oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

move krb5_compare_creds to its own manpage

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13791 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
2004-04-25 19:29:53 +00:00
parent 26457b7135
commit 5f9df92e40
2 changed files with 135 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
lib/krb5/krb5_compare_creds.3 Normal file
View File

@@ -0,0 +1,104 @@
.\" Copyright (c) 2004 Kungliga Tekniska H<>gskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" 3. Neither the name of the Institute nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id$
.\"
.Dd April 25, 2004
.Dt KRB5_COMPARE_CREDS 3
.Os HEIMDAL
.Sh NAME
.Nm krb5_compare_creds
.Nd compare Kerberos 5 credentials
.Sh LIBRARY
Kerberos 5 Library (libkrb5, -lkrb5)
.Sh SYNOPSIS
.In krb5.h
.Ft krb5_boolean
.Fo krb5_compare_creds
.Fa "krb5_context context"
.Fa "krb5_flags whichfields"
.Fa "const krb5_creds *mcreds"
.Fa "const krb5_creds *creds"
.Fc
.Sh DESCRIPTION
.Fn krb5_compare_creds
compares
.Fa mcreds
(usually filled in by the application)
to
.Fa creds
(most often from a credentials cache)
and return
.Dv TRUE
if they are equal.
Unless
.Va mcreds-\*[Gt]server
is
.Dv NULL ,
the service of the credentials are always compared. If the client
name in
.Fa mcreds
is present, the client names are also compared. This function is
normally only called indirectly via
.Xr krb5_cc_retrieve_cred 3 .
.Pp
The following flags, set in
.Fa whichfields ,
affects the comparison:
.Bl -tag -compact -offset indent
.It KRB5_TC_MATCH_SRV_NAMEONLY
Consider all realms equal when comparing the service principal.
.It KRB5_TC_MATCH_KEYTYPE
Compare enctypes.
.It KRB5_TC_MATCH_FLAGS_EXACT
Make sure that the ticket flags are identical.
.It KRB5_TC_MATCH_FLAGS
Make sure that all ticket flags set in
.Fa mcreds
are also present in
.Fa creds .
.It KRB5_TC_MATCH_TIMES_EXACT
Compares the ticket times exactly.
.It KRB5_TC_MATCH_TIMES
Compares only the expiration times of the creds.
.It KRB5_TC_MATCH_AUTHDATA
Compares the authdata fields.
.It KRB5_TC_MATCH_2ND_TKT
Compares the second tickets (used by user-to-user authentication).
.It KRB5_TC_MATCH_IS_SKEY
Compares the existance of the second ticket.
.El
.Sh SEE ALSO
.Xr krb5 3 ,
.Xr krb5_cc_retrieve_cred 3 ,
.Xr krb5_creds 3 ,
.Xr krb5_get_init_creds 3 ,
.Xr kerberos 8

