From 5f9df92e409e38766511c8bc4f5e71eb213cdd8a Mon Sep 17 00:00:00 2001 From: Johan Danielsson Date: Sun, 25 Apr 2004 19:29:53 +0000 Subject: [PATCH] move krb5_compare_creds to its own manpage git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13791 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/krb5/krb5_compare_creds.3 | 104 ++++++++++++++++++++++++++++++++++ lib/krb5/krb5_creds.3 | 87 ++++++++++------------------ 2 files changed, 135 insertions(+), 56 deletions(-) create mode 100644 lib/krb5/krb5_compare_creds.3 diff --git a/lib/krb5/krb5_compare_creds.3 b/lib/krb5/krb5_compare_creds.3 new file mode 100644 index 000000000..a4171123d --- /dev/null +++ b/lib/krb5/krb5_compare_creds.3 @@ -0,0 +1,104 @@ +.\" Copyright (c) 2004 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd April 25, 2004 +.Dt KRB5_COMPARE_CREDS 3 +.Os HEIMDAL +.Sh NAME +.Nm krb5_compare_creds +.Nd compare Kerberos 5 credentials +.Sh LIBRARY +Kerberos 5 Library (libkrb5, -lkrb5) +.Sh SYNOPSIS +.In krb5.h +.Ft krb5_boolean +.Fo krb5_compare_creds +.Fa "krb5_context context" +.Fa "krb5_flags whichfields" +.Fa "const krb5_creds *mcreds" +.Fa "const krb5_creds *creds" +.Fc +.Sh DESCRIPTION +.Fn krb5_compare_creds +compares +.Fa mcreds +(usually filled in by the application) +to +.Fa creds +(most often from a credentials cache) +and return +.Dv TRUE +if they are equal. +Unless +.Va mcreds-\*[Gt]server +is +.Dv NULL , +the service of the credentials are always compared. If the client +name in +.Fa mcreds +is present, the client names are also compared. This function is +normally only called indirectly via +.Xr krb5_cc_retrieve_cred 3 . +.Pp +The following flags, set in +.Fa whichfields , +affects the comparison: +.Bl -tag -compact -offset indent +.It KRB5_TC_MATCH_SRV_NAMEONLY +Consider all realms equal when comparing the service principal. +.It KRB5_TC_MATCH_KEYTYPE +Compare enctypes. +.It KRB5_TC_MATCH_FLAGS_EXACT +Make sure that the ticket flags are identical. +.It KRB5_TC_MATCH_FLAGS +Make sure that all ticket flags set in +.Fa mcreds +are also present in +.Fa creds . +.It KRB5_TC_MATCH_TIMES_EXACT +Compares the ticket times exactly. +.It KRB5_TC_MATCH_TIMES +Compares only the expiration times of the creds. +.It KRB5_TC_MATCH_AUTHDATA +Compares the authdata fields. +.It KRB5_TC_MATCH_2ND_TKT +Compares the second tickets (used by user-to-user authentication). +.It KRB5_TC_MATCH_IS_SKEY +Compares the existance of the second ticket. +.El +.Sh SEE ALSO +.Xr krb5 3 , +.Xr krb5_cc_retrieve_cred 3 , +.Xr krb5_creds 3 , +.Xr krb5_get_init_creds 3 , +.Xr kerberos 8 diff --git a/lib/krb5/krb5_creds.3 b/lib/krb5/krb5_creds.3 index 4b0eb6d54..b3c7d5f89 100644 --- a/lib/krb5/krb5_creds.3 +++ b/lib/krb5/krb5_creds.3 @@ -36,26 +36,15 @@ .Os HEIMDAL .Sh NAME .Nm krb5_creds , -.Nm krb5_compare_creds , .Nm krb5_copy_creds , .Nm krb5_copy_creds_contents , .Nm krb5_free_creds , -.Nm krb5_free_creds_contents .Nm krb5_free_cred_contents -.Nd kerberos 5 credential handling functions. +.Nd kerberos 5 credential handling functions .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS .In krb5.h -.Pp -.Li krb5_creds; -.Ft krb5_boolean -.Fo krb5_compare_creds -.Fa "krb5_context context" -.Fa "krb5_flags whichfields" -.Fa "const krb5_creds *mcreds" -.Fa "const krb5_creds *creds" -.Fc .Ft krb5_error_code .Fo krb5_copy_creds .Fa "krb5_context context" @@ -66,49 +55,34 @@ Kerberos 5 Library (libkrb5, -lkrb5) .Fo krb5_copy_creds_contents .Fa "krb5_context context" .Fa "const krb5_creds *incred" -.Fa "krb5_creds *c" +.Fa "krb5_creds *outcred" .Fc .Ft krb5_error_code .Fo krb5_free_creds .Fa "krb5_context context" -.Fa "krb5_creds *c" -.Fc -.Ft krb5_error_code -.Fo krb5_free_creds_contents -.Fa "krb5_context context" -.Fa "krb5_creds *c" +.Fa "krb5_creds *outcred" .Fc .Ft krb5_error_code .Fo krb5_free_cred_contents .Fa "krb5_context context" -.Fa "krb5_creds *c" +.Fa "krb5_creds *cred" .Fc .Sh DESCRIPTION -.Li krb5_creds -holds a kerberos credentials. -The internals of the structure should never be accessed directly, -functions exist for extracting information. -.Pp -.Fn krb5_compare_creds -compares -.Fa mcreds -and -.Fa creds -and return -.Dv TRUE -if they are equal. -.Fa whichfields -determines what equal means. -The server name of the credentials are always compared. -If the client name in -.Fa mcreds -is present, the client names are also compared. -.Bl -tag -compact -offset indent -.It KRB5_TC_DONT_MATCH_REALM -Don't match the realm componet of the principal names. -.It KRB5_TC_MATCH_KEYTYPE -Match keytype to make sure the are compatible/same. -.El +.Vt krb5_creds +holds Kerberos credentials: +.Bd -literal -offset +typedef struct krb5_creds { + krb5_principal client; + krb5_principal server; + krb5_keyblock session; + krb5_times times; + krb5_data ticket; + krb5_data second_ticket; + krb5_authdata authdata; + krb5_addresses addresses; + krb5_ticket_flags flags; +} krb5_creds; +.Ed .Pp .Fn krb5_copy_creds makes a copy of @@ -116,29 +90,30 @@ makes a copy of to .Fa outcred . .Fa outcred -should be freed by the called with -.Fn krb5_free_creds . +should be freed with +.Fn krb5_free_creds +by the caller. .Pp .Fn krb5_copy_creds_contents makes a copy of the content of .Fa incred to -.Fa c . -.Fa c +.Fa outcreds . +.Fa outcreds should be freed by the called with .Fn krb5_free_creds_contents . .Pp .Fn krb5_free_creds -free the content of the structure and the structure itself. -.Pp -.Fn krb5_free_creds_contents -free the content of the structure. +frees the content of the +.Fa cred +structure and the structure itself. .Pp .Fn krb5_free_cred_contents -is the same as -.Fn krb5_free_creds_contents , -for compatiblity with MIT Kerberos code. +frees the content of the +.Fa cred +structure. .Sh SEE ALSO .Xr krb5 3 , +.Xr krb5_compare_creds 3 , .Xr krb5_get_init_creds 3 , .Xr kerberos 8