work +** in the same way as for changesets. +** +** Changes within a patchset are ordered in the same way as for changesets +** generated by the sqlite3session_changeset() function (i.e. all changes for +** a single table are grouped together, tables appear in the order in which +** they were attached to the session object). +*/ +int sqlite3session_patchset( + sqlite3_session *pSession, /* Session object */ + int *pnPatchset, /* OUT: Size of buffer at *ppChangeset */ + void **ppPatchset /* OUT: Buffer containing changeset */ +); + +/* +** CAPI3REF: Test if a changeset has recorded any changes. +** +** Return non-zero if no changes to attached tables have been recorded by +** the session object passed as the first argument. Otherwise, if one or +** more changes have been recorded, return zero. +** +** Even if this function returns zero, it is possible that calling +** [sqlite3session_changeset()] on the session handle may still return a +** changeset that contains no changes. This can happen when a row in +** an attached table is modified and then later on the original values +** are restored. However, if this function returns non-zero, then it is +** guaranteed that a call to sqlite3session_changeset() will return a +** changeset containing zero changes. +*/ +int sqlite3session_isempty(sqlite3_session *pSession); + +/* +** CAPI3REF: Create An Iterator To Traverse A Changeset +** +** Create an iterator used to iterate through the contents of a changeset. +** If successful, *pp is set to point to the iterator handle and SQLITE_OK +** is returned. Otherwise, if an error occurs, *pp is set to zero and an +** SQLite error code is returned. +** +** The following functions can be used to advance and query a changeset +** iterator created by this function: +** +**
    +**
  • [sqlite3changeset_next()] +**
  • [sqlite3changeset_op()] +**
  • [sqlite3changeset_new()] +**
  • [sqlite3changeset_old()] +**
+** +** It is the responsibility of the caller to eventually destroy the iterator +** by passing it to [sqlite3changeset_finalize()]. The buffer containing the +** changeset (pChangeset) must remain valid until after the iterator is +** destroyed. +** +** Assuming the changeset blob was created by one of the +** [sqlite3session_changeset()], [sqlite3changeset_concat()] or +** [sqlite3changeset_invert()] functions, all changes within the changeset +** that apply to a single table are grouped together. This means that when +** an application iterates through a changeset using an iterator created by +** this function, all changes that relate to a single table are visited +** consecutively. There is no chance that the iterator will visit a change +** the applies to table X, then one for table Y, and then later on visit +** another change for table X. +*/ +int sqlite3changeset_start( + sqlite3_changeset_iter **pp, /* OUT: New changeset iterator handle */ + int nChangeset, /* Size of changeset blob in bytes */ + void *pChangeset /* Pointer to blob containing changeset */ +); + + +/* +** CAPI3REF: Advance A Changeset Iterator +** +** This function may only be used with iterators created by function +** [sqlite3changeset_start()]. If it is called on an iterator passed to +** a conflict-handler callback by [sqlite3changeset_apply()], SQLITE_MISUSE +** is returned and the call has no effect. +** +** Immediately after an iterator is created by sqlite3changeset_start(), it +** does not point to any change in the changeset. Assuming the changeset +** is not empty, the first call to this function advances the iterator to +** point to the first change in the changeset. Each subsequent call advances +** the iterator to point to the next change in the changeset (if any). If +** no error occurs and the iterator points to a valid change after a call +** to sqlite3changeset_next() has advanced it, SQLITE_ROW is returned. +** Otherwise, if all changes in the changeset have already been visited, +** SQLITE_DONE is returned. +** +** If an error occurs, an SQLite error code is returned. Possible error +** codes include SQLITE_CORRUPT (if the changeset buffer is corrupt) or +** SQLITE_NOMEM. +*/ +int sqlite3changeset_next(sqlite3_changeset_iter *pIter); + +/* +** CAPI3REF: Obtain The Current Operation From A Changeset Iterator +** +** The pIter argument passed to this function may either be an iterator +** passed to a conflict-handler by [sqlite3changeset_apply()], or an iterator +** created by [sqlite3changeset_start()]. In the latter case, the most recent +** call to [sqlite3changeset_next()] must have returned [SQLITE_ROW]. If this +** is not the case, this function returns [SQLITE_MISUSE]. +** +** If argument pzTab is not NULL, then *pzTab is set to point to a +** nul-terminated utf-8 encoded string containing the name of the table +** affected by the current change. The buffer remains valid until either +** sqlite3changeset_next() is called on the iterator or until the +** conflict-handler function returns. If pnCol is not NULL, then *pnCol is +** set to the number of columns in the table affected by the change. If +** pbIncorrect is not NULL, then *pbIndirect is set to true (1) if the change +** is an indirect change, or false (0) otherwise. See the documentation for +** [sqlite3session_indirect()] for a description of direct and indirect +** changes. Finally, if pOp is not NULL, then *pOp is set to one of +** [SQLITE_INSERT], [SQLITE_DELETE] or [SQLITE_UPDATE], depending on the +** type of change that the iterator currently points to. +** +** If no error occurs, SQLITE_OK is returned. If an error does occur, an +** SQLite error code is returned. The values of the output variables may not +** be trusted in this case. +*/ +int sqlite3changeset_op( + sqlite3_changeset_iter *pIter, /* Iterator object */ + const char **pzTab, /* OUT: Pointer to table name */ + int *pnCol, /* OUT: Number of columns in table */ + int *pOp, /* OUT: SQLITE_INSERT, DELETE or UPDATE */ + int *pbIndirect /* OUT: True for an 'indirect' change */ +); + +/* +** CAPI3REF: Obtain The Primary Key Definition Of A Table +** +** For each modified table, a changeset includes the following: +** +**
    +**
  • The number of columns in the table, and +**
  • Which of those columns make up the tables PRIMARY KEY. +**
+** +** This function is used to find which columns comprise the PRIMARY KEY of +** the table modified by the change that iterator pIter currently points to. +** If successful, *pabPK is set to point to an array of nCol entries, where +** nCol is the number of columns in the table. Elements of *pabPK are set to +** 0x01 if the corresponding column is part of the tables primary key, or +** 0x00 if it is not. +** +** If argument pnCol is not NULL, then *pnCol is set to the number of columns +** in the table. +** +** If this function is called when the iterator does not point to a valid +** entry, SQLITE_MISUSE is returned and the output variables zeroed. Otherwise, +** SQLITE_OK is returned and the output variables populated as described +** above. +*/ +int sqlite3changeset_pk( + sqlite3_changeset_iter *pIter, /* Iterator object */ + unsigned char **pabPK, /* OUT: Array of boolean - true for PK cols */ + int *pnCol /* OUT: Number of entries in output array */ +); + +/* +** CAPI3REF: Obtain old.* Values From A Changeset Iterator +** +** The pIter argument passed to this function may either be an iterator +** passed to a conflict-handler by [sqlite3changeset_apply()], or an iterator +** created by [sqlite3changeset_start()]. In the latter case, the most recent +** call to [sqlite3changeset_next()] must have returned SQLITE_ROW. +** Furthermore, it may only be called if the type of change that the iterator +** currently points to is either [SQLITE_DELETE] or [SQLITE_UPDATE]. Otherwise, +** this function returns [SQLITE_MISUSE] and sets *ppValue to NULL. +** +** Argument iVal must be greater than or equal to 0, and less than the number +** of columns in the table affected by the current change. Otherwise, +** [SQLITE_RANGE] is returned and *ppValue is set to NULL. +** +** If successful, this function sets *ppValue to point to a protected +** sqlite3_value object containing the iVal'th value from the vector of +** original row values stored as part of the UPDATE or DELETE change and +** returns SQLITE_OK. The name of the function comes from the fact that this +** is similar to the "old.*" columns available to update or delete triggers. +** +** If some other error occurs (e.g. an OOM condition), an SQLite error code +** is returned and *ppValue is set to NULL. +*/ +int sqlite3changeset_old( + sqlite3_changeset_iter *pIter, /* Changeset iterator */ + int iVal, /* Column number */ + sqlite3_value **ppValue /* OUT: Old value (or NULL pointer) */ +); + +/* +** CAPI3REF: Obtain new.* Values From A Changeset Iterator +** +** The pIter argument passed to this function may either be an iterator +** passed to a conflict-handler by [sqlite3changeset_apply()], or an iterator +** created by [sqlite3changeset_start()]. In the latter case, the most recent +** call to [sqlite3changeset_next()] must have returned SQLITE_ROW. +** Furthermore, it may only be called if the type of change that the iterator +** currently points to is either [SQLITE_UPDATE] or [SQLITE_INSERT]. Otherwise, +** this function returns [SQLITE_MISUSE] and sets *ppValue to NULL. +** +** Argument iVal must be greater than or equal to 0, and less than the number +** of columns in the table affected by the current change. Otherwise, +** [SQLITE_RANGE] is returned and *ppValue is set to NULL. +** +** If successful, this function sets *ppValue to point to a protected +** sqlite3_value object containing the iVal'th value from the vector of +** new row values stored as part of the UPDATE or INSERT change and +** returns SQLITE_OK. If the change is an UPDATE and does not include +** a new value for the requested column, *ppValue is set to NULL and +** SQLITE_OK returned. The name of the function comes from the fact that +** this is similar to the "new.*" columns available to update or delete +** triggers. +** +** If some other error occurs (e.g. an OOM condition), an SQLite error code +** is returned and *ppValue is set to NULL. +*/ +int sqlite3changeset_new( + sqlite3_changeset_iter *pIter, /* Changeset iterator */ + int iVal, /* Column number */ + sqlite3_value **ppValue /* OUT: New value (or NULL pointer) */ +); + +/* +** CAPI3REF: Obtain Conflicting Row Values From A Changeset Iterator +** +** This function should only be used with iterator objects passed to a +** conflict-handler callback by [sqlite3changeset_apply()] with either +** [SQLITE_CHANGESET_DATA] or [SQLITE_CHANGESET_CONFLICT]. If this function +** is called on any other iterator, [SQLITE_MISUSE] is returned and *ppValue +** is set to NULL. +** +** Argument iVal must be greater than or equal to 0, and less than the number +** of columns in the table affected by the current change. Otherwise, +** [SQLITE_RANGE] is returned and *ppValue is set to NULL. +** +** If successful, this function sets *ppValue to point to a protected +** sqlite3_value object containing the iVal'th value from the +** "conflicting row" associated with the current conflict-handler callback +** and returns SQLITE_OK. +** +** If some other error occurs (e.g. an OOM condition), an SQLite error code +** is returned and *ppValue is set to NULL. +*/ +int sqlite3changeset_conflict( + sqlite3_changeset_iter *pIter, /* Changeset iterator */ + int iVal, /* Column number */ + sqlite3_value **ppValue /* OUT: Value from conflicting row */ +); + +/* +** CAPI3REF: Determine The Number Of Foreign Key Constraint Violations +** +** This function may only be called with an iterator passed to an +** SQLITE_CHANGESET_FOREIGN_KEY conflict handler callback. In this case +** it sets the output variable to the total number of known foreign key +** violations in the destination database and returns SQLITE_OK. +** +** In all other cases this function returns SQLITE_MISUSE. +*/ +int sqlite3changeset_fk_conflicts( + sqlite3_changeset_iter *pIter, /* Changeset iterator */ + int *pnOut /* OUT: Number of FK violations */ +); + + +/* +** CAPI3REF: Finalize A Changeset Iterator +** +** This function is used to finalize an iterator allocated with +** [sqlite3changeset_start()]. +** +** This function should only be called on iterators created using the +** [sqlite3changeset_start()] function. If an application calls this +** function with an iterator passed to a conflict-handler by +** [sqlite3changeset_apply()], [SQLITE_MISUSE] is immediately returned and the +** call has no effect. +** +** If an error was encountered within a call to an sqlite3changeset_xxx() +** function (for example an [SQLITE_CORRUPT] in [sqlite3changeset_next()] or an +** [SQLITE_NOMEM] in [sqlite3changeset_new()]) then an error code corresponding +** to that error is returned by this function. Otherwise, SQLITE_OK is +** returned. This is to allow the following pattern (pseudo-code): +** +** sqlite3changeset_start(); +** while( SQLITE_ROW==sqlite3changeset_next() ){ +** // Do something with change. +** } +** rc = sqlite3changeset_finalize(); +** if( rc!=SQLITE_OK ){ +** // An error has occurred +** } +*/ +int sqlite3changeset_finalize(sqlite3_changeset_iter *pIter); + +/* +** CAPI3REF: Invert A Changeset +** +** This function is used to "invert" a changeset object. Applying an inverted +** changeset to a database reverses the effects of applying the uninverted +** changeset. Specifically: +** +**
    +**
  • Each DELETE change is changed to an INSERT, and +**
  • Each INSERT change is changed to a DELETE, and +**
  • For each UPDATE change, the old.* and new.* values are exchanged. +**
+** +** This function does not change the order in which changes appear within +** the changeset. It merely reverses the sense of each individual change. +** +** If successful, a pointer to a buffer containing the inverted changeset +** is stored in *ppOut, the size of the same buffer is stored in *pnOut, and +** SQLITE_OK is returned. If an error occurs, both *pnOut and *ppOut are +** zeroed and an SQLite error code returned. +** +** It is the responsibility of the caller to eventually call sqlite3_free() +** on the *ppOut pointer to free the buffer allocation following a successful +** call to this function. +** +** WARNING/TODO: This function currently assumes that the input is a valid +** changeset. If it is not, the results are undefined. +*/ +int sqlite3changeset_invert( + int nIn, const void *pIn, /* Input changeset */ + int *pnOut, void **ppOut /* OUT: Inverse of input */ +); + +/* +** CAPI3REF: Concatenate Two Changeset Objects +** +** This function is used to concatenate two changesets, A and B, into a +** single changeset. The result is a changeset equivalent to applying +** changeset A followed by changeset B. +** +** This function combines the two input changesets using an +** sqlite3_changegroup object. Calling it produces similar results as the +** following code fragment: +** +** sqlite3_changegroup *pGrp; +** rc = sqlite3_changegroup_new(&pGrp); +** if( rc==SQLITE_OK ) rc = sqlite3changegroup_add(pGrp, nA, pA); +** if( rc==SQLITE_OK ) rc = sqlite3changegroup_add(pGrp, nB, pB); +** if( rc==SQLITE_OK ){ +** rc = sqlite3changegroup_output(pGrp, pnOut, ppOut); +** }else{ +** *ppOut = 0; +** *pnOut = 0; +** } +** +** Refer to the sqlite3_changegroup documentation below for details. +*/ +int sqlite3changeset_concat( + int nA, /* Number of bytes in buffer pA */ + void *pA, /* Pointer to buffer containing changeset A */ + int nB, /* Number of bytes in buffer pB */ + void *pB, /* Pointer to buffer containing changeset B */ + int *pnOut, /* OUT: Number of bytes in output changeset */ + void **ppOut /* OUT: Buffer containing output changeset */ +); + + +/* +** CAPI3REF: Changegroup Handle +*/ +typedef struct sqlite3_changegroup sqlite3_changegroup; + +/* +** CAPI3REF: Create A New Changegroup Object +** +** An sqlite3_changegroup object is used to combine two or more changesets +** (or patchsets) into a single changeset (or patchset). A single changegroup +** object may combine changesets or patchsets, but not both. The output is +** always in the same format as the input. +** +** If successful, this function returns SQLITE_OK and populates (*pp) with +** a pointer to a new sqlite3_changegroup object before returning. The caller +** should eventually free the returned object using a call to +** sqlite3changegroup_delete(). If an error occurs, an SQLite error code +** (i.e. SQLITE_NOMEM) is returned and *pp is set to NULL. +** +** The usual usage pattern for an sqlite3_changegroup object is as follows: +** +**
    +**
  • It is created using a call to sqlite3changegroup_new(). +** +**
  • Zero or more changesets (or patchsets) are added to the object +** by calling sqlite3changegroup_add(). +** +**
  • The result of combining all input changesets together is obtained +** by the application via a call to sqlite3changegroup_output(). +** +**
  • The object is deleted using a call to sqlite3changegroup_delete(). +**
+** +** Any number of calls to add() and output() may be made between the calls to +** new() and delete(), and in any order. +** +** As well as the regular sqlite3changegroup_add() and +** sqlite3changegroup_output() functions, also available are the streaming +** versions sqlite3changegroup_add_strm() and sqlite3changegroup_output_strm(). +*/ +int sqlite3changegroup_new(sqlite3_changegroup **pp); + +/* +** CAPI3REF: Add A Changeset To A Changegroup +** +** Add all changes within the changeset (or patchset) in buffer pData (size +** nData bytes) to the changegroup. +** +** If the buffer contains a patchset, then all prior calls to this function +** on the same changegroup object must also have specified patchsets. Or, if +** the buffer contains a changeset, so must have the earlier calls to this +** function. Otherwise, SQLITE_ERROR is returned and no changes are added +** to the changegroup. +** +** Rows within the changeset and changegroup are identified by the values in +** their PRIMARY KEY columns. A change in the changeset is considered to +** apply to the same row as a change already present in the changegroup if +** the two rows have the same primary key. +** +** Changes to rows that do not already appear in the changegroup are +** simply copied into it. Or, if both the new changeset and the changegroup +** contain changes that apply to a single row, the final contents of the +** changegroup depends on the type of each change, as follows: +** +** +** +** +**
Existing Change New Change Output Change +**
INSERT INSERT +** The new change is ignored. This case does not occur if the new +** changeset was recorded immediately after the changesets already +** added to the changegroup. +**
INSERT UPDATE +** The INSERT change remains in the changegroup. The values in the +** INSERT change are modified as if the row was inserted by the +** existing change and then updated according to the new change. +**
INSERT DELETE +** The existing INSERT is removed from the changegroup. The DELETE is +** not added. +**
UPDATE INSERT +** The new change is ignored. This case does not occur if the new +** changeset was recorded immediately after the changesets already +** added to the changegroup. +**
UPDATE UPDATE +** The existing UPDATE remains within the changegroup. It is amended +** so that the accompanying values are as if the row was updated once +** by the existing change and then again by the new change. +**
UPDATE DELETE +** The existing UPDATE is replaced by the new DELETE within the +** changegroup. +**
DELETE INSERT +** If one or more of the column values in the row inserted by the +** new change differ from those in the row deleted by the existing +** change, the existing DELETE is replaced by an UPDATE within the +** changegroup. Otherwise, if the inserted row is exactly the same +** as the deleted row, the existing DELETE is simply discarded. +**
DELETE UPDATE +** The new change is ignored. This case does not occur if the new +** changeset was recorded immediately after the changesets already +** added to the changegroup. +**
DELETE DELETE +** The new change is ignored. This case does not occur if the new +** changeset was recorded immediately after the changesets already +** added to the changegroup. +**
+** +** If the new changeset contains changes to a table that is already present +** in the changegroup, then the number of columns and the position of the +** primary key columns for the table must be consistent. If this is not the +** case, this function fails with SQLITE_SCHEMA. If the input changeset +** appears to be corrupt and the corruption is detected, SQLITE_CORRUPT is +** returned. Or, if an out-of-memory condition occurs during processing, this +** function returns SQLITE_NOMEM. In all cases, if an error occurs the +** final contents of the changegroup is undefined. +** +** If no error occurs, SQLITE_OK is returned. +*/ +int sqlite3changegroup_add(sqlite3_changegroup*, int nData, void *pData); + +/* +** CAPI3REF: Obtain A Composite Changeset From A Changegroup +** +** Obtain a buffer containing a changeset (or patchset) representing the +** current contents of the changegroup. If the inputs to the changegroup +** were themselves changesets, the output is a changeset. Or, if the +** inputs were patchsets, the output is also a patchset. +** +** As with the output of the sqlite3session_changeset() and +** sqlite3session_patchset() functions, all changes related to a single +** table are grouped together in the output of this function. Tables appear +** in the same order as for the very first changeset added to the changegroup. +** If the second or subsequent changesets added to the changegroup contain +** changes for tables that do not appear in the first changeset, they are +** appended onto the end of the output changeset, again in the order in +** which they are first encountered. +** +** If an error occurs, an SQLite error code is returned and the output +** variables (*pnData) and (*ppData) are set to 0. Otherwise, SQLITE_OK +** is returned and the output variables are set to the size of and a +** pointer to the output buffer, respectively. In this case it is the +** responsibility of the caller to eventually free the buffer using a +** call to sqlite3_free(). +*/ +int sqlite3changegroup_output( + sqlite3_changegroup*, + int *pnData, /* OUT: Size of output buffer in bytes */ + void **ppData /* OUT: Pointer to output buffer */ +); + +/* +** CAPI3REF: Delete A Changegroup Object +*/ +void sqlite3changegroup_delete(sqlite3_changegroup*); + +/* +** CAPI3REF: Apply A Changeset To A Database +** +** Apply a changeset to a database. This function attempts to update the +** "main" database attached to handle db with the changes found in the +** changeset passed via the second and third arguments. +** +** The fourth argument (xFilter) passed to this function is the "filter +** callback". If it is not NULL, then for each table affected by at least one +** change in the changeset, the filter callback is invoked with +** the table name as the second argument, and a copy of the context pointer +** passed as the sixth argument to this function as the first. If the "filter +** callback" returns zero, then no attempt is made to apply any changes to +** the table. Otherwise, if the return value is non-zero or the xFilter +** argument to this function is NULL, all changes related to the table are +** attempted. +** +** For each table that is not excluded by the filter callback, this function +** tests that the target database contains a compatible table. A table is +** considered compatible if all of the following are true: +** +**
    +**
  • The table has the same name as the name recorded in the +** changeset, and +**
  • The table has the same number of columns as recorded in the +** changeset, and +**
  • The table has primary key columns in the same position as +** recorded in the changeset. +**
+** +** If there is no compatible table, it is not an error, but none of the +** changes associated with the table are applied. A warning message is issued +** via the sqlite3_log() mechanism with the error code SQLITE_SCHEMA. At most +** one such warning is issued for each table in the changeset. +** +** For each change for which there is a compatible table, an attempt is made +** to modify the table contents according to the UPDATE, INSERT or DELETE +** change. If a change cannot be applied cleanly, the conflict handler +** function passed as the fifth argument to sqlite3changeset_apply() may be +** invoked. A description of exactly when the conflict handler is invoked for +** each type of change is below. +** +** Unlike the xFilter argument, xConflict may not be passed NULL. The results +** of passing anything other than a valid function pointer as the xConflict +** argument are undefined. +** +** Each time the conflict handler function is invoked, it must return one +** of [SQLITE_CHANGESET_OMIT], [SQLITE_CHANGESET_ABORT] or +** [SQLITE_CHANGESET_REPLACE]. SQLITE_CHANGESET_REPLACE may only be returned +** if the second argument passed to the conflict handler is either +** SQLITE_CHANGESET_DATA or SQLITE_CHANGESET_CONFLICT. If the conflict-handler +** returns an illegal value, any changes already made are rolled back and +** the call to sqlite3changeset_apply() returns SQLITE_MISUSE. Different +** actions are taken by sqlite3changeset_apply() depending on the value +** returned by each invocation of the conflict-handler function. Refer to +** the documentation for the three +** [SQLITE_CHANGESET_OMIT|available return values] for details. +** +**
+**
DELETE Changes
+** For each DELETE change, this function checks if the target database +** contains a row with the same primary key value (or values) as the +** original row values stored in the changeset. If it does, and the values +** stored in all non-primary key columns also match the values stored in +** the changeset the row is deleted from the target database. +** +** If a row with matching primary key values is found, but one or more of +** the non-primary key fields contains a value different from the original +** row value stored in the changeset, the conflict-handler function is +** invoked with [SQLITE_CHANGESET_DATA] as the second argument. +** +** If no row with matching primary key values is found in the database, +** the conflict-handler function is invoked with [SQLITE_CHANGESET_NOTFOUND] +** passed as the second argument. +** +** If the DELETE operation is attempted, but SQLite returns SQLITE_CONSTRAINT +** (which can only happen if a foreign key constraint is violated), the +** conflict-handler function is invoked with [SQLITE_CHANGESET_CONSTRAINT] +** passed as the second argument. This includes the case where the DELETE +** operation is attempted because an earlier call to the conflict handler +** function returned [SQLITE_CHANGESET_REPLACE]. +** +**
INSERT Changes
+** For each INSERT change, an attempt is made to insert the new row into +** the database. +** +** If the attempt to insert the row fails because the database already +** contains a row with the same primary key values, the conflict handler +** function is invoked with the second argument set to +** [SQLITE_CHANGESET_CONFLICT]. +** +** If the attempt to insert the row fails because of some other constraint +** violation (e.g. NOT NULL or UNIQUE), the conflict handler function is +** invoked with the second argument set to [SQLITE_CHANGESET_CONSTRAINT]. +** This includes the case where the INSERT operation is re-attempted because +** an earlier call to the conflict handler function returned +** [SQLITE_CHANGESET_REPLACE]. +** +**
UPDATE Changes
+** For each UPDATE change, this function checks if the target database +** contains a row with the same primary key value (or values) as the +** original row values stored in the changeset. If it does, and the values +** stored in all non-primary key columns also match the values stored in +** the changeset the row is updated within the target database. +** +** If a row with matching primary key values is found, but one or more of +** the non-primary key fields contains a value different from an original +** row value stored in the changeset, the conflict-handler function is +** invoked with [SQLITE_CHANGESET_DATA] as the second argument. Since +** UPDATE changes only contain values for non-primary key fields that are +** to be modified, only those fields need to match the original values to +** avoid the SQLITE_CHANGESET_DATA conflict-handler callback. +** +** If no row with matching primary key values is found in the database, +** the conflict-handler function is invoked with [SQLITE_CHANGESET_NOTFOUND] +** passed as the second argument. +** +** If the UPDATE operation is attempted, but SQLite returns +** SQLITE_CONSTRAINT, the conflict-handler function is invoked with +** [SQLITE_CHANGESET_CONSTRAINT] passed as the second argument. +** This includes the case where the UPDATE operation is attempted after +** an earlier call to the conflict handler function returned +** [SQLITE_CHANGESET_REPLACE]. +**
+** +** It is safe to execute SQL statements, including those that write to the +** table that the callback related to, from within the xConflict callback. +** This can be used to further customize the applications conflict +** resolution strategy. +** +** All changes made by this function are enclosed in a savepoint transaction. +** If any other error (aside from a constraint failure when attempting to +** write to the target database) occurs, then the savepoint transaction is +** rolled back, restoring the target database to its original state, and an +** SQLite error code returned. +*/ +int sqlite3changeset_apply( + sqlite3 *db, /* Apply change to "main" db of this handle */ + int nChangeset, /* Size of changeset in bytes */ + void *pChangeset, /* Changeset blob */ + int(*xFilter)( + void *pCtx, /* Copy of sixth arg to _apply() */ + const char *zTab /* Table name */ + ), + int(*xConflict)( + void *pCtx, /* Copy of sixth arg to _apply() */ + int eConflict, /* DATA, MISSING, CONFLICT, CONSTRAINT */ + sqlite3_changeset_iter *p /* Handle describing change and conflict */ + ), + void *pCtx /* First argument passed to xConflict */ +); + +/* +** CAPI3REF: Constants Passed To The Conflict Handler +** +** Values that may be passed as the second argument to a conflict-handler. +** +**
+**
SQLITE_CHANGESET_DATA
+** The conflict handler is invoked with CHANGESET_DATA as the second argument +** when processing a DELETE or UPDATE change if a row with the required +** PRIMARY KEY fields is present in the database, but one or more other +** (non primary-key) fields modified by the update do not contain the +** expected "before" values. +** +** The conflicting row, in this case, is the database row with the matching +** primary key. +** +**
SQLITE_CHANGESET_NOTFOUND
+** The conflict handler is invoked with CHANGESET_NOTFOUND as the second +** argument when processing a DELETE or UPDATE change if a row with the +** required PRIMARY KEY fields is not present in the database. +** +** There is no conflicting row in this case. The results of invoking the +** sqlite3changeset_conflict() API are undefined. +** +**
SQLITE_CHANGESET_CONFLICT
+** CHANGESET_CONFLICT is passed as the second argument to the conflict +** handler while processing an INSERT change if the operation would result +** in duplicate primary key values. +** +** The conflicting row in this case is the database row with the matching +** primary key. +** +**
SQLITE_CHANGESET_FOREIGN_KEY
+** If foreign key handling is enabled, and applying a changeset leaves the +** database in a state containing foreign key violations, the conflict +** handler is invoked with CHANGESET_FOREIGN_KEY as the second argument +** exactly once before the changeset is committed. If the conflict handler +** returns CHANGESET_OMIT, the changes, including those that caused the +** foreign key constraint violation, are committed. Or, if it returns +** CHANGESET_ABORT, the changeset is rolled back. +** +** No current or conflicting row information is provided. The only function +** it is possible to call on the supplied sqlite3_changeset_iter handle +** is sqlite3changeset_fk_conflicts(). +** +**
SQLITE_CHANGESET_CONSTRAINT
+** If any other constraint violation occurs while applying a change (i.e. +** a UNIQUE, CHECK or NOT NULL constraint), the conflict handler is +** invoked with CHANGESET_CONSTRAINT as the second argument. +** +** There is no conflicting row in this case. The results of invoking the +** sqlite3changeset_conflict() API are undefined. +** +**
+*/ +#define SQLITE_CHANGESET_DATA 1 +#define SQLITE_CHANGESET_NOTFOUND 2 +#define SQLITE_CHANGESET_CONFLICT 3 +#define SQLITE_CHANGESET_CONSTRAINT 4 +#define SQLITE_CHANGESET_FOREIGN_KEY 5 + +/* +** CAPI3REF: Constants Returned By The Conflict Handler +** +** A conflict handler callback must return one of the following three values. +** +**
+**
SQLITE_CHANGESET_OMIT
+** If a conflict handler returns this value no special action is taken. The +** change that caused the conflict is not applied. The session module +** continues to the next change in the changeset. +** +**
SQLITE_CHANGESET_REPLACE
+** This value may only be returned if the second argument to the conflict +** handler was SQLITE_CHANGESET_DATA or SQLITE_CHANGESET_CONFLICT. If this +** is not the case, any changes applied so far are rolled back and the +** call to sqlite3changeset_apply() returns SQLITE_MISUSE. +** +** If CHANGESET_REPLACE is returned by an SQLITE_CHANGESET_DATA conflict +** handler, then the conflicting row is either updated or deleted, depending +** on the type of change. +** +** If CHANGESET_REPLACE is returned by an SQLITE_CHANGESET_CONFLICT conflict +** handler, then the conflicting row is removed from the database and a +** second attempt to apply the change is made. If this second attempt fails, +** the original row is restored to the database before continuing. +** +**
SQLITE_CHANGESET_ABORT
+** If this value is returned, any changes applied so far are rolled back +** and the call to sqlite3changeset_apply() returns SQLITE_ABORT. +**
+*/ +#define SQLITE_CHANGESET_OMIT 0 +#define SQLITE_CHANGESET_REPLACE 1 +#define SQLITE_CHANGESET_ABORT 2 + +/* +** CAPI3REF: Streaming Versions of API functions. +** +** The six streaming API xxx_strm() functions serve similar purposes to the +** corresponding non-streaming API functions: +** +** +** +**
Streaming functionNon-streaming equivalent
sqlite3changeset_apply_str[sqlite3changeset_apply] +**
sqlite3changeset_concat_str[sqlite3changeset_concat] +**
sqlite3changeset_invert_str[sqlite3changeset_invert] +**
sqlite3changeset_start_str[sqlite3changeset_start] +**
sqlite3session_changeset_str[sqlite3session_changeset] +**
sqlite3session_patchset_str[sqlite3session_patchset] +**
+** +** Non-streaming functions that accept changesets (or patchsets) as input +** require that the entire changeset be stored in a single buffer in memory. +** Similarly, those that return a changeset or patchset do so by returning +** a pointer to a single large buffer allocated using sqlite3_malloc(). +** Normally this is convenient. However, if an application running in a +** low-memory environment is required to handle very large changesets, the +** large contiguous memory allocations required can become onerous. +** +** In order to avoid this problem, instead of a single large buffer, input +** is passed to a streaming API functions by way of a callback function that +** the sessions module invokes to incrementally request input data as it is +** required. In all cases, a pair of API function parameters such as +** +** 
+**        int nChangeset,
+**        void *pChangeset,
+**
+** +** Is replaced by: +** +** 
+**        int (*xInput)(void *pIn, void *pData, int *pnData),
+**        void *pIn,
+**
+** +** Each time the xInput callback is invoked by the sessions module, the first +** argument passed is a copy of the supplied pIn context pointer. The second +** argument, pData, points to a buffer (*pnData) bytes in size. Assuming no +** error occurs the xInput method should copy up to (*pnData) bytes of data +** into the buffer and set (*pnData) to the actual number of bytes copied +** before returning SQLITE_OK. If the input is completely exhausted, (*pnData) +** should be set to zero to indicate this. Or, if an error occurs, an SQLite +** error code should be returned. In all cases, if an xInput callback returns +** an error, all processing is abandoned and the streaming API function +** returns a copy of the error code to the caller. +** +** In the case of sqlite3changeset_start_strm(), the xInput callback may be +** invoked by the sessions module at any point during the lifetime of the +** iterator. If such an xInput callback returns an error, the iterator enters +** an error state, whereby all subsequent calls to iterator functions +** immediately fail with the same error code as returned by xInput. +** +** Similarly, streaming API functions that return changesets (or patchsets) +** return them in chunks by way of a callback function instead of via a +** pointer to a single large buffer. In this case, a pair of parameters such +** as: +** +** 
+**        int *pnChangeset,
+**        void **ppChangeset,
+**
+** +** Is replaced by: +** +** 
+**        int (*xOutput)(void *pOut, const void *pData, int nData),
+**        void *pOut
+**
+** +** The xOutput callback is invoked zero or more times to return data to +** the application. The first parameter passed to each call is a copy of the +** pOut pointer supplied by the application. The second parameter, pData, +** points to a buffer nData bytes in size containing the chunk of output +** data being returned. If the xOutput callback successfully processes the +** supplied data, it should return SQLITE_OK to indicate success. Otherwise, +** it should return some other SQLite error code. In this case processing +** is immediately abandoned and the streaming API function returns a copy +** of the xOutput error code to the application. +** +** The sessions module never invokes an xOutput callback with the third +** parameter set to a value less than or equal to zero. Other than this, +** no guarantees are made as to the size of the chunks of data returned. +*/ +int sqlite3changeset_apply_strm( + sqlite3 *db, /* Apply change to "main" db of this handle */ + int (*xInput)(void *pIn, void *pData, int *pnData), /* Input function */ + void *pIn, /* First arg for xInput */ + int(*xFilter)( + void *pCtx, /* Copy of sixth arg to _apply() */ + const char *zTab /* Table name */ + ), + int(*xConflict)( + void *pCtx, /* Copy of sixth arg to _apply() */ + int eConflict, /* DATA, MISSING, CONFLICT, CONSTRAINT */ + sqlite3_changeset_iter *p /* Handle describing change and conflict */ + ), + void *pCtx /* First argument passed to xConflict */ +); +int sqlite3changeset_concat_strm( + int (*xInputA)(void *pIn, void *pData, int *pnData), + void *pInA, + int (*xInputB)(void *pIn, void *pData, int *pnData), + void *pInB, + int (*xOutput)(void *pOut, const void *pData, int nData), + void *pOut +); +int sqlite3changeset_invert_strm( + int (*xInput)(void *pIn, void *pData, int *pnData), + void *pIn, + int (*xOutput)(void *pOut, const void *pData, int nData), + void *pOut +); +int sqlite3changeset_start_strm( + sqlite3_changeset_iter **pp, + int (*xInput)(void *pIn, void *pData, int *pnData), + void *pIn +); +int sqlite3session_changeset_strm( + sqlite3_session *pSession, + int (*xOutput)(void *pOut, const void *pData, int nData), + void *pOut +); +int sqlite3session_patchset_strm( + sqlite3_session *pSession, + int (*xOutput)(void *pOut, const void *pData, int nData), + void *pOut +); +int sqlite3changegroup_add_strm(sqlite3_changegroup*, + int (*xInput)(void *pIn, void *pData, int *pnData), + void *pIn +); +int sqlite3changegroup_output_strm(sqlite3_changegroup*, + int (*xOutput)(void *pOut, const void *pData, int nData), + void *pOut +); + + +/* +** Make sure we can call this stuff from C++. +*/ +#ifdef __cplusplus +} +#endif + +#endif /* !defined(__SQLITESESSION_H_) && defined(SQLITE_ENABLE_SESSION) */ + +/******** End of sqlite3session.h *********/ +/******** Begin file fts5.h *********/ +/* +** 2014 May 31 +** +** The author disclaims copyright to this source code. In place of +** a legal notice, here is a blessing: +** +** May you do good and not evil. +** May you find forgiveness for yourself and forgive others. +** May you share freely, never taking more than you give. +** +****************************************************************************** +** +** Interfaces to extend FTS5. Using the interfaces defined in this file, +** FTS5 may be extended with: +** +** * custom tokenizers, and +** * custom auxiliary functions. +*/ + + +#ifndef _FTS5_H +#define _FTS5_H + + +#ifdef __cplusplus +extern "C" { +#endif + +/************************************************************************* +** CUSTOM AUXILIARY FUNCTIONS +** +** Virtual table implementations may overload SQL functions by implementing +** the sqlite3_module.xFindFunction() method. +*/ + +typedef struct Fts5ExtensionApi Fts5ExtensionApi; +typedef struct Fts5Context Fts5Context; +typedef struct Fts5PhraseIter Fts5PhraseIter; + +typedef void (*fts5_extension_function)( + const Fts5ExtensionApi *pApi, /* API offered by current FTS version */ + Fts5Context *pFts, /* First arg to pass to pApi functions */ + sqlite3_context *pCtx, /* Context for returning result/error */ + int nVal, /* Number of values in apVal[] array */ + sqlite3_value **apVal /* Array of trailing arguments */ +); + +struct Fts5PhraseIter { + const unsigned char *a; + const unsigned char *b; +}; + +/* +** EXTENSION API FUNCTIONS +** +** xUserData(pFts): +** Return a copy of the context pointer the extension function was +** registered with. +** +** xColumnTotalSize(pFts, iCol, pnToken): +** If parameter iCol is less than zero, set output variable *pnToken +** to the total number of tokens in the FTS5 table. Or, if iCol is +** non-negative but less than the number of columns in the table, return +** the total number of tokens in column iCol, considering all rows in +** the FTS5 table. +** +** If parameter iCol is greater than or equal to the number of columns +** in the table, SQLITE_RANGE is returned. Or, if an error occurs (e.g. +** an OOM condition or IO error), an appropriate SQLite error code is +** returned. +** +** xColumnCount(pFts): +** Return the number of columns in the table. +** +** xColumnSize(pFts, iCol, pnToken): +** If parameter iCol is less than zero, set output variable *pnToken +** to the total number of tokens in the current row. Or, if iCol is +** non-negative but less than the number of columns in the table, set +** *pnToken to the number of tokens in column iCol of the current row. +** +** If parameter iCol is greater than or equal to the number of columns +** in the table, SQLITE_RANGE is returned. Or, if an error occurs (e.g. +** an OOM condition or IO error), an appropriate SQLite error code is +** returned. +** +** This function may be quite inefficient if used with an FTS5 table +** created with the "columnsize=0" option. +** +** xColumnText: +** This function attempts to retrieve the text of column iCol of the +** current document. If successful, (*pz) is set to point to a buffer +** containing the text in utf-8 encoding, (*pn) is set to the size in bytes +** (not characters) of the buffer and SQLITE_OK is returned. Otherwise, +** if an error occurs, an SQLite error code is returned and the final values +** of (*pz) and (*pn) are undefined. +** +** xPhraseCount: +** Returns the number of phrases in the current query expression. +** +** xPhraseSize: +** Returns the number of tokens in phrase iPhrase of the query. Phrases +** are numbered starting from zero. +** +** xInstCount: +** Set *pnInst to the total number of occurrences of all phrases within +** the query within the current row. Return SQLITE_OK if successful, or +** an error code (i.e. SQLITE_NOMEM) if an error occurs. +** +** This API can be quite slow if used with an FTS5 table created with the +** "detail=none" or "detail=column" option. If the FTS5 table is created +** with either "detail=none" or "detail=column" and "content=" option +** (i.e. if it is a contentless table), then this API always returns 0. +** +** xInst: +** Query for the details of phrase match iIdx within the current row. +** Phrase matches are numbered starting from zero, so the iIdx argument +** should be greater than or equal to zero and smaller than the value +** output by xInstCount(). +** +** Usually, output parameter *piPhrase is set to the phrase number, *piCol +** to the column in which it occurs and *piOff the token offset of the +** first token of the phrase. The exception is if the table was created +** with the offsets=0 option specified. In this case *piOff is always +** set to -1. +** +** Returns SQLITE_OK if successful, or an error code (i.e. SQLITE_NOMEM) +** if an error occurs. +** +** This API can be quite slow if used with an FTS5 table created with the +** "detail=none" or "detail=column" option. +** +** xRowid: +** Returns the rowid of the current row. +** +** xTokenize: +** Tokenize text using the tokenizer belonging to the FTS5 table. +** +** xQueryPhrase(pFts5, iPhrase, pUserData, xCallback): +** This API function is used to query the FTS table for phrase iPhrase +** of the current query. Specifically, a query equivalent to: +** +** ... FROM ftstable WHERE ftstable MATCH $p ORDER BY rowid +** +** with $p set to a phrase equivalent to the phrase iPhrase of the +** current query is executed. Any column filter that applies to +** phrase iPhrase of the current query is included in $p. For each +** row visited, the callback function passed as the fourth argument +** is invoked. The context and API objects passed to the callback +** function may be used to access the properties of each matched row. +** Invoking Api.xUserData() returns a copy of the pointer passed as +** the third argument to pUserData. +** +** If the callback function returns any value other than SQLITE_OK, the +** query is abandoned and the xQueryPhrase function returns immediately. +** If the returned value is SQLITE_DONE, xQueryPhrase returns SQLITE_OK. +** Otherwise, the error code is propagated upwards. +** +** If the query runs to completion without incident, SQLITE_OK is returned. +** Or, if some error occurs before the query completes or is aborted by +** the callback, an SQLite error code is returned. +** +** +** xSetAuxdata(pFts5, pAux, xDelete) +** +** Save the pointer passed as the second argument as the extension functions +** "auxiliary data". The pointer may then be retrieved by the current or any +** future invocation of the same fts5 extension function made as part of +** of the same MATCH query using the xGetAuxdata() API. +** +** Each extension function is allocated a single auxiliary data slot for +** each FTS query (MATCH expression). If the extension function is invoked +** more than once for a single FTS query, then all invocations share a +** single auxiliary data context. +** +** If there is already an auxiliary data pointer when this function is +** invoked, then it is replaced by the new pointer. If an xDelete callback +** was specified along with the original pointer, it is invoked at this +** point. +** +** The xDelete callback, if one is specified, is also invoked on the +** auxiliary data pointer after the FTS5 query has finished. +** +** If an error (e.g. an OOM condition) occurs within this function, an +** the auxiliary data is set to NULL and an error code returned. If the +** xDelete parameter was not NULL, it is invoked on the auxiliary data +** pointer before returning. +** +** +** xGetAuxdata(pFts5, bClear) +** +** Returns the current auxiliary data pointer for the fts5 extension +** function. See the xSetAuxdata() method for details. +** +** If the bClear argument is non-zero, then the auxiliary data is cleared +** (set to NULL) before this function returns. In this case the xDelete, +** if any, is not invoked. +** +** +** xRowCount(pFts5, pnRow) +** +** This function is used to retrieve the total number of rows in the table. +** In other words, the same value that would be returned by: +** +** SELECT count(*) FROM ftstable; +** +** xPhraseFirst() +** This function is used, along with type Fts5PhraseIter and the xPhraseNext +** method, to iterate through all instances of a single query phrase within +** the current row. This is the same information as is accessible via the +** xInstCount/xInst APIs. While the xInstCount/xInst APIs are more convenient +** to use, this API may be faster under some circumstances. To iterate +** through instances of phrase iPhrase, use the following code: +** +** Fts5PhraseIter iter; +** int iCol, iOff; +** for(pApi->xPhraseFirst(pFts, iPhrase, &iter, &iCol, &iOff); +** iCol>=0; +** pApi->xPhraseNext(pFts, &iter, &iCol, &iOff) +** ){ +** // An instance of phrase iPhrase at offset iOff of column iCol +** } +** +** The Fts5PhraseIter structure is defined above. Applications should not +** modify this structure directly - it should only be used as shown above +** with the xPhraseFirst() and xPhraseNext() API methods (and by +** xPhraseFirstColumn() and xPhraseNextColumn() as illustrated below). +** +** This API can be quite slow if used with an FTS5 table created with the +** "detail=none" or "detail=column" option. If the FTS5 table is created +** with either "detail=none" or "detail=column" and "content=" option +** (i.e. if it is a contentless table), then this API always iterates +** through an empty set (all calls to xPhraseFirst() set iCol to -1). +** +** xPhraseNext() +** See xPhraseFirst above. +** +** xPhraseFirstColumn() +** This function and xPhraseNextColumn() are similar to the xPhraseFirst() +** and xPhraseNext() APIs described above. The difference is that instead +** of iterating through all instances of a phrase in the current row, these +** APIs are used to iterate through the set of columns in the current row +** that contain one or more instances of a specified phrase. For example: +** +** Fts5PhraseIter iter; +** int iCol; +** for(pApi->xPhraseFirstColumn(pFts, iPhrase, &iter, &iCol); +** iCol>=0; +** pApi->xPhraseNextColumn(pFts, &iter, &iCol) +** ){ +** // Column iCol contains at least one instance of phrase iPhrase +** } +** +** This API can be quite slow if used with an FTS5 table created with the +** "detail=none" option. If the FTS5 table is created with either +** "detail=none" "content=" option (i.e. if it is a contentless table), +** then this API always iterates through an empty set (all calls to +** xPhraseFirstColumn() set iCol to -1). +** +** The information accessed using this API and its companion +** xPhraseFirstColumn() may also be obtained using xPhraseFirst/xPhraseNext +** (or xInst/xInstCount). The chief advantage of this API is that it is +** significantly more efficient than those alternatives when used with +** "detail=column" tables. +** +** xPhraseNextColumn() +** See xPhraseFirstColumn above. +*/ +struct Fts5ExtensionApi { + int iVersion; /* Currently always set to 3 */ + + void *(*xUserData)(Fts5Context*); + + int (*xColumnCount)(Fts5Context*); + int (*xRowCount)(Fts5Context*, sqlite3_int64 *pnRow); + int (*xColumnTotalSize)(Fts5Context*, int iCol, sqlite3_int64 *pnToken); + + int (*xTokenize)(Fts5Context*, + const char *pText, int nText, /* Text to tokenize */ + void *pCtx, /* Context passed to xToken() */ + int (*xToken)(void*, int, const char*, int, int, int) /* Callback */ + ); + + int (*xPhraseCount)(Fts5Context*); + int (*xPhraseSize)(Fts5Context*, int iPhrase); + + int (*xInstCount)(Fts5Context*, int *pnInst); + int (*xInst)(Fts5Context*, int iIdx, int *piPhrase, int *piCol, int *piOff); + + sqlite3_int64 (*xRowid)(Fts5Context*); + int (*xColumnText)(Fts5Context*, int iCol, const char **pz, int *pn); + int (*xColumnSize)(Fts5Context*, int iCol, int *pnToken); + + int (*xQueryPhrase)(Fts5Context*, int iPhrase, void *pUserData, + int(*)(const Fts5ExtensionApi*,Fts5Context*,void*) + ); + int (*xSetAuxdata)(Fts5Context*, void *pAux, void(*xDelete)(void*)); + void *(*xGetAuxdata)(Fts5Context*, int bClear); + + int (*xPhraseFirst)(Fts5Context*, int iPhrase, Fts5PhraseIter*, int*, int*); + void (*xPhraseNext)(Fts5Context*, Fts5PhraseIter*, int *piCol, int *piOff); + + int (*xPhraseFirstColumn)(Fts5Context*, int iPhrase, Fts5PhraseIter*, int*); + void (*xPhraseNextColumn)(Fts5Context*, Fts5PhraseIter*, int *piCol); +}; + +/* +** CUSTOM AUXILIARY FUNCTIONS +*************************************************************************/ + +/************************************************************************* +** CUSTOM TOKENIZERS +** +** Applications may also register custom tokenizer types. A tokenizer +** is registered by providing fts5 with a populated instance of the +** following structure. All structure methods must be defined, setting +** any member of the fts5_tokenizer struct to NULL leads to undefined +** behaviour. The structure methods are expected to function as follows: +** +** xCreate: +** This function is used to allocate and initialize a tokenizer instance. +** A tokenizer instance is required to actually tokenize text. +** +** The first argument passed to this function is a copy of the (void*) +** pointer provided by the application when the fts5_tokenizer object +** was registered with FTS5 (the third argument to xCreateTokenizer()). +** The second and third arguments are an array of nul-terminated strings +** containing the tokenizer arguments, if any, specified following the +** tokenizer name as part of the CREATE VIRTUAL TABLE statement used +** to create the FTS5 table. +** +** The final argument is an output variable. If successful, (*ppOut) +** should be set to point to the new tokenizer handle and SQLITE_OK +** returned. If an error occurs, some value other than SQLITE_OK should +** be returned. In this case, fts5 assumes that the final value of *ppOut +** is undefined. +** +** xDelete: +** This function is invoked to delete a tokenizer handle previously +** allocated using xCreate(). Fts5 guarantees that this function will +** be invoked exactly once for each successful call to xCreate(). +** +** xTokenize: +** This function is expected to tokenize the nText byte string indicated +** by argument pText. pText may or may not be nul-terminated. The first +** argument passed to this function is a pointer to an Fts5Tokenizer object +** returned by an earlier call to xCreate(). +** +** The second argument indicates the reason that FTS5 is requesting +** tokenization of the supplied text. This is always one of the following +** four values: +** +**
  • FTS5_TOKENIZE_DOCUMENT - A document is being inserted into +** or removed from the FTS table. The tokenizer is being invoked to +** determine the set of tokens to add to (or delete from) the +** FTS index. +** +**
  • FTS5_TOKENIZE_QUERY - A MATCH query is being executed +** against the FTS index. The tokenizer is being called to tokenize +** a bareword or quoted string specified as part of the query. +** +**
  • (FTS5_TOKENIZE_QUERY | FTS5_TOKENIZE_PREFIX) - Same as +** FTS5_TOKENIZE_QUERY, except that the bareword or quoted string is +** followed by a "*" character, indicating that the last token +** returned by the tokenizer will be treated as a token prefix. +** +**
  • FTS5_TOKENIZE_AUX - The tokenizer is being invoked to +** satisfy an fts5_api.xTokenize() request made by an auxiliary +** function. Or an fts5_api.xColumnSize() request made by the same +** on a columnsize=0 database. +**
+** +** For each token in the input string, the supplied callback xToken() must +** be invoked. The first argument to it should be a copy of the pointer +** passed as the second argument to xTokenize(). The third and fourth +** arguments are a pointer to a buffer containing the token text, and the +** size of the token in bytes. The 4th and 5th arguments are the byte offsets +** of the first byte of and first byte immediately following the text from +** which the token is derived within the input. +** +** The second argument passed to the xToken() callback ("tflags") should +** normally be set to 0. The exception is if the tokenizer supports +** synonyms. In this case see the discussion below for details. +** +** FTS5 assumes the xToken() callback is invoked for each token in the +** order that they occur within the input text. +** +** If an xToken() callback returns any value other than SQLITE_OK, then +** the tokenization should be abandoned and the xTokenize() method should +** immediately return a copy of the xToken() return value. Or, if the +** input buffer is exhausted, xTokenize() should return SQLITE_OK. Finally, +** if an error occurs with the xTokenize() implementation itself, it +** may abandon the tokenization and return any error code other than +** SQLITE_OK or SQLITE_DONE. +** +** SYNONYM SUPPORT +** +** Custom tokenizers may also support synonyms. Consider a case in which a +** user wishes to query for a phrase such as "first place". Using the +** built-in tokenizers, the FTS5 query 'first + place' will match instances +** of "first place" within the document set, but not alternative forms +** such as "1st place". In some applications, it would be better to match +** all instances of "first place" or "1st place" regardless of which form +** the user specified in the MATCH query text. +** +** There are several ways to approach this in FTS5: +** +**
  1. By mapping all synonyms to a single token. In this case, the +** In the above example, this means that the tokenizer returns the +** same token for inputs "first" and "1st". Say that token is in +** fact "first", so that when the user inserts the document "I won +** 1st place" entries are added to the index for tokens "i", "won", +** "first" and "place". If the user then queries for '1st + place', +** the tokenizer substitutes "first" for "1st" and the query works +** as expected. +** +**
  2. By adding multiple synonyms for a single term to the FTS index. +** In this case, when tokenizing query text, the tokenizer may +** provide multiple synonyms for a single term within the document. +** FTS5 then queries the index for each synonym individually. For +** example, faced with the query: +** +** +** ... MATCH 'first place' +** +** the tokenizer offers both "1st" and "first" as synonyms for the +** first token in the MATCH query and FTS5 effectively runs a query +** similar to: +** +** +** ... MATCH '(first OR 1st) place' +** +** except that, for the purposes of auxiliary functions, the query +** still appears to contain just two phrases - "(first OR 1st)" +** being treated as a single phrase. +** +**
  3. By adding multiple synonyms for a single term to the FTS index. +** Using this method, when tokenizing document text, the tokenizer +** provides multiple synonyms for each token. So that when a +** document such as "I won first place" is tokenized, entries are +** added to the FTS index for "i", "won", "first", "1st" and +** "place". +** +** This way, even if the tokenizer does not provide synonyms +** when tokenizing query text (it should not - to do would be +** inefficient), it doesn't matter if the user queries for +** 'first + place' or '1st + place', as there are entires in the +** FTS index corresponding to both forms of the first token. +**
+** +** Whether it is parsing document or query text, any call to xToken that +** specifies a tflags argument with the FTS5_TOKEN_COLOCATED bit +** is considered to supply a synonym for the previous token. For example, +** when parsing the document "I won first place", a tokenizer that supports +** synonyms would call xToken() 5 times, as follows: +** +** +** xToken(pCtx, 0, "i", 1, 0, 1); +** xToken(pCtx, 0, "won", 3, 2, 5); +** xToken(pCtx, 0, "first", 5, 6, 11); +** xToken(pCtx, FTS5_TOKEN_COLOCATED, "1st", 3, 6, 11); +** xToken(pCtx, 0, "place", 5, 12, 17); +** +** +** It is an error to specify the FTS5_TOKEN_COLOCATED flag the first time +** xToken() is called. Multiple synonyms may be specified for a single token +** by making multiple calls to xToken(FTS5_TOKEN_COLOCATED) in sequence. +** There is no limit to the number of synonyms that may be provided for a +** single token. +** +** In many cases, method (1) above is the best approach. It does not add +** extra data to the FTS index or require FTS5 to query for multiple terms, +** so it is efficient in terms of disk space and query speed. However, it +** does not support prefix queries very well. If, as suggested above, the +** token "first" is subsituted for "1st" by the tokenizer, then the query: +** +** +** ... MATCH '1s*' +** +** will not match documents that contain the token "1st" (as the tokenizer +** will probably not map "1s" to any prefix of "first"). +** +** For full prefix support, method (3) may be preferred. In this case, +** because the index contains entries for both "first" and "1st", prefix +** queries such as 'fi*' or '1s*' will match correctly. However, because +** extra entries are added to the FTS index, this method uses more space +** within the database. +** +** Method (2) offers a midpoint between (1) and (3). Using this method, +** a query such as '1s*' will match documents that contain the literal +** token "1st", but not "first" (assuming the tokenizer is not able to +** provide synonyms for prefixes). However, a non-prefix query like '1st' +** will match against "1st" and "first". This method does not require +** extra disk space, as no extra entries are added to the FTS index. +** On the other hand, it may require more CPU cycles to run MATCH queries, +** as separate queries of the FTS index are required for each synonym. +** +** When using methods (2) or (3), it is important that the tokenizer only +** provide synonyms when tokenizing document text (method (2)) or query +** text (method (3)), not both. Doing so will not cause any errors, but is +** inefficient. +*/ +typedef struct Fts5Tokenizer Fts5Tokenizer; +typedef struct fts5_tokenizer fts5_tokenizer; +struct fts5_tokenizer { + int (*xCreate)(void*, const char **azArg, int nArg, Fts5Tokenizer **ppOut); + void (*xDelete)(Fts5Tokenizer*); + int (*xTokenize)(Fts5Tokenizer*, + void *pCtx, + int flags, /* Mask of FTS5_TOKENIZE_* flags */ + const char *pText, int nText, + int (*xToken)( + void *pCtx, /* Copy of 2nd argument to xTokenize() */ + int tflags, /* Mask of FTS5_TOKEN_* flags */ + const char *pToken, /* Pointer to buffer containing token */ + int nToken, /* Size of token in bytes */ + int iStart, /* Byte offset of token within input text */ + int iEnd /* Byte offset of end of token within input text */ + ) + ); +}; + +/* Flags that may be passed as the third argument to xTokenize() */ +#define FTS5_TOKENIZE_QUERY 0x0001 +#define FTS5_TOKENIZE_PREFIX 0x0002 +#define FTS5_TOKENIZE_DOCUMENT 0x0004 +#define FTS5_TOKENIZE_AUX 0x0008 + +/* Flags that may be passed by the tokenizer implementation back to FTS5 +** as the third argument to the supplied xToken callback. */ +#define FTS5_TOKEN_COLOCATED 0x0001 /* Same position as prev. token */ + +/* +** END OF CUSTOM TOKENIZERS +*************************************************************************/ + +/************************************************************************* +** FTS5 EXTENSION REGISTRATION API +*/ +typedef struct fts5_api fts5_api; +struct fts5_api { + int iVersion; /* Currently always set to 2 */ + + /* Create a new tokenizer */ + int (*xCreateTokenizer)( + fts5_api *pApi, + const char *zName, + void *pContext, + fts5_tokenizer *pTokenizer, + void (*xDestroy)(void*) + ); + + /* Find an existing tokenizer */ + int (*xFindTokenizer)( + fts5_api *pApi, + const char *zName, + void **ppContext, + fts5_tokenizer *pTokenizer + ); + + /* Create a new auxiliary function */ + int (*xCreateFunction)( + fts5_api *pApi, + const char *zName, + void *pContext, + fts5_extension_function xFunction, + void (*xDestroy)(void*) + ); +}; + +/* +** END OF REGISTRATION API +*************************************************************************/ + +#ifdef __cplusplus +} /* end of the 'extern "C"' block */ +#endif + +#endif /* _FTS5_H */ + +/******** End of fts5.h *********/ diff --git a/kerberos5/include/sqlite3ext.h b/kerberos5/include/sqlite3ext.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/sqlite3ext.h @@ -0,0 +1,560 @@ +/* +** 2006 June 7 +** +** The author disclaims copyright to this source code. In place of +** a legal notice, here is a blessing: +** +** May you do good and not evil. +** May you find forgiveness for yourself and forgive others. +** May you share freely, never taking more than you give. +** +************************************************************************* +** This header file defines the SQLite interface for use by +** shared libraries that want to be imported as extensions into +** an SQLite instance. Shared libraries that intend to be loaded +** as extensions by SQLite should #include this file instead of +** sqlite3.h. +*/ +#ifndef SQLITE3EXT_H +#define SQLITE3EXT_H +#include "sqlite3.h" + +/* +** The following structure holds pointers to all of the SQLite API +** routines. +** +** WARNING: In order to maintain backwards compatibility, add new +** interfaces to the end of this structure only. If you insert new +** interfaces in the middle of this structure, then older different +** versions of SQLite will not be able to load each other's shared +** libraries! +*/ +struct sqlite3_api_routines { + void * (*aggregate_context)(sqlite3_context*,int nBytes); + int (*aggregate_count)(sqlite3_context*); + int (*bind_blob)(sqlite3_stmt*,int,const void*,int n,void(*)(void*)); + int (*bind_double)(sqlite3_stmt*,int,double); + int (*bind_int)(sqlite3_stmt*,int,int); + int (*bind_int64)(sqlite3_stmt*,int,sqlite_int64); + int (*bind_null)(sqlite3_stmt*,int); + int (*bind_parameter_count)(sqlite3_stmt*); + int (*bind_parameter_index)(sqlite3_stmt*,const char*zName); + const char * (*bind_parameter_name)(sqlite3_stmt*,int); + int (*bind_text)(sqlite3_stmt*,int,const char*,int n,void(*)(void*)); + int (*bind_text16)(sqlite3_stmt*,int,const void*,int,void(*)(void*)); + int (*bind_value)(sqlite3_stmt*,int,const sqlite3_value*); + int (*busy_handler)(sqlite3*,int(*)(void*,int),void*); + int (*busy_timeout)(sqlite3*,int ms); + int (*changes)(sqlite3*); + int (*close)(sqlite3*); + int (*collation_needed)(sqlite3*,void*,void(*)(void*,sqlite3*, + int eTextRep,const char*)); + int (*collation_needed16)(sqlite3*,void*,void(*)(void*,sqlite3*, + int eTextRep,const void*)); + const void * (*column_blob)(sqlite3_stmt*,int iCol); + int (*column_bytes)(sqlite3_stmt*,int iCol); + int (*column_bytes16)(sqlite3_stmt*,int iCol); + int (*column_count)(sqlite3_stmt*pStmt); + const char * (*column_database_name)(sqlite3_stmt*,int); + const void * (*column_database_name16)(sqlite3_stmt*,int); + const char * (*column_decltype)(sqlite3_stmt*,int i); + const void * (*column_decltype16)(sqlite3_stmt*,int); + double (*column_double)(sqlite3_stmt*,int iCol); + int (*column_int)(sqlite3_stmt*,int iCol); + sqlite_int64 (*column_int64)(sqlite3_stmt*,int iCol); + const char * (*column_name)(sqlite3_stmt*,int); + const void * (*column_name16)(sqlite3_stmt*,int); + const char * (*column_origin_name)(sqlite3_stmt*,int); + const void * (*column_origin_name16)(sqlite3_stmt*,int); + const char * (*column_table_name)(sqlite3_stmt*,int); + const void * (*column_table_name16)(sqlite3_stmt*,int); + const unsigned char * (*column_text)(sqlite3_stmt*,int iCol); + const void * (*column_text16)(sqlite3_stmt*,int iCol); + int (*column_type)(sqlite3_stmt*,int iCol); + sqlite3_value* (*column_value)(sqlite3_stmt*,int iCol); + void * (*commit_hook)(sqlite3*,int(*)(void*),void*); + int (*complete)(const char*sql); + int (*complete16)(const void*sql); + int (*create_collation)(sqlite3*,const char*,int,void*, + int(*)(void*,int,const void*,int,const void*)); + int (*create_collation16)(sqlite3*,const void*,int,void*, + int(*)(void*,int,const void*,int,const void*)); + int (*create_function)(sqlite3*,const char*,int,int,void*, + void (*xFunc)(sqlite3_context*,int,sqlite3_value**), + void (*xStep)(sqlite3_context*,int,sqlite3_value**), + void (*xFinal)(sqlite3_context*)); + int (*create_function16)(sqlite3*,const void*,int,int,void*, + void (*xFunc)(sqlite3_context*,int,sqlite3_value**), + void (*xStep)(sqlite3_context*,int,sqlite3_value**), + void (*xFinal)(sqlite3_context*)); + int (*create_module)(sqlite3*,const char*,const sqlite3_module*,void*); + int (*data_count)(sqlite3_stmt*pStmt); + sqlite3 * (*db_handle)(sqlite3_stmt*); + int (*declare_vtab)(sqlite3*,const char*); + int (*enable_shared_cache)(int); + int (*errcode)(sqlite3*db); + const char * (*errmsg)(sqlite3*); + const void * (*errmsg16)(sqlite3*); + int (*exec)(sqlite3*,const char*,sqlite3_callback,void*,char**); + int (*expired)(sqlite3_stmt*); + int (*finalize)(sqlite3_stmt*pStmt); + void (*free)(void*); + void (*free_table)(char**result); + int (*get_autocommit)(sqlite3*); + void * (*get_auxdata)(sqlite3_context*,int); + int (*get_table)(sqlite3*,const char*,char***,int*,int*,char**); + int (*global_recover)(void); + void (*interruptx)(sqlite3*); + sqlite_int64 (*last_insert_rowid)(sqlite3*); + const char * (*libversion)(void); + int (*libversion_number)(void); + void *(*malloc)(int); + char * (*mprintf)(const char*,...); + int (*open)(const char*,sqlite3**); + int (*open16)(const void*,sqlite3**); + int (*prepare)(sqlite3*,const char*,int,sqlite3_stmt**,const char**); + int (*prepare16)(sqlite3*,const void*,int,sqlite3_stmt**,const void**); + void * (*profile)(sqlite3*,void(*)(void*,const char*,sqlite_uint64),void*); + void (*progress_handler)(sqlite3*,int,int(*)(void*),void*); + void *(*realloc)(void*,int); + int (*reset)(sqlite3_stmt*pStmt); + void (*result_blob)(sqlite3_context*,const void*,int,void(*)(void*)); + void (*result_double)(sqlite3_context*,double); + void (*result_error)(sqlite3_context*,const char*,int); + void (*result_error16)(sqlite3_context*,const void*,int); + void (*result_int)(sqlite3_context*,int); + void (*result_int64)(sqlite3_context*,sqlite_int64); + void (*result_null)(sqlite3_context*); + void (*result_text)(sqlite3_context*,const char*,int,void(*)(void*)); + void (*result_text16)(sqlite3_context*,const void*,int,void(*)(void*)); + void (*result_text16be)(sqlite3_context*,const void*,int,void(*)(void*)); + void (*result_text16le)(sqlite3_context*,const void*,int,void(*)(void*)); + void (*result_value)(sqlite3_context*,sqlite3_value*); + void * (*rollback_hook)(sqlite3*,void(*)(void*),void*); + int (*set_authorizer)(sqlite3*,int(*)(void*,int,const char*,const char*, + const char*,const char*),void*); + void (*set_auxdata)(sqlite3_context*,int,void*,void (*)(void*)); + char * (*snprintf)(int,char*,const char*,...); + int (*step)(sqlite3_stmt*); + int (*table_column_metadata)(sqlite3*,const char*,const char*,const char*, + char const**,char const**,int*,int*,int*); + void (*thread_cleanup)(void); + int (*total_changes)(sqlite3*); + void * (*trace)(sqlite3*,void(*xTrace)(void*,const char*),void*); + int (*transfer_bindings)(sqlite3_stmt*,sqlite3_stmt*); + void * (*update_hook)(sqlite3*,void(*)(void*,int ,char const*,char const*, + sqlite_int64),void*); + void * (*user_data)(sqlite3_context*); + const void * (*value_blob)(sqlite3_value*); + int (*value_bytes)(sqlite3_value*); + int (*value_bytes16)(sqlite3_value*); + double (*value_double)(sqlite3_value*); + int (*value_int)(sqlite3_value*); + sqlite_int64 (*value_int64)(sqlite3_value*); + int (*value_numeric_type)(sqlite3_value*); + const unsigned char * (*value_text)(sqlite3_value*); + const void * (*value_text16)(sqlite3_value*); + const void * (*value_text16be)(sqlite3_value*); + const void * (*value_text16le)(sqlite3_value*); + int (*value_type)(sqlite3_value*); + char *(*vmprintf)(const char*,va_list); + /* Added ??? */ + int (*overload_function)(sqlite3*, const char *zFuncName, int nArg); + /* Added by 3.3.13 */ + int (*prepare_v2)(sqlite3*,const char*,int,sqlite3_stmt**,const char**); + int (*prepare16_v2)(sqlite3*,const void*,int,sqlite3_stmt**,const void**); + int (*clear_bindings)(sqlite3_stmt*); + /* Added by 3.4.1 */ + int (*create_module_v2)(sqlite3*,const char*,const sqlite3_module*,void*, + void (*xDestroy)(void *)); + /* Added by 3.5.0 */ + int (*bind_zeroblob)(sqlite3_stmt*,int,int); + int (*blob_bytes)(sqlite3_blob*); + int (*blob_close)(sqlite3_blob*); + int (*blob_open)(sqlite3*,const char*,const char*,const char*,sqlite3_int64, + int,sqlite3_blob**); + int (*blob_read)(sqlite3_blob*,void*,int,int); + int (*blob_write)(sqlite3_blob*,const void*,int,int); + int (*create_collation_v2)(sqlite3*,const char*,int,void*, + int(*)(void*,int,const void*,int,const void*), + void(*)(void*)); + int (*file_control)(sqlite3*,const char*,int,void*); + sqlite3_int64 (*memory_highwater)(int); + sqlite3_int64 (*memory_used)(void); + sqlite3_mutex *(*mutex_alloc)(int); + void (*mutex_enter)(sqlite3_mutex*); + void (*mutex_free)(sqlite3_mutex*); + void (*mutex_leave)(sqlite3_mutex*); + int (*mutex_try)(sqlite3_mutex*); + int (*open_v2)(const char*,sqlite3**,int,const char*); + int (*release_memory)(int); + void (*result_error_nomem)(sqlite3_context*); + void (*result_error_toobig)(sqlite3_context*); + int (*sleep)(int); + void (*soft_heap_limit)(int); + sqlite3_vfs *(*vfs_find)(const char*); + int (*vfs_register)(sqlite3_vfs*,int); + int (*vfs_unregister)(sqlite3_vfs*); + int (*xthreadsafe)(void); + void (*result_zeroblob)(sqlite3_context*,int); + void (*result_error_code)(sqlite3_context*,int); + int (*test_control)(int, ...); + void (*randomness)(int,void*); + sqlite3 *(*context_db_handle)(sqlite3_context*); + int (*extended_result_codes)(sqlite3*,int); + int (*limit)(sqlite3*,int,int); + sqlite3_stmt *(*next_stmt)(sqlite3*,sqlite3_stmt*); + const char *(*sql)(sqlite3_stmt*); + int (*status)(int,int*,int*,int); + int (*backup_finish)(sqlite3_backup*); + sqlite3_backup *(*backup_init)(sqlite3*,const char*,sqlite3*,const char*); + int (*backup_pagecount)(sqlite3_backup*); + int (*backup_remaining)(sqlite3_backup*); + int (*backup_step)(sqlite3_backup*,int); + const char *(*compileoption_get)(int); + int (*compileoption_used)(const char*); + int (*create_function_v2)(sqlite3*,const char*,int,int,void*, + void (*xFunc)(sqlite3_context*,int,sqlite3_value**), + void (*xStep)(sqlite3_context*,int,sqlite3_value**), + void (*xFinal)(sqlite3_context*), + void(*xDestroy)(void*)); + int (*db_config)(sqlite3*,int,...); + sqlite3_mutex *(*db_mutex)(sqlite3*); + int (*db_status)(sqlite3*,int,int*,int*,int); + int (*extended_errcode)(sqlite3*); + void (*log)(int,const char*,...); + sqlite3_int64 (*soft_heap_limit64)(sqlite3_int64); + const char *(*sourceid)(void); + int (*stmt_status)(sqlite3_stmt*,int,int); + int (*strnicmp)(const char*,const char*,int); + int (*unlock_notify)(sqlite3*,void(*)(void**,int),void*); + int (*wal_autocheckpoint)(sqlite3*,int); + int (*wal_checkpoint)(sqlite3*,const char*); + void *(*wal_hook)(sqlite3*,int(*)(void*,sqlite3*,const char*,int),void*); + int (*blob_reopen)(sqlite3_blob*,sqlite3_int64); + int (*vtab_config)(sqlite3*,int op,...); + int (*vtab_on_conflict)(sqlite3*); + /* Version 3.7.16 and later */ + int (*close_v2)(sqlite3*); + const char *(*db_filename)(sqlite3*,const char*); + int (*db_readonly)(sqlite3*,const char*); + int (*db_release_memory)(sqlite3*); + const char *(*errstr)(int); + int (*stmt_busy)(sqlite3_stmt*); + int (*stmt_readonly)(sqlite3_stmt*); + int (*stricmp)(const char*,const char*); + int (*uri_boolean)(const char*,const char*,int); + sqlite3_int64 (*uri_int64)(const char*,const char*,sqlite3_int64); + const char *(*uri_parameter)(const char*,const char*); + char *(*vsnprintf)(int,char*,const char*,va_list); + int (*wal_checkpoint_v2)(sqlite3*,const char*,int,int*,int*); + /* Version 3.8.7 and later */ + int (*auto_extension)(void(*)(void)); + int (*bind_blob64)(sqlite3_stmt*,int,const void*,sqlite3_uint64, + void(*)(void*)); + int (*bind_text64)(sqlite3_stmt*,int,const char*,sqlite3_uint64, + void(*)(void*),unsigned char); + int (*cancel_auto_extension)(void(*)(void)); + int (*load_extension)(sqlite3*,const char*,const char*,char**); + void *(*malloc64)(sqlite3_uint64); + sqlite3_uint64 (*msize)(void*); + void *(*realloc64)(void*,sqlite3_uint64); + void (*reset_auto_extension)(void); + void (*result_blob64)(sqlite3_context*,const void*,sqlite3_uint64, + void(*)(void*)); + void (*result_text64)(sqlite3_context*,const char*,sqlite3_uint64, + void(*)(void*), unsigned char); + int (*strglob)(const char*,const char*); + /* Version 3.8.11 and later */ + sqlite3_value *(*value_dup)(const sqlite3_value*); + void (*value_free)(sqlite3_value*); + int (*result_zeroblob64)(sqlite3_context*,sqlite3_uint64); + int (*bind_zeroblob64)(sqlite3_stmt*, int, sqlite3_uint64); + /* Version 3.9.0 and later */ + unsigned int (*value_subtype)(sqlite3_value*); + void (*result_subtype)(sqlite3_context*,unsigned int); + /* Version 3.10.0 and later */ + int (*status64)(int,sqlite3_int64*,sqlite3_int64*,int); + int (*strlike)(const char*,const char*,unsigned int); + int (*db_cacheflush)(sqlite3*); + /* Version 3.12.0 and later */ + int (*system_errno)(sqlite3*); + /* Version 3.14.0 and later */ + int (*trace_v2)(sqlite3*,unsigned,int(*)(unsigned,void*,void*,void*),void*); + char *(*expanded_sql)(sqlite3_stmt*); +}; + +/* +** This is the function signature used for all extension entry points. It +** is also defined in the file "loadext.c". +*/ +typedef int (*sqlite3_loadext_entry)( + sqlite3 *db, /* Handle to the database. */ + char **pzErrMsg, /* Used to set error string on failure. */ + const sqlite3_api_routines *pThunk /* Extension API function pointers. */ +); + +/* +** The following macros redefine the API routines so that they are +** redirected through the global sqlite3_api structure. +** +** This header file is also used by the loadext.c source file +** (part of the main SQLite library - not an extension) so that +** it can get access to the sqlite3_api_routines structure +** definition. But the main library does not want to redefine +** the API. So the redefinition macros are only valid if the +** SQLITE_CORE macros is undefined. +*/ +#if !defined(SQLITE_CORE) && !defined(SQLITE_OMIT_LOAD_EXTENSION) +#define sqlite3_aggregate_context sqlite3_api->aggregate_context +#ifndef SQLITE_OMIT_DEPRECATED +#define sqlite3_aggregate_count sqlite3_api->aggregate_count +#endif +#define sqlite3_bind_blob sqlite3_api->bind_blob +#define sqlite3_bind_double sqlite3_api->bind_double +#define sqlite3_bind_int sqlite3_api->bind_int +#define sqlite3_bind_int64 sqlite3_api->bind_int64 +#define sqlite3_bind_null sqlite3_api->bind_null +#define sqlite3_bind_parameter_count sqlite3_api->bind_parameter_count +#define sqlite3_bind_parameter_index sqlite3_api->bind_parameter_index +#define sqlite3_bind_parameter_name sqlite3_api->bind_parameter_name +#define sqlite3_bind_text sqlite3_api->bind_text +#define sqlite3_bind_text16 sqlite3_api->bind_text16 +#define sqlite3_bind_value sqlite3_api->bind_value +#define sqlite3_busy_handler sqlite3_api->busy_handler +#define sqlite3_busy_timeout sqlite3_api->busy_timeout +#define sqlite3_changes sqlite3_api->changes +#define sqlite3_close sqlite3_api->close +#define sqlite3_collation_needed sqlite3_api->collation_needed +#define sqlite3_collation_needed16 sqlite3_api->collation_needed16 +#define sqlite3_column_blob sqlite3_api->column_blob +#define sqlite3_column_bytes sqlite3_api->column_bytes +#define sqlite3_column_bytes16 sqlite3_api->column_bytes16 +#define sqlite3_column_count sqlite3_api->column_count +#define sqlite3_column_database_name sqlite3_api->column_database_name +#define sqlite3_column_database_name16 sqlite3_api->column_database_name16 +#define sqlite3_column_decltype sqlite3_api->column_decltype +#define sqlite3_column_decltype16 sqlite3_api->column_decltype16 +#define sqlite3_column_double sqlite3_api->column_double +#define sqlite3_column_int sqlite3_api->column_int +#define sqlite3_column_int64 sqlite3_api->column_int64 +#define sqlite3_column_name sqlite3_api->column_name +#define sqlite3_column_name16 sqlite3_api->column_name16 +#define sqlite3_column_origin_name sqlite3_api->column_origin_name +#define sqlite3_column_origin_name16 sqlite3_api->column_origin_name16 +#define sqlite3_column_table_name sqlite3_api->column_table_name +#define sqlite3_column_table_name16 sqlite3_api->column_table_name16 +#define sqlite3_column_text sqlite3_api->column_text +#define sqlite3_column_text16 sqlite3_api->column_text16 +#define sqlite3_column_type sqlite3_api->column_type +#define sqlite3_column_value sqlite3_api->column_value +#define sqlite3_commit_hook sqlite3_api->commit_hook +#define sqlite3_complete sqlite3_api->complete +#define sqlite3_complete16 sqlite3_api->complete16 +#define sqlite3_create_collation sqlite3_api->create_collation +#define sqlite3_create_collation16 sqlite3_api->create_collation16 +#define sqlite3_create_function sqlite3_api->create_function +#define sqlite3_create_function16 sqlite3_api->create_function16 +#define sqlite3_create_module sqlite3_api->create_module +#define sqlite3_create_module_v2 sqlite3_api->create_module_v2 +#define sqlite3_data_count sqlite3_api->data_count +#define sqlite3_db_handle sqlite3_api->db_handle +#define sqlite3_declare_vtab sqlite3_api->declare_vtab +#define sqlite3_enable_shared_cache sqlite3_api->enable_shared_cache +#define sqlite3_errcode sqlite3_api->errcode +#define sqlite3_errmsg sqlite3_api->errmsg +#define sqlite3_errmsg16 sqlite3_api->errmsg16 +#define sqlite3_exec sqlite3_api->exec +#ifndef SQLITE_OMIT_DEPRECATED +#define sqlite3_expired sqlite3_api->expired +#endif +#define sqlite3_finalize sqlite3_api->finalize +#define sqlite3_free sqlite3_api->free +#define sqlite3_free_table sqlite3_api->free_table +#define sqlite3_get_autocommit sqlite3_api->get_autocommit +#define sqlite3_get_auxdata sqlite3_api->get_auxdata +#define sqlite3_get_table sqlite3_api->get_table +#ifndef SQLITE_OMIT_DEPRECATED +#define sqlite3_global_recover sqlite3_api->global_recover +#endif +#define sqlite3_interrupt sqlite3_api->interruptx +#define sqlite3_last_insert_rowid sqlite3_api->last_insert_rowid +#define sqlite3_libversion sqlite3_api->libversion +#define sqlite3_libversion_number sqlite3_api->libversion_number +#define sqlite3_malloc sqlite3_api->malloc +#define sqlite3_mprintf sqlite3_api->mprintf +#define sqlite3_open sqlite3_api->open +#define sqlite3_open16 sqlite3_api->open16 +#define sqlite3_prepare sqlite3_api->prepare +#define sqlite3_prepare16 sqlite3_api->prepare16 +#define sqlite3_prepare_v2 sqlite3_api->prepare_v2 +#define sqlite3_prepare16_v2 sqlite3_api->prepare16_v2 +#define sqlite3_profile sqlite3_api->profile +#define sqlite3_progress_handler sqlite3_api->progress_handler +#define sqlite3_realloc sqlite3_api->realloc +#define sqlite3_reset sqlite3_api->reset +#define sqlite3_result_blob sqlite3_api->result_blob +#define sqlite3_result_double sqlite3_api->result_double +#define sqlite3_result_error sqlite3_api->result_error +#define sqlite3_result_error16 sqlite3_api->result_error16 +#define sqlite3_result_int sqlite3_api->result_int +#define sqlite3_result_int64 sqlite3_api->result_int64 +#define sqlite3_result_null sqlite3_api->result_null +#define sqlite3_result_text sqlite3_api->result_text +#define sqlite3_result_text16 sqlite3_api->result_text16 +#define sqlite3_result_text16be sqlite3_api->result_text16be +#define sqlite3_result_text16le sqlite3_api->result_text16le +#define sqlite3_result_value sqlite3_api->result_value +#define sqlite3_rollback_hook sqlite3_api->rollback_hook +#define sqlite3_set_authorizer sqlite3_api->set_authorizer +#define sqlite3_set_auxdata sqlite3_api->set_auxdata +#define sqlite3_snprintf sqlite3_api->snprintf +#define sqlite3_step sqlite3_api->step +#define sqlite3_table_column_metadata sqlite3_api->table_column_metadata +#define sqlite3_thread_cleanup sqlite3_api->thread_cleanup +#define sqlite3_total_changes sqlite3_api->total_changes +#define sqlite3_trace sqlite3_api->trace +#ifndef SQLITE_OMIT_DEPRECATED +#define sqlite3_transfer_bindings sqlite3_api->transfer_bindings +#endif +#define sqlite3_update_hook sqlite3_api->update_hook +#define sqlite3_user_data sqlite3_api->user_data +#define sqlite3_value_blob sqlite3_api->value_blob +#define sqlite3_value_bytes sqlite3_api->value_bytes +#define sqlite3_value_bytes16 sqlite3_api->value_bytes16 +#define sqlite3_value_double sqlite3_api->value_double +#define sqlite3_value_int sqlite3_api->value_int +#define sqlite3_value_int64 sqlite3_api->value_int64 +#define sqlite3_value_numeric_type sqlite3_api->value_numeric_type +#define sqlite3_value_text sqlite3_api->value_text +#define sqlite3_value_text16 sqlite3_api->value_text16 +#define sqlite3_value_text16be sqlite3_api->value_text16be +#define sqlite3_value_text16le sqlite3_api->value_text16le +#define sqlite3_value_type sqlite3_api->value_type +#define sqlite3_vmprintf sqlite3_api->vmprintf +#define sqlite3_vsnprintf sqlite3_api->vsnprintf +#define sqlite3_overload_function sqlite3_api->overload_function +#define sqlite3_prepare_v2 sqlite3_api->prepare_v2 +#define sqlite3_prepare16_v2 sqlite3_api->prepare16_v2 +#define sqlite3_clear_bindings sqlite3_api->clear_bindings +#define sqlite3_bind_zeroblob sqlite3_api->bind_zeroblob +#define sqlite3_blob_bytes sqlite3_api->blob_bytes +#define sqlite3_blob_close sqlite3_api->blob_close +#define sqlite3_blob_open sqlite3_api->blob_open +#define sqlite3_blob_read sqlite3_api->blob_read +#define sqlite3_blob_write sqlite3_api->blob_write +#define sqlite3_create_collation_v2 sqlite3_api->create_collation_v2 +#define sqlite3_file_control sqlite3_api->file_control +#define sqlite3_memory_highwater sqlite3_api->memory_highwater +#define sqlite3_memory_used sqlite3_api->memory_used +#define sqlite3_mutex_alloc sqlite3_api->mutex_alloc +#define sqlite3_mutex_enter sqlite3_api->mutex_enter +#define sqlite3_mutex_free sqlite3_api->mutex_free +#define sqlite3_mutex_leave sqlite3_api->mutex_leave +#define sqlite3_mutex_try sqlite3_api->mutex_try +#define sqlite3_open_v2 sqlite3_api->open_v2 +#define sqlite3_release_memory sqlite3_api->release_memory +#define sqlite3_result_error_nomem sqlite3_api->result_error_nomem +#define sqlite3_result_error_toobig sqlite3_api->result_error_toobig +#define sqlite3_sleep sqlite3_api->sleep +#define sqlite3_soft_heap_limit sqlite3_api->soft_heap_limit +#define sqlite3_vfs_find sqlite3_api->vfs_find +#define sqlite3_vfs_register sqlite3_api->vfs_register +#define sqlite3_vfs_unregister sqlite3_api->vfs_unregister +#define sqlite3_threadsafe sqlite3_api->xthreadsafe +#define sqlite3_result_zeroblob sqlite3_api->result_zeroblob +#define sqlite3_result_error_code sqlite3_api->result_error_code +#define sqlite3_test_control sqlite3_api->test_control +#define sqlite3_randomness sqlite3_api->randomness +#define sqlite3_context_db_handle sqlite3_api->context_db_handle +#define sqlite3_extended_result_codes sqlite3_api->extended_result_codes +#define sqlite3_limit sqlite3_api->limit +#define sqlite3_next_stmt sqlite3_api->next_stmt +#define sqlite3_sql sqlite3_api->sql +#define sqlite3_status sqlite3_api->status +#define sqlite3_backup_finish sqlite3_api->backup_finish +#define sqlite3_backup_init sqlite3_api->backup_init +#define sqlite3_backup_pagecount sqlite3_api->backup_pagecount +#define sqlite3_backup_remaining sqlite3_api->backup_remaining +#define sqlite3_backup_step sqlite3_api->backup_step +#define sqlite3_compileoption_get sqlite3_api->compileoption_get +#define sqlite3_compileoption_used sqlite3_api->compileoption_used +#define sqlite3_create_function_v2 sqlite3_api->create_function_v2 +#define sqlite3_db_config sqlite3_api->db_config +#define sqlite3_db_mutex sqlite3_api->db_mutex +#define sqlite3_db_status sqlite3_api->db_status +#define sqlite3_extended_errcode sqlite3_api->extended_errcode +#define sqlite3_log sqlite3_api->log +#define sqlite3_soft_heap_limit64 sqlite3_api->soft_heap_limit64 +#define sqlite3_sourceid sqlite3_api->sourceid +#define sqlite3_stmt_status sqlite3_api->stmt_status +#define sqlite3_strnicmp sqlite3_api->strnicmp +#define sqlite3_unlock_notify sqlite3_api->unlock_notify +#define sqlite3_wal_autocheckpoint sqlite3_api->wal_autocheckpoint +#define sqlite3_wal_checkpoint sqlite3_api->wal_checkpoint +#define sqlite3_wal_hook sqlite3_api->wal_hook +#define sqlite3_blob_reopen sqlite3_api->blob_reopen +#define sqlite3_vtab_config sqlite3_api->vtab_config +#define sqlite3_vtab_on_conflict sqlite3_api->vtab_on_conflict +/* Version 3.7.16 and later */ +#define sqlite3_close_v2 sqlite3_api->close_v2 +#define sqlite3_db_filename sqlite3_api->db_filename +#define sqlite3_db_readonly sqlite3_api->db_readonly +#define sqlite3_db_release_memory sqlite3_api->db_release_memory +#define sqlite3_errstr sqlite3_api->errstr +#define sqlite3_stmt_busy sqlite3_api->stmt_busy +#define sqlite3_stmt_readonly sqlite3_api->stmt_readonly +#define sqlite3_stricmp sqlite3_api->stricmp +#define sqlite3_uri_boolean sqlite3_api->uri_boolean +#define sqlite3_uri_int64 sqlite3_api->uri_int64 +#define sqlite3_uri_parameter sqlite3_api->uri_parameter +#define sqlite3_uri_vsnprintf sqlite3_api->vsnprintf +#define sqlite3_wal_checkpoint_v2 sqlite3_api->wal_checkpoint_v2 +/* Version 3.8.7 and later */ +#define sqlite3_auto_extension sqlite3_api->auto_extension +#define sqlite3_bind_blob64 sqlite3_api->bind_blob64 +#define sqlite3_bind_text64 sqlite3_api->bind_text64 +#define sqlite3_cancel_auto_extension sqlite3_api->cancel_auto_extension +#define sqlite3_load_extension sqlite3_api->load_extension +#define sqlite3_malloc64 sqlite3_api->malloc64 +#define sqlite3_msize sqlite3_api->msize +#define sqlite3_realloc64 sqlite3_api->realloc64 +#define sqlite3_reset_auto_extension sqlite3_api->reset_auto_extension +#define sqlite3_result_blob64 sqlite3_api->result_blob64 +#define sqlite3_result_text64 sqlite3_api->result_text64 +#define sqlite3_strglob sqlite3_api->strglob +/* Version 3.8.11 and later */ +#define sqlite3_value_dup sqlite3_api->value_dup +#define sqlite3_value_free sqlite3_api->value_free +#define sqlite3_result_zeroblob64 sqlite3_api->result_zeroblob64 +#define sqlite3_bind_zeroblob64 sqlite3_api->bind_zeroblob64 +/* Version 3.9.0 and later */ +#define sqlite3_value_subtype sqlite3_api->value_subtype +#define sqlite3_result_subtype sqlite3_api->result_subtype +/* Version 3.10.0 and later */ +#define sqlite3_status64 sqlite3_api->status64 +#define sqlite3_strlike sqlite3_api->strlike +#define sqlite3_db_cacheflush sqlite3_api->db_cacheflush +/* Version 3.12.0 and later */ +#define sqlite3_system_errno sqlite3_api->system_errno +/* Version 3.14.0 and later */ +#define sqlite3_trace_v2 sqlite3_api->trace_v2 +#define sqlite3_expanded_sql sqlite3_api->expanded_sql +#endif /* !defined(SQLITE_CORE) && !defined(SQLITE_OMIT_LOAD_EXTENSION) */ + +#if !defined(SQLITE_CORE) && !defined(SQLITE_OMIT_LOAD_EXTENSION) + /* This case when the file really is being compiled as a loadable + ** extension */ +# define SQLITE_EXTENSION_INIT1 const sqlite3_api_routines *sqlite3_api=0; +# define SQLITE_EXTENSION_INIT2(v) sqlite3_api=v; +# define SQLITE_EXTENSION_INIT3 \ + extern const sqlite3_api_routines *sqlite3_api; +#else + /* This case when the file is being statically linked into the + ** application */ +# define SQLITE_EXTENSION_INIT1 /*no-op*/ +# define SQLITE_EXTENSION_INIT2(v) (void)v; /* unused parameter */ +# define SQLITE_EXTENSION_INIT3 /*no-op*/ +#endif + +#endif /* SQLITE3EXT_H */ diff --git a/kerberos5/include/stamp-h1 b/kerberos5/include/stamp-h1 new file mode 100644 --- /dev/null +++ b/kerberos5/include/stamp-h1 @@ -0,0 +1 @@ +timestamp for include/config.h diff --git a/contrib/com_err/lex.h b/kerberos5/include/test-mem.h copy from contrib/com_err/lex.h copy to kerberos5/include/test-mem.h --- a/contrib/com_err/lex.h +++ b/kerberos5/include/test-mem.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,9 +31,9 @@ * SUCH DAMAGE. */ -/* $Id$ */ +enum rk_test_mem_type { RK_TM_OVERRUN, RK_TM_UNDERRUN }; -void _lex_error_message (const char *, ...) -__attribute__ ((format (printf, 1, 2))); - -int yylex(void); +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL + rk_test_mem_alloc(enum rk_test_mem_type, const char *, void *, size_t); +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL + rk_test_mem_free(const char *); diff --git a/contrib/com_err/lex.h b/kerberos5/include/vers.h copy from contrib/com_err/lex.h copy to kerberos5/include/vers.h --- a/contrib/com_err/lex.h +++ b/kerberos5/include/vers.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,9 @@ /* $Id$ */ -void _lex_error_message (const char *, ...) -__attribute__ ((format (printf, 1, 2))); +#ifndef __VERS_H__ +#define __VERS_H__ -int yylex(void); +void print_version(const char *); + +#endif /* __VERS_H__ */ diff --git a/kerberos5/include/version.h b/kerberos5/include/version.h --- a/kerberos5/include/version.h +++ b/kerberos5/include/version.h @@ -1,5 +1,5 @@ #ifndef VERSION_HIDDEN #define VERSION_HIDDEN #endif -VERSION_HIDDEN const char *heimdal_long_version = "@(#)$Version: Heimdal 1.5.2 (FreeBSD) $"; -VERSION_HIDDEN const char *heimdal_version = "Heimdal 1.5.2"; +VERSION_HIDDEN const char *heimdal_long_version = "@(#)$Version: Heimdal 7.8.0 by minsoochoo on freebsd (amd64-unknown-freebsd14.0) Thu Jan 25 13:45:04 EST 2024 $"; +VERSION_HIDDEN const char *heimdal_version = "Heimdal 7.8.0"; diff --git a/contrib/com_err/com_err.h b/kerberos5/include/wind.h rename from contrib/com_err/com_err.h rename to kerberos5/include/wind.h --- a/contrib/com_err/com_err.h +++ b/kerberos5/include/wind.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,44 +33,54 @@ /* $Id$ */ -/* MIT compatible com_err library */ +#ifndef _WIND_H_ +#define _WIND_H_ -#ifndef __COM_ERR_H__ -#define __COM_ERR_H__ +#include +#include -#include -#include +#include -#if !defined(__GNUC__) && !defined(__attribute__) -#define __attribute__(X) -#endif +typedef unsigned int wind_profile_flags; -typedef void (KRB5_CALLCONV *errf) (const char *, long, const char *, va_list); +#define WIND_PROFILE_NAME 0x00000001 +#define WIND_PROFILE_SASL 0x00000002 +#define WIND_PROFILE_LDAP 0x00000004 +#define WIND_PROFILE_LDAP_CASE 0x00000008 -KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL -error_message (long); +#define WIND_PROFILE_LDAP_CASE_EXACT_ATTRIBUTE 0x00010000 +#define WIND_PROFILE_LDAP_CASE_EXACT_ASSERTION 0x00020000 +#define WIND_PROFILE_LDAP_NUMERIC 0x00040000 +#define WIND_PROFILE_LDAP_TELEPHONE 0x00080000 -KRB5_LIB_FUNCTION int KRB5_LIB_CALL -init_error_table (const char**, long, int); -KRB5_LIB_FUNCTION void KRB5_LIB_CALL -com_err_va (const char *, long, const char *, va_list) - __attribute__((format(printf, 3, 0))); +/* flags to wind_ucs2read/wind_ucs2write */ +#define WIND_RW_LE 1 +#define WIND_RW_BE 2 +#define WIND_RW_BOM 4 -KRB5_LIB_FUNCTION void KRB5_LIB_CALL -com_err (const char *, long, const char *, ...) - __attribute__((format(printf, 3, 4))); +int wind_stringprep(const uint32_t *, size_t, + uint32_t *, size_t *, + wind_profile_flags); +int wind_profile(const char *, wind_profile_flags *); -KRB5_LIB_FUNCTION errf KRB5_LIB_CALL -set_com_err_hook (errf); +int wind_punycode_label_toascii(const uint32_t *, size_t, + char *, size_t *); -KRB5_LIB_FUNCTION errf KRB5_LIB_CALL -reset_com_err_hook (void); +int wind_utf8ucs4(const char *, uint32_t *, size_t *); +int wind_utf8ucs4_length(const char *, size_t *); -KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL -error_table_name (int num); +int wind_ucs4utf8(const uint32_t *, size_t, char *, size_t *); +int wind_ucs4utf8_length(const uint32_t *, size_t, size_t *); -KRB5_LIB_FUNCTION void KRB5_LIB_CALL -add_to_error_table (struct et_list *new_table); +int wind_utf8ucs2(const char *, uint16_t *, size_t *); +int wind_utf8ucs2_length(const char *, size_t *); -#endif /* __COM_ERR_H__ */ +int wind_ucs2utf8(const uint16_t *, size_t, char *, size_t *); +int wind_ucs2utf8_length(const uint16_t *, size_t, size_t *); + + +int wind_ucs2read(const void *, size_t, unsigned int *, uint16_t *, size_t *); +int wind_ucs2write(const uint16_t *, size_t, unsigned int *, void *, size_t *); + +#endif /* _WIND_H_ */ diff --git a/kerberos5/include/wind_err.h b/kerberos5/include/wind_err.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/wind_err.h @@ -0,0 +1,32 @@ +/* Generated from wind_err.et */ +/* $Id$ */ + +#ifndef __wind_err_h__ +#define __wind_err_h__ + +struct et_list; + +void initialize_wind_error_table_r(struct et_list **); + +void initialize_wind_error_table(void); +#define init_wind_err_tbl initialize_wind_error_table + +typedef enum wind_error_number{ + WIND_ERR_NONE = -969269760, + WIND_ERR_NO_PROFILE = -969269759, + WIND_ERR_OVERRUN = -969269758, + WIND_ERR_UNDERUN = -969269757, + WIND_ERR_LENGTH_NOT_MOD2 = -969269756, + WIND_ERR_LENGTH_NOT_MOD4 = -969269755, + WIND_ERR_INVALID_UTF8 = -969269754, + WIND_ERR_INVALID_UTF16 = -969269753, + WIND_ERR_INVALID_UTF32 = -969269752, + WIND_ERR_NO_BOM = -969269751, + WIND_ERR_NOT_UTF16 = -969269750 +} wind_error_number; + +#define ERROR_TABLE_BASE_wind -969269760 + +#define COM_ERR_BINDDOMAIN_wind "heim_com_err-969269760" + +#endif /* __wind_err_h__ */ diff --git a/kerberos5/include/windc_plugin.h b/kerberos5/include/windc_plugin.h new file mode 100644 --- /dev/null +++ b/kerberos5/include/windc_plugin.h @@ -0,0 +1,89 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef HEIMDAL_KRB5_PAC_PLUGIN_H +#define HEIMDAL_KRB5_PAC_PLUGIN_H 1 + +#include + +/* + * The PAC generate function should allocate a krb5_pac using + * krb5_pac_init and fill in the PAC structure for the principal using + * krb5_pac_add_buffer. + * + * The PAC verify function should verify all components in the PAC + * using krb5_pac_get_types and krb5_pac_get_buffer for all types. + * + * Check client access function check if the client is authorized. + */ + +struct hdb_entry_ex; + +typedef krb5_error_code +(KRB5_CALLCONV *krb5plugin_windc_pac_generate)(void *, krb5_context, + struct hdb_entry_ex *, krb5_pac *); + +typedef krb5_error_code +(KRB5_CALLCONV *krb5plugin_windc_pac_verify)(void *, krb5_context, + const krb5_principal, /* new ticket client */ + const krb5_principal, /* delegation proxy */ + struct hdb_entry_ex *,/* client */ + struct hdb_entry_ex *,/* server */ + struct hdb_entry_ex *,/* krbtgt */ + krb5_pac *); + +typedef krb5_error_code +(KRB5_CALLCONV *krb5plugin_windc_client_access)( + void *, krb5_context, + krb5_kdc_configuration *config, + hdb_entry_ex *, const char *, + hdb_entry_ex *, const char *, + KDC_REQ *, METHOD_DATA *); + + +#define KRB5_WINDC_PLUGIN_MINOR 6 +#define KRB5_WINDC_PLUGING_MINOR KRB5_WINDC_PLUGIN_MINOR + +typedef struct krb5plugin_windc_ftable { + int minor_version; + krb5_error_code (KRB5_CALLCONV *init)(krb5_context, void **); + void (KRB5_CALLCONV *fini)(void *); + krb5plugin_windc_pac_generate pac_generate; + krb5plugin_windc_pac_verify pac_verify; + krb5plugin_windc_client_access client_access; +} krb5plugin_windc_ftable; + +#endif /* HEIMDAL_KRB5_PAC_PLUGIN_H */ + diff --git a/contrib/com_err/lex.h b/kerberos5/include/xdbm.h rename from contrib/com_err/lex.h rename to kerberos5/include/xdbm.h --- a/contrib/com_err/lex.h +++ b/kerberos5/include/xdbm.