File: krb5_verify_user.cat3

package info (click to toggle)
heimdal 7.1.0%2Bdfsg-13%2Bdeb9u3
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 41,436 kB
  • sloc: ansic: 354,938; sh: 12,104; makefile: 4,353; yacc: 1,774; perl: 1,572; python: 748; lex: 732; java: 119; awk: 41
file content (140 lines) | stat: -rw-r--r-- 8,745 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
 
KRB5_VERIFY_USER(3)      BSD Library Functions Manual      KRB5_VERIFY_USER(3)

NNAAMMEE
     kkrrbb55__vveerriiffyy__uusseerr, kkrrbb55__vveerriiffyy__uusseerr__llrreeaallmm, kkrrbb55__vveerriiffyy__uusseerr__oopptt,
     kkrrbb55__vveerriiffyy__oopptt__iinniitt, kkrrbb55__vveerriiffyy__oopptt__aalllloocc, kkrrbb55__vveerriiffyy__oopptt__ffrreeee,
     kkrrbb55__vveerriiffyy__oopptt__sseett__ccccaacchhee, kkrrbb55__vveerriiffyy__oopptt__sseett__ffllaaggss,
     kkrrbb55__vveerriiffyy__oopptt__sseett__sseerrvviiccee, kkrrbb55__vveerriiffyy__oopptt__sseett__sseeccuurree,
     kkrrbb55__vveerriiffyy__oopptt__sseett__kkeeyyttaabb -- Heimdal password verifying functions

LLIIBBRRAARRYY
     Kerberos 5 Library (libkrb5, -lkrb5)

SSYYNNOOPPSSIISS
     ##iinncclluuddee <<kkrrbb55..hh>>

     _k_r_b_5___e_r_r_o_r___c_o_d_e
     kkrrbb55__vveerriiffyy__uusseerr(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___p_r_i_n_c_i_p_a_l _p_r_i_n_c_i_p_a_l,
         _k_r_b_5___c_c_a_c_h_e _c_c_a_c_h_e, _c_o_n_s_t _c_h_a_r _*_p_a_s_s_w_o_r_d, _k_r_b_5___b_o_o_l_e_a_n _s_e_c_u_r_e,
         _c_o_n_s_t _c_h_a_r _*_s_e_r_v_i_c_e);

     _k_r_b_5___e_r_r_o_r___c_o_d_e
     kkrrbb55__vveerriiffyy__uusseerr__llrreeaallmm(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___p_r_i_n_c_i_p_a_l _p_r_i_n_c_i_p_a_l,
         _k_r_b_5___c_c_a_c_h_e _c_c_a_c_h_e, _c_o_n_s_t _c_h_a_r _*_p_a_s_s_w_o_r_d, _k_r_b_5___b_o_o_l_e_a_n _s_e_c_u_r_e,
         _c_o_n_s_t _c_h_a_r _*_s_e_r_v_i_c_e);

     _v_o_i_d
     kkrrbb55__vveerriiffyy__oopptt__iinniitt(_k_r_b_5___v_e_r_i_f_y___o_p_t _*_o_p_t);

     _v_o_i_d
     kkrrbb55__vveerriiffyy__oopptt__aalllloocc(_k_r_b_5___v_e_r_i_f_y___o_p_t _*_*_o_p_t);

     _v_o_i_d
     kkrrbb55__vveerriiffyy__oopptt__ffrreeee(_k_r_b_5___v_e_r_i_f_y___o_p_t _*_o_p_t);

     _v_o_i_d
     kkrrbb55__vveerriiffyy__oopptt__sseett__ccccaacchhee(_k_r_b_5___v_e_r_i_f_y___o_p_t _*_o_p_t, _k_r_b_5___c_c_a_c_h_e _c_c_a_c_h_e);

     _v_o_i_d
     kkrrbb55__vveerriiffyy__oopptt__sseett__kkeeyyttaabb(_k_r_b_5___v_e_r_i_f_y___o_p_t _*_o_p_t, _k_r_b_5___k_e_y_t_a_b _k_e_y_t_a_b);

     _v_o_i_d
     kkrrbb55__vveerriiffyy__oopptt__sseett__sseeccuurree(_k_r_b_5___v_e_r_i_f_y___o_p_t _*_o_p_t, _k_r_b_5___b_o_o_l_e_a_n _s_e_c_u_r_e);

     _v_o_i_d
     kkrrbb55__vveerriiffyy__oopptt__sseett__sseerrvviiccee(_k_r_b_5___v_e_r_i_f_y___o_p_t _*_o_p_t, _c_o_n_s_t _c_h_a_r _*_s_e_r_v_i_c_e);

     _v_o_i_d
     kkrrbb55__vveerriiffyy__oopptt__sseett__ffllaaggss(_k_r_b_5___v_e_r_i_f_y___o_p_t _*_o_p_t, _u_n_s_i_g_n_e_d _i_n_t _f_l_a_g_s);

