diff --git a/crypto/heimdal/appl/ftp/ftp/ftp.1 b/crypto/heimdal/appl/ftp/ftp/ftp.1 index b0a837d863f5..deca4ef62084 100644 --- a/crypto/heimdal/appl/ftp/ftp/ftp.1 +++ b/crypto/heimdal/appl/ftp/ftp/ftp.1 @@ -1,1211 +1,1211 @@ .\" $NetBSD: ftp.1,v 1.11 1995/09/08 01:06:24 tls Exp $ .\" .\" Copyright (c) 1985, 1989, 1990, 1993 .\" The Regents of the University of California. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. All advertising materials mentioning features or use of this software .\" must display the following acknowledgement: .\" This product includes software developed by the University of .\" California, Berkeley and its contributors. .\" 4. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" @(#)ftp.1 8.3 (Berkeley) 10/9/94 .\" .Dd March 23, 2006 .Dt FTP 1 .Os BSD 4.2 .Sh NAME .Nm ftp .Nd .Tn ARPANET file transfer program .Sh SYNOPSIS .Nm ftp .Op Fl K .Op Fl d .Op Fl g .Op Fl i .Op Fl l .Op Fl n .Op Fl p .Op Fl t .Op Fl v .Op Fl x .Op Fl Fl no-gss-bindings .Op Fl Fl no-gss-delegate .Op Ar host .Sh DESCRIPTION .Nm is the user interface to the .Tn ARPANET standard File Transfer Protocol. The program allows a user to transfer files to and from a remote network site. .Pp Modifications have been made so that it almost follows the FTP Security Extensions, RFC 2228. .Pp Options may be specified at the command line, or to the command interpreter. .Bl -tag -width flag .It Fl K Disable Kerberos authentication. .It Fl t Enables packet tracing. .It Fl v Verbose option forces .Nm ftp to show all responses from the remote server, as well as report on data transfer statistics. .It Fl n Restrains .Nm ftp from attempting \*(Lqauto-login\*(Rq upon initial connection. If auto-login is enabled, .Nm ftp will check the .Pa .netrc (see below) file in the user's home directory for an entry describing an account on the remote machine. If no entry exists, .Nm ftp will prompt for the remote machine login name (default is the user identity on the local machine), and, if necessary, prompt for a password and an account with which to login. .It Fl i Turns off interactive prompting during multiple file transfers. .It Fl p Turn on passive mode. .It Fl d Enables debugging. .It Fl g Disables file name globbing. .It Fl Fl no-gss-bindings Don't use GSS-API bindings when talking to peer. IP addresses will not be checked to ensure they match. .It Fl Fl no-gss-delegate Disable delegation of GSSAPI credentials. .It Fl l Disables command line editing. .It Fl x Encrypt command and data channel. .El .Pp The client host with which .Nm ftp is to communicate may be specified on the command line. If this is done, .Nm ftp will immediately attempt to establish a connection to an .Tn FTP server on that host; otherwise, .Nm ftp will enter its command interpreter and await instructions from the user. When .Nm ftp is awaiting commands from the user the prompt .Ql ftp\*[Gt] is provided to the user. The following commands are recognized by .Nm ftp : .Bl -tag -width Fl .It Ic \&! Op Ar command Op Ar args Invoke an interactive shell on the local machine. If there are arguments, the first is taken to be a command to execute directly, with the rest of the arguments as its arguments. .It Ic \&$ Ar macro-name Op Ar args Execute the macro .Ar macro-name that was defined with the .Ic macdef command. Arguments are passed to the macro unglobbed. .It Ic account Op Ar passwd Supply a supplemental password required by a remote system for access to resources once a login has been successfully completed. If no argument is included, the user will be prompted for an account password in a non-echoing input mode. .It Ic append Ar local-file Op Ar remote-file Append a local file to a file on the remote machine. If .Ar remote-file is left unspecified, the local file name is used in naming the remote file after being altered by any .Ic ntrans or .Ic nmap setting. File transfer uses the current settings for .Ic type , .Ic format , .Ic mode , and .Ic structure . .It Ic ascii Set the file transfer .Ic type to network .Tn ASCII . This is the default type. .It Ic bell Arrange that a bell be sounded after each file transfer command is completed. .It Ic binary Set the file transfer .Ic type to support binary image transfer. .It Ic bye Terminate the .Tn FTP session with the remote server and exit .Nm ftp . An end of file will also terminate the session and exit. .It Ic case Toggle remote computer file name case mapping during .Ic mget commands. When .Ic case is on (default is off), remote computer file names with all letters in upper case are written in the local directory with the letters mapped to lower case. .It Ic \&cd Ar remote-directory Change the working directory on the remote machine to .Ar remote-directory . .It Ic cdup Change the remote machine working directory to the parent of the current remote machine working directory. .It Ic chmod Ar mode file-name Change the permission modes of the file .Ar file-name on the remote -sytem to +system to .Ar mode . .It Ic close Terminate the .Tn FTP session with the remote server, and return to the command interpreter. Any defined macros are erased. .It Ic \&cr Toggle carriage return stripping during ascii type file retrieval. Records are denoted by a carriage return/linefeed sequence during ascii type file transfer. When .Ic \&cr is on (the default), carriage returns are stripped from this sequence to conform with the .Ux single linefeed record delimiter. Records on .Pf non\- Ns Ux remote systems may contain single linefeeds; when an ascii type transfer is made, these linefeeds may be distinguished from a record delimiter only when .Ic \&cr is off. .It Ic delete Ar remote-file Delete the file .Ar remote-file on the remote machine. .It Ic debug Op Ar debug-value Toggle debugging mode. If an optional .Ar debug-value is specified it is used to set the debugging level. When debugging is on, .Nm ftp prints each command sent to the remote machine, preceded by the string .Ql \-\-\*[Gt] .It Xo .Ic dir .Op Ar remote-directory .Op Ar local-file .Xc Print a listing of the directory contents in the directory, .Ar remote-directory , and, optionally, placing the output in .Ar local-file . If interactive prompting is on, .Nm ftp will prompt the user to verify that the last argument is indeed the target local file for receiving .Ic dir output. If no directory is specified, the current working directory on the remote machine is used. If no local file is specified, or .Ar local-file is .Fl , output comes to the terminal. .It Ic disconnect A synonym for .Ar close . .It Ic form Ar format Set the file transfer .Ic form to .Ar format . The default format is \*(Lqfile\*(Rq. .It Ic get Ar remote-file Op Ar local-file Retrieve the .Ar remote-file and store it on the local machine. If the local file name is not specified, it is given the same name it has on the remote machine, subject to alteration by the current .Ic case , .Ic ntrans , and .Ic nmap settings. The current settings for .Ic type , .Ic form , .Ic mode , and .Ic structure are used while transferring the file. .It Ic glob Toggle filename expansion for .Ic mdelete , .Ic mget and .Ic mput . If globbing is turned off with .Ic glob , the file name arguments are taken literally and not expanded. Globbing for .Ic mput is done as in .Xr csh 1 . For .Ic mdelete and .Ic mget , each remote file name is expanded separately on the remote machine and the lists are not merged. Expansion of a directory name is likely to be different from expansion of the name of an ordinary file: the exact result depends on the foreign operating system and ftp server, and can be previewed by doing .Ql mls remote-files \- . As a security measure, remotely globbed files that starts with .Sq / or contains .Sq ../ , will not be automatically received. If you have interactive prompting turned off, these filenames will be ignored. Note: .Ic mget and .Ic mput are not meant to transfer entire directory subtrees of files. That can be done by transferring a .Xr tar 1 archive of the subtree (in binary mode). .It Ic hash Toggle hash-sign (``#'') printing for each data block transferred. The size of a data block is 1024 bytes. .It Ic help Op Ar command Print an informative message about the meaning of .Ar command . If no argument is given, .Nm ftp prints a list of the known commands. .It Ic idle Op Ar seconds Set the inactivity timer on the remote server to .Ar seconds seconds. If .Ar seconds is omitted, the current inactivity timer is printed. .It Ic lcd Op Ar directory Change the working directory on the local machine. If no .Ar directory is specified, the user's home directory is used. .It Xo .Ic \&ls .Op Ar remote-directory .Op Ar local-file .Xc Print a listing of the contents of a directory on the remote machine. The listing includes any system-dependent information that the server chooses to include; for example, most .Ux systems will produce output from the command .Ql ls \-l . (See also .Ic nlist . ) If .Ar remote-directory is left unspecified, the current working directory is used. If interactive prompting is on, .Nm ftp will prompt the user to verify that the last argument is indeed the target local file for receiving .Ic \&ls output. If no local file is specified, or if .Ar local-file is .Sq Fl , the output is sent to the terminal. .It Ic macdef Ar macro-name Define a macro. Subsequent lines are stored as the macro .Ar macro-name ; a null line (consecutive newline characters in a file or carriage returns from the terminal) terminates macro input mode. There is a limit of 16 macros and 4096 total characters in all defined macros. Macros remain defined until a .Ic close command is executed. The macro processor interprets `$' and `\e' as special characters. A `$' followed by a number (or numbers) is replaced by the corresponding argument on the macro invocation command line. A `$' followed by an `i' signals that macro processor that the executing macro is to be looped. On the first pass `$i' is replaced by the first argument on the macro invocation command line, on the second pass it is replaced by the second argument, and so on. A `\e' followed by any character is replaced by that character. Use the `\e' to prevent special treatment of the `$'. .It Ic mdelete Op Ar remote-files Delete the .Ar remote-files on the remote machine. .It Ic mdir Ar remote-files local-file Like .Ic dir , except multiple remote files may be specified. If interactive prompting is on, .Nm ftp will prompt the user to verify that the last argument is indeed the target local file for receiving .Ic mdir output. .It Ic mget Ar remote-files Expand the .Ar remote-files on the remote machine and do a .Ic get for each file name thus produced. See .Ic glob for details on the filename expansion. Resulting file names will then be processed according to .Ic case , .Ic ntrans , and .Ic nmap settings. Files are transferred into the local working directory, which can be changed with .Ql lcd directory ; new local directories can be created with .Ql "\&! mkdir directory" . .It Ic mkdir Ar directory-name Make a directory on the remote machine. .It Ic mls Ar remote-files local-file Like .Ic nlist , except multiple remote files may be specified, and the .Ar local-file must be specified. If interactive prompting is on, .Nm ftp will prompt the user to verify that the last argument is indeed the target local file for receiving .Ic mls output. .It Ic mode Op Ar mode-name Set the file transfer .Ic mode to .Ar mode-name . The default mode is \*(Lqstream\*(Rq mode. .It Ic modtime Ar file-name Show the last modification time of the file on the remote machine. .It Ic mput Ar local-files Expand wild cards in the list of local files given as arguments and do a .Ic put for each file in the resulting list. See .Ic glob for details of filename expansion. Resulting file names will then be processed according to .Ic ntrans and .Ic nmap settings. .It Ic newer Ar file-name Get the file only if the modification time of the remote file is more recent that the file on the current system. If the file does not exist on the current system, the remote file is considered .Ic newer . Otherwise, this command is identical to .Ar get . .It Xo .Ic nlist .Op Ar remote-directory .Op Ar local-file .Xc Print a list of the files in a directory on the remote machine. If .Ar remote-directory is left unspecified, the current working directory is used. If interactive prompting is on, .Nm ftp will prompt the user to verify that the last argument is indeed the target local file for receiving .Ic nlist output. If no local file is specified, or if .Ar local-file is .Fl , the output is sent to the terminal. .It Ic nmap Op Ar inpattern outpattern Set or unset the filename mapping mechanism. If no arguments are specified, the filename mapping mechanism is unset. If arguments are specified, remote filenames are mapped during .Ic mput commands and .Ic put commands issued without a specified remote target filename. If arguments are specified, local filenames are mapped during .Ic mget commands and .Ic get commands issued without a specified local target filename. This command is useful when connecting to a .No non\- Ns Ux remote computer with different file naming conventions or practices. The mapping follows the pattern set by .Ar inpattern and .Ar outpattern . .Op Ar Inpattern is a template for incoming filenames (which may have already been processed according to the .Ic ntrans and .Ic case settings). Variable templating is accomplished by including the sequences `$1', `$2', ..., `$9' in .Ar inpattern . Use `\\' to prevent this special treatment of the `$' character. All other characters are treated literally, and are used to determine the .Ic nmap .Op Ar inpattern variable values. For example, given .Ar inpattern $1.$2 and the remote file name "mydata.data", $1 would have the value "mydata", and $2 would have the value "data". The .Ar outpattern determines the resulting mapped filename. The sequences `$1', `$2', ...., `$9' are replaced by any value resulting from the .Ar inpattern template. The sequence `$0' is replace by the original filename. Additionally, the sequence .Ql Op Ar seq1 , Ar seq2 is replaced by .Op Ar seq1 if .Ar seq1 is not a null string; otherwise it is replaced by .Ar seq2 . For example, the command .Pp .Bd -literal -offset indent -compact nmap $1.$2.$3 [$1,$2].[$2,file] .Ed .Pp would yield the output filename "myfile.data" for input filenames "myfile.data" and "myfile.data.old", "myfile.file" for the input filename "myfile", and "myfile.myfile" for the input filename ".myfile". Spaces may be included in .Ar outpattern , as in the example: `nmap $1 sed "s/ *$//" \*[Gt] $1' . Use the `\e' character to prevent special treatment of the `$','[','[', and `,' characters. .It Ic ntrans Op Ar inchars Op Ar outchars Set or unset the filename character translation mechanism. If no arguments are specified, the filename character translation mechanism is unset. If arguments are specified, characters in remote filenames are translated during .Ic mput commands and .Ic put commands issued without a specified remote target filename. If arguments are specified, characters in local filenames are translated during .Ic mget commands and .Ic get commands issued without a specified local target filename. This command is useful when connecting to a .No non\- Ns Ux remote computer with different file naming conventions or practices. Characters in a filename matching a character in .Ar inchars are replaced with the corresponding character in .Ar outchars . If the character's position in .Ar inchars is longer than the length of .Ar outchars , the character is deleted from the file name. .It Ic open Ar host Op Ar port Establish a connection to the specified .Ar host .Tn FTP server. An optional port number may be supplied, in which case, .Nm ftp will attempt to contact an .Tn FTP server at that port. If the .Ic auto-login option is on (default), .Nm ftp will also attempt to automatically log the user in to the .Tn FTP server (see below). .It Ic passive Toggle passive mode. If passive mode is turned on (default is off), the ftp client will send a .Dv PASV command for all data connections instead of the usual .Dv PORT command. The .Dv PASV command requests that the remote server open a port for the data connection and return the address of that port. The remote server listens on that port and the client connects to it. When using the more traditional .Dv PORT command, the client listens on a port and sends that address to the remote server, who connects back to it. Passive mode is useful when using .Nm ftp through a gateway router or host that controls the directionality of traffic. (Note that though ftp servers are required to support the .Dv PASV command by RFC 1123, some do not.) .It Ic prompt Toggle interactive prompting. Interactive prompting occurs during multiple file transfers to allow the user to selectively retrieve or store files. If prompting is turned off (default is on), any .Ic mget or .Ic mput will transfer all files, and any .Ic mdelete will delete all files. .It Ic proxy Ar ftp-command Execute an ftp command on a secondary control connection. This command allows simultaneous connection to two remote ftp servers for transferring files between the two servers. The first .Ic proxy command should be an .Ic open , to establish the secondary control connection. Enter the command "proxy ?" to see other ftp commands executable on the secondary connection. The following commands behave differently when prefaced by .Ic proxy : .Ic open will not define new macros during the auto-login process, .Ic close will not erase existing macro definitions, .Ic get and .Ic mget transfer files from the host on the primary control connection to the host on the secondary control connection, and .Ic put , .Ic mput , and .Ic append transfer files from the host on the secondary control connection to the host on the primary control connection. Third party file transfers depend upon support of the ftp protocol .Dv PASV command by the server on the secondary control connection. .It Ic put Ar local-file Op Ar remote-file Store a local file on the remote machine. If .Ar remote-file is left unspecified, the local file name is used after processing according to any .Ic ntrans or .Ic nmap settings in naming the remote file. File transfer uses the current settings for .Ic type , .Ic format , .Ic mode , and .Ic structure . .It Ic pwd Print the name of the current working directory on the remote machine. .It Ic quit A synonym for .Ic bye . .It Ic quote Ar arg1 arg2 ... The arguments specified are sent, verbatim, to the remote .Tn FTP server. .It Ic recv Ar remote-file Op Ar local-file A synonym for get. .It Ic reget Ar remote-file Op Ar local-file Reget acts like get, except that if .Ar local-file exists and is smaller than .Ar remote-file , .Ar local-file is presumed to be a partially transferred copy of .Ar remote-file and the transfer is continued from the apparent point of failure. This command is useful when transferring very large files over networks that are prone to dropping connections. .It Ic remotehelp Op Ar command-name Request help from the remote .Tn FTP server. If a .Ar command-name is specified it is supplied to the server as well. .It Ic remotestatus Op Ar file-name With no arguments, show status of remote machine. If .Ar file-name is specified, show status of .Ar file-name on remote machine. .It Xo .Ic rename .Op Ar from .Op Ar to .Xc Rename the file .Ar from on the remote machine, to the file .Ar to . .It Ic reset Clear reply queue. This command re-synchronizes command/reply sequencing with the remote ftp server. Resynchronization may be necessary following a violation of the ftp protocol by the remote server. .It Ic restart Ar marker Restart the immediately following .Ic get or .Ic put at the indicated .Ar marker . On .Ux systems, marker is usually a byte offset into the file. .It Ic rmdir Ar directory-name Delete a directory on the remote machine. .It Ic runique Toggle storing of files on the local system with unique filenames. If a file already exists with a name equal to the target local filename for a .Ic get or .Ic mget command, a ".1" is appended to the name. If the resulting name matches another existing file, a ".2" is appended to the original name. If this process continues up to ".99", an error message is printed, and the transfer does not take place. The generated unique filename will be reported. Note that .Ic runique will not affect local files generated from a shell command (see below). The default value is off. .It Ic send Ar local-file Op Ar remote-file A synonym for put. .It Ic sendport Toggle the use of .Dv PORT commands. By default, .Nm ftp will attempt to use a .Dv PORT command when establishing a connection for each data transfer. The use of .Dv PORT commands can prevent delays when performing multiple file transfers. If the .Dv PORT command fails, .Nm ftp will use the default data port. When the use of .Dv PORT commands is disabled, no attempt will be made to use .Dv PORT commands for each data transfer. This is useful for certain .Tn FTP implementations which do ignore .Dv PORT commands but, incorrectly, indicate they've been accepted. .It Ic site Ar arg1 arg2 ... The arguments specified are sent, verbatim, to the remote .Tn FTP server as a .Dv SITE command. .It Ic size Ar file-name Return size of .Ar file-name on remote machine. .It Ic status Show the current status of .Nm ftp . .It Ic struct Op Ar struct-name Set the file transfer .Ar structure to .Ar struct-name . By default \*(Lqstream\*(Rq structure is used. .It Ic sunique Toggle storing of files on remote machine under unique file names. Remote ftp server must support ftp protocol .Dv STOU command for successful completion. The remote server will report unique name. Default value is off. .It Ic system Show the type of operating system running on the remote machine. .It Ic tenex Set the file transfer type to that needed to talk to .Tn TENEX machines. .It Ic trace Toggle packet tracing. .It Ic type Op Ar type-name Set the file transfer .Ic type to .Ar type-name . If no type is specified, the current type is printed. The default type is network .Tn ASCII . .It Ic umask Op Ar newmask Set the default umask on the remote server to .Ar newmask . If .Ar newmask is omitted, the current umask is printed. .It Xo .Ic user Ar user-name .Op Ar password .Op Ar account .Xc Identify yourself to the remote .Tn FTP server. If the .Ar password is not specified and the server requires it, .Nm ftp will prompt the user for it (after disabling local echo). If an .Ar account field is not specified, and the .Tn FTP server requires it, the user will be prompted for it. If an .Ar account field is specified, an account command will be relayed to the remote server after the login sequence is completed if the remote server did not require it for logging in. Unless .Nm ftp is invoked with \*(Lqauto-login\*(Rq disabled, this process is done automatically on initial connection to the .Tn FTP server. .It Ic verbose Toggle verbose mode. In verbose mode, all responses from the .Tn FTP server are displayed to the user. In addition, if verbose is on, when a file transfer completes, statistics regarding the efficiency of the transfer are reported. By default, verbose is on. .It Ic \&? Op Ar command A synonym for help. .El .Pp The following command can be used with ftpsec-aware servers. .Bl -tag -width Fl .It Xo .Ic prot .Ar clear | .Ar safe | .Ar confidential | .Ar private .Xc Set the data protection level to the requested level. .El .Pp The following command can be used with ftp servers that has implemented the KAUTH site command. .Bl -tag -width Fl .It Ic kauth Op Ar principal Obtain