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,20 @@ /* $Id$ */ -void _lex_error_message (const char *, ...) -__attribute__ ((format (printf, 1, 2))); +/* Generic *dbm include file */ -int yylex(void); +#ifndef __XDBM_H__ +#define __XDBM_H__ + +#if HAVE_DB_NDBM +#define DB_DBM_HSEARCH 1 +#include +#elif HAVE_NDBM +#if defined(HAVE_GDBM_NDBM_H) +#include +#elif defined(HAVE_NDBM_H) +#include +#endif +#endif /* HAVE_NDBM */ + +#endif /* __XDBM_H__ */ diff --git a/kerberos5/lib/Makefile b/kerberos5/lib/Makefile --- a/kerberos5/lib/Makefile +++ b/kerberos5/lib/Makefile @@ -1,7 +1,7 @@ .include -SUBDIR= libasn1 libhdb \ +SUBDIR= libasn1 libhcrypto libhdb \ libheimntlm libhx509 libkadm5clnt libkadm5srv libkrb5 \ libroken libsl libvers libkdc libwind libheimbase libheimipcc libheimipcs diff --git a/kerberos5/lib/libasn1/Makefile b/kerberos5/lib/libasn1/Makefile --- a/kerberos5/lib/libasn1/Makefile +++ b/kerberos5/lib/libasn1/Makefile @@ -5,7 +5,7 @@ LDFLAGS= -Wl,--no-undefined INCS= asn1_err.h asn1-common.h heim_asn1.h der.h der-protos.h der-private.h LIBADD= com_err roken -VERSION_MAP= ${.CURDIR}/version.map +VERSION_MAP= ${KRB5DIR}/lib/asn1/version-script.map SRCS= asn1_err.c \ asn1_err.h \ diff --git a/kerberos5/lib/libgssapi_krb5/Makefile b/kerberos5/lib/libgssapi_krb5/Makefile --- a/kerberos5/lib/libgssapi_krb5/Makefile +++ b/kerberos5/lib/libgssapi_krb5/Makefile @@ -3,7 +3,7 @@ LIB= gssapi_krb5 LDFLAGS= -Wl,-Bsymbolic -Wl,--no-undefined -LIBADD= gssapi krb5 crypto roken asn1 com_err +LIBADD= gssapi krb5 hcrypto heimbase roken asn1 com_err SHLIB_MAJOR= 10 INCS= ${KRB5DIR}/lib/gssapi/gssapi/gssapi_krb5.h @@ -50,7 +50,6 @@ inquire_names_for_mech.c \ inquire_sec_context_by_oid.c \ pname_to_uid.c \ - prefix.c \ prf.c \ process_context_token.c \ release_buffer.c \ @@ -64,15 +63,6 @@ unwrap.c \ verify_mic.c \ wrap.c \ - gss_krb5.c \ - gss_oid.c - -#SRCS+= gss_add_oid_set_member.c \ -# gss_create_empty_oid_set.c \ -# gss_release_buffer.c \ -# gss_release_oid_set.c \ -# gss_test_oid_set_member.c \ -# gss_utils.c CFLAGS+=-I${KRB5DIR}/lib/gssapi CFLAGS+=-I${KRB5DIR}/lib/gssapi/krb5 diff --git a/kerberos5/lib/libgssapi_krb5/gss_krb5.c b/kerberos5/lib/libgssapi_krb5/gss_krb5.c deleted file mode 100644 --- a/kerberos5/lib/libgssapi_krb5/gss_krb5.c +++ /dev/null @@ -1,832 +0,0 @@ -/*- - * SPDX-License-Identifier: BSD-2-Clause - * - * Copyright (c) 2005 Doug Rabson - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include -#include - -/* RCSID("$Id: gss_krb5.c 21889 2007-08-09 07:43:24Z lha $"); */ - -#include -#include -#include - -OM_uint32 -gss_krb5_copy_ccache(OM_uint32 *minor_status, - gss_cred_id_t cred, - krb5_ccache out) -{ - gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; - krb5_context context; - krb5_error_code kret; - krb5_ccache id; - OM_uint32 ret; - char *str; - - ret = gss_inquire_cred_by_oid(minor_status, - cred, - GSS_KRB5_COPY_CCACHE_X, - &data_set); - if (ret) - return ret; - - if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) { - gss_release_buffer_set(minor_status, &data_set); - *minor_status = EINVAL; - return GSS_S_FAILURE; - } - - kret = krb5_init_context(&context); - if (kret) { - *minor_status = kret; - gss_release_buffer_set(minor_status, &data_set); - return GSS_S_FAILURE; - } - - kret = asprintf(&str, "%.*s", (int)data_set->elements[0].length, - (char *)data_set->elements[0].value); - gss_release_buffer_set(minor_status, &data_set); - if (kret == -1) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - kret = krb5_cc_resolve(context, str, &id); - free(str); - if (kret) { - *minor_status = kret; - return GSS_S_FAILURE; - } - - kret = krb5_cc_copy_cache(context, id, out); - krb5_cc_close(context, id); - krb5_free_context(context); - if (kret) { - *minor_status = kret; - return GSS_S_FAILURE; - } - - return ret; -} - -OM_uint32 -gss_krb5_import_cred(OM_uint32 *minor_status, - krb5_ccache id, - krb5_principal keytab_principal, - krb5_keytab keytab, - gss_cred_id_t *cred) -{ - gss_buffer_desc buffer; - OM_uint32 major_status; - krb5_context context; - krb5_error_code ret; - krb5_storage *sp; - krb5_data data; - char *str; - - *cred = GSS_C_NO_CREDENTIAL; - - ret = krb5_init_context(&context); - if (ret) { - *minor_status = ret; - return GSS_S_FAILURE; - } - - sp = krb5_storage_emem(); - if (sp == NULL) { - *minor_status = ENOMEM; - major_status = GSS_S_FAILURE; - goto out; - } - - if (id) { - ret = krb5_cc_get_full_name(context, id, &str); - if (ret == 0) { - ret = krb5_store_string(sp, str); - free(str); - } - } else - ret = krb5_store_string(sp, ""); - if (ret) { - *minor_status = ret; - major_status = GSS_S_FAILURE; - goto out; - } - - if (keytab_principal) { - ret = krb5_unparse_name(context, keytab_principal, &str); - if (ret == 0) { - ret = krb5_store_string(sp, str); - free(str); - } - } else - krb5_store_string(sp, ""); - if (ret) { - *minor_status = ret; - major_status = GSS_S_FAILURE; - goto out; - } - - - if (keytab) { - ret = krb5_kt_get_full_name(context, keytab, &str); - if (ret == 0) { - ret = krb5_store_string(sp, str); - free(str); - } - } else - krb5_store_string(sp, ""); - if (ret) { - *minor_status = ret; - major_status = GSS_S_FAILURE; - goto out; - } - - ret = krb5_storage_to_data(sp, &data); - if (ret) { - *minor_status = ret; - major_status = GSS_S_FAILURE; - goto out; - } - - buffer.value = data.data; - buffer.length = data.length; - - major_status = gss_set_cred_option(minor_status, - cred, - GSS_KRB5_IMPORT_CRED_X, - &buffer); - krb5_data_free(&data); -out: - if (sp) - krb5_storage_free(sp); - krb5_free_context(context); - return major_status; -} - -OM_uint32 -gsskrb5_register_acceptor_identity(const char *identity) -{ - gss_buffer_desc buffer; - OM_uint32 junk; - - buffer.value = rk_UNCONST(identity); - buffer.length = strlen(identity); - - gss_set_sec_context_option(&junk, NULL, - GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X, &buffer); - - return (GSS_S_COMPLETE); -} - -OM_uint32 -gsskrb5_set_dns_canonicalize(int flag) -{ - gss_buffer_desc buffer; - OM_uint32 junk; - char b = (flag != 0); - - buffer.value = &b; - buffer.length = sizeof(b); - - gss_set_sec_context_option(&junk, NULL, - GSS_KRB5_SET_DNS_CANONICALIZE_X, &buffer); - - return (GSS_S_COMPLETE); -} - - - -static krb5_error_code -set_key(krb5_keyblock *keyblock, gss_krb5_lucid_key_t *key) -{ - key->type = keyblock->keytype; - key->length = keyblock->keyvalue.length; - key->data = malloc(key->length); - if (key->data == NULL && key->length != 0) - return ENOMEM; - memcpy(key->data, keyblock->keyvalue.data, key->length); - return 0; -} - -static void -free_key(gss_krb5_lucid_key_t *key) -{ - memset(key->data, 0, key->length); - free(key->data); - memset(key, 0, sizeof(*key)); -} - -OM_uint32 -gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status, - gss_ctx_id_t *context_handle, - OM_uint32 version, - void **rctx) -{ - krb5_context context = NULL; - krb5_error_code ret; - gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; - OM_uint32 major_status; - gss_krb5_lucid_context_v1_t *ctx = NULL; - krb5_storage *sp = NULL; - uint32_t num; - - if (context_handle == NULL - || *context_handle == GSS_C_NO_CONTEXT - || version != 1) - { - ret = EINVAL; - return GSS_S_FAILURE; - } - - major_status = - gss_inquire_sec_context_by_oid (minor_status, - *context_handle, - GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X, - &data_set); - if (major_status) - return major_status; - - if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) { - gss_release_buffer_set(minor_status, &data_set); - *minor_status = EINVAL; - return GSS_S_FAILURE; - } - - ret = krb5_init_context(&context); - if (ret) - goto out; - - ctx = calloc(1, sizeof(*ctx)); - if (ctx == NULL) { - ret = ENOMEM; - goto out; - } - - sp = krb5_storage_from_mem(data_set->elements[0].value, - data_set->elements[0].length); - if (sp == NULL) { - ret = ENOMEM; - goto out; - } - - ret = krb5_ret_uint32(sp, &num); - if (ret) goto out; - if (num != 1) { - ret = EINVAL; - goto out; - } - ctx->version = 1; - /* initiator */ - ret = krb5_ret_uint32(sp, &ctx->initiate); - if (ret) goto out; - /* endtime */ - ret = krb5_ret_uint32(sp, &ctx->endtime); - if (ret) goto out; - /* send_seq */ - ret = krb5_ret_uint32(sp, &num); - if (ret) goto out; - ctx->send_seq = ((uint64_t)num) << 32; - ret = krb5_ret_uint32(sp, &num); - if (ret) goto out; - ctx->send_seq |= num; - /* recv_seq */ - ret = krb5_ret_uint32(sp, &num); - if (ret) goto out; - ctx->recv_seq = ((uint64_t)num) << 32; - ret = krb5_ret_uint32(sp, &num); - if (ret) goto out; - ctx->recv_seq |= num; - /* protocol */ - ret = krb5_ret_uint32(sp, &ctx->protocol); - if (ret) goto out; - if (ctx->protocol == 0) { - krb5_keyblock key; - - /* sign_alg */ - ret = krb5_ret_uint32(sp, &ctx->rfc1964_kd.sign_alg); - if (ret) goto out; - /* seal_alg */ - ret = krb5_ret_uint32(sp, &ctx->rfc1964_kd.seal_alg); - if (ret) goto out; - /* ctx_key */ - ret = krb5_ret_keyblock(sp, &key); - if (ret) goto out; - ret = set_key(&key, &ctx->rfc1964_kd.ctx_key); - krb5_free_keyblock_contents(context, &key); - if (ret) goto out; - } else if (ctx->protocol == 1) { - krb5_keyblock key; - - /* acceptor_subkey */ - ret = krb5_ret_uint32(sp, &ctx->cfx_kd.have_acceptor_subkey); - if (ret) goto out; - /* ctx_key */ - ret = krb5_ret_keyblock(sp, &key); - if (ret) goto out; - ret = set_key(&key, &ctx->cfx_kd.ctx_key); - krb5_free_keyblock_contents(context, &key); - if (ret) goto out; - /* acceptor_subkey */ - if (ctx->cfx_kd.have_acceptor_subkey) { - ret = krb5_ret_keyblock(sp, &key); - if (ret) goto out; - ret = set_key(&key, &ctx->cfx_kd.acceptor_subkey); - krb5_free_keyblock_contents(context, &key); - if (ret) goto out; - } - } else { - ret = EINVAL; - goto out; - } - - *rctx = ctx; - -out: - gss_release_buffer_set(minor_status, &data_set); - if (sp) - krb5_storage_free(sp); - if (context) - krb5_free_context(context); - - if (ret) { - if (ctx) - gss_krb5_free_lucid_sec_context(NULL, ctx); - - *minor_status = ret; - return GSS_S_FAILURE; - } - *minor_status = 0; - return GSS_S_COMPLETE; -} - -OM_uint32 -gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, void *c) -{ - gss_krb5_lucid_context_v1_t *ctx = c; - - if (ctx->version != 1) { - if (minor_status) - *minor_status = 0; - return GSS_S_FAILURE; - } - - if (ctx->protocol == 0) { - free_key(&ctx->rfc1964_kd.ctx_key); - } else if (ctx->protocol == 1) { - free_key(&ctx->cfx_kd.ctx_key); - if (ctx->cfx_kd.have_acceptor_subkey) - free_key(&ctx->cfx_kd.acceptor_subkey); - } - free(ctx); - if (minor_status) - *minor_status = 0; - return GSS_S_COMPLETE; -} - -/* - * - */ - -OM_uint32 -gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, - gss_cred_id_t cred, - OM_uint32 num_enctypes, - int32_t *enctypes) -{ - krb5_error_code ret; - OM_uint32 maj_status; - gss_buffer_desc buffer; - krb5_storage *sp; - krb5_data data; - int i; - - sp = krb5_storage_emem(); - if (sp == NULL) { - *minor_status = ENOMEM; - maj_status = GSS_S_FAILURE; - goto out; - } - - for (i = 0; i < num_enctypes; i++) { - ret = krb5_store_int32(sp, enctypes[i]); - if (ret) { - *minor_status = ret; - maj_status = GSS_S_FAILURE; - goto out; - } - } - - ret = krb5_storage_to_data(sp, &data); - if (ret) { - *minor_status = ret; - maj_status = GSS_S_FAILURE; - goto out; - } - - buffer.value = data.data; - buffer.length = data.length; - - maj_status = gss_set_cred_option(minor_status, - &cred, - GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X, - &buffer); - krb5_data_free(&data); -out: - if (sp) - krb5_storage_free(sp); - return maj_status; -} - -/* - * - */ - -OM_uint32 -gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *c) -{ - gss_buffer_desc buffer; - OM_uint32 junk; - - if (c) { - buffer.value = c; - buffer.length = sizeof(*c); - } else { - buffer.value = NULL; - buffer.length = 0; - } - - gss_set_sec_context_option(&junk, NULL, - GSS_KRB5_SEND_TO_KDC_X, &buffer); - - return (GSS_S_COMPLETE); -} - -/* - * - */ - -OM_uint32 -gss_krb5_ccache_name(OM_uint32 *minor_status, - const char *name, - const char **out_name) -{ - gss_buffer_desc buffer; - OM_uint32 junk; - - if (out_name) - *out_name = NULL; - - buffer.value = rk_UNCONST(name); - buffer.length = strlen(name); - - gss_set_sec_context_option(&junk, NULL, - GSS_KRB5_CCACHE_NAME_X, &buffer); - - return (GSS_S_COMPLETE); -} - - -/* - * - */ - -OM_uint32 -gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - time_t *authtime) -{ - gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; - OM_uint32 maj_stat; - - if (context_handle == GSS_C_NO_CONTEXT) { - *minor_status = EINVAL; - return GSS_S_FAILURE; - } - - maj_stat = - gss_inquire_sec_context_by_oid (minor_status, - context_handle, - GSS_KRB5_GET_AUTHTIME_X, - &data_set); - if (maj_stat) - return maj_stat; - - if (data_set == GSS_C_NO_BUFFER_SET) { - gss_release_buffer_set(minor_status, &data_set); - *minor_status = EINVAL; - return GSS_S_FAILURE; - } - - if (data_set->count != 1) { - gss_release_buffer_set(minor_status, &data_set); - *minor_status = EINVAL; - return GSS_S_FAILURE; - } - - if (data_set->elements[0].length != 4) { - gss_release_buffer_set(minor_status, &data_set); - *minor_status = EINVAL; - return GSS_S_FAILURE; - } - - { - unsigned char *buf = data_set->elements[0].value; - *authtime = (buf[3] <<24) | (buf[2] << 16) | - (buf[1] << 8) | (buf[0] << 0); - } - - gss_release_buffer_set(minor_status, &data_set); - - *minor_status = 0; - return GSS_S_COMPLETE; -} - -/* - * - */ - -OM_uint32 -gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - int ad_type, - gss_buffer_t ad_data) -{ - gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; - OM_uint32 maj_stat; - gss_OID_desc oid_flat; - heim_oid baseoid, oid; - size_t size; - - if (context_handle == GSS_C_NO_CONTEXT) { - *minor_status = EINVAL; - return GSS_S_FAILURE; - } - - /* All this to append an integer to an oid... */ - - if (der_get_oid(GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X->elements, - GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X->length, - &baseoid, NULL) != 0) { - *minor_status = EINVAL; - return GSS_S_FAILURE; - } - - oid.length = baseoid.length + 1; - oid.components = calloc(oid.length, sizeof(*oid.components)); - if (oid.components == NULL) { - der_free_oid(&baseoid); - - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - memcpy(oid.components, baseoid.components, - baseoid.length * sizeof(*baseoid.components)); - - der_free_oid(&baseoid); - - oid.components[oid.length - 1] = ad_type; - - oid_flat.length = der_length_oid(&oid); - oid_flat.elements = malloc(oid_flat.length); - if (oid_flat.elements == NULL) { - free(oid.components); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - if (der_put_oid((unsigned char *)oid_flat.elements + oid_flat.length - 1, - oid_flat.length, &oid, &size) != 0) { - free(oid.components); - free(oid_flat.elements); - *minor_status = EINVAL; - return GSS_S_FAILURE; - } - if (oid_flat.length != size) - abort(); - - free(oid.components); - - /* FINALLY, we have the OID */ - - maj_stat = gss_inquire_sec_context_by_oid (minor_status, - context_handle, - &oid_flat, - &data_set); - - free(oid_flat.elements); - - if (maj_stat) - return maj_stat; - - if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) { - gss_release_buffer_set(minor_status, &data_set); - *minor_status = EINVAL; - return GSS_S_FAILURE; - } - - ad_data->value = malloc(data_set->elements[0].length); - if (ad_data->value == NULL) { - gss_release_buffer_set(minor_status, &data_set); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - ad_data->length = data_set->elements[0].length; - memcpy(ad_data->value, data_set->elements[0].value, ad_data->length); - gss_release_buffer_set(minor_status, &data_set); - - *minor_status = 0; - return GSS_S_COMPLETE; -} - -/* - * - */ - -static OM_uint32 -gsskrb5_extract_key(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - const gss_OID oid, - krb5_keyblock **keyblock) -{ - krb5_error_code ret; - gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; - OM_uint32 major_status; - krb5_context context = NULL; - krb5_storage *sp = NULL; - - if (context_handle == GSS_C_NO_CONTEXT) { - ret = EINVAL; - return GSS_S_FAILURE; - } - - ret = krb5_init_context(&context); - if(ret) { - *minor_status = ret; - return GSS_S_FAILURE; - } - - major_status = - gss_inquire_sec_context_by_oid (minor_status, - context_handle, - oid, - &data_set); - if (major_status) - return major_status; - - if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) { - gss_release_buffer_set(minor_status, &data_set); - *minor_status = EINVAL; - return GSS_S_FAILURE; - } - - sp = krb5_storage_from_mem(data_set->elements[0].value, - data_set->elements[0].length); - if (sp == NULL) { - ret = ENOMEM; - goto out; - } - - *keyblock = calloc(1, sizeof(**keyblock)); - if (keyblock == NULL) { - ret = ENOMEM; - goto out; - } - - ret = krb5_ret_keyblock(sp, *keyblock); - -out: - gss_release_buffer_set(minor_status, &data_set); - if (sp) - krb5_storage_free(sp); - if (ret && keyblock) { - krb5_free_keyblock(context, *keyblock); - *keyblock = NULL; - } - if (context) - krb5_free_context(context); - - *minor_status = ret; - if (ret) - return GSS_S_FAILURE; - - return GSS_S_COMPLETE; -} - -/* - * - */ - -OM_uint32 -gsskrb5_extract_service_keyblock(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - krb5_keyblock **keyblock) -{ - return gsskrb5_extract_key(minor_status, - context_handle, - GSS_KRB5_GET_SERVICE_KEYBLOCK_X, - keyblock); -} - -OM_uint32 -gsskrb5_get_initiator_subkey(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - krb5_keyblock **keyblock) -{ - return gsskrb5_extract_key(minor_status, - context_handle, - GSS_KRB5_GET_INITIATOR_SUBKEY_X, - keyblock); -} - -OM_uint32 -gsskrb5_get_subkey(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - krb5_keyblock **keyblock) -{ - return gsskrb5_extract_key(minor_status, - context_handle, - GSS_KRB5_GET_SUBKEY_X, - keyblock); -} - -OM_uint32 -gsskrb5_set_default_realm(const char *realm) -{ - gss_buffer_desc buffer; - OM_uint32 junk; - - buffer.value = rk_UNCONST(realm); - buffer.length = strlen(realm); - - gss_set_sec_context_option(&junk, NULL, - GSS_KRB5_SET_DEFAULT_REALM_X, &buffer); - - return (GSS_S_COMPLETE); -} - -OM_uint32 -gss_krb5_get_tkt_flags(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - OM_uint32 *tkt_flags) -{ - - OM_uint32 major_status; - gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; - - if (context_handle == GSS_C_NO_CONTEXT) { - *minor_status = EINVAL; - return GSS_S_FAILURE; - } - - major_status = - gss_inquire_sec_context_by_oid (minor_status, - context_handle, - GSS_KRB5_GET_TKT_FLAGS_X, - &data_set); - if (major_status) - return major_status; - - if (data_set == GSS_C_NO_BUFFER_SET || - data_set->count != 1 || - data_set->elements[0].length < 4) { - gss_release_buffer_set(minor_status, &data_set); - *minor_status = EINVAL; - return GSS_S_FAILURE; - } - - { - const u_char *p = data_set->elements[0].value; - *tkt_flags = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24); - } - - gss_release_buffer_set(minor_status, &data_set); - return GSS_S_COMPLETE; -} - diff --git a/kerberos5/lib/libgssapi_krb5/gss_oid.c b/kerberos5/lib/libgssapi_krb5/gss_oid.c deleted file mode 100644 --- a/kerberos5/lib/libgssapi_krb5/gss_oid.c +++ /dev/null @@ -1,226 +0,0 @@ -/* Generated file */ -#include -#include -#include "config.h" - -/* GSS_KRB5_COPY_CCACHE_X - 1.2.752.43.13.1 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_copy_ccache_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x01") }; - -/* GSS_KRB5_GET_TKT_FLAGS_X - 1.2.752.43.13.2 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_tkt_flags_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x02") }; - -/* GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X - 1.2.752.43.13.3 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03") }; - -/* GSS_KRB5_COMPAT_DES3_MIC_X - 1.2.752.43.13.4 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_compat_des3_mic_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x04") }; - -/* GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X - 1.2.752.43.13.5 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_register_acceptor_identity_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x05") }; - -/* GSS_KRB5_EXPORT_LUCID_CONTEXT_X - 1.2.752.43.13.6 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06") }; - -/* GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X - 1.2.752.43.13.6.1 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_v1_x_oid_desc = { 7, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06\x01") }; - -/* GSS_KRB5_SET_DNS_CANONICALIZE_X - 1.2.752.43.13.7 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_dns_canonicalize_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x07") }; - -/* GSS_KRB5_GET_SUBKEY_X - 1.2.752.43.13.8 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_subkey_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x08") }; - -/* GSS_KRB5_GET_INITIATOR_SUBKEY_X - 1.2.752.43.13.9 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_initiator_subkey_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x09") }; - -/* GSS_KRB5_GET_ACCEPTOR_SUBKEY_X - 1.2.752.43.13.10 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_acceptor_subkey_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0a") }; - -/* GSS_KRB5_SEND_TO_KDC_X - 1.2.752.43.13.11 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_send_to_kdc_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0b") }; - -/* GSS_KRB5_GET_AUTHTIME_X - 1.2.752.43.13.12 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_authtime_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0c") }; - -/* GSS_KRB5_GET_SERVICE_KEYBLOCK_X - 1.2.752.43.13.13 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_service_keyblock_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0d") }; - -/* GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X - 1.2.752.43.13.14 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_allowable_enctypes_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0e") }; - -/* GSS_KRB5_SET_DEFAULT_REALM_X - 1.2.752.43.13.15 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_default_realm_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0f") }; - -/* GSS_KRB5_CCACHE_NAME_X - 1.2.752.43.13.16 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_ccache_name_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x10") }; - -/* GSS_KRB5_SET_TIME_OFFSET_X - 1.2.752.43.13.17 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_time_offset_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11") }; - -/* GSS_KRB5_GET_TIME_OFFSET_X - 1.2.752.43.13.18 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_time_offset_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x12") }; - -/* GSS_KRB5_PLUGIN_REGISTER_X - 1.2.752.43.13.19 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_plugin_register_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x13") }; - -/* GSS_NTLM_GET_SESSION_KEY_X - 1.2.752.43.13.20 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_get_session_key_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x14") }; - -/* GSS_C_NT_NTLM - 1.2.752.43.13.21 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_ntlm_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x15") }; - -/* GSS_C_NT_DN - 1.2.752.43.13.22 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_dn_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x16") }; - -/* GSS_KRB5_NT_PRINCIPAL_NAME_REFERRAL - 1.2.752.43.13.23 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_referral_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x17") }; - -/* GSS_C_NTLM_AVGUEST - 1.2.752.43.13.24 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_avguest_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x18") }; - -/* GSS_C_NTLM_V1 - 1.2.752.43.13.25 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v1_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x19") }; - -/* GSS_C_NTLM_V2 - 1.2.752.43.13.26 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v2_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1a") }; - -/* GSS_C_NTLM_SESSION_KEY - 1.2.752.43.13.27 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_session_key_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1b") }; - -/* GSS_C_NTLM_FORCE_V1 - 1.2.752.43.13.28 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_force_v1_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1c") }; - -/* GSS_KRB5_CRED_NO_CI_FLAGS_X - 1.2.752.43.13.29 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_cred_no_ci_flags_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1d") }; - -/* GSS_KRB5_IMPORT_CRED_X - 1.2.752.43.13.30 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_import_cred_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1e") }; - -/* GSS_C_MA_SASL_MECH_NAME - 1.2.752.43.13.100 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_sasl_mech_name_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x64") }; - -/* GSS_C_MA_MECH_NAME - 1.2.752.43.13.101 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_name_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x65") }; - -/* GSS_C_MA_MECH_DESCRIPTION - 1.2.752.43.13.102 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_description_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x66") }; - -/* GSS_C_CRED_PASSWORD - 1.2.752.43.13.200 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_cred_password_oid_desc = { 7, "\x2a\x85\x70\x2b\x0d\x81\x48" }; - -/* GSS_C_CRED_CERTIFICATE - 1.2.752.43.13.201 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_cred_certificate_oid_desc = { 7, "\x2a\x85\x70\x2b\x0d\x81\x49" }; - -/* GSS_SASL_DIGEST_MD5_MECHANISM - 1.2.752.43.14.1 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") }; - -/* GSS_NETLOGON_MECHANISM - 1.2.752.43.14.2 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_mechanism_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x02") }; - -/* GSS_NETLOGON_SET_SESSION_KEY_X - 1.2.752.43.14.3 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_session_key_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x03") }; - -/* GSS_NETLOGON_SET_SIGN_ALGORITHM_X - 1.2.752.43.14.4 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_sign_algorithm_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x04") }; - -/* GSS_NETLOGON_NT_NETBIOS_DNS_NAME - 1.2.752.43.14.5 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_nt_netbios_dns_name_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x05") }; - -/* GSS_C_INQ_WIN2K_PAC_X - 1.2.752.43.13.3.128 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_win2k_pac_x_oid_desc = { 8, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03\x81\x00") }; - -/* GSS_C_INQ_SSPI_SESSION_KEY - 1.2.840.113554.1.2.2.5.5 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_sspi_session_key_oid_desc = { 11, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05") }; - -/* GSS_KRB5_MECHANISM - 1.2.840.113554.1.2.2 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc = { 9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") }; - -/* GSS_NTLM_MECHANISM - 1.3.6.1.4.1.311.2.2.10 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_mechanism_oid_desc = { 10, rk_UNCONST("\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a") }; - -/* GSS_SPNEGO_MECHANISM - 1.3.6.1.5.5.2 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_spnego_mechanism_oid_desc = { 6, rk_UNCONST("\x2b\x06\x01\x05\x05\x02") }; - -/* GSS_C_PEER_HAS_UPDATED_SPNEGO - 1.3.6.1.4.1.9513.19.5 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_peer_has_updated_spnego_oid_desc = { 9, rk_UNCONST("\x2b\x06\x01\x04\x01\xca\x29\x13\x05") }; - -/* GSS_C_MA_MECH_CONCRETE - 1.3.6.1.5.5.13.1 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_concrete_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x01") }; - -/* GSS_C_MA_MECH_PSEUDO - 1.3.6.1.5.5.13.2 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_pseudo_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x02") }; - -/* GSS_C_MA_MECH_COMPOSITE - 1.3.6.1.5.5.13.3 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_composite_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x03") }; - -/* GSS_C_MA_MECH_NEGO - 1.3.6.1.5.5.13.4 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_nego_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x04") }; - -/* GSS_C_MA_MECH_GLUE - 1.3.6.1.5.5.13.5 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_glue_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x05") }; - -/* GSS_C_MA_NOT_MECH - 1.3.6.1.5.5.13.6 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_mech_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x06") }; - -/* GSS_C_MA_DEPRECATED - 1.3.6.1.5.5.13.7 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deprecated_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x07") }; - -/* GSS_C_MA_NOT_DFLT_MECH - 1.3.6.1.5.5.13.8 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_dflt_mech_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x08") }; - -/* GSS_C_MA_ITOK_FRAMED - 1.3.6.1.5.5.13.9 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_itok_framed_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x09") }; - -/* GSS_C_MA_AUTH_INIT - 1.3.6.1.5.5.13.10 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0a") }; - -/* GSS_C_MA_AUTH_TARG - 1.3.6.1.5.5.13.11 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0b") }; - -/* GSS_C_MA_AUTH_INIT_INIT - 1.3.6.1.5.5.13.12 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_init_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0c") }; - -/* GSS_C_MA_AUTH_TARG_INIT - 1.3.6.1.5.5.13.13 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_init_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0d") }; - -/* GSS_C_MA_AUTH_INIT_ANON - 1.3.6.1.5.5.13.14 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_anon_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0e") }; - -/* GSS_C_MA_AUTH_TARG_ANON - 1.3.6.1.5.5.13.15 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_anon_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0f") }; - -/* GSS_C_MA_DELEG_CRED - 1.3.6.1.5.5.13.16 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deleg_cred_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x10") }; - -/* GSS_C_MA_INTEG_PROT - 1.3.6.1.5.5.13.17 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_integ_prot_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x11") }; - -/* GSS_C_MA_CONF_PROT - 1.3.6.1.5.5.13.18 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_conf_prot_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x12") }; - -/* GSS_C_MA_MIC - 1.3.6.1.5.5.13.19 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mic_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x13") }; - -/* GSS_C_MA_WRAP - 1.3.6.1.5.5.13.20 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_wrap_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x14") }; - -/* GSS_C_MA_PROT_READY - 1.3.6.1.5.5.13.21 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_prot_ready_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x15") }; - -/* GSS_C_MA_REPLAY_DET - 1.3.6.1.5.5.13.22 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_replay_det_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x16") }; - -/* GSS_C_MA_OOS_DET - 1.3.6.1.5.5.13.23 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_oos_det_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x17") }; - -/* GSS_C_MA_CBINDINGS - 1.3.6.1.5.5.13.24 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_cbindings_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x18") }; - -/* GSS_C_MA_PFS - 1.3.6.1.5.5.13.25 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_pfs_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x19") }; - -/* GSS_C_MA_COMPRESS - 1.3.6.1.5.5.13.26 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_compress_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x1a") }; - -/* GSS_C_MA_CTX_TRANS - 1.3.6.1.5.5.13.27 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_ctx_trans_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x1b") }; diff --git a/kerberos5/lib/libgssapi_krb5/pname_to_uid.c b/kerberos5/lib/libgssapi_krb5/pname_to_uid.c deleted file mode 100644 --- a/kerberos5/lib/libgssapi_krb5/pname_to_uid.c +++ /dev/null @@ -1,84 +0,0 @@ -/*- - * SPDX-License-Identifier: BSD-2-Clause - * - * Copyright (c) 2008 Isilon Inc http://www.isilon.com/ - * Authors: Doug Rabson - * Developed with Red Inc: Alfred Perlstein - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include -#include - -#include "krb5/gsskrb5_locl.h" - -OM_uint32 -_gsskrb5_pname_to_uid(OM_uint32 *minor_status, const gss_name_t pname, - const gss_OID mech, uid_t *uidp) -{ - krb5_context context; - krb5_const_principal name = (krb5_const_principal) pname; - krb5_error_code kret; - char lname[MAXLOGNAME + 1], buf[1024], *bufp; - struct passwd pwd, *pw; - size_t buflen; - int error; - OM_uint32 ret; - static size_t buflen_hint = 1024; - - GSSAPI_KRB5_INIT (&context); - - kret = krb5_aname_to_localname(context, name, sizeof(lname), lname); - if (kret) { - *minor_status = kret; - return (GSS_S_FAILURE); - } - - *minor_status = 0; - buflen = buflen_hint; - for (;;) { - pw = NULL; - bufp = buf; - if (buflen > sizeof(buf)) - bufp = malloc(buflen); - if (bufp == NULL) - break; - error = getpwnam_r(lname, &pwd, bufp, buflen, &pw); - if (error != ERANGE) - break; - if (buflen > sizeof(buf)) - free(bufp); - buflen += 1024; - if (buflen > buflen_hint) - buflen_hint = buflen; - } - if (pw) { - *uidp = pw->pw_uid; - ret = GSS_S_COMPLETE; - } else { - ret = GSS_S_FAILURE; - } - if (bufp != NULL && buflen > sizeof(buf)) - free(bufp); - return (ret); -} diff --git a/kerberos5/lib/libgssapi_ntlm/Makefile b/kerberos5/lib/libgssapi_ntlm/Makefile --- a/kerberos5/lib/libgssapi_ntlm/Makefile +++ b/kerberos5/lib/libgssapi_ntlm/Makefile @@ -3,7 +3,7 @@ LIB= gssapi_ntlm LDFLAGS= -Wl,-Bsymbolic -Wl,--no-undefined -LIBADD= crypto gssapi krb5 heimntlm roken +LIBADD= hcrypto gssapi krb5 heimntlm roken SHLIB_MAJOR= 10 SRCS= accept_sec_context.c \ diff --git a/kerberos5/lib/libhcrypto/Makefile b/kerberos5/lib/libhcrypto/Makefile new file mode 100644 --- /dev/null +++ b/kerberos5/lib/libhcrypto/Makefile @@ -0,0 +1,229 @@ + +PACKAGE= kerberos-lib + +LIB= hcrypto +LDFLAGS= -Wl,--no-undefined +VERSION_MAP= ${KRB5DIR}/lib/hcrypto/version-script.map +LIBADD= crypto crypt roken asn1 heimbase +CFLAGS+= -I${KRB5DIR}/lib/hx509 \ + -I${KRB5DIR}/lib/hcrypto \ + -I${KRB5DIR}/lib/hcrypto/libtommath -DUSE_HCRYPTO_LTM=1 \ + -I${SRCTOP}/kerberos5/include/hcrypto \ + -I. + +INCS= aes.h \ + bn.h \ + des.h \ + dh.h \ + dsa.h \ + ec.h \ + ecdh.h \ + ecdsa.h \ + engine.h \ + evp.h \ + evp-hcrypto.h \ + evp-cc.h \ + evp-openssl.h \ + evp-pkcs11.h \ + hmac.h \ + md4.h \ + md5.h \ + pkcs12.h \ + rand.h \ + rc2.h \ + rc4.h \ + rsa.h \ + sha.h \ + ui.h \ + undef.h + +SRCS= aes.c \ + aes.h \ + bn.c \ + bn.h \ + common.c \ + common.h \ + camellia.h \ + camellia.c \ + camellia-ntt.c \ + camellia-ntt.h \ + des-tables.h \ + des.c \ + des.h \ + dh.c \ + dh.h \ + dh-ltm.c \ + dsa.c \ + dsa.h \ + doxygen.c \ + evp.c \ + evp.h \ + evp-hcrypto.c \ + evp-cc.c \ + evp-openssl.c \ + evp-pkcs11.c \ + engine.c \ + engine.h \ + hash.h \ + hmac.c \ + hmac.h \ + md4.c \ + md4.h \ + md5.c \ + md5.h \ + pkcs5.c \ + pkcs12.c \ + rand-fortuna.c \ + rand-timer.c \ + rand-unix.c \ + rand.c \ + rand.h \ + randi.h \ + rc2.c \ + rc2.h \ + rc4.c \ + rc4.h \ + rijndael-alg-fst.c \ + rijndael-alg-fst.h \ + rnd_keys.c \ + rsa.c \ + rsa-gmp.c \ + rsa-ltm.c \ + rsa.h \ + sha.c \ + sha.h \ + sha256.c \ + sha512.c \ + validate.c \ + ui.c \ + ui.h \ + undef.h + +SRCS+= libtommath/tommath.h \ + libtommath/tommath_class.h \ + libtommath/tommath_superclass.h \ + libtommath/bncore.c \ + libtommath/bn_mp_init.c \ + libtommath/bn_mp_clear.c \ + libtommath/bn_mp_exch.c \ + libtommath/bn_mp_grow.c \ + libtommath/bn_mp_shrink.c \ + libtommath/bn_mp_clamp.c \ + libtommath/bn_mp_zero.c \ + libtommath/bn_mp_zero_multi.c \ + libtommath/bn_mp_set.c \ + libtommath/bn_mp_set_int.c \ + libtommath/bn_mp_init_size.c \ + libtommath/bn_mp_copy.c \ + libtommath/bn_mp_init_copy.c \ + libtommath/bn_mp_abs.c \ + libtommath/bn_mp_neg.c \ + libtommath/bn_mp_cmp_mag.c \ + libtommath/bn_mp_cmp.c \ + libtommath/bn_mp_cmp_d.c \ + libtommath/bn_mp_rshd.c \ + libtommath/bn_mp_lshd.c \ + libtommath/bn_mp_mod_2d.c \ + libtommath/bn_mp_div_2d.c \ + libtommath/bn_mp_mul_2d.c \ + libtommath/bn_mp_div_2.c \ + libtommath/bn_mp_mul_2.c \ + libtommath/bn_s_mp_add.c \ + libtommath/bn_s_mp_sub.c \ + libtommath/bn_fast_s_mp_mul_digs.c \ + libtommath/bn_s_mp_mul_digs.c \ + libtommath/bn_fast_s_mp_mul_high_digs.c \ + libtommath/bn_s_mp_mul_high_digs.c \ + libtommath/bn_fast_s_mp_sqr.c \ + libtommath/bn_s_mp_sqr.c \ + libtommath/bn_mp_add.c \ + libtommath/bn_mp_sub.c \ + libtommath/bn_mp_karatsuba_mul.c \ + libtommath/bn_mp_mul.c \ + libtommath/bn_mp_karatsuba_sqr.c \ + libtommath/bn_mp_sqr.c \ + libtommath/bn_mp_div.c \ + libtommath/bn_mp_mod.c \ + libtommath/bn_mp_add_d.c \ + libtommath/bn_mp_sub_d.c \ + libtommath/bn_mp_mul_d.c \ + libtommath/bn_mp_div_d.c \ + libtommath/bn_mp_mod_d.c \ + libtommath/bn_mp_expt_d.c \ + libtommath/bn_mp_addmod.c \ + libtommath/bn_mp_submod.c \ + libtommath/bn_mp_mulmod.c \ + libtommath/bn_mp_sqrmod.c \ + libtommath/bn_mp_gcd.c \ + libtommath/bn_mp_lcm.c \ + libtommath/bn_fast_mp_invmod.c \ + libtommath/bn_mp_invmod.c \ + libtommath/bn_mp_reduce.c \ + libtommath/bn_mp_montgomery_setup.c \ + libtommath/bn_fast_mp_montgomery_reduce.c \ + libtommath/bn_mp_montgomery_reduce.c \ + libtommath/bn_mp_exptmod_fast.c \ + libtommath/bn_mp_exptmod.c \ + libtommath/bn_mp_2expt.c \ + libtommath/bn_mp_n_root.c \ + libtommath/bn_mp_jacobi.c \ + libtommath/bn_reverse.c \ + libtommath/bn_mp_count_bits.c \ + libtommath/bn_mp_read_unsigned_bin.c \ + libtommath/bn_mp_read_signed_bin.c \ + libtommath/bn_mp_to_unsigned_bin.c \ + libtommath/bn_mp_to_signed_bin.c \ + libtommath/bn_mp_unsigned_bin_size.c \ + libtommath/bn_mp_signed_bin_size.c \ + libtommath/bn_mp_xor.c \ + libtommath/bn_mp_and.c \ + libtommath/bn_mp_or.c \ + libtommath/bn_mp_rand.c \ + libtommath/bn_mp_montgomery_calc_normalization.c \ + libtommath/bn_mp_prime_is_divisible.c \ + libtommath/bn_prime_tab.c \ + libtommath/bn_mp_prime_fermat.c \ + libtommath/bn_mp_prime_miller_rabin.c \ + libtommath/bn_mp_prime_is_prime.c \ + libtommath/bn_mp_prime_next_prime.c \ + libtommath/bn_mp_find_prime.c \ + libtommath/bn_mp_dr_reduce.c \ + libtommath/bn_mp_dr_is_modulus.c \ + libtommath/bn_mp_dr_setup.c \ + libtommath/bn_mp_reduce_setup.c \ + libtommath/bn_mp_toom_mul.c \ + libtommath/bn_mp_toom_sqr.c \ + libtommath/bn_mp_div_3.c \ + libtommath/bn_s_mp_exptmod.c \ + libtommath/bn_mp_reduce_2k.c \ + libtommath/bn_mp_reduce_is_2k.c \ + libtommath/bn_mp_reduce_2k_setup.c \ + libtommath/bn_mp_reduce_2k_l.c \ + libtommath/bn_mp_reduce_is_2k_l.c \ + libtommath/bn_mp_reduce_2k_setup_l.c \ + libtommath/bn_mp_radix_smap.c \ + libtommath/bn_mp_read_radix.c \ + libtommath/bn_mp_toradix.c \ + libtommath/bn_mp_radix_size.c \ + libtommath/bn_mp_fread.c \ + libtommath/bn_mp_fwrite.c \ + libtommath/bn_mp_cnt_lsb.c \ + libtommath/bn_error.c \ + libtommath/bn_mp_init_multi.c \ + libtommath/bn_mp_clear_multi.c \ + libtommath/bn_mp_exteuclid.c \ + libtommath/bn_mp_toradix_n.c \ + libtommath/bn_mp_prime_random_ex.c \ + libtommath/bn_mp_get_int.c \ + libtommath/bn_mp_sqrt.c \ + libtommath/bn_mp_is_square.c \ + libtommath/bn_mp_init_set.c \ + libtommath/bn_mp_init_set_int.c \ + libtommath/bn_mp_invmod_slow.c \ + libtommath/bn_mp_prime_rabin_miller_trials.c \ + libtommath/bn_mp_to_signed_bin_n.c \ + libtommath/bn_mp_to_unsigned_bin_n.c + +.include + +.PATH: ${KRB5DIR}/lib/hcrypto diff --git a/kerberos5/usr.sbin/ktutil/Makefile.depend b/kerberos5/lib/libhcrypto/Makefile.depend rename from kerberos5/usr.sbin/ktutil/Makefile.depend rename to kerberos5/lib/libhcrypto/Makefile.depend --- a/kerberos5/usr.sbin/ktutil/Makefile.depend +++ b/kerberos5/lib/libhcrypto/Makefile.depend @@ -5,17 +5,16 @@ include/arpa \ include/xlocale \ kerberos5/lib/libasn1 \ - kerberos5/lib/libkadm5clnt \ - kerberos5/lib/libkrb5 \ kerberos5/lib/libroken \ - kerberos5/lib/libsl \ - kerberos5/lib/libvers \ - kerberos5/tools/slc.host \ + kerberos5/lib/libwind \ + kerberos5/tools/asn1_compile.host \ lib/${CSU_DIR} \ lib/libc \ + lib/libcom_err \ lib/libcompiler_rt \ - lib/libedit \ secure/lib/libcrypto \ + usr.bin/compile_et.host \ + usr.bin/yacc.host \ .include diff --git a/kerberos5/lib/libhdb/Makefile b/kerberos5/lib/libhdb/Makefile --- a/kerberos5/lib/libhdb/Makefile +++ b/kerberos5/lib/libhdb/Makefile @@ -4,7 +4,7 @@ LIB= hdb LDFLAGS= -Wl,--no-undefined ${LDAPLDFLAGS} VERSION_MAP= ${KRB5DIR}/lib/hdb/version-script.map -LIBADD= asn1 com_err krb5 roken sqlite3 +LIBADD= asn1 com_err hcrypto heimbase krb5 roken sqlite3 LDADD= ${LDAPLDADD} DPADD= ${LDAPDPADD} @@ -42,7 +42,7 @@ SRCS= common.c \ db.c \ - dbinfo.c \ + db3.c \ ext.c \ hdb-ldap.c \ hdb.c \ @@ -50,9 +50,12 @@ hdb_err.h \ hdb-sqlite.c \ hdb-keytab.c \ + hdb-mdb.c \ hdb-mitdb.c \ + hdb_locl.h \ keys.c \ keytab.c \ + dbinfo.c \ mkey.c \ ndbm.c \ print.c \ @@ -77,11 +80,13 @@ asn1_HDB_Ext_Lan_Manager_OWF.x \ asn1_HDB_Ext_Password.x \ asn1_HDB_Ext_Aliases.x \ + asn1_HDB_Ext_KeySet.x \ asn1_HDB_extension.x \ asn1_HDB_extensions.x \ asn1_hdb_entry.x \ asn1_hdb_entry_alias.x \ asn1_hdb_keyset.x \ + asn1_Keys.x \ hdb_asn1.hx \ hdb_asn1-priv.hx @@ -91,7 +96,7 @@ .ORDER: ${GEN} ${GEN:[2..-1]}: .NOMETA ${GEN}: hdb.asn1 - ${ASN1_COMPILE} ${.ALLSRC:M*.asn1} hdb_asn1 + ${ASN1_COMPILE} --sequence=HDB-Ext-KeySet --sequence=Keys ${.ALLSRC:M*.asn1} hdb_asn1 .SUFFIXES: .h .c .x .hx diff --git a/kerberos5/lib/libheimbase/Makefile b/kerberos5/lib/libheimbase/Makefile --- a/kerberos5/lib/libheimbase/Makefile +++ b/kerberos5/lib/libheimbase/Makefile @@ -3,22 +3,35 @@ LIB= heimbase LDFLAGS= -Wl,--no-undefined -LIBADD= pthread -VERSION_MAP= ${KRB5DIR}/base/version-script.map +VERSION_MAP= ${KRB5DIR}/lib/base/version-script.map INCS= heimbase.h SRCS= \ array.c \ + base64.c \ bool.c \ + bsearch.c \ + data.c \ + db.c \ dict.c \ + dll.c \ + error.c \ heimbase.c \ + json.c \ null.c \ number.c \ - string.c + string.c \ + test_base.c CFLAGS+= -I${KRB5DIR}/include +CLEANFILES= base64.c + +base64.c: + rm -f base64.c + ln -s ${KRB5DIR}/lib/roken/base64.c . + .include -.PATH: ${KRB5DIR}/base +.PATH: ${KRB5DIR}/lib/base diff --git a/kerberos5/lib/libheimntlm/Makefile b/kerberos5/lib/libheimntlm/Makefile --- a/kerberos5/lib/libheimntlm/Makefile +++ b/kerberos5/lib/libheimntlm/Makefile @@ -3,7 +3,7 @@ LIB= heimntlm LDFLAGS= -Wl,--no-undefined -LIBADD= crypto com_err krb5 roken +LIBADD= com_err hcrypto krb5 roken wind SRCS= ntlm.c ntlm_err.c ntlm_err.h INCS= heimntlm.h heimntlm-protos.h ntlm_err.h CFLAGS+=-I${KRB5DIR}/lib/ntlm -I${KRB5DIR}/lib/roken \ diff --git a/kerberos5/lib/libhx509/Makefile b/kerberos5/lib/libhx509/Makefile --- a/kerberos5/lib/libhx509/Makefile +++ b/kerberos5/lib/libhx509/Makefile @@ -4,7 +4,7 @@ LIB= hx509 LDFLAGS= -Wl,--no-undefined VERSION_MAP= ${KRB5DIR}/lib/hx509/version-script.map -LIBADD= asn1 com_err crypto roken wind +LIBADD= asn1 com_err crypto hcrypto heimbase roken wind MAN= hx509.3 \ hx509_ca.3 \ @@ -179,6 +179,7 @@ cms.c \ collector.c \ crypto.c \ + crypto-ec.c \ doxygen.c \ error.c \ env.c \ diff --git a/kerberos5/lib/libkadm5clnt/Makefile b/kerberos5/lib/libkadm5clnt/Makefile --- a/kerberos5/lib/libkadm5clnt/Makefile +++ b/kerberos5/lib/libkadm5clnt/Makefile @@ -36,7 +36,7 @@ send_recv.c CFLAGS+=-I${KRB5DIR}/lib/kadm5 -I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken \ - -I${SRCTOP}/contrib/com_err -I. + -I${SRCTOP}/contrib/com_err -I${KRB5DIR}/lib/krb5 -I. .include diff --git a/kerberos5/lib/libkadm5srv/Makefile b/kerberos5/lib/libkadm5srv/Makefile --- a/kerberos5/lib/libkadm5srv/Makefile +++ b/kerberos5/lib/libkadm5srv/Makefile @@ -3,7 +3,7 @@ LIB= kadm5srv LDFLAGS= -Wl,--no-undefined -LIBADD= com_err hdb krb5 roken +LIBADD= com_err hdb heimbase krb5 roken VERSION_MAP= ${KRB5DIR}/lib/kadm5/version-script.map MAN= kadm5_pwcheck.3 @@ -33,11 +33,12 @@ randkey_s.c \ rename_s.c \ server_glue.c \ + setkey3_s.c \ set_keys.c \ set_modifier.c CFLAGS+=-I${KRB5DIR}/lib/kadm5 -I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken \ - -I${SRCTOP}/contrib/com_err -I. + -I${SRCTOP}/contrib/com_err -I${KRB5DIR}/lib/krb5 -I. .include diff --git a/kerberos5/lib/libkafs5/Makefile b/kerberos5/lib/libkafs5/Makefile --- a/kerberos5/lib/libkafs5/Makefile +++ b/kerberos5/lib/libkafs5/Makefile @@ -3,7 +3,7 @@ LIB= kafs5 LDFLAGS= -Wl,--no-undefined -LIBADD= asn1 krb5 roken +LIBADD= asn1 hcrypto krb5 roken INCS= kafs.h MAN= kafs5.3 VERSION_MAP= ${.CURDIR}/version.map @@ -23,7 +23,10 @@ kafs5.3 krb_afslog.3 \ kafs5.3 krb_afslog_uid.3 -SRCS= afssys.c afskrb5.c common.c +SRCS= afssys.c \ + afskrb5.c \ + common.c \ + rxkad_kdf.c CFLAGS+= -I${KRB5DIR}/lib/kafs \ -I${KRB5DIR}/lib/krb5 \ diff --git a/kerberos5/lib/libkdc/Makefile b/kerberos5/lib/libkdc/Makefile --- a/kerberos5/lib/libkdc/Makefile +++ b/kerberos5/lib/libkdc/Makefile @@ -4,7 +4,7 @@ LIB= kdc LDFLAGS= -Wl,--no-undefined VERSION_MAP= ${KRB5DIR}/kdc/version-script.map -LIBADD= roken hdb hx509 krb5 heimntlm asn1 crypto +LIBADD= roken hdb hx509 krb5 hcrypto heimbase heimntlm asn1 crypto INCS= kdc.h \ kdc-protos.h @@ -17,9 +17,11 @@ default_config.c \ set_dbinfo.c \ digest.c \ + fast.c \ kerberos5.c \ krb5tgs.c \ pkinit.c \ + pkinit-ec.c \ log.c \ misc.c \ kx509.c \ diff --git a/kerberos5/lib/libkrb5/Makefile b/kerberos5/lib/libkrb5/Makefile --- a/kerberos5/lib/libkrb5/Makefile +++ b/kerberos5/lib/libkrb5/Makefile @@ -4,7 +4,7 @@ LIB= krb5 LDFLAGS= -Wl,--no-undefined VERSION_MAP= ${KRB5DIR}/lib/krb5/version-script.map -LIBADD= asn1 com_err crypt crypto hx509 roken wind heimbase heimipcc +LIBADD= asn1 com_err crypt crypto hcrypto hx509 roken wind heimbase heimipcc sqlite3 INCS= heim_err.h \ heim_threads.h \ @@ -512,7 +512,8 @@ copy_host_realm.c \ crc.c \ creds.c \ - crypto-aes.c \ + crypto-aes-sha1.c \ + crypto-aes-sha2.c \ crypto-algs.c \ crypto-arcfour.c \ crypto-des-common.c \ @@ -524,13 +525,17 @@ crypto-rand.c \ crypto.c \ data.c \ + dcache.c \ + db_plugin.c \ deprecated.c \ digest.c \ doxygen.c \ eai_to_heim_errno.c \ + enomem.c \ error_string.c \ expand_hostname.c \ expand_path.c \ + fast.c \ fcache.c \ free.c \ free_host_realm.c \ @@ -572,6 +577,7 @@ padata.c \ pcache.c \ pkinit.c \ + pkinit-ec.c \ plugin.c \ principal.c \ prog_setup.c \ @@ -585,7 +591,8 @@ read_message.c \ recvauth.c \ replay.c \ - salt-aes.c \ + salt-aes-sha1.c \ + salt-aes-sha2.c \ salt-arcfour.c \ salt-des.c \ salt-des3.c \ @@ -595,11 +602,13 @@ sendauth.c \ set_default_realm.c \ sock_principal.c \ + sp800-108-kdf.c \ store-int.c \ store.c \ store_emem.c \ store_fd.c \ store_mem.c \ + store_sock.c \ ticket.c \ time.c \ transited.c \ @@ -624,6 +633,7 @@ -I${KRB5DIR}/lib/ipc \ -I${KRB5DIR}/base \ -I${SRCTOP}/contrib/com_err \ + -I${SRCTOP}/contrib/sqlite3 \ -I. CFLAGS+= -DOPENSSL_API_COMPAT=0x10100000L diff --git a/kerberos5/lib/libroken/Makefile b/kerberos5/lib/libroken/Makefile --- a/kerberos5/lib/libroken/Makefile +++ b/kerberos5/lib/libroken/Makefile @@ -2,8 +2,9 @@ PACKAGE= kerberos-lib LIB= roken -LIBADD= crypt +MAN= getarg.3 parse_time.3 rtbl.3 ecalloc.3 VERSION_MAP= ${KRB5DIR}/lib/roken/version-script.map + INCS= roken.h \ roken-common.h \ base64.h \ @@ -17,30 +18,31 @@ xdbm.h SRCS= base64.c \ - copyhostent.c \ - ecalloc.c \ - emalloc.c \ - erealloc.c \ - estrdup.c \ - strlwr.c \ - strsep_copy.c \ - strupr.c \ bswap.c \ cloexec.c \ concat.c \ + copyhostent.c \ ct.c \ + daemon.c \ + detach.c \ doxygen.c \ dumpdata.c \ + ecalloc.c \ + emalloc.c \ environment.c \ eread.c \ + erealloc.c \ esetenv.c \ + estrdup.c \ ewrite.c \ get_default_username.c \ get_window_size.c \ getaddrinfo_hostspec.c \ getarg.c \ + getcap.c \ getnameinfo_verified.c \ getprogname.c \ + getxxyyy.c \ h_errno.c \ hex.c \ hostent_find_fqdn.c \ @@ -48,15 +50,18 @@ k_getpwnam.c \ k_getpwuid.c \ mini_inetd.c \ + mkdir.c \ + mkstemp.c \ + ndbm_wrap.c \ net_read.c \ net_write.c \ parse_bytes.c \ parse_time.c \ parse_units.c \ + qsort.c \ rand.c \ realloc.c \ resolve.c \ - roken.h \ roken_gethostby.c \ rtbl.c \ setprogname.c \ @@ -66,7 +71,10 @@ socket.c \ strcollect.c \ strerror_r.c \ + strlwr.c \ strpool.c \ + strsep_copy.c \ + strupr.c \ timeval.c \ tm2time.c \ unvis.c \ @@ -74,13 +82,11 @@ vis.c \ warnerr.c \ write_pid.c \ - xfree.c \ - fbsd_ossl_provider_load.c + xfree.c CFLAGS+=-I${KRB5DIR}/lib/roken \ -I${SRCTOP}/kerberos5/include \ - -I${KRB5DIR}/lib/krb5 \ - -I${SRCTOP}/crypto/openssl/include -I. + -I${KRB5DIR}/lib/krb5 -I. CLEANFILES= roken.h diff --git a/kerberos5/lib/libroken/fbsd_ossl_provider_load.c b/kerberos5/lib/libroken/fbsd_ossl_provider_load.c deleted file mode 100644 --- a/kerberos5/lib/libroken/fbsd_ossl_provider_load.c +++ /dev/null @@ -1,78 +0,0 @@ -#include -#include -#include -#include -#include - -#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) -#define CRYPTO_LIBRARY "/lib/libcrypto.so.30" -static void fbsd_ossl_provider_unload(void); -static void print_dlerror(char *); -static OSSL_PROVIDER *legacy; -static OSSL_PROVIDER *deflt; -static int providers_loaded = 0; -static OSSL_PROVIDER * (*ossl_provider_load)(OSSL_LIB_CTX *, const char*) = NULL; -static int (*ossl_provider_unload)(OSSL_PROVIDER *) = NULL; -static void *crypto_lib_handle = NULL; - -static void -fbsd_ossl_provider_unload(void) -{ - if (ossl_provider_unload == NULL) { - if (!(ossl_provider_unload = (int (*)(OSSL_PROVIDER*)) dlsym(crypto_lib_handle, "OSSL_PROVIDER_unload"))) { - print_dlerror("Unable to link OSSL_PROVIDER_unload"); - return; - } - } - if (providers_loaded == 1) { - (*ossl_provider_unload)(legacy); - (*ossl_provider_unload)(deflt); - providers_loaded = 0; - } -} - -static void -print_dlerror(char *message) -{ - char *errstr; - - if ((errstr = dlerror()) != NULL) - fprintf(stderr, "%s: %s\n", - message, errstr); -} -#endif - -int -fbsd_ossl_provider_load(void) -{ -#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) - if (crypto_lib_handle == NULL) { - if (!(crypto_lib_handle = dlopen(CRYPTO_LIBRARY, - RTLD_LAZY|RTLD_GLOBAL))) { - print_dlerror("Unable to load libcrypto.so"); - return (EINVAL); - } - } - if (ossl_provider_load == NULL) { - if (!(ossl_provider_load = (OSSL_PROVIDER * (*)(OSSL_LIB_CTX*, const char *)) dlsym(crypto_lib_handle, "OSSL_PROVIDER_load"))) { - print_dlerror("Unable to link OSSL_PROVIDER_load"); - return(ENOENT); - } - } - - if (providers_loaded == 0) { - if ((legacy = (*ossl_provider_load)(NULL, "legacy")) == NULL) - return (EINVAL); - if ((deflt = (*ossl_provider_load)(NULL, "default")) == NULL) { - (*ossl_provider_unload)(legacy); - return (EINVAL); - } - if (atexit(fbsd_ossl_provider_unload)) { - fbsd_ossl_provider_unload(); - return (errno); - } - providers_loaded = 1; - } -#endif - return (0); -} diff --git a/kerberos5/lib/libvers/Makefile b/kerberos5/lib/libvers/Makefile --- a/kerberos5/lib/libvers/Makefile +++ b/kerberos5/lib/libvers/Makefile @@ -2,14 +2,7 @@ PACKAGE= kerberos-lib LIB= vers -INTERNALLIB= -SRCS= print_version.c roken.h -CFLAGS+=-I. -I${KRB5DIR}/lib/roken - -CLEANFILES= roken.h - -roken.h: - ${MAKE_ROKEN} > ${.TARGET} +SRCS= print_version.c .include diff --git a/kerberos5/libexec/digest-service/Makefile b/kerberos5/libexec/digest-service/Makefile --- a/kerberos5/libexec/digest-service/Makefile +++ b/kerberos5/libexec/digest-service/Makefile @@ -10,7 +10,7 @@ -I${KRB5DIR}/lib/wind \ -I${KRB5DIR}/lib/roken \ -I${SRCTOP}/contrib/com_err -LIBADD= hdb kdc heimipcs krb5 roken asn1 crypto vers heimntlm +LIBADD= hdb kdc heimipcs krb5 roken asn1 hcrypto heimntlm LDFLAGS=${LDAPLDFLAGS} .include diff --git a/kerberos5/libexec/hprop/Makefile b/kerberos5/libexec/hprop/Makefile --- a/kerberos5/libexec/hprop/Makefile +++ b/kerberos5/libexec/hprop/Makefile @@ -3,7 +3,7 @@ PROG= hprop MAN= hprop.8 -SRCS= hprop.c mit_dump.c +SRCS= hprop.c mit_dump.c hprop.h CFLAGS+=-I${KRB5DIR}/lib/roken CFLAGS+=-I${KRB5DIR}/lib/krb5 CFLAGS+=-I${KRB5DIR}/lib/asn1 @@ -12,7 +12,7 @@ CFLAGS+=-I${KRB5DIR}/kdc CFLAGS+=-I${SRCTOP}/contrib/com_err CFLAGS+=-I${.OBJDIR:H:H}/lib/libkrb5 -LIBADD= hdb krb5 roken vers +LIBADD= hdb krb5 hcrypto asn1 roken DPADD= ${LDAPDPADD} LDADD= ${LDAPLDADD} LDFLAGS=${LDAPLDFLAGS} diff --git a/kerberos5/libexec/hpropd/Makefile b/kerberos5/libexec/hpropd/Makefile --- a/kerberos5/libexec/hpropd/Makefile +++ b/kerberos5/libexec/hpropd/Makefile @@ -5,7 +5,7 @@ MAN= hpropd.8 CFLAGS+=-I${KRB5DIR}/lib/roken -I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/asn1 \ -I${KRB5DIR}/kdc -I${SRCTOP}/contrib/com_err ${LDAPCFLAGS} -LIBADD= hdb krb5 roken vers +LIBADD= hdb krb5 hcrypto asn1 roken DPADD= ${LDAPDPADD} LDADD= ${LDAPLDADD} LDFLAGS=${LDAPLDFLAGS} diff --git a/kerberos5/libexec/kadmind/Makefile b/kerberos5/libexec/kadmind/Makefile --- a/kerberos5/libexec/kadmind/Makefile +++ b/kerberos5/libexec/kadmind/Makefile @@ -6,11 +6,12 @@ SRCS= rpc.c \ server.c \ kadmind.c \ - kadm_conn.c + kadm_conn.c \ + kadm_local.h CFLAGS+=-I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken \ -I${SRCTOP}/contrib/com_err ${LDAPCFLAGS} -LIBADD= kadm5srv gssapi hdb krb5 roken vers +LIBADD= kadm5srv kadm5clnt hcrypto asn1 gssapi hdb krb5 roken DPADD= ${LDAPDPADD} LDADD= ${LDAPLDADD} LDFLAGS=${LDAPLDFLAGS} diff --git a/kerberos5/libexec/kcm/Makefile b/kerberos5/libexec/kcm/Makefile --- a/kerberos5/libexec/kcm/Makefile +++ b/kerberos5/libexec/kcm/Makefile @@ -12,6 +12,8 @@ connect.c \ events.c \ glue.c \ + headers.h \ + kcm_locl.h \ log.c \ main.c \ protocol.c \ @@ -22,7 +24,7 @@ -I${KRB5DIR}/kcm -I${KRB5DIR}/lib/ipc ${LDAPCFLAGS} # Avoid errors for using deprecated krb5_* APIs CFLAGS+="-DKRB5_DEPRECATED_FUNCTION(X)=" -LIBADD= krb5 roken heimntlm heimipcs crypto +LIBADD= hdb krb5 asn1 roken heimntlm heimipcs hcrypto DPADD= ${LDAPDPADD} LDADD= ${LIBVERS} ${LDAPLDADD} LDFLAGS=${LDAPLDFLAGS} diff --git a/kerberos5/libexec/kdc/Makefile b/kerberos5/libexec/kdc/Makefile --- a/kerberos5/libexec/kdc/Makefile +++ b/kerberos5/libexec/kdc/Makefile @@ -11,7 +11,7 @@ CFLAGS+=-I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken \ -I${KRB5DIR}/kdc -I${SRCTOP}/contrib/com_err ${LDAPCFLAGS} -LIBADD= kdc hdb krb5 roken crypt vers +LIBADD= kdc hdb krb5 roken hcrypto asn1 LDFLAGS=${LDAPLDFLAGS} .include diff --git a/kerberos5/libexec/kdigest/Makefile b/kerberos5/libexec/kdigest/Makefile --- a/kerberos5/libexec/kdigest/Makefile +++ b/kerberos5/libexec/kdigest/Makefile @@ -6,7 +6,7 @@ CFLAGS+= -I${KRB5DIR}/lib/asn1 \ -I${KRB5DIR}/lib/roken \ -I${KRB5DIR}/lib/sl -I. -LIBADD= krb5 heimntlm roken crypto edit sl vers +LIBADD= krb5 heimntlm roken hcrypto sl asn1 SRCS= kdigest.c \ kdigest-commands.c \ kdigest-commands.h diff --git a/kerberos5/libexec/kfd/Makefile b/kerberos5/libexec/kfd/Makefile --- a/kerberos5/libexec/kfd/Makefile +++ b/kerberos5/libexec/kfd/Makefile @@ -3,9 +3,10 @@ PROG= kfd MAN= kfd.8 +SRCS= kfd.c CFLAGS+= -I${KRB5DIR}/lib/asn1 \ -I${KRB5DIR}/lib/roken -LIBADD= krb5 roken vers +LIBADD= krb5 roken hcrypto asn1 .include diff --git a/kerberos5/libexec/kimpersonate/Makefile b/kerberos5/libexec/kimpersonate/Makefile --- a/kerberos5/libexec/kimpersonate/Makefile +++ b/kerberos5/libexec/kimpersonate/Makefile @@ -7,7 +7,7 @@ -I${KRB5DIR}/lib/asn1 \ -I${KRB5DIR}/lib/roken \ -I${KRB5DIR}/lib/sl -I. -LIBADD= krb5 roken asn1 vers +LIBADD= kafs5 krb5 gssapi heimntlm hcrypto roken asn1 .include diff --git a/kerberos5/libexec/kpasswdd/Makefile b/kerberos5/libexec/kpasswdd/Makefile --- a/kerberos5/libexec/kpasswdd/Makefile +++ b/kerberos5/libexec/kpasswdd/Makefile @@ -3,8 +3,10 @@ PROG= kpasswdd MAN= kpasswdd.8 +SRCS= kpasswdd.c \ + kpasswd_locl.h CFLAGS+=-I${KRB5DIR}/lib/roken -I${KRB5DIR}/lib/libhdb ${LDAPCFLAGS} -LIBADD= kadm5srv hdb krb5 roken vers asn1 +LIBADD= kadm5srv hdb krb5 hcrypto roken asn1 DPADD= ${LDAPDPADD} LDADD= ${LDAPLDADD} LDFLAGS=${LDAPLDFLAGS} diff --git a/kerberos5/man/base/man/man3/heimbase.3 b/kerberos5/man/base/man/man3/heimbase.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/base/man/man3/heimbase.3 @@ -0,0 +1,332 @@ +.TH "heimbase" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal base library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +heimbase \- Heimbase +.PP + \- Registers a DB type for use with heim_db_create()\&. + +.SH SYNOPSIS +.br +.PP +.SH "Detailed Description" +.PP +Registers a DB type for use with heim_db_create()\&. + +heim_db_register +.PP +\fBParameters\fP +.RS 4 +\fIdbtype\fP Name of DB type +.br +\fIdata\fP Private data argument to the dbtype's openf method +.br +\fIplugin\fP Structure with DB type methods (function pointers) +.RE +.PP +Backends that provide begin/commit/rollback methods must provide ACID semantics\&. +.PP +The registered DB type will have ACID semantics for backends that do not provide begin/commit/rollback methods but do provide lock/unlock and rdjournal/wrjournal methods (using a replay log journalling scheme)\&. +.PP +If the registered DB type does not natively provide read vs\&. write transaction isolation but does provide a lock method then the DB will provide read/write transaction isolation\&. +.PP +\fBReturns\fP +.RS 4 +ENOMEM on failure, else 0\&. +.RE +.PP +Open a database of the given dbtype\&. +.PP +Database type names can be composed of one or more pseudo-DB types and one concrete DB type joined with a '+' between each\&. For example: 'transaction+bdb' might be a Berkeley DB with a layer above that provides transactions\&. +.PP +Options may be provided via a dict (an associative array)\&. Existing options include: +.PP +.IP "\(bu" 2 +'create', with any value (create if DB doesn't exist) +.IP "\(bu" 2 +'exclusive', with any value (exclusive create) +.IP "\(bu" 2 +'truncate', with any value (truncate the DB) +.IP "\(bu" 2 +'read-only', with any value (disallow writes) +.IP "\(bu" 2 +'sync', with any value (make transactions durable) +.IP "\(bu" 2 +'journal-name', with a string value naming a journal file name +.PP +.PP +\fBParameters\fP +.RS 4 +\fIdbtype\fP Name of DB type +.br +\fIdbname\fP Name of DB (likely a file path) +.br +\fIoptions\fP Options dict +.br +\fIdb\fP Output open DB handle +.br +\fIerror\fP Output error object +.RE +.PP +\fBReturns\fP +.RS 4 +a DB handle +.RE +.PP +Clone (duplicate) an open DB handle\&. +.PP +This is useful for multi-threaded applications\&. Applications must synchronize access to any given DB handle\&. +.PP +Returns EBUSY if there is an open transaction for the input db\&. +.PP +\fBParameters\fP +.RS 4 +\fIdb\fP Open DB handle +.br +\fIerror\fP Output error object +.RE +.PP +\fBReturns\fP +.RS 4 +a DB handle +.RE +.PP +Open a transaction on the given db\&. +.PP +\fBParameters\fP +.RS 4 +\fIdb\fP Open DB handle +.br +\fIerror\fP Output error object +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, system error otherwise +.RE +.PP +Commit an open transaction on the given db\&. +.PP +\fBParameters\fP +.RS 4 +\fIdb\fP Open DB handle +.br +\fIerror\fP Output error object +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, system error otherwise +.RE +.PP +Rollback an open transaction on the given db\&. +.PP +\fBParameters\fP +.RS 4 +\fIdb\fP Open DB handle +.br +\fIerror\fP Output error object +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, system error otherwise +.RE +.PP +Get type ID of heim_db_t objects\&. +.PP +Lookup a key's value in the DB\&. +.PP +Returns 0 on success, -1 if the key does not exist in the DB, or a system error number on failure\&. +.PP +\fBParameters\fP +.RS 4 +\fIdb\fP Open DB handle +.br +\fIkey\fP Key +.br +\fIerror\fP Output error object +.RE +.PP +\fBReturns\fP +.RS 4 +the value (retained), if there is one for the given key +.RE +.PP +Set a key's value in the DB\&. +.PP +\fBParameters\fP +.RS 4 +\fIdb\fP Open DB handle +.br +\fIkey\fP Key +.br +\fIvalue\fP Value (if NULL the key will be deleted, but empty is OK) +.br +\fIerror\fP Output error object +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, system error otherwise +.RE +.PP +Delete a key and its value from the DB +.PP +\fBParameters\fP +.RS 4 +\fIdb\fP Open DB handle +.br +\fIkey\fP Key +.br +\fIerror\fP Output error object +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, system error otherwise +.RE +.PP +Iterate a callback function over keys and values from a DB\&. +.PP +\fBParameters\fP +.RS 4 +\fIdb\fP Open DB handle +.br +\fIiter_data\fP Callback function's private data +.br +\fIiter_f\fP Callback function, called once per-key/value pair +.br +\fIerror\fP Output error object +.RE +.PP +Get a node in a heim_object tree by path +.PP +\fBParameters\fP +.RS 4 +\fIptr\fP tree +.br +\fIerror\fP error (output) +.br +\fIap\fP NULL-terminated va_list of heim_object_ts that form a path +.RE +.PP +\fBReturns\fP +.RS 4 +object (not retained) if found +.RE +.PP +Get a node in a tree by path, with retained reference +.PP +\fBParameters\fP +.RS 4 +\fIptr\fP tree +.br +\fIerror\fP error (output) +.br +\fIap\fP NULL-terminated va_list of heim_object_ts that form a path +.RE +.PP +\fBReturns\fP +.RS 4 +retained object if found +.RE +.PP +Get a node in a tree by path +.PP +\fBParameters\fP +.RS 4 +\fIptr\fP tree +.br +\fIerror\fP error (output) +.br +\fI\&.\&.\&.\fP NULL-terminated va_list of heim_object_ts that form a path +.RE +.PP +\fBReturns\fP +.RS 4 +object (not retained) if found +.RE +.PP +Get a node in a tree by path, with retained reference +.PP +\fBParameters\fP +.RS 4 +\fIptr\fP tree +.br +\fIerror\fP error (output) +.br +\fI\&.\&.\&.\fP NULL-terminated va_list of heim_object_ts that form a path +.RE +.PP +\fBReturns\fP +.RS 4 +retained object if found +.RE +.PP +Create a path in a heim_object_t tree +.PP +\fBParameters\fP +.RS 4 +\fIptr\fP the tree +.br +\fIsize\fP the size of the heim_dict_t nodes to be created +.br +\fIleaf\fP leaf node to be added, if any +.br +\fIerror\fP error (output) +.br +\fIap\fP NULL-terminated of path component objects +.RE +.PP +Create a path of heim_dict_t interior nodes in a given heim_object_t tree, as necessary, and set/replace a leaf, if given (if leaf is NULL then the leaf is not deleted)\&. +.PP +\fBReturns\fP +.RS 4 +0 on success, else a system error +.RE +.PP +Create a path in a heim_object_t tree +.PP +\fBParameters\fP +.RS 4 +\fIptr\fP the tree +.br +\fIsize\fP the size of the heim_dict_t nodes to be created +.br +\fIleaf\fP leaf node to be added, if any +.br +\fIerror\fP error (output) +.br +\fI\&.\&.\&.\fP NULL-terminated list of path component objects +.RE +.PP +Create a path of heim_dict_t interior nodes in a given heim_object_t tree, as necessary, and set/replace a leaf, if given (if leaf is NULL then the leaf is not deleted)\&. +.PP +\fBReturns\fP +.RS 4 +0 on success, else a system error +.RE +.PP +Delete leaf node named by a path in a heim_object_t tree +.PP +\fBParameters\fP +.RS 4 +\fIptr\fP the tree +.br +\fIerror\fP error (output) +.br +\fIap\fP NULL-terminated list of path component objects +.RE +.PP +Dump a heimbase object to stderr (useful from the debugger!) +.PP +\fBParameters\fP +.RS 4 +\fIobj\fP object to dump using JSON or JSON-like format +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal base library from the source code\&. diff --git a/kerberos5/man/gssapi/man/man3/gss_add_oid_set_member.3 b/kerberos5/man/gssapi/man/man3/gss_add_oid_set_member.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/gssapi/man/man3/gss_add_oid_set_member.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/kerberos5/man/gssapi/man/man3/gss_canonicalize_name.3 b/kerberos5/man/gssapi/man/man3/gss_canonicalize_name.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/gssapi/man/man3/gss_canonicalize_name.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/kerberos5/man/gssapi/man/man3/gss_display_status.3 b/kerberos5/man/gssapi/man/man3/gss_display_status.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/gssapi/man/man3/gss_display_status.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/kerberos5/man/gssapi/man/man3/gss_export_name.3 b/kerberos5/man/gssapi/man/man3/gss_export_name.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/gssapi/man/man3/gss_export_name.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/kerberos5/man/gssapi/man/man3/gss_import_name.3 b/kerberos5/man/gssapi/man/man3/gss_import_name.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/gssapi/man/man3/gss_import_name.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/kerberos5/man/gssapi/man/man3/gss_init_sec_context.3 b/kerberos5/man/gssapi/man/man3/gss_init_sec_context.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/gssapi/man/man3/gss_init_sec_context.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/kerberos5/man/gssapi/man/man3/gss_inquire_attrs_for_mech.3 b/kerberos5/man/gssapi/man/man3/gss_inquire_attrs_for_mech.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/gssapi/man/man3/gss_inquire_attrs_for_mech.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/kerberos5/man/gssapi/man/man3/gss_inquire_saslname_for_mech.3 b/kerberos5/man/gssapi/man/man3/gss_inquire_saslname_for_mech.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/gssapi/man/man3/gss_inquire_saslname_for_mech.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/kerberos5/man/gssapi/man/man3/gss_oid_equal.3 b/kerberos5/man/gssapi/man/man3/gss_oid_equal.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/gssapi/man/man3/gss_oid_equal.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/kerberos5/man/gssapi/man/man3/gss_release_cred.3 b/kerberos5/man/gssapi/man/man3/gss_release_cred.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/gssapi/man/man3/gss_release_cred.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/kerberos5/man/gssapi/man/man3/gss_release_iov_buffer.3 b/kerberos5/man/gssapi/man/man3/gss_release_iov_buffer.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/gssapi/man/man3/gss_release_iov_buffer.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/kerberos5/man/gssapi/man/man3/gss_release_name.3 b/kerberos5/man/gssapi/man/man3/gss_release_name.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/gssapi/man/man3/gss_release_name.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/kerberos5/man/gssapi/man/man3/gss_unwrap_iov.3 b/kerberos5/man/gssapi/man/man3/gss_unwrap_iov.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/gssapi/man/man3/gss_unwrap_iov.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/kerberos5/man/gssapi/man/man3/gss_wrap.3 b/kerberos5/man/gssapi/man/man3/gss_wrap.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/gssapi/man/man3/gss_wrap.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/kerberos5/man/gssapi/man/man3/gss_wrap_iov.3 b/kerberos5/man/gssapi/man/man3/gss_wrap_iov.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/gssapi/man/man3/gss_wrap_iov.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/kerberos5/man/gssapi/man/man3/gss_wrap_iov_length.3 b/kerberos5/man/gssapi/man/man3/gss_wrap_iov_length.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/gssapi/man/man3/gss_wrap_iov_length.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/kerberos5/man/gssapi/man/man3/gssapi.3 b/kerberos5/man/gssapi/man/man3/gssapi.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/gssapi/man/man3/gssapi.3 @@ -0,0 +1,434 @@ +.TH "gssapi" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal GSS-API library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +gssapi \- Heimdal GSS-API functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL \fBgss_add_oid_set_member\fP (OM_uint32 *minor_status, const gss_OID member_oid, gss_OID_set *oid_set)" +.br +.ti -1c +.RI "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL \fBgss_wrap_iov\fP (OM_uint32 *minor_status, gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, int *conf_state, gss_iov_buffer_desc *iov, int iov_count)" +.br +.ti -1c +.RI "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL \fBgss_unwrap_iov\fP (OM_uint32 *minor_status, gss_ctx_id_t context_handle, int *conf_state, gss_qop_t *qop_state, gss_iov_buffer_desc *iov, int iov_count)" +.br +.ti -1c +.RI "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL \fBgss_wrap_iov_length\fP (OM_uint32 *minor_status, gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, int *conf_state, gss_iov_buffer_desc *iov, int iov_count)" +.br +.ti -1c +.RI "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL \fBgss_release_iov_buffer\fP (OM_uint32 *minor_status, gss_iov_buffer_desc *iov, int iov_count)" +.br +.ti -1c +.RI "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL \fBgss_canonicalize_name\fP (OM_uint32 *minor_status, gss_const_name_t input_name, const gss_OID mech_type, gss_name_t *output_name)" +.br +.ti -1c +.RI "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL \fBgss_display_status\fP (OM_uint32 *minor_status, OM_uint32 status_value, int status_type, const gss_OID mech_type, OM_uint32 *message_context, gss_buffer_t status_string)" +.br +.ti -1c +.RI "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL \fBgss_export_name\fP (OM_uint32 *minor_status, gss_const_name_t input_name, gss_buffer_t exported_name)" +.br +.ti -1c +.RI "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL \fBgss_import_name\fP (OM_uint32 *minor_status, const gss_buffer_t input_name_buffer, const gss_OID input_name_type, gss_name_t *output_name)" +.br +.ti -1c +.RI "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL \fBgss_init_sec_context\fP (OM_uint32 *minor_status, gss_const_cred_id_t initiator_cred_handle, gss_ctx_id_t *context_handle, gss_const_name_t target_name, const gss_OID input_mech_type, OM_uint32 req_flags, OM_uint32 time_req, const gss_channel_bindings_t input_chan_bindings, const gss_buffer_t input_token, gss_OID *actual_mech_type, gss_buffer_t output_token, OM_uint32 *ret_flags, OM_uint32 *time_rec)" +.br +.ti -1c +.RI "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL \fBgss_inquire_saslname_for_mech\fP (OM_uint32 *minor_status, const gss_OID desired_mech, gss_buffer_t sasl_mech_name, gss_buffer_t mech_name, gss_buffer_t mech_description)" +.br +.ti -1c +.RI "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL \fBgss_inquire_attrs_for_mech\fP (OM_uint32 *minor_status, gss_const_OID mech, gss_OID_set *mech_attr, gss_OID_set *known_mech_attrs)" +.br +.ti -1c +.RI "GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL \fBgss_oid_equal\fP (gss_const_OID a, gss_const_OID b)" +.br +.ti -1c +.RI "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL \fBgss_release_cred\fP (OM_uint32 *minor_status, gss_cred_id_t *cred_handle)" +.br +.ti -1c +.RI "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL \fBgss_release_name\fP (OM_uint32 *minor_status, gss_name_t *input_name)" +.br +.ti -1c +.RI "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL \fBgss_wrap\fP (OM_uint32 *minor_status, gss_const_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, const gss_buffer_t input_message_buffer, int *conf_state, gss_buffer_t output_message_buffer)" +.br +.in -1c +.SS "Variables" + +.in +1c +.ti -1c +.RI "gss_OID_desc GSSAPI_LIB_FUNCTION \fB__gss_c_attr_stream_sizes_oid_desc\fP" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_add_oid_set_member (OM_uint32 * minor_status, const gss_OID member_oid, gss_OID_set * oid_set)" +Add a oid to the oid set, function does not make a copy of the oid, so the pointer to member_oid needs to be stable for the whole time oid_set is used\&. +.PP +If there is a duplicate member of the oid, the new member is not added to to the set\&. +.PP +\fBParameters\fP +.RS 4 +\fIminor_status\fP minor status code\&. +.br +\fImember_oid\fP member to add to the oid set +.br +\fIoid_set\fP oid set to add the member too +.RE +.PP +\fBReturns\fP +.RS 4 +a gss_error code, see \fBgss_display_status()\fP about printing the error code\&. +.RE +.PP + +.SS "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_canonicalize_name (OM_uint32 * minor_status, gss_const_name_t input_name, const gss_OID mech_type, gss_name_t * output_name)" +gss_canonicalize_name takes a Internal Name (IN) and converts in into a mechanism specific Mechanism Name (MN)\&. +.PP +The input name may multiple name, or generic name types\&. +.PP +If the input_name if of the GSS_C_NT_USER_NAME, and the Kerberos mechanism is specified, the resulting MN type is a GSS_KRB5_NT_PRINCIPAL_NAME\&. +.PP +For more information about \fBInternal names and mechanism names\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIminor_status\fP minor status code\&. +.br +\fIinput_name\fP name to covert, unchanged by \fBgss_canonicalize_name()\fP\&. +.br +\fImech_type\fP the type to convert Name too\&. +.br +\fIoutput_name\fP the resulting type, release with \fBgss_release_name()\fP, independent of input_name\&. +.RE +.PP +\fBReturns\fP +.RS 4 +a gss_error code, see \fBgss_display_status()\fP about printing the error code\&. +.RE +.PP + +.SS "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_display_status (OM_uint32 * minor_status, OM_uint32 status_value, int status_type, const gss_OID mech_type, OM_uint32 * message_context, gss_buffer_t status_string)" +Convert a GSS-API status code to text +.PP +\fBParameters\fP +.RS 4 +\fIminor_status\fP minor status code +.br +\fIstatus_value\fP status value to convert +.br +\fIstatus_type\fP One of: GSS_C_GSS_CODE - status_value is a GSS status code, GSS_C_MECH_CODE - status_value is a mechanism status code +.br +\fImech_type\fP underlying mechanism\&. Use GSS_C_NO_OID to obtain the system default\&. +.br +\fImessage_context\fP state information to extract further messages from the status_value +.br +\fIstatus_string\fP the allocated text representation\&. Release with gss_release_buffer() +.RE +.PP +\fBReturns\fP +.RS 4 +a gss_error code\&. +.RE +.PP + +.SS "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_export_name (OM_uint32 * minor_status, gss_const_name_t input_name, gss_buffer_t exported_name)" +Convert a GGS-API name from internal form to contiguous string\&. +.PP +\fBSee also\fP +.RS 4 +\fBgss_import_name()\fP, \fBInternal names and mechanism names\fP\&. +.RE +.PP +\fBParameters\fP +.RS 4 +\fIminor_status\fP minor status code +.br +\fIinput_name\fP input name in internal name form +.br +\fIexported_name\fP output name in contiguos string form +.RE +.PP +\fBReturns\fP +.RS 4 +a gss_error code, see \fBgss_display_status()\fP about printing the error code\&. +.RE +.PP + +.SS "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_import_name (OM_uint32 * minor_status, const gss_buffer_t input_name_buffer, const gss_OID input_name_type, gss_name_t * output_name)" +Convert a GGS-API name from contiguous string to internal form\&. +.PP +Type of name and their format: +.IP "\(bu" 2 +GSS_C_NO_OID +.IP "\(bu" 2 +GSS_C_NT_USER_NAME +.IP "\(bu" 2 +GSS_C_NT_HOSTBASED_SERVICE +.IP "\(bu" 2 +GSS_C_NT_EXPORT_NAME +.IP "\(bu" 2 +GSS_C_NT_ANONYMOUS +.IP "\(bu" 2 +GSS_KRB5_NT_PRINCIPAL_NAME +.PP +.PP +\fBSee also\fP +.RS 4 +\fBgss_export_name()\fP, \fBInternal names and mechanism names\fP\&. +.RE +.PP +\fBParameters\fP +.RS 4 +\fIminor_status\fP minor status code +.br +\fIinput_name_buffer\fP import name buffer +.br +\fIinput_name_type\fP type of the import name buffer +.br +\fIoutput_name\fP the resulting type, release with \fBgss_release_name()\fP, independent of input_name +.RE +.PP +\fBReturns\fP +.RS 4 +a gss_error code, see \fBgss_display_status()\fP about printing the error code\&. +.RE +.PP + +.SS "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_init_sec_context (OM_uint32 * minor_status, gss_const_cred_id_t initiator_cred_handle, gss_ctx_id_t * context_handle, gss_const_name_t target_name, const gss_OID input_mech_type, OM_uint32 req_flags, OM_uint32 time_req, const gss_channel_bindings_t input_chan_bindings, const gss_buffer_t input_token, gss_OID * actual_mech_type, gss_buffer_t output_token, OM_uint32 * ret_flags, OM_uint32 * time_rec)" +As the initiator build a context with an acceptor\&. +.PP +Returns in the major +.IP "\(bu" 2 +GSS_S_COMPLETE - if the context if build +.IP "\(bu" 2 +GSS_S_CONTINUE_NEEDED - if the caller needs to continue another round of gss_i nit_sec_context +.IP "\(bu" 2 +error code - any other error code +.PP +.PP +\fBParameters\fP +.RS 4 +\fIminor_status\fP minor status code\&. +.br +\fIinitiator_cred_handle\fP the credential to use when building the context, if GSS_C_NO_CREDENTIAL is passed, the default credential for the mechanism will be used\&. +.br +\fIcontext_handle\fP a pointer to a context handle, will be returned as long as there is not an error\&. +.br +\fItarget_name\fP the target name of acceptor, created using \fBgss_import_name()\fP\&. The name is can be of any name types the mechanism supports, check supported name types with gss_inquire_names_for_mech()\&. +.br +\fIinput_mech_type\fP mechanism type to use, if GSS_C_NO_OID is used, Kerberos (GSS_KRB5_MECHANISM) will be tried\&. Other available mechanism are listed in the \fBGSS-API mechanisms\fP section\&. +.br +\fIreq_flags\fP flags using when building the context, see \fBContext creation flags\fP +.br +\fItime_req\fP time requested this context should be valid in seconds, common used value is GSS_C_INDEFINITE +.br +\fIinput_chan_bindings\fP Channel bindings used, if not exepected otherwise, used GSS_C_NO_CHANNEL_BINDINGS +.br +\fIinput_token\fP input token sent from the acceptor, for the initial packet the buffer of { NULL, 0 } should be used\&. +.br +\fIactual_mech_type\fP the actual mech used, MUST NOT be freed since it pointing to static memory\&. +.br +\fIoutput_token\fP if there is an output token, regardless of complete, continue_needed, or error it should be sent to the acceptor +.br +\fIret_flags\fP return what flags was negotitated, caller should check if they are accetable\&. For example, if GSS_C_MUTUAL_FLAG was negotiated with the acceptor or not\&. +.br +\fItime_rec\fP amount of time this context is valid for +.RE +.PP +\fBReturns\fP +.RS 4 +a gss_error code, see \fBgss_display_status()\fP about printing the error code\&. +.RE +.PP + +.SS "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_attrs_for_mech (OM_uint32 * minor_status, gss_const_OID mech, gss_OID_set * mech_attr, gss_OID_set * known_mech_attrs)" +List support attributes for a mech and/or all mechanisms\&. +.PP +\fBParameters\fP +.RS 4 +\fIminor_status\fP minor status code +.br +\fImech\fP given together with mech_attr will return the list of attributes for mechanism, can optionally be GSS_C_NO_OID\&. +.br +\fImech_attr\fP see mech parameter, can optionally be NULL, release with gss_release_oid_set()\&. +.br +\fIknown_mech_attrs\fP all attributes for mechanisms supported, release with gss_release_oid_set()\&. +.RE +.PP + +.SS "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_saslname_for_mech (OM_uint32 * minor_status, const gss_OID desired_mech, gss_buffer_t sasl_mech_name, gss_buffer_t mech_name, gss_buffer_t mech_description)" +Returns different protocol names and description of the mechanism\&. +.PP +\fBParameters\fP +.RS 4 +\fIminor_status\fP minor status code +.br +\fIdesired_mech\fP mech list query +.br +\fIsasl_mech_name\fP SASL GS2 protocol name +.br +\fImech_name\fP gssapi protocol name +.br +\fImech_description\fP description of gssapi mech +.RE +.PP +\fBReturns\fP +.RS 4 +returns GSS_S_COMPLETE or a error code\&. +.RE +.PP + +.SS "GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL gss_oid_equal (gss_const_OID a, gss_const_OID b)" +Compare two GSS-API OIDs with each other\&. +.PP +GSS_C_NO_OID matches nothing, not even it-self\&. +.PP +\fBParameters\fP +.RS 4 +\fIa\fP first oid to compare +.br +\fIb\fP second oid to compare +.RE +.PP +\fBReturns\fP +.RS 4 +non-zero when both oid are the same OID, zero when they are not the same\&. +.RE +.PP + +.SS "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_cred (OM_uint32 * minor_status, gss_cred_id_t * cred_handle)" +Release a credentials +.PP +Its ok to release the GSS_C_NO_CREDENTIAL/NULL credential, it will return a GSS_S_COMPLETE error code\&. On return cred_handle is set ot GSS_C_NO_CREDENTIAL\&. +.PP +Example: +.PP +.PP +.nf +gss_cred_id_t cred = GSS_C_NO_CREDENTIAL; +major = gss_release_cred(&minor, &cred); +.fi +.PP +.PP +\fBParameters\fP +.RS 4 +\fIminor_status\fP minor status return code, mech specific +.br +\fIcred_handle\fP a pointer to the credential too release +.RE +.PP +\fBReturns\fP +.RS 4 +an gssapi error code +.RE +.PP + +.SS "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_iov_buffer (OM_uint32 * minor_status, gss_iov_buffer_desc * iov, int iov_count)" +Free all buffer allocated by \fBgss_wrap_iov()\fP or \fBgss_unwrap_iov()\fP by looking at the GSS_IOV_BUFFER_FLAG_ALLOCATED flag\&. +.SS "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_name (OM_uint32 * minor_status, gss_name_t * input_name)" +Free a name +.PP +import_name can point to NULL or be NULL, or a pointer to a gss_name_t structure\&. If it was a pointer to gss_name_t, the pointer will be set to NULL on success and failure\&. +.PP +\fBParameters\fP +.RS 4 +\fIminor_status\fP minor status code +.br +\fIinput_name\fP name to free +.RE +.PP +\fBReturns\fP +.RS 4 +a gss_error code, see \fBgss_display_status()\fP about printing the error code\&. +.RE +.PP + +.SS "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_unwrap_iov (OM_uint32 * minor_status, gss_ctx_id_t context_handle, int * conf_state, gss_qop_t * qop_state, gss_iov_buffer_desc * iov, int iov_count)" +Decrypt or verifies the signature on the data\&. +.SS "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap (OM_uint32 * minor_status, gss_const_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, const gss_buffer_t input_message_buffer, int * conf_state, gss_buffer_t output_message_buffer)" +Wrap a message using either confidentiality (encryption + signature) or sealing (signature)\&. +.PP +\fBParameters\fP +.RS 4 +\fIminor_status\fP minor status code\&. +.br +\fIcontext_handle\fP context handle\&. +.br +\fIconf_req_flag\fP if non zero, confidentiality is requestd\&. +.br +\fIqop_req\fP type of protection needed, in most cases it GSS_C_QOP_DEFAULT should be passed in\&. +.br +\fIinput_message_buffer\fP messages to wrap +.br +\fIconf_state\fP returns non zero if confidentiality was honoured\&. +.br +\fIoutput_message_buffer\fP the resulting buffer, release with gss_release_buffer()\&. +.RE +.PP + +.SS "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap_iov (OM_uint32 * minor_status, gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, int * conf_state, gss_iov_buffer_desc * iov, int iov_count)" +Encrypts or sign the data\&. +.PP +This is a more complicated version of \fBgss_wrap()\fP, it allows the caller to use AEAD data (signed header/trailer) and allow greater controll over where the encrypted data is placed\&. +.PP +The maximum packet size is gss_context_stream_sizes\&.max_msg_size\&. +.PP +The caller needs provide the folloing buffers when using in conf_req_flag=1 mode: +.PP +.IP "\(bu" 2 +HEADER (of size gss_context_stream_sizes\&.header) { DATA or SIGN_ONLY } (optional, zero or more) PADDING (of size gss_context_stream_sizes\&.blocksize, if zero padding is zero, can be omitted) TRAILER (of size gss_context_stream_sizes\&.trailer) +.IP "\(bu" 2 +on DCE-RPC mode, the caller can skip PADDING and TRAILER if the DATA elements is padded to a block bountry and header is of at least size gss_context_stream_sizes\&.header + gss_context_stream_sizes\&.trailer\&. +.PP +.PP +HEADER, PADDING, TRAILER will be shrunken to the size required to transmit any of them too large\&. +.PP +To generate \fBgss_wrap()\fP compatible packets, use: HEADER | DATA | PADDING | TRAILER +.PP +When used in conf_req_flag=0, +.PP +.IP "\(bu" 2 +HEADER (of size gss_context_stream_sizes\&.header) { DATA or SIGN_ONLY } (optional, zero or more) PADDING (of size gss_context_stream_sizes\&.blocksize, if zero padding is zero, can be omitted) TRAILER (of size gss_context_stream_sizes\&.trailer) +.PP +.PP +The input sizes of HEADER, PADDING and TRAILER can be fetched using \fBgss_wrap_iov_length()\fP or gss_context_query_attributes()\&. +.SS "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap_iov_length (OM_uint32 * minor_status, gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, int * conf_state, gss_iov_buffer_desc * iov, int iov_count)" +Update the length fields in iov buffer for the types: +.IP "\(bu" 2 +GSS_IOV_BUFFER_TYPE_HEADER +.IP "\(bu" 2 +GSS_IOV_BUFFER_TYPE_PADDING +.IP "\(bu" 2 +GSS_IOV_BUFFER_TYPE_TRAILER +.PP +.PP +Consider using gss_context_query_attributes() to fetch the data instead\&. +.SH "Variable Documentation" +.PP +.SS "gss_OID_desc GSSAPI_LIB_FUNCTION __gss_c_attr_stream_sizes_oid_desc" +\fBInitial value:\fP +.PP +.nf += + {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03")} +.fi +Query the context for parameters\&. +.PP +SSPI equivalent if this function is QueryContextAttributes\&. +.PP +.IP "\(bu" 2 +GSS_C_ATTR_STREAM_SIZES data is a gss_context_stream_sizes\&. +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal GSS-API library from the source code\&. diff --git a/kerberos5/man/gssapi/man/man3/gssapi_mechs_intro.3 b/kerberos5/man/gssapi/man/man3/gssapi_mechs_intro.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/gssapi/man/man3/gssapi_mechs_intro.3 @@ -0,0 +1,16 @@ +.TH "gssapi_mechs_intro" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal GSS-API library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +gssapi_mechs_intro \- GSS-API mechanisms + +.SH "GSS-API mechanisms" +.PP +.IP "\(bu" 2 +Kerberos 5 - GSS_KRB5_MECHANISM +.IP "\(bu" 2 +SPNEGO - GSS_SPNEGO_MECHANISM +.IP "\(bu" 2 +NTLM - GSS_NTLM_MECHANISM +.PP + diff --git a/kerberos5/man/gssapi/man/man3/gssapi_services_intro.3 b/kerberos5/man/gssapi/man/man3/gssapi_services_intro.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/gssapi/man/man3/gssapi_services_intro.3 @@ -0,0 +1,66 @@ +.TH "gssapi_services_intro" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal GSS-API library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +gssapi_services_intro \- Introduction to GSS-API services + +.SH "GSS-API services" +.PP +.SS "Context creation" +.IP "\(bu" 2 +delegation +.IP "\(bu" 2 +mutual authentication +.IP "\(bu" 2 +anonymous +.IP "\(bu" 2 +use per message before context creation has completed +.PP +.PP +return status: +.IP "\(bu" 2 +support conf +.IP "\(bu" 2 +support int +.PP +.SS "Context creation flags" +.IP "\(bu" 2 +GSS_C_DELEG_FLAG +.IP "\(bu" 2 +GSS_C_MUTUAL_FLAG +.IP "\(bu" 2 +GSS_C_REPLAY_FLAG +.IP "\(bu" 2 +GSS_C_SEQUENCE_FLAG +.IP "\(bu" 2 +GSS_C_CONF_FLAG +.IP "\(bu" 2 +GSS_C_INTEG_FLAG +.IP "\(bu" 2 +GSS_C_ANON_FLAG +.IP "\(bu" 2 +GSS_C_PROT_READY_FLAG +.IP "\(bu" 2 +GSS_C_TRANS_FLAG +.IP "\(bu" 2 +GSS_C_DCE_STYLE +.IP "\(bu" 2 +GSS_C_IDENTIFY_FLAG +.IP "\(bu" 2 +GSS_C_EXTENDED_ERROR_FLAG +.IP "\(bu" 2 +GSS_C_DELEG_POLICY_FLAG +.PP +.SS "Per-message services" +.IP "\(bu" 2 +conf +.IP "\(bu" 2 +int +.IP "\(bu" 2 +message integrity +.IP "\(bu" 2 +replay detection +.IP "\(bu" 2 +out of sequence +.PP + diff --git a/kerberos5/man/gssapi/man/man3/internal_v_smechname.3 b/kerberos5/man/gssapi/man/man3/internal_v_smechname.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/gssapi/man/man3/internal_v_smechname.3 @@ -0,0 +1,20 @@ +.TH "internal_v_smechname" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal GSS-API library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +internal_v_smechname \- Internal names and mechanism names + +.SH "Name forms" +.PP +There are two name representations in GSS-API: Internal form and Contiguous string ('flat') form\&. Functions \fBgss_export_name()\fP and \fBgss_import_name()\fP can be used to convert between the two forms\&. +.PP +.IP "\(bu" 2 +The contiguous string form is described by an oid specificing the type and an octet string\&. A special form of the contiguous string form is the exported name object\&. The exported name defined for each mechanism, is something that can be stored and compared later\&. The exported name is what should be used for ACLs comparisons\&. +.IP "\(bu" 2 +The Internal form is opaque to the application programmer and is implementation-dependent\&. +.IP "\(bu" 2 +There is also a special form of the Internal Name (IN), and that is the Mechanism Name (MN)\&. In the mechanism name all the generic information is stripped of and only contain the information for one mechanism\&. In GSS-API some function return MN and some require MN as input\&. Each of these function is marked up as such\&. +.PP +.PP +@FIXME Describe relationship between import_name, canonicalize_name, export_name and friends\&. Also, update for RFC2743 language ('contiguous' and 'flat' are gone, leaving just 'exported name +token', 'internal', and 'MN')\&. diff --git a/kerberos5/man/hcrypto/man/man3/DES_cbc_cksum.3 b/kerberos5/man/hcrypto/man/man3/DES_cbc_cksum.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DES_cbc_cksum.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/kerberos5/man/hcrypto/man/man3/DES_cbc_encrypt.3 b/kerberos5/man/hcrypto/man/man3/DES_cbc_encrypt.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DES_cbc_encrypt.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/kerberos5/man/hcrypto/man/man3/DES_cfb64_encrypt.3 b/kerberos5/man/hcrypto/man/man3/DES_cfb64_encrypt.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DES_cfb64_encrypt.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/kerberos5/man/hcrypto/man/man3/DES_check_key_parity.3 b/kerberos5/man/hcrypto/man/man3/DES_check_key_parity.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DES_check_key_parity.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/kerberos5/man/hcrypto/man/man3/DES_ecb3_encrypt.3 b/kerberos5/man/hcrypto/man/man3/DES_ecb3_encrypt.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DES_ecb3_encrypt.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/kerberos5/man/hcrypto/man/man3/DES_ecb_encrypt.3 b/kerberos5/man/hcrypto/man/man3/DES_ecb_encrypt.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DES_ecb_encrypt.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/kerberos5/man/hcrypto/man/man3/DES_ede3_cbc_encrypt.3 b/kerberos5/man/hcrypto/man/man3/DES_ede3_cbc_encrypt.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DES_ede3_cbc_encrypt.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/kerberos5/man/hcrypto/man/man3/DES_encrypt.3 b/kerberos5/man/hcrypto/man/man3/DES_encrypt.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DES_encrypt.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/kerberos5/man/hcrypto/man/man3/DES_init_random_number_generator.3 b/kerberos5/man/hcrypto/man/man3/DES_init_random_number_generator.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DES_init_random_number_generator.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/kerberos5/man/hcrypto/man/man3/DES_is_weak_key.3 b/kerberos5/man/hcrypto/man/man3/DES_is_weak_key.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DES_is_weak_key.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/kerberos5/man/hcrypto/man/man3/DES_key_sched.3 b/kerberos5/man/hcrypto/man/man3/DES_key_sched.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DES_key_sched.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/kerberos5/man/hcrypto/man/man3/DES_new_random_key.3 b/kerberos5/man/hcrypto/man/man3/DES_new_random_key.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DES_new_random_key.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/kerberos5/man/hcrypto/man/man3/DES_pcbc_encrypt.3 b/kerberos5/man/hcrypto/man/man3/DES_pcbc_encrypt.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DES_pcbc_encrypt.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/kerberos5/man/hcrypto/man/man3/DES_random_key.3 b/kerberos5/man/hcrypto/man/man3/DES_random_key.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DES_random_key.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/kerberos5/man/hcrypto/man/man3/DES_set_key.3 b/kerberos5/man/hcrypto/man/man3/DES_set_key.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DES_set_key.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/kerberos5/man/hcrypto/man/man3/DES_set_key_checked.3 b/kerberos5/man/hcrypto/man/man3/DES_set_key_checked.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DES_set_key_checked.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/kerberos5/man/hcrypto/man/man3/DES_set_key_unchecked.3 b/kerberos5/man/hcrypto/man/man3/DES_set_key_unchecked.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DES_set_key_unchecked.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/kerberos5/man/hcrypto/man/man3/DES_set_odd_parity.3 b/kerberos5/man/hcrypto/man/man3/DES_set_odd_parity.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DES_set_odd_parity.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/kerberos5/man/hcrypto/man/man3/DES_string_to_key.3 b/kerberos5/man/hcrypto/man/man3/DES_string_to_key.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DES_string_to_key.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/kerberos5/man/hcrypto/man/man3/DH_check_pubkey.3 b/kerberos5/man/hcrypto/man/man3/DH_check_pubkey.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DH_check_pubkey.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/kerberos5/man/hcrypto/man/man3/DH_compute_key.3 b/kerberos5/man/hcrypto/man/man3/DH_compute_key.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DH_compute_key.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/kerberos5/man/hcrypto/man/man3/DH_free.3 b/kerberos5/man/hcrypto/man/man3/DH_free.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DH_free.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/kerberos5/man/hcrypto/man/man3/DH_generate_key.3 b/kerberos5/man/hcrypto/man/man3/DH_generate_key.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DH_generate_key.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/kerberos5/man/hcrypto/man/man3/DH_generate_parameters_ex.3 b/kerberos5/man/hcrypto/man/man3/DH_generate_parameters_ex.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DH_generate_parameters_ex.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/kerberos5/man/hcrypto/man/man3/DH_get_default_method.3 b/kerberos5/man/hcrypto/man/man3/DH_get_default_method.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DH_get_default_method.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/kerberos5/man/hcrypto/man/man3/DH_get_ex_data.3 b/kerberos5/man/hcrypto/man/man3/DH_get_ex_data.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DH_get_ex_data.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/kerberos5/man/hcrypto/man/man3/DH_ltm_method.3 b/kerberos5/man/hcrypto/man/man3/DH_ltm_method.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DH_ltm_method.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/kerberos5/man/hcrypto/man/man3/DH_new.3 b/kerberos5/man/hcrypto/man/man3/DH_new.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DH_new.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/kerberos5/man/hcrypto/man/man3/DH_new_method.3 b/kerberos5/man/hcrypto/man/man3/DH_new_method.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DH_new_method.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/kerberos5/man/hcrypto/man/man3/DH_null_method.3 b/kerberos5/man/hcrypto/man/man3/DH_null_method.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DH_null_method.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/kerberos5/man/hcrypto/man/man3/DH_set_default_method.3 b/kerberos5/man/hcrypto/man/man3/DH_set_default_method.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DH_set_default_method.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/kerberos5/man/hcrypto/man/man3/DH_set_ex_data.3 b/kerberos5/man/hcrypto/man/man3/DH_set_ex_data.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DH_set_ex_data.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/kerberos5/man/hcrypto/man/man3/DH_set_method.3 b/kerberos5/man/hcrypto/man/man3/DH_set_method.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DH_set_method.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/kerberos5/man/hcrypto/man/man3/DH_size.3 b/kerberos5/man/hcrypto/man/man3/DH_size.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DH_size.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/kerberos5/man/hcrypto/man/man3/DH_up_ref.3 b/kerberos5/man/hcrypto/man/man3/DH_up_ref.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/DH_up_ref.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_BytesToKey.3 b/kerberos5/man/hcrypto/man/man3/EVP_BytesToKey.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_BytesToKey.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_block_size.3 b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_block_size.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_block_size.