move krb5_compare_creds to its own manpage

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13791 ec53bebd-3082-4978-b11e-865c3cabbd6b

lib/krb5/krb5_compare_creds.3

@@ -0,0 +1,104 @@
+.\" Copyright (c) 2004 Kungliga Tekniska H<>gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd April 25, 2004
+.Dt KRB5_COMPARE_CREDS 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_compare_creds
+.Nd compare Kerberos 5 credentials
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft krb5_boolean
+.Fo krb5_compare_creds
+.Fa "krb5_context context"
+.Fa "krb5_flags whichfields"
+.Fa "const krb5_creds *mcreds"
+.Fa "const krb5_creds *creds"
+.Fc
+.Sh DESCRIPTION
+.Fn krb5_compare_creds
+compares
+.Fa mcreds
+(usually filled in by the application)
+to
+.Fa creds
+(most often from a credentials cache)
+and return
+.Dv TRUE
+if they are equal.
+Unless
+.Va mcreds-\*[Gt]server
+is
+.Dv NULL ,
+the service of the credentials are always compared.  If the client
+name in
+.Fa mcreds
+is present, the client names are also compared. This function is
+normally only called indirectly via
+.Xr krb5_cc_retrieve_cred 3 .
+.Pp
+The following flags, set in
+.Fa whichfields ,
+affects the comparison:
+.Bl -tag -compact -offset indent
+.It KRB5_TC_MATCH_SRV_NAMEONLY
+Consider all realms equal when comparing the service principal.
+.It KRB5_TC_MATCH_KEYTYPE
+Compare enctypes.
+.It KRB5_TC_MATCH_FLAGS_EXACT
+Make sure that the ticket flags are identical.
+.It KRB5_TC_MATCH_FLAGS
+Make sure that all ticket flags set in
+.Fa mcreds
+are also present  in
+.Fa creds .
+.It KRB5_TC_MATCH_TIMES_EXACT
+Compares the ticket times exactly.
+.It KRB5_TC_MATCH_TIMES
+Compares only the expiration times of the creds.
+.It KRB5_TC_MATCH_AUTHDATA
+Compares the authdata fields.
+.It KRB5_TC_MATCH_2ND_TKT
+Compares the second tickets (used by user-to-user authentication).
+.It KRB5_TC_MATCH_IS_SKEY
+Compares the existance of the second ticket.
+.El
+.Sh SEE ALSO
+.Xr krb5 3 ,
+.Xr krb5_cc_retrieve_cred 3 ,
+.Xr krb5_creds 3 ,
+.Xr krb5_get_init_creds 3 ,
+.Xr kerberos 8

lib/krb5/krb5_creds.3

@@ -36,26 +36,15 @@
 .Os HEIMDAL
 .Sh NAME
 .Nm krb5_creds ,
-.Nm krb5_compare_creds ,
 .Nm krb5_copy_creds ,
 .Nm krb5_copy_creds_contents ,
 .Nm krb5_free_creds ,
-.Nm krb5_free_creds_contents
 .Nm krb5_free_cred_contents
-.Nd kerberos 5 credential handling functions.
+.Nd kerberos 5 credential handling functions
 .Sh LIBRARY
 Kerberos 5 Library (libkrb5, -lkrb5)
 .Sh SYNOPSIS
 .In krb5.h
-.Pp
-.Li krb5_creds;
-.Ft krb5_boolean
-.Fo krb5_compare_creds
-.Fa "krb5_context context"
-.Fa "krb5_flags whichfields"
-.Fa "const krb5_creds *mcreds"
-.Fa "const krb5_creds *creds"
-.Fc
 .Ft krb5_error_code
 .Fo krb5_copy_creds
 .Fa "krb5_context context"
@@ -66,49 +55,34 @@ Kerberos 5 Library (libkrb5, -lkrb5)
 .Fo krb5_copy_creds_contents
 .Fa "krb5_context context"
 .Fa "const krb5_creds *incred"
-.Fa "krb5_creds *c"
+.Fa "krb5_creds *outcred"
 .Fc
 .Ft krb5_error_code
 .Fo krb5_free_creds
 .Fa "krb5_context context"
-.Fa "krb5_creds *c"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_free_creds_contents
-.Fa "krb5_context context"
-.Fa "krb5_creds *c"
+.Fa "krb5_creds *outcred"
 .Fc
 .Ft krb5_error_code
 .Fo krb5_free_cred_contents
 .Fa "krb5_context context"
-.Fa "krb5_creds *c"
+.Fa "krb5_creds *cred"
 .Fc
 .Sh DESCRIPTION
-.Li krb5_creds
-holds a kerberos credentials.
-The internals of the structure should never be accessed directly,
-functions exist for extracting information.
-.Pp
-.Fn krb5_compare_creds
-compares
-.Fa mcreds
-and
-.Fa creds
-and return
-.Dv TRUE
-if they are equal.
-.Fa whichfields
-determines what equal means.
-The server name of the credentials are always compared.
-If the client name in
-.Fa mcreds
-is present, the client names are also compared.
-.Bl -tag -compact -offset indent
-.It KRB5_TC_DONT_MATCH_REALM
-Don't match the realm componet of the principal names.
-.It KRB5_TC_MATCH_KEYTYPE
-Match keytype to make sure the are compatible/same.
-.El
+.Vt krb5_creds
+holds Kerberos credentials:
+.Bd -literal -offset
+typedef struct krb5_creds {
+    krb5_principal	client;
+    krb5_principal	server;
+    krb5_keyblock	session;
+    krb5_times		times;
+    krb5_data		ticket;
+    krb5_data		second_ticket;
+    krb5_authdata	authdata;
+    krb5_addresses	addresses;
+    krb5_ticket_flags	flags;
+} krb5_creds;
+.Ed
 .Pp
 .Fn krb5_copy_creds
 makes a copy of
@@ -116,29 +90,30 @@ makes a copy of
 to
 .Fa outcred .
 .Fa outcred
-should be freed by the called with
-.Fn krb5_free_creds .
+should be freed with
+.Fn krb5_free_creds
+by the caller.
 .Pp
 .Fn krb5_copy_creds_contents
 makes a copy of the content of
 .Fa incred
 to
-.Fa c .
-.Fa c
+.Fa outcreds .
+.Fa outcreds
 should be freed by the called with
 .Fn krb5_free_creds_contents .
 .Pp
 .Fn krb5_free_creds
-free the content of the structure and the structure itself.
-.Pp
-.Fn krb5_free_creds_contents
-free the content of the structure.
+frees the content of the 
+.Fa cred
+structure and the structure itself.
 .Pp
 .Fn krb5_free_cred_contents
-is the same as
-.Fn krb5_free_creds_contents ,
-for compatiblity with MIT Kerberos code.
+frees the content of the
+.Fa cred
+structure.
 .Sh SEE ALSO
 .Xr krb5 3 ,
+.Xr krb5_compare_creds 3 ,
 .Xr krb5_get_init_creds 3 ,
 .Xr kerberos 8