remote tickets. .El .Pp Command arguments which have embedded spaces may be quoted with quote `"' marks. .Sh ABORTING A FILE TRANSFER To abort a file transfer, use the terminal interrupt key (usually Ctrl-C). Sending transfers will be immediately halted. Receiving transfers will be halted by sending a ftp protocol .Dv ABOR command to the remote server, and discarding any further data received. The speed at which this is accomplished depends upon the remote server's support for .Dv ABOR processing. If the remote server does not support the .Dv ABOR command, an .Ql ftp\*[Gt] prompt will not appear until the remote server has completed sending the requested file. .Pp The terminal interrupt key sequence will be ignored when .Nm ftp has completed any local processing and is awaiting a reply from the remote server. A long delay in this mode may result from the ABOR processing described above, or from unexpected behavior by the remote server, including violations of the ftp protocol. If the delay results from unexpected remote server behavior, the local .Nm ftp program must be killed by hand. .Sh FILE NAMING CONVENTIONS Files specified as arguments to .Nm ftp commands are processed according to the following rules. .Bl -enum .It If the file name .Sq Fl is specified, the .Ar stdin (for reading) or .Ar stdout (for writing) is used. .It If the first character of the file name is .Sq \&| , the remainder of the argument is interpreted as a shell command. .Nm Ftp then forks a shell, using .Xr popen 3 with the argument supplied, and reads (writes) from the stdout (stdin). If the shell command includes spaces, the argument must be quoted; e.g. \*(Lq" ls -lt"\*(Rq. A particularly useful example of this mechanism is: \*(Lqdir more\*(Rq. .It Failing the above checks, if ``globbing'' is enabled, local file names are expanded according to the rules used in the .Xr csh 1 ; c.f. the .Ic glob command. If the .Nm ftp command expects a single local file (.e.g. .Ic put ) , only the first filename generated by the "globbing" operation is used. .It For .Ic mget commands and .Ic get commands with unspecified local file names, the local filename is the remote filename, which may be altered by a .Ic case , .Ic ntrans , or .Ic nmap setting. The resulting filename may then be altered if .Ic runique is on. .It For .Ic mput commands and .Ic put commands with unspecified remote file names, the remote filename is the local filename, which may be altered by a .Ic ntrans or .Ic nmap setting. The resulting filename may then be altered by the remote server if .Ic sunique is on. .El .Sh FILE TRANSFER PARAMETERS The FTP specification specifies many parameters which may affect a file transfer. The .Ic type may be one of \*(Lqascii\*(Rq, \*(Lqimage\*(Rq (binary), \*(Lqebcdic\*(Rq, and \*(Lqlocal byte size\*(Rq (for .Tn PDP Ns -10's and .Tn PDP Ns -20's mostly). .Nm Ftp supports the ascii and image types of file transfer, plus local byte size 8 for .Ic tenex mode transfers. .Pp .Nm Ftp supports only the default values for the remaining file transfer parameters: .Ic mode , .Ic form , and .Ic struct . .Sh THE .netrc FILE The .Pa .netrc file contains login and initialization information used by the auto-login process. It resides in the user's home directory. The following tokens are recognized; they may be separated by spaces, tabs, or new-lines: .Bl -tag -width password .It Ic machine Ar name Identify a remote machine .Ar name . The auto-login process searches the .Pa .netrc file for a .Ic machine token that matches the remote machine specified on the .Nm ftp command line or as an .Ic open command argument. Once a match is made, the subsequent .Pa .netrc tokens are processed, stopping when the end of file is reached or another .Ic machine or a .Ic default token is encountered. .It Ic default This is the same as .Ic machine .Ar name except that .Ic default matches any name. There can be only one .Ic default token, and it must be after all .Ic machine tokens. This is normally used as: .Pp .Dl default login anonymous password user@site .Pp thereby giving the user .Ar automatic anonymous ftp login to machines not specified in .Pa .netrc . This can be overridden by using the .Fl n flag to disable auto-login. .It Ic login Ar name Identify a user on the remote machine. If this token is present, the auto-login process will initiate a login using the specified .Ar name . .It Ic password Ar string Supply a password. If this token is present, the auto-login process will supply the specified string if the remote server requires a password as part of the login process. Note that if this token is present in the .Pa .netrc file for any user other than .Ar anonymous , .Nm ftp will abort the auto-login process if the .Pa .netrc is readable by anyone besides the user. .It Ic account Ar string Supply an additional account password. If this token is present, the auto-login process will supply the specified string if the remote server requires an additional account password, or the auto-login process will initiate an .Dv ACCT command if it does not. .It Ic macdef Ar name Define a macro. This token functions like the .Nm ftp .Ic macdef command functions. A macro is defined with the specified name; its contents begin with the next .Pa .netrc line and continue until a null line (consecutive new-line characters) is encountered. If a macro named .Ic init is defined, it is automatically executed as the last step in the auto-login process. .El .Sh ENVIRONMENT .Nm Ftp uses the following environment variables. .Bl -tag -width Fl .It Ev HOME For default location of a .Pa .netrc file, if one exists. .It Ev SHELL For default shell. .El .Sh SEE ALSO .Xr ftpd 8 .Rs .%T RFC2228 .Re .Sh HISTORY The .Nm ftp command appeared in .Bx 4.2 . .Sh BUGS Correct execution of many commands depends upon proper behavior by the remote server. .Pp An error in the treatment of carriage returns in the .Bx 4.2 ascii-mode transfer code has been corrected. This correction may result in incorrect transfers of binary files to and from .Bx 4.2 servers using the ascii type. Avoid this problem by using the binary image type. diff --git a/crypto/heimdal/appl/rsh/rsh.1 b/crypto/heimdal/appl/rsh/rsh.1 index 0b0701f43cb1..205afb05c8bc 100644 --- a/crypto/heimdal/appl/rsh/rsh.1 +++ b/crypto/heimdal/appl/rsh/rsh.1 @@ -1,294 +1,294 @@ .\" Copyright (c) 2002 - 2003 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" 3. Neither the name of the Institute nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $Id$ .\" .Dd February 20, 2004 .Dt RSH 1 .Os HEIMDAL .Sh NAME .Nm rsh .Nd remote shell .Sh SYNOPSIS .Nm .Op Fl 45FGKdefnuxz .Op Fl U Pa string .Op Fl p Ar port .Op Fl l Ar username .Op Fl P Ar N|O .Ar host [command] .Sh DESCRIPTION .Nm authenticates to the .Xr rshd 8 daemon on the remote .Ar host , and then executes the specified .Ar command . .Pp .Nm copies its standard input to the remote command, and the standard output and error of the remote command to its own. .Pp Valid options are: .Bl -tag -width Ds .It Xo .Fl 4 , .Fl Fl krb4 .Xc The .Fl 4 option requests Kerberos 4 authentication. Normally all supported authentication mechanisms will be tried, but in some cases more explicit control is desired. .It Xo .Fl 5 , .Fl Fl krb5 .Xc The .Fl 5 option requests Kerberos 5 authentication. This is analogous to the .Fl 4 option. .It Xo .Fl K , .Fl Fl broken .Xc The .Fl K option turns off all Kerberos authentication. The security in this mode relies on reserved ports. The long name is an indication of how good this is. .It Xo .Fl n , .Fl Fl no-input .Xc The .Fl n option directs the input from the .Pa /dev/null device (see the .Sx BUGS section of this manual page). .It Fl d Enable .Xr setsockopt 2 socket debugging. .It Xo .Fl e , .Fl Fl no-stderr .Xc Don't use a separate socket for the stderr stream. This can be necessary if rsh-ing through a NAT bridge. .It Xo .Fl x , .Fl Fl encrypt .Xc The .Fl x option enables encryption for all data exchange. This is only valid for Kerberos authenticated connections (see the .Sx BUGS section for limitations). .It Xo .Fl z .Xc The opposite of .Fl x . This is the default, and is mainly useful if encryption has been enabled by default, for instance in the .Li appdefaults section of .Pa /etc/krb5.conf when using Kerberos 5. .It Xo .Fl f , .Fl Fl forward .Xc Forward Kerberos 5 credentials to the remote host. Also settable via .Li appdefaults (see .Xr krb5.conf ) . .It Xo .Fl F , .Fl Fl forwardable .Xc Make the forwarded credentials re-forwardable. Also settable via .Li appdefaults (see .Xr krb5.conf ) . .It Xo .Fl l Ar string , .Fl Fl user= Ns Ar string .Xc By default the remote username is the same as the local. The .Fl l option or the .Pa username@host format allow the remote name to be specified. .It Xo .Fl n , .Fl Fl no-input .Xc Direct input from .Pa /dev/null (see the .Sx BUGS section). .It Xo .Fl p Ar number-or-service , .Fl Fl port= Ns Ar number-or-service .Xc Connect to this port instead of the default (which is 514 when using old port based authentication, 544 for Kerberos 5 and non-encrypted -Kerberos 4, and 545 for encrytpted Kerberos 4; subject of course to +Kerberos 4, and 545 for encrypted Kerberos 4; subject of course to the contents of .Pa /etc/services ) . .It Xo .Fl P Ar N|O|1|2 , .Fl Fl protocol= Ns Ar N|O|1|2 .Xc Specifies the protocol version to use with Kerberos 5. .Ar N and .Ar 2 select protocol version 2, while .Ar O and .Ar 1 select version 1. Version 2 is believed to be more secure, and is the default. Unless asked for a specific version, .Nm will try both. This behaviour may change in the future. .It Xo .Fl u , .Fl Fl unique .Xc Make sure the remote credentials cache is unique, that is, don't reuse any existing cache. Mutually exclusive to .Fl U . .It Xo .Fl U Pa string , .Fl Fl tkfile= Ns Pa string .Xc Name of the remote credentials cache. Mutually exclusive to .Fl u . .It Xo .Fl x , .Fl Fl encrypt .Xc The .Fl x option enables encryption for all data exchange. This is only valid for Kerberos authenticated connections (see the .Sx BUGS section for limitations). .It Fl z The opposite of .Fl x . This is the default, but encryption can be enabled when using Kerberos 5, by setting the .Li libdefaults/encrypt option in .Xr krb5.conf 5 . .El .\".Pp .\"Without a .\".Ar command .\".Nm .\"will just exec .\".Xr rlogin 1 .\"with the same arguments. .Sh EXAMPLES Care should be taken when issuing commands containing shell meta characters. Without quoting, these will be expanded on the local machine. .Pp The following command: .Pp .Dl rsh otherhost cat remotefile \*[Gt] localfile .Pp will write the contents of the remote .Pa remotefile to the local .Pa localfile , but: .Pp .Dl rsh otherhost 'cat remotefile \*[Gt] remotefile2' .Pp will write it to the remote .Pa remotefile2 . .\".Sh ENVIRONMENT .Sh FILES .Bl -tag -width /etc/hosts -compact .It Pa /etc/hosts .El .\".Sh DIAGNOSTICS .Sh SEE ALSO .Xr rlogin 1 , .Xr krb_realmofhost 3 , .Xr krb_sendauth 3 , .Xr hosts.equiv 5 , .Xr krb5.conf 5 , .Xr rhosts 5 , .Xr kerberos 8 .Xr rshd 8 .\".Sh STANDARDS .Sh HISTORY The .Nm command appeared in .Bx 4.2 . .Sh AUTHORS This implementation of .Nm was written as part of the Heimdal Kerberos 5 implementation. .Sh BUGS Some shells (notably .Xr csh 1 ) will cause .Nm to block if run in the background, unless the standard input is directed away from the terminal. This is what the .Fl n option is for. .Pp The .Fl x options enables encryption for the session, but for both Kerberos 4 and 5 the actual command is sent unencrypted, so you should not send any secret information in the command line (which is probably a bad idea anyway, since the command line can usually be read with tools like .Xr ps 1 ) . -Forthermore in Kerberos 4 the command is not even integrity +Furthermore in Kerberos 4 the command is not even integrity protected, so anyone with the right tools can modify the command. diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/hcrypto_evp.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/hcrypto_evp.3 index 0997d55d5090..8c4f1f48da52 100644 --- a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/hcrypto_evp.3 +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/hcrypto_evp.3 @@ -1,1299 +1,1299 @@ .TH "EVP generic crypto functions" 3 "11 Jan 2012" "Version 1.5.2" "Heimdal crypto library" \" -*- nroff -*- .ad l .nh .SH NAME EVP generic crypto functions \- .SS "Functions" .in +1c .ti -1c .RI "const EVP_CIPHER * \fBEVP_wincrypt_des_ede3_cbc\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_hcrypto_aes_128_cbc\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_hcrypto_aes_192_cbc\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_hcrypto_aes_256_cbc\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_hcrypto_aes_128_cfb8\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_hcrypto_aes_192_cfb8\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_hcrypto_aes_256_cfb8\fP (void)" .br .ti -1c .RI "const EVP_MD * \fBEVP_hcrypto_sha256\fP (void)" .br .ti -1c .RI "const EVP_MD * \fBEVP_hcrypto_sha384\fP (void)" .br .ti -1c .RI "const EVP_MD * \fBEVP_hcrypto_sha512\fP (void)" .br .ti -1c .RI "const EVP_MD * \fBEVP_hcrypto_sha1\fP (void)" .br .ti -1c .RI "const EVP_MD * \fBEVP_hcrypto_md5\fP (void)" .br .ti -1c .RI "const EVP_MD * \fBEVP_hcrypto_md4\fP (void)" .br .ti -1c .RI "const EVP_MD * \fBEVP_hcrypto_md2\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_hcrypto_des_cbc\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_hcrypto_des_ede3_cbc\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_hcrypto_rc2_cbc\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_hcrypto_rc2_40_cbc\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_hcrypto_rc2_64_cbc\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_hcrypto_camellia_128_cbc\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_hcrypto_camellia_192_cbc\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_hcrypto_camellia_256_cbc\fP (void)" .br .ti -1c .RI "size_t \fBEVP_MD_size\fP (const EVP_MD *md)" .br .ti -1c .RI "size_t \fBEVP_MD_block_size\fP (const EVP_MD *md)" .br .ti -1c .RI "EVP_MD_CTX * \fBEVP_MD_CTX_create\fP (void)" .br .ti -1c .RI "void \fBEVP_MD_CTX_init\fP (EVP_MD_CTX *ctx) HC_DEPRECATED" .br .ti -1c .RI "void \fBEVP_MD_CTX_destroy\fP (EVP_MD_CTX *ctx)" .br .ti -1c .RI "int \fBEVP_MD_CTX_cleanup\fP (EVP_MD_CTX *ctx) HC_DEPRECATED" .br .ti -1c .RI "const EVP_MD * \fBEVP_MD_CTX_md\fP (EVP_MD_CTX *ctx)" .br .ti -1c .RI "size_t \fBEVP_MD_CTX_size\fP (EVP_MD_CTX *ctx)" .br .ti -1c .RI "size_t \fBEVP_MD_CTX_block_size\fP (EVP_MD_CTX *ctx)" .br .ti -1c .RI "int \fBEVP_DigestInit_ex\fP (EVP_MD_CTX *ctx, const EVP_MD *md, ENGINE *engine)" .br .ti -1c .RI "int \fBEVP_DigestUpdate\fP (EVP_MD_CTX *ctx, const void *data, size_t size)" .br .ti -1c .RI "int \fBEVP_DigestFinal_ex\fP (EVP_MD_CTX *ctx, void *hash, unsigned int *size)" .br .ti -1c .RI "int \fBEVP_Digest\fP (const void *data, size_t dsize, void *hash, unsigned int *hsize, const EVP_MD *md, ENGINE *engine)" .br .ti -1c .RI "const EVP_MD * \fBEVP_sha256\fP (void)" .br .ti -1c .RI "const EVP_MD * \fBEVP_sha384\fP (void)" .br .ti -1c .RI "const EVP_MD * \fBEVP_sha512\fP (void)" .br .ti -1c .RI "const EVP_MD * \fBEVP_sha1\fP (void)" .br .ti -1c .RI "const EVP_MD * \fBEVP_sha\fP (void)" .br .ti -1c .RI "const EVP_MD * \fBEVP_md5\fP (void)" .br .ti -1c .RI "const EVP_MD * \fBEVP_md4\fP (void)" .br .ti -1c .RI "const EVP_MD * \fBEVP_md2\fP (void)" .br .ti -1c .RI "const EVP_MD * \fBEVP_md_null\fP (void)" .br .ti -1c .RI "size_t \fBEVP_CIPHER_block_size\fP (const EVP_CIPHER *c)" .br .ti -1c .RI "size_t \fBEVP_CIPHER_key_length\fP (const EVP_CIPHER *c)" .br .ti -1c .RI "size_t \fBEVP_CIPHER_iv_length\fP (const EVP_CIPHER *c)" .br .ti -1c .RI "void \fBEVP_CIPHER_CTX_init\fP (EVP_CIPHER_CTX *c)" .br .ti -1c .RI "int \fBEVP_CIPHER_CTX_cleanup\fP (EVP_CIPHER_CTX *c)" .br .ti -1c .RI "int \fBEVP_CIPHER_CTX_set_key_length\fP (EVP_CIPHER_CTX *c, int length)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_CIPHER_CTX_cipher\fP (EVP_CIPHER_CTX *ctx)" .br .ti -1c .RI "size_t \fBEVP_CIPHER_CTX_block_size\fP (const EVP_CIPHER_CTX *ctx)" .br .ti -1c .RI "size_t \fBEVP_CIPHER_CTX_key_length\fP (const EVP_CIPHER_CTX *ctx)" .br .ti -1c .RI "size_t \fBEVP_CIPHER_CTX_iv_length\fP (const EVP_CIPHER_CTX *ctx)" .br .ti -1c .RI "unsigned long \fBEVP_CIPHER_CTX_flags\fP (const EVP_CIPHER_CTX *ctx)" .br .ti -1c .RI "int \fBEVP_CIPHER_CTX_mode\fP (const EVP_CIPHER_CTX *ctx)" .br .ti -1c .RI "void * \fBEVP_CIPHER_CTX_get_app_data\fP (EVP_CIPHER_CTX *ctx)" .br .ti -1c .RI "void \fBEVP_CIPHER_CTX_set_app_data\fP (EVP_CIPHER_CTX *ctx, void *data)" .br .ti -1c .RI "int \fBEVP_CipherInit_ex\fP (EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine, const void *key, const void *iv, int encp)" .br .ti -1c .RI "int \fBEVP_CipherUpdate\fP (EVP_CIPHER_CTX *ctx, void *out, int *outlen, void *in, size_t inlen)" .br .ti -1c .RI "int \fBEVP_CipherFinal_ex\fP (EVP_CIPHER_CTX *ctx, void *out, int *outlen)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_enc_null\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_rc2_cbc\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_rc2_40_cbc\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_rc2_64_cbc\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_rc4\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_rc4_40\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_des_cbc\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_des_ede3_cbc\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_aes_128_cbc\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_aes_192_cbc\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_aes_256_cbc\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_aes_128_cfb8\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_aes_192_cfb8\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_aes_256_cfb8\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_camellia_128_cbc\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_camellia_192_cbc\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_camellia_256_cbc\fP (void)" .br .ti -1c .RI "const EVP_CIPHER * \fBEVP_get_cipherbyname\fP (const char *name)" .br .ti -1c .RI "int \fBEVP_BytesToKey\fP (const EVP_CIPHER *type, const EVP_MD *md, const void *salt, const void *data, size_t datalen, unsigned int count, void *keydata, void *ivdata)" .br .in -1c .SH "Detailed Description" .PP See the \fBEVP - generic crypto interface\fP for description and examples. .SH "Function Documentation" .PP .SS "const EVP_CIPHER* EVP_aes_128_cbc (void)" .PP The AES-128 cipher type .PP \fBReturns:\fP .RS 4 the AES-128 EVP_CIPHER pointer. .RE .PP .PP \fBExamples: \fP .in +1c \fBexample_evp_cipher.c\fP. .SS "const EVP_CIPHER* EVP_aes_128_cfb8 (void)" .PP The AES-128 cipher type .PP \fBReturns:\fP .RS 4 the AES-128 EVP_CIPHER pointer. .RE .PP .SS "const EVP_CIPHER* EVP_aes_192_cbc (void)" .PP The AES-192 cipher type .PP \fBReturns:\fP .RS 4 the AES-192 EVP_CIPHER pointer. .RE .PP .SS "const EVP_CIPHER* EVP_aes_192_cfb8 (void)" .PP The AES-192 cipher type .PP \fBReturns:\fP .RS 4 the AES-192 EVP_CIPHER pointer. .RE .PP .SS "const EVP_CIPHER* EVP_aes_256_cbc (void)" .PP The AES-256 cipher type .PP \fBReturns:\fP .RS 4 the AES-256 EVP_CIPHER pointer. .RE .PP .SS "const EVP_CIPHER* EVP_aes_256_cfb8 (void)" .PP The AES-256 cipher type .PP \fBReturns:\fP .RS 4 the AES-256 EVP_CIPHER pointer. .RE .PP .SS "int EVP_BytesToKey (const EVP_CIPHER * type, const EVP_MD * md, const void * salt, const void * data, size_t datalen, unsigned int count, void * keydata, void * ivdata)" .PP Provides a legancy string to key function, used in PEM files. .PP New protocols should use new string to key functions like NIST SP56-800A or PKCS#5 v2.0 (see \fBPKCS5_PBKDF2_HMAC_SHA1()\fP). .PP \fBParameters:\fP .RS 4 \fItype\fP type of cipher to use .br \fImd\fP message digest to use .br \fIsalt\fP salt salt string, should be an binary 8 byte buffer. .br \fIdata\fP the password/input key string. .br \fIdatalen\fP length of data parameter. .br \fIcount\fP iteration counter. .br \fIkeydata\fP output keydata, needs to of the size \fBEVP_CIPHER_key_length()\fP. .br \fIivdata\fP output ivdata, needs to of the size \fBEVP_CIPHER_block_size()\fP. .RE .PP \fBReturns:\fP .RS 4 the size of derived key. .RE .PP .SS "const EVP_CIPHER* EVP_camellia_128_cbc (void)" .PP The Camellia-128 cipher type .PP \fBReturns:\fP .RS 4 the Camellia-128 EVP_CIPHER pointer. .RE .PP .SS "const EVP_CIPHER* EVP_camellia_192_cbc (void)" .PP The Camellia-198 cipher type .PP \fBReturns:\fP .RS 4 the Camellia-198 EVP_CIPHER pointer. .RE .PP .SS "const EVP_CIPHER* EVP_camellia_256_cbc (void)" .PP The Camellia-256 cipher type .PP \fBReturns:\fP .RS 4 the Camellia-256 EVP_CIPHER pointer. .RE .PP .SS "size_t EVP_CIPHER_block_size (const EVP_CIPHER * c)" .PP Return the block size of the cipher. .PP \fBParameters:\fP .RS 4 \fIc\fP cipher to get the block size from. .RE .PP \fBReturns:\fP .RS 4 the block size of the cipher. .RE .PP .PP \fBExamples: \fP .in +1c \fBexample_evp_cipher.c\fP. .SS "size_t EVP_CIPHER_CTX_block_size (const EVP_CIPHER_CTX * ctx)" .PP Return the block size of the cipher context. .PP \fBParameters:\fP .RS 4 \fIctx\fP cipher context to get the block size from. .RE .PP \fBReturns:\fP .RS 4 the block size of the cipher context. .RE .PP .SS "const EVP_CIPHER* EVP_CIPHER_CTX_cipher (EVP_CIPHER_CTX * ctx)" .PP Return the EVP_CIPHER for a EVP_CIPHER_CTX context. .PP \fBParameters:\fP .RS 4 \fIctx\fP the context to get the cipher type from. .RE .PP \fBReturns:\fP .RS 4 the EVP_CIPHER pointer. .RE .PP .SS "int EVP_CIPHER_CTX_cleanup (EVP_CIPHER_CTX * c)" .PP Clean up the EVP_CIPHER_CTX context. .PP \fBParameters:\fP .RS 4 \fIc\fP the cipher to clean up. .RE .PP \fBReturns:\fP .RS 4 1 on success. .RE .PP .PP \fBExamples: \fP .in +1c \fBexample_evp_cipher.c\fP. .SS "unsigned long EVP_CIPHER_CTX_flags (const EVP_CIPHER_CTX * ctx)" .PP Get the flags for an EVP_CIPHER_CTX context. .PP \fBParameters:\fP .RS 4 \fIctx\fP the EVP_CIPHER_CTX to get the flags from .RE .PP \fBReturns:\fP .RS 4 the flags for an EVP_CIPHER_CTX. .RE .PP .SS "void* EVP_CIPHER_CTX_get_app_data (EVP_CIPHER_CTX * ctx)" .PP Get the app data for an EVP_CIPHER_CTX context. .PP \fBParameters:\fP .RS 4 \fIctx\fP the EVP_CIPHER_CTX to get the app data from .RE .PP \fBReturns:\fP .RS 4 the app data for an EVP_CIPHER_CTX. .RE .PP .SS "void EVP_CIPHER_CTX_init (EVP_CIPHER_CTX * c)" .PP Initiate a EVP_CIPHER_CTX context. Clean up with \fBEVP_CIPHER_CTX_cleanup()\fP. .PP \fBParameters:\fP .RS 4 \fIc\fP the cipher initiate. .RE .PP .PP \fBExamples: \fP .in +1c \fBexample_evp_cipher.c\fP. .SS "size_t EVP_CIPHER_CTX_iv_length (const EVP_CIPHER_CTX * ctx)" .PP Return the IV size of the cipher context. .PP \fBParameters:\fP .RS 4 \fIctx\fP cipher context to get the IV size from. .RE .PP \fBReturns:\fP .RS 4 the IV size of the cipher context. .RE .PP .SS "size_t EVP_CIPHER_CTX_key_length (const EVP_CIPHER_CTX * ctx)" .PP Return the key size of the cipher context. .PP \fBParameters:\fP .RS 4 \fIctx\fP cipher context to get the key size from. .RE .PP \fBReturns:\fP .RS 4 the key size of the cipher context. .RE .PP .SS "int EVP_CIPHER_CTX_mode (const EVP_CIPHER_CTX * ctx)" .PP Get the mode for an EVP_CIPHER_CTX context. .PP \fBParameters:\fP .RS 4 \fIctx\fP the EVP_CIPHER_CTX to get the mode from .RE .PP \fBReturns:\fP .RS 4 the mode for an EVP_CIPHER_CTX. .RE .PP .SS "void EVP_CIPHER_CTX_set_app_data (EVP_CIPHER_CTX * ctx, void * data)" .PP Set the app data for an EVP_CIPHER_CTX context. .PP \fBParameters:\fP .RS 4 \fIctx\fP the EVP_CIPHER_CTX to set the app data for .br \fIdata\fP the app data to