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_cipher.3 b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_cipher.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_cipher.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_cleanup.3 b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_cleanup.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_cleanup.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_ctrl.3 b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_ctrl.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_ctrl.3 @@ -0,0 +1 @@ +.so man3/hcrypto_core.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_flags.3 b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_flags.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_flags.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_get_app_data.3 b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_get_app_data.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_get_app_data.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_init.3 b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_init.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_init.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_iv_length.3 b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_iv_length.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_iv_length.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_key_length.3 b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_key_length.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_key_length.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_mode.3 b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_mode.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_mode.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_rand_key.3 b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_rand_key.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_rand_key.3 @@ -0,0 +1 @@ +.so man3/hcrypto_core.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_set_app_data.3 b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_set_app_data.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_set_app_data.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_set_key_length.3 b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_set_key_length.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_CTX_set_key_length.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_block_size.3 b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_block_size.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_block_size.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_iv_length.3 b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_iv_length.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_iv_length.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_key_length.3 b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_key_length.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_CIPHER_key_length.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_CipherFinal_ex.3 b/kerberos5/man/hcrypto/man/man3/EVP_CipherFinal_ex.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_CipherFinal_ex.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_CipherInit_ex.3 b/kerberos5/man/hcrypto/man/man3/EVP_CipherInit_ex.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_CipherInit_ex.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_CipherUpdate.3 b/kerberos5/man/hcrypto/man/man3/EVP_CipherUpdate.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_CipherUpdate.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_Digest.3 b/kerberos5/man/hcrypto/man/man3/EVP_Digest.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_Digest.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_DigestFinal_ex.3 b/kerberos5/man/hcrypto/man/man3/EVP_DigestFinal_ex.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_DigestFinal_ex.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_DigestInit_ex.3 b/kerberos5/man/hcrypto/man/man3/EVP_DigestInit_ex.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_DigestInit_ex.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_DigestUpdate.3 b/kerberos5/man/hcrypto/man/man3/EVP_DigestUpdate.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_DigestUpdate.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_MD_CTX_block_size.3 b/kerberos5/man/hcrypto/man/man3/EVP_MD_CTX_block_size.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_MD_CTX_block_size.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_MD_CTX_cleanup.3 b/kerberos5/man/hcrypto/man/man3/EVP_MD_CTX_cleanup.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_MD_CTX_cleanup.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_MD_CTX_create.3 b/kerberos5/man/hcrypto/man/man3/EVP_MD_CTX_create.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_MD_CTX_create.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_MD_CTX_destroy.3 b/kerberos5/man/hcrypto/man/man3/EVP_MD_CTX_destroy.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_MD_CTX_destroy.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_MD_CTX_init.3 b/kerberos5/man/hcrypto/man/man3/EVP_MD_CTX_init.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_MD_CTX_init.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_MD_CTX_md.3 b/kerberos5/man/hcrypto/man/man3/EVP_MD_CTX_md.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_MD_CTX_md.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_MD_CTX_size.3 b/kerberos5/man/hcrypto/man/man3/EVP_MD_CTX_size.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_MD_CTX_size.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_MD_block_size.3 b/kerberos5/man/hcrypto/man/man3/EVP_MD_block_size.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_MD_block_size.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_MD_size.3 b/kerberos5/man/hcrypto/man/man3/EVP_MD_size.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_MD_size.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_aes_128_cbc.3 b/kerberos5/man/hcrypto/man/man3/EVP_aes_128_cbc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_aes_128_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_aes_128_cfb8.3 b/kerberos5/man/hcrypto/man/man3/EVP_aes_128_cfb8.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_aes_128_cfb8.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_aes_192_cbc.3 b/kerberos5/man/hcrypto/man/man3/EVP_aes_192_cbc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_aes_192_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_aes_192_cfb8.3 b/kerberos5/man/hcrypto/man/man3/EVP_aes_192_cfb8.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_aes_192_cfb8.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_aes_256_cbc.3 b/kerberos5/man/hcrypto/man/man3/EVP_aes_256_cbc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_aes_256_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_aes_256_cfb8.3 b/kerberos5/man/hcrypto/man/man3/EVP_aes_256_cfb8.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_aes_256_cfb8.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_camellia_128_cbc.3 b/kerberos5/man/hcrypto/man/man3/EVP_camellia_128_cbc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_camellia_128_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_camellia_192_cbc.3 b/kerberos5/man/hcrypto/man/man3/EVP_camellia_192_cbc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_camellia_192_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_camellia_256_cbc.3 b/kerberos5/man/hcrypto/man/man3/EVP_camellia_256_cbc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_camellia_256_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_des_cbc.3 b/kerberos5/man/hcrypto/man/man3/EVP_des_cbc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_des_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_des_ede3_cbc.3 b/kerberos5/man/hcrypto/man/man3/EVP_des_ede3_cbc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_des_ede3_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_enc_null.3 b/kerberos5/man/hcrypto/man/man3/EVP_enc_null.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_enc_null.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_get_cipherbyname.3 b/kerberos5/man/hcrypto/man/man3/EVP_get_cipherbyname.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_get_cipherbyname.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_aes_128_cbc.3 b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_aes_128_cbc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_aes_128_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_aes_128_cfb8.3 b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_aes_128_cfb8.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_aes_128_cfb8.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_aes_192_cbc.3 b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_aes_192_cbc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_aes_192_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_aes_192_cfb8.3 b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_aes_192_cfb8.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_aes_192_cfb8.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_aes_256_cbc.3 b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_aes_256_cbc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_aes_256_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_aes_256_cfb8.3 b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_aes_256_cfb8.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_aes_256_cfb8.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_camellia_128_cbc.3 b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_camellia_128_cbc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_camellia_128_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_camellia_192_cbc.3 b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_camellia_192_cbc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_camellia_192_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_camellia_256_cbc.3 b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_camellia_256_cbc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_camellia_256_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_des_cbc.3 b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_des_cbc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_des_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_des_ede3_cbc.3 b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_des_ede3_cbc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_des_ede3_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_md4.3 b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_md4.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_md4.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_md5.3 b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_md5.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_md5.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_rc2_40_cbc.3 b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_rc2_40_cbc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_rc2_40_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_rc2_64_cbc.3 b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_rc2_64_cbc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_rc2_64_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_rc2_cbc.3 b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_rc2_cbc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_rc2_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_sha1.3 b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_sha1.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_sha1.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_sha256.3 b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_sha256.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_sha256.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_sha384.3 b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_sha384.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_sha384.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_sha512.3 b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_sha512.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_hcrypto_sha512.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_md4.3 b/kerberos5/man/hcrypto/man/man3/EVP_md4.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_md4.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_md5.3 b/kerberos5/man/hcrypto/man/man3/EVP_md5.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_md5.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_md_null.3 b/kerberos5/man/hcrypto/man/man3/EVP_md_null.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_md_null.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_rc2_40_cbc.3 b/kerberos5/man/hcrypto/man/man3/EVP_rc2_40_cbc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_rc2_40_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_rc2_64_cbc.3 b/kerberos5/man/hcrypto/man/man3/EVP_rc2_64_cbc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_rc2_64_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_rc2_cbc.3 b/kerberos5/man/hcrypto/man/man3/EVP_rc2_cbc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_rc2_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_rc4.3 b/kerberos5/man/hcrypto/man/man3/EVP_rc4.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_rc4.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_rc4_40.3 b/kerberos5/man/hcrypto/man/man3/EVP_rc4_40.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_rc4_40.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_sha.3 b/kerberos5/man/hcrypto/man/man3/EVP_sha.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_sha.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_sha1.3 b/kerberos5/man/hcrypto/man/man3/EVP_sha1.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_sha1.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_sha256.3 b/kerberos5/man/hcrypto/man/man3/EVP_sha256.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_sha256.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_sha384.3 b/kerberos5/man/hcrypto/man/man3/EVP_sha384.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_sha384.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_sha512.3 b/kerberos5/man/hcrypto/man/man3/EVP_sha512.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_sha512.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/EVP_wincrypt_des_ede3_cbc.3 b/kerberos5/man/hcrypto/man/man3/EVP_wincrypt_des_ede3_cbc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/EVP_wincrypt_des_ede3_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/OSSL_CIPHER_ALGORITHM.3 b/kerberos5/man/hcrypto/man/man3/OSSL_CIPHER_ALGORITHM.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/OSSL_CIPHER_ALGORITHM.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/OpenSSL_add_all_algorithms.3 b/kerberos5/man/hcrypto/man/man3/OpenSSL_add_all_algorithms.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/OpenSSL_add_all_algorithms.3 @@ -0,0 +1 @@ +.so man3/hcrypto_core.3 diff --git a/kerberos5/man/hcrypto/man/man3/OpenSSL_add_all_algorithms_conf.3 b/kerberos5/man/hcrypto/man/man3/OpenSSL_add_all_algorithms_conf.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/OpenSSL_add_all_algorithms_conf.3 @@ -0,0 +1 @@ +.so man3/hcrypto_core.3 diff --git a/kerberos5/man/hcrypto/man/man3/OpenSSL_add_all_algorithms_noconf.3 b/kerberos5/man/hcrypto/man/man3/OpenSSL_add_all_algorithms_noconf.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/OpenSSL_add_all_algorithms_noconf.3 @@ -0,0 +1 @@ +.so man3/hcrypto_core.3 diff --git a/kerberos5/man/hcrypto/man/man3/PKCS5_PBKDF2_HMAC.3 b/kerberos5/man/hcrypto/man/man3/PKCS5_PBKDF2_HMAC.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/PKCS5_PBKDF2_HMAC.3 @@ -0,0 +1 @@ +.so man3/hcrypto_misc.3 diff --git a/kerberos5/man/hcrypto/man/man3/PKCS5_PBKDF2_HMAC_SHA1.3 b/kerberos5/man/hcrypto/man/man3/PKCS5_PBKDF2_HMAC_SHA1.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/PKCS5_PBKDF2_HMAC_SHA1.3 @@ -0,0 +1 @@ +.so man3/hcrypto_misc.3 diff --git a/kerberos5/man/hcrypto/man/man3/RAND_add.3 b/kerberos5/man/hcrypto/man/man3/RAND_add.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/RAND_add.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rand.3 diff --git a/kerberos5/man/hcrypto/man/man3/RAND_bytes.3 b/kerberos5/man/hcrypto/man/man3/RAND_bytes.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/RAND_bytes.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rand.3 diff --git a/kerberos5/man/hcrypto/man/man3/RAND_cleanup.3 b/kerberos5/man/hcrypto/man/man3/RAND_cleanup.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/RAND_cleanup.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rand.3 diff --git a/kerberos5/man/hcrypto/man/man3/RAND_file_name.3 b/kerberos5/man/hcrypto/man/man3/RAND_file_name.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/RAND_file_name.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rand.3 diff --git a/kerberos5/man/hcrypto/man/man3/RAND_get_rand_method.3 b/kerberos5/man/hcrypto/man/man3/RAND_get_rand_method.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/RAND_get_rand_method.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rand.3 diff --git a/kerberos5/man/hcrypto/man/man3/RAND_load_file.3 b/kerberos5/man/hcrypto/man/man3/RAND_load_file.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/RAND_load_file.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rand.3 diff --git a/kerberos5/man/hcrypto/man/man3/RAND_pseudo_bytes.3 b/kerberos5/man/hcrypto/man/man3/RAND_pseudo_bytes.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/RAND_pseudo_bytes.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rand.3 diff --git a/kerberos5/man/hcrypto/man/man3/RAND_seed.3 b/kerberos5/man/hcrypto/man/man3/RAND_seed.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/RAND_seed.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rand.3 diff --git a/kerberos5/man/hcrypto/man/man3/RAND_set_rand_engine.3 b/kerberos5/man/hcrypto/man/man3/RAND_set_rand_engine.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/RAND_set_rand_engine.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rand.3 diff --git a/kerberos5/man/hcrypto/man/man3/RAND_set_rand_method.3 b/kerberos5/man/hcrypto/man/man3/RAND_set_rand_method.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/RAND_set_rand_method.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rand.3 diff --git a/kerberos5/man/hcrypto/man/man3/RAND_status.3 b/kerberos5/man/hcrypto/man/man3/RAND_status.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/RAND_status.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rand.3 diff --git a/kerberos5/man/hcrypto/man/man3/RAND_write_file.3 b/kerberos5/man/hcrypto/man/man3/RAND_write_file.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/RAND_write_file.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rand.3 diff --git a/kerberos5/man/hcrypto/man/man3/RSA_free.3 b/kerberos5/man/hcrypto/man/man3/RSA_free.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/RSA_free.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rsa.3 diff --git a/kerberos5/man/hcrypto/man/man3/RSA_get_app_data.3 b/kerberos5/man/hcrypto/man/man3/RSA_get_app_data.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/RSA_get_app_data.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rsa.3 diff --git a/kerberos5/man/hcrypto/man/man3/RSA_get_method.3 b/kerberos5/man/hcrypto/man/man3/RSA_get_method.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/RSA_get_method.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rsa.3 diff --git a/kerberos5/man/hcrypto/man/man3/RSA_new.3 b/kerberos5/man/hcrypto/man/man3/RSA_new.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/RSA_new.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rsa.3 diff --git a/kerberos5/man/hcrypto/man/man3/RSA_new_method.3 b/kerberos5/man/hcrypto/man/man3/RSA_new_method.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/RSA_new_method.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rsa.3 diff --git a/kerberos5/man/hcrypto/man/man3/RSA_set_app_data.3 b/kerberos5/man/hcrypto/man/man3/RSA_set_app_data.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/RSA_set_app_data.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rsa.3 diff --git a/kerberos5/man/hcrypto/man/man3/RSA_set_method.3 b/kerberos5/man/hcrypto/man/man3/RSA_set_method.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/RSA_set_method.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rsa.3 diff --git a/kerberos5/man/hcrypto/man/man3/RSA_up_ref.3 b/kerberos5/man/hcrypto/man/man3/RSA_up_ref.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/RSA_up_ref.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rsa.3 diff --git a/kerberos5/man/hcrypto/man/man3/WINCNG_CIPHER_ALGORITHM.3 b/kerberos5/man/hcrypto/man/man3/WINCNG_CIPHER_ALGORITHM.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/WINCNG_CIPHER_ALGORITHM.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/WINCNG_CIPHER_ALGORITHM_UNAVAILABLE.3 b/kerberos5/man/hcrypto/man/man3/WINCNG_CIPHER_ALGORITHM_UNAVAILABLE.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/WINCNG_CIPHER_ALGORITHM_UNAVAILABLE.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/kerberos5/man/hcrypto/man/man3/hcrypto_core.3 b/kerberos5/man/hcrypto/man/man3/hcrypto_core.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/hcrypto_core.3 @@ -0,0 +1,77 @@ +.TH "hcrypto_core" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal crypto library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hcrypto_core \- hcrypto function controlling behavior +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBEVP_CIPHER_CTX_rand_key\fP (EVP_CIPHER_CTX *ctx, void *key)" +.br +.ti -1c +.RI "int \fBEVP_CIPHER_CTX_ctrl\fP (EVP_CIPHER_CTX *ctx, int type, int arg, void *data)" +.br +.ti -1c +.RI "void \fBOpenSSL_add_all_algorithms\fP (void)" +.br +.ti -1c +.RI "void \fBOpenSSL_add_all_algorithms_conf\fP (void)" +.br +.ti -1c +.RI "void \fBOpenSSL_add_all_algorithms_noconf\fP (void)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "int EVP_CIPHER_CTX_ctrl (EVP_CIPHER_CTX * ctx, int type, int arg, void * data)" +Perform a operation on a ctx +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP context to perform operation on\&. +.br +\fItype\fP type of operation\&. +.br +\fIarg\fP argument to operation\&. +.br +\fIdata\fP addition data to operation\&. +.RE +.PP +\fBReturns\fP +.RS 4 +1 for success, 0 for failure\&. +.RE +.PP + +.SS "int EVP_CIPHER_CTX_rand_key (EVP_CIPHER_CTX * ctx, void * key)" +Generate a random key for the specificed EVP_CIPHER\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP EVP_CIPHER_CTX type to build the key for\&. +.br +\fIkey\fP return key, must be at least \fBEVP_CIPHER_key_length()\fP byte long\&. +.RE +.PP +\fBReturns\fP +.RS 4 +1 for success, 0 for failure\&. +.RE +.PP + +.SS "void OpenSSL_add_all_algorithms (void)" +Add all algorithms to the crypto core\&. +.SS "void OpenSSL_add_all_algorithms_conf (void)" +Add all algorithms to the crypto core using configuration file\&. +.SS "void OpenSSL_add_all_algorithms_noconf (void)" +Add all algorithms to the crypto core, but don't use the configuration file\&. +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal crypto library from the source code\&. diff --git a/kerberos5/man/hcrypto/man/man3/hcrypto_des.3 b/kerberos5/man/hcrypto/man/man3/hcrypto_des.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/hcrypto_des.3 @@ -0,0 +1,379 @@ +.TH "hcrypto_des" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal crypto library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hcrypto_des \- DES crypto functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "void \fBDES_set_odd_parity\fP (DES_cblock *key)" +.br +.ti -1c +.RI "int HC_DEPRECATED \fBDES_check_key_parity\fP (DES_cblock *key)" +.br +.ti -1c +.RI "int \fBDES_is_weak_key\fP (DES_cblock *key)" +.br +.ti -1c +.RI "int HC_DEPRECATED \fBDES_set_key\fP (DES_cblock *key, DES_key_schedule *ks)" +.br +.ti -1c +.RI "int \fBDES_set_key_unchecked\fP (DES_cblock *key, DES_key_schedule *ks)" +.br +.ti -1c +.RI "int \fBDES_set_key_checked\fP (DES_cblock *key, DES_key_schedule *ks)" +.br +.ti -1c +.RI "int \fBDES_key_sched\fP (DES_cblock *key, DES_key_schedule *ks)" +.br +.ti -1c +.RI "void \fBDES_encrypt\fP (uint32_t u[2], DES_key_schedule *ks, int encp)" +.br +.ti -1c +.RI "void \fBDES_ecb_encrypt\fP (DES_cblock *input, DES_cblock *output, DES_key_schedule *ks, int encp)" +.br +.ti -1c +.RI "void \fBDES_cbc_encrypt\fP (const void *in, void *out, long length, DES_key_schedule *ks, DES_cblock *iv, int encp)" +.br +.ti -1c +.RI "void \fBDES_pcbc_encrypt\fP (const void *in, void *out, long length, DES_key_schedule *ks, DES_cblock *iv, int encp)" +.br +.ti -1c +.RI "void \fBDES_ecb3_encrypt\fP (DES_cblock *input, DES_cblock *output, DES_key_schedule *ks1, DES_key_schedule *ks2, DES_key_schedule *ks3, int encp)" +.br +.ti -1c +.RI "void \fBDES_ede3_cbc_encrypt\fP (const void *in, void *out, long length, DES_key_schedule *ks1, DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *iv, int encp)" +.br +.ti -1c +.RI "void \fBDES_cfb64_encrypt\fP (const void *in, void *out, long length, DES_key_schedule *ks, DES_cblock *iv, int *num, int encp)" +.br +.ti -1c +.RI "uint32_t \fBDES_cbc_cksum\fP (const void *in, DES_cblock *output, long length, DES_key_schedule *ks, DES_cblock *iv)" +.br +.ti -1c +.RI "void \fBDES_string_to_key\fP (const char *str, DES_cblock *key)" +.br +.ti -1c +.RI "int HC_DEPRECATED \fBDES_new_random_key\fP (DES_cblock *key)" +.br +.ti -1c +.RI "void HC_DEPRECATED \fBDES_init_random_number_generator\fP (DES_cblock *seed)" +.br +.ti -1c +.RI "void HC_DEPRECATED \fBDES_random_key\fP (DES_cblock *key)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBDES - Data Encryption Standard crypto interface\fP for description and examples\&. +.SH "Function Documentation" +.PP +.SS "uint32_t DES_cbc_cksum (const void * in, DES_cblock * output, long length, DES_key_schedule * ks, DES_cblock * iv)" +Crete a checksum using DES in CBC encryption mode\&. This mode is only used for Kerberos 4, and it should stay that way\&. +.PP +The IV must always be diffrent for diffrent input data blocks\&. +.PP +\fBParameters\fP +.RS 4 +\fIin\fP data to checksum +.br +\fIoutput\fP the checksum +.br +\fIlength\fP length of data +.br +\fIks\fP key schedule to use +.br +\fIiv\fP initial vector to use +.RE +.PP + +.SS "void DES_cbc_encrypt (const void * in, void * out, long length, DES_key_schedule * ks, DES_cblock * iv, int encp)" +Encrypt/decrypt a block using DES in Chain Block Cipher mode (cbc)\&. +.PP +The IV must always be diffrent for diffrent input data blocks\&. +.PP +\fBParameters\fP +.RS 4 +\fIin\fP data to encrypt +.br +\fIout\fP data to encrypt +.br +\fIlength\fP length of data +.br +\fIks\fP key schedule to use +.br +\fIiv\fP initial vector to use +.br +\fIencp\fP if non zero, encrypt\&. if zero, decrypt\&. +.RE +.PP + +.SS "void DES_cfb64_encrypt (const void * in, void * out, long length, DES_key_schedule * ks, DES_cblock * iv, int * num, int encp)" +Encrypt/decrypt using DES in cipher feedback mode with 64 bit feedback\&. +.PP +The IV must always be diffrent for diffrent input data blocks\&. +.PP +\fBParameters\fP +.RS 4 +\fIin\fP data to encrypt +.br +\fIout\fP data to encrypt +.br +\fIlength\fP length of data +.br +\fIks\fP key schedule to use +.br +\fIiv\fP initial vector to use +.br +\fInum\fP offset into in cipher block encryption/decryption stop last time\&. +.br +\fIencp\fP if non zero, encrypt\&. if zero, decrypt\&. +.RE +.PP + +.SS "int HC_DEPRECATED DES_check_key_parity (DES_cblock * key)" +Check if the key have correct parity\&. +.PP +\fBParameters\fP +.RS 4 +\fIkey\fP key to check the parity\&. +.RE +.PP +\fBReturns\fP +.RS 4 +1 on success, 0 on failure\&. +.RE +.PP + +.SS "void DES_ecb3_encrypt (DES_cblock * input, DES_cblock * output, DES_key_schedule * ks1, DES_key_schedule * ks2, DES_key_schedule * ks3, int encp)" +Encrypt/decrypt a block using triple DES using EDE mode, encrypt/decrypt/encrypt\&. +.PP +\fBParameters\fP +.RS 4 +\fIinput\fP data to encrypt +.br +\fIoutput\fP data to encrypt +.br +\fIks1\fP key schedule to use +.br +\fIks2\fP key schedule to use +.br +\fIks3\fP key schedule to use +.br +\fIencp\fP if non zero, encrypt\&. if zero, decrypt\&. +.RE +.PP + +.SS "void DES_ecb_encrypt (DES_cblock * input, DES_cblock * output, DES_key_schedule * ks, int encp)" +Encrypt/decrypt a block using DES\&. +.PP +\fBParameters\fP +.RS 4 +\fIinput\fP data to encrypt +.br +\fIoutput\fP data to encrypt +.br +\fIks\fP key schedule to use +.br +\fIencp\fP if non zero, encrypt\&. if zero, decrypt\&. +.RE +.PP + +.SS "void DES_ede3_cbc_encrypt (const void * in, void * out, long length, DES_key_schedule * ks1, DES_key_schedule * ks2, DES_key_schedule * ks3, DES_cblock * iv, int encp)" +Encrypt/decrypt using Triple DES in Chain Block Cipher mode (cbc)\&. +.PP +The IV must always be diffrent for diffrent input data blocks\&. +.PP +\fBParameters\fP +.RS 4 +\fIin\fP data to encrypt +.br +\fIout\fP data to encrypt +.br +\fIlength\fP length of data +.br +\fIks1\fP key schedule to use +.br +\fIks2\fP key schedule to use +.br +\fIks3\fP key schedule to use +.br +\fIiv\fP initial vector to use +.br +\fIencp\fP if non zero, encrypt\&. if zero, decrypt\&. +.RE +.PP + +.SS "void DES_encrypt (uint32_t u[2], DES_key_schedule * ks, int encp)" +Encrypt/decrypt a block using DES\&. Also called ECB mode +.PP +\fBParameters\fP +.RS 4 +\fIu\fP data to encrypt +.br +\fIks\fP key schedule to use +.br +\fIencp\fP if non zero, encrypt\&. if zero, decrypt\&. +.RE +.PP + +.SS "void HC_DEPRECATED DES_init_random_number_generator (DES_cblock * seed)" +Seed the random number generator\&. Deprecated, use \fBRAND - random number\fP +.PP +\fBParameters\fP +.RS 4 +\fIseed\fP a seed to seed that random number generate with\&. +.RE +.PP + +.SS "int DES_is_weak_key (DES_cblock * key)" +Checks if the key is any of the weaks keys that makes DES attacks trival\&. +.PP +\fBParameters\fP +.RS 4 +\fIkey\fP key to check\&. +.RE +.PP +\fBReturns\fP +.RS 4 +1 if the key is weak, 0 otherwise\&. +.RE +.PP + +.SS "int DES_key_sched (DES_cblock * key, DES_key_schedule * ks)" +Compatibility function for eay libdes, works just like \fBDES_set_key_checked()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIkey\fP a key to initialize the key schedule with\&. +.br +\fIks\fP a key schedule to initialize\&. +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, -1 on invalid parity, -2 on weak key\&. +.RE +.PP + +.SS "int HC_DEPRECATED DES_new_random_key (DES_cblock * key)" +Generate a random des key using a random block, fixup parity and skip weak keys\&. +.PP +\fBParameters\fP +.RS 4 +\fIkey\fP is set to a random key\&. +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, non zero on random number generator failure\&. +.RE +.PP + +.SS "void DES_pcbc_encrypt (const void * in, void * out, long length, DES_key_schedule * ks, DES_cblock * iv, int encp)" +Encrypt/decrypt a block using DES in Propagating Cipher Block Chaining mode\&. This mode is only used for Kerberos 4, and it should stay that way\&. +.PP +The IV must always be diffrent for diffrent input data blocks\&. +.PP +\fBParameters\fP +.RS 4 +\fIin\fP data to encrypt +.br +\fIout\fP data to encrypt +.br +\fIlength\fP length of data +.br +\fIks\fP key schedule to use +.br +\fIiv\fP initial vector to use +.br +\fIencp\fP if non zero, encrypt\&. if zero, decrypt\&. +.RE +.PP + +.SS "void HC_DEPRECATED DES_random_key (DES_cblock * key)" +Generate a random key, deprecated since it doesn't return an error code, use \fBDES_new_random_key()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIkey\fP is set to a random key\&. +.RE +.PP + +.SS "int HC_DEPRECATED DES_set_key (DES_cblock * key, DES_key_schedule * ks)" +Setup a des key schedule from a key\&. Deprecated function, use \fBDES_set_key_unchecked()\fP or \fBDES_set_key_checked()\fP instead\&. +.PP +\fBParameters\fP +.RS 4 +\fIkey\fP a key to initialize the key schedule with\&. +.br +\fIks\fP a key schedule to initialize\&. +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success +.RE +.PP + +.SS "int DES_set_key_checked (DES_cblock * key, DES_key_schedule * ks)" +Just like \fBDES_set_key_unchecked()\fP except checking that the key is not weak for or have correct parity\&. +.PP +\fBParameters\fP +.RS 4 +\fIkey\fP a key to initialize the key schedule with\&. +.br +\fIks\fP a key schedule to initialize\&. +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, -1 on invalid parity, -2 on weak key\&. +.RE +.PP + +.SS "int DES_set_key_unchecked (DES_cblock * key, DES_key_schedule * ks)" +Setup a des key schedule from a key\&. The key is no longer needed after this transaction and can cleared\&. +.PP +Does NOT check that the key is weak for or have wrong parity\&. +.PP +\fBParameters\fP +.RS 4 +\fIkey\fP a key to initialize the key schedule with\&. +.br +\fIks\fP a key schedule to initialize\&. +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success +.RE +.PP + +.SS "void DES_set_odd_parity (DES_cblock * key)" +Set the parity of the key block, used to generate a des key from a random key\&. See \fBDES key generation\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIkey\fP key to fixup the parity for\&. +.RE +.PP + +.SS "void DES_string_to_key (const char * str, DES_cblock * key)" +Convert a string to a DES key\&. Use something like \fBPKCS5_PBKDF2_HMAC_SHA1()\fP to create key from passwords\&. +.PP +\fBParameters\fP +.RS 4 +\fIstr\fP The string to convert to a key +.br +\fIkey\fP the resulting key +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal crypto library from the source code\&. diff --git a/kerberos5/man/hcrypto/man/man3/hcrypto_dh.3 b/kerberos5/man/hcrypto/man/man3/hcrypto_dh.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/hcrypto_dh.3 @@ -0,0 +1,292 @@ +.TH "hcrypto_dh" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal crypto library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hcrypto_dh \- Diffie-Hellman functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "const DH_METHOD * \fBDH_ltm_method\fP (void)" +.br +.ti -1c +.RI "DH * \fBDH_new\fP (void)" +.br +.ti -1c +.RI "DH * \fBDH_new_method\fP (ENGINE *engine)" +.br +.ti -1c +.RI "void \fBDH_free\fP (DH *dh)" +.br +.ti -1c +.RI "int \fBDH_up_ref\fP (DH *dh)" +.br +.ti -1c +.RI "int \fBDH_size\fP (const DH *dh)" +.br +.ti -1c +.RI "int \fBDH_set_ex_data\fP (DH *dh, int idx, void *data)" +.br +.ti -1c +.RI "void * \fBDH_get_ex_data\fP (DH *dh, int idx)" +.br +.ti -1c +.RI "int \fBDH_generate_parameters_ex\fP (DH *dh, int prime_len, int generator, BN_GENCB *cb)" +.br +.ti -1c +.RI "int \fBDH_check_pubkey\fP (const DH *dh, const BIGNUM *pub_key, int *codes)" +.br +.ti -1c +.RI "int \fBDH_generate_key\fP (DH *dh)" +.br +.ti -1c +.RI "int \fBDH_compute_key\fP (unsigned char *shared_key, const BIGNUM *peer_pub_key, DH *dh)" +.br +.ti -1c +.RI "int \fBDH_set_method\fP (DH *dh, const DH_METHOD *method)" +.br +.ti -1c +.RI "const DH_METHOD * \fBDH_null_method\fP (void)" +.br +.ti -1c +.RI "void \fBDH_set_default_method\fP (const DH_METHOD *meth)" +.br +.ti -1c +.RI "const DH_METHOD * \fBDH_get_default_method\fP (void)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBDH - Diffie-Hellman key exchange\fP for description and examples\&. +.SH "Function Documentation" +.PP +.SS "int DH_check_pubkey (const DH * dh, const BIGNUM * pub_key, int * codes)" +Check that the public key is sane\&. +.PP +\fBParameters\fP +.RS 4 +\fIdh\fP the local peer DH parameters\&. +.br +\fIpub_key\fP the remote peer public key parameters\&. +.br +\fIcodes\fP return that the failures of the pub_key are\&. +.RE +.PP +\fBReturns\fP +.RS 4 +1 on success, 0 on failure and *codes is set the the combined fail check for the public key +.RE +.PP +Checks that the function performs are: +.IP "\(bu" 2 +pub_key is not negative +.IP "\(bu" 2 +pub_key > 1 and pub_key < p - 1, to avoid small subgroups attack\&. +.IP "\(bu" 2 +if g == 2, pub_key have more then one bit set, if bits set is 1, log_2(pub_key) is trival +.PP + +.SS "int DH_compute_key (unsigned char * shared_key, const BIGNUM * peer_pub_key, DH * dh)" +Complute the shared secret key\&. +.PP +\fBParameters\fP +.RS 4 +\fIshared_key\fP the resulting shared key, need to be at least \fBDH_size()\fP large\&. +.br +\fIpeer_pub_key\fP the peer's public key\&. +.br +\fIdh\fP the dh key pair\&. +.RE +.PP +\fBReturns\fP +.RS 4 +1 on success\&. +.RE +.PP +Checks that the pubkey passed in is valid using \fBDH_check_pubkey()\fP\&. +.SS "void DH_free (DH * dh)" +Free a DH object and release related resources, like ENGINE, that the object was using\&. +.PP +\fBParameters\fP +.RS 4 +\fIdh\fP object to be freed\&. +.RE +.PP + +.SS "int DH_generate_key (DH * dh)" +Generate a new DH private-public key pair\&. The dh parameter must be allocted first with \fBDH_new()\fP\&. dh->p and dp->g must be set\&. +.PP +\fBParameters\fP +.RS 4 +\fIdh\fP dh parameter\&. +.RE +.PP +\fBReturns\fP +.RS 4 +1 on success\&. +.RE +.PP + +.SS "int DH_generate_parameters_ex (DH * dh, int prime_len, int generator, BN_GENCB * cb)" +Generate DH parameters for the DH object give parameters\&. +.PP +\fBParameters\fP +.RS 4 +\fIdh\fP The DH object to generate parameters for\&. +.br +\fIprime_len\fP length of the prime +.br +\fIgenerator\fP generator, g +.br +\fIcb\fP Callback parameters to show progress, can be NULL\&. +.RE +.PP +\fBReturns\fP +.RS 4 +the maximum size in bytes of the out data\&. +.RE +.PP + +.SS "const DH_METHOD* DH_get_default_method (void)" +Return the default DH implementation\&. +.PP +\fBReturns\fP +.RS 4 +pointer to a DH_METHOD\&. +.RE +.PP + +.SS "void* DH_get_ex_data (DH * dh, int idx)" +Get the data for index idx in the DH object\&. +.PP +\fBParameters\fP +.RS 4 +\fIdh\fP DH object\&. +.br +\fIidx\fP index to get the data for\&. +.RE +.PP +\fBReturns\fP +.RS 4 +the object store in index idx +.RE +.PP + +.SS "const DH_METHOD* DH_ltm_method (void)" +DH implementation using libtommath\&. +.PP +\fBReturns\fP +.RS 4 +the DH_METHOD for the DH implementation using libtommath\&. +.RE +.PP + +.SS "DH* DH_new (void)" +Create a new DH object using DH_new_method(NULL), see \fBDH_new_method()\fP\&. +.PP +\fBReturns\fP +.RS 4 +a newly allocated DH object\&. +.RE +.PP + +.SS "DH* DH_new_method (ENGINE * engine)" +Create a new DH object from the given engine, if the NULL is used, the default engine is used\&. Free the DH object with \fBDH_free()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIengine\fP The engine to use to allocate the DH object\&. +.RE +.PP +\fBReturns\fP +.RS 4 +a newly allocated DH object\&. +.RE +.PP + +.SS "const DH_METHOD* DH_null_method (void)" +Return the dummy DH implementation\&. +.PP +\fBReturns\fP +.RS 4 +pointer to a DH_METHOD\&. +.RE +.PP + +.SS "void DH_set_default_method (const DH_METHOD * meth)" +Set the default DH implementation\&. +.PP +\fBParameters\fP +.RS 4 +\fImeth\fP pointer to a DH_METHOD\&. +.RE +.PP + +.SS "int DH_set_ex_data (DH * dh, int idx, void * data)" +Set the data index idx in the DH object to data\&. +.PP +\fBParameters\fP +.RS 4 +\fIdh\fP DH object\&. +.br +\fIidx\fP index to set the data for\&. +.br +\fIdata\fP data to store for the index idx\&. +.RE +.PP +\fBReturns\fP +.RS 4 +1 on success\&. +.RE +.PP + +.SS "int DH_set_method (DH * dh, const DH_METHOD * method)" +Set a new method for the DH keypair\&. +.PP +\fBParameters\fP +.RS 4 +\fIdh\fP dh parameter\&. +.br +\fImethod\fP the new method for the DH parameter\&. +.RE +.PP +\fBReturns\fP +.RS 4 +1 on success\&. +.RE +.PP + +.SS "int DH_size (const DH * dh)" +The maximum output size of the \fBDH_compute_key()\fP function\&. +.PP +\fBParameters\fP +.RS 4 +\fIdh\fP The DH object to get the size from\&. +.RE +.PP +\fBReturns\fP +.RS 4 +the maximum size in bytes of the out data\&. +.RE +.PP + +.SS "int DH_up_ref (DH * dh)" +Add a reference to the DH object\&. The object should be free with \fBDH_free()\fP to drop the reference\&. +.PP +\fBParameters\fP +.RS 4 +\fIdh\fP the object to increase the reference count too\&. +.RE +.PP +\fBReturns\fP +.RS 4 +the updated reference count, can't safely be used except for debug printing\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal crypto library from the source code\&. diff --git a/kerberos5/man/hcrypto/man/man3/hcrypto_evp.3 b/kerberos5/man/hcrypto/man/man3/hcrypto_evp.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/hcrypto_evp.3 @@ -0,0 +1,1441 @@ +.TH "hcrypto_evp" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal crypto library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hcrypto_evp \- EVP generic crypto functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_wincrypt_des_ede3_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_hcrypto_aes_128_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_hcrypto_aes_192_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_hcrypto_aes_256_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_hcrypto_aes_128_cfb8\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_hcrypto_aes_192_cfb8\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_hcrypto_aes_256_cfb8\fP (void)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_hcrypto_sha256\fP (void)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_hcrypto_sha384\fP (void)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_hcrypto_sha512\fP (void)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_hcrypto_sha1\fP (void)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_hcrypto_md5\fP (void)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_hcrypto_md4\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_hcrypto_des_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_hcrypto_des_ede3_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_hcrypto_rc2_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_hcrypto_rc2_40_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_hcrypto_rc2_64_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_hcrypto_camellia_128_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_hcrypto_camellia_192_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_hcrypto_camellia_256_cbc\fP (void)" +.br +.ti -1c +.RI "\fBOSSL_CIPHER_ALGORITHM\fP (rc2_cbc, hc_EVP_CIPH_CBC_MODE|hc_EVP_CIPH_VARIABLE_LENGTH) OSSL_CIPHER_ALGORITHM(rc2_40_cbc" +.br +.ti -1c +.RI "hc_EVP_CIPH_CBC_MODE \fBOSSL_CIPHER_ALGORITHM\fP (rc2_64_cbc, hc_EVP_CIPH_CBC_MODE|hc_EVP_CIPH_VARIABLE_LENGTH) OSSL_CIPHER_ALGORITHM(rc4" +.br +.ti -1c +.RI "\fBWINCNG_CIPHER_ALGORITHM\fP (des_ede3_cbc, BCRYPT_3DES_ALGORITHM, 8, 24, 8, EVP_CIPH_CBC_MODE)" +.br +.ti -1c +.RI "\fBWINCNG_CIPHER_ALGORITHM\fP (des_cbc, BCRYPT_DES_ALGORITHM, 8, 8, 8, EVP_CIPH_CBC_MODE)" +.br +.ti -1c +.RI "\fBWINCNG_CIPHER_ALGORITHM\fP (aes_128_cbc, BCRYPT_AES_ALGORITHM, 16, 16, 16, EVP_CIPH_CBC_MODE)" +.br +.ti -1c +.RI "\fBWINCNG_CIPHER_ALGORITHM\fP (aes_192_cbc, BCRYPT_AES_ALGORITHM, 16, 24, 16, EVP_CIPH_CBC_MODE)" +.br +.ti -1c +.RI "\fBWINCNG_CIPHER_ALGORITHM\fP (aes_256_cbc, BCRYPT_AES_ALGORITHM, 16, 32, 16, EVP_CIPH_CBC_MODE)" +.br +.ti -1c +.RI "\fBWINCNG_CIPHER_ALGORITHM\fP (aes_128_cfb8, BCRYPT_AES_ALGORITHM, 16, 16, 16, EVP_CIPH_CFB8_MODE)" +.br +.ti -1c +.RI "\fBWINCNG_CIPHER_ALGORITHM\fP (aes_192_cfb8, BCRYPT_AES_ALGORITHM, 16, 24, 16, EVP_CIPH_CFB8_MODE)" +.br +.ti -1c +.RI "\fBWINCNG_CIPHER_ALGORITHM\fP (aes_256_cfb8, BCRYPT_AES_ALGORITHM, 16, 32, 16, EVP_CIPH_CFB8_MODE)" +.br +.ti -1c +.RI "\fBWINCNG_CIPHER_ALGORITHM\fP (rc2_cbc, BCRYPT_RC2_ALGORITHM, 8, 16, 8, EVP_CIPH_CBC_MODE)" +.br +.ti -1c +.RI "\fBWINCNG_CIPHER_ALGORITHM\fP (rc2_40_cbc, BCRYPT_RC2_ALGORITHM, 8, 5, 8, EVP_CIPH_CBC_MODE)" +.br +.ti -1c +.RI "\fBWINCNG_CIPHER_ALGORITHM\fP (rc2_64_cbc, BCRYPT_RC2_ALGORITHM, 8, 8, 8, EVP_CIPH_CBC_MODE)" +.br +.ti -1c +.RI "\fBWINCNG_CIPHER_ALGORITHM_UNAVAILABLE\fP (camellia_128_cbc)" +.br +.ti -1c +.RI "\fBWINCNG_CIPHER_ALGORITHM_UNAVAILABLE\fP (camellia_192_cbc)" +.br +.ti -1c +.RI "\fBWINCNG_CIPHER_ALGORITHM_UNAVAILABLE\fP (camellia_256_cbc)" +.br +.ti -1c +.RI "\fBWINCNG_CIPHER_ALGORITHM\fP (rc4, BCRYPT_RC4_ALGORITHM, 1, 16, 0, EVP_CIPH_STREAM_CIPHER|EVP_CIPH_VARIABLE_LENGTH)" +.br +.ti -1c +.RI "\fBWINCNG_CIPHER_ALGORITHM\fP (rc4_40, BCRYPT_RC4_ALGORITHM, 1, 5, 0, EVP_CIPH_STREAM_CIPHER|EVP_CIPH_VARIABLE_LENGTH)" +.br +.ti -1c +.RI "size_t \fBEVP_MD_size\fP (const EVP_MD *md)" +.br +.ti -1c +.RI "size_t \fBEVP_MD_block_size\fP (const EVP_MD *md)" +.br +.ti -1c +.RI "EVP_MD_CTX * \fBEVP_MD_CTX_create\fP (void)" +.br +.ti -1c +.RI "void \fBEVP_MD_CTX_init\fP (EVP_MD_CTX *ctx) HC_DEPRECATED" +.br +.ti -1c +.RI "void \fBEVP_MD_CTX_destroy\fP (EVP_MD_CTX *ctx)" +.br +.ti -1c +.RI "int \fBEVP_MD_CTX_cleanup\fP (EVP_MD_CTX *ctx) HC_DEPRECATED" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_MD_CTX_md\fP (EVP_MD_CTX *ctx)" +.br +.ti -1c +.RI "size_t \fBEVP_MD_CTX_size\fP (EVP_MD_CTX *ctx)" +.br +.ti -1c +.RI "size_t \fBEVP_MD_CTX_block_size\fP (EVP_MD_CTX *ctx)" +.br +.ti -1c +.RI "int \fBEVP_DigestInit_ex\fP (EVP_MD_CTX *ctx, const EVP_MD *md, ENGINE *engine)" +.br +.ti -1c +.RI "int \fBEVP_DigestUpdate\fP (EVP_MD_CTX *ctx, const void *data, size_t size)" +.br +.ti -1c +.RI "int \fBEVP_DigestFinal_ex\fP (EVP_MD_CTX *ctx, void *hash, unsigned int *size)" +.br +.ti -1c +.RI "int \fBEVP_Digest\fP (const void *data, size_t dsize, void *hash, unsigned int *hsize, const EVP_MD *md, ENGINE *engine)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_sha256\fP (void)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_sha384\fP (void)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_sha512\fP (void)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_sha1\fP (void)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_sha\fP (void)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_md5\fP (void)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_md4\fP (void)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_md_null\fP (void)" +.br +.ti -1c +.RI "size_t \fBEVP_CIPHER_block_size\fP (const EVP_CIPHER *c)" +.br +.ti -1c +.RI "size_t \fBEVP_CIPHER_key_length\fP (const EVP_CIPHER *c)" +.br +.ti -1c +.RI "size_t \fBEVP_CIPHER_iv_length\fP (const EVP_CIPHER *c)" +.br +.ti -1c +.RI "void \fBEVP_CIPHER_CTX_init\fP (EVP_CIPHER_CTX *c)" +.br +.ti -1c +.RI "int \fBEVP_CIPHER_CTX_cleanup\fP (EVP_CIPHER_CTX *c)" +.br +.ti -1c +.RI "int \fBEVP_CIPHER_CTX_set_key_length\fP (EVP_CIPHER_CTX *c, int length)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_CIPHER_CTX_cipher\fP (EVP_CIPHER_CTX *ctx)" +.br +.ti -1c +.RI "size_t \fBEVP_CIPHER_CTX_block_size\fP (const EVP_CIPHER_CTX *ctx)" +.br +.ti -1c +.RI "size_t \fBEVP_CIPHER_CTX_key_length\fP (const EVP_CIPHER_CTX *ctx)" +.br +.ti -1c +.RI "size_t \fBEVP_CIPHER_CTX_iv_length\fP (const EVP_CIPHER_CTX *ctx)" +.br +.ti -1c +.RI "unsigned long \fBEVP_CIPHER_CTX_flags\fP (const EVP_CIPHER_CTX *ctx)" +.br +.ti -1c +.RI "int \fBEVP_CIPHER_CTX_mode\fP (const EVP_CIPHER_CTX *ctx)" +.br +.ti -1c +.RI "void * \fBEVP_CIPHER_CTX_get_app_data\fP (EVP_CIPHER_CTX *ctx)" +.br +.ti -1c +.RI "void \fBEVP_CIPHER_CTX_set_app_data\fP (EVP_CIPHER_CTX *ctx, void *data)" +.br +.ti -1c +.RI "int \fBEVP_CipherInit_ex\fP (EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine, const void *key, const void *iv, int encp)" +.br +.ti -1c +.RI "int \fBEVP_CipherUpdate\fP (EVP_CIPHER_CTX *ctx, void *out, int *outlen, void *in, size_t inlen)" +.br +.ti -1c +.RI "int \fBEVP_CipherFinal_ex\fP (EVP_CIPHER_CTX *ctx, void *out, int *outlen)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_enc_null\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_rc2_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_rc2_40_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_rc2_64_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_rc4\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_rc4_40\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_des_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_des_ede3_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_aes_128_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_aes_192_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_aes_256_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_aes_128_cfb8\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_aes_192_cfb8\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_aes_256_cfb8\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_camellia_128_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_camellia_192_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_camellia_256_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_get_cipherbyname\fP (const char *name)" +.br +.ti -1c +.RI "int \fBEVP_BytesToKey\fP (const EVP_CIPHER *type, const EVP_MD *md, const void *salt, const void *data, size_t datalen, unsigned int count, void *keydata, void *ivdata)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBEVP - generic crypto interface\fP for description and examples\&. +.SH "Function Documentation" +.PP +.SS "const EVP_CIPHER* EVP_aes_128_cbc (void)" +The AES-128 cipher type +.PP +\fBReturns\fP +.RS 4 +the AES-128 EVP_CIPHER pointer\&. +.RE +.PP + +.PP +\fBExamples\fP +.in +1c +\fBexample_evp_cipher\&.c\fP\&. +.SS "const EVP_CIPHER* EVP_aes_128_cfb8 (void)" +The AES-128 cipher type +.PP +\fBReturns\fP +.RS 4 +the AES-128 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_aes_192_cbc (void)" +The AES-192 cipher type +.PP +\fBReturns\fP +.RS 4 +the AES-192 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_aes_192_cfb8 (void)" +The AES-192 cipher type +.PP +\fBReturns\fP +.RS 4 +the AES-192 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_aes_256_cbc (void)" +The AES-256 cipher type +.PP +\fBReturns\fP +.RS 4 +the AES-256 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_aes_256_cfb8 (void)" +The AES-256 cipher type +.PP +\fBReturns\fP +.RS 4 +the AES-256 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "int EVP_BytesToKey (const EVP_CIPHER * type, const EVP_MD * md, const void * salt, const void * data, size_t datalen, unsigned int count, void * keydata, void * ivdata)" +Provides a legancy string to key function, used in PEM files\&. +.PP +New protocols should use new string to key functions like NIST SP56-800A or PKCS#5 v2\&.0 (see \fBPKCS5_PBKDF2_HMAC_SHA1()\fP)\&. +.PP +\fBParameters\fP +.RS 4 +\fItype\fP type of cipher to use +.br +\fImd\fP message digest to use +.br +\fIsalt\fP salt salt string, should be an binary 8 byte buffer\&. +.br +\fIdata\fP the password/input key string\&. +.br +\fIdatalen\fP length of data parameter\&. +.br +\fIcount\fP iteration counter\&. +.br +\fIkeydata\fP output keydata, needs to of the size \fBEVP_CIPHER_key_length()\fP\&. +.br +\fIivdata\fP output ivdata, needs to of the size \fBEVP_CIPHER_block_size()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +the size of derived key\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_camellia_128_cbc (void)" +The Camellia-128 cipher type +.PP +\fBReturns\fP +.RS 4 +the Camellia-128 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_camellia_192_cbc (void)" +The Camellia-198 cipher type +.PP +\fBReturns\fP +.RS 4 +the Camellia-198 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_camellia_256_cbc (void)" +The Camellia-256 cipher type +.PP +\fBReturns\fP +.RS 4 +the Camellia-256 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "size_t EVP_CIPHER_block_size (const EVP_CIPHER * c)" +Return the block size of the cipher\&. +.PP +\fBParameters\fP +.RS 4 +\fIc\fP cipher to get the block size from\&. +.RE +.PP +\fBReturns\fP +.RS 4 +the block size of the cipher\&. +.RE +.PP + +.PP +\fBExamples\fP +.in +1c +\fBexample_evp_cipher\&.c\fP\&. +.SS "size_t EVP_CIPHER_CTX_block_size (const EVP_CIPHER_CTX * ctx)" +Return the block size of the cipher context\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP cipher context to get the block size from\&. +.RE +.PP +\fBReturns\fP +.RS 4 +the block size of the cipher context\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_CIPHER_CTX_cipher (EVP_CIPHER_CTX * ctx)" +Return the EVP_CIPHER for a EVP_CIPHER_CTX context\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP the context to get the cipher type from\&. +.RE +.PP +\fBReturns\fP +.RS 4 +the EVP_CIPHER pointer\&. +.RE +.PP + +.SS "int EVP_CIPHER_CTX_cleanup (EVP_CIPHER_CTX * c)" +Clean up the EVP_CIPHER_CTX context\&. +.PP +\fBParameters\fP +.RS 4 +\fIc\fP the cipher to clean up\&. +.RE +.PP +\fBReturns\fP +.RS 4 +1 on success\&. +.RE +.PP + +.PP +\fBExamples\fP +.in +1c +\fBexample_evp_cipher\&.c\fP\&. +.SS "unsigned long EVP_CIPHER_CTX_flags (const EVP_CIPHER_CTX * ctx)" +Get the flags for an EVP_CIPHER_CTX context\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP the EVP_CIPHER_CTX to get the flags from +.RE +.PP +\fBReturns\fP +.RS 4 +the flags for an EVP_CIPHER_CTX\&. +.RE +.PP + +.SS "void* EVP_CIPHER_CTX_get_app_data (EVP_CIPHER_CTX * ctx)" +Get the app data for an EVP_CIPHER_CTX context\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP the EVP_CIPHER_CTX to get the app data from +.RE +.PP +\fBReturns\fP +.RS 4 +the app data for an EVP_CIPHER_CTX\&. +.RE +.PP + +.SS "void EVP_CIPHER_CTX_init (EVP_CIPHER_CTX * c)" +Initiate a EVP_CIPHER_CTX context\&. Clean up with \fBEVP_CIPHER_CTX_cleanup()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIc\fP the cipher initiate\&. +.RE +.PP + +.PP +\fBExamples\fP +.in +1c +\fBexample_evp_cipher\&.c\fP\&. +.SS "size_t EVP_CIPHER_CTX_iv_length (const EVP_CIPHER_CTX * ctx)" +Return the IV size of the cipher context\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP cipher context to get the IV size from\&. +.RE +.PP +\fBReturns\fP +.RS 4 +the IV size of the cipher context\&. +.RE +.PP + +.SS "size_t EVP_CIPHER_CTX_key_length (const EVP_CIPHER_CTX * ctx)" +Return the key size of the cipher context\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP cipher context to get the key size from\&. +.RE +.PP +\fBReturns\fP +.RS 4 +the key size of the cipher context\&. +.RE +.PP + +.SS "int EVP_CIPHER_CTX_mode (const EVP_CIPHER_CTX * ctx)" +Get the mode for an EVP_CIPHER_CTX context\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP the EVP_CIPHER_CTX to get the mode from +.RE +.PP +\fBReturns\fP +.RS 4 +the mode for an EVP_CIPHER_CTX\&. +.RE +.PP + +.SS "void EVP_CIPHER_CTX_set_app_data (EVP_CIPHER_CTX * ctx, void * data)" +Set the app data for an EVP_CIPHER_CTX context\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP the EVP_CIPHER_CTX to set the app data for +.br +\fIdata\fP the app data to set for an EVP_CIPHER_CTX\&. +.RE +.PP + +.SS "int EVP_CIPHER_CTX_set_key_length (EVP_CIPHER_CTX * c, int length)" +If the cipher type supports it, change the key length +.PP +\fBParameters\fP +.RS 4 +\fIc\fP the cipher context to change the key length for +.br +\fIlength\fP new key length +.RE +.PP +\fBReturns\fP +.RS 4 +1 on success\&. +.RE +.PP + +.SS "size_t EVP_CIPHER_iv_length (const EVP_CIPHER * c)" +Return the IV size of the cipher\&. +.PP +\fBParameters\fP +.RS 4 +\fIc\fP cipher to get the IV size from\&. +.RE +.PP +\fBReturns\fP +.RS 4 +the IV size of the cipher\&. +.RE +.PP + +.PP +\fBExamples\fP +.in +1c +\fBexample_evp_cipher\&.c\fP\&. +.SS "size_t EVP_CIPHER_key_length (const EVP_CIPHER * c)" +Return the key size of the cipher\&. +.PP +\fBParameters\fP +.RS 4 +\fIc\fP cipher to get the key size from\&. +.RE +.PP +\fBReturns\fP +.RS 4 +the key size of the cipher\&. +.RE +.PP + +.PP +\fBExamples\fP +.in +1c +\fBexample_evp_cipher\&.c\fP\&. +.SS "int EVP_CipherFinal_ex (EVP_CIPHER_CTX * ctx, void * out, int * outlen)" +Encipher/decipher final data +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP the cipher context\&. +.br +\fIout\fP output data from the operation\&. +.br +\fIoutlen\fP output length +.RE +.PP +The input length needs to be at least \fBEVP_CIPHER_block_size()\fP bytes long\&. +.PP +See \fBEVP Cipher\fP for an example how to use this function\&. +.PP +\fBReturns\fP +.RS 4 +1 on success\&. +.RE +.PP + +.PP +\fBExamples\fP +.in +1c +\fBexample_evp_cipher\&.c\fP\&. +.SS "int EVP_CipherInit_ex (EVP_CIPHER_CTX * ctx, const EVP_CIPHER * c, ENGINE * engine, const void * key, const void * iv, int encp)" +Initiate the EVP_CIPHER_CTX context to encrypt or decrypt data\&. Clean up with \fBEVP_CIPHER_CTX_cleanup()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP context to initiate +.br +\fIc\fP cipher to use\&. +.br +\fIengine\fP crypto engine to use, NULL to select default\&. +.br +\fIkey\fP the crypto key to use, NULL will use the previous value\&. +.br +\fIiv\fP the IV to use, NULL will use the previous value\&. +.br +\fIencp\fP non zero will encrypt, -1 use the previous value\&. +.RE +.PP +\fBReturns\fP +.RS 4 +1 on success\&. +.RE +.PP + +.PP +\fBExamples\fP +.in +1c +\fBexample_evp_cipher\&.c\fP\&. +.SS "int EVP_CipherUpdate (EVP_CIPHER_CTX * ctx, void * out, int * outlen, void * in, size_t inlen)" +Encipher/decipher partial data +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP the cipher context\&. +.br +\fIout\fP output data from the operation\&. +.br +\fIoutlen\fP output length +.br +\fIin\fP input data to the operation\&. +.br +\fIinlen\fP length of data\&. +.RE +.PP +The output buffer length should at least be \fBEVP_CIPHER_block_size()\fP byte longer then the input length\&. +.PP +See \fBEVP Cipher\fP for an example how to use this function\&. +.PP +\fBReturns\fP +.RS 4 +1 on success\&. +.RE +.PP +If there in no spare bytes in the left from last Update and the input length is on the block boundery, the \fBEVP_CipherUpdate()\fP function can take a shortcut (and preformance gain) and directly encrypt the data, otherwise we hav to fix it up and store extra it the EVP_CIPHER_CTX\&. +.PP +\fBExamples\fP +.in +1c +\fBexample_evp_cipher\&.c\fP\&. +.SS "const EVP_CIPHER* EVP_des_cbc (void)" +The DES cipher type +.PP +\fBReturns\fP +.RS 4 +the DES-CBC EVP_CIPHER pointer\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_des_ede3_cbc (void)" +The triple DES cipher type +.PP +\fBReturns\fP +.RS 4 +the DES-EDE3-CBC EVP_CIPHER pointer\&. +.RE +.PP + +.SS "int EVP_Digest (const void * data, size_t dsize, void * hash, unsigned int * hsize, const EVP_MD * md, ENGINE * engine)" +Do the whole \fBEVP_MD_CTX_create()\fP, \fBEVP_DigestInit_ex()\fP, \fBEVP_DigestUpdate()\fP, \fBEVP_DigestFinal_ex()\fP, \fBEVP_MD_CTX_destroy()\fP dance in one call\&. +.PP +\fBParameters\fP +.RS 4 +\fIdata\fP the data to update the context with +.br +\fIdsize\fP length of data +.br +\fIhash\fP output data of at least \fBEVP_MD_size()\fP length\&. +.br +\fIhsize\fP output length of hash\&. +.br +\fImd\fP message digest to use +.br +\fIengine\fP engine to use, NULL for default engine\&. +.RE +.PP +\fBReturns\fP +.RS 4 +1 on success\&. +.RE +.PP + +.SS "int EVP_DigestFinal_ex (EVP_MD_CTX * ctx, void * hash, unsigned int * size)" +Complete the message digest\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP the context to complete\&. +.br +\fIhash\fP the output of the message digest function\&. At least \fBEVP_MD_size()\fP\&. +.br +\fIsize\fP the output size of hash\&. +.RE +.PP +\fBReturns\fP +.RS 4 +1 on success\&. +.RE +.PP + +.SS "int EVP_DigestInit_ex (EVP_MD_CTX * ctx, const EVP_MD * md, ENGINE * engine)" +Init a EVP_MD_CTX for use a specific message digest and engine\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP the message digest context to init\&. +.br +\fImd\fP the message digest to use\&. +.br +\fIengine\fP the engine to use, NULL to use the default engine\&. +.RE +.PP +\fBReturns\fP +.RS 4 +1 on success\&. +.RE +.PP + +.SS "int EVP_DigestUpdate (EVP_MD_CTX * ctx, const void * data, size_t size)" +Update the digest with some data\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP the context to update +.br +\fIdata\fP the data to update the context with +.br +\fIsize\fP length of data +.RE +.PP +\fBReturns\fP +.RS 4 +1 on success\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_enc_null (void)" +The NULL cipher type, does no encryption/decryption\&. +.PP +\fBReturns\fP +.RS 4 +the null EVP_CIPHER pointer\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_get_cipherbyname (const char * name)" +Get the cipher type using their name\&. +.PP +\fBParameters\fP +.RS 4 +\fIname\fP the name of the cipher\&. +.RE +.PP +\fBReturns\fP +.RS 4 +the selected EVP_CIPHER pointer or NULL if not found\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_hcrypto_aes_128_cbc (void)" +The AES-128 cipher type (hcrypto) +.PP +\fBReturns\fP +.RS 4 +the AES-128 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_hcrypto_aes_128_cfb8 (void)" +The AES-128 CFB8 cipher type (hcrypto) +.PP +\fBReturns\fP +.RS 4 +the AES-128 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_hcrypto_aes_192_cbc (void)" +The AES-192 cipher type (hcrypto) +.PP +\fBReturns\fP +.RS 4 +the AES-192 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_hcrypto_aes_192_cfb8 (void)" +The AES-192 CFB8 cipher type (hcrypto) +.PP +\fBReturns\fP +.RS 4 +the AES-192 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_hcrypto_aes_256_cbc (void)" +The AES-256 cipher type (hcrypto) +.PP +\fBReturns\fP +.RS 4 +the AES-256 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_hcrypto_aes_256_cfb8 (void)" +The AES-256 CFB8 cipher type (hcrypto) +.PP +\fBReturns\fP +.RS 4 +the AES-256 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_hcrypto_camellia_128_cbc (void)" +The Camellia-128 cipher type - hcrypto +.PP +\fBReturns\fP +.RS 4 +the Camellia-128 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_hcrypto_camellia_192_cbc (void)" +The Camellia-198 cipher type - hcrypto +.PP +\fBReturns\fP +.RS 4 +the Camellia-198 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_hcrypto_camellia_256_cbc (void)" +The Camellia-256 cipher type - hcrypto +.PP +\fBReturns\fP +.RS 4 +the Camellia-256 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_hcrypto_des_cbc (void)" +The DES cipher type +.PP +\fBReturns\fP +.RS 4 +the DES-CBC EVP_CIPHER pointer\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_hcrypto_des_ede3_cbc (void)" +The triple DES cipher type - hcrypto +.PP +\fBReturns\fP +.RS 4 +the DES-EDE3-CBC EVP_CIPHER pointer\&. +.RE +.PP + +.SS "const EVP_MD* EVP_hcrypto_md4 (void)" +The message digest MD4 - hcrypto +.PP +\fBReturns\fP +.RS 4 +the message digest type\&. +.RE +.PP + +.SS "const EVP_MD* EVP_hcrypto_md5 (void)" +The message digest MD5 - hcrypto +.PP +\fBReturns\fP +.RS 4 +the message digest type\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_hcrypto_rc2_40_cbc (void)" +The RC2-40 cipher type +.PP +\fBReturns\fP +.RS 4 +the RC2-40 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_hcrypto_rc2_64_cbc (void)" +The RC2-64 cipher type +.PP +\fBReturns\fP +.RS 4 +the RC2-64 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_hcrypto_rc2_cbc (void)" +The RC2 cipher type - hcrypto +.PP +\fBReturns\fP +.RS 4 +the RC2 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "const EVP_MD* EVP_hcrypto_sha1 (void)" +The message digest SHA1 - hcrypto +.PP +\fBReturns\fP +.RS 4 +the message digest type\&. +.RE +.PP + +.SS "const EVP_MD* EVP_hcrypto_sha256 (void)" +The message digest SHA256 - hcrypto +.PP +\fBReturns\fP +.RS 4 +the message digest type\&. +.RE +.PP + +.SS "const EVP_MD* EVP_hcrypto_sha384 (void)" +The message digest SHA384 - hcrypto +.PP +\fBReturns\fP +.RS 4 +the message digest type\&. +.RE +.PP + +.SS "const EVP_MD* EVP_hcrypto_sha512 (void)" +The message digest SHA512 - hcrypto +.PP +\fBReturns\fP +.RS 4 +the message digest type\&. +.RE +.PP + +.SS "const EVP_MD* EVP_md4 (void)" +The message digest MD4 +.PP +\fBReturns\fP +.RS 4 +the message digest type\&. +.RE +.PP + +.SS "const EVP_MD* EVP_md5 (void)" +The message digest MD5 +.PP +\fBReturns\fP +.RS 4 +the message digest type\&. +.RE +.PP + +.SS "size_t EVP_MD_block_size (const EVP_MD * md)" +Return the blocksize of the message digest function\&. +.PP +\fBParameters\fP +.RS 4 +\fImd\fP the evp message +.RE +.PP +\fBReturns\fP +.RS 4 +size size of the message digest block size +.RE +.PP + +.SS "size_t EVP_MD_CTX_block_size (EVP_MD_CTX * ctx)" +Return the blocksize of the message digest function\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP the evp message digest context +.RE +.PP +\fBReturns\fP +.RS 4 +size size of the message digest block size +.RE +.PP + +.SS "int EVP_MD_CTX_cleanup (EVP_MD_CTX * ctx)" +Free the resources used by the EVP_MD context\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP the context to free the resources from\&. +.RE +.PP +\fBReturns\fP +.RS 4 +1 on success\&. +.RE +.PP + +.SS "EVP_MD_CTX* EVP_MD_CTX_create (void)" +Allocate a messsage digest context object\&. Free with \fBEVP_MD_CTX_destroy()\fP\&. +.PP +\fBReturns\fP +.RS 4 +a newly allocated message digest context object\&. +.RE +.PP + +.SS "void EVP_MD_CTX_destroy (EVP_MD_CTX * ctx)" +Free a messsage digest context object\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP context to free\&. +.RE +.PP + +.SS "void EVP_MD_CTX_init (EVP_MD_CTX * ctx)" +Initiate a messsage digest context object\&. Deallocate with \fBEVP_MD_CTX_cleanup()\fP\&. Please use \fBEVP_MD_CTX_create()\fP instead\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP variable to initiate\&. +.RE +.PP + +.SS "const EVP_MD* EVP_MD_CTX_md (EVP_MD_CTX * ctx)" +Get the EVP_MD use for a specified context\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP the EVP_MD context to get the EVP_MD for\&. +.RE +.PP +\fBReturns\fP +.RS 4 +the EVP_MD used for the context\&. +.RE +.PP + +.SS "size_t EVP_MD_CTX_size (EVP_MD_CTX * ctx)" +Return the output size of the message digest function\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP the evp message digest context +.RE +.PP +\fBReturns\fP +.RS 4 +size output size of the message digest function\&. +.RE +.PP + +.SS "const EVP_MD* EVP_md_null (void)" +The null message digest +.PP +\fBReturns\fP +.RS 4 +the message digest type\&. +.RE +.PP + +.SS "size_t EVP_MD_size (const EVP_MD * md)" +Return the output size of the message digest function\&. +.PP +\fBParameters\fP +.RS 4 +\fImd\fP the evp message +.RE +.PP +\fBReturns\fP +.RS 4 +size output size of the message digest function\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_rc2_40_cbc (void)" +The RC2 cipher type +.PP +\fBReturns\fP +.RS 4 +the RC2 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_rc2_64_cbc (void)" +The RC2 cipher type +.PP +\fBReturns\fP +.RS 4 +the RC2 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_rc2_cbc (void)" +The RC2 cipher type +.PP +\fBReturns\fP +.RS 4 +the RC2 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_rc4 (void)" +The RC4 cipher type +.PP +\fBReturns\fP +.RS 4 +the RC4 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_rc4_40 (void)" +The RC4-40 cipher type +.PP +\fBReturns\fP +.RS 4 +the RC4-40 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "const EVP_MD* EVP_sha (void)" +The message digest SHA1 +.PP +\fBReturns\fP +.RS 4 +the message digest type\&. +.RE +.PP + +.SS "const EVP_MD* EVP_sha1 (void)" +The message digest SHA1 +.PP +\fBReturns\fP +.RS 4 +the message digest type\&. +.RE +.PP + +.SS "const EVP_MD* EVP_sha256 (void)" +The message digest SHA256 +.PP +\fBReturns\fP +.RS 4 +the message digest type\&. +.RE +.PP + +.SS "const EVP_MD* EVP_sha384 (void)" +The message digest SHA384 +.PP +\fBReturns\fP +.RS 4 +the message digest type\&. +.RE +.PP + +.SS "const EVP_MD* EVP_sha512 (void)" +The message digest SHA512 +.PP +\fBReturns\fP +.RS 4 +the message digest type\&. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_wincrypt_des_ede3_cbc (void)" +The triple DES cipher type (Micrsoft crypt provider) +.PP +\fBReturns\fP +.RS 4 +the DES-EDE3-CBC EVP_CIPHER pointer\&. +.RE +.PP + +.SS "hc_EVP_CIPH_CBC_MODE OSSL_CIPHER_ALGORITHM (rc2_64_cbc, hc_EVP_CIPH_CBC_MODE| hc_EVP_CIPH_VARIABLE_LENGTH)" +The RC2-64 cipher type - OpenSSL +.PP +\fBReturns\fP +.RS 4 +the RC2-64 EVP_CIPHER pointer\&. The Camellia-128 cipher type - OpenSSL +.PP +the Camellia-128 EVP_CIPHER pointer\&. The Camellia-198 cipher type - OpenSSL +.PP +the Camellia-198 EVP_CIPHER pointer\&. The Camellia-256 cipher type - OpenSSL +.PP +the Camellia-256 EVP_CIPHER pointer\&. The RC4 cipher type (OpenSSL provider) +.PP +the RC4 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "OSSL_CIPHER_ALGORITHM (rc2_cbc, hc_EVP_CIPH_CBC_MODE| hc_EVP_CIPH_VARIABLE_LENGTH)" +The triple DES cipher type (OpenSSL provider) +.PP +\fBReturns\fP +.RS 4 +the DES-EDE3-CBC EVP_CIPHER pointer\&. The DES cipher type (OpenSSL provider) +.PP +the DES-CBC EVP_CIPHER pointer\&. The AES-128 cipher type (OpenSSL provider) +.PP +the AES-128-CBC EVP_CIPHER pointer\&. The AES-192 cipher type (OpenSSL provider) +.PP +the AES-192-CBC EVP_CIPHER pointer\&. The AES-256 cipher type (OpenSSL provider) +.PP +the AES-256-CBC EVP_CIPHER pointer\&. The AES-128 CFB8 cipher type (OpenSSL provider) +.PP +the AES-128-CFB8 EVP_CIPHER pointer\&. The AES-192 CFB8 cipher type (OpenSSL provider) +.PP +the AES-192-CFB8 EVP_CIPHER pointer\&. The AES-256 CFB8 cipher type (OpenSSL provider) +.PP +the AES-256-CFB8 EVP_CIPHER pointer\&. The RC2 cipher type - OpenSSL +.PP +the RC2 EVP_CIPHER pointer\&. The RC2-40 cipher type - OpenSSL +.PP +the RC2-40 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "WINCNG_CIPHER_ALGORITHM (aes_128_cbc, BCRYPT_AES_ALGORITHM, 16, 16, 16, EVP_CIPH_CBC_MODE)" +The AES-128 cipher type (Windows CNG provider) +.PP +\fBReturns\fP +.RS 4 +the AES-128-CBC EVP_CIPHER pointer\&. +.RE +.PP + +.SS "WINCNG_CIPHER_ALGORITHM (aes_128_cfb8, BCRYPT_AES_ALGORITHM, 16, 16, 16, EVP_CIPH_CFB8_MODE)" +The AES-128 CFB8 cipher type (Windows CNG provider) +.PP +\fBReturns\fP +.RS 4 +the AES-128-CFB8 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "WINCNG_CIPHER_ALGORITHM (aes_192_cbc, BCRYPT_AES_ALGORITHM, 16, 24, 16, EVP_CIPH_CBC_MODE)" +The AES-192 cipher type (Windows CNG provider) +.PP +\fBReturns\fP +.RS 4 +the AES-192-CBC EVP_CIPHER pointer\&. +.RE +.PP + +.SS "WINCNG_CIPHER_ALGORITHM (aes_192_cfb8, BCRYPT_AES_ALGORITHM, 16, 24, 16, EVP_CIPH_CFB8_MODE)" +The AES-192 CFB8 cipher type (Windows CNG provider) +.PP +\fBReturns\fP +.RS 4 +the AES-192-CFB8 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "WINCNG_CIPHER_ALGORITHM (aes_256_cbc, BCRYPT_AES_ALGORITHM, 16, 32, 16, EVP_CIPH_CBC_MODE)" +The AES-256 cipher type (Windows CNG provider) +.PP +\fBReturns\fP +.RS 4 +the AES-256-CBC EVP_CIPHER pointer\&. +.RE +.PP + +.SS "WINCNG_CIPHER_ALGORITHM (aes_256_cfb8, BCRYPT_AES_ALGORITHM, 16, 32, 16, EVP_CIPH_CFB8_MODE)" +The AES-256 CFB8 cipher type (Windows CNG provider) +.PP +\fBReturns\fP +.RS 4 +the AES-256-CFB8 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "WINCNG_CIPHER_ALGORITHM (des_cbc, BCRYPT_DES_ALGORITHM, 8, 8, 8, EVP_CIPH_CBC_MODE)" +The DES cipher type (Windows CNG provider) +.PP +\fBReturns\fP +.RS 4 +the DES-CBC EVP_CIPHER pointer\&. +.RE +.PP + +.SS "WINCNG_CIPHER_ALGORITHM (des_ede3_cbc, BCRYPT_3DES_ALGORITHM, 8, 24, 8, EVP_CIPH_CBC_MODE)" +The triple DES cipher type (Windows CNG provider) +.PP +\fBReturns\fP +.RS 4 +the DES-EDE3-CBC EVP_CIPHER pointer\&. +.RE +.PP + +.SS "WINCNG_CIPHER_ALGORITHM (rc2_40_cbc, BCRYPT_RC2_ALGORITHM, 8, 5, 8, EVP_CIPH_CBC_MODE)" +The RC2-40 cipher type - Windows CNG +.PP +\fBReturns\fP +.RS 4 +the RC2-40 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "WINCNG_CIPHER_ALGORITHM (rc2_64_cbc, BCRYPT_RC2_ALGORITHM, 8, 8, 8, EVP_CIPH_CBC_MODE)" +The RC2-64 cipher type - Windows CNG +.PP +\fBReturns\fP +.RS 4 +the RC2-64 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "WINCNG_CIPHER_ALGORITHM (rc2_cbc, BCRYPT_RC2_ALGORITHM, 8, 16, 8, EVP_CIPH_CBC_MODE)" +The RC2 cipher type - Windows CNG +.PP +\fBReturns\fP +.RS 4 +the RC2 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "WINCNG_CIPHER_ALGORITHM (rc4, BCRYPT_RC4_ALGORITHM, 1, 16, 0, EVP_CIPH_STREAM_CIPHER| EVP_CIPH_VARIABLE_LENGTH)" +The RC4 cipher type (Windows CNG provider) +.PP +\fBReturns\fP +.RS 4 +the RC4 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "WINCNG_CIPHER_ALGORITHM (rc4_40, BCRYPT_RC4_ALGORITHM, 1, 5, 0, EVP_CIPH_STREAM_CIPHER| EVP_CIPH_VARIABLE_LENGTH)" +The RC4-40 cipher type (Windows CNG provider) +.PP +\fBReturns\fP +.RS 4 +the RC4 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "WINCNG_CIPHER_ALGORITHM_UNAVAILABLE (camellia_128_cbc)" +The Camellia-128 cipher type - CommonCrypto +.PP +\fBReturns\fP +.RS 4 +the Camellia-128 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "WINCNG_CIPHER_ALGORITHM_UNAVAILABLE (camellia_192_cbc)" +The Camellia-198 cipher type - CommonCrypto +.PP +\fBReturns\fP +.RS 4 +the Camellia-198 EVP_CIPHER pointer\&. +.RE +.PP + +.SS "WINCNG_CIPHER_ALGORITHM_UNAVAILABLE (camellia_256_cbc)" +The Camellia-256 cipher type - CommonCrypto +.PP +\fBReturns\fP +.RS 4 +the Camellia-256 EVP_CIPHER pointer\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal crypto library from the source code\&. diff --git a/kerberos5/man/hcrypto/man/man3/hcrypto_misc.3 b/kerberos5/man/hcrypto/man/man3/hcrypto_misc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/hcrypto_misc.3 @@ -0,0 +1,80 @@ +.TH "hcrypto_misc" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal crypto library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hcrypto_misc \- hcrypto miscellaneous functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBPKCS5_PBKDF2_HMAC\fP (const void *password, size_t password_len, const void *salt, size_t salt_len, unsigned long iter, const EVP_MD *md, size_t keylen, void *key)" +.br +.ti -1c +.RI "int \fBPKCS5_PBKDF2_HMAC_SHA1\fP (const void *password, size_t password_len, const void *salt, size_t salt_len, unsigned long iter, size_t keylen, void *key)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "int PKCS5_PBKDF2_HMAC (const void * password, size_t password_len, const void * salt, size_t salt_len, unsigned long iter, const EVP_MD * md, size_t keylen, void * key)" +As descriped in PKCS5, convert a password, salt, and iteration counter into a crypto key\&. +.PP +\fBParameters\fP +.RS 4 +\fIpassword\fP Password\&. +.br +\fIpassword_len\fP Length of password\&. +.br +\fIsalt\fP Salt +.br +\fIsalt_len\fP Length of salt\&. +.br +\fIiter\fP iteration counter\&. +.br +\fImd\fP the digest function\&. +.br +\fIkeylen\fP the output key length\&. +.br +\fIkey\fP the output key\&. +.RE +.PP +\fBReturns\fP +.RS 4 +1 on success, non 1 on failure\&. +.RE +.PP + +.SS "int PKCS5_PBKDF2_HMAC_SHA1 (const void * password, size_t password_len, const void * salt, size_t salt_len, unsigned long iter, size_t keylen, void * key)" +As descriped in PKCS5, convert a password, salt, and iteration counter into a crypto key\&. +.PP +\fBParameters\fP +.RS 4 +\fIpassword\fP Password\&. +.br +\fIpassword_len\fP Length of password\&. +.br +\fIsalt\fP Salt +.br +\fIsalt_len\fP Length of salt\&. +.br +\fIiter\fP iteration counter\&. +.br +\fIkeylen\fP the output key length\&. +.br +\fIkey\fP the output key\&. +.RE +.PP +\fBReturns\fP +.RS 4 +1 on success, non 1 on failure\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal crypto library from the source code\&. diff --git a/kerberos5/man/hcrypto/man/man3/hcrypto_rand.3 b/kerberos5/man/hcrypto/man/man3/hcrypto_rand.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/hcrypto_rand.3 @@ -0,0 +1,206 @@ +.TH "hcrypto_rand" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal crypto library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hcrypto_rand \- RAND crypto functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "void \fBRAND_seed\fP (const void *indata, size_t size)" +.br +.ti -1c +.RI "int \fBRAND_bytes\fP (void *outdata, size_t size)" +.br +.ti -1c +.RI "void \fBRAND_cleanup\fP (void)" +.br +.ti -1c +.RI "void \fBRAND_add\fP (const void *indata, size_t size, double entropi)" +.br +.ti -1c +.RI "int \fBRAND_pseudo_bytes\fP (void *outdata, size_t size)" +.br +.ti -1c +.RI "int \fBRAND_status\fP (void)" +.br +.ti -1c +.RI "int \fBRAND_set_rand_method\fP (const RAND_METHOD *meth)" +.br +.ti -1c +.RI "const RAND_METHOD * \fBRAND_get_rand_method\fP (void)" +.br +.ti -1c +.RI "int \fBRAND_set_rand_engine\fP (ENGINE *engine)" +.br +.ti -1c +.RI "int \fBRAND_load_file\fP (const char *filename, size_t size)" +.br +.ti -1c +.RI "int \fBRAND_write_file\fP (const char *filename)" +.br +.ti -1c +.RI "const char * \fBRAND_file_name\fP (char *filename, size_t size)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBRAND - random number\fP for description and examples\&. +.SH "Function Documentation" +.PP +.SS "void RAND_add (const void * indata, size_t size, double entropi)" +Seed that random number generator\&. Secret material can securely be feed into the function, they will never be returned\&. +.PP +\fBParameters\fP +.RS 4 +\fIindata\fP the input data\&. +.br +\fIsize\fP size of in data\&. +.br +\fIentropi\fP entropi in data\&. +.RE +.PP + +.SS "int RAND_bytes (void * outdata, size_t size)" +Get a random block from the random generator, can be used for key material\&. +.PP +\fBParameters\fP +.RS 4 +\fIoutdata\fP random data +.br +\fIsize\fP length random data +.RE +.PP +\fBReturns\fP +.RS 4 +1 on success, 0 on failure\&. +.RE +.PP + +.SS "void RAND_cleanup (void)" +Reset and free memory used by the random generator\&. +.SS "const char* RAND_file_name (char * filename, size_t size)" +Return the default random state filename for a user to use for \fBRAND_load_file()\fP, and \fBRAND_write_file()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIfilename\fP buffer to hold file name\&. +.br +\fIsize\fP size of buffer filename\&. +.RE +.PP +\fBReturns\fP +.RS 4 +the buffer filename or NULL on failure\&. +.RE +.PP + +.SS "const RAND_METHOD* RAND_get_rand_method (void)" +Get the default random method\&. +.PP +\fBReturns\fP +.RS 4 +Returns a RAND_METHOD +.RE +.PP + +.SS "int RAND_load_file (const char * filename, size_t size)" +Load a a file and feed it into \fBRAND_seed()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIfilename\fP name of file to read\&. +.br +\fIsize\fP minimum size to read\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns the number of seed bytes loaded (0 indicates failure) +.RE +.PP + +.SS "int RAND_pseudo_bytes (void * outdata, size_t size)" +Get a random block from the random generator, should NOT be used for key material\&. +.PP +\fBParameters\fP +.RS 4 +\fIoutdata\fP random data +.br +\fIsize\fP length random data +.RE +.PP +\fBReturns\fP +.RS 4 +1 on success, 0 on failure\&. +.RE +.PP + +.SS "void RAND_seed (const void * indata, size_t size)" +Seed that random number generator\&. Secret material can securely be feed into the function, they will never be returned\&. +.PP +\fBParameters\fP +.RS 4 +\fIindata\fP seed data +.br +\fIsize\fP length seed data +.RE +.PP + +.SS "int RAND_set_rand_engine (ENGINE * engine)" +Set the default random method from engine\&. +.PP +\fBParameters\fP +.RS 4 +\fIengine\fP use engine, if NULL is passed it, old method and engine is cleared\&. +.RE +.PP +\fBReturns\fP +.RS 4 +1 on success, 0 on failure\&. +.RE +.PP + +.SS "int RAND_set_rand_method (const RAND_METHOD * meth)" +Set the default random method\&. +.PP +\fBParameters\fP +.RS 4 +\fImeth\fP set the new default method\&. +.RE +.PP +\fBReturns\fP +.RS 4 +1 on success\&. +.RE +.PP + +.SS "int RAND_status (void)" +Return status of the random generator +.PP +\fBReturns\fP +.RS 4 +1 if the random generator can deliver random data\&. +.RE +.PP + +.SS "int RAND_write_file (const char * filename)" +Write of random numbers to a file to store for later initiation with \fBRAND_load_file()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIfilename\fP name of file to write\&. +.RE +.PP +\fBReturns\fP +.RS 4 +1 on success and non-one on failure\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal crypto library from the source code\&. diff --git a/kerberos5/man/hcrypto/man/man3/hcrypto_rsa.3 b/kerberos5/man/hcrypto/man/man3/hcrypto_rsa.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/hcrypto_rsa.3 @@ -0,0 +1,150 @@ +.TH "hcrypto_rsa" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal crypto library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hcrypto_rsa \- RSA functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "RSA * \fBRSA_new\fP (void)" +.br +.ti -1c +.RI "RSA * \fBRSA_new_method\fP (ENGINE *engine)" +.br +.ti -1c +.RI "void \fBRSA_free\fP (RSA *rsa)" +.br +.ti -1c +.RI "int \fBRSA_up_ref\fP (RSA *rsa)" +.br +.ti -1c +.RI "const RSA_METHOD * \fBRSA_get_method\fP (const RSA *rsa)" +.br +.ti -1c +.RI "int \fBRSA_set_method\fP (RSA *rsa, const RSA_METHOD *method)" +.br +.ti -1c +.RI "int \fBRSA_set_app_data\fP (RSA *rsa, void *arg)" +.br +.ti -1c +.RI "void * \fBRSA_get_app_data\fP (const RSA *rsa)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBRSA - public-key cryptography\fP for description and examples\&. +.SH "Function Documentation" +.PP +.SS "void RSA_free (RSA * rsa)" +Free an allocation RSA object\&. +.PP +\fBParameters\fP +.RS 4 +\fIrsa\fP the RSA object to free\&. +.RE +.PP + +.SS "void* RSA_get_app_data (const RSA * rsa)" +Get the application data for the RSA object\&. +.PP +\fBParameters\fP +.RS 4 +\fIrsa\fP the rsa object to get the parameter for +.RE +.PP +\fBReturns\fP +.RS 4 +the data object +.RE +.PP + +.SS "const RSA_METHOD* RSA_get_method (const RSA * rsa)" +Return the RSA_METHOD used for this RSA object\&. +.PP +\fBParameters\fP +.RS 4 +\fIrsa\fP the object to get the method from\&. +.RE +.PP +\fBReturns\fP +.RS 4 +the method used for this RSA object\&. +.RE +.PP + +.SS "RSA* RSA_new (void)" +Same as \fBRSA_new_method()\fP using NULL as engine\&. +.PP +\fBReturns\fP +.RS 4 +a newly allocated RSA object\&. Free with \fBRSA_free()\fP\&. +.RE +.PP + +.SS "RSA* RSA_new_method (ENGINE * engine)" +Allocate a new RSA object using the engine, if NULL is specified as the engine, use the default RSA engine as returned by ENGINE_get_default_RSA()\&. +.PP +\fBParameters\fP +.RS 4 +\fIengine\fP Specific what ENGINE RSA provider should be used\&. +.RE +.PP +\fBReturns\fP +.RS 4 +a newly allocated RSA object\&. Free with \fBRSA_free()\fP\&. +.RE +.PP + +.SS "int RSA_set_app_data (RSA * rsa, void * arg)" +Set the application data for the RSA object\&. +.PP +\fBParameters\fP +.RS 4 +\fIrsa\fP the rsa object to set the parameter for +.br +\fIarg\fP the data object to store +.RE +.PP +\fBReturns\fP +.RS 4 +1 on success\&. +.RE +.PP + +.SS "int RSA_set_method (RSA * rsa, const RSA_METHOD * method)" +Set a new method for the RSA keypair\&. +.PP +\fBParameters\fP +.RS 4 +\fIrsa\fP rsa parameter\&. +.br +\fImethod\fP the new method for the RSA parameter\&. +.RE +.PP +\fBReturns\fP +.RS 4 +1 on success\&. +.RE +.PP + +.SS "int RSA_up_ref (RSA * rsa)" +Add an extra reference to the RSA object\&. The object should be free with \fBRSA_free()\fP to drop the reference\&. +.PP +\fBParameters\fP +.RS 4 +\fIrsa\fP the object to add reference counting too\&. +.RE +.PP +\fBReturns\fP +.RS 4 +the current reference count, can't safely be used except for debug printing\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal crypto library from the source code\&. diff --git a/kerberos5/man/hcrypto/man/man3/page_des.3 b/kerberos5/man/hcrypto/man/man3/page_des.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/page_des.3 @@ -0,0 +1,36 @@ +.TH "page_des" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal crypto library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_des \- DES - Data Encryption Standard crypto interface +See the library functions here: \fBDES crypto functions\fP +.PP +DES was created by IBM, modififed by NSA and then adopted by NBS (now NIST) and published ad FIPS PUB 46 (updated by FIPS 46-1)\&. +.PP +Since the 19th May 2005 DES was withdrawn by NIST and should no longer be used\&. See \fBEVP - generic crypto interface\fP for replacement encryption algorithms and interfaces\&. +.PP +Read more the iteresting history of DES on Wikipedia http://www.wikipedia.org/wiki/Data_Encryption_Standard \&. +.SH "DES key generation" +.PP +To generate a DES key safely you have to use the code-snippet below\&. This is because the \fBDES_random_key()\fP can fail with an abort() in case of and failure to start the random generator\&. +.PP +There is a replacement function \fBDES_new_random_key()\fP, however that function does not exists in OpenSSL\&. +.PP +.PP +.nf +DES_cblock key; +do { + if (RAND_rand(&key, sizeof(key)) != 1) + goto failure; + DES_set_odd_parity(key); +} while (DES_is_weak_key(&key)); +.fi +.PP +.SH "DES implementation history" +.PP +There was no complete BSD licensed, fast, GPL compatible implementation of DES, so Love wrote the part that was missing, fast key schedule setup and adapted the interface to the orignal libdes\&. +.PP +The document that got me started for real was 'Efficient +Implementation of the Data Encryption Standard' by Dag Arne Osvik\&. I never got to the PC1 transformation was working, instead I used table-lookup was used for all key schedule setup\&. The document was very useful since it de-mystified other implementations for me\&. +.PP +The core DES function (SBOX + P transformation) is from Richard Outerbridge public domain DES implementation\&. My sanity is saved thanks to his work\&. Thank you Richard\&. diff --git a/kerberos5/man/hcrypto/man/man3/page_dh.3 b/kerberos5/man/hcrypto/man/man3/page_dh.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/page_dh.3 @@ -0,0 +1,10 @@ +.TH "page_dh" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal crypto library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_dh \- DH - Diffie-Hellman key exchange +Diffie-Hellman key exchange is a protocol that allows two parties to establish a shared secret key\&. +.PP +Include and example how to use \fBDH_new()\fP and friends here\&. +.PP +See the library functions here: \fBDiffie-Hellman functions\fP diff --git a/kerberos5/man/hcrypto/man/man3/page_evp.3 b/kerberos5/man/hcrypto/man/man3/page_evp.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/page_evp.3 @@ -0,0 +1,9 @@ +.TH "page_evp" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal crypto library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_evp \- EVP - generic crypto interface +See the library functions here: \fBEVP generic crypto functions\fP +.SH "EVP Cipher" +.PP +The use of \fBEVP_CipherInit_ex()\fP and EVP_Cipher() is pretty easy to understand forward, then \fBEVP_CipherUpdate()\fP and \fBEVP_CipherFinal_ex()\fP really needs an example to explain \fBexample_evp_cipher\&.c\fP \&. diff --git a/kerberos5/man/hcrypto/man/man3/page_rand.3 b/kerberos5/man/hcrypto/man/man3/page_rand.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/page_rand.3 @@ -0,0 +1,6 @@ +.TH "page_rand" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal crypto library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_rand \- RAND - random number +See the library functions here: \fBRAND crypto functions\fP diff --git a/kerberos5/man/hcrypto/man/man3/page_rsa.3 b/kerberos5/man/hcrypto/man/man3/page_rsa.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hcrypto/man/man3/page_rsa.3 @@ -0,0 +1,13 @@ +.TH "page_rsa" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal crypto library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_rsa \- RSA - public-key cryptography +RSA is named by its inventors (Ron Rivest, Adi Shamir, and Leonard Adleman) (published in 1977), patented expired in 21 September 2000\&. +.PP +Speed for RSA in seconds no key blinding 1000 iteration, same rsa keys (1024 and 2048) operation performed each eteration sign, verify, encrypt, decrypt on a random bit pattern +.SH "name 1024 2048 4098" +.PP +gmp: 0\&.73 6\&.60 44\&.80 tfm: 2\&.45 -- -- ltm: 3\&.79 20\&.74 105\&.41 (default in hcrypto) openssl: 4\&.04 11\&.90 82\&.59 cdsa: 15\&.89 102\&.89 721\&.40 imath: 40\&.62 -- -- +.PP +See the library functions here: \fBRSA functions\fP diff --git a/kerberos5/man/hdb/man/man3/HDB.3 b/kerberos5/man/hdb/man/man3/HDB.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hdb/man/man3/HDB.3 @@ -0,0 +1,174 @@ +.TH "HDB" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal hdb library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +HDB +.SH SYNOPSIS +.br +.PP +.PP +\fC#include \fP +.SS "Data Fields" + +.in +1c +.ti -1c +.RI "char * \fBhdb_name\fP" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_open\fP )(krb5_context, struct \fBHDB\fP *, int, mode_t)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_close\fP )(krb5_context, struct \fBHDB\fP *)" +.br +.ti -1c +.RI "void(* \fBhdb_free\fP )(krb5_context, struct \fBHDB\fP *, \fBhdb_entry_ex\fP *)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_fetch_kvno\fP )(krb5_context, struct \fBHDB\fP *, krb5_const_principal, unsigned, krb5_kvno, \fBhdb_entry_ex\fP *)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_store\fP )(krb5_context, struct \fBHDB\fP *, unsigned, \fBhdb_entry_ex\fP *)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_remove\fP )(krb5_context, struct \fBHDB\fP *, unsigned, krb5_const_principal)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_firstkey\fP )(krb5_context, struct \fBHDB\fP *, unsigned, \fBhdb_entry_ex\fP *)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_nextkey\fP )(krb5_context, struct \fBHDB\fP *, unsigned, \fBhdb_entry_ex\fP *)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_lock\fP )(krb5_context, struct \fBHDB\fP *, int)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_unlock\fP )(krb5_context, struct \fBHDB\fP *)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_rename\fP )(krb5_context, struct \fBHDB\fP *, const char *)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb__get\fP )(krb5_context, struct \fBHDB\fP *, krb5_data, krb5_data *)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb__put\fP )(krb5_context, struct \fBHDB\fP *, int, krb5_data, krb5_data)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb__del\fP )(krb5_context, struct \fBHDB\fP *, krb5_data)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_destroy\fP )(krb5_context, struct \fBHDB\fP *)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_get_realms\fP )(krb5_context, struct \fBHDB\fP *, krb5_realm **)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_password\fP )(krb5_context, struct \fBHDB\fP *, \fBhdb_entry_ex\fP *, const char *, int)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_auth_status\fP )(krb5_context, struct \fBHDB\fP *, \fBhdb_entry_ex\fP *, int)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_check_constrained_delegation\fP )(krb5_context, struct \fBHDB\fP *, \fBhdb_entry_ex\fP *, krb5_const_principal)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_check_pkinit_ms_upn_match\fP )(krb5_context, struct \fBHDB\fP *, \fBhdb_entry_ex\fP *, krb5_const_principal)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_check_s4u2self\fP )(krb5_context, struct \fBHDB\fP *, \fBhdb_entry_ex\fP *, krb5_const_principal)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_set_sync\fP )(krb5_context, struct \fBHDB\fP *, int)" +.br +.in -1c +.SH "Detailed Description" +.PP +\fBHDB\fP backend function pointer structure +.PP +The \fBHDB\fP structure is what the KDC and kadmind framework uses to query the backend database when talking about principals\&. +.SH "Field Documentation" +.PP +.SS "krb5_error_code(* HDB::hdb__del) (krb5_context, struct \fBHDB\fP *, krb5_data)" +Delete and hdb_entry from a classical DB backend +.PP +This function takes a principal key (krb5_data) naming the record to delete\&. +.PP +Same discussion as in \fBHDB::hdb__put\fP +.SS "krb5_error_code(* HDB::hdb__get) (krb5_context, struct \fBHDB\fP *, krb5_data, krb5_data *)" +Get an hdb_entry from a classical DB backend +.PP +This function takes a principal key (krb5_data) and returns all data related to principal in the return krb5_data\&. The returned encoded entry is of type hdb_entry or hdb_entry_alias\&. +.SS "krb5_error_code(* HDB::hdb__put) (krb5_context, struct \fBHDB\fP *, int, krb5_data, krb5_data)" +Store an hdb_entry from a classical DB backend +.PP +This function takes a principal key (krb5_data) and encoded hdb_entry or hdb_entry_alias as the data to store\&. +.PP +For a file-based DB, this must synchronize to disk when done\&. This is sub-optimal for kadm5_s_rename_principal(), and for kadm5_s_modify_principal() when using principal aliases; to improve this so that only one fsync() need be done per-transaction will require \fBHDB\fP API extensions\&. +.SS "krb5_error_code(* HDB::hdb_auth_status) (krb5_context, struct \fBHDB\fP *, \fBhdb_entry_ex\fP *, int)" +Auth feedback +.PP +This is a feedback call that allows backends that provides lockout functionality to register failure and/or successes\&. +.PP +In case the entry is locked out, the backend should set the hdb_entry\&.flags\&.locked-out flag\&. +.SS "krb5_error_code(* HDB::hdb_check_constrained_delegation) (krb5_context, struct \fBHDB\fP *, \fBhdb_entry_ex\fP *, krb5_const_principal)" +Check if delegation is allowed\&. +.SS "krb5_error_code(* HDB::hdb_check_pkinit_ms_upn_match) (krb5_context, struct \fBHDB\fP *, \fBhdb_entry_ex\fP *, krb5_const_principal)" +Check if this name is an alias for the supplied client for PKINIT userPrinicpalName logins +.SS "krb5_error_code(* HDB::hdb_check_s4u2self) (krb5_context, struct \fBHDB\fP *, \fBhdb_entry_ex\fP *, krb5_const_principal)" +Check if s4u2self is allowed from this client to this server +.SS "krb5_error_code(* HDB::hdb_close) (krb5_context, struct \fBHDB\fP *)" +Close the database for transaction +.PP +Closes the database for further transactions, wont release any permanant resources\&. the database can be ->hdb_open-ed again\&. +.SS "krb5_error_code(* HDB::hdb_destroy) (krb5_context, struct \fBHDB\fP *)" +Destroy the handle to the database\&. +.PP +Destroy the handle to the database, deallocate all memory and related resources\&. Does not remove any permanent data\&. Its the logical reverse of hdb_create() function that is the entry point for the module\&. +.SS "krb5_error_code(* HDB::hdb_fetch_kvno) (krb5_context, struct \fBHDB\fP *, krb5_const_principal, unsigned, krb5_kvno, \fBhdb_entry_ex\fP *)" +Fetch an entry from the backend +.PP +Fetch an entry from the backend, flags are what type of entry should be fetch: client, server, krbtgt\&. knvo (if specified and flags HDB_F_KVNO_SPECIFIED set) is the kvno to get +.SS "krb5_error_code(* HDB::hdb_firstkey) (krb5_context, struct \fBHDB\fP *, unsigned, \fBhdb_entry_ex\fP *)" +As part of iteration, fetch one entry +.SS "void(* HDB::hdb_free) (krb5_context, struct \fBHDB\fP *, \fBhdb_entry_ex\fP *)" +Free an entry after use\&. +.SS "krb5_error_code(* HDB::hdb_get_realms) (krb5_context, struct \fBHDB\fP *, krb5_realm **)" +Get the list of realms this backend handles\&. This call is optional to support\&. The returned realms are used for announcing the realms over bonjour\&. Free returned array with krb5_free_host_realm()\&. +.SS "krb5_error_code(* HDB::hdb_lock) (krb5_context, struct \fBHDB\fP *, int)" +Lock database +.PP +A lock can only be held by one consumers\&. Transaction can still happen on the database while the lock is held, so the entry is only useful for syncroning creation of the database and renaming of the database\&. +.SS "char* HDB::hdb_name" +don't use, only for DB3 +.SS "krb5_error_code(* HDB::hdb_nextkey) (krb5_context, struct \fBHDB\fP *, unsigned, \fBhdb_entry_ex\fP *)" +As part of iteration, fetch next entry +.SS "krb5_error_code(* HDB::hdb_open) (krb5_context, struct \fBHDB\fP *, int, mode_t)" +Open (or create) the a Kerberos database\&. +.PP +Open (or create) the a Kerberos database that was resolved with hdb_create()\&. The third and fourth flag to the function are the same as open(), thus passing O_CREAT will create the data base if it doesn't exists\&. +.PP +Then done the caller should call \fBhdb_close()\fP, and to release all resources \fBhdb_destroy()\fP\&. +.SS "krb5_error_code(* HDB::hdb_password) (krb5_context, struct \fBHDB\fP *, \fBhdb_entry_ex\fP *, const char *, int)" +Change password\&. +.PP +Will update keys for the entry when given password\&. The new keys must be written into the entry and will then later be ->\fBhdb_store()\fP into the database\&. The backend will still perform all other operations, increasing the kvno, and update modification timestamp\&. +.PP +The backend needs to call _kadm5_set_keys() and perform password quality checks\&. +.SS "krb5_error_code(* HDB::hdb_remove) (krb5_context, struct \fBHDB\fP *, unsigned, krb5_const_principal)" +Remove an entry from the database\&. +.SS "krb5_error_code(* HDB::hdb_rename) (krb5_context, struct \fBHDB\fP *, const char *)" +Rename the data base\&. +.PP +Assume that the database is not hdb_open'ed and not locked\&. +.SS "krb5_error_code(* HDB::hdb_set_sync) (krb5_context, struct \fBHDB\fP *, int)" +Enable/disable synchronous updates +.PP +Calling this with 0 disables sync\&. Calling it with non-zero enables sync and does an fsync()\&. +.SS "krb5_error_code(* HDB::hdb_store) (krb5_context, struct \fBHDB\fP *, unsigned, \fBhdb_entry_ex\fP *)" +Store an entry to database +.SS "krb5_error_code(* HDB::hdb_unlock) (krb5_context, struct \fBHDB\fP *)" +Unlock database + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal hdb library from the source code\&. diff --git a/kerberos5/man/hdb/man/man3/hdb__del.3 b/kerberos5/man/hdb/man/man3/hdb__del.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hdb/man/man3/hdb__del.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/kerberos5/man/hdb/man/man3/hdb__get.3 b/kerberos5/man/hdb/man/man3/hdb__get.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hdb/man/man3/hdb__get.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/kerberos5/man/hdb/man/man3/hdb__put.3 b/kerberos5/man/hdb/man/man3/hdb__put.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hdb/man/man3/hdb__put.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/kerberos5/man/hdb/man/man3/hdb_auth_status.3 b/kerberos5/man/hdb/man/man3/hdb_auth_status.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hdb/man/man3/hdb_auth_status.