1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
|
The key table functions deal with storing and retrieving service keys
for use by unattended services which participate in authentication exchanges.
Keytab routines are all be atomic. Every routine that acquires
a non-sharable resource releases it before it returns.
All keytab types support multiple concurrent sequential scans.
The order of values returned from \funcname{krb5_kt_next_entry} is
unspecified.
Although the ``right thing'' should happen if the program aborts
abnormally, a close routine, \funcname{krb5_kt_free_entry}, is provided
for freeing resources, etc. People should use the close routine when
they are finished.
\begin{funcdecl}{krb5_kt_register}{krb5_error_code}{\funcinout}
\funcarg{krb5_context}{context}
\funcin
\funcarg{krb5_kt_ops *}{ops}
\end{funcdecl}
Adds a new ticket cache type to the set recognized by
\funcname{krb5_kt_resolve}.
Requires that a keytab type named \funcparam{ops{\ptsto}prefix} is not
yet known.
An error is returned if \funcparam{ops{\ptsto}prefix} is already known.
\begin{funcdecl}{krb5_kt_resolve}{krb5_error_code}{\funcinout}
\funcarg{krb5_context}{context}
\funcin
\funcarg{const char *}{string_name}
\funcout
\funcarg{krb5_keytab *}{id}
\end{funcdecl}
Fills in \funcparam{*id} with a handle identifying the keytab with name
``string_name''. The keytab is not opened.
Requires that \funcparam{string_name} be of the form ``type:residual'' and
``type'' is a type known to the library.
Errors: badly formatted name.
\begin{funcdecl}{krb5_kt_default_name}{krb5_error_code}{\funcinout}
\funcarg{krb5_context}{context}
\funcin
\funcarg{char *}{name}
\funcarg{int}{namesize}
\end{funcdecl}
\funcparam{name} is filled in with the first \funcparam{namesize} bytes of
the name of the default keytab.
If the name is shorter than \funcparam{namesize}, then the remainder of
\funcparam{name} will be zeroed.
\begin{funcdecl}{krb5_kt_default}{krb5_error_code}{\funcinout}
\funcarg{krb5_context}{context}
\funcin
\funcarg{krb5_keytab *}{id}
\end{funcdecl}
Fills in \funcparam{id} with a handle identifying the default keytab.
\begin{funcdecl}{krb5_kt_read_service_key}{krb5_error_code}{\funcinout}
\funcarg{krb5_context}{context}
\funcin
\funcarg{krb5_pointer}{keyprocarg}
\funcarg{krb5_principal}{principal}
\funcarg{krb5_kvno}{vno}
\funcarg{krb5_keytype}{keytype}
\funcout
\funcarg{krb5_keyblock **}{key}
\end{funcdecl}
If \funcname{keyprocarg} is not NULL, it is taken to be a
\datatype{char *} denoting the name of a keytab. Otherwise, the default
keytab will be used.
The keytab is opened and searched for the entry identified by
\funcparam{principal}, \funcparam{keytype}, and \funcparam{vno},
returning the resulting key
in \funcparam{*key} or returning an error code if it is not found.
\funcname{krb5_free_keyblock} should be called on \funcparam{*key} when
the caller is finished with the key.
Returns an error code if the entry is not found.
\begin{funcdecl}{krb5_kt_add_entry}{krb5_error_code}{\funcinout}
\funcarg{krb5_context}{context}
\funcin
\funcarg{krb5_keytab}{id}
\funcarg{krb5_keytab_entry *}{entry}
\end{funcdecl}
Calls the keytab-specific add routine \funcname{krb5_kt_add_internal}
with the same function arguments. If this routine is not available,
then KRB5_KT_NOWRITE is returned.
\begin{funcdecl}{krb5_kt_remove_entry}{krb5_error_code}{\funcinout}
\funcarg{krb5_context}{context}
\funcin
\funcarg{krb5_keytab}{id}
\funcarg{krb5_keytab_entry *}{entry}
\end{funcdecl}
Calls the keytab-specific remove routine
\funcname{krb5_kt_remove_internal} with the same function arguments.