set for an EVP_CIPHER_CTX. .RE .PP .SS "int EVP_CIPHER_CTX_set_key_length (EVP_CIPHER_CTX * c, int length)" .PP If the cipher type supports it, change the key length .PP \fBParameters:\fP .RS 4 \fIc\fP the cipher context to change the key length for .br \fIlength\fP new key length .RE .PP \fBReturns:\fP .RS 4 1 on success. .RE .PP .SS "size_t EVP_CIPHER_iv_length (const EVP_CIPHER * c)" .PP Return the IV size of the cipher. .PP \fBParameters:\fP .RS 4 \fIc\fP cipher to get the IV size from. .RE .PP \fBReturns:\fP .RS 4 the IV size of the cipher. .RE .PP .PP \fBExamples: \fP .in +1c \fBexample_evp_cipher.c\fP. .SS "size_t EVP_CIPHER_key_length (const EVP_CIPHER * c)" .PP Return the key size of the cipher. .PP \fBParameters:\fP .RS 4 \fIc\fP cipher to get the key size from. .RE .PP \fBReturns:\fP .RS 4 the key size of the cipher. .RE .PP .PP \fBExamples: \fP .in +1c \fBexample_evp_cipher.c\fP. .SS "int EVP_CipherFinal_ex (EVP_CIPHER_CTX * ctx, void * out, int * outlen)" .PP Encipher/decipher final data .PP \fBParameters:\fP .RS 4 \fIctx\fP the cipher context. .br \fIout\fP output data from the operation. .br \fIoutlen\fP output length .RE .PP The input length needs to be at least \fBEVP_CIPHER_block_size()\fP bytes long. .PP See \fBEVP Cipher\fP for an example how to use this function. .PP \fBReturns:\fP .RS 4 1 on success. .RE .PP .PP \fBExamples: \fP .in +1c \fBexample_evp_cipher.c\fP. .SS "int EVP_CipherInit_ex (EVP_CIPHER_CTX * ctx, const EVP_CIPHER * c, ENGINE * engine, const void * key, const void * iv, int encp)" .PP Initiate the EVP_CIPHER_CTX context to encrypt or decrypt data. Clean up with \fBEVP_CIPHER_CTX_cleanup()\fP. .PP \fBParameters:\fP .RS 4 \fIctx\fP context to initiate .br \fIc\fP cipher to use. .br \fIengine\fP crypto engine to use, NULL to select default. .br \fIkey\fP the crypto key to use, NULL will use the previous value. .br \fIiv\fP the IV to use, NULL will use the previous value. .br \fIencp\fP non zero will encrypt, -1 use the previous value. .RE .PP \fBReturns:\fP .RS 4 1 on success. .RE .PP .PP \fBExamples: \fP .in +1c \fBexample_evp_cipher.c\fP. .SS "int EVP_CipherUpdate (EVP_CIPHER_CTX * ctx, void * out, int * outlen, void * in, size_t inlen)" .PP Encipher/decipher partial data .PP \fBParameters:\fP .RS 4 \fIctx\fP the cipher context. .br \fIout\fP output data from the operation. .br \fIoutlen\fP output length .br \fIin\fP input data to the operation. .br \fIinlen\fP length of data. .RE .PP The output buffer length should at least be \fBEVP_CIPHER_block_size()\fP byte longer then the input length. .PP See \fBEVP Cipher\fP for an example how to use this function. .PP \fBReturns:\fP .RS 4 1 on success. .RE .PP .PP If there in no spare bytes in the left from last Update and the input length is on the block boundery, the \fBEVP_CipherUpdate()\fP function can take a shortcut (and preformance gain) and directly encrypt the data, otherwise we hav to fix it up and store extra it the EVP_CIPHER_CTX. .PP \fBExamples: \fP .in +1c \fBexample_evp_cipher.c\fP. .SS "const EVP_CIPHER* EVP_des_cbc (void)" .PP The DES cipher type .PP \fBReturns:\fP .RS 4 the DES-CBC EVP_CIPHER pointer. .RE .PP .SS "const EVP_CIPHER* EVP_des_ede3_cbc (void)" .PP The tripple DES cipher type .PP \fBReturns:\fP .RS 4 the DES-EDE3-CBC EVP_CIPHER pointer. .RE .PP .SS "int EVP_Digest (const void * data, size_t dsize, void * hash, unsigned int * hsize, const EVP_MD * md, ENGINE * engine)" .PP Do the whole \fBEVP_MD_CTX_create()\fP, \fBEVP_DigestInit_ex()\fP, \fBEVP_DigestUpdate()\fP, \fBEVP_DigestFinal_ex()\fP, \fBEVP_MD_CTX_destroy()\fP dance in one call. .PP \fBParameters:\fP .RS 4 \fIdata\fP the data to update the context with .br \fIdsize\fP length of data .br \fIhash\fP output data of at least \fBEVP_MD_size()\fP length. .br \fIhsize\fP output length of hash. .br \fImd\fP message digest to use .br \fIengine\fP engine to use, NULL for default engine. .RE .PP \fBReturns:\fP .RS 4 1 on success. .RE .PP .SS "int EVP_DigestFinal_ex (EVP_MD_CTX * ctx, void * hash, unsigned int * size)" .PP Complete the message digest. .PP \fBParameters:\fP .RS 4 \fIctx\fP the context to complete. .br \fIhash\fP the output of the message digest function. At least \fBEVP_MD_size()\fP. .br \fIsize\fP the output size of hash. .RE .PP \fBReturns:\fP .RS 4 1 on success. .RE .PP .SS "int EVP_DigestInit_ex (EVP_MD_CTX * ctx, const EVP_MD * md, ENGINE * engine)" .PP Init a EVP_MD_CTX for use a specific message digest and engine. .PP \fBParameters:\fP .RS 4 \fIctx\fP the message digest context to init. .br \fImd\fP the message digest to use. .br \fIengine\fP the engine to use, NULL to use the default engine. .RE .PP \fBReturns:\fP .RS 4 1 on success. .RE .PP .SS "int EVP_DigestUpdate (EVP_MD_CTX * ctx, const void * data, size_t size)" .PP Update the digest with some data. .PP \fBParameters:\fP .RS 4 \fIctx\fP the context to update .br \fIdata\fP the data to update the context with .br \fIsize\fP length of data .RE .PP \fBReturns:\fP .RS 4 1 on success. .RE .PP .SS "const EVP_CIPHER* EVP_enc_null (void)" .PP The NULL cipher type, does no encryption/decryption. .PP \fBReturns:\fP .RS 4 the null EVP_CIPHER pointer. .RE .PP .SS "const EVP_CIPHER* EVP_get_cipherbyname (const char * name)" .PP Get the cipher type using their name. .PP \fBParameters:\fP .RS 4 \fIname\fP the name of the cipher. .RE .PP \fBReturns:\fP .RS 4 the selected EVP_CIPHER pointer or NULL if not found. .RE .PP .SS "const EVP_CIPHER* EVP_hcrypto_aes_128_cbc (void)" .PP The AES-128 cipher type (hcrypto) .PP \fBReturns:\fP .RS 4 the AES-128 EVP_CIPHER pointer. .RE .PP .SS "const EVP_CIPHER* EVP_hcrypto_aes_128_cfb8 (void)" .PP The AES-128 CFB8 cipher type (hcrypto) .PP \fBReturns:\fP .RS 4 the AES-128 EVP_CIPHER pointer. .RE .PP .SS "const EVP_CIPHER* EVP_hcrypto_aes_192_cbc (void)" .PP The AES-192 cipher type (hcrypto) .PP \fBReturns:\fP .RS 4 the AES-192 EVP_CIPHER pointer. .RE .PP .SS "const EVP_CIPHER* EVP_hcrypto_aes_192_cfb8 (void)" .PP The AES-192 CFB8 cipher type (hcrypto) .PP \fBReturns:\fP .RS 4 the AES-192 EVP_CIPHER pointer. .RE .PP .SS "const EVP_CIPHER* EVP_hcrypto_aes_256_cbc (void)" .PP The AES-256 cipher type (hcrypto) .PP \fBReturns:\fP .RS 4 the AES-256 EVP_CIPHER pointer. .RE .PP .SS "const EVP_CIPHER* EVP_hcrypto_aes_256_cfb8 (void)" .PP The AES-256 CFB8 cipher type (hcrypto) .PP \fBReturns:\fP .RS 4 the AES-256 EVP_CIPHER pointer. .RE .PP .SS "const EVP_CIPHER* EVP_hcrypto_camellia_128_cbc (void)" .PP The Camellia-128 cipher type - hcrypto .PP \fBReturns:\fP .RS 4 the Camellia-128 EVP_CIPHER pointer. .RE .PP .SS "const EVP_CIPHER* EVP_hcrypto_camellia_192_cbc (void)" .PP The Camellia-198 cipher type - hcrypto .PP \fBReturns:\fP .RS 4 the Camellia-198 EVP_CIPHER pointer. .RE .PP .SS "const EVP_CIPHER* EVP_hcrypto_camellia_256_cbc (void)" .PP The Camellia-256 cipher type - hcrypto .PP \fBReturns:\fP .RS 4 the Camellia-256 EVP_CIPHER pointer. .RE .PP .SS "const EVP_CIPHER* EVP_hcrypto_des_cbc (void)" .PP The DES cipher type .PP \fBReturns:\fP .RS 4 the DES-CBC EVP_CIPHER pointer. .RE .PP .SS "const EVP_CIPHER* EVP_hcrypto_des_ede3_cbc (void)" .PP The tripple DES cipher type - hcrypto .PP \fBReturns:\fP .RS 4 the DES-EDE3-CBC EVP_CIPHER pointer. .RE .PP .SS "const EVP_MD* EVP_hcrypto_md2 (void)" .PP The message digest MD2 - hcrypto .PP \fBReturns:\fP .RS 4 the message digest type. .RE .PP .SS "const EVP_MD* EVP_hcrypto_md4 (void)" .PP The message digest MD4 - hcrypto .PP \fBReturns:\fP .RS 4 the message digest type. .RE .PP .SS "const EVP_MD* EVP_hcrypto_md5 (void)" .PP The message digest MD5 - hcrypto .PP \fBReturns:\fP .RS 4 the message digest type. .RE .PP .SS "const EVP_CIPHER* EVP_hcrypto_rc2_40_cbc (void)" .PP The RC2-40 cipher type .PP \fBReturns:\fP .RS 4 the RC2-40 EVP_CIPHER pointer. .RE .PP .SS "const EVP_CIPHER* EVP_hcrypto_rc2_64_cbc (void)" .PP The RC2-64 cipher type .PP \fBReturns:\fP .RS 4 the RC2-64 EVP_CIPHER pointer. .RE .PP .SS "const EVP_CIPHER* EVP_hcrypto_rc2_cbc (void)" .PP The RC2 cipher type - hcrypto .PP \fBReturns:\fP .RS 4 the RC2 EVP_CIPHER pointer. .RE .PP .SS "const EVP_MD* EVP_hcrypto_sha1 (void)" .PP The message digest SHA1 - hcrypto .PP \fBReturns:\fP .RS 4 the message digest type. .RE .PP .SS "const EVP_MD* EVP_hcrypto_sha256 (void)" .PP The message digest SHA256 - hcrypto .PP \fBReturns:\fP .RS 4 the message digest type. .RE .PP .SS "const EVP_MD* EVP_hcrypto_sha384 (void)" .PP The message digest SHA384 - hcrypto .PP \fBReturns:\fP .RS 4 the message digest type. .RE .PP .SS "const EVP_MD* EVP_hcrypto_sha512 (void)" .PP The message digest SHA512 - hcrypto .PP \fBReturns:\fP .RS 4 the message digest type. .RE .PP .SS "const EVP_MD* EVP_md2 (void)" .PP The message digest MD2 .PP \fBReturns:\fP .RS 4 the message digest type. .RE .PP .SS "const EVP_MD* EVP_md4 (void)" .PP The message digest MD4 .PP \fBReturns:\fP .RS 4 the message digest type. .RE .PP .SS "const EVP_MD* EVP_md5 (void)" .PP The message digest MD5 .PP \fBReturns:\fP .RS 4 the message digest type. .RE .PP .SS "size_t EVP_MD_block_size (const EVP_MD * md)" .PP Return the blocksize of the message digest function. .PP \fBParameters:\fP .RS 4 \fImd\fP the evp message .RE .PP \fBReturns:\fP .RS 4 size size of the message digest block size .RE .PP .SS "size_t EVP_MD_CTX_block_size (EVP_MD_CTX * ctx)" .PP Return the blocksize of the message digest function. .PP \fBParameters:\fP .RS 4 \fIctx\fP the evp message digest context .RE .PP \fBReturns:\fP .RS 4 size size of the message digest block size .RE .PP .SS "int EVP_MD_CTX_cleanup (EVP_MD_CTX * ctx)" .PP Free the resources used by the EVP_MD context. .PP \fBParameters:\fP .RS 4 \fIctx\fP the context to free the resources from. .RE .PP \fBReturns:\fP .RS 4 1 on success. .RE .PP .SS "EVP_MD_CTX* EVP_MD_CTX_create (void)" .PP -Allocate a messsage digest context object. Free with \fBEVP_MD_CTX_destroy()\fP. +Allocate a message digest context object. Free with \fBEVP_MD_CTX_destroy()\fP. .PP \fBReturns:\fP .RS 4 a newly allocated message digest context object. .RE .PP .SS "void EVP_MD_CTX_destroy (EVP_MD_CTX * ctx)" .PP -Free a messsage digest context object. +Free a message digest context object. .PP \fBParameters:\fP .RS 4 \fIctx\fP context to free. .RE .PP .SS "void EVP_MD_CTX_init (EVP_MD_CTX * ctx)" .PP -Initiate a messsage digest context object. Deallocate with \fBEVP_MD_CTX_cleanup()\fP. Please use \fBEVP_MD_CTX_create()\fP instead. +Initiate a message digest context object. Deallocate with \fBEVP_MD_CTX_cleanup()\fP. Please use \fBEVP_MD_CTX_create()\fP instead. .PP \fBParameters:\fP .RS 4 \fIctx\fP variable to initiate. .RE .PP .SS "const EVP_MD* EVP_MD_CTX_md (EVP_MD_CTX * ctx)" .PP Get the EVP_MD use for a specified context. .PP \fBParameters:\fP .RS 4 \fIctx\fP the EVP_MD context to get the EVP_MD for. .RE .PP \fBReturns:\fP .RS 4 the EVP_MD used for the context. .RE .PP .SS "size_t EVP_MD_CTX_size (EVP_MD_CTX * ctx)" .PP Return the output size of the message digest function. .PP \fBParameters:\fP .RS 4 \fIctx\fP the evp message digest context .RE .PP \fBReturns:\fP .RS 4 size output size of the message digest function. .RE .PP .SS "const EVP_MD* EVP_md_null (void)" .PP The null message digest .PP \fBReturns:\fP .RS 4 the message digest type. .RE .PP .SS "size_t EVP_MD_size (const EVP_MD * md)" .PP Return the output size of the message digest function. .PP \fBParameters:\fP .RS 4 \fImd\fP the evp message .RE .PP \fBReturns:\fP .RS 4 size output size of the message digest function. .RE .PP .SS "const EVP_CIPHER* EVP_rc2_40_cbc (void)" .PP The RC2 cipher type .PP \fBReturns:\fP .RS 4 the RC2 EVP_CIPHER pointer. .RE .PP .SS "const EVP_CIPHER* EVP_rc2_64_cbc (void)" .PP The RC2 cipher type .PP \fBReturns:\fP .RS 4 the RC2 EVP_CIPHER pointer. .RE .PP .SS "const EVP_CIPHER* EVP_rc2_cbc (void)" .PP The RC2 cipher type .PP \fBReturns:\fP .RS 4 the RC2 EVP_CIPHER pointer. .RE .PP .SS "const EVP_CIPHER* EVP_rc4 (void)" .PP The RC4 cipher type .PP \fBReturns:\fP .RS 4 the RC4 EVP_CIPHER pointer. .RE .PP .SS "const EVP_CIPHER* EVP_rc4_40 (void)" .PP The RC4-40 cipher type .PP \fBReturns:\fP .RS 4 the RC4-40 EVP_CIPHER pointer. .RE .PP .SS "const EVP_MD* EVP_sha (void)" .PP The message digest SHA1 .PP \fBReturns:\fP .RS 4 the message digest type. .RE .PP .SS "const EVP_MD* EVP_sha1 (void)" .PP The message digest SHA1 .PP \fBReturns:\fP .RS 4 the message digest type. .RE .PP .SS "const EVP_MD* EVP_sha256 (void)" .PP The message digest SHA256 .PP \fBReturns:\fP .RS 4 the message digest type. .RE .PP .SS "const EVP_MD* EVP_sha384 (void)" .PP The message digest SHA384 .PP \fBReturns:\fP .RS 4 the message digest type. .RE .PP .SS "const EVP_MD* EVP_sha512 (void)" .PP The message digest SHA512 .PP \fBReturns:\fP .RS 4 the message digest type. .RE .PP .SS "const EVP_CIPHER* EVP_wincrypt_des_ede3_cbc (void)" .PP The tripple DES cipher type (Micrsoft crypt provider) .PP \fBReturns:\fP .RS 4 the DES-EDE3-CBC EVP_CIPHER pointer. .RE .PP diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca.3 index d6de5e226bca..57db14f08576 100644 --- a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca.3 +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca.3 @@ -1,573 +1,573 @@ .TH "hx509 CA functions" 3 "11 Jan 2012" "Version 1.5.2" "Heimdalx509library" \" -*- nroff -*- .ad l .nh .SH NAME hx509 CA functions \- .SS "Functions" .in +1c .ti -1c .RI "int \fBhx509_ca_tbs_init\fP (hx509_context context, hx509_ca_tbs *tbs)" .br .ti -1c .RI "void \fBhx509_ca_tbs_free\fP (hx509_ca_tbs *tbs)" .br .ti -1c .RI "int \fBhx509_ca_tbs_set_notBefore\fP (hx509_context context, hx509_ca_tbs tbs, time_t t)" .br .ti -1c .RI "int \fBhx509_ca_tbs_set_notAfter\fP (hx509_context context, hx509_ca_tbs tbs, time_t t)" .br .ti -1c .RI "int \fBhx509_ca_tbs_set_notAfter_lifetime\fP (hx509_context context, hx509_ca_tbs tbs, time_t delta)" .br .ti -1c .RI "struct units * \fBhx509_ca_tbs_template_units\fP (void)" .br .ti -1c .RI "int \fBhx509_ca_tbs_set_template\fP (hx509_context context, hx509_ca_tbs tbs, int flags, hx509_cert cert)" .br .ti -1c .RI "int \fBhx509_ca_tbs_set_ca\fP (hx509_context context, hx509_ca_tbs tbs, int pathLenConstraint)" .br .ti -1c .RI "int \fBhx509_ca_tbs_set_proxy\fP (hx509_context context, hx509_ca_tbs tbs, int pathLenConstraint)" .br .ti -1c .RI "int \fBhx509_ca_tbs_set_domaincontroller\fP (hx509_context context, hx509_ca_tbs tbs)" .br .ti -1c .RI "int \fBhx509_ca_tbs_set_spki\fP (hx509_context context, hx509_ca_tbs tbs, const SubjectPublicKeyInfo *spki)" .br .ti -1c .RI "int \fBhx509_ca_tbs_set_serialnumber\fP (hx509_context context, hx509_ca_tbs tbs, const heim_integer *serialNumber)" .br .ti -1c .RI "int \fBhx509_ca_tbs_add_eku\fP (hx509_context context, hx509_ca_tbs tbs, const heim_oid *oid)" .br .ti -1c .RI "int \fBhx509_ca_tbs_add_crl_dp_uri\fP (hx509_context context, hx509_ca_tbs tbs, const char *uri, hx509_name issuername)" .br .ti -1c .RI "int \fBhx509_ca_tbs_add_san_otherName\fP (hx509_context context, hx509_ca_tbs tbs, const heim_oid *oid, const heim_octet_string *os)" .br .ti -1c .RI "int \fBhx509_ca_tbs_add_san_pkinit\fP (hx509_context context, hx509_ca_tbs tbs, const char *principal)" .br .ti -1c .RI "int \fBhx509_ca_tbs_add_san_ms_upn\fP (hx509_context context, hx509_ca_tbs tbs, const char *principal)" .br .ti -1c .RI "int \fBhx509_ca_tbs_add_san_jid\fP (hx509_context context, hx509_ca_tbs tbs, const char *jid)" .br .ti -1c .RI "int \fBhx509_ca_tbs_add_san_hostname\fP (hx509_context context, hx509_ca_tbs tbs, const char *dnsname)" .br .ti -1c .RI "int \fBhx509_ca_tbs_add_san_rfc822name\fP (hx509_context context, hx509_ca_tbs tbs, const char *rfc822Name)" .br .ti -1c .RI "int \fBhx509_ca_tbs_set_subject\fP (hx509_context context, hx509_ca_tbs tbs, hx509_name subject)" .br .ti -1c .RI "int \fBhx509_ca_tbs_set_unique\fP (hx509_context context, hx509_ca_tbs tbs, const heim_bit_string *subjectUniqueID, const heim_bit_string *issuerUniqueID)" .br .ti -1c .RI "int \fBhx509_ca_tbs_subject_expand\fP (hx509_context context, hx509_ca_tbs tbs, hx509_env env)" .br .ti -1c .RI "int \fBhx509_ca_sign\fP (hx509_context context, hx509_ca_tbs tbs, hx509_cert signer, hx509_cert *certificate)" .br .ti -1c .RI "int \fBhx509_ca_sign_self\fP (hx509_context context, hx509_ca_tbs tbs, hx509_private_key signer, hx509_cert *certificate)" .br .in -1c .SH "Detailed Description" .PP See the \fBHx509 CA functions\fP for description and examples. .SH "Function Documentation" .PP .SS "int hx509_ca_sign (hx509_context context, hx509_ca_tbs tbs, hx509_cert signer, hx509_cert * certificate)" .PP Sign a to-be-signed certificate object with a issuer certificate. .PP The caller needs to at least have called the following functions on the to-be-signed certificate object: .IP "\(bu" 2 \fBhx509_ca_tbs_init()\fP .IP "\(bu" 2 \fBhx509_ca_tbs_set_subject()\fP .IP "\(bu" 2 \fBhx509_ca_tbs_set_spki()\fP .PP .PP When done the to-be-signed certificate object should be freed with \fBhx509_ca_tbs_free()\fP. .PP When creating self-signed certificate use \fBhx509_ca_sign_self()\fP instead. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br \fItbs\fP object to be signed. .br \fIsigner\fP the CA certificate object to sign with (need private key). .br \fIcertificate\fP return cerificate, free with \fBhx509_cert_free()\fP. .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "int hx509_ca_sign_self (hx509_context context, hx509_ca_tbs tbs, hx509_private_key signer, hx509_cert * certificate)" .PP Work just like \fBhx509_ca_sign()\fP but signs it-self. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br \fItbs\fP object to be signed. .br \fIsigner\fP private key to sign with. .br \fIcertificate\fP return cerificate, free with \fBhx509_cert_free()\fP. .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "int hx509_ca_tbs_add_crl_dp_uri (hx509_context context, hx509_ca_tbs tbs, const char * uri, hx509_name issuername)" .PP Add CRL distribution point URI to the to-be-signed certificate object. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br \fItbs\fP object to be signed. .br \fIuri\fP uri to the CRL. .br \fIissuername\fP name of the issuer. .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .PP issuername not supported .SS "int hx509_ca_tbs_add_eku (hx509_context context, hx509_ca_tbs tbs, const heim_oid * oid)" .PP An an extended key usage to the to-be-signed certificate object. Duplicates will detected and not added. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br \fItbs\fP object to be signed. .br \fIoid\fP extended key usage to add. .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "int hx509_ca_tbs_add_san_hostname (hx509_context context, hx509_ca_tbs tbs, const char * dnsname)" .PP Add a Subject Alternative Name hostname to to-be-signed certificate object. A domain match starts with ., an exact match does not. .PP Example of a an domain match: .domain.se matches the hostname host.domain.se. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br \fItbs\fP object to be signed. .br \fIdnsname\fP a hostame. .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "int hx509_ca_tbs_add_san_jid (hx509_context context, hx509_ca_tbs tbs, const char * jid)" .PP Add a Jabber/XMPP jid Subject Alternative Name to the to-be-signed certificate object. The jid is an UTF8 string. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br \fItbs\fP object to be signed. .br \fIjid\fP string of an a jabber id in UTF8. .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "int hx509_ca_tbs_add_san_ms_upn (hx509_context context, hx509_ca_tbs tbs, const char * principal)" .PP Add Microsoft UPN Subject Alternative Name to the to-be-signed certificate object. The principal string is a UTF8 string. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br \fItbs\fP object to be signed. .br \fIprincipal\fP Microsoft UPN string. .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "int hx509_ca_tbs_add_san_otherName (hx509_context context, hx509_ca_tbs tbs, const heim_oid * oid, const heim_octet_string * os)" .PP Add Subject Alternative Name otherName to the to-be-signed certificate object. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br \fItbs\fP object to be signed. .br \fIoid\fP the oid of the OtherName. .br \fIos\fP data in the other name. .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "int hx509_ca_tbs_add_san_pkinit (hx509_context context, hx509_ca_tbs tbs, const char * principal)" .PP Add Kerberos Subject Alternative Name to the to-be-signed certificate object. The principal string is a UTF8 string. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br \fItbs\fP object to be signed. .br \fIprincipal\fP Kerberos principal to add to the certificate. .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "int hx509_ca_tbs_add_san_rfc822name (hx509_context context, hx509_ca_tbs tbs, const char * rfc822Name)" .PP Add a Subject Alternative Name rfc822 (email address) to to-be-signed certificate object. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br \fItbs\fP object to be signed. .br \fIrfc822Name\fP a string to a email address. .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "void hx509_ca_tbs_free (hx509_ca_tbs * tbs)" .PP Free an To Be Signed object. .PP \fBParameters:\fP .RS 4 \fItbs\fP object to free. .RE .PP .SS "int hx509_ca_tbs_init (hx509_context context, hx509_ca_tbs * tbs)" .PP Allocate an to-be-signed certificate object that will be converted into an certificate. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br \fItbs\fP returned to-be-signed certicate object, free with \fBhx509_ca_tbs_free()\fP. .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "int hx509_ca_tbs_set_ca (hx509_context context, hx509_ca_tbs tbs, int pathLenConstraint)" .PP Make the to-be-signed certificate object a CA certificate. If the pathLenConstraint is negative path length constraint is used. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br \fItbs\fP object to be signed. .br \fIpathLenConstraint\fP path length constraint, negative, no constraint. .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "int hx509_ca_tbs_set_domaincontroller (hx509_context context, hx509_ca_tbs tbs)" .PP Make the to-be-signed certificate object a windows domain controller certificate. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br \fItbs\fP object to be signed. .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "int hx509_ca_tbs_set_notAfter (hx509_context context, hx509_ca_tbs tbs, time_t t)" .PP Set the absolute time when the certificate is valid to. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br \fItbs\fP object to be signed. .br \fIt\fP time when the certificate will expire .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "int hx509_ca_tbs_set_notAfter_lifetime (hx509_context context, hx509_ca_tbs tbs, time_t delta)" .PP Set the relative time when the certificiate is going to expire. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br \fItbs\fP object to be signed. .br \fIdelta\fP seconds to the certificate is going to expire. .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "int hx509_ca_tbs_set_notBefore (hx509_context context, hx509_ca_tbs tbs, time_t t)" .PP Set the absolute time when the certificate is valid from. If not set the current time will be used. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br \fItbs\fP object to be signed. .br \fIt\fP time the certificated will start to be valid .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "int hx509_ca_tbs_set_proxy (hx509_context context, hx509_ca_tbs tbs, int pathLenConstraint)" .PP Make the to-be-signed certificate object a proxy certificate. If the pathLenConstraint is negative path length constraint is used. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br \fItbs\fP object to be signed. .br \fIpathLenConstraint\fP path length constraint, negative, no constraint. .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "int hx509_ca_tbs_set_serialnumber (hx509_context context, hx509_ca_tbs tbs, const heim_integer * serialNumber)" .PP Set the serial number to use for to-be-signed certificate object. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br \fItbs\fP object to be signed. .br \fIserialNumber\fP serial number to use for the to-be-signed certificate object. .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "int hx509_ca_tbs_set_spki (hx509_context context, hx509_ca_tbs tbs, const SubjectPublicKeyInfo * spki)" .PP Set the subject public key info (SPKI) in the to-be-signed certificate object. SPKI is the public key and key related parameters in the certificate. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br \fItbs\fP object to be signed. .br \fIspki\fP subject public key info to use for the to-be-signed certificate object. .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "int hx509_ca_tbs_set_subject (hx509_context context, hx509_ca_tbs tbs, hx509_name subject)" .PP Set the subject name of a to-be-signed certificate object. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br \fItbs\fP object to be signed. .br \fIsubject\fP the name to set a subject. .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "int hx509_ca_tbs_set_template (hx509_context context, hx509_ca_tbs tbs, int flags, hx509_cert cert)" .PP Initialize the to-be-signed certificate object from a template certifiate. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br \fItbs\fP object to be signed. .br \fIflags\fP bit field selecting what to copy from the template certifiate. .br \fIcert\fP template certificate. .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "int hx509_ca_tbs_set_unique (hx509_context context, hx509_ca_tbs tbs, const heim_bit_string * subjectUniqueID, const heim_bit_string * issuerUniqueID)" .PP Set the issuerUniqueID and subjectUniqueID .PP These are only supposed to be used considered with version 2 certificates, replaced by the two extensions SubjectKeyIdentifier and IssuerKeyIdentifier. This function is to allow application using legacy protocol to issue them. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br \fItbs\fP object to be signed. .br \fIissuerUniqueID\fP to be set .br \fIsubjectUniqueID\fP to be set .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "int hx509_ca_tbs_subject_expand (hx509_context context, hx509_ca_tbs tbs, hx509_env env)" .PP Expand the the subject name in the to-be-signed certificate object using \fBhx509_name_expand()\fP. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br \fItbs\fP object to be signed. .br -\fIenv\fP enviroment variable to expand variables in the subject name, see hx509_env_init(). +\fIenv\fP environment variable to expand variables in the subject name, see hx509_env_init(). .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "struct units* hx509_ca_tbs_template_units (void)\fC [read]\fP" .PP Make of template units, use to build flags argument to \fBhx509_ca_tbs_set_template()\fP with parse_units(). .PP \fBReturns:\fP .RS 4 an units structure. .RE .PP diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_env.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_env.3 index e834fddcf8c8..e9535bba7048 100644 --- a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_env.3 +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_env.3 @@ -1,143 +1,143 @@ -.TH "hx509 enviroment functions" 3 "11 Jan 2012" "Version 1.5.2" "Heimdalx509library" \" -*- nroff -*- +.TH "hx509 environment functions" 3 "11 Jan 2012" "Version 1.5.2" "Heimdalx509library" \" -*- nroff -*- .ad l .nh .SH NAME -hx509 enviroment functions \- +hx509 environment functions \- .SS "Functions" .in +1c .ti -1c .RI "int \fBhx509_env_add\fP (hx509_context context, hx509_env *env, const char *key, const char *value)" .br .ti -1c .RI "int \fBhx509_env_add_binding\fP (hx509_context context, hx509_env *env, const char *key, hx509_env list)" .br .ti -1c .RI "const char * \fBhx509_env_lfind\fP (hx509_context context, hx509_env env, const char *key, size_t len)" .br .ti -1c .RI "const char * \fBhx509_env_find\fP (hx509_context context, hx509_env env, const char *key)" .br .ti -1c .RI "hx509_env \fBhx509_env_find_binding\fP (hx509_context context, hx509_env env, const char *key)" .br .ti -1c .RI "void \fBhx509_env_free\fP (hx509_env *env)" .br .in -1c .SH "Detailed Description" .PP .SH "Function Documentation" .PP .SS "int hx509_env_add (hx509_context context, hx509_env * env, const char * key, const char * value)" .PP Add a new key/value pair to the hx509_env. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br -\fIenv\fP enviroment to add the enviroment variable too. +\fIenv\fP environment to add the environment variable too. .br \fIkey\fP key to add .br \fIvalue\fP value to add .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "int hx509_env_add_binding (hx509_context context, hx509_env * env, const char * key, hx509_env list)" .PP Add a new key/binding pair to the hx509_env. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br -\fIenv\fP enviroment to add the enviroment variable too. +\fIenv\fP environment to add the environment variable too. .br \fIkey\fP key to add .br \fIlist\fP binding list to add .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "const char* hx509_env_find (hx509_context context, hx509_env env, const char * key)" .PP Search the hx509_env for a key. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br -\fIenv\fP enviroment to add the enviroment variable too. +\fIenv\fP environment to add the environment variable too. .br \fIkey\fP key to search for. .RE .PP \fBReturns:\fP .RS 4 the value if the key is found, NULL otherwise. .RE .PP .SS "hx509_env hx509_env_find_binding (hx509_context context, hx509_env env, const char * key)" .PP Search the hx509_env for a binding. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br -\fIenv\fP enviroment to add the enviroment variable too. +\fIenv\fP environment to add the environment variable too. .br \fIkey\fP key to search for. .RE .PP \fBReturns:\fP .RS 4 the binding if the key is found, NULL if not found. .RE .PP .SS "void hx509_env_free (hx509_env * env)" .PP -Free an hx509_env enviroment context. +Free an hx509_env environment context. .PP \fBParameters:\fP .RS 4 -\fIenv\fP the enviroment to free. +\fIenv\fP the environment to free. .RE .PP .SS "const char* hx509_env_lfind (hx509_context context, hx509_env env, const char * key, size_t len)" .PP Search the hx509_env for a length based key. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br -\fIenv\fP enviroment to add the enviroment variable too. +\fIenv\fP environment to add the environment variable too. .br \fIkey\fP key to search for. .br \fIlen\fP length of key. .RE .PP \fBReturns:\fP .RS 4 the value if the key is found, NULL otherwise. .RE .PP diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify.3 index 6f0b86673e31..6555d653b361 100644 --- a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify.3 +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify.3 @@ -1,309 +1,309 @@ .TH "hx509 verification functions" 3 "11 Jan 2012" "Version 1.5.2" "Heimdalx509library" \" -*- nroff -*- .ad l .nh .SH NAME hx509 verification functions \- .SS "Functions" .in +1c .ti -1c .RI "void \fBhx509_context_set_missing_revoke\fP (hx509_context context, int flag)" .br .ti -1c .RI "int \fBhx509_verify_init_ctx\fP (hx509_context context, hx509_verify_ctx *ctx)" .br .ti -1c .RI "void \fBhx509_verify_destroy_ctx\fP (hx509_verify_ctx ctx)" .br .ti -1c .RI "void \fBhx509_verify_attach_anchors\fP (hx509_verify_ctx ctx, hx509_certs set)" .br .ti -1c .RI "void \fBhx509_verify_attach_revoke\fP (hx509_verify_ctx ctx, hx509_revoke_ctx revoke_ctx)" .br .ti -1c .RI "void \fBhx509_verify_set_time\fP (hx509_verify_ctx ctx, time_t t)" .br .ti -1c .RI "void \fBhx509_verify_set_max_depth\fP (hx509_verify_ctx ctx, unsigned int max_depth)" .br .ti -1c .RI "void \fBhx509_verify_set_proxy_certificate\fP (hx509_verify_ctx ctx, int boolean)" .br .ti -1c .RI "void \fBhx509_verify_set_strict_rfc3280_verification\fP (hx509_verify_ctx ctx, int boolean)" .br .ti -1c .RI "int \fBhx509_verify_path\fP (hx509_context context, hx509_verify_ctx ctx, hx509_cert cert, hx509_certs pool)" .br .ti -1c .RI "int \fBhx509_ocsp_verify\fP (hx509_context context, time_t now, hx509_cert cert, int flags, const void *data, size_t length, time_t *expiration)" .br .ti -1c .RI "int \fBhx509_crl_alloc\fP (hx509_context context, hx509_crl *crl)" .br .ti -1c .RI "int \fBhx509_crl_add_revoked_certs\fP (hx509_context context, hx509_crl crl, hx509_certs certs)" .br .ti -1c .RI "int \fBhx509_crl_lifetime\fP (hx509_context context, hx509_crl crl, int delta)" .br .ti -1c .RI "void \fBhx509_crl_free\fP (hx509_context context, hx509_crl *crl)" .br .ti -1c .RI "int \fBhx509_crl_sign\fP (hx509_context context, hx509_cert signer, hx509_crl crl, heim_octet_string *os)" .br .in -1c .SH "Detailed Description" .PP .SH "Function Documentation" .PP .SS "void hx509_context_set_missing_revoke (hx509_context context, int flag)" .PP Selects if the \fBhx509_revoke_verify()\fP function is going to require the existans of a revokation method (OCSP, CRL) or not. Note that \fBhx509_verify_path()\fP, \fBhx509_cms_verify_signed()\fP, and other function call \fBhx509_revoke_verify()\fP. .PP \fBParameters:\fP .RS 4 \fIcontext\fP hx509 context to change the flag for. .br \fIflag\fP zero, revokation method required, non zero missing revokation method ok .RE .PP .SS "int hx509_crl_add_revoked_certs (hx509_context context, hx509_crl crl, hx509_certs certs)" .PP Add revoked certificate to an CRL context. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a hx509 context. .br \fIcrl\fP the CRL to add the revoked certificate to. .br \fIcerts\fP keyset of certificate to revoke. .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "int hx509_crl_alloc (hx509_context context, hx509_crl * crl)" .PP Create a CRL context. Use \fBhx509_crl_free()\fP to free the CRL context. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a hx509 context. .br \fIcrl\fP return pointer to a newly allocated CRL context. .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "void hx509_crl_free (hx509_context context, hx509_crl * crl)" .PP Free a CRL context. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a hx509 context. .br \fIcrl\fP a CRL context to free. .RE .PP .SS "int hx509_crl_lifetime (hx509_context context, hx509_crl crl, int delta)" .PP Set the lifetime of a CRL context. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a hx509 context. .br \fIcrl\fP a CRL context .br \fIdelta\fP delta time the certificate is valid, library adds the current time to this. .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "int hx509_crl_sign (hx509_context context, hx509_cert signer, hx509_crl crl, heim_octet_string * os)" .PP Sign a CRL and return an encode certificate. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a hx509 context. .br \fIsigner\fP certificate to sign the CRL with .br \fIcrl\fP the CRL to sign .br \fIos\fP return the signed and encoded CRL, free with free_heim_octet_string() .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "int hx509_ocsp_verify (hx509_context context, time_t now, hx509_cert cert, int flags, const void * data, size_t length, time_t * expiration)" .PP Verify that the certificate is part of the OCSP reply and it's not expired. Doesn't verify signature the OCSP reply or it's done by a authorized sender, that is assumed to be already done. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a hx509 context .br \fInow\fP the time right now, if 0, use the current time. .br \fIcert\fP the certificate to verify .br \fIflags\fP flags control the behavior .br \fIdata\fP pointer to the encode ocsp reply .br \fIlength\fP the length of the encode ocsp reply .br \fIexpiration\fP return the time the OCSP will expire and need to be rechecked. .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "void hx509_verify_attach_anchors (hx509_verify_ctx ctx, hx509_certs set)" .PP Set the trust anchors in the verification context, makes an reference to the keyset, so the consumer can free the keyset independent of the destruction of the verification context (ctx). If there already is a keyset attached, it's released. .PP \fBParameters:\fP .RS 4 \fIctx\fP a verification context .br \fIset\fP a keyset containing the trust anchors. .RE .PP .SS "void hx509_verify_attach_revoke (hx509_verify_ctx ctx, hx509_revoke_ctx revoke_ctx)" .PP Attach an revocation context to the verfication context, , makes an reference to the revoke context, so the consumer can free the revoke context independent of the destruction of the verification context. If there is no revoke context, the verification process is NOT going to check any verification status. .PP \fBParameters:\fP .RS 4 \fIctx\fP a verification context. .br \fIrevoke_ctx\fP a revoke context. .RE .PP .SS "void hx509_verify_destroy_ctx (hx509_verify_ctx ctx)" .PP Free an hx509 verification context. .PP \fBParameters:\fP .RS 4 \fIctx\fP the context to be freed. .RE .PP .SS "int hx509_verify_init_ctx (hx509_context context, hx509_verify_ctx * ctx)" .PP Allocate an verification context that is used fo control the verification process. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br \fIctx\fP returns a pointer to a hx509_verify_ctx object. .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "int hx509_verify_path (hx509_context context, hx509_verify_ctx ctx, hx509_cert cert, hx509_certs pool)" .PP Build and verify the path for the certificate to the trust anchor specified in the verify context. The path is constructed from the certificate, the pool and the trust anchors. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A hx509 context. .br \fIctx\fP A hx509 verification context. .br \fIcert\fP the certificate to build the path from. .br \fIpool\fP A keyset of certificates to build the chain from. .RE .PP \fBReturns:\fP .RS 4 An hx509 error code, see \fBhx509_get_error_string()\fP. .RE .PP .SS "void hx509_verify_set_max_depth (hx509_verify_ctx ctx, unsigned int max_depth)" .PP Set the maximum depth of the certificate chain that the path builder is going to try. .PP \fBParameters:\fP .RS 4 \fIctx\fP a verification context .br \fImax_depth\fP maxium depth of the certificate chain, include trust anchor. .RE .PP .SS "void hx509_verify_set_proxy_certificate (hx509_verify_ctx ctx, int boolean)" .PP Allow or deny the use of proxy certificates .PP \fBParameters:\fP .RS 4 \fIctx\fP a verification context .br \fIboolean\fP if non zero, allow proxy certificates. .RE .PP .SS "void hx509_verify_set_strict_rfc3280_verification (hx509_verify_ctx ctx, int boolean)" .PP -Select strict RFC3280 verification of certificiates. This means checking key usage on CA certificates, this will make version 1 certificiates unuseable. +Select strict RFC3280 verification of certificiates. This means checking key usage on CA certificates, this will make version 1 certificiates unusable. .PP \fBParameters:\fP .RS 4 \fIctx\fP a verification context .br \fIboolean\fP if non zero, use strict verification. .RE .PP .SS "void hx509_verify_set_time (hx509_verify_ctx ctx, time_t t)" .PP Set the clock time the the verification process is going to use. Used to check certificate in the past and future time. If not set the current time will be used. .PP \fBParameters:\fP .RS 4 \fIctx\fP a verification context. .br \fIt\fP the time the verifiation is using. .RE .PP diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/page_env.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/page_env.3 index 5b323242c9a4..1208522a3114 100644 --- a/crypto/heimdal/doc/doxyout/hx509/man/man3/page_env.3 +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/page_env.3 @@ -1,6 +1,6 @@ .TH "page_env" 3 "11 Jan 2012" "Version 1.5.2" "Heimdalx509library" \" -*- nroff -*- .ad l .nh .SH NAME -page_env \- Hx509 enviroment functions -See the library functions here: \fBhx509 enviroment functions\fP +page_env \- Hx509 environment functions +See the library functions here: \fBhx509 environment functions\fP diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_address.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_address.3 index 8d273c8a6f87..3559e2946622 100644 --- a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_address.3 +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_address.3 @@ -1,461 +1,461 @@ .TH "Heimdal Kerberos 5 address functions" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*- .ad l .nh .SH NAME Heimdal Kerberos 5 address functions \- .SS "Functions" .in +1c .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_sockaddr2address\fP (krb5_context context, const struct sockaddr *sa, krb5_address *addr)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_sockaddr2port\fP (krb5_context context, const struct sockaddr *sa, int16_t *port)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_addr2sockaddr\fP (krb5_context context, const krb5_address *addr, struct sockaddr *sa, krb5_socklen_t *sa_size, int port)" .br .ti -1c .RI "KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL \fBkrb5_max_sockaddr_size\fP (void)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_sockaddr_uninteresting\fP (const struct sockaddr *sa)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_h_addr2sockaddr\fP (krb5_context context, int af, const char *addr, struct sockaddr *sa, krb5_socklen_t *sa_size, int port)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_h_addr2addr\fP (krb5_context context, int af, const char *haddr, krb5_address *addr)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_anyaddr\fP (krb5_context context, int af, struct sockaddr *sa, krb5_socklen_t *sa_size, int port)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_print_address\fP (const krb5_address *addr, char *str, size_t len, size_t *ret_len)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_parse_address\fP (krb5_context context, const char *string, krb5_addresses *addresses)" .br .ti -1c .RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_address_order\fP (krb5_context context, const krb5_address *addr1, const krb5_address *addr2)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_address_compare\fP (krb5_context context, const krb5_address *addr1, const krb5_address *addr2)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_address_search\fP (krb5_context context, const krb5_address *addr, const krb5_addresses *addrlist)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_free_address\fP (krb5_context context, krb5_address *address)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_free_addresses\fP (krb5_context context, krb5_addresses *addresses)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_address\fP (krb5_context context, const krb5_address *inaddr, krb5_address *outaddr)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_addresses\fP (krb5_context context, const krb5_addresses *inaddr, krb5_addresses *outaddr)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_append_addresses\fP (krb5_context context, krb5_addresses *dest, const krb5_addresses *source)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_make_addrport\fP (krb5_context context, krb5_address **res, const krb5_address *addr, int16_t port)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_address_prefixlen_boundary\fP (krb5_context context, const krb5_address *inaddr, unsigned long prefixlen, krb5_address *low, krb5_address *high)" .br .in -1c .SH "Detailed Description" .PP .SH "Function Documentation" .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_addr2sockaddr (krb5_context context, const krb5_address * addr, struct sockaddr * sa, krb5_socklen_t * sa_size, int port)" .PP krb5_addr2sockaddr sets the 'struct sockaddr sockaddr' from addr and port. The argument sa_size should initially contain the size of the sa and after the call, it will contain the actual length of the address. In case of the sa is too small to fit the whole address, the up to *sa_size will be stored, and then *sa_size will be set to the required length. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Keberos context .br \fIaddr\fP the address to copy the from .br \fIsa\fP the struct sockaddr that will be filled in .br \fIsa_size\fP pointer to length of sa, and after the call, it will contain the actual length of the address. .br \fIport\fP set port in sa. .RE .PP \fBReturns:\fP .RS 4 Return an error code or 0. Will return KRB5_PROG_ATYPE_NOSUPP in case address type is not supported. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_address_compare (krb5_context context, const krb5_address * addr1, const krb5_address * addr2)" .PP krb5_address_compare compares the addresses addr1 and addr2. Returns TRUE if the two addresses are the same. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Keberos context .br \fIaddr1\fP address to compare .br \fIaddr2\fP address to compare .RE .PP \fBReturns:\fP .RS 4 Return an TRUE is the address are the same FALSE if not .RE .PP .SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_address_order (krb5_context context, const krb5_address * addr1, const krb5_address * addr2)" .PP krb5_address_order compares the addresses addr1 and addr2 so that it can be used for sorting addresses. If the addresses are the same address krb5_address_order will return 0. Behavies like memcmp(2). .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Keberos context .br \fIaddr1\fP krb5_address to compare .br \fIaddr2\fP krb5_address to compare .RE .PP \fBReturns:\fP .RS 4 < 0 if address addr1 in 'less' then addr2. 0 if addr1 and addr2 is the same address, > 0 if addr2 is 'less' then addr1. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_address_prefixlen_boundary (krb5_context context, const krb5_address * inaddr, unsigned long prefixlen, krb5_address * low, krb5_address * high)" .PP Calculate the boundary addresses of `inaddr'/`prefixlen' and store them in `low' and `high'. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Keberos context .br \fIinaddr\fP address in prefixlen that the bondery searched .br \fIprefixlen\fP width of boundery .br \fIlow\fP lowest address .br \fIhigh\fP highest address .RE .PP \fBReturns:\fP .RS 4 Return an error code or 0. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_address_search (krb5_context context, const krb5_address * addr, const krb5_addresses * addrlist)" .PP krb5_address_search checks if the address addr is a member of the address set list addrlist . .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Keberos context. .br \fIaddr\fP address to search for. .br \fIaddrlist\fP list of addresses to look in for addr. .RE .PP \fBReturns:\fP .RS 4 Return an error code or 0. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_anyaddr (krb5_context context, int af, struct sockaddr * sa, krb5_socklen_t * sa_size, int port)" .PP krb5_anyaddr fills in a 'struct sockaddr sa' that can be used to bind(2) to. The argument sa_size should initially contain the size of the sa, and after the call, it will contain the actual length of the address. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Keberos context .br \fIaf\fP address family .br \fIsa\fP sockaddr .br \fIsa_size\fP lenght of sa. .br \fIport\fP for to fill into sa. .RE .PP \fBReturns:\fP .RS 4 Return an error code or 0. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_append_addresses (krb5_context context, krb5_addresses * dest, const krb5_addresses * source)" .PP krb5_append_addresses adds the set of addresses in source to dest. While copying the addresses, duplicates are also sorted out. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Keberos context .br \fIdest\fP destination of copy operation .br \fIsource\fP adresses that are going to be added to dest .RE .PP \fBReturns:\fP .RS 4 Return an error code or 0. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_address (krb5_context context, const krb5_address * inaddr, krb5_address * outaddr)" .PP krb5_copy_address copies the content of address inaddr to outaddr. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Keberos context .br \fIinaddr\fP pointer to source address .br \fIoutaddr\fP pointer to destination address .RE .PP \fBReturns:\fP .RS 4 Return an error code or 0. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_addresses (krb5_context context, const krb5_addresses * inaddr, krb5_addresses * outaddr)" .PP krb5_copy_addresses copies the content of addresses inaddr to outaddr. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Keberos context .br \fIinaddr\fP pointer to source addresses .br \fIoutaddr\fP pointer to destination addresses .RE .PP \fBReturns:\fP .RS 4 Return an error code or 0. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_address (krb5_context context, krb5_address * address)" .PP krb5_free_address frees the data stored in the address that is alloced with any of the krb5_address functions. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Keberos context .br -\fIaddress\fP addresss to be freed. +\fIaddress\fP address to be freed. .RE .PP \fBReturns:\fP .RS 4 Return an error code or 0. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_addresses (krb5_context context, krb5_addresses * addresses)" .PP krb5_free_addresses frees the data stored in the address that is alloced with any of the krb5_address functions. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Keberos context .br \fIaddresses\fP addressses to be freed. .RE .PP \fBReturns:\fP .RS 4 Return an error code or 0. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_addr2addr (krb5_context context, int af, const char * haddr, krb5_address * addr)" .PP krb5_h_addr2addr works like krb5_h_addr2sockaddr with the exception that it operates on a krb5_address instead of a struct sockaddr. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Keberos context .br \fIaf\fP address family .br \fIhaddr\fP host address from struct hostent. .br \fIaddr\fP returned krb5_address. .RE .PP \fBReturns:\fP .RS 4 Return an error code or 0. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_addr2sockaddr (krb5_context context, int af, const char * addr, struct sockaddr * sa, krb5_socklen_t * sa_size, int port)" .PP krb5_h_addr2sockaddr initializes a 'struct sockaddr sa' from af and the 'struct hostent' (see gethostbyname(3) ) h_addr_list component. The argument sa_size should initially contain the size of the sa, and after the call, it will contain the actual length of the address. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Keberos context .br \fIaf\fP addresses .br \fIaddr\fP address .br \fIsa\fP returned struct sockaddr .br \fIsa_size\fP size of sa .br \fIport\fP port to set in sa. .RE .PP \fBReturns:\fP .RS 4 Return an error code or 0. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_make_addrport (krb5_context context, krb5_address ** res, const krb5_address * addr, int16_t port)" .PP Create an address of type KRB5_ADDRESS_ADDRPORT from (addr, port) .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Keberos context .br \fIres\fP built address from addr/port .br \fIaddr\fP address to use .br \fIport\fP port to use .RE .PP \fBReturns:\fP .RS 4 Return an error code or 0. .RE .PP .SS "KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL krb5_max_sockaddr_size (void)" .PP krb5_max_sockaddr_size returns the max size of the .Li struct sockaddr that the Kerberos library will return. .PP \fBReturns:\fP .RS 4 Return an size_t of the maximum struct sockaddr. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_address (krb5_context context, const char * string, krb5_addresses * addresses)" .PP krb5_parse_address returns the resolved hostname in string to the krb5_addresses addresses . .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Keberos context .br \fIstring\fP .br \fIaddresses\fP .RE .PP \fBReturns:\fP .RS 4 Return an error code or 0. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_print_address (const krb5_address * addr, char * str, size_t len, size_t * ret_len)" .PP krb5_print_address prints the address in addr to the string string that have the length len. If ret_len is not NULL, it will be filled with the length of the string if size were unlimited (not including the final NUL) . .PP \fBParameters:\fP .RS 4 \fIaddr\fP address to be printed .br \fIstr\fP pointer string to print the address into .br \fIlen\fP length that will fit into area pointed to by 'str'. .br \fIret_len\fP return length the str. .RE .PP \fBReturns:\fP .RS 4 Return an error code or 0. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sockaddr2address (krb5_context context, const struct sockaddr * sa, krb5_address * addr)" .PP krb5_sockaddr2address stores a address a 'struct sockaddr' sa in the krb5_address addr. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Keberos context .br \fIsa\fP a struct sockaddr to extract the address from .br \fIaddr\fP an Kerberos 5 address to store the address in. .RE .PP \fBReturns:\fP .RS 4 Return an error code or 0. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sockaddr2port (krb5_context context, const struct sockaddr * sa, int16_t * port)" .PP krb5_sockaddr2port extracts a port (if possible) from a 'struct sockaddr. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Keberos context .br \fIsa\fP a struct sockaddr to extract the port from .br \fIport\fP a pointer to an int16_t store the port in. .RE .PP \fBReturns:\fP .RS 4 Return an error code or 0. Will return KRB5_PROG_ATYPE_NOSUPP in case address type is not supported. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_sockaddr_uninteresting (const struct sockaddr * sa)" .PP krb5_sockaddr_uninteresting returns TRUE for all .Fa sa that the kerberos library thinks are uninteresting. One example are link local addresses. .PP \fBParameters:\fP .RS 4 \fIsa\fP pointer to struct sockaddr that might be interesting. .RE .PP \fBReturns:\fP .RS 4 Return a non zero for uninteresting addresses. .RE .PP diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ccache.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ccache.3 index 796640b93274..f173ad474e6d 100644 --- a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ccache.3 +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ccache.3 @@ -1,888 +1,888 @@ .TH "Heimdal Kerberos 5 credential cache functions" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*- .ad l .nh .SH NAME Heimdal Kerberos 5 credential cache functions \- .SS "Functions" .in +1c .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_register\fP (krb5_context context, const krb5_cc_ops *ops, krb5_boolean override)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_resolve\fP (krb5_context context, const char *name, krb5_ccache *id)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_new_unique\fP (krb5_context context, const char *type, const char *hint, krb5_ccache *id)" .br .ti -1c .RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_cc_get_name\fP (krb5_context context, krb5_ccache id)" .br .ti -1c .RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_cc_get_type\fP (krb5_context context, krb5_ccache id)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_get_full_name\fP (krb5_context context, krb5_ccache id, char **str)" .br .ti -1c .RI "KRB5_LIB_FUNCTION const krb5_cc_ops *KRB5_LIB_CALL \fBkrb5_cc_get_ops\fP (krb5_context context, krb5_ccache id)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_switch\fP (krb5_context context, krb5_ccache id)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_cc_support_switch\fP (krb5_context context, const char *type)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_set_default_name\fP (krb5_context context, const char *name)" .br .ti -1c .RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_cc_default_name\fP (krb5_context context)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_default\fP (krb5_context context, krb5_ccache *id)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_initialize\fP (krb5_context context, krb5_ccache id, krb5_principal primary_principal)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_destroy\fP (krb5_context context, krb5_ccache id)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_close\fP (krb5_context context, krb5_ccache id)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_store_cred\fP (krb5_context context, krb5_ccache id, krb5_creds *creds)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_retrieve_cred\fP (krb5_context context, krb5_ccache id, krb5_flags whichfields, const krb5_creds *mcreds, krb5_creds *creds)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_get_principal\fP (krb5_context context, krb5_ccache id, krb5_principal *principal)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_start_seq_get\fP (krb5_context context, const krb5_ccache id, krb5_cc_cursor *cursor)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_next_cred\fP (krb5_context context, const krb5_ccache id, krb5_cc_cursor *cursor, krb5_creds *creds)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_end_seq_get\fP (krb5_context context, const krb5_ccache id, krb5_cc_cursor *cursor)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_remove_cred\fP (krb5_context context, krb5_ccache id, krb5_flags which, krb5_creds *cred)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_set_flags\fP (krb5_context context, krb5_ccache id, krb5_flags flags)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_get_flags\fP (krb5_context context, krb5_ccache id, krb5_flags *flags)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_copy_match_f\fP (krb5_context context, const krb5_ccache from, krb5_ccache to, krb5_boolean(*match)(krb5_context, void *, const krb5_creds *), void *matchctx, unsigned int *matched)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_copy_cache\fP (krb5_context context, const krb5_ccache from, krb5_ccache to)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_get_version\fP (krb5_context context, const krb5_ccache id)" .br .ti -1c .RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_cc_clear_mcred\fP (krb5_creds *mcred)" .br .ti -1c .RI "KRB5_LIB_FUNCTION const krb5_cc_ops *KRB5_LIB_CALL \fBkrb5_cc_get_prefix_ops\fP (krb5_context context, const char *prefix)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_cache_get_first\fP (krb5_context context, const char *type, krb5_cc_cache_cursor *cursor)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_cache_next\fP (krb5_context context, krb5_cc_cache_cursor cursor, krb5_ccache *id)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_cache_end_seq_get\fP (krb5_context context, krb5_cc_cache_cursor cursor)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_cache_match\fP (krb5_context context, krb5_principal client, krb5_ccache *id)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_move\fP (krb5_context context, krb5_ccache from, krb5_ccache to)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_is_config_principal\fP (krb5_context context, krb5_const_principal principal)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_set_config\fP (krb5_context context, krb5_ccache id, krb5_const_principal principal, const char *name, krb5_data *data)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_get_config\fP (krb5_context context, krb5_ccache id, krb5_const_principal principal, const char *name, krb5_data *data)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cccol_cursor_new\fP (krb5_context context, krb5_cccol_cursor *cursor)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cccol_cursor_next\fP (krb5_context context, krb5_cccol_cursor cursor, krb5_ccache *cache)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cccol_cursor_free\fP (krb5_context context, krb5_cccol_cursor *cursor)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_last_change_time\fP (krb5_context context, krb5_ccache id, krb5_timestamp *mtime)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cccol_last_change_time\fP (krb5_context context, const char *type, krb5_timestamp *mtime)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_get_friendly_name\fP (krb5_context context, krb5_ccache id, char **name)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_set_friendly_name\fP (krb5_context context, krb5_ccache id, const char *name)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_get_lifetime\fP (krb5_context context, krb5_ccache id, time_t *t)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_set_kdc_offset\fP (krb5_context context, krb5_ccache id, krb5_deltat offset)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_get_kdc_offset\fP (krb5_context context, krb5_ccache id, krb5_deltat *offset)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_gen_new\fP (krb5_context context, const krb5_cc_ops *ops, krb5_ccache *id) KRB5_DEPRECATED_FUNCTION('Use X instead')" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_copy_creds\fP (krb5_context context, const krb5_ccache from, krb5_ccache to)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_validated_creds\fP (krb5_context context, krb5_creds *creds, krb5_principal client, krb5_ccache ccache, char *service)" .br .in -1c .SS "Variables" .in +1c .ti -1c .RI "KRB5_LIB_VARIABLE const krb5_cc_ops \fBkrb5_acc_ops\fP" .br .ti -1c .RI "KRB5_LIB_VARIABLE const krb5_cc_ops \fBkrb5_fcc_ops\fP" .br .ti -1c .RI "KRB5_LIB_VARIABLE const krb5_cc_ops \fBkrb5_mcc_ops\fP" .br .in -1c .SH "Detailed Description" .PP .SH "Function Documentation" .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_end_seq_get (krb5_context context, krb5_cc_cache_cursor cursor)" .PP Destroy the cursor `cursor'. .PP \fBReturns:\fP .RS 4 Return an error code or 0, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_get_first (krb5_context context, const char * type, krb5_cc_cache_cursor * cursor)" .PP Start iterating over all caches of specified type. See also \fBkrb5_cccol_cursor_new()\fP. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A Kerberos 5 context .br \fItype\fP optional type to iterate over, if NULL, the default cache is used. .br \fIcursor\fP cursor should be freed with \fBkrb5_cc_cache_end_seq_get()\fP. .RE .PP \fBReturns:\fP .RS 4 Return an error code or 0, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_match (krb5_context context, krb5_principal client, krb5_ccache * id)" .PP Search for a matching credential cache that have the `principal' as the default principal. On success, `id' needs to be freed with \fBkrb5_cc_close()\fP or \fBkrb5_cc_destroy()\fP. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A Kerberos 5 context .br \fIclient\fP The principal to search for .br \fIid\fP the returned credential cache .RE .PP \fBReturns:\fP .RS 4 On failure, error code is returned and `id' is set to NULL. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_next (krb5_context context, krb5_cc_cache_cursor cursor, krb5_ccache * id)" .PP Retrieve the next cache pointed to by (`cursor') in `id' and advance `cursor'. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A Kerberos 5 context .br \fIcursor\fP the iterator cursor, returned by \fBkrb5_cc_cache_get_first()\fP .br \fIid\fP next ccache .RE .PP \fBReturns:\fP .RS 4 Return 0 or an error code. Returns KRB5_CC_END when the end of caches is reached, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_cc_clear_mcred (krb5_creds * mcred)" .PP Clear `mcreds' so it can be used with krb5_cc_retrieve_cred .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_close (krb5_context context, krb5_ccache id)" .PP Stop using the ccache `id' and free the related resources. .PP \fBReturns:\fP .RS 4 Return an error code or 0, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_cache (krb5_context context, const krb5_ccache from, krb5_ccache to)" .PP Just like \fBkrb5_cc_copy_match_f()\fP, but copy everything. .PP @ .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_creds (krb5_context context, const krb5_ccache from, krb5_ccache to)" .PP MIT compat glue .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_match_f (krb5_context context, const krb5_ccache from, krb5_ccache to, krb5_boolean(*)(krb5_context, void *, const krb5_creds *) match, void * matchctx, unsigned int * matched)" .PP Copy the contents of `from' to `to' if the given match function return true. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A Kerberos 5 context. .br \fIfrom\fP the cache to copy data from. .br \fIto\fP the cache to copy data to. .br \fImatch\fP a match function that should return TRUE if cred argument should be copied, if NULL, all credentials are copied. .br \fImatchctx\fP context passed to match function. .br \fImatched\fP set to true if there was a credential that matched, may be NULL. .RE .PP \fBReturns:\fP .RS 4 Return an error code or 0, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_default (krb5_context context, krb5_ccache * id)" .PP Open the default ccache in `id'. .PP \fBReturns:\fP .RS 4 Return an error code or 0, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_default_name (krb5_context context)" .PP Return a pointer to a context static string containing the default ccache name. .PP \fBReturns:\fP .RS 4 String to the default credential cache name. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_destroy (krb5_context context, krb5_ccache id)" .PP Remove the ccache `id'. .PP \fBReturns:\fP .RS 4 Return an error code or 0, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_end_seq_get (krb5_context context, const krb5_ccache id, krb5_cc_cursor * cursor)" .PP Destroy the cursor `cursor'. .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_gen_new (krb5_context context, const krb5_cc_ops * ops, krb5_ccache * id)" .PP Generate a new ccache of type `ops' in `id'. .PP Deprecated: use \fBkrb5_cc_new_unique()\fP instead. .PP \fBReturns:\fP .RS 4 Return an error code or 0, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_config (krb5_context context, krb5_ccache id, krb5_const_principal principal, const char * name, krb5_data * data)" .PP Get some configuration for the credential cache in the cache. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Keberos context .br \fIid\fP the credential cache to store the data for .br \fIprincipal\fP configuration for a specific principal, if NULL, global for the whole cache. .br \fIname\fP name under which the configuraion is stored. .br \fIdata\fP data to fetched, free with \fBkrb5_data_free()\fP .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_flags (krb5_context context, krb5_ccache id, krb5_flags * flags)" .PP Get the flags of `id', store them in `flags'. .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_friendly_name (krb5_context context, krb5_ccache id, char ** name)" .PP Return a friendly name on credential cache. Free the result with krb5_xfree(). .PP \fBReturns:\fP .RS 4 Return an error code or 0, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_full_name (krb5_context context, krb5_ccache id, char ** str)" .PP Return the complete resolvable name the cache .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Keberos context .br \fIid\fP return pointer to a found credential cache .br \fIstr\fP the returned name of a credential cache, free with krb5_xfree() .RE .PP \fBReturns:\fP .RS 4 Returns 0 or an error (and then *str is set to NULL). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_kdc_offset (krb5_context context, krb5_ccache id, krb5_deltat * offset)" .PP -Get the time offset betwen the client and the KDC +Get the time offset between the client and the KDC .PP If the backend doesn't support KDC offset, use the context global setting. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A Kerberos 5 context. .br \fIid\fP a credential cache .br \fIoffset\fP the offset in seconds .RE .PP \fBReturns:\fP .RS 4 Return an error code or 0, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_lifetime (krb5_context context, krb5_ccache id, time_t * t)" .PP Get the lifetime of the initial ticket in the cache .PP Get the lifetime of the initial ticket in the cache, if the initial ticket was not found, the error code KRB5_CC_END is returned. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A Kerberos 5 context. .br \fIid\fP a credential cache .br \fIt\fP the relative lifetime of the initial ticket .RE .PP \fBReturns:\fP .RS 4 Return an error code or 0, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_get_name (krb5_context context, krb5_ccache id)" .PP Return the name of the ccache `id' .SS "KRB5_LIB_FUNCTION const krb5_cc_ops* KRB5_LIB_CALL krb5_cc_get_ops (krb5_context context, krb5_ccache id)" .PP Return krb5_cc_ops of a the ccache `id'. .SS "KRB5_LIB_FUNCTION const krb5_cc_ops* KRB5_LIB_CALL krb5_cc_get_prefix_ops (krb5_context context, const char * prefix)" .PP Get the cc ops that is registered in `context' to handle the prefix. prefix can be a complete credential cache name or a prefix, the function will only use part up to the first colon (:) if there is one. If prefix the argument is NULL, the default ccache implemtation is returned. .PP \fBReturns:\fP .RS 4 Returns NULL if ops not found. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_principal (krb5_context context, krb5_ccache id, krb5_principal * principal)" .PP Return the principal of `id' in `principal'. .PP \fBReturns:\fP .RS 4 Return an error code or 0, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_get_type (krb5_context context, krb5_ccache id)" .PP Return the type of the ccache `id'. .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_version (krb5_context context, const krb5_ccache id)" .PP Return the version of `id'. .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_initialize (krb5_context context, krb5_ccache id, krb5_principal primary_principal)" .PP Create a new ccache in `id' for `primary_principal'. .PP \fBReturns:\fP .RS 4 Return an error code or 0, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_last_change_time (krb5_context context, krb5_ccache id, krb5_timestamp * mtime)" .PP Return the last time the credential cache was modified. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A Kerberos 5 context .br \fIid\fP The credential cache to probe .br \fImtime\fP the last modification time, set to 0 on error. .RE .PP \fBReturns:\fP .RS 4 Return 0 or and error. See krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_move (krb5_context context, krb5_ccache from, krb5_ccache to)" .PP Move the content from one credential cache to another. The operation is an atomic switch. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Keberos context .br \fIfrom\fP the credential cache to move the content from .br \fIto\fP the credential cache to move the content to .RE .PP \fBReturns:\fP .RS 4 On sucess, from is freed. On failure, error code is returned and from and to are both still allocated, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_new_unique (krb5_context context, const char * type, const char * hint, krb5_ccache * id)" .PP Generates a new unique ccache of `type` in `id'. If `type' is NULL, the library chooses the default credential cache type. The supplied `hint' (that can be NULL) is a string that the credential cache type can use to base the name of the credential on, this is to make it easier for the user to differentiate the credentials. .PP \fBReturns:\fP .RS 4 Return an error code or 0, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_next_cred (krb5_context context, const krb5_ccache id, krb5_cc_cursor * cursor, krb5_creds * creds)" .PP Retrieve the next cred pointed to by (`id', `cursor') in `creds' and advance `cursor'. .PP \fBReturns:\fP .RS 4 Return an error code or 0, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_register (krb5_context context, const krb5_cc_ops * ops, krb5_boolean override)" .PP Add a new ccache type with operations `ops', overwriting any existing one if `override'. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Keberos context .br \fIops\fP type of plugin symbol .br \fIoverride\fP flag to select if the registration is to overide an existing ops with the same name. .RE .PP \fBReturns:\fP .RS 4 Return an error code or 0, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_remove_cred (krb5_context context, krb5_ccache id, krb5_flags which, krb5_creds * cred)" .PP Remove the credential identified by `cred', `which' from `id'. .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_resolve (krb5_context context, const char * name, krb5_ccache * id)" .PP Find and allocate a ccache in `id' from the specification in `residual'. If the ccache name doesn't contain any colon, interpret it as a file name. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Keberos context. .br \fIname\fP string name of a credential cache. .br \fIid\fP return pointer to a found credential cache. .RE .PP \fBReturns:\fP .RS 4 Return 0 or an error code. In case of an error, id is set to NULL, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_retrieve_cred (krb5_context context, krb5_ccache id, krb5_flags whichfields, const krb5_creds * mcreds, krb5_creds * creds)" .PP Retrieve the credential identified by `mcreds' (and `whichfields') from `id' in `creds'. 'creds' must be free by the caller using krb5_free_cred_contents. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A Kerberos 5 context .br \fIid\fP a Kerberos 5 credential cache .br \fIwhichfields\fP what fields to use for matching credentials, same flags as whichfields in \fBkrb5_compare_creds()\fP .br \fImcreds\fP template credential to use for comparing .br \fIcreds\fP returned credential, free with \fBkrb5_free_cred_contents()\fP .RE .PP \fBReturns:\fP .RS 4 Return an error code or 0, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_config (krb5_context context, krb5_ccache id, krb5_const_principal principal, const char * name, krb5_data * data)" .PP Store some configuration for the credential cache in the cache. Existing configuration under the same name is over-written. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Keberos context .br \fIid\fP the credential cache to store the data for .br \fIprincipal\fP configuration for a specific principal, if NULL, global for the whole cache. .br \fIname\fP name under which the configuraion is stored. .br \fIdata\fP data to store, if NULL, configure is removed. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_default_name (krb5_context context, const char * name)" .PP Set the default cc name for `context' to `name'. .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_flags (krb5_context context, krb5_ccache id, krb5_flags flags)" .PP Set the flags of `id' to `flags'. .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_friendly_name (krb5_context context, krb5_ccache id, const char * name)" .PP Set the friendly name on credential cache. .PP \fBReturns:\fP .RS 4 Return an error code or 0, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_kdc_offset (krb5_context context, krb5_ccache id, krb5_deltat offset)" .PP -Set the time offset betwen the client and the KDC +Set the time offset between the client and the KDC .PP If the backend doesn't support KDC offset, use the context global setting. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A Kerberos 5 context. .br \fIid\fP a credential cache .br \fIoffset\fP the offset in seconds .RE .PP \fBReturns:\fP .RS 4 Return an error code or 0, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_start_seq_get (krb5_context context, const krb5_ccache id, krb5_cc_cursor * cursor)" .PP Start iterating over `id', `cursor' is initialized to the beginning. Caller must free the cursor with \fBkrb5_cc_end_seq_get()\fP. .PP \fBReturns:\fP .RS 4 Return an error code or 0, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_store_cred (krb5_context context, krb5_ccache id, krb5_creds * creds)" .PP Store `creds' in the ccache `id'. .PP \fBReturns:\fP .RS 4 Return an error code or 0, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_cc_support_switch (krb5_context context, const char * type)" .PP Return true if the default credential cache support switch .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_switch (krb5_context context, krb5_ccache id)" .PP Switch the default default credential cache for a specific credcache type (and name for some implementations). .PP \fBReturns:\fP .RS 4 Return an error code or 0, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_cursor_free (krb5_context context, krb5_cccol_cursor * cursor)" .PP End an iteration and free all resources, can be done before end is reached. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A Kerberos 5 context .br \fIcursor\fP the iteration cursor to be freed. .RE .PP \fBReturns:\fP .RS 4 Return 0 or and error, KRB5_CC_END is returned at the end of iteration. See krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_cursor_new (krb5_context context, krb5_cccol_cursor * cursor)" .PP Get a new cache interation cursor that will interate over all credentials caches independent of type. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Keberos context .br \fIcursor\fP passed into \fBkrb5_cccol_cursor_next()\fP and free with \fBkrb5_cccol_cursor_free()\fP. .RE .PP \fBReturns:\fP .RS 4 Returns 0 or and error code, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_cursor_next (krb5_context context, krb5_cccol_cursor cursor, krb5_ccache * cache)" .PP Get next credential cache from the iteration. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A Kerberos 5 context .br \fIcursor\fP the iteration cursor .br \fIcache\fP the returned cursor, pointer is set to NULL on failure and a cache on success. The returned cache needs to be freed with \fBkrb5_cc_close()\fP or destroyed with \fBkrb5_cc_destroy()\fP. MIT Kerberos behavies slightly diffrent and sets cache to NULL when all caches are iterated over and return 0. .RE .PP \fBReturns:\fP .RS 4 Return 0 or and error, KRB5_CC_END is returned at the end of iteration. See krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_last_change_time (krb5_context context, const char * type, krb5_timestamp * mtime)" .PP Return the last modfication time for a cache collection. The query can be limited to a specific cache type. If the function return 0 and mtime is 0, there was no credentials in the caches. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A Kerberos 5 context .br \fItype\fP The credential cache to probe, if NULL, all type are traversed. .br \fImtime\fP the last modification time, set to 0 on error. .RE .PP \fBReturns:\fP .RS 4 Return 0 or and error. See krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_validated_creds (krb5_context context, krb5_creds * creds, krb5_principal client, krb5_ccache ccache, char * service)" .PP Validate the newly fetch credential, see also krb5_verify_init_creds(). .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Kerberos 5 context .br \fIcreds\fP the credentials to verify .br \fIclient\fP the client name to match up .br \fIccache\fP the credential cache to use .br \fIservice\fP a service name to use, used with \fBkrb5_sname_to_principal()\fP to build a hostname to use to verify. .RE .PP .SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_is_config_principal (krb5_context context, krb5_const_principal principal)" .PP Return TRUE (non zero) if the principal is a configuration principal (generated part of \fBkrb5_cc_set_config()\fP). Returns FALSE (zero) if not a configuration principal. .PP \fBParameters:\fP .RS 4 \fIcontext\fP a Keberos context .br \fIprincipal\fP principal to check if it a configuration principal .RE .PP .SH "Variable Documentation" .PP .SS "KRB5_LIB_VARIABLE const krb5_cc_ops \fBkrb5_acc_ops\fP" .PP \fBInitial value:\fP .PP .nf { KRB5_CC_OPS_VERSION, 'API', acc_get_name, acc_resolve, acc_gen_new, acc_initialize, acc_destroy, acc_close, acc_store_cred, NULL, acc_get_principal, acc_get_first, acc_get_next, acc_end_get, acc_remove_cred, acc_set_flags, acc_get_version, acc_get_cache_first, acc_get_cache_next, acc_end_cache_get, acc_move, acc_get_default_name, acc_set_default, acc_lastchange, NULL, NULL, } .fi Variable containing the API based credential cache implemention. .SS "KRB5_LIB_VARIABLE const krb5_cc_ops \fBkrb5_fcc_ops\fP" .PP \fBInitial value:\fP .PP .nf { KRB5_CC_OPS_VERSION, 'FILE', fcc_get_name, fcc_resolve, fcc_gen_new, fcc_initialize, fcc_destroy, fcc_close, fcc_store_cred, NULL, fcc_get_principal, fcc_get_first, fcc_get_next, fcc_end_get, fcc_remove_cred, fcc_set_flags, fcc_get_version, fcc_get_cache_first, fcc_get_cache_next, fcc_end_cache_get, fcc_move, fcc_get_default_name, NULL, fcc_lastchange, fcc_set_kdc_offset, fcc_get_kdc_offset } .fi Variable containing the FILE based credential cache implemention. .SS "KRB5_LIB_VARIABLE const krb5_cc_ops \fBkrb5_mcc_ops\fP" .PP \fBInitial value:\fP .PP .nf { KRB5_CC_OPS_VERSION, 'MEMORY', mcc_get_name, mcc_resolve, mcc_gen_new, mcc_initialize, mcc_destroy, mcc_close, mcc_store_cred, NULL, mcc_get_principal, mcc_get_first, mcc_get_next, mcc_end_get, mcc_remove_cred, mcc_set_flags, NULL, mcc_get_cache_first, mcc_get_cache_next, mcc_end_cache_get, mcc_move, mcc_default_name, NULL, mcc_lastchange, mcc_set_kdc_offset, mcc_get_kdc_offset } .fi Variable containing the MEMORY based credential cache implemention. diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_fileformats.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_fileformats.3 index f601d942f121..05be7ef9973e 100644 --- a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_fileformats.3 +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_fileformats.3 @@ -1,233 +1,233 @@ .TH "krb5_fileformats" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*- .ad l .nh .SH NAME krb5_fileformats \- File formats .SH "File formats" .PP This section documents the diffrent file formats that are used in Heimdal and other Kerberos implementations. .SS "keytab" The keytab binary format is not a standard format. The format has evolved and may continue to. It is however understood by several Kerberos implementations including Heimdal, MIT, Sun's Java ktab and are created by the ktpass.exe utility from Windows. So it has established itself as the defacto format for storing Kerberos keys. .PP The following C-like structure definitions illustrate the MIT keytab file format. All values are in network byte order. All text is ASCII. .PP .PP .nf keytab { uint16_t file_format_version; # 0x502 keytab_entry entries[*]; }; keytab_entry { int32_t size; uint16_t num_components; # subtract 1 if version 0x501 counted_octet_string realm; counted_octet_string components[num_components]; uint32_t name_type; # not present if version 0x501 uint32_t timestamp; uint8_t vno8; keyblock key; uint32_t vno; #only present if >= 4 bytes left in entry uint32_t flags; #only present if >= 4 bytes left in entry }; counted_octet_string { uint16_t length; uint8_t data[length]; }; keyblock { uint16_t type; counted_octet_string; }; .fi .PP .PP All numbers are stored in network byteorder (big endian) format. .PP The keytab file format begins with the 16 bit file_format_version which at the time this document was authored is 0x502. The format of older keytabs is described at the end of this document. .PP The file_format_version is immediately followed by an array of keytab_entry structures which are prefixed with a 32 bit size indicating the number of bytes that follow in the entry. Note that the size should be evaluated as signed. This is because a negative value indicates that the entry is in fact empty (e.g. it has been deleted) and that the negative value of that negative value (which is of course a positive value) is the offset to the next keytab_entry. Based on these size values alone the entire keytab file can be traversed. .PP The size is followed by a 16 bit num_components field indicating the number of counted_octet_string components in the components array. .PP The num_components field is followed by a counted_octet_string representing the realm of the principal. .PP A counted_octet_string is simply an array of bytes prefixed with a 16 bit length. For the realm and name components, the counted_octet_string bytes are ASCII encoded text with no zero terminator. .PP Following the realm is the components array that represents the name of the principal. The text of these components may be joined with slashs to construct the typical SPN representation. For example, the service principal HTTP/www.foo.net@FOO.NET would consist of name components 'HTTP' followed by 'www.foo.net'. .PP Following the components array is the 32 bit name_type (e.g. 1 is KRB5_NT_PRINCIPAL, 2 is KRB5_NT_SRV_INST, 5 is KRB5_NT_UID, etc). In practice the name_type is almost certainly 1 meaning KRB5_NT_PRINCIPAL. .PP The 32 bit timestamp indicates the time the key was established for that principal. The value represents the number of seconds since Jan 1, 1970. .PP The 8 bit vno8 field is the version number of the key. This value is overridden by the 32 bit vno field if it is present. The vno8 field is filled with the lower 8 bits of the 32 bit protocol kvno field. .PP The keyblock structure consists of a 16 bit value indicating the encryption type and is a counted_octet_string containing the key. The encryption type is the same as the Kerberos standard (e.g. 3 is des-cbc-md5, 23 is arcfour-hmac-md5, etc). .PP The last field of the keytab_entry structure is optional. If the size of the keytab_entry indicates that there are at least 4 bytes remaining, a 32 bit value representing the key version number is present. This value supersedes the 8 bit vno8 value preceeding the keyblock. .PP Older keytabs with a file_format_version of 0x501 are different in three ways: .PP .IP "\(bu" 2 All integers are in host byte order [1]. .IP "\(bu" 2 The num_components field is 1 too large (i.e. after decoding, decrement by 1). .IP "\(bu" 2 The 32 bit name_type field is not present. .PP .PP [1] The file_format_version field should really be treated as two separate 8 bit quantities representing the major and minor version number respectively. .SS "Heimdal database dump file" Format of the Heimdal text dump file as of Heimdal 0.6.3: .PP Each line in the dump file is one entry in the database. .PP Each field of a line is separated by one or more spaces, with the exception of fields consisting of principals containing spaces, where space can be quoted with \\ and \\ is quoted by \\. .PP Fields and their types are: .PP .PP .nf - Quoted princial (quote character is \) [string] + Quoted principal (quote character is \) [string] Keys [keys] Created by [event] Modified by [event optional] Valid start time [time optional] Valid end time [time optional] Password end valid time [time optional] Max lifetime of ticket [time optional] Max renew time of ticket [integer optional] Flags [hdb flags] Generation number [generation optional] Extensions [extentions optional] .fi .PP .PP Fields following these silently are ignored. .PP All optional fields will be skipped if they fail to parse (or comprise the optional field marker of '-', w/o quotes). .PP Example: .PP .PP .nf fred\@CODE.COM 27:1:16:e8b4c8fc7e60b9e641dcf4cff3f08a701d982a2f89ba373733d26ca59ba6c789666f6b8bfcf169412bb1e5dceb9b33cda29f3412:-:1:3:4498a933881178c744f4232172dcd774c64e81fa6d05ecdf643a7e390624a0ebf3c7407a:-:1:2:b01934b13eb795d76f3a80717d469639b4da0cfb644161340ef44fdeb375e54d684dbb85:-:1:1:ea8e16d8078bf60c781da90f508d4deccba70595258b9d31888d33987cd31af0c9cced2e:- 20020415130120:admin\@CODE.COM 20041221112428:fred\@CODE.COM - - - 86400 604800 126 20020415130120:793707:28 - .fi .PP .PP Encoding of types are as follows: .PP .IP "\(bu" 2 keys .PP .PP .PP .nf kvno:[masterkvno:keytype:keydata:salt]{zero or more separated by :} .fi .PP .PP kvno is the key version number. .PP keydata is hex-encoded .PP masterkvno is the kvno of the database master key. If this field is empty, the kadmin load and merge operations will encrypt the key data with the master key if there is one. Otherwise the key data will be imported asis. .PP salt is encoded as '-' (no/default salt) or .PP .PP .nf salt-type / salt-type / 'string' salt-type / hex-encoded-data .fi .PP .PP keytype is the protocol enctype number; see enum ENCTYPE in include/krb5_asn1.h for values. .PP Example: .PP .nf 27:1:16:e8b4c8fc7e60b9e641dcf4cff3f08a701d982a2f89ba373733d26ca59ba6c789666f6b8bfcf169412bb1e5dceb9b33cda29f3412:-:1:3:4498a933881178c744f4232172dcd774c64e81fa6d05ecdf643a7e390624a0ebf3c7407a:-:1:2:b01934b13eb795d76f3a80717d469639b4da0cfb644161340ef44fdeb375e54d684dbb85:-:1:1:ea8e16d8078bf60c781da90f508d4deccba70595258b9d31888d33987cd31af0c9cced2e:- .fi .PP .PP .PP .nf kvno=27,{key: masterkvno=1,keytype=des3-cbc-sha1,keydata=..., default salt}... .fi .PP .PP .IP "\(bu" 2 time .PP .PP Format of the time is: YYYYmmddHHMMSS, corresponding to strftime format '%Y%m%d%k%M%S'. .PP Time is expressed in UTC. .PP Time can be optional (using -), when the time 0 is used. .PP Example: .PP .PP .nf 20041221112428 .fi .PP .PP .IP "\(bu" 2 event .PP .PP .PP .nf time:principal .fi .PP .PP time is as given in format time .PP principal is a string. Not quoting it may not work in earlier versions of Heimdal. .PP Example: .PP .nf 20041221112428:bloggs\@CODE.COM .fi .PP .PP .IP "\(bu" 2 hdb flags .PP .PP Integer encoding of HDB flags, see HDBFlags in lib/hdb/hdb.asn1. Each bit in the integer is the same as the bit in the specification. .PP .IP "\(bu" 2 generation: .PP .PP .PP .nf time:usec:gen .fi .PP .PP usec is a the microsecond, integer. gen is generation number, integer. .PP The generation can be defaulted (using '-') or the empty string .PP .IP "\(bu" 2 extensions: .PP .PP .PP .nf first-hex-encoded-HDB-Extension[:second-...] .fi .PP .PP HDB-extension is encoded the DER encoded HDB-Extension from lib/hdb/hdb.asn1. Consumers HDB extensions should be aware that unknown entires needs to be preserved even thought the ASN.1 data content might be unknown. There is a critical flag in the data to show to the KDC that the entry MUST be understod if the entry is to be used. diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal.3 index cba91dd1d9ef..c2aebfb35486 100644 --- a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal.3 +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal.3 @@ -1,519 +1,519 @@ .TH "Heimdal Kerberos 5 principal functions" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*- .ad l .nh .SH NAME Heimdal Kerberos 5 principal functions \- .SS "Functions" .in +1c .ti -1c .RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_free_principal\fP (krb5_context context, krb5_principal p)" .br .ti -1c .RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_principal_set_type\fP (krb5_context context, krb5_principal principal, int type)" .br .ti -1c .RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_principal_get_type\fP (krb5_context context, krb5_const_principal principal)" .br .ti -1c .RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_principal_get_realm\fP (krb5_context context, krb5_const_principal principal)" .br .ti -1c .RI "KRB5_LIB_FUNCTION unsigned int KRB5_LIB_CALL \fBkrb5_principal_get_num_comp\fP (krb5_context context, krb5_const_principal principal)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_parse_name_flags\fP (krb5_context context, const char *name, int flags, krb5_principal *principal)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_parse_name\fP (krb5_context context, const char *name, krb5_principal *principal)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_unparse_name_fixed\fP (krb5_context context, krb5_const_principal principal, char *name, size_t len)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_unparse_name_fixed_short\fP (krb5_context context, krb5_const_principal principal, char *name, size_t len)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_unparse_name_fixed_flags\fP (krb5_context context, krb5_const_principal principal, int flags, char *name, size_t len)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_unparse_name\fP (krb5_context context, krb5_const_principal principal, char **name)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_unparse_name_flags\fP (krb5_context context, krb5_const_principal principal, int flags, char **name)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_unparse_name_short\fP (krb5_context context, krb5_const_principal principal, char **name)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_principal_set_realm\fP (krb5_context context, krb5_principal principal, krb5_const_realm realm)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_build_principal\fP (krb5_context context, krb5_principal *principal, int rlen, krb5_const_realm realm,...)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_make_principal\fP (krb5_context context, krb5_principal *principal, krb5_const_realm realm,...)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_principal\fP (krb5_context context, krb5_const_principal inprinc, krb5_principal *outprinc)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_principal_compare_any_realm\fP (krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_principal_compare\fP (krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_realm_compare\fP (krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_principal_match\fP (krb5_context context, krb5_const_principal princ, krb5_const_principal pattern)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_sname_to_principal\fP (krb5_context context, const char *hostname, const char *sname, int32_t type, krb5_principal *ret_princ)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_parse_nametype\fP (krb5_context context, const char *str, int32_t *nametype)" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_principal_is_krbtgt\fP (krb5_context context, krb5_const_principal p)" .br .in -1c .SH "Detailed Description" .PP .SH "Function Documentation" .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_principal (krb5_context context, krb5_principal * principal, int rlen, krb5_const_realm realm, ...)" .PP Build a principal using vararg style building .PP \fBParameters:\fP .RS 4 \fIcontext\fP A Kerberos context. .br \fIprincipal\fP returned principal .br \fIrlen\fP length of realm .br \fIrealm\fP realm name .br \fI...\fP a list of components ended with NULL. .RE .PP \fBReturns:\fP .RS 4 An krb5 error code, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_principal (krb5_context context, krb5_const_principal inprinc, krb5_principal * outprinc)" .PP Copy a principal .PP \fBParameters:\fP .RS 4 \fIcontext\fP A Kerberos context. .br \fIinprinc\fP principal to copy .br \fIoutprinc\fP copied principal, free with \fBkrb5_free_principal()\fP .RE .PP \fBReturns:\fP .RS 4 An krb5 error code, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_principal (krb5_context context, krb5_principal p)" .PP Frees a Kerberos principal allocated by the library with \fBkrb5_parse_name()\fP, \fBkrb5_make_principal()\fP or any other related principal functions. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A Kerberos context. .br \fIp\fP a principal to free. .RE .PP \fBReturns:\fP .RS 4 An krb5 error code, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_make_principal (krb5_context context, krb5_principal * principal, krb5_const_realm realm, ...)" .PP Build a principal using vararg style building .PP \fBParameters:\fP .RS 4 \fIcontext\fP A Kerberos context. .br \fIprincipal\fP returned principal .br \fIrealm\fP realm name .br \fI...\fP a list of components ended with NULL. .RE .PP \fBReturns:\fP .RS 4 An krb5 error code, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_name (krb5_context context, const char * name, krb5_principal * principal)" .PP Parse a name into a krb5_principal structure .PP \fBParameters:\fP .RS 4 \fIcontext\fP Kerberos 5 context .br \fIname\fP name to parse into a Kerberos principal .br \fIprincipal\fP returned principal, free with \fBkrb5_free_principal()\fP. .RE .PP \fBReturns:\fP .RS 4 An krb5 error code, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_name_flags (krb5_context context, const char * name, int flags, krb5_principal * principal)" .PP Parse a name into a krb5_principal structure, flags controls the behavior. .PP \fBParameters:\fP .RS 4 \fIcontext\fP Kerberos 5 context .br \fIname\fP name to parse into a Kerberos principal .br \fIflags\fP flags to control the behavior .br \fIprincipal\fP returned principal, free with \fBkrb5_free_principal()\fP. .RE .PP \fBReturns:\fP .RS 4 An krb5 error code, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_nametype (krb5_context context, const char * str, int32_t * nametype)" .PP Parse nametype string and return a nametype integer .SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_compare (krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)" .PP Compares the two principals, including realm of the principals and returns TRUE if they are the same and FALSE if not. .PP \fBParameters:\fP .RS 4 \fIcontext\fP Kerberos 5 context .br \fIprinc1\fP first principal to compare .br \fIprinc2\fP second principal to compare .RE .PP \fBSee also:\fP .RS 4 \fBkrb5_principal_compare_any_realm()\fP .PP \fBkrb5_realm_compare()\fP .RE .PP .SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_compare_any_realm (krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)" .PP Return TRUE iff princ1 == princ2 (without considering the realm) .PP \fBParameters:\fP .RS 4 \fIcontext\fP Kerberos 5 context .br \fIprinc1\fP first principal to compare .br \fIprinc2\fP second principal to compare .RE .PP \fBReturns:\fP .RS 4 non zero if equal, 0 if not .RE .PP \fBSee also:\fP .RS 4 \fBkrb5_principal_compare()\fP .PP \fBkrb5_realm_compare()\fP .RE .PP .SS "KRB5_LIB_FUNCTION unsigned int KRB5_LIB_CALL krb5_principal_get_num_comp (krb5_context context, krb5_const_principal principal)" .PP Get number of component is principal. .PP \fBParameters:\fP .RS 4 \fIcontext\fP Kerberos 5 context .br \fIprincipal\fP principal to query .RE .PP \fBReturns:\fP .RS 4 number of components in string .RE .PP .SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_principal_get_realm (krb5_context context, krb5_const_principal principal)" .PP Get the realm of the principal .PP \fBParameters:\fP .RS 4 \fIcontext\fP A Kerberos context. .br \fIprincipal\fP principal to get the realm for .RE .PP \fBReturns:\fP .RS 4 realm of the principal, don't free or use after krb5_principal is freed .RE .PP .SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_principal_get_type (krb5_context context, krb5_const_principal principal)" .PP Get the type of the principal .PP \fBParameters:\fP .RS 4 \fIcontext\fP A Kerberos context. .br \fIprincipal\fP principal to get the type for .RE .PP \fBReturns:\fP .RS 4 the type of principal .RE .PP .SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_is_krbtgt (krb5_context context, krb5_const_principal p)" .PP Check if the cname part of the principal is a krbtgt principal .SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_match (krb5_context context, krb5_const_principal princ, krb5_const_principal pattern)" .PP return TRUE iff princ matches pattern .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_principal_set_realm (krb5_context context, krb5_principal principal, krb5_const_realm realm)" .PP Set a new realm for a principal, and as a side-effect free the previous realm. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A Kerberos context. .br \fIprincipal\fP principal set the realm for .br \fIrealm\fP the new realm to set .RE .PP \fBReturns:\fP .RS 4 An krb5 error code, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_principal_set_type (krb5_context context, krb5_principal principal, int type)" .PP Set the type of the principal .PP \fBParameters:\fP .RS 4 \fIcontext\fP A Kerberos context. .br \fIprincipal\fP principal to set the type for .br \fItype\fP the new type .RE .PP \fBReturns:\fP .RS 4 An krb5 error code, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_realm_compare (krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)" .PP return TRUE iff realm(princ1) == realm(princ2) .PP \fBParameters:\fP .RS 4 \fIcontext\fP Kerberos 5 context .br \fIprinc1\fP first principal to compare .br \fIprinc2\fP second principal to compare .RE .PP \fBSee also:\fP .RS 4 \fBkrb5_principal_compare_any_realm()\fP .PP \fBkrb5_principal_compare()\fP .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sname_to_principal (krb5_context context, const char * hostname, const char * sname, int32_t type, krb5_principal * ret_princ)" .PP Create a principal for the service running on hostname. If KRB5_NT_SRV_HST is used, the hostname is canonization using DNS (or some other service), this is potentially insecure. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A Kerberos context. .br \fIhostname\fP hostname to use .br \fIsname\fP Service name to use .br -\fItype\fP name type of pricipal, use KRB5_NT_SRV_HST or KRB5_NT_UNKNOWN. +\fItype\fP name type of principal, use KRB5_NT_SRV_HST or KRB5_NT_UNKNOWN. .br \fIret_princ\fP return principal, free with \fBkrb5_free_principal()\fP. .RE .PP \fBReturns:\fP .RS 4 An krb5 error code, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name (krb5_context context, krb5_const_principal principal, char ** name)" .PP Unparse the Kerberos name into a string .PP \fBParameters:\fP .RS 4 \fIcontext\fP Kerberos 5 context .br \fIprincipal\fP principal to query .br \fIname\fP resulting string, free with krb5_xfree() .RE .PP \fBReturns:\fP .RS 4 An krb5 error code, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed (krb5_context context, krb5_const_principal principal, char * name, size_t len)" .PP Unparse the principal name to a fixed buffer .PP \fBParameters:\fP .RS 4 \fIcontext\fP A Kerberos context. .br \fIprincipal\fP principal to unparse .br \fIname\fP buffer to write name to .br \fIlen\fP length of buffer .RE .PP \fBReturns:\fP .RS 4 An krb5 error code, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed_flags (krb5_context context, krb5_const_principal principal, int flags, char * name, size_t len)" .PP Unparse the principal name with unparse flags to a fixed buffer. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A Kerberos context. .br \fIprincipal\fP principal to unparse .br \fIflags\fP unparse flags .br \fIname\fP buffer to write name to .br \fIlen\fP length of buffer .RE .PP \fBReturns:\fP .RS 4 An krb5 error code, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed_short (krb5_context context, krb5_const_principal principal, char * name, size_t len)" .PP Unparse the principal name to a fixed buffer. The realm is skipped if its a default realm. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A Kerberos context. .br \fIprincipal\fP principal to unparse .br \fIname\fP buffer to write name to .br \fIlen\fP length of buffer .RE .PP \fBReturns:\fP .RS 4 An krb5 error code, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_flags (krb5_context context, krb5_const_principal principal, int flags, char ** name)" .PP Unparse the Kerberos name into a string .PP \fBParameters:\fP .RS 4 \fIcontext\fP Kerberos 5 context .br \fIprincipal\fP principal to query .br \fIflags\fP flag to determine the behavior .br \fIname\fP resulting string, free with krb5_xfree() .RE .PP \fBReturns:\fP .RS 4 An krb5 error code, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_short (krb5_context context, krb5_const_principal principal, char ** name)" .PP Unparse the principal name to a allocated buffer. The realm is skipped if its a default realm. .PP \fBParameters:\fP .RS 4 \fIcontext\fP A Kerberos context. .br \fIprincipal\fP principal to unparse .br \fIname\fP returned buffer, free with krb5_xfree() .RE .PP \fBReturns:\fP .RS 4 An krb5 error code, see krb5_get_error_message(). .RE .PP diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_v4compat.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_v4compat.3 index ccc17a641a5a..02e68e4ac6f9 100644 --- a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_v4compat.3 +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_v4compat.3 @@ -1,60 +1,60 @@ -.TH "Heimdal Kerberos 4 compatiblity functions" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*- +.TH "Heimdal Kerberos 4 compatibility functions" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*- .ad l .nh .SH NAME -Heimdal Kerberos 4 compatiblity functions \- +Heimdal Kerberos 4 compatibility functions \- .SS "Functions" .in +1c .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb524_convert_creds_kdc\fP (krb5_context context, krb5_creds *in_cred, struct credentials *v4creds) KRB5_DEPRECATED_FUNCTION('Use X instead')" .br .ti -1c .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb524_convert_creds_kdc_ccache\fP (krb5_context context, krb5_ccache ccache, krb5_creds *in_cred, struct credentials *v4creds) KRB5_DEPRECATED_FUNCTION('Use X instead')" .br .in -1c .SH "Detailed Description" .PP .SH "Function Documentation" .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb524_convert_creds_kdc (krb5_context context, krb5_creds * in_cred, struct credentials * v4creds)" .PP Convert the v5 credentials in in_cred to v4-dito in v4creds. This is done by sending them to the 524 function in the KDC. If `in_cred' doesn't contain a DES session key, then a new one is gotten from the KDC and stored in the cred cache `ccache'. .PP \fBParameters:\fP .RS 4 \fIcontext\fP Kerberos 5 context. .br \fIin_cred\fP the credential to convert .br \fIv4creds\fP the converted credential .RE .PP \fBReturns:\fP .RS 4 Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). .RE .PP .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb524_convert_creds_kdc_ccache (krb5_context context, krb5_ccache ccache, krb5_creds * in_cred, struct credentials * v4creds)" .PP Convert the v5 credentials in in_cred to v4-dito in v4creds, check the credential cache ccache before checking with the KDC. .PP \fBParameters:\fP .RS 4 \fIcontext\fP Kerberos 5 context. .br \fIccache\fP credential cache used to check for des-ticket. .br \fIin_cred\fP the credential to convert .br \fIv4creds\fP the converted credential .RE .PP \fBReturns:\fP .RS 4 Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). .RE .PP diff --git a/crypto/heimdal/kdc/kdc.8 b/crypto/heimdal/kdc/kdc.8 index 171c426a0c52..c668b923768b 100644 --- a/crypto/heimdal/kdc/kdc.8 +++ b/crypto/heimdal/kdc/kdc.8 @@ -1,230 +1,230 @@ .\" Copyright (c) 2003 - 2004 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" 3. Neither the name of the Institute nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $Id$ .\" .Dd August 24, 2006 .Dt KDC 8 .Os HEIMDAL .Sh NAME .Nm kdc .Nd Kerberos 5 server .Sh SYNOPSIS .Nm .Bk -words .Oo Fl c Ar file \*(Ba Xo .Fl Fl config-file= Ns Ar file .Xc .Oc .Op Fl p | Fl Fl no-require-preauth .Op Fl Fl max-request= Ns Ar size .Op Fl H | Fl Fl enable-http .Op Fl Fl no-524 .Op Fl Fl kerberos4 .Op Fl Fl kerberos4-cross-realm .Oo Fl r Ar string \*(Ba Xo .Fl Fl v4-realm= Ns Ar string .Xc .Oc .Oo Fl P Ar portspec \*(Ba Xo .Fl Fl ports= Ns Ar portspec .Xc .Oc .Op Fl Fl detach .Op Fl Fl disable-des .Op Fl Fl addresses= Ns Ar list of addresses .Ek .Sh DESCRIPTION .Nm serves requests for tickets. When it starts, it first checks the flags passed, any options that are not specified with a command line flag are taken from a config file, or from a default compiled-in value. .Pp Options supported: .Bl -tag -width Ds .It Fl c Ar file , Fl Fl config-file= Ns Ar file Specifies the location of the config file, the default is .Pa /var/heimdal/kdc.conf . This is the only value that can't be specified in the config file. .It Fl p , Fl Fl no-require-preauth -Turn off the requirement for pre-autentication in the initial AS-REQ +Turn off the requirement for pre-authentication in the initial AS-REQ for all principals. The use of pre-authentication makes it more difficult to do offline password attacks. You might want to turn it off if you have clients that don't support pre-authentication. Since the version 4 protocol doesn't support any pre-authentication, serving version 4 clients is just about the same as not requiring pre-athentication. The default is to require pre-authentication. Adding the require-preauth per principal is a more flexible way of handling this. .It Fl Fl max-request= Ns Ar size Gives an upper limit on the size of the requests that the kdc is willing to handle. .It Fl H , Fl Fl enable-http Makes the kdc listen on port 80 and handle requests encapsulated in HTTP. .It Fl Fl no-524 don't respond to 524 requests .It Fl Fl kerberos4 respond to Kerberos 4 requests .It Fl Fl kerberos4-cross-realm respond to Kerberos 4 requests from foreign realms. This is a known security hole and should not be enabled unless you understand the consequences and are willing to live with them. .It Fl r Ar string , Fl Fl v4-realm= Ns Ar string What realm this server should act as when dealing with version 4 requests. The database can contain any number of realms, but since the version 4 protocol doesn't contain a realm for the server, it must be explicitly specified. The default is whatever is returned by .Fn krb_get_lrealm . This option is only available if the KDC has been compiled with version 4 support. .It Fl P Ar portspec , Fl Fl ports= Ns Ar portspec Specifies the set of ports the KDC should listen on. It is given as a white-space separated list of services or port numbers. .It Fl Fl addresses= Ns Ar list of addresses The list of addresses to listen for requests on. By default, the kdc will listen on all the locally configured addresses. If only a subset is desired, or the automatic detection fails, this option might be used. .It Fl Fl detach detach from pty and run as a daemon. .It Fl Fl disable-des disable add des encryption types, makes the kdc not use them. .El .Pp All activities are logged to one or more destinations, see .Xr krb5.conf 5 , and .Xr krb5_openlog 3 . The entity used for logging is .Nm kdc . .Sh CONFIGURATION FILE The configuration file has the same syntax as .Xr krb5.conf 5 , but will be read before .Pa /etc/krb5.conf , so it may override settings found there. Options specific to the KDC only are found in the .Dq [kdc] section. All the command-line options can preferably be added in the configuration file. The only difference is the pre-authentication flag, which has to be specified as: .Pp .Dl require-preauth = no .Pp (in fact you can specify the option as .Fl Fl require-preauth=no ) . .Pp And there are some configuration options which do not have command-line equivalents: .Bl -tag -width "xxx" -offset indent .It Li enable-digest = Va boolean turn on support for digest processing in the KDC. The default is FALSE. .It Li check-ticket-addresses = Va boolean Check the addresses in the ticket when processing TGS requests. The default is TRUE. .It Li allow-null-ticket-addresses = Va boolean Permit tickets with no addresses. This option is only relevant when check-ticket-addresses is TRUE. .It Li allow-anonymous = Va boolean Permit anonymous tickets with no addresses. .It Li max-kdc-datagram-reply-length = Va number Maximum packet size the UDP rely that the KDC will transmit, instead the KDC sends back a reply telling the client to use TCP instead. .It Li transited-policy = Li always-check \*(Ba \ Li allow-per-principal | Li always-honour-request This controls how KDC requests with the .Li disable-transited-check flag are handled. It can be one of: .Bl -tag -width "xxx" -offset indent .It Li always-check Always check transited encoding, this is the default. .It Li allow-per-principal Currently this is identical to .Li always-check . In a future release, it will be possible to mark a principal as able to handle unchecked requests. .It Li always-honour-request Always do what the client asked. In a future release, it will be possible to force a check per principal. .El .It encode_as_rep_as_tgs_rep = Va boolean Encode AS-Rep as TGS-Rep to be bug-compatible with old DCE code. The Heimdal clients allow both. .It kdc_warn_pwexpire = Va time How long before password/principal expiration the KDC should start sending out warning messages. .El .Pp The configuration file is only read when the .Nm is started. If changes made to the configuration file are to take effect, the .Nm needs to be restarted. .Pp An example of a config file: .Bd -literal -offset indent [kdc] require-preauth = no v4-realm = FOO.SE .Ed .Sh BUGS If the machine running the KDC has new addresses added to it, the KDC will have to be restarted to listen to them. The reason it doesn't just listen to wildcarded (like INADDR_ANY) addresses, is that the replies has to come from the same address they were sent to, and most OS:es doesn't pass this information to the application. If your normal mode of operation require that you add and remove addresses, the best option is probably to listen to a wildcarded TCP socket, and make sure your clients use TCP to connect. For instance, this will listen to IPv4 TCP port 88 only: .Bd -literal -offset indent kdc --addresses=0.0.0.0 --ports="88/tcp" .Ed .Pp There should be a way to specify protocol, port, and address triplets, not just addresses and protocol, port tuples. .Sh SEE ALSO .Xr kinit 1 , .Xr krb5.conf 5 diff --git a/crypto/heimdal/lib/krb5/krb5_get_init_creds.3 b/crypto/heimdal/lib/krb5/krb5_get_init_creds.3 index 764efb47e441..fccad5c4c42a 100644 --- a/crypto/heimdal/lib/krb5/krb5_get_init_creds.3 +++ b/crypto/heimdal/lib/krb5/krb5_get_init_creds.3 @@ -1,398 +1,398 @@ .\" Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" 3. Neither the name of the Institute nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $Id$ .\" .Dd Sep 16, 2006 .Dt KRB5_GET_INIT_CREDS 3 .Os HEIMDAL .Sh NAME .Nm krb5_get_init_creds , .Nm krb5_get_init_creds_keytab , .Nm krb5_get_init_creds_opt , .Nm krb5_get_init_creds_opt_alloc , .Nm krb5_get_init_creds_opt_free , .Nm krb5_get_init_creds_opt_init , .Nm krb5_get_init_creds_opt_set_address_list , .Nm krb5_get_init_creds_opt_set_addressless , .Nm krb5_get_init_creds_opt_set_anonymous , .Nm krb5_get_init_creds_opt_set_default_flags , .Nm krb5_get_init_creds_opt_set_etype_list , .Nm krb5_get_init_creds_opt_set_forwardable , .Nm krb5_get_init_creds_opt_set_pa_password , .Nm krb5_get_init_creds_opt_set_paq_request , .Nm krb5_get_init_creds_opt_set_preauth_list , .Nm krb5_get_init_creds_opt_set_proxiable , .Nm krb5_get_init_creds_opt_set_renew_life , .Nm krb5_get_init_creds_opt_set_salt , .Nm krb5_get_init_creds_opt_set_tkt_life , .Nm krb5_get_init_creds_opt_set_canonicalize , .Nm krb5_get_init_creds_opt_set_win2k , .Nm krb5_get_init_creds_password , .Nm krb5_prompt , .Nm krb5_prompter_posix .Nd Kerberos 5 initial authentication functions .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS .In krb5.h .Pp .Ft krb5_get_init_creds_opt; .Pp .Ft krb5_error_code .Fo krb5_get_init_creds_opt_alloc .Fa "krb5_context context" .Fa "krb5_get_init_creds_opt **opt" .Fc .Ft void .Fo krb5_get_init_creds_opt_free .Fa "krb5_context context" .Fa "krb5_get_init_creds_opt *opt" .Fc .Ft void .Fo krb5_get_init_creds_opt_init .Fa "krb5_get_init_creds_opt *opt" .Fc .Ft void .Fo krb5_get_init_creds_opt_set_address_list .Fa "krb5_get_init_creds_opt *opt" .Fa "krb5_addresses *addresses" .Fc .Ft void .Fo krb5_get_init_creds_opt_set_addressless .Fa "krb5_get_init_creds_opt *opt" .Fa "krb5_boolean addressless" .Fc .Ft void .Fo krb5_get_init_creds_opt_set_anonymous .Fa "krb5_get_init_creds_opt *opt" .Fa "int anonymous" .Fc .Ft void .Fo krb5_get_init_creds_opt_set_default_flags .Fa "krb5_context context" .Fa "const char *appname" .Fa "krb5_const_realm realm" .Fa "krb5_get_init_creds_opt *opt" .Fc .Ft void .Fo krb5_get_init_creds_opt_set_etype_list .Fa "krb5_get_init_creds_opt *opt" .Fa "krb5_enctype *etype_list" .Fa "int etype_list_length" .Fc .Ft void .Fo krb5_get_init_creds_opt_set_forwardable .Fa "krb5_get_init_creds_opt *opt" .Fa "int forwardable" .Fc .Ft krb5_error_code .Fo krb5_get_init_creds_opt_set_pa_password .Fa "krb5_context context" .Fa "krb5_get_init_creds_opt *opt" .Fa "const char *password" .Fa "krb5_s2k_proc key_proc" .Fc .Ft krb5_error_code .Fo krb5_get_init_creds_opt_set_paq_request .Fa "krb5_context context" .Fa "krb5_get_init_creds_opt *opt" .Fa "krb5_boolean req_pac" .Fc .Ft krb5_error_code .Fo krb5_get_init_creds_opt_set_pkinit .Fa "krb5_context context" .Fa "krb5_get_init_creds_opt *opt" .Fa "const char *cert_file" .Fa "const char *key_file" .Fa "const char *x509_anchors" .Fa "int flags" .Fa "char *password" .Fc .Ft void .Fo krb5_get_init_creds_opt_set_preauth_list .Fa "krb5_get_init_creds_opt *opt" .Fa "krb5_preauthtype *preauth_list" .Fa "int preauth_list_length" .Fc .Ft void .Fo krb5_get_init_creds_opt_set_proxiable .Fa "krb5_get_init_creds_opt *opt" .Fa "int proxiable" .Fc .Ft void .Fo krb5_get_init_creds_opt_set_renew_life .Fa "krb5_get_init_creds_opt *opt" .Fa "krb5_deltat renew_life" .Fc .Ft void .Fo krb5_get_init_creds_opt_set_salt .Fa "krb5_get_init_creds_opt *opt" .Fa "krb5_data *salt" .Fc .Ft void .Fo krb5_get_init_creds_opt_set_tkt_life .Fa "krb5_get_init_creds_opt *opt" .Fa "krb5_deltat tkt_life" .Fc .Ft krb5_error_code .Fo krb5_get_init_creds_opt_set_canonicalize .Fa "krb5_context context" .Fa "krb5_get_init_creds_opt *opt" .Fa "krb5_boolean req" .Fc .Ft krb5_error_code .Fo krb5_get_init_creds_opt_set_win2k .Fa "krb5_context context" .Fa "krb5_get_init_creds_opt *opt" .Fa "krb5_boolean req" .Fc .Ft krb5_error_code .Fo krb5_get_init_creds .Fa "krb5_context context" .Fa "krb5_creds *creds" .Fa "krb5_principal client" .Fa "krb5_prompter_fct prompter" .Fa "void *prompter_data" .Fa "krb5_deltat start_time" .Fa "const char *in_tkt_service" .Fa "krb5_get_init_creds_opt *options" .Fc .Ft krb5_error_code .Fo krb5_get_init_creds_password .Fa "krb5_context context" .Fa "krb5_creds *creds" .Fa "krb5_principal client" .Fa "const char *password" .Fa "krb5_prompter_fct prompter" .Fa "void *prompter_data" .Fa "krb5_deltat start_time" .Fa "const char *in_tkt_service" .Fa "krb5_get_init_creds_opt *in_options" .Fc .Ft krb5_error_code .Fo krb5_get_init_creds_keytab .Fa "krb5_context context" .Fa "krb5_creds *creds" .Fa "krb5_principal client" .Fa "krb5_keytab keytab" .Fa "krb5_deltat start_time" .Fa "const char *in_tkt_service" .Fa "krb5_get_init_creds_opt *options" .Fc .Ft int .Fo krb5_prompter_posix .Fa "krb5_context context" .Fa "void *data" .Fa "const char *name" .Fa "const char *banner" .Fa "int num_prompts" .Fa "krb5_prompt prompts[]" .Fc .Sh DESCRIPTION Getting initial credential ticket for a principal. That may include changing an expired password, and doing preauthentication. This interface that replaces the deprecated .Fa krb5_in_tkt and .Fa krb5_in_cred functions. .Pp If you only want to verify a username and password, consider using .Xr krb5_verify_user 