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/kerberos5/man/hdb/man/man3/hdb_check_constrained_delegation.3 b/kerberos5/man/hdb/man/man3/hdb_check_constrained_delegation.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hdb/man/man3/hdb_check_constrained_delegation.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/kerberos5/man/hdb/man/man3/hdb_check_pkinit_ms_upn_match.3 b/kerberos5/man/hdb/man/man3/hdb_check_pkinit_ms_upn_match.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hdb/man/man3/hdb_check_pkinit_ms_upn_match.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/kerberos5/man/hdb/man/man3/hdb_check_s4u2self.3 b/kerberos5/man/hdb/man/man3/hdb_check_s4u2self.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hdb/man/man3/hdb_check_s4u2self.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/kerberos5/man/hdb/man/man3/hdb_close.3 b/kerberos5/man/hdb/man/man3/hdb_close.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hdb/man/man3/hdb_close.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/kerberos5/man/hdb/man/man3/hdb_destroy.3 b/kerberos5/man/hdb/man/man3/hdb_destroy.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hdb/man/man3/hdb_destroy.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/kerberos5/man/hdb/man/man3/hdb_entry_ex.3 b/kerberos5/man/hdb/man/man3/hdb_entry_ex.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hdb/man/man3/hdb_entry_ex.3 @@ -0,0 +1,17 @@ +.TH "hdb_entry_ex" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal hdb library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hdb_entry_ex +.SH SYNOPSIS +.br +.PP +.PP +\fC#include \fP +.SH "Detailed Description" +.PP +\fBhdb_entry_ex\fP is a wrapper structure around the hdb_entry structure that allows backends to keep a pointer to the backing store, ie in ->hdb_fetch_kvno(), so that we the kadmin/kpasswd backend gets around to ->hdb_store(), the backend doesn't need to lookup the entry again\&. + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal hdb library from the source code\&. diff --git a/kerberos5/man/hdb/man/man3/hdb_fetch_kvno.3 b/kerberos5/man/hdb/man/man3/hdb_fetch_kvno.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hdb/man/man3/hdb_fetch_kvno.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/kerberos5/man/hdb/man/man3/hdb_firstkey.3 b/kerberos5/man/hdb/man/man3/hdb_firstkey.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hdb/man/man3/hdb_firstkey.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/kerberos5/man/hdb/man/man3/hdb_free.3 b/kerberos5/man/hdb/man/man3/hdb_free.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hdb/man/man3/hdb_free.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/kerberos5/man/hdb/man/man3/hdb_get_realms.3 b/kerberos5/man/hdb/man/man3/hdb_get_realms.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hdb/man/man3/hdb_get_realms.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/kerberos5/man/hdb/man/man3/hdb_lock.3 b/kerberos5/man/hdb/man/man3/hdb_lock.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hdb/man/man3/hdb_lock.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/kerberos5/man/hdb/man/man3/hdb_name.3 b/kerberos5/man/hdb/man/man3/hdb_name.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hdb/man/man3/hdb_name.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/kerberos5/man/hdb/man/man3/hdb_nextkey.3 b/kerberos5/man/hdb/man/man3/hdb_nextkey.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hdb/man/man3/hdb_nextkey.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/kerberos5/man/hdb/man/man3/hdb_open.3 b/kerberos5/man/hdb/man/man3/hdb_open.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hdb/man/man3/hdb_open.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/kerberos5/man/hdb/man/man3/hdb_password.3 b/kerberos5/man/hdb/man/man3/hdb_password.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hdb/man/man3/hdb_password.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/kerberos5/man/hdb/man/man3/hdb_remove.3 b/kerberos5/man/hdb/man/man3/hdb_remove.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hdb/man/man3/hdb_remove.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/kerberos5/man/hdb/man/man3/hdb_rename.3 b/kerberos5/man/hdb/man/man3/hdb_rename.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hdb/man/man3/hdb_rename.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/kerberos5/man/hdb/man/man3/hdb_set_sync.3 b/kerberos5/man/hdb/man/man3/hdb_set_sync.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hdb/man/man3/hdb_set_sync.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/kerberos5/man/hdb/man/man3/hdb_store.3 b/kerberos5/man/hdb/man/man3/hdb_store.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hdb/man/man3/hdb_store.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/kerberos5/man/hdb/man/man3/hdb_unlock.3 b/kerberos5/man/hdb/man/man3/hdb_unlock.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hdb/man/man3/hdb_unlock.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/kerberos5/man/hx509/man/man3/hx509.3 b/kerberos5/man/hx509/man/man3/hx509.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509.3 @@ -0,0 +1,49 @@ +.TH "hx509" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal x509 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 \- hx509 library +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_context_init\fP (hx509_context *context)" +.br +.ti -1c +.RI "void \fBhx509_context_free\fP (hx509_context *context)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "void hx509_context_free (hx509_context * context)" +Free the context allocated by \fBhx509_context_init()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP context to be freed\&. +.RE +.PP + +.SS "int hx509_context_init (hx509_context * context)" +Creates a hx509 context that most functions in the library uses\&. The context is only allowed to be used by one thread at each moment\&. Free the context with \fBhx509_context_free()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Returns a pointer to new hx509 context\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns an hx509 error code\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal x509 library from the source code\&. diff --git a/kerberos5/man/hx509/man/man3/hx509_bitstring_print.3 b/kerberos5/man/hx509/man/man3/hx509_bitstring_print.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_bitstring_print.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ca.3 b/kerberos5/man/hx509/man/man3/hx509_ca.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ca.3 @@ -0,0 +1,573 @@ +.TH "hx509_ca" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal x509 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509_ca \- hx509 CA functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_ca_tbs_init\fP (hx509_context context, hx509_ca_tbs *tbs)" +.br +.ti -1c +.RI "void \fBhx509_ca_tbs_free\fP (hx509_ca_tbs *tbs)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_notBefore\fP (hx509_context context, hx509_ca_tbs tbs, time_t t)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_notAfter\fP (hx509_context context, hx509_ca_tbs tbs, time_t t)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_notAfter_lifetime\fP (hx509_context context, hx509_ca_tbs tbs, time_t delta)" +.br +.ti -1c +.RI "const struct units * \fBhx509_ca_tbs_template_units\fP (void)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_template\fP (hx509_context context, hx509_ca_tbs tbs, int flags, hx509_cert cert)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_ca\fP (hx509_context context, hx509_ca_tbs tbs, int pathLenConstraint)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_proxy\fP (hx509_context context, hx509_ca_tbs tbs, int pathLenConstraint)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_domaincontroller\fP (hx509_context context, hx509_ca_tbs tbs)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_spki\fP (hx509_context context, hx509_ca_tbs tbs, const SubjectPublicKeyInfo *spki)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_serialnumber\fP (hx509_context context, hx509_ca_tbs tbs, const heim_integer *serialNumber)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_add_eku\fP (hx509_context context, hx509_ca_tbs tbs, const heim_oid *oid)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_add_crl_dp_uri\fP (hx509_context context, hx509_ca_tbs tbs, const char *uri, hx509_name issuername)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_add_san_otherName\fP (hx509_context context, hx509_ca_tbs tbs, const heim_oid *oid, const heim_octet_string *os)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_add_san_pkinit\fP (hx509_context context, hx509_ca_tbs tbs, const char *principal)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_add_san_ms_upn\fP (hx509_context context, hx509_ca_tbs tbs, const char *principal)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_add_san_jid\fP (hx509_context context, hx509_ca_tbs tbs, const char *jid)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_add_san_hostname\fP (hx509_context context, hx509_ca_tbs tbs, const char *dnsname)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_add_san_rfc822name\fP (hx509_context context, hx509_ca_tbs tbs, const char *rfc822Name)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_subject\fP (hx509_context context, hx509_ca_tbs tbs, hx509_name subject)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_unique\fP (hx509_context context, hx509_ca_tbs tbs, const heim_bit_string *subjectUniqueID, const heim_bit_string *issuerUniqueID)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_subject_expand\fP (hx509_context context, hx509_ca_tbs tbs, hx509_env env)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_signature_algorithm\fP (hx509_context context, hx509_ca_tbs tbs, const AlgorithmIdentifier *sigalg)" +.br +.ti -1c +.RI "int \fBhx509_ca_sign\fP (hx509_context context, hx509_ca_tbs tbs, hx509_cert signer, hx509_cert *certificate)" +.br +.ti -1c +.RI "int \fBhx509_ca_sign_self\fP (hx509_context context, hx509_ca_tbs tbs, hx509_private_key signer, hx509_cert *certificate)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBHx509 CA functions\fP for description and examples\&. +.SH "Function Documentation" +.PP +.SS "int hx509_ca_sign (hx509_context context, hx509_ca_tbs tbs, hx509_cert signer, hx509_cert * certificate)" +Sign a to-be-signed certificate object with a issuer certificate\&. +.PP +The caller needs to at least have called the following functions on the to-be-signed certificate object: +.IP "\(bu" 2 +\fBhx509_ca_tbs_init()\fP +.IP "\(bu" 2 +\fBhx509_ca_tbs_set_subject()\fP +.IP "\(bu" 2 +\fBhx509_ca_tbs_set_spki()\fP +.PP +.PP +When done the to-be-signed certificate object should be freed with \fBhx509_ca_tbs_free()\fP\&. +.PP +When creating self-signed certificate use \fBhx509_ca_sign_self()\fP instead\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fItbs\fP object to be signed\&. +.br +\fIsigner\fP the CA certificate object to sign with (need private key)\&. +.br +\fIcertificate\fP return cerificate, free with \fBhx509_cert_free()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_ca_sign_self (hx509_context context, hx509_ca_tbs tbs, hx509_private_key signer, hx509_cert * certificate)" +Work just like \fBhx509_ca_sign()\fP but signs it-self\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fItbs\fP object to be signed\&. +.br +\fIsigner\fP private key to sign with\&. +.br +\fIcertificate\fP return cerificate, free with \fBhx509_cert_free()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_ca_tbs_add_crl_dp_uri (hx509_context context, hx509_ca_tbs tbs, const char * uri, hx509_name issuername)" +Add CRL distribution point URI to the to-be-signed certificate object\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fItbs\fP object to be signed\&. +.br +\fIuri\fP uri to the CRL\&. +.br +\fIissuername\fP name of the issuer\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP +issuername not supported +.SS "int hx509_ca_tbs_add_eku (hx509_context context, hx509_ca_tbs tbs, const heim_oid * oid)" +An an extended key usage to the to-be-signed certificate object\&. Duplicates will detected and not added\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fItbs\fP object to be signed\&. +.br +\fIoid\fP extended key usage to add\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_ca_tbs_add_san_hostname (hx509_context context, hx509_ca_tbs tbs, const char * dnsname)" +Add a Subject Alternative Name hostname to to-be-signed certificate object\&. A domain match starts with \&., an exact match does not\&. +.PP +Example of a an domain match: \&.domain\&.se matches the hostname host\&.domain\&.se\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fItbs\fP object to be signed\&. +.br +\fIdnsname\fP a hostame\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_ca_tbs_add_san_jid (hx509_context context, hx509_ca_tbs tbs, const char * jid)" +Add a Jabber/XMPP jid Subject Alternative Name to the to-be-signed certificate object\&. The jid is an UTF8 string\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fItbs\fP object to be signed\&. +.br +\fIjid\fP string of an a jabber id in UTF8\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_ca_tbs_add_san_ms_upn (hx509_context context, hx509_ca_tbs tbs, const char * principal)" +Add Microsoft UPN Subject Alternative Name to the to-be-signed certificate object\&. The principal string is a UTF8 string\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fItbs\fP object to be signed\&. +.br +\fIprincipal\fP Microsoft UPN string\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_ca_tbs_add_san_otherName (hx509_context context, hx509_ca_tbs tbs, const heim_oid * oid, const heim_octet_string * os)" +Add Subject Alternative Name otherName to the to-be-signed certificate object\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fItbs\fP object to be signed\&. +.br +\fIoid\fP the oid of the OtherName\&. +.br +\fIos\fP data in the other name\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_ca_tbs_add_san_pkinit (hx509_context context, hx509_ca_tbs tbs, const char * principal)" +Add Kerberos Subject Alternative Name to the to-be-signed certificate object\&. The principal string is a UTF8 string\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fItbs\fP object to be signed\&. +.br +\fIprincipal\fP Kerberos principal to add to the certificate\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_ca_tbs_add_san_rfc822name (hx509_context context, hx509_ca_tbs tbs, const char * rfc822Name)" +Add a Subject Alternative Name rfc822 (email address) to to-be-signed certificate object\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fItbs\fP object to be signed\&. +.br +\fIrfc822Name\fP a string to a email address\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "void hx509_ca_tbs_free (hx509_ca_tbs * tbs)" +Free an To Be Signed object\&. +.PP +\fBParameters\fP +.RS 4 +\fItbs\fP object to free\&. +.RE +.PP + +.SS "int hx509_ca_tbs_init (hx509_context context, hx509_ca_tbs * tbs)" +Allocate an to-be-signed certificate object that will be converted into an certificate\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fItbs\fP returned to-be-signed certicate object, free with \fBhx509_ca_tbs_free()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_ca_tbs_set_ca (hx509_context context, hx509_ca_tbs tbs, int pathLenConstraint)" +Make the to-be-signed certificate object a CA certificate\&. If the pathLenConstraint is negative path length constraint is used\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fItbs\fP object to be signed\&. +.br +\fIpathLenConstraint\fP path length constraint, negative, no constraint\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_ca_tbs_set_domaincontroller (hx509_context context, hx509_ca_tbs tbs)" +Make the to-be-signed certificate object a windows domain controller certificate\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fItbs\fP object to be signed\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_ca_tbs_set_notAfter (hx509_context context, hx509_ca_tbs tbs, time_t t)" +Set the absolute time when the certificate is valid to\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fItbs\fP object to be signed\&. +.br +\fIt\fP time when the certificate will expire +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_ca_tbs_set_notAfter_lifetime (hx509_context context, hx509_ca_tbs tbs, time_t delta)" +Set the relative time when the certificiate is going to expire\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fItbs\fP object to be signed\&. +.br +\fIdelta\fP seconds to the certificate is going to expire\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_ca_tbs_set_notBefore (hx509_context context, hx509_ca_tbs tbs, time_t t)" +Set the absolute time when the certificate is valid from\&. If not set the current time will be used\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fItbs\fP object to be signed\&. +.br +\fIt\fP time the certificated will start to be valid +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_ca_tbs_set_proxy (hx509_context context, hx509_ca_tbs tbs, int pathLenConstraint)" +Make the to-be-signed certificate object a proxy certificate\&. If the pathLenConstraint is negative path length constraint is used\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fItbs\fP object to be signed\&. +.br +\fIpathLenConstraint\fP path length constraint, negative, no constraint\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_ca_tbs_set_serialnumber (hx509_context context, hx509_ca_tbs tbs, const heim_integer * serialNumber)" +Set the serial number to use for to-be-signed certificate object\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fItbs\fP object to be signed\&. +.br +\fIserialNumber\fP serial number to use for the to-be-signed certificate object\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_ca_tbs_set_signature_algorithm (hx509_context context, hx509_ca_tbs tbs, const AlgorithmIdentifier * sigalg)" +Set signature algorithm on the to be signed certificate +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fItbs\fP object to be signed\&. +.br +\fIsigalg\fP signature algorithm to use +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_ca_tbs_set_spki (hx509_context context, hx509_ca_tbs tbs, const SubjectPublicKeyInfo * spki)" +Set the subject public key info (SPKI) in the to-be-signed certificate object\&. SPKI is the public key and key related parameters in the certificate\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fItbs\fP object to be signed\&. +.br +\fIspki\fP subject public key info to use for the to-be-signed certificate object\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_ca_tbs_set_subject (hx509_context context, hx509_ca_tbs tbs, hx509_name subject)" +Set the subject name of a to-be-signed certificate object\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fItbs\fP object to be signed\&. +.br +\fIsubject\fP the name to set a subject\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_ca_tbs_set_template (hx509_context context, hx509_ca_tbs tbs, int flags, hx509_cert cert)" +Initialize the to-be-signed certificate object from a template certifiate\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fItbs\fP object to be signed\&. +.br +\fIflags\fP bit field selecting what to copy from the template certifiate\&. +.br +\fIcert\fP template certificate\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_ca_tbs_set_unique (hx509_context context, hx509_ca_tbs tbs, const heim_bit_string * subjectUniqueID, const heim_bit_string * issuerUniqueID)" +Set the issuerUniqueID and subjectUniqueID +.PP +These are only supposed to be used considered with version 2 certificates, replaced by the two extensions SubjectKeyIdentifier and IssuerKeyIdentifier\&. This function is to allow application using legacy protocol to issue them\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fItbs\fP object to be signed\&. +.br +\fIissuerUniqueID\fP to be set +.br +\fIsubjectUniqueID\fP to be set +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_ca_tbs_subject_expand (hx509_context context, hx509_ca_tbs tbs, hx509_env env)" +Expand the the subject name in the to-be-signed certificate object using \fBhx509_name_expand()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fItbs\fP object to be signed\&. +.br +\fIenv\fP environment variable to expand variables in the subject name, see hx509_env_init()\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "const struct units* hx509_ca_tbs_template_units (void)" +Make of template units, use to build flags argument to \fBhx509_ca_tbs_set_template()\fP with parse_units()\&. +.PP +\fBReturns\fP +.RS 4 +an units structure\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal x509 library from the source code\&. diff --git a/kerberos5/man/hx509/man/man3/hx509_ca_sign.3 b/kerberos5/man/hx509/man/man3/hx509_ca_sign.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ca_sign.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ca_sign_self.3 b/kerberos5/man/hx509/man/man3/hx509_ca_sign_self.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ca_sign_self.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ca_tbs_add_crl_dp_uri.3 b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_add_crl_dp_uri.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_add_crl_dp_uri.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ca_tbs_add_eku.3 b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_add_eku.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_add_eku.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ca_tbs_add_san_hostname.3 b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_add_san_hostname.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_add_san_hostname.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ca_tbs_add_san_jid.3 b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_add_san_jid.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_add_san_jid.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ca_tbs_add_san_ms_upn.3 b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_add_san_ms_upn.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_add_san_ms_upn.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ca_tbs_add_san_otherName.3 b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_add_san_otherName.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_add_san_otherName.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ca_tbs_add_san_pkinit.3 b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_add_san_pkinit.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_add_san_pkinit.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ca_tbs_add_san_rfc822name.3 b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_add_san_rfc822name.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_add_san_rfc822name.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ca_tbs_free.3 b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_free.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_free.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ca_tbs_init.3 b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_init.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_init.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_ca.3 b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_ca.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_ca.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_domaincontroller.3 b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_domaincontroller.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_domaincontroller.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_notAfter.3 b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_notAfter.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_notAfter.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_notAfter_lifetime.3 b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_notAfter_lifetime.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_notAfter_lifetime.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_notBefore.3 b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_notBefore.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_notBefore.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_proxy.3 b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_proxy.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_proxy.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_serialnumber.3 b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_serialnumber.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_serialnumber.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_signature_algorithm.3 b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_signature_algorithm.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_signature_algorithm.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_spki.3 b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_spki.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_spki.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_subject.3 b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_subject.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_subject.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_template.3 b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_template.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_template.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_unique.3 b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_unique.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_set_unique.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ca_tbs_subject_expand.3 b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_subject_expand.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_subject_expand.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ca_tbs_template_units.3 b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_template_units.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ca_tbs_template_units.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_cert.3 b/kerberos5/man/hx509/man/man3/hx509_cert.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cert.3 @@ -0,0 +1,673 @@ +.TH "hx509_cert" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal x509 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509_cert \- hx509 certificate functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "hx509_cert \fBhx509_cert_init\fP (hx509_context context, const Certificate *c, heim_error_t *error)" +.br +.ti -1c +.RI "hx509_cert \fBhx509_cert_init_data\fP (hx509_context context, const void *ptr, size_t len, heim_error_t *error)" +.br +.ti -1c +.RI "void \fBhx509_cert_free\fP (hx509_cert cert)" +.br +.ti -1c +.RI "hx509_cert \fBhx509_cert_ref\fP (hx509_cert cert)" +.br +.ti -1c +.RI "void \fBhx509_verify_ctx_f_allow_default_trustanchors\fP (hx509_verify_ctx ctx, int boolean)" +.br +.ti -1c +.RI "int \fBhx509_cert_find_subjectAltName_otherName\fP (hx509_context context, hx509_cert cert, const heim_oid *oid, hx509_octet_string_list *list)" +.br +.ti -1c +.RI "int \fBhx509_cert_cmp\fP (hx509_cert p, hx509_cert q)" +.br +.ti -1c +.RI "int \fBhx509_cert_get_issuer\fP (hx509_cert p, hx509_name *name)" +.br +.ti -1c +.RI "int \fBhx509_cert_get_subject\fP (hx509_cert p, hx509_name *name)" +.br +.ti -1c +.RI "int \fBhx509_cert_get_base_subject\fP (hx509_context context, hx509_cert c, hx509_name *name)" +.br +.ti -1c +.RI "int \fBhx509_cert_get_serialnumber\fP (hx509_cert p, heim_integer *i)" +.br +.ti -1c +.RI "time_t \fBhx509_cert_get_notBefore\fP (hx509_cert p)" +.br +.ti -1c +.RI "time_t \fBhx509_cert_get_notAfter\fP (hx509_cert p)" +.br +.ti -1c +.RI "int \fBhx509_cert_get_SPKI\fP (hx509_context context, hx509_cert p, SubjectPublicKeyInfo *spki)" +.br +.ti -1c +.RI "int \fBhx509_cert_get_SPKI_AlgorithmIdentifier\fP (hx509_context context, hx509_cert p, AlgorithmIdentifier *alg)" +.br +.ti -1c +.RI "int \fBhx509_cert_get_issuer_unique_id\fP (hx509_context context, hx509_cert p, heim_bit_string *issuer)" +.br +.ti -1c +.RI "int \fBhx509_cert_get_subject_unique_id\fP (hx509_context context, hx509_cert p, heim_bit_string *subject)" +.br +.ti -1c +.RI "int \fBhx509_verify_hostname\fP (hx509_context context, const hx509_cert cert, int flags, hx509_hostname_type type, const char *hostname, const struct sockaddr *sa, int sa_size)" +.br +.ti -1c +.RI "hx509_cert_attribute \fBhx509_cert_get_attribute\fP (hx509_cert cert, const heim_oid *oid)" +.br +.ti -1c +.RI "int \fBhx509_cert_set_friendly_name\fP (hx509_cert cert, const char *name)" +.br +.ti -1c +.RI "const char * \fBhx509_cert_get_friendly_name\fP (hx509_cert cert)" +.br +.ti -1c +.RI "int \fBhx509_query_alloc\fP (hx509_context context, hx509_query **q)" +.br +.ti -1c +.RI "void \fBhx509_query_match_option\fP (hx509_query *q, hx509_query_option option)" +.br +.ti -1c +.RI "int \fBhx509_query_match_issuer_serial\fP (hx509_query *q, const Name *issuer, const heim_integer *serialNumber)" +.br +.ti -1c +.RI "int \fBhx509_query_match_friendly_name\fP (hx509_query *q, const char *name)" +.br +.ti -1c +.RI "int \fBhx509_query_match_eku\fP (hx509_query *q, const heim_oid *eku)" +.br +.ti -1c +.RI "int \fBhx509_query_match_cmp_func\fP (hx509_query *q, int(*func)(hx509_context, hx509_cert, void *), void *ctx)" +.br +.ti -1c +.RI "void \fBhx509_query_free\fP (hx509_context context, hx509_query *q)" +.br +.ti -1c +.RI "void \fBhx509_query_statistic_file\fP (hx509_context context, const char *fn)" +.br +.ti -1c +.RI "void \fBhx509_query_unparse_stats\fP (hx509_context context, int printtype, FILE *out)" +.br +.ti -1c +.RI "int \fBhx509_cert_check_eku\fP (hx509_context context, hx509_cert cert, const heim_oid *eku, int allow_any_eku)" +.br +.ti -1c +.RI "int \fBhx509_cert_binary\fP (hx509_context context, hx509_cert c, heim_octet_string *os)" +.br +.ti -1c +.RI "int \fBhx509_print_cert\fP (hx509_context context, hx509_cert cert, FILE *out)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBThe basic certificate\fP for description and examples\&. +.SH "Function Documentation" +.PP +.SS "int hx509_cert_binary (hx509_context context, hx509_cert c, heim_octet_string * os)" +Encodes the hx509 certificate as a DER encode binary\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIc\fP the certificate to encode\&. +.br +\fIos\fP the encode certificate, set to NULL, 0 on case of error\&. Free the os->data with \fBhx509_xfree()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_cert_check_eku (hx509_context context, hx509_cert cert, const heim_oid * eku, int allow_any_eku)" +Check the extended key usage on the hx509 certificate\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIcert\fP A hx509 context\&. +.br +\fIeku\fP the EKU to check for +.br +\fIallow_any_eku\fP if the any EKU is set, allow that to be a substitute\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_cert_cmp (hx509_cert p, hx509_cert q)" +Compare to hx509 certificate object, useful for sorting\&. +.PP +\fBParameters\fP +.RS 4 +\fIp\fP a hx509 certificate object\&. +.br +\fIq\fP a hx509 certificate object\&. +.RE +.PP +\fBReturns\fP +.RS 4 +0 the objects are the same, returns > 0 is p is 'larger' then q, < 0 if p is 'smaller' then q\&. +.RE +.PP + +.SS "int hx509_cert_find_subjectAltName_otherName (hx509_context context, hx509_cert cert, const heim_oid * oid, hx509_octet_string_list * list)" +Return a list of subjectAltNames specified by oid in the certificate\&. On error the +.PP +The returned list of octet string should be freed with \fBhx509_free_octet_string_list()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIcert\fP a hx509 certificate object\&. +.br +\fIoid\fP an oid to for SubjectAltName\&. +.br +\fIlist\fP list of matching SubjectAltName\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "void hx509_cert_free (hx509_cert cert)" +Free reference to the hx509 certificate object, if the refcounter reaches 0, the object if freed\&. Its allowed to pass in NULL\&. +.PP +\fBParameters\fP +.RS 4 +\fIcert\fP the cert to free\&. +.RE +.PP + +.SS "hx509_cert_attribute hx509_cert_get_attribute (hx509_cert cert, const heim_oid * oid)" +Get an external attribute for the certificate, examples are friendly name and id\&. +.PP +\fBParameters\fP +.RS 4 +\fIcert\fP hx509 certificate object to search +.br +\fIoid\fP an oid to search for\&. +.RE +.PP +\fBReturns\fP +.RS 4 +an hx509_cert_attribute, only valid as long as the certificate is referenced\&. +.RE +.PP + +.SS "int hx509_cert_get_base_subject (hx509_context context, hx509_cert c, hx509_name * name)" +Return the name of the base subject of the hx509 certificate\&. If the certiicate is a verified proxy certificate, the this function return the base certificate (root of the proxy chain)\&. If the proxy certificate is not verified with the base certificate HX509_PROXY_CERTIFICATE_NOT_CANONICALIZED is returned\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a hx509 context\&. +.br +\fIc\fP a hx509 certificate object\&. +.br +\fIname\fP a pointer to a hx509 name, should be freed by \fBhx509_name_free()\fP\&. See also \fBhx509_cert_get_subject()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "const char* hx509_cert_get_friendly_name (hx509_cert cert)" +Get friendly name of the certificate\&. +.PP +\fBParameters\fP +.RS 4 +\fIcert\fP cert to get the friendly name from\&. +.RE +.PP +\fBReturns\fP +.RS 4 +an friendly name or NULL if there is\&. The friendly name is only valid as long as the certificate is referenced\&. +.RE +.PP + +.SS "int hx509_cert_get_issuer (hx509_cert p, hx509_name * name)" +Return the name of the issuer of the hx509 certificate\&. +.PP +\fBParameters\fP +.RS 4 +\fIp\fP a hx509 certificate object\&. +.br +\fIname\fP a pointer to a hx509 name, should be freed by \fBhx509_name_free()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_cert_get_issuer_unique_id (hx509_context context, hx509_cert p, heim_bit_string * issuer)" +Get a copy of the Issuer Unique ID +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a hx509_context +.br +\fIp\fP a hx509 certificate +.br +\fIissuer\fP the issuer id returned, free with der_free_bit_string() +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. The error code HX509_EXTENSION_NOT_FOUND is returned if the certificate doesn't have a issuerUniqueID +.RE +.PP + +.SS "time_t hx509_cert_get_notAfter (hx509_cert p)" +Get notAfter time of the certificate\&. +.PP +\fBParameters\fP +.RS 4 +\fIp\fP a hx509 certificate object\&. +.RE +.PP +\fBReturns\fP +.RS 4 +return not after time\&. +.RE +.PP + +.SS "time_t hx509_cert_get_notBefore (hx509_cert p)" +Get notBefore time of the certificate\&. +.PP +\fBParameters\fP +.RS 4 +\fIp\fP a hx509 certificate object\&. +.RE +.PP +\fBReturns\fP +.RS 4 +return not before time +.RE +.PP + +.SS "int hx509_cert_get_serialnumber (hx509_cert p, heim_integer * i)" +Get serial number of the certificate\&. +.PP +\fBParameters\fP +.RS 4 +\fIp\fP a hx509 certificate object\&. +.br +\fIi\fP serial number, should be freed ith der_free_heim_integer()\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_cert_get_SPKI (hx509_context context, hx509_cert p, SubjectPublicKeyInfo * spki)" +Get the SubjectPublicKeyInfo structure from the hx509 certificate\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a hx509 context\&. +.br +\fIp\fP a hx509 certificate object\&. +.br +\fIspki\fP SubjectPublicKeyInfo, should be freed with free_SubjectPublicKeyInfo()\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_cert_get_SPKI_AlgorithmIdentifier (hx509_context context, hx509_cert p, AlgorithmIdentifier * alg)" +Get the AlgorithmIdentifier from the hx509 certificate\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a hx509 context\&. +.br +\fIp\fP a hx509 certificate object\&. +.br +\fIalg\fP AlgorithmIdentifier, should be freed with free_AlgorithmIdentifier()\&. The algorithmidentifier is typicly rsaEncryption, or id-ecPublicKey, or some other public key mechanism\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_cert_get_subject (hx509_cert p, hx509_name * name)" +Return the name of the subject of the hx509 certificate\&. +.PP +\fBParameters\fP +.RS 4 +\fIp\fP a hx509 certificate object\&. +.br +\fIname\fP a pointer to a hx509 name, should be freed by \fBhx509_name_free()\fP\&. See also \fBhx509_cert_get_base_subject()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_cert_get_subject_unique_id (hx509_context context, hx509_cert p, heim_bit_string * subject)" +Get a copy of the Subect Unique ID +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a hx509_context +.br +\fIp\fP a hx509 certificate +.br +\fIsubject\fP the subject id returned, free with der_free_bit_string() +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. The error code HX509_EXTENSION_NOT_FOUND is returned if the certificate doesn't have a subjectUniqueID +.RE +.PP + +.SS "hx509_cert hx509_cert_init (hx509_context context, const Certificate * c, heim_error_t * error)" +Allocate and init an hx509 certificate object from the decoded certificate `c´\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIc\fP +.br +\fIerror\fP +.RE +.PP +\fBReturns\fP +.RS 4 +Returns an hx509 certificate +.RE +.PP + +.SS "hx509_cert hx509_cert_init_data (hx509_context context, const void * ptr, size_t len, heim_error_t * error)" +Just like \fBhx509_cert_init()\fP, but instead of a decode certificate takes an pointer and length to a memory region that contains a DER/BER encoded certificate\&. +.PP +If the memory region doesn't contain just the certificate and nothing more the function will fail with HX509_EXTRA_DATA_AFTER_STRUCTURE\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIptr\fP pointer to memory region containing encoded certificate\&. +.br +\fIlen\fP length of memory region\&. +.br +\fIerror\fP possibly returns an error +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 certificate +.RE +.PP + +.SS "hx509_cert hx509_cert_ref (hx509_cert cert)" +Add a reference to a hx509 certificate object\&. +.PP +\fBParameters\fP +.RS 4 +\fIcert\fP a pointer to an hx509 certificate object\&. +.RE +.PP +\fBReturns\fP +.RS 4 +the same object as is passed in\&. +.RE +.PP + +.SS "int hx509_cert_set_friendly_name (hx509_cert cert, const char * name)" +Set the friendly name on the certificate\&. +.PP +\fBParameters\fP +.RS 4 +\fIcert\fP The certificate to set the friendly name on +.br +\fIname\fP Friendly name\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_print_cert (hx509_context context, hx509_cert cert, FILE * out)" +Print a simple representation of a certificate +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context, can be NULL +.br +\fIcert\fP certificate to print +.br +\fIout\fP the stdio output stream, if NULL, stdout is used +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code +.RE +.PP + +.SS "int hx509_query_alloc (hx509_context context, hx509_query ** q)" +Allocate an query controller\&. Free using \fBhx509_query_free()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIq\fP return pointer to a hx509_query\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "void hx509_query_free (hx509_context context, hx509_query * q)" +Free the query controller\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIq\fP a pointer to the query controller\&. +.RE +.PP + +.SS "int hx509_query_match_cmp_func (hx509_query * q, int(*)(hx509_context, hx509_cert, void *) func, void * ctx)" +Set the query controller to match using a specific match function\&. +.PP +\fBParameters\fP +.RS 4 +\fIq\fP a hx509 query controller\&. +.br +\fIfunc\fP function to use for matching, if the argument is NULL, the match function is removed\&. +.br +\fIctx\fP context passed to the function\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_query_match_eku (hx509_query * q, const heim_oid * eku)" +Set the query controller to require an one specific EKU (extended key usage)\&. Any previous EKU matching is overwitten\&. If NULL is passed in as the eku, the EKU requirement is reset\&. +.PP +\fBParameters\fP +.RS 4 +\fIq\fP a hx509 query controller\&. +.br +\fIeku\fP an EKU to match on\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_query_match_friendly_name (hx509_query * q, const char * name)" +Set the query controller to match on a friendly name +.PP +\fBParameters\fP +.RS 4 +\fIq\fP a hx509 query controller\&. +.br +\fIname\fP a friendly name to match on +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_query_match_issuer_serial (hx509_query * q, const Name * issuer, const heim_integer * serialNumber)" +Set the issuer and serial number of match in the query controller\&. The function make copies of the isser and serial number\&. +.PP +\fBParameters\fP +.RS 4 +\fIq\fP a hx509 query controller +.br +\fIissuer\fP issuer to search for +.br +\fIserialNumber\fP the serialNumber of the issuer\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "void hx509_query_match_option (hx509_query * q, hx509_query_option option)" +Set match options for the hx509 query controller\&. +.PP +\fBParameters\fP +.RS 4 +\fIq\fP query controller\&. +.br +\fIoption\fP options to control the query controller\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "void hx509_query_statistic_file (hx509_context context, const char * fn)" +Set a statistic file for the query statistics\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIfn\fP statistics file name +.RE +.PP + +.SS "void hx509_query_unparse_stats (hx509_context context, int printtype, FILE * out)" +Unparse the statistics file and print the result on a FILE descriptor\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIprinttype\fP tyep to print +.br +\fIout\fP the FILE to write the data on\&. +.RE +.PP + +.SS "void hx509_verify_ctx_f_allow_default_trustanchors (hx509_verify_ctx ctx, int boolean)" +Allow using the operating system builtin trust anchors if no other trust anchors are configured\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP a verification context +.br +\fIboolean\fP if non zero, useing the operating systems builtin trust anchors\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_verify_hostname (hx509_context context, const hx509_cert cert, int flags, hx509_hostname_type type, const char * hostname, const struct sockaddr * sa, int sa_size)" +Verify that the certificate is allowed to be used for the hostname and address\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIcert\fP the certificate to match with +.br +\fIflags\fP Flags to modify the behavior: +.IP "\(bu" 2 +HX509_VHN_F_ALLOW_NO_MATCH no match is ok +.PP +.br +\fItype\fP type of hostname: +.IP "\(bu" 2 +HX509_HN_HOSTNAME for plain hostname\&. +.IP "\(bu" 2 +HX509_HN_DNSSRV for DNS SRV names\&. +.PP +.br +\fIhostname\fP the hostname to check +.br +\fIsa\fP address of the host +.br +\fIsa_size\fP length of address +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal x509 library from the source code\&. diff --git a/kerberos5/man/hx509/man/man3/hx509_cert_binary.3 b/kerberos5/man/hx509/man/man3/hx509_cert_binary.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cert_binary.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_cert_check_eku.3 b/kerberos5/man/hx509/man/man3/hx509_cert_check_eku.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cert_check_eku.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_cert_cmp.3 b/kerberos5/man/hx509/man/man3/hx509_cert_cmp.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cert_cmp.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_cert_find_subjectAltName_otherName.3 b/kerberos5/man/hx509/man/man3/hx509_cert_find_subjectAltName_otherName.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cert_find_subjectAltName_otherName.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_cert_free.3 b/kerberos5/man/hx509/man/man3/hx509_cert_free.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cert_free.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_cert_get_SPKI.3 b/kerberos5/man/hx509/man/man3/hx509_cert_get_SPKI.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cert_get_SPKI.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_cert_get_SPKI_AlgorithmIdentifier.3 b/kerberos5/man/hx509/man/man3/hx509_cert_get_SPKI_AlgorithmIdentifier.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cert_get_SPKI_AlgorithmIdentifier.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_cert_get_attribute.3 b/kerberos5/man/hx509/man/man3/hx509_cert_get_attribute.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cert_get_attribute.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_cert_get_base_subject.3 b/kerberos5/man/hx509/man/man3/hx509_cert_get_base_subject.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cert_get_base_subject.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_cert_get_friendly_name.3 b/kerberos5/man/hx509/man/man3/hx509_cert_get_friendly_name.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cert_get_friendly_name.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_cert_get_issuer.3 b/kerberos5/man/hx509/man/man3/hx509_cert_get_issuer.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cert_get_issuer.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_cert_get_issuer_unique_id.3 b/kerberos5/man/hx509/man/man3/hx509_cert_get_issuer_unique_id.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cert_get_issuer_unique_id.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_cert_get_notAfter.3 b/kerberos5/man/hx509/man/man3/hx509_cert_get_notAfter.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cert_get_notAfter.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_cert_get_notBefore.3 b/kerberos5/man/hx509/man/man3/hx509_cert_get_notBefore.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cert_get_notBefore.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_cert_get_serialnumber.3 b/kerberos5/man/hx509/man/man3/hx509_cert_get_serialnumber.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cert_get_serialnumber.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_cert_get_subject.3 b/kerberos5/man/hx509/man/man3/hx509_cert_get_subject.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cert_get_subject.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_cert_get_subject_unique_id.3 b/kerberos5/man/hx509/man/man3/hx509_cert_get_subject_unique_id.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cert_get_subject_unique_id.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_cert_init.3 b/kerberos5/man/hx509/man/man3/hx509_cert_init.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cert_init.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_cert_init_data.3 b/kerberos5/man/hx509/man/man3/hx509_cert_init_data.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cert_init_data.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_cert_keyusage_print.3 b/kerberos5/man/hx509/man/man3/hx509_cert_keyusage_print.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cert_keyusage_print.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_cert_ref.3 b/kerberos5/man/hx509/man/man3/hx509_cert_ref.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cert_ref.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_cert_set_friendly_name.3 b/kerberos5/man/hx509/man/man3/hx509_cert_set_friendly_name.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cert_set_friendly_name.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_certs_add.3 b/kerberos5/man/hx509/man/man3/hx509_certs_add.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_certs_add.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_certs_append.3 b/kerberos5/man/hx509/man/man3/hx509_certs_append.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_certs_append.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_certs_end_seq.3 b/kerberos5/man/hx509/man/man3/hx509_certs_end_seq.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_certs_end_seq.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_certs_filter.3 b/kerberos5/man/hx509/man/man3/hx509_certs_filter.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_certs_filter.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_certs_find.3 b/kerberos5/man/hx509/man/man3/hx509_certs_find.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_certs_find.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_certs_free.3 b/kerberos5/man/hx509/man/man3/hx509_certs_free.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_certs_free.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_certs_info.3 b/kerberos5/man/hx509/man/man3/hx509_certs_info.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_certs_info.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_certs_init.3 b/kerberos5/man/hx509/man/man3/hx509_certs_init.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_certs_init.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_certs_iter_f.3 b/kerberos5/man/hx509/man/man3/hx509_certs_iter_f.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_certs_iter_f.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_certs_merge.3 b/kerberos5/man/hx509/man/man3/hx509_certs_merge.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_certs_merge.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_certs_next_cert.3 b/kerberos5/man/hx509/man/man3/hx509_certs_next_cert.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_certs_next_cert.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_certs_start_seq.3 b/kerberos5/man/hx509/man/man3/hx509_certs_start_seq.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_certs_start_seq.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_certs_store.3 b/kerberos5/man/hx509/man/man3/hx509_certs_store.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_certs_store.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ci_print_names.3 b/kerberos5/man/hx509/man/man3/hx509_ci_print_names.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ci_print_names.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_clear_error_string.3 b/kerberos5/man/hx509/man/man3/hx509_clear_error_string.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_clear_error_string.3 @@ -0,0 +1 @@ +.so man3/hx509_error.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_cms.3 b/kerberos5/man/hx509/man/man3/hx509_cms.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cms.3 @@ -0,0 +1,224 @@ +.TH "hx509_cms" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal x509 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509_cms \- hx509 CMS/pkcs7 functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_cms_wrap_ContentInfo\fP (const heim_oid *oid, const heim_octet_string *buf, heim_octet_string *res)" +.br +.ti -1c +.RI "int \fBhx509_cms_unwrap_ContentInfo\fP (const heim_octet_string *in, heim_oid *oid, heim_octet_string *out, int *have_data)" +.br +.ti -1c +.RI "int \fBhx509_cms_unenvelope\fP (hx509_context context, hx509_certs certs, int flags, const void *data, size_t length, const heim_octet_string *encryptedContent, time_t time_now, heim_oid *contentType, heim_octet_string *content)" +.br +.ti -1c +.RI "int \fBhx509_cms_envelope_1\fP (hx509_context context, int flags, hx509_cert cert, const void *data, size_t length, const heim_oid *encryption_type, const heim_oid *contentType, heim_octet_string *content)" +.br +.ti -1c +.RI "int \fBhx509_cms_verify_signed\fP (hx509_context context, hx509_verify_ctx ctx, unsigned int flags, const void *data, size_t length, const heim_octet_string *signedContent, hx509_certs pool, heim_oid *contentType, heim_octet_string *content, hx509_certs *signer_certs)" +.br +.ti -1c +.RI "int \fBhx509_cms_create_signed_1\fP (hx509_context context, int flags, const heim_oid *eContentType, const void *data, size_t length, const AlgorithmIdentifier *digest_alg, hx509_cert cert, hx509_peer_info peer, hx509_certs anchors, hx509_certs pool, heim_octet_string *signed_data)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBCMS/PKCS7 message functions\&.\fP for description and examples\&. +.SH "Function Documentation" +.PP +.SS "int hx509_cms_create_signed_1 (hx509_context context, int flags, const heim_oid * eContentType, const void * data, size_t length, const AlgorithmIdentifier * digest_alg, hx509_cert cert, hx509_peer_info peer, hx509_certs anchors, hx509_certs pool, heim_octet_string * signed_data)" +Decode SignedData and verify that the signature is correct\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIflags\fP +.br +\fIeContentType\fP the type of the data\&. +.br +\fIdata\fP data to sign +.br +\fIlength\fP length of the data that data point to\&. +.br +\fIdigest_alg\fP digest algorithm to use, use NULL to get the default or the peer determined algorithm\&. +.br +\fIcert\fP certificate to use for sign the data\&. +.br +\fIpeer\fP info about the peer the message to send the message to, like what digest algorithm to use\&. +.br +\fIanchors\fP trust anchors that the client will use, used to polulate the certificates included in the message +.br +\fIpool\fP certificates to use in try to build the path to the trust anchors\&. +.br +\fIsigned_data\fP the output of the function, free with der_free_octet_string()\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns an hx509 error code\&. +.RE +.PP + +.SS "int hx509_cms_envelope_1 (hx509_context context, int flags, hx509_cert cert, const void * data, size_t length, const heim_oid * encryption_type, const heim_oid * contentType, heim_octet_string * content)" +Encrypt end encode EnvelopedData\&. +.PP +Encrypt and encode EnvelopedData\&. The data is encrypted with a random key and the the random key is encrypted with the certificates private key\&. This limits what private key type can be used to RSA\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIflags\fP flags to control the behavior\&. +.IP "\(bu" 2 +HX509_CMS_EV_NO_KU_CHECK - Don't check KU on certificate +.IP "\(bu" 2 +HX509_CMS_EV_ALLOW_WEAK - Allow weak crytpo +.IP "\(bu" 2 +HX509_CMS_EV_ID_NAME - prefer issuer name and serial number +.PP +.br +\fIcert\fP Certificate to encrypt the EnvelopedData encryption key with\&. +.br +\fIdata\fP pointer the data to encrypt\&. +.br +\fIlength\fP length of the data that data point to\&. +.br +\fIencryption_type\fP Encryption cipher to use for the bulk data, use NULL to get default\&. +.br +\fIcontentType\fP type of the data that is encrypted +.br +\fIcontent\fP the output of the function, free with der_free_octet_string()\&. +.RE +.PP +\fBReturns\fP +.RS 4 +an hx509 error code\&. +.RE +.PP + +.SS "int hx509_cms_unenvelope (hx509_context context, hx509_certs certs, int flags, const void * data, size_t length, const heim_octet_string * encryptedContent, time_t time_now, heim_oid * contentType, heim_octet_string * content)" +Decode and unencrypt EnvelopedData\&. +.PP +Extract data and parameteres from from the EnvelopedData\&. Also supports using detached EnvelopedData\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIcerts\fP Certificate that can decrypt the EnvelopedData encryption key\&. +.br +\fIflags\fP HX509_CMS_UE flags to control the behavior\&. +.br +\fIdata\fP pointer the structure the contains the DER/BER encoded EnvelopedData stucture\&. +.br +\fIlength\fP length of the data that data point to\&. +.br +\fIencryptedContent\fP in case of detached signature, this contains the actual encrypted data, othersize its should be NULL\&. +.br +\fItime_now\fP set the current time, if zero the library uses now as the date\&. +.br +\fIcontentType\fP output type oid, should be freed with der_free_oid()\&. +.br +\fIcontent\fP the data, free with der_free_octet_string()\&. +.RE +.PP +\fBReturns\fP +.RS 4 +an hx509 error code\&. +.RE +.PP + +.SS "int hx509_cms_unwrap_ContentInfo (const heim_octet_string * in, heim_oid * oid, heim_octet_string * out, int * have_data)" +Decode an ContentInfo and unwrap data and oid it\&. +.PP +\fBParameters\fP +.RS 4 +\fIin\fP the encoded buffer\&. +.br +\fIoid\fP type of the content\&. +.br +\fIout\fP data to be wrapped\&. +.br +\fIhave_data\fP since the data is optional, this flags show dthe diffrence between no data and the zero length data\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns an hx509 error code\&. +.RE +.PP + +.SS "int hx509_cms_verify_signed (hx509_context context, hx509_verify_ctx ctx, unsigned int flags, const void * data, size_t length, const heim_octet_string * signedContent, hx509_certs pool, heim_oid * contentType, heim_octet_string * content, hx509_certs * signer_certs)" +Decode SignedData and verify that the signature is correct\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIctx\fP a hx509 verify context\&. +.br +\fIflags\fP to control the behaivor of the function\&. +.IP "\(bu" 2 +HX509_CMS_VS_NO_KU_CHECK - Don't check KeyUsage +.IP "\(bu" 2 +HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH - allow oid mismatch +.IP "\(bu" 2 +HX509_CMS_VS_ALLOW_ZERO_SIGNER - no signer, see below\&. +.PP +.br +\fIdata\fP pointer to CMS SignedData encoded data\&. +.br +\fIlength\fP length of the data that data point to\&. +.br +\fIsignedContent\fP external data used for signature\&. +.br +\fIpool\fP certificate pool to build certificates paths\&. +.br +\fIcontentType\fP free with der_free_oid()\&. +.br +\fIcontent\fP the output of the function, free with der_free_octet_string()\&. +.br +\fIsigner_certs\fP list of the cerficates used to sign this request, free with \fBhx509_certs_free()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +an hx509 error code\&. +.RE +.PP +If HX509_CMS_VS_NO_KU_CHECK is set, allow more liberal search for matching certificates by not considering KeyUsage bits on the certificates\&. +.PP +If HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH, allow encapContentInfo mismatch with the oid in signedAttributes (or if no signedAttributes where use, pkcs7-data oid)\&. This is only needed to work with broken CMS implementations that doesn't follow CMS signedAttributes rules\&. +.PP +If HX509_CMS_VS_NO_VALIDATE flags is set, do not verify the signing certificates and leave that up to the caller\&. +.PP +If HX509_CMS_VS_ALLOW_ZERO_SIGNER is set, allow empty SignerInfo (no signatures)\&. If SignedData have no signatures, the function will return 0 with signer_certs set to NULL\&. Zero signers is allowed by the standard, but since its only useful in corner cases, it make into a flag that the caller have to turn on\&. +.SS "int hx509_cms_wrap_ContentInfo (const heim_oid * oid, const heim_octet_string * buf, heim_octet_string * res)" +Wrap data and oid in a ContentInfo and encode it\&. +.PP +\fBParameters\fP +.RS 4 +\fIoid\fP type of the content\&. +.br +\fIbuf\fP data to be wrapped\&. If a NULL pointer is passed in, the optional content field in the ContentInfo is not going be filled in\&. +.br +\fIres\fP the encoded buffer, the result should be freed with der_free_octet_string()\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns an hx509 error code\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal x509 library from the source code\&. diff --git a/kerberos5/man/hx509/man/man3/hx509_cms_create_signed_1.3 b/kerberos5/man/hx509/man/man3/hx509_cms_create_signed_1.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cms_create_signed_1.3 @@ -0,0 +1 @@ +.so man3/hx509_cms.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_cms_envelope_1.3 b/kerberos5/man/hx509/man/man3/hx509_cms_envelope_1.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cms_envelope_1.3 @@ -0,0 +1 @@ +.so man3/hx509_cms.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_cms_unenvelope.3 b/kerberos5/man/hx509/man/man3/hx509_cms_unenvelope.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cms_unenvelope.3 @@ -0,0 +1 @@ +.so man3/hx509_cms.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_cms_unwrap_ContentInfo.3 b/kerberos5/man/hx509/man/man3/hx509_cms_unwrap_ContentInfo.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cms_unwrap_ContentInfo.3 @@ -0,0 +1 @@ +.so man3/hx509_cms.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_cms_verify_signed.3 b/kerberos5/man/hx509/man/man3/hx509_cms_verify_signed.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cms_verify_signed.3 @@ -0,0 +1 @@ +.so man3/hx509_cms.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_cms_wrap_ContentInfo.3 b/kerberos5/man/hx509/man/man3/hx509_cms_wrap_ContentInfo.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_cms_wrap_ContentInfo.3 @@ -0,0 +1 @@ +.so man3/hx509_cms.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_context_free.3 b/kerberos5/man/hx509/man/man3/hx509_context_free.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_context_free.3 @@ -0,0 +1 @@ +.so man3/hx509.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_context_init.3 b/kerberos5/man/hx509/man/man3/hx509_context_init.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_context_init.3 @@ -0,0 +1 @@ +.so man3/hx509.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_context_set_missing_revoke.3 b/kerberos5/man/hx509/man/man3/hx509_context_set_missing_revoke.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_context_set_missing_revoke.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_crl_add_revoked_certs.3 b/kerberos5/man/hx509/man/man3/hx509_crl_add_revoked_certs.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_crl_add_revoked_certs.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_crl_alloc.3 b/kerberos5/man/hx509/man/man3/hx509_crl_alloc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_crl_alloc.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_crl_free.3 b/kerberos5/man/hx509/man/man3/hx509_crl_free.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_crl_free.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_crl_lifetime.3 b/kerberos5/man/hx509/man/man3/hx509_crl_lifetime.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_crl_lifetime.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_crl_sign.3 b/kerberos5/man/hx509/man/man3/hx509_crl_sign.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_crl_sign.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_crypto.3 b/kerberos5/man/hx509/man/man3/hx509_crypto.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_crypto.3 @@ -0,0 +1,45 @@ +.TH "hx509_crypto" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal x509 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509_crypto \- hx509 crypto functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_verify_signature\fP (hx509_context context, const hx509_cert signer, const AlgorithmIdentifier *alg, const heim_octet_string *data, const heim_octet_string *sig)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "int hx509_verify_signature (hx509_context context, const hx509_cert signer, const AlgorithmIdentifier * alg, const heim_octet_string * data, const heim_octet_string * sig)" +Verify a signature made using the private key of an certificate\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIsigner\fP the certificate that made the signature\&. +.br +\fIalg\fP algorthm that was used to sign the data\&. +.br +\fIdata\fP the data that was signed\&. +.br +\fIsig\fP the sigature to verify\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal x509 library from the source code\&. diff --git a/kerberos5/man/hx509/man/man3/hx509_env.3 b/kerberos5/man/hx509/man/man3/hx509_env.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_env.3 @@ -0,0 +1,143 @@ +.TH "hx509_env" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal x509 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509_env \- hx509 environment functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_env_add\fP (hx509_context context, hx509_env *env, const char *key, const char *value)" +.br +.ti -1c +.RI "int \fBhx509_env_add_binding\fP (hx509_context context, hx509_env *env, const char *key, hx509_env list)" +.br +.ti -1c +.RI "const char * \fBhx509_env_lfind\fP (hx509_context context, hx509_env env, const char *key, size_t len)" +.br +.ti -1c +.RI "const char * \fBhx509_env_find\fP (hx509_context context, hx509_env env, const char *key)" +.br +.ti -1c +.RI "hx509_env \fBhx509_env_find_binding\fP (hx509_context context, hx509_env env, const char *key)" +.br +.ti -1c +.RI "void \fBhx509_env_free\fP (hx509_env *env)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "int hx509_env_add (hx509_context context, hx509_env * env, const char * key, const char * value)" +Add a new key/value pair to the hx509_env\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIenv\fP environment to add the environment variable too\&. +.br +\fIkey\fP key to add +.br +\fIvalue\fP value to add +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_env_add_binding (hx509_context context, hx509_env * env, const char * key, hx509_env list)" +Add a new key/binding pair to the hx509_env\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIenv\fP environment to add the environment variable too\&. +.br +\fIkey\fP key to add +.br +\fIlist\fP binding list to add +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "const char* hx509_env_find (hx509_context context, hx509_env env, const char * key)" +Search the hx509_env for a key\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIenv\fP environment to add the environment variable too\&. +.br +\fIkey\fP key to search for\&. +.RE +.PP +\fBReturns\fP +.RS 4 +the value if the key is found, NULL otherwise\&. +.RE +.PP + +.SS "hx509_env hx509_env_find_binding (hx509_context context, hx509_env env, const char * key)" +Search the hx509_env for a binding\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIenv\fP environment to add the environment variable too\&. +.br +\fIkey\fP key to search for\&. +.RE +.PP +\fBReturns\fP +.RS 4 +the binding if the key is found, NULL if not found\&. +.RE +.PP + +.SS "void hx509_env_free (hx509_env * env)" +Free an hx509_env environment context\&. +.PP +\fBParameters\fP +.RS 4 +\fIenv\fP the environment to free\&. +.RE +.PP + +.SS "const char* hx509_env_lfind (hx509_context context, hx509_env env, const char * key, size_t len)" +Search the hx509_env for a length based key\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIenv\fP environment to add the environment variable too\&. +.br +\fIkey\fP key to search for\&. +.br +\fIlen\fP length of key\&. +.RE +.PP +\fBReturns\fP +.RS 4 +the value if the key is found, NULL otherwise\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal x509 library from the source code\&. diff --git a/kerberos5/man/hx509/man/man3/hx509_env_add.3 b/kerberos5/man/hx509/man/man3/hx509_env_add.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_env_add.3 @@ -0,0 +1 @@ +.so man3/hx509_env.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_env_add_binding.3 b/kerberos5/man/hx509/man/man3/hx509_env_add_binding.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_env_add_binding.3 @@ -0,0 +1 @@ +.so man3/hx509_env.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_env_find.3 b/kerberos5/man/hx509/man/man3/hx509_env_find.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_env_find.3 @@ -0,0 +1 @@ +.so man3/hx509_env.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_env_find_binding.3 b/kerberos5/man/hx509/man/man3/hx509_env_find_binding.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_env_find_binding.3 @@ -0,0 +1 @@ +.so man3/hx509_env.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_env_free.3 b/kerberos5/man/hx509/man/man3/hx509_env_free.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_env_free.3 @@ -0,0 +1 @@ +.so man3/hx509_env.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_env_lfind.3 b/kerberos5/man/hx509/man/man3/hx509_env_lfind.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_env_lfind.3 @@ -0,0 +1 @@ +.so man3/hx509_env.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_err.3 b/kerberos5/man/hx509/man/man3/hx509_err.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_err.3 @@ -0,0 +1 @@ +.so man3/hx509_error.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_error.3 b/kerberos5/man/hx509/man/man3/hx509_error.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_error.3 @@ -0,0 +1,129 @@ +.TH "hx509_error" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal x509 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509_error \- hx509 error functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "void \fBhx509_clear_error_string\fP (hx509_context context)" +.br +.ti -1c +.RI "void \fBhx509_set_error_stringv\fP (hx509_context context, int flags, int code, const char *fmt, va_list ap)" +.br +.ti -1c +.RI "void \fBhx509_set_error_string\fP (hx509_context context, int flags, int code, const char *fmt,\&.\&.\&.)" +.br +.ti -1c +.RI "char * \fBhx509_get_error_string\fP (hx509_context context, int error_code)" +.br +.ti -1c +.RI "void \fBhx509_free_error_string\fP (char *str)" +.br +.ti -1c +.RI "void \fBhx509_err\fP (hx509_context context, int exit_code, int error_code, const char *fmt,\&.\&.\&.)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBHx509 error reporting functions\fP for description and examples\&. +.SH "Function Documentation" +.PP +.SS "void hx509_clear_error_string (hx509_context context)" +Resets the error strings the hx509 context\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.RE +.PP + +.SS "void hx509_err (hx509_context context, int exit_code, int error_code, const char * fmt, \&.\&.\&.)" +Print error message and fatally exit from error code +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIexit_code\fP exit() code from process\&. +.br +\fIerror_code\fP Error code for the reason to exit\&. +.br +\fIfmt\fP format string with the exit message\&. +.br +\fI\&.\&.\&.\fP argument to format string\&. +.RE +.PP + +.SS "void hx509_free_error_string (char * str)" +Free error string returned by \fBhx509_get_error_string()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIstr\fP error string to free\&. +.RE +.PP + +.SS "char* hx509_get_error_string (hx509_context context, int error_code)" +Get an error string from context associated with error_code\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIerror_code\fP Get error message for this error code\&. +.RE +.PP +\fBReturns\fP +.RS 4 +error string, free with \fBhx509_free_error_string()\fP\&. +.RE +.PP + +.SS "void hx509_set_error_string (hx509_context context, int flags, int code, const char * fmt, \&.\&.\&.)" +See \fBhx509_set_error_stringv()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIflags\fP +.IP "\(bu" 2 +HX509_ERROR_APPEND appends the error string to the old messages (code is updated)\&. +.PP +.br +\fIcode\fP error code related to error message +.br +\fIfmt\fP error message format +.br +\fI\&.\&.\&.\fP arguments to error message format +.RE +.PP + +.SS "void hx509_set_error_stringv (hx509_context context, int flags, int code, const char * fmt, va_list ap)" +Add an error message to the hx509 context\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIflags\fP +.IP "\(bu" 2 +HX509_ERROR_APPEND appends the error string to the old messages (code is updated)\&. +.PP +.br +\fIcode\fP error code related to error message +.br +\fIfmt\fP error message format +.br +\fIap\fP arguments to error message format +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal x509 library from the source code\&. diff --git a/kerberos5/man/hx509/man/man3/hx509_free_error_string.3 b/kerberos5/man/hx509/man/man3/hx509_free_error_string.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_free_error_string.3 @@ -0,0 +1 @@ +.so man3/hx509_error.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_free_octet_string_list.3 b/kerberos5/man/hx509/man/man3/hx509_free_octet_string_list.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_free_octet_string_list.3 @@ -0,0 +1 @@ +.so man3/hx509_misc.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_general_name_unparse.3 b/kerberos5/man/hx509/man/man3/hx509_general_name_unparse.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_general_name_unparse.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_get_error_string.3 b/kerberos5/man/hx509/man/man3/hx509_get_error_string.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_get_error_string.3 @@ -0,0 +1 @@ +.so man3/hx509_error.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_get_one_cert.3 b/kerberos5/man/hx509/man/man3/hx509_get_one_cert.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_get_one_cert.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_keyset.3 b/kerberos5/man/hx509/man/man3/hx509_keyset.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_keyset.3 @@ -0,0 +1,351 @@ +.TH "hx509_keyset" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal x509 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509_keyset \- hx509 certificate store functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_certs_init\fP (hx509_context context, const char *name, int flags, hx509_lock lock, hx509_certs *certs)" +.br +.ti -1c +.RI "int \fBhx509_certs_store\fP (hx509_context context, hx509_certs certs, int flags, hx509_lock lock)" +.br +.ti -1c +.RI "void \fBhx509_certs_free\fP (hx509_certs *certs)" +.br +.ti -1c +.RI "int \fBhx509_certs_start_seq\fP (hx509_context context, hx509_certs certs, hx509_cursor *cursor)" +.br +.ti -1c +.RI "int \fBhx509_certs_next_cert\fP (hx509_context context, hx509_certs certs, hx509_cursor cursor, hx509_cert *cert)" +.br +.ti -1c +.RI "int \fBhx509_certs_end_seq\fP (hx509_context context, hx509_certs certs, hx509_cursor cursor)" +.br +.ti -1c +.RI "int \fBhx509_certs_iter_f\fP (hx509_context context, hx509_certs certs, int(*func)(hx509_context, void *, hx509_cert), void *ctx)" +.br +.ti -1c +.RI "int \fBhx509_ci_print_names\fP (hx509_context context, void *ctx, hx509_cert c)" +.br +.ti -1c +.RI "int \fBhx509_certs_add\fP (hx509_context context, hx509_certs certs, hx509_cert cert)" +.br +.ti -1c +.RI "int \fBhx509_certs_find\fP (hx509_context context, hx509_certs certs, const hx509_query *q, hx509_cert *r)" +.br +.ti -1c +.RI "int \fBhx509_certs_filter\fP (hx509_context context, hx509_certs certs, const hx509_query *q, hx509_certs *result)" +.br +.ti -1c +.RI "int \fBhx509_certs_merge\fP (hx509_context context, hx509_certs to, hx509_certs from)" +.br +.ti -1c +.RI "int \fBhx509_certs_append\fP (hx509_context context, hx509_certs to, hx509_lock lock, const char *name)" +.br +.ti -1c +.RI "int \fBhx509_get_one_cert\fP (hx509_context context, hx509_certs certs, hx509_cert *c)" +.br +.ti -1c +.RI "int \fBhx509_certs_info\fP (hx509_context context, hx509_certs certs, int(*func)(void *, const char *), void *ctx)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBCertificate store operations\fP for description and examples\&. +.SH "Function Documentation" +.PP +.SS "int hx509_certs_add (hx509_context context, hx509_certs certs, hx509_cert cert)" +Add a certificate to the certificiate store\&. +.PP +The receiving keyset certs will either increase reference counter of the cert or make a deep copy, either way, the caller needs to free the cert itself\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a hx509 context\&. +.br +\fIcerts\fP certificate store to add the certificate to\&. +.br +\fIcert\fP certificate to add\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns an hx509 error code\&. +.RE +.PP + +.SS "int hx509_certs_append (hx509_context context, hx509_certs to, hx509_lock lock, const char * name)" +Same a \fBhx509_certs_merge()\fP but use a lock and name to describe the from source\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a hx509 context\&. +.br +\fIto\fP the store to merge into\&. +.br +\fIlock\fP a lock that unlocks the certificates store, use NULL to select no password/certifictes/prompt lock (see \fBLocking and unlocking certificates and encrypted data\&.\fP)\&. +.br +\fIname\fP name of the source store +.RE +.PP +\fBReturns\fP +.RS 4 +Returns an hx509 error code\&. +.RE +.PP + +.SS "int hx509_certs_end_seq (hx509_context context, hx509_certs certs, hx509_cursor cursor)" +End the iteration over certificates\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a hx509 context\&. +.br +\fIcerts\fP certificate store to iterate over\&. +.br +\fIcursor\fP cursor that will keep track of progress, freed\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns an hx509 error code\&. +.RE +.PP + +.SS "int hx509_certs_filter (hx509_context context, hx509_certs certs, const hx509_query * q, hx509_certs * result)" +Filter certificate matching the query\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a hx509 context\&. +.br +\fIcerts\fP certificate store to search\&. +.br +\fIq\fP query allocated with \fBhx509 query functions\fP functions\&. +.br +\fIresult\fP the filtered certificate store, caller must free with \fBhx509_certs_free()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns an hx509 error code\&. +.RE +.PP +Return HX509_CERT_NOT_FOUND if no certificate in certs matched the query\&. +.SS "int hx509_certs_find (hx509_context context, hx509_certs certs, const hx509_query * q, hx509_cert * r)" +Find a certificate matching the query\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a hx509 context\&. +.br +\fIcerts\fP certificate store to search\&. +.br +\fIq\fP query allocated with \fBhx509 query functions\fP functions\&. +.br +\fIr\fP return certificate (or NULL on error), should be freed with \fBhx509_cert_free()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns an hx509 error code\&. +.RE +.PP +Return HX509_CERT_NOT_FOUND if no certificate in certs matched the query\&. +.SS "void hx509_certs_free (hx509_certs * certs)" +Free a certificate store\&. +.PP +\fBParameters\fP +.RS 4 +\fIcerts\fP certificate store to free\&. +.RE +.PP + +.SS "int hx509_certs_info (hx509_context context, hx509_certs certs, int(*)(void *, const char *) func, void * ctx)" +Print some info about the certificate store\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a hx509 context\&. +.br +\fIcerts\fP certificate store to print information about\&. +.br +\fIfunc\fP function that will get each line of the information, if NULL is used the data is printed on a FILE descriptor that should be passed in ctx, if ctx also is NULL, stdout is used\&. +.br +\fIctx\fP parameter to func\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns an hx509 error code\&. +.RE +.PP + +.SS "int hx509_certs_init (hx509_context context, const char * name, int flags, hx509_lock lock, hx509_certs * certs)" +Open or creates a new hx509 certificate store\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context +.br +\fIname\fP name of the store, format is TYPE:type-specific-string, if NULL is used the MEMORY store is used\&. +.br +\fIflags\fP list of flags: +.IP "\(bu" 2 +HX509_CERTS_CREATE create a new keystore of the specific TYPE\&. +.IP "\(bu" 2 +HX509_CERTS_UNPROTECT_ALL fails if any private key failed to be extracted\&. +.PP +.br +\fIlock\fP a lock that unlocks the certificates store, use NULL to select no password/certifictes/prompt lock (see \fBLocking and unlocking certificates and encrypted data\&.\fP)\&. +.br +\fIcerts\fP return pointer, free with \fBhx509_certs_free()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns an hx509 error code\&. +.RE +.PP + +.SS "int hx509_certs_iter_f (hx509_context context, hx509_certs certs, int(*)(hx509_context, void *, hx509_cert) func, void * ctx)" +Iterate over all certificates in a keystore and call a function for each of them\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a hx509 context\&. +.br +\fIcerts\fP certificate store to iterate over\&. +.br +\fIfunc\fP function to call for each certificate\&. The function should return non-zero to abort the iteration, that value is passed back to the caller of \fBhx509_certs_iter_f()\fP\&. +.br +\fIctx\fP context variable that will passed to the function\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns an hx509 error code\&. +.RE +.PP + +.SS "int hx509_certs_merge (hx509_context context, hx509_certs to, hx509_certs from)" +Merge a certificate store into another\&. The from store is keep intact\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a hx509 context\&. +.br +\fIto\fP the store to merge into\&. +.br +\fIfrom\fP the store to copy the object from\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns an hx509 error code\&. +.RE +.PP + +.SS "int hx509_certs_next_cert (hx509_context context, hx509_certs certs, hx509_cursor cursor, hx509_cert * cert)" +Get next ceritificate from the certificate keystore pointed out by cursor\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a hx509 context\&. +.br +\fIcerts\fP certificate store to iterate over\&. +.br +\fIcursor\fP cursor that keeps track of progress\&. +.br +\fIcert\fP return certificate next in store, NULL if the store contains no more certificates\&. Free with \fBhx509_cert_free()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns an hx509 error code\&. +.RE +.PP + +.SS "int hx509_certs_start_seq (hx509_context context, hx509_certs certs, hx509_cursor * cursor)" +Start the integration +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a hx509 context\&. +.br +\fIcerts\fP certificate store to iterate over +.br +\fIcursor\fP cursor that will keep track of progress, free with \fBhx509_certs_end_seq()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns an hx509 error code\&. HX509_UNSUPPORTED_OPERATION is returned if the certificate store doesn't support the iteration operation\&. +.RE +.PP + +.SS "int hx509_certs_store (hx509_context context, hx509_certs certs, int flags, hx509_lock lock)" +Write the certificate store to stable storage\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIcerts\fP a certificate store to store\&. +.br +\fIflags\fP currently unused, use 0\&. +.br +\fIlock\fP a lock that unlocks the certificates store, use NULL to select no password/certifictes/prompt lock (see \fBLocking and unlocking certificates and encrypted data\&.\fP)\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns an hx509 error code\&. HX509_UNSUPPORTED_OPERATION if the certificate store doesn't support the store operation\&. +.RE +.PP + +.SS "int hx509_ci_print_names (hx509_context context, void * ctx, hx509_cert c)" +Function to use to \fBhx509_certs_iter_f()\fP as a function argument, the ctx variable to \fBhx509_certs_iter_f()\fP should be a FILE file descriptor\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a hx509 context\&. +.br +\fIctx\fP used by \fBhx509_certs_iter_f()\fP\&. +.br +\fIc\fP a certificate +.RE +.PP +\fBReturns\fP +.RS 4 +Returns an hx509 error code\&. +.RE +.PP + +.SS "int hx509_get_one_cert (hx509_context context, hx509_certs certs, hx509_cert * c)" +Get one random certificate from the certificate store\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a hx509 context\&. +.br +\fIcerts\fP a certificate store to get the certificate from\&. +.br +\fIc\fP return certificate, should be freed with \fBhx509_cert_free()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns an hx509 error code\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal x509 library from the source code\&. diff --git a/kerberos5/man/hx509/man/man3/hx509_lock.3 b/kerberos5/man/hx509/man/man3/hx509_lock.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_lock.3 @@ -0,0 +1,14 @@ +.TH "hx509_lock" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal x509 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509_lock \- hx509 lock functions +.SH SYNOPSIS +.br +.PP +.SH "Detailed Description" +.PP +See the \fBLocking and unlocking certificates and encrypted data\&.\fP for description and examples\&. +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal x509 library from the source code\&. diff --git a/kerberos5/man/hx509/man/man3/hx509_misc.3 b/kerberos5/man/hx509/man/man3/hx509_misc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_misc.3 @@ -0,0 +1,44 @@ +.TH "hx509_misc" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal x509 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509_misc \- hx509 misc functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "void \fBhx509_free_octet_string_list\fP (hx509_octet_string_list *list)" +.br +.ti -1c +.RI "void \fBhx509_xfree\fP (void *ptr)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "void hx509_free_octet_string_list (hx509_octet_string_list * list)" +Free a list of octet strings returned by another hx509 library function\&. +.PP +\fBParameters\fP +.RS 4 +\fIlist\fP list to be freed\&. +.RE +.PP + +.SS "void hx509_xfree (void * ptr)" +Free a data element allocated in the library\&. +.PP +\fBParameters\fP +.RS 4 +\fIptr\fP data to be freed\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal x509 library from the source code\&. diff --git a/kerberos5/man/hx509/man/man3/hx509_name.3 b/kerberos5/man/hx509/man/man3/hx509_name.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_name.3 @@ -0,0 +1,228 @@ +.TH "hx509_name" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal x509 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509_name \- hx509 name functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_name_to_string\fP (const hx509_name name, char **str)" +.br +.ti -1c +.RI "int \fBhx509_name_cmp\fP (hx509_name n1, hx509_name n2)" +.br +.ti -1c +.RI "int \fBhx509_parse_name\fP (hx509_context context, const char *str, hx509_name *name)" +.br +.ti -1c +.RI "int \fBhx509_name_copy\fP (hx509_context context, const hx509_name from, hx509_name *to)" +.br +.ti -1c +.RI "int \fBhx509_name_to_Name\fP (const hx509_name from, Name *to)" +.br +.ti -1c +.RI "int \fBhx509_name_expand\fP (hx509_context context, hx509_name name, hx509_env env)" +.br +.ti -1c +.RI "void \fBhx509_name_free\fP (hx509_name *name)" +.br +.ti -1c +.RI "int \fBhx509_unparse_der_name\fP (const void *data, size_t length, char **str)" +.br +.ti -1c +.RI "int \fBhx509_name_binary\fP (const hx509_name name, heim_octet_string *os)" +.br +.ti -1c +.RI "int \fBhx509_name_is_null_p\fP (const hx509_name name)" +.br +.ti -1c +.RI "int \fBhx509_general_name_unparse\fP (GeneralName *name, char **str)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBPKIX/X\&.509 Names\fP for description and examples\&. +.SH "Function Documentation" +.PP +.SS "int hx509_general_name_unparse (GeneralName * name, char ** str)" +Unparse the hx509 name in name into a string\&. +.PP +\fBParameters\fP +.RS 4 +\fIname\fP the name to print +.br +\fIstr\fP an allocated string returns the name in string form +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_name_binary (const hx509_name name, heim_octet_string * os)" +Convert a hx509_name object to DER encoded name\&. +.PP +\fBParameters\fP +.RS 4 +\fIname\fP name to concert +.br +\fIos\fP data to a DER encoded name, free the resulting octet string with hx509_xfree(os->data)\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_name_cmp (hx509_name n1, hx509_name n2)" +Compare to hx509 name object, useful for sorting\&. +.PP +\fBParameters\fP +.RS 4 +\fIn1\fP a hx509 name object\&. +.br +\fIn2\fP a hx509 name object\&. +.RE +.PP +\fBReturns\fP +.RS 4 +0 the objects are the same, returns > 0 is n2 is 'larger' then n2, < 0 if n1 is 'smaller' then n2\&. +.RE +.PP + +.SS "int hx509_name_copy (hx509_context context, const hx509_name from, hx509_name * to)" +Copy a hx509 name object\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 cotext\&. +.br +\fIfrom\fP the name to copy from +.br +\fIto\fP the name to copy to +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_name_expand (hx509_context context, hx509_name name, hx509_env env)" +Expands variables in the name using env\&. Variables are on the form ${name}\&. Useful when dealing with certificate templates\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 cotext\&. +.br +\fIname\fP the name to expand\&. +.br +\fIenv\fP environment variable to expand\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP +Only UTF8String rdnSequence names are allowed +.SS "void hx509_name_free (hx509_name * name)" +Free a hx509 name object, upond return *name will be NULL\&. +.PP +\fBParameters\fP +.RS 4 +\fIname\fP a hx509 name object to be freed\&. +.RE +.PP + +.SS "int hx509_name_is_null_p (const hx509_name name)" +Unparse the hx509 name in name into a string\&. +.PP +\fBParameters\fP +.RS 4 +\fIname\fP the name to check if its empty/null\&. +.RE +.PP +\fBReturns\fP +.RS 4 +non zero if the name is empty/null\&. +.RE +.PP + +.SS "int hx509_name_to_Name (const hx509_name from, Name * to)" +Convert a hx509_name into a Name\&. +.PP +\fBParameters\fP +.RS 4 +\fIfrom\fP the name to copy from +.br +\fIto\fP the name to copy to +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_name_to_string (const hx509_name name, char ** str)" +Convert the hx509 name object into a printable string\&. The resulting string should be freed with free()\&. +.PP +\fBParameters\fP +.RS 4 +\fIname\fP name to print +.br +\fIstr\fP the string to return +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_parse_name (hx509_context context, const char * str, hx509_name * name)" +Parse a string into a hx509 name object\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIstr\fP a string to parse\&. +.br +\fIname\fP the resulting object, NULL in case of error\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_unparse_der_name (const void * data, size_t length, char ** str)" +Convert a DER encoded name info a string\&. +.PP +\fBParameters\fP +.RS 4 +\fIdata\fP data to a DER/BER encoded name +.br +\fIlength\fP length of data +.br +\fIstr\fP the resulting string, is NULL on failure\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal x509 library from the source code\&. diff --git a/kerberos5/man/hx509/man/man3/hx509_name_binary.3 b/kerberos5/man/hx509/man/man3/hx509_name_binary.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_name_binary.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_name_cmp.3 b/kerberos5/man/hx509/man/man3/hx509_name_cmp.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_name_cmp.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_name_copy.3 b/kerberos5/man/hx509/man/man3/hx509_name_copy.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_name_copy.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_name_expand.3 b/kerberos5/man/hx509/man/man3/hx509_name_expand.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_name_expand.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_name_free.3 b/kerberos5/man/hx509/man/man3/hx509_name_free.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_name_free.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_name_is_null_p.3 b/kerberos5/man/hx509/man/man3/hx509_name_is_null_p.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_name_is_null_p.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_name_to_Name.3 b/kerberos5/man/hx509/man/man3/hx509_name_to_Name.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_name_to_Name.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_name_to_string.3 b/kerberos5/man/hx509/man/man3/hx509_name_to_string.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_name_to_string.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ocsp_request.3 b/kerberos5/man/hx509/man/man3/hx509_ocsp_request.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ocsp_request.3 @@ -0,0 +1 @@ +.so man3/hx509_revoke.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_ocsp_verify.3 b/kerberos5/man/hx509/man/man3/hx509_ocsp_verify.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_ocsp_verify.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_oid_print.3 b/kerberos5/man/hx509/man/man3/hx509_oid_print.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_oid_print.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_oid_sprint.3 b/kerberos5/man/hx509/man/man3/hx509_oid_sprint.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_oid_sprint.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_parse_name.3 b/kerberos5/man/hx509/man/man3/hx509_parse_name.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_parse_name.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_peer.3 b/kerberos5/man/hx509/man/man3/hx509_peer.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_peer.3 @@ -0,0 +1,114 @@ +.TH "hx509_peer" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal x509 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509_peer \- hx509 certificate selecting functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_peer_info_alloc\fP (hx509_context context, hx509_peer_info *peer)" +.br +.ti -1c +.RI "void \fBhx509_peer_info_free\fP (hx509_peer_info peer)" +.br +.ti -1c +.RI "int \fBhx509_peer_info_set_cert\fP (hx509_peer_info peer, hx509_cert cert)" +.br +.ti -1c +.RI "int \fBhx509_peer_info_add_cms_alg\fP (hx509_context context, hx509_peer_info peer, const AlgorithmIdentifier *val)" +.br +.ti -1c +.RI "int \fBhx509_peer_info_set_cms_algs\fP (hx509_context context, hx509_peer_info peer, const AlgorithmIdentifier *val, size_t len)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "int hx509_peer_info_add_cms_alg (hx509_context context, hx509_peer_info peer, const AlgorithmIdentifier * val)" +Add an additional algorithm that the peer supports\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIpeer\fP the peer to set the new algorithms for +.br +\fIval\fP an AlgorithmsIdentier to add +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_peer_info_alloc (hx509_context context, hx509_peer_info * peer)" +Allocate a new peer info structure an init it to default values\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIpeer\fP return an allocated peer, free with \fBhx509_peer_info_free()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "void hx509_peer_info_free (hx509_peer_info peer)" +Free a peer info structure\&. +.PP +\fBParameters\fP +.RS 4 +\fIpeer\fP peer info to be freed\&. +.RE +.PP + +.SS "int hx509_peer_info_set_cert (hx509_peer_info peer, hx509_cert cert)" +Set the certificate that remote peer is using\&. +.PP +\fBParameters\fP +.RS 4 +\fIpeer\fP peer info to update +.br +\fIcert\fP cerificate of the remote peer\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_peer_info_set_cms_algs (hx509_context context, hx509_peer_info peer, const AlgorithmIdentifier * val, size_t len)" +Set the algorithms that the peer supports\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIpeer\fP the peer to set the new algorithms for +.br +\fIval\fP array of supported AlgorithmsIdentiers +.br +\fIlen\fP length of array val\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal x509 library from the source code\&. diff --git a/kerberos5/man/hx509/man/man3/hx509_peer_info_add_cms_alg.3 b/kerberos5/man/hx509/man/man3/hx509_peer_info_add_cms_alg.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_peer_info_add_cms_alg.3 @@ -0,0 +1 @@ +.so man3/hx509_peer.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_peer_info_alloc.3 b/kerberos5/man/hx509/man/man3/hx509_peer_info_alloc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_peer_info_alloc.3 @@ -0,0 +1 @@ +.so man3/hx509_peer.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_peer_info_free.3 b/kerberos5/man/hx509/man/man3/hx509_peer_info_free.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_peer_info_free.3 @@ -0,0 +1 @@ +.so man3/hx509_peer.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_peer_info_set_cert.3 b/kerberos5/man/hx509/man/man3/hx509_peer_info_set_cert.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_peer_info_set_cert.3 @@ -0,0 +1 @@ +.so man3/hx509_peer.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_peer_info_set_cms_algs.3 b/kerberos5/man/hx509/man/man3/hx509_peer_info_set_cms_algs.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_peer_info_set_cms_algs.3 @@ -0,0 +1 @@ +.so man3/hx509_peer.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_print.3 b/kerberos5/man/hx509/man/man3/hx509_print.