87
lib/krb5/krb5_creds.3
View File

@@ -36,26 +36,15 @@
.Os HEIMDAL .Os HEIMDAL
.Sh NAME .Sh NAME
.Nm krb5_creds , .Nm krb5_creds ,
.Nm krb5_compare_creds ,
.Nm krb5_copy_creds , .Nm krb5_copy_creds ,
.Nm krb5_copy_creds_contents , .Nm krb5_copy_creds_contents ,
.Nm krb5_free_creds , .Nm krb5_free_creds ,
.Nm krb5_free_creds_contents
.Nm krb5_free_cred_contents .Nm krb5_free_cred_contents
.Nd kerberos 5 credential handling functions. .Nd kerberos 5 credential handling functions
.Sh LIBRARY .Sh LIBRARY
Kerberos 5 Library (libkrb5, -lkrb5) Kerberos 5 Library (libkrb5, -lkrb5)
.Sh SYNOPSIS .Sh SYNOPSIS
.In krb5.h .In krb5.h
.Pp
.Li krb5_creds;
.Ft krb5_boolean
.Fo krb5_compare_creds
.Fa "krb5_context context"
.Fa "krb5_flags whichfields"
.Fa "const krb5_creds *mcreds"
.Fa "const krb5_creds *creds"
.Fc
.Ft krb5_error_code .Ft krb5_error_code
.Fo krb5_copy_creds .Fo krb5_copy_creds
.Fa "krb5_context context" .Fa "krb5_context context"
@@ -66,49 +55,34 @@ Kerberos 5 Library (libkrb5, -lkrb5)
.Fo krb5_copy_creds_contents .Fo krb5_copy_creds_contents
.Fa "krb5_context context" .Fa "krb5_context context"
.Fa "const krb5_creds *incred" .Fa "const krb5_creds *incred"
.Fa "krb5_creds *c" .Fa "krb5_creds *outcred"
.Fc .Fc
.Ft krb5_error_code .Ft krb5_error_code
.Fo krb5_free_creds .Fo krb5_free_creds
.Fa "krb5_context context" .Fa "krb5_context context"
.Fa "krb5_creds *c" .Fa "krb5_creds *outcred"
.Fc
.Ft krb5_error_code
.Fo krb5_free_creds_contents
.Fa "krb5_context context"
.Fa "krb5_creds *c"
.Fc .Fc
.Ft krb5_error_code .Ft krb5_error_code
.Fo krb5_free_cred_contents .Fo krb5_free_cred_contents
.Fa "krb5_context context" .Fa "krb5_context context"
.Fa "krb5_creds *c" .Fa "krb5_creds *cred"
.Fc .Fc
.Sh DESCRIPTION .Sh DESCRIPTION
.Li krb5_creds .Vt krb5_creds
holds a kerberos credentials. holds Kerberos credentials:
The internals of the structure should never be accessed directly, .Bd -literal -offset
functions exist for extracting information. typedef struct krb5_creds {
.Pp krb5_principal client;
.Fn krb5_compare_creds krb5_principal server;
compares krb5_keyblock session;
.Fa mcreds krb5_times times;
and krb5_data ticket;
.Fa creds krb5_data second_ticket;
and return krb5_authdata authdata;
.Dv TRUE krb5_addresses addresses;
if they are equal. krb5_ticket_flags flags;
.Fa whichfields } krb5_creds;
determines what equal means. .Ed
The server name of the credentials are always compared.
If the client name in
.Fa mcreds
is present, the client names are also compared.
.Bl -tag -compact -offset indent
.It KRB5_TC_DONT_MATCH_REALM
Don't match the realm componet of the principal names.
.It KRB5_TC_MATCH_KEYTYPE
Match keytype to make sure the are compatible/same.
.El
.Pp .Pp
.Fn krb5_copy_creds .Fn krb5_copy_creds
makes a copy of makes a copy of
@@ -116,29 +90,30 @@ makes a copy of
to to
.Fa outcred . .Fa outcred .
.Fa outcred .Fa outcred
should be freed by the called with should be freed with
.Fn krb5_free_creds . .Fn krb5_free_creds
by the caller.
.Pp .Pp
.Fn krb5_copy_creds_contents .Fn krb5_copy_creds_contents
makes a copy of the content of makes a copy of the content of
.Fa incred .Fa incred
to to
.Fa c . .Fa outcreds .
.Fa c .Fa outcreds
should be freed by the called with should be freed by the called with
.Fn krb5_free_creds_contents . .Fn krb5_free_creds_contents .
.Pp .Pp
.Fn krb5_free_creds .Fn krb5_free_creds
free the content of the structure and the structure itself. frees the content of the
.Pp .Fa cred
.Fn krb5_free_creds_contents structure and the structure itself.
free the content of the structure.
.Pp .Pp
.Fn krb5_free_cred_contents .Fn krb5_free_cred_contents
is the same as frees the content of the
.Fn krb5_free_creds_contents , .Fa cred
for compatiblity with MIT Kerberos code. structure.
.Sh SEE ALSO .Sh SEE ALSO
.Xr krb5 3 , .Xr krb5 3 ,
.Xr krb5_compare_creds 3 ,
.Xr krb5_get_init_creds 3 , .Xr krb5_get_init_creds 3 ,
.Xr kerberos 8 .Xr kerberos 8