If this routine is not available, then KRB5_KT_NOWRITE is returned.
\begin{funcdecl}{krb5_kt_get_name}{krb5_error_code}{\funcinout}
\funcarg{krb5_context}{context}
\funcarg{krb5_keytab}{id}
\funcout
\funcarg{char *}{name}
\funcin
\funcarg{unsigned int}{namesize}
\end{funcdecl}
\funcarg{name} is filled in with the first \funcparam{namesize} bytes of
the name of the keytab identified by \funcname{id}.
If the name is shorter than \funcparam{namesize}, then \funcarg{name}
will be null-terminated.
\begin{funcdecl}{krb5_kt_close}{krb5_error_code}{\funcinout}
\funcarg{krb5_context}{context}
\funcarg{krb5_keytab}{id}
\end{funcdecl}
Closes the keytab identified by \funcparam{id} and invalidates
\funcparam{id}, and releases any other resources acquired during use of
the key table.
Requires that \funcparam{id} identifies a keytab.
\begin{funcdecl}{krb5_kt_get_entry}{krb5_error_code}{\funcinout}
\funcarg{krb5_context}{context}
\funcarg{krb5_keytab}{id}
\funcin
\funcarg{krb5_principal}{principal}
\funcarg{krb5_kvno}{vno}
\funcarg{krb5_keytype}{keytype}
\funcout
\funcarg{krb5_keytab_entry *}{entry}
\end{funcdecl}
\begin{sloppypar}
Searches the keytab identified by \funcparam{id} for an entry whose
principal matches \funcparam{principal}, whose keytype matches
\funcparam{keytype}, and
whose key version number matches \funcparam{vno}. If \funcparam{vno} is
zero, the first entry whose principal matches is returned.
\end{sloppypar}
Returns an error code if no suitable entry is found. If an entry is
found, the entry is returned in \funcparam{*entry}; its contents should
be deallocated by calling \funcname{krb5_kt_free_entry} when no longer
needed.
\begin{funcdecl}{krb5_kt_free_entry}{krb5_error_code}{\funcinout}
\funcarg{krb5_context}{context}
\funcarg{krb5_keytab_entry *}{entry}
\end{funcdecl}
Releases all storage allocated for \funcparam{entry}, which must point
to a structure previously filled in by \funcname{krb5_kt_get_entry} or
\funcname{krb5_kt_next_entry}.
\begin{funcdecl}{krb5_kt_start_seq_get}{krb5_error_code}{\funcinout}
\funcarg{krb5_context}{context}
\funcarg{krb5_keytab}{id}
\funcout
\funcarg{krb5_kt_cursor *}{cursor}
\end{funcdecl}
Prepares to read sequentially every key in the keytab identified by
\funcparam{id}.
\funcparam{cursor} is filled in with a cursor to be used in calls to
\funcname{krb5_kt_next_entry}.
\begin{funcdecl}{krb5_kt_next_entry}{krb5_error_code}{\funcinout}
\funcarg{krb5_context}{context}
\funcarg{krb5_keytab}{id}
\funcout
\funcarg{krb5_keytab_entry *}{entry}
\funcinout
\funcarg{krb5_kt_cursor *}{cursor}
\end{funcdecl}
Fetches the ``next'' entry in the keytab, returning it in
\funcparam{*entry}, and updates \funcparam{*cursor} for the next
request. If the keytab changes during the sequential get, an error is
guaranteed. \funcparam{*entry} should be freed after use by calling
\funcname{krb5_kt_free_entry}.
Requires that \funcparam{id} identifies a valid keytab. and
\funcparam{*cursor} be a cursor returned by
\funcname{krb5_kt_start_seq_get} or a subsequent call to
\funcname{krb5_kt_next_entry}.
Errors: error code if no more cache entries or if the keytab changes.
\begin{funcdecl}{krb5_kt_end_seq_get}{krb5_error_code}{\funcinout}
\funcarg{krb5_context}{context}
\funcarg{krb5_keytab}{id}
\funcarg{krb5_kt_cursor *}{cursor}
\end{funcdecl}
Finishes sequential processing mode and invalidates \funcparam{cursor},
which must never be re-used after this call.
Requires that \funcparam{id} identifies a valid keytab and
\funcparam{*cursor} be a cursor returned by
\funcname{krb5_kt_start_seq_get} or a subsequent call to
\funcname{krb5_kt_next_entry}.
May return error code if \funcparam{cursor} is invalid.
|