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_print.3 @@ -0,0 +1,207 @@ +.TH "hx509_print" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal x509 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509_print \- hx509 printing functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "void \fBhx509_print_stdout\fP (void *ctx, const char *fmt, va_list va)" +.br +.ti -1c +.RI "int \fBhx509_oid_sprint\fP (const heim_oid *oid, char **str)" +.br +.ti -1c +.RI "void \fBhx509_oid_print\fP (const heim_oid *oid, hx509_vprint_func func, void *ctx)" +.br +.ti -1c +.RI "void \fBhx509_bitstring_print\fP (const heim_bit_string *b, hx509_vprint_func func, void *ctx)" +.br +.ti -1c +.RI "int \fBhx509_cert_keyusage_print\fP (hx509_context context, hx509_cert c, char **s)" +.br +.ti -1c +.RI "int \fBhx509_validate_ctx_init\fP (hx509_context context, hx509_validate_ctx *ctx)" +.br +.ti -1c +.RI "void \fBhx509_validate_ctx_set_print\fP (hx509_validate_ctx ctx, hx509_vprint_func func, void *c)" +.br +.ti -1c +.RI "void \fBhx509_validate_ctx_add_flags\fP (hx509_validate_ctx ctx, int flags)" +.br +.ti -1c +.RI "void \fBhx509_validate_ctx_free\fP (hx509_validate_ctx ctx)" +.br +.ti -1c +.RI "int \fBhx509_validate_cert\fP (hx509_context context, hx509_validate_ctx ctx, hx509_cert cert)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "void hx509_bitstring_print (const heim_bit_string * b, hx509_vprint_func func, void * ctx)" +Print a bitstring using a hx509_vprint_func function\&. To print to stdout use \fBhx509_print_stdout()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIb\fP bit string to print\&. +.br +\fIfunc\fP hx509_vprint_func to print with\&. +.br +\fIctx\fP context variable to hx509_vprint_func function\&. +.RE +.PP + +.SS "int hx509_cert_keyusage_print (hx509_context context, hx509_cert c, char ** s)" +Print certificate usage for a certificate to a string\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIc\fP a certificate print the keyusage for\&. +.br +\fIs\fP the return string with the keysage printed in to, free with \fBhx509_xfree()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "void hx509_oid_print (const heim_oid * oid, hx509_vprint_func func, void * ctx)" +Print a oid using a hx509_vprint_func function\&. To print to stdout use \fBhx509_print_stdout()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIoid\fP oid to print +.br +\fIfunc\fP hx509_vprint_func to print with\&. +.br +\fIctx\fP context variable to hx509_vprint_func function\&. +.RE +.PP + +.SS "int hx509_oid_sprint (const heim_oid * oid, char ** str)" +Print a oid to a string\&. +.PP +\fBParameters\fP +.RS 4 +\fIoid\fP oid to print +.br +\fIstr\fP allocated string, free with \fBhx509_xfree()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "void hx509_print_stdout (void * ctx, const char * fmt, va_list va)" +Helper function to print on stdout for: +.IP "\(bu" 2 +\fBhx509_oid_print()\fP, +.IP "\(bu" 2 +\fBhx509_bitstring_print()\fP, +.IP "\(bu" 2 +\fBhx509_validate_ctx_set_print()\fP\&. +.PP +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP the context to the print function\&. If the ctx is NULL, stdout is used\&. +.br +\fIfmt\fP the printing format\&. +.br +\fIva\fP the argumet list\&. +.RE +.PP + +.SS "int hx509_validate_cert (hx509_context context, hx509_validate_ctx ctx, hx509_cert cert)" +Validate/Print the status of the certificate\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIctx\fP A hx509 validation context\&. +.br +\fIcert\fP the cerificate to validate/print\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "void hx509_validate_ctx_add_flags (hx509_validate_ctx ctx, int flags)" +Add flags to control the behaivor of the \fBhx509_validate_cert()\fP function\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP A hx509 validation context\&. +.br +\fIflags\fP flags to add to the validation context\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "void hx509_validate_ctx_free (hx509_validate_ctx ctx)" +Free an hx509 validate context\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP the hx509 validate context to free\&. +.RE +.PP + +.SS "int hx509_validate_ctx_init (hx509_context context, hx509_validate_ctx * ctx)" +Allocate a hx509 validation/printing context\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIctx\fP a new allocated hx509 validation context, free with \fBhx509_validate_ctx_free()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "void hx509_validate_ctx_set_print (hx509_validate_ctx ctx, hx509_vprint_func func, void * c)" +Set the printing functions for the validation context\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP a hx509 valication context\&. +.br +\fIfunc\fP the printing function to usea\&. +.br +\fIc\fP the context variable to the printing function\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal x509 library from the source code\&. diff --git a/kerberos5/man/hx509/man/man3/hx509_print_cert.3 b/kerberos5/man/hx509/man/man3/hx509_print_cert.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_print_cert.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_print_stdout.3 b/kerberos5/man/hx509/man/man3/hx509_print_stdout.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_print_stdout.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_query.3 b/kerberos5/man/hx509/man/man3/hx509_query.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_query.3 @@ -0,0 +1,14 @@ +.TH "hx509_query" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal x509 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509_query \- hx509 query functions +.SH SYNOPSIS +.br +.PP +.SH "Detailed Description" +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal x509 library from the source code\&. diff --git a/kerberos5/man/hx509/man/man3/hx509_query_alloc.3 b/kerberos5/man/hx509/man/man3/hx509_query_alloc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_query_alloc.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_query_free.3 b/kerberos5/man/hx509/man/man3/hx509_query_free.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_query_free.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_query_match_cmp_func.3 b/kerberos5/man/hx509/man/man3/hx509_query_match_cmp_func.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_query_match_cmp_func.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_query_match_eku.3 b/kerberos5/man/hx509/man/man3/hx509_query_match_eku.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_query_match_eku.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_query_match_friendly_name.3 b/kerberos5/man/hx509/man/man3/hx509_query_match_friendly_name.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_query_match_friendly_name.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_query_match_issuer_serial.3 b/kerberos5/man/hx509/man/man3/hx509_query_match_issuer_serial.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_query_match_issuer_serial.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_query_match_option.3 b/kerberos5/man/hx509/man/man3/hx509_query_match_option.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_query_match_option.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_query_statistic_file.3 b/kerberos5/man/hx509/man/man3/hx509_query_statistic_file.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_query_statistic_file.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_query_unparse_stats.3 b/kerberos5/man/hx509/man/man3/hx509_query_unparse_stats.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_query_unparse_stats.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_revoke.3 b/kerberos5/man/hx509/man/man3/hx509_revoke.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_revoke.3 @@ -0,0 +1,170 @@ +.TH "hx509_revoke" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal x509 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509_revoke \- hx509 revokation checking functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_revoke_init\fP (hx509_context context, hx509_revoke_ctx *ctx)" +.br +.ti -1c +.RI "void \fBhx509_revoke_free\fP (hx509_revoke_ctx *ctx)" +.br +.ti -1c +.RI "int \fBhx509_revoke_add_ocsp\fP (hx509_context context, hx509_revoke_ctx ctx, const char *path)" +.br +.ti -1c +.RI "int \fBhx509_revoke_add_crl\fP (hx509_context context, hx509_revoke_ctx ctx, const char *path)" +.br +.ti -1c +.RI "int \fBhx509_revoke_verify\fP (hx509_context context, hx509_revoke_ctx ctx, hx509_certs certs, time_t now, hx509_cert cert, hx509_cert parent_cert)" +.br +.ti -1c +.RI "int \fBhx509_ocsp_request\fP (hx509_context context, hx509_certs reqcerts, hx509_certs pool, hx509_cert signer, const AlgorithmIdentifier *digest, heim_octet_string *request, heim_octet_string *nonce)" +.br +.ti -1c +.RI "int \fBhx509_revoke_ocsp_print\fP (hx509_context context, const char *path, FILE *out)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBRevocation methods\fP for description and examples\&. +.SH "Function Documentation" +.PP +.SS "int hx509_ocsp_request (hx509_context context, hx509_certs reqcerts, hx509_certs pool, hx509_cert signer, const AlgorithmIdentifier * digest, heim_octet_string * request, heim_octet_string * nonce)" +Create an OCSP request for a set of certificates\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a hx509 context +.br +\fIreqcerts\fP list of certificates to request ocsp data for +.br +\fIpool\fP certificate pool to use when signing +.br +\fIsigner\fP certificate to use to sign the request +.br +\fIdigest\fP the signing algorithm in the request, if NULL use the default signature algorithm, +.br +\fIrequest\fP the encoded request, free with free_heim_octet_string()\&. +.br +\fInonce\fP nonce in the request, free with free_heim_octet_string()\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_revoke_add_crl (hx509_context context, hx509_revoke_ctx ctx, const char * path)" +Add a CRL file to the revokation context\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP hx509 context +.br +\fIctx\fP hx509 revokation context +.br +\fIpath\fP path to file that is going to be added to the context\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_revoke_add_ocsp (hx509_context context, hx509_revoke_ctx ctx, const char * path)" +Add a OCSP file to the revokation context\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP hx509 context +.br +\fIctx\fP hx509 revokation context +.br +\fIpath\fP path to file that is going to be added to the context\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "void hx509_revoke_free (hx509_revoke_ctx * ctx)" +Free a hx509 revokation context\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP context to be freed +.RE +.PP + +.SS "int hx509_revoke_init (hx509_context context, hx509_revoke_ctx * ctx)" +Allocate a revokation context\&. Free with \fBhx509_revoke_free()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIctx\fP returns a newly allocated revokation context\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_revoke_ocsp_print (hx509_context context, const char * path, FILE * out)" +Print the OCSP reply stored in a file\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a hx509 context +.br +\fIpath\fP path to a file with a OCSP reply +.br +\fIout\fP the out FILE descriptor to print the reply on +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_revoke_verify (hx509_context context, hx509_revoke_ctx ctx, hx509_certs certs, time_t now, hx509_cert cert, hx509_cert parent_cert)" +Check that a certificate is not expired according to a revokation context\&. Also need the parent certificte to the check OCSP parent identifier\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP hx509 context +.br +\fIctx\fP hx509 revokation context +.br +\fIcerts\fP +.br +\fInow\fP +.br +\fIcert\fP +.br +\fIparent_cert\fP +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal x509 library from the source code\&. diff --git a/kerberos5/man/hx509/man/man3/hx509_revoke_add_crl.3 b/kerberos5/man/hx509/man/man3/hx509_revoke_add_crl.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_revoke_add_crl.3 @@ -0,0 +1 @@ +.so man3/hx509_revoke.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_revoke_add_ocsp.3 b/kerberos5/man/hx509/man/man3/hx509_revoke_add_ocsp.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_revoke_add_ocsp.3 @@ -0,0 +1 @@ +.so man3/hx509_revoke.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_revoke_free.3 b/kerberos5/man/hx509/man/man3/hx509_revoke_free.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_revoke_free.3 @@ -0,0 +1 @@ +.so man3/hx509_revoke.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_revoke_init.3 b/kerberos5/man/hx509/man/man3/hx509_revoke_init.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_revoke_init.3 @@ -0,0 +1 @@ +.so man3/hx509_revoke.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_revoke_ocsp_print.3 b/kerberos5/man/hx509/man/man3/hx509_revoke_ocsp_print.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_revoke_ocsp_print.3 @@ -0,0 +1 @@ +.so man3/hx509_revoke.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_revoke_verify.3 b/kerberos5/man/hx509/man/man3/hx509_revoke_verify.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_revoke_verify.3 @@ -0,0 +1 @@ +.so man3/hx509_revoke.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_set_error_string.3 b/kerberos5/man/hx509/man/man3/hx509_set_error_string.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_set_error_string.3 @@ -0,0 +1 @@ +.so man3/hx509_error.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_set_error_stringv.3 b/kerberos5/man/hx509/man/man3/hx509_set_error_stringv.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_set_error_stringv.3 @@ -0,0 +1 @@ +.so man3/hx509_error.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_unparse_der_name.3 b/kerberos5/man/hx509/man/man3/hx509_unparse_der_name.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_unparse_der_name.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_validate_cert.3 b/kerberos5/man/hx509/man/man3/hx509_validate_cert.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_validate_cert.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_validate_ctx_add_flags.3 b/kerberos5/man/hx509/man/man3/hx509_validate_ctx_add_flags.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_validate_ctx_add_flags.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_validate_ctx_free.3 b/kerberos5/man/hx509/man/man3/hx509_validate_ctx_free.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_validate_ctx_free.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_validate_ctx_init.3 b/kerberos5/man/hx509/man/man3/hx509_validate_ctx_init.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_validate_ctx_init.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_validate_ctx_set_print.3 b/kerberos5/man/hx509/man/man3/hx509_validate_ctx_set_print.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_validate_ctx_set_print.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_verify.3 b/kerberos5/man/hx509/man/man3/hx509_verify.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_verify.3 @@ -0,0 +1,299 @@ +.TH "hx509_verify" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal x509 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509_verify \- hx509 verification functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "void \fBhx509_context_set_missing_revoke\fP (hx509_context context, int flag)" +.br +.ti -1c +.RI "int \fBhx509_verify_init_ctx\fP (hx509_context context, hx509_verify_ctx *ctx)" +.br +.ti -1c +.RI "void \fBhx509_verify_destroy_ctx\fP (hx509_verify_ctx ctx)" +.br +.ti -1c +.RI "void \fBhx509_verify_attach_anchors\fP (hx509_verify_ctx ctx, hx509_certs set)" +.br +.ti -1c +.RI "void \fBhx509_verify_attach_revoke\fP (hx509_verify_ctx ctx, hx509_revoke_ctx revoke_ctx)" +.br +.ti -1c +.RI "void \fBhx509_verify_set_time\fP (hx509_verify_ctx ctx, time_t t)" +.br +.ti -1c +.RI "void \fBhx509_verify_set_max_depth\fP (hx509_verify_ctx ctx, unsigned int max_depth)" +.br +.ti -1c +.RI "void \fBhx509_verify_set_proxy_certificate\fP (hx509_verify_ctx ctx, int boolean)" +.br +.ti -1c +.RI "void \fBhx509_verify_set_strict_rfc3280_verification\fP (hx509_verify_ctx ctx, int boolean)" +.br +.ti -1c +.RI "int \fBhx509_verify_path\fP (hx509_context context, hx509_verify_ctx ctx, hx509_cert cert, hx509_certs pool)" +.br +.ti -1c +.RI "int \fBhx509_ocsp_verify\fP (hx509_context context, time_t now, hx509_cert cert, int flags, const void *data, size_t length, time_t *expiration)" +.br +.ti -1c +.RI "int \fBhx509_crl_alloc\fP (hx509_context context, hx509_crl *crl)" +.br +.ti -1c +.RI "int \fBhx509_crl_add_revoked_certs\fP (hx509_context context, hx509_crl crl, hx509_certs certs)" +.br +.ti -1c +.RI "int \fBhx509_crl_lifetime\fP (hx509_context context, hx509_crl crl, int delta)" +.br +.ti -1c +.RI "void \fBhx509_crl_free\fP (hx509_context context, hx509_crl *crl)" +.br +.ti -1c +.RI "int \fBhx509_crl_sign\fP (hx509_context context, hx509_cert signer, hx509_crl crl, heim_octet_string *os)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "void hx509_context_set_missing_revoke (hx509_context context, int flag)" +Selects if the \fBhx509_revoke_verify()\fP function is going to require the existans of a revokation method (OCSP, CRL) or not\&. Note that \fBhx509_verify_path()\fP, \fBhx509_cms_verify_signed()\fP, and other function call \fBhx509_revoke_verify()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP hx509 context to change the flag for\&. +.br +\fIflag\fP zero, revokation method required, non zero missing revokation method ok +.RE +.PP + +.SS "int hx509_crl_add_revoked_certs (hx509_context context, hx509_crl crl, hx509_certs certs)" +Add revoked certificate to an CRL context\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a hx509 context\&. +.br +\fIcrl\fP the CRL to add the revoked certificate to\&. +.br +\fIcerts\fP keyset of certificate to revoke\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_crl_alloc (hx509_context context, hx509_crl * crl)" +Create a CRL context\&. Use \fBhx509_crl_free()\fP to free the CRL context\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a hx509 context\&. +.br +\fIcrl\fP return pointer to a newly allocated CRL context\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "void hx509_crl_free (hx509_context context, hx509_crl * crl)" +Free a CRL context\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a hx509 context\&. +.br +\fIcrl\fP a CRL context to free\&. +.RE +.PP + +.SS "int hx509_crl_lifetime (hx509_context context, hx509_crl crl, int delta)" +Set the lifetime of a CRL context\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a hx509 context\&. +.br +\fIcrl\fP a CRL context +.br +\fIdelta\fP delta time the certificate is valid, library adds the current time to this\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_crl_sign (hx509_context context, hx509_cert signer, hx509_crl crl, heim_octet_string * os)" +Sign a CRL and return an encode certificate\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a hx509 context\&. +.br +\fIsigner\fP certificate to sign the CRL with +.br +\fIcrl\fP the CRL to sign +.br +\fIos\fP return the signed and encoded CRL, free with free_heim_octet_string() +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_ocsp_verify (hx509_context context, time_t now, hx509_cert cert, int flags, const void * data, size_t length, time_t * expiration)" +Verify that the certificate is part of the OCSP reply and it's not expired\&. Doesn't verify signature the OCSP reply or it's done by a authorized sender, that is assumed to be already done\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a hx509 context +.br +\fInow\fP the time right now, if 0, use the current time\&. +.br +\fIcert\fP the certificate to verify +.br +\fIflags\fP flags control the behavior +.br +\fIdata\fP pointer to the encode ocsp reply +.br +\fIlength\fP the length of the encode ocsp reply +.br +\fIexpiration\fP return the time the OCSP will expire and need to be rechecked\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "void hx509_verify_attach_anchors (hx509_verify_ctx ctx, hx509_certs set)" +Set the trust anchors in the verification context, makes an reference to the keyset, so the consumer can free the keyset independent of the destruction of the verification context (ctx)\&. If there already is a keyset attached, it's released\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP a verification context +.br +\fIset\fP a keyset containing the trust anchors\&. +.RE +.PP + +.SS "void hx509_verify_attach_revoke (hx509_verify_ctx ctx, hx509_revoke_ctx revoke_ctx)" +Attach an revocation context to the verfication context, , makes an reference to the revoke context, so the consumer can free the revoke context independent of the destruction of the verification context\&. If there is no revoke context, the verification process is NOT going to check any verification status\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP a verification context\&. +.br +\fIrevoke_ctx\fP a revoke context\&. +.RE +.PP + +.SS "void hx509_verify_destroy_ctx (hx509_verify_ctx ctx)" +Free an hx509 verification context\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP the context to be freed\&. +.RE +.PP + +.SS "int hx509_verify_init_ctx (hx509_context context, hx509_verify_ctx * ctx)" +Allocate an verification context that is used fo control the verification process\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIctx\fP returns a pointer to a hx509_verify_ctx object\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "int hx509_verify_path (hx509_context context, hx509_verify_ctx ctx, hx509_cert cert, hx509_certs pool)" +Build and verify the path for the certificate to the trust anchor specified in the verify context\&. The path is constructed from the certificate, the pool and the trust anchors\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A hx509 context\&. +.br +\fIctx\fP A hx509 verification context\&. +.br +\fIcert\fP the certificate to build the path from\&. +.br +\fIpool\fP A keyset of certificates to build the chain from\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP\&. +.RE +.PP + +.SS "void hx509_verify_set_max_depth (hx509_verify_ctx ctx, unsigned int max_depth)" +Set the maximum depth of the certificate chain that the path builder is going to try\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP a verification context +.br +\fImax_depth\fP maxium depth of the certificate chain, include trust anchor\&. +.RE +.PP + +.SS "void hx509_verify_set_proxy_certificate (hx509_verify_ctx ctx, int boolean)" +Allow or deny the use of proxy certificates +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP a verification context +.br +\fIboolean\fP if non zero, allow proxy certificates\&. +.RE +.PP + +.SS "void hx509_verify_set_strict_rfc3280_verification (hx509_verify_ctx ctx, int boolean)" +Select strict RFC3280 verification of certificiates\&. This means checking key usage on CA certificates, this will make version 1 certificiates unuseable\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP a verification context +.br +\fIboolean\fP if non zero, use strict verification\&. +.RE +.PP + +.SS "void hx509_verify_set_time (hx509_verify_ctx ctx, time_t t)" +Set the clock time the the verification process is going to use\&. Used to check certificate in the past and future time\&. If not set the current time will be used\&. +.PP +\fBParameters\fP +.RS 4 +\fIctx\fP a verification context\&. +.br +\fIt\fP the time the verifiation is using\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal x509 library from the source code\&. diff --git a/kerberos5/man/hx509/man/man3/hx509_verify_attach_anchors.3 b/kerberos5/man/hx509/man/man3/hx509_verify_attach_anchors.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_verify_attach_anchors.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_verify_attach_revoke.3 b/kerberos5/man/hx509/man/man3/hx509_verify_attach_revoke.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_verify_attach_revoke.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_verify_ctx_f_allow_default_trustanchors.3 b/kerberos5/man/hx509/man/man3/hx509_verify_ctx_f_allow_default_trustanchors.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_verify_ctx_f_allow_default_trustanchors.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_verify_destroy_ctx.3 b/kerberos5/man/hx509/man/man3/hx509_verify_destroy_ctx.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_verify_destroy_ctx.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_verify_hostname.3 b/kerberos5/man/hx509/man/man3/hx509_verify_hostname.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_verify_hostname.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_verify_init_ctx.3 b/kerberos5/man/hx509/man/man3/hx509_verify_init_ctx.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_verify_init_ctx.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_verify_path.3 b/kerberos5/man/hx509/man/man3/hx509_verify_path.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_verify_path.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_verify_set_max_depth.3 b/kerberos5/man/hx509/man/man3/hx509_verify_set_max_depth.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_verify_set_max_depth.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_verify_set_proxy_certificate.3 b/kerberos5/man/hx509/man/man3/hx509_verify_set_proxy_certificate.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_verify_set_proxy_certificate.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_verify_set_strict_rfc3280_verification.3 b/kerberos5/man/hx509/man/man3/hx509_verify_set_strict_rfc3280_verification.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_verify_set_strict_rfc3280_verification.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_verify_set_time.3 b/kerberos5/man/hx509/man/man3/hx509_verify_set_time.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_verify_set_time.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_verify_signature.3 b/kerberos5/man/hx509/man/man3/hx509_verify_signature.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_verify_signature.3 @@ -0,0 +1 @@ +.so man3/hx509_crypto.3 diff --git a/kerberos5/man/hx509/man/man3/hx509_xfree.3 b/kerberos5/man/hx509/man/man3/hx509_xfree.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/hx509_xfree.3 @@ -0,0 +1 @@ +.so man3/hx509_misc.3 diff --git a/kerberos5/man/hx509/man/man3/page_ca.3 b/kerberos5/man/hx509/man/man3/page_ca.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/page_ca.3 @@ -0,0 +1,6 @@ +.TH "page_ca" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal x509 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_ca \- Hx509 CA functions +See the library functions here: \fBhx509 CA functions\fP diff --git a/kerberos5/man/hx509/man/man3/page_cert.3 b/kerberos5/man/hx509/man/man3/page_cert.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/page_cert.3 @@ -0,0 +1,10 @@ +.TH "page_cert" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal x509 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_cert \- The basic certificate +The basic hx509 cerificate object in hx509 is hx509_cert\&. The hx509_cert object is representing one X509/PKIX certificate and associated attributes; like private key, friendly name, etc\&. +.PP +A hx509_cert object is usully found via the keyset interfaces (\fBCertificate store operations\fP), but its also possible to create a certificate directly from a parsed object with \fBhx509_cert_init()\fP and \fBhx509_cert_init_data()\fP\&. +.PP +See the library functions here: \fBhx509 certificate functions\fP diff --git a/kerberos5/man/hx509/man/man3/page_cms.3 b/kerberos5/man/hx509/man/man3/page_cms.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/page_cms.3 @@ -0,0 +1,18 @@ +.TH "page_cms" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal x509 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_cms \- CMS/PKCS7 message functions\&. +CMS is defined in RFC 3369 and is an continuation of the RSA Labs standard PKCS7\&. The basic messages in CMS is +.PP +.IP "\(bu" 2 +SignedData Data signed with private key (RSA, DSA, ECDSA) or secret (symmetric) key +.IP "\(bu" 2 +EnvelopedData Data encrypted with private key (RSA) +.IP "\(bu" 2 +EncryptedData Data encrypted with secret (symmetric) key\&. +.IP "\(bu" 2 +ContentInfo Wrapper structure including type and data\&. +.PP +.PP +See the library functions here: \fBhx509 CMS/pkcs7 functions\fP diff --git a/kerberos5/man/hx509/man/man3/page_env.3 b/kerberos5/man/hx509/man/man3/page_env.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/page_env.3 @@ -0,0 +1,6 @@ +.TH "page_env" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal x509 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_env \- Hx509 environment functions +See the library functions here: \fBhx509 environment functions\fP diff --git a/kerberos5/man/hx509/man/man3/page_error.3 b/kerberos5/man/hx509/man/man3/page_error.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/page_error.3 @@ -0,0 +1,6 @@ +.TH "page_error" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal x509 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_error \- Hx509 error reporting functions +See the library functions here: \fBhx509 error functions\fP diff --git a/kerberos5/man/hx509/man/man3/page_keyset.3 b/kerberos5/man/hx509/man/man3/page_keyset.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/page_keyset.3 @@ -0,0 +1,25 @@ +.TH "page_keyset" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal x509 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_keyset \- Certificate store operations +Type of certificates store: +.IP "\(bu" 2 +MEMORY In memory based format\&. Doesnt support storing\&. +.IP "\(bu" 2 +FILE FILE supports raw DER certicates and PEM certicates\&. When PEM is used the file can contain may certificates and match private keys\&. Support storing the certificates\&. DER format only supports on certificate and no private key\&. +.IP "\(bu" 2 +PEM-FILE Same as FILE, defaulting to PEM encoded certificates\&. +.IP "\(bu" 2 +PEM-FILE Same as FILE, defaulting to DER encoded certificates\&. +.IP "\(bu" 2 +PKCS11 +.IP "\(bu" 2 +PKCS12 +.IP "\(bu" 2 +DIR +.IP "\(bu" 2 +KEYCHAIN Apple Mac OS X KeyChain backed keychain object\&. +.PP +.PP +See the library functions here: \fBhx509 certificate store functions\fP diff --git a/kerberos5/man/hx509/man/man3/page_lock.3 b/kerberos5/man/hx509/man/man3/page_lock.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/page_lock.3 @@ -0,0 +1,6 @@ +.TH "page_lock" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal x509 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_lock \- Locking and unlocking certificates and encrypted data\&. +See the library functions here: \fBhx509 lock functions\fP diff --git a/kerberos5/man/hx509/man/man3/page_name.3 b/kerberos5/man/hx509/man/man3/page_name.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/page_name.3 @@ -0,0 +1,18 @@ +.TH "page_name" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal x509 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_name \- PKIX/X\&.509 Names +There are several names in PKIX/X\&.509, GeneralName and Name\&. +.PP +A Name consists of an ordered list of Relative Distinguished Names (RDN)\&. Each RDN consists of an unordered list of typed strings\&. The types are defined by OID and have long and short description\&. For example id-at-commonName (2\&.5\&.4\&.3) have the long name CommonName and short name CN\&. The string itself can be of several encoding, UTF8, UTF16, Teltex string, etc\&. The type limit what encoding should be used\&. +.PP +GeneralName is a broader nametype that can contains al kind of stuff like Name, IP addresses, partial Name, etc\&. +.PP +Name is mapped into a hx509_name object\&. +.PP +Parse and string name into a hx509_name object with \fBhx509_parse_name()\fP, make it back into string representation with \fBhx509_name_to_string()\fP\&. +.PP +Name string are defined rfc2253, rfc1779 and X\&.501\&. +.PP +See the library functions here: \fBhx509 name functions\fP diff --git a/kerberos5/man/hx509/man/man3/page_peer.3 b/kerberos5/man/hx509/man/man3/page_peer.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/page_peer.3 @@ -0,0 +1,8 @@ +.TH "page_peer" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal x509 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_peer \- Hx509 crypto selecting functions +Peer info structures are used togeter with hx509_crypto_select() to select the best avaible crypto algorithm to use\&. +.PP +See the library functions here: \fBhx509 certificate selecting functions\fP diff --git a/kerberos5/man/hx509/man/man3/page_print.3 b/kerberos5/man/hx509/man/man3/page_print.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/page_print.3 @@ -0,0 +1,6 @@ +.TH "page_print" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal x509 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_print \- Hx509 printing functions +See the library functions here: \fBhx509 printing functions\fP diff --git a/kerberos5/man/hx509/man/man3/page_revoke.3 b/kerberos5/man/hx509/man/man3/page_revoke.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/hx509/man/man3/page_revoke.3 @@ -0,0 +1,10 @@ +.TH "page_revoke" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal x509 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_revoke \- Revocation methods +There are two revocation method for PKIX/X\&.509: CRL and OCSP\&. Revocation is needed if the private key is lost and stolen\&. Depending on how picky you are, you might want to make revocation for destroyed private keys too (smartcard broken), but that should not be a problem\&. +.PP +CRL is a list of certifiates that have expired\&. +.PP +OCSP is an online checking method where the requestor sends a list of certificates to the OCSP server to return a signed reply if they are valid or not\&. Some services sends a OCSP reply as part of the hand-shake to make the revoktion decision simpler/faster for the client\&. diff --git a/kerberos5/man/krb5/man/man3/krb5.3 b/kerberos5/man/krb5/man/man3/krb5.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5.3 @@ -0,0 +1,1060 @@ +.TH "krb5" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal Kerberos 5 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5 \- Heimdal Kerberos 5 library +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_add_et_list\fP (krb5_context context, void(*func)(struct et_list **))" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_set_password\fP (krb5_context context, krb5_creds *creds, const char *newpw, krb5_principal targprinc, int *result_code, krb5_data *result_code_string, krb5_data *result_string)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_context\fP (krb5_context *context)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_context\fP (krb5_context context, krb5_context *out)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_free_context\fP (krb5_context context)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_set_config_files\fP (krb5_context context, char **filenames)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_prepend_config_files_default\fP (const char *filelist, char ***pfilenames)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_default_config_files\fP (char ***pfilenames)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_free_config_files\fP (char **filenames)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION const krb5_enctype *KRB5_LIB_CALL \fBkrb5_kerberos_enctypes\fP (krb5_context context)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_set_default_in_tkt_etypes\fP (krb5_context context, const krb5_enctype *etypes)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_default_in_tkt_etypes\fP (krb5_context context, krb5_pdu pdu_type, krb5_enctype **etypes)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_init_ets\fP (krb5_context context)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_set_use_admin_kdc\fP (krb5_context context, krb5_boolean flag)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_get_use_admin_kdc\fP (krb5_context context)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_add_extra_addresses\fP (krb5_context context, krb5_addresses *addresses)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_set_extra_addresses\fP (krb5_context context, const krb5_addresses *addresses)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_extra_addresses\fP (krb5_context context, krb5_addresses *addresses)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_add_ignore_addresses\fP (krb5_context context, krb5_addresses *addresses)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_set_ignore_addresses\fP (krb5_context context, const krb5_addresses *addresses)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_ignore_addresses\fP (krb5_context context, krb5_addresses *addresses)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_set_fcache_version\fP (krb5_context context, int version)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_fcache_version\fP (krb5_context context, int *version)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_is_thread_safe\fP (void)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_set_dns_canonicalize_hostname\fP (krb5_context context, krb5_boolean flag)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_get_dns_canonicalize_hostname\fP (krb5_context context)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_kdc_sec_offset\fP (krb5_context context, int32_t *sec, int32_t *usec)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_set_kdc_sec_offset\fP (krb5_context context, int32_t sec, int32_t usec)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL \fBkrb5_get_max_time_skew\fP (krb5_context context)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_set_max_time_skew\fP (krb5_context context, time_t t)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_set_home_dir_access\fP (krb5_context context, krb5_boolean allow)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_host_realm\fP (krb5_context context, const krb5_realm *from, krb5_realm **to)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_free_cred_contents\fP (krb5_context context, krb5_creds *c)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_creds_contents\fP (krb5_context context, const krb5_creds *incred, krb5_creds *c)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_creds\fP (krb5_context context, const krb5_creds *incred, krb5_creds **outcred)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_free_creds\fP (krb5_context context, krb5_creds *c)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_compare_creds\fP (krb5_context context, krb5_flags whichfields, const krb5_creds *mcreds, const krb5_creds *creds)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL \fBkrb5_creds_get_ticket_flags\fP (krb5_creds *creds)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_data_zero\fP (krb5_data *p)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_data_free\fP (krb5_data *p)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_free_data\fP (krb5_context context, krb5_data *p)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_data_alloc\fP (krb5_data *p, int len)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_data_realloc\fP (krb5_data *p, int len)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_data_copy\fP (krb5_data *p, const void *data, size_t len)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_data\fP (krb5_context context, const krb5_data *indata, krb5_data **outdata)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_data_cmp\fP (const krb5_data *data1, const krb5_data *data2)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_data_ct_cmp\fP (const krb5_data *data1, const krb5_data *data2)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_get_err_text\fP (krb5_context context, krb5_error_code code) KRB5_DEPRECATED_FUNCTION('Use \fBkrb5_get_error_message\fP instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_krbhst_get_addrinfo\fP (krb5_context context, krb5_krbhst_info *host, struct addrinfo **ai)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_free_ticket\fP (krb5_context context, krb5_ticket *ticket)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_ticket\fP (krb5_context context, const krb5_ticket *from, krb5_ticket **to)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ticket_get_client\fP (krb5_context context, const krb5_ticket *ticket, krb5_principal *client)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ticket_get_server\fP (krb5_context context, const krb5_ticket *ticket, krb5_principal *server)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL \fBkrb5_ticket_get_endtime\fP (krb5_context context, const krb5_ticket *ticket)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ticket_get_authorization_data_type\fP (krb5_context context, krb5_ticket *ticket, int type, krb5_data *data)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_set_real_time\fP (krb5_context context, krb5_timestamp sec, int32_t usec)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_add_et_list (krb5_context context, void(*)(struct et_list **) func)" +Add a specified list of error messages to the et list in context\&. Call func (probably a comerr-generated function) with a pointer to the current et_list\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A kerberos context\&. +.br +\fIfunc\fP The generated com_err et function\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_add_extra_addresses (krb5_context context, krb5_addresses * addresses)" +Add extra address to the address list that the library will add to the client's address list when communicating with the KDC\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIaddresses\fP addreses to add +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_add_ignore_addresses (krb5_context context, krb5_addresses * addresses)" +Add extra addresses to ignore when fetching addresses from the underlaying operating system\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIaddresses\fP addreses to ignore +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_compare_creds (krb5_context context, krb5_flags whichfields, const krb5_creds * mcreds, const krb5_creds * creds)" +Return TRUE if `mcreds' and `creds' are equal (`whichfields' determines what equal means)\&. +.PP +The following flags, set in whichfields affects the comparison: +.IP "\(bu" 2 +KRB5_TC_MATCH_SRV_NAMEONLY Consider all realms equal when comparing the service principal\&. +.IP "\(bu" 2 +KRB5_TC_MATCH_KEYTYPE Compare enctypes\&. +.IP "\(bu" 2 +KRB5_TC_MATCH_FLAGS_EXACT Make sure that the ticket flags are identical\&. +.IP "\(bu" 2 +KRB5_TC_MATCH_FLAGS Make sure that all ticket flags set in mcreds are also present in creds \&. +.IP "\(bu" 2 +KRB5_TC_MATCH_TIMES_EXACT Compares the ticket times exactly\&. +.IP "\(bu" 2 +KRB5_TC_MATCH_TIMES Compares only the expiration times of the creds\&. +.IP "\(bu" 2 +KRB5_TC_MATCH_AUTHDATA Compares the authdata fields\&. +.IP "\(bu" 2 +KRB5_TC_MATCH_2ND_TKT Compares the second tickets (used by user-to-user authentication)\&. +.IP "\(bu" 2 +KRB5_TC_MATCH_IS_SKEY Compares the existance of the second ticket\&. +.PP +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIwhichfields\fP which fields to compare\&. +.br +\fImcreds\fP cred to compare with\&. +.br +\fIcreds\fP cred to compare with\&. +.RE +.PP +\fBReturns\fP +.RS 4 +return TRUE if mcred and creds are equal, FALSE if not\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_context (krb5_context context, krb5_context * out)" +Make a copy for the Kerberos 5 context, the new krb5_context shoud be freed with \fBkrb5_free_context()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP the Kerberos context to copy +.br +\fIout\fP the copy of the Kerberos, set to NULL error\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_creds (krb5_context context, const krb5_creds * incred, krb5_creds ** outcred)" +Copy krb5_creds\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIincred\fP source credential +.br +\fIoutcred\fP destination credential, free with \fBkrb5_free_creds()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_creds_contents (krb5_context context, const krb5_creds * incred, krb5_creds * c)" +Copy content of krb5_creds\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIincred\fP source credential +.br +\fIc\fP destination credential, free with \fBkrb5_free_cred_contents()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_data (krb5_context context, const krb5_data * indata, krb5_data ** outdata)" +Copy the data into a newly allocated krb5_data\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIindata\fP the krb5_data data to copy +.br +\fIoutdata\fP new krb5_date to copy too\&. Free with \fBkrb5_free_data()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_host_realm (krb5_context context, const krb5_realm * from, krb5_realm ** to)" +Copy the list of realms from `from' to `to'\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIfrom\fP list of realms to copy from\&. +.br +\fIto\fP list of realms to copy to, free list of \fBkrb5_free_host_realm()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_ticket (krb5_context context, const krb5_ticket * from, krb5_ticket ** to)" +Copy ticket and content +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context +.br +\fIfrom\fP ticket to copy +.br +\fIto\fP new copy of ticket, free with \fBkrb5_free_ticket()\fP +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL krb5_creds_get_ticket_flags (krb5_creds * creds)" +Returns the ticket flags for the credentials in creds\&. See also \fBkrb5_ticket_get_flags()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIcreds\fP credential to get ticket flags from +.RE +.PP +\fBReturns\fP +.RS 4 +ticket flags +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_data_alloc (krb5_data * p, int len)" +Allocate data of and krb5_data\&. +.PP +\fBParameters\fP +.RS 4 +\fIp\fP krb5_data to allocate\&. +.br +\fIlen\fP size to allocate\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_data_cmp (const krb5_data * data1, const krb5_data * data2)" +Compare to data\&. +.PP +\fBParameters\fP +.RS 4 +\fIdata1\fP krb5_data to compare +.br +\fIdata2\fP krb5_data to compare +.RE +.PP +\fBReturns\fP +.RS 4 +return the same way as memcmp(), useful when sorting\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_data_copy (krb5_data * p, const void * data, size_t len)" +Copy the data of len into the krb5_data\&. +.PP +\fBParameters\fP +.RS 4 +\fIp\fP krb5_data to copy into\&. +.br +\fIdata\fP data to copy\&.\&. +.br +\fIlen\fP new size\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_data_ct_cmp (const krb5_data * data1, const krb5_data * data2)" +Compare to data not exposing timing information from the checksum data +.PP +\fBParameters\fP +.RS 4 +\fIdata1\fP krb5_data to compare +.br +\fIdata2\fP krb5_data to compare +.RE +.PP +\fBReturns\fP +.RS 4 +returns zero for same data, otherwise non zero\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_data_free (krb5_data * p)" +Free the content of krb5_data structure, its ok to free a zeroed structure (with memset() or \fBkrb5_data_zero()\fP)\&. When done, the structure will be zeroed\&. The same function is called \fBkrb5_free_data_contents()\fP in MIT Kerberos\&. +.PP +\fBParameters\fP +.RS 4 +\fIp\fP krb5_data to free\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_data_realloc (krb5_data * p, int len)" +Grow (or shrink) the content of krb5_data to a new size\&. +.PP +\fBParameters\fP +.RS 4 +\fIp\fP krb5_data to free\&. +.br +\fIlen\fP new size\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_data_zero (krb5_data * p)" +Reset the (potentially uninitalized) krb5_data structure\&. +.PP +\fBParameters\fP +.RS 4 +\fIp\fP krb5_data to reset\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_config_files (char ** filenames)" +Free a list of configuration files\&. +.PP +\fBParameters\fP +.RS 4 +\fIfilenames\fP list, terminated with a NULL pointer, to be freed\&. NULL is an valid argument\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_context (krb5_context context)" +Frees the krb5_context allocated by \fBkrb5_init_context()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP context to be freed\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_cred_contents (krb5_context context, krb5_creds * c)" +Free content of krb5_creds\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIc\fP krb5_creds to free\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_creds (krb5_context context, krb5_creds * c)" +Free krb5_creds\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIc\fP krb5_creds to free\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_data (krb5_context context, krb5_data * p)" +Free krb5_data (and its content)\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIp\fP krb5_data to free\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_ticket (krb5_context context, krb5_ticket * ticket)" +Free ticket and content +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context +.br +\fIticket\fP ticket to free +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_config_files (char *** pfilenames)" +Get the global configuration list\&. +.PP +\fBParameters\fP +.RS 4 +\fIpfilenames\fP return array of filenames, should be freed with \fBkrb5_free_config_files()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_in_tkt_etypes (krb5_context context, krb5_pdu pdu_type, krb5_enctype ** etypes)" +Get the default encryption types that will be use in communcation with the KDC, clients and servers\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIpdu_type\fP request type (AS, TGS or none) +.br +\fIetypes\fP Encryption types, array terminated with ETYPE_NULL(0), caller should free array with krb5_xfree(): +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_get_dns_canonicalize_hostname (krb5_context context)" +Get if the library uses DNS to canonicalize hostnames\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.RE +.PP +\fBReturns\fP +.RS 4 +return non zero if the library uses DNS to canonicalize hostnames\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_get_err_text (krb5_context context, krb5_error_code code)" +Return the error string for the error code\&. The caller must not free the string\&. +.PP +This function is deprecated since its not threadsafe\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIcode\fP Kerberos error code\&. +.RE +.PP +\fBReturns\fP +.RS 4 +the error message matching code +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_extra_addresses (krb5_context context, krb5_addresses * addresses)" +Get extra address to the address list that the library will add to the client's address list when communicating with the KDC\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIaddresses\fP addreses to set +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_fcache_version (krb5_context context, int * version)" +Get version of fcache that the library should use\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIversion\fP version number\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_ignore_addresses (krb5_context context, krb5_addresses * addresses)" +Get extra addresses to ignore when fetching addresses from the underlaying operating system\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIaddresses\fP list addreses ignored +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_kdc_sec_offset (krb5_context context, int32_t * sec, int32_t * usec)" +Get current offset in time to the KDC\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIsec\fP seconds part of offset\&. +.br +\fIusec\fP micro seconds part of offset\&. +.RE +.PP +\fBReturns\fP +.RS 4 +returns zero +.RE +.PP + +.SS "KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL krb5_get_max_time_skew (krb5_context context)" +Get max time skew allowed\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.RE +.PP +\fBReturns\fP +.RS 4 +timeskew in seconds\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_get_use_admin_kdc (krb5_context context)" +Make the kerberos library default to the admin KDC\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.RE +.PP +\fBReturns\fP +.RS 4 +boolean flag to telling the context will use admin KDC as the default KDC\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_context (krb5_context * context)" +Initializes the context structure and reads the configuration file /etc/krb5\&.conf\&. The structure should be freed by calling \fBkrb5_free_context()\fP when it is no longer being used\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP pointer to returned context +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an errno code is returned\&. Failure means either that something bad happened during initialization (typically ENOMEM) or that Kerberos should not be used ENXIO\&. If the function returns HEIM_ERR_RANDOM_OFFLINE, the random source is not available and later Kerberos calls might fail\&. +.RE +.PP +\fBkrb5_init_context()\fP will get one random byte to make sure our random is alive\&. Assumption is that once the non blocking source allows us to pull bytes, its all seeded and allows us to pull more bytes\&. +.PP +Most Kerberos users calls \fBkrb5_init_context()\fP, so this is useful point where we can do the checking\&. +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_init_ets (krb5_context context)" +Init the built-in ets in the Kerberos library\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP kerberos context to add the ets too +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_is_thread_safe (void)" +Runtime check if the Kerberos library was complied with thread support\&. +.PP +\fBReturns\fP +.RS 4 +TRUE if the library was compiled with thread support, FALSE if not\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION const krb5_enctype* KRB5_LIB_CALL krb5_kerberos_enctypes (krb5_context context)" +Returns the list of Kerberos encryption types sorted in order of most preferred to least preferred encryption type\&. Note that some encryption types might be disabled, so you need to check with \fBkrb5_enctype_valid()\fP before using the encryption type\&. +.PP +\fBReturns\fP +.RS 4 +list of enctypes, terminated with ETYPE_NULL\&. Its a static array completed into the Kerberos library so the content doesn't need to be freed\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_get_addrinfo (krb5_context context, krb5_krbhst_info * host, struct addrinfo ** ai)" +Return an `struct addrinfo *' for a KDC host\&. +.PP +Returns an the struct addrinfo in in that corresponds to the information in `host'\&. free:ing is handled by krb5_krbhst_free, so the returned ai must not be released\&. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_prepend_config_files_default (const char * filelist, char *** pfilenames)" +Prepend the filename to the global configuration list\&. +.PP +\fBParameters\fP +.RS 4 +\fIfilelist\fP a filename to add to the default list of filename +.br +\fIpfilenames\fP return array of filenames, should be freed with \fBkrb5_free_config_files()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_config_files (krb5_context context, char ** filenames)" +Reinit the context from a new set of filenames\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP context to add configuration too\&. +.br +\fIfilenames\fP array of filenames, end of list is indicated with a NULL filename\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_default_in_tkt_etypes (krb5_context context, const krb5_enctype * etypes)" +Set the default encryption types that will be use in communcation with the KDC, clients and servers\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIetypes\fP Encryption types, array terminated with ETYPE_NULL (0)\&. A value of NULL resets the encryption types to the defaults set in the configuration file\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag)" +Set if the library should use DNS to canonicalize hostnames\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIflag\fP if its dns canonicalizion is used or not\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_extra_addresses (krb5_context context, const krb5_addresses * addresses)" +Set extra address to the address list that the library will add to the client's address list when communicating with the KDC\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIaddresses\fP addreses to set +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_fcache_version (krb5_context context, int version)" +Set version of fcache that the library should use\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIversion\fP version number\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_set_home_dir_access (krb5_context context, krb5_boolean allow)" +Enable and disable home directory access on either the global state or the krb5_context state\&. By calling \fBkrb5_set_home_dir_access()\fP with context set to NULL, the global state is configured otherwise the state for the krb5_context is modified\&. +.PP +For home directory access to be allowed, both the global state and the krb5_context state have to be allowed\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context or NULL +.br +\fIallow\fP allow if TRUE home directory +.RE +.PP +\fBReturns\fP +.RS 4 +the old value +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_ignore_addresses (krb5_context context, const krb5_addresses * addresses)" +Set extra addresses to ignore when fetching addresses from the underlaying operating system\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIaddresses\fP addreses to ignore +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec)" +Set current offset in time to the KDC\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIsec\fP seconds part of offset\&. +.br +\fIusec\fP micro seconds part of offset\&. +.RE +.PP +\fBReturns\fP +.RS 4 +returns zero +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_max_time_skew (krb5_context context, time_t t)" +Set max time skew allowed\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIt\fP timeskew in seconds\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_password (krb5_context context, krb5_creds * creds, const char * newpw, krb5_principal targprinc, int * result_code, krb5_data * result_code_string, krb5_data * result_string)" +Change password using creds\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIcreds\fP The initial kadmin/passwd for the principal or an admin principal +.br +\fInewpw\fP The new password to set +.br +\fItargprinc\fP if unset, the default principal is used\&. +.br +\fIresult_code\fP Result code, KRB5_KPASSWD_SUCCESS is when password is changed\&. +.br +\fIresult_code_string\fP binary message from the server, contains at least the result_code\&. +.br +\fIresult_string\fP A message from the kpasswd service or the library in human printable form\&. The string is NUL terminated\&. +.RE +.PP +\fBReturns\fP +.RS 4 +On sucess and *result_code is KRB5_KPASSWD_SUCCESS, the password is changed\&. +.RE +.PP +@ +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_real_time (krb5_context context, krb5_timestamp sec, int32_t usec)" +Set the absolute time that the caller knows the kdc has so the kerberos library can calculate the relative diffrence beteen the KDC time and local system time\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Keberos 5 context\&. +.br +\fIsec\fP The applications new of 'now' in seconds +.br +\fIusec\fP The applications new of 'now' in micro seconds +.RE +.PP +\fBReturns\fP +.RS 4 +Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP +If the caller passes in a negative usec, its assumed to be unknown and the function will use the current time usec\&. +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag)" +Make the kerberos library default to the admin KDC\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIflag\fP boolean flag to select if the use the admin KDC or not\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ticket_get_authorization_data_type (krb5_context context, krb5_ticket * ticket, int type, krb5_data * data)" +Extract the authorization data type of type from the ticket\&. Store the field in data\&. This function is to use for kerberos applications\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context +.br +\fIticket\fP Kerberos ticket +.br +\fItype\fP type to fetch +.br +\fIdata\fP returned data, free with \fBkrb5_data_free()\fP +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ticket_get_client (krb5_context context, const krb5_ticket * ticket, krb5_principal * client)" +Return client principal in ticket +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context +.br +\fIticket\fP ticket to copy +.br +\fIclient\fP client principal, free with \fBkrb5_free_principal()\fP +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL krb5_ticket_get_endtime (krb5_context context, const krb5_ticket * ticket)" +Return end time of ticket +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context +.br +\fIticket\fP ticket to copy +.RE +.PP +\fBReturns\fP +.RS 4 +end time of ticket +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ticket_get_server (krb5_context context, const krb5_ticket * ticket, krb5_principal * server)" +Return server principal in ticket +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context +.br +\fIticket\fP ticket to copy +.br +\fIserver\fP server principal, free with \fBkrb5_free_principal()\fP +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal Kerberos 5 library from the source code\&. diff --git a/kerberos5/man/krb5/man/man3/krb524_convert_creds_kdc.3 b/kerberos5/man/krb5/man/man3/krb524_convert_creds_kdc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb524_convert_creds_kdc.3 @@ -0,0 +1 @@ +.so man3/krb5_v4compat.3 diff --git a/kerberos5/man/krb5/man/man3/krb524_convert_creds_kdc_ccache.3 b/kerberos5/man/krb5/man/man3/krb524_convert_creds_kdc_ccache.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb524_convert_creds_kdc_ccache.3 @@ -0,0 +1 @@ +.so man3/krb5_v4compat.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_abort.3 b/kerberos5/man/krb5/man/man3/krb5_abort.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_abort.3 @@ -0,0 +1 @@ +.so man3/krb5_error.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_abortx.3 b/kerberos5/man/krb5/man/man3/krb5_abortx.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_abortx.3 @@ -0,0 +1 @@ +.so man3/krb5_error.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_acc_ops.3 b/kerberos5/man/krb5/man/man3/krb5_acc_ops.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_acc_ops.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_acl_match_file.3 b/kerberos5/man/krb5/man/man3/krb5_acl_match_file.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_acl_match_file.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_acl_match_string.3 b/kerberos5/man/krb5/man/man3/krb5_acl_match_string.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_acl_match_string.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_add_et_list.3 b/kerberos5/man/krb5/man/man3/krb5_add_et_list.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_add_et_list.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_add_extra_addresses.3 b/kerberos5/man/krb5/man/man3/krb5_add_extra_addresses.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_add_extra_addresses.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_add_ignore_addresses.3 b/kerberos5/man/krb5/man/man3/krb5_add_ignore_addresses.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_add_ignore_addresses.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_addr2sockaddr.3 b/kerberos5/man/krb5/man/man3/krb5_addr2sockaddr.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_addr2sockaddr.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_address.3 b/kerberos5/man/krb5/man/man3/krb5_address.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_address.3 @@ -0,0 +1,447 @@ +.TH "krb5_address" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal Kerberos 5 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_address \- Heimdal Kerberos 5 address functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_sockaddr2address\fP (krb5_context context, const struct sockaddr *sa, krb5_address *addr)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_sockaddr2port\fP (krb5_context context, const struct sockaddr *sa, int16_t *port)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_addr2sockaddr\fP (krb5_context context, const krb5_address *addr, struct sockaddr *sa, krb5_socklen_t *sa_size, int port)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL \fBkrb5_max_sockaddr_size\fP (void)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_sockaddr_uninteresting\fP (const struct sockaddr *sa)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_h_addr2sockaddr\fP (krb5_context context, int af, const char *addr, struct sockaddr *sa, krb5_socklen_t *sa_size, int port)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_h_addr2addr\fP (krb5_context context, int af, const char *haddr, krb5_address *addr)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_anyaddr\fP (krb5_context context, int af, struct sockaddr *sa, krb5_socklen_t *sa_size, int port)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_print_address\fP (const krb5_address *addr, char *str, size_t len, size_t *ret_len)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_parse_address\fP (krb5_context context, const char *string, krb5_addresses *addresses)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_address_order\fP (krb5_context context, const krb5_address *addr1, const krb5_address *addr2)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_address_compare\fP (krb5_context context, const krb5_address *addr1, const krb5_address *addr2)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_address_search\fP (krb5_context context, const krb5_address *addr, const krb5_addresses *addrlist)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_free_address\fP (krb5_context context, krb5_address *address)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_free_addresses\fP (krb5_context context, krb5_addresses *addresses)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_address\fP (krb5_context context, const krb5_address *inaddr, krb5_address *outaddr)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_addresses\fP (krb5_context context, const krb5_addresses *inaddr, krb5_addresses *outaddr)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_append_addresses\fP (krb5_context context, krb5_addresses *dest, const krb5_addresses *source)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_make_addrport\fP (krb5_context context, krb5_address **res, const krb5_address *addr, int16_t port)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_address_prefixlen_boundary\fP (krb5_context context, const krb5_address *inaddr, unsigned long prefixlen, krb5_address *low, krb5_address *high)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_addr2sockaddr (krb5_context context, const krb5_address * addr, struct sockaddr * sa, krb5_socklen_t * sa_size, int port)" +krb5_addr2sockaddr sets the 'struct sockaddr sockaddr' from addr and port\&. The argument sa_size should initially contain the size of the sa and after the call, it will contain the actual length of the address\&. In case of the sa is too small to fit the whole address, the up to *sa_size will be stored, and then *sa_size will be set to the required length\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIaddr\fP the address to copy the from +.br +\fIsa\fP the struct sockaddr that will be filled in +.br +\fIsa_size\fP pointer to length of sa, and after the call, it will contain the actual length of the address\&. +.br +\fIport\fP set port in sa\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. Will return KRB5_PROG_ATYPE_NOSUPP in case address type is not supported\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_address_compare (krb5_context context, const krb5_address * addr1, const krb5_address * addr2)" +krb5_address_compare compares the addresses addr1 and addr2\&. Returns TRUE if the two addresses are the same\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIaddr1\fP address to compare +.br +\fIaddr2\fP address to compare +.RE +.PP +\fBReturns\fP +.RS 4 +Return an TRUE is the address are the same FALSE if not +.RE +.PP + +.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_address_order (krb5_context context, const krb5_address * addr1, const krb5_address * addr2)" +krb5_address_order compares the addresses addr1 and addr2 so that it can be used for sorting addresses\&. If the addresses are the same address krb5_address_order will return 0\&. Behavies like memcmp(2)\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIaddr1\fP krb5_address to compare +.br +\fIaddr2\fP krb5_address to compare +.RE +.PP +\fBReturns\fP +.RS 4 +< 0 if address addr1 in 'less' then addr2\&. 0 if addr1 and addr2 is the same address, > 0 if addr2 is 'less' then addr1\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_address_prefixlen_boundary (krb5_context context, const krb5_address * inaddr, unsigned long prefixlen, krb5_address * low, krb5_address * high)" +Calculate the boundary addresses of `inaddr'/`prefixlen' and store them in `low' and `high'\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIinaddr\fP address in prefixlen that the bondery searched +.br +\fIprefixlen\fP width of boundery +.br +\fIlow\fP lowest address +.br +\fIhigh\fP highest address +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_address_search (krb5_context context, const krb5_address * addr, const krb5_addresses * addrlist)" +krb5_address_search checks if the address addr is a member of the address set list addrlist \&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context\&. +.br +\fIaddr\fP address to search for\&. +.br +\fIaddrlist\fP list of addresses to look in for addr\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_anyaddr (krb5_context context, int af, struct sockaddr * sa, krb5_socklen_t * sa_size, int port)" +krb5_anyaddr fills in a 'struct sockaddr sa' that can be used to bind(2) to\&. The argument sa_size should initially contain the size of the sa, and after the call, it will contain the actual length of the address\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIaf\fP address family +.br +\fIsa\fP sockaddr +.br +\fIsa_size\fP lenght of sa\&. +.br +\fIport\fP for to fill into sa\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_append_addresses (krb5_context context, krb5_addresses * dest, const krb5_addresses * source)" +krb5_append_addresses adds the set of addresses in source to dest\&. While copying the addresses, duplicates are also sorted out\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIdest\fP destination of copy operation +.br +\fIsource\fP adresses that are going to be added to dest +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_address (krb5_context context, const krb5_address * inaddr, krb5_address * outaddr)" +krb5_copy_address copies the content of address inaddr to outaddr\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIinaddr\fP pointer to source address +.br +\fIoutaddr\fP pointer to destination address +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_addresses (krb5_context context, const krb5_addresses * inaddr, krb5_addresses * outaddr)" +krb5_copy_addresses copies the content of addresses inaddr to outaddr\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIinaddr\fP pointer to source addresses +.br +\fIoutaddr\fP pointer to destination addresses +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_address (krb5_context context, krb5_address * address)" +krb5_free_address frees the data stored in the address that is alloced with any of the krb5_address functions\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIaddress\fP addresss to be freed\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_addresses (krb5_context context, krb5_addresses * addresses)" +krb5_free_addresses frees the data stored in the address that is alloced with any of the krb5_address functions\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIaddresses\fP addressses to be freed\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_addr2addr (krb5_context context, int af, const char * haddr, krb5_address * addr)" +krb5_h_addr2addr works like krb5_h_addr2sockaddr with the exception that it operates on a krb5_address instead of a struct sockaddr\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIaf\fP address family +.br +\fIhaddr\fP host address from struct hostent\&. +.br +\fIaddr\fP returned krb5_address\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_addr2sockaddr (krb5_context context, int af, const char * addr, struct sockaddr * sa, krb5_socklen_t * sa_size, int port)" +krb5_h_addr2sockaddr initializes a 'struct sockaddr sa' from af and the 'struct hostent' (see gethostbyname(3) ) h_addr_list component\&. The argument sa_size should initially contain the size of the sa, and after the call, it will contain the actual length of the address\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIaf\fP addresses +.br +\fIaddr\fP address +.br +\fIsa\fP returned struct sockaddr +.br +\fIsa_size\fP size of sa +.br +\fIport\fP port to set in sa\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_make_addrport (krb5_context context, krb5_address ** res, const krb5_address * addr, int16_t port)" +Create an address of type KRB5_ADDRESS_ADDRPORT from (addr, port) +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIres\fP built address from addr/port +.br +\fIaddr\fP address to use +.br +\fIport\fP port to use +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL krb5_max_sockaddr_size (void)" +krb5_max_sockaddr_size returns the max size of the \&.Li struct sockaddr that the Kerberos library will return\&. +.PP +\fBReturns\fP +.RS 4 +Return an size_t of the maximum struct sockaddr\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_address (krb5_context context, const char * string, krb5_addresses * addresses)" +krb5_parse_address returns the resolved hostname in string to the krb5_addresses addresses \&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIstring\fP +.br +\fIaddresses\fP +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_print_address (const krb5_address * addr, char * str, size_t len, size_t * ret_len)" +krb5_print_address prints the address in addr to the string string that have the length len\&. If ret_len is not NULL, it will be filled with the length of the string if size were unlimited (not including the final NUL) \&. +.PP +\fBParameters\fP +.RS 4 +\fIaddr\fP address to be printed +.br +\fIstr\fP pointer string to print the address into +.br +\fIlen\fP length that will fit into area pointed to by 'str'\&. +.br +\fIret_len\fP return length the str\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sockaddr2address (krb5_context context, const struct sockaddr * sa, krb5_address * addr)" +krb5_sockaddr2address stores a address a 'struct sockaddr' sa in the krb5_address addr\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIsa\fP a struct sockaddr to extract the address from +.br +\fIaddr\fP an Kerberos 5 address to store the address in\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sockaddr2port (krb5_context context, const struct sockaddr * sa, int16_t * port)" +krb5_sockaddr2port extracts a port (if possible) from a "struct sockaddr\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIsa\fP a struct sockaddr to extract the port from +.br +\fIport\fP a pointer to an int16_t store the port in\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. Will return KRB5_PROG_ATYPE_NOSUPP in case address type is not supported\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_sockaddr_uninteresting (const struct sockaddr * sa)" +krb5_sockaddr_uninteresting returns TRUE for all \&.Fa sa that the kerberos library thinks are uninteresting\&. One example are link local addresses\&. +.PP +\fBParameters\fP +.RS 4 +\fIsa\fP pointer to struct sockaddr that might be interesting\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return a non zero for uninteresting addresses\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal Kerberos 5 library from the source code\&. diff --git a/kerberos5/man/krb5/man/man3/krb5_address_compare.3 b/kerberos5/man/krb5/man/man3/krb5_address_compare.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_address_compare.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_address_order.3 b/kerberos5/man/krb5/man/man3/krb5_address_order.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_address_order.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_address_prefixlen_boundary.3 b/kerberos5/man/krb5/man/man3/krb5_address_prefixlen_boundary.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_address_prefixlen_boundary.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_address_search.3 b/kerberos5/man/krb5/man/man3/krb5_address_search.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_address_search.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_allow_weak_crypto.3 b/kerberos5/man/krb5/man/man3/krb5_allow_weak_crypto.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_allow_weak_crypto.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_aname_to_localname.3 b/kerberos5/man/krb5/man/man3/krb5_aname_to_localname.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_aname_to_localname.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_anyaddr.3 b/kerberos5/man/krb5/man/man3/krb5_anyaddr.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_anyaddr.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_append_addresses.3 b/kerberos5/man/krb5/man/man3/krb5_append_addresses.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_append_addresses.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_auth.3 b/kerberos5/man/krb5/man/man3/krb5_auth.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_auth.3 @@ -0,0 +1,138 @@ +.TH "krb5_auth" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal Kerberos 5 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_auth \- Heimdal Kerberos 5 authentication functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_rd_req_in_ctx_alloc\fP (krb5_context context, krb5_rd_req_in_ctx *ctx)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_rd_req_in_set_keytab\fP (krb5_context context, krb5_rd_req_in_ctx in, krb5_keytab keytab)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_rd_req_in_set_pac_check\fP (krb5_context context, krb5_rd_req_in_ctx in, krb5_boolean flag)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_rd_req_out_get_server\fP (krb5_context context, krb5_rd_req_out_ctx out, krb5_principal *principal)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_rd_req_out_ctx_free\fP (krb5_context context, krb5_rd_req_out_ctx ctx)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_rd_req_ctx\fP (krb5_context context, krb5_auth_context *auth_context, const krb5_data *inbuf, krb5_const_principal server, krb5_rd_req_in_ctx inctx, krb5_rd_req_out_ctx *outctx)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_ctx (krb5_context context, krb5_auth_context * auth_context, const krb5_data * inbuf, krb5_const_principal server, krb5_rd_req_in_ctx inctx, krb5_rd_req_out_ctx * outctx)" +The core server function that verify application authentication requests from clients\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Keberos 5 context\&. +.br +\fIauth_context\fP the authentication context, can be NULL, then default values for the authentication context will used\&. +.br +\fIinbuf\fP the (AP-REQ) authentication buffer +.br +\fIserver\fP the server to authenticate to\&. If NULL the function will try to find any available credential in the keytab that will verify the reply\&. The function will prefer the server specified in the AP-REQ, but if there is no mach, it will try all keytab entries for a match\&. This has serious performance issues for large keytabs\&. +.br +\fIinctx\fP control the behavior of the function, if NULL, the default behavior is used\&. +.br +\fIoutctx\fP the return outctx, free with \fBkrb5_rd_req_out_ctx_free()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_ctx_alloc (krb5_context context, krb5_rd_req_in_ctx * ctx)" +Allocate a krb5_rd_req_in_ctx as an input parameter to \fBkrb5_rd_req_ctx()\fP\&. The caller should free the context with krb5_rd_req_in_ctx_free() when done with the context\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Keberos 5 context\&. +.br +\fIctx\fP in ctx to \fBkrb5_rd_req_ctx()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_set_keytab (krb5_context context, krb5_rd_req_in_ctx in, krb5_keytab keytab)" +Set the keytab that \fBkrb5_rd_req_ctx()\fP will use\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Keberos 5 context\&. +.br +\fIin\fP in ctx to \fBkrb5_rd_req_ctx()\fP\&. +.br +\fIkeytab\fP keytab that \fBkrb5_rd_req_ctx()\fP will use, only copy the pointer, so the caller must free they keytab after krb5_rd_req_in_ctx_free() is called\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_set_pac_check (krb5_context context, krb5_rd_req_in_ctx in, krb5_boolean flag)" +Set if krb5_rq_red() is going to check the Windows PAC or not +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Keberos 5 context\&. +.br +\fIin\fP krb5_rd_req_in_ctx to check the option on\&. +.br +\fIflag\fP flag to select if to check the pac (TRUE) or not (FALSE)\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_rd_req_out_ctx_free (krb5_context context, krb5_rd_req_out_ctx ctx)" +Free the krb5_rd_req_out_ctx\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Keberos 5 context\&. +.br +\fIctx\fP krb5_rd_req_out_ctx context to free\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_out_get_server (krb5_context context, krb5_rd_req_out_ctx out, krb5_principal * principal)" +Get the principal that was used in the request from the client\&. Might not match whats in the ticket if \fBkrb5_rd_req_ctx()\fP searched in the keytab for a matching key\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context\&. +.br +\fIout\fP a krb5_rd_req_out_ctx from \fBkrb5_rd_req_ctx()\fP\&. +.br +\fIprincipal\fP return principal, free with \fBkrb5_free_principal()\fP\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal Kerberos 5 library from the source code\&. diff --git a/kerberos5/man/krb5/man/man3/krb5_auth_getremoteseqnumber.3 b/kerberos5/man/krb5/man/man3/krb5_auth_getremoteseqnumber.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_auth_getremoteseqnumber.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_build_principal.3 b/kerberos5/man/krb5/man/man3/krb5_build_principal.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_build_principal.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_c_enctype_compare.3 b/kerberos5/man/krb5/man/man3/krb5_c_enctype_compare.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_c_enctype_compare.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_cache_end_seq_get.3 b/kerberos5/man/krb5/man/man3/krb5_cc_cache_end_seq_get.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_cache_end_seq_get.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_cache_get_first.3 b/kerberos5/man/krb5/man/man3/krb5_cc_cache_get_first.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_cache_get_first.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_cache_match.3 b/kerberos5/man/krb5/man/man3/krb5_cc_cache_match.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_cache_match.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_cache_next.3 b/kerberos5/man/krb5/man/man3/krb5_cc_cache_next.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_cache_next.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_clear_mcred.3 b/kerberos5/man/krb5/man/man3/krb5_cc_clear_mcred.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_clear_mcred.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_close.3 b/kerberos5/man/krb5/man/man3/krb5_cc_close.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_close.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_copy_cache.3 b/kerberos5/man/krb5/man/man3/krb5_cc_copy_cache.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_copy_cache.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_copy_creds.3 b/kerberos5/man/krb5/man/man3/krb5_cc_copy_creds.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_copy_creds.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_copy_match_f.3 b/kerberos5/man/krb5/man/man3/krb5_cc_copy_match_f.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_copy_match_f.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_default.3 b/kerberos5/man/krb5/man/man3/krb5_cc_default.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_default.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_default_name.3 b/kerberos5/man/krb5/man/man3/krb5_cc_default_name.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_default_name.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_destroy.3 b/kerberos5/man/krb5/man/man3/krb5_cc_destroy.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_destroy.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_end_seq_get.3 b/kerberos5/man/krb5/man/man3/krb5_cc_end_seq_get.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_end_seq_get.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_gen_new.3 b/kerberos5/man/krb5/man/man3/krb5_cc_gen_new.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_gen_new.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_get_config.3 b/kerberos5/man/krb5/man/man3/krb5_cc_get_config.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_get_config.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_get_flags.3 b/kerberos5/man/krb5/man/man3/krb5_cc_get_flags.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_get_flags.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_get_friendly_name.3 b/kerberos5/man/krb5/man/man3/krb5_cc_get_friendly_name.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_get_friendly_name.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_get_full_name.3 b/kerberos5/man/krb5/man/man3/krb5_cc_get_full_name.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_get_full_name.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_get_kdc_offset.3 b/kerberos5/man/krb5/man/man3/krb5_cc_get_kdc_offset.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_get_kdc_offset.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_get_lifetime.3 b/kerberos5/man/krb5/man/man3/krb5_cc_get_lifetime.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_get_lifetime.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_get_name.3 b/kerberos5/man/krb5/man/man3/krb5_cc_get_name.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_get_name.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_get_ops.3 b/kerberos5/man/krb5/man/man3/krb5_cc_get_ops.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_get_ops.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_get_prefix_ops.3 b/kerberos5/man/krb5/man/man3/krb5_cc_get_prefix_ops.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_get_prefix_ops.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_get_principal.3 b/kerberos5/man/krb5/man/man3/krb5_cc_get_principal.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_get_principal.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_get_type.3 b/kerberos5/man/krb5/man/man3/krb5_cc_get_type.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_get_type.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_get_version.3 b/kerberos5/man/krb5/man/man3/krb5_cc_get_version.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_get_version.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_initialize.3 b/kerberos5/man/krb5/man/man3/krb5_cc_initialize.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_initialize.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_last_change_time.3 b/kerberos5/man/krb5/man/man3/krb5_cc_last_change_time.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_last_change_time.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_move.3 b/kerberos5/man/krb5/man/man3/krb5_cc_move.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_move.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_new_unique.3 b/kerberos5/man/krb5/man/man3/krb5_cc_new_unique.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_new_unique.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_next_cred.3 b/kerberos5/man/krb5/man/man3/krb5_cc_next_cred.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_next_cred.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_register.3 b/kerberos5/man/krb5/man/man3/krb5_cc_register.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_register.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_remove_cred.3 b/kerberos5/man/krb5/man/man3/krb5_cc_remove_cred.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_remove_cred.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_resolve.3 b/kerberos5/man/krb5/man/man3/krb5_cc_resolve.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_resolve.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_retrieve_cred.3 b/kerberos5/man/krb5/man/man3/krb5_cc_retrieve_cred.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_retrieve_cred.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_set_config.3 b/kerberos5/man/krb5/man/man3/krb5_cc_set_config.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_set_config.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_set_default_name.3 b/kerberos5/man/krb5/man/man3/krb5_cc_set_default_name.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_set_default_name.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_set_flags.3 b/kerberos5/man/krb5/man/man3/krb5_cc_set_flags.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_set_flags.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_set_friendly_name.3 b/kerberos5/man/krb5/man/man3/krb5_cc_set_friendly_name.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_set_friendly_name.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_set_kdc_offset.3 b/kerberos5/man/krb5/man/man3/krb5_cc_set_kdc_offset.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_set_kdc_offset.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_start_seq_get.3 b/kerberos5/man/krb5/man/man3/krb5_cc_start_seq_get.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_start_seq_get.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_store_cred.3 b/kerberos5/man/krb5/man/man3/krb5_cc_store_cred.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_store_cred.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_support_switch.3 b/kerberos5/man/krb5/man/man3/krb5_cc_support_switch.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_support_switch.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cc_switch.3 b/kerberos5/man/krb5/man/man3/krb5_cc_switch.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cc_switch.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_ccache.3 b/kerberos5/man/krb5/man/man3/krb5_ccache.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_ccache.3 @@ -0,0 +1,880 @@ +.TH "krb5_ccache" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal Kerberos 5 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_ccache \- Heimdal Kerberos 5 credential cache functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_register\fP (krb5_context context, const krb5_cc_ops *ops, krb5_boolean override)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_resolve\fP (krb5_context context, const char *name, krb5_ccache *id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_new_unique\fP (krb5_context context, const char *type, const char *hint, krb5_ccache *id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_cc_get_name\fP (krb5_context context, krb5_ccache id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_cc_get_type\fP (krb5_context context, krb5_ccache id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_get_full_name\fP (krb5_context context, krb5_ccache id, char **str)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION const krb5_cc_ops *KRB5_LIB_CALL \fBkrb5_cc_get_ops\fP (krb5_context context, krb5_ccache id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_switch\fP (krb5_context context, krb5_ccache id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_cc_support_switch\fP (krb5_context context, const char *type)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_set_default_name\fP (krb5_context context, const char *name)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_cc_default_name\fP (krb5_context context)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_default\fP (krb5_context context, krb5_ccache *id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_initialize\fP (krb5_context context, krb5_ccache id, krb5_principal primary_principal)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_destroy\fP (krb5_context context, krb5_ccache id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_close\fP (krb5_context context, krb5_ccache id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_store_cred\fP (krb5_context context, krb5_ccache id, krb5_creds *creds)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_retrieve_cred\fP (krb5_context context, krb5_ccache id, krb5_flags whichfields, const krb5_creds *mcreds, krb5_creds *creds)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_get_principal\fP (krb5_context context, krb5_ccache id, krb5_principal *principal)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_start_seq_get\fP (krb5_context context, const krb5_ccache id, krb5_cc_cursor *cursor)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_next_cred\fP (krb5_context context, const krb5_ccache id, krb5_cc_cursor *cursor, krb5_creds *creds)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_end_seq_get\fP (krb5_context context, const krb5_ccache id, krb5_cc_cursor *cursor)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_remove_cred\fP (krb5_context context, krb5_ccache id, krb5_flags which, krb5_creds *cred)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_set_flags\fP (krb5_context context, krb5_ccache id, krb5_flags flags)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_get_flags\fP (krb5_context context, krb5_ccache id, krb5_flags *flags)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_copy_match_f\fP (krb5_context context, const krb5_ccache from, krb5_ccache to, krb5_boolean(*match)(krb5_context, void *, const krb5_creds *), void *matchctx, unsigned int *matched)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_copy_cache\fP (krb5_context context, const krb5_ccache from, krb5_ccache to)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_get_version\fP (krb5_context context, const krb5_ccache id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_cc_clear_mcred\fP (krb5_creds *mcred)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION const krb5_cc_ops *KRB5_LIB_CALL \fBkrb5_cc_get_prefix_ops\fP (krb5_context context, const char *prefix)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_cache_get_first\fP (krb5_context context, const char *type, krb5_cc_cache_cursor *cursor)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_cache_next\fP (krb5_context context, krb5_cc_cache_cursor cursor, krb5_ccache *id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_cache_end_seq_get\fP (krb5_context context, krb5_cc_cache_cursor cursor)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_cache_match\fP (krb5_context context, krb5_principal client, krb5_ccache *id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_move\fP (krb5_context context, krb5_ccache from, krb5_ccache to)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_is_config_principal\fP (krb5_context context, krb5_const_principal principal)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_set_config\fP (krb5_context context, krb5_ccache id, krb5_const_principal principal, const char *name, krb5_data *data)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_get_config\fP (krb5_context context, krb5_ccache id, krb5_const_principal principal, const char *name, krb5_data *data)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cccol_cursor_new\fP (krb5_context context, krb5_cccol_cursor *cursor)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cccol_cursor_next\fP (krb5_context context, krb5_cccol_cursor cursor, krb5_ccache *cache)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cccol_cursor_free\fP (krb5_context context, krb5_cccol_cursor *cursor)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_last_change_time\fP (krb5_context context, krb5_ccache id, krb5_timestamp *mtime)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cccol_last_change_time\fP (krb5_context context, const char *type, krb5_timestamp *mtime)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_get_friendly_name\fP (krb5_context context, krb5_ccache id, char **name)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_set_friendly_name\fP (krb5_context context, krb5_ccache id, const char *name)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_get_lifetime\fP (krb5_context context, krb5_ccache id, time_t *t)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_set_kdc_offset\fP (krb5_context context, krb5_ccache id, krb5_deltat offset)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_get_kdc_offset\fP (krb5_context context, krb5_ccache id, krb5_deltat *offset)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_gen_new\fP (krb5_context context, const krb5_cc_ops *ops, krb5_ccache *id) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_copy_creds\fP (krb5_context context, const krb5_ccache from, krb5_ccache to)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_validated_creds\fP (krb5_context context, krb5_creds *creds, krb5_principal client, krb5_ccache ccache, char *service)" +.br +.in -1c +.SS "Variables" + +.in +1c +.ti -1c +.RI "KRB5_LIB_VARIABLE const krb5_cc_ops \fBkrb5_acc_ops\fP" +.br +.ti -1c +.RI "KRB5_LIB_VARIABLE const krb5_cc_ops \fBkrb5_dcc_ops\fP" +.br +.ti -1c +.RI "KRB5_LIB_VARIABLE const krb5_cc_ops \fBkrb5_fcc_ops\fP" +.br +.ti -1c +.RI "KRB5_LIB_VARIABLE const krb5_cc_ops \fBkrb5_mcc_ops\fP" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_end_seq_get (krb5_context context, krb5_cc_cache_cursor cursor)" +Destroy the cursor `cursor'\&. +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_get_first (krb5_context context, const char * type, krb5_cc_cache_cursor * cursor)" +Start iterating over all caches of specified type\&. See also \fBkrb5_cccol_cursor_new()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context +.br +\fItype\fP optional type to iterate over, if NULL, the default cache is used\&. +.br +\fIcursor\fP cursor should be freed with \fBkrb5_cc_cache_end_seq_get()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_match (krb5_context context, krb5_principal client, krb5_ccache * id)" +Search for a matching credential cache that have the `principal' as the default principal\&. On success, `id' needs to be freed with \fBkrb5_cc_close()\fP or \fBkrb5_cc_destroy()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context +.br +\fIclient\fP The principal to search for +.br +\fIid\fP the returned credential cache +.RE +.PP +\fBReturns\fP +.RS 4 +On failure, error code is returned and `id' is set to NULL\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_next (krb5_context context, krb5_cc_cache_cursor cursor, krb5_ccache * id)" +Retrieve the next cache pointed to by (`cursor') in `id' and advance `cursor'\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context +.br +\fIcursor\fP the iterator cursor, returned by \fBkrb5_cc_cache_get_first()\fP +.br +\fIid\fP next ccache +.RE +.PP +\fBReturns\fP +.RS 4 +Return 0 or an error code\&. Returns KRB5_CC_END when the end of caches is reached, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_cc_clear_mcred (krb5_creds * mcred)" +Clear `mcreds' so it can be used with krb5_cc_retrieve_cred +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_close (krb5_context context, krb5_ccache id)" +Stop using the ccache `id' and free the related resources\&. +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_cache (krb5_context context, const krb5_ccache from, krb5_ccache to)" +Just like \fBkrb5_cc_copy_match_f()\fP, but copy everything\&. +.PP +@ +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_creds (krb5_context context, const krb5_ccache from, krb5_ccache to)" +MIT compat glue +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_match_f (krb5_context context, const krb5_ccache from, krb5_ccache to, krb5_boolean(*)(krb5_context, void *, const krb5_creds *) match, void * matchctx, unsigned int * matched)" +Copy the contents of `from' to `to' if the given match function return true\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context\&. +.br +\fIfrom\fP the cache to copy data from\&. +.br +\fIto\fP the cache to copy data to\&. +.br +\fImatch\fP a match function that should return TRUE if cred argument should be copied, if NULL, all credentials are copied\&. +.br +\fImatchctx\fP context passed to match function\&. +.br +\fImatched\fP set to true if there was a credential that matched, may be NULL\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_default (krb5_context context, krb5_ccache * id)" +Open the default ccache in `id'\&. +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_default_name (krb5_context context)" +Return a pointer to a context static string containing the default ccache name\&. +.PP +\fBReturns\fP +.RS 4 +String to the default credential cache name\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_destroy (krb5_context context, krb5_ccache id)" +Remove the ccache `id'\&. +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_end_seq_get (krb5_context context, const krb5_ccache id, krb5_cc_cursor * cursor)" +Destroy the cursor `cursor'\&. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_gen_new (krb5_context context, const krb5_cc_ops * ops, krb5_ccache * id)" +Generate a new ccache of type `ops' in `id'\&. +.PP +Deprecated: use \fBkrb5_cc_new_unique()\fP instead\&. +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_config (krb5_context context, krb5_ccache id, krb5_const_principal principal, const char * name, krb5_data * data)" +Get some configuration for the credential cache in the cache\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIid\fP the credential cache to store the data for +.br +\fIprincipal\fP configuration for a specific principal, if NULL, global for the whole cache\&. +.br +\fIname\fP name under which the configuraion is stored\&. +.br +\fIdata\fP data to fetched, free with \fBkrb5_data_free()\fP +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_flags (krb5_context context, krb5_ccache id, krb5_flags * flags)" +Get the flags of `id', store them in `flags'\&. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_friendly_name (krb5_context context, krb5_ccache id, char ** name)" +Return a friendly name on credential cache\&. Free the result with krb5_xfree()\&. +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_full_name (krb5_context context, krb5_ccache id, char ** str)" +Return the complete resolvable name the cache +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIid\fP return pointer to a found credential cache +.br +\fIstr\fP the returned name of a credential cache, free with krb5_xfree() +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 or an error (and then *str is set to NULL)\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_kdc_offset (krb5_context context, krb5_ccache id, krb5_deltat * offset)" +Get the time offset betwen the client and the KDC +.PP +If the backend doesn't support KDC offset, use the context global setting\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context\&. +.br +\fIid\fP a credential cache +.br +\fIoffset\fP the offset in seconds +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_lifetime (krb5_context context, krb5_ccache id, time_t * t)" +Get the lifetime of the initial ticket in the cache +.PP +Get the lifetime of the initial ticket in the cache, if the initial ticket was not found, the error code KRB5_CC_END is returned\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context\&. +.br +\fIid\fP a credential cache +.br +\fIt\fP the relative lifetime of the initial ticket +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP +If we find the start krbtgt in the cache, use that as the lifespan\&. +.PP +If there was no krbtgt, use the shortest lifetime of service tickets that have yet to expire\&. If all credentials are expired, \fBkrb5_cc_get_lifetime()\fP will fail\&. +.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_get_name (krb5_context context, krb5_ccache id)" +Return the name of the ccache `id' +.SS "KRB5_LIB_FUNCTION const krb5_cc_ops* KRB5_LIB_CALL krb5_cc_get_ops (krb5_context context, krb5_ccache id)" +Return krb5_cc_ops of a the ccache `id'\&. +.SS "KRB5_LIB_FUNCTION const krb5_cc_ops* KRB5_LIB_CALL krb5_cc_get_prefix_ops (krb5_context context, const char * prefix)" +Get the cc ops that is registered in `context' to handle the prefix\&. prefix can be a complete credential cache name or a prefix, the function will only use part up to the first colon (:) if there is one\&. If prefix the argument is NULL, the default ccache implemtation is returned\&. +.PP +\fBReturns\fP +.RS 4 +Returns NULL if ops not found\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_principal (krb5_context context, krb5_ccache id, krb5_principal * principal)" +Return the principal of `id' in `principal'\&. +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_get_type (krb5_context context, krb5_ccache id)" +Return the type of the ccache `id'\&. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_version (krb5_context context, const krb5_ccache id)" +Return the version of `id'\&. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_initialize (krb5_context context, krb5_ccache id, krb5_principal primary_principal)" +Create a new ccache in `id' for `primary_principal'\&. +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_last_change_time (krb5_context context, krb5_ccache id, krb5_timestamp * mtime)" +Return the last time the credential cache was modified\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context +.br +\fIid\fP The credential cache to probe +.br +\fImtime\fP the last modification time, set to 0 on error\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return 0 or and error\&. See \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_move (krb5_context context, krb5_ccache from, krb5_ccache to)" +Move the content from one credential cache to another\&. The operation is an atomic switch\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIfrom\fP the credential cache to move the content from +.br +\fIto\fP the credential cache to move the content to +.RE +.PP +\fBReturns\fP +.RS 4 +On sucess, from is freed\&. On failure, error code is returned and from and to are both still allocated, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_new_unique (krb5_context context, const char * type, const char * hint, krb5_ccache * id)" +Generates a new unique ccache of \fCtype\fP in `id'\&. If `type' is NULL, the library chooses the default credential cache type\&. The supplied `hint' (that can be NULL) is a string that the credential cache type can use to base the name of the credential on, this is to make it easier for the user to differentiate the credentials\&. +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_next_cred (krb5_context context, const krb5_ccache id, krb5_cc_cursor * cursor, krb5_creds * creds)" +Retrieve the next cred pointed to by (`id', `cursor') in `creds' and advance `cursor'\&. +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_register (krb5_context context, const krb5_cc_ops * ops, krb5_boolean override)" +Add a new ccache type with operations `ops', overwriting any existing one if `override'\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIops\fP type of plugin symbol +.br +\fIoverride\fP flag to select if the registration is to overide an existing ops with the same name\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_remove_cred (krb5_context context, krb5_ccache id, krb5_flags which, krb5_creds * cred)" +Remove the credential identified by `cred', `which' from `id'\&. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_resolve (krb5_context context, const char * name, krb5_ccache * id)" +Find and allocate a ccache in `id' from the specification in `residual'\&. If the ccache name doesn't contain any colon, interpret it as a file name\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context\&. +.br +\fIname\fP string name of a credential cache\&. +.br +\fIid\fP return pointer to a found credential cache\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return 0 or an error code\&. In case of an error, id is set to NULL, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_retrieve_cred (krb5_context context, krb5_ccache id, krb5_flags whichfields, const krb5_creds * mcreds, krb5_creds * creds)" +Retrieve the credential identified by `mcreds' (and `whichfields') from `id' in `creds'\&. 'creds' must be free by the caller using krb5_free_cred_contents\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context +.br +\fIid\fP a Kerberos 5 credential cache +.br +\fIwhichfields\fP what fields to use for matching credentials, same flags as whichfields in \fBkrb5_compare_creds()\fP +.br +\fImcreds\fP template credential to use for comparing +.br +\fIcreds\fP returned credential, free with \fBkrb5_free_cred_contents()\fP +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_config (krb5_context context, krb5_ccache id, krb5_const_principal principal, const char * name, krb5_data * data)" +Store some configuration for the credential cache in the cache\&. Existing configuration under the same name is over-written\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIid\fP the credential cache to store the data for +.br +\fIprincipal\fP configuration for a specific principal, if NULL, global for the whole cache\&. +.br +\fIname\fP name under which the configuraion is stored\&. +.br +\fIdata\fP data to store, if NULL, configure is removed\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_default_name (krb5_context context, const char * name)" +Set the default cc name for `context' to `name'\&. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_flags (krb5_context context, krb5_ccache id, krb5_flags flags)" +Set the flags of `id' to `flags'\&. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_friendly_name (krb5_context context, krb5_ccache id, const char * name)" +Set the friendly name on credential cache\&. +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_kdc_offset (krb5_context context, krb5_ccache id, krb5_deltat offset)" +Set the time offset betwen the client and the KDC +.PP +If the backend doesn't support KDC offset, use the context global setting\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context\&. +.br +\fIid\fP a credential cache +.br +\fIoffset\fP the offset in seconds +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_start_seq_get (krb5_context context, const krb5_ccache id, krb5_cc_cursor * cursor)" +Start iterating over `id', `cursor' is initialized to the beginning\&. Caller must free the cursor with \fBkrb5_cc_end_seq_get()\fP\&. +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_store_cred (krb5_context context, krb5_ccache id, krb5_creds * creds)" +Store `creds' in the ccache `id'\&. +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_cc_support_switch (krb5_context context, const char * type)" +Return true if the default credential cache support switch +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_switch (krb5_context context, krb5_ccache id)" +Switch the default default credential cache for a specific credcache type (and name for some implementations)\&. +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_cursor_free (krb5_context context, krb5_cccol_cursor * cursor)" +End an iteration and free all resources, can be done before end is reached\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context +.br +\fIcursor\fP the iteration cursor to be freed\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return 0 or and error, KRB5_CC_END is returned at the end of iteration\&. See \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_cursor_new (krb5_context context, krb5_cccol_cursor * cursor)" +Get a new cache interation cursor that will interate over all credentials caches independent of type\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIcursor\fP passed into \fBkrb5_cccol_cursor_next()\fP and free with \fBkrb5_cccol_cursor_free()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 or and error code, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_cursor_next (krb5_context context, krb5_cccol_cursor cursor, krb5_ccache * cache)" +Get next credential cache from the iteration\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context +.br +\fIcursor\fP the iteration cursor +.br +\fIcache\fP the returned cursor, pointer is set to NULL on failure and a cache on success\&. The returned cache needs to be freed with \fBkrb5_cc_close()\fP or destroyed with \fBkrb5_cc_destroy()\fP\&. MIT Kerberos behavies slightly diffrent and sets cache to NULL when all caches are iterated over and return 0\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return 0 or and error, KRB5_CC_END is returned at the end of iteration\&. See \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_last_change_time (krb5_context context, const char * type, krb5_timestamp * mtime)" +Return the last modfication time for a cache collection\&. The query can be limited to a specific cache type\&. If the function return 0 and mtime is 0, there was no credentials in the caches\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context +.br +\fItype\fP The credential cache to probe, if NULL, all type are traversed\&. +.br +\fImtime\fP the last modification time, set to 0 on error\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return 0 or and error\&. See \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_validated_creds (krb5_context context, krb5_creds * creds, krb5_principal client, krb5_ccache ccache, char * service)" +Validate the newly fetch credential, see also krb5_verify_init_creds()\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context +.br +\fIcreds\fP the credentials to verify +.br +\fIclient\fP the client name to match up +.br +\fIccache\fP the credential cache to use +.br +\fIservice\fP a service name to use, used with \fBkrb5_sname_to_principal()\fP to build a hostname to use to verify\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_is_config_principal (krb5_context context, krb5_const_principal principal)" +Return TRUE (non zero) if the principal is a configuration principal (generated part of \fBkrb5_cc_set_config()\fP)\&. Returns FALSE (zero) if not a configuration principal\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIprincipal\fP principal to check if it a configuration principal +.RE +.PP + +.SH "Variable Documentation" +.PP +.SS "KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops" +\fBInitial value:\fP +.PP +.nf += { + KRB5_CC_OPS_VERSION, + "API", + acc_get_name, + acc_resolve, + acc_gen_new, + acc_initialize, + acc_destroy, + acc_close, + acc_store_cred, + NULL, + acc_get_principal, + acc_get_first, + acc_get_next, + acc_end_get, + acc_remove_cred, + acc_set_flags, + acc_get_version, + acc_get_cache_first, + acc_get_cache_next, + acc_end_cache_get, + acc_move, + acc_get_default_name, + acc_set_default, + acc_lastchange, + NULL, + NULL, +} +.fi +Variable containing the API based credential cache implemention\&. +.SS "KRB5_LIB_VARIABLE const krb5_cc_ops krb5_dcc_ops" +\fBInitial value:\fP +.PP +.nf += { + KRB5_CC_OPS_VERSION, + "DIR", + dcc_get_name, + dcc_resolve, + dcc_gen_new, + dcc_initialize, + dcc_destroy, + dcc_close, + dcc_store_cred, + NULL, + dcc_get_principal, + dcc_get_first, + dcc_get_next, + dcc_end_get, + dcc_remove_cred, + dcc_set_flags, + dcc_get_version, + dcc_get_cache_first, + dcc_get_cache_next, + dcc_end_cache_get, + dcc_move, + dcc_get_default_name, + dcc_set_default, + dcc_lastchange, + dcc_set_kdc_offset, + dcc_get_kdc_offset +} +.fi +Variable containing the DIR based credential cache implemention\&. +.SS "KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops" +\fBInitial value:\fP +.PP +.nf += { + KRB5_CC_OPS_VERSION, + "FILE", + fcc_get_name, + fcc_resolve, + fcc_gen_new, + fcc_initialize, + fcc_destroy, + fcc_close, + fcc_store_cred, + NULL, + fcc_get_principal, + fcc_get_first, + fcc_get_next, + fcc_end_get, + fcc_remove_cred, + fcc_set_flags, + fcc_get_version, + fcc_get_cache_first, + fcc_get_cache_next, + fcc_end_cache_get, + fcc_move, + fcc_get_default_name, + NULL, + fcc_lastchange, + fcc_set_kdc_offset, + fcc_get_kdc_offset +} +.fi +Variable containing the FILE based credential cache implemention\&. +.SS "KRB5_LIB_VARIABLE const krb5_cc_ops krb5_mcc_ops" +\fBInitial value:\fP +.PP +.nf += { + KRB5_CC_OPS_VERSION, + "MEMORY", + mcc_get_name, + mcc_resolve, + mcc_gen_new, + mcc_initialize, + mcc_destroy, + mcc_close, + mcc_store_cred, + NULL, + mcc_get_principal, + mcc_get_first, + mcc_get_next, + mcc_end_get, + mcc_remove_cred, + mcc_set_flags, + NULL, + mcc_get_cache_first, + mcc_get_cache_next, + mcc_end_cache_get, + mcc_move, + mcc_default_name, + NULL, + mcc_lastchange, + mcc_set_kdc_offset, + mcc_get_kdc_offset +} +.fi +Variable containing the MEMORY based credential cache implemention\&. +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal Kerberos 5 library from the source code\&. diff --git a/kerberos5/man/krb5/man/man3/krb5_ccache_intro.3 b/kerberos5/man/krb5/man/man3/krb5_ccache_intro.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_ccache_intro.3 @@ -0,0 +1,70 @@ +.TH "krb5_ccache_intro" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal Kerberos 5 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_ccache_intro \- The credential cache functions + +.SH "Kerberos credential caches" +.PP +krb5_ccache structure holds a Kerberos credential cache\&. +.PP +Heimdal support the follow types of credential caches: +.PP +.IP "\(bu" 2 +SCC Store the credential in a database +.IP "\(bu" 2 +FILE Store the credential in memory +.IP "\(bu" 2 +MEMORY Store the credential in memory +.IP "\(bu" 2 +API A credential cache server based solution for Mac OS X +.IP "\(bu" 2 +KCM A credential cache server based solution for all platforms +.PP +.SS "Example" +This is a minimalistic version of klist: +.PP +.nf +#include + +int +main (int argc, char **argv) +{ + krb5_context context; + krb5_cc_cursor cursor; + krb5_error_code ret; + krb5_ccache id; + krb5_creds creds; + + if (krb5_init_context (&context) != 0) + errx(1, "krb5_context"); + + ret = krb5_cc_default (context, &id); + if (ret) + krb5_err(context, 1, ret, "krb5_cc_default"); + + ret = krb5_cc_start_seq_get(context, id, &cursor); + if (ret) + krb5_err(context, 1, ret, "krb5_cc_start_seq_get"); + + while((ret = krb5_cc_next_cred(context, id, &cursor, &creds)) == 0){ + char *principal; + + krb5_unparse_name(context, creds\&.server, &principal); + printf("principal: %s\\n", principal); + free(principal); + krb5_free_cred_contents (context, &creds); + } + ret = krb5_cc_end_seq_get(context, id, &cursor); + if (ret) + krb5_err(context, 1, ret, "krb5_cc_end_seq_get"); + + krb5_cc_close(context, id); + + krb5_free_context(context); + return 0; +} + +.fi +.PP + diff --git a/kerberos5/man/krb5/man/man3/krb5_cccol_cursor_free.3 b/kerberos5/man/krb5/man/man3/krb5_cccol_cursor_free.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cccol_cursor_free.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cccol_cursor_new.3 b/kerberos5/man/krb5/man/man3/krb5_cccol_cursor_new.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cccol_cursor_new.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cccol_cursor_next.3 b/kerberos5/man/krb5/man/man3/krb5_cccol_cursor_next.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cccol_cursor_next.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cccol_last_change_time.3 b/kerberos5/man/krb5/man/man3/krb5_cccol_last_change_time.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cccol_last_change_time.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_change_password.3 b/kerberos5/man/krb5/man/man3/krb5_change_password.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_change_password.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_cksumtype_to_enctype.3 b/kerberos5/man/krb5/man/man3/krb5_cksumtype_to_enctype.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_cksumtype_to_enctype.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_clear_error_message.3 b/kerberos5/man/krb5/man/man3/krb5_clear_error_message.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_clear_error_message.3 @@ -0,0 +1 @@ +.so man3/krb5_error.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_clear_error_string.3 b/kerberos5/man/krb5/man/man3/krb5_clear_error_string.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_clear_error_string.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_compare_creds.3 b/kerberos5/man/krb5/man/man3/krb5_compare_creds.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_compare_creds.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_config_file_free.3 b/kerberos5/man/krb5/man/man3/krb5_config_file_free.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_config_file_free.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_config_free_strings.3 b/kerberos5/man/krb5/man/man3/krb5_config_free_strings.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_config_free_strings.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_config_get_bool.3 b/kerberos5/man/krb5/man/man3/krb5_config_get_bool.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_config_get_bool.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_config_get_bool_default.3 b/kerberos5/man/krb5/man/man3/krb5_config_get_bool_default.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_config_get_bool_default.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_config_get_list.3 b/kerberos5/man/krb5/man/man3/krb5_config_get_list.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_config_get_list.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_config_get_string.3 b/kerberos5/man/krb5/man/man3/krb5_config_get_string.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_config_get_string.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_config_get_string_default.3 b/kerberos5/man/krb5/man/man3/krb5_config_get_string_default.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_config_get_string_default.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_config_get_strings.3 b/kerberos5/man/krb5/man/man3/krb5_config_get_strings.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_config_get_strings.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_config_get_time.3 b/kerberos5/man/krb5/man/man3/krb5_config_get_time.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_config_get_time.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_config_get_time_default.3 b/kerberos5/man/krb5/man/man3/krb5_config_get_time_default.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_config_get_time_default.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_config_parse_file_multi.3 b/kerberos5/man/krb5/man/man3/krb5_config_parse_file_multi.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_config_parse_file_multi.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_config_parse_string_multi.3 b/kerberos5/man/krb5/man/man3/krb5_config_parse_string_multi.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_config_parse_string_multi.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_config_vget_bool.3 b/kerberos5/man/krb5/man/man3/krb5_config_vget_bool.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_config_vget_bool.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_config_vget_bool_default.3 b/kerberos5/man/krb5/man/man3/krb5_config_vget_bool_default.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_config_vget_bool_default.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_config_vget_list.3 b/kerberos5/man/krb5/man/man3/krb5_config_vget_list.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_config_vget_list.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_config_vget_string.3 b/kerberos5/man/krb5/man/man3/krb5_config_vget_string.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_config_vget_string.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_config_vget_string_default.3 b/kerberos5/man/krb5/man/man3/krb5_config_vget_string_default.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_config_vget_string_default.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_config_vget_strings.3 b/kerberos5/man/krb5/man/man3/krb5_config_vget_strings.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_config_vget_strings.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_config_vget_time.3 b/kerberos5/man/krb5/man/man3/krb5_config_vget_time.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_config_vget_time.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_config_vget_time_default.3 b/kerberos5/man/krb5/man/man3/krb5_config_vget_time_default.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_config_vget_time_default.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_copy_address.3 b/kerberos5/man/krb5/man/man3/krb5_copy_address.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_copy_address.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_copy_addresses.3 b/kerberos5/man/krb5/man/man3/krb5_copy_addresses.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_copy_addresses.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_copy_context.3 b/kerberos5/man/krb5/man/man3/krb5_copy_context.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_copy_context.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_copy_creds.3 b/kerberos5/man/krb5/man/man3/krb5_copy_creds.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_copy_creds.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_copy_creds_contents.3 b/kerberos5/man/krb5/man/man3/krb5_copy_creds_contents.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_copy_creds_contents.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_copy_data.3 b/kerberos5/man/krb5/man/man3/krb5_copy_data.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_copy_data.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_copy_host_realm.3 b/kerberos5/man/krb5/man/man3/krb5_copy_host_realm.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_copy_host_realm.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_copy_keyblock.3 b/kerberos5/man/krb5/man/man3/krb5_copy_keyblock.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_copy_keyblock.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_copy_keyblock_contents.3 b/kerberos5/man/krb5/man/man3/krb5_copy_keyblock_contents.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_copy_keyblock_contents.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_copy_principal.3 b/kerberos5/man/krb5/man/man3/krb5_copy_principal.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_copy_principal.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_copy_ticket.3 b/kerberos5/man/krb5/man/man3/krb5_copy_ticket.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_copy_ticket.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_create_checksum_iov.3 b/kerberos5/man/krb5/man/man3/krb5_create_checksum_iov.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_create_checksum_iov.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_credential.3 b/kerberos5/man/krb5/man/man3/krb5_credential.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_credential.3 @@ -0,0 +1,268 @@ +.TH "krb5_credential" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal Kerberos 5 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_credential \- Heimdal Kerberos 5 credential handing functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_fwd_tgt_creds\fP (krb5_context context, krb5_auth_context auth_context, const char *hostname, krb5_principal client, krb5_principal server, krb5_ccache ccache, int forwardable, krb5_data *out_data)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_forwarded_creds\fP (krb5_context context, krb5_auth_context auth_context, krb5_ccache ccache, krb5_flags flags, const char *hostname, krb5_creds *in_creds, krb5_data *out_data)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_init_creds_opt_alloc\fP (krb5_context context, krb5_get_init_creds_opt **opt)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_get_init_creds_opt_free\fP (krb5_context context, krb5_get_init_creds_opt *opt)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_creds_init\fP (krb5_context context, krb5_principal client, krb5_prompter_fct prompter, void *prompter_data, krb5_deltat start_time, krb5_get_init_creds_opt *options, krb5_init_creds_context *rctx)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_creds_set_service\fP (krb5_context context, krb5_init_creds_context ctx, const char *service)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_creds_set_password\fP (krb5_context context, krb5_init_creds_context ctx, const char *password)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_creds_set_keytab\fP (krb5_context context, krb5_init_creds_context ctx, krb5_keytab keytab)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_creds_step\fP (krb5_context context, krb5_init_creds_context ctx, krb5_data *in, krb5_data *out, krb5_krbhst_info *hostinfo, unsigned int *flags)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_creds_get_error\fP (krb5_context context, krb5_init_creds_context ctx, KRB_ERROR *error)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_init_creds_free\fP (krb5_context context, krb5_init_creds_context ctx)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_creds_get\fP (krb5_context context, krb5_init_creds_context ctx)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_init_creds_password\fP (krb5_context context, krb5_creds *creds, krb5_principal client, const char *password, krb5_prompter_fct prompter, void *data, krb5_deltat start_time, const char *in_tkt_service, krb5_get_init_creds_opt *options)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_init_creds_keyblock\fP (krb5_context context, krb5_creds *creds, krb5_principal client, krb5_keyblock *keyblock, krb5_deltat start_time, const char *in_tkt_service, krb5_get_init_creds_opt *options)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_init_creds_keytab\fP (krb5_context context, krb5_creds *creds, krb5_principal client, krb5_keytab keytab, krb5_deltat start_time, const char *in_tkt_service, krb5_get_init_creds_opt *options)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_fwd_tgt_creds (krb5_context context, krb5_auth_context auth_context, const char * hostname, krb5_principal client, krb5_principal server, krb5_ccache ccache, int forwardable, krb5_data * out_data)" +Forward credentials for client to host hostname , making them forwardable if forwardable, and returning the blob of data to sent in out_data\&. If hostname == NULL, pick it from server\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A kerberos 5 context\&. +.br +\fIauth_context\fP the auth context with the key to encrypt the out_data\&. +.br +\fIhostname\fP the host to forward the tickets too\&. +.br +\fIclient\fP the client to delegate from\&. +.br +\fIserver\fP the server to delegate the credential too\&. +.br +\fIccache\fP credential cache to use\&. +.br +\fIforwardable\fP make the forwarded ticket forwabledable\&. +.br +\fIout_data\fP the resulting credential\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_forwarded_creds (krb5_context context, krb5_auth_context auth_context, krb5_ccache ccache, krb5_flags flags, const char * hostname, krb5_creds * in_creds, krb5_data * out_data)" +Gets tickets forwarded to hostname\&. If the tickets that are forwarded are address-less, the forwarded tickets will also be address-less\&. +.PP +If the ticket have any address, hostname will be used for figure out the address to forward the ticket too\&. This since this might use DNS, its insecure and also doesn't represent configured all addresses of the host\&. For example, the host might have two adresses, one IPv4 and one IPv6 address where the later is not published in DNS\&. This IPv6 address might be used communications and thus the resulting ticket useless\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A kerberos 5 context\&. +.br +\fIauth_context\fP the auth context with the key to encrypt the out_data\&. +.br +\fIccache\fP credential cache to use +.br +\fIflags\fP the flags to control the resulting ticket flags +.br +\fIhostname\fP the host to forward the tickets too\&. +.br +\fIin_creds\fP the in client and server ticket names\&. The client and server components forwarded to the remote host\&. +.br +\fIout_data\fP the resulting credential\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP +Some older of the MIT gssapi library used clear-text tickets (warped inside AP-REQ encryption), use the krb5_auth_context flag KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED to support those tickets\&. The session key is used otherwise to encrypt the forwarded ticket\&. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_keyblock (krb5_context context, krb5_creds * creds, krb5_principal client, krb5_keyblock * keyblock, krb5_deltat start_time, const char * in_tkt_service, krb5_get_init_creds_opt * options)" +Get new credentials using keyblock\&. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_keytab (krb5_context context, krb5_creds * creds, krb5_principal client, krb5_keytab keytab, krb5_deltat start_time, const char * in_tkt_service, krb5_get_init_creds_opt * options)" +Get new credentials using keytab\&. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_alloc (krb5_context context, krb5_get_init_creds_opt ** opt)" +Allocate a new krb5_get_init_creds_opt structure, free with \fBkrb5_get_init_creds_opt_free()\fP\&. +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_free (krb5_context context, krb5_get_init_creds_opt * opt)" +Free krb5_get_init_creds_opt structure\&. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_password (krb5_context context, krb5_creds * creds, krb5_principal client, const char * password, krb5_prompter_fct prompter, void * data, krb5_deltat start_time, const char * in_tkt_service, krb5_get_init_creds_opt * options)" +Get new credentials using password\&. +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_init_creds_free (krb5_context context, krb5_init_creds_context ctx)" +Free the krb5_init_creds_context allocated by \fBkrb5_init_creds_init()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context\&. +.br +\fIctx\fP The krb5_init_creds_context to free\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_get (krb5_context context, krb5_init_creds_context ctx)" +Get new credentials as setup by the krb5_init_creds_context\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context\&. +.br +\fIctx\fP The krb5_init_creds_context to process\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_get_error (krb5_context context, krb5_init_creds_context ctx, KRB_ERROR * error)" +Get the last error from the transaction\&. +.PP +\fBReturns\fP +.RS 4 +Returns 0 or an error code +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_init (krb5_context context, krb5_principal client, krb5_prompter_fct prompter, void * prompter_data, krb5_deltat start_time, krb5_get_init_creds_opt * options, krb5_init_creds_context * rctx)" +Start a new context to get a new initial credential\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context\&. +.br +\fIclient\fP The Kerberos principal to get the credential for, if NULL is given, the default principal is used as determined by krb5_get_default_principal()\&. +.br +\fIprompter\fP +.br +\fIprompter_data\fP +.br +\fIstart_time\fP the time the ticket should start to be valid or 0 for now\&. +.br +\fIoptions\fP a options structure, can be NULL for default options\&. +.br +\fIrctx\fP A new allocated free with \fBkrb5_init_creds_free()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +0 for success or an Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_keytab (krb5_context context, krb5_init_creds_context ctx, krb5_keytab keytab)" +Set the keytab to use for authentication\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context\&. +.br +\fIctx\fP ctx krb5_init_creds_context context\&. +.br +\fIkeytab\fP the keytab to read the key from\&. +.RE +.PP +\fBReturns\fP +.RS 4 +0 for success, or an Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_password (krb5_context context, krb5_init_creds_context ctx, const char * password)" +Sets the password that will use for the request\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context\&. +.br +\fIctx\fP ctx krb5_init_creds_context context\&. +.br +\fIpassword\fP the password to use\&. +.RE +.PP +\fBReturns\fP +.RS 4 +0 for success, or an Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_service (krb5_context context, krb5_init_creds_context ctx, const char * service)" +Sets the service that the is requested\&. This call is only neede for special initial tickets, by default the a krbtgt is fetched in the default realm\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context\&. +.br +\fIctx\fP a krb5_init_creds_context context\&. +.br +\fIservice\fP the service given as a string, for example 'kadmind/admin'\&. If NULL, the default krbtgt in the clients realm is set\&. +.RE +.PP +\fBReturns\fP +.RS 4 +0 for success, or an Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_step (krb5_context context, krb5_init_creds_context ctx, krb5_data * in, krb5_data * out, krb5_krbhst_info * hostinfo, unsigned int * flags)" +The core loop if krb5_get_init_creds() function family\&. Create the packets and have the caller send them off to the KDC\&. +.PP +If the caller want all work been done for them, use \fBkrb5_init_creds_get()\fP instead\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context\&. +.br +\fIctx\fP ctx krb5_init_creds_context context\&. +.br +\fIin\fP input data from KDC, first round it should be reset by krb5_data_zer()\&. +.br +\fIout\fP reply to KDC\&. +.br +\fIhostinfo\fP KDC address info, first round it can be NULL\&. +.br +\fIflags\fP status of the round, if KRB5_INIT_CREDS_STEP_FLAG_CONTINUE is set, continue one more round\&. +.RE +.PP +\fBReturns\fP +.RS 4 +0 for success, or an Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal Kerberos 5 library from the source code\&. diff --git a/kerberos5/man/krb5/man/man3/krb5_creds_get_ticket_flags.3 b/kerberos5/man/krb5/man/man3/krb5_creds_get_ticket_flags.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_creds_get_ticket_flags.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_crypto.3 b/kerberos5/man/krb5/man/man3/krb5_crypto.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_crypto.3 @@ -0,0 +1,649 @@ +.TH "krb5_crypto" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal Kerberos 5 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_crypto \- Heimdal Kerberos 5 cryptography functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_generate_random\fP (void *buf, size_t len)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_generate_random_block\fP (void *buf, size_t len)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_enctype_valid\fP (krb5_context context, krb5_enctype etype)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cksumtype_to_enctype\fP (krb5_context context, krb5_cksumtype ctype, krb5_enctype *etype)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_encrypt_iov_ivec\fP (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP *data, int num_data, void *ivec)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_decrypt_iov_ivec\fP (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP *data, unsigned int num_data, void *ivec)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_create_checksum_iov\fP (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP *data, unsigned int num_data, krb5_cksumtype *type)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_verify_checksum_iov\fP (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP *data, unsigned int num_data, krb5_cksumtype *type)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_init\fP (krb5_context context, const krb5_keyblock *key, krb5_enctype etype, krb5_crypto *crypto)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_destroy\fP (krb5_context context, krb5_crypto crypto)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_getblocksize\fP (krb5_context context, krb5_crypto crypto, size_t *blocksize)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_getenctype\fP (krb5_context context, krb5_crypto crypto, krb5_enctype *enctype)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_getpadsize\fP (krb5_context context, krb5_crypto crypto, size_t *padsize)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_getconfoundersize\fP (krb5_context context, krb5_crypto crypto, size_t *confoundersize)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_enctype_disable\fP (krb5_context context, krb5_enctype enctype)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_enctype_enable\fP (krb5_context context, krb5_enctype enctype)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_allow_weak_crypto\fP (krb5_context context, krb5_boolean enable)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_is_enctype_weak\fP (krb5_context context, krb5_enctype enctype)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fB_krb5_enctype_requires_random_salt\fP (krb5_context context, krb5_enctype enctype)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_random_to_key\fP (krb5_context context, krb5_enctype type, const void *data, size_t size, krb5_keyblock *key)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_fx_cf2\fP (krb5_context context, const krb5_crypto crypto1, const krb5_crypto crypto2, krb5_data *pepper1, krb5_data *pepper2, krb5_enctype enctype, krb5_keyblock *res)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_generate_subkey_extended\fP (krb5_context context, const krb5_keyblock *key, krb5_enctype etype, krb5_keyblock **subkey)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_keyblock_zero\fP (krb5_keyblock *keyblock)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_free_keyblock_contents\fP (krb5_context context, krb5_keyblock *keyblock)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_free_keyblock\fP (krb5_context context, krb5_keyblock *keyblock)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_keyblock_contents\fP (krb5_context context, const krb5_keyblock *inblock, krb5_keyblock *to)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_keyblock\fP (krb5_context context, const krb5_keyblock *inblock, krb5_keyblock **to)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_enctype KRB5_LIB_CALL \fBkrb5_keyblock_get_enctype\fP (const krb5_keyblock *block)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_keyblock_init\fP (krb5_context context, krb5_enctype type, const void *data, size_t size, krb5_keyblock *key)" +.br +.ti -1c +.RI "krb5_error_code \fB_krb5_SP800_108_HMAC_KDF\fP (krb5_context context, const krb5_data *kdf_K1, const krb5_data *kdf_label, const krb5_data *kdf_context, const EVP_MD *md, krb5_data *kdf_K0)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL _krb5_enctype_requires_random_salt (krb5_context context, krb5_enctype enctype)" +Returns whether the encryption type should use randomly generated salts +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIenctype\fP encryption type to probe +.RE +.PP +\fBReturns\fP +.RS 4 +Returns true if generated salts should have random component +.RE +.PP + +.SS "krb5_error_code _krb5_SP800_108_HMAC_KDF (krb5_context context, const krb5_data * kdf_K1, const krb5_data * kdf_label, const krb5_data * kdf_context, const EVP_MD * md, krb5_data * kdf_K0)" +As described in SP800-108 5\&.1 (for HMAC) +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIkdf_K1\fP Base key material\&. +.br +\fIkdf_label\fP A string that identifies the purpose for the derived key\&. +.br +\fIkdf_context\fP A binary string containing parties, nonce, etc\&. +.br +\fImd\fP Message digest function to use for PRF\&. +.br +\fIkdf_K0\fP Derived key data\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code for an failure or 0 on success\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_allow_weak_crypto (krb5_context context, krb5_boolean enable)" +Enable or disable all weak encryption types +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIenable\fP true to enable, false to disable +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cksumtype_to_enctype (krb5_context context, krb5_cksumtype ctype, krb5_enctype * etype)" +Return the coresponding encryption type for a checksum type\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIctype\fP The checksum type to get the result enctype for +.br +\fIetype\fP The returned encryption, when the matching etype is not found, etype is set to ETYPE_NULL\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code for an failure or 0 on success\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_keyblock (krb5_context context, const krb5_keyblock * inblock, krb5_keyblock ** to)" +Copy a keyblock, free the output keyblock with \fBkrb5_free_keyblock()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context +.br +\fIinblock\fP the key to copy +.br +\fIto\fP the output key\&. +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success or a Kerberos 5 error code +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_keyblock_contents (krb5_context context, const krb5_keyblock * inblock, krb5_keyblock * to)" +Copy a keyblock, free the output keyblock with \fBkrb5_free_keyblock_contents()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context +.br +\fIinblock\fP the key to copy +.br +\fIto\fP the output key\&. +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success or a Kerberos 5 error code +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_create_checksum_iov (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP * data, unsigned int num_data, krb5_cksumtype * type)" +Create a Kerberos message checksum\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIcrypto\fP Kerberos crypto context +.br +\fIusage\fP Key usage for this buffer +.br +\fIdata\fP array of buffers to process +.br +\fInum_data\fP length of array +.br +\fItype\fP output data +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_destroy (krb5_context context, krb5_crypto crypto)" +Free a crypto context created by \fBkrb5_crypto_init()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIcrypto\fP crypto context to free +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_fx_cf2 (krb5_context context, const krb5_crypto crypto1, const krb5_crypto crypto2, krb5_data * pepper1, krb5_data * pepper2, krb5_enctype enctype, krb5_keyblock * res)" +The FX-CF2 key derivation function, used in FAST and preauth framework\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIcrypto1\fP first key to combine +.br +\fIcrypto2\fP second key to combine +.br +\fIpepper1\fP factor to combine with first key to garante uniqueness +.br +\fIpepper2\fP factor to combine with second key to garante uniqueness +.br +\fIenctype\fP the encryption type of the resulting key +.br +\fIres\fP allocated key, free with \fBkrb5_free_keyblock_contents()\fP +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getblocksize (krb5_context context, krb5_crypto crypto, size_t * blocksize)" +Return the blocksize used algorithm referenced by the crypto context +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIcrypto\fP crypto context to query +.br +\fIblocksize\fP the resulting blocksize +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getconfoundersize (krb5_context context, krb5_crypto crypto, size_t * confoundersize)" +Return the confounder size used by the crypto context +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIcrypto\fP crypto context to query +.br +\fIconfoundersize\fP the returned confounder size +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getenctype (krb5_context context, krb5_crypto crypto, krb5_enctype * enctype)" +Return the encryption type used by the crypto context +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIcrypto\fP crypto context to query +.br +\fIenctype\fP the resulting encryption type +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getpadsize (krb5_context context, krb5_crypto crypto, size_t * padsize)" +Return the padding size used by the crypto context +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIcrypto\fP crypto context to query +.br +\fIpadsize\fP the return padding size +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_init (krb5_context context, const krb5_keyblock * key, krb5_enctype etype, krb5_crypto * crypto)" +Create a crypto context used for all encryption and signature operation\&. The encryption type to use is taken from the key, but can be overridden with the enctype parameter\&. This can be useful for encryptions types which is compatiable (DES for example)\&. +.PP +To free the crypto context, use \fBkrb5_crypto_destroy()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIkey\fP the key block information with all key data +.br +\fIetype\fP the encryption type +.br +\fIcrypto\fP the resulting crypto context +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt_iov_ivec (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP * data, unsigned int num_data, void * ivec)" +Inline decrypt a Kerberos message\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIcrypto\fP Kerberos crypto context +.br +\fIusage\fP Key usage for this buffer +.br +\fIdata\fP array of buffers to process +.br +\fInum_data\fP length of array +.br +\fIivec\fP initial cbc/cts vector +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP +.IP "1." 4 +KRB5_CRYPTO_TYPE_HEADER +.IP "2." 4 +one KRB5_CRYPTO_TYPE_DATA and array [0,\&.\&.\&.] of KRB5_CRYPTO_TYPE_SIGN_ONLY in any order, however the receiver have to aware of the order\&. KRB5_CRYPTO_TYPE_SIGN_ONLY is commonly used unencrypoted protocol headers and trailers\&. The output data will be of same size as the input data or shorter\&. +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encrypt_iov_ivec (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP * data, int num_data, void * ivec)" +Inline encrypt a kerberos message +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIcrypto\fP Kerberos crypto context +.br +\fIusage\fP Key usage for this buffer +.br +\fIdata\fP array of buffers to process +.br +\fInum_data\fP length of array +.br +\fIivec\fP initial cbc/cts vector +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP +Kerberos encrypted data look like this: +.PP +.IP "1." 4 +KRB5_CRYPTO_TYPE_HEADER +.IP "2." 4 +array [1,\&.\&.\&.] KRB5_CRYPTO_TYPE_DATA and array [0,\&.\&.\&.] KRB5_CRYPTO_TYPE_SIGN_ONLY in any order, however the receiver have to aware of the order\&. KRB5_CRYPTO_TYPE_SIGN_ONLY is commonly used headers and trailers\&. +.IP "3." 4 +KRB5_CRYPTO_TYPE_PADDING, at least on padsize long if padsize > 1 +.IP "4." 4 +KRB5_CRYPTO_TYPE_TRAILER +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_disable (krb5_context context, krb5_enctype enctype)" +Disable encryption type +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIenctype\fP encryption type to disable +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_enable (krb5_context context, krb5_enctype enctype)" +Enable encryption type +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIenctype\fP encryption type to enable +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_valid (krb5_context context, krb5_enctype etype)" +Check if a enctype is valid, return 0 if it is\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIetype\fP enctype to check if its valid or not +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code for an failure or 0 on success (enctype valid)\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_keyblock (krb5_context context, krb5_keyblock * keyblock)" +Free a keyblock, also zero out the content of the keyblock, uses \fBkrb5_free_keyblock_contents()\fP to free the content\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context +.br +\fIkeyblock\fP keyblock to free, NULL is valid argument +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_keyblock_contents (krb5_context context, krb5_keyblock * keyblock)" +Free a keyblock's content, also zero out the content of the keyblock\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context +.br +\fIkeyblock\fP keyblock content to free, NULL is valid argument +.RE +.PP + +.SS "HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_random (void * buf, size_t len)" +Fill buffer buf with len bytes of PRNG randomness that is ok to use for key generation, padding and public diclosing the randomness w/o disclosing the randomness source\&. +.PP +This function can fail, and callers must check the return value\&. +.PP +\fBParameters\fP +.RS 4 +\fIbuf\fP a buffer to fill with randomness +.br +\fIlen\fP length of memory that buf points to\&. +.RE +.PP +\fBReturns\fP +.RS 4 +return 0 on success or HEIM_ERR_RANDOM_OFFLINE if the funcation failed to initialize the randomness source\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_generate_random_block (void * buf, size_t len)" +Fill buffer buf with len bytes of PRNG randomness that is ok to use for key generation, padding and public diclosing the randomness w/o disclosing the randomness source\&. +.PP +This function can NOT fail, instead it will abort() and program will crash\&. +.PP +If this function is called after a successful \fBkrb5_init_context()\fP, the chance of it failing is low due to that \fBkrb5_init_context()\fP pulls out some random, and quite commonly the randomness sources will not fail once it have started to produce good output, /dev/urandom behavies that way\&. +.PP +\fBParameters\fP +.RS 4 +\fIbuf\fP a buffer to fill with randomness +.br +\fIlen\fP length of memory that buf points to\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_subkey_extended (krb5_context context, const krb5_keyblock * key, krb5_enctype etype, krb5_keyblock ** subkey)" +Generate subkey, from keyblock +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP kerberos context +.br +\fIkey\fP session key +.br +\fIetype\fP encryption type of subkey, if ETYPE_NULL, use key's enctype +.br +\fIsubkey\fP returned new, free with \fBkrb5_free_keyblock()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success or a Kerberos 5 error code +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_is_enctype_weak (krb5_context context, krb5_enctype enctype)" +Returns is the encryption is strong or weak +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIenctype\fP encryption type to probe +.RE +.PP +\fBReturns\fP +.RS 4 +Returns true if encryption type is weak or is not supported\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_enctype KRB5_LIB_CALL krb5_keyblock_get_enctype (const krb5_keyblock * block)" +Get encryption type of a keyblock\&. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keyblock_init (krb5_context context, krb5_enctype type, const void * data, size_t size, krb5_keyblock * key)" +Fill in `key' with key data of type `enctype' from `data' of length `size'\&. Key should be freed using \fBkrb5_free_keyblock_contents()\fP\&. +.PP +\fBReturns\fP +.RS 4 +0 on success or a Kerberos 5 error code +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_keyblock_zero (krb5_keyblock * keyblock)" +Zero out a keyblock +.PP +\fBParameters\fP +.RS 4 +\fIkeyblock\fP keyblock to zero out +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_random_to_key (krb5_context context, krb5_enctype type, const void * data, size_t size, krb5_keyblock * key)" +Converts the random bytestring to a protocol key according to Kerberos crypto frame work\&. It may be assumed that all the bits of the input string are equally random, even though the entropy present in the random source may be limited\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fItype\fP the enctype resulting key will be of +.br +\fIdata\fP input random data to convert to a key +.br +\fIsize\fP size of input random data, at least krb5_enctype_keysize() long +.br +\fIkey\fP key, output key, free with \fBkrb5_free_keyblock_contents()\fP +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_checksum_iov (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP * data, unsigned int num_data, krb5_cksumtype * type)" +Verify a Kerberos message checksum\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIcrypto\fP Kerberos crypto context +.br +\fIusage\fP Key usage for this buffer +.br +\fIdata\fP array of buffers to process +.br +\fInum_data\fP length of array +.br +\fItype\fP return checksum type if not NULL +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal Kerberos 5 library from the source code\&. diff --git a/kerberos5/man/krb5/man/man3/krb5_crypto_destroy.3 b/kerberos5/man/krb5/man/man3/krb5_crypto_destroy.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_crypto_destroy.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_crypto_fx_cf2.3 b/kerberos5/man/krb5/man/man3/krb5_crypto_fx_cf2.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_crypto_fx_cf2.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_crypto_getblocksize.3 b/kerberos5/man/krb5/man/man3/krb5_crypto_getblocksize.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_crypto_getblocksize.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_crypto_getconfoundersize.3 b/kerberos5/man/krb5/man/man3/krb5_crypto_getconfoundersize.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_crypto_getconfoundersize.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_crypto_getenctype.3 b/kerberos5/man/krb5/man/man3/krb5_crypto_getenctype.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_crypto_getenctype.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_crypto_getpadsize.3 b/kerberos5/man/krb5/man/man3/krb5_crypto_getpadsize.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_crypto_getpadsize.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_crypto_init.3 b/kerberos5/man/krb5/man/man3/krb5_crypto_init.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_crypto_init.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_crypto_iov.3 b/kerberos5/man/krb5/man/man3/krb5_crypto_iov.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_crypto_iov.3 @@ -0,0 +1,17 @@ +.TH "krb5_crypto_iov" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal Kerberos 5 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_crypto_iov +.SH SYNOPSIS +.br +.PP +.PP +\fC#include \fP +.SH "Detailed Description" +.PP +Semi private, not stable yet + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal Kerberos 5 library from the source code\&. diff --git a/kerberos5/man/krb5/man/man3/krb5_data_alloc.3 b/kerberos5/man/krb5/man/man3/krb5_data_alloc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_data_alloc.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_data_cmp.3 b/kerberos5/man/krb5/man/man3/krb5_data_cmp.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_data_cmp.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_data_copy.3 b/kerberos5/man/krb5/man/man3/krb5_data_copy.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_data_copy.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_data_ct_cmp.3 b/kerberos5/man/krb5/man/man3/krb5_data_ct_cmp.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_data_ct_cmp.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_data_free.3 b/kerberos5/man/krb5/man/man3/krb5_data_free.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_data_free.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_data_realloc.3 b/kerberos5/man/krb5/man/man3/krb5_data_realloc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_data_realloc.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_data_zero.3 b/kerberos5/man/krb5/man/man3/krb5_data_zero.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_data_zero.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_dcc_ops.3 b/kerberos5/man/krb5/man/man3/krb5_dcc_ops.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_dcc_ops.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_decrypt_iov_ivec.3 b/kerberos5/man/krb5/man/man3/krb5_decrypt_iov_ivec.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_decrypt_iov_ivec.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_deprecated.3 b/kerberos5/man/krb5/man/man3/krb5_deprecated.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_deprecated.3 @@ -0,0 +1,249 @@ +.TH "krb5_deprecated" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal Kerberos 5 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_deprecated \- Heimdal Kerberos 5 deprecated functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_change_password\fP (krb5_context context, krb5_creds *creds, const char *newpw, int *result_code, krb5_data *result_code_string, krb5_data *result_string) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_config_parse_string_multi\fP (krb5_context context, const char *string, krb5_config_section **res) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_keytype_to_enctypes\fP (krb5_context context, krb5_keytype keytype, unsigned *len, krb5_enctype **val) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_enctypes_compatible_keys\fP (krb5_context context, krb5_enctype etype1, krb5_enctype etype2) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_free_data_contents\fP (krb5_context context, krb5_data *data) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_keytype_to_enctypes_default\fP (krb5_context context, krb5_keytype keytype, unsigned *len, krb5_enctype **val) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_keytype_to_string\fP (krb5_context context, krb5_keytype keytype, char **string) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_string_to_keytype\fP (krb5_context context, const char *string, krb5_keytype *keytype) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_CALLCONV \fBkrb5_password_key_proc\fP (krb5_context context, krb5_enctype type, krb5_salt salt, krb5_const_pointer keyseed, krb5_keyblock **key) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_in_tkt_with_password\fP (krb5_context context, krb5_flags options, krb5_addresses *addrs, const krb5_enctype *etypes, const krb5_preauthtype *pre_auth_types, const char *password, krb5_ccache ccache, krb5_creds *creds, krb5_kdc_rep *ret_as_reply) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_in_tkt_with_skey\fP (krb5_context context, krb5_flags options, krb5_addresses *addrs, const krb5_enctype *etypes, const krb5_preauthtype *pre_auth_types, const krb5_keyblock *key, krb5_ccache ccache, krb5_creds *creds, krb5_kdc_rep *ret_as_reply) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_CALLCONV \fBkrb5_keytab_key_proc\fP (krb5_context context, krb5_enctype enctype, krb5_salt salt, krb5_const_pointer keyseed, krb5_keyblock **key) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_in_tkt_with_keytab\fP (krb5_context context, krb5_flags options, krb5_addresses *addrs, const krb5_enctype *etypes, const krb5_preauthtype *pre_auth_types, krb5_keytab keytab, krb5_ccache ccache, krb5_creds *creds, krb5_kdc_rep *ret_as_reply) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_realm *KRB5_LIB_CALL \fBkrb5_princ_realm\fP (krb5_context context, krb5_principal principal) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_princ_set_realm\fP (krb5_context context, krb5_principal principal, krb5_realm *realm) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_free_creds_contents\fP (krb5_context context, krb5_creds *c) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_free_error_string\fP (krb5_context context, char *str) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_set_error_string\fP (krb5_context context, const char *fmt,\&.\&.\&.) __attribute__((__format__(__printf__" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_vset_error_string\fP (krb5_context context, const char *fmt, va_list args) __attribute__((__format__(__printf__" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_clear_error_string\fP (krb5_context context) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_cred_from_kdc_opt\fP (krb5_context context, krb5_ccache ccache, krb5_creds *in_creds, krb5_creds **out_creds, krb5_creds ***ret_tgts, krb5_flags flags) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_cred_from_kdc\fP (krb5_context context, krb5_ccache ccache, krb5_creds *in_creds, krb5_creds **out_creds, krb5_creds ***ret_tgts) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_free_unparsed_name\fP (krb5_context context, char *str) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_generate_subkey\fP (krb5_context context, const krb5_keyblock *key, krb5_keyblock **subkey) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_auth_getremoteseqnumber\fP (krb5_context context, krb5_auth_context auth_context, int32_t *seqnumber) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_get_init_creds_opt_init\fP (krb5_get_init_creds_opt *opt) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_init_creds_opt_get_error\fP (krb5_context context, krb5_get_init_creds_opt *opt, KRB_ERROR **error) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_c_enctype_compare\fP (krb5_context context, krb5_enctype e1, krb5_enctype e2, krb5_boolean *similar) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_getremoteseqnumber (krb5_context context, krb5_auth_context auth_context, int32_t * seqnumber)" +Deprecated: use krb5_auth_con_getremoteseqnumber() +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_enctype_compare (krb5_context context, krb5_enctype e1, krb5_enctype e2, krb5_boolean * similar)" +Deprecated: keytypes doesn't exists, they are really enctypes\&. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_change_password (krb5_context context, krb5_creds * creds, const char * newpw, int * result_code, krb5_data * result_code_string, krb5_data * result_string)" +Deprecated: \fBkrb5_change_password()\fP is deprecated, use \fBkrb5_set_password()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIcreds\fP +.br +\fInewpw\fP +.br +\fIresult_code\fP +.br +\fIresult_code_string\fP +.br +\fIresult_string\fP +.RE +.PP +\fBReturns\fP +.RS 4 +On sucess password is changed\&. +.RE +.PP +@ +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_clear_error_string (krb5_context context)" +Clear the error message returned by \fBkrb5_get_error_string()\fP\&. +.PP +Deprecated: use \fBkrb5_clear_error_message()\fP +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos context +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_parse_string_multi (krb5_context context, const char * string, krb5_config_section ** res)" +Deprecated: configuration files are not strings +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_enctypes_compatible_keys (krb5_context context, krb5_enctype etype1, krb5_enctype etype2)" +Deprecated: keytypes doesn't exists, they are really enctypes\&. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_creds_contents (krb5_context context, krb5_creds * c)" +Deprecated: use \fBkrb5_free_cred_contents()\fP +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_data_contents (krb5_context context, krb5_data * data)" +Same as \fBkrb5_data_free()\fP\&. MIT compat\&. +.PP +Deprecated: use \fBkrb5_data_free()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIdata\fP krb5_data to free\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_error_string (krb5_context context, char * str)" +Free the error message returned by \fBkrb5_get_error_string()\fP\&. +.PP +Deprecated: use \fBkrb5_free_error_message()\fP +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIstr\fP error message to free +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_unparsed_name (krb5_context context, char * str)" +Deprecated: use krb5_xfree()\&. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_subkey (krb5_context context, const krb5_keyblock * key, krb5_keyblock ** subkey)" +Deprecated: use \fBkrb5_generate_subkey_extended()\fP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_cred_from_kdc (krb5_context context, krb5_ccache ccache, krb5_creds * in_creds, krb5_creds ** out_creds, krb5_creds *** ret_tgts)" +Deprecated: use krb5_get_credentials_with_flags()\&. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_cred_from_kdc_opt (krb5_context context, krb5_ccache ccache, krb5_creds * in_creds, krb5_creds ** out_creds, krb5_creds *** ret_tgts, krb5_flags flags)" +Deprecated: use krb5_get_credentials_with_flags()\&. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_tkt_with_keytab (krb5_context context, krb5_flags options, krb5_addresses * addrs, const krb5_enctype * etypes, const krb5_preauthtype * pre_auth_types, krb5_keytab keytab, krb5_ccache ccache, krb5_creds * creds, krb5_kdc_rep * ret_as_reply)" +Deprecated: use krb5_get_init_creds() and friends\&. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_tkt_with_password (krb5_context context, krb5_flags options, krb5_addresses * addrs, const krb5_enctype * etypes, const krb5_preauthtype * pre_auth_types, const char * password, krb5_ccache ccache, krb5_creds * creds, krb5_kdc_rep * ret_as_reply)" +Deprecated: use krb5_get_init_creds() and friends\&. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_tkt_with_skey (krb5_context context, krb5_flags options, krb5_addresses * addrs, const krb5_enctype * etypes, const krb5_preauthtype * pre_auth_types, const krb5_keyblock * key, krb5_ccache ccache, krb5_creds * creds, krb5_kdc_rep * ret_as_reply)" +Deprecated: use krb5_get_init_creds() and friends\&. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_get_error (krb5_context context, krb5_get_init_creds_opt * opt, KRB_ERROR ** error)" +Deprecated: use the new \fBkrb5_init_creds_init()\fP and \fBkrb5_init_creds_get_error()\fP\&. +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_init (krb5_get_init_creds_opt * opt)" +Deprecated: use \fBkrb5_get_init_creds_opt_alloc()\fP\&. +.PP +The reason \fBkrb5_get_init_creds_opt_init()\fP is deprecated is that krb5_get_init_creds_opt is a static structure and for ABI reason it can't grow, ie can't add new functionality\&. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_CALLCONV krb5_keytab_key_proc (krb5_context context, krb5_enctype enctype, krb5_salt salt, krb5_const_pointer keyseed, krb5_keyblock ** key)" +Deprecated: use krb5_get_init_creds() and friends\&. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keytype_to_enctypes (krb5_context context, krb5_keytype keytype, unsigned * len, krb5_enctype ** val)" +Deprecated: keytypes doesn't exists, they are really enctypes\&. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keytype_to_enctypes_default (krb5_context context, krb5_keytype keytype, unsigned * len, krb5_enctype ** val)" +Deprecated: keytypes doesn't exists, they are really enctypes\&. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keytype_to_string (krb5_context context, krb5_keytype keytype, char ** string)" +Deprecated: keytypes doesn't exists, they are really enctypes in most cases, use krb5_enctype_to_string()\&. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_CALLCONV krb5_password_key_proc (krb5_context context, krb5_enctype type, krb5_salt salt, krb5_const_pointer keyseed, krb5_keyblock ** key)" +Deprecated: use krb5_get_init_creds() and friends\&. +.SS "KRB5_LIB_FUNCTION krb5_realm* KRB5_LIB_CALL krb5_princ_realm (krb5_context context, krb5_principal principal)" +Deprecated: use \fBkrb5_principal_get_realm()\fP +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_princ_set_realm (krb5_context context, krb5_principal principal, krb5_realm * realm)" +Deprecated: use \fBkrb5_principal_set_realm()\fP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_error_string (krb5_context context, const char * fmt, \&.\&.\&.)" +Set the error message returned by \fBkrb5_get_error_string()\fP\&. +.PP +Deprecated: use \fBkrb5_get_error_message()\fP +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIfmt\fP error message to free +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_keytype (krb5_context context, const char * string, krb5_keytype * keytype)" +Deprecated: keytypes doesn't exists, they are really enctypes in most cases, use krb5_string_to_enctype()\&. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vset_error_string (krb5_context context, const char * fmt, va_list args)" +Set the error message returned by \fBkrb5_get_error_string()\fP, deprecated, use \fBkrb5_set_error_message()\fP\&. +.PP +Deprecated: use \fBkrb5_vset_error_message()\fP +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIfmt\fP error message to free +.br +\fIargs\fP variable argument list vector +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal Kerberos 5 library from the source code\&. diff --git a/kerberos5/man/krb5/man/man3/krb5_digest.3 b/kerberos5/man/krb5/man/man3/krb5_digest.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_digest.3 @@ -0,0 +1,43 @@ +.TH "krb5_digest" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal Kerberos 5 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_digest \- Heimdal Kerberos 5 digest service +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_digest_probe\fP (krb5_context context, krb5_realm realm, krb5_ccache ccache, unsigned *flags)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_probe (krb5_context context, krb5_realm realm, krb5_ccache ccache, unsigned * flags)" +Get the supported/allowed mechanism for this principal\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Keberos context\&. +.br +\fIrealm\fP The realm of the KDC\&. +.br +\fIccache\fP The credential cache to use when talking to the KDC\&. +.br +\fIflags\fP The supported mechanism\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal Kerberos 5 library from the source code\&. diff --git a/kerberos5/man/krb5/man/man3/krb5_digest_probe.3 b/kerberos5/man/krb5/man/man3/krb5_digest_probe.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_digest_probe.3 @@ -0,0 +1 @@ +.so man3/krb5_digest.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_eai_to_heim_errno.3 b/kerberos5/man/krb5/man/man3/krb5_eai_to_heim_errno.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_eai_to_heim_errno.3 @@ -0,0 +1 @@ +.so man3/krb5_error.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_encrypt_iov_ivec.3 b/kerberos5/man/krb5/man/man3/krb5_encrypt_iov_ivec.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_encrypt_iov_ivec.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_enctype_disable.3 b/kerberos5/man/krb5/man/man3/krb5_enctype_disable.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_enctype_disable.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_enctype_enable.3 b/kerberos5/man/krb5/man/man3/krb5_enctype_enable.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_enctype_enable.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_enctype_valid.3 b/kerberos5/man/krb5/man/man3/krb5_enctype_valid.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_enctype_valid.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_enctypes_compatible_keys.3 b/kerberos5/man/krb5/man/man3/krb5_enctypes_compatible_keys.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_enctypes_compatible_keys.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_err.3 b/kerberos5/man/krb5/man/man3/krb5_err.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_err.3 @@ -0,0 +1 @@ +.so man3/krb5_error.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_error.3 b/kerberos5/man/krb5/man/man3/krb5_error.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_error.3 @@ -0,0 +1,412 @@ +.TH "krb5_error" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal Kerberos 5 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_error \- Heimdal Kerberos 5 error reporting functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION char *KRB5_LIB_CALL \fBkrb5_get_error_string\fP (krb5_context context) KRB5_DEPRECATED_FUNCTION('Use \fBkrb5_get_error_message\fP instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_eai_to_heim_errno\fP (int eai_errno, int system_error)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_h_errno_to_heim_errno\fP (int eai_errno)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_clear_error_message\fP (krb5_context context)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_set_error_message\fP (krb5_context context, krb5_error_code ret, const char *fmt,\&.\&.\&.) __attribute__((__format__(__printf__" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_vset_error_message\fP (krb5_context context, krb5_error_code ret, const char *fmt, va_list args) __attribute__((__format__(__printf__" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_prepend_error_message\fP (krb5_context context, krb5_error_code ret, const char *fmt,\&.\&.\&.) __attribute__((__format__(__printf__" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_vprepend_error_message\fP (krb5_context context, krb5_error_code ret, const char *fmt, va_list args) __attribute__((__format__(__printf__" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_get_error_message\fP (krb5_context context, krb5_error_code code)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_free_error_message\fP (krb5_context context, const char *msg)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_vwarn\fP (krb5_context context, krb5_error_code code, const char *fmt, va_list ap) __attribute__((__format__(__printf__" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_warn\fP (krb5_context context, krb5_error_code code, const char *fmt,\&.\&.\&.) __attribute__((__format__(__printf__" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_vwarnx\fP (krb5_context context, const char *fmt, va_list ap) __attribute__((__format__(__printf__" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_warnx\fP (krb5_context context, const char *fmt,\&.\&.\&.) __attribute__((__format__(__printf__" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_verr\fP (krb5_context context, int eval, krb5_error_code code, const char *fmt, va_list ap) __attribute__((__noreturn__" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_err\fP (krb5_context context, int eval, krb5_error_code code, const char *fmt,\&.\&.\&.) __attribute__((__noreturn__" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_verrx\fP (krb5_context context, int eval, const char *fmt, va_list ap) __attribute__((__noreturn__" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_errx\fP (krb5_context context, int eval, const char *fmt,\&.\&.\&.) __attribute__((__noreturn__" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_vabort\fP (krb5_context context, krb5_error_code code, const char *fmt, va_list ap) __attribute__((__noreturn__" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_abort\fP (krb5_context context, krb5_error_code code, const char *fmt,\&.\&.\&.) __attribute__((__noreturn__" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_abortx\fP (krb5_context context, const char *fmt,\&.\&.\&.) __attribute__((__noreturn__" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_set_warn_dest\fP (krb5_context context, krb5_log_facility *fac)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_log_facility *KRB5_LIB_CALL \fBkrb5_get_warn_dest\fP (krb5_context context)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_abort (krb5_context context, krb5_error_code code, const char * fmt, \&.\&.\&.)" +Log a warning to the log, default stderr, include the error from the last failure and then abort\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context +.br +\fIcode\fP error code of the last error +.br +\fIfmt\fP message to print +.br +\fI\&.\&.\&.\fP arguments for format string +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_abortx (krb5_context context, const char * fmt, \&.\&.\&.)" +Log a warning to the log, default stderr, and then abort\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context +.br +\fIfmt\fP printf format string of message to print +.br +\fI\&.\&.\&.\fP arguments for format string +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_clear_error_message (krb5_context context)" +Clears the error message from the Kerberos 5 context\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP The Kerberos 5 context to clear +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_eai_to_heim_errno (int eai_errno, int system_error)" +Convert the getaddrinfo() error code to a Kerberos et error code\&. +.PP +\fBParameters\fP +.RS 4 +\fIeai_errno\fP contains the error code from getaddrinfo()\&. +.br +\fIsystem_error\fP should have the value of errno after the failed getaddrinfo()\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Kerberos error code representing the EAI errors\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_err (krb5_context context, int eval, krb5_error_code code, const char * fmt, \&.\&.\&.)" +Log a warning to the log, default stderr, include bthe error from the last failure and then exit\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context +.br +\fIeval\fP the exit code to exit with +.br +\fIcode\fP error code of the last error +.br +\fIfmt\fP message to print +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_errx (krb5_context context, int eval, const char * fmt, \&.\&.\&.)" +Log a warning to the log, default stderr, and then exit\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context +.br +\fIeval\fP the exit code to exit with +.br +\fIfmt\fP message to print +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_error_message (krb5_context context, const char * msg)" +Free the error message returned by \fBkrb5_get_error_message()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fImsg\fP error message to free, returned byg \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_get_error_message (krb5_context context, krb5_error_code code)" +Return the error message for `code' in context\&. On memory allocation error the function returns NULL\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIcode\fP Error code related to the error +.RE +.PP +\fBReturns\fP +.RS 4 +an error string, needs to be freed with \fBkrb5_free_error_message()\fP\&. The functions return NULL on error\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION char* KRB5_LIB_CALL krb5_get_error_string (krb5_context context)" +Return the error message in context\&. On error or no error string, the function returns NULL\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.RE +.PP +\fBReturns\fP +.RS 4 +an error string, needs to be freed with \fBkrb5_free_error_message()\fP\&. The functions return NULL on error\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_log_facility* KRB5_LIB_CALL krb5_get_warn_dest (krb5_context context)" +Get the default logging facility\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_errno_to_heim_errno (int eai_errno)" +Convert the gethostname() error code (h_error) to a Kerberos et error code\&. +.PP +\fBParameters\fP +.RS 4 +\fIeai_errno\fP contains the error code from gethostname()\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Kerberos error code representing the gethostname errors\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_prepend_error_message (krb5_context context, krb5_error_code ret, const char * fmt, \&.\&.\&.)" +Prepend the context full error string for a specific error code\&. The error that is stored should be internationalized\&. +.PP +The if context is NULL, no error string is stored\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIret\fP The error code +.br +\fIfmt\fP Error string for the error code +.br +\fI\&.\&.\&.\fP printf(3) style parameters\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_error_message (krb5_context context, krb5_error_code ret, const char * fmt, \&.\&.\&.)" +Set the context full error string for a specific error code\&. The error that is stored should be internationalized\&. +.PP +The if context is NULL, no error string is stored\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIret\fP The error code +.br +\fIfmt\fP Error string for the error code +.br +\fI\&.\&.\&.\fP printf(3) style parameters\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_warn_dest (krb5_context context, krb5_log_facility * fac)" +Set the default logging facility\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context +.br +\fIfac\fP Facility to use for logging\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vabort (krb5_context context, krb5_error_code code, const char * fmt, va_list ap)" +Log a warning to the log, default stderr, include bthe error from the last failure and then abort\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context +.br +\fIcode\fP error code of the last error +.br +\fIfmt\fP message to print +.br +\fIap\fP arguments +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verr (krb5_context context, int eval, krb5_error_code code, const char * fmt, va_list ap)" +Log a warning to the log, default stderr, include bthe error from the last failure and then exit\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context +.br +\fIeval\fP the exit code to exit with +.br +\fIcode\fP error code of the last error +.br +\fIfmt\fP message to print +.br +\fIap\fP arguments +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verrx (krb5_context context, int eval, const char * fmt, va_list ap)" +Log a warning to the log, default stderr, and then exit\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context +.br +\fIeval\fP the exit code to exit with +.br +\fIfmt\fP message to print +.br +\fIap\fP arguments +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_vprepend_error_message (krb5_context context, krb5_error_code ret, const char * fmt, va_list args)" +Prepend the contexts's full error string for a specific error code\&. +.PP +The if context is NULL, no error string is stored\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIret\fP The error code +.br +\fIfmt\fP Error string for the error code +.br +\fIargs\fP printf(3) style parameters\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_vset_error_message (krb5_context context, krb5_error_code ret, const char * fmt, va_list args)" +Set the context full error string for a specific error code\&. +.PP +The if context is NULL, no error string is stored\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIret\fP The error code +.br +\fIfmt\fP Error string for the error code +.br +\fIargs\fP printf(3) style parameters\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vwarn (krb5_context context, krb5_error_code code, const char * fmt, va_list ap)" +Log a warning to the log, default stderr, include the error from the last failure\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context\&. +.br +\fIcode\fP error code of the last error +.br +\fIfmt\fP message to print +.br +\fIap\fP arguments +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vwarnx (krb5_context context, const char * fmt, va_list ap)" +Log a warning to the log, default stderr\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context\&. +.br +\fIfmt\fP message to print +.br +\fIap\fP arguments +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_warn (krb5_context context, krb5_error_code code, const char * fmt, \&.\&.\&.)" +Log a warning to the log, default stderr, include the error from the last failure\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context\&. +.br +\fIcode\fP error code of the last error +.br +\fIfmt\fP message to print +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_warnx (krb5_context context, const char * fmt, \&.\&.\&.)" +Log a warning to the log, default stderr\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context\&. +.br +\fIfmt\fP message to print +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal Kerberos 5 library from the source code\&. diff --git a/kerberos5/man/krb5/man/man3/krb5_errx.3 b/kerberos5/man/krb5/man/man3/krb5_errx.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_errx.3 @@ -0,0 +1 @@ +.so man3/krb5_error.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_expand_hostname.3 b/kerberos5/man/krb5/man/man3/krb5_expand_hostname.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_expand_hostname.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_expand_hostname_realms.3 b/kerberos5/man/krb5/man/man3/krb5_expand_hostname_realms.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_expand_hostname_realms.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_fcc_ops.3 b/kerberos5/man/krb5/man/man3/krb5_fcc_ops.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_fcc_ops.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_fileformats.3 b/kerberos5/man/krb5/man/man3/krb5_fileformats.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_fileformats.3 @@ -0,0 +1,234 @@ +.TH "krb5_fileformats" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal Kerberos 5 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_fileformats \- File formats + +.SH "File formats" +.PP +This section documents the diffrent file formats that are used in Heimdal and other Kerberos implementations\&. +.SS "keytab" +The keytab binary format is not a standard format\&. The format has evolved and may continue to\&. It is however understood by several Kerberos implementations including Heimdal, MIT, Sun's Java ktab and are created by the ktpass\&.exe utility from Windows\&. So it has established itself as the defacto format for storing Kerberos keys\&. +.PP +The following C-like structure definitions illustrate the MIT keytab file format\&. All values are in network byte order\&. All text is ASCII\&. +.PP +.PP +.nf +keytab { + uint16_t file_format_version; # 0x502 + keytab_entry entries[*]; +}; + +keytab_entry { + int32_t size; + uint16_t num_components; # subtract 1 if version 0x501 + counted_octet_string realm; + counted_octet_string components[num_components]; + uint32_t name_type; # not present if version 0x501 + uint32_t timestamp; + uint8_t vno8; + keyblock key; + uint32_t vno; #only present if >= 4 bytes left in entry + uint32_t flags; #only present if >= 4 bytes left in entry +}; + +counted_octet_string { + uint16_t length; + uint8_t data[length]; +}; + +keyblock { + uint16_t type; + counted_octet_string; +}; +.fi +.PP +.PP +All numbers are stored in network byteorder (big endian) format\&. +.PP +The keytab file format begins with the 16 bit file_format_version which at the time this document was authored is 0x502\&. The format of older keytabs is described at the end of this document\&. +.PP +The file_format_version is immediately followed by an array of keytab_entry structures which are prefixed with a 32 bit size indicating the number of bytes that follow in the entry\&. Note that the size should be evaluated as signed\&. This is because a negative value indicates that the entry is in fact empty (e\&.g\&. it has been deleted) and that the negative value of that negative value (which is of course a positive value) is the offset to the next keytab_entry\&. Based on these size values alone the entire keytab file can be traversed\&. +.PP +The size is followed by a 16 bit num_components field indicating the number of counted_octet_string components in the components array\&. +.PP +The num_components field is followed by a counted_octet_string representing the realm of the principal\&. +.PP +A counted_octet_string is simply an array of bytes prefixed with a 16 bit length\&. For the realm and name components, the counted_octet_string bytes are ASCII encoded text with no zero terminator\&. +.PP +Following the realm is the components array that represents the name of the principal\&. The text of these components may be joined with slashs to construct the typical SPN representation\&. For example, the service principal HTTP/www\&.foo\&.net@FOO\&.NET would consist of name components 'HTTP' followed by 'www\&.foo\&.net'\&. +.PP +Following the components array is the 32 bit name_type (e\&.g\&. 1 is KRB5_NT_PRINCIPAL, 2 is KRB5_NT_SRV_INST, 5 is KRB5_NT_UID, etc)\&. In practice the name_type is almost certainly 1 meaning KRB5_NT_PRINCIPAL\&. +.PP +The 32 bit timestamp indicates the time the key was established for that principal\&. The value represents the number of seconds since Jan 1, 1970\&. +.PP +The 8 bit vno8 field is the version number of the key\&. This value is overridden by the 32 bit vno field if it is present\&. The vno8 field is filled with the lower 8 bits of the 32 bit protocol kvno field\&. +.PP +The keyblock structure consists of a 16 bit value indicating the encryption type and is a counted_octet_string containing the key\&. The encryption type is the same as the Kerberos standard (e\&.g\&. 3 is des-cbc-md5, 23 is arcfour-hmac-md5, etc)\&. +.PP +The last field of the keytab_entry structure is optional\&. If the size of the keytab_entry indicates that there are at least 4 bytes remaining, a 32 bit value representing the key version number is present\&. This value supersedes the 8 bit vno8 value preceeding the keyblock\&. +.PP +Older keytabs with a file_format_version of 0x501 are different in three ways: +.PP +.IP "\(bu" 2 +All integers are in host byte order [1]\&. +.IP "\(bu" 2 +The num_components field is 1 too large (i\&.e\&. after decoding, decrement by 1)\&. +.IP "\(bu" 2 +The 32 bit name_type field is not present\&. +.PP +.PP +[1] The file_format_version field should really be treated as two separate 8 bit quantities representing the major and minor version number respectively\&. +.SS "Heimdal database dump file" +Format of the Heimdal text dump file as of Heimdal 0\&.6\&.3: +.PP +Each line in the dump file is one entry in the database\&. +.PP +Each field of a line is separated by one or more spaces, with the exception of fields consisting of principals containing spaces, where space can be quoted with \\ and \\ is quoted by . +.PP +Fields and their types are: +.PP +.PP +.nf +Quoted princial (quote character is \) [string] +Keys [keys] +Created by [event] +Modified by [event optional] +Valid start time [time optional] +Valid end time [time optional] +Password end valid time [time optional] +Max lifetime of ticket [time optional] +Max renew time of ticket [integer optional] +Flags [hdb flags] +Generation number [generation optional] +Extensions [extentions optional] +.fi +.PP +.PP +Fields following these silently are ignored\&. +.PP +All optional fields will be skipped if they fail to parse (or comprise the optional field marker of '-', w/o quotes)\&. +.PP +Example: +.PP +.PP +.nf +fred\@CODE\&.COM 27:1:16:e8b4c8fc7e60b9e641dcf4cff3f08a701d982a2f89ba373733d26ca59ba6c789666f6b8bfcf169412bb1e5dceb9b33cda29f3412:-:1:3:4498a933881178c744f4232172dcd774c64e81fa6d05ecdf643a7e390624a0ebf3c7407a:-:1:2:b01934b13eb795d76f3a80717d469639b4da0cfb644161340ef44fdeb375e54d684dbb85:-:1:1:ea8e16d8078bf60c781da90f508d4deccba70595258b9d31888d33987cd31af0c9cced2e:- 20020415130120:admin\@CODE\&.COM 20041221112428:fred\@CODE\&.COM - - - 86400 604800 126 20020415130120:793707:28 - +.fi +.PP +.PP +Encoding of types are as follows: +.PP +.IP "\(bu" 2 +keys +.PP +.PP +.PP +.nf +kvno:[masterkvno:keytype:keydata:salt]{zero or more separated by :} +.fi +.PP +.PP +kvno is the key version number\&. +.PP +keydata is hex-encoded +.PP +masterkvno is the kvno of the database master key\&. If this field is empty, the kadmin load and merge operations will encrypt the key data with the master key if there is one\&. Otherwise the key data will be imported asis\&. +.PP +salt is encoded as '-' (no/default salt) or +.PP +.PP +.nf +salt-type / +salt-type / "string" +salt-type / hex-encoded-data +.fi +.PP +.PP +keytype is the protocol enctype number; see enum ENCTYPE in include/krb5_asn1\&.h for values\&. +.PP +Example: +.PP +.nf +27:1:16:e8b4c8fc7e60b9e641dcf4cff3f08a701d982a2f89ba373733d26ca59ba6c789666f6b8bfcf169412bb1e5dceb9b33cda29f3412:-:1:3:4498a933881178c744f4232172dcd774c64e81fa6d05ecdf643a7e390624a0ebf3c7407a:-:1:2:b01934b13eb795d76f3a80717d469639b4da0cfb644161340ef44fdeb375e54d684dbb85:-:1:1:ea8e16d8078bf60c781da90f508d4deccba70595258b9d31888d33987cd31af0c9cced2e:- + +.fi +.PP +.PP +.PP +.nf +kvno=27,{key: masterkvno=1,keytype=des3-cbc-sha1,keydata=\&.\&.\&., default salt}\&.\&.\&. +.fi +.PP +.PP +.IP "\(bu" 2 +time +.PP +.PP +Format of the time is: YYYYmmddHHMMSS, corresponding to strftime format '%Y%m%d%k%M%S'\&. +.PP +Time is expressed in UTC\&. +.PP +Time can be optional (using -), when the time 0 is used\&. +.PP +Example: +.PP +.PP +.nf +20041221112428 +.fi +.PP +.PP +.IP "\(bu" 2 +event +.PP +.PP +.PP +.nf +time:principal +.fi +.PP +.PP +time is as given in format time +.PP +principal is a string\&. Not quoting it may not work in earlier versions of Heimdal\&. +.PP +Example: +.PP +.nf +20041221112428:bloggs\@CODE\&.COM + +.fi +.PP +.PP +.IP "\(bu" 2 +hdb flags +.PP +.PP +Integer encoding of HDB flags, see HDBFlags in lib/hdb/hdb\&.asn1\&. Each bit in the integer is the same as the bit in the specification\&. +.PP +.IP "\(bu" 2 +generation: +.PP +.PP +.PP +.nf +time:usec:gen +.fi +.PP +.PP +usec is a the microsecond, integer\&. gen is generation number, integer\&. +.PP +The generation can be defaulted (using '-') or the empty string +.PP +.IP "\(bu" 2 +extensions: +.PP +.PP +.PP +.nf +first-hex-encoded-HDB-Extension[:second-\&.