3 instead, since it also verifies that initial credentials with using a keytab to make sure the response was from the KDC. .Pp First a .Li krb5_get_init_creds_opt structure is initialized with .Fn krb5_get_init_creds_opt_alloc or .Fn krb5_get_init_creds_opt_init . .Fn krb5_get_init_creds_opt_alloc allocates a extendible structures that needs to be freed with .Fn krb5_get_init_creds_opt_free . The structure may be modified by any of the .Fn krb5_get_init_creds_opt_set functions to change request parameters and authentication information. .Pp If the caller want to use the default options, .Dv NULL can be passed instead. .Pp The the actual request to the KDC is done by any of the .Fn krb5_get_init_creds , .Fn krb5_get_init_creds_password , or .Fn krb5_get_init_creds_keytab functions. .Fn krb5_get_init_creds is the least specialized function and can, with the right in data, behave like the latter two. The latter two are there for compatibility with older releases and they are slightly easier to use. .Pp .Li krb5_prompt is a structure containing the following elements: .Bd -literal typedef struct { const char *prompt; int hidden; krb5_data *reply; krb5_prompt_type type } krb5_prompt; .Ed .Pp .Fa prompt is the prompt that should shown to the user If .Fa hidden is set, the prompter function shouldn't echo the output to the display device. .Fa reply must be preallocated; it will not be allocated by the prompter function. Possible values for the .Fa type element are: .Pp .Bl -tag -width Ds -compact -offset indent .It KRB5_PROMPT_TYPE_PASSWORD .It KRB5_PROMPT_TYPE_NEW_PASSWORD .It KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN .It KRB5_PROMPT_TYPE_PREAUTH .It KRB5_PROMPT_TYPE_INFO .El .Pp .Fn krb5_prompter_posix is the default prompter function in a POSIX environment. It matches the .Fa krb5_prompter_fct and can be used in the .Fa krb5_get_init_creds functions. .Fn krb5_prompter_posix doesn't require .Fa prompter_data. .Pp If the .Fa start_time is zero, then the requested ticket will be valid beginning immediately. Otherwise, the .Fa start_time indicates how far in the future the ticket should be postdated. .Pp If the .Fa in_tkt_service name is .Dv non-NULL , that principal name will be used as the server name for the initial ticket request. The realm of the name specified will be ignored and will be set to the realm of the client name. If no in_tkt_service name is specified, krbtgt/CLIENT-REALM@CLIENT-REALM will be used. .Pp For the rest of arguments, a configuration or library default will be used if no value is specified in the options structure. .Pp .Fn krb5_get_init_creds_opt_set_address_list sets the list of .Fa addresses that is should be stored in the ticket. .Pp .Fn krb5_get_init_creds_opt_set_addressless controls if the ticket is requested with addresses or not, .Fn krb5_get_init_creds_opt_set_address_list overrides this option. .Pp .Fn krb5_get_init_creds_opt_set_anonymous make the request anonymous if the .Fa anonymous parameter is non-zero. .Pp .Fn krb5_get_init_creds_opt_set_default_flags sets the default flags using the configuration file. .Pp .Fn krb5_get_init_creds_opt_set_etype_list set a list of enctypes that the client is willing to support in the request. .Pp .Fn krb5_get_init_creds_opt_set_forwardable request a forwardable ticket. .Pp .Fn krb5_get_init_creds_opt_set_pa_password set the .Fa password and .Fa key_proc that is going to be used to get a new ticket. .Fa password or .Fa key_proc can be .Dv NULL if the caller wants to use the default values. If the .Fa password is unset and needed, the user will be prompted for it. .Pp .Fn krb5_get_init_creds_opt_set_paq_request sets the password that is going to be used to get a new ticket. .Pp .Fn krb5_get_init_creds_opt_set_preauth_list sets the list of client-supported preauth types. .Pp .Fn krb5_get_init_creds_opt_set_proxiable makes the request proxiable. .Pp .Fn krb5_get_init_creds_opt_set_renew_life sets the requested renewable lifetime. .Pp .Fn krb5_get_init_creds_opt_set_salt sets the salt that is going to be used in the request. .Pp .Fn krb5_get_init_creds_opt_set_tkt_life sets requested ticket lifetime. .Pp .Fn krb5_get_init_creds_opt_set_canonicalize -requests that the KDC canonicalize the client pricipal if possible. +requests that the KDC canonicalize the client principal if possible. .Pp .Fn krb5_get_init_creds_opt_set_win2k turns on compatibility with Windows 2000. .Sh SEE ALSO .Xr krb5 3 , .Xr krb5_creds 3 , .Xr krb5_verify_user 3 , .Xr krb5.conf 5 , .Xr kerberos 8 diff --git a/crypto/heimdal/lib/krb5/krb5_principal.3 b/crypto/heimdal/lib/krb5/krb5_principal.3 index 2998130a80e3..61fdd5b11ea6 100644 --- a/crypto/heimdal/lib/krb5/krb5_principal.3 +++ b/crypto/heimdal/lib/krb5/krb5_principal.3 @@ -1,372 +1,372 @@ .\" Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" 3. Neither the name of the Institute nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $Id$ .\" .Dd May 1, 2006 .Dt KRB5_PRINCIPAL 3 .Os HEIMDAL .Sh NAME .Nm krb5_get_default_principal , .Nm krb5_principal , .Nm krb5_build_principal , .Nm krb5_build_principal_ext , .Nm krb5_build_principal_va , .Nm krb5_build_principal_va_ext , .Nm krb5_copy_principal , .Nm krb5_free_principal , .Nm krb5_make_principal , .Nm krb5_parse_name , .Nm krb5_parse_name_flags , .Nm krb5_parse_nametype , .Nm krb5_princ_set_realm , .Nm krb5_principal_compare , .Nm krb5_principal_compare_any_realm , .Nm krb5_principal_get_comp_string , .Nm krb5_principal_get_realm , .Nm krb5_principal_get_type , .Nm krb5_principal_match , .Nm krb5_principal_set_type , .Nm krb5_realm_compare , .Nm krb5_sname_to_principal , .Nm krb5_sock_to_principal , .Nm krb5_unparse_name , .Nm krb5_unparse_name_flags , .Nm krb5_unparse_name_fixed , .Nm krb5_unparse_name_fixed_flags , .Nm krb5_unparse_name_fixed_short , .Nm krb5_unparse_name_short .Nd Kerberos 5 principal handling functions .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS .In krb5.h .Pp .Li krb5_principal ; .Ft void .Fn krb5_free_principal "krb5_context context" "krb5_principal principal" .Ft krb5_error_code .Fn krb5_parse_name "krb5_context context" "const char *name" "krb5_principal *principal" .Ft krb5_error_code .Fn krb5_parse_name_flags "krb5_context context" "const char *name" "int flags" "krb5_principal *principal" .Ft krb5_error_code .Fn "krb5_unparse_name" "krb5_context context" "krb5_const_principal principal" "char **name" .Ft krb5_error_code .Fn "krb5_unparse_name_flags" "krb5_context context" "krb5_const_principal principal" "int flags" "char **name" .Ft krb5_error_code .Fn krb5_unparse_name_fixed "krb5_context context" "krb5_const_principal principal" "char *name" "size_t len" .Ft krb5_error_code .Fn krb5_unparse_name_fixed_flags "krb5_context context" "krb5_const_principal principal" "int flags" "char *name" "size_t len" .Ft krb5_error_code .Fn "krb5_unparse_name_short" "krb5_context context" "krb5_const_principal principal" "char **name" .Ft krb5_error_code .Fn krb5_unparse_name_fixed_short "krb5_context context" "krb5_const_principal principal" "char *name" "size_t len" .Ft void .Fn krb5_princ_set_realm "krb5_context context" "krb5_principal principal" "krb5_realm *realm" .Ft krb5_error_code .Fn krb5_build_principal "krb5_context context" "krb5_principal *principal" "int rlen" "krb5_const_realm realm" "..." .Ft krb5_error_code .Fn krb5_build_principal_va "krb5_context context" "krb5_principal *principal" "int rlen" "krb5_const_realm realm" "va_list ap" .Ft krb5_error_code .Fn "krb5_build_principal_ext" "krb5_context context" "krb5_principal *principal" "int rlen" "krb5_const_realm realm" "..." .Ft krb5_error_code .Fn krb5_build_principal_va_ext "krb5_context context" "krb5_principal *principal" "int rlen" "krb5_const_realm realm" "va_list ap" .Ft krb5_error_code .Fn krb5_make_principal "krb5_context context" "krb5_principal *principal" "krb5_const_realm realm" "..." .Ft krb5_error_code .Fn krb5_copy_principal "krb5_context context" "krb5_const_principal inprinc" "krb5_principal *outprinc" .Ft krb5_boolean .Fn krb5_principal_compare "krb5_context context" "krb5_const_principal princ1" "krb5_const_principal princ2" .Ft krb5_boolean .Fn krb5_principal_compare_any_realm "krb5_context context" "krb5_const_principal princ1" "krb5_const_principal princ2" .Ft "const char *" .Fn krb5_principal_get_comp_string "krb5_context context" "krb5_const_principal principal" "unsigned int component" .Ft "const char *" .Fn krb5_principal_get_realm "krb5_context context" "krb5_const_principal principal" .Ft int .Fn krb5_principal_get_type "krb5_context context" "krb5_const_principal principal" .Ft krb5_boolean .Fn krb5_principal_match "krb5_context context" "krb5_const_principal principal" "krb5_const_principal pattern" .Ft void .Fn krb5_principal_set_type "krb5_context context" "krb5_principal principal" "int type" .Ft krb5_boolean .Fn krb5_realm_compare "krb5_context context" "krb5_const_principal princ1" "krb5_const_principal princ2" .Ft krb5_error_code .Fn krb5_sname_to_principal "krb5_context context" "const char *hostname" "const char *sname" "int32_t type" "krb5_principal *ret_princ" .Ft krb5_error_code .Fn krb5_sock_to_principal "krb5_context context" "int socket" "const char *sname" "int32_t type" "krb5_principal *principal" .Ft krb5_error_code .Fn krb5_get_default_principal "krb5_context context" "krb5_principal *princ" .Ft krb5_error_code .Fn krb5_parse_nametype "krb5_context context" "const char *str" "int32_t *type" .Sh DESCRIPTION .Li krb5_principal holds the name of a user or service in Kerberos. .Pp A principal has two parts, a .Li PrincipalName and a .Li realm . The PrincipalName consists of one or more components. In printed form, the components are separated by /. The PrincipalName also has a name-type. .Pp Examples of a principal are .Li nisse/root@EXAMPLE.COM and .Li host/datan.kth.se@KTH.SE . .Fn krb5_parse_name and .Fn krb5_parse_name_flags passes a principal name in .Fa name to the kerberos principal structure. .Fn krb5_parse_name_flags takes an extra .Fa flags argument the following flags can be passed in .Bl -tag -width Ds .It Dv KRB5_PRINCIPAL_PARSE_NO_REALM requires the input string to be without a realm, and no realm is stored in the .Fa principal return argument. .It Dv KRB5_PRINCIPAL_PARSE_REQUIRE_REALM requires the input string to with a realm. .El .Pp .Fn krb5_unparse_name and .Fn krb5_unparse_name_flags prints the principal .Fa princ to the string .Fa name . .Fa name should be freed with .Xr free 3 . To the .Fa flags argument the following flags can be passed in .Bl -tag -width Ds .It Dv KRB5_PRINCIPAL_UNPARSE_SHORT no realm if the realm is one of the local realms. .It Dv KRB5_PRINCIPAL_UNPARSE_NO_REALM never include any realm in the principal name. .It Dv KRB5_PRINCIPAL_UNPARSE_DISPLAY don't quote .El On failure .Fa name is set to .Dv NULL . .Fn krb5_unparse_name_fixed and .Fn krb5_unparse_name_fixed_flags behaves just like .Fn krb5_unparse , but instead unparses the principal into a fixed size buffer. .Pp .Fn krb5_unparse_name_short just returns the principal without the realm if the principal is in the default realm. If the principal isn't, the full name is returned. .Fn krb5_unparse_name_fixed_short works just like .Fn krb5_unparse_name_short but on a fixed size buffer. .Pp .Fn krb5_build_principal builds a principal from the realm .Fa realm that has the length .Fa rlen . The following arguments form the components of the principal. The list of components is terminated with .Dv NULL . .Pp .Fn krb5_build_principal_va works like .Fn krb5_build_principal using vargs. .Pp .Fn krb5_build_principal_ext and .Fn krb5_build_principal_va_ext take a list of length-value pairs, the list is terminated with a zero length. .Pp .Fn krb5_make_principal works the same way as .Fn krb5_build_principal , except it figures out the length of the realm itself. .Pp .Fn krb5_copy_principal makes a copy of a principal. The copy needs to be freed with .Fn krb5_free_principal . .Pp .Fn krb5_principal_compare compares the two principals, including realm of the principals and returns .Dv TRUE if they are the same and .Dv FALSE if not. .Pp .Fn krb5_principal_compare_any_realm works the same way as .Fn krb5_principal_compare but doesn't compare the realm component of the principal. .Pp .Fn krb5_realm_compare compares the realms of the two principals and returns .Dv TRUE is they are the same, and .Dv FALSE if not. .Pp .Fn krb5_principal_match matches a .Fa principal against a .Fa pattern . The pattern is a globbing expression, where each component (separated by /) is matched against the corresponding component of the principal. .Pp The .Fn krb5_principal_get_realm and .Fn krb5_principal_get_comp_string functions return parts of the .Fa principal , either the realm or a specific component. Both functions return string pointers to data inside the principal, so they are valid only as long as the principal exists. .Pp The .Fa component argument to .Fn krb5_principal_get_comp_string is the index of the component to return, from zero to the total number of components minus one. If the index is out of range .Dv NULL is returned. .Pp .Fn krb5_principal_get_realm and .Fn krb5_principal_get_comp_string are replacements for .Fn krb5_princ_component and related macros, described as internal in the MIT API specification. Unlike the macros, these functions return strings, not .Dv krb5_data . A reason to return .Dv krb5_data was that it was believed that principal components could contain binary data, but this belief was unfounded, and it has been decided -that principal components are infact UTF8, so it's safe to use zero +that principal components are in fact UTF8, so it's safe to use zero terminated strings. .Pp It's generally not necessary to look at the components of a principal. .Pp .Fn krb5_principal_get_type and .Fn krb5_principal_set_type get and sets the name type for a principal. Name type handling is tricky and not often needed, don't use this unless you know what you do. .Pp .Fn krb5_sname_to_principal and .Fn krb5_sock_to_principal are for easy creation of .Dq service principals that can, for instance, be used to lookup a key in a keytab. For both functions the .Fa sname parameter will be used for the first component of the created principal. If .Fa sname is .Dv NULL , .Dq host will be used instead. .Pp .Fn krb5_sname_to_principal will use the passed .Fa hostname for the second component. If .Fa type is .Dv KRB5_NT_SRV_HST this name will be looked up with .Fn gethostbyname . If .Fa hostname is .Dv NULL , the local hostname will be used. .Pp .Fn krb5_sock_to_principal will use the .Dq sockname of the passed .Fa socket , which should be a bound .Dv AF_INET or .Dv AF_INET6 socket. There must be a mapping between the address and .Dq sockname . The function may try to resolve the name in DNS. .Pp .Fn krb5_get_default_principal tries to find out what's a reasonable default principal by looking at the environment it is running in. .Pp .Fn krb5_parse_nametype parses and returns the name type integer value in .Fa type . On failure the function returns an error code and set the error string. .\" .Sh EXAMPLES .Sh SEE ALSO .Xr krb5_425_conv_principal 3 , .Xr krb5_config 3 , .Xr krb5.conf 5 .Sh BUGS You can not have a NUL in a component in some of the variable argument functions above. Until someone can give a good example of where it would be a good idea to have NUL's in a component, this will not be fixed. diff --git a/crypto/heimdal/lib/roken/getarg.3 b/crypto/heimdal/lib/roken/getarg.3 index dda6e7dbf3d3..d634944a90c6 100644 --- a/crypto/heimdal/lib/roken/getarg.3 +++ b/crypto/heimdal/lib/roken/getarg.3 @@ -1,341 +1,341 @@ .\" Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" 3. Neither the name of the Institute nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $Id$ .Dd September 24, 1999 .Dt GETARG 3 .Os ROKEN .Sh NAME .Nm getarg , .Nm arg_printusage .Nd collect command line options .Sh SYNOPSIS .In getarg.h .Ft int .Fn getarg "struct getargs *args" "size_t num_args" "int argc" "char **argv" "int *optind" .Ft void .Fn arg_printusage "struct getargs *args" "size_t num_args" "const char *progname" "const char *extra_string" .Sh DESCRIPTION .Fn getarg collects any command line options given to a program in an easily used way. .Fn arg_printusage pretty-prints the available options, with a short help text. .Pp .Fa args is the option specification to use, and it's an array of .Fa struct getargs elements. .Fa num_args is the size of .Fa args (in elements). .Fa argc and .Fa argv are the argument count and argument vector to extract option from. .Fa optind is a pointer to an integer where the index to the last processed argument is stored, it must be initialised to the first index (minus one) to process (normally 0) before the first call. .Pp .Fa arg_printusage take the same .Fa args and .Fa num_args as getarg; .Fa progname is the name of the program (to be used in the help text), and .Fa extra_string is a string to print after the actual options to indicate more arguments. The usefulness of this function is realised only be people who has used programs that has help strings that doesn't match what the code does. .Pp The .Fa getargs struct has the following elements. .Bd -literal struct getargs{ const char *long_name; char short_name; enum { arg_integer, arg_string, arg_flag, arg_negative_flag, arg_strings, arg_double, arg_collect } type; void *value; const char *help; const char *arg_help; }; .Ed .Pp .Fa long_name is the long name of the option, it can be .Dv NULL , if you don't want a long name. .Fa short_name -is the characted to use as short option, it can be zero. If the option +is the character to use as short option, it can be zero. If the option has a value the .Fa value field gets filled in with that value interpreted as specified by the .Fa type field. .Fa help is a longer help string for the option as a whole, if it's .Dv NULL the help text for the option is omitted (but it's still displayed in the synopsis). .Fa arg_help is a description of the argument, if .Dv NULL a default value will be used, depending on the type of the option: .Pp .Bl -hang -width arg_negative_flag .It arg_integer the argument is a signed integer, and .Fa value should point to an .Fa int . .It Fa arg_string the argument is a string, and .Fa value should point to a .Fa char* . .It Fa arg_flag the argument is a flag, and .Fa value should point to a .Fa int . It gets filled in with either zero or one, depending on how the option is given, the normal case being one. Note that if the option isn't given, the value isn't altered, so it should be initialised to some useful default. .It Fa arg_negative_flag this is the same as .Fa arg_flag but it reverses the meaning of the flag (a given short option clears the flag), and the synopsis of a long option is negated. .It Fa arg_strings the argument can be given multiple times, and the values are collected in an array; .Fa value should be a pointer to a .Fa struct getarg_strings structure, which holds a length and a string pointer. .It Fa arg_double argument is a double precision floating point value, and .Fa value should point to a .Fa double . .It Fa arg_collect allows more fine-grained control of the option parsing process. .Fa value should be a pointer to a .Fa getarg_collect_info structure: .Bd -literal typedef int (*getarg_collect_func)(int short_opt, int argc, char **argv, int *optind, int *optarg, void *data); typedef struct getarg_collect_info { getarg_collect_func func; void *data; } getarg_collect_info; .Ed .Pp With the .Fa func member set to a function to call, and .Fa data to some application specific data. The parameters to the collect function are: .Bl -inset .It Fa short_flag non-zero if this call is via a short option flag, zero otherwise .It Fa argc , argv the whole argument list .It Fa optind pointer to the index in argv where the flag is .It Fa optarg pointer to the index in argv[*optind] where the flag name starts .It Fa data application specific data .El .Pp You can modify .Fa *optind , and .Fa *optarg , but to do this correct you (more or less) have to know about the inner workings of getarg. .Pp You can skip parts of arguments by increasing .Fa *optarg (you could implement the .Fl z Ns Ar 3 set of flags from .Nm gzip with this), or whole argument strings by increasing .Fa *optind (let's say you want a flag .Fl c Ar x y z to specify a coordinate); if you also have to set .Fa *optarg to a sane value. .Pp The collect function should return one of .Dv ARG_ERR_NO_MATCH , ARG_ERR_BAD_ARG , ARG_ERR_NO_ARG, ENOMEM on error, zero otherwise. .Pp For your convenience there is a function, .Fn getarg_optarg , that returns the traditional argument string, and you pass it all arguments, sans data, that where given to the collection function. .Pp Don't use this more this unless you absolutely have to. .El .Pp Option parsing is similar to what .Xr getopt uses. Short options without arguments can be compressed .Pf ( Fl xyz is the same as .Fl x y z ) , and short options with arguments take these as either the rest of the argv-string or as the next option .Pf ( Fl o Ns Ar foo , or .Fl o Ar foo ) . .Pp Long option names are prefixed with -- (double dash), and the value with a = (equal), .Fl Fl foo= Ns Ar bar . Long option flags can either be specified as they are .Pf ( Fl Fl help ) , or with an (boolean parsable) option .Pf ( Fl Fl help= Ns Ar yes , .Fl Fl help= Ns Ar true , or similar), or they can also be negated .Pf ( Fl Fl no-help is the same as .Fl Fl help= Ns no ) , and if you're really confused you can do it multiple times .Pf ( Fl Fl no-no-help= Ns Ar false , or even .Fl Fl no-no-help= Ns Ar maybe ) . .Sh EXAMPLE .Bd -literal #include #include #include char *source = "Ouagadougou"; char *destination; int weight; int include_catalog = 1; int help_flag; struct getargs args[] = { { "source", 's', arg_string, &source, "source of shippment", "city" }, { "destination", 'd', arg_string, &destination, "destination of shippment", "city" }, { "weight", 'w', arg_integer, &weight, "weight of shippment", "tons" }, { "catalog", 'c', arg_negative_flag, &include_catalog, "include product catalog" }, { "help", 'h', arg_flag, &help_flag } }; int num_args = sizeof(args) / sizeof(args[0]); /* number of elements in args */ const char *progname = "ship++"; int main(int argc, char **argv) { int optind = 0; if (getarg(args, num_args, argc, argv, &optind)) { arg_printusage(args, num_args, progname, "stuff..."); exit (1); } if (help_flag) { arg_printusage(args, num_args, progname, "stuff..."); exit (0); } if (destination == NULL) { fprintf(stderr, "%s: must specify destination\en", progname); exit(1); } if (strcmp(source, destination) == 0) { fprintf(stderr, "%s: destination must be different from source\en"); exit(1); } /* include more stuff here ... */ exit(2); } .Ed .Pp The output help output from this program looks like this: .Bd -literal $ ship++ --help Usage: ship++ [--source=city] [-s city] [--destination=city] [-d city] [--weight=tons] [-w tons] [--no-catalog] [-c] [--help] [-h] stuff... -s city, --source=city source of shippment -d city, --destination=city destination of shippment -w tons, --weight=tons weight of shippment -c, --no-catalog include product catalog .Ed .Sh BUGS It should be more flexible, so it would be possible to use other more complicated option syntaxes, such as what .Xr ps 1 , and .Xr tar 1 , uses, or the AFS model where you can skip the flag names as long as the options come in the correct order. .Pp Options with multiple arguments should be handled better. .Pp -Should be integreated with SL. +Should be integrated with SL. .Pp It's very confusing that the struct you pass in is called getargS. .Sh SEE ALSO .Xr getopt 3