     _k_r_b_5___e_r_r_o_r___c_o_d_e
     kkrrbb55__vveerriiffyy__uusseerr__oopptt(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___p_r_i_n_c_i_p_a_l _p_r_i_n_c_i_p_a_l,
         _c_o_n_s_t _c_h_a_r _*_p_a_s_s_w_o_r_d, _k_r_b_5___v_e_r_i_f_y___o_p_t _*_o_p_t);

DDEESSCCRRIIPPTTIIOONN
     The kkrrbb55__vveerriiffyy__uusseerr function verifies the password supplied by a user.
     The principal whose password will be verified is specified in _p_r_i_n_c_i_p_a_l.
     New tickets will be obtained as a side-effect and stored in _c_c_a_c_h_e (if
     NULL, the default ccache is used).  kkrrbb55__vveerriiffyy__uusseerr() will call
     kkrrbb55__cccc__iinniittiiaalliizzee() on the given _c_c_a_c_h_e, so _c_c_a_c_h_e must only initialized
     with kkrrbb55__cccc__rreessoollvvee() or kkrrbb55__cccc__ggeenn__nneeww().  If the password is not sup-
     plied in _p_a_s_s_w_o_r_d (and is given as NULL) the user will be prompted for
     it.  If _s_e_c_u_r_e the ticket will be verified against the locally stored
     service key _s_e_r_v_i_c_e (by default 'host' if given as NULL ).

     The kkrrbb55__vveerriiffyy__uusseerr__llrreeaallmm() function does the same, except that it
     ignores the realm in _p_r_i_n_c_i_p_a_l and tries all the local realms (see
     krb5.conf(5)).  After a successful return, the principal is set to the
     authenticated realm. If the call fails, the principal will not be mean-
     ingful, and should only be freed with krb5_free_principal(3).

     kkrrbb55__vveerriiffyy__oopptt__aalllloocc() and kkrrbb55__vveerriiffyy__oopptt__ffrreeee() allocates and frees a
     krb5_verify_opt.  You should use the the alloc and free function instead
     of allocation the structure yourself, this is because in a future release
     the structure wont be exported.

     kkrrbb55__vveerriiffyy__oopptt__iinniitt() resets all opt to default values.

     None of the krb5_verify_opt_set function makes a copy of the data struc-
     ture that they are called with. It's up the caller to free them after the
     kkrrbb55__vveerriiffyy__uusseerr__oopptt() is called.

     kkrrbb55__vveerriiffyy__oopptt__sseett__ccccaacchhee() sets the _c_c_a_c_h_e that user of _o_p_t will use.
     If not set, the default credential cache will be used.

     kkrrbb55__vveerriiffyy__oopptt__sseett__kkeeyyttaabb() sets the _k_e_y_t_a_b that user of _o_p_t will use.
     If not set, the default keytab will be used.

     kkrrbb55__vveerriiffyy__oopptt__sseett__sseeccuurree() if _s_e_c_u_r_e if true, the password verification
     will require that the ticket will be verified against the locally stored
     service key. If not set, default value is true.

     kkrrbb55__vveerriiffyy__oopptt__sseett__sseerrvviiccee() sets the _s_e_r_v_i_c_e principal that user of _o_p_t
     will use. If not set, the 'host' service will be used.

     kkrrbb55__vveerriiffyy__oopptt__sseett__ffllaaggss() sets _f_l_a_g_s that user of _o_p_t will use.  If the
     flag KRB5_VERIFY_LREALMS is used, the _p_r_i_n_c_i_p_a_l will be modified like
     kkrrbb55__vveerriiffyy__uusseerr__llrreeaallmm() modifies it.

     kkrrbb55__vveerriiffyy__uusseerr__oopptt() function verifies the _p_a_s_s_w_o_r_d supplied by a user.
     The principal whose password will be verified is specified in _p_r_i_n_c_i_p_a_l.
     Options the to the verification process is pass in in _o_p_t.

EEXXAAMMPPLLEESS
     Here is a example program that verifies a password. it uses the
     'host/`hostname`' service principal in _k_r_b_5_._k_e_y_t_a_b.

     #include <krb5.h>

     int
     main(int argc, char **argv)
     {
         char *user;
         krb5_error_code error;
         krb5_principal princ;
         krb5_context context;

         if (argc != 2)
             errx(1, "usage: verify_passwd <principal-name>");

         user = argv[1];

         if (krb5_init_context(&context) < 0)
             errx(1, "krb5_init_context");

         if ((error = krb5_parse_name(context, user, &princ)) != 0)
             krb5_err(context, 1, error, "krb5_parse_name");

         error = krb5_verify_user(context, princ, NULL, NULL, TRUE, NULL);
         if (error)
             krb5_err(context, 1, error, "krb5_verify_user");

         return 0;
     }

SSEEEE AALLSSOO
     krb5_cc_gen_new(3), krb5_cc_initialize(3), krb5_cc_resolve(3),
     krb5_err(3), krb5_free_principal(3), krb5_init_context(3),
     krb5_kt_default(3), krb5.conf(5)

HEIMDAL                           May 1, 2006                          HEIMDAL