\&.\&.] +.fi +.PP +.PP +HDB-extension is encoded the DER encoded HDB-Extension from lib/hdb/hdb\&.asn1\&. Consumers HDB extensions should be aware that unknown entires needs to be preserved even thought the ASN\&.1 data content might be unknown\&. There is a critical flag in the data to show to the KDC that the entry MUST be understod if the entry is to be used\&. diff --git a/kerberos5/man/krb5/man/man3/krb5_free_address.3 b/kerberos5/man/krb5/man/man3/krb5_free_address.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_free_address.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_free_addresses.3 b/kerberos5/man/krb5/man/man3/krb5_free_addresses.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_free_addresses.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_free_config_files.3 b/kerberos5/man/krb5/man/man3/krb5_free_config_files.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_free_config_files.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_free_context.3 b/kerberos5/man/krb5/man/man3/krb5_free_context.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_free_context.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_free_cred_contents.3 b/kerberos5/man/krb5/man/man3/krb5_free_cred_contents.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_free_cred_contents.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_free_creds.3 b/kerberos5/man/krb5/man/man3/krb5_free_creds.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_free_creds.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_free_creds_contents.3 b/kerberos5/man/krb5/man/man3/krb5_free_creds_contents.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_free_creds_contents.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_free_data.3 b/kerberos5/man/krb5/man/man3/krb5_free_data.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_free_data.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_free_data_contents.3 b/kerberos5/man/krb5/man/man3/krb5_free_data_contents.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_free_data_contents.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_free_error_message.3 b/kerberos5/man/krb5/man/man3/krb5_free_error_message.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_free_error_message.3 @@ -0,0 +1 @@ +.so man3/krb5_error.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_free_error_string.3 b/kerberos5/man/krb5/man/man3/krb5_free_error_string.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_free_error_string.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_free_host_realm.3 b/kerberos5/man/krb5/man/man3/krb5_free_host_realm.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_free_host_realm.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_free_keyblock.3 b/kerberos5/man/krb5/man/man3/krb5_free_keyblock.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_free_keyblock.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_free_keyblock_contents.3 b/kerberos5/man/krb5/man/man3/krb5_free_keyblock_contents.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_free_keyblock_contents.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_free_principal.3 b/kerberos5/man/krb5/man/man3/krb5_free_principal.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_free_principal.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_free_ticket.3 b/kerberos5/man/krb5/man/man3/krb5_free_ticket.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_free_ticket.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_free_unparsed_name.3 b/kerberos5/man/krb5/man/man3/krb5_free_unparsed_name.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_free_unparsed_name.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_fwd_tgt_creds.3 b/kerberos5/man/krb5/man/man3/krb5_fwd_tgt_creds.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_fwd_tgt_creds.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_generate_random.3 b/kerberos5/man/krb5/man/man3/krb5_generate_random.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_generate_random.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_generate_random_block.3 b/kerberos5/man/krb5/man/man3/krb5_generate_random_block.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_generate_random_block.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_generate_subkey.3 b/kerberos5/man/krb5/man/man3/krb5_generate_subkey.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_generate_subkey.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_generate_subkey_extended.3 b/kerberos5/man/krb5/man/man3/krb5_generate_subkey_extended.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_generate_subkey_extended.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_get_cred_from_kdc.3 b/kerberos5/man/krb5/man/man3/krb5_get_cred_from_kdc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_get_cred_from_kdc.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_get_cred_from_kdc_opt.3 b/kerberos5/man/krb5/man/man3/krb5_get_cred_from_kdc_opt.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_get_cred_from_kdc_opt.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_get_default_config_files.3 b/kerberos5/man/krb5/man/man3/krb5_get_default_config_files.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_get_default_config_files.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_get_default_in_tkt_etypes.3 b/kerberos5/man/krb5/man/man3/krb5_get_default_in_tkt_etypes.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_get_default_in_tkt_etypes.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_get_dns_canonicalize_hostname.3 b/kerberos5/man/krb5/man/man3/krb5_get_dns_canonicalize_hostname.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_get_dns_canonicalize_hostname.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_get_err_text.3 b/kerberos5/man/krb5/man/man3/krb5_get_err_text.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_get_err_text.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_get_error_message.3 b/kerberos5/man/krb5/man/man3/krb5_get_error_message.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_get_error_message.3 @@ -0,0 +1 @@ +.so man3/krb5_error.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_get_error_string.3 b/kerberos5/man/krb5/man/man3/krb5_get_error_string.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_get_error_string.3 @@ -0,0 +1 @@ +.so man3/krb5_error.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_get_extra_addresses.3 b/kerberos5/man/krb5/man/man3/krb5_get_extra_addresses.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_get_extra_addresses.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_get_fcache_version.3 b/kerberos5/man/krb5/man/man3/krb5_get_fcache_version.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_get_fcache_version.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_get_forwarded_creds.3 b/kerberos5/man/krb5/man/man3/krb5_get_forwarded_creds.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_get_forwarded_creds.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_get_ignore_addresses.3 b/kerberos5/man/krb5/man/man3/krb5_get_ignore_addresses.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_get_ignore_addresses.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_get_in_tkt_with_keytab.3 b/kerberos5/man/krb5/man/man3/krb5_get_in_tkt_with_keytab.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_get_in_tkt_with_keytab.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_get_in_tkt_with_password.3 b/kerberos5/man/krb5/man/man3/krb5_get_in_tkt_with_password.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_get_in_tkt_with_password.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_get_in_tkt_with_skey.3 b/kerberos5/man/krb5/man/man3/krb5_get_in_tkt_with_skey.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_get_in_tkt_with_skey.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_get_init_creds_keyblock.3 b/kerberos5/man/krb5/man/man3/krb5_get_init_creds_keyblock.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_get_init_creds_keyblock.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_get_init_creds_keytab.3 b/kerberos5/man/krb5/man/man3/krb5_get_init_creds_keytab.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_get_init_creds_keytab.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_get_init_creds_opt_alloc.3 b/kerberos5/man/krb5/man/man3/krb5_get_init_creds_opt_alloc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_get_init_creds_opt_alloc.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_get_init_creds_opt_free.3 b/kerberos5/man/krb5/man/man3/krb5_get_init_creds_opt_free.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_get_init_creds_opt_free.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_get_init_creds_opt_get_error.3 b/kerberos5/man/krb5/man/man3/krb5_get_init_creds_opt_get_error.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_get_init_creds_opt_get_error.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_get_init_creds_opt_init.3 b/kerberos5/man/krb5/man/man3/krb5_get_init_creds_opt_init.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_get_init_creds_opt_init.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_get_init_creds_password.3 b/kerberos5/man/krb5/man/man3/krb5_get_init_creds_password.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_get_init_creds_password.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_get_kdc_sec_offset.3 b/kerberos5/man/krb5/man/man3/krb5_get_kdc_sec_offset.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_get_kdc_sec_offset.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_get_max_time_skew.3 b/kerberos5/man/krb5/man/man3/krb5_get_max_time_skew.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_get_max_time_skew.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_get_use_admin_kdc.3 b/kerberos5/man/krb5/man/man3/krb5_get_use_admin_kdc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_get_use_admin_kdc.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_get_validated_creds.3 b/kerberos5/man/krb5/man/man3/krb5_get_validated_creds.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_get_validated_creds.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_get_warn_dest.3 b/kerberos5/man/krb5/man/man3/krb5_get_warn_dest.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_get_warn_dest.3 @@ -0,0 +1 @@ +.so man3/krb5_error.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_h_addr2addr.3 b/kerberos5/man/krb5/man/man3/krb5_h_addr2addr.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_h_addr2addr.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_h_addr2sockaddr.3 b/kerberos5/man/krb5/man/man3/krb5_h_addr2sockaddr.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_h_addr2sockaddr.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_h_errno_to_heim_errno.3 b/kerberos5/man/krb5/man/man3/krb5_h_errno_to_heim_errno.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_h_errno_to_heim_errno.3 @@ -0,0 +1 @@ +.so man3/krb5_error.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_init_context.3 b/kerberos5/man/krb5/man/man3/krb5_init_context.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_init_context.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_init_creds_free.3 b/kerberos5/man/krb5/man/man3/krb5_init_creds_free.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_init_creds_free.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_init_creds_get.3 b/kerberos5/man/krb5/man/man3/krb5_init_creds_get.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_init_creds_get.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_init_creds_get_error.3 b/kerberos5/man/krb5/man/man3/krb5_init_creds_get_error.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_init_creds_get_error.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_init_creds_init.3 b/kerberos5/man/krb5/man/man3/krb5_init_creds_init.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_init_creds_init.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_init_creds_intro.3 b/kerberos5/man/krb5/man/man3/krb5_init_creds_intro.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_init_creds_intro.3 @@ -0,0 +1,9 @@ +.TH "krb5_init_creds_intro" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal Kerberos 5 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_init_creds_intro \- The initial credential handing functions + +.SH "Initial credential" +.PP +Functions to get initial credentials: \fBHeimdal Kerberos 5 credential handing functions\fP \&. diff --git a/kerberos5/man/krb5/man/man3/krb5_init_creds_set_keytab.3 b/kerberos5/man/krb5/man/man3/krb5_init_creds_set_keytab.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_init_creds_set_keytab.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_init_creds_set_password.3 b/kerberos5/man/krb5/man/man3/krb5_init_creds_set_password.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_init_creds_set_password.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_init_creds_set_service.3 b/kerberos5/man/krb5/man/man3/krb5_init_creds_set_service.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_init_creds_set_service.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_init_creds_step.3 b/kerberos5/man/krb5/man/man3/krb5_init_creds_step.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_init_creds_step.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_init_ets.3 b/kerberos5/man/krb5/man/man3/krb5_init_ets.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_init_ets.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_introduction.3 b/kerberos5/man/krb5/man/man3/krb5_introduction.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_introduction.3 @@ -0,0 +1,260 @@ +.TH "krb5_introduction" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal Kerberos 5 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_introduction \- Introduction to the Kerberos 5 API + +.SH "Kerberos 5 API Overview" +.PP +All functions are documented in manual pages\&. This section tries to give an overview of the major components used in Kerberos library, and point to where to look for a specific function\&. +.SS "Kerberos context" +A kerberos context (krb5_context) holds all per thread state\&. All global variables that are context specific are stored in this structure, including default encryption types, credential cache (for example, a ticket file), and default realms\&. +.PP +The internals of the structure should never be accessed directly, functions exist for extracting information\&. +.PP +See the manual page for \fBkrb5_init_context()\fP how to create a context and module \fBHeimdal Kerberos 5 library\fP for more information about the functions\&. +.SS "Kerberos authentication context" +Kerberos authentication context (krb5_auth_context) holds all context related to an authenticated connection, in a similar way to the kerberos context that holds the context for the thread or process\&. +.PP +The krb5_auth_context is used by various functions that are directly related to authentication between the server/client\&. Example of data that this structure contains are various flags, addresses of client and server, port numbers, keyblocks (and subkeys), sequence numbers, replay cache, and checksum types\&. +.SS "Kerberos principal" +The Kerberos principal is the structure that identifies a user or service in Kerberos\&. The structure that holds the principal is the krb5_principal\&. There are function to extract the realm and elements of the principal, but most applications have no reason to inspect the content of the structure\&. +.PP +The are several ways to create a principal (with different degree of portability), and one way to free it\&. +.PP +See also the page \fBThe principal handing functions\&.\fP for more information and also module \fBHeimdal Kerberos 5 principal functions\fP\&. +.SS "Credential cache" +A credential cache holds the tickets for a user\&. A given user can have several credential caches, one for each realm where the user have the initial tickets (the first krbtgt)\&. +.PP +The credential cache data can be stored internally in different way, each of them for different proposes\&. File credential (FILE) caches and processes based (KCM) caches are for permanent storage\&. While memory caches (MEMORY) are local caches to the local process\&. +.PP +Caches are opened with \fBkrb5_cc_resolve()\fP or created with \fBkrb5_cc_new_unique()\fP\&. +.PP +If the cache needs to be opened again (using \fBkrb5_cc_resolve()\fP) \fBkrb5_cc_close()\fP will close the handle, but not the remove the cache\&. \fBkrb5_cc_destroy()\fP will zero out the cache, remove the cache so it can no longer be referenced\&. +.PP +See also \fBThe credential cache functions\fP and \fBHeimdal Kerberos 5 credential cache functions\fP \&. +.SS "Kerberos errors" +Kerberos errors are based on the com_err library\&. All error codes are 32-bit signed numbers, the first 24 bits define what subsystem the error originates from, and last 8 bits are 255 error codes within the library\&. Each error code have fixed string associated with it\&. For example, the error-code -1765328383 have the symbolic name KRB5KDC_ERR_NAME_EXP, and associated error string ``Client's entry in database has expired''\&. +.PP +This is a great improvement compared to just getting one of the unix error-codes back\&. However, Heimdal have an extention to pass back customised errors messages\&. Instead of getting \fCKey table entry not found'', the user might back\fPfailed to find host/host\&.example\&.com@EXAMLE\&.COM(kvno 3) in keytab /etc/krb5\&.keytab (des-cbc-crc)''\&. This improves the chance that the user find the cause of the error so you should use the customised error message whenever it's available\&. +.PP +See also module \fBHeimdal Kerberos 5 error reporting functions\fP \&. +.SS "Keytab management" +A keytab is a storage for locally stored keys\&. Heimdal includes keytab support for Kerberos 5 keytabs, Kerberos 4 srvtab, AFS-KeyFile's, and for storing keys in memory\&. +.PP +Keytabs are used for servers and long-running services\&. +.PP +See also \fBThe keytab handing functions\fP and \fBHeimdal Kerberos 5 keytab handling functions\fP \&. +.SS "Kerberos crypto" +Heimdal includes a implementation of the Kerberos crypto framework, all crypto operations\&. To create a crypto context call \fBkrb5_crypto_init()\fP\&. +.PP +See also module \fBHeimdal Kerberos 5 cryptography functions\fP \&. +.SH "Walkthrough of a sample Kerberos 5 client" +.PP +This example contains parts of a sample TCP Kerberos 5 clients, if you want a real working client, please look in appl/test directory in the Heimdal distribution\&. +.PP +All Kerberos error-codes that are returned from kerberos functions in this program are passed to krb5_err, that will print a descriptive text of the error code and exit\&. Graphical programs can convert error-code to a human readable error-string with the \fBkrb5_get_error_message()\fP function\&. +.PP +Note that you should not use any Kerberos function before \fBkrb5_init_context()\fP have completed successfully\&. That is the reason err() is used when \fBkrb5_init_context()\fP fails\&. +.PP +First the client needs to call krb5_init_context to initialise the Kerberos 5 library\&. This is only needed once per thread in the program\&. If the function returns a non-zero value it indicates that either the Kerberos implementation is failing or it's disabled on this host\&. +.PP +.PP +.nf +#include + +int +main(int argc, char **argv) +{ + krb5_context context; + + if (krb5_init_context(&context)) + errx (1, "krb5_context"); +.fi +.PP +.PP +Now the client wants to connect to the host at the other end\&. The preferred way of doing this is using getaddrinfo (for operating system that have this function implemented), since getaddrinfo is neutral to the address type and can use any protocol that is available\&. +.PP +.PP +.nf +struct addrinfo *ai, *a; +struct addrinfo hints; +int error; + +memset (&hints, 0, sizeof(hints)); +hints\&.ai_socktype = SOCK_STREAM; +hints\&.ai_protocol = IPPROTO_TCP; + +error = getaddrinfo (hostname, "pop3", &hints, &ai); +if (error) + errx (1, "%s: %s", hostname, gai_strerror(error)); + +for (a = ai; a != NULL; a = a->ai_next) { + int s; + + s = socket (a->ai_family, a->ai_socktype, a->ai_protocol); + if (s < 0) + continue; + if (connect (s, a->ai_addr, a->ai_addrlen) < 0) { + warn ("connect(%s)", hostname); + close (s); + continue; + } + freeaddrinfo (ai); + ai = NULL; +} +if (ai) { + freeaddrinfo (ai); + errx ("failed to contact %s", hostname); +} +.fi +.PP +.PP +Before authenticating, an authentication context needs to be created\&. This context keeps all information for one (to be) authenticated connection (see krb5_auth_context)\&. +.PP +.PP +.nf +status = krb5_auth_con_init (context, &auth_context); +if (status) + krb5_err (context, 1, status, "krb5_auth_con_init"); +.fi +.PP +.PP +For setting the address in the authentication there is a help function krb5_auth_con_setaddrs_from_fd() that does everything that is needed when given a connected file descriptor to the socket\&. +.PP +.PP +.nf +status = krb5_auth_con_setaddrs_from_fd (context, + auth_context, + &sock); +if (status) + krb5_err (context, 1, status, + "krb5_auth_con_setaddrs_from_fd"); +.fi +.PP +.PP +The next step is to build a server principal for the service we want to connect to\&. (See also \fBkrb5_sname_to_principal()\fP\&.) +.PP +.PP +.nf +status = krb5_sname_to_principal (context, + hostname, + service, + KRB5_NT_SRV_HST, + &server); +if (status) + krb5_err (context, 1, status, "krb5_sname_to_principal"); +.fi +.PP +.PP +The client principal is not passed to krb5_sendauth() function, this causes the krb5_sendauth() function to try to figure it out itself\&. +.PP +The server program is using the function krb5_recvauth() to receive the Kerberos 5 authenticator\&. +.PP +In this case, mutual authentication will be tried\&. That means that the server will authenticate to the client\&. Using mutual authentication is required to avoid man-in-the-middle attacks, since it enables the user to verify that they are talking to the right server (a server that knows the key)\&. +.PP +If you are using a non-blocking socket you will need to do all work of krb5_sendauth() yourself\&. Basically you need to send over the authenticator from krb5_mk_req() and, in case of mutual authentication, verifying the result from the server with krb5_rd_rep()\&. +.PP +.PP +.nf +status = krb5_sendauth (context, + &auth_context, + &sock, + VERSION, + NULL, + server, + AP_OPTS_MUTUAL_REQUIRED, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL); +if (status) + krb5_err (context, 1, status, "krb5_sendauth"); +.fi +.PP +.PP +Once authentication has been performed, it is time to send some data\&. First we create a krb5_data structure, then we sign it with krb5_mk_safe() using the auth_context that contains the session-key that was exchanged in the krb5_sendauth()/krb5_recvauth() authentication sequence\&. +.PP +.PP +.nf +data\&.data = "hej"; +data\&.length = 3; + +krb5_data_zero (&packet); + +status = krb5_mk_safe (context, + auth_context, + &data, + &packet, + NULL); +if (status) + krb5_err (context, 1, status, "krb5_mk_safe"); +.fi +.PP +.PP +And send it over the network\&. +.PP +.PP +.nf +len = packet\&.length; +net_len = htonl(len); + +if (krb5_net_write (context, &sock, &net_len, 4) != 4) + err (1, "krb5_net_write"); +if (krb5_net_write (context, &sock, packet\&.data, len) != len) + err (1, "krb5_net_write"); +.fi +.PP +.PP +To send encrypted (and signed) data krb5_mk_priv() should be used instead\&. krb5_mk_priv() works the same way as krb5_mk_safe(), with the exception that it encrypts the data in addition to signing it\&. +.PP +.PP +.nf +data\&.data = "hemligt"; +data\&.length = 7; + +krb5_data_free (&packet); + +status = krb5_mk_priv (context, + auth_context, + &data, + &packet, + NULL); +if (status) + krb5_err (context, 1, status, "krb5_mk_priv"); +.fi +.PP +.PP +And send it over the network\&. +.PP +.PP +.nf +len = packet\&.length; +net_len = htonl(len); + +if (krb5_net_write (context, &sock, &net_len, 4) != 4) + err (1, "krb5_net_write"); +if (krb5_net_write (context, &sock, packet\&.data, len) != len) + err (1, "krb5_net_write"); +.fi +.PP +.PP +The server is using krb5_rd_safe() and krb5_rd_priv() to verify the signature and decrypt the packet\&. +.SH "Validating a password in an application" +.PP +See the manual page for krb5_verify_user()\&. +.SH "API differences to MIT Kerberos" +.PP +This section is somewhat disorganised, but so far there is no overall structure to the differences, though some of the have their root in that Heimdal uses an ASN\&.1 compiler and MIT doesn't\&. +.SS "Principal and realms" +Heimdal stores the realm as a krb5_realm, that is a char *\&. MIT Kerberos uses a krb5_data to store a realm\&. +.PP +In Heimdal krb5_principal doesn't contain the component name_type; it's instead stored in component name\&.name_type\&. To get and set the nametype in Heimdal, use \fBkrb5_principal_get_type()\fP and \fBkrb5_principal_set_type()\fP\&. +.PP +For more information about principal and realms, see krb5_principal\&. +.SS "Error messages" +To get the error string, Heimdal uses \fBkrb5_get_error_message()\fP\&. This is to return custom error messages (like \fCCan't find host/datan\&.example\&.com\\@CODE\&.COM in /etc/krb5\&.conf\&.'' instead of a\fPKey table entry not found'' that error_message returns\&. +.PP +Heimdal uses a threadsafe(r) version of the com_err interface; the global com_err table isn't initialised\&. Then error_message returns quite a boring error string (just the error code itself)\&. diff --git a/kerberos5/man/krb5/man/man3/krb5_is_config_principal.3 b/kerberos5/man/krb5/man/man3/krb5_is_config_principal.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_is_config_principal.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_is_enctype_weak.3 b/kerberos5/man/krb5/man/man3/krb5_is_enctype_weak.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_is_enctype_weak.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_is_thread_safe.3 b/kerberos5/man/krb5/man/man3/krb5_is_thread_safe.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_is_thread_safe.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_kerberos_enctypes.3 b/kerberos5/man/krb5/man/man3/krb5_kerberos_enctypes.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_kerberos_enctypes.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_keyblock_get_enctype.3 b/kerberos5/man/krb5/man/man3/krb5_keyblock_get_enctype.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_keyblock_get_enctype.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_keyblock_init.3 b/kerberos5/man/krb5/man/man3/krb5_keyblock_init.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_keyblock_init.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_keyblock_zero.3 b/kerberos5/man/krb5/man/man3/krb5_keyblock_zero.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_keyblock_zero.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_keytab.3 b/kerberos5/man/krb5/man/man3/krb5_keytab.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_keytab.3 @@ -0,0 +1,471 @@ +.TH "krb5_keytab" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal Kerberos 5 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_keytab \- Heimdal Kerberos 5 keytab handling functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_register\fP (krb5_context context, const krb5_kt_ops *ops)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_resolve\fP (krb5_context context, const char *name, krb5_keytab *id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_default_name\fP (krb5_context context, char *name, size_t namesize)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_default_modify_name\fP (krb5_context context, char *name, size_t namesize)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_default\fP (krb5_context context, krb5_keytab *id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_read_service_key\fP (krb5_context context, krb5_pointer keyprocarg, krb5_principal principal, krb5_kvno vno, krb5_enctype enctype, krb5_keyblock **key)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_get_type\fP (krb5_context context, krb5_keytab keytab, char *prefix, size_t prefixsize)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_get_name\fP (krb5_context context, krb5_keytab keytab, char *name, size_t namesize)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_get_full_name\fP (krb5_context context, krb5_keytab keytab, char **str)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_close\fP (krb5_context context, krb5_keytab id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_destroy\fP (krb5_context context, krb5_keytab id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_kt_compare\fP (krb5_context context, krb5_keytab_entry *entry, krb5_const_principal principal, krb5_kvno vno, krb5_enctype enctype)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_get_entry\fP (krb5_context context, krb5_keytab id, krb5_const_principal principal, krb5_kvno kvno, krb5_enctype enctype, krb5_keytab_entry *entry)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_copy_entry_contents\fP (krb5_context context, const krb5_keytab_entry *in, krb5_keytab_entry *out)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_free_entry\fP (krb5_context context, krb5_keytab_entry *entry)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_start_seq_get\fP (krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_next_entry\fP (krb5_context context, krb5_keytab id, krb5_keytab_entry *entry, krb5_kt_cursor *cursor)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_end_seq_get\fP (krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_add_entry\fP (krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_remove_entry\fP (krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_have_content\fP (krb5_context context, krb5_keytab id)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_add_entry (krb5_context context, krb5_keytab id, krb5_keytab_entry * entry)" +Add the entry in `entry' to the keytab `id'\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context\&. +.br +\fIid\fP a keytab\&. +.br +\fIentry\fP the entry to add +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_close (krb5_context context, krb5_keytab id)" +Finish using the keytab in `id'\&. All resources will be released, even on errors\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context\&. +.br +\fIid\fP keytab to close\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_kt_compare (krb5_context context, krb5_keytab_entry * entry, krb5_const_principal principal, krb5_kvno vno, krb5_enctype enctype)" +Compare `entry' against `principal, vno, enctype'\&. Any of `principal, vno, enctype' might be 0 which acts as a wildcard\&. Return TRUE if they compare the same, FALSE otherwise\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context\&. +.br +\fIentry\fP an entry to match with\&. +.br +\fIprincipal\fP principal to match, NULL matches all principals\&. +.br +\fIvno\fP key version to match, 0 matches all key version numbers\&. +.br +\fIenctype\fP encryption type to match, 0 matches all encryption types\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return TRUE or match, FALSE if not matched\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_copy_entry_contents (krb5_context context, const krb5_keytab_entry * in, krb5_keytab_entry * out)" +Copy the contents of `in' into `out'\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context\&. +.br +\fIin\fP the keytab entry to copy\&. +.br +\fIout\fP the copy of the keytab entry, free with \fBkrb5_kt_free_entry()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_default (krb5_context context, krb5_keytab * id)" +Set `id' to the default keytab\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context\&. +.br +\fIid\fP the new default keytab\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_default_modify_name (krb5_context context, char * name, size_t namesize)" +Copy the name of the default modify keytab into `name'\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context\&. +.br +\fIname\fP buffer where the name will be written +.br +\fInamesize\fP length of name +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_default_name (krb5_context context, char * name, size_t namesize)" +copy the name of the default keytab into `name'\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context\&. +.br +\fIname\fP buffer where the name will be written +.br +\fInamesize\fP length of name +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_destroy (krb5_context context, krb5_keytab id)" +Destroy (remove) the keytab in `id'\&. All resources will be released, even on errors, does the equvalment of \fBkrb5_kt_close()\fP on the resources\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context\&. +.br +\fIid\fP keytab to destroy\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_end_seq_get (krb5_context context, krb5_keytab id, krb5_kt_cursor * cursor)" +Release all resources associated with `cursor'\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context\&. +.br +\fIid\fP a keytab\&. +.br +\fIcursor\fP the cursor to free\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_free_entry (krb5_context context, krb5_keytab_entry * entry)" +Free the contents of `entry'\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context\&. +.br +\fIentry\fP the entry to free +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_entry (krb5_context context, krb5_keytab id, krb5_const_principal principal, krb5_kvno kvno, krb5_enctype enctype, krb5_keytab_entry * entry)" +Retrieve the keytab entry for `principal, kvno, enctype' into `entry' from the keytab `id'\&. Matching is done like \fBkrb5_kt_compare()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context\&. +.br +\fIid\fP a keytab\&. +.br +\fIprincipal\fP principal to match, NULL matches all principals\&. +.br +\fIkvno\fP key version to match, 0 matches all key version numbers\&. +.br +\fIenctype\fP encryption type to match, 0 matches all encryption types\&. +.br +\fIentry\fP the returned entry, free with \fBkrb5_kt_free_entry()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_full_name (krb5_context context, krb5_keytab keytab, char ** str)" +Retrieve the full name of the keytab `keytab' and store the name in `str'\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context\&. +.br +\fIkeytab\fP keytab to get name for\&. +.br +\fIstr\fP the name of the keytab name, usee krb5_xfree() to free the string\&. On error, *str is set to NULL\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_name (krb5_context context, krb5_keytab keytab, char * name, size_t namesize)" +Retrieve the name of the keytab `keytab' into `name', `namesize' +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context\&. +.br +\fIkeytab\fP the keytab to get the name for\&. +.br +\fIname\fP name buffer\&. +.br +\fInamesize\fP size of name buffer\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_type (krb5_context context, krb5_keytab keytab, char * prefix, size_t prefixsize)" +Return the type of the `keytab' in the string \fCprefix of length \fPprefixsize'\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context\&. +.br +\fIkeytab\fP the keytab to get the prefix for +.br +\fIprefix\fP prefix buffer +.br +\fIprefixsize\fP length of prefix buffer +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_have_content (krb5_context context, krb5_keytab id)" +Return true if the keytab exists and have entries +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context\&. +.br +\fIid\fP a keytab\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_next_entry (krb5_context context, krb5_keytab id, krb5_keytab_entry * entry, krb5_kt_cursor * cursor)" +Get the next entry from keytab, advance the cursor\&. On last entry the function will return KRB5_KT_END\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context\&. +.br +\fIid\fP a keytab\&. +.br +\fIentry\fP the returned entry, free with \fBkrb5_kt_free_entry()\fP\&. +.br +\fIcursor\fP the cursor of the iteration\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_read_service_key (krb5_context context, krb5_pointer keyprocarg, krb5_principal principal, krb5_kvno vno, krb5_enctype enctype, krb5_keyblock ** key)" +Read the key identified by `(principal, vno, enctype)' from the keytab in `keyprocarg' (the default if == NULL) into `*key'\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context\&. +.br +\fIkeyprocarg\fP +.br +\fIprincipal\fP +.br +\fIvno\fP +.br +\fIenctype\fP +.br +\fIkey\fP +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_register (krb5_context context, const krb5_kt_ops * ops)" +Register a new keytab backend\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context\&. +.br +\fIops\fP a backend to register\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_remove_entry (krb5_context context, krb5_keytab id, krb5_keytab_entry * entry)" +Remove an entry from the keytab, matching is done using \fBkrb5_kt_compare()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context\&. +.br +\fIid\fP a keytab\&. +.br +\fIentry\fP the entry to remove +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_resolve (krb5_context context, const char * name, krb5_keytab * id)" +Resolve the keytab name (of the form `type:residual') in `name' into a keytab in `id'\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context\&. +.br +\fIname\fP name to resolve +.br +\fIid\fP resulting keytab, free with \fBkrb5_kt_close()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_start_seq_get (krb5_context context, krb5_keytab id, krb5_kt_cursor * cursor)" +Set `cursor' to point at the beginning of `id'\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context\&. +.br +\fIid\fP a keytab\&. +.br +\fIcursor\fP a newly allocated cursor, free with \fBkrb5_kt_end_seq_get()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal Kerberos 5 library from the source code\&. diff --git a/kerberos5/man/krb5/man/man3/krb5_keytab_intro.3 b/kerberos5/man/krb5/man/man3/krb5_keytab_intro.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_keytab_intro.3 @@ -0,0 +1,71 @@ +.TH "krb5_keytab_intro" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal Kerberos 5 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_keytab_intro \- The keytab handing functions + +.SH "Kerberos Keytabs" +.PP +See the library functions here: \fBHeimdal Kerberos 5 keytab handling functions\fP +.PP +Keytabs are long term key storage for servers, their equvalment of password files\&. +.PP +Normally the only function that useful for server are to specify what keytab to use to other core functions like krb5_rd_req() \fBkrb5_kt_resolve()\fP, and \fBkrb5_kt_close()\fP\&. +.SS "Keytab names" +A keytab name is on the form type:residual\&. The residual part is specific to each keytab-type\&. +.PP +When a keytab-name is resolved, the type is matched with an internal list of keytab types\&. If there is no matching keytab type, the default keytab is used\&. The current default type is FILE\&. +.PP +The default value can be changed in the configuration file /etc/krb5\&.conf by setting the variable [defaults]default_keytab_name\&. +.PP +The keytab types that are implemented in Heimdal are: +.IP "\(bu" 2 +file store the keytab in a file, the type's name is FILE \&. The residual part is a filename\&. For compatibility with other Kerberos implemtation WRFILE and JAVA14 is also accepted\&. WRFILE has the same format as FILE\&. JAVA14 have a format that is compatible with older versions of MIT kerberos and SUN's Java based installation\&. They store a truncted kvno, so when the knvo excess 255, they are truncted in this format\&. +.IP "\(bu" 2 +keytab store the keytab in a AFS keyfile (usually /usr/afs/etc/KeyFile ), the type's name is AFSKEYFILE\&. The residual part is a filename\&. +.IP "\(bu" 2 +memory The keytab is stored in a memory segment\&. This allows sensitive and/or temporary data not to be stored on disk\&. The type's name is MEMORY\&. Each MEMORY keytab is referenced counted by and opened by the residual name, so two handles can point to the same memory area\&. When the last user closes using \fBkrb5_kt_close()\fP the keytab, the keys in they keytab is memset() to zero and freed and can no longer be looked up by name\&. +.PP +.SS "Keytab example" +This is a minimalistic version of ktutil\&. +.PP +.PP +.nf +int +main (int argc, char **argv) +{ + krb5_context context; + krb5_keytab keytab; + krb5_kt_cursor cursor; + krb5_keytab_entry entry; + krb5_error_code ret; + char *principal; + + if (krb5_init_context (&context) != 0) + errx(1, "krb5_context"); + + ret = krb5_kt_default (context, &keytab); + if (ret) + krb5_err(context, 1, ret, "krb5_kt_default"); + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if (ret) + krb5_err(context, 1, ret, "krb5_kt_start_seq_get"); + while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){ + krb5_unparse_name(context, entry\&.principal, &principal); + printf("principal: %s\n", principal); + free(principal); + krb5_kt_free_entry(context, &entry); + } + ret = krb5_kt_end_seq_get(context, keytab, &cursor); + if (ret) + krb5_err(context, 1, ret, "krb5_kt_end_seq_get"); + ret = krb5_kt_close(context, keytab); + if (ret) + krb5_err(context, 1, ret, "krb5_kt_close"); + krb5_free_context(context); + return 0; +} +.fi +.PP + diff --git a/kerberos5/man/krb5/man/man3/krb5_keytab_key_proc.3 b/kerberos5/man/krb5/man/man3/krb5_keytab_key_proc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_keytab_key_proc.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_keytype_to_enctypes.3 b/kerberos5/man/krb5/man/man3/krb5_keytype_to_enctypes.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_keytype_to_enctypes.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_keytype_to_enctypes_default.3 b/kerberos5/man/krb5/man/man3/krb5_keytype_to_enctypes_default.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_keytype_to_enctypes_default.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_keytype_to_string.3 b/kerberos5/man/krb5/man/man3/krb5_keytype_to_string.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_keytype_to_string.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_krbhst_get_addrinfo.3 b/kerberos5/man/krb5/man/man3/krb5_krbhst_get_addrinfo.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_krbhst_get_addrinfo.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_kt_add_entry.3 b/kerberos5/man/krb5/man/man3/krb5_kt_add_entry.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_kt_add_entry.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_kt_close.3 b/kerberos5/man/krb5/man/man3/krb5_kt_close.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_kt_close.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_kt_compare.3 b/kerberos5/man/krb5/man/man3/krb5_kt_compare.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_kt_compare.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_kt_copy_entry_contents.3 b/kerberos5/man/krb5/man/man3/krb5_kt_copy_entry_contents.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_kt_copy_entry_contents.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_kt_default.3 b/kerberos5/man/krb5/man/man3/krb5_kt_default.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_kt_default.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_kt_default_modify_name.3 b/kerberos5/man/krb5/man/man3/krb5_kt_default_modify_name.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_kt_default_modify_name.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_kt_default_name.3 b/kerberos5/man/krb5/man/man3/krb5_kt_default_name.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_kt_default_name.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_kt_destroy.3 b/kerberos5/man/krb5/man/man3/krb5_kt_destroy.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_kt_destroy.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_kt_end_seq_get.3 b/kerberos5/man/krb5/man/man3/krb5_kt_end_seq_get.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_kt_end_seq_get.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_kt_free_entry.3 b/kerberos5/man/krb5/man/man3/krb5_kt_free_entry.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_kt_free_entry.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_kt_get_entry.3 b/kerberos5/man/krb5/man/man3/krb5_kt_get_entry.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_kt_get_entry.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_kt_get_full_name.3 b/kerberos5/man/krb5/man/man3/krb5_kt_get_full_name.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_kt_get_full_name.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_kt_get_name.3 b/kerberos5/man/krb5/man/man3/krb5_kt_get_name.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_kt_get_name.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_kt_get_type.3 b/kerberos5/man/krb5/man/man3/krb5_kt_get_type.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_kt_get_type.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_kt_have_content.3 b/kerberos5/man/krb5/man/man3/krb5_kt_have_content.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_kt_have_content.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_kt_next_entry.3 b/kerberos5/man/krb5/man/man3/krb5_kt_next_entry.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_kt_next_entry.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_kt_read_service_key.3 b/kerberos5/man/krb5/man/man3/krb5_kt_read_service_key.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_kt_read_service_key.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_kt_register.3 b/kerberos5/man/krb5/man/man3/krb5_kt_register.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_kt_register.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_kt_remove_entry.3 b/kerberos5/man/krb5/man/man3/krb5_kt_remove_entry.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_kt_remove_entry.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_kt_resolve.3 b/kerberos5/man/krb5/man/man3/krb5_kt_resolve.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_kt_resolve.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_kt_start_seq_get.3 b/kerberos5/man/krb5/man/man3/krb5_kt_start_seq_get.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_kt_start_seq_get.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_kuserok.3 b/kerberos5/man/krb5/man/man3/krb5_kuserok.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_kuserok.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_make_addrport.3 b/kerberos5/man/krb5/man/man3/krb5_make_addrport.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_make_addrport.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_make_principal.3 b/kerberos5/man/krb5/man/man3/krb5_make_principal.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_make_principal.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_max_sockaddr_size.3 b/kerberos5/man/krb5/man/man3/krb5_max_sockaddr_size.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_max_sockaddr_size.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_mcc_ops.3 b/kerberos5/man/krb5/man/man3/krb5_mcc_ops.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_mcc_ops.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_pac.3 b/kerberos5/man/krb5/man/man3/krb5_pac.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_pac.3 @@ -0,0 +1,70 @@ +.TH "krb5_pac" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal Kerberos 5 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_pac \- Heimdal Kerberos 5 PAC handling functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_pac_get_buffer\fP (krb5_context context, krb5_pac p, uint32_t type, krb5_data *data)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_pac_verify\fP (krb5_context context, const krb5_pac pac, time_t authtime, krb5_const_principal principal, const krb5_keyblock *server, const krb5_keyblock *privsvr)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_get_buffer (krb5_context context, krb5_pac p, uint32_t type, krb5_data * data)" +Get the PAC buffer of specific type from the pac\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIp\fP the pac structure returned by krb5_pac_parse()\&. +.br +\fItype\fP type of buffer to get +.br +\fIdata\fP return data, free with \fBkrb5_data_free()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_verify (krb5_context context, const krb5_pac pac, time_t authtime, krb5_const_principal principal, const krb5_keyblock * server, const krb5_keyblock * privsvr)" +Verify the PAC\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIpac\fP the pac structure returned by krb5_pac_parse()\&. +.br +\fIauthtime\fP The time of the ticket the PAC belongs to\&. +.br +\fIprincipal\fP the principal to verify\&. +.br +\fIserver\fP The service key, most always be given\&. +.br +\fIprivsvr\fP The KDC key, may be given\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal Kerberos 5 library from the source code\&. diff --git a/kerberos5/man/krb5/man/man3/krb5_pac_get_buffer.3 b/kerberos5/man/krb5/man/man3/krb5_pac_get_buffer.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_pac_get_buffer.3 @@ -0,0 +1 @@ +.so man3/krb5_pac.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_pac_verify.3 b/kerberos5/man/krb5/man/man3/krb5_pac_verify.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_pac_verify.3 @@ -0,0 +1 @@ +.so man3/krb5_pac.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_parse_address.3 b/kerberos5/man/krb5/man/man3/krb5_parse_address.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_parse_address.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_parse_name.3 b/kerberos5/man/krb5/man/man3/krb5_parse_name.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_parse_name.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_parse_name_flags.3 b/kerberos5/man/krb5/man/man3/krb5_parse_name_flags.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_parse_name_flags.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_parse_nametype.3 b/kerberos5/man/krb5/man/man3/krb5_parse_nametype.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_parse_nametype.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_password_key_proc.3 b/kerberos5/man/krb5/man/man3/krb5_password_key_proc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_password_key_proc.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_plugin_register.3 b/kerberos5/man/krb5/man/man3/krb5_plugin_register.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_plugin_register.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_prepend_config_files_default.3 b/kerberos5/man/krb5/man/man3/krb5_prepend_config_files_default.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_prepend_config_files_default.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_prepend_error_message.3 b/kerberos5/man/krb5/man/man3/krb5_prepend_error_message.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_prepend_error_message.3 @@ -0,0 +1 @@ +.so man3/krb5_error.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_princ_realm.3 b/kerberos5/man/krb5/man/man3/krb5_princ_realm.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_princ_realm.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_princ_set_realm.3 b/kerberos5/man/krb5/man/man3/krb5_princ_set_realm.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_princ_set_realm.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_principal.3 b/kerberos5/man/krb5/man/man3/krb5_principal.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_principal.3 @@ -0,0 +1,538 @@ +.TH "krb5_principal" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal Kerberos 5 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_principal \- Heimdal Kerberos 5 principal functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_free_principal\fP (krb5_context context, krb5_principal p)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_principal_set_type\fP (krb5_context context, krb5_principal principal, int type)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_principal_get_type\fP (krb5_context context, krb5_const_principal principal)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_principal_get_realm\fP (krb5_context context, krb5_const_principal principal)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION unsigned int KRB5_LIB_CALL \fBkrb5_principal_get_num_comp\fP (krb5_context context, krb5_const_principal principal)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_parse_name_flags\fP (krb5_context context, const char *name, int flags, krb5_principal *principal)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_parse_name\fP (krb5_context context, const char *name, krb5_principal *principal)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_unparse_name_fixed\fP (krb5_context context, krb5_const_principal principal, char *name, size_t len)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_unparse_name_fixed_short\fP (krb5_context context, krb5_const_principal principal, char *name, size_t len)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_unparse_name_fixed_flags\fP (krb5_context context, krb5_const_principal principal, int flags, char *name, size_t len)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_unparse_name\fP (krb5_context context, krb5_const_principal principal, char **name)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_unparse_name_flags\fP (krb5_context context, krb5_const_principal principal, int flags, char **name)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_unparse_name_short\fP (krb5_context context, krb5_const_principal principal, char **name)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_principal_set_realm\fP (krb5_context context, krb5_principal principal, krb5_const_realm realm)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_build_principal\fP (krb5_context context, krb5_principal *principal, int rlen, krb5_const_realm realm,\&.\&.\&.)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_make_principal\fP (krb5_context context, krb5_principal *principal, krb5_const_realm realm,\&.\&.\&.)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_principal\fP (krb5_context context, krb5_const_principal inprinc, krb5_principal *outprinc)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_principal_compare_any_realm\fP (krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_principal_compare\fP (krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_realm_compare\fP (krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_principal_match\fP (krb5_context context, krb5_const_principal princ, krb5_const_principal pattern)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_parse_nametype\fP (krb5_context context, const char *str, int32_t *nametype)" +.br +.ti -1c +.RI "krb5_boolean KRB5_LIB_FUNCTION \fBkrb5_principal_is_null\fP (krb5_context context, krb5_const_principal principal)" +.br +.ti -1c +.RI "krb5_boolean KRB5_LIB_FUNCTION \fBkrb5_realm_is_lkdc\fP (const char *realm)" +.br +.ti -1c +.RI "krb5_boolean KRB5_LIB_FUNCTION \fBkrb5_principal_is_lkdc\fP (krb5_context context, krb5_const_principal principal)" +.br +.ti -1c +.RI "krb5_boolean KRB5_LIB_FUNCTION \fBkrb5_principal_is_pku2u\fP (krb5_context context, krb5_const_principal principal)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_principal_is_krbtgt\fP (krb5_context context, krb5_const_principal p)" +.br +.ti -1c +.RI "krb5_boolean KRB5_LIB_FUNCTION \fBkrb5_principal_is_gss_hostbased_service\fP (krb5_context context, krb5_const_principal principal)" +.br +.ti -1c +.RI "krb5_boolean KRB5_LIB_FUNCTION \fBkrb5_principal_is_root_krbtgt\fP (krb5_context context, krb5_const_principal p)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_principal_is_anonymous\fP (krb5_context context, krb5_const_principal p, unsigned int flags)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_sname_to_principal\fP (krb5_context context, const char *hostname, const char *sname, int32_t type, krb5_principal *ret_princ)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_principal (krb5_context context, krb5_principal * principal, int rlen, krb5_const_realm realm, \&.\&.\&.)" +Build a principal using vararg style building +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos context\&. +.br +\fIprincipal\fP returned principal +.br +\fIrlen\fP length of realm +.br +\fIrealm\fP realm name +.br +\fI\&.\&.\&.\fP a list of components ended with NULL\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An krb5 error code, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_principal (krb5_context context, krb5_const_principal inprinc, krb5_principal * outprinc)" +Copy a principal +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos context\&. +.br +\fIinprinc\fP principal to copy +.br +\fIoutprinc\fP copied principal, free with \fBkrb5_free_principal()\fP +.RE +.PP +\fBReturns\fP +.RS 4 +An krb5 error code, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_principal (krb5_context context, krb5_principal p)" +Frees a Kerberos principal allocated by the library with \fBkrb5_parse_name()\fP, \fBkrb5_make_principal()\fP or any other related principal functions\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos context\&. +.br +\fIp\fP a principal to free\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An krb5 error code, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_make_principal (krb5_context context, krb5_principal * principal, krb5_const_realm realm, \&.\&.\&.)" +Build a principal using vararg style building +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos context\&. +.br +\fIprincipal\fP returned principal +.br +\fIrealm\fP realm name +.br +\fI\&.\&.\&.\fP a list of components ended with NULL\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An krb5 error code, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_name (krb5_context context, const char * name, krb5_principal * principal)" +Parse a name into a krb5_principal structure +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIname\fP name to parse into a Kerberos principal +.br +\fIprincipal\fP returned principal, free with \fBkrb5_free_principal()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An krb5 error code, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_name_flags (krb5_context context, const char * name, int flags, krb5_principal * principal)" +Parse a name into a krb5_principal structure, flags controls the behavior\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIname\fP name to parse into a Kerberos principal +.br +\fIflags\fP flags to control the behavior +.br +\fIprincipal\fP returned principal, free with \fBkrb5_free_principal()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An krb5 error code, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_nametype (krb5_context context, const char * str, int32_t * nametype)" +Parse nametype string and return a nametype integer +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_compare (krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)" +Compares the two principals, including realm of the principals and returns TRUE if they are the same and FALSE if not\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIprinc1\fP first principal to compare +.br +\fIprinc2\fP second principal to compare +.RE +.PP +\fBSee also\fP +.RS 4 +\fBkrb5_principal_compare_any_realm()\fP +.PP +\fBkrb5_realm_compare()\fP +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_compare_any_realm (krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)" +Return TRUE iff princ1 == princ2 (without considering the realm) +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIprinc1\fP first principal to compare +.br +\fIprinc2\fP second principal to compare +.RE +.PP +\fBReturns\fP +.RS 4 +non zero if equal, 0 if not +.RE +.PP +\fBSee also\fP +.RS 4 +\fBkrb5_principal_compare()\fP +.PP +\fBkrb5_realm_compare()\fP +.RE +.PP + +.SS "KRB5_LIB_FUNCTION unsigned int KRB5_LIB_CALL krb5_principal_get_num_comp (krb5_context context, krb5_const_principal principal)" +Get number of component is principal\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIprincipal\fP principal to query +.RE +.PP +\fBReturns\fP +.RS 4 +number of components in string +.RE +.PP + +.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_principal_get_realm (krb5_context context, krb5_const_principal principal)" +Get the realm of the principal +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos context\&. +.br +\fIprincipal\fP principal to get the realm for +.RE +.PP +\fBReturns\fP +.RS 4 +realm of the principal, don't free or use after krb5_principal is freed +.RE +.PP + +.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_principal_get_type (krb5_context context, krb5_const_principal principal)" +Get the type of the principal +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos context\&. +.br +\fIprincipal\fP principal to get the type for +.RE +.PP +\fBReturns\fP +.RS 4 +the type of principal +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_is_anonymous (krb5_context context, krb5_const_principal p, unsigned int flags)" +Returns true iff name is WELLKNOWN/ANONYMOUS +.SS "krb5_boolean KRB5_LIB_FUNCTION krb5_principal_is_gss_hostbased_service (krb5_context context, krb5_const_principal principal)" +Returns true iff name is an WELLKNOWN:ORG\&.H5L\&.HOSTBASED-SERVICE +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_is_krbtgt (krb5_context context, krb5_const_principal p)" +Check if the cname part of the principal is a krbtgt principal +.SS "krb5_boolean KRB5_LIB_FUNCTION krb5_principal_is_lkdc (krb5_context context, krb5_const_principal principal)" +Returns true if name is Kerberos an LKDC realm +.SS "krb5_boolean KRB5_LIB_FUNCTION krb5_principal_is_null (krb5_context context, krb5_const_principal principal)" +Returns true if name is Kerberos NULL name +.SS "krb5_boolean KRB5_LIB_FUNCTION krb5_principal_is_pku2u (krb5_context context, krb5_const_principal principal)" +Returns true if name is Kerberos an LKDC realm +.SS "krb5_boolean KRB5_LIB_FUNCTION krb5_principal_is_root_krbtgt (krb5_context context, krb5_const_principal p)" +Check if the cname part of the principal is a initial or renewed krbtgt principal +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_match (krb5_context context, krb5_const_principal princ, krb5_const_principal pattern)" +return TRUE iff princ matches pattern +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_principal_set_realm (krb5_context context, krb5_principal principal, krb5_const_realm realm)" +Set a new realm for a principal, and as a side-effect free the previous realm\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos context\&. +.br +\fIprincipal\fP principal set the realm for +.br +\fIrealm\fP the new realm to set +.RE +.PP +\fBReturns\fP +.RS 4 +An krb5 error code, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_principal_set_type (krb5_context context, krb5_principal principal, int type)" +Set the type of the principal +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos context\&. +.br +\fIprincipal\fP principal to set the type for +.br +\fItype\fP the new type +.RE +.PP +\fBReturns\fP +.RS 4 +An krb5 error code, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_realm_compare (krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)" +return TRUE iff realm(princ1) == realm(princ2) +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIprinc1\fP first principal to compare +.br +\fIprinc2\fP second principal to compare +.RE +.PP +\fBSee also\fP +.RS 4 +\fBkrb5_principal_compare_any_realm()\fP +.PP +\fBkrb5_principal_compare()\fP +.RE +.PP + +.SS "krb5_boolean KRB5_LIB_FUNCTION krb5_realm_is_lkdc (const char * realm)" +Returns true if name is Kerberos an LKDC realm +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sname_to_principal (krb5_context context, const char * hostname, const char * sname, int32_t type, krb5_principal * ret_princ)" +Create a principal for the given service running on the given hostname\&. If KRB5_NT_SRV_HST is used, the hostname is canonicalized according the configured name canonicalization rules, with canonicalization delayed in some cases\&. One rule involves DNS, which is insecure unless DNSSEC is used, but we don't use DNSSEC-capable resolver APIs here, so that if DNSSEC is used we wouldn't know it\&. +.PP +Canonicalization is immediate (not delayed) only when there is only one canonicalization rule and that rule indicates that we should do a host lookup by name (i\&.e\&., DNS)\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos context\&. +.br +\fIhostname\fP hostname to use +.br +\fIsname\fP Service name to use +.br +\fItype\fP name type of principal, use KRB5_NT_SRV_HST or KRB5_NT_UNKNOWN\&. +.br +\fIret_princ\fP return principal, free with \fBkrb5_free_principal()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An krb5 error code, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name (krb5_context context, krb5_const_principal principal, char ** name)" +Unparse the Kerberos name into a string +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIprincipal\fP principal to query +.br +\fIname\fP resulting string, free with krb5_xfree() +.RE +.PP +\fBReturns\fP +.RS 4 +An krb5 error code, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed (krb5_context context, krb5_const_principal principal, char * name, size_t len)" +Unparse the principal name to a fixed buffer +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos context\&. +.br +\fIprincipal\fP principal to unparse +.br +\fIname\fP buffer to write name to +.br +\fIlen\fP length of buffer +.RE +.PP +\fBReturns\fP +.RS 4 +An krb5 error code, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed_flags (krb5_context context, krb5_const_principal principal, int flags, char * name, size_t len)" +Unparse the principal name with unparse flags to a fixed buffer\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos context\&. +.br +\fIprincipal\fP principal to unparse +.br +\fIflags\fP unparse flags +.br +\fIname\fP buffer to write name to +.br +\fIlen\fP length of buffer +.RE +.PP +\fBReturns\fP +.RS 4 +An krb5 error code, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed_short (krb5_context context, krb5_const_principal principal, char * name, size_t len)" +Unparse the principal name to a fixed buffer\&. The realm is skipped if its a default realm\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos context\&. +.br +\fIprincipal\fP principal to unparse +.br +\fIname\fP buffer to write name to +.br +\fIlen\fP length of buffer +.RE +.PP +\fBReturns\fP +.RS 4 +An krb5 error code, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_flags (krb5_context context, krb5_const_principal principal, int flags, char ** name)" +Unparse the Kerberos name into a string +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIprincipal\fP principal to query +.br +\fIflags\fP flag to determine the behavior +.br +\fIname\fP resulting string, free with krb5_xfree() +.RE +.PP +\fBReturns\fP +.RS 4 +An krb5 error code, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_short (krb5_context context, krb5_const_principal principal, char ** name)" +Unparse the principal name to a allocated buffer\&. The realm is skipped if its a default realm\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos context\&. +.br +\fIprincipal\fP principal to unparse +.br +\fIname\fP returned buffer, free with krb5_xfree() +.RE +.PP +\fBReturns\fP +.RS 4 +An krb5 error code, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal Kerberos 5 library from the source code\&. diff --git a/kerberos5/man/krb5/man/man3/krb5_principal_compare.3 b/kerberos5/man/krb5/man/man3/krb5_principal_compare.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_principal_compare.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_principal_compare_any_realm.3 b/kerberos5/man/krb5/man/man3/krb5_principal_compare_any_realm.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_principal_compare_any_realm.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_principal_get_num_comp.3 b/kerberos5/man/krb5/man/man3/krb5_principal_get_num_comp.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_principal_get_num_comp.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_principal_get_realm.3 b/kerberos5/man/krb5/man/man3/krb5_principal_get_realm.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_principal_get_realm.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_principal_get_type.3 b/kerberos5/man/krb5/man/man3/krb5_principal_get_type.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_principal_get_type.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_principal_intro.3 b/kerberos5/man/krb5/man/man3/krb5_principal_intro.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_principal_intro.3 @@ -0,0 +1,16 @@ +.TH "krb5_principal_intro" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal Kerberos 5 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_principal_intro \- The principal handing functions\&. +A Kerberos principal is a email address looking string that contains two parts separated by . The second part is the kerberos realm the principal belongs to and the first is a list of 0 or more components\&. For example +.PP +.nf +lha@SU.SE +host/hummel.it.su.se@SU.SE +host/admin@H5L.ORG + +.fi +.PP +.PP +See the library functions here: \fBHeimdal Kerberos 5 principal functions\fP diff --git a/kerberos5/man/krb5/man/man3/krb5_principal_is_anonymous.3 b/kerberos5/man/krb5/man/man3/krb5_principal_is_anonymous.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_principal_is_anonymous.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_principal_is_gss_hostbased_service.3 b/kerberos5/man/krb5/man/man3/krb5_principal_is_gss_hostbased_service.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_principal_is_gss_hostbased_service.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_principal_is_krbtgt.3 b/kerberos5/man/krb5/man/man3/krb5_principal_is_krbtgt.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_principal_is_krbtgt.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_principal_is_lkdc.3 b/kerberos5/man/krb5/man/man3/krb5_principal_is_lkdc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_principal_is_lkdc.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_principal_is_null.3 b/kerberos5/man/krb5/man/man3/krb5_principal_is_null.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_principal_is_null.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_principal_is_pku2u.3 b/kerberos5/man/krb5/man/man3/krb5_principal_is_pku2u.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_principal_is_pku2u.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_principal_is_root_krbtgt.3 b/kerberos5/man/krb5/man/man3/krb5_principal_is_root_krbtgt.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_principal_is_root_krbtgt.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_principal_match.3 b/kerberos5/man/krb5/man/man3/krb5_principal_match.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_principal_match.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_principal_set_realm.3 b/kerberos5/man/krb5/man/man3/krb5_principal_set_realm.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_principal_set_realm.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_principal_set_type.3 b/kerberos5/man/krb5/man/man3/krb5_principal_set_type.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_principal_set_type.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_print_address.3 b/kerberos5/man/krb5/man/man3/krb5_print_address.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_print_address.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_random_to_key.3 b/kerberos5/man/krb5/man/man3/krb5_random_to_key.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_random_to_key.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_rd_req_ctx.3 b/kerberos5/man/krb5/man/man3/krb5_rd_req_ctx.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_rd_req_ctx.3 @@ -0,0 +1 @@ +.so man3/krb5_auth.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_rd_req_in_ctx_alloc.3 b/kerberos5/man/krb5/man/man3/krb5_rd_req_in_ctx_alloc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_rd_req_in_ctx_alloc.3 @@ -0,0 +1 @@ +.so man3/krb5_auth.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_rd_req_in_set_keytab.3 b/kerberos5/man/krb5/man/man3/krb5_rd_req_in_set_keytab.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_rd_req_in_set_keytab.3 @@ -0,0 +1 @@ +.so man3/krb5_auth.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_rd_req_in_set_pac_check.3 b/kerberos5/man/krb5/man/man3/krb5_rd_req_in_set_pac_check.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_rd_req_in_set_pac_check.3 @@ -0,0 +1 @@ +.so man3/krb5_auth.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_rd_req_out_ctx_free.3 b/kerberos5/man/krb5/man/man3/krb5_rd_req_out_ctx_free.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_rd_req_out_ctx_free.3 @@ -0,0 +1 @@ +.so man3/krb5_auth.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_rd_req_out_get_server.3 b/kerberos5/man/krb5/man/man3/krb5_rd_req_out_get_server.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_rd_req_out_get_server.3 @@ -0,0 +1 @@ +.so man3/krb5_auth.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_realm_compare.3 b/kerberos5/man/krb5/man/man3/krb5_realm_compare.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_realm_compare.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_realm_is_lkdc.3 b/kerberos5/man/krb5/man/man3/krb5_realm_is_lkdc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_realm_is_lkdc.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_ret_address.3 b/kerberos5/man/krb5/man/man3/krb5_ret_address.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_ret_address.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_ret_addrs.3 b/kerberos5/man/krb5/man/man3/krb5_ret_addrs.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_ret_addrs.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_ret_authdata.3 b/kerberos5/man/krb5/man/man3/krb5_ret_authdata.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_ret_authdata.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_ret_creds.3 b/kerberos5/man/krb5/man/man3/krb5_ret_creds.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_ret_creds.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_ret_creds_tag.3 b/kerberos5/man/krb5/man/man3/krb5_ret_creds_tag.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_ret_creds_tag.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_ret_data.3 b/kerberos5/man/krb5/man/man3/krb5_ret_data.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_ret_data.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_ret_int16.3 b/kerberos5/man/krb5/man/man3/krb5_ret_int16.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_ret_int16.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_ret_int32.3 b/kerberos5/man/krb5/man/man3/krb5_ret_int32.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_ret_int32.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_ret_int64.3 b/kerberos5/man/krb5/man/man3/krb5_ret_int64.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_ret_int64.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_ret_int8.3 b/kerberos5/man/krb5/man/man3/krb5_ret_int8.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_ret_int8.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_ret_keyblock.3 b/kerberos5/man/krb5/man/man3/krb5_ret_keyblock.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_ret_keyblock.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_ret_principal.3 b/kerberos5/man/krb5/man/man3/krb5_ret_principal.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_ret_principal.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_ret_string.3 b/kerberos5/man/krb5/man/man3/krb5_ret_string.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_ret_string.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_ret_stringz.3 b/kerberos5/man/krb5/man/man3/krb5_ret_stringz.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_ret_stringz.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_ret_times.3 b/kerberos5/man/krb5/man/man3/krb5_ret_times.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_ret_times.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_ret_uint16.3 b/kerberos5/man/krb5/man/man3/krb5_ret_uint16.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_ret_uint16.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_ret_uint32.3 b/kerberos5/man/krb5/man/man3/krb5_ret_uint32.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_ret_uint32.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_ret_uint64.3 b/kerberos5/man/krb5/man/man3/krb5_ret_uint64.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_ret_uint64.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_ret_uint8.3 b/kerberos5/man/krb5/man/man3/krb5_ret_uint8.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_ret_uint8.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_set_config_files.3 b/kerberos5/man/krb5/man/man3/krb5_set_config_files.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_set_config_files.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_set_default_in_tkt_etypes.3 b/kerberos5/man/krb5/man/man3/krb5_set_default_in_tkt_etypes.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_set_default_in_tkt_etypes.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_set_dns_canonicalize_hostname.3 b/kerberos5/man/krb5/man/man3/krb5_set_dns_canonicalize_hostname.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_set_dns_canonicalize_hostname.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_set_error_message.3 b/kerberos5/man/krb5/man/man3/krb5_set_error_message.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_set_error_message.3 @@ -0,0 +1 @@ +.so man3/krb5_error.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_set_error_string.3 b/kerberos5/man/krb5/man/man3/krb5_set_error_string.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_set_error_string.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_set_extra_addresses.3 b/kerberos5/man/krb5/man/man3/krb5_set_extra_addresses.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_set_extra_addresses.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_set_fcache_version.3 b/kerberos5/man/krb5/man/man3/krb5_set_fcache_version.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_set_fcache_version.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_set_home_dir_access.3 b/kerberos5/man/krb5/man/man3/krb5_set_home_dir_access.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_set_home_dir_access.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_set_ignore_addresses.3 b/kerberos5/man/krb5/man/man3/krb5_set_ignore_addresses.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_set_ignore_addresses.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_set_kdc_sec_offset.3 b/kerberos5/man/krb5/man/man3/krb5_set_kdc_sec_offset.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_set_kdc_sec_offset.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_set_max_time_skew.3 b/kerberos5/man/krb5/man/man3/krb5_set_max_time_skew.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_set_max_time_skew.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_set_password.3 b/kerberos5/man/krb5/man/man3/krb5_set_password.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_set_password.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_set_real_time.3 b/kerberos5/man/krb5/man/man3/krb5_set_real_time.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_set_real_time.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_set_use_admin_kdc.3 b/kerberos5/man/krb5/man/man3/krb5_set_use_admin_kdc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_set_use_admin_kdc.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_set_warn_dest.3 b/kerberos5/man/krb5/man/man3/krb5_set_warn_dest.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_set_warn_dest.3 @@ -0,0 +1 @@ +.so man3/krb5_error.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_sname_to_principal.3 b/kerberos5/man/krb5/man/man3/krb5_sname_to_principal.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_sname_to_principal.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_sockaddr2address.3 b/kerberos5/man/krb5/man/man3/krb5_sockaddr2address.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_sockaddr2address.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_sockaddr2port.3 b/kerberos5/man/krb5/man/man3/krb5_sockaddr2port.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_sockaddr2port.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_sockaddr_uninteresting.3 b/kerberos5/man/krb5/man/man3/krb5_sockaddr_uninteresting.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_sockaddr_uninteresting.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_storage.3 b/kerberos5/man/krb5/man/man3/krb5_storage.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_storage.3 @@ -0,0 +1,1134 @@ +.TH "krb5_storage" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal Kerberos 5 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_storage \- Heimdal Kerberos 5 storage functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_storage_set_flags\fP (krb5_storage *sp, krb5_flags flags)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_storage_clear_flags\fP (krb5_storage *sp, krb5_flags flags)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_storage_is_flags\fP (krb5_storage *sp, krb5_flags flags)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_storage_set_byteorder\fP (krb5_storage *sp, krb5_flags byteorder)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_flags KRB5_LIB_CALL \fBkrb5_storage_get_byteorder\fP (krb5_storage *sp)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_storage_set_max_alloc\fP (krb5_storage *sp, size_t size)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION off_t KRB5_LIB_CALL \fBkrb5_storage_seek\fP (krb5_storage *sp, off_t offset, int whence)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_storage_truncate\fP (krb5_storage *sp, off_t offset)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_storage_fsync\fP (krb5_storage *sp)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL \fBkrb5_storage_read\fP (krb5_storage *sp, void *buf, size_t len)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL \fBkrb5_storage_write\fP (krb5_storage *sp, const void *buf, size_t len)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_storage_set_eof_code\fP (krb5_storage *sp, int code)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_storage_get_eof_code\fP (krb5_storage *sp)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_storage_free\fP (krb5_storage *sp)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_storage_to_data\fP (krb5_storage *sp, krb5_data *data)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_int32\fP (krb5_storage *sp, int32_t value)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_int64\fP (krb5_storage *sp, int64_t value)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_uint32\fP (krb5_storage *sp, uint32_t value)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_uint64\fP (krb5_storage *sp, uint64_t value)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_int64\fP (krb5_storage *sp, int64_t *value)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_uint64\fP (krb5_storage *sp, uint64_t *value)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_int32\fP (krb5_storage *sp, int32_t *value)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_uint32\fP (krb5_storage *sp, uint32_t *value)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_int16\fP (krb5_storage *sp, int16_t value)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_uint16\fP (krb5_storage *sp, uint16_t value)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_int16\fP (krb5_storage *sp, int16_t *value)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_uint16\fP (krb5_storage *sp, uint16_t *value)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_int8\fP (krb5_storage *sp, int8_t value)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_uint8\fP (krb5_storage *sp, uint8_t value)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_int8\fP (krb5_storage *sp, int8_t *value)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_uint8\fP (krb5_storage *sp, uint8_t *value)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_data\fP (krb5_storage *sp, krb5_data data)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_data\fP (krb5_storage *sp, krb5_data *data)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_string\fP (krb5_storage *sp, const char *s)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_string\fP (krb5_storage *sp, char **string)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_stringz\fP (krb5_storage *sp, const char *s)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_stringz\fP (krb5_storage *sp, char **string)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_principal\fP (krb5_storage *sp, krb5_const_principal p)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_principal\fP (krb5_storage *sp, krb5_principal *princ)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_keyblock\fP (krb5_storage *sp, krb5_keyblock p)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_keyblock\fP (krb5_storage *sp, krb5_keyblock *p)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_times\fP (krb5_storage *sp, krb5_times times)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_times\fP (krb5_storage *sp, krb5_times *times)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_address\fP (krb5_storage *sp, krb5_address p)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_address\fP (krb5_storage *sp, krb5_address *adr)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_addrs\fP (krb5_storage *sp, krb5_addresses p)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_addrs\fP (krb5_storage *sp, krb5_addresses *adr)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_authdata\fP (krb5_storage *sp, krb5_authdata auth)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_authdata\fP (krb5_storage *sp, krb5_authdata *auth)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_creds\fP (krb5_storage *sp, krb5_creds *creds)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_creds\fP (krb5_storage *sp, krb5_creds *creds)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_creds_tag\fP (krb5_storage *sp, krb5_creds *creds)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_creds_tag\fP (krb5_storage *sp, krb5_creds *creds)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_storage *KRB5_LIB_CALL \fBkrb5_storage_emem\fP (void)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_storage *KRB5_LIB_CALL \fBkrb5_storage_from_fd\fP (int fd_in)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_storage *KRB5_LIB_CALL \fBkrb5_storage_from_mem\fP (void *buf, size_t len)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_storage *KRB5_LIB_CALL \fBkrb5_storage_from_data\fP (krb5_data *data)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_storage *KRB5_LIB_CALL \fBkrb5_storage_from_readonly_mem\fP (const void *buf, size_t len)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_storage *KRB5_LIB_CALL \fBkrb5_storage_from_socket\fP (krb5_socket_t sock_in)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_address (krb5_storage * sp, krb5_address * adr)" +Read a address block from the storage\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIadr\fP the address block read from storage +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_addrs (krb5_storage * sp, krb5_addresses * adr)" +Read a addresses block from the storage\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIadr\fP the addresses block read from storage +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_authdata (krb5_storage * sp, krb5_authdata * auth)" +Read a auth data from the storage\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIauth\fP the auth data block read from storage +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_creds (krb5_storage * sp, krb5_creds * creds)" +Read a credentials block from the storage\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIcreds\fP the credentials block read from storage +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_creds_tag (krb5_storage * sp, krb5_creds * creds)" +Read a tagged credentials block from the storage\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIcreds\fP the credentials block read from storage +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_data (krb5_storage * sp, krb5_data * data)" +Parse a data from the storage\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to read from +.br +\fIdata\fP the parsed data +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int16 (krb5_storage * sp, int16_t * value)" +Read a int16 from storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage to write too +.br +\fIvalue\fP the value read from the buffer +.RE +.PP +\fBReturns\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int32 (krb5_storage * sp, int32_t * value)" +Read a int32 from storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage to write too +.br +\fIvalue\fP the value read from the buffer +.RE +.PP +\fBReturns\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int64 (krb5_storage * sp, int64_t * value)" +Read a int64 from storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage to write too +.br +\fIvalue\fP the value read from the buffer +.RE +.PP +\fBReturns\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int8 (krb5_storage * sp, int8_t * value)" +Read a int8 from storage +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage to write too +.br +\fIvalue\fP the value read from the buffer +.RE +.PP +\fBReturns\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_keyblock (krb5_storage * sp, krb5_keyblock * p)" +Read a keyblock from the storage\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIp\fP the keyblock read from storage, free using \fBkrb5_free_keyblock()\fP +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_principal (krb5_storage * sp, krb5_principal * princ)" +Parse principal from the storage\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to read from +.br +\fIprinc\fP the parsed principal +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_string (krb5_storage * sp, char ** string)" +Parse a string from the storage\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to read from +.br +\fIstring\fP the parsed string +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_stringz (krb5_storage * sp, char ** string)" +Parse zero terminated string from the storage\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to read from +.br +\fIstring\fP the parsed string +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_times (krb5_storage * sp, krb5_times * times)" +Read a times block from the storage\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fItimes\fP the times block read from storage +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint16 (krb5_storage * sp, uint16_t * value)" +Read a int16 from storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage to write too +.br +\fIvalue\fP the value read from the buffer +.RE +.PP +\fBReturns\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint32 (krb5_storage * sp, uint32_t * value)" +Read a uint32 from storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage to write too +.br +\fIvalue\fP the value read from the buffer +.RE +.PP +\fBReturns\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint64 (krb5_storage * sp, uint64_t * value)" +Read a uint64 from storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage to write too +.br +\fIvalue\fP the value read from the buffer +.RE +.PP +\fBReturns\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint8 (krb5_storage * sp, uint8_t * value)" +Read a uint8 from storage +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage to write too +.br +\fIvalue\fP the value read from the buffer +.RE +.PP +\fBReturns\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_clear_flags (krb5_storage * sp, krb5_flags flags)" +Clear the flags on a storage buffer +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to clear the flags on +.br +\fIflags\fP the flags to clear +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_storage* KRB5_LIB_CALL krb5_storage_emem (void)" +Create a elastic (allocating) memory storage backend\&. Memory is allocated on demand\&. Free returned krb5_storage with \fBkrb5_storage_free()\fP\&. +.PP +\fBReturns\fP +.RS 4 +A krb5_storage on success, or NULL on out of memory error\&. +.RE +.PP +\fBSee also\fP +.RS 4 +\fBkrb5_storage_from_mem()\fP +.PP +\fBkrb5_storage_from_readonly_mem()\fP +.PP +\fBkrb5_storage_from_fd()\fP +.PP +\fBkrb5_storage_from_data()\fP +.PP +\fBkrb5_storage_from_socket()\fP +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_storage_free (krb5_storage * sp)" +Free a krb5 storage\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage to free\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An Kerberos 5 error code\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_storage* KRB5_LIB_CALL krb5_storage_from_data (krb5_data * data)" +Create a fixed size memory storage block +.PP +\fBReturns\fP +.RS 4 +A krb5_storage on success, or NULL on out of memory error\&. +.RE +.PP +\fBSee also\fP +.RS 4 +krb5_storage_mem() +.PP +\fBkrb5_storage_from_mem()\fP +.PP +\fBkrb5_storage_from_readonly_mem()\fP +.PP +\fBkrb5_storage_from_fd()\fP +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_storage* KRB5_LIB_CALL krb5_storage_from_fd (int fd_in)" + +.PP +\fBReturns\fP +.RS 4 +A krb5_storage on success, or NULL on out of memory error\&. +.RE +.PP +\fBSee also\fP +.RS 4 +\fBkrb5_storage_emem()\fP +.PP +\fBkrb5_storage_from_mem()\fP +.PP +\fBkrb5_storage_from_readonly_mem()\fP +.PP +\fBkrb5_storage_from_data()\fP +.PP +\fBkrb5_storage_from_socket()\fP +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_storage* KRB5_LIB_CALL krb5_storage_from_mem (void * buf, size_t len)" +Create a fixed size memory storage block +.PP +\fBReturns\fP +.RS 4 +A krb5_storage on success, or NULL on out of memory error\&. +.RE +.PP +\fBSee also\fP +.RS 4 +krb5_storage_mem() +.PP +\fBkrb5_storage_from_readonly_mem()\fP +.PP +\fBkrb5_storage_from_data()\fP +.PP +\fBkrb5_storage_from_fd()\fP +.PP +\fBkrb5_storage_from_socket()\fP +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_storage* KRB5_LIB_CALL krb5_storage_from_readonly_mem (const void * buf, size_t len)" +Create a fixed size memory storage block that is read only +.PP +\fBReturns\fP +.RS 4 +A krb5_storage on success, or NULL on out of memory error\&. +.RE +.PP +\fBSee also\fP +.RS 4 +krb5_storage_mem() +.PP +\fBkrb5_storage_from_mem()\fP +.PP +\fBkrb5_storage_from_data()\fP +.PP +\fBkrb5_storage_from_fd()\fP +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_storage* KRB5_LIB_CALL krb5_storage_from_socket (krb5_socket_t sock_in)" + +.PP +\fBReturns\fP +.RS 4 +A krb5_storage on success, or NULL on out of memory error\&. +.RE +.PP +\fBSee also\fP +.RS 4 +\fBkrb5_storage_emem()\fP +.PP +\fBkrb5_storage_from_mem()\fP +.PP +\fBkrb5_storage_from_readonly_mem()\fP +.PP +\fBkrb5_storage_from_data()\fP +.PP +\fBkrb5_storage_from_fd()\fP +.RE +.PP + +.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_storage_fsync (krb5_storage * sp)" +Sync the storage buffer to its backing store\&. If there is no backing store this function will return success\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to sync +.RE +.PP +\fBReturns\fP +.RS 4 +A Kerberos 5 error code +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_flags KRB5_LIB_CALL krb5_storage_get_byteorder (krb5_storage * sp)" +Return the current byteorder for the buffer\&. See \fBkrb5_storage_set_byteorder()\fP for the list or byte order contants\&. +.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_storage_get_eof_code (krb5_storage * sp)" +Get the return code that will be used when end of storage is reached\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage +.RE +.PP +\fBReturns\fP +.RS 4 +storage error code +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_storage_is_flags (krb5_storage * sp, krb5_flags flags)" +Return true or false depending on if the storage flags is set or not\&. NB testing for the flag 0 always return true\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to check flags on +.br +\fIflags\fP The flags to test for +.RE +.PP +\fBReturns\fP +.RS 4 +true if all the flags are set, false if not\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_storage_read (krb5_storage * sp, void * buf, size_t len)" +Read to the storage buffer\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to read from +.br +\fIbuf\fP the buffer to store the data in +.br +\fIlen\fP the length to read +.RE +.PP +\fBReturns\fP +.RS 4 +The length of data read (can be shorter then len), or negative on error\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION off_t KRB5_LIB_CALL krb5_storage_seek (krb5_storage * sp, off_t offset, int whence)" +Seek to a new offset\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to seek in\&. +.br +\fIoffset\fP the offset to seek +.br +\fIwhence\fP relateive searching, SEEK_CUR from the current position, SEEK_END from the end, SEEK_SET absolute from the start\&. +.RE +.PP +\fBReturns\fP +.RS 4 +The new current offset +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_byteorder (krb5_storage * sp, krb5_flags byteorder)" +Set the new byte order of the storage buffer\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to set the byte order for\&. +.br +\fIbyteorder\fP the new byte order\&. +.RE +.PP +The byte order are: KRB5_STORAGE_BYTEORDER_BE, KRB5_STORAGE_BYTEORDER_LE and KRB5_STORAGE_BYTEORDER_HOST\&. +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_eof_code (krb5_storage * sp, int code)" +Set the return code that will be used when end of storage is reached\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage +.br +\fIcode\fP the error code to return on end of storage +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_flags (krb5_storage * sp, krb5_flags flags)" +Add the flags on a storage buffer by or-ing in the flags to the buffer\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to set the flags on +.br +\fIflags\fP the flags to set +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_max_alloc (krb5_storage * sp, size_t size)" +Set the max alloc value +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer set the max allow for +.br +\fIsize\fP maximum size to allocate, use 0 to remove limit +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_storage_to_data (krb5_storage * sp, krb5_data * data)" +Copy the contnent of storage +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage to copy to a data +.br +\fIdata\fP the copied data, free with \fBkrb5_data_free()\fP +.RE +.PP +\fBReturns\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_storage_truncate (krb5_storage * sp, off_t offset)" +Truncate the storage buffer in sp to offset\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to truncate\&. +.br +\fIoffset\fP the offset to truncate too\&. +.RE +.PP +\fBReturns\fP +.RS 4 +An Kerberos 5 error code\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_storage_write (krb5_storage * sp, const void * buf, size_t len)" +Write to the storage buffer\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIbuf\fP the buffer to write to the storage buffer +.br +\fIlen\fP the length to write +.RE +.PP +\fBReturns\fP +.RS 4 +The length of data written (can be shorter then len), or negative on error\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_address (krb5_storage * sp, krb5_address p)" +Write a address block to storage\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIp\fP the address block to write\&. +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_addrs (krb5_storage * sp, krb5_addresses p)" +Write a addresses block to storage\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIp\fP the addresses block to write\&. +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_authdata (krb5_storage * sp, krb5_authdata auth)" +Write a auth data block to storage\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIauth\fP the auth data block to write\&. +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_creds (krb5_storage * sp, krb5_creds * creds)" +Write a credentials block to storage\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIcreds\fP the creds block to write\&. +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_creds_tag (krb5_storage * sp, krb5_creds * creds)" +Write a tagged credentials block to storage\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIcreds\fP the creds block to write\&. +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_data (krb5_storage * sp, krb5_data data)" +Store a data to the storage\&. The data is stored with an int32 as lenght plus the data (not padded)\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIdata\fP the buffer to store\&. +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int16 (krb5_storage * sp, int16_t value)" +Store a int16 to storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage to write too +.br +\fIvalue\fP the value to store +.RE +.PP +\fBReturns\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int32 (krb5_storage * sp, int32_t value)" +Store a int32 to storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage to write too +.br +\fIvalue\fP the value to store +.RE +.PP +\fBReturns\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int64 (krb5_storage * sp, int64_t value)" +Store a int64 to storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage to write too +.br +\fIvalue\fP the value to store +.RE +.PP +\fBReturns\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int8 (krb5_storage * sp, int8_t value)" +Store a int8 to storage\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage to write too +.br +\fIvalue\fP the value to store +.RE +.PP +\fBReturns\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_keyblock (krb5_storage * sp, krb5_keyblock p)" +Store a keyblock to the storage\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIp\fP the keyblock to write +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_principal (krb5_storage * sp, krb5_const_principal p)" +Write a principal block to storage\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIp\fP the principal block to write\&. +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_string (krb5_storage * sp, const char * s)" +Store a string to the buffer\&. The data is formated as an len:uint32 plus the string itself (not padded)\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIs\fP the string to store\&. +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_stringz (krb5_storage * sp, const char * s)" +Store a zero terminated string to the buffer\&. The data is stored one character at a time until a NUL is stored\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIs\fP the string to store\&. +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_times (krb5_storage * sp, krb5_times times)" +Write a times block to storage\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fItimes\fP the times block to write\&. +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint16 (krb5_storage * sp, uint16_t value)" +Store a uint16 to storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage to write too +.br +\fIvalue\fP the value to store +.RE +.PP +\fBReturns\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint32 (krb5_storage * sp, uint32_t value)" +Store a uint32 to storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage to write too +.br +\fIvalue\fP the value to store +.RE +.PP +\fBReturns\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint64 (krb5_storage * sp, uint64_t value)" +Store a uint64 to storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage to write too +.br +\fIvalue\fP the value to store +.RE +.PP +\fBReturns\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint8 (krb5_storage * sp, uint8_t value)" +Store a uint8 to storage\&. +.PP +\fBParameters\fP +.RS 4 +\fIsp\fP the storage to write too +.br +\fIvalue\fP the value to store +.RE +.PP +\fBReturns\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal Kerberos 5 library from the source code\&. diff --git a/kerberos5/man/krb5/man/man3/krb5_storage_clear_flags.3 b/kerberos5/man/krb5/man/man3/krb5_storage_clear_flags.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_storage_clear_flags.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_storage_emem.3 b/kerberos5/man/krb5/man/man3/krb5_storage_emem.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_storage_emem.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_storage_free.3 b/kerberos5/man/krb5/man/man3/krb5_storage_free.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_storage_free.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_storage_from_data.3 b/kerberos5/man/krb5/man/man3/krb5_storage_from_data.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_storage_from_data.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_storage_from_fd.3 b/kerberos5/man/krb5/man/man3/krb5_storage_from_fd.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_storage_from_fd.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_storage_from_mem.3 b/kerberos5/man/krb5/man/man3/krb5_storage_from_mem.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_storage_from_mem.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_storage_from_readonly_mem.3 b/kerberos5/man/krb5/man/man3/krb5_storage_from_readonly_mem.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_storage_from_readonly_mem.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_storage_from_socket.3 b/kerberos5/man/krb5/man/man3/krb5_storage_from_socket.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_storage_from_socket.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_storage_fsync.3 b/kerberos5/man/krb5/man/man3/krb5_storage_fsync.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_storage_fsync.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_storage_get_byteorder.3 b/kerberos5/man/krb5/man/man3/krb5_storage_get_byteorder.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_storage_get_byteorder.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_storage_get_eof_code.3 b/kerberos5/man/krb5/man/man3/krb5_storage_get_eof_code.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_storage_get_eof_code.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_storage_is_flags.3 b/kerberos5/man/krb5/man/man3/krb5_storage_is_flags.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_storage_is_flags.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_storage_read.3 b/kerberos5/man/krb5/man/man3/krb5_storage_read.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_storage_read.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_storage_seek.3 b/kerberos5/man/krb5/man/man3/krb5_storage_seek.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_storage_seek.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_storage_set_byteorder.3 b/kerberos5/man/krb5/man/man3/krb5_storage_set_byteorder.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_storage_set_byteorder.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_storage_set_eof_code.3 b/kerberos5/man/krb5/man/man3/krb5_storage_set_eof_code.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_storage_set_eof_code.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_storage_set_flags.3 b/kerberos5/man/krb5/man/man3/krb5_storage_set_flags.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_storage_set_flags.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_storage_set_max_alloc.3 b/kerberos5/man/krb5/man/man3/krb5_storage_set_max_alloc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_storage_set_max_alloc.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_storage_to_data.3 b/kerberos5/man/krb5/man/man3/krb5_storage_to_data.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_storage_to_data.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_storage_truncate.3 b/kerberos5/man/krb5/man/man3/krb5_storage_truncate.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_storage_truncate.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_storage_write.3 b/kerberos5/man/krb5/man/man3/krb5_storage_write.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_storage_write.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_store_address.3 b/kerberos5/man/krb5/man/man3/krb5_store_address.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_store_address.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_store_addrs.3 b/kerberos5/man/krb5/man/man3/krb5_store_addrs.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_store_addrs.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_store_authdata.3 b/kerberos5/man/krb5/man/man3/krb5_store_authdata.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_store_authdata.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_store_creds.3 b/kerberos5/man/krb5/man/man3/krb5_store_creds.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_store_creds.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_store_creds_tag.3 b/kerberos5/man/krb5/man/man3/krb5_store_creds_tag.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_store_creds_tag.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_store_data.3 b/kerberos5/man/krb5/man/man3/krb5_store_data.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_store_data.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_store_int16.3 b/kerberos5/man/krb5/man/man3/krb5_store_int16.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_store_int16.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_store_int32.3 b/kerberos5/man/krb5/man/man3/krb5_store_int32.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_store_int32.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_store_int64.3 b/kerberos5/man/krb5/man/man3/krb5_store_int64.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_store_int64.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_store_int8.3 b/kerberos5/man/krb5/man/man3/krb5_store_int8.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_store_int8.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_store_keyblock.3 b/kerberos5/man/krb5/man/man3/krb5_store_keyblock.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_store_keyblock.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_store_principal.3 b/kerberos5/man/krb5/man/man3/krb5_store_principal.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_store_principal.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_store_string.3 b/kerberos5/man/krb5/man/man3/krb5_store_string.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_store_string.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_store_stringz.3 b/kerberos5/man/krb5/man/man3/krb5_store_stringz.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_store_stringz.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_store_times.3 b/kerberos5/man/krb5/man/man3/krb5_store_times.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_store_times.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_store_uint16.3 b/kerberos5/man/krb5/man/man3/krb5_store_uint16.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_store_uint16.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_store_uint32.3 b/kerberos5/man/krb5/man/man3/krb5_store_uint32.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_store_uint32.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_store_uint64.3 b/kerberos5/man/krb5/man/man3/krb5_store_uint64.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_store_uint64.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_store_uint8.3 b/kerberos5/man/krb5/man/man3/krb5_store_uint8.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_store_uint8.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_string_to_keytype.3 b/kerberos5/man/krb5/man/man3/krb5_string_to_keytype.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_string_to_keytype.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_support.3 b/kerberos5/man/krb5/man/man3/krb5_support.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_support.3 @@ -0,0 +1,666 @@ +.TH "krb5_support" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal Kerberos 5 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_support \- Heimdal Kerberos 5 support functions +.SH SYNOPSIS +.br +.PP +.SS "Data Structures" + +.in +1c +.ti -1c +.RI "struct \fBkrb5plugin_an2ln_ftable_desc\fP" +.br +.RI "Description of the krb5_aname_to_lname(3) plugin facility\&. " +.ti -1c +.RI "struct \fBkrb5plugin_db_ftable_desc\fP" +.br +.RI "Description of the krb5 DB plugin facility\&. " +.ti -1c +.RI "struct \fBkrb5plugin_kuserok_ftable_desc\fP" +.br +.RI "Description of the krb5_kuserok(3) plugin facility\&. " +.in -1c +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_acl_match_string\fP (krb5_context context, const char *string, const char *format,\&.\&.\&.)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_acl_match_file\fP (krb5_context context, const char *file, const char *format,\&.\&.\&.)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_aname_to_localname\fP (krb5_context context, krb5_const_principal aname, size_t lnsize, char *lname)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_config_parse_file_multi\fP (krb5_context context, const char *fname, krb5_config_section **res)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_config_file_free\fP (krb5_context context, krb5_config_section *s)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION const krb5_config_binding *KRB5_LIB_CALL \fBkrb5_config_get_list\fP (krb5_context context, const krb5_config_section *c,\&.\&.\&.)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION const krb5_config_binding *KRB5_LIB_CALL \fBkrb5_config_vget_list\fP (krb5_context context, const krb5_config_section *c, va_list args)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_config_get_string\fP (krb5_context context, const krb5_config_section *c,\&.\&.\&.)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_config_vget_string\fP (krb5_context context, const krb5_config_section *c, va_list args)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_config_vget_string_default\fP (krb5_context context, const krb5_config_section *c, const char *def_value, va_list args)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_config_get_string_default\fP (krb5_context context, const krb5_config_section *c, const char *def_value,\&.\&.\&.)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION char **KRB5_LIB_CALL \fBkrb5_config_vget_strings\fP (krb5_context context, const krb5_config_section *c, va_list args)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION char **KRB5_LIB_CALL \fBkrb5_config_get_strings\fP (krb5_context context, const krb5_config_section *c,\&.\&.\&.)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_config_free_strings\fP (char **strings)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_config_vget_bool_default\fP (krb5_context context, const krb5_config_section *c, krb5_boolean def_value, va_list args)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_config_vget_bool\fP (krb5_context context, const krb5_config_section *c, va_list args)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_config_get_bool_default\fP (krb5_context context, const krb5_config_section *c, krb5_boolean def_value,\&.\&.\&.)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_config_get_bool\fP (krb5_context context, const krb5_config_section *c,\&.\&.\&.)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_config_vget_time_default\fP (krb5_context context, const krb5_config_section *c, int def_value, va_list args)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_config_vget_time\fP (krb5_context context, const krb5_config_section *c, va_list args)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_config_get_time_default\fP (krb5_context context, const krb5_config_section *c, int def_value,\&.\&.\&.)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_config_get_time\fP (krb5_context context, const krb5_config_section *c,\&.\&.\&.)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_expand_hostname\fP (krb5_context context, const char *orig_hostname, char **new_hostname)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_expand_hostname_realms\fP (krb5_context context, const char *orig_hostname, char **new_hostname, char ***realms)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_free_host_realm\fP (krb5_context context, krb5_realm *realmlist)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_kuserok\fP (krb5_context context, krb5_principal principal, const char *luser)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_plugin_register\fP (krb5_context context, enum krb5_plugin_type type, const char *name, void *symbol)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_acl_match_file (krb5_context context, const char * file, const char * format, \&.\&.\&.)" +krb5_acl_match_file matches ACL format against each line in a file using \fBkrb5_acl_match_string()\fP\&. Lines starting with # are treated like comments and ignored\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIfile\fP file with acl listed in the file\&. +.br +\fIformat\fP format to match\&. +.br +\fI\&.\&.\&.\fP parameter to format string\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP +\fBSee also\fP +.RS 4 +\fBkrb5_acl_match_string\fP +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_acl_match_string (krb5_context context, const char * string, const char * format, \&.\&.\&.)" +krb5_acl_match_string matches ACL format against a string\&. +.PP +The ACL format has three format specifiers: s, f, and r\&. Each specifier will retrieve one argument from the variable arguments for either matching or storing data\&. The input string is split up using ' ' (space) and '\\t' (tab) as a delimiter; multiple and '\\t' in a row are considered to be the same\&. +.PP +List of format specifiers: +.IP "\(bu" 2 +s Matches a string using strcmp(3) (case sensitive)\&. +.IP "\(bu" 2 +f Matches the string with fnmatch(3)\&. Theflags argument (the last argument) passed to the fnmatch function is 0\&. +.IP "\(bu" 2 +r Returns a copy of the string in the char ** passed in; the copy must be freed with free(3)\&. There is no need to free(3) the string on error: the function will clean up and set the pointer to NULL\&. +.PP +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIstring\fP string to match with +.br +\fIformat\fP format to match +.br +\fI\&.\&.\&.\fP parameter to format string +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0\&. +.RE +.PP +.PP +.nf +char *s; + +ret = krb5_acl_match_string(context, "foo", "s", "foo"); +if (ret) + krb5_errx(context, 1, "acl didn't match"); +ret = krb5_acl_match_string(context, "foo foo baz/kaka", + "ss", "foo", &s, "foo/\\*"); +if (ret) { + // no need to free(s) on error + assert(s == NULL); + krb5_errx(context, 1, "acl didn't match"); +} +free(s); +.fi +.PP +.PP +\fBSee also\fP +.RS 4 +\fBkrb5_acl_match_file\fP +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_aname_to_localname (krb5_context context, krb5_const_principal aname, size_t lnsize, char * lname)" +Map a principal name to a local username\&. +.PP +Returns 0 on success, KRB5_NO_LOCALNAME if no mapping was found, or some Kerberos or system error\&. +.PP +Inputs: +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A krb5_context +.br +\fIaname\fP A principal name +.br +\fIlnsize\fP The size of the buffer into which the username will be written +.br +\fIlname\fP The buffer into which the username will be written +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_file_free (krb5_context context, krb5_config_section * s)" +Free configuration file section, the result of krb5_config_parse_file() and \fBkrb5_config_parse_file_multi()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context +.br +\fIs\fP the configuration section to free +.RE +.PP +\fBReturns\fP +.RS 4 +returns 0 on successes, otherwise an error code, see \fBkrb5_get_error_message()\fP +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_config_free_strings (char ** strings)" +Free the resulting strings from krb5_config-get_strings() and \fBkrb5_config_vget_strings()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIstrings\fP strings to free +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_get_bool (krb5_context context, const krb5_config_section * c, \&.\&.\&.)" +Like \fBkrb5_config_get_bool()\fP but with a va_list list of configuration selection\&. +.PP +Configuration value to a boolean value, where yes/true and any non-zero number means TRUE and other value is FALSE\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context\&. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fI\&.\&.\&.\fP a list of names, terminated with NULL\&. +.RE +.PP +\fBReturns\fP +.RS 4 +TRUE or FALSE +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_get_bool_default (krb5_context context, const krb5_config_section * c, krb5_boolean def_value, \&.\&.\&.)" +\fBkrb5_config_get_bool_default()\fP will convert the configuration option value to a boolean value, where yes/true and any non-zero number means TRUE and other value is FALSE\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context\&. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fIdef_value\fP the default value to return if no configuration found in the database\&. +.br +\fI\&.\&.\&.\fP a list of names, terminated with NULL\&. +.RE +.PP +\fBReturns\fP +.RS 4 +TRUE or FALSE +.RE +.PP + +.SS "KRB5_LIB_FUNCTION const krb5_config_binding* KRB5_LIB_CALL krb5_config_get_list (krb5_context context, const krb5_config_section * c, \&.\&.\&.)" +Get a list of configuration binding list for more processing +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context\&. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fI\&.\&.\&.\fP a list of names, terminated with NULL\&. +.RE +.PP +\fBReturns\fP +.RS 4 +NULL if configuration list is not found, a list otherwise +.RE +.PP + +.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_get_string (krb5_context context, const krb5_config_section * c, \&.\&.\&.)" +Returns a 'const char *' to a string in the configuration database\&. The string may not be valid after a reload of the configuration database so a caller should make a local copy if it needs to keep the string\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context\&. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fI\&.\&.\&.\fP a list of names, terminated with NULL\&. +.RE +.PP +\fBReturns\fP +.RS 4 +NULL if configuration string not found, a string otherwise +.RE +.PP + +.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_get_string_default (krb5_context context, const krb5_config_section * c, const char * def_value, \&.\&.\&.)" +Like \fBkrb5_config_get_string()\fP, but instead of returning NULL, instead return a default value\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context\&. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fIdef_value\fP the default value to return if no configuration found in the database\&. +.br +\fI\&.\&.\&.\fP a list of names, terminated with NULL\&. +.RE +.PP +\fBReturns\fP +.RS 4 +a configuration string +.RE +.PP + +.SS "KRB5_LIB_FUNCTION char** KRB5_LIB_CALL krb5_config_get_strings (krb5_context context, const krb5_config_section * c, \&.\&.\&.)" +Get a list of configuration strings, free the result with \fBkrb5_config_free_strings()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context\&. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fI\&.\&.\&.\fP a list of names, terminated with NULL\&. +.RE +.PP +\fBReturns\fP +.RS 4 +TRUE or FALSE +.RE +.PP + +.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_time (krb5_context context, const krb5_config_section * c, \&.\&.\&.)" +Get the time from the configuration file using a relative time, for example: 1h30s +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context\&. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fI\&.\&.\&.\fP a list of names, terminated with NULL\&. +.RE +.PP +\fBReturns\fP +.RS 4 +parsed the time or -1 on error +.RE +.PP + +.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_time_default (krb5_context context, const krb5_config_section * c, int def_value, \&.\&.\&.)" +Get the time from the configuration file using a relative time, for example: 1h30s +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context\&. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fIdef_value\fP the default value to return if no configuration found in the database\&. +.br +\fI\&.\&.\&.\fP a list of names, terminated with NULL\&. +.RE +.PP +\fBReturns\fP +.RS 4 +parsed the time (or def_value on parse error) +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_parse_file_multi (krb5_context context, const char * fname, krb5_config_section ** res)" +Parse a configuration file and add the result into res\&. This interface can be used to parse several configuration files into one resulting krb5_config_section by calling it repeatably\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context\&. +.br +\fIfname\fP a file name to a Kerberos configuration file +.br +\fIres\fP the returned result, must be free with \fBkrb5_free_config_files()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP +If the fname starts with '~/' parse configuration file in the current users home directory\&. The behavior can be disabled and enabled by calling \fBkrb5_set_home_dir_access()\fP\&. +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_vget_bool (krb5_context context, const krb5_config_section * c, va_list args)" +\fBkrb5_config_get_bool()\fP will convert the configuration option value to a boolean value, where yes/true and any non-zero number means TRUE and other value is FALSE\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context\&. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fIargs\fP a va_list of arguments +.RE +.PP +\fBReturns\fP +.RS 4 +TRUE or FALSE +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_vget_bool_default (krb5_context context, const krb5_config_section * c, krb5_boolean def_value, va_list args)" +Like \fBkrb5_config_get_bool_default()\fP but with a va_list list of configuration selection\&. +.PP +Configuration value to a boolean value, where yes/true and any non-zero number means TRUE and other value is FALSE\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context\&. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fIdef_value\fP the default value to return if no configuration found in the database\&. +.br +\fIargs\fP a va_list of arguments +.RE +.PP +\fBReturns\fP +.RS 4 +TRUE or FALSE +.RE +.PP + +.SS "KRB5_LIB_FUNCTION const krb5_config_binding* KRB5_LIB_CALL krb5_config_vget_list (krb5_context context, const krb5_config_section * c, va_list args)" +Get a list of configuration binding list for more processing +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context\&. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fIargs\fP a va_list of arguments +.RE +.PP +\fBReturns\fP +.RS 4 +NULL if configuration list is not found, a list otherwise +.RE +.PP + +.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_vget_string (krb5_context context, const krb5_config_section * c, va_list args)" +Like \fBkrb5_config_get_string()\fP, but uses a va_list instead of \&.\&.\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context\&. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fIargs\fP a va_list of arguments +.RE +.PP +\fBReturns\fP +.RS 4 +NULL if configuration string not found, a string otherwise +.RE +.PP + +.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_vget_string_default (krb5_context context, const krb5_config_section * c, const char * def_value, va_list args)" +Like \fBkrb5_config_vget_string()\fP, but instead of returning NULL, instead return a default value\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context\&. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fIdef_value\fP the default value to return if no configuration found in the database\&. +.br +\fIargs\fP a va_list of arguments +.RE +.PP +\fBReturns\fP +.RS 4 +a configuration string +.RE +.PP + +.SS "KRB5_LIB_FUNCTION char** KRB5_LIB_CALL krb5_config_vget_strings (krb5_context context, const krb5_config_section * c, va_list args)" +Get a list of configuration strings, free the result with \fBkrb5_config_free_strings()\fP\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context\&. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fIargs\fP a va_list of arguments +.RE +.PP +\fBReturns\fP +.RS 4 +TRUE or FALSE +.RE +.PP + +.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_time (krb5_context context, const krb5_config_section * c, va_list args)" +Get the time from the configuration file using a relative time, for example: 1h30s +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context\&. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fIargs\fP a va_list of arguments +.RE +.PP +\fBReturns\fP +.RS 4 +parsed the time or -1 on error +.RE +.PP + +.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_time_default (krb5_context context, const krb5_config_section * c, int def_value, va_list args)" +Get the time from the configuration file using a relative time\&. +.PP +Like \fBkrb5_config_get_time_default()\fP but with a va_list list of configuration selection\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context\&. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fIdef_value\fP the default value to return if no configuration found in the database\&. +.br +\fIargs\fP a va_list of arguments +.RE +.PP +\fBReturns\fP +.RS 4 +parsed the time (or def_value on parse error) +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_expand_hostname (krb5_context context, const char * orig_hostname, char ** new_hostname)" +\fBkrb5_expand_hostname()\fP tries to make orig_hostname into a more canonical one in the newly allocated space returned in new_hostname\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIorig_hostname\fP hostname to canonicalise\&. +.br +\fInew_hostname\fP output hostname, caller must free hostname with krb5_xfree()\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_expand_hostname_realms (krb5_context context, const char * orig_hostname, char ** new_hostname, char *** realms)" +\fBkrb5_expand_hostname_realms()\fP expands orig_hostname to a name we believe to be a hostname in newly allocated space in new_hostname and return the realms new_hostname is believed to belong to in realms\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIorig_hostname\fP hostname to canonicalise\&. +.br +\fInew_hostname\fP output hostname, caller must free hostname with krb5_xfree()\&. +.br +\fIrealms\fP output possible realms, is an array that is terminated with NULL\&. Caller must free with \fBkrb5_free_host_realm()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +Return an error code or 0, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_host_realm (krb5_context context, krb5_realm * realmlist)" +Free all memory allocated by `realmlist' +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context\&. +.br +\fIrealmlist\fP realmlist to free, NULL is ok +.RE +.PP +\fBReturns\fP +.RS 4 +a Kerberos error code, always 0\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_kuserok (krb5_context context, krb5_principal principal, const char * luser)" +This function takes the name of a local user and checks if principal is allowed to log in as that user\&. +.PP +The user may have a ~/\&.k5login file listing principals that are allowed to login as that user\&. If that file does not exist, all principals with a only one component that is identical to the username, and a realm considered local, are allowed access\&. +.PP +The \&.k5login file must contain one principal per line, be owned by user and not be writable by group or other (but must be readable by anyone)\&. +.PP +Note that if the file exists, no implicit access rights are given to user@LOCALREALM\&. +.PP +Optionally, a set of files may be put in ~/\&.k5login\&.d (a directory), in which case they will all be checked in the same manner as \&.k5login\&. The files may be called anything, but files starting with a hash (#) , or ending with a tilde (~) are ignored\&. Subdirectories are not traversed\&. Note that this directory may not be checked by other Kerberos implementations\&. +.PP +If no configuration file exists, match user against local domains, ie luser@LOCAL-REALMS-IN-CONFIGURATION-FILES\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIprincipal\fP principal to check if allowed to login +.br +\fIluser\fP local user id +.RE +.PP +\fBReturns\fP +.RS 4 +returns TRUE if access should be granted, FALSE otherwise\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_plugin_register (krb5_context context, enum krb5_plugin_type type, const char * name, void * symbol)" +Register a plugin symbol name of specific type\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fItype\fP type of plugin symbol +.br +\fIname\fP name of plugin symbol +.br +\fIsymbol\fP a pointer to the named symbol +.RE +.PP +\fBReturns\fP +.RS 4 +In case of error a non zero error com_err error is returned and the Kerberos error string is set\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal Kerberos 5 library from the source code\&. diff --git a/kerberos5/man/krb5/man/man3/krb5_ticket.3 b/kerberos5/man/krb5/man/man3/krb5_ticket.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_ticket.3 @@ -0,0 +1,39 @@ +.TH "krb5_ticket" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal Kerberos 5 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_ticket \- Heimdal Kerberos 5 ticket functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL \fBkrb5_ticket_get_flags\fP (krb5_context context, const krb5_ticket *ticket)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL krb5_ticket_get_flags (krb5_context context, const krb5_ticket * ticket)" +Get the flags from the Kerberos ticket +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIticket\fP Kerberos ticket +.RE +.PP +\fBReturns\fP +.RS 4 +ticket flags +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal Kerberos 5 library from the source code\&. diff --git a/kerberos5/man/krb5/man/man3/krb5_ticket_get_authorization_data_type.3 b/kerberos5/man/krb5/man/man3/krb5_ticket_get_authorization_data_type.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_ticket_get_authorization_data_type.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_ticket_get_client.3 b/kerberos5/man/krb5/man/man3/krb5_ticket_get_client.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_ticket_get_client.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_ticket_get_endtime.3 b/kerberos5/man/krb5/man/man3/krb5_ticket_get_endtime.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_ticket_get_endtime.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_ticket_get_flags.3 b/kerberos5/man/krb5/man/man3/krb5_ticket_get_flags.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_ticket_get_flags.3 @@ -0,0 +1 @@ +.so man3/krb5_ticket.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_ticket_get_server.3 b/kerberos5/man/krb5/man/man3/krb5_ticket_get_server.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_ticket_get_server.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_unparse_name.3 b/kerberos5/man/krb5/man/man3/krb5_unparse_name.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_unparse_name.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_unparse_name_fixed.3 b/kerberos5/man/krb5/man/man3/krb5_unparse_name_fixed.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_unparse_name_fixed.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_unparse_name_fixed_flags.3 b/kerberos5/man/krb5/man/man3/krb5_unparse_name_fixed_flags.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_unparse_name_fixed_flags.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_unparse_name_fixed_short.3 b/kerberos5/man/krb5/man/man3/krb5_unparse_name_fixed_short.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_unparse_name_fixed_short.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_unparse_name_flags.3 b/kerberos5/man/krb5/man/man3/krb5_unparse_name_flags.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_unparse_name_flags.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_unparse_name_short.3 b/kerberos5/man/krb5/man/man3/krb5_unparse_name_short.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_unparse_name_short.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_v4compat.3 b/kerberos5/man/krb5/man/man3/krb5_v4compat.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_v4compat.3 @@ -0,0 +1,64 @@ +.TH "krb5_v4compat" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal Kerberos 5 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_v4compat \- Heimdal Kerberos 4 compatiblity functions +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb524_convert_creds_kdc\fP (krb5_context context, krb5_creds *in_cred, struct credentials *v4creds) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb524_convert_creds_kdc_ccache\fP (krb5_context context, krb5_ccache ccache, krb5_creds *in_cred, struct credentials *v4creds) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb524_convert_creds_kdc (krb5_context context, krb5_creds * in_cred, struct credentials * v4creds)" +Convert the v5 credentials in in_cred to v4-dito in v4creds\&. This is done by sending them to the 524 function in the KDC\&. If `in_cred' doesn't contain a DES session key, then a new one is gotten from the KDC and stored in the cred cache `ccache'\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIin_cred\fP the credential to convert +.br +\fIv4creds\fP the converted credential +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb524_convert_creds_kdc_ccache (krb5_context context, krb5_ccache ccache, krb5_creds * in_cred, struct credentials * v4creds)" +Convert the v5 credentials in in_cred to v4-dito in v4creds, check the credential cache ccache before checking with the KDC\&. +.PP +\fBParameters\fP +.RS 4 +\fIcontext\fP Kerberos 5 context\&. +.br +\fIccache\fP credential cache used to check for des-ticket\&. +.br +\fIin_cred\fP the credential to convert +.br +\fIv4creds\fP the converted credential +.RE +.PP +\fBReturns\fP +.RS 4 +Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&. +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal Kerberos 5 library from the source code\&. diff --git a/kerberos5/man/krb5/man/man3/krb5_vabort.3 b/kerberos5/man/krb5/man/man3/krb5_vabort.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_vabort.3 @@ -0,0 +1 @@ +.so man3/krb5_error.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_verify_checksum_iov.3 b/kerberos5/man/krb5/man/man3/krb5_verify_checksum_iov.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_verify_checksum_iov.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_verr.3 b/kerberos5/man/krb5/man/man3/krb5_verr.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_verr.3 @@ -0,0 +1 @@ +.so man3/krb5_error.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_verrx.3 b/kerberos5/man/krb5/man/man3/krb5_verrx.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_verrx.3 @@ -0,0 +1 @@ +.so man3/krb5_error.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_vprepend_error_message.3 b/kerberos5/man/krb5/man/man3/krb5_vprepend_error_message.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_vprepend_error_message.3 @@ -0,0 +1 @@ +.so man3/krb5_error.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_vset_error_message.3 b/kerberos5/man/krb5/man/man3/krb5_vset_error_message.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_vset_error_message.3 @@ -0,0 +1 @@ +.so man3/krb5_error.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_vset_error_string.3 b/kerberos5/man/krb5/man/man3/krb5_vset_error_string.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_vset_error_string.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_vwarn.3 b/kerberos5/man/krb5/man/man3/krb5_vwarn.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_vwarn.3 @@ -0,0 +1 @@ +.so man3/krb5_error.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_vwarnx.3 b/kerberos5/man/krb5/man/man3/krb5_vwarnx.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_vwarnx.3 @@ -0,0 +1 @@ +.so man3/krb5_error.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_warn.3 b/kerberos5/man/krb5/man/man3/krb5_warn.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_warn.3 @@ -0,0 +1 @@ +.so man3/krb5_error.3 diff --git a/kerberos5/man/krb5/man/man3/krb5_warnx.3 b/kerberos5/man/krb5/man/man3/krb5_warnx.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5_warnx.3 @@ -0,0 +1 @@ +.so man3/krb5_error.3 diff --git a/kerberos5/man/krb5/man/man3/krb5plugin_an2ln_ftable_desc.3 b/kerberos5/man/krb5/man/man3/krb5plugin_an2ln_ftable_desc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5plugin_an2ln_ftable_desc.3 @@ -0,0 +1,52 @@ +.TH "krb5plugin_an2ln_ftable_desc" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal Kerberos 5 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5plugin_an2ln_ftable_desc \- Description of the krb5_aname_to_lname(3) plugin facility\&. + +.SH SYNOPSIS +.br +.PP +.PP +\fC#include \fP +.SH "Detailed Description" +.PP +Description of the krb5_aname_to_lname(3) plugin facility\&. + +The krb5_aname_to_lname(3) function is pluggable\&. The plugin is named KRB5_PLUGIN_AN2LN ('an2ln'), with a single minor version, KRB5_PLUGIN_AN2LN_VERSION_0 (0)\&. +.PP +The plugin for krb5_aname_to_lname(3) consists of a data symbol referencing a structure of type krb5plugin_an2ln_ftable, with four fields: +.PP +\fBParameters\fP +.RS 4 +\fIinit\fP Plugin initialization function (see krb5-plugin(7)) +.br +\fIminor_version\fP The plugin minor version number (0) +.br +\fIfini\fP Plugin finalization function +.br +\fIan2ln\fP Plugin aname_to_lname function +.RE +.PP +The an2ln field is the plugin entry point that performs the traditional aname_to_lname operation however the plugin desires\&. It is invoked in no particular order relative to other an2ln plugins, but it has a 'rule' argument that indicates which plugin is intended to act on the rule\&. The plugin an2ln function must return KRB5_PLUGIN_NO_HANDLE if the rule is not applicable to it\&. +.PP +The plugin an2ln function has the following arguments, in this order: +.PP +.IP "1." 4 +plug_ctx, the context value output by the plugin's init function +.IP "2." 4 +context, a krb5_context +.IP "3." 4 +rule, the aname_to_lname rule being evaluated (from krb5\&.conf(5)) +.IP "4." 4 +aname, the krb5_principal to be mapped to an lname +.IP "5." 4 +set_res_f, a function the plugin must call to set its result +.IP "6." 4 +set_res_ctx, the first argument to set_res_f (the second is the result lname string) +.PP + + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal Kerberos 5 library from the source code\&. diff --git a/kerberos5/man/krb5/man/man3/krb5plugin_db_ftable_desc.3 b/kerberos5/man/krb5/man/man3/krb5plugin_db_ftable_desc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5plugin_db_ftable_desc.3 @@ -0,0 +1,33 @@ +.TH "krb5plugin_db_ftable_desc" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal Kerberos 5 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5plugin_db_ftable_desc \- Description of the krb5 DB plugin facility\&. + +.SH SYNOPSIS +.br +.PP +.PP +\fC#include \fP +.SH "Detailed Description" +.PP +Description of the krb5 DB plugin facility\&. + +The krb5_aname_to_lname(3) function's DB rule is pluggable\&. The plugin is named KRB5_PLUGIN_DB ('krb5_db_plug'), with a single minor version, KRB5_PLUGIN_DB_VERSION_0 (0)\&. +.PP +The plugin consists of a data symbol referencing a structure of type \fBkrb5plugin_db_ftable_desc\fP, with three fields: +.PP +\fBParameters\fP +.RS 4 +\fIinit\fP Plugin initialization function (see krb5-plugin(7)) +.br +\fIminor_version\fP The plugin minor version number (0) +.br +\fIfini\fP Plugin finalization function +.RE +.PP +The init entry point is expected to call heim_db_register()\&. The fini entry point is expected to do nothing\&. + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal Kerberos 5 library from the source code\&. diff --git a/kerberos5/man/krb5/man/man3/krb5plugin_kuserok_ftable_desc.3 b/kerberos5/man/krb5/man/man3/krb5plugin_kuserok_ftable_desc.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/krb5/man/man3/krb5plugin_kuserok_ftable_desc.3 @@ -0,0 +1,56 @@ +.TH "krb5plugin_kuserok_ftable_desc" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal Kerberos 5 library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5plugin_kuserok_ftable_desc \- Description of the krb5_kuserok(3) plugin facility\&. + +.SH SYNOPSIS +.br +.PP +.PP +\fC#include \fP +.SH "Detailed Description" +.PP +Description of the krb5_kuserok(3) plugin facility\&. + +The krb5_kuserok(3) function is pluggable\&. The plugin is named KRB5_PLUGIN_KUSEROK ('krb5_plugin_kuserok'), with a single minor version, KRB5_PLUGIN_KUSEROK_VERSION_0 (0)\&. +.PP +The plugin for krb5_kuserok(3) consists of a data symbol referencing a structure of type krb5plugin_kuserok_ftable, with four fields: +.PP +\fBParameters\fP +.RS 4 +\fIinit\fP Plugin initialization function (see krb5-plugin(7)) +.br +\fIminor_version\fP The plugin minor version number (0) +.br +\fIfini\fP Plugin finalization function +.br +\fIkuserok\fP Plugin kuserok function +.RE +.PP +The kuserok field is the plugin entry point that performs the traditional kuserok operation however the plugin desires\&. It is invoked in no particular order relative to other kuserok plugins, but it has a 'rule' argument that indicates which plugin is intended to act on the rule\&. The plugin kuserok function must return KRB5_PLUGIN_NO_HANDLE if the rule is not applicable to it\&. +.PP +The plugin kuserok function has the following arguments, in this order: +.PP +.IP "1." 4 +plug_ctx, the context value output by the plugin's init function +.IP "2." 4 +context, a krb5_context +.IP "3." 4 +rule, the kuserok rule being evaluated (from krb5\&.conf(5)) +.IP "4." 4 +flags +.IP "5." 4 +k5login_dir, configured location of k5login per-user files if any +.IP "6." 4 +luser, name of the local user account to which principal is attempting to access\&. +.IP "7." 4 +principal, the krb5_principal trying to access the luser account +.IP "8." 4 +result, a krb5_boolean pointer where the plugin will output its result +.PP + + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal Kerberos 5 library from the source code\&. diff --git a/kerberos5/man/ntlm/man/man3/data.3 b/kerberos5/man/ntlm/man/man3/data.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/ntlm/man/man3/data.3 @@ -0,0 +1 @@ +.so man3/ntlm_buf.3 diff --git a/kerberos5/man/ntlm/man/man3/heim_ntlm_build_ntlm1_master.3 b/kerberos5/man/ntlm/man/man3/heim_ntlm_build_ntlm1_master.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/ntlm/man/man3/heim_ntlm_build_ntlm1_master.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/kerberos5/man/ntlm/man/man3/heim_ntlm_build_ntlm2_master.3 b/kerberos5/man/ntlm/man/man3/heim_ntlm_build_ntlm2_master.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/ntlm/man/man3/heim_ntlm_build_ntlm2_master.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/kerberos5/man/ntlm/man/man3/heim_ntlm_calculate_lm2.3 b/kerberos5/man/ntlm/man/man3/heim_ntlm_calculate_lm2.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/ntlm/man/man3/heim_ntlm_calculate_lm2.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/kerberos5/man/ntlm/man/man3/heim_ntlm_calculate_ntlm1.3 b/kerberos5/man/ntlm/man/man3/heim_ntlm_calculate_ntlm1.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/ntlm/man/man3/heim_ntlm_calculate_ntlm1.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/kerberos5/man/ntlm/man/man3/heim_ntlm_calculate_ntlm2.3 b/kerberos5/man/ntlm/man/man3/heim_ntlm_calculate_ntlm2.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/ntlm/man/man3/heim_ntlm_calculate_ntlm2.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/kerberos5/man/ntlm/man/man3/heim_ntlm_decode_targetinfo.3 b/kerberos5/man/ntlm/man/man3/heim_ntlm_decode_targetinfo.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/ntlm/man/man3/heim_ntlm_decode_targetinfo.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/kerberos5/man/ntlm/man/man3/heim_ntlm_encode_targetinfo.3 b/kerberos5/man/ntlm/man/man3/heim_ntlm_encode_targetinfo.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/ntlm/man/man3/heim_ntlm_encode_targetinfo.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/kerberos5/man/ntlm/man/man3/heim_ntlm_encode_type1.3 b/kerberos5/man/ntlm/man/man3/heim_ntlm_encode_type1.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/ntlm/man/man3/heim_ntlm_encode_type1.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/kerberos5/man/ntlm/man/man3/heim_ntlm_encode_type2.3 b/kerberos5/man/ntlm/man/man3/heim_ntlm_encode_type2.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/ntlm/man/man3/heim_ntlm_encode_type2.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/kerberos5/man/ntlm/man/man3/heim_ntlm_encode_type3.3 b/kerberos5/man/ntlm/man/man3/heim_ntlm_encode_type3.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/ntlm/man/man3/heim_ntlm_encode_type3.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/kerberos5/man/ntlm/man/man3/heim_ntlm_free_buf.3 b/kerberos5/man/ntlm/man/man3/heim_ntlm_free_buf.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/ntlm/man/man3/heim_ntlm_free_buf.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/kerberos5/man/ntlm/man/man3/heim_ntlm_free_targetinfo.3 b/kerberos5/man/ntlm/man/man3/heim_ntlm_free_targetinfo.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/ntlm/man/man3/heim_ntlm_free_targetinfo.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/kerberos5/man/ntlm/man/man3/heim_ntlm_free_type1.3 b/kerberos5/man/ntlm/man/man3/heim_ntlm_free_type1.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/ntlm/man/man3/heim_ntlm_free_type1.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/kerberos5/man/ntlm/man/man3/heim_ntlm_free_type2.3 b/kerberos5/man/ntlm/man/man3/heim_ntlm_free_type2.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/ntlm/man/man3/heim_ntlm_free_type2.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/kerberos5/man/ntlm/man/man3/heim_ntlm_free_type3.3 b/kerberos5/man/ntlm/man/man3/heim_ntlm_free_type3.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/ntlm/man/man3/heim_ntlm_free_type3.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/kerberos5/man/ntlm/man/man3/heim_ntlm_keyex_unwrap.3 b/kerberos5/man/ntlm/man/man3/heim_ntlm_keyex_unwrap.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/ntlm/man/man3/heim_ntlm_keyex_unwrap.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/kerberos5/man/ntlm/man/man3/heim_ntlm_nt_key.3 b/kerberos5/man/ntlm/man/man3/heim_ntlm_nt_key.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/ntlm/man/man3/heim_ntlm_nt_key.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/kerberos5/man/ntlm/man/man3/heim_ntlm_ntlmv2_key.3 b/kerberos5/man/ntlm/man/man3/heim_ntlm_ntlmv2_key.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/ntlm/man/man3/heim_ntlm_ntlmv2_key.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/kerberos5/man/ntlm/man/man3/heim_ntlm_verify_ntlm2.3 b/kerberos5/man/ntlm/man/man3/heim_ntlm_verify_ntlm2.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/ntlm/man/man3/heim_ntlm_verify_ntlm2.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/kerberos5/man/ntlm/man/man3/length.3 b/kerberos5/man/ntlm/man/man3/length.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/ntlm/man/man3/length.3 @@ -0,0 +1 @@ +.so man3/ntlm_buf.3 diff --git a/kerberos5/man/ntlm/man/man3/ntlm_buf.3 b/kerberos5/man/ntlm/man/man3/ntlm_buf.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/ntlm/man/man3/ntlm_buf.3 @@ -0,0 +1,45 @@ +.TH "ntlm_buf" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal ntlm library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +ntlm_buf +.SH SYNOPSIS +.br +.PP +.PP +\fC#include \fP +.SS "Data Fields" + +.in +1c +.ti -1c +.RI "size_t \fBlength\fP" +.br +.ti -1c +.RI "void * \fBdata\fP" +.br +.in -1c +.SH "Detailed Description" +.PP +Buffer for storing data in the NTLM library\&. When filled in by the library it should be freed with \fBheim_ntlm_free_buf()\fP\&. +.PP +\fBExamples\fP +.in +1c +\fBtest_ntlm\&.c\fP\&. +.SH "Field Documentation" +.PP +.SS "void* ntlm_buf::data" +pointer to the data itself +.PP +\fBExamples\fP +.in +1c +\fBtest_ntlm\&.c\fP\&. +.SS "size_t ntlm_buf::length" +length buffer data +.PP +\fBExamples\fP +.in +1c +\fBtest_ntlm\&.c\fP\&. + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal ntlm library from the source code\&. diff --git a/kerberos5/man/ntlm/man/man3/ntlm_core.3 b/kerberos5/man/ntlm/man/man3/ntlm_core.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/ntlm/man/man3/ntlm_core.3 @@ -0,0 +1,472 @@ +.TH "ntlm_core" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal ntlm library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +ntlm_core \- Heimdal NTLM library +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "void \fBheim_ntlm_free_buf\fP (struct \fBntlm_buf\fP *p)" +.br +.ti -1c +.RI "void \fBheim_ntlm_free_targetinfo\fP (struct ntlm_targetinfo *ti)" +.br +.ti -1c +.RI "int \fBheim_ntlm_encode_targetinfo\fP (const struct ntlm_targetinfo *ti, int ucs2, struct \fBntlm_buf\fP *data)" +.br +.ti -1c +.RI "int \fBheim_ntlm_decode_targetinfo\fP (const struct \fBntlm_buf\fP *data, int ucs2, struct ntlm_targetinfo *ti)" +.br +.ti -1c +.RI "void \fBheim_ntlm_free_type1\fP (struct \fBntlm_type1\fP *data)" +.br +.ti -1c +.RI "int \fBheim_ntlm_encode_type1\fP (const struct \fBntlm_type1\fP *type1, struct \fBntlm_buf\fP *data)" +.br +.ti -1c +.RI "void \fBheim_ntlm_free_type2\fP (struct \fBntlm_type2\fP *data)" +.br +.ti -1c +.RI "int \fBheim_ntlm_encode_type2\fP (const struct \fBntlm_type2\fP *type2, struct \fBntlm_buf\fP *data)" +.br +.ti -1c +.RI "void \fBheim_ntlm_free_type3\fP (struct \fBntlm_type3\fP *data)" +.br +.ti -1c +.RI "int \fBheim_ntlm_encode_type3\fP (const struct \fBntlm_type3\fP *type3, struct \fBntlm_buf\fP *data, size_t *mic_offset)" +.br +.ti -1c +.RI "int \fBheim_ntlm_nt_key\fP (const char *password, struct \fBntlm_buf\fP *key)" +.br +.ti -1c +.RI "int \fBheim_ntlm_calculate_ntlm1\fP (void *key, size_t len, unsigned char challenge[8], struct \fBntlm_buf\fP *answer)" +.br +.ti -1c +.RI "int \fBheim_ntlm_build_ntlm1_master\fP (void *key, size_t len, struct \fBntlm_buf\fP *session, struct \fBntlm_buf\fP *master)" +.br +.ti -1c +.RI "int \fBheim_ntlm_build_ntlm2_master\fP (void *key, size_t len, struct \fBntlm_buf\fP *blob, struct \fBntlm_buf\fP *session, struct \fBntlm_buf\fP *master)" +.br +.ti -1c +.RI "int \fBheim_ntlm_keyex_unwrap\fP (struct \fBntlm_buf\fP *baseKey, struct \fBntlm_buf\fP *encryptedSession, struct \fBntlm_buf\fP *session)" +.br +.ti -1c +.RI "int \fBheim_ntlm_ntlmv2_key\fP (const void *key, size_t len, const char *username, const char *target, int upper_case_target, unsigned char ntlmv2[16])" +.br +.ti -1c +.RI "int \fBheim_ntlm_calculate_lm2\fP (const void *key, size_t len, const char *username, const char *target, const unsigned char serverchallenge[8], unsigned char ntlmv2[16], struct \fBntlm_buf\fP *answer)" +.br +.ti -1c +.RI "int \fBheim_ntlm_calculate_ntlm2\fP (const void *key, size_t len, const char *username, const char *target, const unsigned char serverchallenge[8], const struct \fBntlm_buf\fP *infotarget, unsigned char ntlmv2[16], struct \fBntlm_buf\fP *answer)" +.br +.ti -1c +.RI "int \fBheim_ntlm_verify_ntlm2\fP (const void *key, size_t len, const char *username, const char *target, time_t now, const unsigned char serverchallenge[8], const struct \fBntlm_buf\fP *answer, struct \fBntlm_buf\fP *infotarget, unsigned char ntlmv2[16])" +.br +.in -1c +.SH "Detailed Description" +.PP +The NTLM core functions implement the string2key generation function, message encode and decode function, and the hash function functions\&. +.SH "Function Documentation" +.PP +.SS "int heim_ntlm_build_ntlm1_master (void * key, size_t len, struct \fBntlm_buf\fP * session, struct \fBntlm_buf\fP * master)" +Generates an NTLMv1 session random with assosited session master key\&. +.PP +\fBParameters\fP +.RS 4 +\fIkey\fP the ntlm v1 key +.br +\fIlen\fP length of key +.br +\fIsession\fP generated session nonce, should be freed with \fBheim_ntlm_free_buf()\fP\&. +.br +\fImaster\fP calculated session master key, should be freed with \fBheim_ntlm_free_buf()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +In case of success 0 is return, an errors, a errno in what went wrong\&. +.RE +.PP + +.SS "int heim_ntlm_build_ntlm2_master (void * key, size_t len, struct \fBntlm_buf\fP * blob, struct \fBntlm_buf\fP * session, struct \fBntlm_buf\fP * master)" +Generates an NTLMv2 session random with associated session master key\&. +.PP +\fBParameters\fP +.RS 4 +\fIkey\fP the NTLMv2 key +.br +\fIlen\fP length of key +.br +\fIblob\fP the NTLMv2 'blob' +.br +\fIsession\fP generated session nonce, should be freed with \fBheim_ntlm_free_buf()\fP\&. +.br +\fImaster\fP calculated session master key, should be freed with \fBheim_ntlm_free_buf()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +In case of success 0 is return, an errors, a errno in what went wrong\&. +.RE +.PP + +.SS "int heim_ntlm_calculate_lm2 (const void * key, size_t len, const char * username, const char * target, const unsigned char serverchallenge[8], unsigned char ntlmv2[16], struct \fBntlm_buf\fP * answer)" +Calculate LMv2 response +.PP +\fBParameters\fP +.RS 4 +\fIkey\fP the ntlm key +.br +\fIlen\fP length of key +.br +\fIusername\fP name of the user, as sent in the message, assumed to be in UTF8\&. +.br +\fItarget\fP the name of the target, assumed to be in UTF8\&. +.br +\fIserverchallenge\fP challenge as sent by the server in the type2 message\&. +.br +\fIntlmv2\fP calculated session key +.br +\fIanswer\fP ntlm response answer, should be freed with \fBheim_ntlm_free_buf()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +In case of success 0 is return, an errors, a errno in what went wrong\&. +.RE +.PP + +.SS "int heim_ntlm_calculate_ntlm1 (void * key, size_t len, unsigned char challenge[8], struct \fBntlm_buf\fP * answer)" +Calculate NTLMv1 response hash +.PP +\fBParameters\fP +.RS 4 +\fIkey\fP the ntlm v1 key +.br +\fIlen\fP length of key +.br +\fIchallenge\fP sent by the server +.br +\fIanswer\fP calculated answer, should be freed with \fBheim_ntlm_free_buf()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +In case of success 0 is return, an errors, a errno in what went wrong\&. +.RE +.PP + +.PP +\fBExamples\fP +.in +1c +\fBtest_ntlm\&.c\fP\&. +.SS "int heim_ntlm_calculate_ntlm2 (const void * key, size_t len, const char * username, const char * target, const unsigned char serverchallenge[8], const struct \fBntlm_buf\fP * infotarget, unsigned char ntlmv2[16], struct \fBntlm_buf\fP * answer)" +Calculate NTLMv2 response +.PP +\fBParameters\fP +.RS 4 +\fIkey\fP the ntlm key +.br +\fIlen\fP length of key +.br +\fIusername\fP name of the user, as sent in the message, assumed to be in UTF8\&. +.br +\fItarget\fP the name of the target, assumed to be in UTF8\&. +.br +\fIserverchallenge\fP challenge as sent by the server in the type2 message\&. +.br +\fIinfotarget\fP infotarget as sent by the server in the type2 message\&. +.br +\fIntlmv2\fP calculated session key +.br +\fIanswer\fP ntlm response answer, should be freed with \fBheim_ntlm_free_buf()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +In case of success 0 is return, an errors, a errno in what went wrong\&. +.RE +.PP + +.PP +\fBExamples\fP +.in +1c +\fBtest_ntlm\&.c\fP\&. +.SS "int heim_ntlm_decode_targetinfo (const struct \fBntlm_buf\fP * data, int ucs2, struct ntlm_targetinfo * ti)" +Decodes an NTLM targetinfo message +.PP +\fBParameters\fP +.RS 4 +\fIdata\fP input data buffer with the encode NTLM targetinfo message +.br +\fIucs2\fP if the strings should be encoded with ucs2 (selected by flag in message)\&. +.br +\fIti\fP the decoded target info, should be freed with \fBheim_ntlm_free_targetinfo()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +In case of success 0 is return, an errors, a errno in what went wrong\&. +.RE +.PP + +.PP +\fBExamples\fP +.in +1c +\fBtest_ntlm\&.c\fP\&. +.SS "int heim_ntlm_encode_targetinfo (const struct ntlm_targetinfo * ti, int ucs2, struct \fBntlm_buf\fP * data)" +Encodes a ntlm_targetinfo message\&. +.PP +\fBParameters\fP +.RS 4 +\fIti\fP the ntlm_targetinfo message to encode\&. +.br +\fIucs2\fP ignored +.br +\fIdata\fP is the return buffer with the encoded message, should be freed with \fBheim_ntlm_free_buf()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +In case of success 0 is return, an errors, a errno in what went wrong\&. +.RE +.PP + +.PP +\fBExamples\fP +.in +1c +\fBtest_ntlm\&.c\fP\&. +.SS "int heim_ntlm_encode_type1 (const struct \fBntlm_type1\fP * type1, struct \fBntlm_buf\fP * data)" +Encodes an \fBntlm_type1\fP message\&. +.PP +\fBParameters\fP +.RS 4 +\fItype1\fP the \fBntlm_type1\fP message to encode\&. +.br +\fIdata\fP is the return buffer with the encoded message, should be freed with \fBheim_ntlm_free_buf()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +In case of success 0 is return, an errors, a errno in what went wrong\&. +.RE +.PP + +.PP +\fBExamples\fP +.in +1c +\fBtest_ntlm\&.c\fP\&. +.SS "int heim_ntlm_encode_type2 (const struct \fBntlm_type2\fP * type2, struct \fBntlm_buf\fP * data)" +Encodes an \fBntlm_type2\fP message\&. +.PP +\fBParameters\fP +.RS 4 +\fItype2\fP the \fBntlm_type2\fP message to encode\&. +.br +\fIdata\fP is the return buffer with the encoded message, should be freed with \fBheim_ntlm_free_buf()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +In case of success 0 is return, an errors, a errno in what went wrong\&. +.RE +.PP + +.PP +\fBExamples\fP +.in +1c +\fBtest_ntlm\&.c\fP\&. +.SS "int heim_ntlm_encode_type3 (const struct \fBntlm_type3\fP * type3, struct \fBntlm_buf\fP * data, size_t * mic_offset)" +Encodes an \fBntlm_type3\fP message\&. +.PP +\fBParameters\fP +.RS 4 +\fItype3\fP the \fBntlm_type3\fP message to encode\&. +.br +\fIdata\fP is the return buffer with the encoded message, should be +.br +\fImic_offset\fP offset of message integrity code freed with \fBheim_ntlm_free_buf()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +In case of success 0 is return, an errors, a errno in what went wrong\&. +.RE +.PP + +.PP +\fBExamples\fP +.in +1c +\fBtest_ntlm\&.c\fP\&. +.SS "void heim_ntlm_free_buf (struct \fBntlm_buf\fP * p)" +heim_ntlm_free_buf frees the ntlm buffer +.PP +\fBParameters\fP +.RS 4 +\fIp\fP buffer to be freed +.RE +.PP + +.PP +\fBExamples\fP +.in +1c +\fBtest_ntlm\&.c\fP\&. +.SS "void heim_ntlm_free_targetinfo (struct ntlm_targetinfo * ti)" +Frees the ntlm_targetinfo message +.PP +\fBParameters\fP +.RS 4 +\fIti\fP targetinfo to be freed +.RE +.PP + +.PP +\fBExamples\fP +.in +1c +\fBtest_ntlm\&.c\fP\&. +.SS "void heim_ntlm_free_type1 (struct \fBntlm_type1\fP * data)" +Frees the \fBntlm_type1\fP message +.PP +\fBParameters\fP +.RS 4 +\fIdata\fP message to be freed +.RE +.PP + +.PP +\fBExamples\fP +.in +1c +\fBtest_ntlm\&.c\fP\&. +.SS "void heim_ntlm_free_type2 (struct \fBntlm_type2\fP * data)" +Frees the \fBntlm_type2\fP message +.PP +\fBParameters\fP +.RS 4 +\fIdata\fP message to be freed +.RE +.PP + +.PP +\fBExamples\fP +.in +1c +\fBtest_ntlm\&.c\fP\&. +.SS "void heim_ntlm_free_type3 (struct \fBntlm_type3\fP * data)" +Frees the \fBntlm_type3\fP message +.PP +\fBParameters\fP +.RS 4 +\fIdata\fP message to be freed +.RE +.PP + +.PP +\fBExamples\fP +.in +1c +\fBtest_ntlm\&.c\fP\&. +.SS "int heim_ntlm_keyex_unwrap (struct \fBntlm_buf\fP * baseKey, struct \fBntlm_buf\fP * encryptedSession, struct \fBntlm_buf\fP * session)" +Given a key and encrypted session, unwrap the session key +.PP +\fBParameters\fP +.RS 4 +\fIbaseKey\fP the sessionBaseKey +.br +\fIencryptedSession\fP encrypted session, type3\&.session field\&. +.br +\fIsession\fP generated session nonce, should be freed with \fBheim_ntlm_free_buf()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +In case of success 0 is return, an errors, a errno in what went wrong\&. +.RE +.PP + +.SS "int heim_ntlm_nt_key (const char * password, struct \fBntlm_buf\fP * key)" +Calculate the NTLM key, the password is assumed to be in UTF8\&. +.PP +\fBParameters\fP +.RS 4 +\fIpassword\fP password to calcute the key for\&. +.br +\fIkey\fP calcuted key, should be freed with \fBheim_ntlm_free_buf()\fP\&. +.RE +.PP +\fBReturns\fP +.RS 4 +In case of success 0 is return, an errors, a errno in what went wrong\&. +.RE +.PP + +.PP +\fBExamples\fP +.in +1c +\fBtest_ntlm\&.c\fP\&. +.SS "int heim_ntlm_ntlmv2_key (const void * key, size_t len, const char * username, const char * target, int upper_case_target, unsigned char ntlmv2[16])" +Generates an NTLMv2 session key\&. +.PP +\fBParameters\fP +.RS 4 +\fIkey\fP the ntlm key +.br +\fIlen\fP length of key +.br +\fIusername\fP name of the user, as sent in the message, assumed to be in UTF8\&. +.br +\fItarget\fP the name of the target, assumed to be in UTF8\&. +.br +\fIupper_case_target\fP upper case the target, should not be used only for legacy systems +.br +\fIntlmv2\fP the ntlmv2 session key +.RE +.PP +\fBReturns\fP +.RS 4 +0 on success, or an error code on failure\&. +.RE +.PP + +.SS "int heim_ntlm_verify_ntlm2 (const void * key, size_t len, const char * username, const char * target, time_t now, const unsigned char serverchallenge[8], const struct \fBntlm_buf\fP * answer, struct \fBntlm_buf\fP * infotarget, unsigned char ntlmv2[16])" +Verify NTLMv2 response\&. +.PP +\fBParameters\fP +.RS 4 +\fIkey\fP the ntlm key +.br +\fIlen\fP length of key +.br +\fIusername\fP name of the user, as sent in the message, assumed to be in UTF8\&. +.br +\fItarget\fP the name of the target, assumed to be in UTF8\&. +.br +\fInow\fP the time now (0 if the library should pick it up itself) +.br +\fIserverchallenge\fP challenge as sent by the server in the type2 message\&. +.br +\fIanswer\fP ntlm response answer, should be freed with \fBheim_ntlm_free_buf()\fP\&. +.br +\fIinfotarget\fP infotarget as sent by the server in the type2 message\&. +.br +\fIntlmv2\fP calculated session key +.RE +.PP +\fBReturns\fP +.RS 4 +In case of success 0 is return, an errors, a errno in what went wrong\&. +.RE +.PP +First check with the domain as the client passed it to the function\&. +.PP +Second check with domain uppercased\&. +.PP +Third check with empty domain\&. +.PP +\fBExamples\fP +.in +1c +\fBtest_ntlm\&.c\fP\&. +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal ntlm library from the source code\&. diff --git a/kerberos5/man/ntlm/man/man3/ntlm_type1.3 b/kerberos5/man/ntlm/man/man3/ntlm_type1.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/ntlm/man/man3/ntlm_type1.3 @@ -0,0 +1,21 @@ +.TH "ntlm_type1" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal ntlm library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +ntlm_type1 +.SH SYNOPSIS +.br +.PP +.PP +\fC#include \fP +.SH "Detailed Description" +.PP +Struct for the NTLM type1 message info, the strings is assumed to be in UTF8\&. When filled in by the library it should be freed with \fBheim_ntlm_free_type1()\fP\&. +.PP +\fBExamples\fP +.in +1c +\fBtest_ntlm\&.c\fP\&. + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal ntlm library from the source code\&. diff --git a/kerberos5/man/ntlm/man/man3/ntlm_type2.3 b/kerberos5/man/ntlm/man/man3/ntlm_type2.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/ntlm/man/man3/ntlm_type2.3 @@ -0,0 +1,21 @@ +.TH "ntlm_type2" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal ntlm library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +ntlm_type2 +.SH SYNOPSIS +.br +.PP +.PP +\fC#include \fP +.SH "Detailed Description" +.PP +Struct for the NTLM type2 message info, the strings is assumed to be in UTF8\&. When filled in by the library it should be freed with \fBheim_ntlm_free_type2()\fP\&. +.PP +\fBExamples\fP +.in +1c +\fBtest_ntlm\&.c\fP\&. + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal ntlm library from the source code\&. diff --git a/kerberos5/man/ntlm/man/man3/ntlm_type3.3 b/kerberos5/man/ntlm/man/man3/ntlm_type3.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/ntlm/man/man3/ntlm_type3.3 @@ -0,0 +1,21 @@ +.TH "ntlm_type3" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal ntlm library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +ntlm_type3 +.SH SYNOPSIS +.br +.PP +.PP +\fC#include \fP +.SH "Detailed Description" +.PP +Struct for the NTLM type3 message info, the strings is assumed to be in UTF8\&. When filled in by the library it should be freed with \fBheim_ntlm_free_type3()\fP\&. +.PP +\fBExamples\fP +.in +1c +\fBtest_ntlm\&.c\fP\&. + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal ntlm library from the source code\&. diff --git a/kerberos5/man/wind/man/man3/wind.3 b/kerberos5/man/wind/man/man3/wind.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/wind/man/man3/wind.3 @@ -0,0 +1,315 @@ +.TH "wind" 3 "Tue Nov 15 2022" "Version 7.8.0" "Heimdal wind library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +wind \- Heimdal wind library +.SH SYNOPSIS +.br +.PP +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBwind_punycode_label_toascii\fP (const uint32_t *in, size_t in_len, char *out, size_t *out_len)" +.br +.ti -1c +.RI "int \fBwind_stringprep\fP (const uint32_t *in, size_t in_len, uint32_t *out, size_t *out_len, wind_profile_flags flags)" +.br +.ti -1c +.RI "int \fBwind_profile\fP (const char *name, wind_profile_flags *flags)" +.br +.ti -1c +.RI "int \fBwind_utf8ucs4\fP (const char *in, uint32_t *out, size_t *out_len)" +.br +.ti -1c +.RI "int \fBwind_utf8ucs4_length\fP (const char *in, size_t *out_len)" +.br +.ti -1c +.RI "int \fBwind_ucs4utf8\fP (const uint32_t *in, size_t in_len, char *out, size_t *out_len)" +.br +.ti -1c +.RI "int \fBwind_ucs4utf8_length\fP (const uint32_t *in, size_t in_len, size_t *out_len)" +.br +.ti -1c +.RI "int \fBwind_ucs2read\fP (const void *ptr, size_t len, unsigned int *flags, uint16_t *out, size_t *out_len)" +.br +.ti -1c +.RI "int \fBwind_ucs2write\fP (const uint16_t *in, size_t in_len, unsigned int *flags, void *ptr, size_t *out_len)" +.br +.ti -1c +.RI "int \fBwind_utf8ucs2\fP (const char *in, uint16_t *out, size_t *out_len)" +.br +.ti -1c +.RI "int \fBwind_utf8ucs2_length\fP (const char *in, size_t *out_len)" +.br +.ti -1c +.RI "int \fBwind_ucs2utf8\fP (const uint16_t *in, size_t in_len, char *out, size_t *out_len)" +.br +.ti -1c +.RI "int \fBwind_ucs2utf8_length\fP (const uint16_t *in, size_t in_len, size_t *out_len)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "int wind_profile (const char * name, wind_profile_flags * flags)" +Try to find the profile given a name\&. +.PP +\fBParameters\fP +.RS 4 +\fIname\fP name of the profile\&. +.br +\fIflags\fP the resulting profile\&. +.RE +.PP +\fBReturns\fP +.RS 4 +returns 0 on success, an wind error code otherwise +.RE +.PP + +.SS "int wind_punycode_label_toascii (const uint32_t * in, size_t in_len, char * out, size_t * out_len)" +Convert an UCS4 string to a puny-coded DNS label string suitable when combined with delimiters and other labels for DNS lookup\&. +.PP +\fBParameters\fP +.RS 4 +\fIin\fP an UCS4 string to convert +.br +\fIin_len\fP the length of in\&. +.br +\fIout\fP the resulting puny-coded string\&. The string is not NUL terminatied\&. +.br +\fIout_len\fP before processing out_len should be the length of the out variable, after processing it will be the length of the out string\&. +.RE +.PP +\fBReturns\fP +.RS 4 +returns 0 on success, an wind error code otherwise +.RE +.PP + +.SS "int wind_stringprep (const uint32_t * in, size_t in_len, uint32_t * out, size_t * out_len, wind_profile_flags flags)" +Process a input UCS4 string according a string-prep profile\&. +.PP +\fBParameters\fP +.RS 4 +\fIin\fP input UCS4 string to process +.br +\fIin_len\fP length of the input string +.br +\fIout\fP output UCS4 string +.br +\fIout_len\fP length of the output string\&. +.br +\fIflags\fP stringprep profile\&. +.RE +.PP +\fBReturns\fP +.RS 4 +returns 0 on success, an wind error code otherwise +.RE +.PP + +.SS "int wind_ucs2read (const void * ptr, size_t len, unsigned int * flags, uint16_t * out, size_t * out_len)" +Read in an UCS2 from a buffer\&. +.PP +\fBParameters\fP +.RS 4 +\fIptr\fP The input buffer to read from\&. +.br +\fIlen\fP the length of the input buffer\&. +.br +\fIflags\fP Flags to control the behavior of the function\&. +.br +\fIout\fP the output UCS2, the array must be at least out/2 long\&. +.br +\fIout_len\fP the output length +.RE +.PP +\fBReturns\fP +.RS 4 +returns 0 on success, an wind error code otherwise\&. +.RE +.PP +if len is zero, flags are unchanged +.PP +if len is odd, WIND_ERR_LENGTH_NOT_MOD2 is returned +.PP +If the flags WIND_RW_BOM is set, check for BOM\&. If not BOM is found, check is LE/BE flag is already and use that otherwise fail with WIND_ERR_NO_BOM\&. When done, clear WIND_RW_BOM and the LE/BE flag and set the resulting LE/BE flag\&. +.SS "int wind_ucs2utf8 (const uint16_t * in, size_t in_len, char * out, size_t * out_len)" +Convert an UCS2 string to a UTF-8 string\&. +.PP +\fBParameters\fP +.RS 4 +\fIin\fP an UCS2 string to convert\&. +.br +\fIin_len\fP the length of the in UCS2 string\&. +.br +\fIout\fP the resulting UTF-8 strint, must be at least \fBwind_ucs2utf8_length()\fP long\&. If out is NULL, the function will calculate the needed space for the out variable (just like \fBwind_ucs2utf8_length()\fP)\&. +.br +\fIout_len\fP before processing out_len should be the length of the out variable, after processing it will be the length of the out string\&. +.RE +.PP +\fBReturns\fP +.RS 4 +returns 0 on success, an wind error code otherwise +.RE +.PP + +.SS "int wind_ucs2utf8_length (const uint16_t * in, size_t in_len, size_t * out_len)" +Calculate the length of from converting a UCS2 string to an UTF-8 string\&. +.PP +\fBParameters\fP +.RS 4 +\fIin\fP an UCS2 string to convert\&. +.br +\fIin_len\fP an UCS2 string length to convert\&. +.br +\fIout_len\fP the length of the resulting UTF-8 string\&. +.RE +.PP +\fBReturns\fP +.RS 4 +returns 0 on success, an wind error code otherwise +.RE +.PP + +.SS "int wind_ucs2write (const uint16_t * in, size_t in_len, unsigned int * flags, void * ptr, size_t * out_len)" +Write an UCS2 string to a buffer\&. +.PP +\fBParameters\fP +.RS 4 +\fIin\fP The input UCS2 string\&. +.br +\fIin_len\fP the length of the input buffer\&. +.br +\fIflags\fP Flags to control the behavior of the function\&. +.br +\fIptr\fP The input buffer to write to, the array must be at least (in + 1) * 2 bytes long\&. +.br +\fIout_len\fP the output length +.RE +.PP +\fBReturns\fP +.RS 4 +returns 0 on success, an wind error code otherwise\&. +.RE +.PP +If in buffer is not of length be mod 2, WIND_ERR_LENGTH_NOT_MOD2 is returned +.PP +On zero input length, flags are preserved +.PP +If flags have WIND_RW_BOM set, the byte order mark is written first to the output data +.PP +If the output wont fit into out_len, WIND_ERR_OVERRUN is returned +.SS "int wind_ucs4utf8 (const uint32_t * in, size_t in_len, char * out, size_t * out_len)" +Convert an UCS4 string to a UTF-8 string\&. +.PP +\fBParameters\fP +.RS 4 +\fIin\fP an UCS4 string to convert\&. +.br +\fIin_len\fP the length input array\&. +.br +\fIout\fP the resulting UTF-8 strint, must be at least \fBwind_ucs4utf8_length()\fP + 1 long (the extra char for the NUL)\&. If out is NULL, the function will calculate the needed space for the out variable (just like \fBwind_ucs4utf8_length()\fP)\&. +.br +\fIout_len\fP before processing out_len should be the length of the out variable, after processing it will be the length of the out string\&. +.RE +.PP +\fBReturns\fP +.RS 4 +returns 0 on success, an wind error code otherwise +.RE +.PP + +.SS "int wind_ucs4utf8_length (const uint32_t * in, size_t in_len, size_t * out_len)" +Calculate the length of from converting a UCS4 string to an UTF-8 string\&. +.PP +\fBParameters\fP +.RS 4 +\fIin\fP an UCS4 string to convert\&. +.br +\fIin_len\fP the length of UCS4 string to convert\&. +.br +\fIout_len\fP the length of the resulting UTF-8 string\&. +.RE +.PP +\fBReturns\fP +.RS 4 +returns 0 on success, an wind error code otherwise +.RE +.PP + +.SS "int wind_utf8ucs2 (const char * in, uint16_t * out, size_t * out_len)" +Convert an UTF-8 string to an UCS2 string\&. +.PP +\fBParameters\fP +.RS 4 +\fIin\fP an UTF-8 string to convert\&. +.br +\fIout\fP the resulting UCS2 strint, must be at least \fBwind_utf8ucs2_length()\fP long\&. If out is NULL, the function will calculate the needed space for the out variable (just like \fBwind_utf8ucs2_length()\fP)\&. +.br +\fIout_len\fP before processing out_len should be the length of the out variable, after processing it will be the length of the out string\&. +.RE +.PP +\fBReturns\fP +.RS 4 +returns 0 on success, an wind error code otherwise +.RE +.PP + +.SS "int wind_utf8ucs2_length (const char * in, size_t * out_len)" +Calculate the length of from converting a UTF-8 string to a UCS2 string\&. +.PP +\fBParameters\fP +.RS 4 +\fIin\fP an UTF-8 string to convert\&. +.br +\fIout_len\fP the length of the resulting UCS4 string\&. +.RE +.PP +\fBReturns\fP +.RS 4 +returns 0 on success, an wind error code otherwise +.RE +.PP + +.SS "int wind_utf8ucs4 (const char * in, uint32_t * out, size_t * out_len)" +Convert an UTF-8 string to an UCS4 string\&. +.PP +\fBParameters\fP +.RS 4 +\fIin\fP an UTF-8 string to convert\&. +.br +\fIout\fP the resulting UCS4 strint, must be at least \fBwind_utf8ucs4_length()\fP long\&. If out is NULL, the function will calculate the needed space for the out variable (just like \fBwind_utf8ucs4_length()\fP)\&. +.br +\fIout_len\fP before processing out_len should be the length of the out variable, after processing it will be the length of the out string\&. +.RE +.PP +\fBReturns\fP +.RS 4 +returns 0 on success, an wind error code otherwise +.RE +.PP + +.SS "int wind_utf8ucs4_length (const char * in, size_t * out_len)" +Calculate the length of from converting a UTF-8 string to a UCS4 string\&. +.PP +\fBParameters\fP +.RS 4 +\fIin\fP an UTF-8 string to convert\&. +.br +\fIout_len\fP the length of the resulting UCS4 string\&. +.RE +.PP +\fBReturns\fP +.RS 4 +returns 0 on success, an wind error code otherwise +.RE +.PP + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdal wind library from the source code\&. diff --git a/kerberos5/man/wind/man/man3/wind_profile.3 b/kerberos5/man/wind/man/man3/wind_profile.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/wind/man/man3/wind_profile.3 @@ -0,0 +1 @@ +.so man3/wind.3 diff --git a/kerberos5/man/wind/man/man3/wind_punycode_label_toascii.3 b/kerberos5/man/wind/man/man3/wind_punycode_label_toascii.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/wind/man/man3/wind_punycode_label_toascii.3 @@ -0,0 +1 @@ +.so man3/wind.3 diff --git a/kerberos5/man/wind/man/man3/wind_stringprep.3 b/kerberos5/man/wind/man/man3/wind_stringprep.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/wind/man/man3/wind_stringprep.3 @@ -0,0 +1 @@ +.so man3/wind.3 diff --git a/kerberos5/man/wind/man/man3/wind_ucs2read.3 b/kerberos5/man/wind/man/man3/wind_ucs2read.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/wind/man/man3/wind_ucs2read.3 @@ -0,0 +1 @@ +.so man3/wind.3 diff --git a/kerberos5/man/wind/man/man3/wind_ucs2utf8.3 b/kerberos5/man/wind/man/man3/wind_ucs2utf8.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/wind/man/man3/wind_ucs2utf8.3 @@ -0,0 +1 @@ +.so man3/wind.3 diff --git a/kerberos5/man/wind/man/man3/wind_ucs2utf8_length.3 b/kerberos5/man/wind/man/man3/wind_ucs2utf8_length.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/wind/man/man3/wind_ucs2utf8_length.3 @@ -0,0 +1 @@ +.so man3/wind.3 diff --git a/kerberos5/man/wind/man/man3/wind_ucs2write.3 b/kerberos5/man/wind/man/man3/wind_ucs2write.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/wind/man/man3/wind_ucs2write.3 @@ -0,0 +1 @@ +.so man3/wind.3 diff --git a/kerberos5/man/wind/man/man3/wind_ucs4utf8.3 b/kerberos5/man/wind/man/man3/wind_ucs4utf8.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/wind/man/man3/wind_ucs4utf8.3 @@ -0,0 +1 @@ +.so man3/wind.3 diff --git a/kerberos5/man/wind/man/man3/wind_ucs4utf8_length.3 b/kerberos5/man/wind/man/man3/wind_ucs4utf8_length.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/wind/man/man3/wind_ucs4utf8_length.3 @@ -0,0 +1 @@ +.so man3/wind.3 diff --git a/kerberos5/man/wind/man/man3/wind_utf8ucs2.3 b/kerberos5/man/wind/man/man3/wind_utf8ucs2.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/wind/man/man3/wind_utf8ucs2.3 @@ -0,0 +1 @@ +.so man3/wind.3 diff --git a/kerberos5/man/wind/man/man3/wind_utf8ucs2_length.3 b/kerberos5/man/wind/man/man3/wind_utf8ucs2_length.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/wind/man/man3/wind_utf8ucs2_length.3 @@ -0,0 +1 @@ +.so man3/wind.3 diff --git a/kerberos5/man/wind/man/man3/wind_utf8ucs4.3 b/kerberos5/man/wind/man/man3/wind_utf8ucs4.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/wind/man/man3/wind_utf8ucs4.3 @@ -0,0 +1 @@ +.so man3/wind.3 diff --git a/kerberos5/man/wind/man/man3/wind_utf8ucs4_length.3 b/kerberos5/man/wind/man/man3/wind_utf8ucs4_length.3 new file mode 100644 --- /dev/null +++ b/kerberos5/man/wind/man/man3/wind_utf8ucs4_length.3 @@ -0,0 +1 @@ +.so man3/wind.3 diff --git a/kerberos5/tools/asn1_compile/Makefile b/kerberos5/tools/asn1_compile/Makefile --- a/kerberos5/tools/asn1_compile/Makefile +++ b/kerberos5/tools/asn1_compile/Makefile @@ -3,14 +3,14 @@ PROG= asn1_compile MAN= +LDFLAGS= -Wl,--no-undefined LIBROKEN_A= ${.OBJDIR:H:H}/lib/libroken/libroken.a LIBADD= vers LDADD= ${LIBROKEN_A} DPADD= ${LIBROKEN_A} MK_PIE:= no -SRCS= \ - asn1parse.y \ +SRCS= asn1parse.y \ gen.c \ gen_copy.c \ gen_decode.c \ @@ -23,7 +23,6 @@ hash.c \ lex.l \ main.c \ - roken.h \ symbol.c CFLAGS+=-I${KRB5DIR}/lib/roken -I${KRB5DIR}/lib/asn1 -I. diff --git a/kerberos5/usr.bin/Makefile b/kerberos5/usr.bin/Makefile --- a/kerberos5/usr.bin/Makefile +++ b/kerberos5/usr.bin/Makefile @@ -1,6 +1,6 @@ -SUBDIR= hxtool kadmin kcc kdestroy kgetcred kf kinit kpasswd krb5-config ksu \ - string2key verify_krb5_conf +SUBDIR= afslog bsearch compile_et heimtools hxtool kadmin kcc kdestroy kgetcred \ + kf kinit kpasswd krb5-config ksu ktutil pagsh string2key verify_krb5_conf SUBDIR_PARALLEL= .include diff --git a/kerberos5/usr.bin/afslog/Makefile b/kerberos5/usr.bin/afslog/Makefile new file mode 100644 --- /dev/null +++ b/kerberos5/usr.bin/afslog/Makefile @@ -0,0 +1,11 @@ + +PACKAGE= kerberos + +PROG= afslog +MAN= afslog.1 +SRCS= afslog.c +LIBADD= kafs5 krb5 roken hcrypto asn1 + +.include + +.PATH: ${KRB5DIR}/appl/afsutil diff --git a/kerberos5/usr.sbin/ktutil/Makefile.depend b/kerberos5/usr.bin/afslog/Makefile.depend copy from kerberos5/usr.sbin/ktutil/Makefile.depend copy to kerberos5/usr.bin/afslog/Makefile.depend --- a/kerberos5/usr.sbin/ktutil/Makefile.depend +++ b/kerberos5/usr.bin/afslog/Makefile.depend @@ -5,16 +5,14 @@ include/arpa \ include/xlocale \ kerberos5/lib/libasn1 \ - kerberos5/lib/libkadm5clnt \ + kerberos5/lib/libkafs5 \ kerberos5/lib/libkrb5 \ kerberos5/lib/libroken \ - kerberos5/lib/libsl \ kerberos5/lib/libvers \ - kerberos5/tools/slc.host \ lib/${CSU_DIR} \ lib/libc \ lib/libcompiler_rt \ - lib/libedit \ + lib/libcrypt \ secure/lib/libcrypto \ diff --git a/kerberos5/usr.bin/bsearch/Makefile b/kerberos5/usr.bin/bsearch/Makefile new file mode 100644 --- /dev/null +++ b/kerberos5/usr.bin/bsearch/Makefile @@ -0,0 +1,11 @@ + +PACKAGE= kerberos + +PROG= bsearch +MAN= bsearch.1 +SRCS= bsearch.c +LIBADD= roken vers heimbase + +.include + +.PATH: ${KRB5DIR}/appl/dbutils diff --git a/kerberos5/usr.sbin/ktutil/Makefile.depend b/kerberos5/usr.bin/bsearch/Makefile.depend copy from kerberos5/usr.sbin/ktutil/Makefile.depend copy to kerberos5/usr.bin/bsearch/Makefile.depend --- a/kerberos5/usr.sbin/ktutil/Makefile.depend +++ b/kerberos5/usr.bin/bsearch/Makefile.depend @@ -5,16 +5,14 @@ include/arpa \ include/xlocale \ kerberos5/lib/libasn1 \ - kerberos5/lib/libkadm5clnt \ + kerberos5/lib/libkafs5 \ kerberos5/lib/libkrb5 \ kerberos5/lib/libroken \ - kerberos5/lib/libsl \ kerberos5/lib/libvers \ - kerberos5/tools/slc.host \ lib/${CSU_DIR} \ lib/libc \ lib/libcompiler_rt \ - lib/libedit \ + lib/libcrypt \ secure/lib/libcrypto \ diff --git a/kerberos5/usr.bin/heimtools/Makefile b/kerberos5/usr.bin/heimtools/Makefile new file mode 100644 --- /dev/null +++ b/kerberos5/usr.bin/heimtools/Makefile @@ -0,0 +1,26 @@ + +PACKAGE= kerberos + +PROG= heimtools +MAN= klist.1 kswitch.1 kx509.1 +CFLAGS+= -I${KRB5DIR}/lib/asn1 \ + -I${KRB5DIR}/lib/roken +LIBADD= krb5 roken asn1 gssapi gsspreauth heimntlm hcrypto sl edit heimbase hx509 +SRCS= heimtools.c \ + klist.c \ + kx509.c \ + kswitch.c \ + copy_cred_cache.c \ + heimtools-commands.c \ + heimtools-commands.h + +CLEANFILES= heimtools-commands.h heimtools-commands.c + +heimtools-commands.h: heimtools-commands.in + ${SLC} ${.ALLSRC:M*.in} + +heimtools-commands.c: heimtools-commands.h + +.include + +.PATH: ${KRB5DIR}/kuser diff --git a/kerberos5/usr.sbin/ktutil/Makefile.depend b/kerberos5/usr.bin/heimtools/Makefile.depend copy from kerberos5/usr.sbin/ktutil/Makefile.depend copy to kerberos5/usr.bin/heimtools/Makefile.depend --- a/kerberos5/usr.sbin/ktutil/Makefile.depend +++ b/kerberos5/usr.bin/heimtools/Makefile.depend @@ -5,16 +5,13 @@ include/arpa \ include/xlocale \ kerberos5/lib/libasn1 \ - kerberos5/lib/libkadm5clnt \ + kerberos5/lib/libkafs5 \ kerberos5/lib/libkrb5 \ kerberos5/lib/libroken \ - kerberos5/lib/libsl \ kerberos5/lib/libvers \ - kerberos5/tools/slc.host \ lib/${CSU_DIR} \ lib/libc \ lib/libcompiler_rt \ - lib/libedit \ secure/lib/libcrypto \ diff --git a/kerberos5/usr.bin/kadmin/Makefile b/kerberos5/usr.bin/kadmin/Makefile --- a/kerberos5/usr.bin/kadmin/Makefile +++ b/kerberos5/usr.bin/kadmin/Makefile @@ -2,7 +2,7 @@ PACKAGE= kerberos PROG= kadmin -MAN= kadmin.8 +MAN= kadmin.1 SRCS= add_enctype.c \ ank.c \ @@ -17,8 +17,10 @@ kadmin.c \ kadmin-commands.c \ kadmin-commands.h \ + kadmin-locl.h \ load.c \ mod.c \ + prune.c \ pw_quality.c \ random_password.c \ rename.c \ @@ -27,7 +29,7 @@ CFLAGS+=-I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/roken \ -I${KRB5DIR}/lib/sl -I${SRCTOP}/contrib/com_err -I. ${LDAPCFLAGS} -LIBADD= kadm5clnt kadm5srv hdb krb5 roken vers sl asn1 crypto edit +LIBADD= kadm5clnt kadm5srv hdb krb5 roken sl asn1 hcrypto edit DPADD= ${LDAPDPADD} LDADD= ${LDAPLDADD} LDFLAGS=${LDAPLDFLAGS} diff --git a/kerberos5/usr.bin/kdestroy/Makefile b/kerberos5/usr.bin/kdestroy/Makefile --- a/kerberos5/usr.bin/kdestroy/Makefile +++ b/kerberos5/usr.bin/kdestroy/Makefile @@ -3,7 +3,7 @@ PROG= kdestroy CFLAGS+=-I${KRB5DIR}/lib/roken -LIBADD= kafs5 krb5 roken vers +LIBADD= kafs5 krb5 roken gssapi gsspreauth heimntlm hcrypto asn1 roken MAN= kdestroy.1 .include diff --git a/kerberos5/usr.bin/kf/Makefile b/kerberos5/usr.bin/kf/Makefile --- a/kerberos5/usr.bin/kf/Makefile +++ b/kerberos5/usr.bin/kf/Makefile @@ -3,9 +3,10 @@ PROG= kf MAN= kf.1 +SRCS= kf.c CFLAGS+= -I${KRB5DIR}/lib/asn1 \ -I${KRB5DIR}/lib/roken -LIBADD= krb5 roken vers +LIBADD= krb5 hcrypto asn1 roken .include diff --git a/kerberos5/usr.bin/kgetcred/Makefile b/kerberos5/usr.bin/kgetcred/Makefile --- a/kerberos5/usr.bin/kgetcred/Makefile +++ b/kerberos5/usr.bin/kgetcred/Makefile @@ -4,7 +4,7 @@ PROG= kgetcred CFLAGS+= -I${KRB5DIR}/lib/asn1 \ -I${KRB5DIR}/lib/roken -LIBADD= krb5 roken asn1 vers +LIBADD= krb5 roken asn1 gssapi gsspreauth heimntlm hcrypto .include diff --git a/kerberos5/usr.bin/kinit/Makefile b/kerberos5/usr.bin/kinit/Makefile --- a/kerberos5/usr.bin/kinit/Makefile +++ b/kerberos5/usr.bin/kinit/Makefile @@ -3,7 +3,7 @@ PROG= kinit CFLAGS+=-I${KRB5DIR}/lib/roken -LIBADD= kafs5 krb5 heimntlm roken crypto vers +LIBADD= kafs5 krb5 gssapi gsspreauth heimntlm roken hcrypto .include diff --git a/kerberos5/usr.bin/kpasswd/Makefile b/kerberos5/usr.bin/kpasswd/Makefile --- a/kerberos5/usr.bin/kpasswd/Makefile +++ b/kerberos5/usr.bin/kpasswd/Makefile @@ -2,8 +2,11 @@ PACKAGE= kerberos PROG= kpasswd +MAN= kpasswd.1 CFLAGS+=-I${KRB5DIR}/lib/roken -LIBADD= hdb krb5 roken vers crypto +SRCS= kasspwd.c \ + kpasswd_locl.h +LIBADD= krb5 roken asn1 hcrypto LDFLAGS=${LDAPLDFLAGS} .include diff --git a/kerberos5/usr.bin/ksu/Makefile b/kerberos5/usr.bin/ksu/Makefile --- a/kerberos5/usr.bin/ksu/Makefile +++ b/kerberos5/usr.bin/ksu/Makefile @@ -9,7 +9,7 @@ MAN= SRCS= su.c CFLAGS+=-I${KRB5DIR}/lib/roken -LIBADD= kafs5 krb5 roken vers crypto crypt +LIBADD= kafs5 krb5 asn1 roken hcrypto .include diff --git a/kerberos5/usr.sbin/ktutil/Makefile b/kerberos5/usr.bin/ktutil/Makefile rename from kerberos5/usr.sbin/ktutil/Makefile rename to kerberos5/usr.bin/ktutil/Makefile --- a/kerberos5/usr.sbin/ktutil/Makefile +++ b/kerberos5/usr.bin/ktutil/Makefile @@ -2,7 +2,7 @@ PACKAGE= kerberos PROG= ktutil -MAN= ktutil.8 +MAN= ktutil.1 SRCS= add.c \ change.c \ @@ -18,7 +18,7 @@ rename.c CFLAGS+=-I${KRB5DIR}/lib/roken -I${KRB5DIR}/lib/sl -I. -LIBADD= kadm5clnt krb5 roken crypto edit sl vers +LIBADD= kadm5clnt krb5 roken hcrypto asn1 edit sl vers CLEANFILES= ktutil-commands.h ktutil-commands.c diff --git a/kerberos5/usr.sbin/ktutil/Makefile.depend b/kerberos5/usr.bin/ktutil/Makefile.depend copy from kerberos5/usr.sbin/ktutil/Makefile.depend copy to kerberos5/usr.bin/ktutil/Makefile.depend diff --git a/kerberos5/usr.bin/pagsh/Makefile b/kerberos5/usr.bin/pagsh/Makefile new file mode 100644 --- /dev/null +++ b/kerberos5/usr.bin/pagsh/Makefile @@ -0,0 +1,11 @@ + +PACKAGE= kerberos + +PROG= pagsh +MAN= pagsh.1 +SRCS= pagsh.c +LIBADD= kafs5 krb5 asn1 roken hcrypto + +.include + +.PATH: ${KRB5DIR}/appl/afsutil diff --git a/kerberos5/usr.sbin/ktutil/Makefile.depend b/kerberos5/usr.bin/pagsh/Makefile.depend rename from kerberos5/usr.sbin/ktutil/Makefile.depend rename to kerberos5/usr.bin/pagsh/Makefile.depend --- a/kerberos5/usr.sbin/ktutil/Makefile.depend +++ b/kerberos5/usr.bin/pagsh/Makefile.depend @@ -5,16 +5,14 @@ include/arpa \ include/xlocale \ kerberos5/lib/libasn1 \ - kerberos5/lib/libkadm5clnt \ + kerberos5/lib/libkafs5 \ kerberos5/lib/libkrb5 \ kerberos5/lib/libroken \ - kerberos5/lib/libsl \ kerberos5/lib/libvers \ - kerberos5/tools/slc.host \ lib/${CSU_DIR} \ lib/libc \ lib/libcompiler_rt \ - lib/libedit \ + lib/libcrypt \ secure/lib/libcrypto \ diff --git a/kerberos5/usr.bin/string2key/Makefile b/kerberos5/usr.bin/string2key/Makefile --- a/kerberos5/usr.bin/string2key/Makefile +++ b/kerberos5/usr.bin/string2key/Makefile @@ -9,7 +9,9 @@ -I${KRB5DIR}/lib/roken \ -I${KRB5DIR}/lib/windc \ -I${SRCTOP}/contrib/com_err -LIBADD= krb5 roken crypto vers +SRC= string2key.c \ + headers.h +LDADD= hdb krb5 hcrypto asn1 roken .include diff --git a/kerberos5/usr.sbin/Makefile b/kerberos5/usr.sbin/Makefile --- a/kerberos5/usr.sbin/Makefile +++ b/kerberos5/usr.sbin/Makefile @@ -1,5 +1,5 @@ -SUBDIR= iprop-log kstash ktutil +SUBDIR= iprop-log kstash SUBDIR_PARALLEL= .include diff --git a/kerberos5/usr.sbin/kstash/Makefile b/kerberos5/usr.sbin/kstash/Makefile --- a/kerberos5/usr.sbin/kstash/Makefile +++ b/kerberos5/usr.sbin/kstash/Makefile @@ -5,7 +5,8 @@ MAN= kstash.8 CFLAGS+=-I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/roken \ -I${KRB5DIR}/kdc -I${SRCTOP}/contrib/com_err ${LDAPCFLAGS} -LIBADD= hdb krb5 crypto vers +SRCS= kstash.c headers.h +LIBADD= hdb krb5 hcrypto asn1 roken DPADD= ${LDAPDPADD} LDADD= ${LDAPLDADD} LDFLAGS=${LDAPLDFLAGS} diff --git a/lib/libcom_err/Makefile b/lib/libcom_err/Makefile --- a/lib/libcom_err/Makefile +++ b/lib/libcom_err/Makefile @@ -5,9 +5,9 @@ SRCS= com_err.c error.c INCS= ${COM_ERRDIR}/com_err.h ${COM_ERRDIR}/com_right.h MAN= com_err.3 -COM_ERRDIR= ${SRCTOP}/contrib/com_err -CFLAGS+= -I${COM_ERRDIR} - +COM_ERRDIR= ${SRCTOP}/crypto/heimdal/lib/com_err +CFLAGS+= -I${COM_ERRDIR} \ + -I${SRCTOP}/kerberos5/include LDFLAGS= -Wl,--no-undefined VERSION_MAP= ${COM_ERRDIR}/version-script.map diff --git a/share/mk/bsd.libnames.mk b/share/mk/bsd.libnames.mk --- a/share/mk/bsd.libnames.mk +++ b/share/mk/bsd.libnames.mk @@ -70,6 +70,7 @@ LIBGPIO?= ${LIBDESTDIR}${LIBDIR_BASE}/libgpio.a LIBGSSAPI?= ${LIBDESTDIR}${LIBDIR_BASE}/libgssapi.a LIBGSSAPI_KRB5?= ${LIBDESTDIR}${LIBDIR_BASE}/libgssapi_krb5.a +LIBHCRYPTO?= ${LIBDESTDIR}${LIBDIR_BASE}/libhcrypto.a LIBHDB?= ${LIBDESTDIR}${LIBDIR_BASE}/libhdb.a LIBHEIMBASE?= ${LIBDESTDIR}${LIBDIR_BASE}/libheimbase.a LIBHEIMNTLM?= ${LIBDESTDIR}${LIBDIR_BASE}/libheimntlm.a diff --git a/share/mk/local.dirdeps-options.mk b/share/mk/local.dirdeps-options.mk --- a/share/mk/local.dirdeps-options.mk +++ b/share/mk/local.dirdeps-options.mk @@ -7,6 +7,7 @@ DIRDEPS.JAIL.yes+= lib/libjail DIRDEPS.KERBEROS_SUPPORT.yes+= \ kerberos5/lib/libasn1 \ + kerberos5/lib/libhcrypto \ kerberos5/lib/libheimbase \ kerberos5/lib/libheimipcc \ kerberos5/lib/libhx509 \ diff --git a/share/mk/src.libnames.mk b/share/mk/src.libnames.mk --- a/share/mk/src.libnames.mk +++ b/share/mk/src.libnames.mk @@ -144,6 +144,7 @@ gpio \ gssapi \ gssapi_krb5 \ + hcrypto \ hdb \ heimbase \ heimntlm \ @@ -369,19 +370,20 @@ .endif _DP_roken= crypt _DP_kadm5clnt= com_err krb5 roken -_DP_kadm5srv= com_err hdb krb5 roken -_DP_heimntlm= crypto com_err krb5 roken -_DP_hx509= asn1 com_err crypto roken wind -_DP_hdb= asn1 com_err krb5 roken sqlite3 +_DP_kadm5srv= com_err hdb heimbase krb5 roken +_DP_heimntlm= com_err hcrypto krb5 roken wind +_DP_hx509= asn1 com_err crypto hcrypto heimbase roken wind +_DP_hdb= asn1 com_err hcrypto heimbase krb5 roken sqlite3 _DP_asn1= com_err roken -_DP_kdc= roken hdb hx509 krb5 heimntlm asn1 crypto +_DP_kdc= roken hdb hx509 krb5 hcrypto heimbase heimntlm asn1 crypto _DP_wind= com_err roken +_DP_hcrypto= crypto crypt roken asn1 heimbase _DP_heimbase= pthread _DP_heimipcc= heimbase roken pthread _DP_heimipcs= heimbase roken pthread -_DP_kafs5= asn1 krb5 roken -_DP_krb5= asn1 com_err crypt crypto hx509 roken wind heimbase heimipcc -_DP_gssapi_krb5= gssapi krb5 crypto roken asn1 com_err +_DP_gssapi_krb5= gssapi krb5 hcrypto heimbase roken asn1 com_err +_DP_kafs5= asn1 hcrypto krb5 roken +_DP_krb5= asn1 com_err crypt crypto hcrypto hx509 roken wind heimbase heimipcc sqlite3 _DP_lzma= md pthread _DP_ucl= m _DP_vmmapi= util @@ -706,6 +708,7 @@ LIBGSSAPI_KRB5DIR= ${_LIB_OBJTOP}/kerberos5/lib/libgssapi_krb5 LIBGSSAPI_NTLMDIR= ${_LIB_OBJTOP}/kerberos5/lib/libgssapi_ntlm LIBGSSAPI_SPNEGODIR= ${_LIB_OBJTOP}/kerberos5/lib/libgssapi_spnego +LIBHCRYPTODIR= ${_LIB_OBJTOP}/kerberos5/lib/libhcrypto LIBHDBDIR= ${_LIB_OBJTOP}/kerberos5/lib/libhdb LIBHEIMBASEDIR= ${_LIB_OBJTOP}/kerberos5/lib/libheimbase LIBHEIMIPCCDIR= ${_LIB_OBJTOP}/kerberos5/lib/libheimipcc diff --git a/usr.bin/compile_et/Makefile b/usr.bin/compile_et/Makefile --- a/usr.bin/compile_et/Makefile +++ b/usr.bin/compile_et/Makefile @@ -1,12 +1,14 @@ -.PATH: ${SRCTOP}/contrib/com_err +.PATH: ${SRCTOP}/crypto/heimdal/lib/com_err PACKAGE= kerberos PROG= compile_et +MAN= SRCS= compile_et.c parse.y lex.l -LIBADD= roken vers -CFLAGS+=-I. -I${SRCTOP}/contrib/com_err +LIBADD= roken vers crypt +CFLAGS+=-I${SRCTOP}/crypto/heimdal/lib/com_err\ + -I${SRCTOP}/kerberos5/include WARNS?= 0